День добрый Nikto обнаружил кучу предположительных уязвимостей. Начал проверять их и похоже, что на самом деле их нет... насколько верить сканнеру Nikto? Возможно что-то неправильно делаю, может кто подскажет, как работать с Nikto? Ниже прилагаю уязвимости, найденные Nikto, Nmaр. Подскажите, пож, куда копать для получения надежного доступа meterpreter или доступа к базам данных? Spoiler: Порты Host is up (0.12s latency). Not shown: 732 filtered ports PORT STATE SERVICE VERSION 25/tcp open ssl/smtp? 53/tcp open domain? 80/tcp open http 81/tcp open ssl/hosts2-ns? 82/tcp open ssl/xfer? 83/tcp open ssl/mit-ml-dev? 84/tcp open ctf? 85/tcp open ssl/mit-ml-dev? 88/tcp open ssl/kerberos-sec? 89/tcp open su-mit-tg? 90/tcp open ssl/dnsix? 99/tcp open ssl/metagram? 389/tcp open ssl/ldap? 443/tcp open ssl/https 444/tcp open ssl/snpp? 445/tcp open ssl/microsoft-ds? 500/tcp open ssl/isakmp? 554/tcp open ssl/rtsp? 555/tcp open dsf? 587/tcp open ssl/submission? 631/tcp open ssl/ipp 636/tcp open ssl/ldapssl? 777/tcp open ssl/multiling-http? 800/tcp open mdbs_daemon? 801/tcp open device? 888/tcp open ssl/accessbuilder? 990/tcp open ssl/ftps? 995/tcp open ssl/pop3s? 999/tcp open ssl/garcon? 1000/tcp open ssl/cadlock? 1002/tcp open ssl/windows-icfw? 1024/tcp open kdm? 1025/tcp open ssl/NFS-or-IIS? 1080/tcp open ssl/socks? 1111/tcp open ssl/lmsocialserver? 1234/tcp open ssl/hotline? 1433/tcp open ms-sql-s? 1443/tcp open ssl/ies-lm? 1455/tcp open esl-lm? 1494/tcp open ssl/citrix-ica? 1521/tcp open ssl/oracle? 1700/tcp open ssl/mps-raft? 1935/tcp open ssl/rtmp? 1971/tcp open ssl/netop-school? 1972/tcp open ssl/intersys-cache? 1974/tcp open ssl/drp? 1984/tcp open ssl/bigbrother? 2000/tcp open ssl/cisco-sccp? 2001/tcp open ssl/dc? 2006/tcp open invokator? 2020/tcp open ssl/xinupageserver? 2022/tcp open ssl/down? 2048/tcp open ssl/dls-monitor? 2049/tcp open nfs? 2065/tcp open dlsrpn? 2068/tcp open avocentkvm? 2100/tcp open ssl/amiganetfs? 2107/tcp open ssl/msmq-mgmt? 2200/tcp open ssl/ici? 2222/tcp open ssl/EtherNetIP-1? 2557/tcp open nicetec-mgmt? 3000/tcp open ssl/ppp? 3001/tcp open ssl/nessus? 3003/tcp open ssl/cgms? 3005/tcp open ssl/deslogin? 3006/tcp open deslogind? 3007/tcp open ssl/lotusmtap? 3011/tcp open ssl/trusted-web? 3013/tcp open ssl/gilatskysurfer? 3017/tcp open ssl/event_listener? 3030/tcp open ssl/arepa-cas? 3052/tcp open powerchute? 3071/tcp open csd-mgmt-port? 3077/tcp open orbix-loc-ssl? 3306/tcp open ssl/mysql? 3333/tcp open ssl/dec-notes? 3389/tcp open ssl/ms-wbt-server? 3551/tcp open apcupsd? 3580/tcp open ssl/nati-svrloc? 4000/tcp open ssl/remoteanything? 4001/tcp open ssl/newoak? 4002/tcp open ssl/mlchat-proxy? 4343/tcp open ssl/unicall? 4443/tcp open ssl/pharos? 4444/tcp open ssl/krb524? 4445/tcp open ssl/upnotifyp? 4449/tcp open ssl/privatewire? 4848/tcp open appserv-http? 5000/tcp open ssl/upnp? 5001/tcp open ssl/commplex-link? 5002/tcp open rfe? 5003/tcp open filemaker? 5004/tcp open avt-profile-1? 5009/tcp open airport-admin? 5050/tcp open ssl/mmcc? 5051/tcp open ssl/ida-agent? 5060/tcp open ssl/sip? 5061/tcp open ssl/sip-tls? 5080/tcp open ssl/onscreen? 5100/tcp open ssl/admd? 5120/tcp open ssl/barracuda-bbs? 5222/tcp open ssl/xmpp-client? 5225/tcp open ssl/hp-server? 5226/tcp open ssl/hp-status? 5269/tcp open ssl/xmpp-server? 5280/tcp open ssl/xmpp-bosh? 5500/tcp open hotline? 5555/tcp open ssl/freeciv? 5900/tcp open vnc? 5901/tcp open ssl/vnc-1? 5902/tcp open ssl/vnc-2? 5903/tcp open ssl/vnc-3? 5910/tcp open ssl/cm? 5911/tcp open ssl/cpdlc? 5987/tcp open ssl/wbem-rmi? 5988/tcp open ssl/wbem-http? 5989/tcp open ssl/wbem-https? 5998/tcp open ssl/ncd-diag? 5999/tcp open ssl/ncd-conf? 6000/tcp open ssl/X11? 6001/tcp open X11:1? 6002/tcp open ssl/X11:2? 6003/tcp open X11:3? 6004/tcp open X11:4? 6005/tcp open X11:5? 6006/tcp open X11:6? 6007/tcp open X11:7? 6009/tcp open X11:9? 6100/tcp open ssl/synchronet-db? 6510/tcp open ssl/mcer-port? 6543/tcp open ssl/mythtv? 6580/tcp open ssl/parsec-master? 6666/tcp open ssl/irc? 6699/tcp open ssl/napster? 6789/tcp open ibm-db2-admin? 7000/tcp open ssl/afs3-fileserver? 7001/tcp open ssl/afs3-callback? 7002/tcp open ssl/afs3-prserver? 7004/tcp open ssl/afs3-kaserver? 7007/tcp open ssl/afs3-bos? 7070/tcp open ssl/realserver? 7100/tcp open ssl/font-service? 7443/tcp open ssl/oracleas-https? 7777/tcp open ssl/cbt? 7778/tcp open ssl/interwise? 7999/tcp open ssl/irdmi2? 8000/tcp open ssl/http-alt 8001/tcp open ssl/vcom-tunnel? 8002/tcp open ssl/teradataordbms? 8007/tcp open ssl/ajp12? 8008/tcp open ssl/http 8009/tcp open ssl/ajp13? 8010/tcp open ssl/xmpp? 8021/tcp open ssl/ftp-proxy? 8022/tcp open ssl/oa-system? 8042/tcp open ssl/fs-agent? 8080/tcp open ssl/http-proxy 8081/tcp open ssl/blackice-icecap? 8082/tcp open ssl/blackice-alerts? 8083/tcp open ssl/us-srv? 8086/tcp open ssl/d-s-n? 8087/tcp open ssl/simplifymedia? 8088/tcp open ssl/radan-http 8090/tcp open ssl/opsmessaging? 8100/tcp open ssl/xprint-server? 8181/tcp open ssl/intermapper? 8192/tcp open sophos? 8193/tcp open sophos? 8194/tcp open sophos? 8200/tcp open ssl/trivnet1? 8300/tcp open ssl/tmi? 8333/tcp open ssl/bitcoin? 8383/tcp open ssl/m2mservices? 8402/tcp open abarsd? 8443/tcp open ssl/https-alt 8500/tcp open ssl/fmtp? 8600/tcp open ssl/asterix? 8701/tcp open ssl/unknown 8800/tcp open ssl/sunwebadmin? 8873/tcp open dxspider? 8888/tcp open ssl/sun-answerbook? 8899/tcp open ssl/ospf-lite? 9000/tcp open ssl/cslistener? 9001/tcp open ssl/tor-orport? 9002/tcp open ssl/dynamid? 9009/tcp open ssl/pichat? 9010/tcp open ssl/sdr? 9011/tcp open ssl/d-star? 9040/tcp open ssl/tor-trans? 9050/tcp open ssl/tor-socks? 9080/tcp open ssl/glrpc? 9081/tcp open ssl/cisco-aqos? 9090/tcp open ssl/zeus-admin? 9091/tcp open ssl/xmltec-xmlmail? 9100/tcp open jetdirect? 9101/tcp open jetdirect? 9102/tcp open jetdirect? 9103/tcp open jetdirect? 9111/tcp open ssl/DragonIDSConsole? 9200/tcp open ssl/wap-wsp? 9207/tcp open ssl/wap-vcal-s? 9500/tcp open ssl/ismserver? 9998/tcp open ssl/distinct32? 9999/tcp open ssl/abyss? 10000/tcp open ssl/snet-sensor-mgmt? 10001/tcp open ssl/scp-config? 10002/tcp open ssl/documentum? 10003/tcp open ssl/documentum_s? 10004/tcp open ssl/emcrmirccd? 10009/tcp open ssl/swdtp-sv? 10010/tcp open ssl/rxapi? 10082/tcp open ssl/amandaidx? 11110/tcp open ssl/sgi-soap? 12345/tcp open netbus? 15002/tcp open ssl/onep-tls? 16000/tcp open ssl/fmsas? 16001/tcp open ssl/fmsascon? 16080/tcp open ssl/osxwebadmin? 20000/tcp open ssl/dnp? 30000/tcp open ssl/ndmps? 31337/tcp open ssl/Elite? 50000/tcp open ssl/ibm-db2? 50002/tcp open ssl/iiimsf? Nmap не определяет сервис, есть ли какой другой хороший сканнер для определения сервиса, работающего на порту?
скорее всего это просто WAF сработал ,сильно уж много открыто портов. Nessus по теме рекомендую ознакомиться с https://rutracker.org/forum/viewtopic.php?t=5193952 чтобы базу наработать и понимание .
