Scanning multiple hosts with Nmap’s Default Accounts NSE script not producing the expected result

I’m utilizing Nmap’s default account credential scanner. I’ve built a couple of my own fingerprints and I’ve tested that the fingerprints work when scanning one host at a time.
Example command line usage:

nmap -p80 --script http-default-accounts --script-args http-default-accounts.category=web,http-default-accounts.fingerprintfile=./my-fingerprints.lua 10.10.10.10 

When I try to scan more then one host either using -iL (input file) or by defining multiple IPs at the command line, nmap is not identifying that all of the hosts are utilizing default credentials. Nmap is only reporting that one of the hosts is utilizing default credentials. And the host nmap identifies as utilizing default credentials varies (it is not always the same host). I have also tried adding –scan-delay, but that does not change the scan results.

Example command line usage (input file):

nmap -p80 --script http-default-accounts --script-args http-default-accounts.category=web,http-default-accounts.fingerprintfile=./my-fingerprints.lua -iL hosts.txt 

Example command line usage (command line):

nmap -p80 --script http-default-accounts --script-args http-default-accounts.category=web,http-default-accounts.fingerprintfile=./my-fingerprints.lua 10.10.10.10 10.10.10.11 

Has anyone had experience with getting different results when scanning multiple hosts? Is there something I need to change when scanning multiple hosts?

Same server, different Apache virtual hosts, redirection does not work for one of them

On my server there are multiple virtual hosts configured. Two of them should have the following behaviour, so that in the end, it should always be redirected to https://www…..

for example, I put the following into the URL bar: domain1.tld

It redirects to www.domain1.tld -> redirects to -> https://www.domain1.tld

The setup looks like this…

<VirtualHost *:80>         ServerName domain1.tld         Redirect permanent / http://www.domain1.tld </VirtualHost>  <VirtualHost *:80>         ServerName www.domain1.tld      ###### more settings ####  RewriteEngine on RewriteCond %{SERVER_NAME} =www.domain1.tld RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost>   

The other virtual host has exactly the same configuration:

<VirtualHost *:80>         ServerName domain2.tld         Redirect permanent / http://www.domain2.tld </VirtualHost>  <VirtualHost *:80>         ServerName www.domain2.tld      #### more settings ####  RewriteEngine on RewriteCond %{SERVER_NAME} =www.domain2.tld RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> 

But what happens here is very strange. When I enter www.domain2.tld into the URL bar, it will be redirected to https://www.domain2.tld successfully. But when I enter domain2.tld into the URL bar, it redirects to https://domain2.tld and I get the default “Did Not Connect: Potential Security Issue” page with the error message:

Error code: SSL_ERROR_BAD_CERT_DOMAIN 

If I view the certificate, it show me the certificate from my 3rd domain configuration: subdomain1.domain1.tld. This virtual host can exists with both http and https, so the configuration looks slightly different. It has no redirection:

<VirtualHost *:80>         ServerName subdomain1.domain1.tld      ##### more settings ####  </VirtualHost> 

But this should not be the problem. The problem is:

When I enter domain2.tld into the URL bar, Why does this domain not redirect to HTTPS properly and gets the certificate of the 3rd domain?

What is additionally to say: domain2 is located at another domain provider (which points to my server IP), so the DNS setting looks slightly different (since the option were not the same as on my domain1 provider). Could this maybe a problem (on DNS level)?

Setup of domain1 (working):
domain1

For domain2, I can’t make such settings. Instead the settings look like this:

*.domain2.tld A [IP OF MY SERVER] ftp.domain2.tld A [IP OF MY SERVER] domain2.tld A [IP OF MY SERVER] mail.domain2.tld A [IP OF MY SERVER] 

apache 2.4 virtual hosts get list of domains from file

I have about 3000 plus domains and want them to point to the same folder.

Do I have to repeat this entry 3000 times <VirtualHost domain.com:80> DocumentRoot /var/www/html ServerAlias www.domain.com </VirtualHost>

or does apache have some way to grab a list of domain names in a text file and generate the above entry?

I looked in the manual and may have missed the option if it exists.

apache 2.4 on ubuntu 16.04

why the entry is requried in the hosts file for the SQL connecting even though setting in DNS in Server 2012 R2

why the entry with fully qulified name is requried in the hosts file for the SQL connecting even though it is set in DNS. Our LAN; 1. 2 servers installed Server 2012 R2, they are named as SQL1 and SQL2 and they are in teh same domain. 2. SQL 2016 Standard installed in each server 3. A separate DSN server in the same LAN The problem, SQL2 sever can connect to SQL1 from SSMS, but SQL1 cannot connect to SQL2. The problem is fixed by adding a entry with IP address and fully qualified name in the hosts file in SQL1 server.

it makes me confused. We have a dedicated DNS that has a similar function with hosts in windows. Why SQL uses hosts, instead of DNS, to connect the remote? What would be incorrect configuration that cause this issue? Would this configuration be made in SQL, Windows Server, DNS, Domain or others? Please advise. Thanks John

Send VirtualBox Guest traffic to Host’s router

I need to send HTTP traffic from the VirtualBox Host through a router. To do this, I think I have to do the following steps:

Create a SOCKS proxy using ssh -D Configure firefox to use the created proxy.

The question is that I need to use two virtual machines (server and router) + my main computer (Host). Then I need to be able to send http traffic from the Host through the Router, for this I need to perform these steps: 1.1) Organize socks-proxies using ssh, option -D; 1.2) Configure the firefox browser to use the received socks proxy; I chose the firefox browser (I have it in ubuntu). Please help me realize it !!!

after adding bridge, services on host are no longer reacheable from other hosts

Before adding the bridge, different http services were reachable from other hosts.

After adding the brnoidge, only ssh is reachable from other hosts. All other services are only reachable from the host itself, over localhost or the IP of the bridge adapter.

On the host, NO firewall is active, other hosts can ping the host and connect via ssh and scp, but the different web services are not rechargeable from other machines. other services are http based, on non interfering ports: 9090, 8001, 7070

#/etc/network/interfaces auto lo iface lo inet loopback auto lo iface lo inet loopback   auto br0 iface br0 inet dhcp         bridge_ports enp0s25         bridge_stp off         bridge_fd 0         bridge_maxwait 0  iface enp0s25 inet manual  auto br0 iface br0 inet dhcp     bridge_ports enp0s25     bridge_stp off     bridge_fd 0     bridge_maxwait 0  iface enp0s25 inet manual 

output of: ifconfig

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500     inet 10.203.114.247  netmask 255.255.0.0  broadcast 10.203.255.255     inet6 fe80::221:ccff:fe4b:313a  prefixlen 64  scopeid 0x20<link>     ether 00:21:cc:4b:31:3a  txqueuelen 1000  (Ethernet)     RX packets 23803  bytes 23963479 (23.9 MB)     RX errors 0  dropped 0  overruns 0  frame 0     TX packets 7365  bytes 806013 (806.0 KB)     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500     inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255     ether 02:42:02:a9:df:4e  txqueuelen 0  (Ethernet)     RX packets 0  bytes 0 (0.0 B)     RX errors 0  dropped 0  overruns 0  frame 0     TX packets 0  bytes 0 (0.0 B)     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  enp0s25: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500     ether 00:21:cc:4b:31:3a  txqueuelen 1000  (Ethernet)     RX packets 559347  bytes 511837384 (511.8 MB)     RX errors 0  dropped 325  overruns 0  frame 0     TX packets 94679  bytes 8350357 (8.3 MB)     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0     device interrupt 20  memory 0xd2600000-d2620000    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536     inet 127.0.0.1  netmask 255.0.0.0     inet6 ::1  prefixlen 128  scopeid 0x10<host>     loop  txqueuelen 1000  (Local Loopback)     RX packets 2722645  bytes 766563500 (766.5 MB)     RX errors 0  dropped 0  overruns 0  frame 0     TX packets 2722645  bytes 766563500 (766.5 MB)     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500     inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255     ether 52:54:00:db:37:1d  txqueuelen 1000  (Ethernet)     RX packets 323  bytes 45009 (45.0 KB)     RX errors 0  dropped 0  overruns 0  frame 0     TX packets 170  bytes 13961 (13.9 KB)     TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 

The bridge is now using the same DCHP config as the enp0s25 before and also has the same IP. This worked on other hosts without issues. Outside machines and their services can be reached from the host OS or VMs without issues. Inbound, ONLY ssh is reacheable, even if services are configured to run on 0.0.0.0.

Any ideas, whats blocking the other services ?

How to harden container hosts?

https://github.com/docker/docker-bench-security

git clone https://github.com/docker/docker-bench-security.git cd docker-bench-security docker build --no-cache -t docker-bench-security . docker run -it --net host --pid host --cap-add audit_control \     -e DOCKER_CONTENT_TRUST=$  DOCKER_CONTENT_TRUST \     -v /var/lib:/var/lib \     -v /var/run/docker.sock:/var/run/docker.sock \     -v /usr/lib/systemd:/usr/lib/systemd \     -v /etc:/etc --label docker_bench_security \     docker-bench-security 

returns a report including:

[NOTE] 1.2  - Ensure the container host has been Hardened 

Some containers run on Virtual Machines, how to harden these machines to ensure that the container host is hardened?

How to give myself permission to edit the locked hosts file on MacOS Mojave? [duplicate]

This question already has an answer here:

  • How do I disable System Integrity Protection (SIP) AKA “rootless” on macOs [OS X] 6 answers

I am logged in with my admin account, which is my only account on this computer. I checked under preferences and it says “admin”.

I have located the file here:

/private/etc/hosts 

When I go to getinfo, it looks like the file is not locked. I also added myself and for good measure everyone with r&w permissions:

enter image description here

Still, when I open it and try to edit it, it says I have no permission:

enter image description here

What am I doing wrong here?