Search the Community
Showing results for tags 'nessus'.
I've got a device popping up on my wireless that I'm having a hard time identifying. I scanned it with NMAP and it identified itself as a Fortigate Device (see details below). I also tried to hit it with Nessus, but unfortunately whenever I attempt to scan the device for any period of time, it drops off the network. I've blocked it from any outbound traffic in my firewall an logging packets (so far none seen). I also created a static DHCP address for the MAC address so when it does come online, it always gets the same IP address. Trying to determine whether I have a wireless interloper or this is a valid device on my network. The MAC address is an odd IEEE registered address. Appreciate any thoughts anyone has. It does have an open HTTP port with a very basic browser page that says something to the effect "this page does not exist" and a link to go "home" which returns you to the same page. sudo nmap -sS -O xxx.xxx.xxx.xxx Starting Nmap 7.80 ( https://nmap.org ) at 2021-02-08 09:05 CST Nmap scan report for xxx.xxx.xxx.xxx Host is up (0.021s latency). Not shown: 849 filtered ports, 150 closed ports PORT STATE SERVICE 80/tcp open http MAC Address: CC:C2:61:50:0E:7C (Unknown) Device type: firewall Running (JUST GUESSING): Fortinet embedded (87%) OS CPE: cpe:/h:fortinet:fortigate_100d Aggressive OS guesses: Fortinet FortiGate 100D firewall (87%) No exact OS matches for host (test conditions non-ideal). Network Distance: 1 hop
I'm currently trying to gain access to a practice server, according to Nessus it has 1x Critical vuln and 2x Medium vulns, they are: Critical: CVE-2004-1154 Samba smbd Security Descriptor Parsing Remote Overflow. Medium: CVE-2016-2118 Samba Badlock Vulnerability. Medium: SMB Signing Disabled. I've searched Google, ExploitDB and msf for exploits for the Critical vuln but I keep coming up blank. Nessus explains that crafting packets with hundreds of thousands of ACLs would cause a remote buffer overrun, but how do I take advantage of that? Or, am I focussing too much on the critical vuln when I could take advantage of the medium vulns easier? Help and pointers appreciated! Mike
Hello, Does anyone have used port scanners like nmap, or vulnerability scaners like nessus, openvas, etc. while providing internet via computer? I'm using the nano on Ubuntu 14.04 using wp6.sh. I've succesfully deauthed some clients (i'm still learning so it's not perfect) and bumped them to connect to the pineapple but when i try to use any scanner using the pineapple's ip, the results are as if i was scanning a host that's not connected. So, nmap shows "scanned X ips, 0 hosts where up", nessus and openvas finish the task with zero results and metasploit can't complete any exploits because the host is down. I know that the os gets the pineapple as another interface but i don't think that's the problem because other times i've succesfully scanned hosts while connected to three different networks (using ethernet, wifi with the integrated card and wifi with an external card). I don't know if its because of the way the wps6.sh script works, because tbh i dont know how it works, but that's the problem i'm facing right now. Anyone that can help me? if you need any other data, please ask. thanks.
I have scanned for vulnerabilities with nessus, and i found this (PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow). So i went to the www.exploit-db.com/exploits/19231/ where it is Exploit Code written in python, i tried to use it with metasploit+armitage. But i don't know how to load the script in the existing database on my pc, i am using windows 7, and the "victim" is not on local network, i am new to this so i need some help. Also i am asking for some tutorials, or useful links where can i learn new things.