Scan of Internet Reveals Millions of Exposed Services

If you thought WannaCry inspired a global wakeup call and a massive crackdown on exposed and dangerous ports, you would be wrong. In its annual National Exposure Index report, Rapid7 found 160 million computers, IoT devices and servers with open ports that should not be exposed to the public...

Player 3 Has Entered the Game: Say Hello to 'WannaCry'

This post was authored by Martin Lee, Warren Mercer, Paul Rascagneres, and Craig Williams.Executive SummaryA major ransomware attack has affected many organizations across the world reportedly including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware...

Citrix Presentation Server 4.5 Code Execution

The version of Citrix Presentation Server installed on the remote Windows host is potentially affected by multiple code execution vulnerabilities. By sending a specially crafted packet to the IMA server process, a remote, unauthenticated attacker could execute arbitrary code subject to the...

Nmap NSE 6.01: smb-security-mode

Returns information about the SMB security level determined by SMB. Here is how to interpret the output: User-level authentication: Each user has a separate username/password that is used to log into the system. This is the default setup of pretty much everything these days. Share-level...

Nmap NSE 6.01: p2p-conficker

Checks if a host is infected with Conficker.C or higher, based on Conficker's peer to peer communication. When Conficker.C or higher infects a system, it opens four ports: two TCP and two UDP. The ports are random, but are seeded with the current week and the IP of the infected host. By determini...

Nmap NSE net: stuxnet-detect

Detects whether a host is infected with the Stuxnet worm http://en.wikipedia.org/wiki/Stuxnet. An executable version of the Stuxnet infection will be downloaded if a format for the filename is given on the command line. SYNTAX: smbbasic: Forces the authentication to use basic security, as opposed...

Nmap NSE net: smb-enum-domains

Attempts to enumerate domains on a system, along with their policies. This generally requires credentials, except against Windows 2000. In addition to the actual domain, the 'Builtin' domain is generally displayed. Windows returns this in the list of domains, but its policies don't appear to be...

Nmap NSE: SMB Security Mode

This script attempts to get information about the SMB security level determined by SMB. This is a wrapper on the Nmap Security Scanner's http://nmap.org smb-security-mode.nse. OpenVAS Vulnerability Test $Id: gbnmapsmbsecuritymode.nasl 7006 2017-08-25 11:51:20Z teissa $ Wrapper for Nmap SMB Securi...

Nmap NSE: SMB System Info

This script attempts to get the information about the remote system from the registry. This is a wrapper on the Nmap Security Scanner's http://nmap.org smb-system-info.nse OpenVAS Vulnerability Test $Id: gbnmapsmbsysteminfo.nasl 7006 2017-08-25 11:51:20Z teissa $ Wrapper for Nmap SMB System Info...

ms-sql-brute NSE Script

Performs password guessing against Microsoft SQL Server ms-sql. Works best in conjunction with the broadcast-ms-sql-discover script. SQL Server credentials required: No will not benefit from mssql.username & mssql.password. Run criteria: Host script: Will run if the mssql.instance-all,...

SAP GUI Moniker Creation Multiple Vulnerabilities

The version of the SAP GUI Moniker Creation ActiveX control installed on the remote Windows host is reportedly affected by 3 stack-based buffer overflows involving various properties and methods in 'MonikerUtildll.dll'. If an attacker can trick a user on the affected host into viewing a specially...