nessus scan report - weeblykofappia.weebly.com/uploads/5/4/9/6/54965689/nessus_scan... · 2020. 2....
TRANSCRIPT
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 1/59
Nessus Scan Report14/Nov/2014:11:53:40
Nessus Home: Commercial use of the report isprohibited
Any time Nessus is used in a commercial environment you MUSTmaintain an active subscription to the Nessus Feed in order to becompliant with our licenseagreement.http://www.tenable.com/products/nessus
Table Of Contents
Hosts Summary (Executive)
192.168.232.131
Vulnerabilities By Host
192.168.232.131
Vulnerabilities By Plugin
40887 (1) - MS09-050: Microsoft Windows SMB2_Smb2ValidateProviderCallback() Vulnerability (975497) (uncredentialedcheck)
58435 (1) - MS12-020: Vulnerabilities in Remote Desktop Could AllowRemote Code Execution (2671387) (uncredentialed check)
18405 (1) - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness
51192 (1) - SSL Certificate Cannot Be Trusted
57582 (1) - SSL Self-Signed Certificate
57608 (1) - SMB Signing Required
57690 (1) - Terminal Services Encryption Level is Medium or Low
58453 (1) - Terminal Services Doesn't Use Network Level Authentication(NLA)
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 2/59
30218 (1) - Terminal Services Encryption Level is not FIPS-140 Compliant
34324 (1) - FTP Supports Clear Text Authentication
65821 (1) - SSL RC4 Cipher Suites Supported
10736 (9) - DCE Services Enumeration
11219 (4) - Nessus SYN scanner
22964 (2) - Service Detection
10092 (1) - FTP Server Detection
10107 (1) - HTTP Server Type and Version
10287 (1) - Traceroute Information
10394 (1) - Microsoft Windows SMB Log In Possible
10785 (1) - Microsoft Windows SMB NativeLanManager Remote SystemInformation Disclosure
10863 (1) - SSL Certificate Information
10940 (1) - Windows Terminal Services Enabled
11011 (1) - Microsoft Windows SMB Service Detection
11422 (1) - Web Server Unconfigured - Default Install Page Present
11936 (1) - OS Identification
19506 (1) - Nessus Scan Information
20094 (1) - VMware Virtual Machine Detection
21643 (1) - SSL Cipher Suites Supported
24260 (1) - HyperText Transfer Protocol (HTTP) Information
24786 (1) - Nessus Windows Scan Not Performed with Admin Privileges
25220 (1) - TCP/IP Timestamps Supported
26917 (1) - Microsoft Windows SMB Registry : Nessus Cannot Accessthe Windows Registry
35705 (1) - SMB Registry : Starting the Registry Service during the scanfailed
35716 (1) - Ethernet Card Manufacturer Detection
42410 (1) - Microsoft Windows NTLMSSP Authentication Request RemoteNetwork Name Disclosure
43111 (1) - HTTP Methods Allowed (per directory)
45590 (1) - Common Platform Enumeration (CPE)
54615 (1) - Device Type
56984 (1) - SSL / TLS Versions Supported
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 3/59
57041 (1) - SSL Perfect Forward Secrecy Cipher Suites Supported
62563 (1) - SSL Compression Methods Supported
64814 (1) - Terminal Services Use SSL/TLS
66334 (1) - Patch Report
70544 (1) - SSL Cipher Block Chaining Cipher Suites Supported
Hosts Summary (Executive)
[-] Collapse All
[+] Expand All
192.168.232.131
Summary
Critical High Medium Low Info Total
1 1 6 3 32 43
Details
Severity PluginId
Name
Critical(10.0)
40887 MS09-050: Microsoft Windows SMB2_Smb2ValidateProviderCallback() Vulnerability(975497) (uncredentialed check)
High (9.3) 58435 MS12-020: Vulnerabilities in Remote Desktop CouldAllow Remote Code Execution (2671387)(uncredentialed check)
Medium (6.4) 51192 SSL Certificate Cannot Be Trusted
Medium (6.4) 57582 SSL Self-Signed Certificate
Medium (5.1) 18405 Microsoft Windows Remote Desktop ProtocolServer Man-in-the-Middle Weakness
Medium (5.0) 57608 SMB Signing Required
Medium (4.3) 57690 Terminal Services Encryption Level is Medium orLow
Medium (4.3) 58453 Terminal Services Doesn't Use Network LevelAuthentication (NLA)
Low (2.6) 30218 Terminal Services Encryption Level is not FIPS-140Compliant
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 4/59
Low (2.6) 34324 FTP Supports Clear Text Authentication
Low (2.6) 65821 SSL RC4 Cipher Suites Supported
Info 10092 FTP Server Detection
Info 10107 HTTP Server Type and Version
Info 10287 Traceroute Information
Info 10394 Microsoft Windows SMB Log In Possible
Info 10736 DCE Services Enumeration
Info 10785 Microsoft Windows SMB NativeLanManager RemoteSystem Information Disclosure
Info 10863 SSL Certificate Information
Info 10940 Windows Terminal Services Enabled
Info 11011 Microsoft Windows SMB Service Detection
Info 11219 Nessus SYN scanner
Info 11422 Web Server Unconfigured - Default Install PagePresent
Info 11936 OS Identification
Info 19506 Nessus Scan Information
Info 20094 VMware Virtual Machine Detection
Info 21643 SSL Cipher Suites Supported
Info 22964 Service Detection
Info 24260 HyperText Transfer Protocol (HTTP) Information
Info 24786 Nessus Windows Scan Not Performed with AdminPrivileges
Info 25220 TCP/IP Timestamps Supported
Info 26917 Microsoft Windows SMB Registry : Nessus CannotAccess the Windows Registry
Info 35705 SMB Registry : Starting the Registry Service duringthe scan failed
Info 35716 Ethernet Card Manufacturer Detection
Info 42410 Microsoft Windows NTLMSSP AuthenticationRequest Remote Network Name Disclosure
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 5/59
Info 43111 HTTP Methods Allowed (per directory)
Info 45590 Common Platform Enumeration (CPE)
Info 54615 Device Type
Info 56984 SSL / TLS Versions Supported
Info 57041 SSL Perfect Forward Secrecy Cipher SuitesSupported
Info 62563 SSL Compression Methods Supported
Info 64814 Terminal Services Use SSL/TLS
Info 66334 Patch Report
Info 70544 SSL Cipher Block Chaining Cipher Suites Supported
Vulnerabilities By Host
[-] Collapse All
[+] Expand All
192.168.232.131
Scan Information
Start time: Fri Nov 14 11:53:41 2014
End time: Fri Nov 14 12:04:49 2014
Host Information
NetbiosName:
WIN-LRFFK6NI0BQ
IP: 192.168.232.131
MACAddress:
00:0c:29:5e:90:54
OS: Microsoft Windows Server 2008 Standard Service Pack 2
Results Summary
Critical High Medium Low Info Total
1 1 6 3 44 55
Results Details
0/tcp
35705 - SMB Registry : Starting the Registry Service duringthe scan failed
[-/+]
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 6/59
24786 - Nessus Windows Scan Not Performed with AdminPrivileges
[-/+]
25220 - TCP/IP Timestamps Supported [-/+]
20094 - VMware Virtual Machine Detection [-/+]
35716 - Ethernet Card Manufacturer Detection [-/+]
11936 - OS Identification [-/+]
54615 - Device Type [-/+]
45590 - Common Platform Enumeration (CPE) [-/+]
66334 - Patch Report [-/+]
19506 - Nessus Scan Information [-/+]
0/udp
10287 - Traceroute Information [-/+]
21/tcp
34324 - FTP Supports Clear Text Authentication [-/+]
11219 - Nessus SYN scanner [-/+]
22964 - Service Detection [-/+]
10092 - FTP Server Detection [-/+]
80/tcp
11219 - Nessus SYN scanner [-/+]
22964 - Service Detection [-/+]
11422 - Web Server Unconfigured - Default Install PagePresent
[-/+]
43111 - HTTP Methods Allowed (per directory) [-/+]
10107 - HTTP Server Type and Version [-/+]
24260 - HyperText Transfer Protocol (HTTP) Information [-/+]
135/tcp
10736 - DCE Services Enumeration [-/+]
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 7/59
11219 - Nessus SYN scanner [-/+]
445/tcp
40887 - MS09-050: Microsoft Windows SMB2_Smb2ValidateProviderCallback() Vulnerability (975497)(uncredentialed check)
[-/+]
57608 - SMB Signing Required [-/+]
11011 - Microsoft Windows SMB Service Detection [-/+]
10736 - DCE Services Enumeration [-/+]
10785 - Microsoft Windows SMB NativeLanManager RemoteSystem Information Disclosure
[-/+]
10394 - Microsoft Windows SMB Log In Possible [-/+]
26917 - Microsoft Windows SMB Registry : Nessus CannotAccess the Windows Registry
[-/+]
42410 - Microsoft Windows NTLMSSP Authentication RequestRemote Network Name Disclosure
[-/+]
3389/tcp
58435 - MS12-020: Vulnerabilities in Remote Desktop CouldAllow Remote Code Execution (2671387) (uncredentialedcheck)
[-/+]
57582 - SSL Self-Signed Certificate [-/+]
51192 - SSL Certificate Cannot Be Trusted [-/+]
58453 - Terminal Services Doesn't Use Network LevelAuthentication (NLA)
[-/+]
57690 - Terminal Services Encryption Level is Medium or Low [-/+]
18405 - Microsoft Windows Remote Desktop Protocol ServerMan-in-the-Middle Weakness
[-/+]
30218 - Terminal Services Encryption Level is not FIPS-140Compliant
[-/+]
65821 - SSL RC4 Cipher Suites Supported [-/+]
11219 - Nessus SYN scanner [-/+]
10940 - Windows Terminal Services Enabled [-/+]
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 8/59
64814 - Terminal Services Use SSL/TLS [-/+]
56984 - SSL / TLS Versions Supported [-/+]
10863 - SSL Certificate Information [-/+]
62563 - SSL Compression Methods Supported [-/+]
21643 - SSL Cipher Suites Supported [-/+]
70544 - SSL Cipher Block Chaining Cipher Suites Supported [-/+]
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported [-/+]
49152/tcp
10736 - DCE Services Enumeration [-/+]
49153/tcp
10736 - DCE Services Enumeration [-/+]
49154/tcp
10736 - DCE Services Enumeration [-/+]
49155/tcp
10736 - DCE Services Enumeration [-/+]
49156/tcp
10736 - DCE Services Enumeration [-/+]
49157/tcp
10736 - DCE Services Enumeration [-/+]
49159/tcp
10736 - DCE Services Enumeration [-/+]
Vulnerabilities By Plugin
[-] Collapse All
[+] Expand All
40887 (1) - MS09-050: Microsoft Windows SMB2_Smb2ValidateProviderCallback() Vulnerability (975497) (uncredentialedcheck)
SynopsisArbitrary code may be executed on the remote host through the SMB port
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 9/59
DescriptionThe remote host is running a version of Microsoft Windows Vista or Windows Server2008 that contains a vulnerability in its SMBv2 implementation.
An attacker could exploit this flaw to disable the remote host or to execute arbitrarycode on it.
See Also
http://www.nessus.org/u?0f72ec72
http://technet.microsoft.com/en-us/security/bulletin/MS09-050
SolutionMicrosoft has released a patch for Windows Vista and Windows Server 2008.
Risk FactorCritical
CVSS Base Score10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score8.3 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References
BID 36299
CVE CVE-2009-3103
XREF OSVDB:57799
XREF MSFT:MS09-050
XREF CWE:399
Exploitable withCANVAS (true)Core Impact (true)Metasploit (true)
Plugin Information:Publication date: 2009/09/08, Modification date: 2014/07/11
Hosts
192.168.232.131 (tcp/445)
58435 (1) - MS12-020: Vulnerabilities in Remote Desktop Could Allow RemoteCode Execution (2671387) (uncredentialed check)
SynopsisThe remote Windows host could allow arbitrary code execution.
DescriptionAn arbitrary remote code vulnerability exists in the implementation of the RemoteDesktop Protocol (RDP) on the remote Windows host. The vulnerability is due to theway that RDP accesses an object in memory that has been improperly initialized orhas been deleted.
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 10/59
If RDP has been enabled on the affected system, an unauthenticated, remote attackercould leverage this vulnerability to cause the system to execute arbitrary code bysending a sequence of specially crafted RDP packets to it.
This plugin also checks for a denial of service vulnerability in Microsoft TerminalServer.
Note that this script does not detect the vulnerability if the 'Allow connections only fromcomputers running Remote Desktop with Network Level Authentication' setting isenabled or the security layer is set to 'SSL (TLS 1.0)' on the remote host.
See Also
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
SolutionMicrosoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and2008 R2.
Note that an extended support contract with Microsoft is required to obtain the patch forthis vulnerability for Windows 2000.
Risk FactorHigh
CVSS Base Score9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score7.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
STIG SeverityI
References
BID 52353
BID 52354
CVE CVE-2012-0002
CVE CVE-2012-0152
XREF OSVDB:80000
XREF OSVDB:80004
XREF EDB-ID:18606
XREF IAVA:2012-A-0039
XREF MSFT:MS12-020
Exploitable withCANVAS (true)Core Impact (true)Metasploit (true)
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 11/59
Plugin Information:Publication date: 2012/03/22, Modification date: 2014/01/07
Hosts
192.168.232.131 (tcp/3389)
18405 (1) - Microsoft Windows Remote Desktop Protocol Server Man-in-the-Middle Weakness
SynopsisIt may be possible to get access to the remote host.
DescriptionThe remote version of the Remote Desktop Protocol Server (Terminal Service) isvulnerable to a man-in-the-middle (MiTM) attack. The RDP client makes no effort tovalidate the identity of the server when setting up encryption. An attacker with theability to intercept traffic from the RDP server can establish encryption with the clientand server without being detected. A MiTM attack of this nature would allow theattacker to obtain any sensitive information transmitted, including authenticationcredentials.
This flaw exists because the RDP server stores a hard-coded RSA private key in themstlsapi.dll library. Any local user with access to this file (on any Windows system)can retrieve the key and use it for this attack.
See Also
http://www.oxid.it/downloads/rdp-gbu.pdf
http://www.nessus.org/u?e2628096
http://technet.microsoft.com/en-us/library/cc782610.aspx
Solution- Force the use of SSL as a transport layer for this service if supported, or/and
- Select the 'Allow connections only from computers running Remote Desktop withNetwork Level Authentication' setting if it is available.
Risk FactorMedium
CVSS Base Score5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score4.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
References
BID 13818
CVE CVE-2005-1794
XREF OSVDB:17131
Plugin Information:
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 12/59
Publication date: 2005/06/01, Modification date: 2014/03/04
Hosts
192.168.232.131 (tcp/3389)
51192 (1) - SSL Certificate Cannot Be Trusted
SynopsisThe SSL certificate for this service cannot be trusted.
DescriptionThe server's X.509 certificate does not have a signature from a known public certificateauthority. This situation can occur in three different ways, each of which results in abreak in the chain below which certificates cannot be trusted.
First, the top of the certificate chain sent by the server might not be descended from aknown public certificate authority. This can occur either when the top of the chain is anunrecognized, self-signed certificate, or when intermediate certificates are missing thatwould connect the top of the certificate chain to a known public certificate authority.
Second, the certificate chain may contain a certificate that is not valid at the time ofthe scan. This can occur either when the scan occurs before one of the certificate's'notBefore' dates, or after one of the certificate's 'notAfter' dates.
Third, the certificate chain may contain a signature that either didn't match thecertificate's information, or could not be verified. Bad signatures can be fixed by gettingthe certificate with the bad signature to be re-signed by its issuer. Signatures that couldnot be verified are the result of the certificate's issuer using a signing algorithm thatNessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it moredifficult for users to verify the authenticity and identity of the web server. This couldmake it easier to carry out man-in-the-middle attacks against the remote host.
SolutionPurchase or generate a proper certificate for this service.
Risk FactorMedium
CVSS Base Score6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information:Publication date: 2010/12/15, Modification date: 2014/02/27
Hosts
192.168.232.131 (tcp/3389)
The following certificate was at the top of the certificatechain sent by the remote host, but is signed by an unknowncertificate authority :
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 13/59
|-Subject : CN=WIN-LRFFK6NI0BQ|-Issuer : CN=WIN-LRFFK6NI0BQ
57582 (1) - SSL Self-Signed Certificate
SynopsisThe SSL certificate chain for this service ends in an unrecognized self-signedcertificate.
DescriptionThe X.509 certificate chain for this service is not signed by a recognized certificateauthority. If the remote host is a public host in production, this nullifies the use of SSLas anyone could establish a man-in-the-middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate thatis not self-signed, but is signed by an unrecognized certificate authority.
SolutionPurchase or generate a proper certificate for this service.
Risk FactorMedium
CVSS Base Score6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information:Publication date: 2012/01/17, Modification date: 2012/10/25
Hosts
192.168.232.131 (tcp/3389)
The following certificate was found at the top of thecertificatechain sent by the remote host, but is self-signed and wasnotfound in the list of known certificate authorities :
|-Subject : CN=WIN-LRFFK6NI0BQ
57608 (1) - SMB Signing Required
SynopsisSigning is not required on the remote SMB server.
DescriptionSigning is not required on the remote SMB server. This can allow man-in-the-middleattacks against the SMB server.
See Also
http://support.microsoft.com/kb/887429
http://technet.microsoft.com/en-us/library/cc731957.aspx
http://www.nessus.org/u?74b80723
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 14/59
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
http://www.nessus.org/u?a3cac4ea
SolutionEnforce message signing in the host's configuration. On Windows, this is found in thepolicy setting 'Microsoft network server:Digitally sign communications (always)'. On Samba, the setting is called 'serversigning'. See the 'see also' links for further details.
Risk FactorMedium
CVSS Base Score5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score3.7 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information:Publication date: 2012/01/19, Modification date: 2014/08/05
Hosts
192.168.232.131 (tcp/445)
57690 (1) - Terminal Services Encryption Level is Medium or Low
SynopsisThe remote host is using weak cryptography.
DescriptionThe remote Terminal Services service is not configured to use strong cryptography.
Using weak cryptography with this service may allow an attacker to eavesdrop on thecommunications more easily and obtain screenshots and/or keystrokes.
SolutionChange RDP encryption level to one of :
3. High
4. FIPS Compliant
Risk FactorMedium
CVSS Base Score4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2012/01/25, Modification date: 2014/01/07
Hosts
192.168.232.131 (tcp/3389)
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 15/59
The terminal services encryption level is set to :
2. Medium
58453 (1) - Terminal Services Doesn't Use Network Level Authentication (NLA)
SynopsisThe remote Terminal Services doesn't use Network Level Authentication.
DescriptionThe remote Terminal Services is not configured to use Network Level Authentication(NLA). NLA uses the Credential Security Support Provider (CredSSP) protocol toperform strong server authentication either through TLS/SSL or Kerberos mechanisms,which protect against man-in-the-middle attacks. In addition to improvingauthentication, NLA also helps protect the remote computer from malicious users andsoftware by completing user authentication before a full RDP connection is established.
See Also
http://technet.microsoft.com/en-us/library/cc732713.aspx
http://www.nessus.org/u?e2628096
SolutionEnable Network Level Authentication (NLA) on the remote RDP server. This isgenerally done on the 'Remote' tab of the 'System' settings on Windows.
Risk FactorMedium
CVSS Base Score4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2012/03/23, Modification date: 2013/08/05
Hosts
192.168.232.131 (tcp/3389)
30218 (1) - Terminal Services Encryption Level is not FIPS-140 Compliant
SynopsisThe remote host is not FIPS-140 compliant.
DescriptionThe encryption setting used by the remote Terminal Services service is not FIPS-140compliant.
SolutionChange RDP encryption level to :
4. FIPS Compliant
Risk FactorLow
CVSS Base Score
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 16/59
2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
Plugin Information:Publication date: 2008/02/11, Modification date: 2014/01/07
Hosts
192.168.232.131 (tcp/3389)
The terminal services encryption level is set to :
2. Medium (Client Compatible)
34324 (1) - FTP Supports Clear Text Authentication
SynopsisAuthentication credentials might be intercepted.
DescriptionThe remote FTP server allows the user's name and password to be transmitted in cleartext, which could be intercepted by a network sniffer or a man-in-the-middle attack.
SolutionSwitch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the lattercase, configure the server so that control connections are encrypted.
Risk FactorLow
CVSS Base Score2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
References
XREF CWE:522
XREF CWE:523
Plugin Information:Publication date: 2008/10/01, Modification date: 2014/09/10
Hosts
192.168.232.131 (tcp/21)
This FTP server does not support 'AUTH TLS'.
65821 (1) - SSL RC4 Cipher Suites Supported
SynopsisThe remote service supports the use of the RC4 cipher.
DescriptionThe remote host supports the use of RC4 in one or more cipher suites.The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so thata wide variety of small biases are introduced into the stream, decreasing its
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 17/59
randomness.
If plaintext is repeatedly encrypted (e.g. HTTP cookies), and an attacker is able toobtain many (i.e. tens of millions) ciphertexts, the attacker may be able to derive theplaintext.
See Also
http://www.nessus.org/u?217a3666
http://cr.yp.to/talks/2013.03.12/slides.pdf
http://www.isg.rhul.ac.uk/tls/
SolutionReconfigure the affected application, if possible, to avoid use of RC4 ciphers. Considerusing TLS 1.2 with AES-GCM suites subject to browser and web server support.
Risk FactorLow
CVSS Base Score2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score2.3 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
References
BID 58796
CVE CVE-2013-2566
XREF OSVDB:91162
Plugin Information:Publication date: 2013/04/05, Modification date: 2014/02/27
Hosts
192.168.232.131 (tcp/3389)
Here is the list of RC4 cipher suites supported by theremote server :
High Strength Ciphers (>= 112-bit key)
TLSv1RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}Kx={key exchange}Au={authentication}Enc={symmetric encryption method}Mac={message authentication code}
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 18/59
{export flag}
10736 (9) - DCE Services Enumeration
SynopsisA DCE/RPC service is running on the remote host.
DescriptionBy sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it waspossible to enumerate the Distributed Computing Environment (DCE) services runningon the remote port. Using this information it is possible to connect and bind to eachservice by sending an RPC request to the remote port/pipe.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2001/08/26, Modification date: 2014/05/12
Hosts
192.168.232.131 (tcp/135)
The following DCERPC services are available locally :
Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Local RPC serviceNamed pipe : samss lpc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Local RPC serviceNamed pipe : dsrole
Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Local RPC serviceNamed pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Local RPC serviceNamed pipe : securityevent
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 19/59
Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Local RPC serviceNamed pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Local RPC serviceNamed pipe : LRPC-b2ffe9657985fe04f0
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0Description : Certificate ServiceWindows process : unknownType : Local RPC serviceNamed pipe : OLEC8B83A9FFD3E4C27B1B7D15A973D
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0Description : Telephony serviceWindows process : svchost.exeAnnotation : Unimodem LRPC EndpointType : Local RPC serviceNamed pipe : tapsrvlpc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0Description : Telephony serviceWindows process : svchost.exeAnnotation : Unimodem LRPC EndpointType : Local RPC serviceNamed pipe : unimdmsvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0Description : Internet Information Service (IISAdmin)Windows process : inetinfo.exeType : Local RPC serviceNamed pipe : OLE548A757299A64E00A83DDE0D21B6
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0Description : Internet Information Service (IISAdmin)Windows process : inetinfo.exeType : Local RPC serviceNamed pipe : INETINFO_LPC
Object UUID : bed8344c-b217-41db-bfd5-90a4c9e54799UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0Description : Distributed Transaction CoordinatorWindows process : msdtc.exeType : Local RPC serviceNamed pipe : LRPC-3ebc4dff61c795ff55
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 20/59
Object UUID : 5586d186-e3de-46a0-932c-74ac1fe95577UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0Description : Distributed Transaction CoordinatorWindows process : msdtc.exeType : Local RPC serviceNamed pipe : LRPC-3ebc4dff61c795ff55
Object UUID : 88048087-b270-4360-a635-68008eb0f4f8UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0Description : Distributed Transaction CoordinatorWindows process : msdtc.exeType : Local RPC serviceNamed pipe : LRPC-3ebc4dff61c795ff55
Object UUID : 58fa6f06-e9ac-423f-b390-fd91e93b857eUUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0Description : Distributed Transaction CoordinatorWindows process : msdtc.exeType : Local RPC serviceNamed pipe : LRPC-3ebc4dff61c795ff55
Object UUID : 447609d5-ffe2-4ac0-a4f6-8b747b8feb04UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0Description : Distributed Transaction CoordinatorWindows process : msdtc.exeType : Local RPC serviceNamed pipe : OLE8C7ED099B23A482FA22541210CB1
Object UUID : 447609d5-ffe2-4ac0-a4f6-8b747b8feb04UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0Description : Distributed Transaction CoordinatorWindows process : msdtc.exeType : Local RPC serviceNamed pipe : LRPC-d22f7cd1f30db6eac4
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0Description : IPsec Services (Windows XP & 2003)Windows process : lsass.exeAnnotation : IPSec Policy agent endpointType : Local RPC serviceNamed pipe : LRPC-b705cee08a0143015f
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0Description : Unknown RPC serviceAnnotation : Spooler function endpointType : Local RPC serviceNamed pipe : spoolss
Object UUID : 00000000-0000-0000-0000-000000000000UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0Description : Unknown RPC serviceAnnotation : Spooler base remote object endpointType : Local RPC serviceNamed pipe : spoolss
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 21/59
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0Description : Unknown RPC serviceAnnotation : Spooler function endpointType : Local RPC serviceNamed pipe : spoolss
Object UUID : 00000000-0000-0000-0000-000000000000UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0Description : Unknown RPC serviceAnnotation : Base Firewall Engine APIType : Local RPC serviceNamed pipe : LRPC-bee08a3f8008a92c31
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0Description : Unknown RPC serviceAnnotation : Fw APIsType : Local RPC serviceNamed pipe : LRPC-bee08a3f8008a92c31
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0Description : Unknown RPC serviceAnnotation : Fw APIsType : Local RPC serviceNamed pipe : LRPC-bee08a3f8008a92c31
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0Description : Unknown RPC serviceAnnotation : NSI server endpointType : Local RPC serviceNamed pipe : OLECF0A697FC0D54914B047201ED257
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0Description : Unknown RPC serviceAnnotation : NSI server endpointType : Local RPC serviceNamed pipe : LRPC-024074da66b49632bb
Object UUID : 6c637067-6569-746e-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : LRPC-1cc10310f75b4158a2
Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : LRPC-1cc10310f75b4158a2
Object UUID : 666f7270-6c69-7365-0000-000000000000
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 22/59
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : IUserProfile2
Object UUID : 736e6573-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : IUserProfile2
Object UUID : 736e6573-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 23/59
Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0Description : Unknown RPC serviceType : Local RPC service
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 24/59
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C
Object UUID : 00000000-0000-0000-0000-000000000000UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0Description : Unknown RPC serviceAnnotation : IKE/Authip APIType : Local RPC serviceNamed pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0Description : Unknown RPC serviceAnnotation : IKE/Authip APIType : Local RPC serviceNamed pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0Description : Unknown RPC serviceAnnotation : IKE/Authip APIType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint
Object UUID : 00000000-0000-0000-0000-000000000000UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0Description : Unknown RPC serviceAnnotation : IKE/Authip APIType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C
Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : IUserProfile2
Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : senssvc
Object UUID : 73736573-6f69-656e-6e76-000000000000
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 25/59
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint
Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C
Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : SECLOGON
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : SECLOGON
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : IUserProfile2
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 26/59
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : SECLOGON
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C
Object UUID : 00000000-0000-0000-0000-000000000000
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 27/59
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : SECLOGON
Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint
Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C
Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Local RPC serviceNamed pipe : SECLOGON
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Local RPC serviceNamed pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Local RPC serviceNamed pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 28/59
Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Local RPC serviceNamed pipe : iscsisrvRpcEndpoint
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Local RPC serviceNamed pipe : OLE946DF8A8BC6E4A9980C1F745C99C
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Local RPC serviceNamed pipe : SECLOGON
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Local RPC serviceNamed pipe : RasmanRpc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0Description : Unknown RPC serviceAnnotation : Event log TCPIPType : Local RPC serviceNamed pipe : eventlog
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0Description : DHCP Client ServiceWindows process : svchost.exeAnnotation : DHCP Client LRPC EndpointType : Local RPC serviceNamed pipe : eventlog
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0Description : DHCP Client ServiceWindows process : svchost.exeAnnotation : DHCP Client LRPC EndpointType : Local RPC serviceNamed pipe : dhcpcsvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0Description : Unknown RPC serviceAnnotation : DHCPv6 Client LRPC EndpointType : Local RPC serviceNamed pipe : eventlog
Object UUID : 00000000-0000-0000-0000-000000000000
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 29/59
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0Description : Unknown RPC serviceAnnotation : DHCPv6 Client LRPC EndpointType : Local RPC serviceNamed pipe : dhcpcsvc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0Description : Unknown RPC serviceAnnotation : DHCPv6 Client LRPC EndpointType : Local RPC serviceNamed pipe : dhcpcsvc6
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : WMsgKRpc01318F1
Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0Description : Unknown RPC serviceAnnotation : Secure Desktop LRPC interfaceType : Local RPC serviceNamed pipe : WMsgKRpc01318F1
Object UUID : 6d726574-7273-0076-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : LRPC-ec3268d65fae4e77fa
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : WMsgKRpc0131980
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : WindowsShutdown
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : WMsgKRpc0131980
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0Description : Unknown RPC serviceType : Local RPC serviceNamed pipe : WindowsShutdown
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 30/59
Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : LRPC-b2ffe9657985fe04f0
Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : audit
Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : securityevent
Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : protected_storage
Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : dsrole
Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Local RPC serviceNamed pipe : samss lpc
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Local RPC serviceNamed pipe : LRPC-b2ffe9657985fe04f0
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Local RPC serviceNamed pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 31/59
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Local RPC serviceNamed pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Local RPC serviceNamed pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Local RPC serviceNamed pipe : dsrole
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Local RPC serviceNamed pipe : samss lpc
192.168.232.131 (tcp/445)
The following DCERPC services are available remotely :
Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Remote RPC serviceNamed pipe : \PIPE\protected_storageNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Remote RPC serviceNamed pipe : \pipe\lsassNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0Description : Certificate ServiceWindows process : unknownType : Remote RPC serviceNamed pipe : \pipe\certNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 32/59
UUID : 2f5f6521-cb55-1059-b446-00df0bce31db, version 1.0Description : Telephony serviceWindows process : svchost.exeAnnotation : Unimodem LRPC EndpointType : Remote RPC serviceNamed pipe : \pipe\tapsrvNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0Description : Internet Information Service (IISAdmin)Windows process : inetinfo.exeType : Remote RPC serviceNamed pipe : \PIPE\INETINFONetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0Description : Scheduler ServiceWindows process : svchost.exeType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0Description : Unknown RPC serviceAnnotation : IKE/Authip APIType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 33/59
Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Remote RPC serviceNamed pipe : \PIPE\srvsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceNamed pipe : \PIPE\srvsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceNamed pipe : \PIPE\srvsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceNamed pipe : \PIPE\srvsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC service
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 34/59
Named pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceNamed pipe : \PIPE\srvsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Remote RPC serviceNamed pipe : \PIPE\atsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Remote RPC serviceNamed pipe : \PIPE\srvsvcNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Remote RPC serviceNamed pipe : \PIPE\ROUTERNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0Description : Unknown RPC serviceAnnotation : Event log TCPIPType : Remote RPC serviceNamed pipe : \pipe\eventlogNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0Description : DHCP Client ServiceWindows process : svchost.exeAnnotation : DHCP Client LRPC EndpointType : Remote RPC serviceNamed pipe : \pipe\eventlogNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0Description : Unknown RPC serviceAnnotation : DHCPv6 Client LRPC EndpointType : Remote RPC service
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 35/59
Named pipe : \pipe\eventlogNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceNamed pipe : \PIPE\InitShutdownNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceNamed pipe : \PIPE\InitShutdownNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Remote RPC serviceNamed pipe : \pipe\lsassNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00736665-0000-0000-0000-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Remote RPC serviceNamed pipe : \PIPE\protected_storageNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Remote RPC serviceNamed pipe : \pipe\lsassNetbios name : \\WIN-LRFFK6NI0BQ
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Remote RPC serviceNamed pipe : \PIPE\protected_storageNetbios name : \\WIN-LRFFK6NI0BQ
192.168.232.131 (tcp/49152)
The following DCERPC services are available on TCP port49152 :
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 36/59
Description : Unknown RPC serviceType : Remote RPC serviceTCP Port : 49152IP : 192.168.232.131
192.168.232.131 (tcp/49153)
The following DCERPC services are available on TCP port49153 :
Object UUID : 00000000-0000-0000-0000-000000000000UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0Description : Unknown RPC serviceAnnotation : Event log TCPIPType : Remote RPC serviceTCP Port : 49153IP : 192.168.232.131
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0Description : DHCP Client ServiceWindows process : svchost.exeAnnotation : DHCP Client LRPC EndpointType : Remote RPC serviceTCP Port : 49153IP : 192.168.232.131
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0Description : Unknown RPC serviceAnnotation : DHCPv6 Client LRPC EndpointType : Remote RPC serviceTCP Port : 49153IP : 192.168.232.131
192.168.232.131 (tcp/49154)
The following DCERPC services are available on TCP port49154 :
Object UUID : 00000000-0000-0000-0000-000000000000UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0Description : Unknown RPC serviceAnnotation : KeyIsoType : Remote RPC serviceTCP Port : 49154IP : 192.168.232.131
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0Description : Security Account ManagerWindows process : lsass.exeType : Remote RPC serviceTCP Port : 49154IP : 192.168.232.131
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 37/59
192.168.232.131 (tcp/49155)
The following DCERPC services are available on TCP port49155 :
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131
Object UUID : 00000000-0000-0000-0000-000000000000UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0Description : Unknown RPC serviceAnnotation : IKE/Authip APIType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131
Object UUID : 73736573-6f69-656e-6e76-000000000000UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0Description : Unknown RPC serviceAnnotation : Impl friendly nameType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0Description : Unknown RPC serviceType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0Description : Unknown RPC serviceAnnotation : AppInfoType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131
Object UUID : 00000000-0000-0000-0000-000000000000UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0Description : Unknown RPC serviceAnnotation : AppInfo
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 38/59
Type : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 7d814569-35b3-4850-bb32-83035fcebf6e, version 1.0Description : Unknown RPC serviceAnnotation : IAS RPC serverType : Remote RPC serviceTCP Port : 49155IP : 192.168.232.131
192.168.232.131 (tcp/49156)
The following DCERPC services are available on TCP port49156 :
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0Description : Service Control ManagerWindows process : svchost.exeType : Remote RPC serviceTCP Port : 49156IP : 192.168.232.131
192.168.232.131 (tcp/49157)
The following DCERPC services are available on TCP port49157 :
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 82ad4280-036b-11cf-972c-00aa006887b0, version 2.0Description : Internet Information Service (IISAdmin)Windows process : inetinfo.exeType : Remote RPC serviceTCP Port : 49157IP : 192.168.232.131
192.168.232.131 (tcp/49159)
The following DCERPC services are available on TCP port49159 :
Object UUID : 00000000-0000-0000-0000-000000000000UUID : 91ae6020-9e3c-11cf-8d7c-00aa00c091be, version 0.0Description : Certificate ServiceWindows process : unknownType : Remote RPC serviceTCP Port : 49159IP : 192.168.232.131
11219 (4) - Nessus SYN scanner
Synopsis
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 39/59
It is possible to determine which TCP ports are open.
DescriptionThis plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even againsta firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against brokenservices, but they might cause problems for less robust firewalls and also leaveunclosed connections on the remote target, if the network is loaded.
SolutionProtect your target with an IP filter.
Risk FactorNone
Plugin Information:Publication date: 2009/02/04, Modification date: 2014/01/23
Hosts
192.168.232.131 (tcp/21)
Port 21/tcp was found to be open
192.168.232.131 (tcp/80)
Port 80/tcp was found to be open
192.168.232.131 (tcp/135)
Port 135/tcp was found to be open
192.168.232.131 (tcp/3389)
Port 3389/tcp was found to be open
22964 (2) - Service Detection
SynopsisThe remote service could be identified.
DescriptionIt was possible to identify the remote service by its banner or by looking at the errormessage it sends when it receives an HTTP request.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/08/19, Modification date: 2014/07/24
Hosts
192.168.232.131 (tcp/21)
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 40/59
An FTP server is running on this port.
192.168.232.131 (tcp/80)
A web server is running on this port.
10092 (1) - FTP Server Detection
SynopsisAn FTP server is listening on this port.
DescriptionIt is possible to obtain the banner of the remote FTP server by connecting to theremote port.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 1999/10/12, Modification date: 2014/02/24
Hosts
192.168.232.131 (tcp/21)
The remote FTP banner is :
220 Microsoft FTP Service
10107 (1) - HTTP Server Type and Version
SynopsisA web server is running on the remote host.
DescriptionThis plugin attempts to determine the type and the version of the remote web server.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2000/01/04, Modification date: 2014/08/01
Hosts
192.168.232.131 (tcp/80)
The remote web server type is :
Microsoft-IIS/7.0
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 41/59
10287 (1) - Traceroute Information
SynopsisIt was possible to obtain traceroute information.
DescriptionMakes a traceroute to the remote host.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 1999/11/27, Modification date: 2013/04/11
Hosts
192.168.232.131 (udp/0)
For your information, here is the traceroute from192.168.232.1 to 192.168.232.131 : 192.168.232.1192.168.232.131
10394 (1) - Microsoft Windows SMB Log In Possible
SynopsisIt is possible to log into the remote host.
DescriptionThe remote host is running Microsoft Windows operating system or Samba, aCIFS/SMB server for Unix. It was possible to log into it using one of the followingaccounts :
- NULL session- Guest account- Given Credentials
See Also
http://support.microsoft.com/kb/143474
http://support.microsoft.com/kb/246261
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2000/05/09, Modification date: 2014/10/06
Hosts
192.168.232.131 (tcp/445)
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 42/59
- NULL sessions are enabled on the remote host
10785 (1) - Microsoft Windows SMB NativeLanManager Remote SystemInformation Disclosure
SynopsisIt is possible to obtain information about the remote operating system.
DescriptionIt is possible to get the remote operating system name and version (Windows and/orSamba) by sending an authentication request to port 139 or 445.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2001/10/17, Modification date: 2014/04/09
Hosts
192.168.232.131 (tcp/445)
The remote Operating System is : Windows Server (R) 2008Standard 6002 Service Pack 2The remote native lan manager is : Windows Server (R) 2008Standard 6.0The remote SMB Domain Name is : WIN-LRFFK6NI0BQ
10863 (1) - SSL Certificate Information
SynopsisThis plugin displays the SSL certificate.
DescriptionThis plugin connects to every SSL-related port and attempts to extract and dump theX.509 certificate.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2008/05/19, Modification date: 2012/04/02
Hosts
192.168.232.131 (tcp/3389)
Subject Name:
Common Name: WIN-LRFFK6NI0BQ
Issuer Name:
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 43/59
Common Name: WIN-LRFFK6NI0BQ
Serial Number: 77 47 2A 1F BF 3A 8B A5 4A 77 6E 9C 35 25 803F
Version: 3
Signature Algorithm: SHA-1 With RSA Encryption
Not Valid Before: Nov 13 08:48:48 2014 GMTNot Valid After: May 15 08:48:48 2015 GMT
Public Key Info:
Algorithm: RSA EncryptionKey Length: 2048 bitsPublic Key: 00 D5 1C 66 D4 45 58 09 DE A3 FD B7 14 3E B9 6604 B7 24 81 9A 2E 97 08 DB 1F 44 B8 F1 94 B8 A2 EF F8 6E 1B A4 38 BC B3 00 5E 67 F8 2D 72 F6 05 78 E9 BC 50 60 18 6C 78 51 81 4D B3 AF 65 C8 68 26 4E E7 CC E2 00 BE 02 55 5D A4 0E F6 34 82 32 AD EF B0 FA 53 17 FA 53 79 39 C0 80 1C 0D 72 FB FD 44 B2 5D A8 4B 00 86 22 70 6E FA D0 E2 B1 76 36 A5 99 47 A6 2C 8C 64 79 A9 E8 B6 DA 66 01 22 A7 12 8A CC 59 29 01 F4 3F 3D F9 05 03 2E DE 8A BB B0 53 28 DE BC CD D4 10 B3 2B 24 63 27 C3 AD 13 DB D1 12 7C A3 45 85 D2 0E B9 81 B1 EF 0B E3 A1 02 04 A5 E7 75 3F 06 28 28 CD 86 73 CC 83 B0 54 26 67 FE BD F6 54 3C EA 88 B5 FA 52 8F 60 8C FF 86 59 67 4C 69 0D E6 CE 92 84 25 7F 8C 93 5F 54 02 DB F0 EC C4 24 8F FE A4 B5 35 DF A5 FB 6D 9E D5 BC DD 29 8B F2 2C 61 CA C4 7B E9 1B FD 69 6D Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bitsSignature: 00 6D EA 62 D1 4F 36 64 FF 5C 1E 28 7A 53 1C 5142 F2 A1 8B 92 32 3B E6 93 2C 60 E1 68 5E 0E 8C 81 1D C2 C2 17 F7 56 49 FF 0E D2 74 A8 67 75 F7 49 3C B5 89 24 D3 61 D0 EC 31 BA 97 4A 70 92 AE EE 97 F6 B6 44 1B B1 02 78 D3 BF 0A C0 87 06 96 1E B6 A7 6D E7 73 50 27 F5 D7 B6 68 35 8E D9 4B 6D FF 09 D8 F3 10 00 80 4C 31 16 C4 AA 19 73 CA 4C 69 22 5E E1 CE 02 67 D3 19 5C 57 10 A3 23 79 55 CD 80 7C 73 82 94 B1 E1 9B C3 39 9B 9E C3 D0 10 81 F2 A2 49 67 98 E2 8C 4C F7 E1 D1 4F AF 57 73 0D F9 FE 61 50 62 00 59 0C FD 35 65 39 81 18 4C B3 A8 5E 82 E8 B0 C6 A2 2A E5 BE 5B 2C 70 94 F3 AA 53 C4 85 04 14 DF A5 C8 3D 1D 05 0D 87 D3 17 98 36 31 53 54 7E EF C1 9B 90 61 4D 13 F6 18 28 06 76 C3 D1 D7 BE B0 C7 94 01 40 98 96 06 E8 1D E1 45 31 D2 79 A0 D9 93 BF 87 5C 7E 1C DB 88 A7
Extension: Extended Key Usage (2.5.29.37)Critical: 0Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Extension: Key Usage (2.5.29.15)Critical: 0Key Usage: Key Encipherment, Data Encipherment
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 44/59
10940 (1) - Windows Terminal Services Enabled
SynopsisThe remote Windows host has Terminal Services enabled.
DescriptionTerminal Services allows a Windows user to remotely obtain a graphical login (andtherefore act as a local user on the remote host).
If an attacker gains a valid login and password, this service could be used to gainfurther access on the remote host. An attacker may also use this service to mount adictionary attack against the remote host to try to log in remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middleattacks, making it easy for attackers to steal the credentials of legitimate users byimpersonating the Windows server.
SolutionDisable Terminal Services if you do not use it, and do not allow this service to runacross the Internet.
Risk FactorNone
Plugin Information:Publication date: 2002/04/20, Modification date: 2014/06/06
Hosts
192.168.232.131 (tcp/3389)
11011 (1) - Microsoft Windows SMB Service Detection
SynopsisA file / print sharing service is listening on the remote host.
DescriptionThe remote service understands the CIFS (Common Internet File System) or ServerMessage Block (SMB) protocol, used to provide shared access to files, printers, etcbetween nodes on a network.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2002/06/05, Modification date: 2012/01/31
Hosts
192.168.232.131 (tcp/445)
A CIFS server is running on this port.
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 45/59
11422 (1) - Web Server Unconfigured - Default Install Page Present
SynopsisThe remote web server is not configured or is not properly configured.
DescriptionThe remote web server uses its default welcome page. It probably means that thisserver is not used at all or is serving content that is meant to be hidden.
SolutionDisable this service if you do not use it.
Risk FactorNone
References
XREF OSVDB:3233
Plugin Information:Publication date: 2003/03/20, Modification date: 2014/05/09
Hosts
192.168.232.131 (tcp/80)
The default welcome page is from IIS.
11936 (1) - OS Identification
SynopsisIt is possible to guess the remote operating system.
DescriptionUsing a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...), it ispossible to guess the name of the remote operating system in use. It is alsosometimes possible to guess the version of the operating system.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2003/12/09, Modification date: 2014/02/19
Hosts
192.168.232.131 (tcp/0)
Remote operating system : Microsoft Windows Server 2008Standard Service Pack 2Confidence Level : 99Method : MSRPC
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 46/59
The remote host is running Microsoft Windows Server 2008Standard Service Pack 2
19506 (1) - Nessus Scan Information
SynopsisInformation about the Nessus scan.
DescriptionThis script displays, for each tested host, information about the scan itself :
- The version of the plugin set- The type of scanner (Nessus or Nessus Home)- The version of the Nessus Engine- The port scanner(s) used- The port range scanned- Whether credentialed or third-party patch management checks are possible- The date of the scan- The duration of the scan- The number of hosts scanned in parallel- The number of checks done in parallel
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2005/08/26, Modification date: 2014/07/29
Hosts
192.168.232.131 (tcp/0)
Information about this scan :
Nessus version : 5.2.7Plugin feed version : 201411131815Scanner edition used : Nessus HomeScan policy used : Vulnerability scanScanner IP : 192.168.232.1Port scanner(s) : nessus_syn_scanner Port range : defaultThorough tests : noExperimental tests : noParanoia level : 1Report Verbosity : 1Safe checks : yesOptimize the test : yesCredentialed checks : noPatch management checks : NoneCGI scanning : disabledWeb application tests : disabledMax hosts : 80
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 47/59
Max checks : 5Recv timeout : 5Backports : NoneAllow post-scan editing: YesScan Start Date : 2014/11/14 11:53 Pacific Standard TimeScan duration : 663 sec
20094 (1) - VMware Virtual Machine Detection
SynopsisThe remote host seems to be a VMware virtual machine.
DescriptionAccording to the MAC address of its network adapter, the remote host is a VMwarevirtual machine.
Since it is physically accessible through the network, ensure that its configurationmatches your organization's security policy.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2005/10/27, Modification date: 2011/03/27
Hosts
192.168.232.131 (tcp/0)
21643 (1) - SSL Cipher Suites Supported
SynopsisThe remote service encrypts communications using SSL.
DescriptionThis script detects which SSL ciphers are supported by the remote service forencrypting communications.
See Also
http://www.openssl.org/docs/apps/ciphers.html
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2006/06/05, Modification date: 2014/10/24
Hosts
192.168.232.131 (tcp/3389)
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 48/59
Here is the list of SSL ciphers supported by the remoteserver :Each group is reported per SSL Version.
SSL Version : TLSv1High Strength Ciphers (>= 112-bit key)ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128)Mac=SHA1 ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256)Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1 AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1 AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1 RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
The fields above are :
{OpenSSL ciphername}Kx={key exchange}Au={authentication}Enc={symmetric encryption method}Mac={message authentication code}{export flag}
24260 (1) - HyperText Transfer Protocol (HTTP) Information
SynopsisSome information about the remote HTTP configuration can be extracted.
DescriptionThis test gives some information about the remote HTTP protocol - the version used,whether HTTP Keep-Alive and HTTP pipelining are enabled, etc...
This test is informational only and does not denote any security problem.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/01/30, Modification date: 2011/05/31
Hosts
192.168.232.131 (tcp/80)
Protocol version : HTTP/1.1SSL : noKeep-Alive : noOptions allowed : OPTIONS, TRACE, GET, HEAD, POSTHeaders :
Content-Type: text/html
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 49/59
Last-Modified: Fri, 14 Nov 2014 03:43:13 GMTAccept-Ranges: bytesETag: "2877c71dbdffcf1:0"Server: Microsoft-IIS/7.0X-Powered-By: ASP.NETDate: Fri, 14 Nov 2014 19:59:23 GMTContent-Length: 689
24786 (1) - Nessus Windows Scan Not Performed with Admin Privileges
SynopsisThe Nessus scan of this host may be incomplete due to insufficient privilegesprovided.
DescriptionThe Nessus scanner testing the remote host has been given SMB credentials to loginto the remote host, however these credentials do not have administrative privileges.
Typically, when Nessus performs a patch audit, it logs into the remote host and readsthe version of the DLLs on the remote host to determine if a given patch has beenapplied or not. This is the method Microsoft recommends to determine if a patch hasbeen applied.
If your Nessus scanner does not have administrative privileges when doing a scan,then Nessus has to fall back to perform a patch audit through the registry which maylead to false positives (especially when using third-party patch auditing tools) or tofalse negatives (not all patches can be detected through the registry).
SolutionReconfigure your scanner to use credentials with administrative privileges.
Risk FactorNone
Plugin Information:Publication date: 2007/03/12, Modification date: 2013/01/07
Hosts
192.168.232.131 (tcp/0)
It was not possible to connect to '\\WIN-LRFFK6NI0BQ\ADMIN$'with the supplied credentials.
25220 (1) - TCP/IP Timestamps Supported
SynopsisThe remote service implements TCP timestamps.
DescriptionThe remote host implements TCP timestamps, as defined by RFC1323. A side effectof this feature is that the uptime of the remote host can sometimes be computed.
See Also
http://www.ietf.org/rfc/rfc1323.txt
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 50/59
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/05/16, Modification date: 2011/03/20
Hosts
192.168.232.131 (tcp/0)
26917 (1) - Microsoft Windows SMB Registry : Nessus Cannot Access theWindows Registry
SynopsisNessus is not able to access the remote Windows Registry.
DescriptionIt was not possible to connect to PIPE\winreg on the remote host.
If you intend to use Nessus to perform registry-based checks, the registry checks willnot work because the 'Remote Registry Access'service (winreg) has been disabled on the remote host or can not be connected to withthe supplied credentials.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2007/10/04, Modification date: 2011/03/27
Hosts
192.168.232.131 (tcp/445)
Could not connect to the registry because:Could not connect to \winreg
35705 (1) - SMB Registry : Starting the Registry Service during the scan failed
SynopsisThe registry service could not be enabled for the duration of the scan.
DescriptionTo perform a full credentialed scan, Nessus needs the ability to connect to the remoteregistry service (RemoteRegistry).
Nessus attempted to start the service but failed, therefore some local checks will notbe performed against the remote host.
Solutionn/a
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 51/59
Risk FactorNone
Plugin Information:Publication date: 2009/02/18, Modification date: 2011/03/27
Hosts
192.168.232.131 (tcp/0)
The following error occurred :
OpenSCManager() failed
35716 (1) - Ethernet Card Manufacturer Detection
SynopsisThe manufacturer can be deduced from the Ethernet OUI.
DescriptionEach ethernet MAC address starts with a 24-bit 'Organizationally Unique Identifier'.These OUI are registered by IEEE.
See Also
http://standards.ieee.org/faqs/OUI.html
http://standards.ieee.org/regauth/oui/index.shtml
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/02/19, Modification date: 2011/03/27
Hosts
192.168.232.131 (tcp/0)
The following card manufacturers were identified :
00:0c:29:5e:90:54 : VMware, Inc.
42410 (1) - Microsoft Windows NTLMSSP Authentication Request RemoteNetwork Name Disclosure
SynopsisIt is possible to obtain the network name of the remote host.
DescriptionThe remote host listens on tcp port 445 and replies to SMB requests.
By sending an NTLMSSP authentication request it is possible to obtain the name of
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 52/59
the remote system and the name of its domain.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/11/06, Modification date: 2011/03/27
Hosts
192.168.232.131 (tcp/445)
The following 2 NetBIOS names have been gathered :
WIN-LRFFK6NI0BQ = Computer nameWIN-LRFFK6NI0BQ = Workgroup / Domain name
43111 (1) - HTTP Methods Allowed (per directory)
SynopsisThis plugin determines which HTTP methods are allowed on various CGI directories.
DescriptionBy calling the OPTIONS method, it is possible to determine which HTTP methods areallowed on each directory.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or'Enable web applications tests' is set to 'yes'in the scan policy - various known HTTP methods on each directory and considersthem as unsupported if it receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate thepresence of any security vulnerabilities.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2009/12/10, Modification date: 2013/05/09
Hosts
192.168.232.131 (tcp/80)
Based on the response to an OPTIONS request :
- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :
/
45590 (1) - Common Platform Enumeration (CPE)
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 53/59
SynopsisIt is possible to enumerate CPE names that matched on the remote system.
DescriptionBy using information obtained from a Nessus scan, this plugin reports CPE (CommonPlatform Enumeration) matches for various hardware and software products found on ahost.
Note that if an official CPE is not available for the product, this plugin computes thebest possible CPE based on the information available from the scan.
See Also
http://cpe.mitre.org/
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2010/04/21, Modification date: 2014/10/16
Hosts
192.168.232.131 (tcp/0)
The remote operating system matched the following CPE :
cpe:/o:microsoft:windows_server_2008::sp2 -> MicrosoftWindows Server 2008 Service Pack 2
Following application CPE matched on the remote system :
cpe:/a:microsoft:iis:7.0 -> Microsoft Internet InformationServices (IIS) 7.0
54615 (1) - Device Type
SynopsisIt is possible to guess the remote device type.
DescriptionBased on the remote operating system, it is possible to determine what the remotesystem type is (eg: a printer, router, general-purpose computer, etc).
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2011/05/23, Modification date: 2011/05/23
Hosts
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 54/59
192.168.232.131 (tcp/0)
Remote device type : general-purposeConfidence level : 99
56984 (1) - SSL / TLS Versions Supported
SynopsisThe remote service encrypts communications.
DescriptionThis script detects which SSL and TLS versions are supported by the remote servicefor encrypting communications.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2011/12/01, Modification date: 2014/10/13
Hosts
192.168.232.131 (tcp/3389)
This port supports TLSv1.0.
57041 (1) - SSL Perfect Forward Secrecy Cipher Suites Supported
SynopsisThe remote service supports the use of SSL Perfect Forward Secrecy ciphers, whichmaintain confidentiality even if the key is stolen.
DescriptionThe remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy(PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot bebroken at a future date if the server's private key is compromised.
See Also
http://www.openssl.org/docs/apps/ciphers.html
http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
http://en.wikipedia.org/wiki/Perfect_forward_secrecy
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2011/12/07, Modification date: 2012/04/02
Hosts
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 55/59
192.168.232.131 (tcp/3389)
Here is the list of SSL PFS ciphers supported by the remoteserver :
High Strength Ciphers (>= 112-bit key)
TLSv1ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128)Mac=SHA1 ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256)Mac=SHA1
The fields above are :
{OpenSSL ciphername}Kx={key exchange}Au={authentication}Enc={symmetric encryption method}Mac={message authentication code}{export flag}
62563 (1) - SSL Compression Methods Supported
SynopsisThe remote service supports one or more compression methods for SSL connections.
DescriptionThis script detects which compression methods are supported by the remote servicefor SSL connections.
See Also
http://www.iana.org/assignments/comp-meth-ids/comp-meth-ids.xml
http://tools.ietf.org/html/rfc3749
http://tools.ietf.org/html/rfc3943
http://tools.ietf.org/html/rfc5246
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2012/10/16, Modification date: 2013/10/18
Hosts
192.168.232.131 (tcp/3389)
Nessus was able to confirm that the following compressionmethod is
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 56/59
supported by the target :
NULL (0x00)
64814 (1) - Terminal Services Use SSL/TLS
SynopsisThe remote Terminal Services use SSL/TLS.
DescriptionThe remote Terminal Services is configured to use SSL/TLS.
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2013/02/22, Modification date: 2013/08/28
Hosts
192.168.232.131 (tcp/3389)
Subject Name:
Common Name: WIN-LRFFK6NI0BQ
Issuer Name:
Common Name: WIN-LRFFK6NI0BQ
Serial Number: 77 47 2A 1F BF 3A 8B A5 4A 77 6E 9C 35 25 803F
Version: 3
Signature Algorithm: SHA-1 With RSA Encryption
Not Valid Before: Nov 13 08:48:48 2014 GMTNot Valid After: May 15 08:48:48 2015 GMT
Public Key Info:
Algorithm: RSA EncryptionKey Length: 2048 bitsPublic Key: 00 D5 1C 66 D4 45 58 09 DE A3 FD B7 14 3E B9 6604 B7 24 81 9A 2E 97 08 DB 1F 44 B8 F1 94 B8 A2 EF F8 6E 1B A4 38 BC B3 00 5E 67 F8 2D 72 F6 05 78 E9 BC 50 60 18 6C 78 51 81 4D B3 AF 65 C8 68 26 4E E7 CC E2 00 BE 02 55 5D A4 0E F6 34 82 32 AD EF B0 FA 53 17 FA 53 79 39 C0 80 1C 0D 72 FB FD 44 B2 5D A8 4B 00 86 22 70 6E FA D0 E2 B1 76 36 A5 99 47 A6 2C 8C 64 79 A9 E8 B6 DA 66 01 22 A7 12 8A CC 59 29 01 F4 3F 3D F9 05 03 2E DE 8A BB B0 53 28 DE BC CD D4 10 B3 2B 24 63 27 C3 AD 13 DB D1 12 7C A3 45 85 D2 0E B9 81 B1 EF 0B E3 A1 02 04 A5 E7 75 3F 06 28 28 CD 86 73 CC 83 B0 54 26 67 FE BD F6 54 3C
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 57/59
EA 88 B5 FA 52 8F 60 8C FF 86 59 67 4C 69 0D E6 CE 92 84 25 7F 8C 93 5F 54 02 DB F0 EC C4 24 8F FE A4 B5 35 DF A5 FB 6D 9E D5 BC DD 29 8B F2 2C 61 CA C4 7B E9 1B FD 69 6D Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bitsSignature: 00 6D EA 62 D1 4F 36 64 FF 5C 1E 28 7A 53 1C 5142 F2 A1 8B 92 32 3B E6 93 2C 60 E1 68 5E 0E 8C 81 1D C2 C2 17 F7 56 49 FF 0E D2 74 A8 67 75 F7 49 3C B5 89 24 D3 61 D0 EC 31 BA 97 4A 70 92 AE EE 97 F6 B6 44 1B B1 02 78 D3 BF 0A C0 87 06 96 1E B6 A7 6D E7 73 50 27 F5 D7 B6 68 35 8E D9 4B 6D FF 09 D8 F3 10 00 80 4C 31 16 C4 AA 19 73 CA 4C 69 22 5E E1 CE 02 67 D3 19 5C 57 10 A3 23 79 55 CD 80 7C 73 82 94 B1 E1 9B C3 39 9B 9E C3 D0 10 81 F2 A2 49 67 98 E2 8C 4C F7 E1 D1 4F AF 57 73 0D F9 FE 61 50 62 00 59 0C FD 35 65 39 81 18 4C B3 A8 5E 82 E8 B0 C6 A2 2A E5 BE 5B 2C 70 94 F3 AA 53 C4 85 04 14 DF A5 C8 3D 1D 05 0D 87 D3 17 98 36 31 53 54 7E EF C1 9B 90 61 4D 13 F6 18 28 06 76 C3 D1 D7 BE B0 C7 94 01 40 98 96 06 E8 1D E1 45 31 D2 79 A0 D9 93 BF 87 5C 7E 1C DB 88 A7
Extension: Extended Key Usage (2.5.29.37)Critical: 0Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Extension: Key Usage (2.5.29.15)Critical: 0Key Usage: Key Encipherment, Data Encipherment
66334 (1) - Patch Report
SynopsisThe remote host is missing several patches.
DescriptionThe remote host is missing one or several security patches. This plugin lists thenewest version of each patch to install to make sure the remote host is up-to-date.
SolutionInstall the patches listed below.
Risk FactorNone
Plugin Information:Publication date: 2013/07/08, Modification date: 2014/11/11
Hosts
192.168.232.131 (tcp/0)
. You need to take the following 2 actions:
[ Microsoft Windows Remote Desktop Protocol Server Man-in-
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 58/59
the-Middle Weakness (18405) ]
+ Action to take: - Force the use of SSL as a transportlayer for this service if supported, or/and
- Select the 'Allow connections only from computers runningRemote Desktop with Network Level Authentication' setting ifit is available.
[ MS12-020: Vulnerabilities in Remote Desktop Could AllowRemote Code Execution (2671387) (uncredentialed check)(58435) ]
+ Action to take: Microsoft has released a set of patchesfor Windows XP, 2003, Vista, 2008, 7, and 2008 R2.
Note that an extended support contract with Microsoft isrequired to obtain the patch for this vulnerability forWindows 2000.
+ Impact: Taking this action will resolve 2 differentvulnerabilities (CVEs).
70544 (1) - SSL Cipher Block Chaining Cipher Suites Supported
SynopsisThe remote service supports the use of SSL Cipher Block Chaining ciphers, whichcombine previous blocks with subsequent ones.
DescriptionThe remote host supports the use of SSL ciphers that operate in Cipher Block Chaining(CBC) mode. These cipher suites offer additional security over Electronic Codebook(ECB) mode, but have the potential to leak information if used improperly.
See Also
http://www.openssl.org/docs/apps/ciphers.html
http://www.nessus.org/u?cc4a822a
http://www.openssl.org/~bodo/tls-cbc.txt
Solutionn/a
Risk FactorNone
Plugin Information:Publication date: 2013/10/22, Modification date: 2013/10/22
Hosts
192.168.232.131 (tcp/3389)
11/14/2014 Nessus Scan Report
file:///C:/Users/kaine_2/Documents/School/Applied%20Exploits%20%26%20Hacking/Final%20Project/Scan_for_www_kainenet_com_buct3o.html 59/59
Here is the list of SSL CBC ciphers supported by the remoteserver :
High Strength Ciphers (>= 112-bit key)
TLSv1ECDHE-RSA-AES128-SHA Kx=ECDH Au=RSA Enc=AES-CBC(128)Mac=SHA1 ECDHE-RSA-AES256-SHA Kx=ECDH Au=RSA Enc=AES-CBC(256)Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1 AES128-SHA Kx=RSA Au=RSA Enc=AES-CBC(128) Mac=SHA1 AES256-SHA Kx=RSA Au=RSA Enc=AES-CBC(256) Mac=SHA1
The fields above are :
{OpenSSL ciphername}Kx={key exchange}Au={authentication}Enc={symmetric encryption method}Mac={message authentication code}{export flag}
This is a report from the Nessus Vulnerability Scanner .Nessus is published by Tenable Network Security, Inc | 7021 Columbia Gateway Drive Suite 500, Columbia, MD 21046
© 2014 Tenable Network Security, Inc. All rights reserved.