[ASK] Mau bertanya ttng nmap

Nmap scan report for 10.10.14.79
Host is up (0.00041s latency).
Not shown: 995 filtered ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
7741/tcp  open  scriptview
49156/tcp open  unknown
MAC Address: 98:83:8906:5C (Samsung Electronics)

Nmap scan report for 10.10.14.82
Host is up (0.00044s latency).
Not shown: 992 filtered ports
PORT     STATE SERVICE
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
1801/tcp open  msmq
2103/tcp open  zephyr-clt
2105/tcp open  eklogin
2107/tcp open  msmq-mgmt
MAC Address: 0054:61:BA:0F (Samsung Electronics)

Nmap scan report for 10.10.14.92
Host is up (0.00031s latency).
Not shown: 992 filtered ports
PORT     STATE SERVICE
80/tcp   open  http
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
1801/tcp open  msmq
2103/tcp open  zephyr-clt
2105/tcp open  eklogin
2107/tcp open  msmq-mgmt
MAC Address: 20:89:84:F4:64:1A (Compal Information (kunshan))

Nmap scan report for 10.10.14.96
Host is up (0.00024s latency).
All 1000 scanned ports on 10.10.14.96 are closed
MAC Address: 08:62:66C:B4:3E (Asustek Computer)

Nmap scan report for 10.10.14.16
Host is up (0.000014s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
111/tcp open  rpcbind
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds

maaf ane baru belajar nmap
dari port2 di atas ada yang bisa di exploitasi ?
kalo ada yang bisa di exploitasi tolong di jelasin

ip 10.10.14.92 port 80 ke buka untuk exploit web server. itu bisa di coba pake tools vullnerable assessment kaya vega, dirsearch, dll
cara exploitnya tergantung pengetahuan yang kita miliki. contoh kalo web itu ada form regustrasi user itu kita bisa lakukan teknik tamper data buat nanem shellnya. atau juga sql injection, dll.
port 139/445 itu port samba, bisa pake exploit netapi windows xp atau exploit samba yang lain. tergantung keberuntungan
penjelasan port yang lain kita bisa cek dengan perintah curl atau buka di web browser dengan menyertakan ipaddress+port. misal
root@backbox~# curl http://10.10.14.92:2105/
tujuannya untuk nge cek doang sih sebenernya. selebihnya bisa riset sendiri kerentanan yang ada di jaringan tersebut.

(07-21-2016, 02:33 AM)koboi Wrote: ip 10.10.14.92 port 80 ke buka untuk exploit web server. itu bisa di coba pake tools vullnerable assessment kaya vega, dirsearch, dll
cara exploitnya tergantung pengetahuan yang kita miliki. contoh kalo web itu ada form regustrasi user itu kita bisa lakukan teknik tamper data buat nanem shellnya. atau juga sql injection, dll.
port 139/445 itu port samba, bisa pake exploit netapi windows xp atau exploit samba yang lain. tergantung keberuntungan
penjelasan port yang lain kita bisa cek dengan perintah curl atau buka di web browser dengan menyertakan ipaddress+port. misal
root@backbox~# curl http://10.10.14.92:2105/
tujuannya untuk nge cek doang sih sebenernya. selebihnya bisa riset sendiri kerentanan yang ada di jaringan tersebut.

 ane ada lengkapnya, haah di sini ane udah exploit smbv2 tp gak work

Nmap scan report for 10.10.14.32
Host is up (0.00045s latency).
Not shown: 996 closed ports
PORT     STATE    SERVICE
53/tcp   filtered domain
80/tcp   open     http
|_http-cross-domain-policy: ERROR: Script execution failed (use -d to debug)
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.14.32
|   Found the following possible CSRF vulnerabilities:
|     
|     Path: http://10.10.14.32:80/
|     Form id: wl_crypto
|     Form action: apply.cgi
|     
|     Path: http://10.10.14.32/#
|     Form id: wl_crypto
|_    Form action: apply.cgi
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.14.32
|   Found the following indications of potential DOM based XSS:
|     
|     Source: document.writeln("<input type='button' class='button' id='btnReset' value='"+share.sbuttonwizcancle+"' onClick='window.location.reload()
|_    Pages: http://10.10.14.32:80/, http://10.10.14.32/#
|_http-fileupload-exploiter:
|_http-frontpage-login: false
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1248/tcp filtered hermes
2869/tcp filtered icslap
MAC Address: C4:43:8F:AF:4B:59 (LG Electronics)


Nmap scan report for 10.10.14.38
Host is up (0.0011s latency).
Not shown: 996 filtered ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
5357/tcp open  wsdapi
MAC Address: B0:5A:DA:DB:43:C5 (Hewlett Packard)

Host script results:
|_samba-vuln-cve-2012-1182: SMB: ERROR: Server disconnected the connection
| smb-vuln-cve2009-3103:
|   VULNERABLE:
|   SMBv2 exploit (CVE-2009-3103, Microsoft Security Advisory 975497)
|     State: VULNERABLE
|     IDs:  CVE:CVE-2009-3103
|           Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2,
|           Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a
|           denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE
|           PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location,
|           aka "SMBv2 Negotiation Vulnerability."
|           
|     Disclosure date: 2009-09-08
|     References:
|       http://www.cve.mitre.org/cgi-bin/cvename...-2009-3103
|_      https://cve.mitre.org/cgi-bin/cvename.cg...-2009-3103
|_smb-vuln-ms10-054: false
|_smb-vuln-ms10-061: SMB: Failed to receive bytes after 5 attempts: TIMEOUT

ya berarti target yang di exploit ngga vuln. coba pake teknik lain, kaya bruteforce, sniffing, evil twin kalo di satu jaringan..
atau bisa memanipulasi pake ettercap/metasploit buat mancing si korban buat ngeksekusi payload yang kita bikin..
kalo masih gagal juga, mungkin faktor face atau kurang berusaha & do'a :v
#ppiiissss

(07-23-2016, 02:29 PM)fireworm Wrote:

(07-21-2016, 02:33 AM)koboi Wrote: ip 10.10.14.92 port 80 ke buka untuk exploit web server. itu bisa di coba pake tools vullnerable assessment kaya vega, dirsearch, dll
cara exploitnya tergantung pengetahuan yang kita miliki. contoh kalo web itu ada form regustrasi user itu kita bisa lakukan teknik tamper data buat nanem shellnya. atau juga sql injection, dll.
port 139/445 itu port samba, bisa pake exploit netapi windows xp atau exploit samba yang lain. tergantung keberuntungan
penjelasan port yang lain kita bisa cek dengan perintah curl atau buka di web browser dengan menyertakan ipaddress+port. misal
root@backbox~# curl http://10.10.14.92:2105/
tujuannya untuk nge cek doang sih sebenernya. selebihnya bisa riset sendiri kerentanan yang ada di jaringan tersebut.

 ane ada lengkapnya, haah di sini ane udah exploit smbv2 tp gak work

Nmap scan report for 10.10.14.32
Host is up (0.00045s latency).
Not shown: 996 closed ports
PORT     STATE    SERVICE
53/tcp   filtered domain
80/tcp   open     http
|_http-cross-domain-policy: ERROR: Script execution failed (use -d to debug)
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.14.32
|   Found the following possible CSRF vulnerabilities:
|     
|     Path: http://10.10.14.32:80/
|     Form id: wl_crypto
|     Form action: apply.cgi
|     
|     Path: http://10.10.14.32/#
|     Form id: wl_crypto
|_    Form action: apply.cgi
| http-dombased-xss:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=10.10.14.32
|   Found the following indications of potential DOM based XSS:
|     
|     Source: document.writeln("<input type='button' class='button' id='btnReset' value='"+share.sbuttonwizcancle+"' onClick='window.location.reload()
|_    Pages: http://10.10.14.32:80/, http://10.10.14.32/#
|_http-fileupload-exploiter:
|_http-frontpage-login: false
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1248/tcp filtered hermes
2869/tcp filtered icslap
MAC Address: C4:43:8F:AF:4B:59 (LG Electronics)


Nmap scan report for 10.10.14.38
Host is up (0.0011s latency).
Not shown: 996 filtered ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
5357/tcp open  wsdapi
MAC Address: B0:5A:DA:DB:43:C5 (Hewlett Packard)

Host script results:
|_samba-vuln-cve-2012-1182: SMB: ERROR: Server disconnected the connection
| smb-vuln-cve2009-3103:
|   VULNERABLE:
|   SMBv2 exploit (CVE-2009-3103, Microsoft Security Advisory 975497)
|     State: VULNERABLE
|     IDs:  CVE:CVE-2009-3103
|           Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2,
|           Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a
|           denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE
|           PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location,
|           aka "SMBv2 Negotiation Vulnerability."
|           
|     Disclosure date: 2009-09-08
|     References:
|       http://www.cve.mitre.org/cgi-bin/cvename...-2009-3103
|_      https://cve.mitre.org/cgi-bin/cvename.cg...-2009-3103
|_smb-vuln-ms10-054: false
|_smb-vuln-ms10-061: SMB: Failed to receive bytes after 5 attempts: TIMEOUT

Sorry kang.. klo bleh tau , itu ente pke printahnya apa ya buat scanya..

---