[root@test]# nmap -F -sV localhostStarting nmap 3.75 ( /nmap/ ) at 2009-07-28 13:31 CESTInteresting ports on localhost.localdomain (127.0.0.1):(The 1205 ports scanned but not shown below are in state: closed)PORT STATE SERVICE VERSION443/tcp open ssl OpenSSL901/tcp open http Samba SWAT administration server8080/tcp open http Apache httpd 2.0.54 ((Unix) mod_ssl/2.0.54 OpenSSL/0.9.7g PHP/4.3.11)8081/tcp open http Apache Tomcat/Coyote JSP engine 1.0Nmap run completed -- 1 IP address (1 host up) scanned in 27.881 seconds[root@test]# |
https (443/tcp) Description Here is the SSLv2 server certificate: Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=**, ST=******, L=******, O=******, OU=******, CN=****** Validity Not Before: Oct 17 07:12:16 2007 GMT Not After : Oct 16 07:12:16 2008 GMT Subject: C=**, ST=******, L=******, O=******, CN=****** Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:98:4f:24:16:cb:0f:74:e8:9c:55:ce:62:14:4e: 6b:84:c5:81:43:59:c1:2e:ac:ba:af:92:51:f3:0b: ad:e1:4b:22:ba:5a:9a:1e:0f:0b:fb:3d:5d:e6:fc: ef:b8:8c:dc:78:28:97:8b:f0:1f:17:9f:69:3f:0e: 72:51:24:1b:9c:3d:85:52:1d:df:da:5a:b8:2e:d2: 09:00:76:24:43:bc:08:67:6b:dd:6b:e9:d2:f5:67: e1:90:2a:b4:3b:b4:3c:b3:71:4e:88:08:74:b9:a8: 2d:c4:8c:65:93:08:e6:2f:fd:e0:fa:dc:6d:d7:a2: 3d:0a:75:26:cf:dc:47:74:29 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate Page 10 Network Vulnerability Assessment Report 25.07.2009 X509v3 Subject Key Identifier: 10:00:38:4C:45:F0:7C:E4:C6:A7:A4:E2:C9:F0:E4:2B:A8:F9:63:A8 X509v3 Authority Key Identifier: keyid:CE:E5:F9:41:7B:D9:0E:5E:5D:DF:5E:B9:F3:E6:4A:12:19:02:76:CE DirName:/C=**/ST=******/L=******/O=******/OU=******/CN=******serial:00 Signature Algorithm: md5WithRSAEncryption 7b:14:bd:c7:3c:0c:01:8d:69:91:95:46:5c:e6:1e:25:9b:aa: 8b:f5:0d:de:e3:2e:82:1e:68:be:97:3b:39:4a:83:ae:fd:15:2e:50:c8:a7:16:6e:c9:4e:76:cc:fd:69:ae:4f:12:b8:e7:01: b6:58:7e:39:d1:fa:8d:49:bd:ff:6b:a8:dd:ae:83:ed:bc:b2: 40:e3:a5:e0:fd:ae:3f:57:4d:ec:f3:21:34:b1:84:97:06:6f: f4:7d:f4:1c:84:cc:bb:1c:1c:e7:7a:7d:2d:e9:49:60:93:12: 0d:9f:05:8c:8e:f9:cf:e8:9f:fc:15:c0:6e:e2:fe:e5:07:81: 82:fc Here is the list of available SSLv2 ciphers: RC4-MD5EXP-RC4-MD5RC2-CBC-MD5EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5 RC4-64-MD5 The SSLv2 server offers 5 strong ciphers, but also 0 medium strength and 2 weak "export class" ciphers. The weak/medium ciphers may be chosen by an export-grade or badly configured client software. They only offer a limited protection against a brute force attack Solution: disable those ciphers and upgrade your client software if necessary. See support.microsoft/default.aspx?scid=kben-us216482 or /docs-2.0/mod/mod_ssl.html#sslciphersuite This SSLv2 server also accepts SSLv3 connections.This SSLv2 server also accepts TLSv1 connections. Vulnerable hosts (以下从略) |
[root@test]# openssl s_client -no_tls1 -no_ssl3 -le:443CONNECTED(00000003)depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/leverify error:num=20:unable to get local issuer certificateverify return:1depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/leverify error:num=27:certificate not trustedverify return:1depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/leverify error:num=21:unable to verify the first certificateverify return:1---Server certificate-----BEGIN CERTIFICATE-----MIIDYzCCAsygAwIBAgIQYFbAC3yUC8RFj9MS7lfBkzANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEB hMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQ苹果灯 KExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaX Zpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlw cmVtaXVtLXNlcnZlckB0aGF3dGUuY29tMB4XDTA2MDQyMTAxMDc0NVoXDTA3MDQyMTAxMDc0NVow aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZX cxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDnd3dy5nb29nbGUuY29tMIGfMA0GCSqGSIb3D QEBAQUAA4GNADCBiQKBgQC/e2Vs8U33fRDk5NNpNgkB1zKw4rqTozmfwty7eTEI8PVH1Bf6nthocQ9d9SgJ AI2WOBP4grPj7MqOdXMTFWGDfiTnwes16G7NZlyh6peT68r7ifrwSsVLisJp6pUf31M5Z3D88b+Yy4PED 7BJaTxq6NNmP1vYUJeXsGSGrV6FUQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr BgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUHJlbWl1bV NlcnZlckNBLmNybDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRo YXd0ZS5jb20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQADlTbBdVY6LD1nHWkhT admzuWq2rWE0KO3Ay+7EleYWPOo+EST315QLpU6pQgblgobGoI5x/fUg2U8WiYj1I1cbavhX2h1hda3FJW nB3SiXaiuDTsGxQ267EwCVWD5bCrSWa64ilSJTgiUmzAv0a2W8YHXdG08+nYcX/dVk5WRTw==-----END CERTIFICATE-----subject=/C=US/ST=California/L=Mountain View/O=Google Inc/leissuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte---No client certificate CA names sent---Ciphers common between both SSL endpoints:RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5RC4-64-MD5---SSL handshake has read 1023 bytes and written 333 bytes---New, SSLv2, Cipher is DES-CBC3-MD5Server public key is 1024 bitCompression: NONEExpansion: NONESSL-Session: Protocol : SSLv2 Cipher : DES-CBC3-MD5Session-ID: 709F48E4D567C70A2E49886E4C697CDE Session-ID-ctx: Master-Key: 649E68F8CF936E69642286AC40A80F433602E3C36FD288C3 Key-Arg : E8CB6FEB9ECF3033 Start Time: 1156977226 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate)---closed |
本文发布于:2024-09-24 05:25:28,感谢您对本站的认可!
本文链接:https://www.17tex.com/tex/2/200458.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
留言与评论(共有 0 条评论) |