Host script results:| dns-brute: | DNS Brute-force hostnames: | admin.vulnweb.com - 176.28.50.165 | firewall.vulnweb.com - 176.28.50.165 |_ dev.vulnweb.com - 176.28.50.165

Host script results: | hostmap-bfk: | hosts: | www.nmap.org | 173.255.243.189 | seclists.org | sectools.org | svn.nmap.org | nmap.org | hb.insecure.org | insecure.org | images.insecure.org | 189.243.255.173.in-addr.arpa |_ www.insecure.org

Script OutputPORT STATE SERVICE REASON 80/tcp open http syn-ack| http-email-harvest: | Spidering limited to: maxdepth=3; maxpagecount=20 | root@examplec.com |_ postmaster@example.com

Script Output| ms-sql-info: | Windows server name: WINXP | 192.168.100.128\PROD: | Instance name: PROD | Version: | Named pipe: \\192.168.100.128\pipe\MSSQL$PROD\sql\query | Clustered: No | 192.168.100.128\SQLFIREWALLED: | Instance name: SQLFIREWALLED | Version: | name: Microsoft SQL Server 2008 RTM | Product: Microsoft SQL Server 2008 | Service pack level: RTM | TCP port: 4343 | Clustered: No

Script OutputHost script results: | smb-check-vulns: | MS08-067: NOT VULNERABLE | Conficker: Likely CLEAN | regsvc DoS: regsvc DoS: NOT VULNERABLE | SMBv2 DoS (CVE-2009-3103): NOT VULNERABLE | MS06-025: NO SERVICE (the Ras RPC service is inactive) |_ MS07-029: NO SERVICE (the Dns Server RPC service is inactive)

Script OutputPORT STATE SERVICE REASON 80/tcp open http syn-ack|http-stored-xss: |Found the following stored XSS vulnerabilities: | | Payload: ghz>hzx|Uploaded on: /guestbook.php|Description: Unfiltered '>' (greater than sign). An indication of potential XSS vulnerability. | Payload: zxc'xcv| Uploaded on: /guestbook.php

Script OutputPORT STATE SERVICE REASON 80/tcp open http syn-ack| http-dombased-xss: | Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=some-very-random-page.com | Found the following indications of potential DOM based XSS: | | Source: document.write("<OPTION value=1>"+document.location.href.substring(document.location.href.indexOf("default=") | Pages: http://some-very-random-page.com:80/, http://some-very- random-page.com/foo.html

PORT STATE SERVICE REASON 80/tcp open http syn-ack| http-csrf: |Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=some-very-random-page.com | Found the following CSRF vulnerabilities :| | Path: http://www.example.com/c/334/watches.html | Form id: custom_price_filters|_ Form action: /c/334/rologia-xeiros-watches.html

Script OutputPORT STATE SERVICE REASON 80/tcp open http syn-ack| Testing page /post.html | | Successfully uploaded and executed payloads: | Filename: 1.php, MIME: text/plain |_ Filename: 1.php3, MIME: text/plain

Script OutputPORT STATE SERVICE REASON 443/tcp open https syn-ack| http-open-redirect: |_ https://foobar.target.se:443/redirect.php?url=http%3A%2f%2fscanme.nmap.org%2f

Script Output| [192.168.100.128\PROD] | Credentials found: | webshop_reader:secret => Login Success | testuser:secret1234 => PasswordMustChange|_ lordvader:secret1234 => Login Success