- 20 Eyl 2021
- 2,541
- 3
- 692
- 24
Ünlü bir yere nmap -Pn --script vuln ıp adresi dedim taramaya başladım ve sonuçlar şöyle:
Sistemdeki açık portlar:
PORT STATE SERVICE
80/tcp open http
81/tcp open hosts2-ns
82/tcp open xfer
84/tcp open ctf
85/tcp open mit-ml-dev
88/tcp open kerberos-sec
89/tcp open su-mit-tg
90/tcp open dnsix
443/tcp open https
44/tcp open snpp
800/tcp open mdbs_daemon
808/tcp open ccproxy-http
888/tcp open accessbuilder
1024/tcp open kdm
1058/tcp open nim
1080/tcp open socks
1433/tcp open ms-sql-s
1443/tcp open ies-lm
1723/tcp open pptp
1863/tcp open msnp
1935/tcp open rtmp
2000/tcp open cisco-sccp
2001/tcp open dc
2002/tcp open globe
2003/tcp open finger
2020/tcp open xinupageserver
2033/tcp open glogger
2323/tcp open 3d-nfsd
3000/tcp open ppp
3001/tcp open nessus
3011/tcp open trusted-web
3013/tcp open gilatskysurfer
3031/tcp open eppc
3052/tcp open powerchute
4002/tcp open mlchat-proxy
4003/tcp open pxc-splr-ft
4343/tcp open unicall
4443/tcp open pharos
4445/tcp open upnotifyp
4899/tcp open radmin
5000/tcp open upnp
5001/tcp open commplex-link
5002/tcp open rfe
5030/tcp open surfpass
5080/tcp open onscreen
5222/tcp open xmpp-client
5555/tcp open freeciv
5678/tcp open rrac
6001/tcp open X11:1
6005/tcp open X11:5
6666/tcp open irc
6699/tcp open napster
7000/tcp open afs3-fileserver
7001/tcp open afs3-callback
7002/tcp open afs3-prserver
7004/tcp open afs3-kaserver
7070/tcp open realserver
7100/tcp open font-service
7443/tcp open oracleas-https
7777/tcp open cbt
7778/tcp open interwise
8000/tcp open http-alt
8001/tcp open vcom-tunnel
8002/tcp open teradataordbms
8007/tcp open ajp12
8008/tcp open http
8009/tcp open ajp13
8010/tcp open xmpp
8021/tcp open ftp-proxy
8022/tcp open oa-system
8042/tcp open fs-agent
8080/tcp open http-proxy
8081/tcp open blackice-icecap
8082/tcp open blackice-alerts
8083/tcp open us-srv
8084/tcp open websnp
8086/tcp open d-s-n
8087/tcp open simplifymedia
8088/tcp open radan-http
8090/tcp open opsmessaging
8100/tcp open xprint-server
8181/tcp open intermapper
8200/tcp open trivnet1
8383/tcp open m2mservices
8443/tcp open https-alt
8888/tcp open sun-answerbook
8899/tcp open ospf-lite
9000/tcp open cslistener
9001/tcp open tor-orport
9002/tcp open dynamid
9009/tcp open pichat
9010/tcp open sdr
9011/tcp open d-star
9080/tcp open glrpc
9081/tcp open cisco-aqos
9090/tcp open zeus-admin
9091/tcp open xmltec-xmlmail
9100/tcp open jetdirect
9101/tcp open jetdirect
9102/tcp open jetdirect
9200/tcp open wap-wsp
9207/tcp open wap-vcal-s
9500/tcp open ismserver
9900/tcp open iua
9998/tcp open distinct32
9999/tcp open abyss
10000/tcp open snet-sensor-mgmt
10001/tcp open scp-config
10002/tcp open documentum
10003/tcp open documentum_s
10004/tcp open emcrmirccd
12345/tcp open netbus
15000/tcp open hydap
20000/tcp open dnp
20005/tcp open btx
50000/tcp open ibm-db2
Açık portlar bu kadar.
Bir tanede normal bir açık buldu oda şöyle:
http-cross-domain-policy:
| VULNERABLE:
| Cross-domain and Client Access policies.
| State: VULNERABLE
| A cross-domain policy file specifies the permissions that a web client such as Java, Adobe Flash, Adobe Reader,
| etc. use to access data across different domains. A client acces policy file is similar to cross-domain policy
| but is used for M$ Silverlight applications. Overly permissive configurations enables Cross-site Request
| Forgery attacks, and may allow third parties to access sensitive data meant for the user.
| Check results:
| /crossdomain.xml:
| <?xml version="1.0"?>
| <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
| <cross-domain-policy>
| <allow-access-from domain="*" />
| </cross-domain-policy>
|
| Extra information:
| Trusted domains:*
|
| References:
| Exploiting misconfigured crossdomain.xml files
| https://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
| https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/CrossDomain_PolicyFile_Specification.pdf
| http://acunetix.com/vulnerabilities/web/insecure-clientaccesspolicy-xml-file
| https://www.owasp.org/index.php/Test_RIA_cross_domain_policy_(OTG-CONFIG-008)
|_ Exploiting Insecure crossdomain.xml to Bypass Same Origin Policy (ActionScript PoC)
Arkadaşlar sizden istediğim bunu şirkete ne tarz bir rapor olarak yazabilirim ben 1 tane mi açık seçicem 1000 tane açık var burda ve bunlar gerçekden açık mı? Yardımcı olursanız sevinirim.
Sistemdeki açık portlar:
PORT STATE SERVICE
80/tcp open http
81/tcp open hosts2-ns
82/tcp open xfer
84/tcp open ctf
85/tcp open mit-ml-dev
88/tcp open kerberos-sec
89/tcp open su-mit-tg
90/tcp open dnsix
443/tcp open https
44/tcp open snpp
800/tcp open mdbs_daemon
808/tcp open ccproxy-http
888/tcp open accessbuilder
1024/tcp open kdm
1058/tcp open nim
1080/tcp open socks
1433/tcp open ms-sql-s
1443/tcp open ies-lm
1723/tcp open pptp
1863/tcp open msnp
1935/tcp open rtmp
2000/tcp open cisco-sccp
2001/tcp open dc
2002/tcp open globe
2003/tcp open finger
2020/tcp open xinupageserver
2033/tcp open glogger
2323/tcp open 3d-nfsd
3000/tcp open ppp
3001/tcp open nessus
3011/tcp open trusted-web
3013/tcp open gilatskysurfer
3031/tcp open eppc
3052/tcp open powerchute
4002/tcp open mlchat-proxy
4003/tcp open pxc-splr-ft
4343/tcp open unicall
4443/tcp open pharos
4445/tcp open upnotifyp
4899/tcp open radmin
5000/tcp open upnp
5001/tcp open commplex-link
5002/tcp open rfe
5030/tcp open surfpass
5080/tcp open onscreen
5222/tcp open xmpp-client
5555/tcp open freeciv
5678/tcp open rrac
6001/tcp open X11:1
6005/tcp open X11:5
6666/tcp open irc
6699/tcp open napster
7000/tcp open afs3-fileserver
7001/tcp open afs3-callback
7002/tcp open afs3-prserver
7004/tcp open afs3-kaserver
7070/tcp open realserver
7100/tcp open font-service
7443/tcp open oracleas-https
7777/tcp open cbt
7778/tcp open interwise
8000/tcp open http-alt
8001/tcp open vcom-tunnel
8002/tcp open teradataordbms
8007/tcp open ajp12
8008/tcp open http
8009/tcp open ajp13
8010/tcp open xmpp
8021/tcp open ftp-proxy
8022/tcp open oa-system
8042/tcp open fs-agent
8080/tcp open http-proxy
8081/tcp open blackice-icecap
8082/tcp open blackice-alerts
8083/tcp open us-srv
8084/tcp open websnp
8086/tcp open d-s-n
8087/tcp open simplifymedia
8088/tcp open radan-http
8090/tcp open opsmessaging
8100/tcp open xprint-server
8181/tcp open intermapper
8200/tcp open trivnet1
8383/tcp open m2mservices
8443/tcp open https-alt
8888/tcp open sun-answerbook
8899/tcp open ospf-lite
9000/tcp open cslistener
9001/tcp open tor-orport
9002/tcp open dynamid
9009/tcp open pichat
9010/tcp open sdr
9011/tcp open d-star
9080/tcp open glrpc
9081/tcp open cisco-aqos
9090/tcp open zeus-admin
9091/tcp open xmltec-xmlmail
9100/tcp open jetdirect
9101/tcp open jetdirect
9102/tcp open jetdirect
9200/tcp open wap-wsp
9207/tcp open wap-vcal-s
9500/tcp open ismserver
9900/tcp open iua
9998/tcp open distinct32
9999/tcp open abyss
10000/tcp open snet-sensor-mgmt
10001/tcp open scp-config
10002/tcp open documentum
10003/tcp open documentum_s
10004/tcp open emcrmirccd
12345/tcp open netbus
15000/tcp open hydap
20000/tcp open dnp
20005/tcp open btx
50000/tcp open ibm-db2
Açık portlar bu kadar.
Bir tanede normal bir açık buldu oda şöyle:
http-cross-domain-policy:
| VULNERABLE:
| Cross-domain and Client Access policies.
| State: VULNERABLE
| A cross-domain policy file specifies the permissions that a web client such as Java, Adobe Flash, Adobe Reader,
| etc. use to access data across different domains. A client acces policy file is similar to cross-domain policy
| but is used for M$ Silverlight applications. Overly permissive configurations enables Cross-site Request
| Forgery attacks, and may allow third parties to access sensitive data meant for the user.
| Check results:
| /crossdomain.xml:
| <?xml version="1.0"?>
| <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
| <cross-domain-policy>
| <allow-access-from domain="*" />
| </cross-domain-policy>
|
| Extra information:
| Trusted domains:*
|
| References:
| Exploiting misconfigured crossdomain.xml files
| https://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
| https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/CrossDomain_PolicyFile_Specification.pdf
| http://acunetix.com/vulnerabilities/web/insecure-clientaccesspolicy-xml-file
| https://www.owasp.org/index.php/Test_RIA_cross_domain_policy_(OTG-CONFIG-008)
|_ Exploiting Insecure crossdomain.xml to Bypass Same Origin Policy (ActionScript PoC)
Arkadaşlar sizden istediğim bunu şirkete ne tarz bir rapor olarak yazabilirim ben 1 tane mi açık seçicem 1000 tane açık var burda ve bunlar gerçekden açık mı? Yardımcı olursanız sevinirim.