Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
444 views33 pages

Vulnerability Assessment Using Nmap

The document provides an extensive overview of Nmap, an open-source network analysis and security auditing tool, detailing its architecture, use cases, and various scanning techniques. It includes a comprehensive list of basic to advanced Nmap commands for network, DNS, and database server scanning, along with examples for vulnerability assessments. Additionally, it emphasizes the importance of obtaining permission before scanning networks and devices.

Uploaded by

Nayeemul Islam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
444 views33 pages

Vulnerability Assessment Using Nmap

The document provides an extensive overview of Nmap, an open-source network analysis and security auditing tool, detailing its architecture, use cases, and various scanning techniques. It includes a comprehensive list of basic to advanced Nmap commands for network, DNS, and database server scanning, along with examples for vulnerability assessments. Additionally, it emphasizes the importance of obtaining permission before scanning networks and devices.

Uploaded by

Nayeemul Islam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 33

Vulnerability Assessment & Penetration Testing

Nmap Basic to Advance Command


Blue Team Bangladesh Ltd

Introduction to Nmap

Network Mapper (Nmap) is an open-source network analysis and security


auditing tool written in C, C++, Python, and Lua. It is designed to scan
networks and identify which hosts are available on the network using raw
packets, and services and applications, including the name and version,
where possible. It can also identify the operating systems and versions of
these hosts. Besides other features, Nmap also offers scanning capabilities
that can determine if packet filters, firewalls, or intrusion detection systems
(IDS) are configured as needed.

Use Cases

The tool is one of the most used tools by network administrators and IT
security specialists. It is used to:

 Audit the security aspects of networks

 Simulate penetration tests

 Check firewall and IDS settings and configurations

 Types of possible connections

 Network mapping

 Response analysis

 Identify open ports


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
 Vulnerability assessment as well.

Nmap Architecture

Nmap offers many different types of scans that can be used to obtain various
results about our targets. Basically, Nmap can be divided into the following
scanning techniques:

 Host discovery

 Port scanning

 Service enumeration and detection

 OS detection

 Scriptable interaction with the target service (Nmap Scripting Engine)

Syntax

The syntax for Nmap is fairly simple and looks like this:

Introduction to Nmap
alamgirhossain17@htb[/htb]$ nmap <scan types> <options>
<target>

Scan Techniques

Nmap offers many different scanning techniques, making different types of


connections and using differently structured packets to send. Here we can see
all the scanning techniques Nmap offers:
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd

Here is a range of Nmap commands, starting from basic to more advanced techniques, to help you
with network scanning.

nmap --help

<SNIP>
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags <flags>: Customize TCP scan flags
-sI <zombie host[:probeport]>: Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan
-b <FTP relay host>: FTP bounce scan
<SNIP>

Basic Commands

Ping Scan: Quickly determine which hosts are up.

nmap -sn 192.168.1.0/24

Port Scan: Scan the most common 1000 ports on a single host.

nmap 192.168.1.1

Specific Ports Scan: Scan specific ports on a host

nmap -p 22,80,443 192.168.1.1


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
Range of IPs: Scan a range of IP addresses.

nmap 192.168.1.1-254

Multiple Hosts: Scan multiple hosts.

nmap 192.168.1.1 192.168.1.2 192.168.1.3

Intermediate Commands

Service Version Detection: Determine the version of services running on open ports.

nmap -sV 192.168.1.1

Operating System Detection: Detect the operating system of a host.

nmap -O 192.168.1.1

Aggressive Scan: Perform an aggressive scan including OS detection, version detection, script scanning,
and traceroute.

nmap -A 192.168.1.1

Scan with TCP SYN Scan (default): The most common scan that sends SYN packets.

nmap -sS 192.168.1.1

Scan with UDP Scan: Scan UDP ports.

nmap -sU 192.168.1.1

Advanced Commands Timing and Performance: Adjust the timing template (0 is slowest, 5 is fastest).

nmap -T4 192.168.1.1


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
Save Output to File: Save the scan output to different formats.

nmap -oN output.txt 192.168.1.1 # Normal output

nmap -oX output.xml 192.168.1.1 # XML output

nmap -oG output.gnmap 192.168.1.1 # Grepable output

Scan a Subnet for Open Ports: Scan a whole subnet to find open ports.

nmap -p 22,80,443 192.168.1.0/24

NSE (Nmap Scripting Engine): Use scripts for advanced service detection, vulnerability detection, etc.

nmap --script=vuln 192.168.1.1

nmap --script=http-enum 192.168.1.1

Scan Evading Techniques: Use decoys to hide the origin of the scan.

nmap -D RND:10 192.168.1.1

Scan Firewall and IDS Evasion: Try to evade firewall and IDS.

nmap -f 192.168.1.1 # Fragment packets

nmap -sA 192.168.1.1 # ACK scan to check if a host is up

nmap -sW 192.168.1.1 # Window scan

Scan with Spoofed IP: Spoof the source IP address.

nmap -S 192.168.1.100 192.168.1.1

Specialized Scans. Scan for Heartbleed Vulnerability:

nmap --script ssl-heartbleed 192.168.1.1

Detect HTTP Security Issues:

nmap --script=http-security-headers 192.168.1.1


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
Brute Force FTP Login:

nmap --script ftp-brute -p 21 192.168.1.1

Combining Multiple Commands Intense Scan Plus UDP:

nmap -sS -sU -T4 -A -v 192.168.1.1

Comprehensive Scan:

nmap -p 1-65535 -sV -sS -T4 -A -O 192.168.1.1

These commands should give you a solid foundation for using Nmap effectively, from basic network
discovery to advanced and stealthy scanning techniques. Always ensure you have permission to scan the
networks and devices you target.

To scan for vulnerabilities and save the output to a file using Nmap, you can use the Nmap Scripting
Engine (NSE) along with the -oN, -oX, or -oG options to save the output in different formats. Here's how
you can perform a vulnerability scan and save the results:

Basic Vulnerability Scan and Save Output

Scan for Common Vulnerabilities:

nmap --script vuln 192.168.1.1 -oN output.txt

This command runs the vuln script, which includes a collection of vulnerability detection scripts, and
saves the output in normal format to output.txt.

Advanced Vulnerability Scan and Save Output

Specify Multiple Vulnerability Scripts:

nmap --script "vuln,ssl-heartbleed,http-enum" 192.168.1.1 -oN output.txt

This runs multiple vulnerability detection scripts (in this case, vuln, ssl-heartbleed, and http-enum) and
saves the output to output.txt.

Example of Comprehensive Vulnerability Scan

Comprehensive Scan with Output in Normal, XML, and Grepable Formats:

nmap -p 1-65535 -sV -sS -T4 -A -O --script vuln 192.168.1.1 -oN output.txt -oX output.xml -oG
output.gnmap
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd

This performs a comprehensive scan including:

Scanning all ports (-p 1-65535)

Service version detection (-sV)

TCP SYN scan (-sS)

Aggressive scan (-T4)

OS detection (-O)

Running vulnerability scripts (--script vuln)

And saves the output in normal (output.txt), XML (output.xml), and grepable (output.gnmap) formats.

Combined Advanced and Vulnerability Scanning

Combining Multiple Techniques with Vulnerability Scan:

nmap -sS -sU -T4 -A -v --script vuln 192.168.1.1 -oN output.txt

This command combines:

TCP SYN scan (-sS)

UDP scan (-sU)

Timing template for speed (-T4)

Aggressive options (-A)

Verbose mode (-v)

Vulnerability scripts (--script vuln)

And saves the output to output.txt.

Using NSE Scripts for Specific Vulnerabilities

Using Specific NSE Scripts for Targeted Vulnerabilities:

nmap --script http-vuln-cve2017-5638 -p 80 192.168.1.1 -oN output.txt

This runs the http-vuln-cve2017-5638 script (which checks for a specific CVE) against port 80 and saves
the output to output.txt.
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
By using the -oN, -oX, or -oG options, you can ensure that the results of your vulnerability scans are
saved for later analysis and reporting.

NMAP basic to advance commands for DNS server

Here are some Nmap commands tailored for scanning and probing DNS servers, from basic to advanced:

Basic DNS Scanning Commands

Basic DNS Service Discovery: Check if the DNS service (port 53) is open on a host.

nmap -p 53 192.168.1.1

Service Version Detection: Identify the version of the DNS service running.

nmap -sV -p 53 192.168.1.1

Intermediate DNS Scanning Commands

DNS Brute Force: Attempt to discover subdomains by brute-forcing common names.

nmap --script dns-brute 192.168.1.1

Zone Transfer Check: Check if the DNS server allows zone transfers (a common misconfiguration).

nmap --script dns-zone-transfer -p 53 192.168.1.1

DNS Cache Snooping: Determine if the DNS server is caching specific DNS queries.

nmap --script dns-cache-snoop --script-args 'dns-cache-snoop.mode=timed' 192.168.1.1

Advanced DNS Scanning Commands

DNS Enumeration: Enumerate common DNS records (like MX, NS, A, etc.) for a given domain.

nmap --script dns-enum 192.168.1.1

Recursive DNS Server Detection: Check if the DNS server allows recursive queries.

nmap --script dns-recursion -p 53 192.168.1.1

Comprehensive DNS Security Scan: Combine multiple DNS-related NSE scripts for a thorough analysis.

nmap --script "dns-brute,dns-zone-transfer,dns-cache-snoop,dns-recursion" -p 53 192.168.1.1


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
Combining DNS Scans with Output to File

Save DNS Brute Force Output: Save the results of a DNS brute force scan to a file.

nmap --script dns-brute 192.168.1.1 -oN dns-brute-output.txt

Save Comprehensive DNS Scan Output: Save the results of a comprehensive DNS scan to multiple
formats.

nmap --script "dns-brute,dns-zone-transfer,dns-cache-snoop,dns-recursion" -p 53 192.168.1.1 -oN dns-


scan-output.txt -oX dns-scan-output.xml -oG dns-scan-output.gnmap

Specialized DNS Scans

Check for Specific DNS Vulnerability: Check for a specific DNS vulnerability (e.g., DNS Cache Poisoning).

nmap --script dns-poison -p 53 192.168.1.1

DNS Service Enumeration with Specific Arguments: Run DNS enumeration with specific script
arguments.

nmap --script dns-enum --script-args dns-enum.domains=example.com -p 53 192.168.1.1

Detect DNS Amplification DDoS Vulnerability: Check if the DNS server can be used for amplification
attacks.

nmap --script dns-recursion -p 53 192.168.1.1

By using these commands, you can effectively scan and analyze DNS servers, from basic service checks
to advanced security assessments. Always ensure you have permission to scan the DNS servers you
target.

NMAP basic to advance command for the Database server

Here are Nmap commands specifically tailored for scanning and probing database servers, from basic to
advanced:

Basic Database Scanning Commands

Basic Service Discovery: Check if a specific database service port is open (e.g., MySQL on port 3306).

nmap -p 3306 192.168.1.1

Multiple Database Ports: Scan for common database ports (e.g., MySQL, PostgreSQL, SQL Server,
Oracle).
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
nmap -p 3306,5432,1433,1521 192.168.1.1

Service Version Detection: Identify the version of the database services running.

nmap -sV -p 3306,5432,1433,1521 192.168.1.1

Intermediate Database Scanning Commands

Aggressive Scan: Perform an aggressive scan including OS detection, version detection, script scanning,
and traceroute

nmap -A -p 3306,5432,1433,1521 192.168.1.1

Default Scripts Scan: Use default NSE scripts for more detailed information.

nmap -sC -p 3306,5432,1433,1521 192.168.1.1

Advanced Database Scanning Commands

Database Specific Scripts: Use Nmap scripts for specific database services to gather more detailed
information.

nmap --script mysql-info,mysql-databases,mysql-users -p 3306 192.168.1.1

nmap --script pgsql-info,pgsql-databases -p 5432 192.168.1.1

nmap --script ms-sql-info,ms-sql-databases -p 1433 192.168.1.1

nmap --script oracle-sid-brute -p 1521 192.168.1.1

Brute Force MySQL Login: Attempt to brute force MySQL login credentials.

nmap --script mysql-brute -p 3306 192.168.1.1

Check for MySQL Weak Passwords: Check if MySQL service has weak passwords.

nmap --script mysql-empty-password,mysql-brute -p 3306 192.168.1.1

Check for PostgreSQL Weak Passwords: Check if PostgreSQL service has weak passwords.

nmap --script pgsql-brute -p 5432 192.168.1.1

MS SQL Server Brute Force: Attempt to brute force MS SQL Server login credentials.

nmap --script ms-sql-brute -p 1433 192.168.1.1

Combining Scans and Saving Output

Save MySQL Scan Output: Save the results of a MySQL specific scan to a file.

nmap --script mysql-info,mysql-databases,mysql-users -p 3306 192.168.1.1 -oN mysql-scan-output.txt


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
Save Comprehensive Database Scan Output: Save the results of a comprehensive database scan to
multiple formats.

nmap --script "mysql-info,mysql-databases,mysql-users,pgsql-info,pgsql-databases,ms-sql-info,oracle-


sid-brute" -p 3306,5432,1433,1521 192.168.1.1 -oN db-scan-output.txt -oX db-scan-output.xml -oG db-
scan-output.gnmap

Specialized Database Scans

Check for Oracle TNS Listener Information:

nmap --script oracle-tns-version -p 1521 192.168.1.1

Oracle SID Enumeration:

nmap --script oracle-sid-brute -p 1521 192.168.1.1

Comprehensive MySQL Vulnerability Scan:

nmap --script mysql-vuln-cve2012-2122,mysql-empty-password,mysql-brute -p 3306 192.168.1.1

Example of Comprehensive Database Scan

Intense Scan Plus Database Specific Checks:

nmap -p 3306,5432,1433,1521 -sV -sC -T4 -A --script "mysql-info,mysql-users,pgsql-info,ms-sql-


info,oracle-sid-brute" 192.168.1.1 -oN db-comprehensive-output.txt

These commands provide a robust set of tools to effectively scan and analyze database servers, from
basic service checks to advanced security assessments. Always ensure you have the necessary
permissions to scan the database servers you target.

NMAP basic to advance command for the webserver

Here are Nmap commands specifically tailored for scanning and probing web servers, from basic to
advanced:

Basic Web Server Scanning Commands

Basic Port Scan: Check if the HTTP (port 80) and HTTPS (port 443) services are open.

nmap -p 80,443 192.168.1.1

Service Version Detection: Identify the version of the web server software running.
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
nmap -sV -p 80,443 192.168.1.1

Scan All Ports: Scan for any open ports on the web server.

nmap -p- 192.168.1.1

Intermediate Web Server Scanning Commands

Aggressive Scan: Perform an aggressive scan including OS detection, version detection, script scanning,
and traceroute.

nmap -A -p 80,443 192.168.1.1

Default Scripts Scan: Use default NSE scripts for more detailed information about the web server.

nmap -sC -p 80,443 192.168.1.1

HTTP Enumeration: Gather detailed information about HTTP services.

nmap --script http-enum 192.168.1.1 -p 80

Advanced Web Server Scanning Commands

Web Application Firewall Detection: Detect if a web application firewall (WAF) is present.

nmap --script http-waf-detect 192.168.1.1 -p 80,443

Directory Brute Force: Attempt to brute force directories and files on the web server.

nmap --script http-brute 192.168.1.1 -p 80

SSL/TLS Information: Gather detailed SSL/TLS information.

nmap --script ssl-cert,ssl-enum-ciphers -p 443 192.168.1.1

Vulnerability Scanning: Use NSE scripts to check for specific vulnerabilities.

nmap --script http-vuln* -p 80 192.168.1.1

Specialized Web Server Scanning Commands

Check for Heartbleed Vulnerability: Specifically check for the Heartbleed vulnerability.

nmap --script ssl-heartbleed -p 443 192.168.1.1

Check for Shellshock Vulnerability: Specifically check for the Shellshock vulnerability.

nmap --script http-shellshock -p 80,443 192.168.1.1

HTTP Security Headers: Check for HTTP security headers.


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
nmap --script http-security-headers -p 80,443 192.168.1.1

SQL Injection: Check for possible SQL injection vulnerabilities

nmap --script http-sql-injection -p 80 192.168.1.1

Combining Scans and Saving Output

Save HTTP Enumeration Output: Save the results of an HTTP enumeration scan to a file.

nmap --script http-enum -p 80 192.168.1.1 -oN http-enum-output.txt

Save Comprehensive Web Server Scan Output: Save the results of a comprehensive web server scan to
multiple formats.

nmap -p 80,443 -sV -sC -A --script "http-enum,http-vuln*,ssl-cert,ssl-enum-ciphers" 192.168.1.1 -oN


web-scan-output.txt -oX web-scan-output.xml -oG web-scan-output.gnmap

Example of Comprehensive Web Server Scan

Intense Scan Plus Web Specific Checks:

nmap -p 80,443 -sV -sC -T4 -A --script "http-enum,http-vuln*,ssl-cert,ssl-enum-ciphers" 192.168.1.1 -oN


web-comprehensive-output.txt

Advanced Techniques

Evading IDS/IPS: Use fragment packets to bypass intrusion detection systems.

nmap -f -p 80,443 192.168.1.1

Decoys: Use decoys to hide the origin of the scan.

nmap -D RND:10 -p 80,443 192.168.1.1

These commands should provide a comprehensive toolkit for effectively scanning and analyzing web
servers, from basic service checks to advanced security assessments. Always ensure you have
permission to scan the web servers you target.

NMAP basic to advance command for Network Firewall Assessment

Here are some Nmap commands specifically tailored for scanning and probing network firewalls, from
basic to advanced:

Basic Firewall Scanning Commands

Ping Scan: Determine which hosts are up without scanning any ports.

nmap -sn 192.168.1.0/24


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
Simple Port Scan: Check if common ports are open on a firewall.

nmap -p 80,443,22 192.168.1.1

Service Version Detection: Identify the services running behind the firewall.

nmap -sV 192.168.1.1

Intermediate Firewall Scanning Commands

Aggressive Scan: Perform an aggressive scan including OS detection, version detection, script scanning,
and traceroute.

nmap -A 192.168.1.1

Stealth Scan (SYN Scan): Perform a stealthy scan to detect open ports without completing the TCP
handshake.

nmap -sS 192.168.1.1

UDP Scan: Check for open UDP ports, which can be useful for firewall rule detection.

nmap -sU 192.168.1.1

Advanced Firewall Scanning Commands

Firewall Evasion Techniques: Fragment packets to evade firewalls and IDS/IPS systems.

nmap -f 192.168.1.1

Decoys: Use decoys to mask the origin of the scan.

nmap -D RND:10 192.168.1.1

Idle Scan: Use a third-party host to send probes to the target, making it appear as if the third-party host
is the source of the scan.

nmap -sI zombie_host 192.168.1.1

Specialized Firewall Scanning Commands

Firewall Detection: Use Nmap scripts to detect firewall rules.

nmap --script firewall-bypass 192.168.1.1

Detecting Firewall Rules with ACK Scan: Send ACK packets to determine which ports are filtered.
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
nmap -sA 192.168.1.1

Window Scan: Analyze TCP window sizes to infer firewall rules.

nmap -sW 192.168.1.1

FIN Scan: Send FIN packets to detect open ports through firewalls.

nmap -sF 192.168.1.1

Xmas Scan: Send Xmas-tree packets to probe open ports through firewalls.

nmap -sX 192.168.1.1

Combining Scans and Saving Output

Save Stealth Scan Output: Save the results of a stealth scan to a file.

nmap -sS 192.168.1.1 -oN stealth-scan-output.txt

Save Comprehensive Firewall Scan Output: Save the results of a comprehensive firewall scan to multiple
formats.

nmap -p 1-65535 -sS -sU -T4 -A -O --script firewall-bypass 192.168.1.1 -oN firewall-scan-output.txt -oX
firewall-scan-output.xml -oG firewall-scan-output.gnmap

Example of Comprehensive Firewall Scan

Intense Scan Plus Firewall Specific Checks:

nmap -p 1-65535 -sS -T4 -A -O --script "firewall-bypass" 192.168.1.1 -oN firewall-comprehensive-


output.txt

Advanced Techniques

Timing and Performance: Adjust the timing template (0 is slowest, 5 is fastest) for evasion and
performance tuning.

nmap -T4 192.168.1.1


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
Scan with Spoofed IP Address: Spoof the source IP address to evade detection.

nmap -S 192.168.1.100 192.168.1.1

OS Fingerprinting: Identify the operating system behind the firewall.

nmap -O 192.168.1.1

These commands provide a comprehensive toolkit for effectively scanning and analyzing network
firewalls, from basic checks to advanced evasion techniques. Always ensure you have permission to scan
the network firewalls you target.

Parrot to Box1 VM Penetration Testing Technique:

Parrot VM IP: 192.168.249.128

Box1- VM IP: 192.168.249.130

─[✗]─[root@parrot]─[/home/user]

└──╼ #nmap -sV 192.168.249.130


Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-08 16:41 UTC

Nmap scan report for 192.168.249.130

Host is up (0.00052s latency).

Not shown: 997 closed tcp ports (reset)

PORT STATE SERVICE VERSION

21/tcp open ftp ProFTPD 1.3.3c


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)

80/tcp open http Apache httpd 2.4.18 ((Ubuntu))

MAC Address: 00:0C:29:0D:74:93 (VMware)

Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 6.59 seconds

─[✗]─[root@parrot]─[/home/user]

└──╼ #nmap -sV --script=vuln 192.168.249.130


Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-09-08 16:42 UTC

Nmap scan report for 192.168.249.130

Host is up (0.00027s latency).

Not shown: 997 closed tcp ports (reset)

PORT STATE SERVICE VERSION

21/tcp open ftp ProFTPD 1.3.3c


| vulners:

| cpe:/a:proftpd:proftpd:1.3.3c:

| SAINT:FD1752E124A72FD3A26EEB9B315E8382 10.0
https://vulners.com/saint/SAINT:FD1752E124A72FD3A26EEB9B315E8382 *EXPLOIT*

| SAINT:ECC52DD75C7865AF72D358DC03E39270 10.0
https://vulners.com/saint/SAINT:ECC52DD75C7865AF72D358DC03E39270 *EXPLOIT*

| SAINT:C38482A29286C4F6E5C4BD19DFFEC245 10.0
https://vulners.com/saint/SAINT:C38482A29286C4F6E5C4BD19DFFEC245 *EXPLOIT*

| SAINT:950EB68D408A40399926A4CCAD3CC62E 10.0
https://vulners.com/saint/SAINT:950EB68D408A40399926A4CCAD3CC62E *EXPLOIT*

| SAINT:63FB77B9136D48259E4F0D4CDA35E957 10.0
https://vulners.com/saint/SAINT:63FB77B9136D48259E4F0D4CDA35E957 *EXPLOIT*

| SAINT:54FCA613A72A46139DD6F86DF77D354A 10.0
https://vulners.com/saint/SAINT:54FCA613A72A46139DD6F86DF77D354A *EXPLOIT*
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| SAINT:1B08F4664C428B180EEC9617B41D9A2C 10.0
https://vulners.com/saint/SAINT:1B08F4664C428B180EEC9617B41D9A2C *EXPLOIT*

| SAINT:0D292D8F05ADFBE8F747F01E40BAF2AF 10.0
https://vulners.com/saint/SAINT:0D292D8F05ADFBE8F747F01E40BAF2AF *EXPLOIT*

| PROFTPD_MOD_COPY 10.0 https://vulners.com/canvas/PROFTPD_MOD_COPY


*EXPLOIT*

| PACKETSTORM:162777 10.0 https://vulners.com/packetstorm/PACKETSTORM:162777


*EXPLOIT*

| PACKETSTORM:132218 10.0 https://vulners.com/packetstorm/PACKETSTORM:132218


*EXPLOIT*

| PACKETSTORM:131567 10.0 https://vulners.com/packetstorm/PACKETSTORM:131567


*EXPLOIT*

| PACKETSTORM:131555 10.0 https://vulners.com/packetstorm/PACKETSTORM:131555


*EXPLOIT*

| PACKETSTORM:131505 10.0 https://vulners.com/packetstorm/PACKETSTORM:131505


*EXPLOIT*

| MSF:EXPLOIT-UNIX-FTP-PROFTPD_MODCOPY_EXEC- 10.0
https://vulners.com/metasploit/MSF:EXPLOIT-UNIX-FTP-PROFTPD_MODCOPY_EXEC-
*EXPLOIT*

| MSF:EXPLOIT-LINUX-FTP-PROFTP_TELNET_IAC- 10.0
https://vulners.com/metasploit/MSF:EXPLOIT-LINUX-FTP-PROFTP_TELNET_IAC-
*EXPLOIT*

| MSF:EXPLOIT-FREEBSD-FTP-PROFTP_TELNET_IAC- 10.0
https://vulners.com/metasploit/MSF:EXPLOIT-FREEBSD-FTP-PROFTP_TELNET_IAC-
*EXPLOIT*

| EDB-ID:49908 10.0 https://vulners.com/exploitdb/EDB-ID:49908 *EXPLOIT*

| EDB-ID:37262 10.0 https://vulners.com/exploitdb/EDB-ID:37262 *EXPLOIT*

| EDB-ID:16878 10.0 https://vulners.com/exploitdb/EDB-ID:16878 *EXPLOIT*

| EDB-ID:16851 10.0 https://vulners.com/exploitdb/EDB-ID:16851 *EXPLOIT*

| CVE-2010-4221 10.0 https://vulners.com/cve/CVE-2010-4221

| 95499236-C9FE-56A6-9D7D-E943A24B633A 10.0
https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A
*EXPLOIT*
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| 2C119FFA-ECE0-5E14-A4A4-354A2C38071A 10.0
https://vulners.com/githubexploit/2C119FFA-ECE0-5E14-A4A4-354A2C38071A *EXPLOIT*

| 1337DAY-ID-36298 10.0 https://vulners.com/zdt/1337DAY-ID-36298 *EXPLOIT*

| 1337DAY-ID-23720 10.0 https://vulners.com/zdt/1337DAY-ID-23720 *EXPLOIT*

| 1337DAY-ID-23544 10.0 https://vulners.com/zdt/1337DAY-ID-23544 *EXPLOIT*

| CVE-2019-12815 9.8 https://vulners.com/cve/CVE-2019-12815

| SSV:26016 9.0 https://vulners.com/seebug/SSV:26016 *EXPLOIT*

| SSV:24282 9.0 https://vulners.com/seebug/SSV:24282 *EXPLOIT*

| CVE-2011-4130 9.0 https://vulners.com/cve/CVE-2011-4130

| SSV:96525 7.5 https://vulners.com/seebug/SSV:96525 *EXPLOIT*

| CVE-2023-51713 7.5 https://vulners.com/cve/CVE-2023-51713

| CVE-2021-46854 7.5 https://vulners.com/cve/CVE-2021-46854

| CVE-2020-9272 7.5 https://vulners.com/cve/CVE-2020-9272

| CVE-2019-19272 7.5 https://vulners.com/cve/CVE-2019-19272

| CVE-2019-19271 7.5 https://vulners.com/cve/CVE-2019-19271

| CVE-2019-19270 7.5 https://vulners.com/cve/CVE-2019-19270

| CVE-2019-18217 7.5 https://vulners.com/cve/CVE-2019-18217

| CVE-2016-3125 7.5 https://vulners.com/cve/CVE-2016-3125

| 739FE495-4675-5A2A-BB93-EEF94AC07632 7.5
https://vulners.com/githubexploit/739FE495-4675-5A2A-BB93-EEF94AC07632 *EXPLOIT*

| SSV:20226 7.1 https://vulners.com/seebug/SSV:20226 *EXPLOIT*

| PACKETSTORM:95517 7.1 https://vulners.com/packetstorm/PACKETSTORM:95517


*EXPLOIT*

| CVE-2010-3867 7.1 https://vulners.com/cve/CVE-2010-3867

| SSV:12447 6.8 https://vulners.com/seebug/SSV:12447 *EXPLOIT*

| SSV:11950 6.8 https://vulners.com/seebug/SSV:11950 *EXPLOIT*

| EDB-ID:33128 6.8 https://vulners.com/exploitdb/EDB-ID:33128 *EXPLOIT*

| CVE-2010-4652 6.8 https://vulners.com/cve/CVE-2010-4652


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| CVE-2023-48795 5.9 https://vulners.com/cve/CVE-2023-48795

| SSV:12523 5.8 https://vulners.com/seebug/SSV:12523 *EXPLOIT*

| CVE-2009-3639 5.8 https://vulners.com/cve/CVE-2009-3639

| CVE-2017-7418 5.5 https://vulners.com/cve/CVE-2017-7418

| CVE-2011-1137 5.0 https://vulners.com/cve/CVE-2011-1137

| CVE-2019-19269 4.9 https://vulners.com/cve/CVE-2019-19269

|_ CVE-2012-6095 1.2 https://vulners.com/cve/CVE-2012-6095

| ftp-proftpd-backdoor:

| This installation has been backdoored.

| Command: id

|_ Results: uid=0(root) gid=0(root) groups=0(root),65534(nogroup)

22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)

| vulners:

| cpe:/a:openbsd:openssh:7.2p2:

| 95499236-C9FE-56A6-9D7D-E943A24B633A 10.0
https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A
*EXPLOIT*

| 2C119FFA-ECE0-5E14-A4A4-354A2C38071A 10.0
https://vulners.com/githubexploit/2C119FFA-ECE0-5E14-A4A4-354A2C38071A *EXPLOIT*

| CVE-2023-38408 9.8 https://vulners.com/cve/CVE-2023-38408

| B8190CDB-3EB9-5631-9828-8064A1575B23 9.8
https://vulners.com/githubexploit/B8190CDB-3EB9-5631-9828-8064A1575B23 *EXPLOIT*

| 8FC9C5AB-3968-5F3C-825E-E8DB5379A623 9.8
https://vulners.com/githubexploit/8FC9C5AB-3968-5F3C-825E-E8DB5379A623 *EXPLOIT*

| 8AD01159-548E-546E-AA87-2DE89F3927EC 9.8
https://vulners.com/githubexploit/8AD01159-548E-546E-AA87-2DE89F3927EC *EXPLOIT*

| 5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A 9.8
https://vulners.com/githubexploit/5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A
*EXPLOIT*

| PACKETSTORM:140070 7.8 https://vulners.com/packetstorm/PACKETSTORM:140070


*EXPLOIT*
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09 7.8
https://vulners.com/exploitpack/EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09
*EXPLOIT*

| CVE-2020-15778 7.8 https://vulners.com/cve/CVE-2020-15778

| CVE-2016-10012 7.8 https://vulners.com/cve/CVE-2016-10012

| CVE-2015-8325 7.8 https://vulners.com/cve/CVE-2015-8325

| 1337DAY-ID-26494 7.8 https://vulners.com/zdt/1337DAY-ID-26494 *EXPLOIT*

| SSV:92579 7.5 https://vulners.com/seebug/SSV:92579 *EXPLOIT*

| PACKETSTORM:173661 7.5 https://vulners.com/packetstorm/PACKETSTORM:173661


*EXPLOIT*

| F0979183-AE88-53B4-86CF-3AF0523F3807 7.5
https://vulners.com/githubexploit/F0979183-AE88-53B4-86CF-3AF0523F3807 *EXPLOIT*

| EDB-ID:40888 7.5 https://vulners.com/exploitdb/EDB-ID:40888 *EXPLOIT*

| CVE-2016-8858 7.5 https://vulners.com/cve/CVE-2016-8858

| CVE-2016-6515 7.5 https://vulners.com/cve/CVE-2016-6515

| CVE-2016-10708 7.5 https://vulners.com/cve/CVE-2016-10708

| 1337DAY-ID-26576 7.5 https://vulners.com/zdt/1337DAY-ID-26576 *EXPLOIT*

| CVE-2016-10009 7.3 https://vulners.com/cve/CVE-2016-10009

| SSV:92582 7.2 https://vulners.com/seebug/SSV:92582 *EXPLOIT*

| CVE-2021-41617 7.0 https://vulners.com/cve/CVE-2021-41617

| CVE-2016-10010 7.0 https://vulners.com/cve/CVE-2016-10010

| SSV:92580 6.9 https://vulners.com/seebug/SSV:92580 *EXPLOIT*

| 1337DAY-ID-26577 6.9 https://vulners.com/zdt/1337DAY-ID-26577 *EXPLOIT*

| EDB-ID:46516 6.8 https://vulners.com/exploitdb/EDB-ID:46516 *EXPLOIT*

| EDB-ID:46193 6.8 https://vulners.com/exploitdb/EDB-ID:46193 *EXPLOIT*

| CVE-2019-6110 6.8 https://vulners.com/cve/CVE-2019-6110

| CVE-2019-6109 6.8 https://vulners.com/cve/CVE-2019-6109

| C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 6.8
https://vulners.com/githubexploit/C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 *EXPLOIT*
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| 10213DBE-F683-58BB-B6D3-353173626207 6.8
https://vulners.com/githubexploit/10213DBE-F683-58BB-B6D3-353173626207 *EXPLOIT*

| CVE-2023-51385 6.5 https://vulners.com/cve/CVE-2023-51385

| EDB-ID:40858 6.4 https://vulners.com/exploitdb/EDB-ID:40858 *EXPLOIT*

| EDB-ID:40119 6.4 https://vulners.com/exploitdb/EDB-ID:40119 *EXPLOIT*

| EDB-ID:39569 6.4 https://vulners.com/exploitdb/EDB-ID:39569 *EXPLOIT*

| CVE-2016-3115 6.4 https://vulners.com/cve/CVE-2016-3115

| EDB-ID:40136 5.9 https://vulners.com/exploitdb/EDB-ID:40136 *EXPLOIT*

| EDB-ID:40113 5.9 https://vulners.com/exploitdb/EDB-ID:40113 *EXPLOIT*

| CVE-2023-48795 5.9 https://vulners.com/cve/CVE-2023-48795

| CVE-2020-14145 5.9 https://vulners.com/cve/CVE-2020-14145

| CVE-2019-6111 5.9 https://vulners.com/cve/CVE-2019-6111

| CVE-2016-6210 5.9 https://vulners.com/cve/CVE-2016-6210

| EXPLOITPACK:98FE96309F9524B8C84C508837551A19 5.8
https://vulners.com/exploitpack/EXPLOITPACK:98FE96309F9524B8C84C508837551A19
*EXPLOIT*

| EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 5.8
https://vulners.com/exploitpack/EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97
*EXPLOIT*

| 1337DAY-ID-32328 5.8 https://vulners.com/zdt/1337DAY-ID-32328 *EXPLOIT*

| 1337DAY-ID-32009 5.8 https://vulners.com/zdt/1337DAY-ID-32009 *EXPLOIT*

| SSV:91041 5.5 https://vulners.com/seebug/SSV:91041 *EXPLOIT*

| PACKETSTORM:140019 5.5 https://vulners.com/packetstorm/PACKETSTORM:140019


*EXPLOIT*

| PACKETSTORM:136234 5.5 https://vulners.com/packetstorm/PACKETSTORM:136234


*EXPLOIT*

| EXPLOITPACK:F92411A645D85F05BDBD274FD222226F 5.5
https://vulners.com/exploitpack/EXPLOITPACK:F92411A645D85F05BDBD274FD222226F
*EXPLOIT*
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| EXPLOITPACK:9F2E746846C3C623A27A441281EAD138 5.5
https://vulners.com/exploitpack/EXPLOITPACK:9F2E746846C3C623A27A441281EAD138
*EXPLOIT*

| EXPLOITPACK:1902C998CBF9154396911926B4C3B330 5.5
https://vulners.com/exploitpack/EXPLOITPACK:1902C998CBF9154396911926B4C3B330
*EXPLOIT*

| CVE-2016-10011 5.5 https://vulners.com/cve/CVE-2016-10011

| PACKETSTORM:181223 5.3 https://vulners.com/packetstorm/PACKETSTORM:181223


*EXPLOIT*

| MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS- 5.3
https://vulners.com/metasploit/MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS-
*EXPLOIT*

| EDB-ID:45939 5.3 https://vulners.com/exploitdb/EDB-ID:45939 *EXPLOIT*

| EDB-ID:45233 5.3 https://vulners.com/exploitdb/EDB-ID:45233 *EXPLOIT*

| CVE-2018-20685 5.3 https://vulners.com/cve/CVE-2018-20685

| CVE-2018-15919 5.3 https://vulners.com/cve/CVE-2018-15919

| CVE-2018-15473 5.3 https://vulners.com/cve/CVE-2018-15473

| CVE-2017-15906 5.3 https://vulners.com/cve/CVE-2017-15906

| CVE-2016-20012 5.3 https://vulners.com/cve/CVE-2016-20012

| SSH_ENUM 5.0 https://vulners.com/canvas/SSH_ENUM *EXPLOIT*

| PACKETSTORM:150621 5.0 https://vulners.com/packetstorm/PACKETSTORM:150621


*EXPLOIT*

| EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0 5.0
https://vulners.com/exploitpack/EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0
*EXPLOIT*

| EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283 5.0
https://vulners.com/exploitpack/EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283
*EXPLOIT*

| 1337DAY-ID-31730 5.0 https://vulners.com/zdt/1337DAY-ID-31730 *EXPLOIT*

| EXPLOITPACK:802AF3229492E147A5F09C7F2B27C6DF 4.3
https://vulners.com/exploitpack/EXPLOITPACK:802AF3229492E147A5F09C7F2B27C6DF
*EXPLOIT*
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| EXPLOITPACK:5652DDAA7FE452E19AC0DC1CD97BA3EF 4.3
https://vulners.com/exploitpack/EXPLOITPACK:5652DDAA7FE452E19AC0DC1CD97BA3EF
*EXPLOIT*

| 1337DAY-ID-25440 4.3 https://vulners.com/zdt/1337DAY-ID-25440 *EXPLOIT*

| 1337DAY-ID-25438 4.3 https://vulners.com/zdt/1337DAY-ID-25438 *EXPLOIT*

| CVE-2021-36368 3.7 https://vulners.com/cve/CVE-2021-36368

| SSV:92581 2.1 https://vulners.com/seebug/SSV:92581 *EXPLOIT*

| PACKETSTORM:151227 0.0 https://vulners.com/packetstorm/PACKETSTORM:151227


*EXPLOIT*

| PACKETSTORM:140261 0.0 https://vulners.com/packetstorm/PACKETSTORM:140261


*EXPLOIT*

| PACKETSTORM:138006 0.0 https://vulners.com/packetstorm/PACKETSTORM:138006


*EXPLOIT*

| PACKETSTORM:137942 0.0 https://vulners.com/packetstorm/PACKETSTORM:137942


*EXPLOIT*

|_ 1337DAY-ID-30937 0.0 https://vulners.com/zdt/1337DAY-ID-30937 *EXPLOIT*

80/tcp open http Apache httpd 2.4.18 ((Ubuntu))

|_http-dombased-xss: Couldn't find any DOM based XSS.

|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.

| vulners:

| cpe:/a:apache:http_server:2.4.18:

| 95499236-C9FE-56A6-9D7D-E943A24B633A 10.0
https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A
*EXPLOIT*

| 2C119FFA-ECE0-5E14-A4A4-354A2C38071A 10.0
https://vulners.com/githubexploit/2C119FFA-ECE0-5E14-A4A4-354A2C38071A *EXPLOIT*

| F607361B-6369-5DF5-9B29-E90FA29DC565 9.8
https://vulners.com/githubexploit/F607361B-6369-5DF5-9B29-E90FA29DC565 *EXPLOIT*

| EDB-ID:51193 9.8 https://vulners.com/exploitdb/EDB-ID:51193 *EXPLOIT*

| CVE-2024-38476 9.8 https://vulners.com/cve/CVE-2024-38476

| CVE-2024-38474 9.8 https://vulners.com/cve/CVE-2024-38474


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| CVE-2023-25690 9.8 https://vulners.com/cve/CVE-2023-25690

| CVE-2022-31813 9.8 https://vulners.com/cve/CVE-2022-31813

| CVE-2022-23943 9.8 https://vulners.com/cve/CVE-2022-23943

| CVE-2022-22720 9.8 https://vulners.com/cve/CVE-2022-22720

| CVE-2021-44790 9.8 https://vulners.com/cve/CVE-2021-44790

| CVE-2021-39275 9.8 https://vulners.com/cve/CVE-2021-39275

| CVE-2021-26691 9.8 https://vulners.com/cve/CVE-2021-26691

| CVE-2018-1312 9.8 https://vulners.com/cve/CVE-2018-1312

| CVE-2017-7679 9.8 https://vulners.com/cve/CVE-2017-7679

| CVE-2017-3169 9.8 https://vulners.com/cve/CVE-2017-3169

| CVE-2017-3167 9.8 https://vulners.com/cve/CVE-2017-3167

| B02819DB-1481-56C4-BD09-6B4574297109 9.8
https://vulners.com/githubexploit/B02819DB-1481-56C4-BD09-6B4574297109*EXPLOIT*

| 5C1BB960-90C1-5EBF-9BEF-F58BFFDFEED9 9.8
https://vulners.com/githubexploit/5C1BB960-90C1-5EBF-9BEF-F58BFFDFEED9 *EXPLOIT*

| 3F17CA20-788F-5C45-88B3-E12DB2979B7B 9.8
https://vulners.com/githubexploit/3F17CA20-788F-5C45-88B3-E12DB2979B7B *EXPLOIT*

| 1337DAY-ID-39214 9.8 https://vulners.com/zdt/1337DAY-ID-39214 *EXPLOIT*

| CVE-2024-38475 9.1 https://vulners.com/cve/CVE-2024-38475

| CVE-2022-28615 9.1 https://vulners.com/cve/CVE-2022-28615

| CVE-2022-22721 9.1 https://vulners.com/cve/CVE-2022-22721

| CVE-2019-10082 9.1 https://vulners.com/cve/CVE-2019-10082

| CVE-2017-9788 9.1 https://vulners.com/cve/CVE-2017-9788

| 0486EBEE-F207-570A-9AD8-33269E72220A 9.1
https://vulners.com/githubexploit/0486EBEE-F207-570A-9AD8-33269E72220A *EXPLOIT*

| CVE-2022-36760 9.0 https://vulners.com/cve/CVE-2022-36760

| CVE-2021-40438 9.0 https://vulners.com/cve/CVE-2021-40438

| AE3EF1CC-A0C3-5CB7-A6EF-4DAAAFA59C8C 9.0
https://vulners.com/githubexploit/AE3EF1CC-A0C3-5CB7-A6EF-4DAAAFA59C8C
*EXPLOIT*
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| 8AFB43C5-ABD4-52AD-BB19-24D7884FF2A2 9.0
https://vulners.com/githubexploit/8AFB43C5-ABD4-52AD-BB19-24D7884FF2A2
*EXPLOIT*

| 7F48C6CF-47B2-5AF9-B6FD-1735FB2A95B2 9.0
https://vulners.com/githubexploit/7F48C6CF-47B2-5AF9-B6FD-1735FB2A95B2 *EXPLOIT*

| 4810E2D9-AC5F-5B08-BFB3-DDAFA2F63332 9.0
https://vulners.com/githubexploit/4810E2D9-AC5F-5B08-BFB3-DDAFA2F63332
*EXPLOIT*

| 4373C92A-2755-5538-9C91-0469C995AA9B 9.0
https://vulners.com/githubexploit/4373C92A-2755-5538-9C91-0469C995AA9B *EXPLOIT*

| 36618CA8-9316-59CA-B748-82F15F407C4F 9.0
https://vulners.com/githubexploit/36618CA8-9316-59CA-B748-82F15F407C4F *EXPLOIT*

| CVE-2021-44224 8.2 https://vulners.com/cve/CVE-2021-44224

| B0A9E5E8-7CCC-5984-9922-A89F11D6BF38 8.2
https://vulners.com/githubexploit/B0A9E5E8-7CCC-5984-9922-A89F11D6BF38 *EXPLOIT*

| CVE-2017-15715 8.1 https://vulners.com/cve/CVE-2017-15715

| CVE-2016-5387 8.1 https://vulners.com/cve/CVE-2016-5387

| EDB-ID:46676 7.8 https://vulners.com/exploitdb/EDB-ID:46676 *EXPLOIT*

| CVE-2019-0211 7.8 https://vulners.com/cve/CVE-2019-0211

| PACKETSTORM:181038 7.5 https://vulners.com/packetstorm/PACKETSTORM:181038


*EXPLOIT*

| PACKETSTORM:176334 7.5 https://vulners.com/packetstorm/PACKETSTORM:176334


*EXPLOIT*

| PACKETSTORM:171631 7.5 https://vulners.com/packetstorm/PACKETSTORM:171631


*EXPLOIT*

| MSF:AUXILIARY-SCANNER-HTTP-APACHE_OPTIONSBLEED- 7.5
https://vulners.com/metasploit/MSF:AUXILIARY-SCANNER-HTTP-APACHE_OPTIONSBLEED-
*EXPLOIT*

| F7F6E599-CEF4-5E03-8E10-FE18C4101E38 7.5
https://vulners.com/githubexploit/F7F6E599-CEF4-5E03-8E10-FE18C4101E38 *EXPLOIT*

| EDB-ID:42745 7.5 https://vulners.com/exploitdb/EDB-ID:42745 *EXPLOIT*

| EDB-ID:40909 7.5 https://vulners.com/exploitdb/EDB-ID:40909 *EXPLOIT*


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| E5C174E5-D6E8-56E0-8403-D287DE52EB3F 7.5
https://vulners.com/githubexploit/E5C174E5-D6E8-56E0-8403-D287DE52EB3F *EXPLOIT*

| DB6E1BBD-08B1-574D-A351-7D6BB9898A4A 7.5
https://vulners.com/githubexploit/DB6E1BBD-08B1-574D-A351-7D6BB9898A4A
*EXPLOIT*

| CVE-2024-40898 7.5 https://vulners.com/cve/CVE-2024-40898

| CVE-2024-39573 7.5 https://vulners.com/cve/CVE-2024-39573

| CVE-2024-38477 7.5 https://vulners.com/cve/CVE-2024-38477

| CVE-2024-27316 7.5 https://vulners.com/cve/CVE-2024-27316

| CVE-2023-31122 7.5 https://vulners.com/cve/CVE-2023-31122

| CVE-2022-30556 7.5 https://vulners.com/cve/CVE-2022-30556

| CVE-2022-29404 7.5 https://vulners.com/cve/CVE-2022-29404

| CVE-2022-26377 7.5 https://vulners.com/cve/CVE-2022-26377

| CVE-2022-22719 7.5 https://vulners.com/cve/CVE-2022-22719

| CVE-2021-34798 7.5 https://vulners.com/cve/CVE-2021-34798

| CVE-2021-33193 7.5 https://vulners.com/cve/CVE-2021-33193

| CVE-2021-26690 7.5 https://vulners.com/cve/CVE-2021-26690

| CVE-2019-0217 7.5 https://vulners.com/cve/CVE-2019-0217

| CVE-2019-0215 7.5 https://vulners.com/cve/CVE-2019-0215

| CVE-2018-17199 7.5 https://vulners.com/cve/CVE-2018-17199

| CVE-2018-1333 7.5 https://vulners.com/cve/CVE-2018-1333

| CVE-2018-1303 7.5 https://vulners.com/cve/CVE-2018-1303

| CVE-2017-9798 7.5 https://vulners.com/cve/CVE-2017-9798

| CVE-2017-15710 7.5 https://vulners.com/cve/CVE-2017-15710

| CVE-2016-8743 7.5 https://vulners.com/cve/CVE-2016-8743

| CVE-2016-8740 7.5 https://vulners.com/cve/CVE-2016-8740

| CVE-2016-4979 7.5 https://vulners.com/cve/CVE-2016-4979

| CVE-2006-20001 7.5 https://vulners.com/cve/CVE-2006-20001


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| C9A1C0C1-B6E3-5955-A4F1-DEA0E505B14B 7.5
https://vulners.com/githubexploit/C9A1C0C1-B6E3-5955-A4F1-DEA0E505B14B
*EXPLOIT*

| BD3652A9-D066-57BA-9943-4E34970463B9 7.5
https://vulners.com/githubexploit/BD3652A9-D066-57BA-9943-4E34970463B9
*EXPLOIT*

| B5E74010-A082-5ECE-AB37-623A5B33FE7D 7.5
https://vulners.com/githubexploit/B5E74010-A082-5ECE-AB37-623A5B33FE7D*EXPLOIT*

| B0208442-6E17-5772-B12D-B5BE30FA5540 7.5
https://vulners.com/githubexploit/B0208442-6E17-5772-B12D-B5BE30FA5540 *EXPLOIT*

| A820A056-9F91-5059-B0BC-8D92C7A31A52 7.5
https://vulners.com/githubexploit/A820A056-9F91-5059-B0BC-8D92C7A31A52
*EXPLOIT*

| A0F268C8-7319-5637-82F7-8DAF72D14629 7.5
https://vulners.com/githubexploit/A0F268C8-7319-5637-82F7-8DAF72D14629 *EXPLOIT*

| 9814661A-35A4-5DB7-BB25-A1040F365C81 7.5
https://vulners.com/githubexploit/9814661A-35A4-5DB7-BB25-A1040F365C81
*EXPLOIT*

| 5A864BCC-B490-5532-83AB-2E4109BB3C31 7.5
https://vulners.com/githubexploit/5A864BCC-B490-5532-83AB-2E4109BB3C31
*EXPLOIT*

| 45D138AD-BEC6-552A-91EA-8816914CA7F4 7.5
https://vulners.com/githubexploit/45D138AD-BEC6-552A-91EA-8816914CA7F4
*EXPLOIT*

| 17C6AD2A-8469-56C8-BBBE-1764D0DF1680 7.5
https://vulners.com/githubexploit/17C6AD2A-8469-56C8-BBBE-1764D0DF1680
*EXPLOIT*

| 1337DAY-ID-38427 7.5 https://vulners.com/zdt/1337DAY-ID-38427 *EXPLOIT*

| CVE-2020-35452 7.3 https://vulners.com/cve/CVE-2020-35452

| EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB 7.2
https://vulners.com/exploitpack/EXPLOITPACK:44C5118F831D55FAF4259C41D8BDA0AB
*EXPLOIT*

| 1337DAY-ID-32502 7.2 https://vulners.com/zdt/1337DAY-ID-32502 *EXPLOIT*


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| FDF3DFA1-ED74-5EE2-BF5C-BA752CA34AE8 6.8
https://vulners.com/githubexploit/FDF3DFA1-ED74-5EE2-BF5C-BA752CA34AE8
*EXPLOIT*

| 0095E929-7573-5E4A-A7FA-F6598A35E8DE 6.8
https://vulners.com/githubexploit/0095E929-7573-5E4A-A7FA-F6598A35E8DE *EXPLOIT*

| CVE-2020-1927 6.1 https://vulners.com/cve/CVE-2020-1927

| CVE-2019-10098 6.1 https://vulners.com/cve/CVE-2019-10098

| CVE-2019-10092 6.1 https://vulners.com/cve/CVE-2019-10092

| CVE-2016-4975 6.1 https://vulners.com/cve/CVE-2016-4975

| CVE-2023-45802 5.9 https://vulners.com/cve/CVE-2023-45802

| CVE-2018-1302 5.9 https://vulners.com/cve/CVE-2018-1302

| CVE-2018-1301 5.9 https://vulners.com/cve/CVE-2018-1301

| CVE-2018-11763 5.9 https://vulners.com/cve/CVE-2018-11763

| CVE-2016-1546 5.9 https://vulners.com/cve/CVE-2016-1546

| 1337DAY-ID-33577 5.8 https://vulners.com/zdt/1337DAY-ID-33577 *EXPLOIT*

| CVE-2020-13938 5.5 https://vulners.com/cve/CVE-2020-13938

| CVE-2022-37436 5.3 https://vulners.com/cve/CVE-2022-37436

| CVE-2022-28614 5.3 https://vulners.com/cve/CVE-2022-28614

| CVE-2022-28330 5.3 https://vulners.com/cve/CVE-2022-28330

| CVE-2020-1934 5.3 https://vulners.com/cve/CVE-2020-1934

| CVE-2020-11985 5.3 https://vulners.com/cve/CVE-2020-11985

| CVE-2019-17567 5.3 https://vulners.com/cve/CVE-2019-17567

| CVE-2019-0220 5.3 https://vulners.com/cve/CVE-2019-0220

| CVE-2019-0196 5.3 https://vulners.com/cve/CVE-2019-0196

| CVE-2018-17189 5.3 https://vulners.com/cve/CVE-2018-17189

| CVE-2018-1283 5.3 https://vulners.com/cve/CVE-2018-1283

| SSV:96537 5.0 https://vulners.com/seebug/SSV:96537 *EXPLOIT*


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D 5.0
https://vulners.com/exploitpack/EXPLOITPACK:C8C256BE0BFF5FE1C0405CB0AA9C075D
*EXPLOIT*

| EXPLOITPACK:2666FB0676B4B582D689921651A30355 5.0
https://vulners.com/exploitpack/EXPLOITPACK:2666FB0676B4B582D689921651A30355
*EXPLOIT*

| 1337DAY-ID-28573 5.0 https://vulners.com/zdt/1337DAY-ID-28573 *EXPLOIT*

| CVE-2016-8612 4.3 https://vulners.com/cve/CVE-2016-8612

| 4013EC74-B3C1-5D95-938A-54197A58586D 4.3
https://vulners.com/githubexploit/4013EC74-B3C1-5D95-938A-54197A58586D
*EXPLOIT*

| 1337DAY-ID-33575 4.3 https://vulners.com/zdt/1337DAY-ID-33575 *EXPLOIT*

|_ PACKETSTORM:152441 0.0 https://vulners.com/packetstorm/PACKETSTORM:152441


*EXPLOIT*

| http-slowloris-check:

| VULNERABLE:

| Slowloris DOS attack

| State: LIKELY VULNERABLE

| IDs: CVE:CVE-2007-6750

| Slowloris tries to keep many connections to the target web server open and hold

| them open as long as possible. It accomplishes this by opening connections to

| the target web server and sending a partial request. By doing so, it starves

| the http server's resources causing Denial Of Service.

| Disclosure date: 2009-09-17

| References:

| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750

|_ http://ha.ckers.org/slowloris/

|_http-server-header: Apache/2.4.18 (Ubuntu)

|_http-csrf: Couldn't find any CSRF vulnerabilities.


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
| http-enum:

|_ /secret/: Potentially interesting folder

MAC Address: 00:0C:29:0D:74:93 (VMware)

Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 328.63 seconds

Find Backdoor or Exploit from Online


Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd

Link: https://github.com/shafdo/ProFTPD-1.3.3c-
Backdoor_Command_Execution_Automated_Script
Open Parrot machine and Install the Backdoor
Vulnerability Assessment & Penetration Testing
Nmap Basic to Advance Command
Blue Team Bangladesh Ltd
#git clone https://github.com/shafdo/ProFTPD-1.3.3c-
Backdoor_Command_Execution_Automated_Script.git

End

You might also like