List of PlugIn IDs

>print



The following plugin IDs have problems associated with them. Select the ID to review more detail.

Plugin id#arrow# of issuesarrowPlugin namearrowSeverityarrow
35362 1 MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) (uncredentialed check) High Severity problem(s) found
34477 1 MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check) High Severity problem(s) found
42411 1 Microsoft Windows SMB Shares Unprivileged Access High Severity problem(s) found
51192 2 SSL Certificate signed with an unknown Certificate Authority Medium Severity problem(s) found
26920 1 Microsoft Windows SMB NULL Session Authentication Medium Severity problem(s) found
12218 1 mDNS Detection Medium Severity problem(s) found
10736 15 DCE Services Enumeration Low Severity problem(s) found
11011 6 Microsoft Windows SMB Service Detection Low Severity problem(s) found
22964 5 Service Detection Low Severity problem(s) found
11936 4 OS Identification Low Severity problem(s) found
19506 4 Nessus Scan Information Low Severity problem(s) found
24260 4 HyperText Transfer Protocol (HTTP) Information Low Severity problem(s) found
10107 4 HTTP Server Type and Version Low Severity problem(s) found
10150 3 Windows NetBIOS / SMB Remote Host Information Disclosure Low Severity problem(s) found
10287 3 Traceroute Information Low Severity problem(s) found
26917 3 Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry Low Severity problem(s) found
10785 3 Microsoft Windows SMB NativeLanManager Remote System Information Disclosure Low Severity problem(s) found
10394 3 Microsoft Windows SMB Log In Possible Low Severity problem(s) found
35716 3 Ethernet Card Manufacturer Detection Low Severity problem(s) found
54615 3 Device Type Low Severity problem(s) found
45590 3 Common Platform Enumeration (CPE) Low Severity problem(s) found
10863 2 SSL Certificate Information Low Severity problem(s) found
53491 2 SSL / TLS Renegotiation DoS Low Severity problem(s) found
10860 2 SMB Use Host SID to Enumerate Local Users Low Severity problem(s) found
11153 2 Service Detection (HELP Request) Low Severity problem(s) found
10395 2 Microsoft Windows SMB Shares Enumeration Low Severity problem(s) found
10859 2 Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration Low Severity problem(s) found
17651 2 Microsoft Windows SMB : Obtains the Password Policy Low Severity problem(s) found
10915 2 Microsoft Windows - Local Users Information : User has never logged on Low Severity problem(s) found
10916 2 Microsoft Windows - Local Users Information : Passwords never expire Low Severity problem(s) found
10913 2 Microsoft Windows - Local Users Information : Disabled accounts Low Severity problem(s) found
10902 2 Microsoft Windows 'Administrators' Group User List Low Severity problem(s) found
46215 2 Inconsistent Hostname and IP Address Low Severity problem(s) found
10114 2 ICMP Timestamp Request Remote Date Disclosure Low Severity problem(s) found
12053 2 Host Fully Qualified Domain Name (FQDN) Resolution Low Severity problem(s) found
10386 1 Web Server No 404 Error Code Check Low Severity problem(s) found
20108 1 Web Server / Application favicon.ico Vendor Fingerprinting Low Severity problem(s) found
25220 1 TCP/IP Timestamps Supported Low Severity problem(s) found
17975 1 Service Detection (GET request) Low Severity problem(s) found
50845 1 OpenSSL Detection Low Severity problem(s) found
10919 1 Open Port Re-check Low Severity problem(s) found
10884 1 Network Time Protocol (NTP) Server Detection Low Severity problem(s) found
24786 1 Nessus Windows Scan Not Performed with Admin Privileges Low Severity problem(s) found
10147 1 Nessus Server Detection Low Severity problem(s) found
11197 1 Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak) Low Severity problem(s) found
10396 1 Microsoft Windows SMB Shares Access Low Severity problem(s) found
10456 1 Microsoft Windows SMB Service Enumeration Low Severity problem(s) found
44401 1 Microsoft Windows SMB Service Config Enumeration Low Severity problem(s) found
10397 1 Microsoft Windows SMB LanMan Pipe Server Listing Disclosure Low Severity problem(s) found
21745 1 Authentication Failure - Local Checks Not Run Low Severity problem(s) found

Port cifs (445/tcp)

Plugin ID: 10785

Microsoft Windows SMB NativeLanManager Remote System Information Disclosure


Synopsis
It is possible to obtain information about the remote operating system.

List of Hosts

192.168.2.223

Plugin Output
The remote Operating System is : Windows 7 Professional 7601 Service Pack 1
The remote native lan manager is : Windows 7 Professional 6.1
The remote SMB Domain Name is : TRINITY


192.168.2.194

Plugin Output
The remote Operating System is : Windows 5.1
The remote native lan manager is : Windows 2000 LAN Manager
The remote SMB Domain Name is : WINXP


192.168.2.193

Plugin Output
The remote Operating System is : Windows 7 Professional 7601 Service Pack 1
The remote native lan manager is : Windows 7 Professional 6.1
The remote SMB Domain Name is : WIN7-64



Description
It is possible to get the remote operating system name and
version (Windows and/or Samba) by sending an authentication
request to port 139 or 445.


Solution
n/a


Risk Factor
None


Plugin publication date: 2001/10/17
Plugin last modification date: 2011/03/17

Port cifs (445/tcp)

Plugin ID: 17651

Microsoft Windows SMB : Obtains the Password Policy


Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.

List of Hosts

192.168.2.223

Plugin Output
The following password policy is defined on the remote host:

Minimum password len: 0
Password history len: 0
Maximum password age (d): 42
Password must meet complexity requirements: Disabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0


192.168.2.193

Plugin Output
The following password policy is defined on the remote host:

Minimum password len: 0
Password history len: 0
Maximum password age (d): 42
Password must meet complexity requirements: Disabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0



Description
Using the supplied credentials it was possible to extract the
password policy for the remote Windows host. The password policy must
conform to the Informational System Policy.


Solution
n/a


Risk Factor
None


Plugin publication date: 2005/03/30
Plugin last modification date: 2011/03/04

Port cifs (445/tcp)

Plugin ID: 10396

Microsoft Windows SMB Shares Access


Synopsis
It is possible to access a network share.

List of Hosts

192.168.2.223

Plugin Output

The following shares can be accessed as Nessus :

- Pictures - (readable,writable)
+ Content of this share :
..
2008-02-03 December 2007 To o
2008-02-28 Engagment Flowers
2008-07-14 Summer 2008
2008-10-04 Tonio Camers
2009-03-24 Winter 2008-2009
2009-04-13 Spring 2009 Aida Visit
2009-06-14 Camera May June 2009
2009-08-11 Mexico Trip 2009
2009-10-03 Virginia Beach 2009
2009-10-31 Fall 2009
2009-12-21 fall 2009
2010 - September
2010 Cancun
2010-02-09 Christmas Winter 2009 2010
2010-03-14 Feb March 2010
2010-04-04 Spring Break 2010 2
2010-12-11 2010 Fall
2011 Angel Visit DC
2011 Cross country trip
2011 Fall Utah
2011 Family Pics
2011 Idaho Yellowstone
2011 Spring DC
2011 Summer Utah
2011 Summer Utah.7z
2011 Tonio Birthday
2011 Winter DC
2011-Natl Cathedral Embassies
April 2008
Arboretum 2010
Baby Katrina
Ben's Wedding 2007
December 2008
desktop.ini
Dilbert
Droid Pics
Engagement Shots
Familia
FlatStanleyDC
Fondos
Foreverness Video
Honeymoon 08
IMG_4026.JPG
Kat Birthday 2010 and tri
Labor Day 08 Camping
Little Antonio
Little Katrina
Marc and Sarah Wedding
MP Navigator EX
October 2008
Picasa
Professional Wedding Photos

- ADMIN$ - (readable,writable)
+ Content of this share :
..
addins
AppCompat
AppPatch
assembly
atiogl.xml
ativpsrm.bin
BcdLog.txt
bfsvc.exe
Boot
bootstat.dat
Branding
CSC
Cursors
debug
diagnostics
DigitalLocker
Downloaded Program Files
DPINST.LOG
ehome
en-US
EPMBatch.ept
explorer.exe
Fonts
fveupdate.exe
Globalization
Help
HelpPane.exe
hh.exe
HPMProp.INI
IME
inf
Installer
iun6002.exe
L2Schemas
LiveKernelReports
Logs
Media
MEMORY.DMP
mib.bin
Microsoft.NET
Minidump
ModemLogs
msdfmap.ini
msxml4-KB954430-enu.LOG
msxml4-KB973688-enu.LOG
notepad.exe
Offline Web Pages
OutLog.txt
Panther
PCHEALTH
Performance
PFRO.log
PLA
PolicyDefinitions
Prefetch
Professional.xml
regedit.exe
registration
rescache
Resources
SchCache
schemas
security
ServiceProfiles
servicing
Setup
setupact.log
setuperr.log
ShellNew
SoftwareDistribution
Speech
splwow64.exe
Starter.xml
Sun
system
system.ini
System32
SysWOW64
TAPI
Tasks
Temp
tracing
twain.dll
twain_32
twain_32.dll
twunk_16.exe
twunk_32.exe
vbaddin.ini
Vss
Web
win.ini
WindowsShell.Manifest
WindowsUpdate.log
winhlp32.exe

- C$ - (readable,writable)
+ Content of this share :
.rnd
Config.Msi
Documents and Settings
Drivers
FaceProv.log
hiberfil.sys
Intel
Intel Onboard Graphics Driver64
Local Disk F_101520111655
MSOCache
pagefile.sys
PerfLogs
Program Files
Program Files (x86)
ProgramData
Python26
Recovery
RHDSetup.log
System Volume Information
tail
Temp
Users
Windows
Windows.old

- D$ - (readable,writable)
+ Content of this share :
Application
b342a279510125084e82700e
drivers
Lenovo
MediaID.bin
msdia80.dll
System Volume Information
TestTESTFILE.txt
Users

- Family - (readable,writable)
+ Content of this share :
..
Finance
Insurance
K&R

- G$ - (readable,writable)
+ Content of this share :
System Volume Information



Description
The remote has one or more Windows shares that can be accessed through
the network with the given credentials.

Depending on the share rights, it may allow an attacker to read /
write confidential data.


Solution
To restrict access under Windows, open Explorer, do a right click
on each share, go to the 'sharing' tab, and click on 'permissions'.


Risk Factor
None


Plugin publication date: 2000/05/09
Plugin last modification date: 2011/06/08

Port cifs (445/tcp)

Plugin ID: 34477

MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check)


Synopsis
Arbitrary code can be executed on the remote host due to a flaw in the 'Server' service.

List of Hosts

192.168.2.194


Description
The remote host is vulnerable to a buffer overrun in the 'Server'
service that may allow an attacker to execute arbitrary code on the
remote host with the 'System' privileges.


Solution
Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008 :

http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx


Risk Factor
Critical/ CVSS Base Score: 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score: 8.7(CVSS2#E:H/RL:OF/RC:C)



Bugtraq ID
31874


Other references
OSVDB:49243
CWE:94
MSFT:MS08-067


Plugin publication date: 2008/10/23
Plugin last modification date: 2011/06/14
Ease of exploitability: Exploits are available
Exploitable with: Canvas (CANVAS), Core Impact, Metasploit (Microsoft Server Service Relative Path Stack Corruption)

Port www (10243/tcp)

Plugin ID: 22964

Service Detection


Synopsis
The remote service could be identified.

List of Hosts

192.168.2.223

Plugin Output
A web server is running on this port.



Description
It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives an HTTP request.


Solution
n/a


Risk Factor
None


Plugin publication date: 2007/08/19
Plugin last modification date: 2011/12/02

Port www (8834/tcp)

Plugin ID: 22964

Service Detection


Synopsis
The remote service could be identified.

List of Hosts

192.168.2.223

Plugin Output
A web server is running on this port through TLSv1.


192.168.2.223

Plugin Output
A TLSv1 server answered on this port.



Description
It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives an HTTP request.


Solution
n/a


Risk Factor
None


Plugin publication date: 2007/08/19
Plugin last modification date: 2011/12/02

Port www (5357/tcp)

Plugin ID: 22964

Service Detection


Synopsis
The remote service could be identified.

List of Hosts

192.168.2.223

Plugin Output
A web server is running on this port.



Description
It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives an HTTP request.


Solution
n/a


Risk Factor
None


Plugin publication date: 2007/08/19
Plugin last modification date: 2011/12/02

Port nessus (1241/tcp)

Plugin ID: 22964

Service Detection


Synopsis
The remote service could be identified.

List of Hosts

192.168.2.223

Plugin Output
A TLSv1 server answered on this port.



Description
It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives an HTTP request.


Solution
n/a


Risk Factor
None


Plugin publication date: 2007/08/19
Plugin last modification date: 2011/12/02

Port ntp (123/udp)

Plugin ID: 10884

Network Time Protocol (NTP) Server Detection


Synopsis
An NTP server is listening on the remote host.

List of Hosts

192.168.2.194


Description
An NTP (Network Time Protocol) server is listening on this port. It
provides information about the current date and time of the remote
system and may provide system information.


Solution
n/a


Risk Factor
None


Plugin publication date: 2002/03/13
Plugin last modification date: 2011/03/11

Port cifs (445/tcp)

Plugin ID: 26920

Microsoft Windows SMB NULL Session Authentication


Synopsis
It is possible to log into the remote Windows host with a NULL session.

List of Hosts

192.168.2.194

Plugin Output
It was possible to bind to the \browser pipe



Description
The remote host is running Microsoft Windows. It is possible to log into it
using a NULL session (i.e., with no login or password).

Depending on the configuration, it may be possible for an unauthenticated,
remote attacker to leverage this issue to get information about the remote
host.


Solution
Apply the following registry changes per the referenced Technet
advisories :

Set :
HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous=1
HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\restrictnullsessaccess=1
Remove BROWSER from :
HKLM\SYSTEM\CurrentControlSet\Services\lamnanserver\parameters\NullSessionPipes
Reboot once the registry changes are complete.



Risk Factor
Medium/ CVSS Base Score: 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score: 4.3(CVSS2#E:U/RL:U/RC:ND)



Bugtraq ID
494


Other references
OSVDB:299
OSVDB:8230


Vulnerability publication date: 1999/07/14
Plugin publication date: 2007/10/04
Plugin last modification date: 2011/11/23
Ease of exploitability: No known exploits are available

Port (0/tcp)

Plugin ID: 24786

Nessus Windows Scan Not Performed with Admin Privileges


Synopsis
The Nessus scan of this host may be incomplete due to insufficient privileges provided.

List of Hosts

192.168.2.193

Plugin Output
It was not possible to connect to \\WIN7-64\ADMIN$



Description
The Nessus scanner testing the remote host has been given SMB
credentials to log into the remote host, however these credentials
do not have administrative privileges.

Typically, when Nessus performs a patch audit, it logs into the
remote host and reads the version of the DLLs on the remote host
to determine if a given patch has been applied or not. This is
the method Microsoft recommends to determine if a patch has been
applied.

If your Nessus scanner does not have administrative privileges when
doing a scan, then Nessus has to fall back to perform a patch audit
through the registry which may lead to false positives (especially
when using third party patch auditing tools) or to false negatives
(not all patches can be detected thru the registry).


Solution
Reconfigure your scanner to use credentials with administrative
privileges.


Risk Factor
None


Plugin publication date: 2007/03/12
Plugin last modification date: 2011/03/04

Port (0/tcp)

Plugin ID: 45590

Common Platform Enumeration (CPE)


Synopsis
It is possible to enumerate CPE names that matched on the remote system.

List of Hosts

192.168.2.223

Plugin Output

The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_7:::professional


192.168.2.194

Plugin Output

The remote operating system matched the following CPE's :

cpe:/o:microsoft:windows_xp::sp2 -> Microsoft Windows XP Service Pack 2
cpe:/o:microsoft:windows_xp::sp3 -> Microsoft Windows XP Service Pack 3


192.168.2.193

Plugin Output

The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_7:::professional



Description
By using information obtained from a Nessus scan, this plugin reports
CPE (Common Platform Enumeration) matches for various hardware and
software products found on a host.

Note that if an official CPE is not available for the product, this
plugin computes the best possible CPE based on the information
available from the scan.


Solution
n/a



Risk Factor
None


Plugin publication date: 2010/04/21
Plugin last modification date: 2011/10/20

Port mdns (5353/udp)

Plugin ID: 12218

mDNS Detection


Synopsis
It is possible to obtain information about the remote host.

List of Hosts

192.168.2.195

Plugin Output
Nessus was able to extract the following information :

- mDNS hostname : Ubuntu.local.

- Advertised services :
o Service name : Ubuntu [08:00:27:94:5b:26]._workstation._tcp.local.
Port number : 9
o Service name : Ubuntu._udisks-ssh._tcp.local.
Port number : 22

- CPU type : I686
- OS : LINUX



Description
The remote service understands the Bonjour (also known as ZeroConf or
mDNS) protocol, which allows anyone to uncover information from the
remote host such as its operating system type and exact version, its
hostname, and the list of services it is running.


Solution
Filter incoming traffic to UDP port 5353 if desired.


Risk Factor
Medium/ CVSS Base Score: 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)


Plugin publication date: 2004/04/28
Plugin last modification date: 2011/03/11

Port www (8834/tcp)

Plugin ID: 53491

SSL / TLS Renegotiation DoS


Synopsis
The remote service allows repeated renegotiation of TLS / SSL connections.

List of Hosts

192.168.2.223


Description
The remote service encrypts traffic using TLS / SSL and permits
clients to renegotiate connections. The computational requirements
for renegotiating a connection are asymmetrical between the client and
the server, with the server performing several times more work. Since
the remote host does not appear to limit the number of renegotiations
for a single TLS / SSL connection, this permits a client to open
several simultaneous connections and repeatedly renegotiate them,
possibly leading to a denial of service condition.


Solution
Contact the vendor for specific patch information.



Risk Factor
Low/ CVSS Base Score: 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P)
CVSS Temporal Score: 2.3(CVSS2#E:POC/RL:U/RC:C)



Bugtraq ID
48626


Other references
OSVDB:73894


Vulnerability publication date: 2011/03/13
Plugin publication date: 2011/05/04
Plugin last modification date: 2011/10/24
Ease of exploitability: Exploits are available

Port nessus (1241/tcp)

Plugin ID: 53491

SSL / TLS Renegotiation DoS


Synopsis
The remote service allows repeated renegotiation of TLS / SSL connections.

List of Hosts

192.168.2.223


Description
The remote service encrypts traffic using TLS / SSL and permits
clients to renegotiate connections. The computational requirements
for renegotiating a connection are asymmetrical between the client and
the server, with the server performing several times more work. Since
the remote host does not appear to limit the number of renegotiations
for a single TLS / SSL connection, this permits a client to open
several simultaneous connections and repeatedly renegotiate them,
possibly leading to a denial of service condition.


Solution
Contact the vendor for specific patch information.



Risk Factor
Low/ CVSS Base Score: 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P)
CVSS Temporal Score: 2.3(CVSS2#E:POC/RL:U/RC:C)



Bugtraq ID
48626


Other references
OSVDB:73894


Vulnerability publication date: 2011/03/13
Plugin publication date: 2011/05/04
Plugin last modification date: 2011/10/24
Ease of exploitability: Exploits are available

Port (0/tcp)

Plugin ID: 11936

OS Identification


Synopsis
It is possible to guess the remote operating system.

List of Hosts

192.168.2.223

Plugin Output

Remote operating system : Windows 7 Professional
Confidence Level : 99
Method : MSRPC


The remote host is running Windows 7 Professional


192.168.2.195

Plugin Output

Remote operating system : Linux Kernel
Confidence Level : 30
Method : mDNS


The remote host is running Linux Kernel


192.168.2.194

Plugin Output

Remote operating system : Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Confidence Level : 99
Method : MSRPC


The remote host is running one of these operating systems :
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3


192.168.2.193

Plugin Output

Remote operating system : Windows 7 Professional
Confidence Level : 99
Method : MSRPC


The remote host is running Windows 7 Professional



Description
Using a combination of remote probes, (TCP/IP, SMB, HTTP, NTP, SNMP, etc...)
it is possible to guess the name of the remote operating system in use, and
sometimes its version.


Solution
N/A


Risk Factor
None


Plugin publication date: 2003/12/09
Plugin last modification date: 2011/09/23

Port cifs (445/tcp)

Plugin ID: 10395

Microsoft Windows SMB Shares Enumeration


Synopsis
It is possible to enumerate remote network shares.

List of Hosts

192.168.2.223

Plugin Output

Here are the SMB shares available on the remote host when logged as Nessus:

- ADMIN$
- C$
- D$
- Family
- G$
- IPC$
- Pictures


192.168.2.193

Plugin Output

Here are the SMB shares available on the remote host when logged as Nessus:

- ADMIN$
- C$
- IPC$
- Users



Description
By connecting to the remote host, Nessus was able to enumerate
the network share names.


Solution
N/A


Risk Factor
None


Plugin publication date: 2000/05/09
Plugin last modification date: 2011/09/14

Port www (8834/tcp)

Plugin ID: 20108

Web Server / Application favicon.ico Vendor Fingerprinting


Synopsis
The remote web server contains a graphic image that is prone to information disclosure.

List of Hosts

192.168.2.223

Plugin Output

The MD5 fingerprint for 'favicon.ico' suggests the web server is Nessus 4.x Web Client.



Description
The 'favicon.ico' file found on the remote web server belongs to a
popular webserver. This may be used to fingerprint the web server.


Solution
Remove the 'favicon.ico' file or create a custom one for your site.


Risk Factor
None


Other references
OSVDB:39272


Plugin publication date: 2005/10/28
Plugin last modification date: 2011/11/01

Port (0/tcp)

Plugin ID: 10902

Microsoft Windows 'Administrators' Group User List


Synopsis
There is at least one user in the 'Administrators' group.

List of Hosts

192.168.2.223

Plugin Output

The following users are members of the 'Administrators' group :

- Trinity\Administrator (User)
- Trinity\Tonio (User)
- Trinity\Nessus (User)


192.168.2.193

Plugin Output

The following users are members of the 'Administrators' group :

- Win7-64\Administrator (User)
- Win7-64\Obi Wan (User)
- Win7-64\Nessus (User)



Description
Using the supplied credentials, it is possible to extract the member
list of the 'Administrators' group. Members of this group have
complete access to the remote system.


Solution
Verify that each member of the group should have this type of access.


Risk Factor
None


Plugin publication date: 2002/03/15
Plugin last modification date: 2011/03/04

Port (0/tcp)

Plugin ID: 21745

Authentication Failure - Local Checks Not Run


Synopsis
The local security checks are disabled.

List of Hosts

192.168.2.194

Plugin Output
- It was not possible to log into the remote host via smb (invalid credentials)



Description
The credentials provided for the scan did not allow us to log into the
remote host, or the remote operating system is not supported.


Solution
n/a


Risk Factor
None


Plugin publication date: 2006/06/23
Plugin last modification date: 2011/08/30

Port cifs (445/tcp)

Plugin ID: 35362

MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) (uncredentialed check)


Synopsis
It is possible to crash the remote host due to a flaw in SMB.

List of Hosts

192.168.2.194


Description
The remote host is affected by a memory corruption vulnerability in
SMB that may allow an attacker to execute arbitrary code or perform a
denial of service against the remote host.


Solution
Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista and 2008 :

http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx


Risk Factor
Critical/ CVSS Base Score: 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)



Bugtraq ID
31179
33121
33122


Other references
OSVDB:48153
OSVDB:52691
OSVDB:52692
MSFT:MS09-001


Vulnerability publication date: 2008/09/14
Patch publication date: 2009/01/13
Plugin publication date: 2009/01/13
Plugin last modification date: 2011/01/04

Port netbios-ns (137/udp)

Plugin ID: 10150

Windows NetBIOS / SMB Remote Host Information Disclosure


Synopsis
It is possible to obtain the network name of the remote host.

List of Hosts

192.168.2.223

Plugin Output
The following 6 NetBIOS names have been gathered :

TRINITY = Computer name
WORKGROUP = Workgroup / Domain name
TRINITY = File Server Service
WORKGROUP = Browser Service Elections
WORKGROUP = Master Browser
__MSBROWSE__ = Master Browser

The remote host has the following MAC address on its adapter :
8c:a9:82:02:4e:2a


192.168.2.194

Plugin Output
The following 4 NetBIOS names have been gathered :

WINXP = Computer name
WORKGROUP = Workgroup / Domain name
WINXP = File Server Service
WORKGROUP = Browser Service Elections

The remote host has the following MAC address on its adapter :
08:00:27:8c:41:5f


192.168.2.193

Plugin Output
The following 4 NetBIOS names have been gathered :

WIN7-64 = Computer name
WORKGROUP = Workgroup / Domain name
WIN7-64 = File Server Service
WORKGROUP = Browser Service Elections

The remote host has the following MAC address on its adapter :
08:00:27:87:22:91



Description
The remote host listens on UDP port 137 or TCP port 445 and replies to
NetBIOS nbtscan or SMB requests.

Note that this plugin gathers information to be used in other plugins
but does not itself generate a report.


Solution
n/a


Risk Factor
None


Plugin publication date: 1999/10/12
Plugin last modification date: 2011/05/24

Port pharos_notify (28201/tcp)

Plugin ID: 17975

Service Detection (GET request)


Synopsis
The remote service could be identified.

List of Hosts

192.168.2.223

Plugin Output
Pharos Notify appears to be listening on this port.



Description
It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives an HTTP request.


Solution
n/a


Risk Factor
None


Plugin publication date: 2005/04/06
Plugin last modification date: 2011/11/28

Port (0/tcp)

Plugin ID: 10915

Microsoft Windows - Local Users Information : User has never logged on


Synopsis
At least one local user has never logged in to his / her account.

List of Hosts

192.168.2.223

Plugin Output

The following local users have never logged in :

- Guest
- HomeGroupUser$


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.


192.168.2.193

Plugin Output

The following local users have never logged in :

- Guest
- HomeGroupUser$


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.



Description
Using the supplied credentials, it is possible to list local users who
have never logged into their accounts.


Solution
Delete accounts that are not needed.


Risk Factor
None


Other references
OSVDB:754


Vulnerability publication date: 1980/01/01
Plugin publication date: 2002/03/17
Plugin last modification date: 2011/03/21

Port cifs (445/tcp)

Plugin ID: 10456

Microsoft Windows SMB Service Enumeration


Synopsis
It is possible to enumerate remote services.

List of Hosts

192.168.2.223

Plugin Output

Active Services :

Adobe Acrobat Update Service [ AdobeARMservice ]
Application Experience [ AeLookupSvc ]
AMD External Events Utility [ AMD External Events Utility ]
Windows Audio Endpoint Builder [ AudioEndpointBuilder ]
Windows Audio [ AudioSrv ]
Base Filtering Engine [ BFE ]
Background Intelligent Transfer Service [ BITS ]
Computer Browser [ Browser ]
Bluetooth Support Service [ bthserv ]
Symantec Event Manager [ ccEvtMgr ]
Symantec Settings Manager [ ccSetMgr ]
Cryptographic Services [ CryptSvc ]
Offline Files [ CscService ]
DCOM Server Process Launcher [ DcomLaunch ]
DHCP Client [ Dhcp ]
DNS Client [ Dnscache ]
Diagnostic Policy Service [ DPS ]
Extensible Authentication Protocol [ EapHost ]
Windows Event Log [ eventlog ]
COM+ Event System [ EventSystem ]
Function Discovery Provider Host [ fdPHost ]
Function Discovery Resource Publication [ FDResPub ]
Windows Font Cache Service [ FontCache ]
Group Policy Client [ gpsvc ]
LogMeIn Hamachi Tunneling Engine [ Hamachi2Svc ]
HomeGroup Listener [ HomeGroupListener ]
HomeGroup Provider [ HomeGroupProvider ]
IP Helper [ iphlpsvc ]
CNG Key Isolation [ KeyIso ]
Server [ LanmanServer ]
Workstation [ LanmanWorkstation ]
TCP/IP NetBIOS Helper [ lmhosts ]
McAfee SiteAdvisor Service [ McAfee SiteAdvisor Service ]
Multimedia Class Scheduler [ MMCSS ]
Windows Firewall [ MpsSvc ]
Network Connections [ Netman ]
Network List Service [ netprofm ]
Network Location Awareness [ NlaSvc ]
Network Store Interface Service [ nsi ]
Office Software Protection Platform [ osppsvc ]
Peer Networking Identity Manager [ p2pimsvc ]
Peer Networking Grouping [ p2psvc ]
Program Compatibility Assistant Service [ PcaSvc ]
Pharos Systems ComTaskMaster [ Pharos Systems ComTaskMaster ]
Plug and Play [ PlugPlay ]
Peer Name Resolution Protocol [ PNRPsvc ]
Power [ Power ]
User Profile Service [ ProfSvc ]
RPC Endpoint Mapper [ RpcEptMapper ]
Remote Procedure Call (RPC) [ RpcSs ]
Security Accounts Manager [ SamSs ]
SBSD Security Center Service [ SBSDWSCService ]
Task Scheduler [ Schedule ]
System Event Notification Service [ SENS ]
Shell Hardware Detection [ ShellHWDetection ]
Symantec Management Client [ SmcService ]
Print Spooler [ Spooler ]
SSDP Discovery [ SSDPSRV ]
Steam Client Service [ Steam Client Service ]
Windows Image Acquisition (WIA) [ stisvc ]
Symantec Endpoint Protection [ Symantec AntiVirus ]
Superfetch [ SysMain ]
Themes [ Themes ]
Distributed Link Tracking Client [ TrkWks ]
UPnP Device Host [ upnphost ]
Desktop Window Manager Session Manager [ UxSms ]
Windows Connect Now - Config Registrar [ wcncsvc ]
Diagnostic Service Host [ WdiServiceHost ]
Windows Defender [ WinDefend ]
WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ]
Windows Management Instrumentation [ Winmgmt ]
WLAN AutoConfig [ Wlansvc ]
Windows Media Player Network Sharing Service [ WMPNetworkSvc ]
Security Center [ wscsvc ]
Windows Search [ WSearch ]
Windows Update [ wuauserv ]
Windows Driver Foundation - User-mode Driver Framework [ wudfsvc ]
Tenable Nessus [ Tenable Nessus ]

Inactive Services :

Application Layer Gateway Service [ ALG ]
Application Identity [ AppIDSvc ]
Application Information [ Appinfo ]
Application Management [ AppMgmt ]
ActiveX Installer (AxInstSV) [ AxInstSV ]
BitLocker Drive Encryption Service [ BDESVC ]
Certificate Propagation [ CertPropSvc ]
Microsoft .NET Framework NGEN v2.0.50727_X86 [ clr_optimization_v2.0.50727_32 ]
Microsoft .NET Framework NGEN v2.0.50727_X64 [ clr_optimization_v2.0.50727_64 ]
Microsoft .NET Framework NGEN v4.0.30319_X86 [ clr_optimization_v4.0.30319_32 ]
Microsoft .NET Framework NGEN v4.0.30319_X64 [ clr_optimization_v4.0.30319_64 ]
COM+ System Application [ COMSysApp ]
Disk Defragmenter [ defragsvc ]
Wired AutoConfig [ dot3svc ]
Encrypting File System (EFS) [ EFS ]
Windows Media Center Receiver Service [ ehRecvr ]
Windows Media Center Scheduler Service [ ehSched ]
Fax [ Fax ]
Windows Presentation Foundation Font Cache 3.0.0.0 [ FontCache3.0.0.0 ]
Google Desktop Manager 5.9.1005.12335 [ GoogleDesktopManager-051210-111108 ]
Human Interface Device Access [ hidserv ]
Health Key and Certificate Management [ hkmsvc ]
Windows CardSpace [ idsvc ]
IKE and AuthIP IPsec Keying Modules [ IKEEXT ]
PnP-X IP Bus Enumerator [ IPBusEnum ]
KtmRm for Distributed Transaction Coordinator [ KtmRm ]
LiveUpdate [ LiveUpdate ]
Link-Layer Topology Discovery Mapper [ lltdsvc ]
Media Center Extender Service [ Mcx2Svc ]
Microsoft SharePoint Workspace Audit Service [ Microsoft SharePoint Workspace Audit Service ]
Distributed Transaction Coordinator [ MSDTC ]
Microsoft iSCSI Initiator Service [ MSiSCSI ]
Windows Installer [ msiserver ]
Network Access Protection Agent [ napagent ]
Net Driver HPZ12 [ Net Driver HPZ12 ]
Netlogon [ Netlogon ]
Net.Tcp Port Sharing Service [ NetTcpPortSharing ]
Office Source Engine [ ose ]
BranchCache [ PeerDistSvc ]
Performance Counter DLL Host [ PerfHost ]
Performance Logs & Alerts [ pla ]
Pml Driver HPZ12 [ Pml Driver HPZ12 ]
PNRP Machine Name Publication Service [ PNRPAutoReg ]
IPsec Policy Agent [ PolicyAgent ]
Protected Storage [ ProtectedStorage ]
Quality Windows Audio Video Experience [ QWAVE ]
Remote Access Auto Connection Manager [ RasAuto ]
Remote Access Connection Manager [ RasMan ]
Routing and Remote Access [ RemoteAccess ]
Remote Registry [ RemoteRegistry ]
Remote Packet Capture Protocol v.0 (experimental) [ rpcapd ]
Remote Procedure Call (RPC) Locator [ RpcLocator ]
Smart Card [ SCardSvr ]
Smart Card Removal Policy [ SCPolicySvc ]
Windows Backup [ SDRSVC ]
Secondary Logon [ seclogon ]
Adaptive Brightness [ SensrSvc ]
Remote Desktop Configuration [ SessionEnv ]
Internet Connection Sharing (ICS) [ SharedAccess ]
Symantec Network Access Control [ SNAC ]
SNMP Trap [ SNMPTRAP ]
Software Protection [ sppsvc ]
SPP Notification Service [ sppuinotify ]
Secure Socket Tunneling Protocol Service [ SstpSvc ]
Storage Service [ StorSvc ]
Microsoft Software Shadow Copy Provider [ swprv ]
Tablet PC Input Service [ TabletInputService ]
Telephony [ TapiSrv ]
TPM Base Services [ TBS ]
Remote Desktop Services [ TermService ]
Thread Ordering Server [ THREADORDER ]
Windows Modules Installer [ TrustedInstaller ]
Interactive Services Detection [ UI0Detect ]
Remote Desktop Services UserMode Port Redirector [ UmRdpService ]
Credential Manager [ VaultSvc ]
Virtual Disk [ vds ]
Volume Shadow Copy [ VSS ]
Windows Time [ W32Time ]
Windows Activation Technologies Service [ WatAdminSvc ]
Block Level Backup Engine Service [ wbengine ]
Windows Biometric Service [ WbioSrvc ]
Windows Color System [ WcsPlugInService ]
Diagnostic System Host [ WdiSystemHost ]
WebClient [ WebClient ]
Windows Event Collector [ Wecsvc ]
Problem Reports and Solutions Control Panel Support [ wercplsupport ]
Windows Error Reporting Service [ WerSvc ]
Windows Remote Management (WS-Management) [ WinRM ]
WMI Performance Adapter [ wmiApSrv ]
Parental Controls [ WPCSvc ]
Portable Device Enumerator Service [ WPDBusEnum ]
WWAN AutoConfig [ WwanSvc ]
Google Updater Service [ gusvc ]



Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices()
calls to obtain, using the SMB protocol, the list of active and
inactive services of the remote host.

An attacker may use this feature to gain better knowledge of the remote
host.


Solution
To prevent the listing of the services for being obtained, you should
either have tight login restrictions, so that only trusted users can
access your host, and/or you should filter incoming traffic to this port.


Risk Factor
Low/ CVSS Base Score: 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)


Plugin publication date: 2000/07/03
Plugin last modification date: 2011/03/04

Port (0/tcp)

Plugin ID: 35716

Ethernet Card Manufacturer Detection


Synopsis
The manufacturer can be deduced from the Ethernet OUI.

List of Hosts

192.168.2.195

Plugin Output

The following card manufacturers were identified :

08:00:27:94:5b:26 : CADMUS COMPUTER SYSTEMS


192.168.2.194

Plugin Output

The following card manufacturers were identified :

08:00:27:8c:41:5f : CADMUS COMPUTER SYSTEMS


192.168.2.193

Plugin Output

The following card manufacturers were identified :

08:00:27:87:22:91 : CADMUS COMPUTER SYSTEMS



Description
Each ethernet MAC address starts with a 24-bit 'Organizationally
Unique Identifier'.
These OUI are registered by IEEE.


Solution
n/a



Risk Factor
None


Plugin publication date: 2009/02/19
Plugin last modification date: 2011/03/27

Port (0/tcp)

Plugin ID: 10919

Open Port Re-check


Synopsis
Previously open ports are now closed.

List of Hosts

192.168.2.193

Plugin Output
Port 554 was detected as being open but is now closed



Description
One of several ports that were previously open are now closed or
unresponsive.

There are numerous possible causes for this failure :
- The scan may have caused a service to freeze or stop running.
- An administrator may have stopped a particular service during
the scanning process.

This might be an availability problem related to the following reasons :
- A network outage has been experienced during the scan, and the remote
network cannot be reached from the Vulnerability Scanner any more.
- This Vulnerability Scanner has been blacklisted by the system
administrator or by automatic intrusion detection/prevention systems
which have detected the vulnerability assessment.
- The remote host is now down, either because a user turned it off
during the scan or because a select denial of service was effective.

In any case, the audit of the remote host might be incomplete and may
need to be done again


Solution
- increase checks_read_timeout and/or reduce max_checks
- disable your IPS during the Nessus scan


Risk Factor
None


Plugin publication date: 2002/03/19
Plugin last modification date: 2011/03/07

Port cifs (445/tcp)

Plugin ID: 10397

Microsoft Windows SMB LanMan Pipe Server Listing Disclosure


Synopsis
It is possible to obtain network information.

List of Hosts

192.168.2.223

Plugin Output

Here is the browse list of the remote host :

CLAUDIA ( os : 4.0 ) - MG5200 series
TRINITY ( os : 6.1 )
WIN7-64 ( os : 6.1 )
WINXP ( os : 5.1 )



Description
It was possible to obtain the browse list of the remote Windows system
by sending a request to the LANMAN pipe. The browse list is the list of
the nearest Windows systems of the remote host.


Solution
n/a


Risk Factor
None


Other references
OSVDB:300


Vulnerability publication date: 2000/01/01
Plugin publication date: 2000/05/09
Plugin last modification date: 2011/09/14

Port cifs (445/tcp)

Plugin ID: 10859

Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration


Synopsis
It is possible to obtain the host SID for the remote host.

List of Hosts

192.168.2.223

Plugin Output

The remote host SID value is :

1-5-21-1803624063-2898551940-217781990

The value of 'RestrictAnonymous' setting is : unknown


192.168.2.193

Plugin Output

The remote host SID value is :

1-5-21-2173961986-3163467548-3695327060

The value of 'RestrictAnonymous' setting is : unknown



Description
By emulating the call to LsaQueryInformationPolicy(), it was possible
to obtain the host SID (Security Identifier).

The host SID can then be used to get the list of local users.


Solution
You can prevent anonymous lookups of the host SID by setting the
'RestrictAnonymous' registry setting to an appropriate value.

Refer to the 'See also' section for guidance.



Risk Factor
None


Vulnerability publication date: 2000/01/31
Plugin publication date: 2002/02/13
Plugin last modification date: 2011/09/15
Ease of exploitability: Exploits are available

Port cifs (445/tcp)

Plugin ID: 26917

Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry


Synopsis
Nessus is not able to access the remote Windows Registry.

List of Hosts

192.168.2.223

Plugin Output
Could not connect to the registry because:
Could not connect to \winreg


192.168.2.194

Plugin Output
Could not connect to the registry because:
Could not connect to \winreg


192.168.2.193

Plugin Output
Could not connect to the registry because:
Could not connect to \winreg



Description
It was not possible to connect to PIPE\winreg on the remote host.

If you intend to use Nessus to perform registry-based checks, the
registry checks will not work because the 'Remote Registry Access'
service (winreg) has been disabled on the remote host or can not be
connected to with the supplied credentials.


Solution
n/a


Risk Factor
None


Plugin publication date: 2007/10/04
Plugin last modification date: 2011/03/27

Port (0/tcp)

Plugin ID: 10916

Microsoft Windows - Local Users Information : Passwords never expire


Synopsis
At least one local user has a password that never expires.

List of Hosts

192.168.2.223

Plugin Output

The following local users have passwords that never expire :

- Administrator
- Guest
- Tonio
- HomeGroupUser$
- Nessus


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.


192.168.2.193

Plugin Output

The following local users have passwords that never expire :

- Administrator
- Guest
- Obi Wan
- HomeGroupUser$
- Nessus


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.



Description
Using the supplied credentials, it is possible to list local users
whose passwords never expire.


Solution
Allow / require users to change their passwords regularly.


Risk Factor
None


Other references
OSVDB:755


Vulnerability publication date: 1980/01/01
Plugin publication date: 2002/03/17
Plugin last modification date: 2011/03/21

Port (0/icmp)

Plugin ID: 11197

Multiple Ethernet Driver Frame Padding Information Disclosure (Etherleak)


Synopsis
The remote host appears to leak memory in network packets.

List of Hosts

192.168.2.194

Plugin Output

Padding observed in one frame :

0x00: 69 B8 BF 50 14 00 00 C5 64 00 00 C0 A8 02 DF C0 i..P....d.......
0x10: A8 .

Padding observed in another frame :

0x00: 16 9E A5 50 14 00 00 D8 F4 00 00 C0 A8 02 DF C0 ...P............
0x10: A8 .



Description
The remote host uses a network device driver that pads ethernet
frames with data which vary from one packet to another, likely taken
from kernel memory, system memory allocated to the device driver, or a
hardware buffer on its network interface card.

Known as 'Etherleak', this information disclosure vulnerability may
allow an attacker to collect sensitive information from the affected
host provided he is on the same physical subnet as that host.


Solution
Contact the network device driver's vendor for a fix.



Risk Factor
Low/ CVSS Base Score: 3.3
(CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score: 2.4(CVSS2#E:U/RL:OF/RC:C)



Bugtraq ID
6535


Other references
OSVDB:3873


Vulnerability publication date: 2004/02/09
Plugin publication date: 2003/01/14
Plugin last modification date: 2011/03/21
Ease of exploitability: No known exploits are available

Port cifs (445/tcp)

Plugin ID: 11011

Microsoft Windows SMB Service Detection


Synopsis
A file / print sharing service is listening on the remote host.

List of Hosts

192.168.2.223

Plugin Output

A CIFS server is running on this port.


192.168.2.194

Plugin Output

A CIFS server is running on this port.


192.168.2.193

Plugin Output

A CIFS server is running on this port.



Description
The remote service understands the CIFS (Common Internet File System)
or Server Message Block (SMB) protocol, used to provide shared access
to files, printers, etc between nodes on a network.


Solution
n/a


Risk Factor
None


Plugin publication date: 2002/06/05
Plugin last modification date: 2011/03/11

Port smb (139/tcp)

Plugin ID: 11011

Microsoft Windows SMB Service Detection


Synopsis
A file / print sharing service is listening on the remote host.

List of Hosts

192.168.2.223

Plugin Output

An SMB server is running on this port.


192.168.2.194

Plugin Output

An SMB server is running on this port.


192.168.2.193

Plugin Output

An SMB server is running on this port.



Description
The remote service understands the CIFS (Common Internet File System)
or Server Message Block (SMB) protocol, used to provide shared access
to files, printers, etc between nodes on a network.


Solution
n/a


Risk Factor
None


Plugin publication date: 2002/06/05
Plugin last modification date: 2011/03/11

Port (0/tcp)

Plugin ID: 46215

Inconsistent Hostname and IP Address


Synopsis
The remote host's hostname is not consistent with DNS information.

List of Hosts

192.168.2.223

Plugin Output
The host name 'Trinity.hsd1.ut.comcast.net.' resolves to 67.215.65.132, not to 192.168.2.223


192.168.2.193

Plugin Output
The host name 'Win7-64' resolves to 67.215.65.132, not to 192.168.2.193



Description
The name of this machine either does not resolve or resolves to a
different IP address.

This may come from a badly configured reverse DNS or from a host file
in use on the Nessus scanning host.

As a result, URLs in plugin output may not be directly usable in a web
browser and some web tests may be incomplete.


Solution
Fix the reverse DNS or host file.


Risk Factor
None


Plugin publication date: 2010/05/03
Plugin last modification date: 2011/10/06

Port www (8834/tcp)

Plugin ID: 10863

SSL Certificate Information


Synopsis
This plugin displays the SSL certificate.

List of Hosts

192.168.2.223

Plugin Output
Subject Name:

Organization: Nessus Users United
Organization Unit: Nessus Server
Locality: New York
Country: US
State/Province: NY
Common Name: Trinity

Issuer Name:

Organization: Nessus Users United
Organization Unit: Nessus Certification Authority
Locality: New York
Country: US
State/Province: NY
Common Name: Nessus Certification Authority

Serial Number: 29 3D

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Dec 03 19:34:45 2011 GMT
Not Valid After: Dec 02 19:34:45 2015 GMT

Public Key Info:

Algorithm: RSA Encryption
Public Key: 00 DB D5 75 A6 96 1B 82 CB 86 C1 F4 DB FB 40 B7 97 A8 B6 CF
D7 7D 57 F5 49 56 A9 22 15 BF 13 AA BD D7 0E 20 23 25 41 2D
FD 26 D0 1B 6D F7 4A B2 4C 99 2C BA 8E 18 84 08 1D 8D 6C B9
06 24 99 62 0A 5B 4D 8B 3A 66 AB 92 25 C2 5D B8 3E B4 77 98
07 EB 70 11 00 0B 83 0D 2D CF F5 46 68 A3 6D B6 67 F6 BD 23
59 04 FC 57 3A 7F 96 09 1C E8 A0 0A F3 12 C7 B8 EB 26 8F 87
0E CB 89 33 7A 7B EB A0 65
Exponent: 01 00 01

Signature: 00 A4 AB 47 88 F2 68 27 BA 76 BF B0 62 0A 39 A1 1C FA 60 D8
0C 59 14 B0 39 1A 96 2B EC 6D 36 14 A0 4B E0 3E 64 4E A5 2F
5F BC A2 02 08 9A 5E 3B 01 99 45 7B FB 91 60 1A 3F 23 1B 96
34 56 55 D2 EA C1 9B 3C C8 2D 96 10 7B 81 DC A1 EB A0 FE 6C
22 7D 20 79 E2 81 24 76 4A 08 70 8E 78 26 D4 6A E7 11 DA 30
0F 30 F1 54 2F 0B 69 38 39 FE 21 A9 61 DE A7 DA A7 CA 48 00
F2 BA 64 62 4B 13 8F 41 8C

Extension: 2.16.840.1.113730.1.1
Critical: 0
Data: 03 02 06 40


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Non Repudiation, Key Encipherment




Description
This plugin connects to every SSL-related port and attempts to
extract and dump the X.509 certificate.


Solution
n/a


Risk Factor
None


Plugin publication date: 2008/05/19
Plugin last modification date: 2011/09/14

Port nessus (1241/tcp)

Plugin ID: 10863

SSL Certificate Information


Synopsis
This plugin displays the SSL certificate.

List of Hosts

192.168.2.223

Plugin Output
Subject Name:

Organization: Nessus Users United
Organization Unit: Nessus Server
Locality: New York
Country: US
State/Province: NY
Common Name: Trinity

Issuer Name:

Organization: Nessus Users United
Organization Unit: Nessus Certification Authority
Locality: New York
Country: US
State/Province: NY
Common Name: Nessus Certification Authority

Serial Number: 29 3D

Version: 3

Signature Algorithm: SHA-1 With RSA Encryption

Not Valid Before: Dec 03 19:34:45 2011 GMT
Not Valid After: Dec 02 19:34:45 2015 GMT

Public Key Info:

Algorithm: RSA Encryption
Public Key: 00 DB D5 75 A6 96 1B 82 CB 86 C1 F4 DB FB 40 B7 97 A8 B6 CF
D7 7D 57 F5 49 56 A9 22 15 BF 13 AA BD D7 0E 20 23 25 41 2D
FD 26 D0 1B 6D F7 4A B2 4C 99 2C BA 8E 18 84 08 1D 8D 6C B9
06 24 99 62 0A 5B 4D 8B 3A 66 AB 92 25 C2 5D B8 3E B4 77 98
07 EB 70 11 00 0B 83 0D 2D CF F5 46 68 A3 6D B6 67 F6 BD 23
59 04 FC 57 3A 7F 96 09 1C E8 A0 0A F3 12 C7 B8 EB 26 8F 87
0E CB 89 33 7A 7B EB A0 65
Exponent: 01 00 01

Signature: 00 A4 AB 47 88 F2 68 27 BA 76 BF B0 62 0A 39 A1 1C FA 60 D8
0C 59 14 B0 39 1A 96 2B EC 6D 36 14 A0 4B E0 3E 64 4E A5 2F
5F BC A2 02 08 9A 5E 3B 01 99 45 7B FB 91 60 1A 3F 23 1B 96
34 56 55 D2 EA C1 9B 3C C8 2D 96 10 7B 81 DC A1 EB A0 FE 6C
22 7D 20 79 E2 81 24 76 4A 08 70 8E 78 26 D4 6A E7 11 DA 30
0F 30 F1 54 2F 0B 69 38 39 FE 21 A9 61 DE A7 DA A7 CA 48 00
F2 BA 64 62 4B 13 8F 41 8C

Extension: 2.16.840.1.113730.1.1
Critical: 0
Data: 03 02 06 40


Extension: Key Usage (2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Non Repudiation, Key Encipherment




Description
This plugin connects to every SSL-related port and attempts to
extract and dump the X.509 certificate.


Solution
n/a


Risk Factor
None


Plugin publication date: 2008/05/19
Plugin last modification date: 2011/09/14

Port (0/tcp)

Plugin ID: 12053

Host Fully Qualified Domain Name (FQDN) Resolution


Synopsis
It was possible to resolve the name of the remote host.

List of Hosts

192.168.2.223

Plugin Output

192.168.2.223 resolves as Trinity.hsd1.ut.comcast.net..


192.168.2.193

Plugin Output

192.168.2.193 resolves as Win7-64.



Description
Nessus was able to resolve the FQDN of the remote host.


Solution
n/a


Risk Factor
None


Plugin publication date: 2004/02/11
Plugin last modification date: 2011/07/14

Port (0/tcp)

Plugin ID: 54615

Device Type


Synopsis
It is possible to guess the remote device type.

List of Hosts

192.168.2.223

Plugin Output
Remote device type : general-purpose
Confidence level : 99


192.168.2.194

Plugin Output
Remote device type : general-purpose
Confidence level : 99


192.168.2.193

Plugin Output
Remote device type : general-purpose
Confidence level : 99



Description
Based on the remote operating system, it is possible to determine
what the remote system type is (eg: a printer, router, general-purpose
computer, etc).


Solution
n/a


Risk Factor
None


Plugin publication date: 2011/05/23
Plugin last modification date: 2011/05/23

Port www (10243/tcp)

Plugin ID: 24260

HyperText Transfer Protocol (HTTP) Information


Synopsis
Some information about the remote HTTP configuration can be extracted.

List of Hosts

192.168.2.223

Plugin Output

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sat, 03 Dec 2011 21:56:58 GMT
Connection: close
Content-Length: 334



Description
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...

This test is informational only and does not denote any security
problem.


Solution
n/a


Risk Factor
None


Plugin publication date: 2007/01/30
Plugin last modification date: 2011/05/31

Port www (8834/tcp)

Plugin ID: 24260

HyperText Transfer Protocol (HTTP) Information


Synopsis
Some information about the remote HTTP configuration can be extracted.

List of Hosts

192.168.2.223

Plugin Output

Protocol version : HTTP/1.1
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Date: Sat, 03 Dec 2011 21:56:59 GMT
Server: NessusWWW
Connection: close
Expires: Sat, 03 Dec 2011 21:56:59 GMT
Content-Length: 6518
Content-Type: text/html
Cache-Control:
Expires: 0
Pragma :



Description
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...

This test is informational only and does not denote any security
problem.


Solution
n/a


Risk Factor
None


Plugin publication date: 2007/01/30
Plugin last modification date: 2011/05/31

Port www (5357/tcp)

Plugin ID: 24260

HyperText Transfer Protocol (HTTP) Information


Synopsis
Some information about the remote HTTP configuration can be extracted.

List of Hosts

192.168.2.223

Plugin Output

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sat, 03 Dec 2011 21:56:58 GMT
Connection: close
Content-Length: 334



Description
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...

This test is informational only and does not denote any security
problem.


Solution
n/a


Risk Factor
None


Plugin publication date: 2007/01/30
Plugin last modification date: 2011/05/31

Port www (2869/tcp)

Plugin ID: 24260

HyperText Transfer Protocol (HTTP) Information


Synopsis
Some information about the remote HTTP configuration can be extracted.

List of Hosts

192.168.2.223

Plugin Output

Protocol version : HTTP/1.1
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sat, 03 Dec 2011 21:56:58 GMT
Connection: close
Content-Length: 334



Description
This test gives some information about the remote HTTP protocol - the
version used, whether HTTP Keep-Alive and HTTP pipelining are enabled,
etc...

This test is informational only and does not denote any security
problem.


Solution
n/a


Risk Factor
None


Plugin publication date: 2007/01/30
Plugin last modification date: 2011/05/31

Port www (2869/tcp)

Plugin ID: 11153

Service Detection (HELP Request)


Synopsis
The remote service could be identified.

List of Hosts

192.168.2.223

Plugin Output
A web server seems to be running on this port.


192.168.2.193

Plugin Output
A web server seems to be running on this port.



Description
It was possible to identify the remote service by its banner or by looking
at the error message it sends when it receives a 'HELP' request.


Solution
n/a


Risk Factor
None


Plugin publication date: 2002/11/18
Plugin last modification date: 2011/11/28

Port www (10243/tcp)

Plugin ID: 10107

HTTP Server Type and Version


Synopsis
A web server is running on the remote host.

List of Hosts

192.168.2.223

Plugin Output
The remote web server type is :

Microsoft-HTTPAPI/2.0



Description
This plugin attempts to determine the type and the version of the
remote web server.


Solution
n/a


Risk Factor
None


Plugin publication date: 2000/01/04
Plugin last modification date: 2011/11/30

Port www (8834/tcp)

Plugin ID: 10107

HTTP Server Type and Version


Synopsis
A web server is running on the remote host.

List of Hosts

192.168.2.223

Plugin Output
The remote web server type is :

NessusWWW



Description
This plugin attempts to determine the type and the version of the
remote web server.


Solution
n/a


Risk Factor
None


Plugin publication date: 2000/01/04
Plugin last modification date: 2011/11/30

Port www (5357/tcp)

Plugin ID: 10107

HTTP Server Type and Version


Synopsis
A web server is running on the remote host.

List of Hosts

192.168.2.223

Plugin Output
The remote web server type is :

Microsoft-HTTPAPI/2.0



Description
This plugin attempts to determine the type and the version of the
remote web server.


Solution
n/a


Risk Factor
None


Plugin publication date: 2000/01/04
Plugin last modification date: 2011/11/30

Port www (2869/tcp)

Plugin ID: 10107

HTTP Server Type and Version


Synopsis
A web server is running on the remote host.

List of Hosts

192.168.2.223

Plugin Output
The remote web server type is :

Microsoft-HTTPAPI/2.0



Description
This plugin attempts to determine the type and the version of the
remote web server.


Solution
n/a


Risk Factor
None


Plugin publication date: 2000/01/04
Plugin last modification date: 2011/11/30

Port (0/tcp)

Plugin ID: 19506

Nessus Scan Information


Synopsis
Information about the Nessus scan.

List of Hosts

192.168.2.223

Plugin Output
Information about this scan :

Nessus version : 4.4.1 (Build 15078)
Plugin feed version : 201112022238
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 192.168.2.223
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 80
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2011/12/3 14:55
Scan duration : 115 sec


192.168.2.195

Plugin Output
Information about this scan :

Nessus version : 4.4.1 (Build 15078)
Plugin feed version : 201112022238
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 192.168.2.223
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 80
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2011/12/3 14:55
Scan duration : 160 sec


192.168.2.194

Plugin Output
Information about this scan :

Nessus version : 4.4.1 (Build 15078)
Plugin feed version : 201112022238
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 192.168.2.223
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 80
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2011/12/3 14:55
Scan duration : 165 sec


192.168.2.193

Plugin Output
Information about this scan :

Nessus version : 4.4.1 (Build 15078)
Plugin feed version : 201112022238
Type of plugin feed : HomeFeed (Non-commercial use only)
Scanner IP : 192.168.2.223
Port scanner(s) : nessus_syn_scanner
Port range : default
Thorough tests : no
Experimental tests : no
Paranoia level : 1
Report Verbosity : 1
Safe checks : yes
Optimize the test : yes
CGI scanning : disabled
Web application tests : disabled
Max hosts : 80
Max checks : 5
Recv timeout : 5
Backports : None
Scan Start Date : 2011/12/3 14:55
Scan duration : 750 sec



Description
This script displays, for each tested host, information about the scan itself:

- The version of the plugin set
- The type of plugin feed (HomeFeed or ProfessionalFeed)
- The version of the Nessus Engine
- The port scanner(s) used
- The port range scanned
- The date of the scan
- The duration of the scan
- The number of hosts scanned in parallel
- The number of checks done in parallel


Solution
n/a


Risk Factor
None


Plugin publication date: 2005/08/26
Plugin last modification date: 2011/09/21

Port dce-rpc (49874/tcp)

Plugin ID: 10736

DCE Services Enumeration


Synopsis
A DCE/RPC service is running on the remote host.

List of Hosts

192.168.2.223

Plugin Output

The following DCERPC services are available on TCP port 49874 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Remote RPC service
TCP Port : 49874
IP : 192.168.2.223

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Remote RPC service
TCP Port : 49874
IP : 192.168.2.223

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Remote RPC service
TCP Port : 49874
IP : 192.168.2.223



Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.


Solution
N/A


Risk Factor
None


Plugin publication date: 2001/08/26
Plugin last modification date: 2011/03/04

Port dce-rpc (49156/tcp)

Plugin ID: 10736

DCE Services Enumeration


Synopsis
A DCE/RPC service is running on the remote host.

List of Hosts

192.168.2.223

Plugin Output

The following DCERPC services are available on TCP port 49156 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49156
IP : 192.168.2.223


192.168.2.193

Plugin Output

The following DCERPC services are available on TCP port 49156 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49156
IP : 192.168.2.193



Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.


Solution
N/A


Risk Factor
None


Plugin publication date: 2001/08/26
Plugin last modification date: 2011/03/04

Port dce-rpc (49155/tcp)

Plugin ID: 10736

DCE Services Enumeration


Synopsis
A DCE/RPC service is running on the remote host.

List of Hosts

192.168.2.223

Plugin Output

The following DCERPC services are available on TCP port 49155 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.223


192.168.2.193

Plugin Output

The following DCERPC services are available on TCP port 49155 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
TCP Port : 49155
IP : 192.168.2.193



Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.


Solution
N/A


Risk Factor
None


Plugin publication date: 2001/08/26
Plugin last modification date: 2011/03/04

Port dce-rpc (49154/tcp)

Plugin ID: 10736

DCE Services Enumeration


Synopsis
A DCE/RPC service is running on the remote host.

List of Hosts

192.168.2.223

Plugin Output

The following DCERPC services are available on TCP port 49154 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.2.223

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.2.223

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.2.223


192.168.2.193

Plugin Output

The following DCERPC services are available on TCP port 49154 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.2.193

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
TCP Port : 49154
IP : 192.168.2.193



Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.


Solution
N/A


Risk Factor
None


Plugin publication date: 2001/08/26
Plugin last modification date: 2011/03/04

Port dce-rpc (49153/tcp)

Plugin ID: 10736

DCE Services Enumeration


Synopsis
A DCE/RPC service is running on the remote host.

List of Hosts

192.168.2.223

Plugin Output

The following DCERPC services are available on TCP port 49153 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.223

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.223

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.223

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.223

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.223


192.168.2.193

Plugin Output

The following DCERPC services are available on TCP port 49153 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.193

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.193

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.193

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.193

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
TCP Port : 49153
IP : 192.168.2.193



Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.


Solution
N/A


Risk Factor
None


Plugin publication date: 2001/08/26
Plugin last modification date: 2011/03/04

Port dce-rpc (49152/tcp)

Plugin ID: 10736

DCE Services Enumeration


Synopsis
A DCE/RPC service is running on the remote host.

List of Hosts

192.168.2.223

Plugin Output

The following DCERPC services are available on TCP port 49152 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49152
IP : 192.168.2.223


192.168.2.193

Plugin Output

The following DCERPC services are available on TCP port 49152 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49152
IP : 192.168.2.193



Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.


Solution
N/A


Risk Factor
None


Plugin publication date: 2001/08/26
Plugin last modification date: 2011/03/04

Port cifs (445/tcp)

Plugin ID: 10736

DCE Services Enumeration


Synopsis
A DCE/RPC service is running on the remote host.

List of Hosts

192.168.2.223

Plugin Output

The following DCERPC services are available remotely :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\TRINITY

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Remote RPC service
Named pipe : \pipe\spoolss
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Remote RPC service
Named pipe : \pipe\spoolss
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Remote RPC service
Named pipe : \pipe\spoolss
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\trkwks
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Remote RPC service
Named pipe : \PIPE\W32TIME_ALT
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\TRINITY

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\TRINITY


192.168.2.193

Plugin Output

The following DCERPC services are available remotely :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\WIN7-64

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\trkwks
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \PIPE\protected_storage
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\browser
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\browser
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\browser
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\srvsvc
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Remote RPC service
Named pipe : \PIPE\browser
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7-64

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\WIN7-64



Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.


Solution
N/A


Risk Factor
None


Plugin publication date: 2001/08/26
Plugin last modification date: 2011/03/04

Port epmap (135/tcp)

Plugin ID: 10736

DCE Services Enumeration


Synopsis
A DCE/RPC service is running on the remote host.

List of Hosts

192.168.2.223

Plugin Output

The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0B0740

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0B0740

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-7df8ce1861e301b786

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc0C0371

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0C0371

Object UUID : f0d5658b-1b1e-11e1-8ae8-db5f63012137
UUID : f1ec59ab-4ca9-4c30-b2d0-54ef1db441b7, version 1.0
Description : Unknown RPC service
Annotation : Isolation Communication Endpoint
Type : Local RPC service
Named pipe : LRPC-a11b3d3eec51332be0

Object UUID : 4ee3bdf9-1b1a-11e1-8ae8-db5f63012137
UUID : f1ec59ab-4ca9-4c30-b2d0-54ef1db441b7, version 1.0
Description : Unknown RPC service
Annotation : Isolation Communication Endpoint
Type : Local RPC service
Named pipe : LRPC-3df5557cd43b0947bf

Object UUID : 0e71c89d-1b19-11e1-8ae8-db5f63012137
UUID : f1ec59ab-4ca9-4c30-b2d0-54ef1db441b7, version 1.0
Description : Unknown RPC service
Annotation : Isolation Communication Endpoint
Type : Local RPC service
Named pipe : LRPC-3bd5d01798b4caf50c

Object UUID : 3b07f546-1b15-11e1-8ae8-db5f63012137
UUID : f1ec59ab-4ca9-4c30-b2d0-54ef1db441b7, version 1.0
Description : Unknown RPC service
Annotation : Isolation Communication Endpoint
Type : Local RPC service
Named pipe : LRPC-1eb4bf9f9bf3b7f466

Object UUID : f482b5bf-1b14-11e1-8ae8-db5f63012137
UUID : f1ec59ab-4ca9-4c30-b2d0-54ef1db441b7, version 1.0
Description : Unknown RPC service
Annotation : Isolation Communication Endpoint
Type : Local RPC service
Named pipe : LRPC-ba142dfe3a8c03a8e7

Object UUID : d3f4f36a-1b14-11e1-8ae8-db5f63012137
UUID : f1ec59ab-4ca9-4c30-b2d0-54ef1db441b7, version 1.0
Description : Unknown RPC service
Annotation : Isolation Communication Endpoint
Type : Local RPC service
Named pipe : LRPC-772b88d46cc6114230

Object UUID : d3f4f369-1b14-11e1-8ae8-db5f63012137
UUID : f1ec59ab-4ca9-4c30-b2d0-54ef1db441b7, version 1.0
Description : Unknown RPC service
Annotation : Isolation Communication Endpoint
Type : Local RPC service
Named pipe : OLE3A09E503CB8E418D839A0FAE8455

Object UUID : d3f4f369-1b14-11e1-8ae8-db5f63012137
UUID : f1ec59ab-4ca9-4c30-b2d0-54ef1db441b7, version 1.0
Description : Unknown RPC service
Annotation : Isolation Communication Endpoint
Type : Local RPC service
Named pipe : LRPC-023bf481d470c17b59

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8174bb16-571b-4c38-8386-1102b449044a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-03f0067da46a3f5ec7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a2d47257-12f7-4beb-8981-0ebfa935c407, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-03f0067da46a3f5ec7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3f31c91e-2545-4b7b-9311-9529e8bffef6, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-03f0067da46a3f5ec7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service
Windows process : unknow
Type : Local RPC service
Named pipe : LRPC-b7c0cd4721cc18f45a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c100beac-d33a-4a4b-bf23-bbef4663d017, version 1.0
Description : Unknown RPC service
Annotation : wcncsvc.transport
Type : Local RPC service
Named pipe : LRPC-b7c0cd4721cc18f45a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c100beac-d33a-4a4b-bf23-bbef4663d017, version 1.0
Description : Unknown RPC service
Annotation : wcncsvc.transport
Type : Local RPC service
Named pipe : OLE40F85631D0994BB49E7D8C04F150

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c100beac-d33a-4a4b-bf23-bbef4663d017, version 1.0
Description : Unknown RPC service
Annotation : wcncsvc.transport
Type : Local RPC service
Named pipe : wcncsvc.transport

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c100beab-d33a-4a4b-bf23-bbef4663d017, version 1.0
Description : Unknown RPC service
Annotation : wcncsvc.wcnprpc
Type : Local RPC service
Named pipe : LRPC-b7c0cd4721cc18f45a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c100beab-d33a-4a4b-bf23-bbef4663d017, version 1.0
Description : Unknown RPC service
Annotation : wcncsvc.wcnprpc
Type : Local RPC service
Named pipe : OLE40F85631D0994BB49E7D8C04F150

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c100beab-d33a-4a4b-bf23-bbef4663d017, version 1.0
Description : Unknown RPC service
Annotation : wcncsvc.wcnprpc
Type : Local RPC service
Named pipe : wcncsvc.transport

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c100beab-d33a-4a4b-bf23-bbef4663d017, version 1.0
Description : Unknown RPC service
Annotation : wcncsvc.wcnprpc
Type : Local RPC service
Named pipe : wcncsvc.wcnprpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-f8748a435fcec6a0c8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-f8748a435fcec6a0c8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-f8748a435fcec6a0c8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : OLE16817696912E4716BF208A5FE89E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Local RPC service
Named pipe : OLE16817696912E4716BF208A5FE89E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : OLE16817696912E4716BF208A5FE89E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 25952c5d-7976-4aa1-a3cb-c35f7ae79d1b, version 1.0
Description : Unknown RPC service
Annotation : Wireless Diagnostics
Type : Local RPC service
Named pipe : OLE48512720119E43F99F8471376352

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 25952c5d-7976-4aa1-a3cb-c35f7ae79d1b, version 1.0
Description : Unknown RPC service
Annotation : Wireless Diagnostics
Type : Local RPC service
Named pipe : LRPC-08b395f04a16dede89

Object UUID : 6e616c77-7673-0063-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE48512720119E43F99F8471376352

Object UUID : 6e616c77-7673-0063-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-08b395f04a16dede89

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 266f33b4-c7c1-4bd1-8f52-ddb8f2214ea9, version 1.0
Description : Unknown RPC service
Annotation : Wlan Service
Type : Local RPC service
Named pipe : OLE48512720119E43F99F8471376352

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 266f33b4-c7c1-4bd1-8f52-ddb8f2214ea9, version 1.0
Description : Unknown RPC service
Annotation : Wlan Service
Type : Local RPC service
Named pipe : LRPC-08b395f04a16dede89

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : OLE48512720119E43F99F8471376352

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-08b395f04a16dede89

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE48512720119E43F99F8471376352

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-08b395f04a16dede89

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : trkwks

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LRPC-49e7af6a7f3f1bb8b9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-49e7af6a7f3f1bb8b9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : OLE26D5B52323AC447BBAE220C90551

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-cb405e40e847949fcc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLE26D5B52323AC447BBAE220C90551

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-cb405e40e847949fcc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : W32TIME_ALT

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLEEAB4BBE600EF4086B1808C94C5B8

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEEAB4BBE600EF4086B1808C94C5B8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEEAB4BBE600EF4086B1808C94C5B8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLEEAB4BBE600EF4086B1808C94C5B8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEEAB4BBE600EF4086B1808C94C5B8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : OLEEAB4BBE600EF4086B1808C94C5B8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : OLEEAB4BBE600EF4086B1808C94C5B8

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : AudioClientRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : Audiosrv

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : OLEA6820AB043E449EE8869C59D36C1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : AudioClientRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : Audiosrv

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : OLEA6820AB043E449EE8869C59D36C1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : AudioClientRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : Audiosrv

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : OLEA6820AB043E449EE8869C59D36C1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : AudioClientRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : Audiosrv

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : OLEA6820AB043E449EE8869C59D36C1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : dhcpcsvc


192.168.2.193

Plugin Output

The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc05F340

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc05F340

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-40aacb0c66a36d17d2

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000001
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc061AD1

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc061AD1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service
Windows process : unknow
Type : Local RPC service
Named pipe : LRPC-326fd53a4d3507de30

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8174bb16-571b-4c38-8386-1102b449044a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ab00a450403a0df208

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a2d47257-12f7-4beb-8981-0ebfa935c407, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ab00a450403a0df208

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3f31c91e-2545-4b7b-9311-9529e8bffef6, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ab00a450403a0df208

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : OLE26A7B2D67CB24E27BA6EB5A5BCC9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-79ce2df4d9a78dd8ae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE26A7B2D67CB24E27BA6EB5A5BCC9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-79ce2df4d9a78dd8ae

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : trkwks

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-0b38339698048a9e96

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-0b38339698048a9e96

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-0b38339698048a9e96

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Annotation : Spooler base remote object endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Annotation : Spooler function endpoint
Type : Local RPC service
Named pipe : spoolss

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-b4f8505480a27e5796

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LRPC-b4f8505480a27e5796

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 1.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : OLE94A7D19B3D614428A6032DE1D884

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-4b3e250bdd1b9ec71c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : OLE94A7D19B3D614428A6032DE1D884

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-4b3e250bdd1b9ec71c

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : OLE084FDC65250547A0A958E057176D

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : senssvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : AudioClientRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : Audiosrv

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : AudioClientRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : Audiosrv

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : AudioClientRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : Audiosrv

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : OLE310D9BEE2EF54A5FA43F101043EB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : eventlog

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : AudioClientRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : Audiosrv

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : OLE310D9BEE2EF54A5FA43F101043EB



Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper
PIPE) it was possible to enumerate the Distributed Computing Environment
(DCE) services running on the remote port.
Using this information it is possible to connect and bind to
each service by sending an RPC request to the remote port/pipe.


Solution
N/A


Risk Factor
None


Plugin publication date: 2001/08/26
Plugin last modification date: 2011/03/04

Port www (8834/tcp)

Plugin ID: 10386

Web Server No 404 Error Code Check


Synopsis
The remote web server does not return 404 error codes.

List of Hosts

192.168.2.223

Plugin Output
The following title tag will be used :
200 Unauthorized



Description
The remote web server is configured such that it does not return '404
Not Found' error codes when a nonexistent file is requested, perhaps
returning instead a site map, search page or authentication page.

Nessus has enabled some counter measures for this. However, they
might be insufficient. If a great number of security holes are
produced for this port, they might not all be accurate.


Solution
n/a


Risk Factor
None


Plugin publication date: 2000/04/28
Plugin last modification date: 2011/10/20

Port www (8834/tcp)

Plugin ID: 51192

SSL Certificate signed with an unknown Certificate Authority


Synopsis
The SSL certificate for this service is signed by an unknown certificate authority.

List of Hosts

192.168.2.223

Plugin Output
*** ERROR: Unknown root CA in the chain:
Organization: Nessus Users United
Organization Unit: Nessus Certification Authority
Locality: New York
Country: US
State/Province: NY
Common Name: Nessus Certification Authority



Certificate chain:
|-Organization: Nessus Users United
|-Organization Unit: Nessus Certification Authority
|-Locality: New York
|-Country: US
|-State/Province: NY
|-Common Name: Nessus Certification Authority
|
|--Organization: Nessus Users United
|--Organization Unit: Nessus Server
|--Locality: New York
|--Country: US
|--State/Province: NY
|--Common Name: Trinity
|



Description
The X.509 certificate of the remote host is not signed by a known
public certificate authority. If the remote host is a public host in
production, this nullifies the use of SSL as anyone could establish a
man in the middle attack against the remote host.


Solution
Purchase or generate a proper certificate for this service.


Risk Factor
Medium/ CVSS Base Score: 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)


Plugin publication date: 2010/12/15
Plugin last modification date: 2011/11/28

Port nessus (1241/tcp)

Plugin ID: 51192

SSL Certificate signed with an unknown Certificate Authority


Synopsis
The SSL certificate for this service is signed by an unknown certificate authority.

List of Hosts

192.168.2.223

Plugin Output
*** ERROR: Unknown root CA in the chain:
Organization: Nessus Users United
Organization Unit: Nessus Certification Authority
Locality: New York
Country: US
State/Province: NY
Common Name: Nessus Certification Authority



Certificate chain:
|-Organization: Nessus Users United
|-Organization Unit: Nessus Certification Authority
|-Locality: New York
|-Country: US
|-State/Province: NY
|-Common Name: Nessus Certification Authority
|
|--Organization: Nessus Users United
|--Organization Unit: Nessus Server
|--Locality: New York
|--Country: US
|--State/Province: NY
|--Common Name: Trinity
|



Description
The X.509 certificate of the remote host is not signed by a known
public certificate authority. If the remote host is a public host in
production, this nullifies the use of SSL as anyone could establish a
man in the middle attack against the remote host.


Solution
Purchase or generate a proper certificate for this service.


Risk Factor
Medium/ CVSS Base Score: 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)


Plugin publication date: 2010/12/15
Plugin last modification date: 2011/11/28

Port (0/tcp)

Plugin ID: 25220

TCP/IP Timestamps Supported


Synopsis
The remote service implements TCP timestamps.

List of Hosts

192.168.2.194


Description
The remote host implements TCP timestamps, as defined by RFC1323. A
side effect of this feature is that the uptime of the remote host can
sometimes be computed.


Solution
n/a



Risk Factor
None


Plugin publication date: 2007/05/16
Plugin last modification date: 2011/03/20

Port cifs (445/tcp)

Plugin ID: 42411

Microsoft Windows SMB Shares Unprivileged Access


Synopsis
It is possible to access a network share.

List of Hosts

192.168.2.193

Plugin Output

The following shares can be accessed as Nessus :

- Users - (readable)
+ Content of this share :
..
Default
desktop.ini
Obi Wan
Public



Description
The remote has one or more Windows shares that can be accessed through
the network with the given credentials.

Depending on the share rights, it may allow an attacker to read/write
confidential data.


Solution
To restrict access under Windows, open Explorer, do a right click on
each share, go to the 'sharing' tab, and click on 'permissions'.


Risk Factor
High/ CVSS Base Score: 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score: 7.5(CVSS2#E:H/RL:U/RC:ND)



Bugtraq ID
8026


Other references
OSVDB:299


Vulnerability publication date: 1999/07/14
Plugin publication date: 2009/11/06
Plugin last modification date: 2011/03/27
Ease of exploitability: No exploit is required

Port nessus (1241/tcp)

Plugin ID: 50845

OpenSSL Detection


Synopsis
The remote service appears to use OpenSSL to encrypt traffic.

List of Hosts

192.168.2.223


Description
Based on its behavior, it seems that the remote service is using the
OpenSSL library to encrypt traffic.

Note that this plugin can only detect OpenSSL implementations that
have enabled support for TLS extensions (RFC 4366).


Solution
n/a



Risk Factor
None


Plugin publication date: 2010/11/30
Plugin last modification date: 2011/04/20

Port cifs (445/tcp)

Plugin ID: 10394

Microsoft Windows SMB Log In Possible


Synopsis
It is possible to log into the remote host.

List of Hosts

192.168.2.223

Plugin Output
- NULL sessions are enabled on the remote host
- The SMB tests will be done as 'Nessus'/'******'


192.168.2.194

Plugin Output
- NULL sessions are enabled on the remote host


192.168.2.193

Plugin Output
- NULL sessions are enabled on the remote host
- The SMB tests will be done as 'Nessus'/'******'



Description
The remote host is running Microsoft Windows operating
system or Samba, a CIFS/SMB server for Unix. It was
possible to log into it using one of the following
accounts :

- NULL session
- Guest account
- Given Credentials


Solution
n/a



Risk Factor
None


Vulnerability publication date: 1999/01/01
Plugin publication date: 2000/05/09
Plugin last modification date: 2011/09/15
Ease of exploitability: Exploits are available
Exploitable with: Metasploit (Microsoft Windows Authenticated User Code Execution)

Port (0/tcp)

Plugin ID: 10913

Microsoft Windows - Local Users Information : Disabled accounts


Synopsis
At least one local user account has been disabled.

List of Hosts

192.168.2.223

Plugin Output

The following local user accounts have been disabled :

- Administrator
- Guest


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.


192.168.2.193

Plugin Output

The following local user accounts have been disabled :

- Administrator
- Guest


Note that, in addition to the Administrator and Guest accounts, Nessus
has only checked for local users with UIDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for 'SMB use host SID to enumerate
local users' setting, and then re-run the scan.



Description
Using the supplied credentials, it is possible to list local user
accounts that have been disabled.


Solution
Delete accounts that are no longer needed.


Risk Factor
None


Other references
OSVDB:752


Vulnerability publication date: 1980/01/01
Plugin publication date: 2002/03/17
Plugin last modification date: 2011/03/21

Port nessus (1241/tcp)

Plugin ID: 10147

Nessus Server Detection


Synopsis
A Nessus daemon is listening on the remote port.

List of Hosts

192.168.2.223


Description
A Nessus daemon is listening on the remote port. It is not
recommended to let anyone connect to this port.

Also, make sure that the remote Nessus installation has been
authorized.


Solution
Filter incoming traffic to this port.


Risk Factor
None


Plugin publication date: 1999/10/12
Plugin last modification date: 2011/03/11

Port (0/icmp)

Plugin ID: 10114

ICMP Timestamp Request Remote Date Disclosure


Synopsis
It is possible to determine the exact time set on the remote host.

List of Hosts

192.168.2.195

Plugin Output
The difference between the local and remote clocks is -9 seconds.


192.168.2.194

Plugin Output
This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The remote clock is synchronized with the local clock.



Description
The remote host answers to an ICMP timestamp request. This allows an
attacker to know the date that is set on the targeted machine.

This may help an attacker to defeat all time-based authentication
protocols.


Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).


Risk Factor
None



Other references
OSVDB:94
CWE:200


Vulnerability publication date: 1995/01/01
Plugin publication date: 1999/08/01
Plugin last modification date: 2011/11/15

Port (0/udp)

Plugin ID: 10287

Traceroute Information


Synopsis
It was possible to obtain traceroute information.

List of Hosts

192.168.2.195

Plugin Output
For your information, here is the traceroute from 192.168.2.223 to 192.168.2.195 :
192.168.2.223
?
192.168.2.195


192.168.2.194

Plugin Output
For your information, here is the traceroute from 192.168.2.223 to 192.168.2.194 :
192.168.2.223
192.168.2.194


192.168.2.193

Plugin Output
For your information, here is the traceroute from 192.168.2.223 to 192.168.2.193 :
192.168.2.223
192.168.2.193



Description
Makes a traceroute to the remote host.


Solution
n/a


Risk Factor
None


Plugin publication date: 1999/11/27
Plugin last modification date: 2011/03/21

Port cifs (445/tcp)

Plugin ID: 10860

SMB Use Host SID to Enumerate Local Users


Synopsis
It is possible to enumerate local users.

List of Hosts

192.168.2.223

Plugin Output

- Administrator (id 500, Administrator account)
- Guest (id 501, Guest account)
- Tonio (id 1000)
- HomeUsers (id 1001)
- HomeGroupUser$ (id 1002)
- Nessus (id 1003)

Note that, in addition to the Administrator and Guest accounts, Nessus
has enumerated only those local users with IDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.


192.168.2.193

Plugin Output

- Administrator (id 500, Administrator account)
- Guest (id 501, Guest account)
- HomeUsers (id 1000)
- Obi Wan (id 1001)
- HomeGroupUser$ (id 1002)
- Nessus (id 1003)

Note that, in addition to the Administrator and Guest accounts, Nessus
has enumerated only those local users with IDs between 1000 and 1200.
To use a different range, edit the scan policy and change the 'Start
UID' and/or 'End UID' preferences for this plugin, then re-run the
scan.



Description
Using the host security identifier (SID), it is possible to enumerate local users
on the remote Windows system.


Solution
n/a


Risk Factor
None


Vulnerability publication date: 1998/04/28
Plugin publication date: 2002/02/13
Plugin last modification date: 2011/09/15
Ease of exploitability: Exploits are available

Port cifs (445/tcp)

Plugin ID: 44401

Microsoft Windows SMB Service Config Enumeration


Synopsis
It is possible to enumerate configuration parameters of remote services.

List of Hosts

192.168.2.223

Plugin Output

The following services are set to start automatically :

AMD External Events Utility startup parameters :
Display name : AMD External Events Utility
Service name : AMD External Events Utility
Log on as : LocalSystem
Executable path : C:\Windows\system32\atiesrxx.exe

AdobeARMservice startup parameters :
Display name : Adobe Acrobat Update Service
Service name : AdobeARMservice
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

AudioEndpointBuilder startup parameters :
Display name : Windows Audio Endpoint Builder
Service name : AudioEndpointBuilder
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/

AudioSrv startup parameters :
Display name : Windows Audio
Service name : AudioSrv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : AudioEndpointBuilder/RpcSs/MMCSS/

BFE startup parameters :
Display name : Base Filtering Engine
Service name : BFE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RpcSs/

CryptSvc startup parameters :
Display name : Cryptographic Services
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : RpcSs/

CscService startup parameters :
Display name : Offline Files
Service name : CscService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

Dhcp startup parameters :
Display name : DHCP Client
Service name : Dhcp
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : NSI/Tdx/Afd/

Dnscache startup parameters :
Display name : DNS Client
Service name : Dnscache
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : Tdx/nsi/

EventSystem startup parameters :
Display name : COM+ Event System
Service name : EventSystem
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : rpcss/

FontCache startup parameters :
Display name : Windows Font Cache Service
Service name : FontCache
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

Hamachi2Svc startup parameters :
Display name : LogMeIn Hamachi Tunneling Engine
Service name : Hamachi2Svc
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s

LanmanServer startup parameters :
Display name : Server
Service name : LanmanServer
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : SamSS/Srv/

LanmanWorkstation startup parameters :
Display name : Workstation
Service name : LanmanWorkstation
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : Bowser/MRxSmb10/MRxSmb20/NSI/

MMCSS startup parameters :
Display name : Multimedia Class Scheduler
Service name : MMCSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

McAfee SiteAdvisor Service startup parameters :
Display name : McAfee SiteAdvisor Service
Service name : McAfee SiteAdvisor Service
Log on as : LocalSystem
Executable path : c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

MpsSvc startup parameters :
Display name : Windows Firewall
Service name : MpsSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : mpsdrv/bfe/

Net Driver HPZ12 startup parameters :
Display name : Net Driver HPZ12
Service name : Net Driver HPZ12
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k HPZ12

NlaSvc startup parameters :
Display name : Network Location Awareness
Service name : NlaSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : NSI/RpcSs/TcpIp/

PcaSvc startup parameters :
Display name : Program Compatibility Assistant Service
Service name : PcaSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

Pharos Systems ComTaskMaster startup parameters :
Display name : Pharos Systems ComTaskMaster
Service name : Pharos Systems ComTaskMaster
Log on as : LocalSystem
Executable path : "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe"
Dependencies : EventLog/RPCSS/

PlugPlay startup parameters :
Display name : Plug and Play
Service name : PlugPlay
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

Pml Driver HPZ12 startup parameters :
Display name : Pml Driver HPZ12
Service name : Pml Driver HPZ12
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k HPZ12

Power startup parameters :
Display name : Power
Service name : Power
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch

ProfSvc startup parameters :
Display name : User Profile Service
Service name : ProfSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

SBSDWSCService startup parameters :
Display name : SBSD Security Center Service
Service name : SBSDWSCService
Log on as : LocalSystem
Executable path : C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
Dependencies : wscsvc/

SENS startup parameters :
Display name : System Event Notification Service
Service name : SENS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : EventSystem/

SamSs startup parameters :
Display name : Security Accounts Manager
Service name : SamSs
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RPCSS/

ShellHWDetection startup parameters :
Display name : Shell Hardware Detection
Service name : ShellHWDetection
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

SmcService startup parameters :
Display name : Symantec Management Client
Service name : SmcService
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe"
Dependencies : SENS/

Spooler startup parameters :
Display name : Print Spooler
Service name : Spooler
Log on as : LocalSystem
Executable path : C:\Windows\System32\spoolsv.exe
Dependencies : RPCSS/http/

Symantec AntiVirus startup parameters :
Display name : Symantec Endpoint Protection
Service name : Symantec AntiVirus
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe"
Dependencies : ccSetMgr/ccEvtMgr/

SysMain startup parameters :
Display name : Superfetch
Service name : SysMain
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : rpcss/fileinfo/

Tenable Nessus startup parameters :
Display name : Tenable Nessus
Service name : Tenable Nessus
Log on as : LocalSystem
Executable path : "C:\Program Files\Tenable\Nessus\nessus-service.exe"

Themes startup parameters :
Display name : Themes
Service name : Themes
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

TrkWks startup parameters :
Display name : Distributed Link Tracking Client
Service name : TrkWks
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

UxSms startup parameters :
Display name : Desktop Window Manager Session Manager
Service name : UxSms
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

WMPNetworkSvc startup parameters :
Display name : Windows Media Player Network Sharing Service
Service name : WMPNetworkSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Dependencies : http/

WSearch startup parameters :
Display name : Windows Search
Service name : WSearch
Log on as : LocalSystem
Executable path : C:\Windows\system32\SearchIndexer.exe /Embedding
Dependencies : RPCSS/

WinDefend startup parameters :
Display name : Windows Defender
Service name : WinDefend
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k secsvcs
Dependencies : RpcSs/

Winmgmt startup parameters :
Display name : Windows Management Instrumentation
Service name : Winmgmt
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RPCSS/

Wlansvc startup parameters :
Display name : WLAN AutoConfig
Service name : Wlansvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : nativewifip/RpcSs/Ndisuio/Eaphost/

ccEvtMgr startup parameters :
Display name : Symantec Event Manager
Service name : ccEvtMgr
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Dependencies : RPCSS/ccSetMgr/

ccSetMgr startup parameters :
Display name : Symantec Settings Manager
Service name : ccSetMgr
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Dependencies : RPCSS/

clr_optimization_v4.0.30319_32 startup parameters :
Display name : Microsoft .NET Framework NGEN v4.0.30319_X86
Service name : clr_optimization_v4.0.30319_32
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

clr_optimization_v4.0.30319_64 startup parameters :
Display name : Microsoft .NET Framework NGEN v4.0.30319_X64
Service name : clr_optimization_v4.0.30319_64
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

eventlog startup parameters :
Display name : Windows Event Log
Service name : eventlog
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

iphlpsvc startup parameters :
Display name : IP Helper
Service name : iphlpsvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs
Dependencies : RpcSS/Tdx/winmgmt/tcpip/nsi/

lmhosts startup parameters :
Display name : TCP/IP NetBIOS Helper
Service name : lmhosts
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : NetBT/Afd/

nsi startup parameters :
Display name : Network Store Interface Service
Service name : nsi
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : nsiproxy/

sppsvc startup parameters :
Display name : Software Protection
Service name : sppsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\sppsvc.exe
Dependencies : RpcSs/

stisvc startup parameters :
Display name : Windows Image Acquisition (WIA)
Service name : stisvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k imgsvc
Dependencies : RpcSs/ShellHWDetection/

wscsvc startup parameters :
Display name : Security Center
Service name : wscsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/WinMgmt/

wuauserv startup parameters :
Display name : Windows Update
Service name : wuauserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : rpcss/

wudfsvc startup parameters :
Display name : Windows Driver Foundation - User-mode Driver Framework
Service name : wudfsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/WudfPf/

The following services must be started manually :

ALG startup parameters :
Display name : Application Layer Gateway Service
Service name : ALG
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\alg.exe

AeLookupSvc startup parameters :
Display name : Application Experience
Service name : AeLookupSvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

AppIDSvc startup parameters :
Display name : Application Identity
Service name : AppIDSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : RpcSs/AppID/CryptSvc/

AppMgmt startup parameters :
Display name : Application Management
Service name : AppMgmt
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

Appinfo startup parameters :
Display name : Application Information
Service name : Appinfo
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/ProfSvc/

AxInstSV startup parameters :
Display name : ActiveX Installer (AxInstSV)
Service name : AxInstSV
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k AxInstSVGroup
Dependencies : rpcss/

BITS startup parameters :
Display name : Background Intelligent Transfer Service
Service name : BITS
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/EventSystem/

Browser startup parameters :
Display name : Computer Browser
Service name : Browser
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : LanmanWorkstation/LanmanServer/

COMSysApp startup parameters :
Display name : COM+ System Application
Service name : COMSysApp
Log on as : LocalSystem
Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Dependencies : RpcSs/EventSystem/SENS/

EapHost startup parameters :
Display name : Extensible Authentication Protocol
Service name : EapHost
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RPCSS/KeyIso/

FDResPub startup parameters :
Display name : Function Discovery Resource Publication
Service name : FDResPub
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : RpcSs/http/

Fax startup parameters :
Display name : Fax
Service name : Fax
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\fxssvc.exe
Dependencies : TapiSrv/RpcSs/PlugPlay/Spooler/

FontCache3.0.0.0 startup parameters :
Display name : Windows Presentation Foundation Font Cache 3.0.0.0
Service name : FontCache3.0.0.0
Log on as : NT Authority\LocalService
Executable path : C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

GoogleDesktopManager-051210-111108 startup parameters :
Display name : Google Desktop Manager 5.9.1005.12335
Service name : GoogleDesktopManager-051210-111108
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe"
Dependencies : RPCSS/

HomeGroupListener startup parameters :
Display name : HomeGroup Listener
Service name : HomeGroupListener
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : LanmanServer/

HomeGroupProvider startup parameters :
Display name : HomeGroup Provider
Service name : HomeGroupProvider
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : netprofm/fdrespub/fdphost/

IKEEXT startup parameters :
Display name : IKE and AuthIP IPsec Keying Modules
Service name : IKEEXT
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : BFE/

IPBusEnum startup parameters :
Display name : PnP-X IP Bus Enumerator
Service name : IPBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/fdPHost/

KeyIso startup parameters :
Display name : CNG Key Isolation
Service name : KeyIso
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

KtmRm startup parameters :
Display name : KtmRm for Distributed Transaction Coordinator
Service name : KtmRm
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Dependencies : RPCSS/SamSS/

LiveUpdate startup parameters :
Display name : LiveUpdate
Service name : LiveUpdate
Log on as : LocalSystem
Executable path : "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE"
Dependencies : RPCSS/

MSiSCSI startup parameters :
Display name : Microsoft iSCSI Initiator Service
Service name : MSiSCSI
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

Microsoft SharePoint Workspace Audit Service startup parameters :
Display name : Microsoft SharePoint Workspace Audit Service
Service name : Microsoft SharePoint Workspace Audit Service
Log on as : NT AUTHORITY\LocalService
Executable path : "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice

Netlogon startup parameters :
Display name : Netlogon
Service name : Netlogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : LanmanWorkstation/

Netman startup parameters :
Display name : Network Connections
Service name : Netman
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/nsi/

PNRPAutoReg startup parameters :
Display name : PNRP Machine Name Publication Service
Service name : PNRPAutoReg
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Dependencies : pnrpsvc/

PNRPsvc startup parameters :
Display name : Peer Name Resolution Protocol
Service name : PNRPsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Dependencies : p2pimsvc/

PeerDistSvc startup parameters :
Display name : BranchCache
Service name : PeerDistSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k PeerDist
Dependencies : http/

PerfHost startup parameters :
Display name : Performance Counter DLL Host
Service name : PerfHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\SysWow64\perfhost.exe
Dependencies : RPCSS/

PolicyAgent startup parameters :
Display name : IPsec Policy Agent
Service name : PolicyAgent
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Dependencies : Tcpip/bfe/

ProtectedStorage startup parameters :
Display name : Protected Storage
Service name : ProtectedStorage
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

QWAVE startup parameters :
Display name : Quality Windows Audio Video Experience
Service name : QWAVE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/

RasAuto startup parameters :
Display name : Remote Access Auto Connection Manager
Service name : RasAuto
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RasMan/TapiSrv/RasAcd/

RasMan startup parameters :
Display name : Remote Access Connection Manager
Service name : RasMan
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : Tapisrv/SstpSvc/

RemoteRegistry startup parameters :
Display name : Remote Registry
Service name : RemoteRegistry
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k regsvc
Dependencies : RPCSS/

RpcLocator startup parameters :
Display name : Remote Procedure Call (RPC) Locator
Service name : RpcLocator
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\locator.exe

SDRSVC startup parameters :
Display name : Windows Backup
Service name : SDRSVC
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k SDRSVC
Dependencies : RPCSS/

SNMPTRAP startup parameters :
Display name : SNMP Trap
Service name : SNMPTRAP
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\snmptrap.exe

SSDPSRV startup parameters :
Display name : SSDP Discovery
Service name : SSDPSRV
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : HTTP/

SensrSvc startup parameters :
Display name : Adaptive Brightness
Service name : SensrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

SessionEnv startup parameters :
Display name : Remote Desktop Configuration
Service name : SessionEnv
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RPCSS/LanmanWorkstation/

SstpSvc startup parameters :
Display name : Secure Socket Tunneling Protocol Service
Service name : SstpSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

Steam Client Service startup parameters :
Display name : Steam Client Service
Service name : Steam Client Service
Log on as : LocalSystem
Executable path : C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService

StorSvc startup parameters :
Display name : Storage Service
Service name : StorSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

TBS startup parameters :
Display name : TPM Base Services
Service name : TBS
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

THREADORDER startup parameters :
Display name : Thread Ordering Server
Service name : THREADORDER
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

TabletInputService startup parameters :
Display name : Tablet PC Input Service
Service name : TabletInputService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : PlugPlay/RpcSs/

TapiSrv startup parameters :
Display name : Telephony
Service name : TapiSrv
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : PlugPlay/RpcSs/

TermService startup parameters :
Display name : Remote Desktop Services
Service name : TermService
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RPCSS/TermDD/

UI0Detect startup parameters :
Display name : Interactive Services Detection
Service name : UI0Detect
Log on as : LocalSystem
Executable path : C:\Windows\system32\UI0Detect.exe

UmRdpService startup parameters :
Display name : Remote Desktop Services UserMode Port Redirector
Service name : UmRdpService
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : TermService/RDPDR/

VSS startup parameters :
Display name : Volume Shadow Copy
Service name : VSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\vssvc.exe
Dependencies : RPCSS/

VaultSvc startup parameters :
Display name : Credential Manager
Service name : VaultSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : rpcss/

W32Time startup parameters :
Display name : Windows Time
Service name : W32Time
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

WPCSvc startup parameters :
Display name : Parental Controls
Service name : WPCSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/

WPDBusEnum startup parameters :
Display name : Portable Device Enumerator Service
Service name : WPDBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

WbioSrvc startup parameters :
Display name : Windows Biometric Service
Service name : WbioSrvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k WbioSvcGroup
Dependencies : RpcSs/VaultSvc/WUDFSvc/

WcsPlugInService startup parameters :
Display name : Windows Color System
Service name : WcsPlugInService
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k wcssvc
Dependencies : RpcSs/

WebClient startup parameters :
Display name : WebClient
Service name : WebClient
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : MRxDAV/

Wecsvc startup parameters :
Display name : Windows Event Collector
Service name : Wecsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService
Dependencies : HTTP/Eventlog/

WerSvc startup parameters :
Display name : Windows Error Reporting Service
Service name : WerSvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup

WinHttpAutoProxySvc startup parameters :
Display name : WinHTTP Web Proxy Auto-Discovery Service
Service name : WinHttpAutoProxySvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : Dhcp/

WinRM startup parameters :
Display name : Windows Remote Management (WS-Management)
Service name : WinRM
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RPCSS/HTTP/

WwanSvc startup parameters :
Display name : WWAN AutoConfig
Service name : WwanSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Dependencies : PlugPlay/RpcSs/NdisUio/NlaSvc/

bthserv startup parameters :
Display name : Bluetooth Support Service
Service name : bthserv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k bthsvcs
Dependencies : RpcSs/

defragsvc startup parameters :
Display name : Disk Defragmenter
Service name : defragsvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k defragsvc
Dependencies : RPCSS/

dot3svc startup parameters :
Display name : Wired AutoConfig
Service name : dot3svc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/Ndisuio/Eaphost/

ehRecvr startup parameters :
Display name : Windows Media Center Receiver Service
Service name : ehRecvr
Log on as : NT AUTHORITY\networkService
Executable path : C:\Windows\ehome\ehRecvr.exe
Dependencies : RPCSS/

ehSched startup parameters :
Display name : Windows Media Center Scheduler Service
Service name : ehSched
Log on as : NT AUTHORITY\networkService
Executable path : C:\Windows\ehome\ehsched.exe
Dependencies : RPCSS/

fdPHost startup parameters :
Display name : Function Discovery Provider Host
Service name : fdPHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : RpcSs/http/

gusvc startup parameters :
Display name : Google Updater Service
Service name : gusvc
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
Dependencies : RPCSS/

hidserv startup parameters :
Display name : Human Interface Device Access
Service name : hidserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

hkmsvc startup parameters :
Display name : Health Key and Certificate Management
Service name : hkmsvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSs/

lltdsvc startup parameters :
Display name : Link-Layer Topology Discovery Mapper
Service name : lltdsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : rpcss/lltdio/

msiserver startup parameters :
Display name : Windows Installer
Service name : msiserver
Log on as : LocalSystem
Executable path : C:\Windows\system32\msiexec.exe /V
Dependencies : rpcss/

napagent startup parameters :
Display name : Network Access Protection Agent
Service name : napagent
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService
Dependencies : RpcSs/

netprofm startup parameters :
Display name : Network List Service
Service name : netprofm
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService
Dependencies : RpcSs/nlasvc/

ose startup parameters :
Display name : Office Source Engine
Service name : ose
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

osppsvc startup parameters :
Display name : Office Software Protection Platform
Service name : osppsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
Dependencies : RpcSs/

p2pimsvc startup parameters :
Display name : Peer Networking Identity Manager
Service name : p2pimsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServicePeerNet

p2psvc startup parameters :
Display name : Peer Networking Grouping
Service name : p2psvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Dependencies : p2pimsvc/PNRPSvc/

pla startup parameters :
Display name : Performance Logs & Alerts
Service name : pla
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
Dependencies : RPCSS/

rpcapd startup parameters :
Display name : Remote Packet Capture Protocol v.0 (experimental)
Service name : rpcapd
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini"

seclogon startup parameters :
Display name : Secondary Logon
Service name : seclogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs

sppuinotify startup parameters :
Display name : SPP Notification Service
Service name : sppuinotify
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
Dependencies : EventSystem/

swprv startup parameters :
Display name : Microsoft Software Shadow Copy Provider
Service name : swprv
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k swprv
Dependencies : RPCSS/

upnphost startup parameters :
Display name : UPnP Device Host
Service name : upnphost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : SSDPSRV/HTTP/

vds startup parameters :
Display name : Virtual Disk
Service name : vds
Log on as : LocalSystem
Executable path : C:\Windows\System32\vds.exe
Dependencies : RpcSs/PlugPlay/

wbengine startup parameters :
Display name : Block Level Backup Engine Service
Service name : wbengine
Log on as : localSystem
Executable path : "C:\Windows\system32\wbengine.exe"

wcncsvc startup parameters :
Display name : Windows Connect Now - Config Registrar
Service name : wcncsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : rpcss/

wercplsupport startup parameters :
Display name : Problem Reports and Solutions Control Panel Support
Service name : wercplsupport
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs

wmiApSrv startup parameters :
Display name : WMI Performance Adapter
Service name : wmiApSrv
Log on as : localSystem
Executable path : C:\Windows\system32\wbem\WmiApSrv.exe

The following services are disabled :

Mcx2Svc startup parameters :
Display name : Media Center Extender Service
Service name : Mcx2Svc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Dependencies : SSDPSRV/IPBusEnum/TermService/fdphost/

NetTcpPortSharing startup parameters :
Display name : Net.Tcp Port Sharing Service
Service name : NetTcpPortSharing
Log on as : NT AUTHORITY\LocalService
Executable path : "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"

RemoteAccess startup parameters :
Display name : Routing and Remote Access
Service name : RemoteAccess
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/

SNAC startup parameters :
Display name : Symantec Network Access Control
Service name : SNAC
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE"

SharedAccess startup parameters :
Display name : Internet Connection Sharing (ICS)
Service name : SharedAccess
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : Netman/WinMgmt/RasMan/BFE/

clr_optimization_v2.0.50727_32 startup parameters :
Display name : Microsoft .NET Framework NGEN v2.0.50727_X86
Service name : clr_optimization_v2.0.50727_32
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

clr_optimization_v2.0.50727_64 startup parameters :
Display name : Microsoft .NET Framework NGEN v2.0.50727_X64
Service name : clr_optimization_v2.0.50727_64
Log on as : LocalSystem
Executable path : C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe



Description
This plugin implements the QueryServiceConfig() calls to obtain,
using the SMB protocol, the launch parameters of each active service
on the remote host (executable path, log on type, etc).


Solution
Ensure that each service is configured properly.


Risk Factor
None


Plugin publication date: 2010/02/05
Plugin last modification date: 2011/03/04
192.168.2.223
Scan Time
Start time: Sat Dec 03 14:55:13 2011
End time: Sat Dec 03 14:57:08 2011
Number of vulnerabilities
High0
Medium2
Low55
Remote Host Information
Operating System:Windows 7 Professional
NetBIOS name:TRINITY
DNS name:Trinity.hsd1.ut.comcast.net.
IP address:192.168.2.223
MAC address:8c:a9:82:02:4e:2a
^Back
192.168.2.195
Scan Time
Start time: Sat Dec 03 14:55:13 2011
End time: Sat Dec 03 14:57:57 2011
Number of vulnerabilities
High0
Medium1
Low5
Remote Host Information
Operating System:Linux Kernel
IP address:192.168.2.195
MAC address:08:00:27:94:5b:26
^Back
192.168.2.194
Scan Time
Start time: Sat Dec 03 14:55:13 2011
End time: Sat Dec 03 14:58:02 2011
Number of vulnerabilities
High2
Medium1
Low17
Remote Host Information
Operating System:Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
NetBIOS name:WINXP
IP address:192.168.2.194
MAC address:08:00:27:8c:41:5f
^Back
192.168.2.193
Scan Time
Start time: Sat Dec 03 14:55:13 2011
End time: Sat Dec 03 15:07:47 2011
Number of vulnerabilities
High1
Medium0
Low32
Remote Host Information
Operating System:Windows 7 Professional
NetBIOS name:WIN7-64
DNS name:Win7-64
IP address:192.168.2.193
MAC address:08:00:27:87:22:91
^Back