- 19 Haz 2021
- 77
- 18
Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-19 17:58 Türkiye Standart Saati
NSE: Loaded 153 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:58
Completed NSE at 17:58, 0.00s elapsed
Initiating NSE at 17:58
Completed NSE at 17:58, 0.00s elapsed
Initiating NSE at 17:58
Completed NSE at 17:58, 0.00s elapsed
Initiating ARP Ping Scan at 17:58
Scanning 192.168.1.42 [1 port]
Failed to resolve "nmap".
Completed ARP Ping Scan at 17:58, 0.06s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 17:58
Scanning 192.168.1.42 [65535 ports]
Discovered open port 443/tcp on 192.168.1.42
Discovered open port 8080/tcp on 192.168.1.42
Discovered open port 8085/tcp on 192.168.1.42
Discovered open port 50944/tcp on 192.168.1.42
Completed SYN Stealth Scan at 17:58, 19.84s elapsed (65535 total ports)
Initiating Service scan at 17:58
Scanning 4 services on 192.168.1.42
Completed Service scan at 18:01, 169.19s elapsed (4 services on 1 host)
NSE: Script scanning 192.168.1.42.
Initiating NSE at 18:01
Completed NSE at 18:02, 78.34s elapsed
Initiating NSE at 18:02
Completed NSE at 18:02, 1.42s elapsed
Initiating NSE at 18:02
Completed NSE at 18:02, 0.00s elapsed
Nmap scan report for 192.168.1.42
Host is up (0.00026s latency).
Not shown: 65531 closed ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Mongoose httpd 3.7
| http-methods:
| Supported Methods: GET POST HEAD CONNECT PUT DELETE OPTIONS
|_ Potentially risky methods: CONNECT PUT DELETE
|_http-svn-info: ERROR: Script execution failed (use -d to debug)
|_http-title: WebSocket Test
| http-webdav-scan:
| WebDAV type: Unknown
|_ Allowed Methods: GET, POST, HEAD, CONNECT, PUT, DELETE, OPTIONS
| ssl-cert: Subject: commonName=192.168.252.250/organizationName=Arcelik AS/stateOrProvinceName=Istanbul/countryName=TR
| Issuer: commonName=192.168.252.250/organizationName=Arcelik AS/stateOrProvinceName=Istanbul/countryName=TR
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2015-05-07T11:45:07
| Not valid after: 2016-05-06T11:45:07
| MD5: 7b1f 9cd4 6bab 7caf 9867 4b39 2627 3c1a
|_SHA-1: 3532 9827 d596 359a 9326 7bdd 49af 9fdf d78f 1c58
|_ssl-date: ERROR: Script execution failed (use -d to debug)
| sslv2:
| SSLv2 supported
|_ ciphers: none
8080/tcp open http-proxy?
| fingerprint-strings:
| DNSStatusRequestTCP, LANDesk-RC, LDAPBindReq, Socks4:
| okokokok
| DNSVersionBindReqTCP:
| okokokokokokokok
| FourOhFourRequest:
| okokokokokokokokokokokokokok
| GetRequest, afp:
| okokokokok
| HTTPOptions, NCP, RTSPRequest:
| okokokokokok
| Help, JavaRMI:
| okok
| Kerberos:
| okokokokokokokokokokokokokokokokokokokokokokokokokokokokokok
| LDAPSearchReq, ms-sql-s:
| okokokokokokokokokokokokok
| LPDString, TerminalServer, X11Probe:
| okokok
| NotesRPC:
| okokokokokokokokokokokokokokok
| RPCCheck, Socks5, TerminalServerCookie:
| okokokokokokokokokokok
| SIPOptions:
| okokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokok
| SMBProgNeg:
| okokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokok
| SSLSessionReq:
| okokokokokokokokokokokokokokokokokokokokokok
| TLSSessionReq:
| okokokokokokokokokokokokokokokokokokokokokokokokokokokok
| WMSRequest:
| okokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokok
| giop:
| okokokokokokokokokokokok
| oracle-tns:
|_ okokokokokokokokokokokokokokokokokokokokokokok
8085/tcp open http Mongoose httpd 3.7
| http-methods:
| Supported Methods: GET POST HEAD CONNECT PUT DELETE OPTIONS
|_ Potentially risky methods: CONNECT PUT DELETE
|_http-svn-info: ERROR: Script execution failed (use -d to debug)
|_http-title: WebSocket Test
| http-webdav-scan:
| WebDAV type: Unknown
|_ Allowed Methods: GET, POST, HEAD, CONNECT, PUT, DELETE, OPTIONS
50944/tcp open upnp
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404 File Not Found
| EXT:
| CONTENT-TYPE: text/xml; charset="utf-8"
| DATE: Thu, 01 Jan 1970 00:32:56 GMT
| PRAGMA: no-cache
| SERVER: AwoX/1.1 UPnP/1.0
| CONTENT-LENGTH: 0
| GenericLines, HTTPOptions, RTSPRequest:
| HTTP/1.1 400 Bad Request
| EXT:
| CONTENT-TYPE: text/xml; charset="utf-8"
| DATE: Thu, 01 Jan 1970 00:32:46 GMT
| PRAGMA: no-cache
| SERVER: AwoX/1.1 UPnP/1.0
| CONTENT-LENGTH: 0
| CONNECTION: close
| GetRequest:
| HTTP/1.1 404 File Not Found
| EXT:
| CONTENT-TYPE: text/xml; charset="utf-8"
| DATE: Thu, 01 Jan 1970 00:32:46 GMT
| PRAGMA: no-cache
| SERVER: AwoX/1.1 UPnP/1.0
| CONTENT-LENGTH: 0
| SIPOptions:
| HTTP/1.1 400 Bad Request
| EXT:
| CONTENT-TYPE: text/xml; charset="utf-8"
| DATE: Thu, 01 Jan 1970 00:32:56 GMT
| PRAGMA: no-cache
| SERVER: AwoX/1.1 UPnP/1.0
| CONTENT-LENGTH: 0
|_ CONNECTION: close
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8080-TCP:V=7.91%I=7%D=6/19%Time=60CE0627%P=i686-pc-windows-windows%
SF:r(GetRequest,A,"okokokokok")%r(HTTPOptions,C,"okokokokokok")%r(RTSPRequ
SF:est,C,"okokokokokok")%r(FourOhFourRequest,1C,"okokokokokokokokokokokoko
SF:kok")%r(Socks5,16,"okokokokokokokokokokok")%r(Socks4,8,"okokokok")%r(Ge
SF:nericLines,2,"ok")%r(RPCCheck,16,"okokokokokokokokokokok")%r(DNSVersion
SF:BindReqTCP,10,"okokokokokokokok")%r(DNSStatusRequestTCP,8,"okokokok")%r
SF:(Help,4,"okok")%r(SSLSessionReq,2C,"okokokokokokokokokokokokokokokokoko
SF:kokokokok")%r(TerminalServerCookie,16,"okokokokokokokokokokok")%r(TLSSe
SF:ssionReq,38,"okokokokokokokokokokokokokokokokokokokokokokokokokokokok")
SF:%r(Kerberos,3C,"okokokokokokokokokokokokokokokokokokokokokokokokokokoko
SF:kokok")%r(SMBProgNeg,54,"okokokokokokokokokokokokokokokokokokokokokokok
SF:okokokokokokokokokokokokokokokokokokok")%r(X11Probe,6,"okokok")%r(LPDSt
SF:ring,6,"okokok")%r(LDAPSearchReq,1A,"okokokokokokokokokokokokok")%r(LDA
SF:PBindReq,8,"okokokok")%r(SIPOptions,70,"okokokokokokokokokokokokokokoko
SF:kokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokok
SF:okokokokok")%r(LANDesk-RC,8,"okokokok")%r(TerminalServer,6,"okokok")%r(
SF:NCP,C,"okokokokokok")%r(NotesRPC,1E,"okokokokokokokokokokokokokokok")%r
SF:(JavaRMI,4,"okok")%r(WMSRequest,58,"okokokokokokokokokokokokokokokokoko
SF:kokokokokokokokokokokokokokokokokokokokokokokokokokok")%r(oracle-tns,2E
SF:,"okokokokokokokokokokokokokokokokokokokokokokok")%r(ms-sql-s,1A,"okoko
SF:kokokokokokokokokokok")%r(afp,A,"okokokokok")%r(giop,18,"okokokokokokok
SF:okokokokok");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port50944-TCP:V=7.91%I=7%D=6/19%Time=60CE0620%P=i686-pc-windows-windows
SF:%r(GenericLines,C4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nEXT:\x20\r\nC
SF:ONTENT-TYPE:\x20text/xml;\x20charset=\"utf-8\"\r\nDATE:\x20Thu,\x2001\x
SF:20Jan\x201970\x2000:32:46\x20GMT\r\nPRAGMA:\x20no-cache\r\nSERVER:\x20A
SF:woX/1\.1\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x200\r\nCONNECTION:\x20close\r
SF:\n\r\n")%r(GetRequest,B4,"HTTP/1\.1\x20404\x20File\x20Not\x20Found\r\nE
SF:XT:\x20\r\nCONTENT-TYPE:\x20text/xml;\x20charset=\"utf-8\"\r\nDATE:\x20
SF:Thu,\x2001\x20Jan\x201970\x2000:32:46\x20GMT\r\nPRAGMA:\x20no-cache\r\n
SF:SERVER:\x20AwoX/1\.1\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x200\r\n\r\n")%r(H
SF:TTPOptions,C4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nEXT:\x20\r\nCONTEN
SF:T-TYPE:\x20text/xml;\x20charset=\"utf-8\"\r\nDATE:\x20Thu,\x2001\x20Jan
SF:\x201970\x2000:32:46\x20GMT\r\nPRAGMA:\x20no-cache\r\nSERVER:\x20AwoX/1
SF:\.1\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x200\r\nCONNECTION:\x20close\r\n\r\
SF:n")%r(RTSPRequest,C4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nEXT:\x20\r\
SF:nCONTENT-TYPE:\x20text/xml;\x20charset=\"utf-8\"\r\nDATE:\x20Thu,\x2001
SF:\x20Jan\x201970\x2000:32:46\x20GMT\r\nPRAGMA:\x20no-cache\r\nSERVER:\x2
SF:0AwoX/1\.1\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x200\r\nCONNECTION:\x20close
SF:\r\n\r\n")%r(FourOhFourRequest,B4,"HTTP/1\.1\x20404\x20File\x20Not\x20F
SF:ound\r\nEXT:\x20\r\nCONTENT-TYPE:\x20text/xml;\x20charset=\"utf-8\"\r\n
SF:DATE:\x20Thu,\x2001\x20Jan\x201970\x2000:32:56\x20GMT\r\nPRAGMA:\x20no-
SF:cache\r\nSERVER:\x20AwoX/1\.1\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x200\r\n\
SF:r\n")%r(SIPOptions,C4,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nEXT:\x20\r
SF:\nCONTENT-TYPE:\x20text/xml;\x20charset=\"utf-8\"\r\nDATE:\x20Thu,\x200
SF:1\x20Jan\x201970\x2000:32:56\x20GMT\r\nPRAGMA:\x20no-cache\r\nSERVER:\x
SF:20AwoX/1\.1\x20UPnP/1\.0\r\nCONTENT-LENGTH:\x200\r\nCONNECTION:\x20clos
SF:e\r\n\r\n");
MAC Address: 60:02:B4:70:26:5E (Wistron Neweb)
Host script results:
|_clock-skew: -18797d14h25m53s
NSE: Script Post-scanning.
Initiating NSE at 18:02
Completed NSE at 18:02, 0.00s elapsed
Initiating NSE at 18:02
Completed NSE at 18:02, 0.00s elapsed
Initiating NSE at 18:02
Completed NSE at 18:02, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 274.65 seconds
Raw packets sent: 65536 (2.884MB) | Rcvd: 65542 (2.622MB)
güzel bir konuya değindim ama o kadar basit değil.
televizyon internete açık anlaşılan. bir yerlerde yazılımda RCE gibi zafiyetler bulmalısın.
Bildiğim kadarıyla bu da ileri seviye reverse eng. isteyen bir konu olacak çünkü akıllı televizyonun yazılımını çekip oradan vuln. research yapman lazım.
nmap -sV parametresi ile versiyon taraması yapıp versiyonların açıklarına uygun exploitleri kullanabilirsin
yeraltı forumu? deep web mişöyle bir cve alınmış 6.15 öncesinde heap tabanlı bof var
iyice detaylı incelemek için kodları buyur.NVD - CVE-2019-12951
nvd.nist.gov
herhangi bir yeraltı forumun bunun exp'ini kodlatabilirsin.Fix heap-based overflow in parse_mqtt · cesanta/mongoose@b3e0f78
PUBLISHED_FROM=3306592896298597fff5269634df0c1a1555113bgithub.com
Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.