Skip to content
Snippets Groups Projects

NMap Vulnerability Scan

  • Clone with SSH
  • Clone with HTTPS
  • Embed
  • Share
    The snippet can be accessed without any authentication.
    Authored by Binder Elias (Student Com20)

    Output of the "sudo nmap --script vuln 192.168.1.90 -v" command

    nmap-vuln-scan.log 22.66 KiB
    Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-28 15:13 CDT
    NSE: Loaded 105 scripts for scanning.
    NSE: Script Pre-scanning.
    Initiating NSE at 15:13
    NSE Timing: About 46.15% done; ETC: 15:14 (0:00:37 remaining)
    Completed NSE at 15:14, 34.12s elapsed
    Initiating NSE at 15:14
    Completed NSE at 15:14, 0.00s elapsed
    Pre-scan script results:
    | broadcast-avahi-dos: 
    |   Discovered hosts:
    |     224.0.0.251
    |   After NULL UDP avahi packet DoS (CVE-2011-1002).
    |_  Hosts are all up (not vulnerable).
    Initiating ARP Ping Scan at 15:14
    Scanning 192.168.1.90 [1 port]
    Completed ARP Ping Scan at 15:14, 0.04s elapsed (1 total hosts)
    Initiating Parallel DNS resolution of 1 host. at 15:14
    Completed Parallel DNS resolution of 1 host. at 15:14, 0.00s elapsed
    Initiating SYN Stealth Scan at 15:14
    Scanning 192.168.1.90 [1000 ports]
    Discovered open port 53/tcp on 192.168.1.90
    Discovered open port 111/tcp on 192.168.1.90
    Discovered open port 23/tcp on 192.168.1.90
    Discovered open port 21/tcp on 192.168.1.90
    Discovered open port 25/tcp on 192.168.1.90
    Discovered open port 139/tcp on 192.168.1.90
    Discovered open port 80/tcp on 192.168.1.90
    Discovered open port 3306/tcp on 192.168.1.90
    Discovered open port 22/tcp on 192.168.1.90
    Discovered open port 5900/tcp on 192.168.1.90
    Discovered open port 445/tcp on 192.168.1.90
    Discovered open port 512/tcp on 192.168.1.90
    Discovered open port 1099/tcp on 192.168.1.90
    Discovered open port 5432/tcp on 192.168.1.90
    Discovered open port 513/tcp on 192.168.1.90
    Discovered open port 2121/tcp on 192.168.1.90
    Discovered open port 8009/tcp on 192.168.1.90
    Discovered open port 514/tcp on 192.168.1.90
    Discovered open port 1524/tcp on 192.168.1.90
    Discovered open port 6667/tcp on 192.168.1.90
    Discovered open port 6000/tcp on 192.168.1.90
    Discovered open port 8180/tcp on 192.168.1.90
    Discovered open port 2049/tcp on 192.168.1.90
    Completed SYN Stealth Scan at 15:14, 0.09s elapsed (1000 total ports)
    NSE: Script scanning 192.168.1.90.
    Initiating NSE at 15:14
    NSE: [ssl-ccs-injection] No response from server: Unknown TLS protocol version or content type
    Completed NSE at 15:19, 312.36s elapsed
    Initiating NSE at 15:19
    Completed NSE at 15:19, 0.45s elapsed
    Nmap scan report for 192.168.1.90
    Host is up (0.00023s latency).
    Not shown: 977 closed tcp ports (reset)
    PORT     STATE SERVICE
    21/tcp   open  ftp
    | ftp-vsftpd-backdoor: 
    |   VULNERABLE:
    |   vsFTPd version 2.3.4 backdoor
    |     State: VULNERABLE (Exploitable)
    |     IDs:  CVE:CVE-2011-2523  BID:48539
    |       vsFTPd version 2.3.4 backdoor, this was reported on 2011-07-04.
    |     Disclosure date: 2011-07-03
    |     Exploit results:
    |       Shell command: id
    |       Results: uid=0(root) gid=0(root)
    |     References:
    |       https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb
    |       https://www.securityfocus.com/bid/48539
    |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2523
    |_      http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
    22/tcp   open  ssh
    23/tcp   open  telnet
    25/tcp   open  smtp
    |_sslv2-drown: ERROR: Script execution failed (use -d to debug)
    | ssl-dh-params: 
    |   VULNERABLE:
    |   Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
    |     State: VULNERABLE
    |       Transport Layer Security (TLS) services that use anonymous
    |       Diffie-Hellman key exchange only provide protection against passive
    |       eavesdropping, and are vulnerable to active man-in-the-middle attacks
    |       which could completely compromise the confidentiality and integrity
    |       of any data exchanged over the resulting session.
    |     Check results:
    |       ANONYMOUS DH GROUP 1
    |             Cipher Suite: TLS_DH_anon_WITH_AES_128_CBC_SHA
    |             Modulus Type: Safe prime
    |             Modulus Source: postfix builtin
    |             Modulus Length: 1024
    |             Generator Length: 8
    |             Public Key Length: 1024
    |     References:
    |       https://www.ietf.org/rfc/rfc2246.txt
    |   
    |   Transport Layer Security (TLS) Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam)
    |     State: VULNERABLE
    |     IDs:  CVE:CVE-2015-4000  BID:74733
    |       The Transport Layer Security (TLS) protocol contains a flaw that is
    |       triggered when handling Diffie-Hellman key exchanges defined with
    |       the DHE_EXPORT cipher. This may allow a man-in-the-middle attacker
    |       to downgrade the security of a TLS session to 512-bit export-grade
    |       cryptography, which is significantly weaker, allowing the attacker
    |       to more easily break the encryption and monitor or tamper with
    |       the encrypted stream.
    |     Disclosure date: 2015-5-19
    |     Check results:
    |       EXPORT-GRADE DH GROUP 1
    |             Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
    |             Modulus Type: Safe prime
    |             Modulus Source: Unknown/Custom-generated
    |             Modulus Length: 512
    |             Generator Length: 8
    |             Public Key Length: 512
    |     References:
    |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
    |       https://weakdh.org
    |       https://www.securityfocus.com/bid/74733
    |   
    |   Diffie-Hellman Key Exchange Insufficient Group Strength
    |     State: VULNERABLE
    |       Transport Layer Security (TLS) services that use Diffie-Hellman groups
    |       of insufficient strength, especially those using one of a few commonly
    |       shared groups, may be susceptible to passive eavesdropping attacks.
    |     Check results:
    |       WEAK DH GROUP 1
    |             Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    |             Modulus Type: Safe prime
    |             Modulus Source: postfix builtin
    |             Modulus Length: 1024
    |             Generator Length: 8
    |             Public Key Length: 1024
    |     References:
    |_      https://weakdh.org
    | smtp-vuln-cve2010-4344: 
    |_  The SMTP server is not Exim: NOT VULNERABLE
    | ssl-poodle: 
    |   VULNERABLE:
    |   SSL POODLE information leak
    |     State: VULNERABLE
    |     IDs:  CVE:CVE-2014-3566  BID:70574
    |           The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
    |           products, uses nondeterministic CBC padding, which makes it easier
    |           for man-in-the-middle attackers to obtain cleartext data via a
    |           padding-oracle attack, aka the "POODLE" issue.
    |     Disclosure date: 2014-10-14
    |     Check results:
    |       TLS_RSA_WITH_AES_128_CBC_SHA
    |     References:
    |       https://www.imperialviolet.org/2014/10/14/poodle.html
    |       https://www.openssl.org/~bodo/ssl-poodle.pdf
    |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
    |_      https://www.securityfocus.com/bid/70574
    53/tcp   open  domain
    80/tcp   open  http
    | http-sql-injection: 
    |   Possible sqli for queries:
    |     http://192.168.1.90:80/dav/?C=D%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=M%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=N%3BO%3DD%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=S%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=documentation%2Fhow-to-access-Mutillidae-over-Virtual-Box-network.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=add-to-your-blog.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=set-background-color.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=register.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=view-someones-blog.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=user-info.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=dns-lookup.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=capture-data.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=home.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=site-footer-xss-discussion.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=installation.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=password-generator.php%27%20OR%20sqlspider&username=anonymous
    |     http://192.168.1.90:80/mutillidae/index.php?page=show-log.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/?page=login.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=php-errors.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=login.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=captured-data.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=notes.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=usage-instructions.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=browser-info.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=text-file-viewer.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=arbitrary-file-inclusion.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=framing.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/?page=source-viewer.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/?page=credits.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=secret-administrative-pages.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=change-log.htm%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?do=toggle-hints%27%20OR%20sqlspider&page=home.php
    |     http://192.168.1.90:80/mutillidae/index.php?page=pen-test-tool-lookup.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?do=toggle-security%27%20OR%20sqlspider&page=home.php
    |     http://192.168.1.90:80/mutillidae/index.php?page=source-viewer.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=documentation%2Fvulnerabilities.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/?page=user-info.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=html5-storage.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/?page=show-log.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=credits.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/?page=add-to-your-blog.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/index.php?page=user-poll.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/?page=text-file-viewer.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/mutillidae/?page=view-someones-blog.php%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=N%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=S%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=M%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=D%3BO%3DD%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=N%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=S%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=M%3BO%3DD%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=D%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=N%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=S%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=M%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=D%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=N%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=D%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=M%3BO%3DA%27%20OR%20sqlspider
    |     http://192.168.1.90:80/dav/?C=S%3BO%3DD%27%20OR%20sqlspider
    |     http://192.168.1.90:80/rdiff/TWiki/TWikiHistory?rev2=1.7%27%20OR%20sqlspider&rev1=1.8
    |     http://192.168.1.90:80/rdiff/TWiki/TWikiHistory?rev2=1.7&rev1=1.8%27%20OR%20sqlspider
    |     http://192.168.1.90:80/rdiff/TWiki/TWikiHistory?rev2=1.9%27%20OR%20sqlspider&rev1=1.10
    |     http://192.168.1.90:80/rdiff/TWiki/TWikiHistory?rev2=1.9&rev1=1.10%27%20OR%20sqlspider
    |     http://192.168.1.90:80/view/TWiki/TWikiHistory?rev=1.9%27%20OR%20sqlspider
    |     http://192.168.1.90:80/view/TWiki/TWikiHistory?rev=1.8%27%20OR%20sqlspider
    |     http://192.168.1.90:80/oops/TWiki/TWikiHistory?param1=1.10%27%20OR%20sqlspider&template=oopsrev
    |     http://192.168.1.90:80/oops/TWiki/TWikiHistory?param1=1.10&template=oopsrev%27%20OR%20sqlspider
    |     http://192.168.1.90:80/rdiff/TWiki/TWikiHistory?rev2=1.8%27%20OR%20sqlspider&rev1=1.9
    |     http://192.168.1.90:80/rdiff/TWiki/TWikiHistory?rev2=1.8&rev1=1.9%27%20OR%20sqlspider
    |     http://192.168.1.90:80/view/TWiki/TWikiHistory?rev=1.7%27%20OR%20sqlspider
    |     http://192.168.1.90:80/rdiff/TWiki/TWikiHistory?rev2=1.7%27%20OR%20sqlspider&rev1=1.8
    |     http://192.168.1.90:80/rdiff/TWiki/TWikiHistory?rev2=1.7&rev1=1.8%27%20OR%20sqlspider
    |     http://192.168.1.90:80/rdiff/TWiki/TWikiHistory?rev2=1.9%27%20OR%20sqlspider&rev1=1.10
    |     http://192.168.1.90:80/rdiff/TWiki/TWikiHistory?rev2=1.9&rev1=1.10%27%20OR%20sqlspider
    |     http://192.168.1.90:80/view/TWiki/TWikiHistory?rev=1.9%27%20OR%20sqlspider
    |     http://192.168.1.90:80/view/TWiki/TWikiHistory?rev=1.8%27%20OR%20sqlspider
    |     http://192.168.1.90:80/view/TWiki/TWikiHistory?rev=1.7%27%20OR%20sqlspider
    |     http://192.168.1.90:80/oops/TWiki/TWikiHistory?param1=1.10%27%20OR%20sqlspider&template=oopsrev
    |     http://192.168.1.90:80/oops/TWiki/TWikiHistory?param1=1.10&template=oopsrev%27%20OR%20sqlspider
    |     http://192.168.1.90:80/rdiff/TWiki/TWikiHistory?rev2=1.8%27%20OR%20sqlspider&rev1=1.9
    |_    http://192.168.1.90:80/rdiff/TWiki/TWikiHistory?rev2=1.8&rev1=1.9%27%20OR%20sqlspider
    |_http-trace: TRACE is enabled
    | http-enum: 
    |   /tikiwiki/: Tikiwiki
    |   /test/: Test page
    |   /phpinfo.php: Possible information file
    |   /phpMyAdmin/: phpMyAdmin
    |   /doc/: Potentially interesting directory w/ listing on 'apache/2.2.8 (ubuntu) dav/2'
    |   /icons/: Potentially interesting folder w/ directory listing
    |_  /index/: Potentially interesting folder
    |_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
    | http-csrf: 
    | Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.1.90
    |   Found the following possible CSRF vulnerabilities: 
    |     
    |     Path: http://192.168.1.90:80/dvwa/
    |     Form id: 
    |     Form action: login.php
    |     
    |     Path: http://192.168.1.90:80/twiki/TWikiDocumentation.html
    |     Form id: 
    |     Form action: http://TWiki.org/cgi-bin/passwd/TWiki/WebHome
    |     
    |     Path: http://192.168.1.90:80/twiki/TWikiDocumentation.html
    |     Form id: 
    |     Form action: http://TWiki.org/cgi-bin/passwd/Main/WebHome
    |     
    |     Path: http://192.168.1.90:80/twiki/TWikiDocumentation.html
    |     Form id: 
    |     Form action: http://TWiki.org/cgi-bin/edit/TWiki/
    |     
    |     Path: http://192.168.1.90:80/twiki/TWikiDocumentation.html
    |     Form id: 
    |     Form action: http://TWiki.org/cgi-bin/view/TWiki/TWikiSkins
    |     
    |     Path: http://192.168.1.90:80/twiki/TWikiDocumentation.html
    |     Form id: 
    |_    Form action: http://TWiki.org/cgi-bin/manage/TWiki/ManagingWebs
    |_http-dombased-xss: Couldn't find any DOM based XSS.
    | http-fileupload-exploiter: 
    |   
    |_    Couldn't find a file-type field.
    |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
    111/tcp  open  rpcbind
    139/tcp  open  netbios-ssn
    445/tcp  open  microsoft-ds
    512/tcp  open  exec
    513/tcp  open  login
    514/tcp  open  shell
    1099/tcp open  rmiregistry
    | rmi-vuln-classloader: 
    |   VULNERABLE:
    |   RMI registry default configuration remote code execution vulnerability
    |     State: VULNERABLE
    |       Default configuration of RMI registry allows loading classes from remote URLs which can lead to remote code execution.
    |       
    |     References:
    |_      https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/java_rmi_server.rb
    1524/tcp open  ingreslock
    2049/tcp open  nfs
    2121/tcp open  ccproxy-ftp
    3306/tcp open  mysql
    |_mysql-vuln-cve2012-2122: ERROR: Script execution failed (use -d to debug)
    |_ssl-ccs-injection: No reply from server (TIMEOUT)
    5432/tcp open  postgresql
    | ssl-dh-params: 
    |   VULNERABLE:
    |   Diffie-Hellman Key Exchange Insufficient Group Strength
    |     State: VULNERABLE
    |       Transport Layer Security (TLS) services that use Diffie-Hellman groups
    |       of insufficient strength, especially those using one of a few commonly
    |       shared groups, may be susceptible to passive eavesdropping attacks.
    |     Check results:
    |       WEAK DH GROUP 1
    |             Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    |             Modulus Type: Safe prime
    |             Modulus Source: Unknown/Custom-generated
    |             Modulus Length: 1024
    |             Generator Length: 8
    |             Public Key Length: 1024
    |     References:
    |_      https://weakdh.org
    | ssl-poodle: 
    |   VULNERABLE:
    |   SSL POODLE information leak
    |     State: VULNERABLE
    |     IDs:  CVE:CVE-2014-3566  BID:70574
    |           The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
    |           products, uses nondeterministic CBC padding, which makes it easier
    |           for man-in-the-middle attackers to obtain cleartext data via a
    |           padding-oracle attack, aka the "POODLE" issue.
    |     Disclosure date: 2014-10-14
    |     Check results:
    |       TLS_RSA_WITH_AES_128_CBC_SHA
    |     References:
    |       https://www.imperialviolet.org/2014/10/14/poodle.html
    |       https://www.openssl.org/~bodo/ssl-poodle.pdf
    |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
    |_      https://www.securityfocus.com/bid/70574
    | ssl-ccs-injection: 
    |   VULNERABLE:
    |   SSL/TLS MITM vulnerability (CCS Injection)
    |     State: VULNERABLE
    |     Risk factor: High
    |       OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
    |       does not properly restrict processing of ChangeCipherSpec messages,
    |       which allows man-in-the-middle attackers to trigger use of a zero
    |       length master key in certain OpenSSL-to-OpenSSL communications, and
    |       consequently hijack sessions or obtain sensitive information, via
    |       a crafted TLS handshake, aka the "CCS Injection" vulnerability.
    |           
    |     References:
    |       http://www.cvedetails.com/cve/2014-0224
    |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
    |_      http://www.openssl.org/news/secadv_20140605.txt
    5900/tcp open  vnc
    6000/tcp open  X11
    6667/tcp open  irc
    |_irc-unrealircd-backdoor: Looks like trojaned version of unrealircd. See http://seclists.org/fulldisclosure/2010/Jun/277
    8009/tcp open  ajp13
    8180/tcp open  unknown
    | http-slowloris-check: 
    |   VULNERABLE:
    |   Slowloris DOS attack
    |     State: LIKELY VULNERABLE
    |     IDs:  CVE:CVE-2007-6750
    |       Slowloris tries to keep many connections to the target web server open and hold
    |       them open as long as possible.  It accomplishes this by opening connections to
    |       the target web server and sending a partial request. By doing so, it starves
    |       the http server's resources causing Denial Of Service.
    |       
    |     Disclosure date: 2009-09-17
    |     References:
    |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
    |_      http://ha.ckers.org/slowloris/
    | http-enum: 
    |   /admin/: Possible admin folder
    |   /admin/index.html: Possible admin folder
    |   /admin/login.html: Possible admin folder
    |   /admin/admin.html: Possible admin folder
    |   /admin/account.html: Possible admin folder
    |   /admin/admin_login.html: Possible admin folder
    |   /admin/home.html: Possible admin folder
    |   /admin/admin-login.html: Possible admin folder
    |   /admin/adminLogin.html: Possible admin folder
    |   /admin/controlpanel.html: Possible admin folder
    |   /admin/cp.html: Possible admin folder
    |   /admin/index.jsp: Possible admin folder
    |   /admin/login.jsp: Possible admin folder
    |   /admin/admin.jsp: Possible admin folder
    |   /admin/home.jsp: Possible admin folder
    |   /admin/controlpanel.jsp: Possible admin folder
    |   /admin/admin-login.jsp: Possible admin folder
    |   /admin/cp.jsp: Possible admin folder
    |   /admin/account.jsp: Possible admin folder
    |   /admin/admin_login.jsp: Possible admin folder
    |   /admin/adminLogin.jsp: Possible admin folder
    |   /manager/html/upload: Apache Tomcat (401 Unauthorized)
    |   /manager/html: Apache Tomcat (401 Unauthorized)
    |   /admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html: OpenCart/FCKeditor File upload
    |   /admin/includes/FCKeditor/editor/filemanager/upload/test.html: ASP Simple Blog / FCKeditor File Upload
    |   /admin/jscript/upload.html: Lizard Cart/Remote File upload
    |_  /webdav/: Potentially interesting folder
    | http-cookie-flags: 
    |   /admin/: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/index.html: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/login.html: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/admin.html: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/account.html: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/admin_login.html: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/home.html: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/admin-login.html: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/adminLogin.html: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/controlpanel.html: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/cp.html: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/index.jsp: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/login.jsp: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/admin.jsp: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/home.jsp: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/controlpanel.jsp: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/admin-login.jsp: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/cp.jsp: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/account.jsp: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/admin_login.jsp: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/adminLogin.jsp: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/includes/FCKeditor/editor/filemanager/upload/test.html: 
    |     JSESSIONID: 
    |       httponly flag not set
    |   /admin/jscript/upload.html: 
    |     JSESSIONID: 
    |_      httponly flag not set
    MAC Address: 52:54:00:12:34:56 (QEMU virtual NIC)
    
    Host script results:
    |_smb-vuln-ms10-054: false
    |_smb-vuln-ms10-061: false
    |_smb-vuln-regsvc-dos: ERROR: Script execution failed (use -d to debug)
    
    NSE: Script Post-scanning.
    Initiating NSE at 15:19
    Completed NSE at 15:19, 0.00s elapsed
    Initiating NSE at 15:19
    Completed NSE at 15:19, 0.00s elapsed
    Read data files from: /usr/bin/../share/nmap
    Nmap done: 1 IP address (1 host up) scanned in 347.26 seconds
               Raw packets sent: 1001 (44.028KB) | Rcvd: 1001 (40.120KB)
    0% Loading or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment