Customize

malice reports with nessus scan

Discussion in 'Iran' started by Unregistered, Jun 23, 2009.

  1. hey guys, can't get into the horde right now
    --------------------------------------------------------------------------
    + Target IP: 80.191.69.16
    + Target Hostname: 80.191.69.16
    + Target Port: 80
    + Using IDS Evasion: Random URI encoding (non-UTF8)
    + Start Time: 2009-06-24 15:28:07
    ---------------------------------------------------------------------------
    + Server: Apache/2.2.3 (CentOS)
    + robots.txt retrieved but it does not contain any 'disallow' entries (which is odd).
    + No CGI Directories found (use '-C all' to force check all possible dirs)
    + Apache/2.2.3 appears to be outdated (current is at least Apache/2.2.11). Apache 1.3.41 and 2.0.63 are also current.
    + OSVDB-0: Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
    + OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean the server is vulnerable to XST.
    + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
    + OSVDB-0: Retrieved X-Powered-By header: PHP/5.1.6
    + OSVDB-0: ETag header found on server, inode: 61605040, size: 71, mtime: 0x384e9a00
    + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.



    Look at this: phpinfo()

    Here's one more:

    Nikto v2.10/2.10
    ---------------------------------------------------------------------------
    + Target IP: 80.191.69.16
    + Target Hostname: 80.191.69.16
    + Target Port: 80
    + Using IDS Evasion: Random URI encoding (non-UTF8)
    + Start Time: 2009-06-24 12:18:40
    ---------------------------------------------------------------------------
    + Server: Apache/2.2.3 (CentOS)
    + robots.txt retrieved but it does not contain any 'disallow' entries (which is odd).
    + Apache/2.2.3 appears to be outdated (current is at least Apache/2.2.11). Apache 1.3.41 and 2.0.63 are also current.
    + OSVDB-0: Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
    + OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean the server is vulnerable to XST.
    + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
    + OSVDB-0: Retrieved X-Powered-By header: PHP/5.1.6
    + OSVDB-0: ETag header found on server, inode: 61605040, size: 71, mtime: 0x384e9a00
    + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
    + 3580 items checked: 8 item(s) reported on remote host
    + End Time: 2009-06-24 14:54:56 (9376 seconds)
    mostly useless, but I don't have time to cuntpaste nice and clean


    What other files can we reveal?

    Once tor works for me I"ll see y'all tonight. Any word on *.doc *.pdf yet?

    nevar forget
    choose freedom
    /malice

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins