|
IP,Hostname,Port,Port Protocol,CVSS,Severity,QoD,Solution Type,NVT Name,Summary,Specific Result,NVT OID,CVEs,Task ID,Task Name,Timestamp,Result ID,Impact,Solution,Affected Software/OS,Vulnerability Insight,Vulnerability Detection Method,Product Detection Result,BIDs,CERTs,Other References
|
|
192.168.6.34,,445,tcp,7.5,High,99,"WillNotFix","Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability","Microsoft Windows is prone to an authentication bypass
|
|
vulnerability via SMB/NETBIOS.","It was possible to login at the share 'IPC$' with an empty login and password.
|
|
",1.3.6.1.4.1.25623.1.0.801991,"CVE-1999-0519",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,27041c04-5c35-48ae-a6a2-ddbd0918f93b,"Successful exploitation could allow attackers to use shares to
|
|
cause the system to crash.","No known solution was made available for at least one year
|
|
since the disclosure of this vulnerability. Likely none will be provided anymore.
|
|
General solution options are to upgrade to a newer release, disable respective
|
|
features, remove the product or replace the product by another one.
|
|
|
|
A workaround is to,
|
|
|
|
- Disable null session login.
|
|
|
|
- Remove the share.
|
|
|
|
- Enable passwords on the share.","'- Microsoft Windows 95
|
|
|
|
- Microsoft Windows 98
|
|
|
|
- Microsoft Windows NT
|
|
|
|
- Microsoft Windows 2000
|
|
|
|
- Microsoft Windows in other implementations / versions might be affected as well","The flaw is due to an SMB share, allows full access to Guest users.
|
|
If the Guest account is enabled, anyone can access the computer without a valid user account or password.","
|
|
Details:
|
|
Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerabili...
|
|
(OID: 1.3.6.1.4.1.25623.1.0.801991)
|
|
Version used: 2023-07-28T13:05:23+08:00
|
|
","","","",""
|
|
192.168.6.19,,21,tcp,6.4,Medium,80,"Mitigation","Anonymous FTP Login Reporting","Reports if the remote FTP Server allows anonymous logins.","It was possible to login to the remote FTP service with the following anonymous account(s):
|
|
|
|
anonymous:anonymous@example.com
|
|
|
|
Here are the contents of the remote FTP directory listing:
|
|
|
|
Account ""anonymous"":
|
|
|
|
-rwx------ 1 user group 48322 Mar 16 2007 FTPServer.chm
|
|
-rwx------ 1 user group 363520 Mar 16 2007 FTPServer.exe
|
|
-rwx------ 1 user group 23864 Jun 11 08:06 ftptrace.txt
|
|
-rwx------ 1 user group 919 Mar 16 2007 license.txt
|
|
-rwx------ 1 user group 146 Apr 29 16:29 security.xml
|
|
-rwx------ 1 user group 1511 Jun 12 08:08 users.xml
|
|
-rwx------ 1 user group 17148 Mar 17 2007 whatsnew.txt
|
|
|
|
",1.3.6.1.4.1.25623.1.0.900600,"CVE-1999-0497",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,8fa15584-8f02-4093-9b45-2d1b586955e8,"Based on the files accessible via this anonymous FTP login and
|
|
the permissions of this account an attacker might be able to:
|
|
|
|
- gain access to sensitive files
|
|
|
|
- upload or delete files.","If you do not want to share files, you should disable anonymous
|
|
logins.","","A host that provides an FTP service may additionally provide
|
|
Anonymous FTP access as well. Under this arrangement, users do not strictly need an account on the
|
|
host. Instead the user typically enters 'anonymous' or 'ftp' when prompted for username. Although
|
|
users are commonly asked to send their email address as their password, little to no verification
|
|
is actually performed on the supplied data.
|
|
|
|
Remark: NIST don't see 'configuration issues' as software flaws so the referenced CVE has a
|
|
severity of 0.0. The severity of this VT has been raised by Greenbone to still report a
|
|
configuration issue on the target.","
|
|
Details:
|
|
Anonymous FTP Login Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.900600)
|
|
Version used: 2021-10-20T17:03:29+08:00
|
|
","","","",""
|
|
192.168.6.231,,3718,tcp,5.3,Medium,80,"Mitigation","Weak Host Key Algorithm(s) (SSH)","The remote SSH server is configured to allow / support weak host
|
|
key algorithm(s).","The remote SSH server supports the following weak host key algorithm(s):
|
|
|
|
host key algorithm | Description
|
|
-----------------------------------------------------------------------------------------
|
|
ssh-dss | Digital Signature Algorithm (DSA) / Digital Signature Standard (DSS)
|
|
",1.3.6.1.4.1.25623.1.0.117687,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,0023ee59-1935-43a6-b8dd-f525ddc5afe1,"","Disable the reported weak host key algorithm(s).","","","Checks the supported host key algorithms of the remote SSH
|
|
server.
|
|
|
|
Currently weak host key algorithms are defined as the following:
|
|
|
|
- ssh-dss: Digital Signature Algorithm (DSA) / Digital Signature Standard (DSS)
|
|
Details:
|
|
Weak Host Key Algorithm(s) (SSH)
|
|
(OID: 1.3.6.1.4.1.25623.1.0.117687)
|
|
Version used: 2023-10-12T13:05:32+08:00
|
|
","","","",""
|
|
192.168.6.39,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49666]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49666]
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49667]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49669/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49669]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49669]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49669]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49669]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49669]
|
|
|
|
Port: 49670/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49670]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49670]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49748/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.39[49748]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,2a27ff1e-435c-4251-8336-1412572c4ef2,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
192.168.6.37,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49666]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49667]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49667]
|
|
|
|
Port: 49670/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49670]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49670]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49670]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49670]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49670]
|
|
|
|
Port: 49671/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49671]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49671]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49671]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49671]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49698/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.37[49698]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,e326cd6c-cb45-4b44-8e00-01e5a16377f2,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
192.168.6.22,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49666]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49667]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49667]
|
|
|
|
Port: 49678/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49678]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49678]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49678]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49678]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49678]
|
|
|
|
Port: 49680/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49680]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49680]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49680]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[49680]
|
|
Annotation: KeyIso
|
|
|
|
Port: 52042/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.22[52042]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,d189e37d-bc0c-4390-9c94-2bf6912836c2,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
192.168.6.23,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49666]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49667]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49667]
|
|
|
|
Port: 49669/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49669]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49669]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49669]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49669]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49669]
|
|
|
|
Port: 49670/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49670]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49670]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49709/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.23[49709]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,4db76b3f-9c1b-4d1f-bf80-2d9b163fb686,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
192.168.6.34,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49666]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49667]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49667]
|
|
|
|
Port: 49668/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49668]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49668]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49668]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49668]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49668]
|
|
|
|
Port: 49669/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49669]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49669]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49669]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49669]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49671/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.34[49671]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,0e6570cf-f1e0-4a44-a41d-9b478a7b80f5,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
192.168.6.18,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49666]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49667]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49667]
|
|
|
|
Port: 49669/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49669]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49669]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49669]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49669]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49669]
|
|
|
|
Port: 49670/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49670]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49670]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49700/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.18[49700]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,76a545e4-dd81-42c2-b084-181c9db7f8c6,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
192.168.6.30,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49666]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49666]
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49667]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49668/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49668]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49668]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49668]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49668]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49668]
|
|
|
|
Port: 49670/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49670]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49670]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49692/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.30[49692]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,a4ab69ba-9fd8-4930-87b0-d760e0972854,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
192.168.6.19,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49666]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49667]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49667]
|
|
|
|
Port: 49668/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49668]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49668]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49668]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49668]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49668]
|
|
|
|
Port: 49669/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49669]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49669]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49669]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49669]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49670/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.19[49670]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,846cf658-5ef3-45ca-b43d-100a2c3a030b,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
192.168.6.9,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49666]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49667]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49667]
|
|
|
|
Port: 49668/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49668]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49668]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49668]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49668]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49668]
|
|
|
|
Port: 49669/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49669]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49669]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49669]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49669]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49670/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.9[49670]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,4cb7a009-49a6-49c1-98d0-54693a01e93e,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
192.168.6.12,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49666]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49667]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49667]
|
|
|
|
Port: 49669/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49669]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49669]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49669]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49669]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49669]
|
|
|
|
Port: 49670/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49670]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49670]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49704/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.12[49704]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,73a05630-5f18-45d4-aaf8-f6b9fd9951b2,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
192.168.6.15,,135,tcp,5.0,Medium,80,"Mitigation","DCE/RPC and MSRPC Services Enumeration Reporting","Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
|
|
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.","Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
|
|
|
|
Port: 49664/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49664]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 12345778-1234-abcd-ef00-0123456789ac, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49664]
|
|
Named pipe : lsass
|
|
Win32 service or process : lsass.exe
|
|
Description : SAM access
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49664]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49664]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49665/tcp
|
|
|
|
UUID: d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49665]
|
|
|
|
Port: 49666/tcp
|
|
|
|
UUID: f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49666]
|
|
Annotation: Event log TCPIP
|
|
|
|
Port: 49667/tcp
|
|
|
|
UUID: 3a9ef155-691d-4449-8d05-09ad57031823, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49667]
|
|
|
|
UUID: 86d35949-83c9-4044-b424-db363231fd0c, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49667]
|
|
|
|
Port: 49669/tcp
|
|
|
|
UUID: 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49669]
|
|
|
|
UUID: 12345678-1234-abcd-ef00-0123456789ab, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49669]
|
|
Named pipe : spoolss
|
|
Win32 service or process : spoolsv.exe
|
|
Description : Spooler service
|
|
|
|
UUID: 4a452661-8290-4b36-8fbe-7f4093a94978, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49669]
|
|
|
|
UUID: 76f03f96-cdfd-44fc-a22c-64950a001209, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49669]
|
|
|
|
UUID: ae33069b-a2a8-46ee-a235-ddfd339be281, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49669]
|
|
|
|
Port: 49670/tcp
|
|
|
|
UUID: 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49670]
|
|
Annotation: RemoteAccessCheck
|
|
|
|
UUID: 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49670]
|
|
Annotation: Ngc Pop Key Service
|
|
|
|
UUID: b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49670]
|
|
Annotation: KeyIso
|
|
|
|
Port: 49686/tcp
|
|
|
|
UUID: 367abb81-9844-35f1-ad32-98f038001003, version 2
|
|
Endpoint: ncacn_ip_tcp:192.168.6.15[49686]
|
|
|
|
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
|
|
",1.3.6.1.4.1.25623.1.0.10736,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,0d0685a6-087d-464d-ab82-01a49bc32d9c,"An attacker may use this fact to gain more knowledge
|
|
about the remote host.","Filter incoming traffic to this ports.","","","
|
|
Details:
|
|
DCE/RPC and MSRPC Services Enumeration Reporting
|
|
(OID: 1.3.6.1.4.1.25623.1.0.10736)
|
|
Version used: 2022-06-03T18:17:07+08:00
|
|
","","","",""
|
|
192.168.6.19,,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
|
|
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):
|
|
|
|
Non-anonymous sessions: 331 Password required for openvasvt
|
|
Anonymous sessions: 331 Password required for anonymous
|
|
",1.3.6.1.4.1.25623.1.0.108528,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,fc66f66b-e758-4d7e-9a3c-7c79defefbe3,"An attacker can uncover login names and passwords by sniffing traffic to the
|
|
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
|
|
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
|
|
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
|
|
the 'AUTH TLS' command.
|
|
Details:
|
|
FTP Unencrypted Cleartext Login
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108528)
|
|
Version used: 2023-12-20T13:05:58+08:00
|
|
","","","",""
|
|
192.168.6.15,,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
|
|
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):
|
|
|
|
Non-anonymous sessions: 331 Password required for openvasvt
|
|
Anonymous sessions: 331 Password required for anonymous
|
|
",1.3.6.1.4.1.25623.1.0.108528,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,62e0df29-a64a-463d-a926-1d950d3d4514,"An attacker can uncover login names and passwords by sniffing traffic to the
|
|
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
|
|
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
|
|
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
|
|
the 'AUTH TLS' command.
|
|
Details:
|
|
FTP Unencrypted Cleartext Login
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108528)
|
|
Version used: 2023-12-20T13:05:58+08:00
|
|
","","","",""
|
|
192.168.6.12,,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
|
|
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):
|
|
|
|
Non-anonymous sessions: 331 Password required for openvasvt
|
|
Anonymous sessions: 331 Password required for anonymous
|
|
",1.3.6.1.4.1.25623.1.0.108528,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,5dc5d620-bd49-46b6-b41e-97dfeb91fee6,"An attacker can uncover login names and passwords by sniffing traffic to the
|
|
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
|
|
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
|
|
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
|
|
the 'AUTH TLS' command.
|
|
Details:
|
|
FTP Unencrypted Cleartext Login
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108528)
|
|
Version used: 2023-12-20T13:05:58+08:00
|
|
","","","",""
|
|
192.168.6.34,,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
|
|
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):
|
|
|
|
Non-anonymous sessions: 331 Password required for openvasvt
|
|
Anonymous sessions: 331 Password required for anonymous
|
|
",1.3.6.1.4.1.25623.1.0.108528,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,af32e863-125f-489d-bd84-1862a7be89cb,"An attacker can uncover login names and passwords by sniffing traffic to the
|
|
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
|
|
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
|
|
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
|
|
the 'AUTH TLS' command.
|
|
Details:
|
|
FTP Unencrypted Cleartext Login
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108528)
|
|
Version used: 2023-12-20T13:05:58+08:00
|
|
","","","",""
|
|
192.168.6.39,,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
|
|
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):
|
|
|
|
Non-anonymous sessions: 331 Password required for openvasvt
|
|
Anonymous sessions: 331 Password required for anonymous
|
|
",1.3.6.1.4.1.25623.1.0.108528,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,78aa0ac5-9183-4840-a82f-ad1c5596b306,"An attacker can uncover login names and passwords by sniffing traffic to the
|
|
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
|
|
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
|
|
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
|
|
the 'AUTH TLS' command.
|
|
Details:
|
|
FTP Unencrypted Cleartext Login
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108528)
|
|
Version used: 2023-12-20T13:05:58+08:00
|
|
","","","",""
|
|
192.168.6.37,,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
|
|
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):
|
|
|
|
Non-anonymous sessions: 331 Password required for openvasvt
|
|
Anonymous sessions: 331 Password required for anonymous
|
|
",1.3.6.1.4.1.25623.1.0.108528,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,1da12af8-3c90-4bb7-8939-1fa68b5b0141,"An attacker can uncover login names and passwords by sniffing traffic to the
|
|
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
|
|
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
|
|
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
|
|
the 'AUTH TLS' command.
|
|
Details:
|
|
FTP Unencrypted Cleartext Login
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108528)
|
|
Version used: 2023-12-20T13:05:58+08:00
|
|
","","","",""
|
|
192.168.6.18,,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
|
|
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):
|
|
|
|
Non-anonymous sessions: 331 Password required for openvasvt
|
|
Anonymous sessions: 331 Password required for anonymous
|
|
",1.3.6.1.4.1.25623.1.0.108528,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,f737f3df-90cc-4886-8079-34f3afa46a37,"An attacker can uncover login names and passwords by sniffing traffic to the
|
|
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
|
|
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
|
|
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
|
|
the 'AUTH TLS' command.
|
|
Details:
|
|
FTP Unencrypted Cleartext Login
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108528)
|
|
Version used: 2023-12-20T13:05:58+08:00
|
|
","","","",""
|
|
192.168.6.30,,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
|
|
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):
|
|
|
|
Non-anonymous sessions: 331 Password required for openvasvt
|
|
Anonymous sessions: 331 Password required for anonymous
|
|
",1.3.6.1.4.1.25623.1.0.108528,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,08693f6a-783f-44ae-bc93-9f9a23bac1a5,"An attacker can uncover login names and passwords by sniffing traffic to the
|
|
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
|
|
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
|
|
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
|
|
the 'AUTH TLS' command.
|
|
Details:
|
|
FTP Unencrypted Cleartext Login
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108528)
|
|
Version used: 2023-12-20T13:05:58+08:00
|
|
","","","",""
|
|
192.168.6.9,,21,tcp,4.8,Medium,70,"Mitigation","FTP Unencrypted Cleartext Login","The remote host is running a FTP service that allows cleartext logins over
|
|
unencrypted connections.","The remote FTP service accepts logins without a previous sent 'AUTH TLS' command. Response(s):
|
|
|
|
Non-anonymous sessions: 331 Password required for openvasvt
|
|
Anonymous sessions: 331 Password required for anonymous
|
|
",1.3.6.1.4.1.25623.1.0.108528,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,f46d37c7-3455-4485-aa0c-f49bba0d99ac,"An attacker can uncover login names and passwords by sniffing traffic to the
|
|
FTP service.","Enable FTPS or enforce the connection via the 'AUTH TLS' command. Please see
|
|
the manual of the FTP service for more information.","","","Tries to login to a non FTPS enabled FTP service without sending a
|
|
'AUTH TLS' command first and checks if the service is accepting the login without enforcing the use of
|
|
the 'AUTH TLS' command.
|
|
Details:
|
|
FTP Unencrypted Cleartext Login
|
|
(OID: 1.3.6.1.4.1.25623.1.0.108528)
|
|
Version used: 2023-12-20T13:05:58+08:00
|
|
","","","",""
|
|
192.168.6.66,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 770490130
|
|
Packet 2: 770491296
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,bc529def-ede8-4669-8148-756ced9c6ee2,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
192.168.6.254,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 456298802
|
|
Packet 2: 456298917
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,0781dd15-7389-4e1a-8831-af76a8382d5c,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
192.168.6.1,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 456327676
|
|
Packet 2: 456327789
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:34+08:00,8da5a98b-50fd-4dac-8530-38955370d0b8,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
192.168.6.231,,,,2.6,Low,80,"Mitigation","TCP Timestamps Information Disclosure","The remote host implements TCP timestamps and therefore allows
|
|
to compute the uptime.","It was detected that the host implements RFC1323/RFC7323.
|
|
|
|
The following timestamps were retrieved with a delay of 1 seconds in-between:
|
|
Packet 1: 456296205
|
|
Packet 2: 456296317
|
|
",1.3.6.1.4.1.25623.1.0.80091,"",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,5b20eaff-8386-45df-85a9-a7484dd7c2ac,"A side effect of this feature is that the uptime of the remote
|
|
host can sometimes be computed.","To disable TCP timestamps on linux add the line
|
|
'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at
|
|
runtime.
|
|
|
|
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
|
|
|
|
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
|
|
|
|
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options when
|
|
initiating TCP connections, but use them if the TCP peer that is initiating communication includes
|
|
them in their synchronize (SYN) segment.
|
|
|
|
See the references for more information.","TCP implementations that implement RFC1323/RFC7323.","The remote host implements TCP timestamps, as defined by
|
|
RFC1323/RFC7323.","Special IP packets are forged and sent with a little delay in
|
|
between to the target IP. The responses are searched for a timestamps. If found, the timestamps
|
|
are reported.
|
|
Details:
|
|
TCP Timestamps Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.80091)
|
|
Version used: 2023-12-16T00:10:08+08:00
|
|
","","","",""
|
|
192.168.6.66,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,a52a4da5-1fa0-42f4-9905-ef5492c043e3,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
|
|
192.168.6.231,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,a260d2c4-c04d-4d94-9182-43780643e90c,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
|
|
192.168.6.254,,,,2.1,Low,80,"Mitigation","ICMP Timestamp Reply Information Disclosure","The remote host responded to an ICMP timestamp request.","The following response / ICMP packet has been received:
|
|
- ICMP Type: 14
|
|
- ICMP Code: 0
|
|
",1.3.6.1.4.1.25623.1.0.103190,"CVE-1999-0524",2679f9ea-17d5-4634-aabb-aca6af1ffbac,"6.0-2-3",2024-06-12T12:02:33+08:00,6cf29ab1-bb6c-41bd-ad2a-3aa962f85285,"This information could theoretically be used to exploit weak
|
|
time-based random number generators in other services.","Various mitigations are possible:
|
|
|
|
- Disable the support for ICMP timestamp on the remote host completely
|
|
|
|
- Protect the remote host by a firewall, and block ICMP packets passing through the firewall in
|
|
either direction (either completely or only for untrusted networks)","","The Timestamp Reply is an ICMP message which replies to a
|
|
Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as
|
|
well as a receive timestamp and a transmit timestamp.","Sends an ICMP Timestamp (Type 13) request and checks if a
|
|
Timestamp Reply (Type 14) is received.
|
|
Details:
|
|
ICMP Timestamp Reply Information Disclosure
|
|
(OID: 1.3.6.1.4.1.25623.1.0.103190)
|
|
Version used: 2023-05-11T17:09:33+08:00
|
|
","","","DFN-CERT-2014-0658,CB-K15/1514,CB-K14/0632",""
|
