Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- =======================================================================================================================================
- Hostname civil.gov.sd ISP NICDC
- Continent Africa Flag
- SD
- Country Sudan Country Code SD
- Region Unknown Local time 16 Feb 2019 10:55 CAT
- City Unknown Postal Code Unknown
- IP Address 62.12.105.6 Latitude 15
- Longitude 30
- =======================================================================================================================================
- #######################################################################################################################################
- > civil.gov.sd
- Server: 38.132.106.139
- Address: 38.132.106.139#53
- Non-authoritative answer:
- Name: civil.gov.sd
- Address: 62.12.105.6
- >
- #######################################################################################################################################
- HostIP:62.12.105.6
- HostName:civil.gov.sd
- Gathered Inet-whois information for 62.12.105.6
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 62.12.96.0 - 62.12.127.255
- netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
- descr: IPv4 address block not managed by the RIPE NCC
- remarks: ------------------------------------------------------
- remarks:
- remarks: For registration information,
- remarks: you can consult the following sources:
- remarks:
- remarks: IANA
- remarks: http://www.iana.org/assignments/ipv4-address-space
- remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
- remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
- remarks:
- remarks: AFRINIC (Africa)
- remarks: http://www.afrinic.net/ whois.afrinic.net
- remarks:
- remarks: APNIC (Asia Pacific)
- remarks: http://www.apnic.net/ whois.apnic.net
- remarks:
- remarks: ARIN (Northern America)
- remarks: http://www.arin.net/ whois.arin.net
- remarks:
- remarks: LACNIC (Latin America and the Carribean)
- remarks: http://www.lacnic.net/ whois.lacnic.net
- remarks:
- remarks: ------------------------------------------------------
- country: EU # Country is really world wide
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- status: ALLOCATED UNSPECIFIED
- mnt-by: RIPE-NCC-HM-MNT
- created: 2019-01-07T10:46:54Z
- last-modified: 2019-01-07T10:46:54Z
- source: RIPE
- role: Internet Assigned Numbers Authority
- address: see http://www.iana.org.
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- nic-hdl: IANA1-RIPE
- remarks: For more information on IANA services
- remarks: go to IANA web site at http://www.iana.org.
- mnt-by: RIPE-NCC-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2001-09-22T09:31:27Z
- source: RIPE # Filtered
- % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
- Gathered Inic-whois information for civil.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Error: Unable to connect - Invalid Host
- ERROR: Connection to InicWhois Server sd.whois-servers.net failed
- close error
- Gathered Netcraft information for civil.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for civil.gov.sd
- Netcraft.com Information gathered
- Gathered Subdomain information for civil.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 possible subdomain(s) for host civil.gov.sd, Searched 0 pages containing 0 results
- Gathered E-Mail information for civil.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host civil.gov.sd, Searched 0 pages containing 0 results
- Gathered TCP Port information for 62.12.105.6
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 21/tcp open
- 80/tcp open
- 110/tcp open
- Portscan Finished: Scanned 150 ports, 5 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: http://civil.gov.sd
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: الإدارة العامة للسجل المدني
- [+] IP address: 62.12.105.6
- [+] Web Server: Could Not Detect
- [+] CMS: Could Not Detect
- [+] Cloudflare: Not Detected
- [+] Robots File: Could NOT Find robots.txt!
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 62.12.105.6
- [i] Country: Sudan
- [i] State:
- [i] City:
- [i] Latitude: 15.0
- [i] Longitude: 30.0
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Date: Sat, 16 Feb 2019 08:00:21 GMT
- [i] Content-Type: text/html
- [i] X-Powered-By: PHP/5.4.16
- [i] X-Powered-By: PleskLin
- [i] Connection: close
- D N S L O O K U P
- =======================================================================================================================================
- civil.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
- civil.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
- civil.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
- civil.gov.sd. 21599 IN A 62.12.105.6
- civil.gov.sd. 21599 IN MX 10 mail.civil.gov.sd.
- civil.gov.sd. 21599 IN TXT "v=spf1 mx -all"
- S U B N E T C A L C U L A T I O N
- ======================================================================================================================================
- Address = 62.12.105.6
- Network = 62.12.105.6 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 62.12.105.6 - 62.12.105.6 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-16 09:00 UTC
- Nmap scan report for civil.gov.sd (62.12.105.6)
- Host is up (0.24s latency).
- rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 10.06 seconds
- #######################################################################################################################################
- [?] Enter the target: example( http://domain.com )
- http://civil.gov.sd/
- [!] IP Address : 62.12.105.6
- [!] civil.gov.sd doesn't seem to use a CMS
- [+] Honeypot Probabilty: 30%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for civil.gov.sd
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/civil.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 14.58 seconds
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] DNS Records
- ns0.ndc.gov.sd. (62.12.109.2) Egypt Egypt
- ns1.ndc.gov.sd. (62.12.109.3) Egypt Egypt
- [+] MX Records
- 10 (197.254.200.161) AS33788 KANARTEL Sudan
- [+] Host Records (A)
- civil.gov.sd (62.12.105.6) Egypt Egypt
- [+] TXT Records
- "v=spf1 mx -all"
- [+] DNS Map: https://dnsdumpster.com/static/map/civil.gov.sd.png
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- ingo@civil.gov.sd
- [+] Hosts found in search engines:
- ---------------------------------------------------------------------------------------------------------------------------------------
- [-] Resolving hostnames IPs...
- 196.29.187.154:reg.civil.gov.sd
- 62.12.105.6:www.civil.gov.sd
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- Enter Address Website = civil.gov.sd
- Reverse IP With YouGetSignal 'civil.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [*] IP: 62.12.105.6
- [*] Domain: civil.gov.sd
- [*] Total Domains: 10
- [+] aladia.gov.sd
- [+] arcsudan.sd
- [+] civil.gov.sd
- [+] khplan.gov.sd
- [+] minv.gov.sd
- [+] mofeca.gov.sd
- [+] nilestatefinance.gov.sd
- [+] nk-agric.gov.sd
- [+] redseaeducation.gov.sd
- [+] yfit.org.sd
- ######################################################################################################################################
- Geo IP Lookup 'civil.gov.sd'
- --------------------------------------------------------------------------------------------------------------------------------------
- [+] IP Address: 62.12.105.6
- [+] Country: Sudan
- [+] State:
- [+] City:
- [+] Latitude: 15.0
- [+] Longitude: 30.0
- #######################################################################################################################################
- DNS Lookup 'civil.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] civil.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
- [+] civil.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
- [+] civil.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
- [+] civil.gov.sd. 21599 IN A 62.12.105.6
- [+] civil.gov.sd. 21599 IN MX 10 mail.civil.gov.sd.
- [+] civil.gov.sd. 21599 IN TXT "v=spf1 mx -all"
- #######################################################################################################################################
- Show HTTP Header 'civil.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] HTTP/1.1 200 OK
- [+] Server: nginx
- [+] Date: Sat, 16 Feb 2019 08:00:21 GMT
- [+] Content-Type: text/html
- [+] Connection: keep-alive
- [+] X-Powered-By: PHP/5.4.16
- [+] X-Powered-By: PleskLin
- #######################################################################################################################################
- Port Scan 'civil.gov.sd'
- --------------------------------------------------------------------------------------------------------------------------------------
- Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-16 09:00 UTC
- Nmap scan report for civil.gov.sd (62.12.105.6)
- Host is up (0.23s latency).
- rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 12.13 seconds
- #######################################################################################################################################
- Traceroute 'civil.gov.sd'
- --------------------------------------------------------------------------------------------------------------------------------------
- Start: 2019-02-16T09:00:49+0000
- HOST: web01 Loss% Snt Last Avg Best Wrst StDev
- 1.|-- 45.79.12.202 0.0% 3 0.9 1.3 0.6 2.5 1.0
- 2.|-- 45.79.12.2 0.0% 3 0.6 1.0 0.6 1.3 0.4
- 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.3 1.6 1.3 1.9 0.3
- 4.|-- be2763.ccr31.dfw01.atlas.cogentco.com 0.0% 3 1.8 1.6 1.5 1.8 0.1
- 5.|-- be2432.ccr21.mci01.atlas.cogentco.com 0.0% 3 11.5 11.6 11.4 11.9 0.3
- 6.|-- be2831.ccr41.ord01.atlas.cogentco.com 0.0% 3 23.5 23.5 23.3 23.6 0.1
- 7.|-- be2717.ccr21.cle04.atlas.cogentco.com 0.0% 3 30.1 30.3 30.1 30.6 0.3
- 8.|-- be2878.ccr21.alb02.atlas.cogentco.com 0.0% 3 41.6 41.8 41.6 42.2 0.3
- 9.|-- be3599.ccr31.bos01.atlas.cogentco.com 0.0% 3 44.9 45.1 44.9 45.3 0.2
- 10.|-- be2982.ccr41.lon13.atlas.cogentco.com 0.0% 3 107.2 107.2 107.1 107.3 0.1
- 11.|-- be2868.ccr21.lon01.atlas.cogentco.com 0.0% 3 107.8 107.9 107.7 108.2 0.2
- 12.|-- expressotelecom.demarc.cogentco.com 0.0% 3 107.4 107.6 107.4 107.7 0.2
- 13.|-- 185.153.20.70 0.0% 3 185.7 185.7 185.6 185.8 0.1
- 14.|-- 185.153.20.82 0.0% 3 202.3 194.0 186.0 202.3 8.1
- 15.|-- 185.153.20.94 0.0% 3 185.5 185.5 185.5 185.5 0.0
- 16.|-- 185.153.20.153 0.0% 3 213.9 214.5 213.9 215.6 0.9
- 17.|-- 212.0.131.109 0.0% 3 227.3 227.5 227.1 227.9 0.4
- 18.|-- 196.202.137.249 0.0% 3 227.3 222.0 218.9 227.3 4.6
- 19.|-- 196.202.145.94 0.0% 3 219.7 219.3 219.1 219.7 0.4
- 20.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- #######################################################################################################################################
- Ping 'civil.gov.sd'
- --------------------------------------------------------------------------------------------------------------------------------------
- Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-16 09:01 UTC
- SENT (0.2946s) ICMP [104.237.144.6 > 62.12.105.6 Echo request (type=8/code=0) id=28423 seq=1] IP [ttl=64 id=39833 iplen=28 ]
- SENT (1.2952s) ICMP [104.237.144.6 > 62.12.105.6 Echo request (type=8/code=0) id=28423 seq=2] IP [ttl=64 id=39833 iplen=28 ]
- SENT (2.2975s) ICMP [104.237.144.6 > 62.12.105.6 Echo request (type=8/code=0) id=28423 seq=3] IP [ttl=64 id=39833 iplen=28 ]
- SENT (3.2989s) ICMP [104.237.144.6 > 62.12.105.6 Echo request (type=8/code=0) id=28423 seq=4] IP [ttl=64 id=39833 iplen=28 ]
- Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
- Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
- Nping done: 1 IP address pinged in 4.30 seconds
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-1-Debian <<>> civil.gov.sd
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32871
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;civil.gov.sd. IN A
- ;; ANSWER SECTION:
- civil.gov.sd. 83537 IN A 62.12.105.6
- ;; Query time: 216 msec
- ;; SERVER: 38.132.106.139#53(38.132.106.139)
- ;; WHEN: sam fév 16 04:42:41 EST 2019
- ;; MSG SIZE rcvd: 57
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace civil.gov.sd
- ;; global options: +cmd
- . 85199 IN NS g.root-servers.net.
- . 85199 IN NS j.root-servers.net.
- . 85199 IN NS b.root-servers.net.
- . 85199 IN NS l.root-servers.net.
- . 85199 IN NS a.root-servers.net.
- . 85199 IN NS e.root-servers.net.
- . 85199 IN NS h.root-servers.net.
- . 85199 IN NS i.root-servers.net.
- . 85199 IN NS f.root-servers.net.
- . 85199 IN NS m.root-servers.net.
- . 85199 IN NS k.root-servers.net.
- . 85199 IN NS c.root-servers.net.
- . 85199 IN NS d.root-servers.net.
- . 85199 IN RRSIG NS 8 0 518400 20190301050000 20190216040000 16749 . vfKS7tHy9asqLHJFQ+luvcRrWgxm15ila3+fTLntP36xqq4d8ucNpiGG x5tUj1oiHZNGlHxfk90ZOToIjNKaXx8Cb20zDysdfHTPXAtbvGR5TvhH VChadSu7qgkybbrTd+7FbIQXJdjlieQQrveIXMHnv36dnZz/drdcXoDc Jj1t+v7AtkpdD+iQ5HEq3ogrjPu2QnYaNIh8kwZFb4ZVo1NQuubEBeyw lwAKR9rNpkmOWAdR2STHasYi+hafZZtG7hzSKChhbRq73lPbvu4w4miQ R121OxiSTU79EIqL2DJ5scdTEzvUUVA4NM37ACv+oDEDNaZ5mZvlnIHs 5NgpaA==
- ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 214 ms
- sd. 172800 IN NS ans2.canar.sd.
- sd. 172800 IN NS ns-sd.afrinic.net.
- sd. 172800 IN NS ns1.uaenic.ae.
- sd. 172800 IN NS sd.cctld.authdns.ripe.net.
- sd. 172800 IN NS ns2.uaenic.ae.
- sd. 172800 IN NS ans1.canar.sd.
- sd. 172800 IN NS ans1.sis.sd.
- sd. 86400 IN NSEC se. NS RRSIG NSEC
- sd. 86400 IN RRSIG NSEC 8 1 86400 20190301050000 20190216040000 16749 . HK/Ktmf9QiKKkUXsmYKx5L9JjMsdd7h+blDFizNVJ9g8MeD4tznU4jTt doLipv38RLjREpDUQbR5FwzJH359kFq4pa1gYhEZq+QQFz/0NTwJC5fr 6XQOVtHXx/dR2Qal7iNQhCbw5OX+5mnXbor2zBJ/13QUamzgufx1i92k 2jg7iVBDArla4/NqOS2Y9Pt6ySl1SsDHrCpjKUzVL0O5Di2eNxAYsi6E o9xkc4i8Z3Nlng5YB2qgH+/ceUaulHZVGLbodtRm1+73BibrSrAuRBH8 iO8CO0oReeLEM8cZ65dPi5PlSBWpF1d5SYLCItai/zklnuHmehjUFkAb 65MNKg==
- ;; Received 699 bytes from 2001:dc3::35#53(m.root-servers.net) in 91 ms
- civil.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
- civil.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
- ;; Received 113 bytes from 196.29.164.14#53(ans2.canar.sd) in 372 ms
- civil.gov.sd. 86400 IN A 62.12.105.6
- civil.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- civil.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
- ;; Received 129 bytes from 62.12.109.3#53(ns1.ndc.gov.sd) in 452 ms
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: civil.gov.sd
- [-] DNSSEC is not configured for civil.gov.sd
- [*] SOA ns0.ndc.gov.sd 62.12.109.2
- [*] NS ns1.ndc.gov.sd 62.12.109.3
- [*] Bind Version for 62.12.109.3 you guess!
- [*] NS ns0.ndc.gov.sd 62.12.109.2
- [*] Bind Version for 62.12.109.2 you guess!
- [*] MX mail.civil.gov.sd 197.254.200.161
- [*] A civil.gov.sd 62.12.105.6
- [*] TXT civil.gov.sd v=spf1 mx -all
- [*] Enumerating SRV Records
- [-] No SRV Records Found for civil.gov.sd
- [+] 0 Records Found
- ######################################################################################################################################
- [*] Processing domain civil.gov.sd
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
- [+] Getting nameservers
- 62.12.109.3 - ns1.ndc.gov.sd
- [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
- civil.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
- civil.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- civil.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
- civil.gov.sd. 86400 IN A 62.12.105.6
- civil.gov.sd. 86400 IN MX 10 mail.civil.gov.sd.
- civil.gov.sd. 86400 IN TXT "v=spf1 mx -all"
- crs.civil.gov.sd. 86400 IN A 196.29.187.154
- mail.civil.gov.sd. 86400 IN A 197.254.200.161
- mail.civil.gov.sd. 86400 IN MX 10 mail.civil.gov.sd.
- portal.civil.gov.sd. 86400 IN A 196.29.187.154
- reg.civil.gov.sd. 86400 IN A 196.29.187.154
- webmail.civil.gov.sd. 86400 IN CNAME mail.civil.gov.sd.
- www.civil.gov.sd. 86400 IN A 62.12.105.6
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------- ------ ---- ----------- ------
- 196.29.187.154 host crs.civil.gov.sd
- 197.254.200.161 host mail.civil.gov.sd
- 196.29.187.154 host portal.civil.gov.sd
- 196.29.187.154 host reg.civil.gov.sd
- 197.254.200.161 alias webmail.civil.gov.sd
- 197.254.200.161 host mail.civil.gov.sd
- 62.12.105.6 200 host www.civil.gov.sd nginx
- #######################################################################################################################################
- [+] Testing domain
- www.civil.gov.sd 62.12.105.6
- [+] Dns resolving
- Domain name Ip address Name server
- civil.gov.sd 62.12.105.6 f03-web04.nic.gov.sd
- Found 1 host(s) for civil.gov.sd
- [+] Testing wildcard
- Ok, no wildcard found.
- [+] Scanning for subdomain on civil.gov.sd
- [!] Wordlist not specified. I scannig with my internal wordlist...
- Estimated time about 221.21 seconds
- Subdomain Ip address Name server
- www.civil.gov.sd 62.12.105.6 f03-web04.nic.gov.sd
- #######################################################################################################################################
- =======================================================================================================================================
- | E-mails:
- | [+] E-mail Found: info@civil.gov.sd
- | [+] E-mail Found: kevinh@kevcom.com
- | [+] E-mail Found: humbedooh@apache.org
- | [+] E-mail Found: mike@hyperreal.org
- =======================================================================================================================================
- | External hosts:
- | [+] External Host Found: http://www.moi.gov.sd
- | [+] External Host Found: http://httpd.apache.org
- | [+] External Host Found: http://passport.gov.sd
- | [+] External Host Found: http://ajax.googleapis.com
- | [+] External Host Found: http://sudanpolice.gov.sd
- | [+] External Host Found: http://trafficpolice.gov.sd
- =======================================================================================================================================
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- civil.gov.sd -----
- Host's addresses:
- __________________
- civil.gov.sd. 84465 IN A 62.12.105.6
- Name Servers:
- ______________
- ns1.ndc.gov.sd. 52683 IN A 62.12.109.3
- ns0.ndc.gov.sd. 52683 IN A 62.12.109.2
- Mail (MX) Servers:
- ___________________
- mail.civil.gov.sd. 84477 IN A 197.254.200.161
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for civil.gov.sd on ns1.ndc.gov.sd ...
- civil.gov.sd. 86400 IN SOA (
- civil.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- civil.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
- civil.gov.sd. 86400 IN A 62.12.105.6
- civil.gov.sd. 86400 IN MX 10
- civil.gov.sd. 86400 IN TXT "v=spf1
- crs.civil.gov.sd. 86400 IN A 196.29.187.154
- mail.civil.gov.sd. 86400 IN A 197.254.200.161
- mail.civil.gov.sd. 86400 IN MX 10
- portal.civil.gov.sd. 86400 IN A 196.29.187.154
- reg.civil.gov.sd. 86400 IN A 196.29.187.154
- webmail.civil.gov.sd. 86400 IN CNAME mail.civil.gov.sd.
- www.civil.gov.sd. 86400 IN A 62.12.105.6
- Trying Zone Transfer for civil.gov.sd on ns0.ndc.gov.sd ...
- civil.gov.sd. 86400 IN SOA (
- civil.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- civil.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
- civil.gov.sd. 86400 IN A 62.12.105.6
- civil.gov.sd. 86400 IN MX 10
- civil.gov.sd. 86400 IN TXT "v=spf1
- crs.civil.gov.sd. 86400 IN A 196.29.187.154
- mail.civil.gov.sd. 86400 IN A 197.254.200.161
- mail.civil.gov.sd. 86400 IN MX 10
- portal.civil.gov.sd. 86400 IN A 196.29.187.154
- reg.civil.gov.sd. 86400 IN A 196.29.187.154
- webmail.civil.gov.sd. 86400 IN CNAME mail.civil.gov.sd.
- www.civil.gov.sd. 86400 IN A 62.12.105.6
- #######################################################################################################################################
- ____ _ _ _ _ _____
- / ___| _ _| |__ | (_)___| |_|___ / _ __
- \___ \| | | | '_ \| | / __| __| |_ \| '__|
- ___) | |_| | |_) | | \__ \ |_ ___) | |
- |____/ \__,_|_.__/|_|_|___/\__|____/|_|
- # Coded By Ahmed Aboul-Ela - @aboul3la
- [-] Enumerating subdomains now for civil.gov.sd
- [-] verbosity is enabled, will show the subdomains results in realtime
- [-] Searching now in Baidu..
- [-] Searching now in Yahoo..
- [-] Searching now in Google..
- [-] Searching now in Bing..
- [-] Searching now in Ask..
- [-] Searching now in Netcraft..
- [-] Searching now in DNSdumpster..
- [-] Searching now in Virustotal..
- [-] Searching now in ThreatCrowd..
- [-] Searching now in SSL Certificates..
- [-] Searching now in PassiveDNS..
- Virustotal: www.civil.gov.sd
- Virustotal: reg.civil.gov.sd
- Bing: reg.civil.gov.sd
- Yahoo: www.civil.gov.sd
- Yahoo: reg.civil.gov.sd
- [-] Saving results to file: /usr/share/sniper/loot//domains/domains-civil.gov.sd.txt
- [-] Total Unique Subdomains Found: 2
- www.civil.gov.sd
- reg.civil.gov.sd
- #######################################################################################################################################
- crs.civil.gov.sd,196.29.187.154
- webmail.civil.gov.sd,197.254.200.161
- mail.civil.gov.sd,197.254.200.161
- portal.civil.gov.sd,196.29.187.154
- reg.civil.gov.sd,196.29.187.154
- #######################################################################################################################################
- ===============================================
- -=Subfinder v1.1.3 github.com/subfinder/subfinder
- ===============================================
- Running Source: Ask
- Running Source: Archive.is
- Running Source: Baidu
- Running Source: Bing
- Running Source: CertDB
- Running Source: CertificateTransparency
- Running Source: Certspotter
- Running Source: Commoncrawl
- Running Source: Crt.sh
- Running Source: Dnsdb
- Running Source: DNSDumpster
- Running Source: DNSTable
- Running Source: Dogpile
- Running Source: Exalead
- Running Source: Findsubdomains
- Running Source: Googleter
- Running Source: Hackertarget
- Running Source: Ipv4Info
- Running Source: PTRArchive
- Running Source: Sitedossier
- Running Source: Threatcrowd
- Running Source: ThreatMiner
- Running Source: WaybackArchive
- Running Source: Yahoo
- Running enumeration on civil.gov.sd
- dnsdb: Unexpected return status 503
- archiveis: Get http://archive.is/*.civil.gov.sd: dial tcp 213.183.51.24:80: connect: connection timed out
- Starting Bruteforcing of civil.gov.sd with 9985 words
- Total 10 Unique subdomains found for civil.gov.sd
- .civil.gov.sd
- crs.civil.gov.sd
- mail.civil.gov.sd
- mail.civil.gov.sd
- portal.civil.gov.sd
- reg.civil.gov.sd
- reg.civil.gov.sd
- webmail.civil.gov.sd
- www.civil.gov.sd
- www.civil.gov.sd
- #######################################################################################################################################
- [*] Found SPF record:
- [*] v=spf1 mx -all
- [*] SPF record contains an All item: -all
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for civil.gov.sd!
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:38 EST
- Warning: 62.12.105.6 giving up on port because retransmission cap hit (2).
- Nmap scan report for civil.gov.sd (62.12.105.6)
- Host is up (0.39s latency).
- rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
- Not shown: 464 filtered ports, 4 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 80/tcp open http
- 110/tcp open pop3
- 443/tcp open https
- 465/tcp open smtps
- 993/tcp open imaps
- 995/tcp open pop3s
- 8443/tcp open https-alt
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:40 EST
- Nmap scan report for civil.gov.sd (62.12.105.6)
- Host is up (0.13s latency).
- rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:40 EST
- Nmap scan report for civil.gov.sd (62.12.105.6)
- Host is up (0.36s latency).
- rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
- PORT STATE SERVICE VERSION
- 21/tcp open ftp ProFTPD 1.3.5d
- | ftp-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 1891 guesses in 183 seconds, average tps: 10.1
- Too many fingerprints match this host to give specific OS details
- Network Distance: 24 hops
- Service Info: OS: Unix
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 124.62 ms 10.249.200.1
- 2 124.61 ms 190.124.251.129
- 3 124.63 ms 172.16.21.1
- 4 184.62 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
- 5 184.63 ms 192.168.7.2
- 6 185.01 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 185.42 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
- 8 185.42 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 185.68 ms 154.54.47.17
- 10 198.88 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 208.31 ms be2113.ccr42.dca01.atlas.cogentco.com (154.54.24.221)
- 12 214.29 ms be2807.ccr42.jfk02.atlas.cogentco.com (154.54.40.109)
- 13 283.72 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 290.05 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 286.83 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 367.67 ms 185.153.20.70
- 17 365.27 ms 185.153.20.82
- 18 364.03 ms 185.153.20.94
- 19 390.49 ms 185.153.20.153
- 20 ... 21
- 22 398.24 ms 196.202.145.94
- 23 ...
- 24 400.53 ms f03-web04.nic.gov.sd (62.12.105.6)
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://civil.gov.sd...
- ______________________________________________ SITE INFO ______________________________________________
- IP Title
- 62.12.105.6 الإدارة العامة للسجل المدني
- _______________________________________________ VERSION _______________________________________________
- Name Versions Type
- Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
- 2.4.9
- PHP 5.4.16 Platform
- nginx Platform
- CentOS 7-1511 | 7.0-1406 | 7.1-1503 OS
- Red Hat Enterprise Linux RHEL-7.0 | RHEL-7.1 | RHEL-7.2 OS
- Scientific Linux 7.0 | 7.1 | 7.2 OS
- _______________________________________________________________________________________________________
- Time: 108.6 sec Urls: 846 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Server: nginx
- Date: Sat, 16 Feb 2019 08:47:10 GMT
- Content-Type: text/html
- Connection: keep-alive
- X-Powered-By: PHP/5.4.16
- X-Powered-By: PleskLin
- HTTP/1.1 200 OK
- Server: nginx
- Date: Sat, 16 Feb 2019 08:47:11 GMT
- Content-Type: text/html
- Connection: keep-alive
- X-Powered-By: PHP/5.4.16
- X-Powered-By: PleskLin
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:47 EST
- Nmap scan report for civil.gov.sd (62.12.105.6)
- Host is up (0.36s latency).
- rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 211 guesses in 191 seconds, average tps: 1.1
- |_pop3-capabilities: STLS AUTH-RESP-CODE USER UIDL APOP SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) TOP CAPA RESP-CODES PIPELINING
- Too many fingerprints match this host to give specific OS details
- Network Distance: 24 hops
- TRACEROUTE (using port 443/tcp)
- HOP RTT ADDRESS
- 1 124.13 ms 10.249.200.1
- 2 123.96 ms 190.124.251.129
- 3 123.99 ms 172.16.21.1
- 4 183.65 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
- 5 183.91 ms 192.168.7.2
- 6 184.17 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 184.83 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
- 8 184.49 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 184.26 ms 154.54.47.17
- 10 198.27 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 209.12 ms be2113.ccr42.dca01.atlas.cogentco.com (154.54.24.221)
- 12 215.91 ms be2807.ccr42.jfk02.atlas.cogentco.com (154.54.40.109)
- 13 286.28 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 290.60 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 288.19 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 369.18 ms 185.153.20.70
- 17 369.22 ms 185.153.20.82
- 18 368.12 ms 185.153.20.94
- 19 388.77 ms 185.153.20.153
- 20 ... 21
- 22 397.84 ms 196.202.145.94
- 23 ...
- 24 399.51 ms f03-web04.nic.gov.sd (62.12.105.6)
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 62.12.105.6
- Testing SSL server civil.gov.sd on port 443 using SNI name civil.gov.sd
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: Plesk
- Issuer: Plesk
- Not valid before: Apr 20 02:45:28 2016 GMT
- Not valid after: Apr 20 02:45:28 2017 GMT
- #######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | phpMyAdmin | https://62.12.105.6:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:28 EST
- Warning: 62.12.105.6 giving up on port because retransmission cap hit (2).
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up (0.40s latency).
- Not shown: 464 filtered ports, 4 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 80/tcp open http
- 110/tcp open pop3
- 443/tcp open https
- 465/tcp open smtps
- 993/tcp open imaps
- 995/tcp open pop3s
- 8443/tcp open https-alt
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:29 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up (0.12s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:29 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up (0.36s latency).
- PORT STATE SERVICE VERSION
- 21/tcp open ftp ProFTPD 1.3.5d
- | ftp-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 1875 guesses in 181 seconds, average tps: 10.1
- Too many fingerprints match this host to give specific OS details
- Network Distance: 24 hops
- Service Info: OS: Unix
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 123.72 ms 10.249.200.1
- 2 123.71 ms 190.124.251.129
- 3 123.75 ms 172.16.21.1
- 4 183.94 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
- 5 184.17 ms 192.168.7.2
- 6 184.16 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 184.65 ms 69.25.0.3
- 8 185.96 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 184.96 ms be3401.ccr22.mia01.atlas.cogentco.com (154.54.47.29)
- 10 198.51 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
- 11 213.57 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 219.52 ms 154.54.40.105
- 13 291.11 ms be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)
- 14 290.31 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 15 289.65 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 369.31 ms 185.153.20.70
- 17 369.05 ms 185.153.20.82
- 18 366.61 ms 185.153.20.94
- 19 391.01 ms 185.153.20.153
- 20 ... 21
- 22 400.60 ms 196.202.145.94
- 23 ...
- 24 399.24 ms f03-web04.nic.gov.sd (62.12.105.6)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:34 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up.
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 124.62 ms 10.249.200.1
- 2 124.65 ms 190.124.251.129
- 3 124.31 ms 172.16.21.1
- 4 184.34 ms 91.205.233.128
- 5 184.50 ms 192.168.7.2
- 6 184.51 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 185.32 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
- 8 184.91 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 184.53 ms 154.54.47.17
- 10 199.20 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 208.22 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 214.57 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 283.99 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 291.16 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 289.78 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 370.52 ms 185.153.20.70
- 17 369.35 ms 185.153.20.82
- 18 368.39 ms 185.153.20.94
- 19 390.97 ms 185.153.20.153
- 20 389.08 ms 212.0.131.109
- 21 392.26 ms 196.202.137.249
- 22 401.57 ms 196.202.145.94
- 23 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:36 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up.
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 124.42 ms 10.249.200.1
- 2 124.40 ms 190.124.251.129
- 3 124.69 ms 172.16.21.1
- 4 184.62 ms 91.205.233.128
- 5 184.60 ms 192.168.7.2
- 6 184.87 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 186.47 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
- 8 184.90 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 184.90 ms 154.54.47.17
- 10 198.86 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 207.84 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 215.00 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 283.42 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 286.59 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 284.78 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 365.83 ms 185.153.20.70
- 17 364.32 ms 185.153.20.82
- 18 363.56 ms 185.153.20.94
- 19 385.97 ms 185.153.20.153
- 20 388.44 ms 212.0.131.109
- 21 391.47 ms 196.202.137.249
- 22 399.51 ms 196.202.145.94
- 23 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:38 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up.
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 124.28 ms 10.249.200.1
- 2 124.31 ms 190.124.251.129
- 3 124.32 ms 172.16.21.1
- 4 184.48 ms 91.205.233.128
- 5 184.46 ms 192.168.7.2
- 6 184.52 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 185.27 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
- 8 194.51 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 184.57 ms 154.54.47.17
- 10 199.02 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 209.65 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 215.82 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 285.22 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 286.27 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 284.99 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 365.76 ms 185.153.20.70
- 17 364.37 ms 185.153.20.82
- 18 363.28 ms 185.153.20.94
- 19 385.01 ms 185.153.20.153
- 20 388.36 ms 212.0.131.109
- 21 390.57 ms 196.202.137.249
- 22 399.18 ms 196.202.145.94
- 23 ... 30
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://62.12.105.6...
- _________________________________________ SITE INFO _________________________________________
- IP Title
- 62.12.105.6 Domain Default page
- __________________________________________ VERSION __________________________________________
- Name Versions Type
- Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
- 2.4.9
- nginx Platform
- _____________________________________________________________________________________________
- Time: 74.2 sec Urls: 811 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Server: nginx
- Date: Sat, 16 Feb 2019 08:42:47 GMT
- Content-Type: text/html
- Content-Length: 3750
- Connection: keep-alive
- Last-Modified: Wed, 31 Jan 2018 01:43:44 GMT
- ETag: "ea6-564089c14acef"
- Accept-Ranges: bytes
- HTTP/1.1 200 OK
- Server: nginx
- Date: Sat, 16 Feb 2019 08:42:48 GMT
- Content-Type: text/html
- Content-Length: 3750
- Connection: keep-alive
- Last-Modified: Wed, 31 Jan 2018 01:43:44 GMT
- ETag: "ea6-564089c14acef"
- Accept-Ranges: bytes
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:42 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up (0.36s latency).
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- | Statistics: Performed 70 guesses in 62 seconds, average tps: 1.1
- |_ ERROR: Failed to connect.
- |_pop3-capabilities: PIPELINING CAPA UIDL TOP RESP-CODES STLS AUTH-RESP-CODE SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) USER APOP
- Too many fingerprints match this host to give specific OS details
- Network Distance: 24 hops
- TRACEROUTE (using port 443/tcp)
- HOP RTT ADDRESS
- 1 130.68 ms 10.249.200.1
- 2 130.72 ms 190.124.251.129
- 3 130.75 ms 172.16.21.1
- 4 183.47 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
- 5 187.69 ms 192.168.7.2
- 6 187.66 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 189.30 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
- 8 188.51 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 188.75 ms 154.54.47.29
- 10 201.79 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
- 11 208.71 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 215.48 ms 154.54.40.105
- 13 286.98 ms be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)
- 14 286.81 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 15 287.06 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 366.50 ms 185.153.20.70
- 17 366.51 ms 185.153.20.82
- 18 364.07 ms 185.153.20.94
- 19 389.66 ms 185.153.20.153
- 20 ... 21
- 22 402.07 ms 196.202.145.94
- 23 ...
- 24 402.44 ms f03-web04.nic.gov.sd (62.12.105.6)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:44 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up.
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 124.53 ms 10.249.200.1
- 2 125.04 ms 190.124.251.129
- 3 124.59 ms 172.16.21.1
- 4 184.23 ms 91.205.233.128
- 5 184.70 ms 192.168.7.2
- 6 184.70 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 185.27 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
- 8 185.27 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 184.76 ms 154.54.47.17
- 10 199.07 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 209.55 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 216.11 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 284.97 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 287.75 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 286.55 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 367.35 ms 185.153.20.70
- 17 366.45 ms 185.153.20.82
- 18 365.17 ms 185.153.20.94
- 19 387.76 ms 185.153.20.153
- 20 388.31 ms 212.0.131.109
- 21 391.32 ms 196.202.137.249
- 22 403.76 ms 196.202.145.94
- 23 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:47 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up (0.40s latency).
- PORT STATE SERVICE VERSION
- 161/tcp filtered snmp
- 161/udp open|filtered snmp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 123.25 ms 10.249.200.1
- 2 123.27 ms 190.124.251.129
- 3 123.26 ms 172.16.21.1
- 4 183.41 ms 91.205.233.128
- 5 183.23 ms 192.168.7.2
- 6 183.43 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 184.09 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
- 8 184.11 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 183.45 ms 154.54.47.17
- 10 197.51 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 208.93 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 215.06 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 288.75 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 285.10 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 283.42 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 364.37 ms 185.153.20.70
- 17 363.24 ms 185.153.20.82
- 18 362.19 ms 185.153.20.94
- 19 384.84 ms 185.153.20.153
- 20 386.49 ms 212.0.131.109
- 21 390.38 ms 196.202.137.249
- 22 400.44 ms 196.202.145.94
- 23 ... 30
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 62.12.105.6
- Testing SSL server 62.12.105.6 on port 443 using SNI name 62.12.105.6
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: Plesk
- Issuer: Plesk
- Not valid before: Apr 20 02:45:28 2016 GMT
- Not valid after: Apr 20 02:45:28 2017 GMT
- #######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | phpMyAdmin | https://62.12.105.6:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:59 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 04:59
- Completed NSE at 04:59, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 04:59
- Completed NSE at 04:59, 0.00s elapsed
- Initiating Ping Scan at 04:59
- Scanning 62.12.105.6 [4 ports]
- Completed Ping Scan at 04:59, 0.45s elapsed (1 total hosts)
- Initiating Parallel DNS resolution of 1 host. at 04:59
- Completed Parallel DNS resolution of 1 host. at 04:59, 0.02s elapsed
- Initiating Connect Scan at 04:59
- Scanning f03-web04.nic.gov.sd (62.12.105.6) [1000 ports]
- Discovered open port 80/tcp on 62.12.105.6
- Discovered open port 993/tcp on 62.12.105.6
- Discovered open port 21/tcp on 62.12.105.6
- Discovered open port 443/tcp on 62.12.105.6
- Discovered open port 995/tcp on 62.12.105.6
- Discovered open port 110/tcp on 62.12.105.6
- Discovered open port 465/tcp on 62.12.105.6
- Discovered open port 8443/tcp on 62.12.105.6
- Completed Connect Scan at 04:59, 22.78s elapsed (1000 total ports)
- Initiating Service scan at 04:59
- Scanning 8 services on f03-web04.nic.gov.sd (62.12.105.6)
- Completed Service scan at 04:59, 16.03s elapsed (8 services on 1 host)
- Initiating OS detection (try #1) against f03-web04.nic.gov.sd (62.12.105.6)
- Retrying OS detection (try #2) against f03-web04.nic.gov.sd (62.12.105.6)
- Initiating Traceroute at 04:59
- Completed Traceroute at 04:59, 3.63s elapsed
- Initiating Parallel DNS resolution of 22 hosts. at 04:59
- Completed Parallel DNS resolution of 22 hosts. at 05:00, 16.50s elapsed
- NSE: Script scanning 62.12.105.6.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 05:00
- NSE Timing: About 98.81% done; ETC: 05:00 (0:00:00 remaining)
- NSE Timing: About 98.90% done; ETC: 05:01 (0:00:01 remaining)
- NSE Timing: About 99.27% done; ETC: 05:01 (0:00:01 remaining)
- NSE Timing: About 99.63% done; ETC: 05:02 (0:00:00 remaining)
- NSE Timing: About 99.82% done; ETC: 05:02 (0:00:00 remaining)
- NSE Timing: About 99.91% done; ETC: 05:03 (0:00:00 remaining)
- Completed NSE at 05:03, 192.95s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 05:03
- Completed NSE at 05:03, 0.81s elapsed
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up, received syn-ack ttl 45 (0.37s latency).
- Scanned at 2019-02-16 04:59:07 EST for 262s
- Not shown: 987 filtered ports
- Reason: 986 no-responses and 1 host-unreach
- PORT STATE SERVICE REASON VERSION
- 20/tcp closed ftp-data conn-refused
- 21/tcp open ftp syn-ack ProFTPD 1.3.5d
- | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
- | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2016-04-20T02:45:28
- | Not valid after: 2017-04-20T02:45:28
- | MD5: 7790 b36b c2b6 d7ed 7ba2 d554 6da3 7722
- | SHA-1: 841a 764b b72e 7a1d 9675 599a 9f2c 7fcf d4fa 5c45
- | -----BEGIN CERTIFICATE-----
- | MIIDfTCCAmUCBFcW7UgwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
- | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
- | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
- | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDUyOFoXDTE3MDQyMDAyNDUy
- | OFowgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
- | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
- | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
- | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/mGOjB9R263rGI70CUL//UClIxX9sRm
- | IuKfcX9ZsryYXi9ZY1nks2E4EzVce2cIahRlr/KtupiVwgPqAyxnBnoNAnoJf0au
- | +6bdHYIwmCinxYihoCRDk/NSJkVkxP6mfI/lz6Pj4ph8kU+FZHoFsvxGPFe8xenD
- | 25LSnXXD/RsnNScXU0QkriBF7mwajEjJeed77Z1++29i1U0Z+5kwP6k9WogbBHiP
- | 1DnqSeNaIAqS/JGoLYcZxERrikSbDolKGcBor2Btj/+ntbQ/cGIp0u6TOreSysYL
- | dosYZJlki/cyRqIOFw/Ey0OJ+E1rjNxRJFt6ix1SmtjTvWqMiwmUXwIDAQABMA0G
- | CSqGSIb3DQEBCwUAA4IBAQALJy22o5EMfr+JcQU0y921/8otr5ONs3kDKA0aTw48
- | 0+i3fqVTVxbuNLGwBc6UJOA5+ZUsRK4hHz+uchwiJ63In3Qeurp7/f6aUhlNSEHs
- | wirA7AIRjE6nmMWVBkL7eoCql45VqTbtKvfF//hDV3Y7H9wpXYmv3W5D7lW1leuY
- | zeEXwHUvkVzulFLW5UsgW06L6wID/qDwjCe5n+qxTWBWT9rf66w+ZOpMKjqI2+ds
- | S/QW/9BYVSdYdiercNJ8ubWzB27o/GPYAZGKA6zQFlAOqI2KSyI/v8wmp4McanHB
- | kSU3KNEZZO9gSQwBk+pRKTnwnvwnMC7NIc6zoS7rq4Gp
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- 25/tcp closed smtp conn-refused
- 80/tcp open http syn-ack nginx
- |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: nginx
- |_http-title: Domain Default page
- 110/tcp open pop3 syn-ack Dovecot pop3d
- |_pop3-capabilities: STLS CAPA SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) RESP-CODES TOP UIDL PIPELINING USER APOP AUTH-RESP-CODE
- |_ssl-date: TLS randomness does not represent time
- 113/tcp closed ident conn-refused
- 139/tcp closed netbios-ssn conn-refused
- 443/tcp open ssl/http syn-ack nginx
- |_http-server-header: nginx
- |_http-title: 400 The plain HTTP request was sent to HTTPS port
- | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
- | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2016-04-20T02:45:28
- | Not valid after: 2017-04-20T02:45:28
- | MD5: 7790 b36b c2b6 d7ed 7ba2 d554 6da3 7722
- | SHA-1: 841a 764b b72e 7a1d 9675 599a 9f2c 7fcf d4fa 5c45
- | -----BEGIN CERTIFICATE-----
- | MIIDfTCCAmUCBFcW7UgwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
- | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
- | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
- | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDUyOFoXDTE3MDQyMDAyNDUy
- | OFowgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
- | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
- | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
- | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/mGOjB9R263rGI70CUL//UClIxX9sRm
- | IuKfcX9ZsryYXi9ZY1nks2E4EzVce2cIahRlr/KtupiVwgPqAyxnBnoNAnoJf0au
- | +6bdHYIwmCinxYihoCRDk/NSJkVkxP6mfI/lz6Pj4ph8kU+FZHoFsvxGPFe8xenD
- | 25LSnXXD/RsnNScXU0QkriBF7mwajEjJeed77Z1++29i1U0Z+5kwP6k9WogbBHiP
- | 1DnqSeNaIAqS/JGoLYcZxERrikSbDolKGcBor2Btj/+ntbQ/cGIp0u6TOreSysYL
- | dosYZJlki/cyRqIOFw/Ey0OJ+E1rjNxRJFt6ix1SmtjTvWqMiwmUXwIDAQABMA0G
- | CSqGSIb3DQEBCwUAA4IBAQALJy22o5EMfr+JcQU0y921/8otr5ONs3kDKA0aTw48
- | 0+i3fqVTVxbuNLGwBc6UJOA5+ZUsRK4hHz+uchwiJ63In3Qeurp7/f6aUhlNSEHs
- | wirA7AIRjE6nmMWVBkL7eoCql45VqTbtKvfF//hDV3Y7H9wpXYmv3W5D7lW1leuY
- | zeEXwHUvkVzulFLW5UsgW06L6wID/qDwjCe5n+qxTWBWT9rf66w+ZOpMKjqI2+ds
- | S/QW/9BYVSdYdiercNJ8ubWzB27o/GPYAZGKA6zQFlAOqI2KSyI/v8wmp4McanHB
- | kSU3KNEZZO9gSQwBk+pRKTnwnvwnMC7NIc6zoS7rq4Gp
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- | tls-alpn:
- | h2
- |_ http/1.1
- | tls-nextprotoneg:
- | h2
- |_ http/1.1
- 445/tcp closed microsoft-ds conn-refused
- 465/tcp open ssl/smtps? syn-ack
- |_smtp-commands: Couldn't establish connection on port 465
- |_ssl-date: TLS randomness does not represent time
- 993/tcp open ssl/imaps? syn-ack
- |_ssl-date: TLS randomness does not represent time
- 995/tcp open ssl/pop3s? syn-ack
- |_ssl-date: TLS randomness does not represent time
- 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.5.3)
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: sw-cp-server
- | http-title: Plesk Onyx 17.5.3
- |_Requested resource was https://f03-web04.nic.gov.sd:8443/
- | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
- | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2016-04-20T02:45:28
- | Not valid after: 2017-04-20T02:45:28
- | MD5: 7790 b36b c2b6 d7ed 7ba2 d554 6da3 7722
- | SHA-1: 841a 764b b72e 7a1d 9675 599a 9f2c 7fcf d4fa 5c45
- | -----BEGIN CERTIFICATE-----
- | MIIDfTCCAmUCBFcW7UgwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
- | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
- | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
- | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDUyOFoXDTE3MDQyMDAyNDUy
- | OFowgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
- | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
- | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
- | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/mGOjB9R263rGI70CUL//UClIxX9sRm
- | IuKfcX9ZsryYXi9ZY1nks2E4EzVce2cIahRlr/KtupiVwgPqAyxnBnoNAnoJf0au
- | +6bdHYIwmCinxYihoCRDk/NSJkVkxP6mfI/lz6Pj4ph8kU+FZHoFsvxGPFe8xenD
- | 25LSnXXD/RsnNScXU0QkriBF7mwajEjJeed77Z1++29i1U0Z+5kwP6k9WogbBHiP
- | 1DnqSeNaIAqS/JGoLYcZxERrikSbDolKGcBor2Btj/+ntbQ/cGIp0u6TOreSysYL
- | dosYZJlki/cyRqIOFw/Ey0OJ+E1rjNxRJFt6ix1SmtjTvWqMiwmUXwIDAQABMA0G
- | CSqGSIb3DQEBCwUAA4IBAQALJy22o5EMfr+JcQU0y921/8otr5ONs3kDKA0aTw48
- | 0+i3fqVTVxbuNLGwBc6UJOA5+ZUsRK4hHz+uchwiJ63In3Qeurp7/f6aUhlNSEHs
- | wirA7AIRjE6nmMWVBkL7eoCql45VqTbtKvfF//hDV3Y7H9wpXYmv3W5D7lW1leuY
- | zeEXwHUvkVzulFLW5UsgW06L6wID/qDwjCe5n+qxTWBWT9rf66w+ZOpMKjqI2+ds
- | S/QW/9BYVSdYdiercNJ8ubWzB27o/GPYAZGKA6zQFlAOqI2KSyI/v8wmp4McanHB
- | kSU3KNEZZO9gSQwBk+pRKTnwnvwnMC7NIc6zoS7rq4Gp
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- | tls-nextprotoneg:
- |_ http/1.1
- OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
- Aggressive OS guesses: AVtech Room Alert 26W environmental monitor (98%), HP ProCurve Secure Router 7102dl (93%), Ricoh Aficio SP C240SF printer (93%), Linksys BEFSR41 EtherFast router (91%), OpenBSD 4.0 (91%), FreeBSD 6.2-RELEASE (90%), Linux 2.6.18 - 2.6.22 (90%), OpenBSD 4.3 (90%), Android 7.1.2 (Linux 3.10) (90%), Apple AirPort Extreme WAP (88%)
- No exact OS matches for host (test conditions non-ideal).
- TCP/IP fingerprint:
- SCAN(V=7.70%E=4%D=2/16%OT=21%CT=20%CU=%PV=N%G=N%TM=5C67DFF1%P=x86_64-pc-linux-gnu)
- SEQ(SP=109%GCD=1%ISR=10A%TI=Z%TS=U)
- OPS(O1=M4B3W7N%O2=M4B3W7N%O3=M4B3W7N%O4=M4B3W7N%O5=M4B3W7N%O6=M4B3)
- WIN(W1=7210%W2=7210%W3=7210%W4=7210%W5=7210%W6=7210)
- ECN(R=Y%DF=Y%TG=40%W=7210%O=M4B3W7N%CC=Y%Q=)
- ECN(R=N)
- T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
- T2(R=N)
- T3(R=N)
- T4(R=N)
- T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
- T6(R=N)
- T7(R=N)
- U1(R=N)
- IE(R=N)
- Service Info: OS: Unix
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 124.54 ms 10.249.200.1
- 2 124.58 ms 190.124.251.129
- 3 124.58 ms 172.16.21.1
- 4 184.65 ms 91.205.233.128
- 5 184.68 ms 192.168.7.2
- 6 184.93 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 185.38 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
- 8 185.16 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 184.96 ms 154.54.47.17
- 10 199.21 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 210.35 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 216.75 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 285.71 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 286.01 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 284.80 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 365.48 ms 185.153.20.70
- 17 364.26 ms 185.153.20.82
- 18 363.02 ms 185.153.20.94
- 19 404.59 ms 185.153.20.153
- 20 388.48 ms 212.0.131.109
- 21 389.28 ms 196.202.137.249
- 22 400.00 ms 196.202.145.94
- 23 ... 30
- NSE: Script Post-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 05:03
- Completed NSE at 05:03, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 05:03
- Completed NSE at 05:03, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 262.93 seconds
- Raw packets sent: 140 (10.568KB) | Rcvd: 180 (32.261KB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 05:03 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 05:03
- Completed NSE at 05:03, 0.00s elapsed
- Initiating NSE at 05:03
- Completed NSE at 05:03, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 05:03
- Completed Parallel DNS resolution of 1 host. at 05:03, 0.02s elapsed
- Initiating UDP Scan at 05:03
- Scanning f03-web04.nic.gov.sd (62.12.105.6) [14 ports]
- Completed UDP Scan at 05:03, 2.17s elapsed (14 total ports)
- Initiating Service scan at 05:03
- Scanning 12 services on f03-web04.nic.gov.sd (62.12.105.6)
- Service scan Timing: About 8.33% done; ETC: 05:23 (0:17:58 remaining)
- Completed Service scan at 05:05, 102.58s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against f03-web04.nic.gov.sd (62.12.105.6)
- Retrying OS detection (try #2) against f03-web04.nic.gov.sd (62.12.105.6)
- Initiating Traceroute at 05:05
- Completed Traceroute at 05:05, 7.19s elapsed
- Initiating Parallel DNS resolution of 1 host. at 05:05
- Completed Parallel DNS resolution of 1 host. at 05:05, 0.03s elapsed
- NSE: Script scanning 62.12.105.6.
- Initiating NSE at 05:05
- Completed NSE at 05:05, 20.33s elapsed
- Initiating NSE at 05:05
- Completed NSE at 05:05, 1.02s elapsed
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up (0.12s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 137/udp)
- HOP RTT ADDRESS
- 1 124.08 ms 10.249.200.1
- 2 ... 3
- 4 122.72 ms 10.249.200.1
- 5 126.58 ms 10.249.200.1
- 6 126.59 ms 10.249.200.1
- 7 126.57 ms 10.249.200.1
- 8 126.42 ms 10.249.200.1
- 9 126.42 ms 10.249.200.1
- 10 126.43 ms 10.249.200.1
- 11 ... 18
- 19 124.03 ms 10.249.200.1
- 20 123.85 ms 10.249.200.1
- 21 ... 28
- 29 124.64 ms 10.249.200.1
- 30 126.37 ms 10.249.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 05:05
- Completed NSE at 05:05, 0.00s elapsed
- Initiating NSE at 05:05
- Completed NSE at 05:05, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 138.65 seconds
- Raw packets sent: 147 (13.614KB) | Rcvd: 92 (14.155KB)
- #######################################################################################################################################
- - Nikto v2.1.6
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 62.12.105.6
- + Target Hostname: 62.12.105.6
- + Target Port: 443
- ---------------------------------------------------------------------------------------------------------------------------------------
- + SSL Info: Subject: /C=US/ST=Washington/L=Seattle/O=Odin/OU=Plesk/CN=Plesk/emailAddress=info@plesk.com
- Ciphers: ECDHE-RSA-AES256-GCM-SHA384
- Issuer: /C=US/ST=Washington/L=Seattle/O=Odin/OU=Plesk/CN=Plesk/emailAddress=info@plesk.com
- + Start Time: 2019-02-16 04:28:29 (GMT-5)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: nginx
- + Server leaks inodes via ETags, header found with file /, fields: 0xea6 0x564089c14acef
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Hostname '62.12.105.6' does not match certificate's names: Plesk
- + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- Anonymous JTSEC #OpSudan Full Recon #14
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement