Advanced Like Crazy

Nessus Report

Report generated by Nessus™

Advanced Like Crazy

Sat, 10 Nov 2018 21:58:47 Pacific Standard Time

TABLE OF CONTENTS
Vulnerabilities by HostExpand All | Collapse All
10.30.10.26
8
4
11
3
144
Critical
High
Medium
Low
Info
Scan Information
Start time: Sat Nov 10 21:58:47 2018
End time: Sat Nov 10 22:19:04 2018
Host Information
IP: 10.30.10.26
MAC Address: 9C:B6:D0:F5:FA:57
OS: Linux Kernel 2.6 on Ubuntu 8.04 (hardy)
Vulnerabilities

51988 - Bind Shell Backdoor Detection
-
Synopsis
The remote host may have been compromised.
Description
A shell is listening on the remote port without any authentication being required. An attacker may use it by connecting to the remote port and sending commands directly.
Solution
Verify if the remote host has been compromised, and reinstall the system if necessary.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Published: 2011/02/15, Modified: 2018/05/16
Plugin Output

tcp/1524


Nessus was able to execute the command "id" using the
following request :



This produced the following truncated output (limited to 10 lines) :
------------------------------ snip ------------------------------
root@metasploitable:/# uid=0(root) gid=0(root) groups=0(root)
root@metasploitable:/#

------------------------------ snip ------------------------------

32314 - Debian OpenSSH/OpenSSL Package Random Number Generator Weakness
-
Synopsis
The remote SSH host keys are weak.
Description
The remote SSH host key has been generated on a Debian or Ubuntu system which contains a bug in the random number generator of its OpenSSL library.

The problem is due to a Debian packager removing nearly all sources of entropy in the remote version of OpenSSL.

An attacker can easily obtain the private part of the remote key and use this to set up decipher the remote session or set up a man in the middle attack.
See Also
Solution
Consider all cryptographic material generated on the remote host to be guessable. In particuliar, all SSH, SSL and OpenVPN key material should be re-generated.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
BID 29179
CVE CVE-2008-0166
XREF CWE:310
Exploitable With
Core Impact (true)
Plugin Information:
Published: 2008/05/14, Modified: 2018/07/30
Plugin Output

tcp/22

32321 - Debian OpenSSH/OpenSSL Package Random Number Generator Weakness (SSL check)
-
Synopsis
The remote SSL certificate uses a weak key.
Description
The remote x509 certificate on the remote SSL server has been generated on a Debian or Ubuntu system which contains a bug in the random number generator of its OpenSSL library.

The problem is due to a Debian packager removing nearly all sources of entropy in the remote version of OpenSSL.

An attacker can easily obtain the private part of the remote key and use this to decipher the remote session or set up a man in the middle attack.
See Also
Solution
Consider all cryptographic material generated on the remote host to be guessable. In particuliar, all SSH, SSL and OpenVPN key material should be re-generated.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
BID 29179
CVE CVE-2008-0166
XREF CWE:310
Exploitable With
Core Impact (true)
Plugin Information:
Published: 2008/05/15, Modified: 2018/07/30
Plugin Output

tcp/25

32321 - Debian OpenSSH/OpenSSL Package Random Number Generator Weakness (SSL check)
-
Synopsis
The remote SSL certificate uses a weak key.
Description
The remote x509 certificate on the remote SSL server has been generated on a Debian or Ubuntu system which contains a bug in the random number generator of its OpenSSL library.

The problem is due to a Debian packager removing nearly all sources of entropy in the remote version of OpenSSL.

An attacker can easily obtain the private part of the remote key and use this to decipher the remote session or set up a man in the middle attack.
See Also
Solution
Consider all cryptographic material generated on the remote host to be guessable. In particuliar, all SSH, SSL and OpenVPN key material should be re-generated.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
BID 29179
CVE CVE-2008-0166
XREF CWE:310
Exploitable With
Core Impact (true)
Plugin Information:
Published: 2008/05/15, Modified: 2018/07/30
Plugin Output

tcp/5432

11356 - NFS Exported Share Information Disclosure
-
Synopsis
It is possible to access NFS shares on the remote host.
Description
At least one of the NFS shares exported by the remote server could be mounted by the scanning host. An attacker may be able to leverage this to read (and possibly write) files on remote host.
Solution
Configure NFS on the remote host so that only authorized hosts can mount its remote shares.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References
Exploitable With
Metasploit (true)
Plugin Information:
Published: 2003/03/12, Modified: 2018/09/17
Plugin Output

udp/2049


The following NFS shares could be mounted :

+ /

33850 - Unix Operating System Unsupported Version Detection
-
Synopsis
The operating system running on the remote host is no longer supported.
Description
According to its self-reported version number, the Unix operating system running on the remote host is no longer supported.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
Solution
Upgrade to a version of the Unix operating system that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Published: 2008/08/08, Modified: 2018/10/24
Plugin Output

tcp/0


Ubuntu 8.04 support ended on 2011-05-12 (Desktop) / 2013-05-09 (Server).
Upgrade to Ubuntu 18.10.

For more information, see : https://wiki.ubuntu.com/Releases

46882 - UnrealIRCd Backdoor Detection
-
Synopsis
The remote IRC server contains a backdoor.
Description
The remote IRC server is a version of UnrealIRCd with a backdoor that allows an attacker to execute arbitrary code on the affected host.
See Also
Solution
Re-download the software, verify it using the published MD5 / SHA1 checksums, and re-install it.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.7 (CVSS2#E:ND/RL:OF/RC:C)
References
Exploitable With
CANVAS (true) Metasploit (true)
Plugin Information:
Published: 2010/06/14, Modified: 2018/06/13
Plugin Output

tcp/6667


The remote IRC server is running as :

uid=0(root) gid=0(root)

61708 - VNC Server 'password' Password
-
Synopsis
A VNC server running on the remote host is secured with a weak password.
Description
The VNC server running on the remote host is secured with a weak password. Nessus was able to login using VNC authentication and a password of 'password'. A remote, unauthenticated attacker could exploit this to take control of the system.
Solution
Secure the VNC service with a strong password.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:
Published: 2012/08/29, Modified: 2015/09/24
Plugin Output

tcp/5900


Nessus logged in using a password of "password".

33447 - Multiple Vendor DNS Query ID Field Prediction Cache Poisoning
-
Synopsis
The remote name resolver (or the server it uses upstream) is affected by a DNS cache poisoning vulnerability.
Description
The remote DNS resolver does not use random ports when making queries to third-party DNS servers. An unauthenticated, remote attacker can exploit this to poison the remote DNS server, allowing the attacker to divert legitimate traffic to arbitrary sites.
See Also
Solution
Contact your DNS server vendor for a patch.
Risk Factor
High
CVSS v3.0 Base Score
9.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS Base Score
9.4 (CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C)
CVSS Temporal Score
7.4 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
BID 30131
CVE CVE-2008-1447
XREF CERT:800113
XREF IAVA:2008-A-0045
XREF EDB-ID:6122
XREF EDB-ID:6123
XREF EDB-ID:6130
Plugin Information:
Published: 2008/07/09, Modified: 2018/08/22
Plugin Output

udp/53


The remote DNS server uses non-random ports for its
DNS requests. An attacker may spoof DNS responses.

List of used ports :

+ DNS Server: 136.26.63.39
|- Port: 49040
|- Port: 49040
|- Port: 49040
|- Port: 49040

34460 - Unsupported Web Server Detection
-
Synopsis
The remote web server is obsolete / unsupported.
Description
According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.
Solution
Remove the service if it is no longer needed. Otherwise, upgrade to a newer version if possible or switch to another server.
Risk Factor
High
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Plugin Information:
Published: 2008/10/21, Modified: 2018/06/29
Plugin Output

tcp/8180


Product : Tomcat
Installed version : 5.5
Support ended : 2012-09-30
Supported versions : 8.5.x / 7.0.x
Additional information : http://tomcat.apache.org/tomcat-55-eol.html

10205 - rlogin Service Detection
-
Synopsis
The rlogin service is running on the remote host.
Description
The rlogin service is running on the remote host. This service is vulnerable since data is passed between the rlogin client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host is vulnerable to TCP sequence number guessing (from any network) or IP spoofing (including ARP hijacking on a local network) then it may be possible to bypass authentication.
Finally, rlogin is an easy way to turn file-write access into full logins through the .rhosts or rhosts.equiv files.
Solution
Comment out the 'login' line in /etc/inetd.conf and restart the inetd process. Alternatively, disable this service and use SSH instead.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Exploitable With
Metasploit (true)
Plugin Information:
Published: 1999/08/30, Modified: 2018/08/13
Plugin Output

tcp/513

10245 - rsh Service Detection
-
Synopsis
The rsh service is running on the remote host.
Description
The rsh service is running on the remote host. This service is vulnerable since data is passed between the rsh client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host is vulnerable to TCP sequence number guessing (from any network) or IP spoofing (including ARP hijacking on a local network) then it may be possible to bypass authentication.
Finally, rsh is an easy way to turn file-write access into full logins through the .rhosts or rhosts.equiv files.
Solution
Comment out the 'rsh' line in /etc/inetd.conf and restart the inetd process. Alternatively, disable this service and use SSH instead.
Risk Factor
High
CVSS Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
References
Exploitable With
Metasploit (true)
Plugin Information:
Published: 1999/08/22, Modified: 2018/08/13
Plugin Output

tcp/514

12085 - Apache Tomcat Default Files
-
Synopsis
The remote web server contains default files.
Description
The default error page, default index page, example JSPs, and/or example servlets are installed on the remote Apache Tomcat server. These files should be removed as they may help an attacker uncover information about the remote Tomcat install or host itself.
See Also
Solution
Delete the default index page and remove the example JSP and servlets. Follow the Tomcat or OWASP instructions to replace or modify the default error page.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
References
XREF CWE:20
XREF CWE:74
XREF CWE:79
XREF CWE:442
XREF CWE:629
XREF CWE:711
XREF CWE:712
XREF CWE:722
XREF CWE:725
XREF CWE:750
XREF CWE:751
XREF CWE:800
XREF CWE:801
XREF CWE:809
XREF CWE:811
XREF CWE:864
XREF CWE:900
XREF CWE:928
XREF CWE:931
XREF CWE:990
Plugin Information:
Published: 2004/03/02, Modified: 2018/01/30
Plugin Output

tcp/8180


The following default files were found :

/tomcat-docs/index.html
/nessus-check/default-404-error-page.html

12217 - DNS Server Cache Snooping Remote Information Disclosure
-
Synopsis
The remote DNS server is vulnerable to cache snooping attacks.
Description
The remote DNS server responds to queries for third-party domains that do not have the recursion bit set.

This may allow a remote attacker to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited.

For instance, if an attacker was interested in whether your company utilizes the online services of a particular financial institution, they would be able to use this attack to build a statistical model regarding company usage of that financial institution. Of course, the attack can also be used to find B2B partners, web-surfing patterns, external mail servers, and more.

Note: If this is an internal DNS server not accessible to outside networks, attacks would be limited to the internal network. This may include employees, consultants and potentially users on a guest network or WiFi connection if supported.
See Also
Solution
Contact the vendor of the DNS software for a fix.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2004/04/27, Modified: 2016/12/06
Plugin Output

udp/53


Nessus sent a non-recursive query for example.com
and received 1 answer :

93.184.216.34

11213 - HTTP TRACE / TRACK Methods Allowed
-
Synopsis
Debugging functions are enabled on the remote web server.
Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.
See Also
Solution
Disable these methods. Refer to the plugin output for more information.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
References
BID 9506
BID 9561
BID 11604
BID 33374
BID 37995
CVE CVE-2003-1567
CVE CVE-2004-2320
CVE CVE-2010-0386
XREF CERT:288308
XREF CERT:867593
XREF CWE:16
XREF CWE:200
Plugin Information:
Published: 2003/01/23, Modified: 2018/09/17
Plugin Output

tcp/80


To disable these methods, add the following lines for each virtual
host in your configuration file :

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule . - [F]

Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2
support disabling the TRACE method natively via the 'TraceEnable'
directive.

Nessus sent the following TRACE request :

------------------------------ snip ------------------------------
TRACE /Nessus606806416.html HTTP/1.1
Connection: Close
Host: 10.30.10.26
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
/
Accept-Language: en
Accept-Charset: iso-8859-1,
,utf-8

------------------------------ snip ------------------------------

and received the following response from the remote server :

------------------------------ snip ------------------------------
HTTP/1.1 200 OK
Date: Sun, 11 Nov 2018 06:07:24 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: message/http


TRACE /Nessus606806416.html HTTP/1.1
Connection: Keep-Alive
Host: 10.30.10.26
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, /
Accept-Language: en
Accept-Charset: iso-8859-1,,utf-8

------------------------------ snip ------------------------------

42256 - NFS Shares World Readable
-
Synopsis
The remote NFS server exports world-readable shares.
Description
The remote NFS server is exporting one or more shares without restricting access (based on hostname, IP, or IP range).
See Also
Solution
Place the appropriate restrictions on all NFS shares.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2009/10/26, Modified: 2018/08/13
Plugin Output

tcp/2049


The following shares have no access restrictions :

/

57608 - SMB Signing not required
-
Synopsis
Signing is not required on the remote SMB server.
Description
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
See Also
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links for further details.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
Plugin Information:
Published: 2012/01/19, Modified: 2018/05/02
Plugin Output

tcp/445

52611 - SMTP Service STARTTLS Plaintext Command Injection
-
Synopsis
The remote mail service allows plaintext command injection while negotiating an encrypted communications channel.
Description
The remote SMTP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase.

Successful exploitation could allow an attacker to steal a victim's email or associated SASL (Simple Authentication and Security Layer) credentials.
See Also
Solution
Contact the vendor to see if an update is available.
Risk Factor
Medium
CVSS Base Score
4.0 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score
3.1 (CVSS2#E:POC/RL:OF/RC:C)
References
Plugin Information:
Published: 2011/03/10, Modified: 2018/07/30
Plugin Output

tcp/25


Nessus sent the following two commands in a single packet :

STARTTLS\r\nRSET\r\n

And the server sent the following two responses :

220 2.0.0 Ready to start TLS
250 2.0.0 Ok

90317 - SSH Weak Algorithms Supported
-
Synopsis
The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all.
Description
Nessus has detected that the remote SSH server is configured to use the Arcfour stream cipher or no cipher at all. RFC 4253 advises against using Arcfour due to an issue with weak keys.
See Also
Solution
Contact the vendor or consult product documentation to remove the weak ciphers.
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:
Published: 2016/04/04, Modified: 2016/12/14
Plugin Output

tcp/22


The following weak server-to-client encryption algorithms are supported :

arcfour
arcfour128
arcfour256

The following weak client-to-server encryption algorithms are supported :

arcfour
arcfour128
arcfour256

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information:
Published: 2010/04/03, Modified: 2017/06/05
Plugin Output

tcp/25


The identities known by Nessus are :

10.30.10.26
10.30.10.26

The Common Name in the certificate is :

ubuntu804-base.localdomain

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information:
Published: 2010/04/03, Modified: 2017/06/05
Plugin Output

tcp/5432


The identities known by Nessus are :

10.30.10.26
10.30.10.26

The Common Name in the certificate is :

ubuntu804-base.localdomain

90509 - Samba Badlock Vulnerability
-
Synopsis
An SMB server running on the remote host is affected by the Badlock vulnerability.
Description
The version of Samba, a CIFS/SMB server for Linux and Unix, running on the remote host is affected by a flaw, known as Badlock, that exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over Remote Procedure Call (RPC) channels. A man-in-the-middle attacker who is able to able to intercept the traffic between a client and a server hosting a SAM database can exploit this flaw to force a downgrade of the authentication level, which allows the execution of arbitrary Samba network calls in the context of the intercepted user, such as viewing or modifying sensitive security data in the Active Directory (AD) database or disabling critical services.
See Also
Solution
Upgrade to Samba version 4.2.11 / 4.3.8 / 4.4.2 or later.
Risk Factor
Medium
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
References
BID 86002
CVE CVE-2016-2118
XREF CERT:813296
Plugin Information:
Published: 2016/04/13, Modified: 2018/07/27
Plugin Output

tcp/445


Nessus detected that the Samba Badlock patch has not been applied.

42263 - Unencrypted Telnet Server
-
Synopsis
The remote Telnet server transmits traffic in cleartext.
Description
The remote host is running a Telnet server over an unencrypted channel.

Using Telnet over an unencrypted channel is not recommended as logins, passwords, and commands are transferred in cleartext. This allows a remote, man-in-the-middle attacker to eavesdrop on a Telnet session to obtain credentials or other sensitive information and to modify traffic exchanged between a client and server.

SSH is preferred over Telnet since it protects credentials from eavesdropping and can tunnel additional data streams such as an X11 session.
Solution
Disable the Telnet service and use SSH instead.
Risk Factor
Medium
CVSS Base Score
5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
Plugin Information:
Published: 2009/10/27, Modified: 2015/10/21
Plugin Output

tcp/23


Nessus collected the following banner from the remote Telnet server :

------------------------------ snip ------------------------------
_

| | __ | | () |_ | | | | | \
| '
` \ / \
/ ` / __| ' | |/ | | __/ | '_ \| |/ _ \ __) | <br>| | | | | | __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | | __// __/ <br>|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____| <br> |_| <br> <br> <br>Warning: Never expose this VM to an untrusted network! <br> <br>Contact: msfdev[at]metasploit.com <br> <br>Login with msfadmin/msfadmin to get started <br> <br> <br>metasploitable login: <br>------------------------------ snip ------------------------------<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm399290516" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #3fae49; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm399290516-container');" onmouseover="this.style.cursor='pointer'">70658 - SSH Server CBC Mode Ciphers Enabled<div id="idm399290516-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm399290516-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The SSH server is configured to use Cipher Block Chaining.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. <br> <br>Note that this plugin only checks for the options of the SSH server and does not check for vulnerable software versions.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Low<div class="clear"></div> </div> <div class="details-header">CVSS Base Score<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)<div class="clear"></div> </div> <div class="details-header">CVSS Temporal Score<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">1.9 (CVSS2#E:U/RL:OF/RC:C)<div class="clear"></div> </div> <div class="details-header">References<div class="clear"></div> </div> <div id="idm399286164" style="display: block;" class="table-wrapper see-also"> <table cellpadding="0" cellspacing="0"> <thead><tr> <th width="15%"></th> <th width="85%"></th> </tr></thead> <tbody> <tr class=""> <td class="#ffffff">BID</td> <td class="#ffffff"><a href="http://www.securityfocus.com/bid/32319" target="_blank">32319</a></td> </tr> <tr class=""> <td class="#ffffff">CVE</td> <td class="#ffffff"><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5161" target="_blank">CVE-2008-5161</a></td> </tr> <tr class=""> <td class="#ffffff">XREF</td> <td class="#ffffff">CERT:958563</td> </tr> <tr class=""> <td class="#ffffff">XREF</td> <td class="#ffffff"><a href="http://cwe.mitre.org/data/definitions/200" target="_blank">CWE:200</a></td> </tr> </tbody> </table> <div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2013/10/28, Modified: 2018/07/30<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/22</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>The following client-to-server Cipher Block Chaining (CBC) algorithms<br>are supported : <br> <br> 3des-cbc<br> aes128-cbc<br> aes192-cbc<br> aes256-cbc<br> blowfish-cbc<br> cast128-cbc<br> rijndael-cbc@lysator.liu.se<br> <br>The following server-to-client Cipher Block Chaining (CBC) algorithms<br>are supported : <br> <br> 3des-cbc<br> aes128-cbc<br> aes192-cbc<br> aes256-cbc<br> blowfish-cbc<br> cast128-cbc<br> rijndael-cbc@lysator.liu.se<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <div xmlns="" id="idm399267860" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #3fae49; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm399267860-container');" onmouseover="this.style.cursor='pointer'">71049 - SSH Weak MAC Algorithms Enabled<div id="idm399267860-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm399267860-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The remote SSH server is configured to allow MD5 and 96-bit MAC algorithms.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The remote SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak.<br> <br>Note that this plugin only checks for the options of the SSH server, and it does not check for vulnerable software versions.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Low<div class="clear"></div> </div> <div class="details-header">CVSS Base Score<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2013/11/22, Modified: 2016/12/14<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/22</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>The following client-to-server Message Authentication Code (MAC) algorithms<br>are supported : <br> <br> hmac-md5<br> hmac-md5-96<br> hmac-sha1-96<br> <br>The following server-to-client Message Authentication Code (MAC) algorithms<br>are supported : <br> <br> hmac-md5<br> hmac-md5-96<br> hmac-sha1-96<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm399259796" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #3fae49; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm399259796-container');" onmouseover="this.style.cursor='pointer'">10407 - X Server Detection<div id="idm399259796-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm399259796-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">An X11 server is listening on the remote host<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The remote host is running an X11 server. X11 is a client-server protocol that can be used to display graphical applications running on a given host on a remote client. <br> <br>Since the X11 traffic is not ciphered, it is possible for an attacker to eavesdrop on the connection.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Restrict access to this port. If the X11 client/server facility is not used, disable TCP support in X11 entirely (-nolisten tcp).<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Low<div class="clear"></div> </div> <div class="details-header">CVSS Base Score<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2000/05/12, Modified: 2013/01/25<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/6000</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>X11 Version : 11.0<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm399244052" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm399244052-container');" onmouseover="this.style.cursor='pointer'">21186 - AJP Connector Detection<div id="idm399244052-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm399244052-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">There is an AJP connector listening on the remote host.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The remote host is running an AJP (Apache JServ Protocol) connector, a service by which a standalone web server such as Apache communicates over TCP with a Java servlet container such as Tomcat.<div class="clear"></div> </div> <div class="details-header">See Also<div class="clear"></div> </div> <div id="idm399244308" style="display: block;" class="table-wrapper see-also"> <table cellpadding="0" cellspacing="0"> <thead><tr><th width="100%"></th></tr></thead> <tbody> <tr class=""><td class="#ffffff"><a href="http://tomcat.apache.org/connectors-doc/" target="_blank">http://tomcat.apache.org/connectors-doc/</a></td></tr> <tr class=""><td class="#ffffff"><a href="http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html" target="_blank">http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html</a></td></tr> </tbody> </table> <div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2006/04/05, Modified: 2011/03/11<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/8009</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>The connector listing on this port supports the ajp13 protocol.<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm399301268" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm399301268-container');" onmouseover="this.style.cursor='pointer'">18261 - Apache Banner Linux Distribution Disclosure<div id="idm399301268-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm399301268-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The name of the Linux distribution running on the remote host was found in the banner of the web server.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Nessus was able to extract the banner of the Apache web server and determine which Linux distribution the remote host is running.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">If you do not wish to display this information, edit 'httpd.conf' and set the directive 'ServerTokens Prod' and restart Apache.<br>n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2005/05/15, Modified: 2017/03/13<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/0</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>The Linux distribution detected was : <br> - Ubuntu 8.04 (gutsy)<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400328580" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400328580-container');" onmouseover="this.style.cursor='pointer'">48204 - Apache HTTP Server Version<div id="idm400328580-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400328580-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">It is possible to obtain the version number of the remote Apache HTTP server.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner.<div class="clear"></div> </div> <div class="details-header">See Also<div class="clear"></div> </div> <div id="idm400330244" style="display: block;" class="table-wrapper see-also"> <table cellpadding="0" cellspacing="0"> <thead><tr><th width="100%"></th></tr></thead> <tbody><tr class=""><td class="#ffffff"><a href="https://httpd.apache.org/" target="_blank">https://httpd.apache.org/</a></td></tr></tbody> </table> <div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2010/07/30, Modified: 2018/07/31<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/80</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br> URL : http://10.30.10.26/<br> Version : 2.2.99<br> backported : 1<br> modules : DAV/2<br> os : ConvertedUbuntu<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400320260" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400320260-container');" onmouseover="this.style.cursor='pointer'">39446 - Apache Tomcat Detection<div id="idm400320260-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400320260-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The remote web server is an Apache Tomcat server.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Nessus was able to detect a remote Apache Tomcat web server.<div class="clear"></div> </div> <div class="details-header">See Also<div class="clear"></div> </div> <div id="idm400319620" style="display: block;" class="table-wrapper see-also"> <table cellpadding="0" cellspacing="0"> <thead><tr><th width="100%"></th></tr></thead> <tbody><tr class=""><td class="#ffffff"><a href="https://tomcat.apache.org/" target="_blank">https://tomcat.apache.org/</a></td></tr></tbody> </table> <div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2009/06/18, Modified: 2018/08/30<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/8180</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br> URL : http://10.30.10.26:8180/<br> Version : 5.5<br> backported : 0<br> source : &lt;title&gt;Apache Tomcat/5.5<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400313476" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400313476-container');" onmouseover="this.style.cursor='pointer'">21745 - Authentication Failure - Local Checks Not Run<div id="idm400313476-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400313476-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The local security checks are disabled.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Local security checks have been disabled for this host because either the credentials supplied in the scan policy did not allow Nessus to log into it or some other problem occurred.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Address the problem(s) so that local security checks are enabled.<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2006/06/23, Modified: 2018/11/02<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/0</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>The following service errors were logged :<br> <br> - Plugin : ssh_get_info2.nasl<br> Plugin ID : 97993<br> Plugin Name : OS Identification and Installed Software Enumeration over SSH v2 (Using New SSH Library)<br> Protocol : SSH<br> Message : <br>Unable to login to remote host with supplied credential sets.<br>Errors:<br> - open_connection() failed on previously successful connection: Failed to open a socket on port 22.<br> <br> - Plugin : ssh_get_info.nasl<br> Plugin ID : 12634<br> Plugin Name : Authenticated Check : OS Name and Installed Package Enumeration<br> Protocol : SSH<br> Message : <br>ssh_open_connection: Failed to open a socket on port 22.<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400295940" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400295940-container');" onmouseover="this.style.cursor='pointer'">117885 - Authentication Success with Intermittent Failure<div id="idm400295940-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400295940-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Nessus was able to log in to the remote host using the provided credentials, but there were intermittent authentication failures.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Nessus was able to successfully authenticate to the remote host at least once using credentials provided in the scan policy.<br> <br>However, one or more plugins failed to authenticate to the remote host on the same port and protocol using the same credential set that was previously successful. This may indicate an intermittent authentication problem with the remote host, which could be caused by session rate limits, session concurrency limits, or other issues preventing consistent authentication success.<br> <br>These intermittent authentication failures may have affected the results of some plugins. See plugin output for failure details.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2018/10/02, Modified: 2018/10/02<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/22</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>Nessus was able to successfully log in to the remote host as<br>user "msfadmin" on port 22 via the SSH protocol.<br> <br>Successful authentication was reported by the following plugin :<br> <br> Plugin : netstat_portscan.nasl<br> Plugin ID : 14272<br> Plugin Name : Netstat Portscanner (SSH)<br> <br>However, one or more subsequent plugins failed to authenticate to the<br>remote host on the same port and protocol using the same credential<br>set that previously succeeded. This may indicate an intermittent<br>authentication problem with the remote host which may have affected<br>the results of the following plugins.<br> <br>Failure Details :<br> <br> - Plugin : ssh_get_info2.nasl<br> Plugin ID : 97993<br> Plugin Name : OS Identification and Installed Software Enumeration over SSH v2 (Using New SSH Library)<br> Message : <br>open_connection() failed on previously successful connection: Failed to open a socket on port 22.<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400294020" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400294020-container');" onmouseover="this.style.cursor='pointer'">84574 - Backported Security Patch Detection (PHP)<div id="idm400294020-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400294020-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Security patches have been backported.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Security patches may have been 'backported' to the remote PHP install without changing its version number.<br> <br>Banner-based checks have been disabled to avoid false positives.<br> <br>Note that this test is informational only and does not denote any security problem.<div class="clear"></div> </div> <div class="details-header">See Also<div class="clear"></div> </div> <div id="idm400278532" style="display: block;" class="table-wrapper see-also"> <table cellpadding="0" cellspacing="0"> <thead><tr><th width="100%"></th></tr></thead> <tbody><tr class=""><td class="#ffffff"><a href="https://access.redhat.com/security/updates/backporting/?sc_cid=3093" target="_blank">https://access.redhat.com/security/updates/backporting/?sc_cid=3093</a></td></tr></tbody> </table> <div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2015/07/07, Modified: 2015/07/07<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/80</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>Give Nessus credentials to perform local checks.<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400280580" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400280580-container');" onmouseover="this.style.cursor='pointer'">39520 - Backported Security Patch Detection (SSH)<div id="idm400280580-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400280580-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Security patches are backported.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Security patches may have been 'backported' to the remote SSH server without changing its version number. <br> <br>Banner-based checks have been disabled to avoid false positives. <br> <br>Note that this test is informational only and does not denote any security problem.<div class="clear"></div> </div> <div class="details-header">See Also<div class="clear"></div> </div> <div id="idm400273668" style="display: block;" class="table-wrapper see-also"> <table cellpadding="0" cellspacing="0"> <thead><tr><th width="100%"></th></tr></thead> <tbody><tr class=""><td class="#ffffff"><a href="https://access.redhat.com/security/updates/backporting/?sc_cid=3093" target="_blank">https://access.redhat.com/security/updates/backporting/?sc_cid=3093</a></td></tr></tbody> </table> <div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2009/06/25, Modified: 2015/07/07<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/22</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>Give Nessus credentials to perform local checks.<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400262916" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400262916-container');" onmouseover="this.style.cursor='pointer'">39521 - Backported Security Patch Detection (WWW)<div id="idm400262916-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400262916-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Security patches are backported.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Security patches may have been 'backported' to the remote HTTP server without changing its version number.<br> <br>Banner-based checks have been disabled to avoid false positives.<br> <br>Note that this test is informational only and does not denote any security problem.<div class="clear"></div> </div> <div class="details-header">See Also<div class="clear"></div> </div> <div id="idm400263812" style="display: block;" class="table-wrapper see-also"> <table cellpadding="0" cellspacing="0"> <thead><tr><th width="100%"></th></tr></thead> <tbody><tr class=""><td class="#ffffff"><a href="https://access.redhat.com/security/updates/backporting/?sc_cid=3093" target="_blank">https://access.redhat.com/security/updates/backporting/?sc_cid=3093</a></td></tr></tbody> </table> <div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2009/06/25, Modified: 2015/07/07<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/80</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>Give Nessus credentials to perform local checks.<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400256132" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400256132-container');" onmouseover="this.style.cursor='pointer'">45590 - Common Platform Enumeration (CPE)<div id="idm400256132-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400256132-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">It was possible to enumerate CPE names that matched on the remote system.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. <br> <br>Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.<div class="clear"></div> </div> <div class="details-header">See Also<div class="clear"></div> </div> <div id="idm400261380" style="display: block;" class="table-wrapper see-also"> <table cellpadding="0" cellspacing="0"> <thead><tr><th width="100%"></th></tr></thead> <tbody> <tr class=""><td class="#ffffff"><a href="http://cpe.mitre.org/" target="_blank">http://cpe.mitre.org/</a></td></tr> <tr class=""><td class="#ffffff"><a href="https://nvd.nist.gov/products/cpe" target="_blank">https://nvd.nist.gov/products/cpe</a></td></tr> </tbody> </table> <div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2010/04/21, Modified: 2017/06/06<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/0</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>The remote operating system matched the following CPE : <br> <br> cpe:/o:canonical:ubuntu_linux:8.04<br> <br>Following application CPE's matched on the remote system :<br> <br> cpe:/a:openbsd:openssh:4.7 -&gt; OpenBSD OpenSSH 4.7<br> cpe:/a:samba:samba:3.0.20 -&gt; Samba 3.0.20<br> cpe:/a:apache:http_server:2.2.8 -&gt; Apache Software Foundation Apache HTTP Server 2.2.8<br> cpe:/a:php:php:5.2.4 -&gt; PHP 5.2.4<br> cpe:/a:isc:bind:9.4.<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400250884" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400250884-container');" onmouseover="this.style.cursor='pointer'">10028 - DNS Server BIND version Directive Remote Version Detection<div id="idm400250884-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400250884-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">It is possible to obtain the version number of the remote DNS server.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The remote host is running BIND or another DNS server that reports its version number when it receives a special request for the text 'version.bind' in the domain 'chaos'. <br> <br>This version is not necessarily accurate and could even be forged, as some DNS servers send the information based on a configuration file.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">It is possible to hide the version number of BIND by using the 'version' directive in the 'options' section in named.conf.<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 1999/10/12, Modified: 2018/08/09<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>udp/53</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br> Version : 9.4.2<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <div xmlns="" id="idm400240772" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400240772-container');" onmouseover="this.style.cursor='pointer'">35373 - DNS Server DNSSEC Aware Resolver<div id="idm400240772-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400240772-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The remote DNS resolver is DNSSEC-aware.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The remote DNS resolver accepts DNSSEC options. This means that it may verify the authenticity of DNSSEC protected zones if it is configured to trust their keys.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2009/01/15, Modified: 2013/11/21<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>udp/53</h2> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400235396" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400235396-container');" onmouseover="this.style.cursor='pointer'">11002 - DNS Server Detection<div id="idm400235396-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400235396-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">A DNS server is listening on the remote host.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.<div class="clear"></div> </div> <div class="details-header">See Also<div class="clear"></div> </div> <div id="idm400225668" style="display: block;" class="table-wrapper see-also"> <table cellpadding="0" cellspacing="0"> <thead><tr><th width="100%"></th></tr></thead> <tbody><tr class=""><td class="#ffffff"><a href="https://en.wikipedia.org/wiki/Domain_Name_System" target="_blank">https://en.wikipedia.org/wiki/Domain_Name_System</a></td></tr></tbody> </table> <div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2003/02/13, Modified: 2017/05/16<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/53</h2> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400221444" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400221444-container');" onmouseover="this.style.cursor='pointer'">11002 - DNS Server Detection<div id="idm400221444-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400221444-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">A DNS server is listening on the remote host.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP addresses.<div class="clear"></div> </div> <div class="details-header">See Also<div class="clear"></div> </div> <div id="idm400216196" style="display: block;" class="table-wrapper see-also"> <table cellpadding="0" cellspacing="0"> <thead><tr><th width="100%"></th></tr></thead> <tbody><tr class=""><td class="#ffffff"><a href="https://en.wikipedia.org/wiki/Domain_Name_System" target="_blank">https://en.wikipedia.org/wiki/Domain_Name_System</a></td></tr></tbody> </table> <div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2003/02/13, Modified: 2017/05/16<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>udp/53</h2> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400214404" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400214404-container');" onmouseover="this.style.cursor='pointer'">72779 - DNS Server Version Detection<div id="idm400214404-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400214404-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Nessus was able to obtain version information on the remote DNS server.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Nessus was able to obtain version information by sending a special TXT record query to the remote host.<br> <br>Note that this version is not necessarily accurate and could even be forged, as some DNS servers send the information based on a configuration file.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2014/03/03, Modified: 2014/11/05<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/53</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>DNS server answer for "version.bind" (over TCP) :<br> <br> 9.4.2<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm400208004" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm400208004-container');" onmouseover="this.style.cursor='pointer'">35371 - DNS Server hostname.bind Map Hostname Disclosure<div id="idm400208004-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm400208004-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The DNS server discloses the remote host name.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">It is possible to learn the remote host name by querying the remote DNS server for 'hostname.bind' in the CHAOS domain.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">It may be possible to disable this feature. Consult the vendor's documentation for more information.<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2009/01/15, Modified: 2011/09/14<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>udp/53</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>The remote host name is :<br> <br>metasploitable<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm340554884" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm340554884-container');" onmouseover="this.style.cursor='pointer'">54615 - Device Type<div id="idm340554884-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm340554884-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">It is possible to guess the remote device type.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2011/05/23, Modified: 2011/05/23<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/0</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">Remote device type : general-purpose<br>Confidence level : 95<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <div xmlns="" id="idm340547844" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm340547844-container');" onmouseover="this.style.cursor='pointer'">35716 - Ethernet Card Manufacturer Detection<div id="idm340547844-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm340547844-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">The manufacturer can be identified from the Ethernet OUI.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered by IEEE.<div class="clear"></div> </div> <div class="details-header">See Also<div class="clear"></div> </div> <div id="idm340548484" style="display: block;" class="table-wrapper see-also"> <table cellpadding="0" cellspacing="0"> <thead><tr><th width="100%"></th></tr></thead> <tbody> <tr class=""><td class="#ffffff"><a href="http://standards.ieee.org/faqs/regauth.html" target="_blank">http://standards.ieee.org/faqs/regauth.html</a></td></tr> <tr class=""><td class="#ffffff"><a href="http://www.nessus.org/u?794673b4" target="_blank">http://www.nessus.org/u?794673b4</a></td></tr> </tbody> </table> <div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2009/02/19, Modified: 2017/11/17<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/0</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>The following card manufacturers were identified :<br> <br>9C:B6:D0:F5:FA:57 : Rivet Networks<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <div xmlns="" id="idm340537348" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm340537348-container');" onmouseover="this.style.cursor='pointer'">86420 - Ethernet MAC Addresses<div id="idm340537348-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm340537348-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">This plugin gathers MAC addresses from various sources and consolidates them into a list.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios) and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and uniform list.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2015/10/16, Modified: 2018/08/13<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/0</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">The following is a consolidated list of detected MAC addresses:<br> - 9C:B6:D0:F5:FA:57<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm340528388" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm340528388-container');" onmouseover="this.style.cursor='pointer'">10092 - FTP Server Detection<div id="idm340528388-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm340528388-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">An FTP server is listening on a remote port.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">It is possible to obtain the banner of the remote FTP server by connecting to a remote port.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 1999/10/12, Modified: 2018/10/02<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/21</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>The remote FTP banner is :<br> <br>220 (vsFTPd 2.3.4) <div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm340518404" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm340518404-container');" onmouseover="this.style.cursor='pointer'">43111 - HTTP Methods Allowed (per directory)<div id="idm340518404-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm340518404-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">This plugin determines which HTTP methods are allowed on various CGI directories.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. <br> <br>As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'<br>in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. <br> <br>Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2009/12/10, Modified: 2018/06/11<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/80</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>Based on tests of each method : <br> <br> - HTTP methods GET HEAD OPTIONS POST TRACE are allowed on : <br> <br> /<br> <div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm340516740" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm340516740-container');" onmouseover="this.style.cursor='pointer'">43111 - HTTP Methods Allowed (per directory)<div id="idm340516740-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm340516740-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">This plugin determines which HTTP methods are allowed on various CGI directories.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. <br> <br>As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'<br>in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. <br> <br>Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2009/12/10, Modified: 2018/06/11<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/8180</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>Based on tests of each method : <br> <br> - HTTP methods GET HEAD OPTIONS POST are allowed on : <br> <br> /<br> <div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm340497412" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm340497412-container');" onmouseover="this.style.cursor='pointer'">10107 - HTTP Server Type and Version<div id="idm340497412-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm340497412-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">A web server is running on the remote host.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">This plugin attempts to determine the type and the version of the remote web server.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2000/01/04, Modified: 2018/09/13<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/80</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">The remote web server type is :<br> <br>Apache/2.2.8 (Ubuntu) DAV/2<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm340496260" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm340496260-container');" onmouseover="this.style.cursor='pointer'">10107 - HTTP Server Type and Version<div id="idm340496260-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm340496260-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">A web server is running on the remote host.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">This plugin attempts to determine the type and the version of the remote web server.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2000/01/04, Modified: 2018/09/13<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/8180</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">The remote web server type is :<br> <br>Apache-Coyote/1.1<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm340489476" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm340489476-container');" onmouseover="this.style.cursor='pointer'">24260 - HyperText Transfer Protocol (HTTP) Information<div id="idm340489476-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm340489476-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Some information about the remote HTTP configuration can be extracted.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... <br> <br>This test is informational only and does not denote any security problem.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2007/01/30, Modified: 2017/11/13<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/80</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>Response Code : HTTP/1.1 200 OK <br> <br>Protocol version : HTTP/1.1<br>SSL : no<br>Keep-Alive : yes<br>Options allowed : (Not implemented)<br>Headers :<br> <br> Date: Sun, 11 Nov 2018 06:07:04 GMT<br> Server: Apache/2.2.8 (Ubuntu) DAV/2<br> X-Powered-By: PHP/5.2.4-2ubuntu5.10<br> Content-Length: 891<br> Keep-Alive: timeout=15, max=100<br> Connection: Keep-Alive<br> Content-Type: text/html<br> <br>Response Body :<br> <br>&lt;html&gt;&lt;head&gt;&lt;title&gt;Metasploitable2 - Linux&lt;/title&gt;&lt;/head&gt;&lt;body&gt;<br>&lt;pre&gt;<br> <br> _ _ _ _ _ _ ____ <br> _ __ ___ ___| |_ __ _ ___ _ __ | | ___ (_) |_ __ _| |__ | | ___|___ \ <br>| '_ \ / \ / _` / | ' | |/ | | / ` | ' | |/ _ \ ) |
| | | | | | / || (_| \ \ |) | | () | | || (| | |) | | // /
|| || ||__|___,|_/ ./||__/||____,|.__/||_|___|
|_|


Warning: Never expose this VM to an untrusted network!

Contact: msfdev[at]metasploit.com

Login with msfadmin/msfadmin to get started


</pre>
<ul>
<li><a href="/twiki/">TWiki</a></li>
<li><a href="/phpMyAdmin/">phpMyAdmin</a></li>
<li><a href="/mutillidae/">Mutillidae</a></li>
<li><a href="/dvwa/">DVWA</a></li>
<li><a href="/dav/">WebDAV</a></li>
</ul>
</body>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/01/30, Modified: 2017/11/13
Plugin Output

tcp/8180


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Headers :

Server: Apache-Coyote/1.1
Content-Type: text/html;charset=ISO-8859-1
Date: Sun, 11 Nov 2018 06:07:04 GMT
Connection: close

Response Body :

<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Apache Tomcat/5.5</title>
<style type="text/css">
/<![CDATA[/
body {
color: #000000;
background-color: #FFFFFF;
font-family: Arial, "Times New Roman", Times, serif;
margin: 10px 0px;
}

img {
border: none;
}

a:link, a:visited {
color: blue
}

th {
font-family: Verdana, "Times New Roman", Times, serif;
font-size: 110%;
font-weight: normal;
font-style: italic;
background: #D2A41C;
text-align: left;
}

td {
color: #000000;
font-family: Arial, Helvetica, sans-serif;
}

td.menu {
background: #FFDC75;
}

.center {
text-align: center;
}

.code {
color: #000000;
font-family: "Courier New", Courier, monospace;
font-size: 110%;
margin-left: 2.5em;
}

#banner {
margin-bottom: 12px;
}

p#congrats {
margin-top: 0;
font-weight: bold;
text-align: center;
}

p#footer {
text-align: right;
font-size: 80%;
}
/]]>/
</style>
</head>

<body>

<!-- Header -->
<table id="banner" width="100%">
<tr>
<td align="left" style="width:130px">
<a href="http://tomcat.apache.org/"&gt;
<img src="tomcat.gif" height="92" width="130" alt="The Mighty Tomcat - MEOW!"/>
</a>
</td>
<td align="left" valign="top"><b>Apache Tomcat/5.5</b></td>
<td align="right">
<a href="http://www.apache.org/"&gt;
<img src="asf-logo-wide.gif" height="51" width="537" alt="The Apache Software Foundation"/>
</a>
</td>
</tr>
</table>

<table>
<tr>

<!-- Table of Contents -->
<td valign="top">
<table width="100%" border="1" cellspacing="0" cellpadding="3">
<tr>
<th>Administration</th>
</tr>
<tr>
<td class="menu">
<a href="manager/status">Status</a><br/>
<a href="admin">Tomcat&nbsp;Administration</a><br/>
<a href="manager/html">Tomcat&nbsp;Manager</a><br/>
&nbsp;
</td>
</tr>
</table>

<br />
<table width="100%" border="1" cellspacing="0" cellpadding="3">
<tr>
<th>Documentation</th>
</tr>
<tr>
<td class="menu">
<a href="RELEASE-NOTES.txt">Release&nbsp;Notes</a><br/>
<a href="tomcat-docs/changelog.html">Change&nbsp;Log</a><br/>
<a href="tomcat-docs">Tomcat&nbsp;Documentation</a><br/> &nbsp;
&nbsp;
</td>
</tr>
</table>

<br/>
<table width="100%" border="1" cellspacing="0" cellpadding="3">
<tr>
<th>Tomcat Online</th>
</tr>
<tr>
<td class="menu">
<a href="http://tomcat.apache.org/">Home&nbsp;Page</a><br/&gt;
<a href="http://tomcat.apache.org/faq/">FAQ</a><br/&gt;
<a href="http://tomcat.apache.org/bugreport.html">Bug&nbsp;Database</a><br/&gt;
<a href="http://issues.apache.org/bugzilla/buglist.cgi?bug_status=UNCONFIRMED&amp;bug_status=NEW&amp;bug_status=ASSIGNED&amp;bug_status=REOPENED&amp;bug_status=RESOLVED&amp;resolution=LATER&amp;resolution=REMIND&amp;resolution=---&amp;bugidtype=include&amp;product=Tomcat+5&amp;cmdtype=doit&amp;order=Importance">Open Bugs</a><br/>
<a href="http://mail-archives.apache.org/mod_mbox/tomcat-users/">Users&nbsp;Mailing&nbsp;List</a><br/&gt;
<a href="http://mail-archives.apache.org/mod_mbox/tomcat-dev/">Developers&nbsp;Mailing&nbsp;List</a><br/&gt;
<a href="irc://irc.freenode.net/#tomcat">IRC</a><br/>
&nbsp;
</td>
</tr>
</table>

<br/>
<table width="100%" border="1" cellspacing="0" cellpadding="3">
<tr>
<th>Examples</th>
</tr>
<tr>
<td class="menu">
<a href="jsp-examples/">JSP&nbsp;Examples</a><br/>
<a href="servlets-examples/">Servlet&nbsp;Examples</a><br/>
<a href="webdav/">WebDAV&nbsp;capabilities</a><br/>
&nbsp;
</td>
</tr>
</table>

<br/>
<table width="100%" border="1" cellspacing="0" cellpadding="3">
<tr>
<th>Miscellaneous</th>
</tr>
<tr>
<td class="menu">
<a href="http://java.sun.com/products/jsp">Sun's&nbsp;Java&nbsp;Server&nbsp;Pages&nbsp;Site</a><br/&gt;
<a href="http://java.sun.com/products/servlet">Sun's&nbsp;Servlet&nbsp;Site</a><br/&gt;
&nbsp;
</td>
</tr>
</table>
</td>

<td style="width:20px">&nbsp;</td>

<!-- Body -->
<td align="left" valign="top">
<p id="congrats">If you're seeing this page via a web browser, it means you've setup Tomcat successfully. Congratulations!</p>

<p>As you may have guessed by now, this is the default Tomcat home page. It can be found on the local filesystem at:</p>
<p class="code">$CATALINA_HOME/webapps/ROOT/index.jsp</p>

<p>where "$CATALINA_HOME" is the root of the Tomcat installation directory. If you're seeing this page, and you don't think you should be, then either you're either a user who has arrived at new installation of Tomcat, or you're an administrator who hasn't got his/her setup quite right. Providing the latter is the case, please refer to the <a href="tomcat-docs">Tomcat Documentation</a> for more detailed setup and administration information than is found in the INSTALL file.</p>

<p><b>NOTE:</b> This page is precompiled. If you change it, this page will not change since
it was compiled into a servlet at build time.
(See <tt>$CATALINA_HOME/webapps/ROOT/WEB-INF/web.xml</tt> as to how it was mapped.)
</p>

<p><b>NOTE: For security reasons, using the administration webapp
is restricted to users with role "admin". The manager webapp
is restricted to users with role "manager".</b>
Users are defined in <code>$CATALINA_HOME/conf/tomcat-users.xml</code>.</p>

<p>Included with this release are a host of sample Servlets and JSPs (with associated source code), extensive documentation (including the Servlet 2.4 and JSP 2.0 API JavaDoc), and an introductory guide to developing web applications.</p>

<p>Tomcat mailing lists are available at the Tomcat project web site:</p>

<ul>
<li><b><a href="mailto:users@tomcat.apache.org">users@tomcat.apache.org</a></b> for general questions related to configuring and using Tomcat</li>
<li><b><a href="mailto:dev@tomcat.apache.org">dev@tomcat.apache.org</a></b> for developers working on Tomcat</li>
</ul>

<p>Thanks for using Tomcat!</p>

<p id="footer"><img src="tomcat-power.gif" width="77" height="80" alt="Powered by Tomcat"/><br/>
&nbsp;

Copyright &copy; 1999-2005 Apache Software Foundation<br/>
All Rights Reserved
</p>
</td>

</tr>
</table>

</body>
</html>

10114 - ICMP Timestamp Request Remote Date Disclosure
-
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
Plugin Information:
Published: 1999/08/01, Modified: 2018/08/10
Plugin Output

icmp/0

The difference between the local and remote clocks is 3 seconds.

14788 - IP Protocols Scan
-
Synopsis
This plugin detects the protocols understood by the remote IP stack.
Description
This plugin detects the protocols understood by the remote IP stack.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/09/22, Modified: 2014/03/11
Plugin Output

tcp/0

The following IP protocols are accepted on this host:
1 ICMP
2 IGMP
6 TCP
17 UDP
136 UDPLite

11156 - IRC Daemon Version Detection
-
Synopsis
The remote host is an IRC server.
Description
This plugin determines the version of the IRC daemon.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/11/19, Modified: 2016/01/08
Plugin Output

tcp/6667

The IRC server version is : Unreal3.2.8.1. FhiXOoE [=2309]

11156 - IRC Daemon Version Detection
-
Synopsis
The remote host is an IRC server.
Description
This plugin determines the version of the IRC daemon.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/11/19, Modified: 2016/01/08
Plugin Output

tcp/6697

The IRC server version is : Unreal3.2.8.1. FhiXOoE [=2309]

10397 - Microsoft Windows SMB LanMan Pipe Server Listing Disclosure
-
Synopsis
It is possible to obtain network information.
Description
It was possible to obtain the browse list of the remote Windows system by sending a request to the LANMAN pipe. The browse list is the list of the nearest Windows systems of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/05/09, Modified: 2018/09/13
Plugin Output

tcp/445


Here is the browse list of the remote host :

METASPLOITABLE ( os : 0.0 )
10394 - Microsoft Windows SMB Log In Possible
-
Synopsis
It was possible to log into the remote host.
Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts :

- NULL session
- Guest account
- Supplied credentials
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2000/05/09, Modified: 2018/10/02
Plugin Output

tcp/445

- NULL sessions are enabled on the remote host.
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
-
Synopsis
It was possible to obtain information about the remote operating system.
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB1 to be enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/10/17, Modified: 2017/11/30
Plugin Output

tcp/445

The remote Operating System is : Unix
The remote native LAN manager is : Samba 3.0.20-Debian
The remote SMB Domain Name is : METASPLOITABLE

11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/06/05, Modified: 2015/06/02
Plugin Output

tcp/139


An SMB server is running on this port.

11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/06/05, Modified: 2015/06/02
Plugin Output

tcp/445


A CIFS server is running on this port.
100871 - Microsoft Windows SMB Versions Supported (remote check)
-
Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445.

Note that this plugin is a remote check and does not work on agents.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2017/06/19, Modified: 2017/06/19
Plugin Output

tcp/445


The remote host supports the following versions of SMB :
SMBv1
106716 - Microsoft Windows SMB2 Dialects Supported (remote check)
-
Synopsis
It was possible to obtain information about the dialects of SMB2 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 dialects running on the remote host by sending an authentication request to port 139 or 445.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/02/09, Modified: 2018/09/12
Plugin Output

tcp/445


The remote host does NOT support the following SMB dialects :
version introduced in windows version
2.0.2 Windows 2008
2.1 Windows 7
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.0 Windows 8
3.0.2 Windows 8.1
3.1 Windows 10
3.1.1 Windows 10

10719 - MySQL Server Detection
-
Synopsis
A database server is listening on the remote port.
Description
The remote host is running MySQL, an open source database server.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2001/08/13, Modified: 2013/01/07
Plugin Output

tcp/3306


Version : 5.0.51a-3ubuntu5
Protocol : 10
Server Status : SERVER_STATUS_AUTOCOMMIT
Server Capabilities :
CLIENT_LONG_FLAG (Get all column flags)
CLIENT_CONNECT_WITH_DB (One can specify db on connect)
CLIENT_COMPRESS (Can use compression protocol)
CLIENT_PROTOCOL_41 (New 4.1 protocol)
CLIENT_SSL (Switch to SSL after handshake)
CLIENT_TRANSACTIONS (Client knows about transactions)
CLIENT_SECURE_CONNECTION (New 4.1 authentication)

10437 - NFS Share Export List
-
Synopsis
The remote NFS server exports a list of shares.
Description
This plugin retrieves the list of NFS exported shares.
See Also
Solution
Ensure each share is intended to be exported.
Risk Factor
None
References
Plugin Information:
Published: 2000/06/07, Modified: 2018/11/01
Plugin Output

tcp/2049


Here is the export list of 10.30.10.26 :

/

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- Whether credentialed or third-party patch management checks are possible.
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/08/26, Modified: 2017/10/26
Plugin Output

tcp/0

Information about this scan :

Nessus version : 8.0.1
Plugin feed version : 201811091951
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Advanced Scan
Scanner IP : 10.30.10.25
Port scanner(s) : netstat
Port range : default
Thorough tests : yes
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 5
Backports : Detected
Allow post-scan editing: Yes
Scan Start Date : 2018/11/10 21:58 Pacific Standard Time
Scan duration : 1209 sec
58651 - Netstat Active Connections
-
Synopsis
Active connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2012/04/10, Modified: 2018/06/19
Plugin Output

tcp/0


Netstat output :
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:512 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:513 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:2049 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:514 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:8009 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:6697 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:3306 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:1099 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:6667 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:52587 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:5900 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:37326 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:55023 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:8787 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:8180 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:1524 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:
LISTEN
tcp 0 0 10.30.10.26:53 0.0.0.0: LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:5432 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0: LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:
LISTEN
tcp 0 0 0.0.0.0:36477 0.0.0.0: LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:
LISTEN
tcp6 0 0 :::2121 ::: LISTEN
tcp6 0 0 :::3632 :::
LISTEN
tcp6 0 0 :::53 ::: LISTEN
tcp6 0 0 :::22 :::
LISTEN
tcp6 0 0 :::5432 ::: LISTEN
tcp6 0 0 ::1:953 :::
LISTEN
tcp6 0 52 10.30.10.26:22 10.30.10.25:60233 ESTABLISHED
tcp6 0 0 10.30.10.26:22 10.30.10.14:50805 ESTABLISHED
udp 0 0 0.0.0.0:2049 0.0.0.0:
udp 0 0 10.30.10.26:137 0.0.0.0:

udp 0 0 0.0.0.0:137 0.0.0.0:
udp 0 0 10.30.10.26:138 0.0.0.0:

udp 0 0 0.0.0.0:138 0.0.0.0:
udp 0 0 127.0.0.1:161 0.0.0.0:

udp 0 0 10.30.10.26:53 0.0.0.0:
udp 0 0 127.0.0.1:53 0.0.0.0:

udp 0 0 127.0.0.1:32822 127.0.0.1:32822 ESTABLISHED
udp 0 0 0.0.0.0:68 0.0.0.0:
udp 0 0 0.0.0.0:69 0.0.0.0:

udp 0 0 0.0.0.0:35532 0.0.0.0:
udp 0 0 0.0.0.0:48727 0.0.0.0:

udp 0 0 0.0.0.0:32856 0.0.0.0:
udp 0 0 0.0.0.0:48347 0.0.0.0:

udp 0 0 0.0.0.0:990 0.0.0.0:
udp 0 0 0.0.0.0:111 0.0.0.0:

udp6 0 0 :::53 :::
udp6 0 0 :::45916 :::
64582 - Netstat Connection Information
-
Synopsis
Nessus was able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the 'netstat' command.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/02/13, Modified: 2018/05/16
Plugin Output

tcp/0

tcp4 (listen)
src: [host=0.0.0.0, port=512]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=513]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=0.0.0.0, port=2049]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=514]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=0.0.0.0, port=8009]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=6697]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=0.0.0.0, port=3306]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=1099]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=0.0.0.0, port=6667]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=139]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=0.0.0.0, port=52587]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=5900]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=0.0.0.0, port=37326]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=55023]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=0.0.0.0, port=111]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=6000]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=0.0.0.0, port=80]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=8787]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=0.0.0.0, port=8180]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=1524]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=0.0.0.0, port=21]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=10.30.10.26, port=53]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=127.0.0.1, port=53]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=23]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=0.0.0.0, port=5432]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=25]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=127.0.0.1, port=953]
dst: [host=0.0.0.0, port=]

tcp4 (listen)
src: [host=0.0.0.0, port=36477]
dst: [host=0.0.0.0, port=
]

tcp4 (listen)
src: [host=0.0.0.0, port=445]
dst: [host=0.0.0.0, port=]

tcp6 (listen)
src: [host=::, port=2121]
dst: [host=::, port=
]

tcp6 (listen)
src: [host=::, port=3632]
dst: [host=::, port=]

tcp6 (listen)
src: [host=::, port=53]
dst: [host=::, port=
]

tcp6 (listen)
src: [host=::, port=22]
dst: [host=::, port=]

tcp6 (listen)
src: [host=::, port=5432]
dst: [host=::, port=
]

tcp6 (listen)
src: [host=::1, port=953]
dst: [host=::, port=]

tcp46 (established)
src: [host=10.30.10.26, port=22]
dst: [host=10.30.10.25, port=60233]

tcp46 (established)
src: [host=10.30.10.26, port=22]
dst: [host=10.30.10.14, port=50805]

udp4 (listen)
src: [host=0.0.0.0, port=2049]
dst: [host=0.0.0.0, port=
]

udp4 (listen)
src: [host=10.30.10.26, port=137]
dst: [host=0.0.0.0, port=]

udp4 (listen)
src: [host=0.0.0.0, port=137]
dst: [host=0.0.0.0, port=
]

udp4 (listen)
src: [host=10.30.10.26, port=138]
dst: [host=0.0.0.0, port=]

udp4 (listen)
src: [host=0.0.0.0, port=138]
dst: [host=0.0.0.0, port=
]

udp4 (listen)
src: [host=127.0.0.1, port=161]
dst: [host=0.0.0.0, port=]

udp4 (listen)
src: [host=10.30.10.26, port=53]
dst: [host=0.0.0.0, port=
]

udp4 (listen)
src: [host=127.0.0.1, port=53]
dst: [host=0.0.0.0, port=]

udp4 (established)
src: [host=127.0.0.1, port=32822]
dst: [host=127.0.0.1, port=32822]

udp4 (listen)
src: [host=0.0.0.0, port=68]
dst: [host=0.0.0.0, port=
]

udp4 (listen)
src: [host=0.0.0.0, port=69]
dst: [host=0.0.0.0, port=]

udp4 (listen)
src: [host=0.0.0.0, port=35532]
dst: [host=0.0.0.0, port=
]

udp4 (listen)
src: [host=0.0.0.0, port=48727]
dst: [host=0.0.0.0, port=]

udp4 (listen)
src: [host=0.0.0.0, port=32856]
dst: [host=0.0.0.0, port=
]

udp4 (listen)
src: [host=0.0.0.0, port=48347]
dst: [host=0.0.0.0, port=]

udp4 (listen)
src: [host=0.0.0.0, port=990]
dst: [host=0.0.0.0, port=
]

udp4 (listen)
src: [host=0.0.0.0, port=111]
dst: [host=0.0.0.0, port=]

udp6 (listen)
src: [host=::, port=53]
dst: [host=::, port=
]

udp6 (listen)
src: [host=::, port=45916]
dst: [host=::, port=*]

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/21

Port 21/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/22

Port 22/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/23

Port 23/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/25

Port 25/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/53

Port 53/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/53

Port 53/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/68

Port 68/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/69

Port 69/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/80

Port 80/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/111

Port 111/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/111

Port 111/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/137

Port 137/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/138

Port 138/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/139

Port 139/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/445

Port 445/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/512

Port 512/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/513

Port 513/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/514

Port 514/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/990

Port 990/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/1099

Port 1099/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/1524

Port 1524/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/2049

Port 2049/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/2049

Port 2049/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/2121

Port 2121/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/3306

Port 3306/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/3632

Port 3632/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/5432

Port 5432/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/5900

Port 5900/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/6000

Port 6000/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/6667

Port 6667/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/6697

Port 6697/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/8009

Port 8009/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/8180

Port 8180/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/8787

Port 8787/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/32856

Port 32856/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/35532

Port 35532/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/36477

Port 36477/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/37326

Port 37326/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/45916

Port 45916/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/48347

Port 48347/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

udp/48727

Port 48727/udp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/52587

Port 52587/tcp was found to be open

14272 - Netstat Portscanner (SSH)
-
Synopsis
Remote open ports can be enumerated via SSH.
Description
Nessus was able to run 'netstat' on the remote host to enumerate the open ports.

See the section 'plugins options' about configuring this plugin.

Note: This plugin will run on Windows (using netstat.exe) in the event that the target being scanned is localhost.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2004/08/15, Modified: 2018/10/15
Plugin Output

tcp/55023

Port 55023/tcp was found to be open

11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2003/12/09, Modified: 2018/04/19
Plugin Output

tcp/0


Remote operating system : Linux Kernel 2.6 on Ubuntu 8.04 (gutsy)
Confidence level : 95
Method : HTTP

Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.

SSH:SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
ICMP:!::1:1:0:64:1:64:1:0:::0::1:X:X:X:X:X:X:X:X:X:X:1:0:64:5792:MSTNW:5:1:1
SinFP:
P1:B10113:F0x12:W5840:O0204ffff:M1460:
P2:B10113:F0x12:W5792:O0204ffff0402080affffffff4445414401030305:M1460:
P3:B10120:F0x04:W0:O0:M0
P4:80001_7_p=8787
SMTP:!:220 metasploitable.localdomain ESMTP Postfix (Ubuntu)
SSLcert:!:i/CN:ubuntu804-base.localdomaini/O:OCOSAi/OU:Office for Complication of Otherwise Simple Affairss/CN:ubuntu804-base.localdomains/O:OCOSAs/OU:Office for Complication of Otherwise Simple Affairs
ed093088706603bfd5dc237399b498da2d4d31c6
i/CN:ubuntu804-base.localdomaini/O:OCOSAi/OU:Office for Complication of Otherwise Simple Affairss/CN:ubuntu804-base.localdomains/O:OCOSAs/OU:Office for Complication of Otherwise Simple Affairs
ed093088706603bfd5dc237399b498da2d4d31c6



The remote host is running Linux Kernel 2.6 on Ubuntu 8.04 (gutsy)

50845 - OpenSSL Detection
-
Synopsis
The remote service appears to use OpenSSL to encrypt traffic.
Description
Based on its response to a TLS request with a specially crafted server name extension, it seems that the remote service is using the OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that have enabled support for TLS extensions (RFC 4366).
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/11/30, Modified: 2013/10/18
Plugin Output

tcp/25

48243 - PHP Version Detection
-
Synopsis
It was possible to obtain the version number of the remote PHP installation.
Description
Nessus was able to determine the version of PHP available on the remote web server.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2010/08/04, Modified: 2017/07/07
Plugin Output

tcp/80


Nessus was able to identify the following PHP version information :

Version : 5.2.4-2ubuntu5.10
Source : X-Powered-By: PHP/5.2.4-2ubuntu5.10

66334 - Patch Report
-
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information:
Published: 2013/07/08, Modified: 2018/11/06
Plugin Output

tcp/0



. You need to take the following 2 actions :


[ Samba Badlock Vulnerability (90509) ]

+ Action to take : Upgrade to Samba version 4.2.11 / 4.3.8 / 4.4.2 or later.


[ UnrealIRCd Backdoor Detection (46882) ]

+ Action to take : Re-download the software, verify it using the published MD5 / SHA1 checksums, and re-install it.

10180 - Ping the remote host
-
Synopsis
It was possible to identify the status of the remote host (alive or dead).
Description
Nessus was able to determine if the remote host is alive using one or more of the following ping types :

- An ARP ping, provided the host is on the local subnet and Nessus is running over Ethernet.

- An ICMP ping.

- A TCP ping, in which the plugin sends to the remote host a packet with the flag SYN, and the host will reply with a RST or a SYN/ACK.

- A UDP ping (e.g., DNS, RPC, and NTP).
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/06/24, Modified: 2018/08/27
Plugin Output

tcp/0

The remote host is up
The host replied to an ARP who-is query.
Hardware address : 9c:b6:d0:f5:fa:57

118224 - PostgreSQL STARTTLS Support
-
Synopsis
The remote service supports encrypting traffic.
Description
The remote PostgreSQL server supports the use of encryption initiated during pre-login to switch from a cleartext to an encrypted communications channel.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2018/10/19, Modified: 2018/10/19
Plugin Output

tcp/5432


Here is the PostgreSQL's SSL certificate that Nessus
was able to collect after sending a pre-login packet :

------------------------------ snip ------------------------------
Subject Name:

Country: XX
State/Province: There is no such thing outside US
Locality: Everywhere
Organization: OCOSA
Organization Unit: Office for Complication of Otherwise Simple Affairs
Common Name: ubuntu804-base.localdomain
Email Address: root@ubuntu804-base.localdomain

Issuer Name:

Country: XX
State/Province: There is no such thing outside US
Locality: Everywhere
Organization: OCOSA
Organization Unit: Office for Complication of Otherwise Simple Affairs
Common Name: ubuntu804-base.localdomain
Email Address: root@ubuntu804-base.localdomain

Serial Number: 00 FA F9 3A 4C 7F B6 B9 CC

Version: 1

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 17 14:07:45 2010 GMT
Not Valid After: Apr 16 14:07:45 2010 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 D6 B4 13 36 33 9A 95 71 7B 1B DE 7C 83 75 DA 71 B1 3C A9
7F FE AD 64 1B 77 E9 4F AE BE CA D4 F8 CB EF AE BB 43 79 24
73 FF 3C E5 9E 3B 6D FC C8 B1 AC FA 4C 4D 5E 9B 4C 99 54 0B
D7 A8 4A 50 BA A9 DE 1D 1F F4 E4 6B 02 A3 F4 6B 45 CD 4C AF
8D 89 62 33 8F 65 BB 36 61 9F C4 2C 73 C1 4E 2E A0 A8 14 4E
98 70 46 61 BB D1 B9 31 DF 8C 99 EE 75 6B 79 3C 40 A0 AE 97
00 90 9D DC 99 0D 33 A4 B5
Exponent: 01 00 01

Signature Length: 128 bytes / 1024 bits
Signature: 00 92 A4 B4 B8 14 55 63 25 51 4A 0B C3 2A 22 CF 3A F8 17 6A
0C CF 66 AA A7 65 2F 48 6D CD E3 3E 5C 9F 77 6C D4 44 54 1F
1E 84 4F 8E D4 8D DD AC 2D 88 09 21 A8 DA 56 2C A9 05 3C 49
68 35 19 75 0C DA 53 23 88 88 19 2D 74 26 C1 22 65 EE 11 68
83 6A 53 4A 9C 27 CB A0 B4 E9 8D 29 0C B2 3C 18 5C 67 CC 53
A6 1E 30 D0 AA 26 7B 1E AE 40 B9 29 01 6C 2E BC A2 19 94 7C
15 6E 8D 30 38 F6 CA 2E 75


------------------------------ snip ------------------------------
26024 - PostgreSQL Server Detection
-
Synopsis
A database service is listening on the remote host.
Description
The remote service is a PostgreSQL database server, or a derivative such as EnterpriseDB.
See Also
Solution
Limit incoming traffic to this port if desired.
Risk Factor
None
Plugin Information:
Published: 2007/09/14, Modified: 2013/02/14
Plugin Output

tcp/5432

22227 - RMI Registry Detection
-
Synopsis
An RMI registry is listening on the remote host.
Description
The remote host is running an RMI registry, which acts as a bootstrap naming service for registering and retrieving remote objects with simple names in the Java Remote Method Invocation (RMI) system.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2006/08/16, Modified: 2018/10/10
Plugin Output

tcp/1099

22227 - RMI Registry Detection
-
Synopsis
An RMI registry is listening on the remote host.
Description
The remote host is running an RMI registry, which acts as a bootstrap naming service for registering and retrieving remote objects with simple names in the Java Remote Method Invocation (RMI) system.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2006/08/16, Modified: 2018/10/10
Plugin Output

tcp/36477

11111 - RPC Services Enumeration
-
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/08/24, Modified: 2011/05/24
Plugin Output

tcp/111


The following RPC services are available on TCP port 111 :

- program: 100000 (portmapper), version: 2

11111 - RPC Services Enumeration
-
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/08/24, Modified: 2011/05/24
Plugin Output

udp/111


The following RPC services are available on UDP port 111 :

- program: 100000 (portmapper), version: 2

11111 - RPC Services Enumeration
-
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/08/24, Modified: 2011/05/24
Plugin Output

tcp/2049


The following RPC services are available on TCP port 2049 :

- program: 100003 (nfs), version: 2
- program: 100003 (nfs), version: 3
- program: 100003 (nfs), version: 4

11111 - RPC Services Enumeration
-
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/08/24, Modified: 2011/05/24
Plugin Output

udp/2049


The following RPC services are available on UDP port 2049 :

- program: 100003 (nfs), version: 2
- program: 100003 (nfs), version: 3
- program: 100003 (nfs), version: 4

11111 - RPC Services Enumeration
-
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/08/24, Modified: 2011/05/24
Plugin Output

udp/32856


The following RPC services are available on UDP port 32856 :

- program: 100005 (mountd), version: 1
- program: 100005 (mountd), version: 2
- program: 100005 (mountd), version: 3

11111 - RPC Services Enumeration
-
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/08/24, Modified: 2011/05/24
Plugin Output

udp/35532


The following RPC services are available on UDP port 35532 :

- program: 100021 (nlockmgr), version: 1
- program: 100021 (nlockmgr), version: 3
- program: 100021 (nlockmgr), version: 4

11111 - RPC Services Enumeration
-
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/08/24, Modified: 2011/05/24
Plugin Output

tcp/37326


The following RPC services are available on TCP port 37326 :

- program: 100005 (mountd), version: 1
- program: 100005 (mountd), version: 2
- program: 100005 (mountd), version: 3

11111 - RPC Services Enumeration
-
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/08/24, Modified: 2011/05/24
Plugin Output

udp/48727


The following RPC services are available on UDP port 48727 :

- program: 100024 (status), version: 1

11111 - RPC Services Enumeration
-
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/08/24, Modified: 2011/05/24
Plugin Output

tcp/52587


The following RPC services are available on TCP port 52587 :

- program: 100021 (nlockmgr), version: 1
- program: 100021 (nlockmgr), version: 3
- program: 100021 (nlockmgr), version: 4

11111 - RPC Services Enumeration
-
Synopsis
An ONC RPC service is running on the remote host.
Description
By sending a DUMP request to the portmapper, it was possible to enumerate the ONC RPC services running on the remote port. Using this information, it is possible to connect and bind to each service by sending an RPC request to the remote port.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/08/24, Modified: 2011/05/24
Plugin Output

tcp/55023


The following RPC services are available on TCP port 55023 :

- program: 100024 (status), version: 1

53335 - RPC portmapper (TCP)
-
Synopsis
An ONC RPC portmapper is running on the remote host.
Description
The RPC portmapper is running on this port.

The portmapper allows someone to get the port number of each RPC service running on the remote host by sending either multiple lookup requests or a DUMP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/04/08, Modified: 2011/08/29
Plugin Output

tcp/111

10223 - RPC portmapper Service Detection
-
Synopsis
An ONC RPC portmapper is running on the remote host.
Description
The RPC portmapper is running on this port.

The portmapper allows someone to get the port number of each RPC service running on the remote host by sending either multiple lookup requests or a DUMP request.
Solution
n/a
Risk Factor
None
References
Plugin Information:
Published: 1999/08/19, Modified: 2014/02/19
Plugin Output

udp/111

10263 - SMTP Server Detection
-
Synopsis
An SMTP server is listening on the remote port.
Description
The remote host is running a mail (SMTP) server on this port.

Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.
Solution
Disable this service if you do not use it, or filter incoming traffic to this port.
Risk Factor
None
Plugin Information:
Published: 1999/10/12, Modified: 2011/03/11
Plugin Output

tcp/25


Remote SMTP server banner :

220 metasploitable.localdomain ESMTP Postfix (Ubuntu)
42088 - SMTP Service STARTTLS Command Support
-
Synopsis
The remote mail service supports encrypting traffic.
Description
The remote SMTP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2009/10/09, Modified: 2017/06/15
Plugin Output

tcp/25


Here is the SMTP service's SSL certificate that Nessus was able to
collect after sending a 'STARTTLS' command :

------------------------------ snip ------------------------------
Subject Name:

Country: XX
State/Province: There is no such thing outside US
Locality: Everywhere
Organization: OCOSA
Organization Unit: Office for Complication of Otherwise Simple Affairs
Common Name: ubuntu804-base.localdomain
Email Address: root@ubuntu804-base.localdomain

Issuer Name:

Country: XX
State/Province: There is no such thing outside US
Locality: Everywhere
Organization: OCOSA
Organization Unit: Office for Complication of Otherwise Simple Affairs
Common Name: ubuntu804-base.localdomain
Email Address: root@ubuntu804-base.localdomain

Serial Number: 00 FA F9 3A 4C 7F B6 B9 CC

Version: 1

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 17 14:07:45 2010 GMT
Not Valid After: Apr 16 14:07:45 2010 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 D6 B4 13 36 33 9A 95 71 7B 1B DE 7C 83 75 DA 71 B1 3C A9
7F FE AD 64 1B 77 E9 4F AE BE CA D4 F8 CB EF AE BB 43 79 24
73 FF 3C E5 9E 3B 6D FC C8 B1 AC FA 4C 4D 5E 9B 4C 99 54 0B
D7 A8 4A 50 BA A9 DE 1D 1F F4 E4 6B 02 A3 F4 6B 45 CD 4C AF
8D 89 62 33 8F 65 BB 36 61 9F C4 2C 73 C1 4E 2E A0 A8 14 4E
98 70 46 61 BB D1 B9 31 DF 8C 99 EE 75 6B 79 3C 40 A0 AE 97
00 90 9D DC 99 0D 33 A4 B5
Exponent: 01 00 01

Signature Length: 128 bytes / 1024 bits
Signature: 00 92 A4 B4 B8 14 55 63 25 51 4A 0B C3 2A 22 CF 3A F8 17 6A
0C CF 66 AA A7 65 2F 48 6D CD E3 3E 5C 9F 77 6C D4 44 54 1F
1E 84 4F 8E D4 8D DD AC 2D 88 09 21 A8 DA 56 2C A9 05 3C 49
68 35 19 75 0C DA 53 23 88 88 19 2D 74 26 C1 22 65 EE 11 68
83 6A 53 4A 9C 27 CB A0 B4 E9 8D 29 0C B2 3C 18 5C 67 CC 53
A6 1E 30 D0 AA 26 7B 1E AE 40 B9 29 01 6C 2E BC A2 19 94 7C
15 6E 8D 30 38 F6 CA 2E 75

------------------------------ snip ------------------------------

70657 - SSH Algorithms and Languages Supported
-
Synopsis
An SSH server is listening on this port.
Description
This script detects which algorithms and languages are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/10/28, Modified: 2017/08/28
Plugin Output

tcp/22


Nessus negotiated the following encryption algorithm with the server :

The server supports the following options for kex_algorithms :

diffie-hellman-group-exchange-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1

The server supports the following options for server_host_key_algorithms :

ssh-dss
ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The server supports the following options for encryption_algorithms_server_to_client :

3des-cbc
aes128-cbc
aes128-ctr
aes192-cbc
aes192-ctr
aes256-cbc
aes256-ctr
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se

The server supports the following options for mac_algorithms_client_to_server :

hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-sha1
hmac-sha1-96
umac-64@openssh.com

The server supports the following options for mac_algorithms_server_to_client :

hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-sha1
hmac-sha1-96
umac-64@openssh.com

The server supports the following options for compression_algorithms_client_to_server :

none
zlib@openssh.com

The server supports the following options for compression_algorithms_server_to_client :

none
zlib@openssh.com
10881 - SSH Protocol Versions Supported
-
Synopsis
A SSH server is running on the remote host.
Description
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2002/03/06, Modified: 2017/05/30
Plugin Output

tcp/22

The remote SSH daemon supports the following versions of the
SSH protocol :

- 1.99
- 2.0
10267 - SSH Server Type and Version Information
-
Synopsis
An SSH server is listening on this port.
Description
It is possible to obtain information about the remote SSH server by sending an empty authentication request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/10/12, Modified: 2018/10/02
Plugin Output

tcp/22


SSH version : SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
SSH supported authentication : publickey,password

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/12/01, Modified: 2018/10/19
Plugin Output

tcp/25


This port supports SSLv2/SSLv3/TLSv1.0.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/12/01, Modified: 2018/10/19
Plugin Output

tcp/5432


This port supports SSLv3/TLSv1.0.

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information:
Published: 2010/04/03, Modified: 2017/06/05
Plugin Output

tcp/25


The host name known by Nessus is :

metasploitable

The Common Name in the certificate is :

ubuntu804-base.localdomain

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information:
Published: 2010/04/03, Modified: 2017/06/05
Plugin Output

tcp/5432


The host name known by Nessus is :

metasploitable

The Common Name in the certificate is :

ubuntu804-base.localdomain

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/05/19, Modified: 2015/12/30
Plugin Output

tcp/25

Subject Name:

Country: XX
State/Province: There is no such thing outside US
Locality: Everywhere
Organization: OCOSA
Organization Unit: Office for Complication of Otherwise Simple Affairs
Common Name: ubuntu804-base.localdomain
Email Address: root@ubuntu804-base.localdomain

Issuer Name:

Country: XX
State/Province: There is no such thing outside US
Locality: Everywhere
Organization: OCOSA
Organization Unit: Office for Complication of Otherwise Simple Affairs
Common Name: ubuntu804-base.localdomain
Email Address: root@ubuntu804-base.localdomain

Serial Number: 00 FA F9 3A 4C 7F B6 B9 CC

Version: 1

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 17 14:07:45 2010 GMT
Not Valid After: Apr 16 14:07:45 2010 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 D6 B4 13 36 33 9A 95 71 7B 1B DE 7C 83 75 DA 71 B1 3C A9
7F FE AD 64 1B 77 E9 4F AE BE CA D4 F8 CB EF AE BB 43 79 24
73 FF 3C E5 9E 3B 6D FC C8 B1 AC FA 4C 4D 5E 9B 4C 99 54 0B
D7 A8 4A 50 BA A9 DE 1D 1F F4 E4 6B 02 A3 F4 6B 45 CD 4C AF
8D 89 62 33 8F 65 BB 36 61 9F C4 2C 73 C1 4E 2E A0 A8 14 4E
98 70 46 61 BB D1 B9 31 DF 8C 99 EE 75 6B 79 3C 40 A0 AE 97
00 90 9D DC 99 0D 33 A4 B5
Exponent: 01 00 01

Signature Length: 128 bytes / 1024 bits
Signature: 00 92 A4 B4 B8 14 55 63 25 51 4A 0B C3 2A 22 CF 3A F8 17 6A
0C CF 66 AA A7 65 2F 48 6D CD E3 3E 5C 9F 77 6C D4 44 54 1F
1E 84 4F 8E D4 8D DD AC 2D 88 09 21 A8 DA 56 2C A9 05 3C 49
68 35 19 75 0C DA 53 23 88 88 19 2D 74 26 C1 22 65 EE 11 68
83 6A 53 4A 9C 27 CB A0 B4 E9 8D 29 0C B2 3C 18 5C 67 CC 53
A6 1E 30 D0 AA 26 7B 1E AE 40 B9 29 01 6C 2E BC A2 19 94 7C
15 6E 8D 30 38 F6 CA 2E 75

Fingerprints :

SHA-256 Fingerprint: E7 A7 FA 0D 63 E4 57 C7 C4 A5 9B 38 B7 08 49 C6 A7 0B DA 6F
83 0C 7A F1 E3 2D EE 43 6D E8 13 CC
SHA-1 Fingerprint: ED 09 30 88 70 66 03 BF D5 DC 23 73 99 B4 98 DA 2D 4D 31 C6
MD5 Fingerprint: DC D9 AD 90 6C 8F 2F 73 74 AF 38 3B 25 40 88 28

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2008/05/19, Modified: 2015/12/30
Plugin Output

tcp/5432

Subject Name:

Country: XX
State/Province: There is no such thing outside US
Locality: Everywhere
Organization: OCOSA
Organization Unit: Office for Complication of Otherwise Simple Affairs
Common Name: ubuntu804-base.localdomain
Email Address: root@ubuntu804-base.localdomain

Issuer Name:

Country: XX
State/Province: There is no such thing outside US
Locality: Everywhere
Organization: OCOSA
Organization Unit: Office for Complication of Otherwise Simple Affairs
Common Name: ubuntu804-base.localdomain
Email Address: root@ubuntu804-base.localdomain

Serial Number: 00 FA F9 3A 4C 7F B6 B9 CC

Version: 1

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Mar 17 14:07:45 2010 GMT
Not Valid After: Apr 16 14:07:45 2010 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 1024 bits
Public Key: 00 D6 B4 13 36 33 9A 95 71 7B 1B DE 7C 83 75 DA 71 B1 3C A9
7F FE AD 64 1B 77 E9 4F AE BE CA D4 F8 CB EF AE BB 43 79 24
73 FF 3C E5 9E 3B 6D FC C8 B1 AC FA 4C 4D 5E 9B 4C 99 54 0B
D7 A8 4A 50 BA A9 DE 1D 1F F4 E4 6B 02 A3 F4 6B 45 CD 4C AF
8D 89 62 33 8F 65 BB 36 61 9F C4 2C 73 C1 4E 2E A0 A8 14 4E
98 70 46 61 BB D1 B9 31 DF 8C 99 EE 75 6B 79 3C 40 A0 AE 97
00 90 9D DC 99 0D 33 A4 B5
Exponent: 01 00 01

Signature Length: 128 bytes / 1024 bits
Signature: 00 92 A4 B4 B8 14 55 63 25 51 4A 0B C3 2A 22 CF 3A F8 17 6A
0C CF 66 AA A7 65 2F 48 6D CD E3 3E 5C 9F 77 6C D4 44 54 1F
1E 84 4F 8E D4 8D DD AC 2D 88 09 21 A8 DA 56 2C A9 05 3C 49
68 35 19 75 0C DA 53 23 88 88 19 2D 74 26 C1 22 65 EE 11 68
83 6A 53 4A 9C 27 CB A0 B4 E9 8D 29 0C B2 3C 18 5C 67 CC 53
A6 1E 30 D0 AA 26 7B 1E AE 40 B9 29 01 6C 2E BC A2 19 94 7C
15 6E 8D 30 38 F6 CA 2E 75

Fingerprints :

SHA-256 Fingerprint: E7 A7 FA 0D 63 E4 57 C7 C4 A5 9B 38 B7 08 49 C6 A7 0B DA 6F
83 0C 7A F1 E3 2D EE 43 6D E8 13 CC
SHA-1 Fingerprint: ED 09 30 88 70 66 03 BF D5 DC 23 73 99 B4 98 DA 2D 4D 31 C6
MD5 Fingerprint: DC D9 AD 90 6C 8F 2F 73 74 AF 38 3B 25 40 88 28

25240 - Samba Server Detection
-
Synopsis
An SMB server is running on the remote host.
Description
The remote host is running Samba, a CIFS/SMB server for Linux and Unix.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/05/16, Modified: 2013/01/07
Plugin Output

tcp/445

104887 - Samba Version
-
Synopsis
It was possible to obtain the samba version from the remote operating system.
Description
Nessus was able to obtain the samba version from the remote operating by sending an authentication request to port 139 or 445. Note that this plugin requires SMB1 to be enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2017/11/30, Modified: 2017/11/30
Plugin Output

tcp/445


The remote Samba Version is : Samba 3.0.20-Debian
96982 - Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check)
-
Synopsis
The remote Windows host supports the SMBv1 protocol.
Description
The remote Windows host supports Server Message Block Protocol version 1 (SMBv1). Microsoft recommends that users discontinue the use of SMBv1 due to the lack of security features that were included in later SMB versions. Additionally, the Shadow Brokers group reportedly has an exploit that affects SMB; however, it is unknown if the exploit affects SMBv1 or another version. In response to this, US-CERT recommends that users disable SMBv1 per SMB best practices to mitigate these potential issues.
See Also
Solution
Disable SMBv1 according to the vendor instructions in Microsoft KB2696547. Additionally, block SMB directly by blocking TCP port 445 on all network boundary devices. For SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137 / 138 on all network boundary devices.
Risk Factor
None
Plugin Information:
Published: 2017/02/03, Modified: 2018/08/13
Plugin Output

tcp/445


The remote host supports SMBv1.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/08/21
Plugin Output

tcp/21

An FTP server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/08/21
Plugin Output

tcp/22

An SSH server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/08/21
Plugin Output

tcp/23

A telnet server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/08/21
Plugin Output

tcp/25

An SMTP server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/08/21
Plugin Output

tcp/80

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/08/21
Plugin Output

tcp/1524

A shell server (Metasploitable) is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/08/21
Plugin Output

tcp/5900

A vnc server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/08/21
Plugin Output

tcp/6667

An IRC server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/08/19, Modified: 2018/08/21
Plugin Output

tcp/8180

A web server is running on this port.

17975 - Service Detection (GET request)
-
Synopsis
The remote service could be identified.
Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/04/06, Modified: 2017/06/08
Plugin Output

tcp/6697

An IRC daemon is listening on this port.

25220 - TCP/IP Timestamps Supported
-
Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime of the remote host can sometimes be computed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2007/05/16, Modified: 2011/03/20
Plugin Output

tcp/0

11819 - TFTP Daemon Detection
-
Synopsis
A TFTP server is listening on the remote port.
Description
The remote host is running a TFTP (Trivial File Transfer Protocol) daemon. TFTP is often used by routers and diskless hosts to retrieve their configuration. It can also be used by worms to propagate.
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information:
Published: 2003/08/13, Modified: 2016/02/22
Plugin Output

udp/69

10281 - Telnet Server Detection
-
Synopsis
A Telnet server is listening on the remote port.
Description
The remote host is running a Telnet server, a remote terminal server.
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information:
Published: 1999/10/12, Modified: 2018/02/12
Plugin Output

tcp/23

Here is the banner from the remote Telnet server :

------------------------------ snip ------------------------------
_

| | __ | | () |_ | | | | | \
| '
` \ / \
/ ` / __| ' | |/ | | __/ | '_ \| |/ _ \ __) | <br>| | | | | | __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | | __// __/ <br>|_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|_____| <br> |_| <br> <br> <br>Warning: Never expose this VM to an untrusted network! <br> <br>Contact: msfdev[at]metasploit.com <br> <br>Login with msfadmin/msfadmin to get started <br> <br> <br>metasploitable login: <br>------------------------------ snip ------------------------------<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm339718276" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm339718276-container');" onmouseover="this.style.cursor='pointer'">10287 - Traceroute Information<div id="idm339718276-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm339718276-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">It was possible to obtain traceroute information.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Makes a traceroute to the remote host.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 1999/11/27, Modified: 2017/08/22<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>udp/0</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">For your information, here is the traceroute from 10.30.10.25 to 10.30.10.26 : <br>10.30.10.25<br>10.30.10.26<br> <br>Hop Count: 1<div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm339710596" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm339710596-container');" onmouseover="this.style.cursor='pointer'">11154 - Unknown Service Detection: Banner Retrieval<div id="idm339710596-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm339710596-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">There is an unknown service running on the remote host.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Nessus was unable to identify a service on the remote host even though it returned a banner of some type.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2002/11/18, Modified: 2018/07/24<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/512</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>If you know what this service is and think the banner could be used to<br>identify it, please send a description of the service along with the<br>following output to svc-signatures@nessus.org :<br> <br> Port : 512<br> Type : spontaneous<br> Banner : <br>0x00: 01 57 68 65 72 65 20 61 72 65 20 79 6F 75 3F 0A .Where are you?.<br> 0x10: <br> <div class="clear"></div> </div> <div class="clear"></div> <div class="clear"></div> </div> <div xmlns="" class="clear"></div> <h2 xmlns="" class=""></h2> <div xmlns="" id="idm339704068" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idm339704068-container');" onmouseover="this.style.cursor='pointer'">11154 - Unknown Service Detection: Banner Retrieval<div id="idm339704068-toggletext" style="float: right; text-align: center; width: 8px;"> - </div> </div> <div xmlns="" id="idm339704068-container" style="margin: 0 0 45px 0;" class="section-wrapper"> <div class="details-header">Synopsis<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">There is an unknown service running on the remote host.<div class="clear"></div> </div> <div class="details-header">Description<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Nessus was unable to identify a service on the remote host even though it returned a banner of some type.<div class="clear"></div> </div> <div class="details-header">Solution<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div> </div> <div class="details-header">Risk Factor<div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div> </div> <div class="details-header">Plugin Information: <div class="clear"></div> </div> <div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2002/11/18, Modified: 2018/07/24<div class="clear"></div> </div> <div class="details-header">Plugin Output<div class="clear"></div> </div> <h2>tcp/8787</h2> <div class="clear"></div> <div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>If you know what this service is and think the banner could be used to<br>identify it, please send a description of the service along with the<br>following output to svc-signatures@nessus.org :<br> <br> Port : 8787<br> Type : get_http<br> Banner : <br>0x0000: 00 00 00 03 04 08 46 00 00 03 A1 04 08 6F 3A 16 ......F......o:.<br> 0x0010: 44 52 62 3A 3A 44 52 62 43 6F 6E 6E 45 72 72 6F DRb::DRbConnErro<br> 0x0020: 72 07 3A 07 62 74 5B 17 22 2F 2F 75 73 72 2F 6C r.:.bt[."//usr/l<br> 0x0030: 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F ib/ruby/1.8/drb/<br> 0x0040: 64 72 62 2E 72 62 3A 35 37 33 3A 69 6E 20 60 6C drb.rb:573:inl
0x0050: 6F 61 64 27 22 37 2F 75 73 72 2F 6C 69 62 2F 72 oad'"7/usr/lib/r
0x0060: 75 62 79 2F 31 2E 38 2F 64 72 62 2F 64 72 62 2E uby/1.8/drb/drb.
0x0070: 72 62 3A 36 31 32 3A 69 6E 20 60 72 65 63 76 5F rb:612:in recv_<br> 0x0080: 72 65 71 75 65 73 74 27 22 37 2F 75 73 72 2F 6C request'"7/usr/l<br> 0x0090: 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F ib/ruby/1.8/drb/<br> 0x00A0: 64 72 62 2E 72 62 3A 39 31 31 3A 69 6E 20 60 72 drb.rb:911:inr
0x00B0: 65 63 76 5F 72 65 71 75 65 73 74 27 22 3C 2F 75 ecv_request'"</u
0x00C0: 73 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F sr/lib/ruby/1.8/
0x00D0: 64 72 62 2F 64 72 62 2E 72 62 3A 31 35 33 30 3A drb/drb.rb:1530:
0x00E0: 69 6E 20 60 69 6E 69 74 5F 77 69 74 68 5F 63 6C in init_with_cl<br> 0x00F0: 69 65 6E 74 27 22 39 2F 75 73 72 2F 6C 69 62 2F ient'"9/usr/lib/<br> 0x0100: 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F 64 72 62 ruby/1.8/drb/drb<br> 0x0110: 2E 72 62 3A 31 35 34 32 3A 69 6E 20 60 73 65 74 .rb:1542:inset
0x0120: 75 70 5F 6D 65 73 73 61 67 65 27 22 33 2F 75 73 up_message'"3/us
0x0130: 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 r/lib/ruby/1.8/d
0x0140: 72 62 2F 64 72 62 2E 72 62 3A 31 34 39 34 3A 69 rb/drb.rb:1494:i
0x0150: 6E 20 60 70 65 72 66 6F 72 6D 27 22 35 2F 75 73 n perform'"5/us<br> 0x0160: 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 r/lib/ruby/1.8/d<br> 0x0170: 72 62 2F 64 72 62 2E 72 62 3A 31 35 38 39 3A 69 rb/drb.rb:1589:i<br> 0x0180: 6E 20 60 6D 61 69 6E 5F 6C 6F 6F 70 27 22 30 2F nmain_loop'"0/
0x0190: 75 73 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 usr/lib/ruby/1.8
0x01A0: 2F 64 72 62 2F 64 72 62 2E 72 62 3A 31 35 38 35 /drb/drb.rb:1585
0x01B0: 3A 69 6E 20 60 6C 6F 6F 70 27 22 35 2F 75 73 72 :in loop'"5/usr<br> 0x01C0: 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 /lib/ruby/1.8/dr<br> 0x01D0: 62 2F 64 72 62 2E 72 62 3A 31 35 38 35 3A 69 6E b/drb.rb:1585:in<br> 0x01E0: 20 60 6D 61 69 6E 5F 6C 6F 6F 70 27 22 31 2F 75main_loop'"1/u
0x01F0: 73 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F sr/lib/ruby/1.8/
0x0200: 64 72 62 2F 64 72 62 2E 72 62 3A 31 35 38 31 3A drb/drb.rb:1581:
0x0210: 69 6E 20 60 73 74 61 72 74 27 22 35 2F 75 73 72 in start'"5/usr<br> 0x0220: 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 /lib/ruby/1.8/dr<br> 0x0230: 62 2F 64 72 62 2E 72 62 3A 31 35 38 31 3A 69 6E b/drb.rb:1581:in<br> 0x0240: 20 60 6D 61 69 6E 5F 6C 6F 6F 70 27 22 2F 2F 75main_loop'"//u
0x0250: 73 72 2F 6C 69 62 2F 72 75 62 79 2F 31 2E 38 2F sr/lib/ruby/1.8/
0x0260: 64 72 62 2F 64 72 62 2E 72 62 3A 31 34 33 30 3A drb/drb.rb:1430:
0x0270: 69 6E 20 60 72 75 6E 27 22 31 2F 75 73 72 2F 6C in run'"1/usr/l<br> 0x0280: 69 62 2F 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F ib/ruby/1.8/drb/<br> 0x0290: 64 72 62 2E 72 62 3A 31 34 32 37 3A 69 6E 20 60 drb.rb:1427:in
0x02A0: 73 74 61 72 74 27 22 2F 2F 75 73 72 2F 6C 69 62 start'"//usr/lib
0x02B0: 2F 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F 64 72 /ruby/1.8/drb/dr
0x02C0: 62 2E 72 62 3A 31 34 32 37 3A 69 6E 20 60 72 75 b.rb:1427:in ru<br> 0x02D0: 6E 27 22 36 2F 75 73 72 2F 6C 69 62 2F 72 75 62 n'"6/usr/lib/rub<br> 0x02E0: 79 2F 31 2E 38 2F 64 72 62 2F 64 72 62 2E 72 62 y/1.8/drb/drb.rb<br> 0x02F0: 3A 31 33 34 37 3A 69 6E 20 60 69 6E 69 74 69 61 :1347:ininitia
0x0300: 6C 69 7A 65 27 22 2F 2F 75 73 72 2F 6C 69 62 2F lize'"//usr/lib/
0x0310: 72 75 62 79 2F 31 2E 38 2F 64 72 62 2F 64 72 62 ruby/1.8/drb/drb
0x0320: 2E 72 62 3A 31 36 32 37 3A 69 6E 20 60 6E 65 77 .rb:1627:in new<br> 0x0330: 27 22 39 2F 75 73 72 2F 6C 69 62 2F 72 75 62 79 '"9/usr/lib/ruby<br> 0x0340: 2F 31 2E 38 2F 64 72 62 2F 64 72 62 2E 72 62 3A /1.8/drb/drb.rb:<br> 0x0350: 31 36 32 37 3A 69 6E 20 60 73 74 61 72 74 5F 73 1627:instart_s
0x0360: 65 72 76 69 63 65 27 22 25 2F 75 73 72 2F 73 62 ervice'"%/usr/sb
0x0370: 69 6E 2F 64 72 75 62 79 5F 74 69 6D 65 73 65 72 in/druby_timeser
0x0380: 76 65 72 2E 72 62 3A 31 32 3A 09 6D 65 73 67 22 ver.rb:12:.mesg"
0x0390: 20 74 6F 6F 20 6C 61 72 67 65 20 70 61 63 6B 65 too large packe
0x03A0: 74 20 31 31 39 35 37 32 35 38 35 36 t 1195725856

19288 - VNC Server Security Type Detection
-
Synopsis
A VNC server is running on the remote host.
Description
This script checks the remote VNC server protocol version and the available 'security types'.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2005/07/22, Modified: 2014/03/12
Plugin Output

tcp/5900


The remote VNC server chose security type #2 (VNC authentication)
65792 - VNC Server Unencrypted Communication Detection
-
Synopsis
A VNC server with one or more unencrypted 'security-types' is running on the remote host.
Description
This script checks the remote VNC server protocol version and the available 'security types' to determine if any unencrypted 'security-types' are in use or available.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2013/04/03, Modified: 2014/03/12
Plugin Output

tcp/5900


The remote VNC server supports the following security type
which does not perform full data communication encryption :

2 (VNC authentication)
10342 - VNC Software Detection
-
Synopsis
The remote host is running a remote display software (VNC).
Description
The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another.
See Also
Solution
Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this port.
Risk Factor
None
Plugin Information:
Published: 2000/03/07, Modified: 2017/06/12
Plugin Output

tcp/5900


The highest RFB protocol version supported by the server is :

3.3

20108 - Web Server / Application favicon.ico Vendor Fingerprinting
-
Synopsis
The remote web server contains a graphic image that is prone to information disclosure.
Description
The 'favicon.ico' file found on the remote web server belongs to a popular web server. This may be used to fingerprint the web server.
Solution
Remove the 'favicon.ico' file or create a custom one for your site.
Risk Factor
None
Plugin Information:
Published: 2005/10/28, Modified: 2018/08/15
Plugin Output

tcp/8180


MD5 fingerprint : 4644f2d45601037b8423d45e13194c93
Web server : Apache Tomcat or Alfresco Community
11422 - Web Server Unconfigured - Default Install Page Present
-
Synopsis
The remote web server is not configured or is improperly configured.
Description
The remote web server uses its default welcome page. Therefore, it's probable that this server is not used at all or is serving content that is meant to be hidden.
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information:
Published: 2003/03/20, Modified: 2018/08/15
Plugin Output

tcp/8180


The default welcome page is from Tomcat.

11424 - WebDAV Detection
-
Synopsis
The remote server is running with WebDAV enabled.
Description
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage the content of a web server.

If you do not use this extension, you should disable it.
Solution
Risk Factor
None
Plugin Information:
Published: 2003/03/20, Modified: 2011/03/14
Plugin Output

tcp/80

10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
-
Synopsis
It was possible to obtain the network name of the remote host.
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests.

Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 1999/10/12, Modified: 2018/11/05
Plugin Output

udp/137

The following 5 NetBIOS names have been gathered :

METASPLOITABLE = Computer name
METASPLOITABLE = Messenger Service
METASPLOITABLE = File Server Service
WORKGROUP = Workgroup / Domain name
WORKGROUP = Browser Service Elections

This SMB server seems to be a Samba server - its MAC address is NULL.

52703 - vsftpd Detection
-
Synopsis
An FTP server is listening on the remote port.
Description
The remote host is running vsftpd, an FTP server for UNIX-like systems written in C.
See Also
Solution
n/a
Risk Factor
None
Plugin Information:
Published: 2011/03/17, Modified: 2013/03/21
Plugin Output

tcp/21


Source : 220 (vsFTPd 2.3.4)
Version : 2.3.4
Remediations
Suggested Remediations
Taking the following actions across 1 hosts would resolve 4% of the vulnerabilities on the network.
Action to take Vulns Hosts
Samba Badlock Vulnerability: Upgrade to Samba version 4.2.11 / 4.3.8 / 4.4.2 or later. 1 1
UnrealIRCd Backdoor Detection: Re-download the software, verify it using the published MD5 / SHA1 checksums, and re-install it. 0 1
© 2018 Tenable™, Inc. All rights reserved.