论坛: 菜鸟乐园 标题: 怎么办 复制本贴地址    
作者: 飞天剑客 [wangsong]    论坛用户   登录
192.168.1.50 发现安全警告
主机摘要 - OS: Windows NT 5.0; PORT/TCP: 23, 135, 139, 445


[返回顶部]


主机分析: 192.168.1.50
主机地址 端口/服务 服务漏洞
192.168.1.50 telnet (23/tcp) 发现安全提示
192.168.1.50 netbios-ssn (139/tcp) 发现安全警告
192.168.1.50 epmap (135/tcp) 发现安全警告
192.168.1.50 microsoft-ds (445/tcp) 发现安全提示
192.168.1.50 cifs (445/tcp) 发现安全警告
192.168.1.50 smb (139/tcp) 发现安全提示
192.168.1.50 DCE/1ff70682-0a51-30e8-076d-740be8cee98b (1025/tcp) 发现安全提示
192.168.1.50 unknown (1026/udp) 发现安全提示
192.168.1.50 netbios-ns (137/udp) 发现安全警告



安全漏洞及解决方案: 192.168.1.50
类型 端口/服务 安全漏洞及解决方案
提示 telnet (23/tcp) A telnet server seems to be running on this port
NESSUS_ID : 10330

警告 netbios-ssn (139/tcp) [远程注册表信息]:
[ProductName]: Microsoft Windows 2000
[SOFTWARE\Microsoft\Windows NT\CurrentVersion]:
CurrentBuild: 1.511.1 () (Obsolete data - do not use)
InstallDate: D8 25 92 40
ProductName: Microsoft Windows 2000
RegDone:
RegisteredOrganization: HKZJZ
RegisteredOwner: Common
SoftwareType: SYSTEM
CurrentVersion: 5.0
CurrentBuildNumber: 2195
CurrentType: Uniprocessor Free
CSDVersion: Service Pack 4
SystemRoot: C:\WINNT
SourcePath: H:\I386
PathName: C:\WINNT
ProductId: 52273-005-6861993-09482
DigitalProductId: A4 00 00 00 03 00 00 00 35 32 32 37 33 2D 30 30 35 2D 36 38 36 31 39 39 33 2D 30 39 34 38 32 00 12 00 00 00 41 32 32 2D 30 30 30 30 31 00 00 00 00 00 00 00 6E 87 AD 00 DB 18 D9 52 65 FD F3 71 D4 6B 02 00 00 00 00 00 56 96 92 40 BC 17 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 34 32 30 30 00 00 00 00 00 00 00 3B 10 00 00 F3 AD 19 F4 80 00 00 00 9E 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DE FB 07 B8

[SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]:
AutoRestartShell: 01 00 00 00
DefaultDomainName: ZHJ
DefaultUserName: Administrator
LegalNoticeCaption:
LegalNoticeText:
PowerdownAfterShutdown: 0
ReportBootOk: 1
Shell: Explorer.exe
ShutdownWithoutLogon: 1
System:
Userinit: C:\WINNT\system32\userinit.exe,
VmApplet: rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota: FF FF FF FF
PreloadFontFile: simsun
allocatecdroms: 0
allocatedasd: 0
allocatefloppies: 0
cachedlogonscount: 10
passwordexpirywarning: 0E 00 00 00
scremoveoption: 0
AutoAdminLogon: 0
DebugServerCommand: no
SFCDisable: 00 00 00 00
ShowLogonOptions: 00 00 00 00
AltDefaultUserName: Administrator
AltDefaultDomainName: ZHJ

[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823980]:
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823980\File 1]:
Flags:
New File:
New Link Date:
Old Link Date:
Installed: 01 00 00 00
Comments: Windows 2000 修补程序 - KB823980
Backup Dir:
Fix Description: Windows 2000 修补程序 - KB823980
Installed By:
Installed On:
Service Pack: 05 00 00 00
Valid: 01 00 00 00
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\Q147222]:
Installed: 01 00 00 00

01 00 00 00


警告 netbios-ssn (139/tcp) [服务器信息 Level 101]:
主机名称: "192.168.1.50"
操作系统: Windows NT
系统版本: 5.0
注释:""
主机类型: WORKSTATION SERVER POTENTIAL_BROWSER MASTER_BROWSER


警告 netbios-ssn (139/tcp) [网络共享资源列表 Level 1]:
"E$": 磁盘 - [默认共享] (System)
"IPC$": 进程间通信(IPC$) - [远程 IPC] (System)
"D$": 磁盘 - [默认共享] (System)
"G$": 磁盘 - [默认共享] (System)
"F$": 磁盘 - [默认共享] (System)
"ADMIN$": 磁盘 - [远程管理] (System)
"C$": 磁盘 - [默认共享] (System)


警告 netbios-ssn (139/tcp) [网络用户列表 Level 20]:
Administrator(ID:0x000001f4) - [管理计算机(域)的内置帐户]
用户标记: 执行登录脚本 口令永不过期
帐户类型: 标准帐户
Guest(ID:0x000001f5) - [供来宾访问计算机或访问域的内置帐户]
用户标记: 执行登录脚本 帐号被禁止 允许空口令 禁止改变口令 口令永不过期
帐户类型: 标准帐户


警告 netbios-ssn (139/tcp) [网络用户列表 Level 3]:
Administrator - [管理计算机(域)的内置帐户]
口令使用时间: 24 Day 21 Hour 33 Minute 39 Sec.
帐户类型: 管理员(Administrator)
最后登录时间: GMT Tue May 25 06:58:54 2004
错口令次数: 21, 成功登录次数: 68
USER ID: 0x000001f4, GROUP ID: 0x00000201
Guest - [供来宾访问计算机或访问域的内置帐户]
口令使用时间: 16 Day 2 Hour 11 Minute 5 Sec.
帐户类型: 来访者(Guest)
错口令次数: 20, 成功登录次数: 0
USER ID: 0x000001f5, GROUP ID: 0x00000201


警告 netbios-ssn (139/tcp) [本地组列表 Level 1]:
Administrators - [管理员对计算机/域有不受限制的完全访问权]
ZHJ\Administrator - 用户帐号
Backup Operators - [备份操作员为了备份或还原文件可以替代安全限制]
Guests - [按默认值,来宾跟用户组的成员有同等访问权,但来宾帐户的限制更多]
ZHJ\Guest - 用户帐号
Power Users - [权限高的用户拥有最高的管理权限,但有限制。因此,权限高的用户可以运行经过证明的文件,也可以运行继承应用程序]
Replicator - [支持域中的文件复制]
Users - [用户无法进行有意或无意的改动。因此,用户可以运行经过证明的文件,但不能运行大多数继承应用程序]
NT AUTHORITY\INTERACTIVE - 知名组帐号
NT AUTHORITY\Authenticated Users - 知名组帐号


提示 netbios-ssn (139/tcp) Maybe the "netbios-ssn" service running on this port.

Here is its banner:
83 .
NESSUS_ID : 10330

警告 epmap (135/tcp)
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.

An attacker may use this fact to gain more knowledge
about the remote host.

Solution : filter incoming traffic to this port.
Risk factor : Low
NESSUS_ID : 10736

提示 epmap (135/tcp) Maybe the "epmap" service running on this port.

NESSUS_ID : 10330

提示 microsoft-ds (445/tcp) Maybe the "microsoft-ds" service running on this port.

NESSUS_ID : 10330

警告 cifs (445/tcp) The host Security Identifier (SID) can be obtained remotely. Its value is :

ZHJ : 5-21-1957994488-1682526488-839522115

An attacker can use it to obtain the list of the local users of this host
Solution : filter the ports 137-139 and 445
Risk factor : Low

CVE_ID : CVE-2000-1200
BUGTRAQ_ID : 959
NESSUS_ID : 10859

警告 cifs (445/tcp) The host SID could be used to enumerate the names of the local users
of this host.
(we only enumerated users name whose ID is between 1000 and 1200
for performance reasons)
This gives extra knowledge to an attacker, which
is not a good thing :
- Administrator account name : Administrator (id 500)
- Guest account name : Guest (id 501)

Risk factor : Medium
Solution : filter incoming connections this port

CVE_ID : CVE-2000-1200
BUGTRAQ_ID : 959
NESSUS_ID : 10860

警告 cifs (445/tcp) The following local accounts have never changed their password :

Administrator
Guest


To minimize the risk of break-in, users should
change their password regularly
NESSUS_ID : 10914

提示 cifs (445/tcp) A CIFS server is running on this port
NESSUS_ID : 11011

提示 cifs (445/tcp)
It was possible to log into the remote host using a NULL session.
The concept of a NULL session is to provide a null username and
a null password, which grants the user the 'guest' access

To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
Q246261 (Windows 2000).
Note that this won't completely disable null sessions, but will
prevent them from connecting to IPC$
Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html


All the smb tests will be done as ''/'' in domain WORKGROUP
CVE_ID : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, CAN-2002-1117
BUGTRAQ_ID : 494, 990
NESSUS_ID : 10394

提示 smb (139/tcp) An SMB server is running on this port
NESSUS_ID : 11011

提示 DCE/1ff70682-0a51-30e8-076d-740be8cee98b (1025/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.

An attacker may use this fact to gain more knowledge
about the remote host.


Here is the list of DCE services running on this port:

UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:192.168.1.50[1025]

UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:192.168.1.50[1025]



Solution : filter incoming traffic to this port.
Risk Factor : Low
NESSUS_ID : 10736

提示 unknown (1026/udp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.

An attacker may use this fact to gain more knowledge
about the remote host.


Here is the list of DCE services running on this port:

UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:192.168.1.50[1026]
Annotation: Messenger Service



Solution : filter incoming traffic to this port.
Risk Factor : Low
NESSUS_ID : 10736

警告 netbios-ns (137/udp) The following 8 NetBIOS names have been gathered :
ZHJ = This is the computer name registered for workstation services by a WINS client.
WORKGROUP = Workgroup / Domain name
ZHJ = Computer name
WORKGROUP = Workgroup / Domain name (part of the Browser elections)
ZHJ = This is the current logged in user registered for this workstation.
WORKGROUP
__MSBROWSE__
ADMINISTRATOR = This is the current logged in user registered for this workstation.
The remote host has the following MAC address on its adapter :
00:e0:4d:08:5b:e6

If you do not want to allow everyone to find the NetBios name
of your computer, you should filter incoming traffic to this port.

Risk factor : Medium
CVE_ID : CAN-1999-0621
NESSUS_ID : 10150




地主 发表时间: 04-05-25 18:02

论坛: 菜鸟乐园

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号