Network
Webside/Application
Tools nmap OS Detection xprobe2
Read More »
Objective On UDP port 1434 is most likely the MS SQL Browser Service listening. You can query this service to retrieve version info and the TCP port where MS SQL Server Service is listening. Nmap nmap -P0 -v -sU -sV -p 1434 <ip> --script ms-sql-infonmap -P0 -v -sU -sV -p 1434 <ip> --script ms-sql-info
Read More »
References Nmap UDP Protocol Scanner
Read More »
Objective: Resolved the error “PASSWORD_COMPLEXITY_UNSUPPORTED_ON_AGENT” when running a Windows auditfile via a Nessus Agent.
Read More »
Nessus Output: Description The remote host is missing one or more of the following Microsoft updates: KB2871997, KB2973351, KB2975625, KB2982378, KB2984972, KB2984976, KB2984981, KB2973501, or KB3126593. These updates are needed to improve the protection against possible credential theft. - For Windows 7 / 2008 R2 : KB2984972, KB2871997, KB2982378, and KB2973351 are required; also, KB2984976 […]
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Nessus Output: Description The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws. An attacker can exploit these flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected service and clients. NIST has determined that SSL 3.0 is no longer acceptable […]
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Nessus Output: Description The remote host supports SSLv2 and therefore may be affected by a vulnerability that allows a cross-protocol Bleichenbacher padding oracle attack known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption). This vulnerability exists due to a flaw in the Secure Sockets Layer Version 2 (SSLv2) implementation, and it allows captured TLS […]
Read More »
Best practice for systems running IIS, part of Hardening IIS:
Read More »
Nessus Output: Description The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover […]
Read More »
Objective: Check your webserver SSL/TLS configuration via online tools.
Read More »
Nessus Output The remote web server reveals the physical path of the webroot when a nonexistent page is requested. While printing errors to the output is useful for debugging applications, this feature should be disabled on production servers.
Read More »
Nikto Output DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment and when performing the Fingerprint Web Server (Passive) and Fingerprint Web Server (Active) Tests.
Read More »
Nikto Output The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
Read More »
Nikto output The site uses SSL and the Strict-Transport-Security HTTP header is not defined
Read More »
Nessus Output Synopsis : The remote device supports LLMNR. Description : The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions. Reported Risk factor by Nessus: None In my option the severity should […]
Read More »
Steps to harden Google Chrome: Updating Google Chrome Review best practices Configure Group Policy settings
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Netsparker will report this issue during your scanning phase.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nessus will report this issue during your scanning phase.
Read More »
You probably gonna find this issue in your manual browsing and spidering phase of your assessment. But also Nikto and Nessus will report this issue during your scanning phase.
Read More »
Nessus Output Description The version of Windows running on the remote host is affected by a vulnerability in the HTTP protocol stack (HTTP.sys) due to improperly parsing crafted HTTP requests. A remote attacker can exploit this to execute arbitrary code with System privileges.
Read More »
Tools … that can be used to perform SMB enumeration.
Read More »
Resources used for auditing and hardening of Brocade devices:
Read More »
What is vFeed Cross Linked and Aggregated Local Vulnerability Database https://github.com/toolswatch/vFeed http://www.vfeed.io/
Read More »
Nessus Output Description The remote host supports IPMI v2.0. The Intelligent Platform Management Interface (IPMI) protocol is affected by an information disclosure vulnerability due to the support of RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. A remote attacker can obtain password hash information for valid user accounts via the HMAC from a RAKP message 2 response […]
Read More »
Description A virtualization manager is a virtualization environment management application that provides capabilities to create, edit, remove and monitor virtual machines. A virtualization manager provides a complete management solution for many different virtual machines simultaneously through a single application management console. A virtualization manager is also known as a virtual machine manager, a virtual machine […]
Read More »
Objective I couldn’t find a script editor that recognizes the Nessus .audit file keywords and syntax so I’m working on a user defined language definition file for Notepad++.
Read More »
Nessus You can use Nessus to detect TortoiseSVN: Subversion Client/Server Detection (Windows) (40619) Microsoft Windows Installed Software Enumeration (credentialed check) (20811) SNMP Query Installed Software Disclosure (19763) There are currently no version checking / vulnerability plugins. A manual vulnerability assessment is required.
Read More »
