nessus scan report - weeblykofappia.weebly.com/uploads/5/4/9/6/54965689/nessus_scan... · 2020. 2....

11/14/2014 Nessus Scan Report

file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 1/59

Nessus Scan Report14/Nov/2014:11:53:40

Nessus Home: Commercial use of the report isprohibited

Any time Nessus is used in a commercial environment you MUSTmaintain an active subscription to the Nessus Feed in order to becompliant with our licenseagreement.http://www.tenable.com/products/nessus

Table Of Contents

Hosts Summary (Executive)

192.168.232.131

Vulnerabilities By Host

192.168.232.131

Vulnerabilities By Plugin

40887 (1) - MS09-050: Microsoft Windows SMB2_Smb2ValidateProviderCallback() Vulnerability (975497) (uncredentialedcheck)

58435 (1) - MS12-020: Vulnerabilities in Remote Desktop Could AllowRemote Code Execution (2671387) (uncredentialed check)

18405 (1) - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness

51192 (1) - SSL Certificate Cannot Be Trusted

57582 (1) - SSL Self-Signed Certificate

57608 (1) - SMB Signing Required

57690 (1) - Terminal Services Encryption Level is Medium or Low

58453 (1) - Terminal Services Doesn't Use Network Level Authentication(NLA)



30218 (1) - Terminal Services Encryption Level is not FIPS-140 Compliant

34324 (1) - FTP Supports Clear Text Authentication

65821 (1) - SSL RC4 Cipher Suites Supported

10736 (9) - DCE Services Enumeration

11219 (4) - Nessus SYN scanner

22964 (2) - Service Detection

10092 (1) - FTP Server Detection

10107 (1) - HTTP Server Type and Version

10287 (1) - Traceroute Information

10394 (1) - Microsoft Windows SMB Log In Possible

10785 (1) - Microsoft Windows SMB NativeLanManager Remote SystemInformation Disclosure

10863 (1) - SSL Certificate Information

10940 (1) - Windows Terminal Services Enabled

11011 (1) - Microsoft Windows SMB Service Detection

11422 (1) - Web Server Unconfigured - Default Install Page Present

11936 (1) - OS Identification

19506 (1) - Nessus Scan Information

20094 (1) - VMware Virtual Machine Detection

21643 (1) - SSL Cipher Suites Supported

24260 (1) - HyperText Transfer Protocol (HTTP) Information

24786 (1) - Nessus Windows Scan Not Performed with Admin Privileges

25220 (1) - TCP/IP Timestamps Supported

26917 (1) - Microsoft Windows SMB Registry : Nessus Cannot Accessthe Windows Registry

35705 (1) - SMB Registry : Starting the Registry Service during the scanfailed

35716 (1) - Ethernet Card Manufacturer Detection

42410 (1) - Microsoft Windows NTLMSSP Authentication Request RemoteNetwork Name Disclosure

43111 (1) - HTTP Methods Allowed (per directory)

45590 (1) - Common Platform Enumeration (CPE)

54615 (1) - Device Type

56984 (1) - SSL / TLS Versions Supported



57041 (1) - SSL Perfect Forward Secrecy Cipher Suites Supported

62563 (1) - SSL Compression Methods Supported

64814 (1) - Terminal Services Use SSL/TLS

66334 (1) - Patch Report

70544 (1) - SSL Cipher Block Chaining Cipher Suites Supported

Hosts Summary (Executive)

[-] Collapse All

[+] Expand All

192.168.232.131

Summary

Critical High Medium Low Info Total

1 1 6 3 32 43

Details

Severity PluginId

Name

Critical(10.0)

40887 MS09-050: Microsoft Windows SMB2_Smb2ValidateProviderCallback() Vulnerability(975497) (uncredentialed check)

High (9.3) 58435 MS12-020: Vulnerabilities in Remote Desktop CouldAllow Remote Code Execution (2671387)(uncredentialed check)

Medium (6.4) 51192 SSL Certificate Cannot Be Trusted

Medium (6.4) 57582 SSL Self-Signed Certificate

Medium (5.1) 18405 Microsoft Windows Remote Desktop ProtocolServer Man-in-the-Middle Weakness

Medium (5.0) 57608 SMB Signing Required

Medium (4.3) 57690 Terminal Services Encryption Level is Medium orLow

Medium (4.3) 58453 Terminal Services Doesn't Use Network LevelAuthentication (NLA)

Low (2.6) 30218 Terminal Services Encryption Level is not FIPS-140Compliant



Low (2.6) 34324 FTP Supports Clear Text Authentication

Low (2.6) 65821 SSL RC4 Cipher Suites Supported

Info 10092 FTP Server Detection

Info 10107 HTTP Server Type and Version

Info 10287 Traceroute Information

Info 10394 Microsoft Windows SMB Log In Possible

Info 10736 DCE Services Enumeration

Info 10785 Microsoft Windows SMB NativeLanManager RemoteSystem Information Disclosure

Info 10863 SSL Certificate Information

Info 10940 Windows Terminal Services Enabled

Info 11011 Microsoft Windows SMB Service Detection

Info 11219 Nessus SYN scanner

Info 11422 Web Server Unconfigured - Default Install PagePresent

Info 11936 OS Identification

Info 19506 Nessus Scan Information

Info 20094 VMware Virtual Machine Detection

Info 21643 SSL Cipher Suites Supported

Info 22964 Service Detection

Info 24260 HyperText Transfer Protocol (HTTP) Information

Info 24786 Nessus Windows Scan Not Performed with AdminPrivileges

Info 25220 TCP/IP Timestamps Supported

Info 26917 Microsoft Windows SMB Registry : Nessus CannotAccess the Windows Registry

Info 35705 SMB Registry : Starting the Registry Service duringthe scan failed

Info 35716 Ethernet Card Manufacturer Detection

Info 42410 Microsoft Windows NTLMSSP AuthenticationRequest Remote Network Name Disclosure



Info 43111 HTTP Methods Allowed (per directory)

Info 45590 Common Platform Enumeration (CPE)

Info 54615 Device Type

Info 56984 SSL / TLS Versions Supported

Info 57041 SSL Perfect Forward Secrecy Cipher SuitesSupported

Info 62563 SSL Compression Methods Supported

Info 64814 Terminal Services Use SSL/TLS

Info 66334 Patch Report

Info 70544 SSL Cipher Block Chaining Cipher Suites Supported

Vulnerabilities By Host

[-] Collapse All

[+] Expand All

192.168.232.131

Scan Information

Start time: Fri Nov 14 11:53:41 2014

End time: Fri Nov 14 12:04:49 2014

Host Information

NetbiosName:

WIN-LRFFK6NI0BQ

IP: 192.168.232.131

MACAddress:

00:0c:29:5e:90:54

OS: Microsoft Windows Server 2008 Standard Service Pack 2

Results Summary

Critical High Medium Low Info Total

1 1 6 3 44 55

Results Details

0/tcp

35705 - SMB Registry : Starting the Registry Service duringthe scan failed

[-/+]



24786 - Nessus Windows Scan Not Performed with AdminPrivileges

[-/+]

25220 - TCP/IP Timestamps Supported [-/+]

20094 - VMware Virtual Machine Detection [-/+]

35716 - Ethernet Card Manufacturer Detection [-/+]

11936 - OS Identification [-/+]

54615 - Device Type [-/+]

45590 - Common Platform Enumeration (CPE) [-/+]

66334 - Patch Report [-/+]

19506 - Nessus Scan Information [-/+]

0/udp

10287 - Traceroute Information [-/+]

21/tcp

34324 - FTP Supports Clear Text Authentication [-/+]

11219 - Nessus SYN scanner [-/+]

22964 - Service Detection [-/+]

10092 - FTP Server Detection [-/+]

80/tcp


22964 - Service Detection [-/+]

11422 - Web Server Unconfigured - Default Install PagePresent

[-/+]

43111 - HTTP Methods Allowed (per directory) [-/+]

10107 - HTTP Server Type and Version [-/+]

24260 - HyperText Transfer Protocol (HTTP) Information [-/+]

135/tcp

10736 - DCE Services Enumeration [-/+]




445/tcp

40887 - MS09-050: Microsoft Windows SMB2_Smb2ValidateProviderCallback() Vulnerability (975497)(uncredentialed check)

[-/+]

57608 - SMB Signing Required [-/+]

11011 - Microsoft Windows SMB Service Detection [-/+]


10785 - Microsoft Windows SMB NativeLanManager RemoteSystem Information Disclosure

[-/+]

10394 - Microsoft Windows SMB Log In Possible [-/+]

26917 - Microsoft Windows SMB Registry : Nessus CannotAccess the Windows Registry

[-/+]

42410 - Microsoft Windows NTLMSSP Authentication RequestRemote Network Name Disclosure

[-/+]

3389/tcp

58435 - MS12-020: Vulnerabilities in Remote Desktop CouldAllow Remote Code Execution (2671387) (uncredentialedcheck)

[-/+]

57582 - SSL Self-Signed Certificate [-/+]

51192 - SSL Certificate Cannot Be Trusted [-/+]

58453 - Terminal Services Doesn't Use Network LevelAuthentication (NLA)

[-/+]

57690 - Terminal Services Encryption Level is Medium or Low [-/+]

18405 - Microsoft Windows Remote Desktop Protocol ServerMan-in-the-Middle Weakness

[-/+]

30218 - Terminal Services Encryption Level is not FIPS-140Compliant

[-/+]

65821 - SSL RC4 Cipher Suites Supported [-/+]


10940 - Windows Terminal Services Enabled [-/+]



64814 - Terminal Services Use SSL/TLS [-/+]

56984 - SSL / TLS Versions Supported [-/+]

10863 - SSL Certificate Information [-/+]

62563 - SSL Compression Methods Supported [-/+]

21643 - SSL Cipher Suites Supported [-/+]

70544 - SSL Cipher Block Chaining Cipher Suites Supported [-/+]

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported [-/+]

49152/tcp


49153/tcp


49154/tcp


49155/tcp


49156/tcp


49157/tcp


49159/tcp


Vulnerabilities By Plugin

[-] Collapse All

[+] Expand All

40887 (1) - MS09-050: Microsoft Windows SMB2_Smb2ValidateProviderCallback() Vulnerability (975497) (uncredentialedcheck)

SynopsisArbitrary code may be executed on the remote host through the SMB port



DescriptionThe remote host is running a version of Microsoft Windows Vista or Windows Server2008 that contains a vulnerability in its SMBv2 implementation.

An attacker could exploit this flaw to disable the remote host or to execute arbitrarycode on it.

See Also

http://www.nessus.org/u?0f72ec72

http://technet.microsoft.com/en-us/security/bulletin/MS09-050

SolutionMicrosoft has released a patch for Windows Vista and Windows Server 2008.

Risk FactorCritical

CVSS Base Score10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Temporal Score8.3 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

References

BID 36299

CVE CVE-2009-3103

XREF OSVDB:57799

XREF MSFT:MS09-050

XREF CWE:399

Exploitable withCANVAS (true)Core Impact (true)Metasploit (true)

Plugin Information:Publication date: 2009/09/08, Modification date: 2014/07/11

Hosts

192.168.232.131 (tcp/445)

58435 (1) - MS12-020: Vulnerabilities in Remote Desktop Could Allow RemoteCode Execution (2671387) (uncredentialed check)

SynopsisThe remote Windows host could allow arbitrary code execution.

DescriptionAn arbitrary remote code vulnerability exists in the implementation of the RemoteDesktop Protocol (RDP) on the remote Windows host. The vulnerability is due to theway that RDP accesses an object in memory that has been improperly initialized orhas been deleted.



If RDP has been enabled on the affected system, an unauthenticated, remote attackercould leverage this vulnerability to cause the system to execute arbitrary code bysending a sequence of specially crafted RDP packets to it.

This plugin also checks for a denial of service vulnerability in Microsoft TerminalServer.

Note that this script does not detect the vulnerability if the 'Allow connections only fromcomputers running Remote Desktop with Network Level Authentication' setting isenabled or the security layer is set to 'SSL (TLS 1.0)' on the remote host.

See Also

http://technet.microsoft.com/en-us/security/bulletin/ms12-020

SolutionMicrosoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and2008 R2.

Note that an extended support contract with Microsoft is required to obtain the patch forthis vulnerability for Windows 2000.

Risk FactorHigh

CVSS Base Score9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Temporal Score7.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

STIG SeverityI

References

BID 52353

BID 52354

CVE CVE-2012-0002

CVE CVE-2012-0152

XREF OSVDB:80000

XREF OSVDB:80004

XREF EDB-ID:18606

XREF IAVA:2012-A-0039

XREF MSFT:MS12-020

Exploitable withCANVAS (true)Core Impact (true)Metasploit (true)




Hosts

192.168.232.131 (tcp/3389)

18405 (1) - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness

SynopsisIt may be possible to get access to the remote host.

DescriptionThe remote version of the Remote Desktop Protocol Server (Terminal Service) isvulnerable to a man-in-the-middle (MiTM) attack. The RDP client makes no effort tovalidate the identity of the server when setting up encryption. An attacker with theability to intercept traffic from the RDP server can establish encryption with the clientand server without being detected. A MiTM attack of this nature would allow theattacker to obtain any sensitive information transmitted, including authenticationcredentials.

This flaw exists because the RDP server stores a hard-coded RSA private key in themstlsapi.dll library. Any local user with access to this file (on any Windows system)can retrieve the key and use it for this attack.

See Also

http://www.oxid.it/downloads/rdp-gbu.pdf

http://www.nessus.org/u?e2628096

http://technet.microsoft.com/en-us/library/cc782610.aspx

Solution- Force the use of SSL as a transport layer for this service if supported, or/and

- Select the 'Allow connections only from computers running Remote Desktop withNetwork Level Authentication' setting if it is available.

Risk FactorMedium

CVSS Base Score5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVSS Temporal Score4.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

References

BID 13818

CVE CVE-2005-1794

XREF OSVDB:17131

Plugin Information:



Publication date: 2005/06/01, Modification date: 2014/03/04

Hosts

192.168.232.131 (tcp/3389)

51192 (1) - SSL Certificate Cannot Be Trusted

SynopsisThe SSL certificate for this service cannot be trusted.

DescriptionThe server's X.509 certificate does not have a signature from a known public certificateauthority. This situation can occur in three different ways, each of which results in abreak in the chain below which certificates cannot be trusted.

First, the top of the certificate chain sent by the server might not be descended from aknown public certificate authority. This can occur either when the top of the chain is anunrecognized, self-signed certificate, or when intermediate certificates are missing thatwould connect the top of the certificate chain to a known public certificate authority.

Second, the certificate chain may contain a certificate that is not valid at the time ofthe scan. This can occur either when the scan occurs before one of the certificate's'notBefore' dates, or after one of the certificate's 'notAfter' dates.

Third, the certificate chain may contain a signature that either didn't match thecertificate's information, or could not be verified. Bad signatures can be fixed by gettingthe certificate with the bad signature to be re-signed by its issuer. Signatures that couldnot be verified are the result of the certificate's issuer using a signing algorithm thatNessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it moredifficult for users to verify the authenticity and identity of the web server. This couldmake it easier to carry out man-in-the-middle attacks against the remote host.

SolutionPurchase or generate a proper certificate for this service.

Risk FactorMedium

CVSS Base Score6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)


Hosts

192.168.232.131 (tcp/3389)

The following certificate was at the top of the certificatechain sent by the remote host, but is signed by an unknowncertificate authority :



|-Subject : CN=WIN-LRFFK6NI0BQ|-Issuer : CN=WIN-LRFFK6NI0BQ

57582 (1) - SSL Self-Signed Certificate

SynopsisThe SSL certificate chain for this service ends in an unrecognized self-signedcertificate.

DescriptionThe X.509 certificate chain for this service is not signed by a recognized certificateauthority. If the remote host is a public host in production, this nullifies the use of SSLas anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate thatis not self-signed, but is signed by an unrecognized certificate authority.

SolutionPurchase or generate a proper certificate for this service.

Risk FactorMedium

CVSS Base Score6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)


Hosts

192.168.232.131 (tcp/3389)

The following certificate was found at the top of thecertificatechain sent by the remote host, but is self-signed and wasnotfound in the list of known certificate authorities :

|-Subject : CN=WIN-LRFFK6NI0BQ

57608 (1) - SMB Signing Required

SynopsisSigning is not required on the remote SMB server.

DescriptionSigning is not required on the remote SMB server. This can allow man-in-the-middleattacks against the SMB server.

See Also

http://support.microsoft.com/kb/887429


http://www.nessus.org/u?74b80723



http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html

http://www.nessus.org/u?a3cac4ea

SolutionEnforce message signing in the host's configuration. On Windows, this is found in thepolicy setting 'Microsoft network server:Digitally sign communications (always)'. On Samba, the setting is called 'serversigning'. See the 'see also' links for further details.

Risk FactorMedium

CVSS Base Score5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Temporal Score3.7 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)


Hosts

192.168.232.131 (tcp/445)

57690 (1) - Terminal Services Encryption Level is Medium or Low

SynopsisThe remote host is using weak cryptography.

DescriptionThe remote Terminal Services service is not configured to use strong cryptography.

Using weak cryptography with this service may allow an attacker to eavesdrop on thecommunications more easily and obtain screenshots and/or keystrokes.

SolutionChange RDP encryption level to one of :

3. High

4. FIPS Compliant

Risk FactorMedium

CVSS Base Score4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)


Hosts

192.168.232.131 (tcp/3389)



The terminal services encryption level is set to :

2. Medium

58453 (1) - Terminal Services Doesn't Use Network Level Authentication (NLA)

SynopsisThe remote Terminal Services doesn't use Network Level Authentication.

DescriptionThe remote Terminal Services is not configured to use Network Level Authentication(NLA). NLA uses the Credential Security Support Provider (CredSSP) protocol toperform strong server authentication either through TLS/SSL or Kerberos mechanisms,which protect against man-in-the-middle attacks. In addition to improvingauthentication, NLA also helps protect the remote computer from malicious users andsoftware by completing user authentication before a full RDP connection is established.

See Also


http://www.nessus.org/u?e2628096

SolutionEnable Network Level Authentication (NLA) on the remote RDP server. This isgenerally done on the 'Remote' tab of the 'System' settings on Windows.

Risk FactorMedium

CVSS Base Score4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)


Hosts

192.168.232.131 (tcp/3389)

30218 (1) - Terminal Services Encryption Level is not FIPS-140 Compliant

SynopsisThe remote host is not FIPS-140 compliant.

DescriptionThe encryption setting used by the remote Terminal Services service is not FIPS-140compliant.

SolutionChange RDP encryption level to :

4. FIPS Compliant

Risk FactorLow

CVSS Base Score



2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)


Hosts

192.168.232.131 (tcp/3389)

The terminal services encryption level is set to :

2. Medium (Client Compatible)

34324 (1) - FTP Supports Clear Text Authentication

SynopsisAuthentication credentials might be intercepted.

DescriptionThe remote FTP server allows the user's name and password to be transmitted in cleartext, which could be intercepted by a network sniffer or a man-in-the-middle attack.

SolutionSwitch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the lattercase, configure the server so that control connections are encrypted.

Risk FactorLow

CVSS Base Score2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References

XREF CWE:522

XREF CWE:523


Hosts

192.168.232.131 (tcp/21)

This FTP server does not support 'AUTH TLS'.

65821 (1) - SSL RC4 Cipher Suites Supported

SynopsisThe remote service supports the use of the RC4 cipher.

DescriptionThe remote host supports the use of RC4 in one or more cipher suites.The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so thata wide variety of small biases are introduced into the stream, decreasing its



randomness.

If plaintext is repeatedly encrypted (e.g. HTTP cookies), and an attacker is able toobtain many (i.e. tens of millions) ciphertexts, the attacker may be able to derive theplaintext.

See Also

http://www.nessus.org/u?217a3666

http://cr.yp.to/talks/2013.03.12/slides.pdf

http://www.isg.rhul.ac.uk/tls/

SolutionReconfigure the affected application, if possible, to avoid use of RC4 ciphers. Considerusing TLS 1.2 with AES-GCM suites subject to browser and web server support.

Risk FactorLow

CVSS Base Score2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Temporal Score2.3 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References

BID 58796

CVE CVE-2013-2566

XREF OSVDB:91162


Hosts

192.168.232.131 (tcp/3389)

Here is the list of RC4 cipher suites supported by theremote server :

High Strength Ciphers (>= 112-bit key)

TLSv1RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

The fields above are :

{OpenSSL ciphername}Kx={key exchange}Au={authentication}Enc={symmetric encryption method}Mac={message authentication code}



{export flag}

10736 (9) - DCE Services Enumeration

SynopsisA DCE/RPC service is running on the remote host.

DescriptionBy sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it waspossible to enumerate the Distributed Computing Environment (DCE) services runningon the remote port. Using this information it is possible to connect and bind to eachservice by sending an RPC request to the remote port/pipe.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/135)

The following DCERPC services are available locally :

Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Local RPC serviceNamed pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Local RPC serviceNamed pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Local RPC serviceNamed pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Local RPC serviceNamed pipe : securityevent



Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Local RPC serviceNamed pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Local RPC serviceNamed pipe : LRPC-b2ffe9657985fe04f0

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0Description : Certificate ServiceWindows process : unknownType : Local RPC serviceNamed pipe : OLEC8B83A9FFD3E4C27B1B7D15A973D

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0Description : Telephony serviceWindows process : svchost.exeAnnotation : Unimodem LRPC EndpointType : Local RPC serviceNamed pipe : tapsrvlpc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0Description : Telephony serviceWindows process : svchost.exeAnnotation : Unimodem LRPC EndpointType : Local RPC serviceNamed pipe : unimdmsvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0Description : Internet Information Service (IISAdmin)Windows process : inetinfo.exeType : Local RPC serviceNamed pipe : OLE548A757299A64E00A83DDE0D21B6

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0Description : Internet Information Service (IISAdmin)Windows process : inetinfo.exeType : Local RPC serviceNamed pipe : INETINFO_LPC

Object UUID : bed8344c-b217-41db-bfd5-90a4c9e54799UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0Description : Distributed Transaction CoordinatorWindows process : msdtc.exeType : Local RPC serviceNamed pipe : LRPC-3ebc4dff61c795ff55



Object UUID : 5586d186-e3de-46a0-932c-74ac1fe95577UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0Description : Distributed Transaction CoordinatorWindows process : msdtc.exeType : Local RPC serviceNamed pipe : LRPC-3ebc4dff61c795ff55

Object UUID : 88048087-b270-4360-a635-68008eb0f4f8UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0Description : Distributed Transaction CoordinatorWindows process : msdtc.exeType : Local RPC serviceNamed pipe : LRPC-3ebc4dff61c795ff55

Object UUID : 58fa6f06-e9ac-423f-b390-fd91e93b857eUUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0Description : Distributed Transaction CoordinatorWindows process : msdtc.exeType : Local RPC serviceNamed pipe : LRPC-3ebc4dff61c795ff55

Object UUID : 447609d5-ffe2-4ac0-a4f6-8b747b8feb04UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0Description : Distributed Transaction CoordinatorWindows process : msdtc.exeType : Local RPC serviceNamed pipe : OLE8C7ED099B23A482FA22541210CB1

Object UUID : 447609d5-ffe2-4ac0-a4f6-8b747b8feb04UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0Description : Distributed Transaction CoordinatorWindows process : msdtc.exeType : Local RPC serviceNamed pipe : LRPC-d22f7cd1f30db6eac4

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0Description : IPsec Services (Windows XP & 2003)Windows process : lsass.exeAnnotation : IPSec Policy agent endpointType : Local RPC serviceNamed pipe : LRPC-b705cee08a0143015f

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0Description : Unknown RPC serviceAnnotation : Spooler function endpointType : Local RPC serviceNamed pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0Description : Unknown RPC serviceAnnotation : Spooler base remote object endpointType : Local RPC serviceNamed pipe : spoolss



Object UUID : 00000000-0000-0000-0000-000000000000UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0Description : Unknown RPC serviceAnnotation : Spooler function endpointType : Local RPC serviceNamed pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0Description : Unknown RPC serviceAnnotation : Base Firewall Engine APIType : Local RPC serviceNamed pipe : LRPC-bee08a3f8008a92c31

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0Description : Unknown RPC serviceAnnotation : Fw APIsType : Local RPC serviceNamed pipe : LRPC-bee08a3f8008a92c31

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0Description : Unknown RPC serviceAnnotation : Fw APIsType : Local RPC serviceNamed pipe : LRPC-bee08a3f8008a92c31

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0Description : Unknown RPC serviceAnnotation : NSI server endpointType : Local RPC serviceNamed pipe : OLECF0A697FC0D54914B047201ED257

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0Description : Unknown RPC serviceAnnotation : NSI server endpointType : Local RPC serviceNamed pipe : LRPC-024074da66b49632bb

Object UUID : 6c637067-6569-746e-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : LRPC-1cc10310f75b4158a2

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : LRPC-1cc10310f75b4158a2

Object UUID : 666f7270-6c69-7365-0000-000000000000



UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0



Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0Description : Unknown RPC serviceType : Local RPC service



Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C

Object UUID : 00000000-0000-0000-0000-000000000000UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0Description : Unknown RPC serviceAnnotation : IKE/Authip APIType : Local RPC serviceNamed pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0Description : Unknown RPC serviceAnnotation : IKE/Authip APIType : Local RPC serviceNamed pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0Description : Unknown RPC serviceAnnotation : IKE/Authip APIType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0Description : Unknown RPC serviceAnnotation : IKE/Authip APIType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C

Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : IUserProfile2

Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : senssvc

Object UUID : 73736573-6f69-656e-6e76-000000000000



UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint

Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C

Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : IUserProfile2



Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C

Object UUID : 00000000-0000-0000-0000-000000000000



UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C

Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Local RPC serviceNamed pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Local RPC serviceNamed pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0



Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Local RPC serviceNamed pipe : SECLOGON

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Local RPC serviceNamed pipe : RasmanRpc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0Description : Unknown RPC serviceAnnotation : Event log TCPIPType : Local RPC serviceNamed pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0Description : DHCP Client ServiceWindows process : svchost.exeAnnotation : DHCP Client LRPC EndpointType : Local RPC serviceNamed pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0Description : DHCP Client ServiceWindows process : svchost.exeAnnotation : DHCP Client LRPC EndpointType : Local RPC serviceNamed pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0Description : Unknown RPC serviceAnnotation : DHCPv6 Client LRPC EndpointType : Local RPC serviceNamed pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000



UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0Description : Unknown RPC serviceAnnotation : DHCPv6 Client LRPC EndpointType : Local RPC serviceNamed pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0Description : Unknown RPC serviceAnnotation : DHCPv6 Client LRPC EndpointType : Local RPC serviceNamed pipe : dhcpcsvc6

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : WMsgKRpc01318F1

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0Description : Unknown RPC serviceAnnotation : Secure Desktop LRPC interfaceType : Local RPC serviceNamed pipe : WMsgKRpc01318F1

Object UUID : 6d726574-7273-0076-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : LRPC-ec3268d65fae4e77fa

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : WMsgKRpc0131980

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : WMsgKRpc0131980

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : WindowsShutdown



Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : LRPC-b2ffe9657985fe04f0

Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : audit

Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : securityevent

Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : protected_storage

Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : dsrole

Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Local RPC serviceNamed pipe : LRPC-b2ffe9657985fe04f0

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Local RPC serviceNamed pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000



UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Local RPC serviceNamed pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Local RPC serviceNamed pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Local RPC serviceNamed pipe : dsrole

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Local RPC serviceNamed pipe : samss lpc

192.168.232.131 (tcp/445)

The following DCERPC services are available remotely :

Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Remote RPC serviceNamed pipe : \PIPE\protected_storageNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Remote RPC serviceNamed pipe : \pipe\lsassNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0Description : Certificate ServiceWindows process : unknownType : Remote RPC serviceNamed pipe : \pipe\certNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000



UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0Description : Telephony serviceWindows process : svchost.exeAnnotation : Unimodem LRPC EndpointType : Remote RPC serviceNamed pipe : \pipe\tapsrvNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0Description : Internet Information Service (IISAdmin)Windows process : inetinfo.exeType : Remote RPC serviceNamed pipe : \PIPE\INETINFONetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0Description : Unknown RPC serviceAnnotation : IKE/Authip APIType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0



Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Remote RPC serviceNamed pipe : \PIPE\srvsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceNamed pipe : \PIPE\srvsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceNamed pipe : \PIPE\srvsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceNamed pipe : \PIPE\srvsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC service



Named pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceNamed pipe : \PIPE\srvsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Remote RPC serviceNamed pipe : \PIPE\srvsvcNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Remote RPC serviceNamed pipe : \PIPE\ROUTERNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0Description : Unknown RPC serviceAnnotation : Event log TCPIPType : Remote RPC serviceNamed pipe : \pipe\eventlogNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0Description : DHCP Client ServiceWindows process : svchost.exeAnnotation : DHCP Client LRPC EndpointType : Remote RPC serviceNamed pipe : \pipe\eventlogNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0Description : Unknown RPC serviceAnnotation : DHCPv6 Client LRPC EndpointType : Remote RPC service



Named pipe : \pipe\eventlogNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceNamed pipe : \PIPE\InitShutdownNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceNamed pipe : \PIPE\InitShutdownNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Remote RPC serviceNamed pipe : \pipe\lsassNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Remote RPC serviceNamed pipe : \PIPE\protected_storageNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Remote RPC serviceNamed pipe : \pipe\lsassNetbios name : \\WIN-LRFFK6NI0BQ

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Remote RPC serviceNamed pipe : \PIPE\protected_storageNetbios name : \\WIN-LRFFK6NI0BQ

192.168.232.131 (tcp/49152)

The following DCERPC services are available on TCP port49152 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0



Description : Unknown RPC serviceType : Remote RPC serviceTCP Port : 49152IP : 192.168.232.131

192.168.232.131 (tcp/49153)


Object UUID : 00000000-0000-0000-0000-000000000000UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0Description : Unknown RPC serviceAnnotation : Event log TCPIPType : Remote RPC serviceTCP Port : 49153IP : 192.168.232.131

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0Description : DHCP Client ServiceWindows process : svchost.exeAnnotation : DHCP Client LRPC EndpointType : Remote RPC serviceTCP Port : 49153IP : 192.168.232.131

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0Description : Unknown RPC serviceAnnotation : DHCPv6 Client LRPC EndpointType : Remote RPC serviceTCP Port : 49153IP : 192.168.232.131

192.168.232.131 (tcp/49154)


Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Remote RPC serviceTCP Port : 49154IP : 192.168.232.131

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Remote RPC serviceTCP Port : 49154IP : 192.168.232.131



192.168.232.131 (tcp/49155)


Object UUID : 00000000-0000-0000-0000-000000000000UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131

Object UUID : 00000000-0000-0000-0000-000000000000UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0Description : Unknown RPC serviceAnnotation : IKE/Authip APIType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131

Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131

Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfo



Type : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131

Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131

192.168.232.131 (tcp/49156)


Object UUID : 00000000-0000-0000-0000-000000000000UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0Description : Service Control ManagerWindows process : svchost.exeType : Remote RPC serviceTCP Port : 49156IP : 192.168.232.131

192.168.232.131 (tcp/49157)


Object UUID : 00000000-0000-0000-0000-000000000000UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0Description : Internet Information Service (IISAdmin)Windows process : inetinfo.exeType : Remote RPC serviceTCP Port : 49157IP : 192.168.232.131

192.168.232.131 (tcp/49159)


Object UUID : 00000000-0000-0000-0000-000000000000UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0Description : Certificate ServiceWindows process : unknownType : Remote RPC serviceTCP Port : 49159IP : 192.168.232.131

11219 (4) - Nessus SYN scanner

Synopsis



It is possible to determine which TCP ports are open.

DescriptionThis plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even againsta firewalled target.

Note that SYN scans are less intrusive than TCP (full connect) scans against brokenservices, but they might cause problems for less robust firewalls and also leaveunclosed connections on the remote target, if the network is loaded.

SolutionProtect your target with an IP filter.

Risk FactorNone


Hosts

192.168.232.131 (tcp/21)

Port 21/tcp was found to be open

192.168.232.131 (tcp/80)


192.168.232.131 (tcp/135)


192.168.232.131 (tcp/3389)


22964 (2) - Service Detection

SynopsisThe remote service could be identified.

DescriptionIt was possible to identify the remote service by its banner or by looking at the errormessage it sends when it receives an HTTP request.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/21)



An FTP server is running on this port.

192.168.232.131 (tcp/80)

A web server is running on this port.

10092 (1) - FTP Server Detection

SynopsisAn FTP server is listening on this port.

DescriptionIt is possible to obtain the banner of the remote FTP server by connecting to theremote port.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/21)

The remote FTP banner is :

220 Microsoft FTP Service

10107 (1) - HTTP Server Type and Version

SynopsisA web server is running on the remote host.

DescriptionThis plugin attempts to determine the type and the version of the remote web server.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/80)

The remote web server type is :

Microsoft-IIS/7.0



10287 (1) - Traceroute Information

SynopsisIt was possible to obtain traceroute information.

DescriptionMakes a traceroute to the remote host.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (udp/0)

For your information, here is the traceroute from192.168.232.1 to 192.168.232.131 : 192.168.232.1192.168.232.131

10394 (1) - Microsoft Windows SMB Log In Possible

SynopsisIt is possible to log into the remote host.

DescriptionThe remote host is running Microsoft Windows operating system or Samba, aCIFS/SMB server for Unix. It was possible to log into it using one of the followingaccounts :

- NULL session- Guest account- Given Credentials

See Also



Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/445)



- NULL sessions are enabled on the remote host

10785 (1) - Microsoft Windows SMB NativeLanManager Remote SystemInformation Disclosure

SynopsisIt is possible to obtain information about the remote operating system.

DescriptionIt is possible to get the remote operating system name and version (Windows and/orSamba) by sending an authentication request to port 139 or 445.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/445)

The remote Operating System is : Windows Server (R) 2008Standard 6002 Service Pack 2The remote native lan manager is : Windows Server (R) 2008Standard 6.0The remote SMB Domain Name is : WIN-LRFFK6NI0BQ

10863 (1) - SSL Certificate Information

SynopsisThis plugin displays the SSL certificate.

DescriptionThis plugin connects to every SSL-related port and attempts to extract and dump theX.509 certificate.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/3389)

Subject Name:

Common Name: WIN-LRFFK6NI0BQ

Issuer Name:




Serial Number: 77 47 2A 1F BF 3A 8B A5 4A 77 6E 9C 35 25 803F

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Nov 13 08:48:48 2014 GMTNot Valid After: May 15 08:48:48 2015 GMT

Public Key Info:

Algorithm: RSA EncryptionKey Length: 2048 bitsPublic Key: 00 D5 1C 66 D4 45 58 09 DE A3 FD B7 14 3E B9 6604 B7 24 81 9A 2E 97 08 DB 1F 44 B8 F1 94 B8 A2 EF F8 6E 1B A4 38 BC B3 00 5E 67 F8 2D 72 F6 05 78 E9 BC 50 60 18 6C 78 51 81 4D B3 AF 65 C8 68 26 4E E7 CC E2 00 BE 02 55 5D A4 0E F6 34 82 32 AD EF B0 FA 53 17 FA 53 79 39 C0 80 1C 0D 72 FB FD 44 B2 5D A8 4B 00 86 22 70 6E FA D0 E2 B1 76 36 A5 99 47 A6 2C 8C 64 79 A9 E8 B6 DA 66 01 22 A7 12 8A CC 59 29 01 F4 3F 3D F9 05 03 2E DE 8A BB B0 53 28 DE BC CD D4 10 B3 2B 24 63 27 C3 AD 13 DB D1 12 7C A3 45 85 D2 0E B9 81 B1 EF 0B E3 A1 02 04 A5 E7 75 3F 06 28 28 CD 86 73 CC 83 B0 54 26 67 FE BD F6 54 3C EA 88 B5 FA 52 8F 60 8C FF 86 59 67 4C 69 0D E6 CE 92 84 25 7F 8C 93 5F 54 02 DB F0 EC C4 24 8F FE A4 B5 35 DF A5 FB 6D 9E D5 BC DD 29 8B F2 2C 61 CA C4 7B E9 1B FD 69 6D Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bitsSignature: 00 6D EA 62 D1 4F 36 64 FF 5C 1E 28 7A 53 1C 5142 F2 A1 8B 92 32 3B E6 93 2C 60 E1 68 5E 0E 8C 81 1D C2 C2 17 F7 56 49 FF 0E D2 74 A8 67 75 F7 49 3C B5 89 24 D3 61 D0 EC 31 BA 97 4A 70 92 AE EE 97 F6 B6 44 1B B1 02 78 D3 BF 0A C0 87 06 96 1E B6 A7 6D E7 73 50 27 F5 D7 B6 68 35 8E D9 4B 6D FF 09 D8 F3 10 00 80 4C 31 16 C4 AA 19 73 CA 4C 69 22 5E E1 CE 02 67 D3 19 5C 57 10 A3 23 79 55 CD 80 7C 73 82 94 B1 E1 9B C3 39 9B 9E C3 D0 10 81 F2 A2 49 67 98 E2 8C 4C F7 E1 D1 4F AF 57 73 0D F9 FE 61 50 62 00 59 0C FD 35 65 39 81 18 4C B3 A8 5E 82 E8 B0 C6 A2 2A E5 BE 5B 2C 70 94 F3 AA 53 C4 85 04 14 DF A5 C8 3D 1D 05 0D 87 D3 17 98 36 31 53 54 7E EF C1 9B 90 61 4D 13 F6 18 28 06 76 C3 D1 D7 BE B0 C7 94 01 40 98 96 06 E8 1D E1 45 31 D2 79 A0 D9 93 BF 87 5C 7E 1C DB 88 A7

Extension: Extended Key Usage (2.5.29.37)Critical: 0Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)

Extension: Key Usage (2.5.29.15)Critical: 0Key Usage: Key Encipherment, Data Encipherment



10940 (1) - Windows Terminal Services Enabled

SynopsisThe remote Windows host has Terminal Services enabled.

DescriptionTerminal Services allows a Windows user to remotely obtain a graphical login (andtherefore act as a local user on the remote host).

If an attacker gains a valid login and password, this service could be used to gainfurther access on the remote host. An attacker may also use this service to mount adictionary attack against the remote host to try to log in remotely.

Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middleattacks, making it easy for attackers to steal the credentials of legitimate users byimpersonating the Windows server.

SolutionDisable Terminal Services if you do not use it, and do not allow this service to runacross the Internet.

Risk FactorNone


Hosts

192.168.232.131 (tcp/3389)

11011 (1) - Microsoft Windows SMB Service Detection

SynopsisA file / print sharing service is listening on the remote host.

DescriptionThe remote service understands the CIFS (Common Internet File System) or ServerMessage Block (SMB) protocol, used to provide shared access to files, printers, etcbetween nodes on a network.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/445)

A CIFS server is running on this port.



11422 (1) - Web Server Unconfigured - Default Install Page Present

SynopsisThe remote web server is not configured or is not properly configured.

DescriptionThe remote web server uses its default welcome page. It probably means that thisserver is not used at all or is serving content that is meant to be hidden.

SolutionDisable this service if you do not use it.

Risk FactorNone

References

XREF OSVDB:3233


Hosts

192.168.232.131 (tcp/80)

The default welcome page is from IIS.

11936 (1) - OS Identification

SynopsisIt is possible to guess the remote operating system.

DescriptionUsing a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it ispossible to guess the name of the remote operating system in use. It is alsosometimes possible to guess the version of the operating system.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/0)

Remote operating system : Microsoft Windows Server 2008Standard Service Pack 2Confidence Level : 99Method : MSRPC



The remote host is running Microsoft Windows Server 2008Standard Service Pack 2

19506 (1) - Nessus Scan Information

SynopsisInformation about the Nessus scan.

DescriptionThis script displays, for each tested host, information about the scan itself :

- The version of the plugin set- The type of scanner (Nessus or Nessus Home)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/0)

Information about this scan :

Nessus version : 5.2.7Plugin feed version : 201411131815Scanner edition used : Nessus HomeScan policy used : Vulnerability scanScanner IP : 192.168.232.1Port scanner(s) : nessus_syn_scanner Port range : defaultThorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : disabledWeb application tests : disabledMax hosts : 80



Max checks : 5Recv timeout : 5Backports : NoneAllow post-scan editing: YesScan Start Date : 2014/11/14 11:53 Pacific Standard TimeScan duration : 663 sec

20094 (1) - VMware Virtual Machine Detection

SynopsisThe remote host seems to be a VMware virtual machine.

DescriptionAccording to the MAC address of its network adapter, the remote host is a VMwarevirtual machine.

Since it is physically accessible through the network, ensure that its configurationmatches your organization's security policy.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/0)

21643 (1) - SSL Cipher Suites Supported

SynopsisThe remote service encrypts communications using SSL.

DescriptionThis script detects which SSL ciphers are supported by the remote service forencrypting communications.

See Also

http://www.openssl.org/docs/apps/ciphers.html

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/3389)



Here is the list of SSL ciphers supported by the remoteserver :Each group is reported per SSL Version.

SSL Version : TLSv1High Strength Ciphers (>= 112-bit key)ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128)Mac=SHA1 ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256)Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1 AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1 AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1


{OpenSSL ciphername}Kx={key exchange}Au={authentication}Enc={symmetric encryption method}Mac={message authentication code}{export flag}

24260 (1) - HyperText Transfer Protocol (HTTP) Information

SynopsisSome information about the remote HTTP configuration can be extracted.

DescriptionThis test gives some information about the remote HTTP protocol - the version used,whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...

This test is informational only and does not denote any security problem.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/80)

Protocol version : HTTP/1.1SSL : noKeep-Alive : noOptions allowed : OPTIONS, TRACE, GET, HEAD, POSTHeaders :

Content-Type: text/html



Last-Modified: Fri, 14 Nov 2014 03:43:13 GMTAccept-Ranges: bytesETag: "2877c71dbdffcf1:0"Server: Microsoft-IIS/7.0X-Powered-By: ASP.NETDate: Fri, 14 Nov 2014 19:59:23 GMTContent-Length: 689

24786 (1) - Nessus Windows Scan Not Performed with Admin Privileges

SynopsisThe Nessus scan of this host may be incomplete due to insufficient privilegesprovided.

DescriptionThe Nessus scanner testing the remote host has been given SMB credentials to loginto the remote host, however these credentials do not have administrative privileges.

Typically, when Nessus performs a patch audit, it logs into the remote host and readsthe version of the DLLs on the remote host to determine if a given patch has beenapplied or not. This is the method Microsoft recommends to determine if a patch hasbeen applied.

If your Nessus scanner does not have administrative privileges when doing a scan,then Nessus has to fall back to perform a patch audit through the registry which maylead to false positives (especially when using third-party patch auditing tools) or tofalse negatives (not all patches can be detected through the registry).

SolutionReconfigure your scanner to use credentials with administrative privileges.

Risk FactorNone


Hosts

192.168.232.131 (tcp/0)

It was not possible to connect to '\\WIN-LRFFK6NI0BQ\ADMIN$'with the supplied credentials.

25220 (1) - TCP/IP Timestamps Supported

SynopsisThe remote service implements TCP timestamps.

DescriptionThe remote host implements TCP timestamps, as defined by RFC1323. A side effectof this feature is that the uptime of the remote host can sometimes be computed.

See Also

http://www.ietf.org/rfc/rfc1323.txt



Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/0)

26917 (1) - Microsoft Windows SMB Registry : Nessus Cannot Access theWindows Registry

SynopsisNessus is not able to access the remote Windows Registry.

DescriptionIt was not possible to connect to PIPE\winreg on the remote host.

If you intend to use Nessus to perform registry-based checks, the registry checks willnot work because the 'Remote Registry Access'service (winreg) has been disabled on the remote host or can not be connected to withthe supplied credentials.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/445)

Could not connect to the registry because:Could not connect to \winreg

35705 (1) - SMB Registry : Starting the Registry Service during the scan failed

SynopsisThe registry service could not be enabled for the duration of the scan.

DescriptionTo perform a full credentialed scan, Nessus needs the ability to connect to the remoteregistry service (RemoteRegistry).

Nessus attempted to start the service but failed, therefore some local checks will notbe performed against the remote host.

Solutionn/a



Risk FactorNone


Hosts

192.168.232.131 (tcp/0)

The following error occurred :

OpenSCManager() failed

35716 (1) - Ethernet Card Manufacturer Detection

SynopsisThe manufacturer can be deduced from the Ethernet OUI.

DescriptionEach ethernet MAC address starts with a 24-bit 'Organizationally Unique Identifier'.These OUI are registered by IEEE.

See Also

http://standards.ieee.org/faqs/OUI.html

http://standards.ieee.org/regauth/oui/index.shtml

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/0)

The following card manufacturers were identified :

00:0c:29:5e:90:54 : VMware, Inc.

42410 (1) - Microsoft Windows NTLMSSP Authentication Request RemoteNetwork Name Disclosure

SynopsisIt is possible to obtain the network name of the remote host.

DescriptionThe remote host listens on tcp port 445 and replies to SMB requests.

By sending an NTLMSSP authentication request it is possible to obtain the name of



the remote system and the name of its domain.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/445)

The following 2 NetBIOS names have been gathered :

WIN-LRFFK6NI0BQ = Computer nameWIN-LRFFK6NI0BQ = Workgroup / Domain name

43111 (1) - HTTP Methods Allowed (per directory)

SynopsisThis plugin determines which HTTP methods are allowed on various CGI directories.

DescriptionBy calling the OPTIONS method, it is possible to determine which HTTP methods areallowed on each directory.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or'Enable web applications tests' is set to 'yes'in the scan policy - various known HTTP methods on each directory and considersthem as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate thepresence of any security vulnerabilities.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/80)

Based on the response to an OPTIONS request :

- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :

/

45590 (1) - Common Platform Enumeration (CPE)



SynopsisIt is possible to enumerate CPE names that matched on the remote system.

DescriptionBy using information obtained from a Nessus scan, this plugin reports CPE (CommonPlatform Enumeration) matches for various hardware and software products found on ahost.

Note that if an official CPE is not available for the product, this plugin computes thebest possible CPE based on the information available from the scan.

See Also

http://cpe.mitre.org/

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/0)

The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2008::sp2 -> MicrosoftWindows Server 2008 Service Pack 2

Following application CPE matched on the remote system :

cpe:/a:microsoft:iis:7.0 -> Microsoft Internet InformationServices (IIS) 7.0

54615 (1) - Device Type

SynopsisIt is possible to guess the remote device type.

DescriptionBased on the remote operating system, it is possible to determine what the remotesystem type is (eg: a printer, router, general-purpose computer, etc).

Solutionn/a

Risk FactorNone


Hosts



192.168.232.131 (tcp/0)

Remote device type : general-purposeConfidence level : 99

56984 (1) - SSL / TLS Versions Supported

SynopsisThe remote service encrypts communications.

DescriptionThis script detects which SSL and TLS versions are supported by the remote servicefor encrypting communications.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/3389)

This port supports TLSv1.0.

57041 (1) - SSL Perfect Forward Secrecy Cipher Suites Supported

SynopsisThe remote service supports the use of SSL Perfect Forward Secrecy ciphers, whichmaintain confidentiality even if the key is stolen.

DescriptionThe remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy(PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot bebroken at a future date if the server's private key is compromised.

See Also


http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange

http://en.wikipedia.org/wiki/Perfect_forward_secrecy

Solutionn/a

Risk FactorNone


Hosts



192.168.232.131 (tcp/3389)

Here is the list of SSL PFS ciphers supported by the remoteserver :


TLSv1ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128)Mac=SHA1 ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256)Mac=SHA1



62563 (1) - SSL Compression Methods Supported

SynopsisThe remote service supports one or more compression methods for SSL connections.

DescriptionThis script detects which compression methods are supported by the remote servicefor SSL connections.

See Also

http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml

http://tools.ietf.org/html/rfc3749



Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/3389)

Nessus was able to confirm that the following compressionmethod is



supported by the target :

NULL (0x00)

64814 (1) - Terminal Services Use SSL/TLS

SynopsisThe remote Terminal Services use SSL/TLS.

DescriptionThe remote Terminal Services is configured to use SSL/TLS.

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/3389)

Subject Name:


Issuer Name:


Serial Number: 77 47 2A 1F BF 3A 8B A5 4A 77 6E 9C 35 25 803F

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Nov 13 08:48:48 2014 GMTNot Valid After: May 15 08:48:48 2015 GMT

Public Key Info:

Algorithm: RSA EncryptionKey Length: 2048 bitsPublic Key: 00 D5 1C 66 D4 45 58 09 DE A3 FD B7 14 3E B9 6604 B7 24 81 9A 2E 97 08 DB 1F 44 B8 F1 94 B8 A2 EF F8 6E 1B A4 38 BC B3 00 5E 67 F8 2D 72 F6 05 78 E9 BC 50 60 18 6C 78 51 81 4D B3 AF 65 C8 68 26 4E E7 CC E2 00 BE 02 55 5D A4 0E F6 34 82 32 AD EF B0 FA 53 17 FA 53 79 39 C0 80 1C 0D 72 FB FD 44 B2 5D A8 4B 00 86 22 70 6E FA D0 E2 B1 76 36 A5 99 47 A6 2C 8C 64 79 A9 E8 B6 DA 66 01 22 A7 12 8A CC 59 29 01 F4 3F 3D F9 05 03 2E DE 8A BB B0 53 28 DE BC CD D4 10 B3 2B 24 63 27 C3 AD 13 DB D1 12 7C A3 45 85 D2 0E B9 81 B1 EF 0B E3 A1 02 04 A5 E7 75 3F 06 28 28 CD 86 73 CC 83 B0 54 26 67 FE BD F6 54 3C



EA 88 B5 FA 52 8F 60 8C FF 86 59 67 4C 69 0D E6 CE 92 84 25 7F 8C 93 5F 54 02 DB F0 EC C4 24 8F FE A4 B5 35 DF A5 FB 6D 9E D5 BC DD 29 8B F2 2C 61 CA C4 7B E9 1B FD 69 6D Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bitsSignature: 00 6D EA 62 D1 4F 36 64 FF 5C 1E 28 7A 53 1C 5142 F2 A1 8B 92 32 3B E6 93 2C 60 E1 68 5E 0E 8C 81 1D C2 C2 17 F7 56 49 FF 0E D2 74 A8 67 75 F7 49 3C B5 89 24 D3 61 D0 EC 31 BA 97 4A 70 92 AE EE 97 F6 B6 44 1B B1 02 78 D3 BF 0A C0 87 06 96 1E B6 A7 6D E7 73 50 27 F5 D7 B6 68 35 8E D9 4B 6D FF 09 D8 F3 10 00 80 4C 31 16 C4 AA 19 73 CA 4C 69 22 5E E1 CE 02 67 D3 19 5C 57 10 A3 23 79 55 CD 80 7C 73 82 94 B1 E1 9B C3 39 9B 9E C3 D0 10 81 F2 A2 49 67 98 E2 8C 4C F7 E1 D1 4F AF 57 73 0D F9 FE 61 50 62 00 59 0C FD 35 65 39 81 18 4C B3 A8 5E 82 E8 B0 C6 A2 2A E5 BE 5B 2C 70 94 F3 AA 53 C4 85 04 14 DF A5 C8 3D 1D 05 0D 87 D3 17 98 36 31 53 54 7E EF C1 9B 90 61 4D 13 F6 18 28 06 76 C3 D1 D7 BE B0 C7 94 01 40 98 96 06 E8 1D E1 45 31 D2 79 A0 D9 93 BF 87 5C 7E 1C DB 88 A7

Extension: Extended Key Usage (2.5.29.37)Critical: 0Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)

Extension: Key Usage (2.5.29.15)Critical: 0Key Usage: Key Encipherment, Data Encipherment

66334 (1) - Patch Report

SynopsisThe remote host is missing several patches.

DescriptionThe remote host is missing one or several security patches. This plugin lists thenewest version of each patch to install to make sure the remote host is up-to-date.

SolutionInstall the patches listed below.

Risk FactorNone


Hosts

192.168.232.131 (tcp/0)

. You need to take the following 2 actions:

[ Microsoft Windows Remote Desktop Protocol Server Man-in-



the-Middle Weakness (18405) ]

+ Action to take: - Force the use of SSL as a transportlayer for this service if supported, or/and

- Select the 'Allow connections only from computers runningRemote Desktop with Network Level Authentication' setting ifit is available.

[ MS12-020: Vulnerabilities in Remote Desktop Could AllowRemote Code Execution (2671387) (uncredentialed check)(58435) ]

+ Action to take: Microsoft has released a set of patchesfor Windows XP, 2003, Vista, 2008, 7, and 2008 R2.

Note that an extended support contract with Microsoft isrequired to obtain the patch for this vulnerability forWindows 2000.

+ Impact: Taking this action will resolve 2 differentvulnerabilities (CVEs).

70544 (1) - SSL Cipher Block Chaining Cipher Suites Supported

SynopsisThe remote service supports the use of SSL Cipher Block Chaining ciphers, whichcombine previous blocks with subsequent ones.

DescriptionThe remote host supports the use of SSL ciphers that operate in Cipher Block Chaining(CBC) mode. These cipher suites offer additional security over Electronic Codebook(ECB) mode, but have the potential to leak information if used improperly.

See Also


http://www.nessus.org/u?cc4a822a

http://www.openssl.org/~bodo/tls-cbc.txt

Solutionn/a

Risk FactorNone


Hosts

192.168.232.131 (tcp/3389)



Here is the list of SSL CBC ciphers supported by the remoteserver :


TLSv1ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128)Mac=SHA1 ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256)Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1 AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1 AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1



This is a report from the Nessus Vulnerability Scanner .Nessus is published by Tenable Network Security, Inc | 7021 Columbia Gateway Drive Suite 500, Columbia, MD 21046

© 2014 Tenable Network Security, Inc. All rights reserved.