The document summarizes the findings of a web application penetration test. It identifies 5 web servers on the 10.42.2.0/24 network that were found to have many high-level vulnerabilities that should be patched immediately. These vulnerabilities could allow an attacker to fully compromise the web servers, including the domain name server. It also provides details on the IP addresses, operating systems, open ports and services of the hosts found.
The document summarizes the findings of a web application penetration test. It identifies 5 web servers on the 10.42.2.0/24 network that were found to have many high-level vulnerabilities that should be patched immediately. These vulnerabilities could allow an attacker to fully compromise the web servers, including the domain name server. It also provides details on the IP addresses, operating systems, open ports and services of the hosts found.
The document summarizes the findings of a web application penetration test. It identifies 5 web servers on the 10.42.2.0/24 network that were found to have many high-level vulnerabilities that should be patched immediately. These vulnerabilities could allow an attacker to fully compromise the web servers, including the domain name server. It also provides details on the IP addresses, operating systems, open ports and services of the hosts found.
SEC542: Web App Penetration Testing & Ethical Hacking SCOPE 10.42.2.0/24 HOST FOUND 10.42.5.8 helpdesk.sec542.org 10.42.5.21 home.sec542.org 10.42.5.24 www.sec542.org 10.42.5.42 phones.sec542.org 10.42.5.75 SUMMARY Many HIGH vulnerabilities found & should be patch immediately Attacker may use these vulnerabilities to full compromise the web servers including the domain name server Point 2 Point 3 SUMMARY HIGH - ?? MEDIUM - ?? LOW - ?? HOST DETAILS No IP OS Ports Services Status Banners 1 10.42.5.8 (helpdesk.sec542.org) Ubuntu Linux OS (Linux Kernel 2.6.13 - 2.6.32) 53/TCP DOMAIN OPEN ISC BIND 9.5.0-P2 80/TCP HTTP OPEN Apache httpd 2.2.9 PHP/5.2.6-2ubuntu4.1 2 10.42.5.21 (home.sec542.org) Ubuntu Linux OS (Linux Kernel 2.6.13 - 2.6.32) 53/TCP DOMAIN OPEN ISC BIND 9.5.0-P2 80/TCP HTTP OPEN Apache httpd 2.2.9 3 10.42.5.24 (sec542.org) (ns1.sec542.org) (www.sec542.org) Ubuntu Linux OS (Linux Kernel 2.6.13 - 2.6.32) 53/TCP DOMAIN OPEN ISC BIND 9.5.0-P2 80/TCP HTTP OPEN Apache httpd 2.2.9 4 10.42.5.42 (phones.sec542.org) Ubuntu Linux OS (Linux Kernel 2.6.13 - 2.6.32) 53/TCP DOMAIN OPEN ISC BIND 9.5.0-P2 80/TCP HTTP OPEN Apache httpd 2.2.9 5 10.42.5.75 Ubuntu Linux OS (Linux Kernel 2.6.13 - 2.6.32) 53/TCP DOMAIN OPEN ISC BIND 9.5.0-P2 80/TCP HTTP OPEN Apache httpd 2.2.9 FINDING DETAILS Brief Vulnerability