Download presentation
Presentation is loading. Please wait.
Published bySamson Booth Modified over 8 years ago
1
IT 463 – Scanning Assignment Shane Knisley Erik Bennett
2
Scanners Used X-Scan Retina Nessus GFI-LanGuard
3
Domain Scanned 129.138.6.1 - 129.138.6.255 CS Domain
4
Problems Finding a fifth scanner Most of the others are not supported anymore SARA, could not get the UNIX GUI to work, so could not run the SARA program. Attempted to obtain other scanners on scanners list but unsuccessful Scanning the wireless network first (As directed by CS department Systems Analyst). No success with Metasploit. GFI has limitation on number of computers. Got a KeyGen for Retina (finally) Network is dynamic, computer there today, not there tomorrow.
5
X-Scan 43 computers found 15 machines with reported vulnerabilities. 22 total vulnerabilities Most common Vulnerability was: snmp (161/udp) Password "public“ (11) #2 :tcp - MS Task Scheduler (13852) (2) The other 8 were specific to 1 machine each.
6
Nessus Scanned a day after X-scan 54 machines found. 13 Machines had 36 Warnings 4 Machines had 8 Holes Holes include: 1. missing patches (H) 2. epmap (135/udp) 11890 (L) 3. H: microsoft-ds (445/tcp) 12209, 11835, 19407, 18502 (L) 4. Radius (L)
7
Nessus Cont’d Warning: (36) Most Common snmp (161/udp) 10800, 10551, 10264 (5 machines) osu-nms (192/udp) 20345 (4 machines) ultima-online-game (5009/tcp), 11620 (4 machines) general/icmp 11197 (4 machines) commplex-main (5000/tcp) 11765 (3 machines)
8
GFI -LanGuard 25 Machines scanned due to limitation. 122 High Vulnerabilities 4 Medium Vulnerabilities 72 Low Vulnerabilities # 1 High Vulnerability is: POP3 server might be vulnerable to a remote buffer over flow exploit (21 machines) 129.138.6.27 & 129.138.6.86 had the highest severity with several backdoors.
9
LanGuard Continued
10
Retina 46 Vulnerable Machines found 208 Vulnerabilities 79 High Risk 57 Medium Risk 72 Low Risk
11
Retina Distribution
12
Metasploit Most Machines had Open Ports & Several services running, including telnet. We did get into a machine running FTP with no root password. Otherwise, NO SUCCESS AT ALL. Some had connections with machines. Did not get any payloads run.
13
Metasploit Examined scanner reports and SANS Top 20 descriptions Noted most common vulnerabilities and mapped to SANS Examined exploits and mapped to SANS vulnerabilities linked to common vulnerabilities Repeated for critical vulnerabilities
14
San Top 20 Did not find anything that mapped directly to the CVE numbers listed for the San’s Top 20
15
Conclusion Most common vulnerability had to due with snmp. Most critical were the backdoors found in on a couple of machines.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.