| The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability." | EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
#Port 1271 inetinfo code#
| Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability."
| Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." | Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." | Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information. | Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability." | Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability." | Microsoft Windows Phone 7.5 SMS Service denial of service | Microsoft IIS 7.0/7.5 FTP Command information disclosure | Microsoft IIS 7.5 FastCGI Request Header memory corruption
| Microsoft IIS 7.5 FTP Server Telnet IAC Character Heap-based denial of service
| Microsoft IIS up to 7.5 File Name Tilde privilege escalation | Microsoft IIS 7.5 Log File Permission information disclosure | Microsoft IIS 7.5 Error Message mypage cross site scripting Nmap scan report for bounty.htb (10.10.10.93) Usando o vulnscan(), antes desse passo eu ja tinha rodado o gobuster mas nada muito util por enquanto Extensions: jhtml,js,php2,php7,asp,dll,php5,aspx,com,pcap,pl,shtml,swf,cfm,cgi,phps,txt,inc,jsp,php4,pht,phtml,sql,jsa,mdb,nsf,php,php6,reg,bat,html,xml,c,sh,htm,l Wordlist: /usr/share/seclists/Discovery/Web-Content/big.txt Og,mdb,nsf,pcap,php,php2,php3,php4,php5,php6,php7,phps,pht,phtml,pl,reg,sh,shtml,sql,swf,txt,xml -u īy OJ Reeves & Christian Mehlmauer Url: Tbm foi feito scan de ports gobuster dir -w /usr/share/seclists/Discovery/Web-Content/big.txt -x asp,aspx,bat,c,cfm,cgi,css,com,dll,exe,htm,html,inc,jhtml,js,jsa,jsp,l Navegando ate a porta 80 encontro essa imagem
#Port 1271 inetinfo manual#
Se voce observou o nmap por padrao so faz o scan em 1000 portas 999 filtered ports, quando queremos escanear as 65535 portas usamos as opcoes -p- ou -p1-65353 ou voce pode usar tambem opcoes como -top-ports ou escolher individualmente as portas a serem escaneadas, usando a opcao -p LEIA o manual do nmap para aprender maisĬontinuando, ate o momento encontramos apenas a porta 80 aberta e tambem foi feito o scan nas portas TCP dependendo do caso poderia ser necessario fazer scan nas UDPs tambem. Service Info: OS: Windows CPE: cpe:/o:microsoft:windows
0 kommentar(er)
