Scribd Logo
Upload

Welcome to Scribd!

  • 9 views

    Vuln 5

    Uploaded by

    LUZ ESPINOSA

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Vuln 5

    Uploaded by

    LUZ ESPINOSA
    9 views3 pages

    Original Title

    vuln5

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    9 views3 pages

    Vuln 5

    Uploaded by

    LUZ ESPINOSA

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 3

    Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-24 21:33 Hora est.

    Pacífico,
    Sudamérica
    Nmap scan report for 18.189.74.97.host.secureserver.net (97.74.189.18)
    Host is up (0.12s latency).
    Not shown: 975 filtered tcp ports (no-response)
    PORT STATE SERVICE
    20/tcp closed ftp-data
    21/tcp open ftp
    | ssl-dh-params:
    | VULNERABLE:
    | Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
    | State: VULNERABLE
    | Transport Layer Security (TLS) services that use anonymous
    | Diffie-Hellman key exchange only provide protection against passive
    | eavesdropping, and are vulnerable to active man-in-the-middle attacks
    | which could completely compromise the confidentiality and integrity
    | of any data exchanged over the resulting session.
    | Check results:
    | ANONYMOUS DH GROUP 1
    | Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
    | Modulus Type: Non-safe prime
    | Modulus Source: RFC5114/2048-bit DSA group with 256-bit prime order
    subgroup
    | Modulus Length: 2048
    | Generator Length: 2048
    | Public Key Length: 2048
    | References:
    |_ https://www.ietf.org/rfc/rfc2246.txt
    22/tcp open ssh
    25/tcp open smtp
    | smtp-vuln-cve2010-4344:
    |_ The SMTP server is not Exim: NOT VULNERABLE
    80/tcp open http
    | http-enum:
    |_ /webmail/: Mail folder
    |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
    |_http-csrf: Couldn't find any CSRF vulnerabilities.
    |_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
    |_http-vuln-cve2013-7091: ERROR: Script execution failed (use -d to debug)
    |_http-passwd: ERROR: Script execution failed (use -d to debug)
    |_http-dombased-xss: Couldn't find any DOM based XSS.
    110/tcp open pop3
    | ssl-dh-params:
    | VULNERABLE:
    | Diffie-Hellman Key Exchange Insufficient Group Strength
    | State: VULNERABLE
    | Transport Layer Security (TLS) services that use Diffie-Hellman groups
    | of insufficient strength, especially those using one of a few commonly
    | shared groups, may be susceptible to passive eavesdropping attacks.
    | Check results:
    | WEAK DH GROUP 1
    | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    | Modulus Type: Safe prime
    | Modulus Source: Unknown/Custom-generated
    | Modulus Length: 1024
    | Generator Length: 8
    | Public Key Length: 1024
    | References:
    |_ https://weakdh.org
    143/tcp open imap
    443/tcp open https
    |_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
    |_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
    |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
    | http-slowloris-check:
    | VULNERABLE:
    | Slowloris DOS attack
    | State: LIKELY VULNERABLE
    | IDs: CVE:CVE-2007-6750
    | Slowloris tries to keep many connections to the target web server open and
    hold
    | them open as long as possible. It accomplishes this by opening connections
    to
    | the target web server and sending a partial request. By doing so, it
    starves
    | the http server's resources causing Denial Of Service.
    |
    | Disclosure date: 2009-09-17
    | References:
    | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
    |_ http://ha.ckers.org/slowloris/
    |_http-dombased-xss: Couldn't find any DOM based XSS.
    |_http-csrf: Couldn't find any CSRF vulnerabilities.
    | http-vuln-cve2010-0738:
    |_ /jmx-console/: Authentication was not required
    |_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)
    465/tcp open smtps
    |_ssl-ccs-injection: No reply from server (TIMEOUT)
    587/tcp open submission
    | smtp-vuln-cve2010-4344:
    |_ The SMTP server is not Exim: NOT VULNERABLE
    990/tcp closed ftps
    993/tcp open imaps
    | ssl-dh-params:
    | VULNERABLE:
    | Diffie-Hellman Key Exchange Insufficient Group Strength
    | State: VULNERABLE
    | Transport Layer Security (TLS) services that use Diffie-Hellman groups
    | of insufficient strength, especially those using one of a few commonly
    | shared groups, may be susceptible to passive eavesdropping attacks.
    | Check results:
    | WEAK DH GROUP 1
    | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    | Modulus Type: Safe prime
    | Modulus Source: Unknown/Custom-generated
    | Modulus Length: 1024
    | Generator Length: 8
    | Public Key Length: 1024
    | References:
    |_ https://weakdh.org
    995/tcp open pop3s
    | ssl-dh-params:
    | VULNERABLE:
    | Diffie-Hellman Key Exchange Insufficient Group Strength
    | State: VULNERABLE
    | Transport Layer Security (TLS) services that use Diffie-Hellman groups
    | of insufficient strength, especially those using one of a few commonly
    | shared groups, may be susceptible to passive eavesdropping attacks.
    | Check results:
    | WEAK DH GROUP 1
    | Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    | Modulus Type: Safe prime
    | Modulus Source: Unknown/Custom-generated
    | Modulus Length: 1024
    | Generator Length: 8
    | Public Key Length: 1024
    | References:
    |_ https://weakdh.org
    3306/tcp open mysql
    8443/tcp closed https-alt
    50000/tcp closed ibm-db2
    50001/tcp closed unknown
    50002/tcp closed iiimsf
    50003/tcp closed unknown
    50006/tcp closed unknown
    50300/tcp closed unknown
    50389/tcp closed unknown
    50500/tcp closed unknown
    50636/tcp closed unknown
    50800/tcp closed unknown

    Nmap done: 1 IP address (1 host up) scanned in 114.99 seconds

    You might also like