List of PlugIn IDs
The following plugin IDs have problems associated with them. Select the ID to review more detail.
Plugin id# | # of issues | Plugin name | Severity |
|---|---|---|---|
| 11013 | 2 | Cisco VoIP Phone Multiple Script Malformed Request DoS | High Severity problem(s) found |
| 42411 | 1 | Microsoft Windows SMB Shares Unprivileged Access | High Severity problem(s) found |
| 10204 | 1 | Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS | High Severity problem(s) found |
| 11157 | 1 | Trojan Horse Detection | Medium Severity problem(s) found |
| 12218 | 1 | mDNS Detection | Medium Severity problem(s) found |
| 10736 | 7 | DCE Services Enumeration | Low Severity problem(s) found |
| 19506 | 3 | Nessus Scan Information | Low Severity problem(s) found |
| 35716 | 3 | Ethernet Card Manufacturer Detection | Low Severity problem(s) found |
| 10287 | 2 | Traceroute Information | Low Severity problem(s) found |
| 22964 | 2 | Service Detection | Low Severity problem(s) found |
| 11936 | 2 | OS Identification | Low Severity problem(s) found |
| 11011 | 2 | Microsoft Windows SMB Service Detection | Low Severity problem(s) found |
| 27576 | 2 | Firewall Detection | Low Severity problem(s) found |
| 10150 | 1 | Windows NetBIOS / SMB Remote Host Information Disclosure | Low Severity problem(s) found |
| 35712 | 1 | Web Server UPnP Detection | Low Severity problem(s) found |
| 35711 | 1 | Universal Plug and Play (UPnP) Protocol Detection | Low Severity problem(s) found |
| 25220 | 1 | TCP/IP Timestamps Supported | Low Severity problem(s) found |
| 10860 | 1 | SMB Use Host SID to Enumerate Local Users | Low Severity problem(s) found |
| 11153 | 1 | Service Detection (HELP Request) | Low Severity problem(s) found |
| 35713 | 1 | Scan for UPnP hosts (multicast) | Low Severity problem(s) found |
| 24786 | 1 | Nessus Windows Scan Not Performed with Admin Privileges | Low Severity problem(s) found |
| 10395 | 1 | Microsoft Windows SMB Shares Enumeration | Low Severity problem(s) found |
| 26917 | 1 | Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry | Low Severity problem(s) found |
| 10785 | 1 | Microsoft Windows SMB NativeLanManager Remote System Information Disclosure | Low Severity problem(s) found |
| 10859 | 1 | Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration | Low Severity problem(s) found |
| 10394 | 1 | Microsoft Windows SMB Log In Possible | Low Severity problem(s) found |
| 17651 | 1 | Microsoft Windows SMB : Obtains the Password Policy | Low Severity problem(s) found |
| 10915 | 1 | Microsoft Windows - Local Users Information : User has never logged on | Low Severity problem(s) found |
| 10916 | 1 | Microsoft Windows - Local Users Information : Passwords never expire | Low Severity problem(s) found |
| 10913 | 1 | Microsoft Windows - Local Users Information : Disabled accounts | Low Severity problem(s) found |
| 10902 | 1 | Microsoft Windows 'Administrators' Group User List | Low Severity problem(s) found |
| 46215 | 1 | Inconsistent Hostname and IP Address | Low Severity problem(s) found |
| 10114 | 1 | ICMP Timestamp Request Remote Date Disclosure | Low Severity problem(s) found |
| 24260 | 1 | HyperText Transfer Protocol (HTTP) Information | Low Severity problem(s) found |
| 10107 | 1 | HTTP Server Type and Version | Low Severity problem(s) found |
| 12053 | 1 | Host Fully Qualified Domain Name (FQDN) Resolution | Low Severity problem(s) found |
| 54615 | 1 | Device Type | Low Severity problem(s) found |
| 45590 | 1 | Common Platform Enumeration (CPE) | Low Severity problem(s) found |
Port cifs (445/tcp)
Plugin ID: 10785
Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
Synopsis
It is possible to obtain information about the remote operating
system.
List of Hosts
192.168.2.193
Plugin Output
The remote Operating System is : Windows 7 Professional 7601 Service Pack 1
The remote native lan manager is : Windows 7 Professional 6.1
The remote SMB Domain Name is : WIN7-64
Description
It is possible to get the remote operating system name and
version (Windows and/or Samba) by sending an authentication
request to port 139 or 445.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/03/17
Port cifs (445/tcp)
Plugin ID: 17651
Microsoft Windows SMB : Obtains the Password Policy
Synopsis
It is possible to retrieve the remote host's password policy using the
supplied credentials.
List of Hosts
192.168.2.193
Plugin Output
The following password policy is defined on the remote host:
Minimum password len: 0
Password history len: 0
Maximum password age (d): 42
Password must meet complexity requirements: Disabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0
Description
Using the supplied credentials it was possible to extract the
password policy for the remote Windows host. The password policy must
conform to the Informational System Policy.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/03/04
Port (17500/tcp)
Plugin ID: 11157
Trojan Horse Detection
Synopsis
The remote host might be infected by a Trojan / worm.
List of Hosts
192.168.2.193
Plugin Output
An unknown service runs on this port.
It is sometimes opened by this/these Trojan horse(s):
CrazzyNet
Unless you know for sure what is behind it, you'd better
check your system
*** Anyway, don't panic, Nessus only found an open port. It may
*** have been dynamically allocated to some service (e.g., RPC)
Description
An unknown service was found running on this port. Trojan Horses and
other malware may sometimes open these ports to allow remote access
to the machine.
Ensure that this port is intended to be open and controlled by
legitimate software installed by the administrator.
Solution
If a Trojan Horse is found running, it is highly recommended that the
operating system be reinstalled to ensure removal.
Risk Factor
Medium
Plugin last modification date: 2011/12/01
Port www (10243/tcp)
Plugin ID: 22964
Service Detection
Synopsis
The remote service could be identified.
List of Hosts
192.168.2.193
Plugin Output
A web server is running on this port.
Description
It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/12/02
Port www (5357/tcp)
Plugin ID: 22964
Service Detection
Synopsis
The remote service could be identified.
List of Hosts
192.168.2.193
Plugin Output
A web server is running on this port.
Description
It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/12/02
Port (0/tcp)
Plugin ID: 45590
Common Platform Enumeration (CPE)
Synopsis
It is possible to enumerate CPE names that matched on the remote
system.
List of Hosts
192.168.2.193
Plugin Output
The remote operating system matched the following CPE :
cpe:/o:microsoft:windows_7:::professional
Description
By using information obtained from a Nessus scan, this plugin reports
CPE (Common Platform Enumeration) matches for various hardware and
software products found on a host.
Note that if an official CPE is not available for the product, this
plugin computes the best possible CPE based on the information
available from the scan.
Solution
n/a
See also
http://cpe.mitre.org/
Risk Factor
None
Plugin last modification date: 2011/10/20
Port mdns (5353/udp)
Plugin ID: 12218
mDNS Detection
Synopsis
It is possible to obtain information about the remote host.
List of Hosts
192.168.2.195
Plugin Output
Nessus was able to extract the following information :
- mDNS hostname : Ubuntu.local.
- Advertised services :
o Service name : Ubuntu [08:00:27:94:5b:26]._workstation._tcp.local.
Port number : 9
o Service name : Ubuntu._udisks-ssh._tcp.local.
Port number : 22
- CPU type : I686
- OS : LINUX
Description
The remote service understands the Bonjour (also known as ZeroConf or
mDNS) protocol, which allows anyone to uncover information from the
remote host such as its operating system type and exact version, its
hostname, and the list of services it is running.
Solution
Filter incoming traffic to UDP port 5353 if desired.
Risk Factor
Medium/ CVSS Base Score: 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
Plugin last modification date: 2011/03/11
Port (0/tcp)
Plugin ID: 24786
Nessus Windows Scan Not Performed with Admin Privileges
Synopsis
The Nessus scan of this host may be incomplete due to insufficient
privileges provided.
List of Hosts
192.168.2.193
Plugin Output
It was not possible to connect to \\WIN7-64\ADMIN$
Description
The Nessus scanner testing the remote host has been given SMB
credentials to log into the remote host, however these credentials
do not have administrative privileges.
Typically, when Nessus performs a patch audit, it logs into the
remote host and reads the version of the DLLs on the remote host
to determine if a given patch has been applied or not. This is
the method Microsoft recommends to determine if a patch has been
applied.
If your Nessus scanner does not have administrative privileges when
doing a scan, then Nessus has to fall back to perform a patch audit
through the registry which may lead to false positives (especially
when using third party patch auditing tools) or to false negatives
(not all patches can be detected thru the registry).
Solution
Reconfigure your scanner to use credentials with administrative
privileges.
Risk Factor
None
Plugin last modification date: 2011/03/04
Port cifs (445/tcp)
Plugin ID: 10395
Microsoft Windows SMB Shares Enumeration
Synopsis
It is possible to enumerate remote network shares.
List of Hosts
192.168.2.193
Plugin Output
Here are the SMB shares available on the remote host when logged as Nessus:
- ADMIN$
- C$
- IPC$
- Users
Description
By connecting to the remote host, Nessus was able to enumerate
the network share names.
Solution
N/A
Risk Factor
None
Plugin last modification date: 2011/09/14
Port (0/tcp)
Plugin ID: 11936
OS Identification
Synopsis
It is possible to guess the remote operating system.
List of Hosts
192.168.2.195
Plugin Output
Remote operating system : Linux Kernel
Confidence Level : 30
Method : mDNS
The remote host is running Linux Kernel
192.168.2.193
Plugin Output
Remote operating system : Windows 7 Professional
Confidence Level : 99
Method : MSRPC
The remote host is running Windows 7 Professional
Description
Using a combination of remote probes, (TCP/IP, SMB, HTTP, NTP, SNMP, etc...)
it is possible to guess the name of the remote operating system in use, and
sometimes its version.
Solution
N/A
Risk Factor
None
Plugin last modification date: 2011/09/23
Port netbios-ns (137/udp)
Plugin ID: 10150
Windows NetBIOS / SMB Remote Host Information Disclosure
Synopsis
It is possible to obtain the network name of the remote host.
List of Hosts
192.168.2.193
Plugin Output
The following 4 NetBIOS names have been gathered :
WIN7-64 = Computer name
WORKGROUP = Workgroup / Domain name
WIN7-64 = File Server Service
WORKGROUP = Browser Service Elections
The remote host has the following MAC address on its adapter :
08:00:27:87:22:91
Description
The remote host listens on UDP port 137 or TCP port 445 and replies to
NetBIOS nbtscan or SMB requests.
Note that this plugin gathers information to be used in other plugins
but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/05/24
Port (0/tcp)
Plugin ID: 10902
Microsoft Windows 'Administrators' Group User List
Synopsis
There is at least one user in the 'Administrators' group.
List of Hosts
192.168.2.193
Plugin Output
The following users are members of the 'Administrators' group :
- Win7-64\Administrator (User)
- Win7-64\Obi Wan (User)
- Win7-64\Nessus (User)
Description
Using the supplied credentials, it is possible to extract the member
list of the 'Administrators' group. Members of this group have
complete access to the remote system.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin last modification date: 2011/03/04
Port upnp-client (1900/udp)
Plugin ID: 35713
Scan for UPnP hosts (multicast)
Synopsis
This machine is a UPnP client.
List of Hosts
192.168.2.193
Description
This machine answered to a multicast UPnP NOTIFY packet by trying to
fetch the XML description that Nessus advertised.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/03/17
Port (0/tcp)
Plugin ID: 10915
Microsoft Windows - Local Users Information : User has never logged on
Synopsis
At least one local user has never logged in to his / her account.
List of Hosts
192.168.2.193
Plugin Output
The following local users have never logged in :
- Guest
- HomeGroupUser$
Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
Description
Using the supplied credentials, it is possible to list local users who
have never logged into their accounts.
Solution
Delete accounts that are not needed.
Risk Factor
None
Other references
OSVDB:754
Plugin publication date: 2002/03/17
Plugin last modification date: 2011/03/21
Port (0/tcp)
Plugin ID: 35716
Ethernet Card Manufacturer Detection
Synopsis
The manufacturer can be deduced from the Ethernet OUI.
List of Hosts
192.168.2.195
Plugin Output
The following card manufacturers were identified :
08:00:27:94:5b:26 : CADMUS COMPUTER SYSTEMS
192.168.2.194
Plugin Output
The following card manufacturers were identified :
08:00:27:8c:41:5f : CADMUS COMPUTER SYSTEMS
192.168.2.193
Plugin Output
The following card manufacturers were identified :
08:00:27:87:22:91 : CADMUS COMPUTER SYSTEMS
Description
Each ethernet MAC address starts with a 24-bit 'Organizationally
Unique Identifier'.
These OUI are registered by IEEE.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/03/27
Port cifs (445/tcp)
Plugin ID: 10859
Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration
Synopsis
It is possible to obtain the host SID for the remote host.
List of Hosts
192.168.2.193
Plugin Output
The remote host SID value is :
1-5-21-2173961986-3163467548-3695327060
The value of 'RestrictAnonymous' setting is : unknown
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible
to obtain the host SID (Security Identifier).
The host SID can then be used to get the list of local users.
Solution
You can prevent anonymous lookups of the host SID by setting the
'RestrictAnonymous' registry setting to an appropriate value.
Refer to the 'See also' section for guidance.
Risk Factor
None
Plugin publication date: 2002/02/13
Plugin last modification date: 2011/09/15
Ease of exploitability: Exploits are available
Port cifs (445/tcp)
Plugin ID: 26917
Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry
Synopsis
Nessus is not able to access the remote Windows Registry.
List of Hosts
192.168.2.193
Plugin Output
Could not connect to the registry because:
Could not connect to \winreg
Description
It was not possible to connect to PIPE\winreg on the remote host.
If you intend to use Nessus to perform registry-based checks, the
registry checks will not work because the 'Remote Registry Access'
service (winreg) has been disabled on the remote host or can not be
connected to with the supplied credentials.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/03/27
Port www (2869/tcp)
Plugin ID: 35712
Web Server UPnP Detection
Synopsis
The remote web server provides UPnP information.
List of Hosts
192.168.2.193
Plugin Output
Here is a summary of http://192.168.2.193:2869/upnphost/udhisapi.dll?content=uuid:977c50c7-7ed0-4f36-8e31-44da14188ec4 :
friendlyName:WIN7-64: Obi Wan:
deviceType:urn:schemas-upnp-org:device:MediaServer:1
manufacturer:Microsoft Corporation
manufacturerURL:http://www.microsoft.com
modelName:Windows Media Player Sharing
modelNumber:12.0
modelURL:http://go.microsoft.com/fwlink/?LinkId=105926
serialNumber:{ACCC07C9-4E3A-4018-80C7-B143552F2500}
Description
It was possible to extract some information about the UPnP-enabled
device by querying this web server.
Services may also be reachable through SOAP requests.
Solution
Filter incoming traffic to this port if desired.
Risk Factor
None
Plugin last modification date: 2011/03/14
Port cifs (445/tcp)
Plugin ID: 11011
Microsoft Windows SMB Service Detection
Synopsis
A file / print sharing service is listening on the remote host.
List of Hosts
192.168.2.193
Plugin Output
A CIFS server is running on this port.
Description
The remote service understands the CIFS (Common Internet File System)
or Server Message Block (SMB) protocol, used to provide shared access
to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/03/11
Port smb (139/tcp)
Plugin ID: 11011
Microsoft Windows SMB Service Detection
Synopsis
A file / print sharing service is listening on the remote host.
List of Hosts
192.168.2.193
Plugin Output
An SMB server is running on this port.
Description
The remote service understands the CIFS (Common Internet File System)
or Server Message Block (SMB) protocol, used to provide shared access
to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/03/11
Port (0/tcp)
Plugin ID: 10916
Microsoft Windows - Local Users Information : Passwords never expire
Synopsis
At least one local user has a password that never expires.
List of Hosts
192.168.2.193
Plugin Output
The following local users have passwords that never expire :
- Administrator
- Guest
- Obi Wan
- HomeGroupUser$
- Nessus
Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.
Description
Using the supplied credentials, it is possible to list local users
whose passwords never expire.
Solution
Allow / require users to change their passwords regularly.
Risk Factor
None
Other references
OSVDB:755
Plugin publication date: 2002/03/17
Plugin last modification date: 2011/03/21
Port (0/tcp)
Plugin ID: 46215
Inconsistent Hostname and IP Address
Synopsis
The remote host's hostname is not consistent with DNS information.
List of Hosts
192.168.2.193
Plugin Output
The host name 'Win7-64' resolves to 67.215.65.132, not to 192.168.2.193
Description
The name of this machine either does not resolve or resolves to a
different IP address.
This may come from a badly configured reverse DNS or from a host file
in use on the Nessus scanning host.
As a result, URLs in plugin output may not be directly usable in a web
browser and some web tests may be incomplete.
Solution
Fix the reverse DNS or host file.
Risk Factor
None
Plugin last modification date: 2011/10/06
Port (0/tcp)
Plugin ID: 27576
Firewall Detection
Synopsis
The remote host is behind a firewall
List of Hosts
192.168.2.194
192.168.2.193
Description
Based on the responses obtained by the SYN or TCP port scanner, it was
possible to determine that the remote host seems to be protected by a
firewall.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/03/21
Port (0/tcp)
Plugin ID: 54615
Device Type
Synopsis
It is possible to guess the remote device type.
List of Hosts
192.168.2.193
Plugin Output
Remote device type : general-purpose
Confidence level : 99
Description
Based on the remote operating system, it is possible to determine
what the remote system type is (eg: a printer, router, general-purpose
computer, etc).
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/05/23
Port (0/tcp)
Plugin ID: 12053
Host Fully Qualified Domain Name (FQDN) Resolution
Synopsis
It was possible to resolve the name of the remote host.
List of Hosts
192.168.2.193
Plugin Output
192.168.2.193 resolves as Win7-64.
Description
Nessus was able to resolve the FQDN of the remote host.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/07/14
Port www (10243/tcp)
Plugin ID: 24260
HyperText Transfer Protocol (HTTP) Information
Synopsis
Some information about the remote HTTP configuration can be extracted.
List of Hosts
192.168.2.193
Plugin Output
Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sat, 03 Dec 2011 23:18:28 GMT
Connection: close
Content-Length: 315
Description
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...
This test is informational only and does not denote any security
problem.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/05/31
Port www (2869/tcp)
Plugin ID: 11153
Service Detection (HELP Request)
Synopsis
The remote service could be identified.
List of Hosts
192.168.2.193
Plugin Output
A web server seems to be running on this port.
Description
It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives a 'HELP' request.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/11/28
Port www (10243/tcp)
Plugin ID: 10107
HTTP Server Type and Version
Synopsis
A web server is running on the remote host.
List of Hosts
192.168.2.193
Plugin Output
The remote web server type is :
Microsoft-HTTPAPI/2.0
Description
This plugin attempts to determine the type and the version of the
remote web server.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/11/30
Port dce-rpc (49156/tcp)
Plugin ID: 10736
DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
List of Hosts
192.168.2.193
Plugin Output
The following DCERPC services are available on TCP port 49156 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49156
IP : 192.168.2.193
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Solution
N/A
Risk Factor
None
Plugin last modification date: 2011/03/04
Port dce-rpc (49155/tcp)
Plugin ID: 10736
DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
List of Hosts
192.168.2.193
Plugin Output
The following DCERPC services are available on TCP port 49155 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Solution
N/A
Risk Factor
None
Plugin last modification date: 2011/03/04
Port dce-rpc (49154/tcp)
Plugin ID: 10736
DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
List of Hosts
192.168.2.193
Plugin Output
The following DCERPC services are available on TCP port 49154 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.2.193
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.2.193
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Solution
N/A
Risk Factor
None
Plugin last modification date: 2011/03/04
Port dce-rpc (49153/tcp)
Plugin ID: 10736
DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
List of Hosts
192.168.2.193
Plugin Output
The following DCERPC services are available on TCP port 49153 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.193
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.193
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.193
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.193
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.193
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Solution
N/A
Risk Factor
None
Plugin last modification date: 2011/03/04
Port dce-rpc (49152/tcp)
Plugin ID: 10736
DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
List of Hosts
192.168.2.193
Plugin Output
The following DCERPC services are available on TCP port 49152 :
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49152
IP : 192.168.2.193
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Solution
N/A
Risk Factor
None
Plugin last modification date: 2011/03/04
Port cifs (445/tcp)
Plugin ID: 10736
DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
List of Hosts
192.168.2.193
Plugin Output
The following DCERPC services are available remotely :
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\WIN7-64
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\trkwks
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\browser
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\browser
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\browser
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\browser
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7-64
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7-64
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Solution
N/A
Risk Factor
None
Plugin last modification date: 2011/03/04
Port epmap (135/tcp)
Plugin ID: 10736
DCE Services Enumeration
Synopsis
A DCE/RPC service is running on the remote host.
List of Hosts
192.168.2.193
Plugin Output
The following DCERPC services are available locally :
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc05F340
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc05F340
Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-40aacb0c66a36d17d2
Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc061AD1
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc061AD1
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service
Windows process : unknow
Type : Local RPC service
Named pipe : LRPC-326fd53a4d3507de30
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8174bb16-571b-4c38-8386-1102b449044a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ab00a450403a0df208
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a2d47257-12f7-4beb-8981-0ebfa935c407, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ab00a450403a0df208
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3f31c91e-2545-4b7b-9311-9529e8bffef6, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ab00a450403a0df208
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : OLE26A7B2D67CB24E27BA6EB5A5BCC9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-79ce2df4d9a78dd8ae
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE26A7B2D67CB24E27BA6EB5A5BCC9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-79ce2df4d9a78dd8ae
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : trkwks
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-0b38339698048a9e96
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-0b38339698048a9e96
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-0b38339698048a9e96
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Local RPC service
Named pipe : spoolss
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-b4f8505480a27e5796
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LRPC-b4f8505480a27e5796
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsapolicylookup
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsasspirpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : samss lpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : OLE94A7D19B3D614428A6032DE1D884
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-4b3e250bdd1b9ec71c
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLE94A7D19B3D614428A6032DE1D884
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-4b3e250bdd1b9ec71c
Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : AudioClientRpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : Audiosrv
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : AudioClientRpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : Audiosrv
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : eventlog
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : AudioClientRpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : Audiosrv
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : dhcpcsvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : dhcpcsvc6
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : OLE310D9BEE2EF54A5FA43F101043EB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : eventlog
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : AudioClientRpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : Audiosrv
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : dhcpcsvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : OLE310D9BEE2EF54A5FA43F101043EB
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.
Solution
N/A
Risk Factor
None
Plugin last modification date: 2011/03/04
Port (0/tcp)
Plugin ID: 19506
Nessus Scan Information
Synopsis
Information about the Nessus scan.
List of Hosts
192.168.2.195
Plugin Output
Information about this scan :
Nessus version : 4.4.1 (Build 15078)
Plugin feed version : 201112022238
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 192.168.2.223
Port scanner(s) : nessus_syn_scanner
Port range : 1-65535
Thorough tests : no
Experimental tests : no
Paranoia level : 2
Report Verbosity : 1
Safe checks : no
Optimize the test : yes
CGI scanning : enabled
Web application tests : disabled
Max hosts : 80
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2011/12/3 15:47
Scan duration : 345 sec
192.168.2.194
Plugin Output
Information about this scan :
Nessus version : 4.4.1 (Build 15078)
Plugin feed version : 201112022238
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 192.168.2.223
Port scanner(s) : nessus_syn_scanner
Port range : 1-65535
Thorough tests : no
Experimental tests : no
Paranoia level : 2
Report Verbosity : 1
Safe checks : no
Optimize the test : yes
CGI scanning : enabled
Web application tests : disabled
Max hosts : 80
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2011/12/3 15:47
Scan duration : 543 sec
192.168.2.193
Plugin Output
Information about this scan :
Nessus version : 4.4.1 (Build 15078)
Plugin feed version : 201112022238
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 192.168.2.223
Port scanner(s) : nessus_syn_scanner
Port range : 1-65535
Thorough tests : no
Experimental tests : no
Paranoia level : 2
Report Verbosity : 1
Safe checks : no
Optimize the test : yes
CGI scanning : enabled
Web application tests : disabled
Max hosts : 80
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2011/12/3 15:47
Scan duration : 3618 sec
Description
This script displays, for each tested host, information about the scan itself:
- The version of the plugin set
- The type of plugin feed (HomeFeed or ProfessionalFeed)
- The version of the Nessus Engine
- The port scanner(s) used
- The port range scanned
- The date of the scan
- The duration of the scan
- The number of hosts scanned in parallel
- The number of checks done in parallel
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/09/21
Port www (10243/tcp)
Plugin ID: 11013
Cisco VoIP Phone Multiple Script Malformed Request DoS
Synopsis
The remote IP phone has multiple vulnerabilities.
List of Hosts
192.168.2.193
Description
The remote host appears to be a Cisco IP phone. It was possible to
reboot this device by requesting :
http://<phone-ip>/StreamingStatistics?120000
This device likely has other vulnerabilities that Nessus has not
checked for.
Solution
Apply the fix referenced in the vendor's advisory.
See also
http://archives.neohapsis.com/archives/bugtraq/2002-05/0200.html
http://www.nessus.org/u?b1d74bb7
Risk Factor
High/ CVSS Base Score: 8.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C)
CVSS Temporal Score: 7.4(CVSS2#E:H/RL:OF/RC:C)
CVE
CVE-2002-0882
Other references
OSVDB:14855
OSVDB:14856
Plugin publication date: 2002/06/05
Plugin last modification date: 2011/03/14
Ease of exploitability: No exploit is required
Port www (2869/tcp)
Plugin ID: 11013
Cisco VoIP Phone Multiple Script Malformed Request DoS
Synopsis
The remote IP phone has multiple vulnerabilities.
List of Hosts
192.168.2.193
Description
The remote host appears to be a Cisco IP phone. It was possible to
reboot this device by requesting :
http://<phone-ip>/StreamingStatistics?120000
This device likely has other vulnerabilities that Nessus has not
checked for.
Solution
Apply the fix referenced in the vendor's advisory.
See also
http://archives.neohapsis.com/archives/bugtraq/2002-05/0200.html
http://www.nessus.org/u?b1d74bb7
Risk Factor
High/ CVSS Base Score: 8.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C)
CVSS Temporal Score: 7.4(CVSS2#E:H/RL:OF/RC:C)
CVE
CVE-2002-0882
Other references
OSVDB:14855
OSVDB:14856
Plugin publication date: 2002/06/05
Plugin last modification date: 2011/03/14
Ease of exploitability: No exploit is required
Port (0/tcp)
Plugin ID: 25220
TCP/IP Timestamps Supported
Synopsis
The remote service implements TCP timestamps.
List of Hosts
192.168.2.193
Description
The remote host implements TCP timestamps, as defined by RFC1323. A
side effect of this feature is that the uptime of the remote host can
sometimes be computed.
Solution
n/a
See also
http://www.ietf.org/rfc/rfc1323.txt
Risk Factor
None
Plugin last modification date: 2011/03/20
Port cifs (445/tcp)
Plugin ID: 42411
Microsoft Windows SMB Shares Unprivileged Access
Synopsis
It is possible to access a network share.
List of Hosts
192.168.2.193
Plugin Output
The following shares can be accessed as Nessus :
- Users - (readable)
+ Content of this share :
..
Default
desktop.ini
Obi Wan
Public
Description
The remote has one or more Windows shares that can be accessed through
the network with the given credentials.
Depending on the share rights, it may allow an attacker to read/write
confidential data.
Solution
To restrict access under Windows, open Explorer, do a right click on
each share, go to the 'sharing' tab, and click on 'permissions'.
Risk Factor
High/ CVSS Base Score: 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score: 7.5(CVSS2#E:H/RL:U/RC:ND)
Bugtraq ID
8026
Other references
OSVDB:299
Plugin publication date: 2009/11/06
Plugin last modification date: 2011/03/27
Ease of exploitability: No exploit is required
Port cifs (445/tcp)
Plugin ID: 10394
Microsoft Windows SMB Log In Possible
Synopsis
It is possible to log into the remote host.
List of Hosts
192.168.2.193
Plugin Output
- NULL sessions are enabled on the remote host
- The SMB tests will be done as 'Nessus'/'******'
Description
The remote host is running Microsoft Windows operating
system or Samba, a CIFS/SMB server for Unix. It was
possible to log into it using one of the following
accounts :
- NULL session
- Guest account
- Given Credentials
Solution
n/a
See also
http://support.microsoft.com/support/kb/articles/Q143/4/74.ASP
http://support.microsoft.com/support/kb/articles/Q246/2/61.ASP
Risk Factor
None
Plugin publication date: 2000/05/09
Plugin last modification date: 2011/09/15
Ease of exploitability: Exploits are available
Exploitable with: Metasploit (Microsoft Windows Authenticated User Code Execution)
Port (0/tcp)
Plugin ID: 10913
Microsoft Windows - Local Users Information : Disabled accounts
Synopsis
At least one local user account has been disabled.
List of Hosts
192.168.2.193
Plugin Output
The following local user accounts have been disabled :
- Administrator
- Guest
Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.
Description
Using the supplied credentials, it is possible to list local user
accounts that have been disabled.
Solution
Delete accounts that are no longer needed.
Risk Factor
None
Other references
OSVDB:752
Plugin publication date: 2002/03/17
Plugin last modification date: 2011/03/21
Port cifs (445/tcp)
Plugin ID: 10860
SMB Use Host SID to Enumerate Local Users
Synopsis
It is possible to enumerate local users.
List of Hosts
192.168.2.193
Plugin Output
- Administrator (id 500, Administrator account)
- Guest (id 501, Guest account)
- HomeUsers (id 1000)
- Obi Wan (id 1001)
- HomeGroupUser$ (id 1002)
- Nessus (id 1003)
Note that, in addition to the Administrator and Guest accounts, Nessus
has enumerated only those local users with IDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.
Description
Using the host security identifier (SID), it is possible to enumerate local users
on the remote Windows system.
Solution
n/a
Risk Factor
None
Plugin publication date: 2002/02/13
Plugin last modification date: 2011/09/15
Ease of exploitability: Exploits are available
Port (0/icmp)
Plugin ID: 10114
ICMP Timestamp Request Remote Date Disclosure
Synopsis
It is possible to determine the exact time set on the remote host.
List of Hosts
192.168.2.195
Plugin Output
The difference between the local and remote clocks is -8 seconds.
Description
The remote host answers to an ICMP timestamp request. This allows an
attacker to know the date that is set on the targeted machine.
This may help an attacker to defeat all time-based authentication
protocols.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).
Risk Factor
None
CVE
CVE-1999-0524
Plugin publication date: 1999/08/01
Plugin last modification date: 2011/11/15
Port upnp-client (1900/udp)
Plugin ID: 35711
Universal Plug and Play (UPnP) Protocol Detection
Synopsis
The remote device supports UPnP.
List of Hosts
192.168.2.193
Plugin Output
The device answered :
HTTP/1.1 200 OK
ST:upnp:rootdevice
USN:uuid:977c50c7-7ed0-4f36-8e31-44da14188ec4::upnp:rootdevice
Location:http://192.168.2.193:2869/upnphost/udhisapi.dll?content=uuid:977c50c7-7ed0-4f36-8e31-44da14188ec4
OPT:"http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS:dc1b86c620aad96bdd480a3b18f920d9
Cache-Control:max-age=900
Server:Microsoft-Windows-NT/5.1 UPnP/1.0 UPnP-Device-Host/1.0
Ext:
Description
The remote device answered to an SSDP M-SEARCH request. This means that
it supports 'Universal Plug and Play' aka UPnP. This protocol provides
automatic configuration and device discovery. It is primiraly intended
for home networks.
Keep in mind that it could help an intruder discover your network
architecture and speed an attack up.
Solution
Filter access to this port if desired.
See also
http://en.wikipedia.org/wiki/Universal_Plug_and_Play
http://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol
http://quimby.gnus.org/internet-drafts/draft-cai-ssdp-v1-03.txt
Risk Factor
None
Plugin last modification date: 2011/03/17
Port (0/udp)
Plugin ID: 10287
Traceroute Information
Synopsis
It was possible to obtain traceroute information.
List of Hosts
192.168.2.195
Plugin Output
For your information, here is the traceroute from 192.168.2.223 to 192.168.2.195 :
192.168.2.223
192.168.2.195
192.168.2.193
Plugin Output
For your information, here is the traceroute from 192.168.2.223 to 192.168.2.193 :
192.168.2.223
192.168.2.193
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin last modification date: 2011/03/21
Port smb (139/tcp)
Plugin ID: 10204
Microsoft Windows NT SCM Malformed Resource Enumeration Request DoS
Synopsis
The remote host is vulnerable to a denial of service.
List of Hosts
192.168.2.193
Description
An 'rfpoison' packet has been sent to the remote host.
This packet is supposed to crash the 'services.exe' process, making
the system unstable.
Solution
Apply NT4 last service pack, or better, upgrade to Windows last version.
Risk Factor
High/ CVSS Base Score: 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score: 6.4(CVSS2#E:F/RL:OF/RC:C)
CVE
CVE-1999-0980
Bugtraq ID
754
Other references
OSVDB:11264
Plugin publication date: 1999/11/01
Plugin last modification date: 2011/03/11
| 192.168.2.195 | |
|---|---|
| Scan Time | |
| Start time: | Sat Dec 03 15:47:52 2011 |
| End time: | Sat Dec 03 15:53:37 2011 |
| Number of vulnerabilities | |
| High | 0 |
| Medium | 1 |
| Low | 5 |
| Remote Host Information | |
| Operating System: | Linux Kernel |
| IP address: | 192.168.2.195 |
| MAC address: | 08:00:27:94:5b:26 |
| 192.168.2.194 | |
|---|---|
| Scan Time | |
| Start time: | Sat Dec 03 15:47:52 2011 |
| End time: | Sat Dec 03 15:56:55 2011 |
| Number of vulnerabilities | |
| High | 0 |
| Medium | 0 |
| Low | 3 |
| Remote Host Information | |
| IP address: | 192.168.2.194 |
| MAC address: | 08:00:27:8c:41:5f |
| 192.168.2.193 | |
|---|---|
| Scan Time | |
| Start time: | Sat Dec 03 15:47:51 2011 |
| End time: | Sat Dec 03 16:48:09 2011 |
| Number of vulnerabilities | |
| High | 4 |
| Medium | 1 |
| Low | 40 |
| Remote Host Information | |
| Operating System: | Windows 7 Professional |
| NetBIOS name: | WIN7-64 |
| DNS name: | Win7-64 |
| IP address: | 192.168.2.193 |
| MAC address: | 08:00:27:87:22:91 |