[OWASP-Malaysia] [KUIZ] Cari Kelemahan Sebuah Perisian Dari Hasil NMAP Ini

17 views
Skip to first unread message

Harisfazillah Jamel

unread,
Sep 23, 2011, 9:30:22 AM9/23/11
to Open Web Application Security Project (OWASP) Malaysia Local Chapter, owa...@groups.facebook.com
Cari Kelemahan Sebuah Perisian Dari Hasil NMAP Ini

Kuiz untuk hari ini.


:)


-----------

linuxmalaysia@linuxmalaysia-laptop:~$ sudo nmap -sS -sU -T4 -A -v -PE
-PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script all 127.0.0.1

Starting Nmap 5.00 ( http://nmap.org ) at 2011-09-23 20:53 MYT
NSE: Loaded 59 scripts for scanning.
Initiating SYN Stealth Scan at 20:53
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 25/tcp on 127.0.0.1
Discovered open port 80/tcp on 127.0.0.1
Discovered open port 53/tcp on 127.0.0.1
Discovered open port 3306/tcp on 127.0.0.1
Discovered open port 9050/tcp on 127.0.0.1
Discovered open port 5432/tcp on 127.0.0.1
Discovered open port 5902/tcp on 127.0.0.1
Discovered open port 5800/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
Completed SYN Stealth Scan at 20:53, 0.07s elapsed (1000 total ports)
Initiating UDP Scan at 20:53
Scanning localhost (127.0.0.1) [1000 ports]
Completed UDP Scan at 20:53, 1.24s elapsed (1000 total ports)
Initiating Service scan at 20:53
Scanning 13 services on localhost (127.0.0.1)
Discovered open port 53/udp on 127.0.0.1
Discovered open|filtered port 53/udp on localhost (127.0.0.1) is actually open
Completed Service scan at 20:54, 55.04s elapsed (13 services on 1 host)
Initiating OS detection (try #1) against localhost (127.0.0.1)
Retrying OS detection (try #2) against localhost (127.0.0.1)
Retrying OS detection (try #3) against localhost (127.0.0.1)
Retrying OS detection (try #4) against localhost (127.0.0.1)
Retrying OS detection (try #5) against localhost (127.0.0.1)
NSE: Script scanning 127.0.0.1.
NSE: Starting runlevel 1 scan
Initiating NSE at 20:54
Completed NSE at 20:54, 14.02s elapsed
NSE: Script Scanning completed.
Host localhost (127.0.0.1) is up (0.000075s latency).
Interesting ports on localhost (127.0.0.1):
Not shown: 1987 closed ports
PORT STATE SERVICE VERSION
25/tcp open smtp Postfix smtpd
|_ smtp-commands: EHLO linuxmalaysia-laptop, PIPELINING, SIZE
10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN
|_ banner: 220 linuxmalaysia-laptop ESMTP Postfix (Ubuntu)
|_ smtp-open-relay: OPEN RELAY found.
53/tcp open domain ISC BIND 9.7.0-P1
| dns-zone-transfer:
| localhost SOA localhost root.localhost
| localhost NS localhost
| localhost A 127.0.0.1
| localhost AAAAA
|_ localhost SOA localhost root.localhost
80/tcp open http Apache httpd 2.2.14 ((Ubuntu))
|_ html-title: Site doesn't have a title (text/html).
|_ http-iis-webdav-vuln: ERROR: This web server is not supported.
631/tcp open ipp CUPS 1.4
3306/tcp open mysql MySQL 5.1.41-3ubuntu12.10
| banner: A\x00\x00\x00\x0A5.1.41-3ubuntu12.10\x00#\x00\x00\x00KO/:ubjm\x
|_ 00\xFF\xF7\x08\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x...
| mysql-info: Protocol: 10
| Version: 5.1.41-3ubuntu12.10
| Thread ID: 36
| Some Capabilities: Long Passwords, Connect with DB, Compress, ODBC,
Transactions, Secure Connection
| Status: Autocommit
|_ Salt: OMpnYRnT9`Y{$96@|tOn
5432/tcp open postgresql PostgreSQL DB
5800/tcp open vnc iTALC
|_ banner: ISD 001.000
5902/tcp open vnc VNC (protocol 3.8)
|_ banner: RFB 003.008
9050/tcp open tor-socks Tor SOCKS Proxy
53/udp open domain ISC BIND 9.7.0-P1
|_ dns-recursion: Recursion appears to be enabled
|_ dns-random-srcport: 209.85.174.84 is GREAT: 6 queries in 4.6
seconds from 6 ports with std dev 4202
|_ dns-random-txid: 209.85.174.81 is GREAT: 25 queries in 12.6 seconds
from 25 txids with std dev 18176
68/udp open|filtered dhcpc
631/udp open|filtered ipp
5353/udp open|filtered zeroconf
No exact OS matches for host (If you know what OS is running on it,
see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.00%D=9/23%OT=25%CT=1%CU=2%PV=N%DS=0%G=Y%TM=4E7C8191%P=i686-pc-l
OS:inux-gnu)SEQ(SP=C5%GCD=1%ISR=CC%TI=Z%CI=Z%II=I%TS=8)OPS(O1=M400CST11NW6%
OS:O2=M400CST11NW6%O3=M400CNNT11NW6%O4=M400CST11NW6%O5=M400CST11NW6%O6=M400
OS:CST11)WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000)ECN(R=Y%DF=Y%T
OS:=40%W=8018%O=M400CNNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)
OS:T2(R=N)T3(R=Y%DF=Y%T=40%W=8000%S=O%A=S+%F=AS%O=M400CST11NW6%RD=0%Q=)T4(R
OS:=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=
OS:AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=
OS:40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID
OS:=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Uptime guess: 0.101 days (since Fri Sep 23 18:29:41 2011)
Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=197 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: linuxmalaysia-laptop

Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect
results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 82.64 seconds
Raw packets sent: 2099 (80.102KB) | Rcvd: 3220 (155.222KB)
_______________________________________________
OWASP-Malaysia mailing list
OWASP-M...@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-malaysia

OWASP Malaysia Wiki
http://www.owasp.my

OWASP Malaysia Facebook
http://www.facebook.com/OWASP.Malaysia

OWASP Malaysia Twitter #owaspmy
http://www.twitter.com/owaspmy

fenris

unread,
Sep 23, 2011, 10:59:39 AM9/23/11
to Open Web Application Security Project (OWASP) Malaysia LocalChapter, owa...@groups.facebook.com, Open Web Application Security Project (OWASP) Malaysia Local Chapter
Postfix - open relay?

Sent from my iPhone

Harisfazillah Jamel

unread,
Sep 23, 2011, 11:04:45 AM9/23/11
to Open Web Application Security Project (OWASP) Malaysia Local Chapter, owa...@groups.facebook.com
OK boleh terima. Ada lagi.

--
Malaysia Open Source Software Conference 2011
MOSC2011 http://www.mosc.my/

Malaysia Open Source Conference 2012 (MOSC2012)
http://portal.mosc.my/

LinuxMalaysia Network
http://www.facebook.com/Bukan.Sekadar.Internet.Sahaja

Harisfazillah Jamel

Shaiffulnizam Mohamad

unread,
Sep 23, 2011, 1:45:14 PM9/23/11
to Open Web Application Security Project (OWASP) Malaysia Local Chapter
Kenapa Salt utk Mysql dia tunjuk sekali bro?

Muzamir Mokhtar

unread,
Sep 26, 2011, 3:23:09 AM9/26/11
to owasp-m...@lists.owasp.org
Assalamualaikum WBT,

httpd vulnerable to DDoS. Setting AutoCommit dalam MySQL, takleh
rollback..ehehee..OPEN Relay Mail
.......

Muzamir bin Mokhtar,
http://muzzoshah.blogspot.com
http://muzzotechspot.blogspot.com


----- Message from linuxm...@gmail.com ---------
Date: Fri, 23 Sep 2011 21:30:22 +0800
From: Harisfazillah Jamel <linuxm...@gmail.com>
Reply-To: "Open Web Application Security Project (OWASP) Malaysia
Local Chapter" <owasp-m...@lists.owasp.org>
Subject: [OWASP-Malaysia] [KUIZ] Cari Kelemahan Sebuah Perisian Dari
Hasil NMAP Ini
To: "Open Web Application Security Project (OWASP) Malaysia
Local Chapter" <owasp-m...@lists.owasp.org>
Cc: owa...@groups.facebook.com

> --
> This message has been scanned for viruses and dangerous content by
> MySpamGuard State Government of Pahang, Malaysia and is believed to
> be clean.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>


----- End message from linuxm...@gmail.com -----

----------------------------------------------------------------
DISCLAIMER:
This e-mail and the attachment is from State Government of Pahang,
Malaysia. It is intended solely for the person to whom they are
addressed and may be confidential and privileged. If you are not the
intended recipient, you are notified that disclosing, distributing,
copying or taking any action in reliance of the content of this
information is strictly prohibited. Please notify the sender
immediately if you have received this e-mail and delete it from your
system. The recipient should check the e-mail and any attachment for
the presence of viruses that could be transmitted via e-mail. Email
transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted, lost, destroyed,
incomplete or contain viruses. State Government of Pahang, Malaysia
accepts no liability for any errors or omissions in the contents of
this message which arises as a result of e-mail transmission.
Opinions, conclusions and other information in this e-mail that does
not relate to the official business of State Government of Pahang,
Malaysia shall be understood as neither given nor endorsed by State
Government of Pahang, Malaysia.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Harisfazillah Jamel

unread,
Sep 26, 2011, 3:33:01 AM9/26/11
to Open Web Application Security Project (OWASP) Malaysia Local Chapter
Salam

Hit the spots. :)

On Mon, Sep 26, 2011 at 3:23 PM, Muzamir Mokhtar <muz...@pahang.gov.my> wrote:
> Assalamualaikum WBT,
>
> httpd vulnerable to DDoS. Setting AutoCommit dalam MySQL, takleh
> rollback..ehehee..OPEN Relay Mail
> .......
>
> Muzamir bin Mokhtar,
> http://muzzoshah.blogspot.com
> http://muzzotechspot.blogspot.com
>
>
> ----- Message from linuxm...@gmail.com ---------
>     Date: Fri, 23 Sep 2011 21:30:22 +0800
>     From: Harisfazillah Jamel <linuxm...@gmail.com>
> Reply-To: "Open Web Application Security Project (OWASP) Malaysia
> Local Chapter" <owasp-m...@lists.owasp.org>
>  Subject: [OWASP-Malaysia] [KUIZ] Cari Kelemahan Sebuah Perisian Dari
> Hasil NMAP Ini
>       To: "Open Web Application Security Project (OWASP) Malaysia
> Local Chapter" <owasp-m...@lists.owasp.org>
>       Cc: owa...@groups.facebook.com
>
>
>> Cari Kelemahan Sebuah Perisian Dari Hasil NMAP Ini
>>
>> Kuiz untuk hari ini.
>>
>>
>> :)
>>
>

Reply all
Reply to author
Forward
0 new messages