vuneravel?

1. vuneravel?

cdsvcgwqghfqw
linuxnoob123

(usa Kali)

Enviado em 23/03/2021 - 14:47h

Starting Nmap 7.70 ( https://nmap.org ) at 2021-03-23 17:01 UTC
Pre-scan script results:
| broadcast-avahi-dos:
| Discovered hosts:
| 224.0.0.251
| After NULL UDP avahi packet DoS (CVE-2011-1002).
|_ Hosts are all up (not vulnerable).
Nmap scan report for
Host is up (0.15s latency).
rDNS record for : br598-ip03.hostgator.com.br
Not shown: 984 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Pure-FTPd
| ssl-dh-params:
| VULNERABLE:
| Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
| State: VULNERABLE
| Transport Layer Security (TLS) services that use anonymous
| Diffie-Hellman key exchange only provide protection against passive
| eavesdropping, and are vulnerable to active man-in-the-middle attacks
| which could completely compromise the confidentiality and integrity
| of any data exchanged over the resulting session.
| Check results:
| ANONYMOUS DH GROUP 1
| Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
| Modulus Type: Safe prime
| Modulus Source: Unknown/Custom-generated
| Modulus Length: 3072
| Generator Length: 8
| Public Key Length: 3072



  


2. Re: vuneravel?

Carlos A. P. Cunha
Carlos_Cunha

(usa Linux Mint)

Enviado em 23/03/2021 - 16:07h

Se ajude e nós ajude a entender o que vc quer de fato....

#-------------------------------------------------------------------------------------#
"Falar é fácil, me mostre o código." - Linus Torvalds
#-------------------------------------------------------------------------------------#



3. Re: vuneravel?

Marcelo Oliver
msoliver

(usa Debian)

Enviado em 23/03/2021 - 16:47h


linuxnoob123 escreveu:

Starting Nmap 7.70 ( https://nmap.org ) at 2021-03-23 17:01 UTC
Pre-scan script results:
| broadcast-avahi-dos:
| Discovered hosts:
| 224.0.0.251
| After NULL UDP avahi packet DoS (CVE-2011-1002).
|_ Hosts are all up (not vulnerable).
Nmap scan report for
Host is up (0.15s latency).
rDNS record for : br598-ip03.hostgator.com.br
Not shown: 984 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Pure-FTPd
| ssl-dh-params:
| VULNERABLE:
| Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
| State: VULNERABLE
| Transport Layer Security (TLS) services that use anonymous
| Diffie-Hellman key exchange only provide protection against passive
| eavesdropping, and are vulnerable to active man-in-the-middle attacks
| which could completely compromise the confidentiality and integrity
| of any data exchanged over the resulting session.
| Check results:
| ANONYMOUS DH GROUP 1
| Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
| Modulus Type: Safe prime
| Modulus Source: Unknown/Custom-generated
| Modulus Length: 3072
| Generator Length: 8
| Public Key Length: 3072

Conselho:
Quer fazer M_R_DA, seja discreto.....
Já é a segunda postagem referente ao assunto.....
Lembre-se: Tudo o que faz na Internet, deixa rastro......


______________________________________________________________________
Att.: Marcelo Oliver
______________________________________________________________________




4. Re: vuneravel?

leandro peçanha scardua
leandropscardua

(usa Ubuntu)

Enviado em 23/03/2021 - 19:31h


Uma técnica comum é divulgar um endereço já comprometido de forma que outros acessos embaralhem os logs.


5. Re: vuneravel?

cdsvcgwqghfqw
linuxnoob123

(usa Kali)

Enviado em 23/03/2021 - 21:19h


msoliver escreveu:


linuxnoob123 escreveu:

Starting Nmap 7.70 ( https://nmap.org ) at 2021-03-23 17:01 UTC
Pre-scan script results:
| broadcast-avahi-dos:
| Discovered hosts:
| 224.0.0.251
| After NULL UDP avahi packet DoS (CVE-2011-1002).
|_ Hosts are all up (not vulnerable).
Nmap scan report for
Host is up (0.15s latency).
rDNS record for : br598-ip03.hostgator.com.br
Not shown: 984 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Pure-FTPd
| ssl-dh-params:
| VULNERABLE:
| Anonymous Diffie-Hellman Key Exchange MitM Vulnerability
| State: VULNERABLE
| Transport Layer Security (TLS) services that use anonymous
| Diffie-Hellman key exchange only provide protection against passive
| eavesdropping, and are vulnerable to active man-in-the-middle attacks
| which could completely compromise the confidentiality and integrity
| of any data exchanged over the resulting session.
| Check results:
| ANONYMOUS DH GROUP 1
| Cipher Suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
| Modulus Type: Safe prime
| Modulus Source: Unknown/Custom-generated
| Modulus Length: 3072
| Generator Length: 8
| Public Key Length: 3072

Conselho:
Quer fazer M_R_DA, seja discreto.....
Já é a segunda postagem referente ao assunto.....
Lembre-se: Tudo o que faz na Internet, deixa rastro......


______________________________________________________________________
Att.: Marcelo Oliver
______________________________________________________________________





nada haver mano, estou apenas tentando iniciar minha carreira, todos sabem que esses laboratorios e ctf, so entregam vunerabilidades totalmente fora da realidade de um pentest real, jamais vc chegaria em um pentest e acharia um sql injection por exemplo, acho que o intuito do forum e ajudar e nao criticar.