Scribd
Upload
10 views

Enumeração-NMAP

This document is a confidential penetration testing report conducted by ALLMA Tecnologic from June 7 to June 9, 2024. It outlines the enumeration of active hosts and vulnerabilities found in the internal network, detailing open ports and associated services along with potential vulnerabilities. The report emphasizes that the findings are for risk assessment purposes and should be validated by the client's technical team before implementation.

Uploaded by

Mikhaell Reis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views

Enumeração-NMAP

This document is a confidential penetration testing report conducted by ALLMA Tecnologic from June 7 to June 9, 2024. It outlines the enumeration of active hosts and vulnerabilities found in the internal network, detailing open ports and associated services along with potential vulnerabilities. The report emphasizes that the findings are for risk assessment purposes and should be validated by the client's technical team before implementation.

Uploaded by

Mikhaell Reis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 88

---

RELATÓRIO
PENETRATION TESTING

DATA: 08 DE JUNHO DE 2024


CLASSIFICAÇÃO: CONFIDENCIAL
Controle de Versões:

DATA VERSÃO AUTOR ALTERAÇÕES

06/10/2023 1.0 Allison Matos Inicial

CONFIDENCIAL
Este documento contém informações proprietárias e confidenciais e todos os dados
encontrados durante os testes e presentes neste documento foram tratados de forma a
garantir a privacidade e o sigilo dos mesmos. A duplicação, redistribuição ou uso no todo ou
em parte de qualquer forma requer o consentimento da ALLMA Tecnologic.

1
Aviso legal:
A enumeração foi realizada durante o período de 07/06/2024 até
09/06/2024.
O trabalho desenvolvido pela ALLMA Tecnologic NÃO tem como objetivo
corrigir as possíveis vulnerabilidades, nem proteger a CONTRATANTE contra ataques
internos e externos, nosso objetivo é fazer um levantamento dos riscos e recomendar
formas para minimizá-los.
As recomendações sugeridas neste relatório devem ser testadas e
validadas pela equipe técnica da empresa CONTRATANTE antes de serem
implementadas no ambiente em produção. A ALLMA Tecnologic não se responsabiliza
por essa implementação e possíveis impactos que possam vir a ocorrer em outras
aplicações ou serviços.

Informações de contato:

NOME CARGO INFORMAÇÕES

CORPO TECNICO | ALLMA TECNOLOGIC

Allison Matos Penetration Tester Telefone: (99) 99217-9914


E-mail: [email protected]

1
Neste relatório seguirá o resultado de uma enumeração básica na rede
interna. Os comandos usados para este relatórios foram:
Descoberta de hosts ativos:
● nmap -sn 192.168.121.0/23 -> Primeira rede
● nmap -sn 192.168.100.0/23 -> Segunda rede.
Busca de portas mais vulnerabilidades conhecidas:
● nmap -sV --open -p- -iL hostsOn.txt --script vuln -oG vulns.txt
● nmap -sV --open -p- -iL hostsOnRede2.txt --script vuln -oG vulns2.txt

1
Host: 192.120.02
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 80/tcp open http Apache httpd
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: Apache
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| then open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| http-enum:
|_ /robots.txt: Robots file

● 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: SUNO)


| vulners:
| Samba smbd 3.X - 4.X:
| CVE-2022-45141 9.8 https://vulners.com/cve/CVE-2022-45141
| CVE-2022-32744 8.8 https://vulners.com/cve/CVE-2022-32744
| CVE-2022-2031 8.8 https://vulners.com/cve/CVE-2022-2031
| CVE-2022-0336 8.8 https://vulners.com/cve/CVE-2022-0336
| CVE-2021-3738 8.8 https://vulners.com/cve/CVE-2021-3738

| CVE-2020-10745 7.5 https://vulners.com/cve/CVE-2020-10745


| CVE-2020-10704 7.5 https://vulners.com/cve/CVE-2020-10704
| CVE-2018-16860 7.5 https://vulners.com/cve/CVE-2018-16860
| CVE-2017-2619 7.5 https://vulners.com/cve/CVE-2017-2619
| CVE-2017-12151 7.4 https://vulners.com/cve/CVE-2017-12151
| CVE-2017-12150 7.4 https://vulners.com/cve/CVE-2017-12150
| CVE-2020-25719 7.2 https://vulners.com/cve/CVE-2020-25719
| CVE-2017-12163 7.1 https://vulners.com/cve/CVE-2017-12163

1
| CVE-2021-20316 6.8 https://vulners.com/cve/CVE-2021-20316
| CVE-2021-20254 6.8 https://vulners.com/cve/CVE-2021-20254
| CVE-2022-32742 4.3 https://vulners.com/cve/CVE-2022-32742
| CVE-2021-44141 4.3 https://vulners.com/cve/CVE-2021-44141
| CVE-2020-14318 4.3 https://vulners.com/cve/CVE-2020-14318
| CVE-2018-14628 4.3 https://vulners.com/cve/CVE-2018-14628
| SSV:92840 3.5 https://vulners.com/seebug/SSV:92840
*EXPLOIT*
|_ 1337DAY-ID-27447 0.0 https://vulners.com/zdt/1337DAY-ID-27447
*EXPLOIT*

● 443/tcp open ssl/http Apache httpd


|_http-server-header: Apache
| http-fileupload-exploiter:
|
|_ Couldn't find a file-type field.
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.120.2
| Found the following possible CSRF vulnerabilities:
|
| Path: https://192.168.120.2:443/
| Form id: logindlg
| Form action: login.html
|
| Path: https://192.168.120.2:443/manage/dashboard.html
| Form id: logindlg
| Form action: login.html
|
| Path: https://192.168.120.2:443/manage/login.html
| Form id: logindlg
|_ Form action: login.html
| http-enum:
|_ /robots.txt: Robots file
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.120.2
| Found the following indications of potential DOM based XSS:
|
| Source: window.open(escape(self.location.href)
|_ Pages: https://192.168.120.2:443/manage/js/scripts.js

1
● 445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: SUNO)
| vulners:
| Samba smbd 3.X - 4.X:
| CVE-2022-45141 9.8 https://vulners.com/cve/CVE-2022-45141
| CVE-2022-32744 8.8 https://vulners.com/cve/CVE-2022-32744
| CVE-2022-2031 8.8 https://vulners.com/cve/CVE-2022-2031
| CVE-2022-0336 8.8 https://vulners.com/cve/CVE-2022-0336
| CVE-2021-3738 8.8 https://vulners.com/cve/CVE-2021-3738
| CVE-2020-14383 6.5 https://vulners.com/cve/CVE-2020-14383
| CVE-2020-10760 6.5 https://vulners.com/cve/CVE-2020-10760
| CVE-2020-10730 6.5 https://vulners.com/cve/CVE-2020-10730
| CVE-2019-10218 6.5 https://vulners.com/cve/CVE-2019-10218
| CVE-2023-0922 5.9 https://vulners.com/cve/CVE-2023-0922
| CVE-2016-2124 5.9 https://vulners.com/cve/CVE-2016-2124
| CVE-2020-14323 5.5 https://vulners.com/cve/CVE-2020-14323
| CVE-2022-32746 5.4 https://vulners.com/cve/CVE-2022-32746
| CVE-2019-14833 5.4 https://vulners.com/cve/CVE-2019-14833
| CVE-2020-10700 5.3 https://vulners.com/cve/CVE-2020-10700
| CVE-2023-0225 4.3 https://vulners.com/cve/CVE-2023-0225
| CVE-2022-32742 4.3 https://vulners.com/cve/CVE-2022-32742
| CVE-2021-44141 4.3 https://vulners.com/cve/CVE-2021-44141
| CVE-2020-14318 4.3 https://vulners.com/cve/CVE-2020-14318
| CVE-2018-14628 4.3 https://vulners.com/cve/CVE-2018-14628
| SSV:92840 3.5 https://vulners.com/seebug/SSV:92840
*EXPLOIT*
|_ 1337DAY-ID-27447 0.0 https://vulners.com/zdt/1337DAY-ID-27447
*EXPLOIT*

● 873/tcp open rsync (protocol version 30)

● 3260/tcp open iscsi?

● 37686/tcp open upnp


| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404 File Not Found
| Server: POSIX, UPnP/1.0, MicroStack/1.0.3905
| Content-Length: 0
| GetRequest:
| HTTP/1.1 200 OK
| CONTENT-TYPE: text/xml; charset="utf-8"
| Server: POSIX, UPnP/1.0, MicroStack/1.0.3905
| <?xml version="1.0" encoding="utf-8"?>
| <root xmlns="urn:schemas-upnp-org:device-1-0">
| <specVersion>
| <major>1</major>
| <minor>0</minor>

1
| </specVersion>
| <device>
|
<deviceType>urn:schemas-lenovo-com:device:sohodevice:1</deviceType>
| <presentationURL>/web</presentationURL>
| <friendlyName>RC-EMC-01</friendlyName>
| <manufacturer>Lenovo</manufacturer>
|
<manufacturerURL>http://www.lenovo.com/products/us/server/</manufacturerU
RL>
| <modelDescription>Lenovo Storage</modelDescription>
| <modelName>LenovoEMC px12-450r</modelName>
| <modelNumber>4.1.414.34909</modelNumber>
| <modelURL>http://www.lenovo.com/products/us/server/</modelURL>
| <serialNumber>I00D0B823398A</serialNumber>
| <UDN>uuid:lifeline-lenovo-Soh
| HTTPOptions, RTSPRequest:
| HTTP/1.1 400 Bad Request
| Server: POSIX, UPnP/1.0, MicroStack/1.0.3905
| Content-Length: 0
| SIPOptions:
|_ HTTP/1.1 400 Bad Request (Missing Host Field)

● 55443/tcp open ssl/http Apache httpd


| ssl-dh-params:
| VULNERABLE:
| Diffie-Hellman Key Exchange Insufficient Group Strength
| State: VULNERABLE
| Transport Layer Security (TLS) services that use Diffie-Hellman groups
| of insufficient strength, especially those using one of a few commonly
| shared groups, may be susceptible to passive eavesdropping attacks.
| Check results:
| WEAK DH GROUP 1
| Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
| Modulus Type: Safe prime
| Modulus Source: mod_ssl 2.2.x/1024-bit MODP group with safe prime
modulus
| Modulus Length: 1024
| Generator Length: 8
| Public Key Length: 1024
| References:
|_ https://weakdh.org
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.120.2
| Found the following possible CSRF vulnerabilities:
|

1
| Path: https://192.168.120.2:55443/
| Form id: loginform
|_ Form action: /0409/nails
|_http-server-header: Apache
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| ssl-poodle:
| VULNERABLE:
| SSL POODLE information leak
| State: VULNERABLE
| IDs: BID:70574 CVE:CVE-2014-3566
| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
| products, uses nondeterministic CBC padding, which makes it easier
| for man-in-the-middle attackers to obtain cleartext data via a
| padding-oracle attack, aka the "POODLE" issue.
| Disclosure date: 2014-10-14
| Check results:
| TLS_RSA_WITH_AES_128_CBC_SHA
| References:
| https://www.imperialviolet.org/2014/10/14/poodle.html
| https://www.openssl.org/~bodo/ssl-poodle.pdf
| https://www.securityfocus.com/bid/70574
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

1
Host: 192.120.06
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 80/tcp open soap gSOAP 2.7
| http-enum:
|_ /robots.txt: Robots file (401 Unauthorized)
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765
| http-server-header:
| Virata-EmWeb/R6_2_1
|_ gSOAP/2.7

● 443/tcp open ssl/tcpwrapped


|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17

1
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.120.6
| Found the following possible CSRF vulnerabilities:
|
| Path: https://192.168.120.6:443/
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path: https://192.168.120.6:443/
| Form id: suppliesdetails
| Form action: /hp/device/supplies_status.html
|
| Path: https://192.168.120.6:443/hp/device/contentHeader.html
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path: https://192.168.120.6:443/hp/device/supplies_status.html
| Form id: suppliesdetails
| Form action: /hp/device/supplies_status.html
|
| Path:
https://192.168.120.6:443/info_deviceStatus.html?tab=Home&amp;menu=DevS
tatus
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path:
https://192.168.120.6:443/info_deviceStatus.html?tab=Home&amp;menu=DevS
tatus
| Form id: suppliesdetails
| Form action: /hp/device/supplies_status.html
|
| Path:
https://192.168.120.6:443/info_eventLog.html?tab=Home&amp;menu=EventLo
g
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path:
https://192.168.120.6:443/info_specialPages.html?tab=Home&amp;menu=Info
Pages
| Form id: order
| Form action: /hp/device/contentHeader.html

1
|
| Path:
https://192.168.120.6:443/info_specialPages.html?tab=Home&amp;menu=Info
Pages
| Form id: config_report
|_ Form action: /hp/device/info_specialPages.html/config
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.120.6
| Found the following indications of potential DOM based XSS:
|
| Source:
window.open(url,'hpwindow','height=500,width=800,resizable=1,directions=1,loc
ation=1,toolbar=1,menubar=1,scrollbars=1')
| Pages: https://192.168.120.6:443/hp/device/global.js
|
| Source: window.open('http://www.hp.com',
target,'resizable=yes,scrollbars=yes,menubar=yes,location=yes,toolbar=yes,sta
tus=yes')
|_ Pages: https://192.168.120.6:443/,
https://192.168.120.6:443/info_deviceStatus.html?tab=Home&amp;menu=DevS
tatus,
https://192.168.120.6:443/info_eventLog.html?tab=Home&amp;menu=EventLo
g,
https://192.168.120.6:443/info_specialPages.html?tab=Home&amp;menu=Info
Pages

● 515/tcp open printer

● 631/tcp open soap gSOAP 2.7


| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

1
| http-enum:
|_ /robots.txt: Robots file (401 Unauthorized)
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765
| http-server-header:
| Virata-EmWeb/R6_2_1
|_ gSOAP/2.7

● 8080/tcp open soap gSOAP 2.7


| http-server-header:
| Virata-EmWeb/R6_2_1
|_ gSOAP/2.7
| http-enum:
|_ /robots.txt: Robots file (401 Unauthorized)
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765

● 8289/tcp open soap gSOAP 2.7


|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)

1
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765
| http-phpmyadmin-dir-traversal:
| VULNERABLE:
| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local
File Inclusion
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2005-3299
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin
2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the
$__redirect parameter, possibly involving the subform array.
|
| Disclosure date: 2005-10-nil
| Extra information:
| ../../../../../etc/passwd not found.
|
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_ http://www.exploit-db.com/exploits/1244/
|_http-server-header: gSOAP/2.7
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|

1
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

● 9100/tcp open jetdirect?

Host: 192.120.09
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 135/tcp open msrpc Microsoft Windows RPC
● 139/tcp open netbios-ssn Microsoft Windows netbios-ssn

1
● 445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012
microsoft-ds
● 3306/tcp open mysql MySQL (unauthorized)
● 3389/tcp open ms-wbt-server Microsoft Terminal Services

● 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

● 30443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.120.9
| Found the following possible CSRF vulnerabilities:
|
| Path: https://192.168.120.9:30443/
| Form id:
|_ Form action: page_general_search_3.html
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.120.9
| Found the following indications of potential DOM based XSS:
|
| Source: window.open(window.location.origin + "/logs", '_blank')
| Pages: https://192.168.120.9:30443/common/services.js
|
| Source: window.open(window.location.origin + "/threads", '_blank')

1
| Pages: https://192.168.120.9:30443/common/services.js
|
| Source: window.open(window.location.origin + "/syncs", '_blank')
|_ Pages: https://192.168.120.9:30443/common/services.js
|_http-server-header: Microsoft-HTTPAPI/2.0

● 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-dombased-xss: Couldn't find any DOM based XSS.

● 49664/tcp open msrpc Microsoft Windows RPC


● 49665/tcp open msrpc Microsoft Windows RPC
● 49666/tcp open msrpc Microsoft Windows RPC
● 49667/tcp open msrpc Microsoft Windows RPC
● 49668/tcp open msrpc Microsoft Windows RPC
● 49675/tcp open msrpc Microsoft Windows RPC
● 49676/tcp open msrpc Microsoft Windows RPC
● 50521/tcp open msrpc Microsoft Windows RPC
● Service Info: OSs: Windows, Windows Server 2008 R2 - 2012; CPE:
cpe:/o:microsoft:windows

Host: 192.120.10
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 135/tcp open msrpc Microsoft Windows RPC

1
● 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
● 445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012
microsoft-ds
● 1521/tcp open oracle-tns Oracle TNS listener 19.0.0.0.0 (unauthorized)
● 1801/tcp open msmq?
● 2103/tcp open msrpc Microsoft Windows RPC
● 2105/tcp open msrpc Microsoft Windows RPC
● 2107/tcp open msrpc Microsoft Windows RPC
● 2179/tcp open vmrdp?
● 3389/tcp open ms-wbt-server Microsoft Terminal Services

● 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.

● 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-server-header: Microsoft-HTTPAPI/2.0

● 49664/tcp open msrpc Microsoft Windows RPC


● 49665/tcp open msrpc Microsoft Windows RPC
● 49668/tcp open msrpc Microsoft Windows RPC
● 49669/tcp open msrpc Microsoft Windows RPC
● 49698/tcp open msrpc Microsoft Windows RPC

1
● 49705/tcp open msrpc Microsoft Windows RPC
● 49723/tcp open msrpc Microsoft Windows RPC
● 49769/tcp open msrpc Microsoft Windows RPC
● 49822/tcp open oracle Oracle Database
● Service Info: OSs: Windows, Windows Server 2008 R2 - 2012; CPE:
cpe:/o:microsoft:windows

Host: 192.120.11
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.

● 89/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
| http-enum:
|_ /api/: Potentially interesting folder
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.

● 91/tcp open http Microsoft IIS httpd 10.0


| http-dombased-xss:

1
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.120.11
| Found the following indications of potential DOM based XSS:
|
| Source:
window.open('login_frame.asp','AdSystem','toolbar=no,location=no,directories=
no,status=no,scrollbars=no,menubar=no,resizable=yes,maximized=yes,minimiz
ed=no,width=' + JanelaWidth + ',height=' + JanelaHeight + ',top=0,left=0')
|_ Pages: http://192.168.120.11:91/
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-server-header: Microsoft-IIS/10.0
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.

● 135/tcp open msrpc Microsoft Windows RPC


● 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
● 445/tcp open microsoft-ds?
● 1801/tcp open msmq?
● 2103/tcp open msrpc Microsoft Windows RPC
● 2105/tcp open msrpc Microsoft Windows RPC
● 2107/tcp open msrpc Microsoft Windows RPC
● 3389/tcp open ms-wbt-server Microsoft Terminal Services

● 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.

1
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-csrf: Couldn't find any CSRF vulnerabilities.

● 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0

● 49664/tcp open msrpc Microsoft Windows RPC


● 49665/tcp open msrpc Microsoft Windows RPC
● 49666/tcp open msrpc Microsoft Windows RPC
● 49667/tcp open msrpc Microsoft Windows RPC
● 49668/tcp open msrpc Microsoft Windows RPC
● 49669/tcp open msrpc Microsoft Windows RPC
● 49670/tcp open msrpc Microsoft Windows RPC
● 49673/tcp open msrpc Microsoft Windows RPC
● 49678/tcp open msrpc Microsoft Windows RPC
● 49684/tcp open msrpc Microsoft Windows RPC
● 49899/tcp open msrpc Microsoft Windows RPC
● Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host: 192.120.12
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 135/tcp open msrpc Microsoft Windows RPC

1
● 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
● 445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012
microsoft-ds
● 1521/tcp open oracle-tns Oracle TNS listener 19.0.0.0.0 (unauthorized)
● 1801/tcp open msmq?
● 2103/tcp open msrpc Microsoft Windows RPC
● 2105/tcp open msrpc Microsoft Windows RPC
● 2107/tcp open msrpc Microsoft Windows RPC
● 2179/tcp open vmrdp?
● 3389/tcp open ms-wbt-server Microsoft Terminal Services

● 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.

● 49664/tcp open msrpc Microsoft Windows RPC


● 49665/tcp open msrpc Microsoft Windows RPC
● 49668/tcp open msrpc Microsoft Windows RPC
● 49669/tcp open msrpc Microsoft Windows RPC
● 49698/tcp open msrpc Microsoft Windows RPC

1
● 49705/tcp open msrpc Microsoft Windows RPC
● 49723/tcp open msrpc Microsoft Windows RPC
● 49769/tcp open msrpc Microsoft Windows RPC
● 49822/tcp open oracle Oracle Database
● Service Info: OSs: Windows, Windows Server 2008 R2 - 2012; CPE:
cpe:/o:microsoft:windows

Host: 192.120.21
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-dombased-xss: Couldn't find any DOM based XSS.

● 135/tcp open msrpc Microsoft Windows RPC


● 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
● 445/tcp open microsoft-ds?

● 1311/tcp open ssl/rxmon?


| fingerprint-strings:
| GetRequest:
| HTTP/1.1 200
| Strict-Transport-Security: max-age=31536000
| X-Frame-Options: SAMEORIGIN
| X-Content-Type-Options: nosniff
| X-XSS-Protection: 1; mode=block
| vary: accept-encoding
| Content-Type: text/html;charset=UTF-8
| Date: Sun, 09 Jun 2024 03:50:32 GMT
| Connection: close
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
| <html>
| <head>
| <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
| <title>OpenManage&trade;</title>
| <link type="text/css" rel="stylesheet" href="/oma/css/loginmaster.css">
| <style type="text/css"></style>
| <script type="text/javascript" src="/oma/js/prototype.js"
language="javascript"></script><script type="text/javascript"
src="/oma/js/gnavbar.js" language="javascript"></script><script
type="text/javascript" src="/oma/js/Clarity.js"
language="javascript"></script><script language="javascri

1
| HTTPOptions:
| HTTP/1.1 200
| Strict-Transport-Security: max-age=31536000
| X-Frame-Options: SAMEORIGIN
| X-Content-Type-Options: nosniff
| X-XSS-Protection: 1; mode=block
| vary: accept-encoding
| Content-Type: text/html;charset=UTF-8
| Date: Sun, 09 Jun 2024 03:50:37 GMT
| Connection: close
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
| <html>
| <head>
| <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
| <title>OpenManage&trade;</title>
| <link type="text/css" rel="stylesheet" href="/oma/css/loginmaster.css">
| <style type="text/css"></style>
|_ <script type="text/javascript" src="/oma/js/prototype.js"
language="javascript"></script><script type="text/javascript"
src="/oma/js/gnavbar.js" language="javascript"></script><script
type="text/javascript" src="/oma/js/Clarity.js"
language="javascript"></script><script language="javascri

● 2179/tcp open vmrdp?


● 3050/tcp open firebird Firebird RDBMS Protocol version 10
● 3205/tcp open isns?
● 3389/tcp open ms-wbt-server Microsoft Terminal Services

● 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|

1
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

● 5633/tcp open giop omg.org CORBA naming service

● 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-csrf: Couldn't find any CSRF vulnerabilities.

● 6101/tcp open backupexec?


● 6106/tcp open msrpc Microsoft Windows RPC

● 8080/tcp open http-proxy


| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 431
| Date: Sun, 09 Jun 2024 03:50:36 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 404
| Found</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 404
| Found</h1></body></html>
| GetRequest, HTTPOptions:
| HTTP/1.1 302
| Location: https://localhost:8443/
| Content-Length: 0
| Date: Sun, 09 Jun 2024 03:50:36 GMT
| Connection: close
| RTSPRequest:
| HTTP/1.1 400
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sun, 09 Jun 2024 03:50:36 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 400

1
| Request</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 400
| Request</h1></body></html>
| Socks5:
| HTTP/1.1 400
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sun, 09 Jun 2024 03:50:37 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 400
| Request</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 400
|_ Request</h1></body></html>
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

● 8443/tcp open ssl/nagios-nsca Nagios NSCA

● 8843/tcp open ssl/unknown


| fingerprint-strings:
| GetRequest:
| HTTP/1.1 400

1
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sun, 09 Jun 2024 03:50:54 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 400
| Request</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 400
| Request</h1></body></html>
| HTTPOptions, RTSPRequest:
| HTTP/1.1 400
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sun, 09 Jun 2024 03:50:55 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 400
| Request</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 400
|_ Request</h1></body></html>
8880/tcp open cddbp-alt?
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 431
| Date: Sun, 09 Jun 2024 03:50:41 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 404
| Found</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 404
| Found</h1></body></html>
| GetRequest:
| HTTP/1.1 302

1
| Location: https://localhost:8880/
| Content-Length: 0
| Date: Sun, 09 Jun 2024 03:50:41 GMT
| Connection: close
| HTTPOptions:
| HTTP/1.1 302
| Location: https://localhost:8880/
| Content-Length: 0
| Date: Sun, 09 Jun 2024 03:50:46 GMT
| Connection: close
| RPCCheck:
| HTTP/1.1 400
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sun, 09 Jun 2024 03:50:47 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 400
| Request</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 400
| Request</h1></body></html>
| RTSPRequest:
| HTTP/1.1 400
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sun, 09 Jun 2024 03:50:46 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 400
| Request</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 400
|_ Request</h1></body></html>

● 10000/tcp open ndmp Symantec/Veritas Backup Exec ndmp (NDMPv3)


|_http-vuln-cve2006-3392: ERROR: Script execution failed (use -d to debug)

● 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.

1
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0

● 49665/tcp open msrpc Microsoft Windows RPC


● 49666/tcp open msrpc Microsoft Windows RPC
● 49667/tcp open msrpc Microsoft Windows RPC
● 49668/tcp open msrpc Microsoft Windows RPC
● 49669/tcp open msrpc Microsoft Windows RPC
● 49670/tcp open msrpc Microsoft Windows RPC
● 49678/tcp open msrpc Microsoft Windows RPC
● 49797/tcp open msrpc Microsoft Windows RPC
● 49857/tcp open msrpc Microsoft Windows RPC
● 50104/tcp open mc-nmf .NET Message Framing
● 50449/tcp open msrpc Microsoft Windows RPC
● 56121/tcp open ms-sql-s Microsoft SQL Server 2014 12.00.5000; SP2
● 62354/tcp open tcpwrapped

Host: 192.120.22
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

● 135/tcp open msrpc Microsoft Windows RPC

1
● 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
● 445/tcp open microsoft-ds?
● 1311/tcp open ssl/rxmon?
| fingerprint-strings:
| GetRequest:
| HTTP/1.1 200
| Strict-Transport-Security: max-age=31536000
| X-Frame-Options: SAMEORIGIN
| X-Content-Type-Options: nosniff
| X-XSS-Protection: 1; mode=block
| vary: accept-encoding
| Content-Type: text/html;charset=UTF-8
| Date: Sun, 09 Jun 2024 03:51:21 GMT
| Connection: close
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
| <html>
| <head>
| <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
| <title>OpenManage&trade;</title>
| <link type="text/css" rel="stylesheet" href="/oma/css/loginmaster.css">
| <style type="text/css"></style>
| <script type="text/javascript" src="/oma/js/prototype.js"
language="javascript"></script><script type="text/javascript"
src="/oma/js/gnavbar.js" language="javascript"></script><script
type="text/javascript" src="/oma/js/Clarity.js"
language="javascript"></script><script language="javascri
| HTTPOptions:
| HTTP/1.1 200
| Strict-Transport-Security: max-age=31536000
| X-Frame-Options: SAMEORIGIN
| X-Content-Type-Options: nosniff
| X-XSS-Protection: 1; mode=block
| vary: accept-encoding
| Content-Type: text/html;charset=UTF-8
| Date: Sun, 09 Jun 2024 03:51:26 GMT
| Connection: close
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
| <html>
| <head>
| <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
| <title>OpenManage&trade;</title>
| <link type="text/css" rel="stylesheet" href="/oma/css/loginmaster.css">
| <style type="text/css"></style>
|_ <script type="text/javascript" src="/oma/js/prototype.js"
language="javascript"></script><script type="text/javascript"

1
src="/oma/js/gnavbar.js" language="javascript"></script><script
type="text/javascript" src="/oma/js/Clarity.js"
language="javascript"></script><script language="javascri

● 2179/tcp open vmrdp?


● 3050/tcp open firebird Firebird RDBMS Protocol version 10
● 3205/tcp open isns?
● 3389/tcp open ms-wbt-server Microsoft Terminal Services

● 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.

● 5633/tcp open giop omg.org CORBA naming service

● 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

● 6101/tcp open backupexec?


● 6106/tcp open msrpc Microsoft Windows RPC

● 8080/tcp open http-proxy


| fingerprint-strings:
| FourOhFourRequest:

1
| HTTP/1.1 404
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 431
| Date: Sun, 09 Jun 2024 03:51:36 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 404
| Found</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 404
| Found</h1></body></html>
| GetRequest, HTTPOptions:
| HTTP/1.1 302
| Location: https://localhost:8443/
| Content-Length: 0
| Date: Sun, 09 Jun 2024 03:51:36 GMT
| Connection: close
| RTSPRequest, Socks5:
| HTTP/1.1 400
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sun, 09 Jun 2024 03:51:36 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 400
| Request</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 400
|_ Request</h1></body></html>
8443/tcp open ssl/nagios-nsca Nagios NSCA
8843/tcp open ssl/unknown
| fingerprint-strings:
| GetRequest:
| HTTP/1.1 400
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sun, 09 Jun 2024 03:52:01 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 400

1
| Request</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 400
| Request</h1></body></html>
| HTTPOptions, RTSPRequest:
| HTTP/1.1 400
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sun, 09 Jun 2024 03:52:02 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 400
| Request</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 400
|_ Request</h1></body></html>
8880/tcp open cddbp-alt?
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 431
| Date: Sun, 09 Jun 2024 03:51:44 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 404
| Found</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 404
| Found</h1></body></html>
| GetRequest:
| HTTP/1.1 302
| Location: https://localhost:8880/
| Content-Length: 0
| Date: Sun, 09 Jun 2024 03:51:44 GMT
| Connection: close
| HTTPOptions:
| HTTP/1.1 302

1
| Location: https://localhost:8880/
| Content-Length: 0
| Date: Sun, 09 Jun 2024 03:51:49 GMT
| Connection: close
| RPCCheck, RTSPRequest:
| HTTP/1.1 400
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sun, 09 Jun 2024 03:51:50 GMT
| Connection: close
| <!doctype html><html lang="en"><head><title>HTTP Status 400
| Request</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h
1>HTTP Status 400
|_ Request</h1></body></html>

● 10000/tcp open ndmp Symantec/Veritas Backup Exec ndmp (NDMPv3)


|_http-vuln-cve2006-3392: ERROR: Script execution failed (use -d to debug)

● 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0

49665/tcp open msrpc Microsoft Windows RPC


49666/tcp open msrpc Microsoft Windows RPC
49667/tcp open msrpc Microsoft Windows RPC
49668/tcp open msrpc Microsoft Windows RPC
49669/tcp open msrpc Microsoft Windows RPC
49670/tcp open msrpc Microsoft Windows RPC
49678/tcp open msrpc Microsoft Windows RPC
49797/tcp open msrpc Microsoft Windows RPC
49857/tcp open msrpc Microsoft Windows RPC
50104/tcp open mc-nmf .NET Message Framing
50449/tcp open msrpc Microsoft Windows RPC
56121/tcp open ms-sql-s Microsoft SQL Server 2014 12.00.5000; SP2
62354/tcp open tcpwrapped
Host: 192.120.24
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 53/tcp open domain Simple DNS Plus

1
● 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time:
2024-06-09 03:52:08Z)
● 135/tcp open msrpc Microsoft Windows RPC
● 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
● 389/tcp open ldap Microsoft Windows Active Directory LDAP
(Domain: sunocreators.local, Site: MOURATO)
● 445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012
microsoft-ds (workgroup: SUNO)
● 464/tcp open kpasswd5?
● 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
● 636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP
(Domain: sunocreators.local, Site: MOURATO)
● 3268/tcp open ldap Microsoft Windows Active Directory LDAP
(Domain: sunocreators.local, Site: MOURATO)
● 3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP
(Domain: sunocreators.local, Site: MOURATO)
● 3389/tcp open ms-wbt-server Microsoft Terminal Services
● 5566/tcp open westec-connect?

● 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-server-header: Microsoft-HTTPAPI/2.0

● 9389/tcp open mc-nmf .NET Message Framing


● 27015/tcp open unknown

● 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0

● 49664/tcp open msrpc Microsoft Windows RPC


● 49665/tcp open msrpc Microsoft Windows RPC
● 49668/tcp open msrpc Microsoft Windows RPC
● 49671/tcp open msrpc Microsoft Windows RPC
● 49675/tcp open msrpc Microsoft Windows RPC
● 49676/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
● 49677/tcp open msrpc Microsoft Windows RPC
● 64561/tcp open msrpc Microsoft Windows RPC
● 64613/tcp open msrpc Microsoft Windows RPC
● 64639/tcp open msrpc Microsoft Windows RPC
● Service Info: Host: DCSUNO03; OS: Windows; CPE: cpe:/o:microsoft:windows

1
Host: 192.120.28
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.29
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.31
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 80/tcp open soap gSOAP 2.7
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765
| http-server-header:
| Virata-EmWeb/R6_2_1
|_ gSOAP/2.7
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.

● 443/tcp open ssl/tcpwrapped

1
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| http-server-header:
| Virata-EmWeb/R6_2_1
|_ gSOAP/2.7
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.120.31
| Found the following possible CSRF vulnerabilities:
|
| Path: https://192.168.120.31:443/
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path: https://192.168.120.31:443/
| Form id: suppliesdetails
| Form action: /hp/device/supplies_status.html
|
| Path: https://192.168.120.31:443/hp/device/supplies_status.html
| Form id: suppliesdetails
| Form action: /hp/device/supplies_status.html
|
| Path:
https://192.168.120.31:443/info_specialPages.html?tab=Home&amp;menu=Info
Pages
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path:
https://192.168.120.31:443/info_specialPages.html?tab=Home&amp;menu=Info
Pages
| Form id: config_report

1
| Form action: /hp/device/info_specialPages.html/config
|
| Path: https://192.168.120.31:443/hp/device/contentHeader.html
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path:
https://192.168.120.31:443/info_jobLog.html?tab=Home&amp;menu=JobLog
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path:
https://192.168.120.31:443/info_jobLog.html?tab=Home&amp;menu=JobLog
| Form id: jobstoragelogform
|_ Form action: /hp/device/info_jobLog.html/config
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.120.31
| Found the following indications of potential DOM based XSS:
|
| Source:
window.open(url,'hpwindow','height=500,width=800,resizable=1,directions=1,loc
ation=1,toolbar=1,menubar=1,scrollbars=1')
| Pages: https://192.168.120.31:443/hp/device/global.js
|
| Source: window.open('http://www.hp.com',
target,'resizable=yes,scrollbars=yes,menubar=yes,location=yes,toolbar=yes,sta
tus=yes')
|_ Pages: https://192.168.120.31:443/,
https://192.168.120.31:443/info_specialPages.html?tab=Home&amp;menu=Info
Pages,
https://192.168.120.31:443/info_jobLog.html?tab=Home&amp;menu=JobLog,
https://192.168.120.31:443/info_deviceStatus.html?tab=Home&amp;menu=Dev
Status
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
515/tcp open printer
631/tcp open soap gSOAP 2.7
| http-server-header:
| Virata-EmWeb/R6_2_1
|_ gSOAP/2.7
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578

1
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765

● 3910/tcp open soap gSOAP 2.7


| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| http-phpmyadmin-dir-traversal:
| VULNERABLE:

1
| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local
File Inclusion
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2005-3299
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin
2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the
$__redirect parameter, possibly involving the subform array.
|
| Disclosure date: 2005-10-nil
| Extra information:
| ../../../../../etc/passwd not found.
|
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_ http://www.exploit-db.com/exploits/1244/
|_http-server-header: gSOAP/2.7

● 3911/tcp open tcpwrapped

● 8080/tcp open soap gSOAP 2.7


| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574

1
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765
| http-server-header:
| Virata-EmWeb/R6_2_1
|_ gSOAP/2.7

● 8289/tcp open soap gSOAP 2.7


| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765
| http-phpmyadmin-dir-traversal:
| VULNERABLE:
| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local
File Inclusion
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2005-3299
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin
2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the
$__redirect parameter, possibly involving the subform array.
|
| Disclosure date: 2005-10-nil
| Extra information:
| ../../../../../etc/passwd not found.
|
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_ http://www.exploit-db.com/exploits/1244/
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
|_http-server-header: gSOAP/2.7

1
● 9100/tcp open jetdirect?

● 53048/tcp open soap gSOAP 2.7


|_http-server-header: gSOAP/2.7
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765
| http-phpmyadmin-dir-traversal:
| VULNERABLE:
| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local
File Inclusion
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2005-3299
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin
2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the
$__redirect parameter, possibly involving the subform array.
|
| Disclosure date: 2005-10-nil
| Extra information:
| ../../../../../etc/passwd not found.
|
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_ http://www.exploit-db.com/exploits/1244

Host: 192.120.33
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 80/tcp open soap gSOAP 2.7
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.

1
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| http-enum:
|_ /robots.txt: Robots file (401 Unauthorized)
| http-server-header:
| Virata-EmWeb/R6_2_1
|_ gSOAP/2.7
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765
|_http-dombased-xss: Couldn't find any DOM based XSS.

● 443/tcp open ssl/tcpwrapped


| http-server-header:
| Virata-EmWeb/R6_2_1
|_ gSOAP/2.7
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-csrf:

1
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.120.33
| Found the following possible CSRF vulnerabilities:
|
| Path: https://192.168.120.33:443/
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path: https://192.168.120.33:443/
| Form id: suppliesdetails
| Form action: /hp/device/supplies_status.html
|
| Path:
https://192.168.120.33:443/info_eventLog.html?tab=Home&amp;menu=EventL
og
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path: https://192.168.120.33:443/hp/device/contentHeader.html
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path:
https://192.168.120.33:443/info_specialPages.html?tab=Home&amp;menu=Info
Pages
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path:
https://192.168.120.33:443/info_specialPages.html?tab=Home&amp;menu=Info
Pages
| Form id: config_report
| Form action: /hp/device/info_specialPages.html/config
|
| Path:
https://192.168.120.33:443/info_deviceStatus.html?tab=Home&amp;menu=Dev
Status
| Form id: order
| Form action: /hp/device/contentHeader.html
|
| Path:
https://192.168.120.33:443/info_deviceStatus.html?tab=Home&amp;menu=Dev
Status
| Form id: suppliesdetails
| Form action: /hp/device/supplies_status.html
|
| Path: https://192.168.120.33:443/hp/device/supplies_status.html

1
| Form id: suppliesdetails
|_ Form action: /hp/device/supplies_status.html
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.120.33
| Found the following indications of potential DOM based XSS:
|
| Source:
window.open(url,'hpwindow','height=500,width=800,resizable=1,directions=1,loc
ation=1,toolbar=1,menubar=1,scrollbars=1')
| Pages: https://192.168.120.33:443/hp/device/global.js
|
| Source: window.open('http://www.hp.com',
target,'resizable=yes,scrollbars=yes,menubar=yes,location=yes,toolbar=yes,sta
tus=yes')
|_ Pages: https://192.168.120.33:443/,
https://192.168.120.33:443/info_eventLog.html?tab=Home&amp;menu=EventL
og,
https://192.168.120.33:443/info_specialPages.html?tab=Home&amp;menu=Info
Pages,
https://192.168.120.33:443/info_deviceStatus.html?tab=Home&amp;menu=Dev
Status

● 515/tcp open printer

● 631/tcp open soap gSOAP 2.7


| http-enum:
|_ /robots.txt: Robots file (401 Unauthorized)
| http-server-header:
| Virata-EmWeb/R6_2_1

1
|_ gSOAP/2.7
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765

● 3910/tcp open soap gSOAP 2.7


| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574

1
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765
|_http-server-header: gSOAP/2.7
| http-phpmyadmin-dir-traversal:
| VULNERABLE:
| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local
File Inclusion
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2005-3299
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin
2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the
$__redirect parameter, possibly involving the subform array.
|
| Disclosure date: 2005-10-nil
| Extra information:
| ../../../../../etc/passwd not found.
|
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_ http://www.exploit-db.com/exploits/1244/

● 3911/tcp open tcpwrapped

● 8080/tcp open soap gSOAP 2.7


| http-server-header:
| Virata-EmWeb/R6_2_1
|_ gSOAP/2.7
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765

1
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| http-enum:
|_ /robots.txt: Robots file (401 Unauthorized)
8289/tcp open soap gSOAP 2.7
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
|_http-server-header: gSOAP/2.7
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765
| http-phpmyadmin-dir-traversal:
| VULNERABLE:
| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local
File Inclusion
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2005-3299

1
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin
2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the
$__redirect parameter, possibly involving the subform array.
|
| Disclosure date: 2005-10-nil
| Extra information:
| ../../../../../etc/passwd not found.
|
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_ http://www.exploit-db.com/exploits/1244/

● 9100/tcp open jetdirect?

● 53048/tcp open soap gSOAP 2.7


|_http-server-header: gSOAP/2.7
| vulners:
| cpe:/a:genivia:gsoap:2.7:
| CVE-2021-21783 9.8 https://vulners.com/cve/CVE-2021-21783
| CVE-2020-13576 9.8 https://vulners.com/cve/CVE-2020-13576
| CVE-2019-7659 8.1 https://vulners.com/cve/CVE-2019-7659
| CVE-2017-9765 8.1 https://vulners.com/cve/CVE-2017-9765
| CVE-2020-13578 7.5 https://vulners.com/cve/CVE-2020-13578
| CVE-2020-13577 7.5 https://vulners.com/cve/CVE-2020-13577
| CVE-2020-13575 7.5 https://vulners.com/cve/CVE-2020-13575
| CVE-2020-13574 7.5 https://vulners.com/cve/CVE-2020-13574
| SSV:96284 6.8 https://vulners.com/seebug/SSV:96284
*EXPLOIT*
| PRION:CVE-2019-7659 6.8
https://vulners.com/prion/PRION:CVE-2019-7659
|_ PRION:CVE-2017-9765 6.8
https://vulners.com/prion/PRION:CVE-2017-9765
| http-phpmyadmin-dir-traversal:
| VULNERABLE:
| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local
File Inclusion
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2005-3299
| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin
2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the
$__redirect parameter, possibly involving the subform array.
|
| Disclosure date: 2005-10-nil
| Extra information:
| ../../../../../etc/passwd not found.
|
| References:

1
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_ http://www.exploit-db.com/exploits/1244/

Host: 192.120.34
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 80/tcp open http mini_httpd 1.30 26Oct2018
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-server-header: mini_httpd/1.30 26Oct2018
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-dombased-xss: Couldn't find any DOM based XSS.

● 5060/tcp open sip?

Host: 192.120.35
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

1
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)
● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.36
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.37
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.38
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 80/tcp open http lighttpd 1.4.55
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-server-header: lighttpd/1.4.55
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| vulners:
| cpe:/a:lighttpd:lighttpd:1.4.55:
| CVE-2022-22707 5.9 https://vulners.com/cve/CVE-2022-22707
| PRION:CVE-2022-41556 5.0
https://vulners.com/prion/PRION:CVE-2022-41556
|_ PRION:CVE-2022-22707 4.3
https://vulners.com/prion/PRION:CVE-2022-22707

● 5062/tcp open na-localise?


● 5064/tcp open ca-1?
● 5066/tcp open stanag-5066?
● 5068/tcp open bitforestsrv?
● 5070/tcp open vtsas?
● 5072/tcp open ayiya?
● 5074/tcp open alesquery?
● 5076/tcp open unknown

1
● 5078/tcp open pixelpusher?

● 7547/tcp open cwmp?


| fingerprint-strings:
| DNSStatusRequestTCP, DNSVersionBindReqTCP, GenericLines, Help,
Kerberos, RPCCheck, SMBProgNeg, SSLSessionReq, TLSSessionReq,
TerminalServerCookie, X11Probe:
| HTTP/1.1 500 Internal Server Error
| Server:CPE-3.6.13
| Content-Length: 0
| Connection: close
| GetRequest:
| HTTP/1.1 404 Not Found
| Server:CPE-3.6.13
| Content-Length: 0
| Connection: close
| HTTPOptions, RTSPRequest:
| HTTP/1.1 405 Method Not Allowed
| Server:CPE-3.6.13
| Content-Length: 0
|_ Connection: close

● 47391/tcp open unknown

Host: 192.120.41
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)
● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.41
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.43
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

1
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)
● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.44
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.45
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.46
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.47
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.48
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

1
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)
● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.64
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

● 5948/tcp open unknown

Host: 192.120.66
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

● 8080/tcp open ssl/http-proxy


|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
| FourOhFourRequest, GetRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.67
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.

● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

● 8080/tcp open ssl/http-proxy


| fingerprint-strings:
| FourOhFourRequest, GetRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750

1
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)

● 8381/tcp open ssl/unknown

Host: 192.120.68
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

● 8080/tcp open ssl/http-proxy


| fingerprint-strings:
| FourOhFourRequest, GetRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.69
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

1
● 8080/tcp open ssl/http-proxy
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| fingerprint-strings:
| FourOhFourRequest, GetRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.70
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

● 8080/tcp open ssl/http-proxy


|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves

1
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| fingerprint-strings:
| FourOhFourRequest, GetRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.71
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

● 8080/tcp open ssl/http-proxy


|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
| GetRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.72
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

● 8080/tcp open ssl/http-proxy


| fingerprint-strings:
| GetRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack

1
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.73
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

● 8080/tcp open ssl/http-proxy


|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| fingerprint-strings:
| FourOhFourRequest, GetRequest:
| HTTP/1.1 404 Not Found

1
|_ Content-Length: 0

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.74
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

● 8080/tcp open ssl/http-proxy


|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.75
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

● 8080/tcp open ssl/http-proxy


|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

1
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.76
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

● 8080/tcp open ssl/http-proxy


|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| fingerprint-strings:
| FourOhFourRequest, GetRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.77
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

1
● 8080/tcp open ssl/http-proxy
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.79
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)
● 8080/tcp open ssl/http-proxy
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
| FourOhFourRequest, GetRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Host: 192.120.82
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh Dropbear sshd 2020.81 (protocol 2.0)

1
● 8080/tcp open ssl/http-proxy
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404 Not Found
|_ Content-Length: 0
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

● 8381/tcp open ssl/unknown


● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.120.104
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 5948/tcp open unknown

Host: 192.120.152
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh HP Integrated Lights-Out mpSSH 0.2.1 (protocol 2.0)

1
● 80/tcp open http HP Integrated Lights-Out web interface 1.30
|_http-passwd: ERROR: Script execution failed (use -d to debug)
| vulners:
| HP Integrated Lights-Out web interface 1.30:
| OSV:CVE-2021-4236 9.8
https://vulners.com/osv/OSV:CVE-2021-4236
|_ PRION:CVE-2021-4236 7.5
https://vulners.com/prion/PRION:CVE-2021-4236
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-server-header: HP-iLO-Server/1.30
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.

● 443/tcp open ssl/http HP Integrated Lights-Out web interface 1.30


|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-server-header: HP-iLO-Server/1.30
| vulners:
| HP Integrated Lights-Out web interface 1.30:
| OSV:CVE-2021-4236 9.8
https://vulners.com/osv/OSV:CVE-2021-4236
|_ PRION:CVE-2021-4236 7.5
https://vulners.com/prion/PRION:CVE-2021-4236
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750

1
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

● 17988/tcp open ilo-vm HP Integrated Lights-Out Virtual Media


● 17990/tcp open ilo-console HP Integrated Lights-Out remote console

Host: 192.121.25
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.7 (Ubuntu
Linux; protocol 2.0)
| vulners:
| OpenSSH 8.9p1 Ubuntu 3ubuntu0.7:
| B8190CDB-3EB9-5631-9828-8064A1575B23 9.8
https://vulners.com/githubexploit/B8190CDB-3EB9-5631-9828-8064A15
75B23 *EXPLOIT*
| 8FC9C5AB-3968-5F3C-825E-E8DB5379A623 9.8
https://vulners.com/githubexploit/8FC9C5AB-3968-5F3C-825E-E8DB53
79A623 *EXPLOIT*
| F0979183-AE88-53B4-86CF-3AF0523F3807 7.5
https://vulners.com/githubexploit/F0979183-AE88-53B4-86CF-3AF0523
F3807 *EXPLOIT*
| CHAINGUARD:CVE-2023-38408 7.5
https://vulners.com/cgr/CHAINGUARD:CVE-2023-38408
| F3296B94-4C7D-509D-8AFE-7407270E5508 6.5
https://vulners.com/githubexploit/F3296B94-4C7D-509D-8AFE-7407270
E5508 *EXPLOIT*
| 9EF4F8E5-EB9B-5BF5-9772-BD75D0FA7DB0 6.5
https://vulners.com/githubexploit/9EF4F8E5-EB9B-5BF5-9772-BD75D0
FA7DB0 *EXPLOIT*
| 9C4B9838-9B34-5ECF-88C6-1F085707B73E 6.5
https://vulners.com/githubexploit/9C4B9838-9B34-5ECF-88C6-1F08570
7B73E *EXPLOIT*
| 6E50384B-3A02-57D0-8CF7-C44201EC790F 6.5
https://vulners.com/githubexploit/6E50384B-3A02-57D0-8CF7-C44201E
C790F *EXPLOIT*

1
| 66723D3A-8399-57A7-B399-59101D2E2B00 6.5
https://vulners.com/githubexploit/66723D3A-8399-57A7-B399-59101D2
E2B00 *EXPLOIT*
| 64CC39E9-21E0-57CB-B1DC-F9242D095352 6.5
https://vulners.com/githubexploit/64CC39E9-21E0-57CB-B1DC-F9242D
095352 *EXPLOIT*
| 09DAE153-1015-5324-B27A-FE80D50E2F75 6.5
https://vulners.com/githubexploit/09DAE153-1015-5324-B27A-FE80D50
E2F75 *EXPLOIT*
| CHAINGUARD:CVE-2023-25136 4.0
https://vulners.com/cgr/CHAINGUARD:CVE-2023-25136
| CHAINGUARD:CVE-2023-51767 3.5
https://vulners.com/cgr/CHAINGUARD:CVE-2023-51767
| CHAINGUARD:GHSA-W62J-G234-3F6F 0.0
https://vulners.com/cgr/CHAINGUARD:GHSA-W62J-G234-3F6F
| CHAINGUARD:GHSA-PX36-P9HV-7H2V 0.0
https://vulners.com/cgr/CHAINGUARD:GHSA-PX36-P9HV-7H2V
|_ CHAINGUARD:GHSA-27Q9-H529-Q4G3 0.0
https://vulners.com/cgr/CHAINGUARD:GHSA-27Q9-H529-Q4G3

● 9200/tcp open elasticsearch Elastic elasticsearch 8.13.4


| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.0 405 Method Not Allowed
| Allow: POST
| X-elastic-product: Elasticsearch
| content-type: application/json
| content-length: 127
| {"error":"Incorrect HTTP method for uri
[/nice%20ports%2C/Tri%6Eity.txt%2ebak] and method [GET], allowed:
[POST]","status":405}
| GetRequest:
| HTTP/1.0 200 OK
| X-elastic-product: Elasticsearch
| content-type: application/json
| content-length: 538
| "name" : "vm-coletor-01",
| "cluster_name" : "elasticsearch",
| "cluster_uuid" : "jdWmN1lWRH6IfAHvT-pXfg",
| "version" : {
| "number" : "8.13.4",
| "build_flavor" : "default",
| "build_type" : "deb",
| "build_hash" : "da95df118650b55a500dcc181889ac35c6d8da7c",
| "build_date" : "2024-05-06T22:04:45.107454559Z",
| "build_snapshot" : false,
| "lucene_version" : "9.10.0",

1
| "minimum_wire_compatibility_version" : "7.17.0",
| "minimum_index_compatibility_version" : "7.0.0"
| "tagline" : "You Know, for Search"
| HTTPOptions:
| HTTP/1.0 200 OK
| Allow: GET,DELETE,HEAD
| X-elastic-product: Elasticsearch
| content-type: text/plain; charset=UTF-8
| content-length: 0
| RTSPRequest:
| RTSP/1.0 400 Bad Request
| X-elastic-product: Elasticsearch
| content-type: application/json
| content-length: 221
|
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Unexpect
ed http protocol version:
RTSP/1.0"}],"type":"illegal_argument_exception","reason":"Unexpected http
protocol version: RTSP/1.0"},"status":400}
| SIPOptions:
| SIP/2.0 400 Bad Request
| X-elastic-product: Elasticsearch
| content-type: application/json
| content-length: 219
|_
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Unexpect
ed http protocol version:
SIP/2.0"}],"type":"illegal_argument_exception","reason":"Unexpected http
protocol version: SIP/2.0"},"status":400}

● 9300/tcp open vrace?


| fingerprint-strings:
| FourOhFourRequest, GetRequest, HTTPOptions, RTSPRequest,
SIPOptions:
|_ This is not an HTTP port
● Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host: 192.121.43
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 21/tcp open ftp?

1
| fingerprint-strings:
| DNSStatusRequestTCP, DNSVersionBindReqTCP, FourOhFourRequest,
GenericLines, GetRequest, HTTPOptions, Help, JavaRMI, Kerberos,
LANDesk-RC, LDAPBindReq, LDAPSearchReq, LPDString, NCP, NotesRPC,
RPCCheck, RTSPRequest, SIPOptions, SMBProgNeg, SSLSessionReq,
TLSSessionReq, TerminalServer, TerminalServerCookie, WMSRequest,
X11Probe:
| 220 Welcome
| Command not implemented.
| NULL:
|_ 220 Welcome

● 25/tcp open smtp


|_sslv2-drown: ERROR: Script execution failed (use -d to debug)
|_rsa-vuln-roca: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
| GenericLines, GetRequest, Help, NULL:
| 220 HSXP.LOCAL ESMTP
| Hello:
| 220 HSXP.LOCAL ESMTP
| 250-HSXP.LOCAL
|_ AUTH LOGIN PLAIN XYMCOOKIE
| smtp-vuln-cve2010-4344:
|_ The SMTP server is not Exim: NOT VULNERABLE

● 53/tcp open domain?


● 80/tcp open http Microsoft IIS httpd 10.0
● 88/tcp open kerberos-sec?

● 110/tcp open pop3 Openwall popa3d


|_ssl-ccs-injection: No reply from server (TIMEOUT)
● 135/tcp open msrpc?

● 139/tcp open microsoft-ds


| fingerprint-strings:
| SMBProgNeg:
| SMBr
|_ [email protected]

● 143/tcp open imap


| fingerprint-strings:
| GenericLines, GetRequest, NULL:
|_ * OK IMAP4 service is ready.

● 389/tcp open tcpwrapped


● 443/tcp open ssl/http Microsoft IIS httpd 10.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.

1
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it
starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-server-header: Microsoft-IIS/10.0

● 445/tcp open microsoft-ds


| fingerprint-strings:
| SMBProgNeg:
| SMBr
|_ [email protected]

● 587/tcp open smtp


| smtp-vuln-cve2010-4344:
|_ The SMTP server is not Exim: NOT VULNERABLE
|_sslv2-drown: ERROR: Script execution failed (use -d to debug)
|_rsa-vuln-roca: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
| GenericLines, GetRequest, Help, NULL:
| 220 HSXP.LOCAL ESMTP
| Hello:
| 220 HSXP.LOCAL ESMTP
| 250-HSXP.LOCAL
|_ AUTH LOGIN PLAIN XYMCOOKIE

● 636/tcp open ssl/ldapssl?


● 1433/tcp open ms-sql-s Microsoft SQL Server 2005 9.00.4035; SP3
|_ssl-ccs-injection: No reply from server (TIMEOUT)
1883/tcp open mqtt
|_mqtt-subscribe: Connection rejected: Bad User Name or Password

● 3389/tcp open ms-wbt-server?

1
|_ssl-ccs-injection: No reply from server (TIMEOUT)

● 5985/tcp open http Microsoft IIS httpd 10.0

Host: 192.121.57
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 135/tcp open msrpc Microsoft Windows RPC
● 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
● 445/tcp open microsoft-ds?
● 1521/tcp open oracle-tns Oracle TNS listener 12.2.0.1.0 (unauthorized)
● 5040/tcp open unknown
● 5948/tcp open unknown
● 7070/tcp open ssl/realserver?
● 7680/tcp open pando-pub?
● 49664/tcp open msrpc Microsoft Windows RPC
● 49665/tcp open msrpc Microsoft Windows RPC
● 49666/tcp open msrpc Microsoft Windows RPC
● 49667/tcp open msrpc Microsoft Windows RPC
● 49668/tcp open msrpc Microsoft Windows RPC
● 49669/tcp open msrpc Microsoft Windows RPC
● 49675/tcp open msrpc Microsoft Windows RPC
● 49686/tcp open msrpc Microsoft Windows RPC
● Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

1
Host: 192.100.4
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 22/tcp open ssh OpenSSH 5.9p1.RL Allied Telesis (protocol 2.0)
| vulners:
| cpe:/a:openbsd:openssh:5.9p1.rl:
| PRION:CVE-2016-6244 7.8
https://vulners.com/prion/PRION:CVE-2016-6244
| PRION:CVE-2016-6241 7.2
https://vulners.com/prion/PRION:CVE-2016-6241
| PRION:CVE-2016-6240 7.2
https://vulners.com/prion/PRION:CVE-2016-6240
| CVE-2020-14145 5.9 https://vulners.com/cve/CVE-2020-14145
| SSV:60656 5.0 https://vulners.com/seebug/SSV:60656 *EXPLOIT*
| PRION:CVE-2010-5107 5.0
https://vulners.com/prion/PRION:CVE-2010-5107
| CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
| PRION:CVE-2016-6522 4.9
https://vulners.com/prion/PRION:CVE-2016-6522
| PRION:CVE-2016-6350 4.9
https://vulners.com/prion/PRION:CVE-2016-6350
| PRION:CVE-2016-6247 4.9
https://vulners.com/prion/PRION:CVE-2016-6247
| PRION:CVE-2016-6246 4.9
https://vulners.com/prion/PRION:CVE-2016-6246
| PRION:CVE-2016-6245 4.9
https://vulners.com/prion/PRION:CVE-2016-6245
| PRION:CVE-2016-6243 4.9
https://vulners.com/prion/PRION:CVE-2016-6243
| PRION:CVE-2016-6242 4.9
https://vulners.com/prion/PRION:CVE-2016-6242
| PRION:CVE-2016-6239 4.9
https://vulners.com/prion/PRION:CVE-2016-6239
| SSV:90447 4.6 https://vulners.com/seebug/SSV:90447 *EXPLOIT*
| PRION:CVE-2016-0778 4.6
https://vulners.com/prion/PRION:CVE-2016-0778
|_ PRION:CVE-2016-0777 4.0
https://vulners.com/prion/PRION:CVE-2016-0777

● 23/tcp open telnet Cisco SG300-28p switch telnetd

● 443/tcp open ssl/http GoAhead WebServer


|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
|_http-dombased-xss: Couldn't find any DOM based XSS.

1
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.100.4
| Found the following possible CSRF vulnerabilities:
|
| Path: http://192.168.100.4:443/
| Form id: username$query
| Form action: /cs4e4296f1/config/log_off_page.htm
|
| Path: http://192.168.100.4:443/cs4e4296f1/config/log_off_page.htm
| Form id: username$query
| Form action: /cs4e4296f1/config/log_off_page.htm
|
| Path: http://192.168.100.4:443/%20%22../home.htm%22;
| Form id: username$query
| Form action: /cs4e4296f1/config/log_off_page.htm
|
| Path: http://192.168.100.4:443/home.htm
| Form id: username$query
| Form action: /cs4e4296f1/config/log_off_page.htm
|
| Path: http://192.168.100.4:443/js/
| Form id: username$query
| Form action: /cs4e4296f1/config/log_off_page.htm
|
| Path: http://192.168.100.4:443/cs4e4296f1/home.htm
| Form id: username$query
| Form action: /cs4e4296f1/config/log_off_page.htm
|
| Path: http://192.168.100.4:443/cs4e4296f1/config/%20%22../home.htm%22;
| Form id: username$query
| Form action: /cs4e4296f1/config/log_off_page.htm
|
| Path: http://192.168.100.4:443/%20%22../%20%22../home.htm%22;
| Form id: username$query
| Form action: /cs4e4296f1/config/log_off_page.htm
|
| Path: http://192.168.100.4:443/js/%20%22../home.htm%22;
| Form id: username$query
| Form action: /cs4e4296f1/config/log_off_page.htm
|
| Path: http://192.168.100.4:443/cs4e4296f1/js/
| Form id: username$query
|_ Form action: /cs4e4296f1/config/log_off_page.htm

● Service Info: Device: switch; CPE: cpe:/h:cisco:sg300-28p

1
Host: 192.100.15
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 42/tcp open tcpwrapped
● 53/tcp open domain Simple DNS Plus

● 80/tcp open http Microsoft IIS httpd 10.0


|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-server-header: Microsoft-IIS/10.0

● 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time:


2024-06-21 14:04:42Z)
● 135/tcp open msrpc Microsoft Windows RPC
● 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
● 389/tcp open ldap Microsoft Windows Active Directory LDAP
(Domain: sunocreators.local, Site: Rodesia)
● 445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012
microsoft-ds (workgroup: SUNO)
● 464/tcp open kpasswd5?
● 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
● 636/tcp open ssl/ldap Microsoft Windows Active Directory LDAP
(Domain: sunocreators.local, Site: Rodesia)

● 2424/tcp open kofax-svr?


| fingerprint-strings:
| GetRequest:
| ,com.orientechnologies.common.io.OIOException
| Impossible to read a chunk of length:541611092 max allowed chunk
length:16777216 see NETWORK_BINARY_MAX_CONTENT_LENGTH
settings
| ,com.orientechnologies.common.io.OIOException
| 7com.orientechnologies.common.exception.OSystemException
| _Eh<
| 1com.orientechnologies.common.exception.OException5
| java.lang.RuntimeException
| java.lang.Exception
| java.lang.Throwable
| 5'9w
| causet
| Ljava/lang/Throwable;L
| detailMessaget
| Ljava/lang/String;[
| stackTracet

1
| [Ljava/lang/StackTraceElement;L
| suppressedExceptionst
| Ljava/util/List;xppt
| Impossible to read a chunk of length:541611092 max allowed chunk
length:16777216 see NETWORK_BINARY_MAX_CONTENT_LENGTH
settings ur
| [Ljava.lang.StackTraceElement;
| F*<<
| java.lang.StackTraceElementa
| lineNumber
| HTTPOptions:
| PTIO
| ,com.orientechnologies.common.io.OIOException
| Impossible to read a chunk of length:1314070575 max allowed chunk
length:16777216 see NETWORK_BINARY_MAX_CONTENT_LENGTH
settings
| ,com.orientechnologies.common.io.OIOException
| 7com.orientechnologies.common.exception.OSystemException
| _Eh<
| 1com.orientechnologies.common.exception.OException5
| java.lang.RuntimeException
| java.lang.Exception
| java.lang.Throwable
| 5'9w
| causet
| Ljava/lang/Throwable;L
| detailMessaget
| Ljava/lang/String;[
| stackTracet
| [Ljava/lang/StackTraceElement;L
| suppressedExceptionst
| Ljava/util/List;xppt
| Impossible to read a chunk of length:1314070575 max allowed chunk
length:16777216 see NETWORK_BINARY_MAX_CONTENT_LENGTH
settings ur
| [Ljava.lang.StackTraceElement;
| F*<<
| java.lang.StackTraceElementa
|_ lineNumb

● 3268/tcp open ldap Microsoft Windows Active Directory LDAP


(Domain: sunocreators.local, Site: Rodesia)
● 3269/tcp open ssl/ldap Microsoft Windows Active Directory LDAP
(Domain: sunocreators.local, Site: Rodesia)
● 3389/tcp open ms-wbt-server Microsoft Terminal Services

1
● 5700/tcp open ssl/supportassist?
| ssl-dh-params:
| VULNERABLE:
| Diffie-Hellman Key Exchange Insufficient Group Strength
| State: VULNERABLE
| Transport Layer Security (TLS) services that use Diffie-Hellman groups
| of insufficient strength, especially those using one of a few commonly
| shared groups, may be susceptible to passive eavesdropping attacks.
| Check results:
| WEAK DH GROUP 1
| Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| Modulus Type: Safe prime
| Modulus Source: RFC2409/Oakley Group 2
| Modulus Length: 1024
| Generator Length: 8
| Public Key Length: 1024
| References:
|_ https://weakdh.org
| fingerprint-strings:
| DNSStatusRequestTCP, DNSVersionBindReqTCP:
| HTTP/1.1 400 Illegal character CNTL=0x0
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 69
| Connection: close
| <h1>Bad Message 400</h1><pre>reason: Illegal character
CNTL=0x0</pre>
| GetRequest:
| HTTP/1.1 404 Not Found
| Cache-Control: must-revalidate,no-cache,no-store
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 352
| <html>
| <head>
| <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
| <title>Error 404 Not Found</title>
| </head>
| <body><h2>HTTP ERROR 404 Not Found</h2>
| <table>
| <tr><th>URI:</th><td>/</td></tr>
| <tr><th>STATUS:</th><td>404</td></tr>
| <tr><th>MESSAGE:</th><td>Not Found</td></tr>
| <tr><th>SERVLET:</th><td>-</td></tr>
| </table>
| </body>
| </html>
| HTTPOptions:
| HTTP/1.1 404 Not Found

1
| Help:
| HTTP/1.1 400 No URI
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 49
| Connection: close
| <h1>Bad Message 400</h1><pre>reason: No URI</pre>
| RPCCheck:
| HTTP/1.1 400 Illegal character OTEXT=0x80
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 71
| Connection: close
| <h1>Bad Message 400</h1><pre>reason: Illegal character
OTEXT=0x80</pre>
| RTSPRequest:
| HTTP/1.1 505 Unknown Version
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 58
| Connection: close
| <h1>Bad Message 505</h1><pre>reason: Unknown Version</pre>
| SSLSessionReq:
| HTTP/1.1 400 Illegal character CNTL=0x16
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 70
| Connection: close
|_ <h1>Bad Message 400</h1><pre>reason: Illegal character
CNTL=0x16</pre>
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-server-header: Microsoft-HTTPAPI/2.0

1
● 9012/tcp open ssl/websocket DeskCenter WorkerService (WebSocket
versions: 8, 13)
|_ssl-ccs-injection: No reply from server (TIMEOUT)
● 9389/tcp open mc-nmf .NET Message Framing

● 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
● 49664/tcp open msrpc Microsoft Windows RPC
● 49665/tcp open msrpc Microsoft Windows RPC
● 49667/tcp open msrpc Microsoft Windows RPC
● 49670/tcp open msrpc Microsoft Windows RPC
● 49671/tcp open msrpc Microsoft Windows RPC
● 49672/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
● 49674/tcp open msrpc Microsoft Windows RPC
● 60722/tcp open msrpc Microsoft Windows RPC
● 60736/tcp open msrpc Microsoft Windows RPC
● 60744/tcp open msrpc Microsoft Windows RPC
● 60756/tcp open msrpc Microsoft Windows RPC
● 60821/tcp open msrpc Microsoft Windows RPC
● 60834/tcp open msrpc Microsoft Windows RPC

● Service Info: Host: DCSUNO02; OS: Windows; CPE: cpe:/o:microsoft:windows

Host: 192.100.21
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 135/tcp open msrpc Microsoft Windows RPC
● 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
● 445/tcp open microsoft-ds?
● 1521/tcp open oracle-tns Oracle TNS listener 19.0.0.0.0 (unauthorized)
● 2179/tcp open vmrdp?
● 3389/tcp open ms-wbt-server Microsoft Terminal Services

● 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.

● 6160/tcp open msrpc Microsoft Windows RPC


● 6183/tcp open msrpc Microsoft Windows RPC

1
● 6184/tcp open msexchange-logcopier Microsoft Exchange 2010 log copier
● 9395/tcp open storagecraft-image StorageCraft Image Manager
● 11731/tcp open msrpc Microsoft Windows RPC

● 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0

● 49664/tcp open msrpc Microsoft Windows RPC


● 49665/tcp open msrpc Microsoft Windows RPC
● 49666/tcp open msrpc Microsoft Windows RPC
● 49667/tcp open msrpc Microsoft Windows RPC
● 49668/tcp open msrpc Microsoft Windows RPC
● 49669/tcp open msrpc Microsoft Windows RPC
● 49670/tcp open msrpc Microsoft Windows RPC
● 49677/tcp open msrpc Microsoft Windows RPC
● 49717/tcp open msrpc Microsoft Windows RPC
● 49821/tcp open oracle Oracle Database
● 56511/tcp open msrpc Microsoft Windows RPC
● 62354/tcp open tcpwrapped

● Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host: 192.100.22
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 135/tcp open msrpc Microsoft Windows RPC
● 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
● 445/tcp open microsoft-ds?
● 1521/tcp open oracle-tns Oracle TNS listener 19.0.0.0.0 (unauthorized)
● 2179/tcp open vmrdp?
● 3389/tcp open ms-wbt-server Microsoft Terminal Services

● 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold

1
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-server-header: Microsoft-HTTPAPI/2.0

● 6160/tcp open msrpc Microsoft Windows RPC


● 6183/tcp open msrpc Microsoft Windows RPC
● 6184/tcp open msexchange-logcopier Microsoft Exchange 2010 log copier
● 9395/tcp open msexchange-logcopier Microsoft Exchange 2010 log copier
● 11731/tcp open msrpc Microsoft Windows RPC

● 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0

● 49664/tcp open msrpc Microsoft Windows RPC


● 49665/tcp open msrpc Microsoft Windows RPC
● 49666/tcp open msrpc Microsoft Windows RPC
● 49667/tcp open msrpc Microsoft Windows RPC
● 49668/tcp open msrpc Microsoft Windows RPC
● 49669/tcp open msrpc Microsoft Windows RPC
● 49670/tcp open msrpc Microsoft Windows RPC
● 49677/tcp open msrpc Microsoft Windows RPC

1
● 49717/tcp open msrpc Microsoft Windows RPC
● 49821/tcp open oracle Oracle Database
● 56511/tcp open msrpc Microsoft Windows RPC
● 62354/tcp open tcpwrapped

● Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host: 192.100.23
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 80/tcp open http Apache httpd
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-server-header: Apache
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.

● 443/tcp open ssl/http Apache httpd


|_http-server-header: Apache
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.

Host: 192.100.24
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 42/tcp open tcpwrapped
● 53/tcp open domain Simple DNS Plus
● 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time:
2024-06-21 14:29:36Z)
● 135/tcp open msrpc Microsoft Windows RPC
● 389/tcp open ldap Microsoft Windows Active Directory LDAP
(Domain: sunocreators.local, Site: Rodesia)

● 443/tcp open https ipMonitor 11.0.1


|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: ipMonitor 11.0.1
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.

● 445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012


microsoft-ds (workgroup: SUNO)
● 464/tcp open kpasswd5?
● 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
● 636/tcp open ldapssl?

1
● 3268/tcp open ldap Microsoft Windows Active Directory LDAP
(Domain: sunocreators.local, Site: Rodesia)
● 3269/tcp open globalcatLDAPssl?
● 5566/tcp open westec-connect?
● 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-csrf: Couldn't find any CSRF vulnerabilities.
● 9389/tcp open mc-nmf .NET Message Framing
● 27015/tcp open unknown

● 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-csrf: Couldn't find any CSRF vulnerabilities.

● 49664/tcp open msrpc Microsoft Windows RPC


● 49665/tcp open msrpc Microsoft Windows RPC
● 49668/tcp open msrpc Microsoft Windows RPC
● 49670/tcp open msrpc Microsoft Windows RPC
● 49673/tcp open msrpc Microsoft Windows RPC
● 49675/tcp open msrpc Microsoft Windows RPC
● 49676/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
● 52661/tcp open msrpc Microsoft Windows RPC
● 52663/tcp open msrpc Microsoft Windows RPC
● 52668/tcp open msrpc Microsoft Windows RPC
● 52765/tcp open msrpc Microsoft Windows RPC

● Service Info: Host: DCSUNO04; OS: Windows; CPE: cpe:/o:microsoft:windows

Host: 192.100.25
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 80/tcp open http
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 302 Found
| Date: Fri, 21 Jun 2024 14:08:58 GMT

1
| Location:
https://192.168.100.25:8443/nice%20ports%2C/Tri%6Eity.txt%2ebak
| Content-Length: 0
| GetRequest, HTTPOptions:
| HTTP/1.1 302 Found
| Date: Fri, 21 Jun 2024 14:08:57 GMT
| Location: https://192.168.100.25:8443/
| Content-Length: 0
| RTSPRequest:
| HTTP/1.1 400 Unknown Version
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 58
| Connection: close
| <h1>Bad Message 400</h1><pre>reason: Unknown Version</pre>
| X11Probe:
| HTTP/1.1 400 Illegal character CNTL=0x0
| Content-Type: text/html;charset=iso-8859-1
| Content-Length: 69
| Connection: close
|_ <h1>Bad Message 400</h1><pre>reason: Illegal character
CNTL=0x0</pre>

● 443/tcp open ssl/https


|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
| ssl-dh-params:
| VULNERABLE:
| Diffie-Hellman Key Exchange Insufficient Group Strength
| State: VULNERABLE
| Transport Layer Security (TLS) services that use Diffie-Hellman groups
| of insufficient strength, especially those using one of a few commonly

1
| shared groups, may be susceptible to passive eavesdropping attacks.
| Check results:
| WEAK DH GROUP 1
| Cipher Suite:
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
| Modulus Type: Safe prime
| Modulus Source: RFC2409/Oakley Group 2
| Modulus Length: 1024
| Generator Length: 8
| Public Key Length: 1024
| References:
|_ https://weakdh.org
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
|_http-dombased-xss: Couldn't find any DOM based XSS
.
● 2463/tcp open rpcbind 2 (RPC #100000)

● 8080/tcp open http-proxy


|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
| GetRequest:
| HTTP/1.1 302 Found
| Date: Fri, 21 Jun 2024 14:09:03 GMT
| Location: https://192.168.100.25:8443/
|_ Content-Length: 0

● 8443/tcp open tcpwrapped


| ssl-dh-params:
| VULNERABLE:
| Diffie-Hellman Key Exchange Insufficient Group Strength
| State: VULNERABLE
| Transport Layer Security (TLS) services that use Diffie-Hellman groups
| of insufficient strength, especially those using one of a few commonly
| shared groups, may be susceptible to passive eavesdropping attacks.
| Check results:
| WEAK DH GROUP 1
| Cipher Suite:
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
| Modulus Type: Safe prime
| Modulus Source: RFC2409/Oakley Group 2
| Modulus Length: 1024
| Generator Length: 8
| Public Key Length: 1024
| References:
|_ https://weakdh.org
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| http-slowloris-check:

1
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)

Host: 192.100.31
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 82/tcp open http Microsoft IIS httpd 10.0
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-server-header: Microsoft-IIS/10.0

1
● 89/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: Microsoft-IIS/10.0
| http-enum:
|_ /api/: Potentially interesting folder
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)

● 91/tcp open http Microsoft IIS httpd 10.0


|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: Microsoft-IIS/10.0
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.100.31
| Found the following indications of potential DOM based XSS:
|
| Source:
window.open('login_frame.asp','AdSystem','toolbar=no,location=no,directories=
no,status=no,scrollbars=no,menubar=no,resizable=yes,maximized=yes,minimiz
ed=no,width=' + JanelaWidth + ',height=' + JanelaHeight + ',top=0,left=0')
|_ Pages: http://192.168.100.31:91/

● 92/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-server-header: Microsoft-IIS/10.0
|_http-trane-info: Problem with XML parsing of /evox/about
| http-vuln-cve2010-0738:
|_ /jmx-console/: Authentication was not required
|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to
debug)

1
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20;
withinhost=192.168.100.31
| Found the following possible CSRF vulnerabilities:
|
| Path: http://192.168.100.31:92/
| Form id: targeturl
|_ Form action: /Login/AuthenticateUser

● 135/tcp open msrpc Microsoft Windows RPC
● 445/tcp open microsoft-ds?
● 1801/tcp open msmq?
● 2103/tcp open msrpc Microsoft Windows RPC
● 2105/tcp open msrpc Microsoft Windows RPC
● 2107/tcp open msrpc Microsoft Windows RPC

● 5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold

1
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

● 47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)


|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-server-header: Microsoft-HTTPAPI/2.0
| http-slowloris-check:
| VULNERABLE:
| Slowloris DOS attack
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2007-6750
| Slowloris tries to keep many connections to the target web server open
and hold
| them open as long as possible. It accomplishes this by opening
connections to
| the target web server and sending a partial request. By doing so, it starves
| the http server's resources causing Denial Of Service.
|
| Disclosure date: 2009-09-17
| References:
| http://ha.ckers.org/slowloris/
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

● 49664/tcp open msrpc Microsoft Windows RPC


● 49665/tcp open msrpc Microsoft Windows RPC
● 49667/tcp open msrpc Microsoft Windows RPC
● 49669/tcp open msrpc Microsoft Windows RPC
● 49670/tcp open msrpc Microsoft Windows RPC
● 49700/tcp open msrpc Microsoft Windows RPC
● 49713/tcp open msrpc Microsoft Windows RPC
● 49716/tcp open msrpc Microsoft Windows RPC
● 49717/tcp open msrpc Microsoft Windows RPC
● 49776/tcp open msrpc Microsoft Windows RPC
● 49875/tcp open msrpc Microsoft Windows RPC

● Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

1
Host: 192.100.33
O relatório a seguir segue as portas abertas e possíveis serviços designadas a
elas. Nenhuma vulnerabilidade foi testada até o momento, somente enumerada.
● 80/tcp open http
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| fingerprint-strings:
| GetRequest:
| HTTP/1.0 200 OK
| Cache-Control: private, must-revalidate, max-age=0
| Pragma: private, must-revalidate, max-age=0
| Content-Type: text/html
| X-Content-Type-Options: nosniff
| X-Frame-Options: SAMEORIGIN
| X-XSS-Protection: 1; mode=block.
| Content-Encoding: gzip
| Connection: close
| ./contents/index.html
| \xba
| B,>pV
| (|+M
| d}E'J
| IB(i
| d=KM
| !U1R
|_ >\x1d6
| http-fileupload-exploiter:
|
|_ Couldn't find a file-type field.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.

● 443/tcp open ssl/https


|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
|_http-dombased-xss: Couldn't find any DOM based XSS.
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.0 404 Not Found
| Cache-Control: private, must-revalidate, max-age=60
| Pragma: private, must-revalidate, max-age=60
| Content-Type: text/html
| X-Content-Type-Options: nosniff
| X-Frame-Options: SAMEORIGIN
| X-XSS-Protection: 1; mode=block.
| Content-Length: 126
| Connection: close

1
| <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY><H2>404 Not
Found</H2>HTTPd :: Error occurred by your request. <HR></BODY></HTML>
| GetRequest:
| HTTP/1.0 303 See Other
| Cache-Control: private, must-revalidate, max-age=0
| Pragma: private, must-revalidate, max-age=0
| X-Frame-Options: SAMEORIGIN
| X-XSS-Protection: 1; mode=block.
| Content-Length: 0
| Connection: close
| Location: http:///
| HTTPOptions:
| HTTP/1.0 405 Method Not Allowed
| Cache-Control: private, must-revalidate, max-age=0
| Pragma: private, must-revalidate, max-age=0
| Allow: POST
| Content-Type: text/html
| X-Content-Type-Options: nosniff
| X-Frame-Options: SAMEORIGIN
| X-XSS-Protection: 1; mode=block.
| Content-Length: 135
| Connection: close
| <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY><H2>405
Method Not Allowed</H2>HTTPd :: Error occurred by your request.
<HR></BODY></HTML>
| RTSPRequest:
| HTTP/1.0 505 HTTP Version Not Supported
| Cache-Control: private, must-revalidate, max-age=0
| Pragma: private, must-revalidate, max-age=0
| Content-Type: text/html
| X-Content-Type-Options: nosniff
| X-Frame-Options: SAMEORIGIN
| X-XSS-Protection: 1; mode=block.
| Content-Length: 143
| Connection: close
|_ <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY><H2>505 HTTP
Version Not Supported</H2>HTTPd :: Error occurred by your request.
<HR></BODY></HTML>
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
12001/tcp open entextnetwk?
| fingerprint-strings:
| ms-sql-s:
|_ 013130000013016400120156

You might also like