3.2.6 Eradicate the Vulnerabilities
By: Anitha Sharma
I went to ZenMap and used Target: 10.2.0.0/24 and Profile: Quick Scan Plus
I clicked Scan Print Microsoft Print to PDF and saved it in Desktop. Then I dragged
that file from Desktop to G on Guacamole RDP Download to save it to my local machine.
I ignored IP addresses: 10.2.0.1, 10.2.0.2, 10.2.0.9
10.2.0.5
91 closed ports
21 tcp open ftp ProFTPD 1.3.5
22 tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.11 (Ubuntu Linux; protocol 2.0)
80 tcp open http Apache httpd 2.4.7
111 tcp open rpcbind
139 tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445 tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
631 tcp open ipp CUPS 1.7
3306 tcp open mysql MySQL (unauthorized)
8080 tcp open http Jetty 8.1.7 .v20120910
Since PumpPLC is now running multiple web servers, exploits that I checked for are:
Directory browsing (log files)
Loose lipped error messages
On PowerShell I issued the command: net stop “Tenable Nessus”
Then the command, net start “Tenable Nessus”
I went to Windows Tenable Network Security Nessus Web Client
Nessus sign in
User: admin
Password: password
I then clicked New scan Advanced scan
Basic settings
Name: Anitha_AdvancedScan1
Description: PumpPLC Advanced Scan
Target: 10.2.0.5
, Report
Check override normal verbosity
Click report as much information as possible
Advanced
Enable safe checks (uncheck)
With all these settings, I launched the scan
Saving the scan in 3 different ways
Export HTML Executive summary
Export HTML Custom
Export Nessus
I saved all the 3 scans to G on Guacamole RDP Download to save it to my local machine.
By: Anitha Sharma
I went to ZenMap and used Target: 10.2.0.0/24 and Profile: Quick Scan Plus
I clicked Scan Print Microsoft Print to PDF and saved it in Desktop. Then I dragged
that file from Desktop to G on Guacamole RDP Download to save it to my local machine.
I ignored IP addresses: 10.2.0.1, 10.2.0.2, 10.2.0.9
10.2.0.5
91 closed ports
21 tcp open ftp ProFTPD 1.3.5
22 tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.11 (Ubuntu Linux; protocol 2.0)
80 tcp open http Apache httpd 2.4.7
111 tcp open rpcbind
139 tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445 tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
631 tcp open ipp CUPS 1.7
3306 tcp open mysql MySQL (unauthorized)
8080 tcp open http Jetty 8.1.7 .v20120910
Since PumpPLC is now running multiple web servers, exploits that I checked for are:
Directory browsing (log files)
Loose lipped error messages
On PowerShell I issued the command: net stop “Tenable Nessus”
Then the command, net start “Tenable Nessus”
I went to Windows Tenable Network Security Nessus Web Client
Nessus sign in
User: admin
Password: password
I then clicked New scan Advanced scan
Basic settings
Name: Anitha_AdvancedScan1
Description: PumpPLC Advanced Scan
Target: 10.2.0.5
, Report
Check override normal verbosity
Click report as much information as possible
Advanced
Enable safe checks (uncheck)
With all these settings, I launched the scan
Saving the scan in 3 different ways
Export HTML Executive summary
Export HTML Custom
Export Nessus
I saved all the 3 scans to G on Guacamole RDP Download to save it to my local machine.
