The Nessus scan report summarizes the results of a vulnerability scan performed on a Windows Vista system. The scan found 20 open ports, with 46 low, 8 medium and no high severity issues. Common services like MySQL, HTTP, and SMB were identified. The operating system was determined to be Windows Vista Home and the host name was tareq-laptop. Detailed information is provided about issues found on specific ports including unknown services, web servers, and NetBIOS information retrieved from the host.
Networking Fundamentals: Transport Protocols (TCP and UDP)Andriy Berestovskyy
Transport Layer of TCP/IP. Transmission Control Protocol (TCP) basics and network sockets explained. How TCP connection get established, error recovered and terminated.
User Datagram Protocol and its comparison to TCP. Quality of Service (QoS).
Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.
Networking Fundamentals: Transport Protocols (TCP and UDP)Andriy Berestovskyy
Transport Layer of TCP/IP. Transmission Control Protocol (TCP) basics and network sockets explained. How TCP connection get established, error recovered and terminated.
User Datagram Protocol and its comparison to TCP. Quality of Service (QoS).
Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.
Computers are connected in a network to exchange information or resources with each other. Two or more computer are connected through network media called computer media.
There are a number of network devices or media that are involved to form computer network.
Computer loaded with Linux Operation System can also be a part of network whether it is a small or large network by multitasking and multi user natures.
Maintaining of system and network up and running is a task of System / Network Administrator’s job. In this article we are going to review frequently used network configuration and troubleshoot commands in Linux.
Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often untuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
The Linux packet filtering technology, iptables, has its roots in times when networking was relatively simple and network bandwidth was measured in mere megabits. Emerging technologies, such as distributed NAT, overlay networks and containers require enhanced functionality and additional flexibility. In parallel, the next generation of network cards with speeds of 40Gb and 100Gb will put additional pressure on performance.
In the upcoming Red Hat Enterprise Linux 7, a new dynamic firewall service, FirewallD, is planned to provide greater flexibility over iptables by eliminating service disruptions during rule updates, abstraction, and support for different network trust zones. Additionally, a new virtual machine-based packet filtering technology, nftables, addresses the functionality and flexibility requirements of modern network workloads.
In this session you’ll:
Deep dive into the newly introduced packet filtering capabilities of Red Hat Enterprise Linux 7 beta.
Learn best practices.
See the new set of configuration utilities that allow new optimization possibilities.
Before start testing web site it’s very important to know about which all testing methods needs to cover.
# The current state of the penetration test practice is far from optimal
# Automating them may bring them to a new level of quality
# But in doing so we will face many technical problems
# It may be a new challenge for the IS industry in the near future
Computers are connected in a network to exchange information or resources with each other. Two or more computer are connected through network media called computer media.
There are a number of network devices or media that are involved to form computer network.
Computer loaded with Linux Operation System can also be a part of network whether it is a small or large network by multitasking and multi user natures.
Maintaining of system and network up and running is a task of System / Network Administrator’s job. In this article we are going to review frequently used network configuration and troubleshoot commands in Linux.
Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often untuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.
The Next Generation Firewall for Red Hat Enterprise Linux 7 RCThomas Graf
The Linux packet filtering technology, iptables, has its roots in times when networking was relatively simple and network bandwidth was measured in mere megabits. Emerging technologies, such as distributed NAT, overlay networks and containers require enhanced functionality and additional flexibility. In parallel, the next generation of network cards with speeds of 40Gb and 100Gb will put additional pressure on performance.
In the upcoming Red Hat Enterprise Linux 7, a new dynamic firewall service, FirewallD, is planned to provide greater flexibility over iptables by eliminating service disruptions during rule updates, abstraction, and support for different network trust zones. Additionally, a new virtual machine-based packet filtering technology, nftables, addresses the functionality and flexibility requirements of modern network workloads.
In this session you’ll:
Deep dive into the newly introduced packet filtering capabilities of Red Hat Enterprise Linux 7 beta.
Learn best practices.
See the new set of configuration utilities that allow new optimization possibilities.
Before start testing web site it’s very important to know about which all testing methods needs to cover.
# The current state of the penetration test practice is far from optimal
# Automating them may bring them to a new level of quality
# But in doing so we will face many technical problems
# It may be a new challenge for the IS industry in the near future
Vulnerability Assessment and Rapid Warning System Enhancements inKeith G. Tidball
This presentation represents initial efforts to down scale a global flood vulnerability model developed in a cloud based computing tool Google Earth Engine for the noncoastal “upstate areas” of the State of New York. This customized New York application of the model is the result of collaboration with colleagues at Yale University. The model analyzes social and physical vulnerability to riverine flooding based on multiple data inputs, outputs the high risk areas for flooding, and runs statistics on the population living in the flooded zone. Initial results examine the ability for the model to predict risk for a specific storm area, county, or watershed in 1-30 seconds. Future work requires further testing and validation of the model, a more advanced algorithm, and dynamic user-friendly interface for public risk communication of both underlying vulnerability and an early warning system.
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2NetSPI
App Security? There’s a metric for that! (Part 1 of 2)
Over the past year, NetSPI has been working on a new approach to manage and measure application security. By combining OWASP’s Software Assurance Maturity Model, traditional risk assessment methodologies, and experience developing security metrics, NetSPI developed a methodology that may be used to help organizations improve the way they manage and prioritize their application security initiatives. Once fully developed, this approach will be donated to OWASP either as an add-on to the existing SAMM project or as a new project intended to improve application security management.
In this presentation, NetSPI provides a detailed walk-through of the overall methodology as well as OWASP’s SAMM project. We provide examples of the types of metrics and executive dashboards that can be generated by using this approach to managing application security and help highlight various ways this information can be used to further improve the overall maturity of application security programs.
Be sure to check out Part 2 of this presentation for a more "Hands On" approach.
http://www.slideshare.net/NetSPI/application-risk-prioritizationhandsonsecure360part2of2
Threat modeling web application: a case studyAntonio Fontes
TAM is a security activity conducted early in the development lifecycle, when we only have ideas, early design specifications and no source code is produced yet. It helps identify major threats to your web application and their appropriate countermeasures.
This session focuses on an introduction to the threat modeling technique through a case study on an online newspaper platform.
Event: Confoo 2011 Montreal
Penetration Testing vs. Vulnerability ScanningSecurityMetrics
For more info on pen testing: securitymetrics.com/sm/pub/penetrationtesting
For more info on vulnerability scanning: securitymetrics.com/sm/pub/vulnerabilityscanning
Even the most experienced administrators may fail to implement the latest secure practices at your business. The easiest and most accurate ways to discover if your business is secure enough to withstand a hack is to test it through the eyes of a hacker. An ethical hacker is simply a computer bodyguard that manually examines a business environment for weaknesses via a penetration test, and determines which weaknesses he can exploit. Discover how penetration testers search for vulnerabilities by using the latest hacking techniques, and learn how to baton down your organizational hatches with penetration testing and vulnerability scanning.
Introduction to Web Application Penetration TestingAnurag Srivastava
Web Application Pentesting
* Process to check and penetrate the security of a web application or a website
* process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities
* Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution.
Title: Hands on Penetration Testing 101 by Scott Sutherland & Karl Fosaaen
Abstract: The goal of this training is to introduce attendees to standard penetration test methodologies, tools, and techniques. Hands on labs will cover the basics of asset discovery, vulnerability enumeration, system penetration, privilege escalation, and bypassing end point protection. During the labs, common vulnerabilities will be leveraged to illustrate attack techniques, using freely available tools such as Nmap and Metasploit. This training will be valuable to anyone interested in gaining a better understanding of penetration testing or to system administrators trying to understand common attack approaches.
Transport Layer Port or TCP/IP & UDP PortNetwax Lab
A port is an application-specific or process-specific software construct serving as a communications
endpoint in a computer's host operating system. The purpose of ports is to uniquely identify different
applications or processes running on a single computer and thereby enable them to share a single
physical connection to a packet-switched network like the Internet. In the context of the Internet
Protocol, a port is associated with an IP address of the host, as well as the type of protocol used for
communication.
Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often untuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers.
The talk will continue with a demo showing how to build your own simple overlay using these technologies.
deep understanding of howto packet would reach to destination and basic understanding of network protocols.
learn howto manipulate with linux network and know howto manipulate with linux iptables.
Tick Stack - Listen your infrastructure and please sleepGianluca Arbezzano
Our application and our infrastructure speak, time series are one of their languages, during this talk I will share my experience about InfluxDB and time series to monitor and know the status of our cloud infrastructure. We will show best practice and tricks to grab information from an application in order to understand the mains difference between logs and time series.
Facilitated Risk Analysis Process - Tareq HanayshaHanaysha
One of the most popular methods to perform a risk analysis is called Facilitated Risk Analysis Process (FRAP),FRAP will allow any organization to implement risk management techniques in a highly cost-effective way,develop an efficient and disciplined process to ensure that information-related risks to business operations are considered and documented.
Vulnerability scanning report by Tareq HanayshaHanaysha
In this executive summary, we will go visually through the vulnerability scan we`ve done using Nessus and Nsauditor by providing the reader with screen shoots to clarify our scan and to make it easier for the readers to understand our vulnerability scan procedures, then we will introduce our work and give a summary of our findings, vulnerabilities, risks and threats, and try to find solutions or recommendations for these security problems in our conclusion.
In this report, the author will take you through detailed steps of on-site backup using Acronis
true image server edition on MS windows vista and Ms windows 03 server, this lab experiment
takes us through three different backup procedures, and then the restoration of these backed up
data using the same software.
This software is considered as layer 7 in the classification of disaster recover /business
continuity planning layers, but it is still provide us with all the on-site backup procedures ,security
options for our archives ,and a bootable zone in case of operating systems failure .
Going through this lab will help the reader to better understand or give a general image of how
the backup /recovery process take place using one of the available software for backup & recovery.
Detailed information of all the steps taken to accomplish the Lab is explained in this report with the
screen shots
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Nessus scan report using the defualt scan policy - Tareq Hanaysha
1. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
List of hosts
tareq-laptop Medium Severity problem(s) found
[^] Back
tareq-laptop
Scan time :
Start time : Mon Nov 17 15:23:48 2008
End time : Mon Nov 17 15:38:57 2008
Number of vulnerabilities :
Open ports : 20
Low : 46
Medium : 8
High : 0
Information about the remote host :
Operating system : Microsoft Windows Vista Home
NetBIOS name : TAREQ-LAPTOP
DNS name : tareq-laptop.
[^] Back to tareq-laptop
Port unknown (49155/tcp)
DCE Services Enumeration
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available on TCP port 49155 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.0.102
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.0.102
2. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.0.102
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.0.102
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.0.102
Nessus ID : 10736
[^] Back to tareq-laptop
Port unknown (49161/tcp)
[^] Back to tareq-laptop
Port mysql (3306/tcp)
Service detection
A MySQL server is running on this port.
Nessus ID : 22964
[^] Back to tareq-laptop
Port icslap (2869/tcp)
Service Identification (2nd pass)
A web server seems to be running on this port
Nessus ID : 11153
[^] Back to tareq-laptop
Port rmiregistry (1099/tcp)
RMI Registry Detection
Synopsis :
An RMI registry is listening on the remote host.
Description :
The remote host is running an RMI registry, which acts as a bootstrap
naming service for registering and retrieving remote objects with
simple names in the Java Remote Method Invocation (RMI) system.
See also :
http://java.sun.com/j2se/1.5.0/docs/guide/rmi/spec/rmiTOC.html
http://java.sun.com/j2se/1.5.0/docs/guide/rmi/spec/rmi-protocol3.html
Risk factor :
None
Plugin output :
The remote RMI registry currently does not have information about
any objects.
3. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Nessus ID : 22227
[^] Back to tareq-laptop
Port unknown (25902/tcp)
Service detection
A web server is running on this port.
Nessus ID : 22964
HTTP Server type and version
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
Jetty/4.2.24 (Windows Vista/6.0 x86 java/1.6.0)
Nessus ID : 10107
HyperText Transfer Protocol Information
Synopsis :
Some information about the remote HTTP configuration can be extracted.
Description :
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem
Risk factor :
None
Plugin output :
Protocol version : HTTP/1.1
SSL : no
Pipelining : yes
Keep-Alive : no
Options allowed : GET, HEAD, POST, PUT, DELETE, MOVE, OPTIONS, TRACE
Headers :
Date: Mon, 17 Nov 2008 22:27:46 GMT
Server: Jetty/4.2.24 (Windows Vista/6.0 x86 java/1.6.0)
Content-Type: text/html
Content-Length: 768
Nessus ID : 24260
[^] Back to tareq-laptop
Port netbios-ns (137/udp)
Using NetBIOS to retrieve information from a Windows host
Synopsis :
4. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
It is possible to obtain the network name of the remote host.
Description :
The remote host listens on udp port 137 and replies to NetBIOS nbtscan
requests. By sending a wildcard request it is possible to obtain the
name of the remote system and the name of its domain.
Risk factor :
None
Plugin output :
The following 4 NetBIOS names have been gathered :
TAREQ-LAPTOP = Computer name
WORKGROUP = Workgroup / Domain name
TAREQ-LAPTOP = File Server Service
WORKGROUP = Browser Service Elections
The remote host has the following MAC address on its adapter :
00:1a:73:45:41:3f
CVE : CVE-1999-0621
Other references : OSVDB:13577
Nessus ID : 10150
[^] Back to tareq-laptop
Port unknown (49153/tcp)
DCE Services Enumeration
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available on TCP port 49153 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.0.102
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.0.102
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.0.102
Object UUID : 00000000-0000-0000-0000-000000000000
5. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.0.102
Nessus ID : 10736
[^] Back to tareq-laptop
Port unknown (49162/tcp)
DCE Services Enumeration
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available on TCP port 49162 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49162
IP : 192.168.0.102
Nessus ID : 10736
[^] Back to tareq-laptop
Port unknown (49154/tcp)
DCE Services Enumeration
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available on TCP port 49154 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.0.102
6. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.0.102
Nessus ID : 10736
[^] Back to tareq-laptop
Port general/tcp
Host FQDN
192.168.0.102 resolves as tareq-laptop.
Nessus ID : 12053
OS Identification
Remote operating system : Microsoft Windows Vista Home
Confidence Level : 99
Method : MSRPC
The remote host is running Microsoft Windows Vista Home
Nessus ID : 11936
Information about the scan
Information about this scan :
Nessus version : 3.2.1.1
Plugin feed version : 200811171434
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 192.168.0.102
Port scanner(s) : synscan
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
Max hosts : 20
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2008/11/17 15:23
Scan duration : 897 sec
The following web server have not been scanned because they are password
protected, or too slow to answer.
They were running on ports :
+ 2869
Nessus ID : 19506
[^] Back to tareq-laptop
Port microsoft-ds (445/tcp)
SMB Detection
Synopsis :
A file / print sharing service is listening on the remote host.
Description :
The remote service understands the CIFS (Common Internet File System)
or Server Message Block (SMB) protocol, used to provide shared access
to files, printers, etc between nodes on a network.
Risk factor :
7. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
None
Plugin output :
A CIFS server is running on this port.
Nessus ID : 11011
DCE Services Enumeration
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available remotely :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : PIPEprotected_storage
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : pipelsass
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint
Type : Remote RPC service
Named pipe : pipekeysvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint
Type : Remote RPC service
Named pipe : pipetapsrv
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : pipetrkwks
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service
Windows process : unknow
Type : Remote RPC service
Named pipe : PIPEwkssvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
8. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Description : SSDP service
Windows process : unknow
Type : Remote RPC service
Named pipe : PIPEDAV RPC SERVICE
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c6b5235a-e413-481d-9ac8-31681b1faaf5, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : PIPEwkssvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c6b5235a-e413-481d-9ac8-31681b1faaf5, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : PIPEDAV RPC SERVICE
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c6b5235a-e413-481d-9ac8-31681b1faaf5, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : PIPEW32TIME_ALT
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8833d1d0-965f-4216-b3e9-fbe58cad3100, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : PIPEwkssvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8833d1d0-965f-4216-b3e9-fbe58cad3100, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : PIPEDAV RPC SERVICE
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8833d1d0-965f-4216-b3e9-fbe58cad3100, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : PIPEW32TIME_ALT
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c9a33d5-f1db-472d-8464-42b8b0c76c38, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : PIPEwkssvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c9a33d5-f1db-472d-8464-42b8b0c76c38, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : PIPEDAV RPC SERVICE
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c9a33d5-f1db-472d-8464-42b8b0c76c38, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : PIPEW32TIME_ALT
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Remote RPC service
Named pipe : PIPEwkssvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
9. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Type : Remote RPC service
Named pipe : PIPEDAV RPC SERVICE
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Remote RPC service
Named pipe : PIPEW32TIME_ALT
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : PIPEatsvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : PIPEatsvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : PIPEatsvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
Named pipe : PIPEatsvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
Named pipe : PIPEsrvsvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Remote RPC service
Named pipe : PIPEbrowser
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : PIPEatsvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : PIPEsrvsvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : PIPEbrowser
10. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : PIPEatsvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : PIPEsrvsvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : PIPEbrowser
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : PIPEatsvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : PIPEsrvsvc
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : PIPEbrowser
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : pipeeventlog
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
Named pipe : pipeeventlog
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
Named pipe : pipeeventlog
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Remote RPC service
Named pipe : pipeeventlog
11. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Netbios name : TAREQ-LAPTOP
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : PIPEInitShutdown
Netbios name : TAREQ-LAPTOP
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : PIPEInitShutdown
Netbios name : TAREQ-LAPTOP
Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : pipelsass
Netbios name : TAREQ-LAPTOP
Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Remote RPC service
Named pipe : PIPEprotected_storage
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : pipelsass
Netbios name : TAREQ-LAPTOP
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : PIPEprotected_storage
Netbios name : TAREQ-LAPTOP
Nessus ID : 10736
SMB NativeLanMan
Synopsis :
It is possible to obtain information about the remote operating
system.
Description :
It is possible to get the remote operating system name and
version (Windows and/or Samba) by sending an authentication
request to port 139 or 445.
Risk factor :
None
Plugin output :
The remote Operating System is : Windows Vista (TM) Home Basic 6001 Service Pack 1
The remote native lan manager is : Windows Vista (TM) Home Basic 6.0
The remote SMB Domain Name is : TAREQ-LAPTOP
Nessus ID : 10785
SMB log in
Synopsis :
12. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
It is possible to log into the remote host.
Description :
The remote host is running one of the Microsoft Windows operating
systems. It was possible to log into it using one of the following
account :
- NULL session
- Guest account
- Given Credentials
See also :
http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
Risk factor :
none
Plugin output :
- NULL sessions are enabled on the remote host
CVE : CVE-1999-0504, CVE-1999-0505, CVE-1999-0506, CVE-2000-0222, CVE-2002-1117, CVE-2005-3595
BID : 494, 990, 11199
Nessus ID : 10394
SMB registry can not be accessed by the scanner
Synopsis :
Nessus is not able to access the remote Windows Registry.
Description :
It was not possible to connect to PIPEwinreg on the remote host.
If you intend to use Nessus to perform registry-based checks, the
registry checks will not work because the 'Remote Registry Access'
service (winreg) has been disabled on the remote host or can not be
connected to with the supplied credentials.
Risk factor :
None
Nessus ID : 26917
SMB NULL session
Synopsis :
It is possible to log into the remote host.
Description :
The remote host is running one of the Microsoft Windows operating
systems. It was possible to log into it using a NULL session.
A NULL session (no login/password) allows to get information about
the remote host.
See also :
http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
Risk factor :
None
CVE : CVE-2002-1117
BID : 494
Nessus ID : 26920
[^] Back to tareq-laptop
13. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Port netbios-ssn (139/tcp)
SMB Detection
Synopsis :
A file / print sharing service is listening on the remote host.
Description :
The remote service understands the CIFS (Common Internet File System)
or Server Message Block (SMB) protocol, used to provide shared access
to files, printers, etc between nodes on a network.
Risk factor :
None
Plugin output :
An SMB server is running on this port.
Nessus ID : 11011
[^] Back to tareq-laptop
Port http (80/tcp)
Service detection
A web server is running on this port.
Nessus ID : 22964
Directory Scanner
Synopsis :
It is possible to enumerate web directories.
Description :
This plugin attempts to determine the presence of various
common dirs on the remote web server.
Risk factor :
None
Plugin output :
The following directories were discovered:
/cgi-bin, /webalizer, /error, /icons
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Other references : OWASP:OWASP-CM-006
Nessus ID : 11032
Web mirroring
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/perso/templates/jjfluidsolution/css/ (C=S;O [A] C=D;O [A] C=N;O [D] C=M;O [A] )
. (C=S;O [A] C=D;O [A] C=N;O [D] C=M;O [A] )
/mod_yj_whois_joomla1.5/ (C=S;O [A] C=D;O [A] C=N;O [D] C=M;O [A] )
/perso/templates/jjfluidsolution/images/ (C=S;O [A] C=D;O [A] C=N;O [D] C=M;O [A] )
/perso/administrator/index.php (lang [] passwd [] d8eef1eccbd6768d71876690f1343d31 [1] tas...)
/perso/index.php (link=aHR0cDovL3RhcmVxLWxhcHRvcC9wZXJzby9pbmRleC5waHA/dmlld...)
Directory index found at /
Directory index found at /mod_yj_whois_joomla1.5/
Directory index found at /perso/templates/jjfluidsolution/css/
Directory index found at /perso/templates/jjfluidsolution/images/
14. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Nessus ID : 10662
Web Server Uses Plain Text Authentication Forms
Synopsis :
The remote web server might transmit credentials over clear text
Description :
The remote web server contains several HTML forms containing
an input of type 'password' which transmit their information to
a remote web server over plain text.
An attacker eavesdropping the traffic might use this setup to
obtain logins and passwords of valid users.
Solution :
Make sure that every form transmits its results over HTTPS
Risk factor:
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin output :
Page : /perso/
Destination page : /perso/index.php
Input name : passwd
Page : /perso/?D=A
Destination page : /perso/index.php
Input name : passwd
Page : /perso/index.php
Destination page : /perso/index.php
Input name : passwd
Page : /perso/administrator/
Destination page : index.php
Input name : passwd
Page : /perso/administrator/?D=A
Destination page : index.php
Input name : passwd
Nessus ID : 26194
HTTP Server type and version
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
15. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Nessus ID : 10107
HyperText Transfer Protocol Information
Synopsis :
Some information about the remote HTTP configuration can be extracted.
Description :
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem
Risk factor :
None
Plugin output :
Protocol version : HTTP/1.1
SSL : no
Pipelining : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Mon, 17 Nov 2008 22:27:46 GMT
Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
Content-Length: 855
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8
Nessus ID : 24260
HTTP TRACE / TRACK Methods
Synopsis :
Debugging functions are enabled on the remote web server.
Description :
The remote webserver supports the TRACE and/or TRACK methods. TRACE
and TRACK are HTTP methods which are used to debug web server
connections.
In addition, it has been shown that servers supporting the TRACE
method are subject to cross-site scripting attacks, dubbed XST for
"Cross-Site Tracing", when used in conjunction with various weaknesses
in browsers. An attacker may use this flaw to trick your legitimate
web users to give him their credentials.
See also :
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
http://www.kb.cert.org/vuls/id/867593
Solution :
Disable these methods.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
16. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
support disabling the TRACE method natively via the 'TraceEnable'
directive.
Plugin output :
The server response from a TRACE request is :
TRACE /6k09rg3g.html HTTP/1.1
Host: tareq-laptop
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Date: Mon, 17 Dec 2008 22:30:13 GMT
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept-Charset: iso-8859-1,*,utf-8
Pragma: no-cache
Accept-Language: en
Connection: Close
CVE : CVE-2004-2320
BID : 9506, 9561, 11604
Other references : OSVDB:877, OSVDB:3726
Nessus ID : 11213
WebDAV enabled
Synopsis :
The remote server is running with WebDAV enabled.
Description :
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution :
http://support.microsoft.com/default.aspx?kbid=241520
Risk factor :
None
Nessus ID : 11424
Joomla! Detection
Synopsis :
The remote web server contains a content management system written in
PHP.
Description :
The remote host is running Joomla!, an open-source content management
system written in PHP.
See also :
http://www.joomla.org/
Risk factor :
None
Plugin output :
An unknown version of Joomla! was detected on the remote host under
the path '/perso'.
Nessus ID : 21142
Apache mod_proxy_ftp Directory Component Wildcard Character Globbing XSS
Synopsis :
17. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
The remote web server is vulnerable to a cross-site scripting attack.
Description :
The mod_proxy_ftp module in the version of Apache installed on the
remote host fails to properly sanitize user-supplied URL input before
using it to generate dynamic HTML output. Using specially crafted
requests for FTP URLs with globbing characters (such as asterisk,
tilde, opening square bracket, etc), an attacker may be able to
leverage this issue to inject arbitrary HTML and script code into a
user's browser to be executed within the security context of the
affected site.
See also :
http://www.rapid7.com/advisories/R7-0033
http://www.securityfocus.com/archive/1/495180/100/0/threaded
http://www.apache.org/dist/httpd/CHANGES_2.2.10
http://httpd.apache.org/security/vulnerabilities_22.html
Solution :
Either disable the affected module or upgrade to Apache version 2.2.10
or later.
Risk factor :
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
Plugin output :
Apache version 2.2.9 appears to be running on the remote host based
on the following Server response header :
Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
Note that Nessus tried but failed to exploit the issue and instead has
relied only on a banner check. There may be several reasons why the
exploit failed :
- The remote web server is not configured to use
mod_proxy_ftp or to proxy requests in general.
- The remote web server is configured such that the Nessus
scanning host is not allowed to use the proxy.
- The plugin did not know of an anonymous FTP server that
it could use for testing.
CVE : CVE-2008-2939
BID : 30560
Other references : OSVDB:47474
Nessus ID : 34433
[^] Back to tareq-laptop
Port unknown (49160/tcp)
[^] Back to tareq-laptop
Port unknown (49152/tcp)
DCE Services Enumeration
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Risk factor :
18. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
None
Plugin output :
The following DCERPC services are available on TCP port 49152 :
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49152
IP : 192.168.0.102
Nessus ID : 10736
[^] Back to tareq-laptop
Port epmap (135/tcp)
DCE Services Enumeration
Synopsis :
A DCE/RPC service is running on the remote host.
Description :
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Risk factor :
None
Plugin output :
The following DCERPC services are available locally :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : samss lpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LRPC-1bc1fc513ee630cdf9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
19. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : DNSResolver
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : keysvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : keysvc2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : OLE181A6D6035294F5BB0171544DBA3
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : nlaplg
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : nlaapi
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : tapsrvlpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0
Description : Unknown RPC service
Annotation : Unimodem LRPC Endpoint
Type : Local RPC service
Named pipe : unimdmsvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Local RPC service
Named pipe : LRPC-9a43934f16adc911aa
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-d184615c890c17a2a8
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-d184615c890c17a2a8
20. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-d184615c890c17a2a8
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Local RPC service
Named pipe : spoolss
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss
Object UUID : 6cbed980-4aaa-4929-a551-c2ae1b1ed3b7
UUID : 98e96949-bc59-47f1-92d1-8c25b46f85c7, version 1.0
Description : Unknown RPC service
Annotation : IhvExtRpcServer
Type : Local RPC service
Named pipe : LRPC-f3bd63907917d67526
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 25952c5d-7976-4aa1-a3cb-c35f7ae79d1b, version 1.0
Description : Unknown RPC service
Annotation : Wireless Diagnostics
Type : Local RPC service
Named pipe : LRPC-a59b50af4fc8f1c846
Object UUID : 6e616c77-7673-0063-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-a59b50af4fc8f1c846
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 266f33b4-c7c1-4bd1-8f52-ddb8f2214ea9, version 1.0
Description : Unknown RPC service
Annotation : Wlan Service
Type : Local RPC service
Named pipe : LRPC-a59b50af4fc8f1c846
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c3f42c6e-d4cc-4e5a-938b-9c5e8a5d8c2e, version 1.0
Description : Unknown RPC service
Annotation : IhvExtRpcServer
Type : Local RPC service
Named pipe : LRPC-a59b50af4fc8f1c846
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 654976df-1498-4056-a15e-cb4e87584bd8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a59b50af4fc8f1c846
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-a59b50af4fc8f1c846
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
21. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Named pipe : LRPC-a59b50af4fc8f1c846
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : trkwks
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : OLEC584AE91DF1C4A77812CAA1CF156
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-f9ff8503ca9db00abd
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service
Windows process : unknow
Type : Local RPC service
Named pipe : OLEC584AE91DF1C4A77812CAA1CF156
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service
Windows process : unknow
Type : Local RPC service
Named pipe : LRPC-f9ff8503ca9db00abd
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c6b5235a-e413-481d-9ac8-31681b1faaf5, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEC584AE91DF1C4A77812CAA1CF156
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c6b5235a-e413-481d-9ac8-31681b1faaf5, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f9ff8503ca9db00abd
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c6b5235a-e413-481d-9ac8-31681b1faaf5, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : W32TIME_ALT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8833d1d0-965f-4216-b3e9-fbe58cad3100, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEC584AE91DF1C4A77812CAA1CF156
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8833d1d0-965f-4216-b3e9-fbe58cad3100, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f9ff8503ca9db00abd
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8833d1d0-965f-4216-b3e9-fbe58cad3100, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : W32TIME_ALT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c9a33d5-f1db-472d-8464-42b8b0c76c38, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEC584AE91DF1C4A77812CAA1CF156
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c9a33d5-f1db-472d-8464-42b8b0c76c38, version 1.0
Description : Unknown RPC service
22. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Type : Local RPC service
Named pipe : LRPC-f9ff8503ca9db00abd
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c9a33d5-f1db-472d-8464-42b8b0c76c38, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : W32TIME_ALT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLEC584AE91DF1C4A77812CAA1CF156
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-f9ff8503ca9db00abd
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : W32TIME_ALT
Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE9788C8824AE448A0AC40A3CB87B9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
23. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE9788C8824AE448A0AC40A3CB87B9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE9788C8824AE448A0AC40A3CB87B9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9788C8824AE448A0AC40A3CB87B9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : OLE9788C8824AE448A0AC40A3CB87B9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
24. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLE9788C8824AE448A0AC40A3CB87B9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : SECLOGON
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLE9788C8824AE448A0AC40A3CB87B9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : SECLOGON
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLE9788C8824AE448A0AC40A3CB87B9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : SECLOGON
Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-50d9f1e0e900b4b1a2
25. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-50d9f1e0e900b4b1a2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : AudioClientRpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : Audiosrv
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : OLEA4A78BF40E844C429353F4D40DC8
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : AudioClientRpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : Audiosrv
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : OLEA4A78BF40E844C429353F4D40DC8
26. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : eventlog
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : AudioClientRpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : Audiosrv
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : OLEA4A78BF40E844C429353F4D40DC8
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : dhcpcsvc6
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : dhcpcsvc
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc01211CE1
Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc01211CE1
Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-b34c62772257d8fc71
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
27. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Type : Local RPC service
Named pipe : WMsgKRpc0120F320
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0120F320
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown
Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-1bc1fc513ee630cdf9
Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : audit
Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : securityevent
Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : protected_storage
Object UUID : 00736665-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : samss lpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-1bc1fc513ee630cdf9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
28. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Type : Local RPC service
Named pipe : protected_storage
Nessus ID : 10736
[^] Back to tareq-laptop
Port unknown (5357/tcp)
Service detection
A web server is running on this port.
Nessus ID : 22964
HTTP Server type and version
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
Microsoft-HTTPAPI/2.0
Nessus ID : 10107
HyperText Transfer Protocol Information
Synopsis :
Some information about the remote HTTP configuration can be extracted.
Description :
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem
Risk factor :
None
Plugin output :
Protocol version : HTTP/1.1
SSL : no
Pipelining : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 17 Nov 2008 22:27:45 GMT
Connection: close
Content-Length: 326
Nessus ID : 24260
[^] Back to tareq-laptop
Port rtsp (554/tcp)
29. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
[^] Back to tareq-laptop
Port unknown (10243/tcp)
Service detection
A web server is running on this port.
Nessus ID : 22964
HTTP Server type and version
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
Microsoft-HTTPAPI/2.0
Nessus ID : 10107
HyperText Transfer Protocol Information
Synopsis :
Some information about the remote HTTP configuration can be extracted.
Description :
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem
Risk factor :
None
Plugin output :
Protocol version : HTTP/1.1
SSL : no
Pipelining : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 17 Nov 2008 22:27:45 GMT
Connection: close
Content-Length: 315
Nessus ID : 24260
[^] Back to tareq-laptop
Port https (443/tcp)
Service detection
An SSLv2 server answered on this port.
Nessus ID : 22964
30. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Service detection
A web server is running on this port through SSLv2.
Nessus ID : 22964
SSL Certificate
Synopsis :
This plugin displays the SSL certificate.
Description :
This plugin connects to every port SSL-related ports and attempts to
extract and dump the X.509 certificate.
Risk factor :
None
Plugin output :
Subject Name:
Organization: Apache Friends
Organization Unit: XAMPP for Windows
Common Name: localhost
Issuer Name:
Organization: Apache Friends
Organization Unit: XAMPP for Windows
Common Name: localhost
Serial Number: 00 8F A9 82 59 12 3A 1B E8
Version: 1
Signature Algorithm: SHA-1 With RSA Encryption
Not Valid Before: Dec 04 15:11:04 2005 GMT
Not Valid After: Dec 04 15:11:04 2006 GMT
Public Key Info:
Algorithm: RSA Encryption
Public Key: 00 A8 91 0B 69 4F 18 DA C1 29 9A AC B1 D5 B3 AE EF 92 A7 AB
CC 0D 57 C4 15 EA B7 9B DC C2 84 CE 3E 2A 41 21 EC 29 A2 FC
E3 62 16 A8 0F 4F D0 65 4B 9B 51 DC 63 A2 8C ED E2 06 F8 12
31 50 23 91 E2 8C C0 AD 73 83 47 B5 02 CB AE 54 F8 2D 9D 48
DC 45 27 D8 5C 5D 6F 15 FD 2F 99 1A 2E BE C1 91 BA AF B5 3C
83 B7 52 CF A4 E8 C3 74 51 62 22 96 28 5F EF 04 A9 D3 68 DF
BC C4 02 DA 73 93 F5 59 2F
Exponent: 01 00 01
Signature: 00 1D 1F 34 D8 0B FF DF DE 71 59 0A C2 9B 3A C6 6F AF 97 93
5A 77 2E 9B 00 0F 9F 32 E0 87 B7 8A A0 10 4E 82 37 00 CA E1
D4 36 16 90 CD A3 62 DC 67 26 E6 8D F7 14 E2 5E 8D 3C 8C 44
51 8E 9E 76 03 42 DC 42 B6 52 C9 DB 17 B7 CD F2 0D FC A4 FF
F7 FF 9A FB B5 11 9E 58 3E C4 C3 A0 A3 F8 6A F4 D4 03 2F 65
84 95 DF 52 FF 1C 92 A9 35 DB 67 74 3E 77 D6 3A D8 6D 3B 08
28 34 9B 86 27 31 92 E7 45
Nessus ID : 10863
Supported SSL Ciphers Suites
Synopsis :
The remote service encrypts communications using SSL.
Description :
This script detects which SSL ciphers are supported by the remote
service for encrypting communications.
See also :
http://www.openssl.org/docs/apps/ciphers.html
31. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Risk factor :
None
Plugin output :
Here is the list of SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv3
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
TLSv1
EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
High Strength Ciphers (>= 112-bit key)
SSLv3
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
TLSv1
EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
IDEA-CBC-SHA Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Nessus ID : 21643
Weak Supported SSL Ciphers Suites
Synopsis :
The remote service supports the use of weak SSL ciphers.
Description :
The remote host supports the use of SSL ciphers that offer either weak
encryption or no encryption at all.
See also :
http://www.openssl.org/docs/apps/ciphers.html
Solution :
Reconfigure the affected application if possible to avoid use of weak
ciphers.
Risk factor :
Medium / CVSS Base Score : 5.0
32. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin output :
Here is the list of weak SSL ciphers supported by the remote server :
Low Strength Ciphers (< 56-bit key)
SSLv3
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
TLSv1
EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code}
{export flag}
Nessus ID : 26928
SSL Certificate Expiry
Synopsis :
The remote server's SSL certificate has already expired or will expire
shortly.
Description :
This script checks expiry dates of certificates associated with
SSL-enabled services on the target and reports whether any have
already expired or will expire shortly.
Solution :
Purchase or generate a new SSL certificate to replace the existing
one.
Risk factor :
None
Plugin output :
The SSL certificate of the remote service expired Dec 4 15:11:04 2006 GMT!
Nessus ID : 15901
Deprecated SSL Protocol Usage
Synopsis :
The remote service encrypts traffic using a protocol with known
weaknesses.
Description :
The remote service accepts connections encrypted using SSL 2.0, which
reportedly suffers from several cryptographic flaws and has been
deprecated for several years. An attacker may be able to exploit
these issues to conduct man-in-the-middle attacks or decrypt
communications between the affected service and clients.
See also :
http://www.schneier.com/paper-ssl.pdf
Solution :
Consult the application's documentation to disable SSL 2.0 and use SSL
3.0 or TLS 1.0 instead.
33. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Nessus ID : 20007
Directory Scanner
Synopsis :
It is possible to enumerate web directories.
Description :
This plugin attempts to determine the presence of various
common dirs on the remote web server.
Risk factor :
None
Plugin output :
The following directories were discovered:
/cgi-bin, /webalizer, /error, /icons
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Other references : OWASP:OWASP-CM-006
Nessus ID : 11032
Web mirroring
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
. (C=S;O [A] C=D;O [A] C=N;O [D] C=M;O [A] )
/mod_yj_whois_joomla1.5/ (C=S;O [A] C=D;O [A] C=N;O [D] C=M;O [A] )
/perso/administrator/index.php (lang [en-GB] passwd [] task [login] d7883a0d1f699871df1fb9...)
/perso/index.php (searchword [search...] format [feed] passwd [] id [25] 83c...)
Directory index found at /
Directory index found at /mod_yj_whois_joomla1.5/
Nessus ID : 10662
HTTP Server type and version
Synopsis :
A web server is running on the remote host.
Description :
This plugin attempts to determine the type and the version of
the remote web server.
Risk factor :
None
Plugin output :
The remote web server type is :
Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
Solution : You can set the directive 'ServerTokens Prod' to limit
the information emanating from the server in its response headers.
Nessus ID : 10107
HyperText Transfer Protocol Information
34. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Synopsis :
Some information about the remote HTTP configuration can be extracted.
Description :
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem
Risk factor :
None
Plugin output :
Protocol version : HTTP/1.1
SSL : yes
Pipelining : yes
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :
Date: Mon, 17 Nov 2008 22:27:46 GMT
Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
Content-Length: 856
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8
Nessus ID : 24260
HTTP TRACE / TRACK Methods
Synopsis :
Debugging functions are enabled on the remote web server.
Description :
The remote webserver supports the TRACE and/or TRACK methods. TRACE
and TRACK are HTTP methods which are used to debug web server
connections.
In addition, it has been shown that servers supporting the TRACE
method are subject to cross-site scripting attacks, dubbed XST for
"Cross-Site Tracing", when used in conjunction with various weaknesses
in browsers. An attacker may use this flaw to trick your legitimate
web users to give him their credentials.
See also :
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.apacheweek.com/issues/03-01-24
http://www.kb.cert.org/vuls/id/867593
Solution :
Disable these methods.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Solution :
Add the following lines for each virtual host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
support disabling the TRACE method natively via the 'TraceEnable'
directive.
35. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
Plugin output :
The server response from a TRACE request is :
TRACE /9h6cs6az.html HTTP/1.1
Host: tareq-laptop
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Date: Mon, 17 Dec 2008 22:30:13 GMT
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept-Charset: iso-8859-1,*,utf-8
Pragma: no-cache
Accept-Language: en
Connection: Close
CVE : CVE-2004-2320
BID : 9506, 9561, 11604
Other references : OSVDB:877, OSVDB:3726
Nessus ID : 11213
WebDAV enabled
Synopsis :
The remote server is running with WebDAV enabled.
Description :
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution :
http://support.microsoft.com/default.aspx?kbid=241520
Risk factor :
None
Nessus ID : 11424
Joomla! Detection
Synopsis :
The remote web server contains a content management system written in
PHP.
Description :
The remote host is running Joomla!, an open-source content management
system written in PHP.
See also :
http://www.joomla.org/
Risk factor :
None
Plugin output :
An unknown version of Joomla! was detected on the remote host under
the path '/perso'.
Nessus ID : 21142
Apache mod_proxy_ftp Directory Component Wildcard Character Globbing XSS
Synopsis :
The remote web server is vulnerable to a cross-site scripting attack.
Description :
36. Nessus Scan Report
file:///F|/Downloads/Nessus report using the defualt scan policy to scan my computer.html[17/11/2008 11:13:47 PM]
The mod_proxy_ftp module in the version of Apache installed on the
remote host fails to properly sanitize user-supplied URL input before
using it to generate dynamic HTML output. Using specially crafted
requests for FTP URLs with globbing characters (such as asterisk,
tilde, opening square bracket, etc), an attacker may be able to
leverage this issue to inject arbitrary HTML and script code into a
user's browser to be executed within the security context of the
affected site.
See also :
http://www.rapid7.com/advisories/R7-0033
http://www.securityfocus.com/archive/1/495180/100/0/threaded
http://www.apache.org/dist/httpd/CHANGES_2.2.10
http://httpd.apache.org/security/vulnerabilities_22.html
Solution :
Either disable the affected module or upgrade to Apache version 2.2.10
or later.
Risk factor :
Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
Plugin output :
Apache version 2.2.9 appears to be running on the remote host based
on the following Server response header :
Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color PHP/5.2.6
Note that Nessus tried but failed to exploit the issue and instead has
relied only on a banner check. There may be several reasons why the
exploit failed :
- The remote web server is not configured to use
mod_proxy_ftp or to proxy requests in general.
- The remote web server is configured such that the Nessus
scanning host is not allowed to use the proxy.
- The plugin did not know of an anonymous FTP server that
it could use for testing.
CVE : CVE-2008-2939
BID : 30560
Other references : OSVDB:47474
Nessus ID : 34433