Vetes has discovered that IIS is running, and focuses on the CGI scripts,
Vetescan CGI results
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
The following vulnerable cgi scripts are present:
http://192.168.3.4/../../../../
http://192.168.3.4/_vti_bin/_vti_aut/dvwssr.dll
http://192.168.3.4/_vti_bin/fpcount.exe
http://192.168.3.4/_vti_inf.html
http://192.168.3.4/cgi-bin/htimage.exe
http://192.168.3.4/cgi-bin/imagemap.exe
http://192.168.3.4/iisadmpwd/aexp2.htr
http://192.168.3.4/iissamples/exair/search/qfullhit.htw
http://192.168.3.4/iissamples/exair/search/qsumrhit.htw
http://192.168.3.4/msadc/Samples/SELECTOR/showcode.asp
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
Vetescan
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
netbios-ns 192.168.3.4 137: Yes: netbios-ns DoS on 192.168.3.4
2000 Remote CPU-overload udp 135: Yes: 2000 Remote CPU-overload
udp 135
2000 Remote CPU-overload udp 137: Yes: 2000 Remote CPU-overload
udp 137
Vetescan solaris results
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=> vetescan <=- =
www: http://self-evident.com -
file: VeteScan-xx-xx-xx.tar.gz =
email: admin@self-evident.com -
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
New scan against 192.168.2.3 started at Wed Jul 19 18:36:13 BST 2000
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
Running services on 192.168.2.3:
Starting nmap V. 2.54BETA1 by fyodor@insecure.org ( www.insecure.org/
nmap/ )
Insufficient responses for TCP sequencing (2), OS detection will be
MUCH less reliable
Interesting ports on (192.168.2.3):
(The 36 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
23/tcp open telnet
79/tcp open finger
111/tcp open sunrpc
512/tcp open exec
513/tcp open login
514/tcp open shell
515/tcp open printer
540/tcp open uucp
6000/tcp open X11
Remote OS guesses: Solaris 2.6 - 2.7, Solaris 2.6 - 2.7 with
tcp_strong_iss=0, Solaris 2.6 - 2.7 with tcp_strong_iss=2, Solaris 7
Nmap run completed -- 1 IP address (1 host up) scanned in 6 seconds
As before, nmap confirms the OS and a subset of the ports we found
open earlier.
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
Operating System: Solaris 2.6 - 2.7, Solaris 2.6 - 2.7 with
tcp_strong_iss=0, Solaris 2.6 - 2.7 with tcp_strong_iss=2, Solaris 7
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
Vulnerable Services
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
checking for Systat:
checking for Netstat:
checking for Authentication:
Checking for Ftpd:
[220 goiss FTP server (SunOS 5.6) ready.]
Vulnerable Ftpds: docs/ftp/vuln-ftp-versions.txt
checking for MDBMS:
checking for napster:
checking for GDM:
checking for Exec: Exec
Fix: Comment this out in /etc/inetd.conf
Running smb services present:
Lets see what the Netbios and WorkGroup Name is:
unavailable.
SMB drives available:
unavailable.
Checking for Snmp:
checking for ircd:
Checking for Finger: Finger
Exploit: docs/finger
Fix: disable finger or chmod 700 /usr/bin/finger
checking for rlogin: rlogin can be used in many ways
Fix: comment this out in /etc/inetd.conf unless you absolutely need
it.
checking for Shell: Shell
Fix: comment this out in /etc/inetd.conf unless you absolutely need
it.
checking for uucp: uucp
Fix: add uucp to /etc/ftpusers
Vetescan CGI results
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
The following vulnerable cgi scripts are present:
http://192.168.3.4/../../../../
http://192.168.3.4/_vti_bin/_vti_aut/dvwssr.dll
http://192.168.3.4/_vti_bin/fpcount.exe
http://192.168.3.4/_vti_inf.html
http://192.168.3.4/cgi-bin/htimage.exe
http://192.168.3.4/cgi-bin/imagemap.exe
http://192.168.3.4/iisadmpwd/aexp2.htr
http://192.168.3.4/iissamples/exair/search/qfullhit.htw
http://192.168.3.4/iissamples/exair/search/qsumrhit.htw
http://192.168.3.4/msadc/Samples/SELECTOR/showcode.asp
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
Vetescan
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
netbios-ns 192.168.3.4 137: Yes: netbios-ns DoS on 192.168.3.4
2000 Remote CPU-overload udp 135: Yes: 2000 Remote CPU-overload
udp 135
2000 Remote CPU-overload udp 137: Yes: 2000 Remote CPU-overload
udp 137
Vetescan solaris results
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=> vetescan <=- =
www: http://self-evident.com -
file: VeteScan-xx-xx-xx.tar.gz =
email: admin@self-evident.com -
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
New scan against 192.168.2.3 started at Wed Jul 19 18:36:13 BST 2000
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
Running services on 192.168.2.3:
Starting nmap V. 2.54BETA1 by fyodor@insecure.org ( www.insecure.org/
nmap/ )
Insufficient responses for TCP sequencing (2), OS detection will be
MUCH less reliable
Interesting ports on (192.168.2.3):
(The 36 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
23/tcp open telnet
79/tcp open finger
111/tcp open sunrpc
512/tcp open exec
513/tcp open login
514/tcp open shell
515/tcp open printer
540/tcp open uucp
6000/tcp open X11
Remote OS guesses: Solaris 2.6 - 2.7, Solaris 2.6 - 2.7 with
tcp_strong_iss=0, Solaris 2.6 - 2.7 with tcp_strong_iss=2, Solaris 7
Nmap run completed -- 1 IP address (1 host up) scanned in 6 seconds
As before, nmap confirms the OS and a subset of the ports we found
open earlier.
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
Operating System: Solaris 2.6 - 2.7, Solaris 2.6 - 2.7 with
tcp_strong_iss=0, Solaris 2.6 - 2.7 with tcp_strong_iss=2, Solaris 7
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
Vulnerable Services
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
checking for Systat:
checking for Netstat:
checking for Authentication:
Checking for Ftpd:
[220 goiss FTP server (SunOS 5.6) ready.]
Vulnerable Ftpds: docs/ftp/vuln-ftp-versions.txt
Vetescan checking services present
checking for MDBMS:
checking for napster:
checking for GDM:
checking for Exec: Exec
Fix: Comment this out in /etc/inetd.conf
Running smb services present:
Lets see what the Netbios and WorkGroup Name is:
unavailable.
SMB drives available:
unavailable.
Checking for Snmp:
checking for ircd:
Checking for Finger: Finger
Exploit: docs/finger
Fix: disable finger or chmod 700 /usr/bin/finger
checking for rlogin: rlogin can be used in many ways
Fix: comment this out in /etc/inetd.conf unless you absolutely need
it.
checking for Shell: Shell
Fix: comment this out in /etc/inetd.conf unless you absolutely need
it.
checking for uucp: uucp
Fix: add uucp to /etc/ftpusers
No comments:
Post a Comment