开发工具:
文件大小: 246kb
下载次数: 0
上传时间: 2019-10-12
详细说明:该文档 主要是针对靶机做的渗透测试报告,用的扫描工具是OpenVas2 RESULT'S PER HOST
1 Rcsult Overview
Host
High Medium Low Log False Positive
192.168.10.14919
32
0
0
Total: 1
19
2
0
0
Vendor security updates are not trusted
Overrides are oIl. When a result has an override, lhis report uses the threat of the override
Information on overrides is included in the report
Notes are included in the report
This report might not show details of all issues that were found
It only lists hosts that produced issues
Issues with the threat level log are not shown
Issues with the threat level"Debug'" are not shown
Issues with the threat level“ False上 ositive” are not shown
Only resulis with a IniniinuIn QoD of 70 are showIl
This report contains all 53 results selected by the filtering described above. Before filtering
there were 390 results
1. 1 Host authentications
Protocol Result Port/U
192.168.10.149 SMB Success Protocol SMB, Port 415,User
2 Results per host
2.1192.168.10.149
Host scan start Sat Oct 12 02: 30: 16 2019UTC
Host scan end Sat oct 1203: 01: 47 2019 UTC
Service(port) Threat Level
3306/tcp
High
6200/t
High
80/tcp
High
3632/cp
High
5432/t
High
eral/tcpHigh
High
5900/t
Higl
1099/t
High
512/t
High
(conti
2 RESULT'S PER HOST
(continued)
Service(Port) Threat Level
21/tcp
High
8787/tc
High
High
513/+p
High
1524/tcp
High
High
80/tcp
Medium
5432/tcp
Medium
5900/t
Medium
2121/tcp
21/ tcp
Medium
6667/tcp
Medium
Medium
445/tcp
Medium
Medium
general/tc
22/tcp
Ow
211High3306/t
9.
VT: MySQL/ MariaDB weak password
Product detection result
cpe: /a: mysql: mysql: 5.0. 51a
Detected by My SQL/MariaDB Detection (OID: 1.3.6.1.4.1. 25623.1.0.100152
Summary
It was possible lo login inlo the remote MysQl as root using weak credentials
Vulnerability Detection Result
It was possible to login as root with an empty password.
Solution
Solution type: Mitigation
Change the password as soon as possible
Vulnerability Detection Method
Details: My SQL / MariaDB weak password
OID:1.3.6.1.41.25623.1.0.103551
Ⅴ ersion used:2019-09-06T14:17:49+0000
Product Detection result
ontinnles on next. page
2 RESULT'S PER HOST
continued from previous page
Product: cpe: /a: mysql: mysql: 5.0.51a
Method: MySQL/MariaDB Detection
OlD:1.36.1.41.25623.1.0.100152)
return to192.168.10.149
2.1.2 High 6200/ tcp
High(C
VT: vsftpd Compromised Source Packages Backdoor Vulnerability
Summary
vsftpd is prone to a backdoor vulnerability
Vulnerability Detection Result
Vulnerability was detected according to the vulnerability Detection Method
Attackers can exploit this issue to execute arbitrary commands in the context of the application
Successful attacks will coinpronnise Che affected applicalion
ution
Solution type: VendorFix
The repaired package can be downloaded from the referenced link. Please validate the package
with its signature
Affected Software/os
The vsftpd 2.3. 4 source package is affected
Vulnerability Detection Method
Details: vsftpd Compromised Source Packages Backdoor Vulnerability
OID:1.3.6.1.4.1.25623.10.103185
Version used: REvision: 12076
References
B工D:48539
Url:http://www.securityfocus.com/bid/48539
Url:http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-back
Url:https://security.appspot.com/vsftpd.html
[return Lo192.168.10.149
2.1.3 High 80/tcp
2 RESULT'S PER HOST
NVT: TWiki XSS and Command Execution VulNerabilities
Product detection result
cpe: /a: twiki: twiki: 01Feb 2003
Detected by TWiki Version Detection (OID: 1.3.6.1.4.1. 25623.1.0.800399)
Summary
The host is running TWiki and is prone to Cross-Site Scripting(XSS) and Colllnianld Execution
Vulnerabilities
Vulnerability Detection Result
Installed version: 01, feb 2003
Fixed version
4.2.4
Impact
Successful exploitation could allow execution of arbitrary script code or commands. This could
let attackers steal cookie- based authentication credentials or compromise the affected application
Solution type: Vendor lx
Upgrade to version 4.2.4 or later
Affected Software/os
TWiki, TWiki version prior to 4.2.4
Vulnerability Insight
The Aaws are due to
VURLPARAM% variable is not properly sanitized which lets attackers conduct cross-site
scripting attack
TSEARCHI variable is not properly sanitised before being used in an eval( call which lets
t, he att ackers execute perl code through e val injection att ack
Vulnerability Detection Method
Details: TWiki XSs and Command Execution vulnerabilities
ODD:1.3.6.1.4.1.25623.10800320
Version used Revision: 12952
Product detection result
Product: cpe: /a: twiki: twiki: 01 Feb 2003
Method: TWiki Version detection
OID:136.14.1.2562310.800399)
References
CVE:cVE-2008-5304,cVE-2008-5305
BID:32668,32669
continues on next page
2 RESULT'S PER HOST
continued from previous page
Other
Url:http://twiki.org/cgi-bin/view/codev.Securityalert-cve-2008-5304
Url:http://twiki.org/cgi-bin/view/codev/securityalert-cve-2008-5305
VT: phpinfo() output Reporting
Summary
Many PHP installation tutorials instruct the user to create a file called phpinfo. php or similar
containing the phpinfo( statement. Such a file is often left back in the webserver directory
Vulnerability Detection Result
The following files are calling the function phpinfo which disclose potentiall
cy sensitive information:
http://192.168.10.149/mutillidae/phpinfo.php
http://192.168.10.149/phpinfo.php
Im
Some of the information that can be gathered from this file includes
The username of the user running the PHP process, if it is a sudo user, the IP address of the host
the web server version, the system version(Unix Linux. Windows,.) and the root directory
of the web seryer
Solution
Solution type: Workaround
Delete the listed files or restrict access to them
Vulnerability Detection Method
Details: phpinfo() output Report ing
OID:1.3.6.1.4.1.25623.1.0.11229
Ⅴ ersion used:$Reⅴ Ison:11992$
High(CVSS: 7
VT: PHP-CGI-based setups vulnerability when parsing query string parameters from php files
Summary
PHP is prone lo all inlorInlaLion-disclosure vulnerability
Vulnerability Detection Result
Vulnerableurl:http://192.168.10.149/cgi-bin/php
lmpact
Exploiling lhis issue allows r'elllote attackers to view the source code of liles in Lhe context of the
PHP code on the affected computer. Other attacks are also possible ation and to run arbitrary
server process. This may allow the attacker to obtain sensitive inform
continues on next page
2 RESULT'S PER HOST
continued from previous page
vP
Vendor上i
PHP has released version 5.4.3 and 5. 3. 13 to address this vulnerability. PHP is recommending
that users upgrade to the latest version of PHP
Vulnerability Insight
When PHP is used in a CGT-based set1p(Such as A,'s mod cgid; the php-cgi receives
a processed query string parameter as command line arguments which allows command-line
switches, such as -S, -d or-c lo be passed to the php-cgi binary, which can be exploited lo
disclose source code and obtaiN arbiirary code execution
An example of the -s command, allowing an attacker to view the source code of index. php is
below
http://example.com/index.php?-s
Vulnerability Detection Method
Details: PHP-CGI-based setups vulnerability when parsing query string parameters from ph
OID:1.3.6.1.4.1.25623.1.0.103482
Ⅴ ersion used:Reⅴ siOn:13679$
R
eferences
CVE:CVE-2012-1823,CVE-2012-2311,CVE-2012-2336,CVE-2012-2335
BID:53388
Other
Url:http://www.h-online.com/open/news/item/critical-open-hole-in-php-creates-r
isks-Update-1567532.html
Url:http://www.kb.cert.org/vuls/id/520827
Url:http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
Url:https://bugs.phpnet/bug.php?id=61910
LL:http://www.php.net/manual/en/security.cgi-bin.php
Url:Http://www.securityfocus.com/bid/53388
Vt: Test Http dangerous methods
Summary
Misconfigured web servers allows remote clients to perform dangerous Http methods such as
PUT and dELete
This script checks if they are enabled and can be misused to upload or delete files
Vulnerability Detection Result
le could upload the following files via the PUT method at this web server:
http://192.168.10.149/dav/puttest901690022.htm1
We could delete the following files via the DELETE method at this web server:
http://192.168.10.149/dav/puttest901690022.htm1
conllinlues oll ilex page
2 RESULT'S PER HOST
continued from previous page
Impact
Enabled PUT method This might allow an attacker to upload and run arbitrary code on this
web server
Enabled deletE method This might allow an attacker to delete additional files on this web
server
Solution
Solution type: Mitigation
Cse access restrictions to these dagerous Http Inethods or disable Lheill completely
Vulnerability Detection Method
Details:Testhttpdangerousmethods
OID:1.3.6.1.4.1.25623.1.0.10498
Version used:2019-04-24To7:26:10+0000
References
BID:12141
Other
OWASP: OWASP-CM-001
return to192.168.10.149
2.1. 4 High 3632/ tcp
High(C
9.3
T: DislCC Remote Code Execution Vulnerability
Summary
Dist CC 2. x, as used in XCode 1.5 and others, when not configured to restrict access to the server
executed by the server without authorization che commands via, compilation jobs which are
Vulnerability Detection Result
It was possible to execute the id command
Result: uid=1(daemon) gid=1(daemon)
Impact
Dist cc by default trusts its clients completely that in turn could allow a malicious client to
execute arbitrary commands on the server
Solution
Solution type: VendorFix
Vendor updates are available. Please see the references for more information
For more information about DistCC's securitv see the references
continues on next page
2 RESULT'S PER HOST
continued from previous page
Vulnerability Detection Method
Details: DistCC Remote Code Execution Vulnerability
OID:1.3.6.1.4.1.25623.1.0.103553
Version used: rEvision: 12032
References
CVE:CVE-2004-2687
Other
Url:https://distcc.github.io/security.html
Url:https://web.archive.org/web/20150511045306/http://archives.neohapsis.com
80/archives/bugtraq2005-030183html
return to192.168.10.149
2.1.5igh5432/tcp
High(CVSS: 9
VT: Post gresQr weak password
Produet detection result
cpe: /a: postgresql: postgresql: 8.3.1
Detected by PostgreSQL Detection (OID: 1. 3.6.1.4.1.25623.1.0 100151)
Summary
Il was possible to login into the remote postgresQL as user postgres using weak credentials.
Vulnerability Detection Result
It was possible to login as user postgres with password postgres
Solution
Solution type: Mitigation
Change the password as soon as possible
Vulnerability Detection Method
Details: PostgresQL weak password
OID:1.3.6.1.4.1.25623.10.103552
Ⅴ ersion used:2019-09-06T14:17:49+0000
Product Detection result
Product: cpe: /a: postgresql: postgresql: 8.3.1
Method: PostgreSQL Detection
OID:136.1.4.1.25623.1.0.100151
return to192.168.10.149]
(系统自动生成,下载前可以参看下载内容)
下载文件列表
相关说明
- 本站资源为会员上传分享交流与学习,如有侵犯您的权益,请联系我们删除.
- 本站是交换下载平台,提供交流渠道,下载内容来自于网络,除下载问题外,其它问题请自行百度。
- 本站已设置防盗链,请勿用迅雷、QQ旋风等多线程下载软件下载资源,下载后用WinRAR最新版进行解压.
- 如果您发现内容无法下载,请稍后再次尝试;或者到消费记录里找到下载记录反馈给我们.
- 下载后发现下载的内容跟说明不相乎,请到消费记录里找到下载记录反馈给我们,经确认后退回积分.
- 如下载前有疑问,可以通过点击"提供者"的名字,查看对方的联系方式,联系对方咨询.