Default Web Page (Low)

Server Header Info Disclosure (Low) - only on web assessments

• curl --head <ip>

  • ETag?

• nikto, e.g.

  • + The anti-clickjacking X-Frame-Options header is not present.

  • + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS

  • + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type

Default 404 Info Disclosure (Low)

Weak Ciphers

• nmap --script=ssl-enum-ciphers -p 443 <ip>

• note the least strength cipher

bruteforce attack on SSH at some point to make sure their SIM catches it

Check SMB for anonymous login

GPP cPassword (Groups.xml)