|
 | 作者: wangsong [wangsong]
 论坛用户 |
登录 |
| 192.168.1.50 发现安全警告 主机摘要 - OS: Windows NT 5.0; PORT/TCP: 23, 135, 139, 445 [返回顶部] 主机分析: 192.168.1.50 主机地址 端口/服务 服务漏洞 192.168.1.50 telnet (23/tcp) 发现安全提示 192.168.1.50 netbios-ssn (139/tcp) 发现安全警告 192.168.1.50 epmap (135/tcp) 发现安全警告 192.168.1.50 microsoft-ds (445/tcp) 发现安全提示 192.168.1.50 cifs (445/tcp) 发现安全警告 192.168.1.50 smb (139/tcp) 发现安全提示 192.168.1.50 DCE/1ff70682-0a51-30e8-076d-740be8cee98b (1025/tcp) 发现安全提示 192.168.1.50 unknown (1026/udp) 发现安全提示 192.168.1.50 netbios-ns (137/udp) 发现安全警告 安全漏洞及解决方案: 192.168.1.50 类型 端口/服务 安全漏洞及解决方案 提示 telnet (23/tcp) A telnet server seems to be running on this port NESSUS_ID : 10330 警告 netbios-ssn (139/tcp) [远程注册表信息]: [ProductName]: Microsoft Windows 2000 [SOFTWARE\Microsoft\Windows NT\CurrentVersion]: CurrentBuild: 1.511.1 () (Obsolete data - do not use) InstallDate: D8 25 92 40 ProductName: Microsoft Windows 2000 RegDone: RegisteredOrganization: HKZJZ RegisteredOwner: Common SoftwareType: SYSTEM CurrentVersion: 5.0 CurrentBuildNumber: 2195 CurrentType: Uniprocessor Free CSDVersion: Service Pack 4 SystemRoot: C:\WINNT SourcePath: H:\I386 PathName: C:\WINNT ProductId: 52273-005-6861993-09482 DigitalProductId: A4 00 00 00 03 00 00 00 35 32 32 37 33 2D 30 30 35 2D 36 38 36 31 39 39 33 2D 30 39 34 38 32 00 12 00 00 00 41 32 32 2D 30 30 30 30 31 00 00 00 00 00 00 00 6E 87 AD 00 DB 18 D9 52 65 FD F3 71 D4 6B 02 00 00 00 00 00 56 96 92 40 BC 17 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 34 32 30 30 00 00 00 00 00 00 00 3B 10 00 00 F3 AD 19 F4 80 00 00 00 9E 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DE FB 07 B8 [SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]: AutoRestartShell: 01 00 00 00 DefaultDomainName: ZHJ DefaultUserName: Administrator LegalNoticeCaption: LegalNoticeText: PowerdownAfterShutdown: 0 ReportBootOk: 1 Shell: Explorer.exe ShutdownWithoutLogon: 1 System: Userinit: C:\WINNT\system32\userinit.exe, VmApplet: rundll32 shell32,Control_RunDLL "sysdm.cpl" SfcQuota: FF FF FF FF PreloadFontFile: simsun allocatecdroms: 0 allocatedasd: 0 allocatefloppies: 0 cachedlogonscount: 10 passwordexpirywarning: 0E 00 00 00 scremoveoption: 0 AutoAdminLogon: 0 DebugServerCommand: no SFCDisable: 00 00 00 00 ShowLogonOptions: 00 00 00 00 AltDefaultUserName: Administrator AltDefaultDomainName: ZHJ [SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix]: [SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823980]: [SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823980\File 1]: Flags: New File: New Link Date: Old Link Date: Installed: 01 00 00 00 Comments: Windows 2000 修补程序 - KB823980 Backup Dir: Fix Description: Windows 2000 修补程序 - KB823980 Installed By: Installed On: Service Pack: 05 00 00 00 Valid: 01 00 00 00 [SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q147222]: Installed: 01 00 00 00 01 00 00 00 警告 netbios-ssn (139/tcp) [服务器信息 Level 101]: 主机名称: "192.168.1.50" 操作系统: Windows NT 系统版本: 5.0 注释:"" 主机类型: WORKSTATION SERVER POTENTIAL_BROWSER MASTER_BROWSER 警告 netbios-ssn (139/tcp) [网络共享资源列表 Level 1]: "E$": 磁盘 - [默认共享] (System) "IPC$": 进程间通信(IPC$) - [远程 IPC] (System) "D$": 磁盘 - [默认共享] (System) "G$": 磁盘 - [默认共享] (System) "F$": 磁盘 - [默认共享] (System) "ADMIN$": 磁盘 - [远程管理] (System) "C$": 磁盘 - [默认共享] (System) 警告 netbios-ssn (139/tcp) [网络用户列表 Level 20]: Administrator(ID:0x000001f4) - [管理计算机(域)的内置帐户] 用户标记: 执行登录脚本 口令永不过期 帐户类型: 标准帐户 Guest(ID:0x000001f5) - [供来宾访问计算机或访问域的内置帐户] 用户标记: 执行登录脚本 帐号被禁止 允许空口令 禁止改变口令 口令永不过期 帐户类型: 标准帐户 警告 netbios-ssn (139/tcp) [网络用户列表 Level 3]: Administrator - [管理计算机(域)的内置帐户] 口令使用时间: 24 Day 21 Hour 33 Minute 39 Sec. 帐户类型: 管理员(Administrator) 最后登录时间: GMT Tue May 25 06:58:54 2004 错口令次数: 21, 成功登录次数: 68 USER ID: 0x000001f4, GROUP ID: 0x00000201 Guest - [供来宾访问计算机或访问域的内置帐户] 口令使用时间: 16 Day 2 Hour 11 Minute 5 Sec. 帐户类型: 来访者(Guest) 错口令次数: 20, 成功登录次数: 0 USER ID: 0x000001f5, GROUP ID: 0x00000201 警告 netbios-ssn (139/tcp) [本地组列表 Level 1]: Administrators - [管理员对计算机/域有不受限制的完全访问权] ZHJ\Administrator - 用户帐号 Backup Operators - [备份操作员为了备份或还原文件可以替代安全限制] Guests - [按默认值,来宾跟用户组的成员有同等访问权,但来宾帐户的限制更多] ZHJ\Guest - 用户帐号 Power Users - [权限高的用户拥有最高的管理权限,但有限制。因此,权限高的用户可以运行经过证明的文件,也可以运行继承应用程序] Replicator - [支持域中的文件复制] Users - [用户无法进行有意或无意的改动。因此,用户可以运行经过证明的文件,但不能运行大多数继承应用程序] NT AUTHORITY\INTERACTIVE - 知名组帐号 NT AUTHORITY\Authenticated Users - 知名组帐号 提示 netbios-ssn (139/tcp) Maybe the "netbios-ssn" service running on this port. Here is its banner: 83 . NESSUS_ID : 10330 警告 epmap (135/tcp) Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Solution : filter incoming traffic to this port. Risk factor : Low NESSUS_ID : 10736 提示 epmap (135/tcp) Maybe the "epmap" service running on this port. NESSUS_ID : 10330 提示 microsoft-ds (445/tcp) Maybe the "microsoft-ds" service running on this port. NESSUS_ID : 10330 警告 cifs (445/tcp) The host Security Identifier (SID) can be obtained remotely. Its value is : ZHJ : 5-21-1957994488-1682526488-839522115 An attacker can use it to obtain the list of the local users of this host Solution : filter the ports 137-139 and 445 Risk factor : Low CVE_ID : CVE-2000-1200 BUGTRAQ_ID : 959 NESSUS_ID : 10859 警告 cifs (445/tcp) The host SID could be used to enumerate the names of the local users of this host. (we only enumerated users name whose ID is between 1000 and 1200 for performance reasons) This gives extra knowledge to an attacker, which is not a good thing : - Administrator account name : Administrator (id 500) - Guest account name : Guest (id 501) Risk factor : Medium Solution : filter incoming connections this port CVE_ID : CVE-2000-1200 BUGTRAQ_ID : 959 NESSUS_ID : 10860 警告 cifs (445/tcp) The following local accounts have never changed their password : Administrator Guest To minimize the risk of break-in, users should change their password regularly NESSUS_ID : 10914 提示 cifs (445/tcp) A CIFS server is running on this port NESSUS_ID : 11011 提示 cifs (445/tcp) It was possible to log into the remote host using a NULL session. The concept of a NULL session is to provide a null username and a null password, which grants the user the 'guest' access To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and Q246261 (Windows 2000). Note that this won't completely disable null sessions, but will prevent them from connecting to IPC$ Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html All the smb tests will be done as ''/'' in domain WORKGROUP CVE_ID : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, CAN-2002-1117 BUGTRAQ_ID : 494, 990 NESSUS_ID : 10394 提示 smb (139/tcp) An SMB server is running on this port NESSUS_ID : 11011 提示 DCE/1ff70682-0a51-30e8-076d-740be8cee98b (1025/tcp) Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Here is the list of DCE services running on this port: UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1 Endpoint: ncacn_ip_tcp:192.168.1.50[1025] UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1 Endpoint: ncacn_ip_tcp:192.168.1.50[1025] Solution : filter incoming traffic to this port. Risk Factor : Low NESSUS_ID : 10736 提示 unknown (1026/udp) Distributed Computing Environment (DCE) services running on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries. An attacker may use this fact to gain more knowledge about the remote host. Here is the list of DCE services running on this port: UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1 Endpoint: ncadg_ip_udp:192.168.1.50[1026] Annotation: Messenger Service Solution : filter incoming traffic to this port. Risk Factor : Low NESSUS_ID : 10736 警告 netbios-ns (137/udp) The following 8 NetBIOS names have been gathered : ZHJ = This is the computer name registered for workstation services by a WINS client. WORKGROUP = Workgroup / Domain name ZHJ = Computer name WORKGROUP = Workgroup / Domain name (part of the Browser elections) ZHJ = This is the current logged in user registered for this workstation. WORKGROUP __MSBROWSE__ ADMINISTRATOR = This is the current logged in user registered for this workstation. The remote host has the following MAC address on its adapter : 00:e0:4d:08:5b:e6 If you do not want to allow everyone to find the NetBios name of your computer, you should filter incoming traffic to this port. Risk factor : Medium CVE_ID : CAN-1999-0621 NESSUS_ID : 10150 |
| 地主 发表时间: 04-05-25 18:02 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 菜鸟乐园 标题: 怎么办