Lab 5

Attachments

List of hosts
172.16.20.1 Low Severity problem(s) found

172.17.20.1 High Severity problem(s) found

172.18.20.1 High Severity problem(s) found

172.19.20.1 Low Severity problem(s) found

172.20.20.1 High Severity problem(s) found

172.30.0.10 High Severity problem(s) found

172.30.0.66 High Severity problem(s) found

[^] Back

172.16.20.1
Scan Time

Start time : Thu Aug 05 11:34:38 2010

End time : Thu Aug 05 11:36:50 2010

Number of vulnerabilities

Open ports : 2

High : 0

Medium : 0

Low : 2

Remote host information

Operating System :

NetBIOS name :

DNS name :

[^] Back to 172.16.20.1

Port general (0/icmp) [-/+]

ICMP Timestamp Request Remote Date Disclosure

Synopsis:
It is possible to determine the exact time set on the remote host.

Description:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date
which is set on your machine. This may help him to defeat all your time based authentication protocols.

Risk factor:
None

Solution:
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Plugin output:
This host returns non-standard timestamps (high bit is set)

Plugin ID:
10114

Page 1 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

CVE:
CVE-1999-0524

Other references:
OSVDB:94

Nessus Scan Information

Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034

Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :
2010/8/5 11:34 Scan duration : 132 sec

Plugin ID:
19506

[^] Back to 172.16.20.1

[^] Back

172.17.20.1
Scan Time

Start time : Thu Aug 05 11:34:38 2010

End time : Thu Aug 05 11:37:36 2010

Number of vulnerabilities

Open ports : 5

High : 1

Medium : 0

Low : 8

Remote host information

Operating System : KYOCERA Printer

NetBIOS name :

DNS name :

[^] Back to 172.17.20.1

Port general (0/icmp) [-/+]

ICMP Timestamp Request Remote Date Disclosure

Synopsis:
It is possible to determine the exact time set on the remote host.

Description:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date
which is set on your machine. This may help him to defeat all your time based authentication protocols.

Risk factor:
None

Solution:

Page 2 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Plugin output:
This host returns non-standard timestamps (high bit is set)

Plugin ID:
10114

CVE:
CVE-1999-0524

Other references:
OSVDB:94

OS Identification

Remote operating system : KYOCERA Printer Confidence Level : 65 Method : SinFP Not all fingerprints
could give a match – please email the following to

[email protected]

: NTP:!:UNIX SinFP:
P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x12:W4128:O0204ffff:M536:
P3:B01023:F0x14:W5840:O0:M0 P4:4202_7_p=23R The remote host is running KYOCERA Printer

Plugin ID:
11936

Nessus Scan Information

Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034
Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :
2010/8/5 11:34 Scan duration : 178 sec

Plugin ID:
19506

Traceroute Information

Synopsis:
It was possible to obtain traceroute information.

Description:
Makes a traceroute to the remote host.

Risk factor:
None

Solution:
n/a

Plugin output:
For your information, here is the traceroute from 172.30.0.67 to 172.17.20.1 : 172.30.0.67 172.20.20.1
172.20.0.2 172.17.20.1

Plugin ID:
10287

Port ntp (123/udp) [-/+]

Network Time Protocol (NTP) Server Detection

Page 3 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

Synopsis:
An NTP server is listening on the remote host.

Description:
An NTP (Network Time Protocol) server is listening on this port. It provides information about the
current date and time of the remote system and may provide system information.

Risk factor:
None

Solution:
n/a

Plugin output:
It was possible to gather the following information from the remote NTP host : version=’4′,
processor=’unknown’, system=’UNIX’, leap=3, stratum=16, precision=-24, rootdelay=0.000,
rootdispersion=44898.809, peer=0, refid=INIT, reftime=0x00000000.00000000, poll=6,
clock=0xD00558E5.B0D6A347, state=1, offset=0.000, frequency=0.000, jitter=0.000, noise=0.000,
stability=0.000

Plugin ID:

10884

Port telnet (23/tcp) [-/+]

Cisco Device Default Password

Synopsis:
The remote device has a factory password set.

Description:
The remote CISCO router has a default password set. This allows an attacker to get a lot information
about the network, and possibly to shut it down if the ‘enable’ password is not set either or is also a
default password.

Risk factor:
Critical

CVSS Base Score:10.0
CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution:
Access this device and set a password using ‘enable secret’

Plugin output:
Plugin Output : It was possible to log in as ‘cisco’/’cisco’

Plugin ID:
23938

CVE:
CVE-1999-0508

Service Detection

A telnet server is running on this port.

Page 4 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

Plugin ID:
22964

Unencrypted Telnet Server

Synopsis:
The remote Telnet server transmits traffic in cleartext.

Description:

The remote host is running a Telnet server over an unencrypted channel. Using Telnet over an
unencrypted channel is not recommended as logins, passwords and commands are transferred in
cleartext. An attacker may eavesdrop on a Telnet session and obtain credentials or other sensitive
information. Use of SSH is prefered nowadays as it protects credentials from eavesdropping and can
tunnel additional data streams such as the X11 session.

Risk factor:
Low

CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Solution:
Disable this service and use SSH instead.

Plugin ID:
42263

Telnet Server Detection

Synopsis:
A Telnet server is listening on the remote port.

Description:
The remote host is running a Telnet server, a remote terminal server.

Risk factor:
None

Solution:
Disable this service if you do not use it.

Plugin output:
Here is the banner from the remote Telnet server : —————————— snip —————————
— User Access Verification Username: —————————— snip ——————————

Plugin ID:
10281

[^] Back to 172.17.20.1

[^] Back

172.18.20.1
Scan Time

Start time : Thu Aug 05 11:34:38 2010

End time : Thu Aug 05 11:37:35 2010

Number of vulnerabilities

Page 5 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

Open ports : 5

High : 1

Medium : 0

Low : 8

Remote host information

Operating System : KYOCERA Printer

NetBIOS name :

DNS name :

[^] Back to 172.18.20.1

Port general (0/icmp) [-/+]

ICMP Timestamp Request Remote Date Disclosure

Synopsis:
It is possible to determine the exact time set on the remote host.

Description:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date
which is set on your machine. This may help him to defeat all your time based authentication protocols.

Risk factor:
None

Solution:
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Plugin output:
This host returns non-standard timestamps (high bit is set)

Plugin ID:
10114

CVE:
CVE-1999-0524

Other references:
OSVDB:94

OS Identification

Remote operating system : KYOCERA Printer Confidence Level : 65 Method : SinFP Not all fingerprints
could give a match – please email the following to

[email protected]

: NTP:!:UNIX SinFP:
P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x12:W4128:O0204ffff:M536:
P3:B01023:F0x14:W5840:O0:M0 P4:4202_7_p=23R The remote host is running KYOCERA Printer

Plugin ID:
11936

Nessus Scan Information

Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034
Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application

tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :

Page 6 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

2010/8/5 11:34 Scan duration : 177 sec

Plugin ID:
19506

Traceroute Information

Synopsis:
It was possible to obtain traceroute information.

Description:
Makes a traceroute to the remote host.

Risk factor:
None

Solution:
n/a

Plugin output:
For your information, here is the traceroute from 172.30.0.67 to 172.18.20.1 : 172.30.0.67 172.20.20.1
172.19.0.1 172.18.20.1

Plugin ID:
10287

Port ntp (123/udp) [-/+]

Network Time Protocol (NTP) Server Detection

Synopsis:
An NTP server is listening on the remote host.

Description:
An NTP (Network Time Protocol) server is listening on this port. It provides information about the
current date and time of the remote system and may provide system information.

Risk factor:
None

Solution:

n/a

Plugin output:
It was possible to gather the following information from the remote NTP host : version=’4′,
processor=’unknown’, system=’UNIX’, leap=3, stratum=16, precision=-24, rootdelay=0.000,
rootdispersion=45905.189, peer=0, refid=INIT, reftime=0x00000000.00000000, poll=6,
clock=0xD00558EA.EFBD9427, state=1, offset=0.000, frequency=0.000, jitter=0.000, noise=0.000,
stability=0.000

Plugin ID:
10884

Port telnet (23/tcp) [-/+]

Cisco Device Default Password

Page 7 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

Synopsis:
The remote device has a factory password set.

Description:
The remote CISCO router has a default password set. This allows an attacker to get a lot information
about the network, and possibly to shut it down if the ‘enable’ password is not set either or is also a
default password.

Risk factor:
Critical

CVSS Base Score:10.0
CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution:
Access this device and set a password using ‘enable secret’

Plugin output:
Plugin Output : It was possible to log in as ‘cisco’/’cisco’

Plugin ID:

23938

CVE:
CVE-1999-0508

Service Detection

A telnet server is running on this port.

Plugin ID:
22964

Unencrypted Telnet Server

Synopsis:
The remote Telnet server transmits traffic in cleartext.

Description:
The remote host is running a Telnet server over an unencrypted channel. Using Telnet over an
unencrypted channel is not recommended as logins, passwords and commands are transferred in
cleartext. An attacker may eavesdrop on a Telnet session and obtain credentials or other sensitive
information. Use of SSH is prefered nowadays as it protects credentials from eavesdropping and can
tunnel additional data streams such as the X11 session.

Risk factor:
Low

CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Solution:
Disable this service and use SSH instead.

Plugin ID:

42263

Telnet Server Detection

Page 8 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

Synopsis:
A Telnet server is listening on the remote port.

Description:
The remote host is running a Telnet server, a remote terminal server.

Risk factor:
None

Solution:
Disable this service if you do not use it.

Plugin output:
Here is the banner from the remote Telnet server : —————————— snip —————————
— User Access Verification Username: —————————— snip ——————————

Plugin ID:
10281

[^] Back to 172.18.20.1

[^] Back

172.19.20.1
Scan Time

Start time : Thu Aug 05 11:34:38 2010

End time : Thu Aug 05 11:37:04 2010

Number of vulnerabilities

Open ports : 5

High : 0

Medium : 0

Low : 9

Remote host information

Operating System : CISCO IOS 12 CISCO PIX

NetBIOS name :

DNS name :

[^] Back to 172.19.20.1

Port general (0/icmp) [-/+]

ICMP Timestamp Request Remote Date Disclosure

Synopsis:
It is possible to determine the exact time set on the remote host.

Description:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date
which is set on your machine. This may help him to defeat all your time based authentication protocols.

Risk factor:
None

Page 9 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

Solution:
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Plugin output:
This host returns non-standard timestamps (high bit is set)

Plugin ID:
10114

CVE:
CVE-1999-0524

Other references:
OSVDB:94

OS Identification

Remote operating system : CISCO IOS 12 CISCO PIX Confidence Level : 69 Method : SSH Not all
fingerprints could give a match – please email the following to

[email protected]

: NTP:!:UNIX
SinFP: P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x12:W4128:O0204ffff:M536:
P3:B01023:F0x14:W5840:O0:M0 P4:4202_7_p=22R SSH:SSH-2.0-Cisco-1.25 The remote host is
running one of these operating systems : CISCO IOS 12 CISCO PIX

Plugin ID:
11936

Common Platform Enumeration (CPE)

Synopsis:
It is possible to enumerate CPE names that matched on the remote system.

Description:
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host. Note that if an
official CPE is not available for the product, this plugin computes the best possible CPE based on the
information available from the scan.

Risk factor:
None

See also:
http://cpe.mitre.org/

Solution:
n/a

Plugin output:
The remote operating system matched the following CPEs : cpe:/o:cisco:ios:12 cpe:/o:cisco:pix_firewall

Plugin ID:
45590

Nessus Scan Information

Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034
Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :

Page 10 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

2010/8/5 11:34 Scan duration : 146 sec

Plugin ID:
19506

Traceroute Information

Synopsis:
It was possible to obtain traceroute information.

Description:
Makes a traceroute to the remote host.

Risk factor:
None

Solution:
n/a

Plugin output:
For your information, here is the traceroute from 172.30.0.67 to 172.19.20.1 : 172.30.0.67 172.20.20.1
172.19.20.1

Plugin ID:
10287

Port ntp (123/udp) [-/+]

Network Time Protocol (NTP) Server Detection

Synopsis:
An NTP server is listening on the remote host.

Description:
An NTP (Network Time Protocol) server is listening on this port. It provides information about the
current date and time of the remote system and may provide system information.

Risk factor:
None

Solution:

n/a

Plugin output:
It was possible to gather the following information from the remote NTP host : version=’4′,
processor=’unknown’, system=’UNIX’, leap=3, stratum=16, precision=-24, rootdelay=0.000,
rootdispersion=45894.944, peer=0, refid=INIT, reftime=0x00000000.00000000, poll=6,
clock=0xD00558DE.3C2417C4, state=1, offset=0.000, frequency=0.000, jitter=0.000, noise=0.000,
stability=0.000

Plugin ID:
10884

Port ssh (22/tcp) [-/+]

Service Detection

Page 11 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

An SSH server is running on this port.

Plugin ID:
22964

SSH Server Type and Version Information

Synopsis:
An SSH server is listening on this port.

Description:
It is possible to obtain information about the remote SSH server by sending an empty authentication
request.

Risk factor:
None

Solution:
n/a

Plugin output:
SSH version : SSH-2.0-Cisco-1.25 SSH supported authentication : keyboard-interactive,password

Plugin ID:

10267

SSH Protocol Versions Supported

Synopsis:
A SSH server is running on the remote host.

Description:
This plugin determines the versions of the SSH protocol supported by the remote SSH daemon.

Risk factor:
None

Solution:
n/a

Plugin output:
The remote SSH daemon supports the following versions of the SSH protocol : – 1.99 – 2.0 SSHv2 host
key fingerprint : 9b:3d:7c:93:84:73:58:72:a8:b4:67:b4:f7:ea:d0:46

Plugin ID:
10881

[^] Back to 172.19.20.1

[^] Back

172.20.20.1
Scan Time

Start time : Thu Aug 05 11:34:38 2010

End time : Thu Aug 05 11:37:31 2010

Number of vulnerabilities

Page 12 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

Open ports : 6

High : 1

Medium : 0

Low : 9

Remote host information

Operating System : KYOCERA Printer

NetBIOS name :

DNS name :

[^] Back to 172.20.20.1

Port general (0/icmp) [-/+]

ICMP Timestamp Request Remote Date Disclosure

Synopsis:
It is possible to determine the exact time set on the remote host.

Description:
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date
which is set on your machine. This may help him to defeat all your time based authentication protocols.

Risk factor:
None

Solution:
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Plugin output:
This host returns non-standard timestamps (high bit is set)

Plugin ID:
10114

CVE:
CVE-1999-0524

Other references:
OSVDB:94

OS Identification

Remote operating system : KYOCERA Printer Confidence Level : 65 Method : SinFP Not all fingerprints
could give a match – please email the following to

[email protected]

: NTP:!:UNIX SinFP:
P1:B11013:F0x12:W4128:O0204ffff:M536: P2:B11013:F0x12:W4128:O0204ffff:M536:
P3:B11023:F0x14:W5840:O0:M0 P4:4202_7_p=23R The remote host is running KYOCERA Printer

Plugin ID:
11936

Nessus Scan Information

Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034
Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application

tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :

Page 13 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

2010/8/5 11:34 Scan duration : 173 sec

Plugin ID:
19506

Traceroute Information

Synopsis:
It was possible to obtain traceroute information.

Description:
Makes a traceroute to the remote host.

Risk factor:
None

Solution:
n/a

Plugin output:
For your information, here is the traceroute from 172.30.0.67 to 172.20.20.1 : 172.30.0.67 172.20.20.1

Plugin ID:
10287

Port ntp (123/udp) [-/+]

Network Time Protocol (NTP) Server Detection

Synopsis:
An NTP server is listening on the remote host.

Description:
An NTP (Network Time Protocol) server is listening on this port. It provides information about the
current date and time of the remote system and may provide system information.

Risk factor:
None

Solution:
n/a

Plugin output:
It was possible to gather the following information from the remote NTP host : version=’4′,
processor=’unknown’, system=’UNIX’, leap=3, stratum=16, precision=-24, rootdelay=0.000,
rootdispersion=45935.174, peer=0, refid=INIT, reftime=0x00000000.00000000, poll=6,
clock=0xD0055933.709DBD75, state=1, offset=0.000, frequency=0.000, jitter=0.000, noise=0.000,
stability=0.000

Plugin ID:
10884

Port telnet (23/tcp) [-/+]

Cisco Device Default Password

Synopsis:

Page 14 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

The remote device has a factory password set.

Description:
The remote CISCO router has a default password set. This allows an attacker to get a lot information
about the network, and possibly to shut it down if the ‘enable’ password is not set either or is also a
default password.

Risk factor:
Critical

CVSS Base Score:10.0
CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution:
Access this device and set a password using ‘enable secret’

Plugin output:
Plugin Output : It was possible to log in as ‘cisco’/’cisco’

Plugin ID:
23938

CVE:
CVE-1999-0508

Service Detection

A telnet server is running on this port.

Plugin ID:
22964

Unencrypted Telnet Server

Synopsis:
The remote Telnet server transmits traffic in cleartext.

Description:
The remote host is running a Telnet server over an unencrypted channel. Using Telnet over an
unencrypted channel is not recommended as logins, passwords and commands are transferred in
cleartext. An attacker may eavesdrop on a Telnet session and obtain credentials or other sensitive

information. Use of SSH is prefered nowadays as it protects credentials from eavesdropping and can
tunnel additional data streams such as the X11 session.

Risk factor:
Low

CVSS Base Score:2.6
CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Solution:
Disable this service and use SSH instead.

Plugin ID:
42263

Telnet Server Detection

Synopsis:

Page 15 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

A Telnet server is listening on the remote port.

Description:
The remote host is running a Telnet server, a remote terminal server.

Risk factor:
None

Solution:
Disable this service if you do not use it.

Plugin output:
Here is the banner from the remote Telnet server : —————————— snip —————————
— User Access Verification Username: —————————— snip ——————————

Plugin ID:
10281

Port tftp (69/udp) [-/+]

TFTP Daemon Detection

Synopsis:
A TFTP server is listening on the remote port.

Description:
The remote host is running a TFTP (Trivial File Transfer Protocol) daemon. TFTP is often used by
routers and diskless hosts to retrieve their configuration. It is also used by worms to propagate.

Risk factor:
None

Solution:
Disable this service if you do not use it.

Plugin ID:
11819

[^] Back to 172.20.20.1

[^] Back

172.30.0.10
Scan Time

Start time : Thu Aug 05 11:34:38 2010

End time : Thu Aug 05 11:37:13 2010

Number of vulnerabilities

Open ports : 22

High : 5

Medium : 2

Low : 37

Remote host information

Page 16 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

Operating
System :

Microsoft Windows Server
2003 Service Pack 1

NetBIOS
name :

WINDOWS01

DNS name :

[^] Back to 172.30.0.10

Port general (0/icmp) [-/+]

MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code
Execution (958644) (uncredentialed check)

Synopsis:
Arbitrary code can be executed on the remote host due to a flaw in the ‘Server’ service.

Description:

The remote host is vulnerable to a buffer overrun in the ‘Server’ service that may allow an attacker to
execute arbitrary code on the remote host with the ‘System’ privileges.

Risk factor:
Critical

CVSS Base Score:10.0
CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution:
Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008 :
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

Plugin ID:
34477

CVE:
CVE-2008-4250

BID:
31874

Other references:
OSVDB:49243

ICMP Timestamp Request Remote Date Disclosure

Synopsis:
It is possible to determine the exact time set on the remote host.

Description:

The remote host answers to an ICMP timestamp request. This allows an attacker to know the date
which is set on your machine. This may help him to defeat all your time based authentication protocols.

Risk factor:
None

Solution:
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).

Page 17 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

Plugin output:
This host returns non-standard timestamps (high bit is set) The ICMP timestamps might be in little
endian format (not in network format) The remote clock is synchronized with the local clock.

Plugin ID:
10114

CVE:
CVE-1999-0524

Other references:
OSVDB:94

TCP/IP Timestamps Supported

Synopsis:
The remote service implements TCP timestamps.

Description:
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is
that the uptime of the remote host can sometimes be computed.

Risk factor:
None

See also:
http://www.ietf.org/rfc/rfc1323.txt

Solution:
n/a

Plugin ID:
25220

VMware Virtual Machine Detection

Synopsis:
The remote host seems to be a VMware virtual machine.

Description:

According to the MAC address of its network adapter, the remote host is a VMware virtual machine.
Since it is physically accessible through the network, ensure that its configuration matches your
organization’s security policy.

Risk factor:
None

Solution:
n/a

Plugin ID:
20094

Ethernet card brand

Synopsis:
The manufacturer can be deduced from the Ethernet OUI.

Page 18 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

Description:
Each ethernet MAC address starts with a 24-bit ‘Organizationally Unique Identifier’. These OUI are
registered by IEEE.

Risk factor:
None

See also:
http://standards.ieee.org/faqs/OUI.html

See also:
http://standards.ieee.org/regauth/oui/index.shtml

Solution:
n/a

Plugin output:
The following card manufacturers were identified : 00:0c:29:d8:9d:dc : VMware, Inc.

Plugin ID:
35716

OS Identification

Remote operating system : Microsoft Windows Server 2003 Service Pack 1 Confidence Level : 99
Method : MSRPC The remote host is running Microsoft Windows Server 2003 Service Pack 1

Plugin ID:
11936

Common Platform Enumeration (CPE)

Synopsis:
It is possible to enumerate CPE names that matched on the remote system.

Description:
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform
Enumeration) matches for various hardware and software products found on a host. Note that if an
official CPE is not available for the product, this plugin computes the best possible CPE based on the
information available from the scan.

Risk factor:
None

See also:
http://cpe.mitre.org/

Solution:
n/a

Plugin output:
The remote operating system matched the following CPE : cpe:/o:microsoft:windows_2003_server::sp1
-> Microsoft Windows 2003 Server Service Pack 1

Plugin ID:
45590

Nessus Scan Information

Page 19 of 76Nessus Scan Report

8/5/2010mhtml:file://C:\Documents and Settings\acaballero\Desktop\nessus_MockITScan.mht

Information about this scan : Nessus version : 4.2.2 (Build 9129) Plugin feed version : 201007191034
Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 172.30.0.67 Port scanner(s) :
nessus_syn_scanner Port range : default Thorough tests : no Experimental tests : no Paranoia level : 1
Report Verbosity : 1 Safe checks : no Optimize the test : yes CGI scanning : disabled Web application
tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Scan Start Date :
2010/8/5 11:34 Scan duration : 155 sec

Plugin ID:
19506

Traceroute Information

Synopsis:
It was possible to obtain traceroute information.

Description:
Makes a traceroute to the remote …

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *