Tools
On UDP port 1434 is most likely the MS SQL Browser Service listening.
You can query this service to retrieve version info and the TCP port where MS SQL Server Service is listening.
nmap -P0 -v -sU -sV -p 1434 <ip> --script ms-sql-info |
Description The remote host is missing one or more of the following Microsoft updates: KB2871997, KB2973351, KB2975625, KB2982378, KB2984972, KB2984976, KB2984981, KB2973501, or KB3126593. These updates are needed to improve the protection against possible credential theft. - For Windows 7 / 2008 R2 : KB2984972, KB2871997, KB2982378, and KB2973351 are required; also, KB2984976 (if KB2592687 is installed) or KB2984981 (if KB2830477 is installed). - For Windows 8 / 2012 : KB2973501, KB2871997, and KB2973351 are required. - For Windows 8.1 / 2012 R2 : KB2973351 (if Update 1 is installed) or KB2975625 (if Update 1 isn't installed). These updates provide additional protection for the Local Security Authority (LSA), add a restricted administrative mode for Credential Security Support Provider (CredSSP), introduce support for the protected account-restricted domain user category, enforce stricter authentication policies, add additional protection for users' credentials, and add a restricted administrative mode for Remote Desktop Connection and Remote Desktop Protocol. Solution Microsoft has released a set of patches for Windows 7, 2008 R2, 8, 2012, 8.1, and 2012 R2. Output A required registry setting is missing: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential = 0 More information: https://blogs.technet.microsoft.com/kfalde/2014/11/01/kb2871997-and-wdigest-part-1/
Best practice for systems running IIS, part of Hardening IIS:
Description The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws. An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients. NIST has determined that SSL 3.0 is no longer acceptable for secure communications. As of the date of enforcement found in PCI DSS v3.1, any version of SSL will not meet the PCI SSC'S definition of 'strong cryptography'. Solution Consult the application's documentation to disable SSL 2.0 and 3.0. Use TLS 1.1 (with approved cipher suites) or higher instead.
Best practice for systems running IIS, part of Hardening IIS:
Description The remote host supports SSLv2 and therefore may be affected by a vulnerability that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS traffic to be decrypted. A man-in-the-middle attacker can exploit this to decrypt the TLS connection by utilizing previously captured traffic and weak cryptography along with a series of specially crafted connections to an SSLv2 server that uses the same private key. Solution Disable SSLv2 and export grade cryptography cipher suites. Ensure that private keys are not used anywhere with server software that supports SSLv2 connections.
Best practice for systems running IIS, part of Hardening IIS:
Description The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections. Solution Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
The remote web server reveals the physical path of the webroot when a nonexistent page is requested. While printing errors to the output is useful for debugging applications, this feature should be disabled on production servers.
DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
You probably gonna find this issue in your manual browsing and spidering phase of your assessment and when performing the Fingerprint Web Server (Passive) and Fingerprint Web Server (Active) Tests.
The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
The site uses SSL and the Strict-Transport-Security HTTP header is not defined |
Synopsis : The remote device supports LLMNR. Description : The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions.
Reported Risk factor by Nessus: None
In my option the severity should be much higher.
Steps to harden Google Chrome:
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Netsparker will report this issue during your scanning phase.
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nessus will report this issue during your scanning phase.
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nikto and Nessus will report this issue during your scanning phase.
The version of Windows running on the remote host is affected by a vulnerability in the HTTP protocol stack (HTTP.sys) due to improperly parsing crafted HTTP requests. A remote attacker can exploit this to execute arbitrary code with System privileges.
Resources used for auditing and hardening of Brocade devices:
Description
The remote host supports IPMI v2.0. The Intelligent Platform Management Interface (IPMI) protocol is affected by an information disclosure vulnerability due to the support of RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. A remote attacker can obtain password hash information for valid user accounts via the HMAC from a RAKP message 2 response from a BMC.
A virtualization manager is a virtualization environment management application that provides capabilities to create, edit, remove and monitor virtual machines. A virtualization manager provides a complete management solution for many different virtual machines simultaneously through a single application management console.
A virtualization manager is also known as a virtual machine manager, a virtual machine monitor or a hypervisor.
Source
You can use Nessus to detect TortoiseSVN:
There are currently no version checking / vulnerability plugins.
A manual vulnerability assessment is required.