dr4kiz Posted October 22, 2022 Share Posted October 22, 2022 I got this information with a test that I'm doing authorization, could someone help me in what I can do to try to invade? with this information nmap -sV --script vuln equipefatimabrum.com.br Starting Nmap 7.93 ( https://nmap.org ) at 2022-10-22 15:26 -03 Nmap scan report for equipefatimabrum.com.br (187.1.136.21) Host is up (0.059s latency). rDNS record for 187.1.136.21: web15f07.uni5.net Not shown: 992 filtered tcp ports (no-response), 3 filtered tcp ports (port-unreach) PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 22/tcp open ssh OpenSSH 8.0 (protocol 2.0) | vulners: | cpe:/a:openbsd:openssh:8.0: | CVE-2020-15778 6.8 https://vulners.com/cve/CVE-2020-15778 | C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 6.8 https://vulners.com/githubexploit/C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 *EXPLOIT* | 10213DBE-F683-58BB-B6D3-353173626207 6.8 https://vulners.com/githubexploit/10213DBE-F683-58BB-B6D3-353173626207 *EXPLOIT* | CVE-2021-41617 4.4 https://vulners.com/cve/CVE-2021-41617 | CVE-2019-16905 4.4 https://vulners.com/cve/CVE-2019-16905 | CVE-2020-14145 4.3 https://vulners.com/cve/CVE-2020-14145 | CVE-2016-20012 4.3 https://vulners.com/cve/CVE-2016-20012 |_ CVE-2021-36368 2.6 https://vulners.com/cve/CVE-2021-36368 80/tcp open http Apache httpd |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. |_http-passwd: ERROR: Script execution failed (use -d to debug) |_http-server-header: Apache |_http-csrf: Couldn't find any CSRF vulnerabilities. |_http-dombased-xss: Couldn't find any DOM based XSS. 443/tcp open ssl/http Apache httpd | http-csrf: | Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=equipefatimabrum.com.br | Found the following possible CSRF vulnerabilities: | | Path: https://equipefatimabrum.com.br:443/ | Form id: sender | Form action: # | | Path: https://equipefatimabrum.com.br:443/ | Form id: frmorca | Form action: send.php | | Path: https://equipefatimabrum.com.br:443/ | Form id: name | Form action: enviaNews.php | | Path: https://equipefatimabrum.com.br:443/sobrenos.php | Form id: name | Form action: enviaNews.php | | Path: https://equipefatimabrum.com.br:443/depoimentos.php | Form id: name | Form action: enviaNews.php | | Path: https://equipefatimabrum.com.br:443/blog.php | Form id: name | Form action: enviaNews.php | | Path: https://equipefatimabrum.com.br:443/beneficios.php | Form id: name | Form action: enviaNews.php | | Path: https://equipefatimabrum.com.br:443/zoom.php?id=810 | Form id: name | Form action: enviaNews.php | | Path: https://equipefatimabrum.com.br:443/prod_zoom.php?id=2075 | Form id: form2075 | Form action: lanca_prod.php | | Path: https://equipefatimabrum.com.br:443/prod_zoom.php?id=2075 | Form id: name | Form action: enviaNews.php | | Path: https://equipefatimabrum.com.br:443/lista_ped.php | Form id: fechamento | Form action: fechaPed.php | | Path: https://equipefatimabrum.com.br:443/lista_ped.php | Form id: fretecalc | Form action: calculaFrete.php | | Path: https://equipefatimabrum.com.br:443/lista_ped.php | Form id: name | Form action: enviaNews.php | | Path: https://equipefatimabrum.com.br:443/areacli.php | Form id: sender | Form action: /arealog.php?passport=110ed02145a19d366d19eab6df35be7e | | Path: https://equipefatimabrum.com.br:443/areacli.php | Form id: name | Form action: enviaNews.php | | Path: https://equipefatimabrum.com.br:443/zoom.php?id=966 | Form id: name | Form action: enviaNews.php | | Path: https://equipefatimabrum.com.br:443/zoom.php?id=801 | Form id: name |_ Form action: enviaNews.php |_http-server-header: Apache |_http-dombased-xss: Couldn't find any DOM based XSS. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities. | http-slowloris-check: | VULNERABLE: | Slowloris DOS attack | State: LIKELY VULNERABLE | IDs: CVE:CVE-2007-6750 | Slowloris tries to keep many connections to the target web server open and hold | them open as long as possible. It accomplishes this by opening connections to | the target web server and sending a partial request. By doing so, it starves | the http server's resources causing Denial Of Service. | | Disclosure date: 2009-09-17 | References: | http://ha.ckers.org/slowloris/ |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750 |_http-phpself-xss: ERROR: Script execution failed (use -d to debug) | http-fileupload-exploiter: | | Couldn't find a file-type field. | |_ Couldn't find a file-type field. | http-enum: | /login.php: Possible admin folder | /robots.txt: Robots file |_ /icons/: Potentially interesting folder w/ directory listing | http-aspnet-debug: |_ status: DEBUG is enabled 3306/tcp closed mysql Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 174.29 seconds Link to comment Share on other sites More sharing options...
digininja Posted October 22, 2022 Share Posted October 22, 2022 Do you have permission to be going after https://equipefatimabrum.com.br ? 1 Link to comment Share on other sites More sharing options...
dr4kiz Posted October 22, 2022 Author Share Posted October 22, 2022 @digininja yes, i'm br I'm testing a system I contacted them and they authorized non-profit Link to comment Share on other sites More sharing options...
dr4kiz Posted October 22, 2022 Author Share Posted October 22, 2022 15 minutes ago, digininja said: Do you have permission to be going after https://equipefatimabrum.com.br ? yes, i'm br I'm testing a system I contacted them and they authorized non-profit Link to comment Share on other sites More sharing options...
digininja Posted October 22, 2022 Share Posted October 22, 2022 Give us your contact's name and we can check with them on Monday then maybe we can help with the test. 1 Link to comment Share on other sites More sharing options...
digininja Posted October 27, 2022 Share Posted October 27, 2022 Assuming you didn't have permission as you never replied so locking this as unauthorised hacking. 2 Link to comment Share on other sites More sharing options...
Recommended Posts