ANALISIS DE VULNERABILIDADES CON NMAP

Posted on 30/10/2011

1



Nmap es una excelente herramienta libre para el scaneo de puertos, pero también tiene plugins para poder usar esta poderosa herramienta como analizador de vulnerabilidades. Aunque pueden haber falsos positivos,  el proyecto esta en su fase experimental y cada día actualizan su base de datos de vulnerabilidades.

Esta plugin no viene instalado por defecto con Nmap, así que tenemos que integrarlo manualmente.

1. Te registras en la pagina https://osvdb.org/account/signup

2. Luego te descargas el archivo osvdb-csv.latest.tar.gz en esta dirección http://osvdb.org/file/dumps

3. Descomprimir el archivo en la siguiente dirección

/usr/share/nmap/scripts/

4. Copiar todos los archivos del directorio osvdb a una nueva carpeta vulscan

cp /usr/share/nmap/scripts/osvdb/*.* /usr/share/nmap/scripts/vulscan/

5. Descargar el siguiente archivo http://www.computec.ch/mruef/software/nmap_nse_vulscan-0.6.tar.gz

6. Descomprimir el archivo e ir a la carpeta llamada vulscan y copiar todo el contenido a nuestra carpeta vulscan.

7. Haremos una prueba con el siguiente scaneo de vulnerabilidad a un puerto en especifico en este caso para el puerto ftp.

sudo nmap -vvv -sSV -p21 –script=vulscan –script-args vulscancorrelation=1 192.168.2.104

Resultado:

Starting Nmap 5.21 ( http://nmap.org ) at 2011-10-30 10:56 PET
NSE: Loaded 5 scripts for scanning.
Initiating ARP Ping Scan at 10:56
Scanning 192.168.2.104 [1 port]
Completed ARP Ping Scan at 10:56, 0.06s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:56
Completed Parallel DNS resolution of 1 host. at 10:56, 0.41s elapsed
DNS resolution of 1 IPs took 0.42s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 10:56
Scanning 192.168.2.104 [1 port]
Discovered open port 21/tcp on 192.168.2.104
Completed SYN Stealth Scan at 10:56, 0.06s elapsed (1 total ports)
Initiating Service scan at 10:56
Scanning 1 service on 192.168.2.104
Completed Service scan at 10:56, 0.00s elapsed (1 service on 1 host)
NSE: Script scanning 192.168.2.104.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 10:56
Completed NSE at 10:57, 19.34s elapsed
NSE: Script Scanning completed.
Nmap scan report for 192.168.2.104
Host is up (0.00064s latency).
Scanned at 2011-10-30 10:56:47 PET for 20s
PORT   STATE SERVICE VERSION
21/tcp open  ftp     Microsoft ftpd
| vulscan: [11395] F-Secure Anti-Virus for Microsoft Exchange Nested Password Protected Archives Bypass
| [14663] Microsoft AntiSpyware cscript/wscript Filter Bypass
| [16814] Microsoft Word mcw File Processing Overflow
| [19876] Microsoft AntiSpyware Registry Extension Bypass
| [22529] CA Multiple Products Crafted Traffic DM Primer DoS
| [21146] CA Message Queuing (CAM / CAFT) Port 4105 Crafted Message DoS
| [13595] Microsoft Windows Sharepoint Services HTML Redirection XSS
| [42331] Symantec Multiple Products  Symantec Decomposer RAR File Handling Memory Consumption DoS
| [9951] Microsoft Multiple Products  GDIPlus.dll JPEG Processing Overflow
| [5581] Trend Micro ScanMail for Microsoft Exchange Administrative Credential Disclosure
| [9818] F-Secure Anti-Virus For Microsoft Exchange Content Scanner Server Exception Handling DoS
| [25635] Microsoft Word Unspecified Code Execution
| [10132] Microsoft SQL Server Authentication Function Remote Overflow
| [18916] CA Multiple Products Message Queuing (CAM/CAFT) Multiple Remote Overflows
| [44880] Microsoft Windows msjet40.dll MDB File Handling Overflow
|_[45367] CA Multiple Product caloggerd Log Daemon Traversal Arbitrary File Manipulation
MAC Address: 08:00:27:DE:E8:2A (Cadmus Computer Systems)
Service Info: OS: Windows

Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.23 seconds
           Raw packets sent: 2 (86B) | Rcvd: 2 (86B)

Se recomienda actualizar su base de datos de vulnerabilidades frecuentemente, para esto volver a seguir los pasos 2, 3, 4.

Anuncios
Etiquetado: ,