RadarG
-
Posts
9 -
Joined
-
Last visited
Posts posted by RadarG
-
-
Well, It looks like I cant get this thing to work. I'm running firefox 2.0.0.4. When I use PJ 7.4.0 it wont download mp3s. Using noscript I have turned off www.pandora.com avoiding the upgrade flash error. The grab button doesnt work. I can hear the music just fine but it wont download. I'm currently using flash 8. Any Ideas?
-
Thats a great idea. I never thought of that. The bummer about that way is that I dont have a SCSI controller card. Are you sure this can be done because the system has three hardrives. Could the drives be using RAID?
-
Surrly there must be some thing physicly on the device that allows you to reset it.
I read two of the manuals that I was able to find. They wanted to use the install cds.
-
I would be most welcome. thank you I sent you a PM.
-
I understand your point but this is my own box. If I had an ISO that worked I would have all ready nuked it. Seeing how its a MIPS system and headless it makes it a bit difficult. Using your analogy I could use the hacksaw usb and blame hak5. Looks like this a poor hacking forum.
-
last time I checked IRIX install cds weren't the hotest item on piratebay
-
I could do that if I had the install cds. I tied a few linux distros for MIPS systems and they didnt seem to work.
-
I picked up a origin 200 at a yard sale for 15 bucks. I took it home and powered it up. It powered up just fine. The box is headless and the only way that I can log into it is via telnet. I am unable to get in because I dont know the root password. I have ran a few nmap scans and a nessus scan and here is the info below. Any help getting into this box would be most welcome. Thanks
C:nmap>nmap -A -v 10.28.216.194
Starting Nmap 3.95 ( http://www.insecure.org/nmap ) at 2006-10-21 22:59 Central Standard Time
Initiating ARP Ping Scan against 10.28.216.194 [1 port] at 22:59
The ARP Ping Scan took 0.08s to scan 1 total hosts.
Initiating SYN Stealth Scan against 10.28.216.194 [1670 ports] at 23:00
Discovered open port 21/tcp on 10.28.216.194
Discovered open port 23/tcp on 10.28.216.194
Discovered open port 513/tcp on 10.28.216.194
Discovered open port 37/tcp on 10.28.216.194
Discovered open port 19/tcp on 10.28.216.194
Discovered open port 512/tcp on 10.28.216.194
Discovered open port 514/tcp on 10.28.216.194
Discovered open port 7/tcp on 10.28.216.194
Discovered open port 1/tcp on 10.28.216.194
Discovered open port 1025/tcp on 10.28.216.194
Discovered open port 79/tcp on 10.28.216.194
Discovered open port 13/tcp on 10.28.216.194
Discovered open port 111/tcp on 10.28.216.194
Discovered open port 1024/tcp on 10.28.216.194
Discovered open port 9/tcp on 10.28.216.194
The SYN Stealth Scan took 0.83s to scan 1670 total ports.
Initiating service scan against 15 services on 10.28.216.194 at 23:00
The service scan took 106.97s to scan 15 services on 1 host.
Initiating RPCGrind Scan against 10.28.216.194 at 23:01
The RPCGrind Scan took 0.03s to scan 1 ports on 10.28.216.194.
For OSScan assuming port 1 is open, 2 is closed, and neither are firewalled
For OSScan assuming port 1 is open, 2 is closed, and neither are firewalled
For OSScan assuming port 1 is open, 2 is closed, and neither are firewalled
Host 10.28.216.194 appears to be up ... good.
Interesting ports on 10.28.216.194:
(The 1655 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
1/tcp open tcpmux
7/tcp open echo
9/tcp open discard?
13/tcp open daytime
19/tcp open chargen
21/tcp open ftp SGI IRIX ftpd
23/tcp open telnet IRIX telnetd 6.X
37/tcp open time?
79/tcp open finger SGI IRIX or NeXTSTEP fingerd
111/tcp open rpcbind 2 (rpc #100000)
512/tcp open exec
513/tcp open rlogin
514/tcp open tcpwrapped
1024/tcp open kdm?
1025/tcp open NFS-or-IIS?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi
-bin/servicefp-submit.cgi :
SF-Port37-TCP:V=3.95%I=7%D=10/21%Time=453AECC7%P=i686-pc-windows-windows%r
SF:(NULL,4,"xc8xe5k`")%r(GenericLines,4,"xc8xe5k`")%r(GetRequest,4,"x
SF:c8xe5k`")%r(HTTPOptions,4,"xc8xe5k`")%r(RTSPRequest,4,"xc8xe5k`")%
SF:r(RPCCheck,4,"xc8xe5k`")%r(DNSVersionBindReq,4,"xc8xe5k`")%r(DNSSta
SF:tusRequest,4,"xc8xe5k`")%r(Help,4,"xc8xe5k`")%r(SSLSessionReq,4,"x
SF:c8xe5k`")%r(SMBProgNeg,4,"xc8xe5k`")%r(X11Probe,4,"xc8xe5k`")%r(LP
SF:DString,4,"xc8xe5k`")%r(LDAPBindReq,4,"xc8xe5k`")%r(LANDesk-RC,4,"
SF:xc8xe5k`")%r(TerminalServer,4,"xc8xe5k`")%r(NCP,4,"xc8xe5k`")%r(No
SF:tesRPC,4,"xc8xe5k`")%r(WMSRequest,4,"xc8xe5k`")%r(oracle-tns,4,"xc
SF:8xe5k`");
MAC Address: 08:00:69:0D:98:78 (Silicon Graphics)
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=3.95%P=i686-pc-windows-windows%D=10/21%Tm=453AED36%O=1%C=2%M=080069)
TSeq(Class=RI%gcd=20%SI=2E1%IPID=I%TS=2HZ)
TSeq(Class=RI%gcd=20%SI=5E5%IPID=I%TS=2HZ)
TSeq(Class=RI%gcd=20%SI=4C0%IPID=I%TS=2HZ)
T1(Resp=Y%DF=N%W=C000%ACK=S++%Flags=AS%Ops=MNWNNT)
T1(Resp=Y%DF=N%W=C000%ACK=O%Flags=AS%Ops=MNWNNT)
T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp=Y%DF=N%W=C000%ACK=O%Flags=A%Ops=NNT)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
Uptime 0.007 days (since Sat Oct 21 22:51:26 2006)
TCP Sequence Prediction: Class=random positive increments
Difficulty=1216 (Medium)
IPID Sequence Generation: Incremental
Service Info: Host: erasv01; OS: IRIX
Nmap finished: 1 IP address (1 host up) scanned in 130.531 seconds
Raw packets sent: 1713 (70.2KB) | Rcvd: 1712 (79.1KB)
Tenable Nessus Security ReportTenable Nessus Security
Report
Start Time:Sun Oct 22 17:26:19 2006 Finish Time:Sun Oct
22 17:30:13 2006
10.28.216.194
10.28.216.19430 Open Ports, 57 Notes, 11 Warnings, 2 Holes.
10.28.216.194[Return to top]
sunrpc (111/tcp)
Port is open
Plugin ID : 11219
The RPC portmapper is running on this port.
An attacker may use it to enumerate your list
of RPC services. We recommend you filter traffic
going to this port.
Risk Factor : Low
CVE : CVE-1999-0632, CVE-1999-0189
BID : 205
Plugin ID : 10223
RPC program #100000 version 2 'portmapper' (portmap
sunrpc rpcbind) is running on this port
Plugin ID : 11111
echo (7/udp)
Port is open
Plugin ID : 11219
Synopsis :
An echo service is running on the remote host.
Description :
The remote host is running the 'echo' service. This
service
echoes any data which is sent to it.
This service is unused these days, so it is strongly
advised that
you disable it, as it may be used by attackers to set up
denial of
services attacks against this host.
Solution:
- Under Unix systems, comment out the 'echo' line in
/etc/inetd.conf
and restart the inetd process
- Under Windows systems, set the following registry key
to 0 :
HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableTcpEcho
HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableUdpEcho
Then launch cmd.exe and type :
net stop simptcp
net start simptcp
To restart the service.
Risk Factor :
None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)
CVE : CVE-1999-0103, CVE-1999-0635
Plugin ID : 10061
discard (9/udp)
Port is open
Plugin ID : 11219
daytime (13/udp)
Port is open
Plugin ID : 11219
Synopsis :
A daytime service is running on the remote host
Description :
The remote host is running a 'daytime' service. This
service
is designed to give the local time of the day of this
host
to whoever connects to this port.
The date format issued by this service may sometimes
help an attacker
to guess the operating system type of this host, or to
set up
timed authentication attacks against the remote host.
In addition to that, the UDP version of daytime is
running, an attacker
may link it to the echo port of a third party host using
spoofing, thus
creating a possible denial of service condition between
this host and
a third party.
Solution:
- Under Unix systems, comment out the 'daytime' line in
/etc/inetd.conf
and restart the inetd process
- Under Windows systems, set the following registry keys
to 0 :
HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableTcpDaytime
HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableUdpDaytime
Then launch cmd.exe and type :
net stop simptcp
net start simptcp
To restart the service.
Risk Factor :
None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)
CVE : CVE-1999-0103
Plugin ID : 10052
chargen (19/udp)
Port is open
Plugin ID : 11219
time (37/udp)
Port is open
Plugin ID : 11219
bootps (67/udp)
Port is open
Plugin ID : 11219
tftp (69/udp)
Port is open
Plugin ID : 11219
Synopsis :
A TFTPD server is listening on the remote port.
Description :
The remote host is running a TFTPD (Trivial File
Transfer Protocol).
TFTPD is often used by routers and diskless hosts to
retrieve their
configuration. It is also used by worms to propagage.
Solution:
If you do not use this service, you should disable it.
Risk Factor :
None
CVE : CVE-1999-0616
Plugin ID : 11819
sunrpc (111/udp)
Port is open
Plugin ID : 11219
RPC program #100000 version 2 'portmapper' (portmap
sunrpc rpcbind) is running on this port
Plugin ID : 11111
snmp (161/udp)
Synopsis :
The community name of the remote SNMP server can be
guessed.
Description :
It is possible to obtain the default community names of
the remote
SNMP server.
An attacker may use this information to gain more
knowledge about
the remote host, or to change the configuration of the
remote
system (if the default community allow such
modifications).
Solution:
Disable the SNMP service on the remote host if you do
not use it,
filter incoming UDP packets going to this port, or
change the
default community string.
Risk Factor :
High
Plugin output :
The remote SNMP server replies to the following default
community
strings :
public
CVE : CVE-1999-0517, CVE-1999-0186, CVE-1999-0254,
CVE-1999-0516
BID : 11237, 10576, 177, 2112, 6825, 7081, 7212, 7317,
9681, 986
Other references : IAVA:2001-B-0001
Plugin ID : 10264
Port is open
Plugin ID : 11219
Synopsis :
The System Information of the remote host can be
obtained via SNMP.
Description :
It is possible to obtain the system information about
the remote
host by sending SNMP requests with the OID
1.3.6.1.2.1.1.1.
An attacker may use this information to gain more
knowledge about
the target host.
Solution:
Disable the SNMP service on the remote host if you do
not use it,
or filter incoming UDP packets going to this port.
Risk Factor :
Low
Plugin output :
System information :
sysDescr : Silicon Graphics Challenge/1 running IRIX64
6.4
sysObjectID : 1.3.6.1.4.1.59.1.1
sysUptime : 0d 4h 30m 20s
sysContact : Contact Entry
sysName : erasv01
sysLocation : Location Entry
sysServices : 72
Plugin ID : 10800
Synopsis :
The list of network interfaces cards of the remote host
can be obtained via
SNMP.
Description :
It is possible to obtain the list of the network
interfaces installed
on the remote host by sending SNMP requests with the OID
1.3.6.1.2.1.2.1.0
An attacker may use this information to gain more
knowledge about
the target host.
Solution:
Disable the SNMP service on the remote host if you do
not use it,
or filter incoming UDP packets going to this port.
Risk Factor :
Low
Plugin output :
Interface 1 information :
ifIndex : 1
ifDescr : Silicon Graphics lo Loopback interface
ifPhysAddress :
Interface 2 information :
ifIndex : 2
ifDescr : ef0
ifPhysAddress : 000000000000
Plugin ID : 10551
shell (514/udp)
Port is open
Plugin ID : 11219
ntalk (518/udp)
Port is open
Plugin ID : 11219
kdm (1024/udp)
The rstatd RPC service is running. It provides an
attacker interesting
information such as :
- the CPU usage
- the system uptime
- its network usage
- and more
Letting this service run is not recommended.
Risk Factor : Low
CVE : CVE-1999-0624
Plugin ID : 10227
Port is open
Plugin ID : 11219
RPC program #100001 version 1 'rstatd' (rstat rup
perfmeter rstat_svc) is running on this port
RPC program #100001 version 2 'rstatd' (rstat rup
perfmeter rstat_svc) is running on this port
RPC program #100001 version 3 'rstatd' (rstat rup
perfmeter rstat_svc) is running on this port
Plugin ID : 11111
ms-lsa (1029/udp)
Port is open
Plugin ID : 11219
general/tcp
Nessus snmp scanner was able to retrieve the open port
list with the community name public
Plugin ID : 14274
Nessus was not able to reliably identify the remote
operating system. It might be:
Enterasys XP 2004 10.0 Switch
F5 Networks Appliance
Juniper M7i
Lexmark Printer
The fingerprint differs from these known signatures on 2
points.
If you know what operating system this host is running,
please send this signature to
os-signatures@nessus.org :
:1:1:1:255:1:255:1:0:255:1:0:255:1:8:255:1:1:1:2:1:1:1:1:1:64:49152:MNWNNT:0:1:1
($Revision: 1.138 $)
Plugin ID : 11936
Information about this scan :
Nessus version : 3.0.3
Plugin feed version : 200610201215
Type of plugin feed : Registered (7 days delay)
Scanner IP : 10.28.216.192
Port scanner(s) : snmp_scanner synscan
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Max hosts : 20
Max checks : 4
Scan Start Date : 2006/10/22 17:26
Scan duration : 209 sec
Plugin ID : 19506
shell (514/tcp)
Synopsis :
The rsh service is running.
Description :
The remote host is running the 'rsh' service. This
service is dangerous in
the sense that it is not ciphered - that is, everyone
can sniff the data
that passes between the rsh client and the rsh server.
This includes logins
and passwords.
Also, it may allow poorly authenticated logins without
passwords. If the
host is vulnerable to TCP sequence number guessing (from
any network)
or IP spoofing (including ARP hijacking on a local
network) then it may
be possible to bypass authentication.
Finally, rsh is an easy way to turn file-write access
into full logins
through the .rhosts or rhosts.equiv files.
You should disable this service and use ssh instead.
Solution:
Comment out the 'rsh' line in /etc/inetd.conf
Risk Factor :
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:R/C:P/A:N/I:N/B:C)
CVE : CVE-1999-0651
Plugin ID : 10245
Port is open
Plugin ID : 11219
login (513/tcp)
Synopsis :
The rlogin service is listening on the remote port.
Description :
The remote host is running the 'rlogin' service. This
service is dangerous in
the sense that it is not ciphered - that is, everyone
can sniff the data that
passes between the rlogin client and the rloginserver.
This includes logins
and passwords.
Also, it may allow poorly authenticated logins without
passwords. If the
host is vulnerable to TCP sequence number guessing (from
any network)
or IP spoofing (including ARP hijacking on a local
network) then it may
be possible to bypass authentication.
Finally, rlogin is an easy way to turn file-write access
into full logins
through the .rhosts or rhosts.equiv files.
You should disable this service and use ssh instead.
Solution:
Comment out the 'login' line in /etc/inetd.conf
Risk Factor :
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:R/C:P/A:N/I:N/B:C)
CVE : CVE-1999-0651
Plugin ID : 10205
Port is open
Plugin ID : 11219
exec (512/tcp)
The rexecd service is open. This service is design to
allow users of a network to execute commands remotely.
However, rexecd does not provide any good means of
authentication, so it
may be abused by an attacker to scan a third party host.
Solution: comment out the 'exec' line in /etc/inetd.conf
and restart the
inetd process
Risk Factor : Medium
CVE : CVE-1999-0618
Plugin ID : 10203
Port is open
Plugin ID : 11219
finger (79/tcp)
The remote finger service accepts to redirect requests.
That is, users can
perform requests like :
finger user@host@victim
This allows an attacker to use this computer as a relay
to gather information
on a third party network.
Solution Disable the remote finger daemon (comment out
the 'finger' line
in /etc/inetd.conf and restart the inetd process) or
upgrade it to a more
secure one.
Risk Factor : Low
CVE : CVE-1999-0105, CVE-1999-0106
Plugin ID : 10073
There is a bug in the remote finger service which, when
triggered, allows
a user to force the remote finger daemon to display the
list of the accounts
that have never been used, by issuing the request :
finger .@target
This list will help an attacker to guess the operating
system type. It will
also tell him which accounts have never been used, which
will often make him
focus his attacks on these accounts.
Here is the list of accounts we could obtain :
Login name: operator
Directory: /us2/convt01 Shell:
/us2/obj/convt.o/shell/sd.menu
Never logged in.
No Plan.
Login name: convert
Directory: /us2/convt01 Shell:
/us2/obj/convt.o/shell/menu
Never logged in.
No Plan.
Login name: susi
Directory: /
Never logged in.
No Plan.
Login name: sebd
Directory: /
Never logged in.
No Plan.
Solution: disable the finger service in /etc/inetd.conf
and restart the inetd
process, or upgrade your finger service.
Risk Factor : Medium
CVE : CVE-1999-0198
Plugin ID : 10072
The 'finger' service provides useful information to
attackers, since it allows
them to gain usernames, check if a machine is being
used, and so on...
Here is the output we obtained for 'root' :
Login name: root In real life: Super-User
Directory: /
Last login at Wed Oct 6, 2004 on ttyb
No Plan.
Solution: comment out the 'finger' line in
/etc/inetd.conf
Risk Factor : Low
CVE : CVE-1999-0612
Plugin ID : 10068
Port is open
Plugin ID : 11219
A finger server seems to be running on this port
Plugin ID : 10330
time (37/tcp)
Port is open
Plugin ID : 11219
A time server seems to be running on this port
Plugin ID : 10330
daytime (13/tcp)
Port is open
Plugin ID : 11219
Synopsis :
A daytime service is running on the remote host
Description :
The remote host is running a 'daytime' service. This
service
is designed to give the local time of the day of this
host
to whoever connects to this port.
The date format issued by this service may sometimes
help an attacker
to guess the operating system type of this host, or to
set up
timed authentication attacks against the remote host.
In addition to that, the UDP version of daytime is
running, an attacker
may link it to the echo port of a third party host using
spoofing, thus
creating a possible denial of service condition between
this host and
a third party.
Solution:
- Under Unix systems, comment out the 'daytime' line in
/etc/inetd.conf
and restart the inetd process
- Under Windows systems, set the following registry keys
to 0 :
HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableTcpDaytime
HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableUdpDaytime
Then launch cmd.exe and type :
net stop simptcp
net start simptcp
To restart the service.
Risk Factor :
None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)
CVE : CVE-1999-0103
Plugin ID : 10052
discard (9/tcp)
Port is open
Plugin ID : 11219
The remote host is running a 'discard' service. This
service
typically sets up a listening socket and will ignore all
the
data which it receives.
This service is unused these days, so it is advised that
you
disable it.
Solution:
- Under Unix systems, comment out the 'discard' line in
/etc/inetd.conf
and restart the inetd process
- Under Windows systems, set the following registry key
to 0 :
HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableTcpDiscard
Then launch cmd.exe and type :
net stop simptcp
net start simptcp
To restart the service.
Risk Factor : Low
CVE : CVE-1999-0636
Plugin ID : 11367
echo (7/tcp)
Port is open
Plugin ID : 11219
An echo server is running on this port
Plugin ID : 10330
Synopsis :
An echo service is running on the remote host.
Description :
The remote host is running the 'echo' service. This
service
echoes any data which is sent to it.
This service is unused these days, so it is strongly
advised that
you disable it, as it may be used by attackers to set up
denial of
services attacks against this host.
Solution:
- Under Unix systems, comment out the 'echo' line in
/etc/inetd.conf
and restart the inetd process
- Under Windows systems, set the following registry key
to 0 :
HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableTcpEcho
HKLMSystemCurrentControlSetServicesSimpTCPParametersEnableUdpEcho
Then launch cmd.exe and type :
net stop simptcp
net start simptcp
To restart the service.
Risk Factor :
None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)
CVE : CVE-1999-0103, CVE-1999-0635
Plugin ID : 10061
tcpmux (1/tcp)
Port is open
Plugin ID : 11219
A tcpmux server seems to be running on this port
Plugin ID : 10330
blackjack (1025/tcp)
Port is open
Plugin ID : 11219
kdm (1024/tcp)
Port is open
Plugin ID : 11219
RPC program #391002 version 1 'sgi_fam' (fam) is running
on this port
Plugin ID : 11111
telnet (23/tcp)
Synopsis :
A telnet server is listening on the remote port
Description :
The remote host is running a telnet server.
Using telnet is not recommended as logins, passwords and
commands
are transferred in clear text.
An attacker may eavesdrop on a telnet session and obtain
the
credentials of other users.
Solution:
Disable this service and use SSH instead
Risk Factor :
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Plugin output:
Remote telnet banner:
IRIX (erasv01)
login:
Plugin ID : 10281
Port is open
Plugin ID : 11219
A telnet server seems to be running on this port
Plugin ID : 10330
ftp (21/tcp)
It is possible to gather the
real path of the public area of the ftp server
(like /home/ftp) by issuing the following
command :
CWD
We determined that the root of the remote FTP server is
located
under '/us1/obj/anftp.o'.
This problem may help an attacker to find where
to put a .rhost file using other security
flaws.
Risk Factor : Low
CVE : CVE-1999-0201
Plugin ID : 10087
It is possible to force the FTP server to connect to
third parties hosts by using
the PORT command.
This problem allows intruders to use your network
resources to scan other hosts, making
them think the attack comes from your network, or it can
even allow them to go through
your firewall.
Solution: Upgrade to the latest version of your FTP
server, or use another FTP server.
Risk Factor : Medium
CVE : CVE-1999-0017
BID : 126
Plugin ID : 10081
Port is open
Plugin ID : 11219
An FTP server is running on this port.
Here is its banner :
220 erasv01 FTP server ready.
Plugin ID : 10330
Synopsis :
An FTP server is listening on this port
Description :
It is possible to obtain the banner of the remote FTP
server
by connecting to the remote port.
Risk Factor :
None
Plugin output :
The remote FTP banner is :
220 erasv01 FTP server ready.
Plugin ID : 10092
Synopsis :
Anonymous logins are allowed on the remote FTP server.
Description :
This FTP service allows anonymous logins. If you do not
want to share data
with anyone you do not know, then you should deactivate
the anonymous account,
since it can only cause troubles.
Risk Factor :
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
CVE : CVE-1999-0497
Plugin ID : 10079
chargen (19/tcp)
Port is open
Plugin ID : 11219
Chargen is running on this port
Plugin ID : 10330
general/icmp
Synopsis :
It is possible to determine the exact time set on the
remote host.
Description :
The remote host answers to an ICMP timestamp request.
This allows an attacker
to know the date which is set on your machine.
This may help him to defeat all your time based
authentication protocols.
Solution: filter out the ICMP timestamp requests (13),
and the outgoing ICMP
timestamp replies (14).
Risk Factor :
None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)
Plugin output :
The difference between the local and remote clocks is
-25 seconds
CVE : CVE-1999-0524
Plugin ID : 10114
unknown (844/tcp)
RPC program #100083 version 1 is running on this port
Plugin ID : 11111
unknown (842/udp)
The tooltalk RPC service is running.
A possible implementation fault in the ToolTalk object
database server may allow an
attacker to execute arbitrary commands as root.
This warning may be a false positive since the presence
of this vulnerability is only
* accurately identified with local access.
Solution: Disable this service.
See Also : CERT Advisory CA-98.11
Risk Factor : High
CVE : CVE-1999-0003, CVE-1999-0693
BID : 122, 641
Other references : CERT:CA-98.11
Plugin ID : 10239
The tooltalk RPC service is running.
There is a format string bug in many versions
of this service, which allow an attacker to gain
root remotely.
In addition to this, several versions of this service
allow remote attackers to overwrite abitrary memory
locations with a zero and possibly gain privileges
via a file descriptor argument in an AUTH_UNIX
procedure call which is used as a table index by the
_TT_ISCLOSE procedure.
This warning may be a false positive since the presence
of the bug was not verified locally.
Solution: Disable this service or patch it
See Also : CERT Advisories CA-2001-27 and CA-2002-20
Risk Factor : High
CVE : CVE-2002-0677, CVE-2001-0717, CVE-2002-0679
BID : 3382, 5082
Other references : IAVA:2001-a-0011, IAVA:2002-b-0005,
IAVA:2002-t-0012
Plugin ID : 10787
RPC program #100083 version 1 is running on this port
Plugin ID : 11111
general/udp
For your information, here is the traceroute from
10.28.216.192 to 10.28.216.194 :
10.28.216.192
10.28.216.194
Plugin ID : 10287
Obi-Wahn's Switchblade
in USB Hacks
Posted
I do have a couple of questions.
1. Is the package installed to the non writable portion of the U3 drive?
2. If an AV picks anything up, will it destroy the files or prevent them from running?
Also in the folder where the dump is located at I see a bunch of ff_passwordsXX.txt when I open up these files I see an error that states what is this error?
Initialization failed , Make sure key3.db and cert8.db
files are present in the specified directory