Report

Scan Report
February 1, 2017
Summary
This document reports on the results of an automatic security scan. All dates are displayed using the timezone Coordinated Universal Time, which is abbreviated UTC. The
task was Immediate scan of IP scanme.nmap.org. The scan started at Tue Jan 31 23:29:40
2017 UTC and ended at Tue Jan 31 23:58:06 2017 UTC. The report first summarises the
results found. Then, for each host, the report describes every issue found. Please consider
the advice given in each description, in order to rectify the issue.
Contents
1 Result Overview
2 Results per Host
2.1
45.33.32.156 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1.1
Medium 8010/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1.2
Medium 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1.3
Low 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1.4
Low general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1.5
Log 8010/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10
2.1.6
Log 22/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21
2.1.7
Log general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
23
2.1.8
Log general/icmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
25
2.1.9
Log general/CPE-T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
2.1.10 Log 8008/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
2.1.11 Log 80/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
29
2.1.12 Log 31337/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33
RESULTS PER HOST
Result Overview
Host
45.33.32.156
scanme.nmap.org
Total: 1
High
0
Medium
5
Low
2
Log
34
False Positive
0
34
Vendor security updates are not trusted.

Overrides are on. When a result has an override, this report uses the threat of the override.
Notes are included in the report.
This report might not show details of all issues that were found.
It only lists hosts that produced issues.
Issues with the threat level Debug are not shown.
Issues with the threat level False Positive are not shown.
This report contains all 41 results selected by the filtering described above. Before filtering
there were 53 results.
2
2.1
Results per Host

45.33.32.156
Host scan start

Host scan end
Tue Jan 31 23:29:49 2017 UTC

Tue Jan 31 23:58:06 2017 UTC
Service (Port)
8010/tcp
22/tcp
22/tcp
general/tcp
8010/tcp
22/tcp
general/tcp
general/icmp
general/CPE-T
8008/tcp
80/tcp
31337/tcp
2.1.1
Medium 8010/tcp
. . . continues on next page . . .
Threat Level
Medium
Medium
Low
Low
Log
Log
Log
Log
Log
Log
Log
Log
RESULTS PER HOST
3
. . . continued from previous page . . .
Medium (CVSS: 5.0)

NVT: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
Summary
This routine reports all SSL/TLS cipher suites accepted by a service where attack vectors exists
only on HTTPS services.
Vulnerability Detection Result
Vulnerable cipher suites accepted by this
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_DHE_RSA_WITH_DES_CBC_SHA (SWEET32)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_DES_CBC_SHA (SWEET32)
service via the SSLv3 protocol:
service via the TLSv1.0 protocol:
Solution
Solution type: Mitigation
The configuration of this services should be changed so that it does not accept the listed cipher
suites anymore.
Please see the references for more resources supporting you with this task.
Affected Software/OS
Services accepting vulnerable SSL/TLS cipher suites via HTTPS.
Vulnerability Insight
These rules are applied for the evaluation of the vulnerable cipher suites:
- 64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183).
Vulnerability Detection Method
Details:SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
OID:1.3.6.1.4.1.25623.1.0.108031
Version used: $Revision: 4838 $
RESULTS PER HOST
4
References
CVE: CVE-2016-2183
Other:
URL:https://bettercrypto.org/
URL:https://mozilla.github.io/server-side-tls/ssl-config-generator/
URL:https://sweet32.info/
Medium (CVSS: 4.3)

NVT: SSL/TLS: Report Weak Cipher Suites
Summary
This routine reports all Weak SSL/TLS cipher suites accepted by a service.
NOTE: No severity for SMTP services with Opportunistic TLS and weak cipher suites on port
25/tcp is reported. If too strong cipher suites are configured for this service the alternative would
be to fall back to an even more insecure cleartext communication.
Weak cipher suites accepted
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_SEED_CBC_SHA
by this service via the SSLv3 protocol:
by this service via the TLSv1.0 protocol:
Solution
The configuration of this services should be changed so that it does not accept the listed weak
cipher suites anymore.
Please see the references for more resources supporting you with this task.
These rules are applied for the evaluation of the cryptographic strength:
- RC4 is considered to be weak (CVE-2013-2566).
- Ciphers using 64 bit or less are considered to be vulnerable to brute force methods and therefore
considered as weak (CVE-2015-4000).
- 1024 bit RSA authentication is considered to be insecure and therefore as weak.
RESULTS PER HOST

- Any cipher considered to be secure for only the next 10 years is considered as medium
- Any other cipher is considered as strong
Details:SSL/TLS: Report Weak Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.103440
References
CVE: CVE-2013-2566, CVE-2015-4000
Other:
URL:https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/warnmeldung_cb-k16,1465_update_6.html
Medium (CVSS: 4.3)

NVT: SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection
Summary
It was possible to detect the usage of the deprecated SSLv2 and/or SSLv3 protocol on this
system.
In addition to TLSv1.0+ the service is also providing the deprecated SSLv3 proto
,col and supports one or more ciphers. Those supported ciphers can be found in
,the SSL/TLS: Report Weak and Supported Ciphers (OID: 1.3.6.1.4.1.25623.1.0.8
,02067) NVT.
Impact
An attacker might be able to use the known cryptographic flaws to eavesdrop the connection
between clients and the service to get access to sensitive data transferred within the secured
connection.
Solution
It is recommended to disable the deprecated SSLv2 and/or SSLv3 protocols in favor of the
TLSv1+ protocols. Please see the references for more information.
All services providing an encrypted communication using the SSLv2 and/or SSLv3 protocols.
The SSLv2 and SSLv3 protocols containing known cryptographic flaws.
RESULTS PER HOST

Check the used protocols of the services provided by this system.
Details:SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection
OID:1.3.6.1.4.1.25623.1.0.111012
References
Other:
URL:https://www.enisa.europa.eu/activities/identity-and-trust/library/delivera
,bles/algorithms-key-sizes-and-parameters-report
Medium (CVSS: 4.0)

NVT: SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability
Summary
The SSL/TLS service uses Diffie-Hellman groups with insufficient strength (key size 2048).
Server Temporary Key Size: 1024 bits
Impact
An attacker might be able to decrypt the SSL/TLS communication offline.
Solution
Solution type: Workaround
Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use a 2048-bit or stronger DiffieHellman group. (see https://weakdh.org/sysadmin.html)
The Diffie-Hellman group are some big numbers that are used as base for the DH computations.
They can be, and often are, fixed. The security of the final secret depends on the size of these
parameters. It was found that 512 and 768 bits to be weak, 1024 bits to be breakable by really
powerful attackers like governments.
Checks the DHE temporary public key size.
Details:SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerabili.
,..
OID:1.3.6.1.4.1.25623.1.0.106223
References
Other:
URL:https://weakdh.org/
URL:https://weakdh.org/sysadmin.html
RESULTS PER HOST
[ return to 45.33.32.156 ]
2.1.2
Medium 22/tcp
Medium (CVSS: 4.3)

NVT: SSH Weak Encryption Algorithms Supported
Summary
The remote SSH server is configured to allow weak encryption algorithms.
The following weak client-to-server encryption algorithms are supported by the r
,emote service:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se
The following weak server-to-client encryption algorithms are supported by the r
,emote service:
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
rijndael-cbc@lysator.liu.se
Solution
Disable the weak encryption algorithms.
The arcfour cipher is the Arcfour stream cipher with 128-bit keys. The Arcfour cipher is believed
to be compatible with the RC4 cipher [SCHNEIER]. Arcfour (and RC4) has problems with weak
keys, and should not be used anymore.
The none algorithm specifies that no encryption is to be done. Note that this method provides
no confidentiality protection, and it is NOT RECOMMENDED to use it.
RESULTS PER HOST

A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to
recover plaintext from a block of ciphertext.
Check if remote ssh service supports Arcfour, none or CBC ciphers.
Details:SSH Weak Encryption Algorithms Supported
OID:1.3.6.1.4.1.25623.1.0.105611
References
Other:
URL:https://tools.ietf.org/html/rfc4253#section-6.3
URL:https://www.kb.cert.org/vuls/id/958563
[ return to 45.33.32.156 ]
2.1.3
Low 22/tcp
Low (CVSS: 2.6)

NVT: SSH Weak MAC Algorithms Supported
Summary
The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorithms.
The following weak client-to-server MAC algorithms are supported by the remote s
,ervice:
hmac-md5
hmac-md5-96
hmac-md5-96-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-sha1-96
hmac-sha1-96-etm@openssh.com
The following weak server-to-client MAC algorithms are supported by the remote s
,ervice:
hmac-md5
hmac-md5-96
hmac-md5-96-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-sha1-96
hmac-sha1-96-etm@openssh.com
Solution
Disable the weak MAC algorithms.
RESULTS PER HOST
9

Details:SSH Weak MAC Algorithms Supported
OID:1.3.6.1.4.1.25623.1.0.105610
[ return to 45.33.32.156 ]
2.1.4
Low general/tcp
Low (CVSS: 2.6)

NVT: TCP timestamps
Summary
The remote host implements TCP timestamps and therefore allows to compute the uptime.
It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Paket 1: 854708650
Paket 2: 854709003
Impact
A side effect of this feature is that the uptime of the remote host can sometimes be computed.
Solution
To disable TCP timestamps on Windows execute netsh int tcp set global timestamps=disabled
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is, to not use the Timestamp options
when initiating TCP connections, but use them if the TCP peer that is initiating communication
includes them in their synchronize (SYN) segment.
See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152
TCP/IPv4 implementations that implement RFC1323.
The remote host implements TCP timestamps, as defined by RFC1323.
Special IP packets are forged and sent with a little delay in between to the target IP. The
responses are searched for a timestamps. If found, the timestamps are reported.
Details:TCP timestamps
OID:1.3.6.1.4.1.25623.1.0.80091
RESULTS PER HOST
10

References
Other:
URL:http://www.ietf.org/rfc/rfc1323.txt
[ return to 45.33.32.156 ]
2.1.5
Log 8010/tcp
Log (CVSS: 0.0)

NVT: DIRB (NASL wrapper)
Summary
This script uses DIRB to find directories and files on web applications via brute forcing. See the
preferences section for configuration options.
This are the directories/files found with brute force:
https://scanme.nmap.org:8010/
Log Method
Details:DIRB (NASL wrapper)
OID:1.3.6.1.4.1.25623.1.0.103079
Log (CVSS: 0.0)

NVT: Services
Summary
This routine attempts to guess which service is running on the remote ports. For instance, it
searches for a web server which could listen on another port than 80 or 443 and makes this
information available for other check routines.
A TLScustom server answered on this port
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
RESULTS PER HOST
11
Log (CVSS: 0.0)

NVT: Services
Summary
A web server is running on this port through SSL
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
Log (CVSS: 0.0)

NVT: SSL/TLS: Report Non Weak Cipher Suites
Summary
This routine reports all Non Weak SSL/TLS cipher suites accepted by a service.
Non Weak cipher suites accepted by this service via the SSLv3 protocol:
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
Non Weak cipher suites accepted by this service via the TLSv1.0 protocol:
RESULTS PER HOST
12

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
Log Method
Details:SSL/TLS: Report Non Weak Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.103441
RESULTS PER HOST
13
Log (CVSS: 0.0)

NVT: SSL/TLS: Collect and Report Certificate Details
Summary
This script collects and reports the details of all SSL/TLS certificates.
This data will be used by other tests to verify server certificates.
The following certificate details of the remote service were collected.
Certificate details:
subject ...: 1.2.840.113549.1.9.1=#737570706F727440666F7274696E65742E636F6D,CN=F
,ortiGate,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#737570706F727440666F7274696E65742E636F6D,CN=s
,upport,OU=Certificate Authority,O=Fortinet,L=Sunnyvale,ST=California,C=US
serial ....: 0241C8
valid from : 2015-07-16 00:33:11 UTC
valid until: 2038-01-19 03:14:07 UTC
fingerprint (SHA-1): E40BD3DD8721FB56E4A97D1D571D1B4367B6779F
fingerprint (SHA-256): B05DB8D08C8533B25AB480464C45D00CBBC198302FD69B5560E629AE6
,89802A2
Log Method
Details:SSL/TLS: Collect and Report Certificate Details
OID:1.3.6.1.4.1.25623.1.0.103692
Log (CVSS: 0.0)

NVT: No 404 check
Summary
Remote web server does not reply with 404 error code.
Vulnerability was detected according to the Vulnerability Detection Method.
This web server is [mis]configured in that it does not return 404 Not Found error codes when a
non-existent file is requested, perhaps returning a site map, search page or authentication page
instead.
OpenVAS enabled some counter measures for that, however they might be insufficient. If a great
number of security holes are produced for this port, they might not all be accurate
Log Method
Details:No 404 check
OID:1.3.6.1.4.1.25623.1.0.10386
RESULTS PER HOST
14
Log (CVSS: 0.0)

NVT: SSL/TLS: Certificate Too Long Valid
Summary
The remote servers SSL/TLS certificate expiration date is too far in the future.
The certificate of the remote service is valid for more than 15 years from now a
,nd will expire on 2038-01-19 03:14:07.
Certificate details:
subject ...: 1.2.840.113549.1.9.1=#737570706F727440666F7274696E65742E636F6D,CN=F
,ortiGate,OU=FortiGate,O=Fortinet,L=Sunnyvale,ST=California,C=US
subject alternative names (SAN):
None
issued by .: 1.2.840.113549.1.9.1=#737570706F727440666F7274696E65742E636F6D,CN=s
,upport,OU=Certificate Authority,O=Fortinet,L=Sunnyvale,ST=California,C=US
serial ....: 0241C8
valid from : 2015-07-16 00:33:11 UTC
valid until: 2038-01-19 03:14:07 UTC
fingerprint (SHA-1): E40BD3DD8721FB56E4A97D1D571D1B4367B6779F
fingerprint (SHA-256): B05DB8D08C8533B25AB480464C45D00CBBC198302FD69B5560E629AE6
,89802A2
Solution
Replace the SSL/TLS certificate by a new one.
This script checks expiry dates of certificates associated with SSL/TLS-enabled services on the
target and reports whether any do not have a reasonable expiration date.
Log Method
Details:SSL/TLS: Certificate Too Long Valid
OID:1.3.6.1.4.1.25623.1.0.103958
Log (CVSS: 0.0)

NVT: SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites
Summary
This routine reports all SSL/TLS cipher suites accepted by a service which are supporting Perfect
Forward Secrecy (PFS).
RESULTS PER HOST
Cipher suites supporting Perfect Forward

,ice via the SSLv3 protocol:
,ice via the TLSv1.0 protocol:
15
Secrecy (PFS) are accepted by this serv
Log Method
Details:SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.105018
RESULTS PER HOST
16
Log (CVSS: 0.0)

NVT: SSL/TLS: HTTP Strict Transport Security (HSTS) Missing
Summary
The remote web server is not enforcing HSTS.
The remote web server is not enforcing HSTS
HTTP-Banner:
HTTP/1.1 200 OK
Content-Length: 2450
Connection: close
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Solution
Solution type: Workaround
Enable HSTS.
Log Method
Details:SSL/TLS: HTTP Strict Transport Security (HSTS) Missing
OID:1.3.6.1.4.1.25623.1.0.105879
References
Other:
URL:https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
Log (CVSS: 0.0)

NVT: CGI Scanning Consolidation
Summary
The script consolidates various information for CGI scanning.
This information is based on the following scripts / settings:
- Web mirroring / webmirror.nasl (OID: 1.3.6.1.4.1.25623.1.0.10662)
- Various OS fingerprinting methods

The host seems to be running on a Unix-like operating system.
The host seems to be NOT able to host PHP scripts.
The host seems to be NOT able to host ASP scripts.
The following directories were used for CGI scanning:
https://scanme.nmap.org:8010/cgi-bin
RESULTS PER HOST
17

https://scanme.nmap.org:8010/scripts
While this is not, in and of itself, a bug, you should manually inspect these di
,rectories to ensure that they are in compliance with company security standard
,s
Log Method
Details:CGI Scanning Consolidation
OID:1.3.6.1.4.1.25623.1.0.111038
Log (CVSS: 0.0)

NVT: Nikto (NASL wrapper)
Summary
This plugin uses nikto(1) to find weak CGI scripts and other known issues regarding web server
security. See the preferences section for configuration options.
The target server did not return 404 on requests for non-existent pages.
This scan has not been executed since Nikto is prone to reporting many false pos
,itives in this case.
If you wish to force this scan, you can enable it in the Nikto preferences in yo
,ur client.
Log Method
Details:Nikto (NASL wrapper)
OID:1.3.6.1.4.1.25623.1.0.14260
Log (CVSS: 0.0)

NVT: SSL/TLS: Report Supported Cipher Suites
Summary
This routine reports all SSL/TLS cipher suites accepted by a service.
As the NVT SSL/TLS: Check Supported Cipher Suites (OID: 1.3.6.1.4.1.25623.1.0.900234)
might run into a timeout the actual reporting of all accepted cipher suites takes place in this
NVT instead. The script preference Report timeout allows you to configure if such an timeout
is reported.
Strong cipher suites accepted by this service via the SSLv3 protocol:
Medium cipher suites accepted by this service via the SSLv3 protocol:
RESULTS PER HOST
18

Weak cipher suites accepted by this service via the SSLv3 protocol:
No Null cipher suites accepted by this service via the SSLv3 protocol.
Strong cipher suites accepted by this service via the TLSv1.0 protocol:
Medium cipher suites accepted by this service via the TLSv1.0 protocol:
Weak cipher suites accepted by this service via the TLSv1.0 protocol:
No Null cipher suites accepted by this service via the TLSv1.0 protocol.
RESULTS PER HOST
19

Log Method
Details:SSL/TLS: Report Supported Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.802067
Log (CVSS: 0.0)

NVT: SSL/TLS: Report Medium Cipher Suites
Summary
This routine reports all Medium SSL/TLS cipher suites accepted by a service.
RESULTS PER HOST
20

Medium cipher suites accepted by this
service via the SSLv3 protocol:
RESULTS PER HOST
21
Any cipher suite considered to be secure for only the next 10 years is considered as medium
Log Method
Details:SSL/TLS: Report Medium Cipher Suites
OID:1.3.6.1.4.1.25623.1.0.902816
[ return to 45.33.32.156 ]
2.1.6
Log 22/tcp
Log (CVSS: 0.0)

NVT: SSH Protocol Versions Supported
Summary
Identification of SSH protocol versions supported by the remote SSH Server. Also reads the
corresponding fingerprints from the service.
The following versions are tried: 1.33, 1.5, 1.99 and 2.0
The remote SSH Server supports the following SSH Protocol Versions:
1.99
2.0
Log Method
Details:SSH Protocol Versions Supported
OID:1.3.6.1.4.1.25623.1.0.100259
RESULTS PER HOST
22
Log (CVSS: 0.0)

NVT: SSH Server type and version
Summary
This detects the SSH Servers type and version by connecting to the server and processing the
buffer received.
This information gives potential attackers additional information about the system they are
attacking. Versions and Types should be omitted where possible.
Detected SSH server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
Remote SSH supported authentication: password,publickey
Remote SSH banner:
(not available)
CPE: cpe:/a:openbsd:openssh:6.6.1p1
Concluded from remote connection attempt with credentials:
Login: VulnScan
Password: VulnScan
Log Method
Details:SSH Server type and version
OID:1.3.6.1.4.1.25623.1.0.10267
Log (CVSS: 0.0)

NVT: Services
Summary
An ssh server is running on this port
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
Log (CVSS: 0.0)

NVT: SSH Protocol Algorithms Supported
Summary
This script detects which algorithms and languages are supported by the remote SSH Service
RESULTS PER HOST
23

The following options are supported by the remote ssh service:
kex_algorithms:
curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nis
,tp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,
,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
server_host_key_algorithms:
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
encryption_algorithms_client_to_server:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,ae
,s256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfis
,h-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
encryption_algorithms_server_to_client:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,ae
,s256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfis
,h-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
mac_algorithms_client_to_server:
hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac,128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.co
,m,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@
,openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-s
,ha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,h
,mac-md5-96
mac_algorithms_server_to_client:
hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac,128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.co
,m,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@
,openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-s
,ha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,h
,mac-md5-96
compression_algorithms_client_to_server:
none,zlib@openssh.com
compression_algorithms_server_to_client:
none,zlib@openssh.com
Log Method
Details:SSH Protocol Algorithms Supported
OID:1.3.6.1.4.1.25623.1.0.105565
[ return to 45.33.32.156 ]
2.1.7
Log general/tcp
RESULTS PER HOST
24
Log (CVSS: 0.0)

NVT: OS Detection Consolidation and Reporting
Summary
This script consolidates the OS information detected by several NVTs and tries to find the best
matching OS.
Furthermore it reports all previously collected information leading to this best matching OS. It
also reports possible additional informations which might help to improve the OS detection.
If any of this information is wrong or could be improved please consider to report these to
openvas-plugins@wald.intevation.org.
Best matching OS:
OS: Ubuntu
CPE: cpe:/o:canonical:ubuntu_linux
Found by NVT: 1.3.6.1.4.1.25623.1.0.105586 (SSH OS Identification)
Concluded from SSH banner on port 22/tcp: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu
,2.8
Setting key "Host/runs_unixoide" based on this information
Other OS detections (in order of reliability):
OS: Ubuntu
CPE: cpe:/o:canonical:ubuntu_linux
Found by NVT: 1.3.6.1.4.1.25623.1.0.111067 (HTTP OS Identification)
Concluded from HTTP Server banner on port 80/tcp: Server: Apache/2.4.7 (Ubuntu)
OS: Linux 3.11 - 3.13
CPE: cpe:/o:linux:linux_kernel:3
Found by NVT: 1.3.6.1.4.1.25623.1.0.108021 (Nmap OS Identification (NASL wrapper
,))
Concluded from Nmap TCP/IP fingerprinting:
OS details: Linux 3.11 - 3.13
OS CPE: cpe:/o:linux:linux_kernel:3
OS: Linux Kernel
CPE: cpe:/o:linux:kernel
Found by NVT: 1.3.6.1.4.1.25623.1.0.102002 (ICMP based OS Fingerprinting)
Concluded from ICMP based OS fingerprint:
(95% confidence)
Linux Kernel
Log Method
Details:OS Detection Consolidation and Reporting
OID:1.3.6.1.4.1.25623.1.0.105937
Log (CVSS: 0.0)

NVT: Traceroute
Summary
RESULTS PER HOST
25

A traceroute from the scanning server to the target system was conducted. This traceroute
is provided primarily for informational value only. In the vast majority of cases, it does not
represent a vulnerability. However, if the displayed traceroute contains any private addresses
that should not have been publicly visible, then you have an issue you need to correct.
Here is the route from 172.16.204.149 to 45.33.32.156:
172.16.204.149
190.95.178.53
10.221.0.65
10.201.21.18
10.201.111.145
10.201.111.242
10.201.111.245
4.35.250.141
* * *
213.248.84.80
129.250.4.250
129.250.2.219
129.250.5.21
129.250.4.154
129.250.6.119
192.80.16.2
173.230.159.1
45.33.32.156
Solution
Block unwanted packets from escaping your network.
Log Method
Details:Traceroute
OID:1.3.6.1.4.1.25623.1.0.51662
[ return to 45.33.32.156 ]
2.1.8
Log general/icmp
Log (CVSS: 0.0)

NVT: ICMP Timestamp Detection
Summary
RESULTS PER HOST
26

The remote host responded to an ICMP timestamp request. The Timestamp Reply is an ICMP
message which replies to a Timestamp message. It consists of the originating timestamp sent
by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp. This
information could theoretically be used to exploit weak time-based random number generators
in other services.
Vulnerability was detected according to the Vulnerability Detection Method.
Log Method
Details:ICMP Timestamp Detection
OID:1.3.6.1.4.1.25623.1.0.103190
References
CVE: CVE-1999-0524
Other:
URL:http://www.ietf.org/rfc/rfc0792.txt
[ return to 45.33.32.156 ]
2.1.9
Log general/CPE-T
Log (CVSS: 0.0)

NVT: CPE Inventory
Summary
This routine uses information collected by other routines about CPE identities
(http://cpe.mitre.org/) of operating systems, services and applications detected during
the scan.
45.33.32.156|cpe:/a:apache:http_server:2.4.7
45.33.32.156|cpe:/a:openbsd:openssh:6.6.1p1
45.33.32.156|cpe:/o:canonical:ubuntu_linux
Log Method
Details:CPE Inventory
OID:1.3.6.1.4.1.25623.1.0.810002
[ return to 45.33.32.156 ]
2.1.10
Log 8008/tcp
RESULTS PER HOST
27
Log (CVSS: 0.0)

Summary
http://scanme.nmap.org:8008/
Log Method
OID:1.3.6.1.4.1.25623.1.0.103079
Log (CVSS: 0.0)

NVT: Services
Summary
A web server is running on this port
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
Log (CVSS: 0.0)

NVT: No 404 check
Summary
Remote web server does not reply with 404 error code.
CGI scanning will be disabled for this host.
RESULTS PER HOST
28

This web server is [mis]configured in that it does not return 404 Not Found error codes when a
non-existent file is requested, perhaps returning a site map, search page or authentication page
instead.
OpenVAS enabled some counter measures for that, however they might be insufficient. If a great
number of security holes are produced for this port, they might not all be accurate
Log Method
Details:No 404 check
OID:1.3.6.1.4.1.25623.1.0.10386
Log (CVSS: 0.0)

Summary

The host seems to be NOT able to host PHP scripts.
http://scanme.nmap.org:8008/cgi-bin
http://scanme.nmap.org:8008/scripts
,s
Log Method
OID:1.3.6.1.4.1.25623.1.0.111038
Log (CVSS: 0.0)

Summary
RESULTS PER HOST
29

The target server did not return 404 on requests for non-existent pages.
This scan has not been executed since Nikto is prone to reporting many false pos
,itives in this case.
If you wish to force this scan, you can enable it in the Nikto preferences in yo
,ur client.
Log Method
OID:1.3.6.1.4.1.25623.1.0.14260
[ return to 45.33.32.156 ]
2.1.11
Log 80/tcp
Log (CVSS: 0.0)

NVT: HTTP Server type and version
Summary
This detects the HTTP Servers type and version.
The remote web server type is :
Apache/2.4.7 (Ubuntu)
Solution : You can set the directive "ServerTokens Prod" to limit
the information emanating from the server in its response headers.
Solution
Log Method
Details:HTTP Server type and version
OID:1.3.6.1.4.1.25623.1.0.10107
Log (CVSS: 0.0)

Summary
RESULTS PER HOST
30

Log Method
OID:1.3.6.1.4.1.25623.1.0.103079
Log (CVSS: 0.0)

Summary
Log Method
OID:1.3.6.1.4.1.25623.1.0.103079
Log (CVSS: 0.0)

NVT: Services
Summary
A web server is running on this port
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
RESULTS PER HOST
31
Log (CVSS: 0.0)

Summary

The host seems to be able to host PHP scripts.
http://scanme.nmap.org/
http://scanme.nmap.org/cgi-bin
http://scanme.nmap.org/scripts
http://scanme.nmap.org/shared
,s
The following directories were excluded from CGI scanning because of the "Regex
,pattern to exclude directories from CGI scanning" setting of the NVT "Global v
,ariable settings" (OID: 1.3.6.1.4.1.25623.1.0.12288):
http://scanme.nmap.org/icons
http://scanme.nmap.org/images
http://scanme.nmap.org/shared/css
http://scanme.nmap.org/shared/images
http://scanme.nmap.org/shared/images/Acunetix
Log Method
OID:1.3.6.1.4.1.25623.1.0.111038
Log (CVSS: 0.0)

Summary
Here is the Nikto report:
- Nikto v2.1.6
RESULTS PER HOST
32

--------------------------------------------------------------------------+ Target IP:
45.33.32.156
+ Target Hostname:
45.33.32.156
+ Target Port:
80
+ Virtual Host:
scanme.nmap.org
+ Start Time:
2017-01-31 23:31:42 (GMT0)
--------------------------------------------------------------------------+ Server: Apache/2.4.7 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user a
,gent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent
,to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use -C all to force check all possible dirs)
+ Apache/2.4.7 appears to be outdated (current is at least Apache/2.4.12). Apach
,e 2.0.65 (final release) and 2.2.29 are also current.
+ Uncommon header tcn found, with contents: list
+ Apache mod_negotiation is enabled with MultiViews, which allows attackers to e
,asily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59
,d15. The following alternatives for index were found: index.html
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
+ OSVDB-3268: /images/: Directory indexing found.
+ OSVDB-3268: /images/?pattern=/etc/*&sort=name: Directory indexing found.
+ Server leaks inodes via ETags, header found with file /icons/README, fields: 0
,x13f4 0x438c034968a80
+ OSVDB-3233: /icons/README: Apache default file found.
+ 7679 requests: 0 error(s) and 11 item(s) reported on remote host
+ End Time:
2017-01-31 23:58:02 (GMT0) (1580 seconds)
--------------------------------------------------------------------------+ 1 host(s) tested
Log Method
OID:1.3.6.1.4.1.25623.1.0.14260
Log (CVSS: 0.0)

NVT: Apache Web Server Version Detection
Summary
Detection of installed version of Apache Web Server
The script detects the version of Apache HTTP Server on remote host and sets the KB.
Detected Apache
Version: 2.4.7
Location: 80/tcp
RESULTS PER HOST
33
CPE: cpe:/a:apache:http_server:2.4.7
Concluded from version identification result:
Server: Apache/2.4.7
Log Method
Details:Apache Web Server Version Detection
OID:1.3.6.1.4.1.25623.1.0.900498
[ return to 45.33.32.156 ]
2.1.12
Log 31337/tcp
Log (CVSS: 0.0)

NVT: Services
Summary
The service closed the connection after 0 seconds without sending any data
It might be protected by some TCP wrapper
Log Method
Details:Services
OID:1.3.6.1.4.1.25623.1.0.10330
[ return to 45.33.32.156 ]
This file was automatically generated.

Report

Uploaded by

Copyright:

Available Formats

Report

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Report

Uploaded by

Copyright:

Available Formats

Scan Report

2 Results per Host

2.1.10 Log 8008/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2.1.11 Log 80/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2.1.12 Log 31337/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

RESULTS PER HOST

Vendor security updates are not trusted.

Results per Host

Host scan start

Tue Jan 31 23:29:49 2017 UTC

. . . continues on next page . . .

RESULTS PER HOST

Medium (CVSS: 5.0)

service via the SSLv3 protocol:

service via the TLSv1.0 protocol:

service via the TLSv1.1 protocol:

service via the TLSv1.2 protocol:

RESULTS PER HOST

Medium (CVSS: 4.3)

by this service via the SSLv3 protocol:

by this service via the TLSv1.0 protocol:

by this service via the TLSv1.1 protocol:

by this service via the TLSv1.2 protocol:

RESULTS PER HOST

. . . continued from previous page . . .

Medium (CVSS: 4.3)

RESULTS PER HOST

. . . continued from previous page . . .

Medium (CVSS: 4.0)

RESULTS PER HOST

Medium (CVSS: 4.3)

RESULTS PER HOST

. . . continued from previous page . . .

Low (CVSS: 2.6)

RESULTS PER HOST

Vulnerability Detection Method

Low (CVSS: 2.6)

RESULTS PER HOST

Version used: $Revision: 4408 $

Log (CVSS: 0.0)

Log (CVSS: 0.0)

RESULTS PER HOST

Log (CVSS: 0.0)

Log (CVSS: 0.0)

RESULTS PER HOST

. . . continued from previous page . . .

RESULTS PER HOST

Log (CVSS: 0.0)

Log (CVSS: 0.0)

RESULTS PER HOST

Version used: $Revision: 4364 $

Log (CVSS: 0.0)

Log (CVSS: 0.0)

RESULTS PER HOST

Cipher suites supporting Perfect Forward

Secrecy (PFS) are accepted by this serv

Secrecy (PFS) are accepted by this serv

Secrecy (PFS) are accepted by this serv