Vulnerability Scans
We have manually identified potential avenues of attack/researchthrough our port scans. We will now examine some output from our
automated scanners.
Vetescan
We will start with our most attacker orientated tool - the modular
vetescan - and its NT results, as shown , below:
Vetescan
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=> vetescan <=- =
www: http://self-evident.com -
file: VeteScan-xx-xx-xx.tar.gz =
email: admin@self-evident.com -
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
New scan against 192.168.3.4 started at Wed Jul 19 18:22:18 BST 2000
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
Running services on 192.168.3.4:
Starting nmap V. 2.54BETA1 by fyodor@insecure.org ( www.insecure.org/
nmap/ )
Interesting ports on (192.168.3.4):
(The 44 ports scanned but not shown below are in state: closed)
Port State Service
80/tcp open http
139/tcp open netbios-ssn
TCP Sequence Prediction: Class=trivial time dependency
Difficulty=1 (Trivial joke)
Remote operating system guess: Windows NT4 / Win95 / Win98
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
Vetes first launches nmap for a basic port identification (note the subset
of results compared to the full scan we performed) and OS fingerprint.
It then looks for specific service vulnerabilities
Vetescan service vulnerabilities
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
Operating System: Windows NT4 / Win95 / Win98
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
Vulnerable Services
=-=-=-=-=-=-=-=-=V=e=t=e=S=c=a=n=-=-=-=-=-=-=-=-=-=-==
checking for Systat:
checking for Netstat:
checking for Authentication:
Checking for Ftpd:
[]
Vulnerable Ftpds: docs/ftp/vuln-ftp-versions.txt
It appears that our ftpd matches the profile of a vulnerable one - but we
need to check the documentation referenced
Vetescan searching for vulnerabilities
checking for MDBMS:
checking for napster:
checking for GDM:
checking for Exec:
No comments:
Post a Comment