0% found this document useful (0 votes)

54 views51 pages

2003 Tech Report

Uploaded by

sshcrdg

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

54 views51 pages

2003 Tech Report

Uploaded by

sshcrdg

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 51

Nessus Report

Nessus Scan Report

Thu, 28 Apr 2016 03:59:42 EDT
Table Of Contents
Vulnerabilities By Host......................................................................................................... 3
•192.168.0.122.............................................................................................................................................................. 4
Remediations...................................................................................................................... 50
•Suggested Remediations.......................................................................................................................................... 51
Vulnerabilities By Host
192.168.0.122
Scan Information
Start time: Thu Apr 28 03:56:02 2016

End time: Thu Apr 28 03:59:42 2016

Host Information
Netbios Name: KUMAR

IP: 192.168.0.122

MAC Address: 08:00:27:96:77:ad

OS: Microsoft Windows Server 2003 Service Pack 2

Results Summary
Critical High Medium Low Info Total

4 2 7 2 72 87
Results Details
0/icmp
11197 - Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)
Synopsis
The remote host appears to leak memory in network packets.
Description
The remote host uses a network device driver that pads ethernet frames with data which vary from one packet to
another, likely taken from kernel memory, system memory allocated to the device driver, or a hardware buffer on its
network interface card.
Known as 'Etherleak', this information disclosure vulnerability may allow an attacker to collect sensitive information
from the affected host provided he is on the same physical subnet as that host.
See Also
http://www.nessus.org/u?719c90b4
Solution
Contact the network device driver's vendor for a fix.
Risk Factor
Low
CVSS Base Score
3.3 (CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
2.9 (CVSS2#E:ND/RL:OF/RC:C)
References
BID 6535

CVE CVE-2003-0001

XREF OSVDB:3873
Plugin Information:
Publication date: 2003/01/14, Modification date: 2015/01/21
Ports
icmp/0

Padding observed in one frame :

4
0x00: 0E A1 E3 80 18 FA F0 A8 ED 00 00 01 01 08 0A 00 ................
0x10: 01 .

Padding observed in another frame :

0x00: 07 4E 67 B0 12 FA F0 F2 25 00 00 02 04 05 B4 01 .Ng.....%.......
0x10: 03 .

10114 - ICMP Timestamp Request Remote Date Disclosure

Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on
the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication
protocols.
Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but
usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
None
References
CVE CVE-1999-0524

XREF OSVDB:94

XREF CWE:200
Plugin Information:
Publication date: 1999/08/01, Modification date: 2012/06/18
Ports
icmp/0
The ICMP timestamps seem to be in little endian format (not in network format)
The difference between the local and remote clocks is -79 seconds.

0/tcp
84729 - Microsoft Windows Server 2003 Unsupported Installation Detection
Synopsis
The remote operating system is no longer supported.
Description
The remote host is running Microsoft Windows Server 2003. Support for this operating system by Microsoft ended July
14th, 2015.
Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is
likely to contain security vulnerabilities. Furthermore, Microsoft is unlikely to investigate or acknowledge reports of
vulnerabilities.
See Also
http://www.nessus.org/u?c0dbe792
Solution
Upgrade to a version of Windows that is currently supported.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information:

5
Publication date: 2015/07/14, Modification date: 2015/10/21
Ports
tcp/0
24786 - Nessus Windows Scan Not Performed with Admin Privileges
Synopsis
The Nessus scan of this host may be incomplete due to insufficient privileges provided.
Description
The Nessus scanner testing the remote host has been given SMB credentials to log into the remote host, however
these credentials do not have administrative privileges.
Typically, when Nessus performs a patch audit, it logs into the remote host and reads the version of the DLLs on
the remote host to determine if a given patch has been applied or not. This is the method Microsoft recommends to
determine if a patch has been applied.
If your Nessus scanner does not have administrative privileges when doing a scan, then Nessus has to fall back to
perform a patch audit through the registry which may lead to false positives (especially when using third-party patch
auditing tools) or to false negatives (not all patches can be detected through the registry).
Solution
Reconfigure your scanner to use credentials with administrative privileges.
Risk Factor
None
Plugin Information:
Publication date: 2007/03/12, Modification date: 2013/01/07
Ports
tcp/0

It was not possible to connect to '\\KUMAR\ADMIN$' with the supplied credentials.

25220 - TCP/IP Timestamps Supported

Synopsis
The remote service implements TCP timestamps.
Description
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the uptime
of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/05/16, Modification date: 2011/03/20
Ports
tcp/0
35716 - Ethernet Card Manufacturer Detection
Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered
by IEEE.
See Also
http://standards.ieee.org/faqs/regauth.html

6
http://www.nessus.org/u?794673b4
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2009/02/19, Modification date: 2015/10/16
Ports
tcp/0

The following card manufacturers were identified :

08:00:27:96:77:ad : Cadmus Computer Systems

11936 - OS Identification
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name
of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2003/12/09, Modification date: 2016/02/24
Ports
tcp/0

Remote operating system : Microsoft Windows Server 2003 Service Pack 2

Confidence level : 99
Method : MSRPC

Not all fingerprints could give a match. If you think some or all of
the following could be used to identify the host's operating system,
please email them to os-signatures@nessus.org. Be sure to include a
brief description of the host itself, such as the actual operating
system or product / model names.

NTP:!:unknown
SinFP:
P1:B11013:F0x12:W64240:O0204ffff:M1460:
P2:B11013:F0x12:W64240:O0204ffff010303000101080a000000000000000001010402:M1460:
P3:B11021:F0x04:W0:O0:M0
P4:6602_7_p=53
SMTP:220 kumar.Kumar Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Thu, 28 Apr
2016 13:29:05 +0530
RDP:000000000f00000010000100080001000b000000030010001000c00007

The remote host is running Microsoft Windows Server 2003 Service Pack 2

54615 - Device Type

Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,
router, general-purpose computer, etc).

7
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2011/05/23, Modification date: 2011/05/23
Ports
tcp/0
Remote device type : general-purpose
Confidence level : 99

45590 - Common Platform Enumeration (CPE)

Synopsis
It is possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches
for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the
information available from the scan.
See Also
http://cpe.mitre.org/

https://nvd.nist.gov/cpe.cfm
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2010/04/21, Modification date: 2014/11/20
Ports
tcp/0

The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_2003_server::sp2 -> Microsoft Windows 2003 Server Service Pack 2

66334 - Patch Report

Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install
to make sure the remote host is up-to-date.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information:
Publication date: 2013/07/08, Modification date: 2016/04/12
Ports
tcp/0

8
. You need to take the following 2 actions :

[ MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of
Service (981832) (uncredentialed check) (45517) ]

+ Action to take :

+Impact : Taking this action will resolve 2 different vulnerabilities (CVEs).

[ MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
(uncredentialed check) (58435) ]

+ Action to take :

19506 - Nessus Scan Information

Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- Whether credentialed or third-party patch management checks are possible.
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2005/08/26, Modification date: 2016/04/08
Ports
tcp/0
Information about this scan :

Nessus version : 6.6.2

Plugin feed version : 201604271930
Scanner edition used : Nessus
Scan type : Normal
Scan policy used : Dem
Scanner IP : 192.168.0.123
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report verbosity : 1
Safe checks : yes
Optimize the test : yes
Credentialed checks : no
Patch management checks : None
CGI scanning : disabled
Web application tests : disabled
Max hosts : 100
Max checks : 5
Recv timeout : 5
Backports : None
Allow post-scan editing: Yes

9
Scan Start Date : 2016/4/28 3:56 EDT
Scan duration : 216 sec

0/udp
10287 - Traceroute Information
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 1999/11/27, Modification date: 2013/04/11
Ports
udp/0
For your information, here is the traceroute from 192.168.0.123 to 192.168.0.122 :
192.168.0.123
192.168.0.122

25/tcp
45517 - MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow
Denial of Service (981832) (uncredentialed check)
Synopsis
The remote mail server may be affected by multiple vulnerabilities.
Description
The installed version of Microsoft Exchange / Windows SMTP Service is affected by at least one vulnerability :
- Incorrect parsing of DNS Mail Exchanger (MX) resource records could cause the Windows Simple Mail Transfer
Protocol (SMTP) component to stop responding until the service is restarted. (CVE-2010-0024)
- Improper allocation of memory for interpreting SMTP command responses may allow an attacker to read random
email message fragments stored on the affected server.
(CVE-2010-0025)
Solution
Microsoft has released a set of patches for Windows 2000, XP, 2003, and 2008 as well as Exchange Server 2000,
2003, 2007, and 2010 :
http://technet.microsoft.com/en-us/security/bulletin/MS10-024
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
BID 39381

CVE CVE-2010-0024

CVE CVE-2010-0025

XREF OSVDB:63738

10
XREF OSVDB:63739

XREF MSFT:MS10-024

XREF IAVB:2010-B-0029
Exploitable with
Core Impact (true)
Plugin Information:
Publication date: 2010/04/13, Modification date: 2014/07/11
Ports
tcp/25

The remote version of the smtpsvc.dll is 6.0.3790.3959 versus 6.0.3790.4675.

11219 - Nessus SYN scanner

Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/25
Port 25/tcp was found to be open

22964 - Service Detection

Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/08/19, Modification date: 2016/03/17
Ports
tcp/25
An SMTP server is running on this port.

10263 - SMTP Server Detection

Synopsis
An SMTP server is listening on the remote port.
Description

11
The remote host is running a mail (SMTP) server on this port.
Since SMTP servers are the targets of spammers, it is recommended you disable it if you do not use it.
Solution
Disable this service if you do not use it, or filter incoming traffic to this port.
Risk Factor
None
Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/03/11
Ports
tcp/25

Remote SMTP server banner :

220 kumar.Kumar Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Thu, 28 Apr 2016
13:29:05 +0530

42/tcp
40564 - MS09-039: Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
(uncredentialed check)
Synopsis
Arbitrary code can be executed on the remote host through the WINS service
Description
The remote host has a Windows WINS server installed.
The remote version of this server has two vulnerabilities that may allow an attacker to execute arbitrary code on the
remote system:
- One heap overflow vulnerability can be exploited by any attacker.
- One integer overflow vulnerability can be exploited by a WINS replication partner.
An attacker may use these flaws to execute arbitrary code on the remote system with SYSTEM privileges.
Solution
Microsoft has released a set of patches for Windows 2000 and 2003 :
http://technet.microsoft.com/en-us/security/bulletin/MS09-039
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
BID 35980

BID 35981

CVE CVE-2009-1923

CVE CVE-2009-1924

XREF OSVDB:56899

XREF OSVDB:56900

XREF MSFT:MS09-039

XREF CWE:189
Plugin Information:

12
Publication date: 2009/08/12, Modification date: 2014/07/11
Ports
tcp/42
54585 - MS11-035: Vulnerability in WINS Could Allow Remote Code Execution (2524426)
(uncredentialed check)
Synopsis
Arbitrary code can be executed on the remote host through Microsoft Windows Internet Name Service (WINS).
Description
The version of WINS (Windows Internet Name Service) installed on the remote Windows host is affected by a memory
corruption vulnerability due to a logic error when handling a socket send exception.
By sending specially crafted packets to the affected WINS system, a remote attacker can potentially exploit this issue
to execute arbitrary code as either SYSTEM on Windows 2003 or Local Service on Windows 2008 / 2008 R2.
Note that WINS is not installed by default on any of the affected operating systems, although Nessus has determined
it is on this host.
Note also that this plugin only checks for the vulnerability in Windows 2003.
See Also
http://www.zerodayinitiative.com/advisories/ZDI-11-167/
Solution
Microsoft has released a set of patches for Windows 2003, 2008, and 2008 R2 :
http://technet.microsoft.com/en-us/security/bulletin/ms11-035
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 47730

CVE CVE-2011-1248

XREF OSVDB:72234

XREF MSFT:MS11-035
Exploitable with
Core Impact (true)
Plugin Information:
Publication date: 2011/05/19, Modification date: 2014/07/11
Ports
tcp/42
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor

13
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/42
Port 42/tcp was found to be open

54629 - WINS Server Detection

Synopsis
A WINS server is running on the remote port.
Description
The remote service is a WINS (Windows Internet Name Service) server, which holds information about any NetBIOS-
enabled hosts on the network.
Note that the service may allow an arbitrary user to download the list, although some versions (eg, in Windows 2008)
require an IP address to be specifically trusted to download the list by default.
Solution
Determine whether or not this service should be allowed by policy and disable it if it shouldn't be.
Risk Factor
None
Plugin Information:
Publication date: 2011/05/24, Modification date: 2011/06/14
Ports
tcp/42
53/tcp
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/53
Port 53/tcp was found to be open

11002 - DNS Server Detection

Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP
addresses.
See Also
http://en.wikipedia.org/wiki/Domain_Name_System
Solution

14
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information:
Publication date: 2003/02/13, Modification date: 2014/11/05
Ports
tcp/53
53/udp
11002 - DNS Server Detection
Synopsis
A DNS server is listening on the remote host.
Description
The remote service is a Domain Name System (DNS) server, which provides a mapping between hostnames and IP
addresses.
See Also
http://en.wikipedia.org/wiki/Domain_Name_System
Solution
Disable this service if it is not needed or restrict access to internal hosts only if the service is available externally.
Risk Factor
None
Plugin Information:
Publication date: 2003/02/13, Modification date: 2014/11/05
Ports
udp/53
88/tcp
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/88
Port 88/tcp was found to be open

43829 - Kerberos Information Disclosure

Synopsis
The remote Kerberos server is leaking information.
Description
Nessus was able to retrieve the realm name and/or server time of the remote Kerberos server.
Solution

15
n/a
Risk Factor
None
Plugin Information:
Publication date: 2010/01/08, Modification date: 2015/09/24
Ports
tcp/88

Nessus gathered the following information :

Server time : 2016-04-28 08:00:39 UTC

Realm : KUMAR.LOCAL

110/tcp
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/110
Port 110/tcp was found to be open

22964 - Service Detection

10185 - POP Server Detection

Synopsis
A POP server is listening on the remote port.
Description

16
The remote host is running a server that understands the Post Office Protocol (POP), used by email clients to retrieve
messages from a server, possibly across a network link.
See Also
http://en.wikipedia.org/wiki/Post_Office_Protocol
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information:
Publication date: 1999/10/12, Modification date: 2011/03/11
Ports
tcp/110

Remote POP server banner :

+OK Microsoft Windows POP3 Service Version 1.0 <7224127@kumar.Kumar> ready.

123/udp
10884 - Network Time Protocol (NTP) Server Detection
Synopsis
An NTP server with an insecure configuration is listening on the remote host.
Description
An NTP server with an insecure configuration is listening on port 123.
It provides information about its version, current date, current time, and it may also provide system information.
See Also
http://www.ntp.org
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2015/03/20, Modification date: 2015/06/12
Ports
udp/123

Version : unknown

135/tcp
10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the
Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to
connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:

17
Publication date: 2001/08/26, Modification date: 2014/05/12
Ports
tcp/135

The following DCERPC services are available locally :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : d674a233-5829-49dd-90f0-60cf9ceb7129, version 1.0
Description : Unknown RPC service
Annotation : ICF+ FW API
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : d674a233-5829-49dd-90f0-60cf9ceb7129, version 1.0
Description : Unknown RPC service
Annotation : ICF+ FW API
Type : Local RPC service
Named pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : d674a233-5829-49dd-90f0-60cf9ceb7129, version 1.0
Description : Unknown RPC service
Annotation : ICF+ FW API
Type : Local RPC service
Named pipe : keysvc

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : d674a233-5829-49dd-90f0-60cf9ceb7129, version 1.0
Description : Unknown RPC service
Annotation : ICF+ FW API
Type : Local RPC service
Named pipe : OLE2654B9BBDDE7466D9C34EA9DF4EE

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : d674a233-5829-49dd-90f0-60cf9ceb7129, version 1.0
Description : Unknown RPC service
Annotation : ICF+ FW API
Type : Local RPC service
Named pipe : wzcsvc

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 6bffd098-a112-3610-9833-46c3f874532d, version 1.0
Description : DHCP Server Service
Windows process : unknown
Type : Local RPC service
Named pipe : OLE1B1F124FA6CC40359D9496D8CE05

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 6bffd098-a112-3610-9833-46c3f874532d, version 1.0
Description : DHCP Server Service
Windows process : unknown
Type : Local RPC service
Named pipe : DHCPSERVERLPC

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 5b821720-f63b-11d0-aad2-00c04fc324db, version 1.0
Description : DHCP Server Service
Windows process : unknown
Type : Local [...]

11219 - Nessus SYN scanner

Synopsis
It is possible to determine which TCP ports are open.

18
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/135
Port 135/tcp was found to be open

137/udp
10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
Synopsis
It was possible to obtain the network name of the remote host.
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests.
Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 1999/10/12, Modification date: 2016/02/26
Ports
udp/137
The following 8 NetBIOS names have been gathered :

KUMAR = Computer name

KUMAR = File Server Service
KUMAR7 = Workgroup / Domain name
KUMAR7 = Domain Controllers
KUMAR7 = Domain Master Browser
KUMAR7 = Browser Service Elections
KUMAR7 = Master Browser
__MSBROWSE__ = Master Browser

The remote host has the following MAC address on its adapter :

08:00:27:96:77:ad

139/tcp
11011 - Microsoft Windows SMB Service Detection
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol,
used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor

19
None
Plugin Information:
Publication date: 2002/06/05, Modification date: 2015/06/02
Ports
tcp/139

An SMB server is running on this port.

11219 - Nessus SYN scanner

389/tcp
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/389
Port 389/tcp was found to be open

20870 - LDAP Server Detection

20
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2006/02/10, Modification date: 2016/01/05
Ports
tcp/389
25701 - LDAP Crafted Search Request Server Information Disclosure
Synopsis
It is possible to discover information about the remote LDAP server.
Description
By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the remote
LDAP server.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/07/12, Modification date: 2012/02/20
Ports
tcp/389
[+]-namingContexts:
| DC=Kumar,DC=local
| CN=Configuration,DC=Kumar,DC=local
| CN=Schema,CN=Configuration,DC=Kumar,DC=local
| DC=DomainDnsZones,DC=Kumar,DC=local
| DC=ForestDnsZones,DC=Kumar,DC=local
| DC=TAPI3Directory,DC=Kumar,DC=local
[+]-currentTime:
| 20160428080022.0Z
[+]-subschemaSubentry:
| CN=Aggregate,CN=Schema,CN=Configuration,DC=Kumar,DC=local
[+]-dsServiceName:
| CN=NTDS Settings,CN=KUMAR,CN=Servers,CN=Default-First-
Site,CN=Sites,CN=Configuration,DC=Kumar,DC=local
[+]-namingContexts:
| DC=Kumar,DC=local
| CN=Configuration,DC=Kumar,DC=local
| CN=Schema,CN=Configuration,DC=Kumar,DC=local
| DC=DomainDnsZones,DC=Kumar,DC=local
| DC=ForestDnsZones,DC=Kumar,DC=local
| DC=TAPI3Directory,DC=Kumar,DC=local
[+]-defaultNamingContext:
| DC=Kumar,DC=local
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=Kumar,DC=local
[+]-configurationNamingContext:
| CN=Configuration,DC=Kumar,DC=local
[+]-rootDomainNamingContext:
| DC=Kumar,DC=local
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521

21
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxQueryDuration
| MaxTempTableSize
| MaxResultSetSize
| MaxNotificationPerConn
[...]

445/tcp
35362 - MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687)
(uncredentialed check)
Synopsis
It is possible to crash the remote host due to a flaw in SMB.
Description
The remote host is affected by a memory corruption vulnerability in SMB that may allow an attacker to execute
arbitrary code or perform a denial of service against the remote host.
See Also
http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx
Solution
Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
References
BID 31179

BID 33121

BID 33122

CVE CVE-2008-4834

CVE CVE-2008-4835

CVE CVE-2008-4114

22
XREF OSVDB:48153

XREF OSVDB:52691

XREF OSVDB:52692

XREF MSFT:MS09-001

XREF CWE:399
Exploitable with
Core Impact (true)Metasploit (true)
Plugin Information:
Publication date: 2009/01/13, Modification date: 2016/04/27
Ports
tcp/445
34477 - MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code
Execution (958644) (uncredentialed check)
Synopsis
The remote Windows host is affected by a remote code execution vulnerability.
Description
The remote Windows host is affected by a remote code execution vulnerability in the 'Server' service due to improper
handling of RPC requests. An unauthenticated, remote attacker can exploit this, via a specially crafted RPC request,
to execute arbitrary code with 'System'
privileges.
See Also
http://technet.microsoft.com/en-us/security/bulletin/ms08-067
Solution
Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008.
Risk Factor
Critical
CVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
BID 31874

CVE CVE-2008-4250

XREF OSVDB:49243

XREF MSFT:MS08-067

XREF CERT:827267

XREF IAVA:2008-A-0081

XREF EDB-ID:6824

XREF EDB-ID:7104

23
XREF EDB-ID:7132

XREF CWE:94
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)
Plugin Information:
Publication date: 2008/10/23, Modification date: 2015/12/28
Ports
tcp/445
56210 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Without
Credentials
Synopsis
It is possible to obtain the host SID for the remote host, without credentials.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier),
without credentials.
The host SID can then be used to get the list of local users.
See Also
http://technet.microsoft.com/en-us/library/bb418944.aspx
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an
appropriate value.
Refer to the 'See also' section for guidance.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
5.0 (CVSS2#E:H/RL:U/RC:C)
References
BID 959

CVE CVE-2000-1200

XREF OSVDB:715
Plugin Information:
Publication date: 2011/09/15, Modification date: 2014/04/11
Ports
tcp/445

The remote host SID value is :

1-5-21-1928287797-289972450-5230789

56211 - SMB Use Host SID to Enumerate Local Users Without Credentials
Synopsis
It is possible to enumerate local users, without credentials.
Description
Using the host security identifier (SID), it is possible to enumerate local users on the remote Windows system without
credentials.
Solution

24
n/a
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
5.0 (CVSS2#E:H/RL:U/RC:C)
References
BID 959

CVE CVE-2000-1200

XREF OSVDB:714

XREF OSVDB:715
Plugin Information:
Publication date: 2011/09/15, Modification date: 2015/11/18
Ports
tcp/445

- Administrator (id 500, Administrator account)

- Guest (id 501, Guest account)
- HelpServicesGroup (id 1000)
- SUPPORT_388945a0 (id 1001)
- TelnetClients (id 1002)
- DHCP Users (id 1003)
- DHCP Administrators (id 1004)
- KUMAR$ (id 1005)
- DnsAdmins (id 1106)
- DnsUpdateProxy (id 1107)
- IUSR_KUMAR (id 1108)
- WINS Users (id 1112)
- IIS_WPG (id 1113)
- chinni (id 1114)
- diwakar (id 1115)
- vikas (id 1116)
- kumar (id 1117)

26920 - Microsoft Windows SMB NULL Session Authentication

Synopsis
It is possible to log into the remote Windows host with a NULL session.
Description
The remote host is running Microsoft Windows. It is possible to log into it using a NULL session (i.e., with no login or
password).
Depending on the configuration, it may be possible for an unauthenticated, remote attacker to leverage this issue to
get information about the remote host.
See Also
http://support.microsoft.com/kb/q143474/

http://support.microsoft.com/kb/q246261/

http://technet.microsoft.com/en-us/library/cc785969(WS.10).aspx
Solution
Apply the following registry changes per the referenced Technet advisories :
Set :
- HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous=1
- HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\restrictnullsessaccess=1

25
Remove BROWSER from :
- HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\NullSessionPipes
Reboot once the registry changes are complete.
Risk Factor
Medium
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
4.2 (CVSS2#E:U/RL:U/RC:ND)
References
BID 494

CVE CVE-1999-0519

CVE CVE-1999-0520

CVE CVE-2002-1117

XREF OSVDB:299

XREF OSVDB:8230
Plugin Information:
Publication date: 2007/10/04, Modification date: 2012/02/29
Ports
tcp/445
It was possible to bind to the \browser pipe

11011 - Microsoft Windows SMB Service Detection

Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol,
used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2002/06/05, Modification date: 2015/06/02
Ports
tcp/445

A CIFS server is running on this port.

10736 - DCE Services Enumeration

Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the
Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to
connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution

26
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12
Ports
tcp/445

The following DCERPC services are available remotely :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : d674a233-5829-49dd-90f0-60cf9ceb7129, version 1.0
Description : Unknown RPC service
Annotation : ICF+ FW API
Type : Remote RPC service
Named pipe : \pipe\keysvc
Netbios name : \\KUMAR

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : d674a233-5829-49dd-90f0-60cf9ceb7129, version 1.0
Description : Unknown RPC service
Annotation : ICF+ FW API
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\KUMAR

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : d674a233-5829-49dd-90f0-60cf9ceb7129, version 1.0
Description : Unknown RPC service
Annotation : ICF+ FW API
Type : Remote RPC service
Named pipe : \PIPE\wkssvc
Netbios name : \\KUMAR

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : d674a233-5829-49dd-90f0-60cf9ceb7129, version 1.0
Description : Unknown RPC service
Annotation : ICF+ FW API
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\KUMAR

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 45f52c28-7f9f-101a-b52b-08002b2efabe, version 1.0
Description : Wins Service
Windows process : wins.exe
Type : Remote RPC service
Named pipe : \pipe\WinsPipe
Netbios name : \\KUMAR

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 811109bf-a4e1-11d1-ab54-00a0c91e9b45, version 1.0
Description : Wins Service
Windows process : wins.exe
Type : Remote RPC service
Named pipe : \pipe\WinsPipe
Netbios name : \\KUMAR

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0
Description : Internet Information Service (IISAdmin)
Windows process : inetinfo.exe
Type : Remote RPC service
Named pipe : \PIPE\INETINFO
Netbios name : \\KUMAR

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0
Description : Internet Information Service (SMTP)
Windows process : inetinfo.exe

27
Type : Remote RPC service
Named pipe : \PIPE\INETINFO
Netbios name : \\KUMAR

Obj [...]

10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure

Synopsis
It is possible to obtain information about the remote operating system.
Description
It is possible to obtain the remote operating system name and version (Windows and/or Samba) by sending an
authentication request to port 139 or 445. This script requires SMB1 enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/10/17, Modification date: 2016/01/13
Ports
tcp/445
The remote Operating System is : Windows Server 2003 R2 3790 Service Pack 2
The remote native lan manager is : Windows Server 2003 R2 5.2
The remote SMB Domain Name is : KUMAR7

10394 - Microsoft Windows SMB Log In Possible

Synopsis
It was possible to log into the remote host.
Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was
possible to log into it using one of the following accounts :
- NULL session
- Guest account
- Supplied credentials
See Also
http://support.microsoft.com/kb/143474

http://support.microsoft.com/kb/246261
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2000/05/09, Modification date: 2016/03/11
Ports
tcp/445
- NULL sessions are enabled on the remote host.

11219 - Nessus SYN scanner

28
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/445
Port 445/tcp was found to be open

10398 - Microsoft Windows SMB LsaQueryInformationPolicy Function NULL Session Domain SID
Enumeration
Synopsis
It is possible to obtain the domain SID.
Description
By emulating the call to LsaQueryInformationPolicy() it was possible to obtain the domain SID (Security Identifier).
The domain SID can then be used to get the list of users of the domain
Solution
n/a
Risk Factor
None
References
BID 959

CVE CVE-2000-1200

XREF OSVDB:715
Plugin Information:
Publication date: 2000/05/09, Modification date: 2015/01/12
Ports
tcp/445
The remote domain SID value is :
1-5-21-1928287797-289972450-5230789

10399 - SMB Use Domain SID to Enumerate Users

Synopsis
It is possible to enumerate domain users.
Description
Using the domain SID, it is possible to enumerate the domain users on the remote Windows system.
Solution
n/a
Risk Factor
None
References
BID 959

CVE CVE-2000-1200

XREF OSVDB:714

XREF OSVDB:715

29
Plugin Information:
Publication date: 2000/05/09, Modification date: 2015/11/18
Ports
tcp/445

- Administrator (id 500, Administrator account)

- Guest (id 501, Guest account)
- krbtgt (id 502, Kerberos account)
- HelpServicesGroup (id 1000)
- SUPPORT_388945a0 (id 1001)
- TelnetClients (id 1002)
- DHCP Users (id 1003)
- DHCP Administrators (id 1004)
- KUMAR$ (id 1005)
- DnsAdmins (id 1106)
- DnsUpdateProxy (id 1107)
- IUSR_KUMAR (id 1108)
- WINS Users (id 1112)
- IIS_WPG (id 1113)
- chinni (id 1114)
- diwakar (id 1115)
- vikas (id 1116)
- kumar (id 1117)

Note that, in addition to the Administrator, Guest, and Kerberos

accounts, Nessus has enumerated only those domain users with IDs
between 1000 and 1200. To use a different range, edit the scan policy
and change the 'Start UID' and/or 'End UID' preferences for this
plugin, then re-run the scan.

10397 - Microsoft Windows SMB LanMan Pipe Server Listing Disclosure

Synopsis
It is possible to obtain network information.
Description
It was possible to obtain the browse list of the remote Windows system by sending a request to the LANMAN pipe.
The browse list is the list of the nearest Windows systems of the remote host.
Solution
n/a
Risk Factor
None
References
XREF OSVDB:300
Plugin Information:
Publication date: 2000/05/09, Modification date: 2015/01/12
Ports
tcp/445

Here is the browse list of the remote host :

KUMAR ( os : 5.2 )

26917 - Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry
Synopsis
Nessus is not able to access the remote Windows Registry.
Description
It was not possible to connect to PIPE\winreg on the remote host.
If you intend to use Nessus to perform registry-based checks, the registry checks will not work because the 'Remote
Registry Access'
service (winreg) has been disabled on the remote host or can not be connected to with the supplied credentials.
Solution

30
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/10/04, Modification date: 2011/03/27
Ports
tcp/445
Could not connect to the registry because:
Could not connect to \winreg

10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration

Synopsis
It is possible to obtain the host SID for the remote host.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier).
The host SID can then be used to get the list of local users.
See Also
http://technet.microsoft.com/en-us/library/bb418944.aspx
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an
appropriate value.
Refer to the 'See also' section for guidance.
Risk Factor
None
References
BID 959

CVE CVE-2000-1200

XREF OSVDB:715
Plugin Information:
Publication date: 2002/02/13, Modification date: 2015/11/18
Ports
tcp/445

The remote host SID value is :

1-5-21-1928287797-289972450-5230789

The value of 'RestrictAnonymous' setting is : unknown

10860 - SMB Use Host SID to Enumerate Local Users

Synopsis
It is possible to enumerate local users.
Description
Using the host security identifier (SID), it is possible to enumerate local users on the remote Windows system.
Solution
n/a
Risk Factor
None
References

31
XREF OSVDB:714
Plugin Information:
Publication date: 2002/02/13, Modification date: 2015/11/18
Ports
tcp/445

- Administrator (id 500, Administrator account)

Note that, in addition to the Administrator and Guest accounts, Nessus

has enumerated only those local users with IDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.

464/tcp
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/464
Port 464/tcp was found to be open

593/tcp
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor

32
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/593
Port 593/tcp was found to be open

22964 - Service Detection

636/tcp
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/636
Port 636/tcp was found to be open

1026/tcp
90510 - MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock)
(uncredentialed check)
Synopsis
The remote Windows host is affected by an elevation of privilege vulnerability.
Description
The remote Windows host is affected by an elevation of privilege vulnerability in the Security Account Manager (SAM)
and Local Security Authority (Domain Policy) (LSAD) protocols due to improper authentication level negotiation over
Remote Procedure Call (RPC) channels. A man-in-the-middle attacker able to intercept communications between a
client and a server hosting a SAM database can exploit this to force the authentication level to downgrade, allowing
the attacker to impersonate an authenticated user and access the SAM database.

33
See Also
https://technet.microsoft.com/library/security/MS16-047

http://badlock.org/
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, and 10.
Risk Factor
Medium
CVSS Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
STIG Severity
I
References
CVE CVE-2016-0128

XREF OSVDB:136339

XREF MSFT:MS16-047

XREF IAVA:2016-A-0093
Plugin Information:
Publication date: 2016/04/13, Modification date: 2016/04/17
Ports
tcp/1026
10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the
Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to
connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12
Ports
tcp/1026

The following DCERPC services are available on TCP port 1026 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : e3514235-4b06-11d1-ab04-00c04fc2dcd2, version 4.0
Description : Active Directory Replication Interface
Windows process : unknown
Annotation : MS NT Directory DRS Interface
Type : Remote RPC service
TCP Port : 1026
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345778-1234-abcd-ef00-0123456789ab, version 0.0
Description : Local Security Authority
Windows process : lsass.exe

34
Type : Remote RPC service
TCP Port : 1026
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 1026
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : ecec0d70-a603-11d0-96b1-00a0c91ece30, version 2.0
Description : Active Directory Backup Interface
Windows process : unknown
Annotation : NTDS Backup Interface
Type : Remote RPC service
TCP Port : 1026
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 16e0cf3a-a604-11d0-96b1-00a0c91ece30, version 2.0
Description : Active Directory Restore Interface
Windows process : unknown
Annotation : NTDS Restore Interface
Type : Remote RPC service
TCP Port : 1026
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345678-1234-abcd-ef00-01234567cffb, version 1.0
Description : Network Logon Service
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 1026
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Annotation : IPSec Policy agent endpoint
Type : Remote RPC service
TCP Port : 1026
IP : 192.168.0.122

11219 - Nessus SYN scanner

1027/tcp
11219 - Nessus SYN scanner

35
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/1027
Port 1027/tcp was found to be open

22964 - Service Detection

10761 - COM+ Internet Services (CIS) Server Detection

Synopsis
A COM+ Internet Services (CIS) server is listening on this port.
Description
COM+ Internet Services are RPC over HTTP tunneling and require IIS to operate. CIS ports shouldn't be visible on
internet but only behind a firewall.
See Also
http://msdn.microsoft.com/library/en-us/dndcom/html/cis.asp

http://support.microsoft.com/support/kb/articles/Q282/2/61.ASP
Solution
If you do not use this service, disable it with DCOMCNFG.
Otherwise, limit access to this port.
Risk Factor
None
Plugin Information:
Publication date: 2001/09/14, Modification date: 2011/03/21
Ports

36
tcp/1027

Server banner :

ncacn_http/1.0

1041/tcp
10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the
Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to
connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12
Ports
tcp/1041

The following DCERPC services are available on TCP port 1041 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 50abc2a4-574d-40b3-9d66-ee4fd5fba076, version 5.0
Description : DNS Server
Windows process : dns.exe
Type : Remote RPC service
TCP Port : 1041
IP : 192.168.0.122

1042/tcp
10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the
Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to
connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12
Ports
tcp/1042

The following DCERPC services are available on TCP port 1042 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0
Description : Internet Information Service (IISAdmin)
Windows process : inetinfo.exe
Type : Remote RPC service

37
TCP Port : 1042
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0
Description : Internet Information Service (SMTP)
Windows process : inetinfo.exe
Type : Remote RPC service
TCP Port : 1042
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 1042
IP : 192.168.0.122

11219 - Nessus SYN scanner

1043/tcp
10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the
Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to
connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12
Ports
tcp/1043

The following DCERPC services are available on TCP port 1043 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3.0
Description : Internet Information Service (SMTP)
Windows process : inetinfo.exe

38
Type : Remote RPC service
TCP Port : 1043
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 1043
IP : 192.168.0.122

1048/tcp
10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the
Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to
connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12
Ports
tcp/1048

The following DCERPC services are available on TCP port 1048 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 1048
IP : 192.168.0.122

11219 - Nessus SYN scanner

1053/tcp
10736 - DCE Services Enumeration
Synopsis

39
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the
Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to
connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12
Ports
tcp/1053

The following DCERPC services are available on TCP port 1053 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : f5cc59b4-4264-101a-8c59-08002b2f8426, version 1.0
Description : File Replication Service
Windows process : ntfrs.exe
Annotation : NtFrs Service
Type : Remote RPC service
TCP Port : 1053
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : d049b186-814f-11d1-9a3c-00c04fc9b232, version 1.0
Description : File Replication Service
Windows process : ntfrs.exe
Annotation : NtFrs API
Type : Remote RPC service
TCP Port : 1053
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : a00c021c-2be2-11d2-b678-0000f87a8f8e, version 1.0
Description : File Replication Service
Windows process : ntfrs.exe
Annotation : PERFMON SERVICE
Type : Remote RPC service
TCP Port : 1053
IP : 192.168.0.122

11219 - Nessus SYN scanner

40
Port 1053/tcp was found to be open

1059/tcp
10736 - DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the
Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to
connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12
Ports
tcp/1059

The following DCERPC services are available on TCP port 1059 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 45f52c28-7f9f-101a-b52b-08002b2efabe, version 1.0
Description : Wins Service
Windows process : wins.exe
Type : Remote RPC service
TCP Port : 1059
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 811109bf-a4e1-11d1-ab54-00a0c91e9b45, version 1.0
Description : Wins Service
Windows process : wins.exe
Type : Remote RPC service
TCP Port : 1059
IP : 192.168.0.122

11219 - Nessus SYN scanner

1063/tcp
10736 - DCE Services Enumeration
Synopsis

41
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the
Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to
connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2001/08/26, Modification date: 2014/05/12
Ports
tcp/1063

The following DCERPC services are available on TCP port 1063 :

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 6bffd098-a112-3610-9833-46c3f874532d, version 1.0
Description : DHCP Server Service
Windows process : unknown
Type : Remote RPC service
TCP Port : 1063
IP : 192.168.0.122

Object UUID : 00000000-0000-0000-0000-000000000000

UUID : 5b821720-f63b-11d0-aad2-00c04fc324db, version 1.0
Description : DHCP Server Service
Windows process : unknown
Type : Remote RPC service
TCP Port : 1063
IP : 192.168.0.122

11219 - Nessus SYN scanner

3268/tcp
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.

42
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/3268
Port 3268/tcp was found to be open

20870 - LDAP Server Detection

Synopsis
An LDAP server was detected on the remote host.
Description
The remote host is running a Lightweight Directory Access Protocol (LDAP) server. LDAP is a protocol for providing
access to directory services over TCP/IP.
See Also
http://en.wikipedia.org/wiki/LDAP
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2006/02/10, Modification date: 2016/01/05
Ports
tcp/3268
25701 - LDAP Crafted Search Request Server Information Disclosure
Synopsis
It is possible to discover information about the remote LDAP server.
Description
By sending a search request with a filter set to 'objectClass=*', it is possible to extract information about the remote
LDAP server.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2007/07/12, Modification date: 2012/02/20
Ports
tcp/3268
[+]-namingContexts:
| DC=Kumar,DC=local
| CN=Configuration,DC=Kumar,DC=local
| CN=Schema,CN=Configuration,DC=Kumar,DC=local
| DC=DomainDnsZones,DC=Kumar,DC=local
| DC=ForestDnsZones,DC=Kumar,DC=local
| DC=TAPI3Directory,DC=Kumar,DC=local
[+]-currentTime:
| 20160428080022.0Z
[+]-subschemaSubentry:

43
| CN=Aggregate,CN=Schema,CN=Configuration,DC=Kumar,DC=local
[+]-dsServiceName:
| CN=NTDS Settings,CN=KUMAR,CN=Servers,CN=Default-First-
Site,CN=Sites,CN=Configuration,DC=Kumar,DC=local
[+]-namingContexts:
| DC=Kumar,DC=local
| CN=Configuration,DC=Kumar,DC=local
| CN=Schema,CN=Configuration,DC=Kumar,DC=local
| DC=DomainDnsZones,DC=Kumar,DC=local
| DC=ForestDnsZones,DC=Kumar,DC=local
| DC=TAPI3Directory,DC=Kumar,DC=local
[+]-defaultNamingContext:
| DC=Kumar,DC=local
[+]-schemaNamingContext:
| CN=Schema,CN=Configuration,DC=Kumar,DC=local
[+]-configurationNamingContext:
| CN=Configuration,DC=Kumar,DC=local
[+]-rootDomainNamingContext:
| DC=Kumar,DC=local
[+]-supportedControl:
| 1.2.840.113556.1.4.319
| 1.2.840.113556.1.4.801
| 1.2.840.113556.1.4.473
| 1.2.840.113556.1.4.528
| 1.2.840.113556.1.4.417
| 1.2.840.113556.1.4.619
| 1.2.840.113556.1.4.841
| 1.2.840.113556.1.4.529
| 1.2.840.113556.1.4.805
| 1.2.840.113556.1.4.521
| 1.2.840.113556.1.4.970
| 1.2.840.113556.1.4.1338
| 1.2.840.113556.1.4.474
| 1.2.840.113556.1.4.1339
| 1.2.840.113556.1.4.1340
| 1.2.840.113556.1.4.1413
| 2.16.840.1.113730.3.4.9
| 2.16.840.1.113730.3.4.10
| 1.2.840.113556.1.4.1504
| 1.2.840.113556.1.4.1852
| 1.2.840.113556.1.4.802
| 1.2.840.113556.1.4.1907
| 1.2.840.113556.1.4.1948
[+]-supportedLDAPVersion:
| 3
| 2
[+]-supportedLDAPPolicies:
| MaxPoolThreads
| MaxDatagramRecv
| MaxReceiveBuffer
| InitRecvTimeout
| MaxConnections
| MaxConnIdleTime
| MaxPageSize
| MaxQueryDuration
| MaxTempTableSize
| MaxResultSetSize
| MaxNotificationPerConn
[...]

3269/tcp
11219 - Nessus SYN scanner
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause
problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor

44
None
Plugin Information:
Publication date: 2009/02/04, Modification date: 2014/01/23
Ports
tcp/3269
Port 3269/tcp was found to be open

22964 - Service Detection

3389/tcp
58435 - MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
(uncredentialed check)
Synopsis
The remote Windows host could allow arbitrary code execution.
Description
An arbitrary remote code vulnerability exists in the implementation of the Remote Desktop Protocol (RDP) on the
remote Windows host. The vulnerability is due to the way that RDP accesses an object in memory that has been
improperly initialized or has been deleted.
If RDP has been enabled on the affected system, an unauthenticated, remote attacker could leverage this vulnerability
to cause the system to execute arbitrary code by sending a sequence of specially crafted RDP packets to it.
This plugin also checks for a denial of service vulnerability in Microsoft Terminal Server.
Note that this script does not detect the vulnerability if the 'Allow connections only from computers running Remote
Desktop with Network Level Authentication' setting is enabled or the security layer is set to 'SSL (TLS 1.0)' on the
remote host.
See Also
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
Solution
Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Note that an extended support contract with Microsoft is required to obtain the patch for this vulnerability for Windows
2000.
Risk Factor
High
CVSS Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score
7.3 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity

45
I
References
BID 52353

BID 52354

CVE CVE-2012-0002

CVE CVE-2012-0152

XREF OSVDB:80000

XREF OSVDB:80004

XREF EDB-ID:18606

XREF MSFT:MS12-020

XREF IAVA:2012-A-0039
Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)
Plugin Information:
Publication date: 2012/03/22, Modification date: 2016/04/27
Ports
tcp/3389
57690 - Terminal Services Encryption Level is Medium or Low
Synopsis
The remote host is using weak cryptography.
Description
The remote Terminal Services service is not configured to use strong cryptography.
Using weak cryptography with this service may allow an attacker to eavesdrop on the communications more easily
and obtain screenshots and/or keystrokes.
Solution
Change RDP encryption level to one of :
3. High
4. FIPS Compliant
Risk Factor
Medium
CVSS Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:
Publication date: 2012/01/25, Modification date: 2016/03/02
Ports
tcp/3389

The terminal services encryption level is set to :

2. Medium

18405 - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness

Synopsis
It may be possible to get access to the remote host.
Description

46
The remote version of the Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man-in-the-middle
(MiTM) attack. The RDP client makes no effort to validate the identity of the server when setting up encryption. An
attacker with the ability to intercept traffic from the RDP server can establish encryption with the client and server
without being detected. A MiTM attack of this nature would allow the attacker to obtain any sensitive information
transmitted, including authentication credentials.
This flaw exists because the RDP server stores a hard-coded RSA private key in the mstlsapi.dll library. Any local
user with access to this file (on any Windows system) can retrieve the key and use it for this attack.
See Also
http://www.oxid.it/downloads/rdp-gbu.pdf

http://www.nessus.org/u?e2628096

http://technet.microsoft.com/en-us/library/cc782610.aspx
Solution
- Force the use of SSL as a transport layer for this service if supported, or/and
- Select the 'Allow connections only from computers running Remote Desktop with Network Level Authentication'
setting if it is available.
Risk Factor
Medium
CVSS Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score
4.6 (CVSS2#E:F/RL:W/RC:ND)
References
BID 13818

CVE CVE-2005-1794

XREF OSVDB:17131
Plugin Information:
Publication date: 2005/06/01, Modification date: 2014/03/04
Ports
tcp/3389
30218 - Terminal Services Encryption Level is not FIPS-140 Compliant
Synopsis
The remote host is not FIPS-140 compliant.
Description
The encryption setting used by the remote Terminal Services service is not FIPS-140 compliant.
Solution
Change RDP encryption level to :
4. FIPS Compliant
Risk Factor
Low
CVSS Base Score
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:
Publication date: 2008/02/11, Modification date: 2016/03/02
Ports
tcp/3389

The terminal services encryption level is set to :

47
2. Medium (Client Compatible)

11219 - Nessus SYN scanner

10940 - Windows Terminal Services Enabled

Synopsis
The remote Windows host has Terminal Services enabled.
Description
Terminal Services allows a Windows user to remotely obtain a graphical login (and therefore act as a local user on the
remote host).
If an attacker gains a valid login and password, this service could be used to gain further access on the remote host.
An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers
to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable Terminal Services if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Plugin Information:
Publication date: 2002/04/20, Modification date: 2014/06/06
Ports
tcp/3389
66173 - RDP Screenshot
Synopsis
It is possible to take a screenshot of the remote login screen.
Description
This script attempts to connect to the remote host via RDP (Remote Desktop Protocol) and attempts to take a
screenshot of the login screen.
While this is not a vulnerability by itself, some versions of Windows display the names of the users who can connect
and which ones are connected already.
Solution
n/a
Risk Factor
None
Plugin Information:
Publication date: 2013/04/22, Modification date: 2016/03/02

48
Ports
tcp/3389
It was possible to gather the following screenshot of the remote login screen.

49
Remediations
Suggested Remediations
Taking the following actions across 1 hosts would resolve 8% of the vulnerabilities on the network:

Action to take Vulns Hosts

MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of 2 1
Service (981832) (uncredentialed check):

MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) 0 1
(uncredentialed check):

Xii-Pst Book PDF
0% (1)
Xii-Pst Book PDF
96 pages
CEH Practical June - 2024
No ratings yet
CEH Practical June - 2024
15 pages
Data (Prod & Admin) - July 2023 - August
No ratings yet
Data (Prod & Admin) - July 2023 - August
332 pages
Organism: With A Foreword by
100% (1)
Organism: With A Foreword by
432 pages
Lotusdew Q7zyq6
No ratings yet
Lotusdew Q7zyq6
1,285 pages
Isolated Footing Excel Computation
No ratings yet
Isolated Footing Excel Computation
27 pages
CNSP Exam Valid Dumps Questions
No ratings yet
CNSP Exam Valid Dumps Questions
6 pages
A FAREWELL TO VIROLOGY (EXPERT EDITION) DR Mark Bailey
No ratings yet
A FAREWELL TO VIROLOGY (EXPERT EDITION) DR Mark Bailey
67 pages
Linux Report
No ratings yet
Linux Report
168 pages
060 003 Part
No ratings yet
060 003 Part
106 pages
060-003 Netkeeper Signatures Training Course: Rui-Di Chu
No ratings yet
060-003 Netkeeper Signatures Training Course: Rui-Di Chu
106 pages
500 Grammar Questions With Keys PDF
No ratings yet
500 Grammar Questions With Keys PDF
48 pages
Catalyst Preparation Methods
100% (1)
Catalyst Preparation Methods
25 pages
E.104 131 56 232 50 247 103 121 38 142 77 171 38 142 77 172 38 106 42 13 Fzah3v
No ratings yet
E.104 131 56 232 50 247 103 121 38 142 77 171 38 142 77 172 38 106 42 13 Fzah3v
227 pages
ST LINES + CIRCLES TOP 200 PYQs of JEE Mains 2022
No ratings yet
ST LINES + CIRCLES TOP 200 PYQs of JEE Mains 2022
60 pages
Lecture 23
No ratings yet
Lecture 23
60 pages
Eim Q3W8
No ratings yet
Eim Q3W8
47 pages
Malware Test: Report Generated by Nessus™ Wed, 06 Oct 2021 14:47:14 - 03
No ratings yet
Malware Test: Report Generated by Nessus™ Wed, 06 Oct 2021 14:47:14 - 03
261 pages
F. 38 64 80 6 38 64 80 7 38 64 80 8 38 64 80 5 38 64 80 9 q67w92
No ratings yet
F. 38 64 80 6 38 64 80 7 38 64 80 8 38 64 80 5 38 64 80 9 q67w92
68 pages
Pentest HCM Whitelist and Non IPS
No ratings yet
Pentest HCM Whitelist and Non IPS
49 pages
ATC 2023 PEC4 ANEXO-nessus Report Web App Vulns PDF
No ratings yet
ATC 2023 PEC4 ANEXO-nessus Report Web App Vulns PDF
45 pages
NS & Tech - Grade 4 - Terminology List - IsiZulu
No ratings yet
NS & Tech - Grade 4 - Terminology List - IsiZulu
11 pages
Network Threat Hunting - 202303
0% (1)
Network Threat Hunting - 202303
178 pages
Scan Vul Metaspoitable 3nwdqp
No ratings yet
Scan Vul Metaspoitable 3nwdqp
44 pages
Pentest Eproc and Apps Whitelist Non IPS WAF
No ratings yet
Pentest Eproc and Apps Whitelist Non IPS WAF
52 pages
Scan Eproc and APPS With Whitelist Non IPS
No ratings yet
Scan Eproc and APPS With Whitelist Non IPS
49 pages
Robert Arias 20163930 Ubuntu Test 2 - Znhxab
No ratings yet
Robert Arias 20163930 Ubuntu Test 2 - Znhxab
38 pages
Report
No ratings yet
Report
11 pages
Pentest Eproc Whitelist With IPS
No ratings yet
Pentest Eproc Whitelist With IPS
23 pages
Dvwa z24nxc
No ratings yet
Dvwa z24nxc
27 pages
CRM Section Two
No ratings yet
CRM Section Two
4 pages
Caja Blanca Yhn6en
No ratings yet
Caja Blanca Yhn6en
101 pages
Week 6: Author Affiliation Course Instructor Due Date
No ratings yet
Week 6: Author Affiliation Course Instructor Due Date
13 pages
Solicitud Vulnerabilidades SW ICP 2 - RF627828
No ratings yet
Solicitud Vulnerabilidades SW ICP 2 - RF627828
16 pages
Lec 60
No ratings yet
Lec 60
16 pages
Prereqswinsrvassessment
No ratings yet
Prereqswinsrvassessment
15 pages
Analisis WEB PABELLON
No ratings yet
Analisis WEB PABELLON
93 pages
Literature Review Last Edit
No ratings yet
Literature Review Last Edit
11 pages
Research Proposal
No ratings yet
Research Proposal
10 pages
Rotax 912 Operator's Manual
No ratings yet
Rotax 912 Operator's Manual
85 pages
Escaner Maquina Linux
No ratings yet
Escaner Maquina Linux
3 pages
PC Is Can Result 20141111
No ratings yet
PC Is Can Result 20141111
174 pages
Lab 2 Eece655l
No ratings yet
Lab 2 Eece655l
19 pages
Windows Report
No ratings yet
Windows Report
36 pages
Vulnerability Test Report: IP Scan
No ratings yet
Vulnerability Test Report: IP Scan
32 pages
PJS Damansara Qtr4 2022 - Invoices
No ratings yet
PJS Damansara Qtr4 2022 - Invoices
3 pages
Better Homes & Gardens 8 Cube Organizer EN
No ratings yet
Better Homes & Gardens 8 Cube Organizer EN
26 pages
Fortuna Oieuu3
No ratings yet
Fortuna Oieuu3
70 pages
10 2 10 118 Ijbkma
No ratings yet
10 2 10 118 Ijbkma
8 pages
CH 5 - Port Scanning PDF
No ratings yet
CH 5 - Port Scanning PDF
50 pages
Balancing The Old With The New
No ratings yet
Balancing The Old With The New
4 pages
Pre-Call Report 4 Template - MKT3403-S2020
No ratings yet
Pre-Call Report 4 Template - MKT3403-S2020
5 pages
05 Write-Up RDP
No ratings yet
05 Write-Up RDP
7 pages
Purcom Speech 1
No ratings yet
Purcom Speech 1
1 page
Scan Ubuntu With OSSEC + Postfix Prepare For PCI-DSS 0unmp9
No ratings yet
Scan Ubuntu With OSSEC + Postfix Prepare For PCI-DSS 0unmp9
45 pages
Machine Design, Vol.4 (2012) No.2, ISSN 1821-1259 Pp. 103-106
No ratings yet
Machine Design, Vol.4 (2012) No.2, ISSN 1821-1259 Pp. 103-106
4 pages
NetworkSecurity LABManual
No ratings yet
NetworkSecurity LABManual
33 pages
Eaheart CurrentInternetThreats
No ratings yet
Eaheart CurrentInternetThreats
32 pages
Lab 6 - Student
No ratings yet
Lab 6 - Student
24 pages
TriplePlay NetworkPenTestingTools
No ratings yet
TriplePlay NetworkPenTestingTools
51 pages
STC-NMB BANK - May 2020 PDF
No ratings yet
STC-NMB BANK - May 2020 PDF
13 pages
Zumaroc Notes v2
No ratings yet
Zumaroc Notes v2
36 pages
Pru Uno Con Fire
No ratings yet
Pru Uno Con Fire
14 pages
Cap 9 Data Analysis
No ratings yet
Cap 9 Data Analysis
36 pages
Not A Certified PCI Report: Scan Results
No ratings yet
Not A Certified PCI Report: Scan Results
12 pages
Prac Win10 Nlbs10
No ratings yet
Prac Win10 Nlbs10
11 pages
Hacking Module 03
100% (1)
Hacking Module 03
69 pages
Taller
No ratings yet
Taller
159 pages
Hands-On Ethical Hacking and Network Defense
No ratings yet
Hands-On Ethical Hacking and Network Defense
41 pages
SCADA
No ratings yet
SCADA
12 pages
Vista Wireless Power Tools
No ratings yet
Vista Wireless Power Tools
31 pages
Saint Louis College: Legislative Committee
No ratings yet
Saint Louis College: Legislative Committee
3 pages
Brosur Master Steel
No ratings yet
Brosur Master Steel
4 pages
Service Manual: DSC-P10/P12
No ratings yet
Service Manual: DSC-P10/P12
1 page
Scanning Windows Deeper With The Nmap Scanning Engine: by Ron Bowes
No ratings yet
Scanning Windows Deeper With The Nmap Scanning Engine: by Ron Bowes
27 pages
Chapter 2 Basic Physics of Semiconductors
No ratings yet
Chapter 2 Basic Physics of Semiconductors
42 pages
KilatHosting Vulnerability Report
No ratings yet
KilatHosting Vulnerability Report
14 pages
Question Bank CDMA
No ratings yet
Question Bank CDMA
7 pages
White Topping Report
73% (11)
White Topping Report
21 pages
Orson Welles' Memo On by Lawrence French
100% (1)
Orson Welles' Memo On by Lawrence French
41 pages
Using Nessus
No ratings yet
Using Nessus
6 pages
Family Waste Inventory
No ratings yet
Family Waste Inventory
2 pages
Nessus Report Dashboard
No ratings yet
Nessus Report Dashboard
2 pages
Hacking Connected Cars: Tactics, Techniques, and Procedures
From Everand
Hacking Connected Cars: Tactics, Techniques, and Procedures
Alissa Knight
No ratings yet
CompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102
From Everand
CompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102
Troy McMillan
5/5 (2)
Hack into your Friends Computer
From Everand
Hack into your Friends Computer
Magelan Cyber Security
No ratings yet
Evaluation of Some Intrusion Detection and Vulnerability Assessment Tools
From Everand
Evaluation of Some Intrusion Detection and Vulnerability Assessment Tools
Dr. Hedaya Mahmood Alasooly
No ratings yet
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
From Everand
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
Mulayam Singh
No ratings yet
C Programming for the Pc the Mac and the Arduino Microcontroller System
From Everand
C Programming for the Pc the Mac and the Arduino Microcontroller System
Peter D Minns
No ratings yet
A Practical Guide Wireshark Forensics
From Everand
A Practical Guide Wireshark Forensics
alasdair gilchrist
5/5 (4)

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.