+- BackBox Indonesia (https://www.backboxindonesia.or.id)
+-- Forum: Attacking (https://www.backboxindonesia.or.id/forum-12.html)
+--- Forum: Exploitation (https://www.backboxindonesia.or.id/forum-13.html)
+--- Thread: [ASK] Mau bertanya ttng nmap (/thread-151.html)
[ASK] Mau bertanya ttng nmap - fireworm - 07-20-2016
Nmap scan report for 10.10.14.79
Host is up (0.00041s latency).
Not shown: 995 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
7741/tcp open scriptview
49156/tcp open unknown
MAC Address: 98:83:89
06:5C (Samsung Electronics)Nmap scan report for 10.10.14.82
Host is up (0.00044s latency).
Not shown: 992 filtered ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1801/tcp open msmq
2103/tcp open zephyr-clt
2105/tcp open eklogin
2107/tcp open msmq-mgmt
MAC Address: 00
54:61:BA:0F (Samsung Electronics)Nmap scan report for 10.10.14.92
Host is up (0.00031s latency).
Not shown: 992 filtered ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1801/tcp open msmq
2103/tcp open zephyr-clt
2105/tcp open eklogin
2107/tcp open msmq-mgmt
MAC Address: 20:89:84:F4:64:1A (Compal Information (kunshan))
Nmap scan report for 10.10.14.96
Host is up (0.00024s latency).
All 1000 scanned ports on 10.10.14.96 are closed
MAC Address: 08:62:66
![[Image: biggrin.png]](http://www.indonesianbacktrack.or.id/forum/images/smilies/biggrin.png)
C:B4:3E (Asustek Computer)Nmap scan report for 10.10.14.16
Host is up (0.000014s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
maaf ane baru belajar nmap
dari port2 di atas ada yang bisa di exploitasi ?
kalo ada yang bisa di exploitasi tolong di jelasin
RE: [ASK] Mau bertanya ttng nmap - koboi - 07-21-2016
ip 10.10.14.92 port 80 ke buka untuk exploit web server. itu bisa di coba pake tools vullnerable assessment kaya vega, dirsearch, dll
cara exploitnya tergantung pengetahuan yang kita miliki. contoh kalo web itu ada form regustrasi user itu kita bisa lakukan teknik tamper data buat nanem shellnya. atau juga sql injection, dll.
port 139/445 itu port samba, bisa pake exploit netapi windows xp atau exploit samba yang lain. tergantung keberuntungan
penjelasan port yang lain kita bisa cek dengan perintah curl atau buka di web browser dengan menyertakan ipaddress+port. misal
root@backbox~# curl http://10.10.14.92:2105/
tujuannya untuk nge cek doang sih sebenernya. selebihnya bisa riset sendiri kerentanan yang ada di jaringan tersebut.
RE: [ASK] Mau bertanya ttng nmap - fireworm - 07-23-2016
(07-21-2016, 02:33 AM)koboi Wrote: ip 10.10.14.92 port 80 ke buka untuk exploit web server. itu bisa di coba pake tools vullnerable assessment kaya vega, dirsearch, dllane ada lengkapnya, haah di sini ane udah exploit smbv2 tp gak work
cara exploitnya tergantung pengetahuan yang kita miliki. contoh kalo web itu ada form regustrasi user itu kita bisa lakukan teknik tamper data buat nanem shellnya. atau juga sql injection, dll.
port 139/445 itu port samba, bisa pake exploit netapi windows xp atau exploit samba yang lain. tergantung keberuntungan
penjelasan port yang lain kita bisa cek dengan perintah curl atau buka di web browser dengan menyertakan ipaddress+port. misal
root@backbox~# curl http://10.10.14.92:2105/
tujuannya untuk nge cek doang sih sebenernya. selebihnya bisa riset sendiri kerentanan yang ada di jaringan tersebut.
Nmap scan report for 10.10.14.32
Host is up (0.00045s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
53/tcp filtered domain
80/tcp open http
|_http-cross-domain-policy: ERROR: Script execution failed (use -d to debug)
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.14.32
| Found the following possible CSRF vulnerabilities:
|
| Path: http://10.10.14.32:80/
| Form id: wl_crypto
| Form action: apply.cgi
|
| Path: http://10.10.14.32/#
| Form id: wl_crypto
|_ Form action: apply.cgi
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.14.32
| Found the following indications of potential DOM based XSS:
|
| Source: document.writeln("<input type='button' class='button' id='btnReset' value='"+share.sbuttonwizcancle+"' onClick='window.location.reload()
|_ Pages: http://10.10.14.32:80/, http://10.10.14.32/#
|_http-fileupload-exploiter:
|_http-frontpage-login: false
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1248/tcp filtered hermes
2869/tcp filtered icslap
MAC Address: C4:43:8F:AF:4B:59 (LG Electronics)
Nmap scan report for 10.10.14.38
Host is up (0.0011s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
5357/tcp open wsdapi
MAC Address: B0:5A:DA:DB:43:C5 (Hewlett Packard)
Host script results:
|_samba-vuln-cve-2012-1182: SMB: ERROR: Server disconnected the connection
| smb-vuln-cve2009-3103:
| VULNERABLE:
| SMBv2 exploit (CVE-2009-3103, Microsoft Security Advisory 975497)
| State: VULNERABLE
| IDs: CVE:CVE-2009-3103
| Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2,
| Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a
| denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE
| PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location,
| aka "SMBv2 Negotiation Vulnerability."
|
| Disclosure date: 2009-09-08
| References:
| http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3103
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3103
|_smb-vuln-ms10-054: false
|_smb-vuln-ms10-061: SMB: Failed to receive bytes after 5 attempts: TIMEOUT
RE: [ASK] Mau bertanya ttng nmap - koboi - 07-25-2016
ya berarti target yang di exploit ngga vuln. coba pake teknik lain, kaya bruteforce, sniffing, evil twin kalo di satu jaringan..
atau bisa memanipulasi pake ettercap/metasploit buat mancing si korban buat ngeksekusi payload yang kita bikin..
kalo masih gagal juga, mungkin faktor face atau kurang berusaha & do'a :v
#ppiiissss
RE: [ASK] Mau bertanya ttng nmap - kcnewbie - 07-31-2016
(07-23-2016, 02:29 PM)fireworm Wrote:(07-21-2016, 02:33 AM)koboi Wrote: ip 10.10.14.92 port 80 ke buka untuk exploit web server. itu bisa di coba pake tools vullnerable assessment kaya vega, dirsearch, dllane ada lengkapnya, haah di sini ane udah exploit smbv2 tp gak work
cara exploitnya tergantung pengetahuan yang kita miliki. contoh kalo web itu ada form regustrasi user itu kita bisa lakukan teknik tamper data buat nanem shellnya. atau juga sql injection, dll.
port 139/445 itu port samba, bisa pake exploit netapi windows xp atau exploit samba yang lain. tergantung keberuntungan
penjelasan port yang lain kita bisa cek dengan perintah curl atau buka di web browser dengan menyertakan ipaddress+port. misal
root@backbox~# curl http://10.10.14.92:2105/
tujuannya untuk nge cek doang sih sebenernya. selebihnya bisa riset sendiri kerentanan yang ada di jaringan tersebut.
Nmap scan report for 10.10.14.32
Host is up (0.00045s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
53/tcp filtered domain
80/tcp open http
|_http-cross-domain-policy: ERROR: Script execution failed (use -d to debug)
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.14.32
| Found the following possible CSRF vulnerabilities:
|
| Path: http://10.10.14.32:80/
| Form id: wl_crypto
| Form action: apply.cgi
|
| Path: http://10.10.14.32/#
| Form id: wl_crypto
|_ Form action: apply.cgi
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.14.32
| Found the following indications of potential DOM based XSS:
|
| Source: document.writeln("<input type='button' class='button' id='btnReset' value='"+share.sbuttonwizcancle+"' onClick='window.location.reload()
|_ Pages: http://10.10.14.32:80/, http://10.10.14.32/#
|_http-fileupload-exploiter:
|_http-frontpage-login: false
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1248/tcp filtered hermes
2869/tcp filtered icslap
MAC Address: C4:43:8F:AF:4B:59 (LG Electronics)
Nmap scan report for 10.10.14.38
Host is up (0.0011s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
5357/tcp open wsdapi
MAC Address: B0:5A:DA:DB:43:C5 (Hewlett Packard)
Host script results:
|_samba-vuln-cve-2012-1182: SMB: ERROR: Server disconnected the connection
| smb-vuln-cve2009-3103:
| VULNERABLE:
| SMBv2 exploit (CVE-2009-3103, Microsoft Security Advisory 975497)
| State: VULNERABLE
| IDs: CVE:CVE-2009-3103
| Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2,
| Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a
| denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE
| PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location,
| aka "SMBv2 Negotiation Vulnerability."
|
| Disclosure date: 2009-09-08
| References:
| http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3103
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3103
|_smb-vuln-ms10-054: false
|_smb-vuln-ms10-061: SMB: Failed to receive bytes after 5 attempts: TIMEOUT
Sorry kang.. klo bleh tau , itu ente pke printahnya apa ya buat scanya..