Nikto Output
OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://<ipaddress>/images/".
OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://<ipaddress>/images/".
Synopsis : The remote device supports LLMNR. Description : The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions.
Reported Risk factor by Nessus: None
In my option the severity should be much higher.
Determine which wireless networks are available on the targets physical location(s).
Perform name lookups with a wordlist (dictionary attack) to identify services/hosts/websites in the target domain. Only applicable if Check for DNS zone transfer failed.
Obtain valid server names and aliases for the IP addresses in the defined scope of the test.
Only applicable if Check for DNS zone transfer failed.
Test if the authoritative nameservers are allowing zone transfers for the domains in scope.
To understand what sensitive design and configuration information of the application/system/organization is exposed both directly (on the organization’s website) or indirectly (on a third party website).
(from the OWASP Testing Guide v4.0 Conduct search engine discovery/reconnaissance for information leakage (OTG-INFO-001)
Find the version and type of a running web server to determine known
vulnerabilities and the appropriate exploits to use during testing.
(OWASP Testing Guide v4.0 – OTG-INFO-002)
Find the version and type of a running web server to determine known
vulnerabilities and the appropriate exploits to use during testing.
(OWASP Testing Guide v4.0 – Fingerprint Web Server OTG-INFO-002)
To understand what sensitive design and configuration information of the application/system/organization is exposed both directly (on the organization’s website) or indirectly (on a third party website).
(from the OWASP Testing Guide v4.0 Conduct search engine discovery/reconnaissance for information leakage (OTG-INFO-001)
Check if the DNS servers are vulnerable to version queries.
Analyze the reported version for vulnerabilities and available exploits.