Anonymous JTSEC #OpSudan Full Recon #14

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname civil.gov.sd ISP NICDC
4. Continent Africa Flag
5. SD
6. Country Sudan Country Code SD
7. Region Unknown Local time 16 Feb 2019 10:55 CAT
8. City Unknown Postal Code Unknown
9. IP Address 62.12.105.6 Latitude 15
10. Longitude 30
11.  
12. =======================================================================================================================================
13. #######################################################################################################################################
14. > civil.gov.sd
15. Server: 38.132.106.139
16. Address: 38.132.106.139#53
17.  
18. Non-authoritative answer:
19. Name: civil.gov.sd
20. Address: 62.12.105.6
21. >
22. #######################################################################################################################################
23.  
24. HostIP:62.12.105.6
25. HostName:civil.gov.sd
26.  
27. Gathered Inet-whois information for 62.12.105.6
28. ---------------------------------------------------------------------------------------------------------------------------------------
29.  
30.  
31. inetnum: 62.12.96.0 - 62.12.127.255
32. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
33. descr: IPv4 address block not managed by the RIPE NCC
34. remarks: ------------------------------------------------------
35. remarks:
36. remarks: For registration information,
37. remarks: you can consult the following sources:
38. remarks:
39. remarks: IANA
40. remarks: http://www.iana.org/assignments/ipv4-address-space
41. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
42. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
43. remarks:
44. remarks: AFRINIC (Africa)
45. remarks: http://www.afrinic.net/ whois.afrinic.net
46. remarks:
47. remarks: APNIC (Asia Pacific)
48. remarks: http://www.apnic.net/ whois.apnic.net
49. remarks:
50. remarks: ARIN (Northern America)
51. remarks: http://www.arin.net/ whois.arin.net
52. remarks:
53. remarks: LACNIC (Latin America and the Carribean)
54. remarks: http://www.lacnic.net/ whois.lacnic.net
55. remarks:
56. remarks: ------------------------------------------------------
57. country: EU # Country is really world wide
58. admin-c: IANA1-RIPE
59. tech-c: IANA1-RIPE
60. status: ALLOCATED UNSPECIFIED
61. mnt-by: RIPE-NCC-HM-MNT
62. created: 2019-01-07T10:46:54Z
63. last-modified: 2019-01-07T10:46:54Z
64. source: RIPE
65.  
66. role: Internet Assigned Numbers Authority
67. address: see http://www.iana.org.
68. admin-c: IANA1-RIPE
69. tech-c: IANA1-RIPE
70. nic-hdl: IANA1-RIPE
71. remarks: For more information on IANA services
72. remarks: go to IANA web site at http://www.iana.org.
73. mnt-by: RIPE-NCC-MNT
74. created: 1970-01-01T00:00:00Z
75. last-modified: 2001-09-22T09:31:27Z
76. source: RIPE # Filtered
77.  
78. % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
79.  
80.  
81.  
82. Gathered Inic-whois information for civil.gov.sd
83. ---------------------------------------------------------------------------------------------------------------------------------------
84. Error: Unable to connect - Invalid Host
85. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
86. close error
87.  
88. Gathered Netcraft information for civil.gov.sd
89. ---------------------------------------------------------------------------------------------------------------------------------------
90.  
91. Retrieving Netcraft.com information for civil.gov.sd
92. Netcraft.com Information gathered
93.  
94. Gathered Subdomain information for civil.gov.sd
95. ---------------------------------------------------------------------------------------------------------------------------------------
96. Searching Google.com:80...
97. Searching Altavista.com:80...
98. Found 0 possible subdomain(s) for host civil.gov.sd, Searched 0 pages containing 0 results
99.  
100. Gathered E-Mail information for civil.gov.sd
101. ---------------------------------------------------------------------------------------------------------------------------------------
102. Searching Google.com:80...
103. Searching Altavista.com:80...
104. Found 0 E-Mail(s) for host civil.gov.sd, Searched 0 pages containing 0 results
105.  
106. Gathered TCP Port information for 62.12.105.6
107. ---------------------------------------------------------------------------------------------------------------------------------------
108.  
109. Port State
110.  
111. 21/tcp open
112. 80/tcp open
113. 110/tcp open
114.  
115. Portscan Finished: Scanned 150 ports, 5 ports were in state closed
116. #######################################################################################################################################
117. [i] Scanning Site: http://civil.gov.sd
118.  
119.  
120.  
121. B A S I C I N F O
122. =======================================================================================================================================
123.  
124.  
125. [+] Site Title: الإدارة العامة للسجل المدني
126. [+] IP address: 62.12.105.6
127. [+] Web Server: Could Not Detect
128. [+] CMS: Could Not Detect
129. [+] Cloudflare: Not Detected
130. [+] Robots File: Could NOT Find robots.txt!
131.  
132.  
133.  
134.  
135.  
136. G E O I P L O O K U P
137. =======================================================================================================================================
138.  
139. [i] IP Address: 62.12.105.6
140. [i] Country: Sudan
141. [i] State:
142. [i] City:
143. [i] Latitude: 15.0
144. [i] Longitude: 30.0
145.  
146.  
147.  
148.  
149. H T T P H E A D E R S
150. =======================================================================================================================================
151.  
152.  
153. [i] HTTP/1.1 200 OK
154. [i] Date: Sat, 16 Feb 2019 08:00:21 GMT
155. [i] Content-Type: text/html
156. [i] X-Powered-By: PHP/5.4.16
157. [i] X-Powered-By: PleskLin
158. [i] Connection: close
159.  
160.  
161.  
162.  
163. D N S L O O K U P
164. =======================================================================================================================================
165.  
166. civil.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
167. civil.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
168. civil.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
169. civil.gov.sd. 21599 IN A 62.12.105.6
170. civil.gov.sd. 21599 IN MX 10 mail.civil.gov.sd.
171. civil.gov.sd. 21599 IN TXT "v=spf1 mx -all"
172.  
173.  
174.  
175.  
176. S U B N E T C A L C U L A T I O N
177. ======================================================================================================================================
178.  
179. Address = 62.12.105.6
180. Network = 62.12.105.6 / 32
181. Netmask = 255.255.255.255
182. Broadcast = not needed on Point-to-Point links
183. Wildcard Mask = 0.0.0.0
184. Hosts Bits = 0
185. Max. Hosts = 1 (2^0 - 0)
186. Host Range = { 62.12.105.6 - 62.12.105.6 }
187.  
188.  
189.  
190. N M A P P O R T S C A N
191. =======================================================================================================================================
192.  
193.  
194. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-16 09:00 UTC
195. Nmap scan report for civil.gov.sd (62.12.105.6)
196. Host is up (0.24s latency).
197. rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
198. PORT STATE SERVICE
199. 21/tcp filtered ftp
200. 22/tcp filtered ssh
201. 23/tcp filtered telnet
202. 80/tcp filtered http
203. 110/tcp filtered pop3
204. 143/tcp filtered imap
205. 443/tcp filtered https
206. 3389/tcp filtered ms-wbt-server
207.  
208. Nmap done: 1 IP address (1 host up) scanned in 10.06 seconds
209. #######################################################################################################################################
210. [?] Enter the target: example( http://domain.com )
211. http://civil.gov.sd/
212. [!] IP Address : 62.12.105.6
213. [!] civil.gov.sd doesn't seem to use a CMS
214. [+] Honeypot Probabilty: 30%
215. ---------------------------------------------------------------------------------------------------------------------------------------
216. [~] Trying to gather whois information for civil.gov.sd
217. [+] Whois information found
218. [-] Unable to build response, visit https://who.is/whois/civil.gov.sd
219. ---------------------------------------------------------------------------------------------------------------------------------------
220. PORT STATE SERVICE
221. 21/tcp filtered ftp
222. 22/tcp filtered ssh
223. 23/tcp filtered telnet
224. 80/tcp filtered http
225. 110/tcp filtered pop3
226. 143/tcp filtered imap
227. 443/tcp filtered https
228. 3389/tcp filtered ms-wbt-server
229. Nmap done: 1 IP address (1 host up) scanned in 14.58 seconds
230. ---------------------------------------------------------------------------------------------------------------------------------------
231.  
232. [+] DNS Records
233. ns0.ndc.gov.sd. (62.12.109.2) Egypt Egypt
234. ns1.ndc.gov.sd. (62.12.109.3) Egypt Egypt
235.  
236. [+] MX Records
237. 10 (197.254.200.161) AS33788 KANARTEL Sudan
238.  
239. [+] Host Records (A)
240. civil.gov.sd (62.12.105.6) Egypt Egypt
241.  
242. [+] TXT Records
243. "v=spf1 mx -all"
244.  
245. [+] DNS Map: https://dnsdumpster.com/static/map/civil.gov.sd.png
246.  
247. [>] Initiating 3 intel modules
248. [>] Loading Alpha module (1/3)
249. [>] Beta module deployed (2/3)
250. [>] Gamma module initiated (3/3)
251.  
252.  
253. [+] Emails found:
254. ---------------------------------------------------------------------------------------------------------------------------------------
255. ingo@civil.gov.sd
256.  
257. [+] Hosts found in search engines:
258. ---------------------------------------------------------------------------------------------------------------------------------------
259. [-] Resolving hostnames IPs...
260. 196.29.187.154:reg.civil.gov.sd
261. 62.12.105.6:www.civil.gov.sd
262. [+] Virtual hosts:
263. ---------------------------------------------------------------------------------------------------------------------------------------
264. #######################################################################################################################################
265. Enter Address Website = civil.gov.sd
266.  
267. Reverse IP With YouGetSignal 'civil.gov.sd'
268. ---------------------------------------------------------------------------------------------------------------------------------------
269.  
270. [*] IP: 62.12.105.6
271. [*] Domain: civil.gov.sd
272. [*] Total Domains: 10
273.  
274. [+] aladia.gov.sd
275. [+] arcsudan.sd
276. [+] civil.gov.sd
277. [+] khplan.gov.sd
278. [+] minv.gov.sd
279. [+] mofeca.gov.sd
280. [+] nilestatefinance.gov.sd
281. [+] nk-agric.gov.sd
282. [+] redseaeducation.gov.sd
283. [+] yfit.org.sd
284. ######################################################################################################################################
285.  
286. Geo IP Lookup 'civil.gov.sd'
287. --------------------------------------------------------------------------------------------------------------------------------------
288.  
289. [+] IP Address: 62.12.105.6
290. [+] Country: Sudan
291. [+] State:
292. [+] City:
293. [+] Latitude: 15.0
294. [+] Longitude: 30.0
295. #######################################################################################################################################
296.  
297. DNS Lookup 'civil.gov.sd'
298. ---------------------------------------------------------------------------------------------------------------------------------------
299.  
300. [+] civil.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
301. [+] civil.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
302. [+] civil.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
303. [+] civil.gov.sd. 21599 IN A 62.12.105.6
304. [+] civil.gov.sd. 21599 IN MX 10 mail.civil.gov.sd.
305. [+] civil.gov.sd. 21599 IN TXT "v=spf1 mx -all"
306. #######################################################################################################################################
307.  
308. Show HTTP Header 'civil.gov.sd'
309. ---------------------------------------------------------------------------------------------------------------------------------------
310.  
311. [+] HTTP/1.1 200 OK
312. [+] Server: nginx
313. [+] Date: Sat, 16 Feb 2019 08:00:21 GMT
314. [+] Content-Type: text/html
315. [+] Connection: keep-alive
316. [+] X-Powered-By: PHP/5.4.16
317. [+] X-Powered-By: PleskLin
318. #######################################################################################################################################
319.  
320. Port Scan 'civil.gov.sd'
321. --------------------------------------------------------------------------------------------------------------------------------------
322.  
323.  
324. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-16 09:00 UTC
325. Nmap scan report for civil.gov.sd (62.12.105.6)
326. Host is up (0.23s latency).
327. rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
328. PORT STATE SERVICE
329. 21/tcp filtered ftp
330. 22/tcp filtered ssh
331. 23/tcp filtered telnet
332. 80/tcp filtered http
333. 110/tcp filtered pop3
334. 143/tcp filtered imap
335. 443/tcp filtered https
336. 3389/tcp filtered ms-wbt-server
337.  
338. Nmap done: 1 IP address (1 host up) scanned in 12.13 seconds
339. #######################################################################################################################################
340.  
341. Traceroute 'civil.gov.sd'
342. --------------------------------------------------------------------------------------------------------------------------------------
343.  
344. Start: 2019-02-16T09:00:49+0000
345. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
346. 1.|-- 45.79.12.202 0.0% 3 0.9 1.3 0.6 2.5 1.0
347. 2.|-- 45.79.12.2 0.0% 3 0.6 1.0 0.6 1.3 0.4
348. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.3 1.6 1.3 1.9 0.3
349. 4.|-- be2763.ccr31.dfw01.atlas.cogentco.com 0.0% 3 1.8 1.6 1.5 1.8 0.1
350. 5.|-- be2432.ccr21.mci01.atlas.cogentco.com 0.0% 3 11.5 11.6 11.4 11.9 0.3
351. 6.|-- be2831.ccr41.ord01.atlas.cogentco.com 0.0% 3 23.5 23.5 23.3 23.6 0.1
352. 7.|-- be2717.ccr21.cle04.atlas.cogentco.com 0.0% 3 30.1 30.3 30.1 30.6 0.3
353. 8.|-- be2878.ccr21.alb02.atlas.cogentco.com 0.0% 3 41.6 41.8 41.6 42.2 0.3
354. 9.|-- be3599.ccr31.bos01.atlas.cogentco.com 0.0% 3 44.9 45.1 44.9 45.3 0.2
355. 10.|-- be2982.ccr41.lon13.atlas.cogentco.com 0.0% 3 107.2 107.2 107.1 107.3 0.1
356. 11.|-- be2868.ccr21.lon01.atlas.cogentco.com 0.0% 3 107.8 107.9 107.7 108.2 0.2
357. 12.|-- expressotelecom.demarc.cogentco.com 0.0% 3 107.4 107.6 107.4 107.7 0.2
358. 13.|-- 185.153.20.70 0.0% 3 185.7 185.7 185.6 185.8 0.1
359. 14.|-- 185.153.20.82 0.0% 3 202.3 194.0 186.0 202.3 8.1
360. 15.|-- 185.153.20.94 0.0% 3 185.5 185.5 185.5 185.5 0.0
361. 16.|-- 185.153.20.153 0.0% 3 213.9 214.5 213.9 215.6 0.9
362. 17.|-- 212.0.131.109 0.0% 3 227.3 227.5 227.1 227.9 0.4
363. 18.|-- 196.202.137.249 0.0% 3 227.3 222.0 218.9 227.3 4.6
364. 19.|-- 196.202.145.94 0.0% 3 219.7 219.3 219.1 219.7 0.4
365. 20.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
366. #######################################################################################################################################
367.  
368. Ping 'civil.gov.sd'
369. --------------------------------------------------------------------------------------------------------------------------------------
370.  
371.  
372. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-16 09:01 UTC
373. SENT (0.2946s) ICMP [104.237.144.6 > 62.12.105.6 Echo request (type=8/code=0) id=28423 seq=1] IP [ttl=64 id=39833 iplen=28 ]
374. SENT (1.2952s) ICMP [104.237.144.6 > 62.12.105.6 Echo request (type=8/code=0) id=28423 seq=2] IP [ttl=64 id=39833 iplen=28 ]
375. SENT (2.2975s) ICMP [104.237.144.6 > 62.12.105.6 Echo request (type=8/code=0) id=28423 seq=3] IP [ttl=64 id=39833 iplen=28 ]
376. SENT (3.2989s) ICMP [104.237.144.6 > 62.12.105.6 Echo request (type=8/code=0) id=28423 seq=4] IP [ttl=64 id=39833 iplen=28 ]
377.  
378. Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
379. Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
380. Nping done: 1 IP address pinged in 4.30 seconds
381. #######################################################################################################################################
382. ; <<>> DiG 9.11.5-P1-1-Debian <<>> civil.gov.sd
383. ;; global options: +cmd
384. ;; Got answer:
385. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32871
386. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
387.  
388. ;; OPT PSEUDOSECTION:
389. ; EDNS: version: 0, flags:; udp: 4096
390. ;; QUESTION SECTION:
391. ;civil.gov.sd. IN A
392.  
393. ;; ANSWER SECTION:
394. civil.gov.sd. 83537 IN A 62.12.105.6
395.  
396. ;; Query time: 216 msec
397. ;; SERVER: 38.132.106.139#53(38.132.106.139)
398. ;; WHEN: sam fév 16 04:42:41 EST 2019
399. ;; MSG SIZE rcvd: 57
400. #######################################################################################################################################
401. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace civil.gov.sd
402. ;; global options: +cmd
403. . 85199 IN NS g.root-servers.net.
404. . 85199 IN NS j.root-servers.net.
405. . 85199 IN NS b.root-servers.net.
406. . 85199 IN NS l.root-servers.net.
407. . 85199 IN NS a.root-servers.net.
408. . 85199 IN NS e.root-servers.net.
409. . 85199 IN NS h.root-servers.net.
410. . 85199 IN NS i.root-servers.net.
411. . 85199 IN NS f.root-servers.net.
412. . 85199 IN NS m.root-servers.net.
413. . 85199 IN NS k.root-servers.net.
414. . 85199 IN NS c.root-servers.net.
415. . 85199 IN NS d.root-servers.net.
416. . 85199 IN RRSIG NS 8 0 518400 20190301050000 20190216040000 16749 . vfKS7tHy9asqLHJFQ+luvcRrWgxm15ila3+fTLntP36xqq4d8ucNpiGG x5tUj1oiHZNGlHxfk90ZOToIjNKaXx8Cb20zDysdfHTPXAtbvGR5TvhH VChadSu7qgkybbrTd+7FbIQXJdjlieQQrveIXMHnv36dnZz/drdcXoDc Jj1t+v7AtkpdD+iQ5HEq3ogrjPu2QnYaNIh8kwZFb4ZVo1NQuubEBeyw lwAKR9rNpkmOWAdR2STHasYi+hafZZtG7hzSKChhbRq73lPbvu4w4miQ R121OxiSTU79EIqL2DJ5scdTEzvUUVA4NM37ACv+oDEDNaZ5mZvlnIHs 5NgpaA==
417. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 214 ms
418.  
419. sd. 172800 IN NS ans2.canar.sd.
420. sd. 172800 IN NS ns-sd.afrinic.net.
421. sd. 172800 IN NS ns1.uaenic.ae.
422. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
423. sd. 172800 IN NS ns2.uaenic.ae.
424. sd. 172800 IN NS ans1.canar.sd.
425. sd. 172800 IN NS ans1.sis.sd.
426. sd. 86400 IN NSEC se. NS RRSIG NSEC
427. sd. 86400 IN RRSIG NSEC 8 1 86400 20190301050000 20190216040000 16749 . HK/Ktmf9QiKKkUXsmYKx5L9JjMsdd7h+blDFizNVJ9g8MeD4tznU4jTt doLipv38RLjREpDUQbR5FwzJH359kFq4pa1gYhEZq+QQFz/0NTwJC5fr 6XQOVtHXx/dR2Qal7iNQhCbw5OX+5mnXbor2zBJ/13QUamzgufx1i92k 2jg7iVBDArla4/NqOS2Y9Pt6ySl1SsDHrCpjKUzVL0O5Di2eNxAYsi6E o9xkc4i8Z3Nlng5YB2qgH+/ceUaulHZVGLbodtRm1+73BibrSrAuRBH8 iO8CO0oReeLEM8cZ65dPi5PlSBWpF1d5SYLCItai/zklnuHmehjUFkAb 65MNKg==
428. ;; Received 699 bytes from 2001:dc3::35#53(m.root-servers.net) in 91 ms
429.  
430. civil.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
431. civil.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
432. ;; Received 113 bytes from 196.29.164.14#53(ans2.canar.sd) in 372 ms
433.  
434. civil.gov.sd. 86400 IN A 62.12.105.6
435. civil.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
436. civil.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
437. ;; Received 129 bytes from 62.12.109.3#53(ns1.ndc.gov.sd) in 452 ms
438. #######################################################################################################################################
439. [*] Performing General Enumeration of Domain: civil.gov.sd
440. [-] DNSSEC is not configured for civil.gov.sd
441. [*] SOA ns0.ndc.gov.sd 62.12.109.2
442. [*] NS ns1.ndc.gov.sd 62.12.109.3
443. [*] Bind Version for 62.12.109.3 you guess!
444. [*] NS ns0.ndc.gov.sd 62.12.109.2
445. [*] Bind Version for 62.12.109.2 you guess!
446. [*] MX mail.civil.gov.sd 197.254.200.161
447. [*] A civil.gov.sd 62.12.105.6
448. [*] TXT civil.gov.sd v=spf1 mx -all
449. [*] Enumerating SRV Records
450. [-] No SRV Records Found for civil.gov.sd
451. [+] 0 Records Found
452. ######################################################################################################################################
453. [*] Processing domain civil.gov.sd
454. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
455. [+] Getting nameservers
456. 62.12.109.3 - ns1.ndc.gov.sd
457. [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
458. civil.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
459. civil.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
460. civil.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
461. civil.gov.sd. 86400 IN A 62.12.105.6
462. civil.gov.sd. 86400 IN MX 10 mail.civil.gov.sd.
463. civil.gov.sd. 86400 IN TXT "v=spf1 mx -all"
464. crs.civil.gov.sd. 86400 IN A 196.29.187.154
465. mail.civil.gov.sd. 86400 IN A 197.254.200.161
466. mail.civil.gov.sd. 86400 IN MX 10 mail.civil.gov.sd.
467. portal.civil.gov.sd. 86400 IN A 196.29.187.154
468. reg.civil.gov.sd. 86400 IN A 196.29.187.154
469. webmail.civil.gov.sd. 86400 IN CNAME mail.civil.gov.sd.
470. www.civil.gov.sd. 86400 IN A 62.12.105.6
471. #######################################################################################################################################
472. Ip Address Status Type Domain Name Server
473. ---------- ------ ---- ----------- ------
474. 196.29.187.154 host crs.civil.gov.sd
475. 197.254.200.161 host mail.civil.gov.sd
476. 196.29.187.154 host portal.civil.gov.sd
477. 196.29.187.154 host reg.civil.gov.sd
478. 197.254.200.161 alias webmail.civil.gov.sd
479. 197.254.200.161 host mail.civil.gov.sd
480. 62.12.105.6 200 host www.civil.gov.sd nginx
481. #######################################################################################################################################
482. [+] Testing domain
483. www.civil.gov.sd 62.12.105.6
484. [+] Dns resolving
485. Domain name Ip address Name server
486. civil.gov.sd 62.12.105.6 f03-web04.nic.gov.sd
487. Found 1 host(s) for civil.gov.sd
488. [+] Testing wildcard
489. Ok, no wildcard found.
490.  
491. [+] Scanning for subdomain on civil.gov.sd
492. [!] Wordlist not specified. I scannig with my internal wordlist...
493. Estimated time about 221.21 seconds
494.  
495. Subdomain Ip address Name server
496.  
497. www.civil.gov.sd 62.12.105.6 f03-web04.nic.gov.sd
498. #######################################################################################################################################
499. =======================================================================================================================================
500. | E-mails:
501. | [+] E-mail Found: info@civil.gov.sd
502. | [+] E-mail Found: kevinh@kevcom.com
503. | [+] E-mail Found: humbedooh@apache.org
504. | [+] E-mail Found: mike@hyperreal.org
505. =======================================================================================================================================
506. | External hosts:
507. | [+] External Host Found: http://www.moi.gov.sd
508. | [+] External Host Found: http://httpd.apache.org
509. | [+] External Host Found: http://passport.gov.sd
510. | [+] External Host Found: http://ajax.googleapis.com
511. | [+] External Host Found: http://sudanpolice.gov.sd
512. | [+] External Host Found: http://trafficpolice.gov.sd
513. =======================================================================================================================================
514. #######################################################################################################################################
515. dnsenum VERSION:1.2.4
516.  
517. ----- civil.gov.sd -----
518.  
519.  
520. Host's addresses:
521. __________________
522.  
523. civil.gov.sd. 84465 IN A 62.12.105.6
524.  
525.  
526. Name Servers:
527. ______________
528.  
529. ns1.ndc.gov.sd. 52683 IN A 62.12.109.3
530. ns0.ndc.gov.sd. 52683 IN A 62.12.109.2
531.  
532.  
533. Mail (MX) Servers:
534. ___________________
535.  
536. mail.civil.gov.sd. 84477 IN A 197.254.200.161
537.  
538.  
539. Trying Zone Transfers and getting Bind Versions:
540. _________________________________________________
541.  
542.  
543. Trying Zone Transfer for civil.gov.sd on ns1.ndc.gov.sd ...
544. civil.gov.sd. 86400 IN SOA (
545. civil.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
546. civil.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
547. civil.gov.sd. 86400 IN A 62.12.105.6
548. civil.gov.sd. 86400 IN MX 10
549. civil.gov.sd. 86400 IN TXT "v=spf1
550. crs.civil.gov.sd. 86400 IN A 196.29.187.154
551. mail.civil.gov.sd. 86400 IN A 197.254.200.161
552. mail.civil.gov.sd. 86400 IN MX 10
553. portal.civil.gov.sd. 86400 IN A 196.29.187.154
554. reg.civil.gov.sd. 86400 IN A 196.29.187.154
555. webmail.civil.gov.sd. 86400 IN CNAME mail.civil.gov.sd.
556. www.civil.gov.sd. 86400 IN A 62.12.105.6
557.  
558. Trying Zone Transfer for civil.gov.sd on ns0.ndc.gov.sd ...
559. civil.gov.sd. 86400 IN SOA (
560. civil.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
561. civil.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
562. civil.gov.sd. 86400 IN A 62.12.105.6
563. civil.gov.sd. 86400 IN MX 10
564. civil.gov.sd. 86400 IN TXT "v=spf1
565. crs.civil.gov.sd. 86400 IN A 196.29.187.154
566. mail.civil.gov.sd. 86400 IN A 197.254.200.161
567. mail.civil.gov.sd. 86400 IN MX 10
568. portal.civil.gov.sd. 86400 IN A 196.29.187.154
569. reg.civil.gov.sd. 86400 IN A 196.29.187.154
570. webmail.civil.gov.sd. 86400 IN CNAME mail.civil.gov.sd.
571. www.civil.gov.sd. 86400 IN A 62.12.105.6
572. #######################################################################################################################################
573.  
574. ____ _ _ _ _ _____
575. / ___| _ _| |__ | (_)___| |_|___ / _ __
576. \___ \| | | | '_ \| | / __| __| |_ \| '__|
577. ___) | |_| | |_) | | \__ \ |_ ___) | |
578. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
579.  
580. # Coded By Ahmed Aboul-Ela - @aboul3la
581.  
582. [-] Enumerating subdomains now for civil.gov.sd
583. [-] verbosity is enabled, will show the subdomains results in realtime
584. [-] Searching now in Baidu..
585. [-] Searching now in Yahoo..
586. [-] Searching now in Google..
587. [-] Searching now in Bing..
588. [-] Searching now in Ask..
589. [-] Searching now in Netcraft..
590. [-] Searching now in DNSdumpster..
591. [-] Searching now in Virustotal..
592. [-] Searching now in ThreatCrowd..
593. [-] Searching now in SSL Certificates..
594. [-] Searching now in PassiveDNS..
595. Virustotal: www.civil.gov.sd
596. Virustotal: reg.civil.gov.sd
597. Bing: reg.civil.gov.sd
598. Yahoo: www.civil.gov.sd
599. Yahoo: reg.civil.gov.sd
600. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-civil.gov.sd.txt
601. [-] Total Unique Subdomains Found: 2
602. www.civil.gov.sd
603. reg.civil.gov.sd
604. #######################################################################################################################################
605. crs.civil.gov.sd,196.29.187.154
606. webmail.civil.gov.sd,197.254.200.161
607. mail.civil.gov.sd,197.254.200.161
608. portal.civil.gov.sd,196.29.187.154
609. reg.civil.gov.sd,196.29.187.154
610. #######################################################################################################################################
611. ===============================================
612. -=Subfinder v1.1.3 github.com/subfinder/subfinder
613. ===============================================
614.  
615.  
616. Running Source: Ask
617. Running Source: Archive.is
618. Running Source: Baidu
619. Running Source: Bing
620. Running Source: CertDB
621. Running Source: CertificateTransparency
622. Running Source: Certspotter
623. Running Source: Commoncrawl
624. Running Source: Crt.sh
625. Running Source: Dnsdb
626. Running Source: DNSDumpster
627. Running Source: DNSTable
628. Running Source: Dogpile
629. Running Source: Exalead
630. Running Source: Findsubdomains
631. Running Source: Googleter
632. Running Source: Hackertarget
633. Running Source: Ipv4Info
634. Running Source: PTRArchive
635. Running Source: Sitedossier
636. Running Source: Threatcrowd
637. Running Source: ThreatMiner
638. Running Source: WaybackArchive
639. Running Source: Yahoo
640.  
641. Running enumeration on civil.gov.sd
642.  
643. dnsdb: Unexpected return status 503
644.  
645. archiveis: Get http://archive.is/*.civil.gov.sd: dial tcp 213.183.51.24:80: connect: connection timed out
646.  
647.  
648. Starting Bruteforcing of civil.gov.sd with 9985 words
649.  
650. Total 10 Unique subdomains found for civil.gov.sd
651.  
652. .civil.gov.sd
653. crs.civil.gov.sd
654. mail.civil.gov.sd
655. mail.civil.gov.sd
656. portal.civil.gov.sd
657. reg.civil.gov.sd
658. reg.civil.gov.sd
659. webmail.civil.gov.sd
660. www.civil.gov.sd
661. www.civil.gov.sd
662. #######################################################################################################################################
663. [*] Found SPF record:
664. [*] v=spf1 mx -all
665. [*] SPF record contains an All item: -all
666. [*] No DMARC record found. Looking for organizational record
667. [+] No organizational DMARC record
668. [+] Spoofing possible for civil.gov.sd!
669. #######################################################################################################################################
670. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:38 EST
671. Warning: 62.12.105.6 giving up on port because retransmission cap hit (2).
672. Nmap scan report for civil.gov.sd (62.12.105.6)
673. Host is up (0.39s latency).
674. rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
675. Not shown: 464 filtered ports, 4 closed ports
676. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
677. PORT STATE SERVICE
678. 21/tcp open ftp
679. 80/tcp open http
680. 110/tcp open pop3
681. 443/tcp open https
682. 465/tcp open smtps
683. 993/tcp open imaps
684. 995/tcp open pop3s
685. 8443/tcp open https-alt
686. #######################################################################################################################################
687. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:40 EST
688. Nmap scan report for civil.gov.sd (62.12.105.6)
689. Host is up (0.13s latency).
690. rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
691. Not shown: 2 filtered ports
692. PORT STATE SERVICE
693. 53/udp open|filtered domain
694. 67/udp open|filtered dhcps
695. 68/udp open|filtered dhcpc
696. 69/udp open|filtered tftp
697. 88/udp open|filtered kerberos-sec
698. 123/udp open|filtered ntp
699. 139/udp open|filtered netbios-ssn
700. 161/udp open|filtered snmp
701. 162/udp open|filtered snmptrap
702. 389/udp open|filtered ldap
703. 520/udp open|filtered route
704. 2049/udp open|filtered nfs
705. #######################################################################################################################################
706. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:40 EST
707. Nmap scan report for civil.gov.sd (62.12.105.6)
708. Host is up (0.36s latency).
709. rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
710.  
711. PORT STATE SERVICE VERSION
712. 21/tcp open ftp ProFTPD 1.3.5d
713. | ftp-brute:
714. | Accounts: No valid accounts found
715. |_ Statistics: Performed 1891 guesses in 183 seconds, average tps: 10.1
716. Too many fingerprints match this host to give specific OS details
717. Network Distance: 24 hops
718. Service Info: OS: Unix
719.  
720. TRACEROUTE (using port 21/tcp)
721. HOP RTT ADDRESS
722. 1 124.62 ms 10.249.200.1
723. 2 124.61 ms 190.124.251.129
724. 3 124.63 ms 172.16.21.1
725. 4 184.62 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
726. 5 184.63 ms 192.168.7.2
727. 6 185.01 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
728. 7 185.42 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
729. 8 185.42 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
730. 9 185.68 ms 154.54.47.17
731. 10 198.88 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
732. 11 208.31 ms be2113.ccr42.dca01.atlas.cogentco.com (154.54.24.221)
733. 12 214.29 ms be2807.ccr42.jfk02.atlas.cogentco.com (154.54.40.109)
734. 13 283.72 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
735. 14 290.05 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
736. 15 286.83 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
737. 16 367.67 ms 185.153.20.70
738. 17 365.27 ms 185.153.20.82
739. 18 364.03 ms 185.153.20.94
740. 19 390.49 ms 185.153.20.153
741. 20 ... 21
742. 22 398.24 ms 196.202.145.94
743. 23 ...
744. 24 400.53 ms f03-web04.nic.gov.sd (62.12.105.6)
745. #######################################################################################################################################
746.  
747. wig - WebApp Information Gatherer
748.  
749.  
750. Scanning http://civil.gov.sd...
751. ______________________________________________ SITE INFO ______________________________________________
752. IP Title
753. 62.12.105.6 الإدارة العامة للسجل المدني
754.  
755. _______________________________________________ VERSION _______________________________________________
756. Name Versions Type
757. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
758. 2.4.9
759. PHP 5.4.16 Platform
760. nginx Platform
761. CentOS 7-1511 | 7.0-1406 | 7.1-1503 OS
762. Red Hat Enterprise Linux RHEL-7.0 | RHEL-7.1 | RHEL-7.2 OS
763. Scientific Linux 7.0 | 7.1 | 7.2 OS
764.  
765. _______________________________________________________________________________________________________
766. Time: 108.6 sec Urls: 846 Fingerprints: 40401
767. #######################################################################################################################################
768. HTTP/1.1 200 OK
769. Server: nginx
770. Date: Sat, 16 Feb 2019 08:47:10 GMT
771. Content-Type: text/html
772. Connection: keep-alive
773. X-Powered-By: PHP/5.4.16
774. X-Powered-By: PleskLin
775.  
776. HTTP/1.1 200 OK
777. Server: nginx
778. Date: Sat, 16 Feb 2019 08:47:11 GMT
779. Content-Type: text/html
780. Connection: keep-alive
781. X-Powered-By: PHP/5.4.16
782. X-Powered-By: PleskLin
783. #######################################################################################################################################
784. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:47 EST
785. Nmap scan report for civil.gov.sd (62.12.105.6)
786. Host is up (0.36s latency).
787. rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
788.  
789. PORT STATE SERVICE VERSION
790. 110/tcp open pop3 Dovecot pop3d
791. | pop3-brute:
792. | Accounts: No valid accounts found
793. |_ Statistics: Performed 211 guesses in 191 seconds, average tps: 1.1
794. |_pop3-capabilities: STLS AUTH-RESP-CODE USER UIDL APOP SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) TOP CAPA RESP-CODES PIPELINING
795. Too many fingerprints match this host to give specific OS details
796. Network Distance: 24 hops
797.  
798. TRACEROUTE (using port 443/tcp)
799. HOP RTT ADDRESS
800. 1 124.13 ms 10.249.200.1
801. 2 123.96 ms 190.124.251.129
802. 3 123.99 ms 172.16.21.1
803. 4 183.65 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
804. 5 183.91 ms 192.168.7.2
805. 6 184.17 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
806. 7 184.83 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
807. 8 184.49 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
808. 9 184.26 ms 154.54.47.17
809. 10 198.27 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
810. 11 209.12 ms be2113.ccr42.dca01.atlas.cogentco.com (154.54.24.221)
811. 12 215.91 ms be2807.ccr42.jfk02.atlas.cogentco.com (154.54.40.109)
812. 13 286.28 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
813. 14 290.60 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
814. 15 288.19 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
815. 16 369.18 ms 185.153.20.70
816. 17 369.22 ms 185.153.20.82
817. 18 368.12 ms 185.153.20.94
818. 19 388.77 ms 185.153.20.153
819. 20 ... 21
820. 22 397.84 ms 196.202.145.94
821. 23 ...
822. 24 399.51 ms f03-web04.nic.gov.sd (62.12.105.6)
823. #######################################################################################################################################
824. Version: 1.11.12-static
825. OpenSSL 1.0.2-chacha (1.0.2g-dev)
826.  
827. Connected to 62.12.105.6
828.  
829. Testing SSL server civil.gov.sd on port 443 using SNI name civil.gov.sd
830.  
831. TLS Fallback SCSV:
832. Server supports TLS Fallback SCSV
833.  
834. TLS renegotiation:
835. Secure session renegotiation supported
836.  
837. TLS Compression:
838. Compression disabled
839.  
840. Heartbleed:
841. TLS 1.2 not vulnerable to heartbleed
842. TLS 1.1 not vulnerable to heartbleed
843. TLS 1.0 not vulnerable to heartbleed
844.  
845. Supported Server Cipher(s):
846. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
847. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
848. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
849. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
850. Accepted TLSv1.2 256 bits AES256-SHA256
851. Accepted TLSv1.2 256 bits AES256-SHA
852. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
853. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
854. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
855. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
856. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
857. Accepted TLSv1.2 128 bits AES128-SHA256
858. Accepted TLSv1.2 128 bits AES128-SHA
859. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
860. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
861. Accepted TLSv1.1 256 bits AES256-SHA
862. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
863. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
864. Accepted TLSv1.1 128 bits AES128-SHA
865. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
866. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
867. Accepted TLSv1.0 256 bits AES256-SHA
868. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
869. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
870. Accepted TLSv1.0 128 bits AES128-SHA
871. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
872.  
873. SSL Certificate:
874. Signature Algorithm: sha256WithRSAEncryption
875. RSA Key Strength: 2048
876.  
877. Subject: Plesk
878. Issuer: Plesk
879.  
880. Not valid before: Apr 20 02:45:28 2016 GMT
881. Not valid after: Apr 20 02:45:28 2017 GMT
882. #######################################################################################################################################
883. --------------------------------------------------------
884. <<<Yasuo discovered following vulnerable applications>>>
885. --------------------------------------------------------
886. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
887. | App Name | URL to Application | Potential Exploit | Username | Password |
888. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
889. | phpMyAdmin | https://62.12.105.6:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
890. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
891. #######################################################################################################################################
892. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:28 EST
893. Warning: 62.12.105.6 giving up on port because retransmission cap hit (2).
894. Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
895. Host is up (0.40s latency).
896. Not shown: 464 filtered ports, 4 closed ports
897. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
898. PORT STATE SERVICE
899. 21/tcp open ftp
900. 80/tcp open http
901. 110/tcp open pop3
902. 443/tcp open https
903. 465/tcp open smtps
904. 993/tcp open imaps
905. 995/tcp open pop3s
906. 8443/tcp open https-alt
907. #######################################################################################################################################
908. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:29 EST
909. Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
910. Host is up (0.12s latency).
911. Not shown: 2 filtered ports
912. PORT STATE SERVICE
913. 53/udp open|filtered domain
914. 67/udp open|filtered dhcps
915. 68/udp open|filtered dhcpc
916. 69/udp open|filtered tftp
917. 88/udp open|filtered kerberos-sec
918. 123/udp open|filtered ntp
919. 139/udp open|filtered netbios-ssn
920. 161/udp open|filtered snmp
921. 162/udp open|filtered snmptrap
922. 389/udp open|filtered ldap
923. 520/udp open|filtered route
924. 2049/udp open|filtered nfs
925. #######################################################################################################################################
926. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:29 EST
927. Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
928. Host is up (0.36s latency).
929.  
930. PORT STATE SERVICE VERSION
931. 21/tcp open ftp ProFTPD 1.3.5d
932. | ftp-brute:
933. | Accounts: No valid accounts found
934. |_ Statistics: Performed 1875 guesses in 181 seconds, average tps: 10.1
935. Too many fingerprints match this host to give specific OS details
936. Network Distance: 24 hops
937. Service Info: OS: Unix
938.  
939. TRACEROUTE (using port 21/tcp)
940. HOP RTT ADDRESS
941. 1 123.72 ms 10.249.200.1
942. 2 123.71 ms 190.124.251.129
943. 3 123.75 ms 172.16.21.1
944. 4 183.94 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
945. 5 184.17 ms 192.168.7.2
946. 6 184.16 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
947. 7 184.65 ms 69.25.0.3
948. 8 185.96 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
949. 9 184.96 ms be3401.ccr22.mia01.atlas.cogentco.com (154.54.47.29)
950. 10 198.51 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
951. 11 213.57 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
952. 12 219.52 ms 154.54.40.105
953. 13 291.11 ms be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)
954. 14 290.31 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
955. 15 289.65 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
956. 16 369.31 ms 185.153.20.70
957. 17 369.05 ms 185.153.20.82
958. 18 366.61 ms 185.153.20.94
959. 19 391.01 ms 185.153.20.153
960. 20 ... 21
961. 22 400.60 ms 196.202.145.94
962. 23 ...
963. 24 399.24 ms f03-web04.nic.gov.sd (62.12.105.6)
964. #######################################################################################################################################
965. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:34 EST
966. Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
967. Host is up.
968.  
969. PORT STATE SERVICE VERSION
970. 67/udp open|filtered dhcps
971. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
972. Too many fingerprints match this host to give specific OS details
973.  
974. TRACEROUTE (using proto 1/icmp)
975. HOP RTT ADDRESS
976. 1 124.62 ms 10.249.200.1
977. 2 124.65 ms 190.124.251.129
978. 3 124.31 ms 172.16.21.1
979. 4 184.34 ms 91.205.233.128
980. 5 184.50 ms 192.168.7.2
981. 6 184.51 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
982. 7 185.32 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
983. 8 184.91 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
984. 9 184.53 ms 154.54.47.17
985. 10 199.20 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
986. 11 208.22 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
987. 12 214.57 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
988. 13 283.99 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
989. 14 291.16 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
990. 15 289.78 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
991. 16 370.52 ms 185.153.20.70
992. 17 369.35 ms 185.153.20.82
993. 18 368.39 ms 185.153.20.94
994. 19 390.97 ms 185.153.20.153
995. 20 389.08 ms 212.0.131.109
996. 21 392.26 ms 196.202.137.249
997. 22 401.57 ms 196.202.145.94
998. 23 ... 30
999. #######################################################################################################################################
1000. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:36 EST
1001. Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
1002. Host is up.
1003.  
1004. PORT STATE SERVICE VERSION
1005. 68/udp open|filtered dhcpc
1006. Too many fingerprints match this host to give specific OS details
1007.  
1008. TRACEROUTE (using proto 1/icmp)
1009. HOP RTT ADDRESS
1010. 1 124.42 ms 10.249.200.1
1011. 2 124.40 ms 190.124.251.129
1012. 3 124.69 ms 172.16.21.1
1013. 4 184.62 ms 91.205.233.128
1014. 5 184.60 ms 192.168.7.2
1015. 6 184.87 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1016. 7 186.47 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
1017. 8 184.90 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
1018. 9 184.90 ms 154.54.47.17
1019. 10 198.86 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
1020. 11 207.84 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1021. 12 215.00 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1022. 13 283.42 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
1023. 14 286.59 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
1024. 15 284.78 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1025. 16 365.83 ms 185.153.20.70
1026. 17 364.32 ms 185.153.20.82
1027. 18 363.56 ms 185.153.20.94
1028. 19 385.97 ms 185.153.20.153
1029. 20 388.44 ms 212.0.131.109
1030. 21 391.47 ms 196.202.137.249
1031. 22 399.51 ms 196.202.145.94
1032. 23 ... 30
1033. #######################################################################################################################################
1034. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:38 EST
1035. Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
1036. Host is up.
1037.  
1038. PORT STATE SERVICE VERSION
1039. 69/udp open|filtered tftp
1040. Too many fingerprints match this host to give specific OS details
1041.  
1042. TRACEROUTE (using proto 1/icmp)
1043. HOP RTT ADDRESS
1044. 1 124.28 ms 10.249.200.1
1045. 2 124.31 ms 190.124.251.129
1046. 3 124.32 ms 172.16.21.1
1047. 4 184.48 ms 91.205.233.128
1048. 5 184.46 ms 192.168.7.2
1049. 6 184.52 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1050. 7 185.27 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
1051. 8 194.51 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
1052. 9 184.57 ms 154.54.47.17
1053. 10 199.02 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
1054. 11 209.65 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1055. 12 215.82 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1056. 13 285.22 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
1057. 14 286.27 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
1058. 15 284.99 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1059. 16 365.76 ms 185.153.20.70
1060. 17 364.37 ms 185.153.20.82
1061. 18 363.28 ms 185.153.20.94
1062. 19 385.01 ms 185.153.20.153
1063. 20 388.36 ms 212.0.131.109
1064. 21 390.57 ms 196.202.137.249
1065. 22 399.18 ms 196.202.145.94
1066. 23 ... 30
1067. #######################################################################################################################################
1068. wig - WebApp Information Gatherer
1069.  
1070.  
1071. Scanning http://62.12.105.6...
1072. _________________________________________ SITE INFO _________________________________________
1073. IP Title
1074. 62.12.105.6 Domain Default page
1075.  
1076. __________________________________________ VERSION __________________________________________
1077. Name Versions Type
1078. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
1079. 2.4.9
1080. nginx Platform
1081.  
1082. _____________________________________________________________________________________________
1083. Time: 74.2 sec Urls: 811 Fingerprints: 40401
1084. #######################################################################################################################################
1085. HTTP/1.1 200 OK
1086. Server: nginx
1087. Date: Sat, 16 Feb 2019 08:42:47 GMT
1088. Content-Type: text/html
1089. Content-Length: 3750
1090. Connection: keep-alive
1091. Last-Modified: Wed, 31 Jan 2018 01:43:44 GMT
1092. ETag: "ea6-564089c14acef"
1093. Accept-Ranges: bytes
1094.  
1095. HTTP/1.1 200 OK
1096. Server: nginx
1097. Date: Sat, 16 Feb 2019 08:42:48 GMT
1098. Content-Type: text/html
1099. Content-Length: 3750
1100. Connection: keep-alive
1101. Last-Modified: Wed, 31 Jan 2018 01:43:44 GMT
1102. ETag: "ea6-564089c14acef"
1103. Accept-Ranges: bytes
1104. #######################################################################################################################################
1105. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:42 EST
1106. Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
1107. Host is up (0.36s latency).
1108.  
1109. PORT STATE SERVICE VERSION
1110. 110/tcp open pop3 Dovecot pop3d
1111. | pop3-brute:
1112. | Accounts: No valid accounts found
1113. | Statistics: Performed 70 guesses in 62 seconds, average tps: 1.1
1114. |_ ERROR: Failed to connect.
1115. |_pop3-capabilities: PIPELINING CAPA UIDL TOP RESP-CODES STLS AUTH-RESP-CODE SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) USER APOP
1116. Too many fingerprints match this host to give specific OS details
1117. Network Distance: 24 hops
1118.  
1119. TRACEROUTE (using port 443/tcp)
1120. HOP RTT ADDRESS
1121. 1 130.68 ms 10.249.200.1
1122. 2 130.72 ms 190.124.251.129
1123. 3 130.75 ms 172.16.21.1
1124. 4 183.47 ms ip4-91-205-233-128.rdns.racklodge.com (91.205.233.128)
1125. 5 187.69 ms 192.168.7.2
1126. 6 187.66 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1127. 7 189.30 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
1128. 8 188.51 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
1129. 9 188.75 ms 154.54.47.29
1130. 10 201.79 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
1131. 11 208.71 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1132. 12 215.48 ms 154.54.40.105
1133. 13 286.98 ms be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)
1134. 14 286.81 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
1135. 15 287.06 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1136. 16 366.50 ms 185.153.20.70
1137. 17 366.51 ms 185.153.20.82
1138. 18 364.07 ms 185.153.20.94
1139. 19 389.66 ms 185.153.20.153
1140. 20 ... 21
1141. 22 402.07 ms 196.202.145.94
1142. 23 ...
1143. 24 402.44 ms f03-web04.nic.gov.sd (62.12.105.6)
1144. #######################################################################################################################################
1145. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:44 EST
1146. Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
1147. Host is up.
1148.  
1149. PORT STATE SERVICE VERSION
1150. 123/udp open|filtered ntp
1151. Too many fingerprints match this host to give specific OS details
1152.  
1153. TRACEROUTE (using proto 1/icmp)
1154. HOP RTT ADDRESS
1155. 1 124.53 ms 10.249.200.1
1156. 2 125.04 ms 190.124.251.129
1157. 3 124.59 ms 172.16.21.1
1158. 4 184.23 ms 91.205.233.128
1159. 5 184.70 ms 192.168.7.2
1160. 6 184.70 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1161. 7 185.27 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
1162. 8 185.27 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
1163. 9 184.76 ms 154.54.47.17
1164. 10 199.07 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
1165. 11 209.55 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1166. 12 216.11 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1167. 13 284.97 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
1168. 14 287.75 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
1169. 15 286.55 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1170. 16 367.35 ms 185.153.20.70
1171. 17 366.45 ms 185.153.20.82
1172. 18 365.17 ms 185.153.20.94
1173. 19 387.76 ms 185.153.20.153
1174. 20 388.31 ms 212.0.131.109
1175. 21 391.32 ms 196.202.137.249
1176. 22 403.76 ms 196.202.145.94
1177. 23 ... 30
1178. #######################################################################################################################################
1179. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:47 EST
1180. Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
1181. Host is up (0.40s latency).
1182.  
1183. PORT STATE SERVICE VERSION
1184. 161/tcp filtered snmp
1185. 161/udp open|filtered snmp
1186. Too many fingerprints match this host to give specific OS details
1187.  
1188. TRACEROUTE (using proto 1/icmp)
1189. HOP RTT ADDRESS
1190. 1 123.25 ms 10.249.200.1
1191. 2 123.27 ms 190.124.251.129
1192. 3 123.26 ms 172.16.21.1
1193. 4 183.41 ms 91.205.233.128
1194. 5 183.23 ms 192.168.7.2
1195. 6 183.43 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1196. 7 184.09 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
1197. 8 184.11 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
1198. 9 183.45 ms 154.54.47.17
1199. 10 197.51 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
1200. 11 208.93 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1201. 12 215.06 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1202. 13 288.75 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
1203. 14 285.10 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
1204. 15 283.42 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1205. 16 364.37 ms 185.153.20.70
1206. 17 363.24 ms 185.153.20.82
1207. 18 362.19 ms 185.153.20.94
1208. 19 384.84 ms 185.153.20.153
1209. 20 386.49 ms 212.0.131.109
1210. 21 390.38 ms 196.202.137.249
1211. 22 400.44 ms 196.202.145.94
1212. 23 ... 30
1213. #######################################################################################################################################
1214. Version: 1.11.12-static
1215. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1216.  
1217. Connected to 62.12.105.6
1218.  
1219. Testing SSL server 62.12.105.6 on port 443 using SNI name 62.12.105.6
1220.  
1221. TLS Fallback SCSV:
1222. Server supports TLS Fallback SCSV
1223.  
1224. TLS renegotiation:
1225. Secure session renegotiation supported
1226.  
1227. TLS Compression:
1228. Compression disabled
1229.  
1230. Heartbleed:
1231. TLS 1.2 not vulnerable to heartbleed
1232. TLS 1.1 not vulnerable to heartbleed
1233. TLS 1.0 not vulnerable to heartbleed
1234.  
1235. Supported Server Cipher(s):
1236. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1237. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1238. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1239. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1240. Accepted TLSv1.2 256 bits AES256-SHA256
1241. Accepted TLSv1.2 256 bits AES256-SHA
1242. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1243. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1244. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1245. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1246. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1247. Accepted TLSv1.2 128 bits AES128-SHA256
1248. Accepted TLSv1.2 128 bits AES128-SHA
1249. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1250. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1251. Accepted TLSv1.1 256 bits AES256-SHA
1252. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1253. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1254. Accepted TLSv1.1 128 bits AES128-SHA
1255. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1256. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1257. Accepted TLSv1.0 256 bits AES256-SHA
1258. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
1259. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1260. Accepted TLSv1.0 128 bits AES128-SHA
1261. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
1262.  
1263. SSL Certificate:
1264. Signature Algorithm: sha256WithRSAEncryption
1265. RSA Key Strength: 2048
1266.  
1267. Subject: Plesk
1268. Issuer: Plesk
1269.  
1270. Not valid before: Apr 20 02:45:28 2016 GMT
1271. Not valid after: Apr 20 02:45:28 2017 GMT
1272. #######################################################################################################################################
1273. --------------------------------------------------------
1274. <<<Yasuo discovered following vulnerable applications>>>
1275. --------------------------------------------------------
1276. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
1277. | App Name | URL to Application | Potential Exploit | Username | Password |
1278. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
1279. | phpMyAdmin | https://62.12.105.6:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
1280. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
1281. #######################################################################################################################################
1282. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 04:59 EST
1283. NSE: Loaded 148 scripts for scanning.
1284. NSE: Script Pre-scanning.
1285. NSE: Starting runlevel 1 (of 2) scan.
1286. Initiating NSE at 04:59
1287. Completed NSE at 04:59, 0.00s elapsed
1288. NSE: Starting runlevel 2 (of 2) scan.
1289. Initiating NSE at 04:59
1290. Completed NSE at 04:59, 0.00s elapsed
1291. Initiating Ping Scan at 04:59
1292. Scanning 62.12.105.6 [4 ports]
1293. Completed Ping Scan at 04:59, 0.45s elapsed (1 total hosts)
1294. Initiating Parallel DNS resolution of 1 host. at 04:59
1295. Completed Parallel DNS resolution of 1 host. at 04:59, 0.02s elapsed
1296. Initiating Connect Scan at 04:59
1297. Scanning f03-web04.nic.gov.sd (62.12.105.6) [1000 ports]
1298. Discovered open port 80/tcp on 62.12.105.6
1299. Discovered open port 993/tcp on 62.12.105.6
1300. Discovered open port 21/tcp on 62.12.105.6
1301. Discovered open port 443/tcp on 62.12.105.6
1302. Discovered open port 995/tcp on 62.12.105.6
1303. Discovered open port 110/tcp on 62.12.105.6
1304. Discovered open port 465/tcp on 62.12.105.6
1305. Discovered open port 8443/tcp on 62.12.105.6
1306. Completed Connect Scan at 04:59, 22.78s elapsed (1000 total ports)
1307. Initiating Service scan at 04:59
1308. Scanning 8 services on f03-web04.nic.gov.sd (62.12.105.6)
1309. Completed Service scan at 04:59, 16.03s elapsed (8 services on 1 host)
1310. Initiating OS detection (try #1) against f03-web04.nic.gov.sd (62.12.105.6)
1311. Retrying OS detection (try #2) against f03-web04.nic.gov.sd (62.12.105.6)
1312. Initiating Traceroute at 04:59
1313. Completed Traceroute at 04:59, 3.63s elapsed
1314. Initiating Parallel DNS resolution of 22 hosts. at 04:59
1315. Completed Parallel DNS resolution of 22 hosts. at 05:00, 16.50s elapsed
1316. NSE: Script scanning 62.12.105.6.
1317. NSE: Starting runlevel 1 (of 2) scan.
1318. Initiating NSE at 05:00
1319. NSE Timing: About 98.81% done; ETC: 05:00 (0:00:00 remaining)
1320. NSE Timing: About 98.90% done; ETC: 05:01 (0:00:01 remaining)
1321. NSE Timing: About 99.27% done; ETC: 05:01 (0:00:01 remaining)
1322. NSE Timing: About 99.63% done; ETC: 05:02 (0:00:00 remaining)
1323. NSE Timing: About 99.82% done; ETC: 05:02 (0:00:00 remaining)
1324. NSE Timing: About 99.91% done; ETC: 05:03 (0:00:00 remaining)
1325. Completed NSE at 05:03, 192.95s elapsed
1326. NSE: Starting runlevel 2 (of 2) scan.
1327. Initiating NSE at 05:03
1328. Completed NSE at 05:03, 0.81s elapsed
1329. Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
1330. Host is up, received syn-ack ttl 45 (0.37s latency).
1331. Scanned at 2019-02-16 04:59:07 EST for 262s
1332. Not shown: 987 filtered ports
1333. Reason: 986 no-responses and 1 host-unreach
1334. PORT STATE SERVICE REASON VERSION
1335. 20/tcp closed ftp-data conn-refused
1336. 21/tcp open ftp syn-ack ProFTPD 1.3.5d
1337. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
1338. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
1339. | Public Key type: rsa
1340. | Public Key bits: 2048
1341. | Signature Algorithm: sha256WithRSAEncryption
1342. | Not valid before: 2016-04-20T02:45:28
1343. | Not valid after: 2017-04-20T02:45:28
1344. | MD5: 7790 b36b c2b6 d7ed 7ba2 d554 6da3 7722
1345. | SHA-1: 841a 764b b72e 7a1d 9675 599a 9f2c 7fcf d4fa 5c45
1346. | -----BEGIN CERTIFICATE-----
1347. | MIIDfTCCAmUCBFcW7UgwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
1348. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
1349. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
1350. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDUyOFoXDTE3MDQyMDAyNDUy
1351. | OFowgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
1352. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
1353. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
1354. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/mGOjB9R263rGI70CUL//UClIxX9sRm
1355. | IuKfcX9ZsryYXi9ZY1nks2E4EzVce2cIahRlr/KtupiVwgPqAyxnBnoNAnoJf0au
1356. | +6bdHYIwmCinxYihoCRDk/NSJkVkxP6mfI/lz6Pj4ph8kU+FZHoFsvxGPFe8xenD
1357. | 25LSnXXD/RsnNScXU0QkriBF7mwajEjJeed77Z1++29i1U0Z+5kwP6k9WogbBHiP
1358. | 1DnqSeNaIAqS/JGoLYcZxERrikSbDolKGcBor2Btj/+ntbQ/cGIp0u6TOreSysYL
1359. | dosYZJlki/cyRqIOFw/Ey0OJ+E1rjNxRJFt6ix1SmtjTvWqMiwmUXwIDAQABMA0G
1360. | CSqGSIb3DQEBCwUAA4IBAQALJy22o5EMfr+JcQU0y921/8otr5ONs3kDKA0aTw48
1361. | 0+i3fqVTVxbuNLGwBc6UJOA5+ZUsRK4hHz+uchwiJ63In3Qeurp7/f6aUhlNSEHs
1362. | wirA7AIRjE6nmMWVBkL7eoCql45VqTbtKvfF//hDV3Y7H9wpXYmv3W5D7lW1leuY
1363. | zeEXwHUvkVzulFLW5UsgW06L6wID/qDwjCe5n+qxTWBWT9rf66w+ZOpMKjqI2+ds
1364. | S/QW/9BYVSdYdiercNJ8ubWzB27o/GPYAZGKA6zQFlAOqI2KSyI/v8wmp4McanHB
1365. | kSU3KNEZZO9gSQwBk+pRKTnwnvwnMC7NIc6zoS7rq4Gp
1366. |_-----END CERTIFICATE-----
1367. |_ssl-date: TLS randomness does not represent time
1368. 25/tcp closed smtp conn-refused
1369. 80/tcp open http syn-ack nginx
1370. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1371. | http-methods:
1372. |_ Supported Methods: GET HEAD POST OPTIONS
1373. |_http-server-header: nginx
1374. |_http-title: Domain Default page
1375. 110/tcp open pop3 syn-ack Dovecot pop3d
1376. |_pop3-capabilities: STLS CAPA SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) RESP-CODES TOP UIDL PIPELINING USER APOP AUTH-RESP-CODE
1377. |_ssl-date: TLS randomness does not represent time
1378. 113/tcp closed ident conn-refused
1379. 139/tcp closed netbios-ssn conn-refused
1380. 443/tcp open ssl/http syn-ack nginx
1381. |_http-server-header: nginx
1382. |_http-title: 400 The plain HTTP request was sent to HTTPS port
1383. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
1384. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
1385. | Public Key type: rsa
1386. | Public Key bits: 2048
1387. | Signature Algorithm: sha256WithRSAEncryption
1388. | Not valid before: 2016-04-20T02:45:28
1389. | Not valid after: 2017-04-20T02:45:28
1390. | MD5: 7790 b36b c2b6 d7ed 7ba2 d554 6da3 7722
1391. | SHA-1: 841a 764b b72e 7a1d 9675 599a 9f2c 7fcf d4fa 5c45
1392. | -----BEGIN CERTIFICATE-----
1393. | MIIDfTCCAmUCBFcW7UgwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
1394. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
1395. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
1396. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDUyOFoXDTE3MDQyMDAyNDUy
1397. | OFowgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
1398. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
1399. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
1400. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/mGOjB9R263rGI70CUL//UClIxX9sRm
1401. | IuKfcX9ZsryYXi9ZY1nks2E4EzVce2cIahRlr/KtupiVwgPqAyxnBnoNAnoJf0au
1402. | +6bdHYIwmCinxYihoCRDk/NSJkVkxP6mfI/lz6Pj4ph8kU+FZHoFsvxGPFe8xenD
1403. | 25LSnXXD/RsnNScXU0QkriBF7mwajEjJeed77Z1++29i1U0Z+5kwP6k9WogbBHiP
1404. | 1DnqSeNaIAqS/JGoLYcZxERrikSbDolKGcBor2Btj/+ntbQ/cGIp0u6TOreSysYL
1405. | dosYZJlki/cyRqIOFw/Ey0OJ+E1rjNxRJFt6ix1SmtjTvWqMiwmUXwIDAQABMA0G
1406. | CSqGSIb3DQEBCwUAA4IBAQALJy22o5EMfr+JcQU0y921/8otr5ONs3kDKA0aTw48
1407. | 0+i3fqVTVxbuNLGwBc6UJOA5+ZUsRK4hHz+uchwiJ63In3Qeurp7/f6aUhlNSEHs
1408. | wirA7AIRjE6nmMWVBkL7eoCql45VqTbtKvfF//hDV3Y7H9wpXYmv3W5D7lW1leuY
1409. | zeEXwHUvkVzulFLW5UsgW06L6wID/qDwjCe5n+qxTWBWT9rf66w+ZOpMKjqI2+ds
1410. | S/QW/9BYVSdYdiercNJ8ubWzB27o/GPYAZGKA6zQFlAOqI2KSyI/v8wmp4McanHB
1411. | kSU3KNEZZO9gSQwBk+pRKTnwnvwnMC7NIc6zoS7rq4Gp
1412. |_-----END CERTIFICATE-----
1413. |_ssl-date: TLS randomness does not represent time
1414. | tls-alpn:
1415. | h2
1416. |_ http/1.1
1417. | tls-nextprotoneg:
1418. | h2
1419. |_ http/1.1
1420. 445/tcp closed microsoft-ds conn-refused
1421. 465/tcp open ssl/smtps? syn-ack
1422. |_smtp-commands: Couldn't establish connection on port 465
1423. |_ssl-date: TLS randomness does not represent time
1424. 993/tcp open ssl/imaps? syn-ack
1425. |_ssl-date: TLS randomness does not represent time
1426. 995/tcp open ssl/pop3s? syn-ack
1427. |_ssl-date: TLS randomness does not represent time
1428. 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.5.3)
1429. | http-methods:
1430. |_ Supported Methods: GET HEAD POST OPTIONS
1431. |_http-server-header: sw-cp-server
1432. | http-title: Plesk Onyx 17.5.3
1433. |_Requested resource was https://f03-web04.nic.gov.sd:8443/
1434. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
1435. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
1436. | Public Key type: rsa
1437. | Public Key bits: 2048
1438. | Signature Algorithm: sha256WithRSAEncryption
1439. | Not valid before: 2016-04-20T02:45:28
1440. | Not valid after: 2017-04-20T02:45:28
1441. | MD5: 7790 b36b c2b6 d7ed 7ba2 d554 6da3 7722
1442. | SHA-1: 841a 764b b72e 7a1d 9675 599a 9f2c 7fcf d4fa 5c45
1443. | -----BEGIN CERTIFICATE-----
1444. | MIIDfTCCAmUCBFcW7UgwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
1445. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
1446. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
1447. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDUyOFoXDTE3MDQyMDAyNDUy
1448. | OFowgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
1449. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
1450. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
1451. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/mGOjB9R263rGI70CUL//UClIxX9sRm
1452. | IuKfcX9ZsryYXi9ZY1nks2E4EzVce2cIahRlr/KtupiVwgPqAyxnBnoNAnoJf0au
1453. | +6bdHYIwmCinxYihoCRDk/NSJkVkxP6mfI/lz6Pj4ph8kU+FZHoFsvxGPFe8xenD
1454. | 25LSnXXD/RsnNScXU0QkriBF7mwajEjJeed77Z1++29i1U0Z+5kwP6k9WogbBHiP
1455. | 1DnqSeNaIAqS/JGoLYcZxERrikSbDolKGcBor2Btj/+ntbQ/cGIp0u6TOreSysYL
1456. | dosYZJlki/cyRqIOFw/Ey0OJ+E1rjNxRJFt6ix1SmtjTvWqMiwmUXwIDAQABMA0G
1457. | CSqGSIb3DQEBCwUAA4IBAQALJy22o5EMfr+JcQU0y921/8otr5ONs3kDKA0aTw48
1458. | 0+i3fqVTVxbuNLGwBc6UJOA5+ZUsRK4hHz+uchwiJ63In3Qeurp7/f6aUhlNSEHs
1459. | wirA7AIRjE6nmMWVBkL7eoCql45VqTbtKvfF//hDV3Y7H9wpXYmv3W5D7lW1leuY
1460. | zeEXwHUvkVzulFLW5UsgW06L6wID/qDwjCe5n+qxTWBWT9rf66w+ZOpMKjqI2+ds
1461. | S/QW/9BYVSdYdiercNJ8ubWzB27o/GPYAZGKA6zQFlAOqI2KSyI/v8wmp4McanHB
1462. | kSU3KNEZZO9gSQwBk+pRKTnwnvwnMC7NIc6zoS7rq4Gp
1463. |_-----END CERTIFICATE-----
1464. |_ssl-date: TLS randomness does not represent time
1465. | tls-nextprotoneg:
1466. |_ http/1.1
1467. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
1468. Aggressive OS guesses: AVtech Room Alert 26W environmental monitor (98%), HP ProCurve Secure Router 7102dl (93%), Ricoh Aficio SP C240SF printer (93%), Linksys BEFSR41 EtherFast router (91%), OpenBSD 4.0 (91%), FreeBSD 6.2-RELEASE (90%), Linux 2.6.18 - 2.6.22 (90%), OpenBSD 4.3 (90%), Android 7.1.2 (Linux 3.10) (90%), Apple AirPort Extreme WAP (88%)
1469. No exact OS matches for host (test conditions non-ideal).
1470. TCP/IP fingerprint:
1471. SCAN(V=7.70%E=4%D=2/16%OT=21%CT=20%CU=%PV=N%G=N%TM=5C67DFF1%P=x86_64-pc-linux-gnu)
1472. SEQ(SP=109%GCD=1%ISR=10A%TI=Z%TS=U)
1473. OPS(O1=M4B3W7N%O2=M4B3W7N%O3=M4B3W7N%O4=M4B3W7N%O5=M4B3W7N%O6=M4B3)
1474. WIN(W1=7210%W2=7210%W3=7210%W4=7210%W5=7210%W6=7210)
1475. ECN(R=Y%DF=Y%TG=40%W=7210%O=M4B3W7N%CC=Y%Q=)
1476. ECN(R=N)
1477. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
1478. T2(R=N)
1479. T3(R=N)
1480. T4(R=N)
1481. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
1482. T6(R=N)
1483. T7(R=N)
1484. U1(R=N)
1485. IE(R=N)
1486.  
1487. Service Info: OS: Unix
1488.  
1489. TRACEROUTE (using proto 1/icmp)
1490. HOP RTT ADDRESS
1491. 1 124.54 ms 10.249.200.1
1492. 2 124.58 ms 190.124.251.129
1493. 3 124.58 ms 172.16.21.1
1494. 4 184.65 ms 91.205.233.128
1495. 5 184.68 ms 192.168.7.2
1496. 6 184.93 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1497. 7 185.38 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
1498. 8 185.16 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
1499. 9 184.96 ms 154.54.47.17
1500. 10 199.21 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
1501. 11 210.35 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1502. 12 216.75 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1503. 13 285.71 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
1504. 14 286.01 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
1505. 15 284.80 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1506. 16 365.48 ms 185.153.20.70
1507. 17 364.26 ms 185.153.20.82
1508. 18 363.02 ms 185.153.20.94
1509. 19 404.59 ms 185.153.20.153
1510. 20 388.48 ms 212.0.131.109
1511. 21 389.28 ms 196.202.137.249
1512. 22 400.00 ms 196.202.145.94
1513. 23 ... 30
1514.  
1515. NSE: Script Post-scanning.
1516. NSE: Starting runlevel 1 (of 2) scan.
1517. Initiating NSE at 05:03
1518. Completed NSE at 05:03, 0.00s elapsed
1519. NSE: Starting runlevel 2 (of 2) scan.
1520. Initiating NSE at 05:03
1521. Completed NSE at 05:03, 0.00s elapsed
1522. Read data files from: /usr/bin/../share/nmap
1523. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1524. Nmap done: 1 IP address (1 host up) scanned in 262.93 seconds
1525. Raw packets sent: 140 (10.568KB) | Rcvd: 180 (32.261KB)
1526. #######################################################################################################################################
1527. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 05:03 EST
1528. NSE: Loaded 148 scripts for scanning.
1529. NSE: Script Pre-scanning.
1530. Initiating NSE at 05:03
1531. Completed NSE at 05:03, 0.00s elapsed
1532. Initiating NSE at 05:03
1533. Completed NSE at 05:03, 0.00s elapsed
1534. Initiating Parallel DNS resolution of 1 host. at 05:03
1535. Completed Parallel DNS resolution of 1 host. at 05:03, 0.02s elapsed
1536. Initiating UDP Scan at 05:03
1537. Scanning f03-web04.nic.gov.sd (62.12.105.6) [14 ports]
1538. Completed UDP Scan at 05:03, 2.17s elapsed (14 total ports)
1539. Initiating Service scan at 05:03
1540. Scanning 12 services on f03-web04.nic.gov.sd (62.12.105.6)
1541. Service scan Timing: About 8.33% done; ETC: 05:23 (0:17:58 remaining)
1542. Completed Service scan at 05:05, 102.58s elapsed (12 services on 1 host)
1543. Initiating OS detection (try #1) against f03-web04.nic.gov.sd (62.12.105.6)
1544. Retrying OS detection (try #2) against f03-web04.nic.gov.sd (62.12.105.6)
1545. Initiating Traceroute at 05:05
1546. Completed Traceroute at 05:05, 7.19s elapsed
1547. Initiating Parallel DNS resolution of 1 host. at 05:05
1548. Completed Parallel DNS resolution of 1 host. at 05:05, 0.03s elapsed
1549. NSE: Script scanning 62.12.105.6.
1550. Initiating NSE at 05:05
1551. Completed NSE at 05:05, 20.33s elapsed
1552. Initiating NSE at 05:05
1553. Completed NSE at 05:05, 1.02s elapsed
1554. Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
1555. Host is up (0.12s latency).
1556.  
1557. PORT STATE SERVICE VERSION
1558. 53/udp open|filtered domain
1559. 67/udp open|filtered dhcps
1560. 68/udp open|filtered dhcpc
1561. 69/udp open|filtered tftp
1562. 88/udp open|filtered kerberos-sec
1563. 123/udp open|filtered ntp
1564. 137/udp filtered netbios-ns
1565. 138/udp filtered netbios-dgm
1566. 139/udp open|filtered netbios-ssn
1567. 161/udp open|filtered snmp
1568. 162/udp open|filtered snmptrap
1569. 389/udp open|filtered ldap
1570. 520/udp open|filtered route
1571. 2049/udp open|filtered nfs
1572. Too many fingerprints match this host to give specific OS details
1573.  
1574. TRACEROUTE (using port 137/udp)
1575. HOP RTT ADDRESS
1576. 1 124.08 ms 10.249.200.1
1577. 2 ... 3
1578. 4 122.72 ms 10.249.200.1
1579. 5 126.58 ms 10.249.200.1
1580. 6 126.59 ms 10.249.200.1
1581. 7 126.57 ms 10.249.200.1
1582. 8 126.42 ms 10.249.200.1
1583. 9 126.42 ms 10.249.200.1
1584. 10 126.43 ms 10.249.200.1
1585. 11 ... 18
1586. 19 124.03 ms 10.249.200.1
1587. 20 123.85 ms 10.249.200.1
1588. 21 ... 28
1589. 29 124.64 ms 10.249.200.1
1590. 30 126.37 ms 10.249.200.1
1591.  
1592. NSE: Script Post-scanning.
1593. Initiating NSE at 05:05
1594. Completed NSE at 05:05, 0.00s elapsed
1595. Initiating NSE at 05:05
1596. Completed NSE at 05:05, 0.00s elapsed
1597. Read data files from: /usr/bin/../share/nmap
1598. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1599. Nmap done: 1 IP address (1 host up) scanned in 138.65 seconds
1600. Raw packets sent: 147 (13.614KB) | Rcvd: 92 (14.155KB)
1601. #######################################################################################################################################
1602. - Nikto v2.1.6
1603. ---------------------------------------------------------------------------------------------------------------------------------------
1604. + Target IP: 62.12.105.6
1605. + Target Hostname: 62.12.105.6
1606. + Target Port: 443
1607. ---------------------------------------------------------------------------------------------------------------------------------------
1608. + SSL Info: Subject: /C=US/ST=Washington/L=Seattle/O=Odin/OU=Plesk/CN=Plesk/emailAddress=info@plesk.com
1609. Ciphers: ECDHE-RSA-AES256-GCM-SHA384
1610. Issuer: /C=US/ST=Washington/L=Seattle/O=Odin/OU=Plesk/CN=Plesk/emailAddress=info@plesk.com
1611. + Start Time: 2019-02-16 04:28:29 (GMT-5)
1612. ---------------------------------------------------------------------------------------------------------------------------------------
1613. + Server: nginx
1614. + Server leaks inodes via ETags, header found with file /, fields: 0xea6 0x564089c14acef
1615. + The anti-clickjacking X-Frame-Options header is not present.
1616. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
1617. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
1618. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
1619. + Hostname '62.12.105.6' does not match certificate's names: Plesk
1620. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
1621. ---------------------------------------------------------------------------------------------------------------------------------------
1622. #######################################################################################################################################
1623. Anonymous JTSEC #OpSudan Full Recon #14