Anonymous JTSEC #OpSudan Full Recon #13

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname aldabba.gov.sd ISP NICDC
4. Continent Africa Flag
5. SD
6. Country Sudan Country Code SD
7. Region Unknown Local time 16 Feb 2019 02:06 CAT
8. City Unknown Postal Code Unknown
9. IP Address 62.12.105.4 Latitude 15
10. Longitude 30
11. =======================================================================================================================================
12. #######################################################################################################################################
13. > aldabba.gov.sd
14. Server: 38.132.106.139
15. Address: 38.132.106.139#53
16.  
17. Non-authoritative answer:
18. Name: aldabba.gov.sd
19. Address: 62.12.105.4
20. >
21. #######################################################################################################################################
22. HostIP:62.12.105.4
23. HostName:aldabba.gov.sd
24.  
25. Gathered Inet-whois information for 62.12.105.4
26. ---------------------------------------------------------------------------------------------------------------------------------------
27.  
28.  
29. inetnum: 62.12.96.0 - 62.12.127.255
30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
31. descr: IPv4 address block not managed by the RIPE NCC
32. remarks: ------------------------------------------------------
33. remarks:
34. remarks: For registration information,
35. remarks: you can consult the following sources:
36. remarks:
37. remarks: IANA
38. remarks: http://www.iana.org/assignments/ipv4-address-space
39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
41. remarks:
42. remarks: AFRINIC (Africa)
43. remarks: http://www.afrinic.net/ whois.afrinic.net
44. remarks:
45. remarks: APNIC (Asia Pacific)
46. remarks: http://www.apnic.net/ whois.apnic.net
47. remarks:
48. remarks: ARIN (Northern America)
49. remarks: http://www.arin.net/ whois.arin.net
50. remarks:
51. remarks: LACNIC (Latin America and the Carribean)
52. remarks: http://www.lacnic.net/ whois.lacnic.net
53. remarks:
54. remarks: ------------------------------------------------------
55. country: EU # Country is really world wide
56. admin-c: IANA1-RIPE
57. tech-c: IANA1-RIPE
58. status: ALLOCATED UNSPECIFIED
59. mnt-by: RIPE-NCC-HM-MNT
60. created: 2019-01-07T10:46:54Z
61. last-modified: 2019-01-07T10:46:54Z
62. source: RIPE
63.  
64. role: Internet Assigned Numbers Authority
65. address: see http://www.iana.org.
66. admin-c: IANA1-RIPE
67. tech-c: IANA1-RIPE
68. nic-hdl: IANA1-RIPE
69. remarks: For more information on IANA services
70. remarks: go to IANA web site at http://www.iana.org.
71. mnt-by: RIPE-NCC-MNT
72. created: 1970-01-01T00:00:00Z
73. last-modified: 2001-09-22T09:31:27Z
74. source: RIPE # Filtered
75.  
76. % This query was served by the RIPE Database Query Service version 1.92.6 (WAGYU)
77.  
78.  
79.  
80. Gathered Inic-whois information for aldabba.gov.sd
81. ---------------------------------
82. Error: Unable to connect - Invalid Host
83. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
84. close error
85.  
86. Gathered Netcraft information for aldabba.gov.sd
87. ---------------------------------
88.  
89. Retrieving Netcraft.com information for aldabba.gov.sd
90. Netcraft.com Information gathered
91.  
92. Gathered Subdomain information for aldabba.gov.sd
93. ---------------------------------
94. Searching Google.com:80...
95. HostName:www.aldabba.gov.sd
96. HostIP:62.12.105.4
97. Searching Altavista.com:80...
98. Found 1 possible subdomain(s) for host aldabba.gov.sd, Searched 0 pages containing 0 results
99.  
100. Gathered E-Mail information for aldabba.gov.sd
101. ---------------------------------
102. Searching Google.com:80...
103. Searching Altavista.com:80...
104. Found 0 E-Mail(s) for host aldabba.gov.sd, Searched 0 pages containing 0 results
105.  
106. Gathered TCP Port information for 62.12.105.4
107. ---------------------------------------------------------------------------------------------------------------------------------------
108.  
109. Port State
110.  
111. 21/tcp open
112. 80/tcp open
113. 110/tcp open
114. 143/tcp open
115.  
116. Portscan Finished: Scanned 150 ports, 5 ports were in state closed
117. #######################################################################################################################################
118. [i] Scanning Site: http://aldabba.gov.sd
119.  
120.  
121.  
122. B A S I C I N F O
123. =======================================================================================================================================
124.  
125.  
126. [+] Site Title: محلية الدبة
127. [+] IP address: 62.12.105.4
128. [+] Web Server: Could Not Detect
129. [+] CMS: Joomla
130. [+] Cloudflare: Not Detected
131. [+] Robots File: Found
132.  
133. -------------[ contents ]----------------
134. User-agent: *
135. Disallow: /administrator/
136. Disallow: /cache/
137. Disallow: /components/
138. Disallow: /images/
139. Disallow: /includes/
140. Disallow: /installation/
141. Disallow: /language/
142. Disallow: /libraries/
143. Disallow: /media/
144. Disallow: /modules/
145. Disallow: /plugins/
146. Disallow: /templates/
147. Disallow: /tmp/
148. Disallow: /xmlrpc/
149.  
150. -----------[end of contents]-------------
151.  
152.  
153.  
154. G E O I P L O O K U P
155. =======================================================================================================================================
156.  
157. [i] IP Address: 62.12.105.4
158. [i] Country: Sudan
159. [i] State:
160. [i] City:
161. [i] Latitude: 15.0
162. [i] Longitude: 30.0
163.  
164.  
165.  
166.  
167. H T T P H E A D E R S
168. =======================================================================================================================================
169.  
170.  
171. [i] HTTP/1.1 200 OK
172. [i] Date: Fri, 15 Feb 2019 23:26:51 GMT
173. [i] Content-Type: text/html; charset=utf-8
174. [i] Content-Length: 45294
175. [i] X-Powered-By: PHP/5.4.16
176. [i] P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
177. [i] Expires: Mon, 1 Jan 2001 00:00:00 GMT
178. [i] Cache-Control: post-check=0, pre-check=0
179. [i] Pragma: no-cache
180. [i] Set-Cookie: dba52603cb1126534e3b339094dcfc62=047g62k8bovf3heuf3qgo8pgc2; path=/
181. [i] Last-Modified: Fri, 15 Feb 2019 23:26:51 GMT
182. [i] X-Powered-By: PleskLin
183. [i] Connection: close
184.  
185.  
186.  
187.  
188. D N S L O O K U P
189. =======================================================================================================================================
190.  
191. aldabba.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
192. aldabba.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
193. aldabba.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
194. aldabba.gov.sd. 21599 IN A 62.12.105.4
195. aldabba.gov.sd. 21599 IN MX 10 mail.aldabba.gov.sd.
196. aldabba.gov.sd. 21599 IN TXT "v=spf1 mx -all"
197.  
198.  
199.  
200.  
201. S U B N E T C A L C U L A T I O N
202. =======================================================================================================================================
203.  
204. Address = 62.12.105.4
205. Network = 62.12.105.4 / 32
206. Netmask = 255.255.255.255
207. Broadcast = not needed on Point-to-Point links
208. Wildcard Mask = 0.0.0.0
209. Hosts Bits = 0
210. Max. Hosts = 1 (2^0 - 0)
211. Host Range = { 62.12.105.4 - 62.12.105.4 }
212.  
213.  
214.  
215. N M A P P O R T S C A N
216. =======================================================================================================================================
217.  
218.  
219. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-16 00:34 UTC
220. Nmap scan report for aldabba.gov.sd (62.12.105.4)
221. Host is up (0.22s latency).
222. rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
223. PORT STATE SERVICE
224. 21/tcp filtered ftp
225. 22/tcp filtered ssh
226. 23/tcp filtered telnet
227. 80/tcp filtered http
228. 110/tcp filtered pop3
229. 143/tcp filtered imap
230. 443/tcp filtered https
231. 3389/tcp filtered ms-wbt-server
232.  
233. Nmap done: 1 IP address (1 host up) scanned in 11.32 seconds
234. #######################################################################################################################################
235. [?] Enter the target: example( http://domain.com )
236. http://aldabba.gov.sd/
237. [!] IP Address : 62.12.105.4
238. [!] aldabba.gov.sd doesn't seem to use a CMS
239. [+] Honeypot Probabilty: 30%
240. ---------------------------------------------------------------------------------------------------------------------------------------
241. [~] Trying to gather whois information for aldabba.gov.sd
242. [+] Whois information found
243. [-] Unable to build response, visit https://who.is/whois/aldabba.gov.sd
244. ---------------------------------------------------------------------------------------------------------------------------------------
245. PORT STATE SERVICE
246. 21/tcp filtered ftp
247. 22/tcp filtered ssh
248. 23/tcp filtered telnet
249. 80/tcp filtered http
250. 110/tcp filtered pop3
251. 143/tcp filtered imap
252. 443/tcp filtered https
253. 3389/tcp filtered ms-wbt-server
254. Nmap done: 1 IP address (1 host up) scanned in 14.61 seconds
255. ---------------------------------------------------------------------------------------------------------------------------------------
256.  
257. [+] DNS Records
258. ns0.ndc.gov.sd. (62.12.109.2) Egypt Egypt
259. ns1.ndc.gov.sd. (62.12.109.3) Egypt Egypt
260.  
261. [+] MX Records
262. 10 (197.254.200.161) AS33788 KANARTEL Sudan
263.  
264. [+] Host Records (A)
265. aldabba.gov.sd (62.12.105.4) Egypt Egypt
266.  
267. [+] TXT Records
268. "v=spf1 mx -all"
269.  
270. [+] DNS Map: https://dnsdumpster.com/static/map/aldabba.gov.sd.png
271.  
272. [>] Initiating 3 intel modules
273. [>] Loading Alpha module (1/3)
274. [>] Beta module deployed (2/3)
275. [>] Gamma module initiated (3/3)
276.  
277.  
278. [+] Emails found:
279. ---------------------------------------------------------------------------------------------------------------------------------------
280. [email protected]
281. [email protected]
282.  
283. [+] Hosts found in search engines:
284. ---------------------------------------------------------------------------------------------------------------------------------------
285. [-] Resolving hostnames IPs...
286. 62.12.105.4:www.aldabba.gov.sd
287. [+] Virtual hosts:
288. ---------------------------------------------------------------------------------------------------------------------------------------
289. #######################################################################################################################################
290. Enter Address Website = aldabba.gov.sd
291.  
292.  
293. Reverse IP With YouGetSignal 'aldabba.gov.sd'
294. ---------------------------------------------------------------------------------------------------------------------------------------
295.  
296. [*] IP: 62.12.105.4
297. [*] Domain: aldabba.gov.sd
298. [*] Total Domains: 3
299.  
300. [+] aldabba.gov.sd
301. [+] ffamc.gov.sd
302. [+] sudanradio.gov.sd
303. #######################################################################################################################################
304. Geo IP Lookup 'aldabba.gov.sd'
305. ---------------------------------------------------------------------------------------------------------------------------------------
306.  
307. [+] IP Address: 62.12.105.4
308. [+] Country: Sudan
309. [+] State:
310. [+] City:
311. [+] Latitude: 15.0
312. [+] Longitude: 30.0
313. #######################################################################################################################################
314. DNS Lookup 'aldabba.gov.sd'
315. ---------------------------------------------------------------------------------------------------------------------------------------
316.  
317. [+] aldabba.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
318. [+] aldabba.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
319. [+] aldabba.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
320. [+] aldabba.gov.sd. 21599 IN A 62.12.105.4
321. [+] aldabba.gov.sd. 21599 IN MX 10 mail.aldabba.gov.sd.
322. [+] aldabba.gov.sd. 21599 IN TXT "v=spf1 mx -all"
323. #######################################################################################################################################
324. Show HTTP Header 'aldabba.gov.sd'
325. ---------------------------------------------------------------------------------------------------------------------------------------
326.  
327. [+] HTTP/1.1 200 OK
328. [+] Server: nginx
329. [+] Date: Fri, 15 Feb 2019 23:26:37 GMT
330. [+] Content-Type: text/html; charset=utf-8
331. [+] Connection: keep-alive
332. [+] X-Powered-By: PHP/5.4.16
333. [+] P3P: CP=NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM
334. [+] Expires: Mon, 1 Jan 2001 00:00:00 GMT
335. [+] Cache-Control: post-check=0, pre-check=0
336. [+] Pragma: no-cache
337. [+] Set-Cookie: dba52603cb1126534e3b339094dcfc62=t2qt9kostn76eeachgs8np2vk5; path=/
338. [+] Last-Modified: Fri, 15 Feb 2019 23:26:37 GMT
339. [+] X-Powered-By: PleskLin
340. #######################################################################################################################################
341. Port Scan 'aldabba.gov.sd'
342. ---------------------------------------------------------------------------------------------------------------------------------------
343.  
344.  
345. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-16 00:34 UTC
346. Nmap scan report for aldabba.gov.sd (62.12.105.4)
347. Host is up (0.22s latency).
348. rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
349. PORT STATE SERVICE
350. 21/tcp filtered ftp
351. 22/tcp filtered ssh
352. 23/tcp filtered telnet
353. 80/tcp filtered http
354. 110/tcp filtered pop3
355. 143/tcp filtered imap
356. 443/tcp filtered https
357. 3389/tcp filtered ms-wbt-server
358.  
359. Nmap done: 1 IP address (1 host up) scanned in 15.41 seconds
360. #######################################################################################################################################
361. Robot.txt 'aldabba.gov.sd'
362. ---------------------------------------------------------------------------------------------------------------------------------------
363.  
364. User-agent: *
365. Disallow: /administrator/
366. Disallow: /cache/
367. Disallow: /components/
368. Disallow: /images/
369. Disallow: /includes/
370. Disallow: /installation/
371. Disallow: /language/
372. Disallow: /libraries/
373. Disallow: /media/
374. Disallow: /modules/
375. Disallow: /plugins/
376. Disallow: /templates/
377. Disallow: /tmp/
378. Disallow: /xmlrpc/
379. #######################################################################################################################################
380. Traceroute 'aldabba.gov.sd'
381. ---------------------------------------------------------------------------------------------------------------------------------------
382.  
383. Start: 2019-02-16T00:34:41+0000
384. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
385. 1.|-- 45.79.12.201 0.0% 3 0.7 0.8 0.6 1.0 0.2
386. 2.|-- 45.79.12.0 0.0% 3 1.1 0.7 0.4 1.1 0.3
387. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.7 1.5 1.1 1.7 0.3
388. 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 1.4 1.7 1.4 2.2 0.4
389. 5.|-- be2433.ccr22.mci01.atlas.cogentco.com 0.0% 3 11.5 11.6 11.4 11.7 0.2
390. 6.|-- be2832.ccr42.ord01.atlas.cogentco.com 0.0% 3 23.9 23.8 23.7 23.9 0.1
391. 7.|-- be2718.ccr22.cle04.atlas.cogentco.com 0.0% 3 30.9 30.5 30.2 30.9 0.3
392. 8.|-- be2879.ccr22.alb02.atlas.cogentco.com 0.0% 3 41.5 41.7 41.5 41.9 0.2
393. 9.|-- be3600.ccr32.bos01.atlas.cogentco.com 0.0% 3 46.0 45.9 45.7 46.0 0.1
394. 10.|-- be2983.ccr42.lon13.atlas.cogentco.com 0.0% 3 107.6 108.2 107.6 108.5 0.5
395. 11.|-- be2871.ccr21.lon01.atlas.cogentco.com 0.0% 3 107.6 108.0 107.6 108.2 0.3
396. 12.|-- expressotelecom.demarc.cogentco.com 0.0% 3 107.4 107.5 107.4 107.5 0.1
397. 13.|-- 185.153.20.70 0.0% 3 185.6 185.9 185.6 186.0 0.2
398. 14.|-- 185.153.20.82 0.0% 3 185.7 194.1 185.7 210.9 14.5
399. 15.|-- 185.153.20.94 0.0% 3 185.5 185.7 185.5 186.0 0.3
400. 16.|-- 185.153.20.153 0.0% 3 216.3 218.7 216.3 221.9 2.9
401. 17.|-- 212.0.131.109 0.0% 3 226.6 230.7 226.6 238.7 6.9
402. 18.|-- 196.202.137.249 0.0% 3 219.1 219.1 218.8 219.5 0.4
403. 19.|-- 196.202.145.94 0.0% 3 219.2 219.1 219.0 219.2 0.1
404. 20.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
405. #######################################################################################################################################
406. Ping 'aldabba.gov.sd'
407. ---------------------------------------------------------------------------------------------------------------------------------------
408.  
409. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-16 00:35 UTC
410. SENT (0.4250s) ICMP [104.237.144.6 > 62.12.105.4 Echo request (type=8/code=0) id=58045 seq=1] IP [ttl=64 id=43580 iplen=28 ]
411. SENT (1.4252s) ICMP [104.237.144.6 > 62.12.105.4 Echo request (type=8/code=0) id=58045 seq=2] IP [ttl=64 id=43580 iplen=28 ]
412. SENT (2.4265s) ICMP [104.237.144.6 > 62.12.105.4 Echo request (type=8/code=0) id=58045 seq=3] IP [ttl=64 id=43580 iplen=28 ]
413. SENT (3.4281s) ICMP [104.237.144.6 > 62.12.105.4 Echo request (type=8/code=0) id=58045 seq=4] IP [ttl=64 id=43580 iplen=28 ]
414.  
415. Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
416. Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
417. Nping done: 1 IP address pinged in 4.43 seconds
418. #######################################################################################################################################
419. Page Admin Finder 'aldabba.gov.sd'
420. ---------------------------------------------------------------------------------------------------------------------------------------
421.  
422. Avilable Links :
423.  
424. Find Page >> http://aldabba.gov.sd/admin/
425.  
426. Find Page >> http://aldabba.gov.sd/admin1/
427.  
428. Find Page >> http://aldabba.gov.sd/admin2/
429.  
430. Find Page >> http://aldabba.gov.sd/admin3/
431.  
432. Find Page >> http://aldabba.gov.sd/admin4/
433.  
434. Find Page >> http://aldabba.gov.sd/admin5/
435.  
436. Find Page >> http://aldabba.gov.sd/usuarios/
437.  
438. Find Page >> http://aldabba.gov.sd/usuario/
439.  
440. Find Page >> http://aldabba.gov.sd/moderator/
441.  
442. Find Page >> http://aldabba.gov.sd/webadmin/
443.  
444. Find Page >> http://aldabba.gov.sd/adminarea/
445.  
446. Find Page >> http://aldabba.gov.sd/bb-admin/
447.  
448. Find Page >> http://aldabba.gov.sd/adminLogin/
449.  
450. Find Page >> http://aldabba.gov.sd/admin_area/
451.  
452. Find Page >> http://aldabba.gov.sd/panel-administracion/
453.  
454. Find Page >> http://aldabba.gov.sd/instadmin/
455.  
456. Find Page >> http://aldabba.gov.sd/memberadmin/
457.  
458. Find Page >> http://aldabba.gov.sd/administratorlogin/
459.  
460. Find Page >> http://aldabba.gov.sd/adm/
461.  
462. Find Page >> http://aldabba.gov.sd/admin/account.php
463.  
464. Find Page >> http://aldabba.gov.sd/admin/index.php
465.  
466. Find Page >> http://aldabba.gov.sd/admin/login.php
467.  
468. Find Page >> http://aldabba.gov.sd/admin/admin.php
469.  
470. Find Page >> http://aldabba.gov.sd/admin_area/admin.php
471.  
472. Find Page >> http://aldabba.gov.sd/admin_area/login.php
473.  
474. Find Page >> http://aldabba.gov.sd/siteadmin/login.php
475.  
476. Find Page >> http://aldabba.gov.sd/siteadmin/index.php
477.  
478. Find Page >> http://aldabba.gov.sd/siteadmin/login.html
479.  
480. Find Page >> http://aldabba.gov.sd/admin/account.html
481.  
482. Find Page >> http://aldabba.gov.sd/admin/index.html
483.  
484. Find Page >> http://aldabba.gov.sd/admin/login.html
485.  
486. Find Page >> http://aldabba.gov.sd/admin/admin.html
487.  
488. Find Page >> http://aldabba.gov.sd/admin_area/index.php
489.  
490. Find Page >> http://aldabba.gov.sd/bb-admin/index.php
491.  
492. Find Page >> http://aldabba.gov.sd/bb-admin/login.php
493.  
494. Find Page >> http://aldabba.gov.sd/bb-admin/admin.php
495.  
496. Find Page >> http://aldabba.gov.sd/admin/home.php
497.  
498. Find Page >> http://aldabba.gov.sd/admin_area/login.html
499.  
500. Find Page >> http://aldabba.gov.sd/admin_area/index.html
501.  
502. Find Page >> http://aldabba.gov.sd/admin/controlpanel.php
503.  
504. Find Page >> http://aldabba.gov.sd/admin.php
505.  
506. Find Page >> http://aldabba.gov.sd/admincp/index.html
507.  
508. Find Page >> http://aldabba.gov.sd/adminpanel.html
509.  
510. Find Page >> http://aldabba.gov.sd/webadmin.html
511.  
512. Find Page >> http://aldabba.gov.sd/webadmin/index.html
513.  
514. Find Page >> http://aldabba.gov.sd/webadmin/admin.html
515.  
516. Find Page >> http://aldabba.gov.sd/webadmin/login.html
517.  
518. Find Page >> http://aldabba.gov.sd/admin/admin_login.html
519.  
520. Find Page >> http://aldabba.gov.sd/admin_login.html
521.  
522. Find Page >> http://aldabba.gov.sd/panel-administracion/login.html
523.  
524. Find Page >> http://aldabba.gov.sd/admin/cp.php
525.  
526. Find Page >> http://aldabba.gov.sd/cp.php
527.  
528. Find Page >> http://aldabba.gov.sd/nsw/admin/login.php
529.  
530. Find Page >> http://aldabba.gov.sd/webadmin/login.php
531.  
532. Find Page >> http://aldabba.gov.sd/admin/admin_login.php
533.  
534. Find Page >> http://aldabba.gov.sd/admin_login.php
535.  
536. Find Page >> http://aldabba.gov.sd/administrator.php
537.  
538. Find Page >> http://aldabba.gov.sd/admin_area/admin.html
539.  
540. Find Page >> http://aldabba.gov.sd/pages/admin/admin-login.php
541.  
542. Find Page >> http://aldabba.gov.sd/admin/admin-login.php
543.  
544. Find Page >> http://aldabba.gov.sd/admin-login.php
545.  
546. Find Page >> http://aldabba.gov.sd/bb-admin/index.html
547.  
548. Find Page >> http://aldabba.gov.sd/bb-admin/login.html
549.  
550. Find Page >> http://aldabba.gov.sd/acceso.php
551.  
552. Find Page >> http://aldabba.gov.sd/bb-admin/admin.html
553.  
554. Find Page >> http://aldabba.gov.sd/admin/home.html
555.  
556. Find Page >> http://aldabba.gov.sd/login.php
557.  
558. Find Page >> http://aldabba.gov.sd/modelsearch/login.php
559.  
560. Find Page >> http://aldabba.gov.sd/moderator.php
561.  
562. Find Page >> http://aldabba.gov.sd/moderator/login.php
563.  
564. Find Page >> http://aldabba.gov.sd/moderator/admin.php
565.  
566. Find Page >> http://aldabba.gov.sd/account.php
567.  
568. Find Page >> http://aldabba.gov.sd/pages/admin/admin-login.html
569.  
570. Find Page >> http://aldabba.gov.sd/admin/admin-login.html
571.  
572. Find Page >> http://aldabba.gov.sd/admin-login.html
573.  
574. Find Page >> http://aldabba.gov.sd/controlpanel.php
575.  
576. Find Page >> http://aldabba.gov.sd/admincontrol.php
577.  
578. Find Page >> http://aldabba.gov.sd/admin/adminLogin.html
579.  
580. Find Page >> http://aldabba.gov.sd/adminLogin.html
581.  
582. Find Page >> http://aldabba.gov.sd/home.html
583.  
584. Find Page >> http://aldabba.gov.sd/rcjakar/admin/login.php
585.  
586. Find Page >> http://aldabba.gov.sd/adminarea/index.html
587.  
588. Find Page >> http://aldabba.gov.sd/adminarea/admin.html
589.  
590. Find Page >> http://aldabba.gov.sd/webadmin.php
591.  
592. Find Page >> http://aldabba.gov.sd/webadmin/index.php
593.  
594. Find Page >> http://aldabba.gov.sd/webadmin/admin.php
595.  
596. Find Page >> http://aldabba.gov.sd/admin/controlpanel.html
597.  
598. Find Page >> http://aldabba.gov.sd/admin.html
599.  
600. Find Page >> http://aldabba.gov.sd/admin/cp.html
601.  
602. Find Page >> http://aldabba.gov.sd/cp.html
603.  
604. Find Page >> http://aldabba.gov.sd/adminpanel.php
605.  
606. Find Page >> http://aldabba.gov.sd/moderator.html
607.  
608. Find Page >> http://aldabba.gov.sd/user.html
609.  
610. Find Page >> http://aldabba.gov.sd/administrator.html
611.  
612. Find Page >> http://aldabba.gov.sd/login.html
613.  
614. Find Page >> http://aldabba.gov.sd/modelsearch/login.html
615.  
616. Find Page >> http://aldabba.gov.sd/moderator/login.html
617.  
618. Find Page >> http://aldabba.gov.sd/adminarea/login.html
619.  
620. Find Page >> http://aldabba.gov.sd/panel-administracion/index.html
621.  
622. Find Page >> http://aldabba.gov.sd/panel-administracion/admin.html
623.  
624. Find Page >> http://aldabba.gov.sd/modelsearch/index.html
625.  
626. Find Page >> http://aldabba.gov.sd/modelsearch/admin.html
627.  
628. Find Page >> http://aldabba.gov.sd/admincontrol/login.html
629.  
630. Find Page >> http://aldabba.gov.sd/adm/index.html
631.  
632. Find Page >> http://aldabba.gov.sd/adm.html
633.  
634. Find Page >> http://aldabba.gov.sd/moderator/admin.html
635.  
636. Find Page >> http://aldabba.gov.sd/user.php
637.  
638. Find Page >> http://aldabba.gov.sd/account.html
639.  
640. Find Page >> http://aldabba.gov.sd/controlpanel.html
641.  
642. Find Page >> http://aldabba.gov.sd/admincontrol.html
643.  
644. Find Page >> http://aldabba.gov.sd/panel-administracion/login.php
645.  
646. Find Page >> http://aldabba.gov.sd/wp-login.php
647.  
648. Find Page >> http://aldabba.gov.sd/adminLogin.php
649.  
650. Find Page >> http://aldabba.gov.sd/admin/adminLogin.php
651.  
652. Find Page >> http://aldabba.gov.sd/home.php
653.  
654. Find Page >> http://aldabba.gov.sd/adminarea/index.php
655.  
656. Find Page >> http://aldabba.gov.sd/adminarea/admin.php
657.  
658. Find Page >> http://aldabba.gov.sd/adminarea/login.php
659.  
660. Find Page >> http://aldabba.gov.sd/panel-administracion/index.php
661.  
662. Find Page >> http://aldabba.gov.sd/panel-administracion/admin.php
663.  
664. Find Page >> http://aldabba.gov.sd/modelsearch/index.php
665.  
666. Find Page >> http://aldabba.gov.sd/modelsearch/admin.php
667.  
668. Find Page >> http://aldabba.gov.sd/admincontrol/login.php
669.  
670. Find Page >> http://aldabba.gov.sd/adm/admloginuser.php
671.  
672. Find Page >> http://aldabba.gov.sd/admloginuser.php
673.  
674. Find Page >> http://aldabba.gov.sd/admin2.php
675.  
676. Find Page >> http://aldabba.gov.sd/admin2/login.php
677.  
678. Find Page >> http://aldabba.gov.sd/admin2/index.php
679.  
680. Find Page >> http://aldabba.gov.sd/usuarios/login.php
681.  
682. Find Page >> http://aldabba.gov.sd/adm/index.php
683.  
684. Find Page >> http://aldabba.gov.sd/adm.php
685.  
686. Find Page >> http://aldabba.gov.sd/affiliate.php
687.  
688. Find Page >> http://aldabba.gov.sd/adm_auth.php
689.  
690. Find Page >> http://aldabba.gov.sd/memberadmin.php
691.  
692. Find Page >> http://aldabba.gov.sd/administratorlogin.php
693.  
694. Find Page >> http://aldabba.gov.sd/admin_panel/
695.  
696. Find Page >> http://aldabba.gov.sd/admin_panel.html
697.  
698. Find Page >> http://aldabba.gov.sd/adm_cp/
699. ######################################################################################################################################
700. ; <<>> DiG 9.11.5-P1-1-Debian <<>> aldabba.gov.sd
701. ;; global options: +cmd
702. ;; Got answer:
703. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8304
704. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
705.  
706. ;; OPT PSEUDOSECTION:
707. ; EDNS: version: 0, flags:; udp: 4096
708. ;; QUESTION SECTION:
709. ;aldabba.gov.sd. IN A
710.  
711. ;; ANSWER SECTION:
712. aldabba.gov.sd. 83838 IN A 62.12.105.4
713.  
714. ;; Query time: 216 msec
715. ;; SERVER: 38.132.106.139#53(38.132.106.139)
716. ;; WHEN: ven fév 15 19:48:31 EST 2019
717. ;; MSG SIZE rcvd: 59
718. ######################################################################################################################################
719. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace aldabba.gov.sd
720. ;; global options: +cmd
721. . 81241 IN NS l.root-servers.net.
722. . 81241 IN NS a.root-servers.net.
723. . 81241 IN NS d.root-servers.net.
724. . 81241 IN NS c.root-servers.net.
725. . 81241 IN NS m.root-servers.net.
726. . 81241 IN NS i.root-servers.net.
727. . 81241 IN NS j.root-servers.net.
728. . 81241 IN NS h.root-servers.net.
729. . 81241 IN NS e.root-servers.net.
730. . 81241 IN NS b.root-servers.net.
731. . 81241 IN NS g.root-servers.net.
732. . 81241 IN NS f.root-servers.net.
733. . 81241 IN NS k.root-servers.net.
734. . 81241 IN RRSIG NS 8 0 518400 20190228170000 20190215160000 16749 . O0XEuM7e/SR8/zBP+t1ulOCHkRUmAfQMtM2qjCjNlPbTePjkgg152D8E tpSYeLlO+yuB49vjAFC+49JIBeCgJWe/bVFkMtwNpZohu1WIalQe3LSf VR3IAZC43a3wRRd7Y0z1M5CGE00xVKQAUKVMAzzdKLf8XepRHEm6db+Z gQn5UYyMmAef3EhwdGTYWNGZrgmxmPPLcppr1NdSiK/NNe2utSevAWTS CokI/cpAITUuKRtk/T8lUvs4HUOp8WKLKH04ZqjOo5xFouw5/UV+7r2T GdRhUugOdY4bRgScz2ThENsvK6PFr1e+GQI+3MCbSk3lGxud2GZziy/3 Dc8EEQ==
735. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 216 ms
736.  
737. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
738. sd. 172800 IN NS ns1.uaenic.ae.
739. sd. 172800 IN NS ns2.uaenic.ae.
740. sd. 172800 IN NS ans1.sis.sd.
741. sd. 172800 IN NS ans1.canar.sd.
742. sd. 172800 IN NS ans2.canar.sd.
743. sd. 172800 IN NS ns-sd.afrinic.net.
744. sd. 86400 IN NSEC se. NS RRSIG NSEC
745. sd. 86400 IN RRSIG NSEC 8 1 86400 20190228170000 20190215160000 16749 . GHfXxR4mlyuj+asn3iQo/1rlROc/LEqf5vnrpSNFs4CBBbp1UpLXDhig fOX6QVng9CkgZ+tKBQqzbzl6vQVEN0AN85/dKnD5R18HJCSRujy7KIdh K5/PgMBZbKwli/ldtTqFZl6n5WMmc/MCY+GxaXlUt+5VlFmGwva3oSA0 32Zro18HvLNNFltd/z7GqAjKO6i8DQFX2ImlwthVCjWCj24W+EiGnnCi oJjfyHcjCKpGej0+Sxkd1MWKhLZOhbNSi+sEiPI+aF92mHqJHu1zbdvQ 009zNQ7QUXK2MpHA10bz7qhBjXCsuzOjIj8ChiOY9SlBYh5/NU8afqTl XVSBNw==
746. ;; Received 701 bytes from 2001:500:2d::d#53(d.root-servers.net) in 25 ms
747.  
748. gov.sd. 14400 IN NS sd.cctld.authdns.ripe.net.
749. gov.sd. 14400 IN NS ns1.uaenic.ae.
750. gov.sd. 14400 IN NS ns2.uaenic.ae.
751. gov.sd. 14400 IN NS ans1.sis.sd.
752. gov.sd. 14400 IN NS ans1.canar.sd.
753. gov.sd. 14400 IN NS ans2.canar.sd.
754. gov.sd. 14400 IN NS ns-sd.afrinic.net.
755. ;; Received 270 bytes from 2001:43f8:120::26#53(ns-sd.afrinic.net) in 259 ms
756.  
757. ;; Received 71 bytes from 195.229.0.186#53(ns2.uaenic.ae) in 405 ms
758. #######################################################################################################################################
759. [*] Performing General Enumeration of Domain: aldabba.gov.sd
760. [-] DNSSEC is not configured for aldabba.gov.sd
761. [*] SOA ns0.ndc.gov.sd 62.12.109.2
762. [*] NS ns1.ndc.gov.sd 62.12.109.3
763. [*] Bind Version for 62.12.109.3 you guess!
764. [*] NS ns0.ndc.gov.sd 62.12.109.2
765. [*] Bind Version for 62.12.109.2 you guess!
766. [*] MX mail.aldabba.gov.sd 197.254.200.161
767. [*] A aldabba.gov.sd 62.12.105.4
768. [*] TXT aldabba.gov.sd v=spf1 mx -all
769. [*] Enumerating SRV Records
770. [-] No SRV Records Found for aldabba.gov.sd
771. [+] 0 Records Found
772. #######################################################################################################################################
773. [*] Processing domain aldabba.gov.sd
774. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
775. [+] Getting nameservers
776. 62.12.109.3 - ns1.ndc.gov.sd
777. [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
778. aldabba.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
779. aldabba.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
780. aldabba.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
781. aldabba.gov.sd. 86400 IN A 62.12.105.4
782. aldabba.gov.sd. 86400 IN MX 10 mail.aldabba.gov.sd.
783. aldabba.gov.sd. 86400 IN TXT "v=spf1 mx -all"
784. mail.aldabba.gov.sd. 86400 IN A 197.254.200.161
785. mail.aldabba.gov.sd. 86400 IN MX 10 mail.aldabba.gov.sd.
786. webmail.aldabba.gov.sd. 86400 IN CNAME mail.aldabba.gov.sd.
787. www.aldabba.gov.sd. 86400 IN A 62.12.105.4
788. #######################################################################################################################################
789. Ip Address Status Type Domain Name Server
790. ---------- ------ ---- ----------- ------
791. 197.254.200.161 host mail.aldabba.gov.sd
792. 197.254.200.161 alias webmail.aldabba.gov.sd
793. 197.254.200.161 host mail.aldabba.gov.sd
794. 62.12.105.4 200 host www.aldabba.gov.sd
795. ######################################################################################################################################
796. [+] Testing domain
797. www.aldabba.gov.sd 62.12.105.4
798. [+] Dns resolving
799. Domain name Ip address Name server
800. aldabba.gov.sd 62.12.105.4 f05-web03.nic.gov.sd
801. Found 1 host(s) for aldabba.gov.sd
802. [+] Testing wildcard
803. Ok, no wildcard found.
804.  
805. [+] Scanning for subdomain on aldabba.gov.sd
806. [!] Wordlist not specified. I scannig with my internal wordlist...
807. Estimated time about 219.4 seconds
808.  
809. Subdomain Ip address Name server
810.  
811. www.aldabba.gov.sd 62.12.105.4 f05-web03.nic.gov.sd
812. #######################################################################################################################################
813. dnsenum VERSION:1.2.4
814.  
815. ----- aldabba.gov.sd -----
816.  
817.  
818. Host's addresses:
819. __________________
820.  
821. aldabba.gov.sd. 84006 IN A 62.12.105.4
822.  
823.  
824. Name Servers:
825. ______________
826.  
827. ns1.ndc.gov.sd. 83973 IN A 62.12.109.3
828. ns0.ndc.gov.sd. 83973 IN A 62.12.109.2
829.  
830.  
831. Mail (MX) Servers:
832. ___________________
833.  
834. mail.aldabba.gov.sd. 85688 IN A 197.254.200.161
835.  
836.  
837. Trying Zone Transfers and getting Bind Versions:
838. _________________________________________________
839.  
840.  
841. Trying Zone Transfer for aldabba.gov.sd on ns1.ndc.gov.sd ...
842. aldabba.gov.sd. 86400 IN SOA (
843. aldabba.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
844. aldabba.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
845. aldabba.gov.sd. 86400 IN A 62.12.105.4
846. aldabba.gov.sd. 86400 IN MX 10
847. aldabba.gov.sd. 86400 IN TXT "v=spf1
848. mail.aldabba.gov.sd. 86400 IN A 197.254.200.161
849. mail.aldabba.gov.sd. 86400 IN MX 10
850. webmail.aldabba.gov.sd. 86400 IN CNAME mail.aldabba.gov.sd.
851. www.aldabba.gov.sd. 86400 IN A 62.12.105.4
852.  
853. Trying Zone Transfer for aldabba.gov.sd on ns0.ndc.gov.sd ...
854. aldabba.gov.sd. 86400 IN SOA (
855. aldabba.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
856. aldabba.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
857. aldabba.gov.sd. 86400 IN A 62.12.105.4
858. aldabba.gov.sd. 86400 IN MX 10
859. aldabba.gov.sd. 86400 IN TXT "v=spf1
860. mail.aldabba.gov.sd. 86400 IN A 197.254.200.161
861. mail.aldabba.gov.sd. 86400 IN MX 10
862. webmail.aldabba.gov.sd. 86400 IN CNAME mail.aldabba.gov.sd.
863. www.aldabba.gov.sd. 86400 IN A 62.12.105.4
864. #######################################################################################################################################
865.  
866. ____ _ _ _ _ _____
867. / ___| _ _| |__ | (_)___| |_|___ / _ __
868. \___ \| | | | '_ \| | / __| __| |_ \| '__|
869. ___) | |_| | |_) | | \__ \ |_ ___) | |
870. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
871.  
872. # Coded By Ahmed Aboul-Ela - @aboul3la
873.  
874. [-] Enumerating subdomains now for aldabba.gov.sd
875. [-] verbosity is enabled, will show the subdomains results in realtime
876. [-] Searching now in Baidu..
877. [-] Searching now in Yahoo..
878. [-] Searching now in Google..
879. [-] Searching now in Bing..
880. [-] Searching now in Ask..
881. [-] Searching now in Netcraft..
882. [-] Searching now in DNSdumpster..
883. [-] Searching now in Virustotal..
884. [-] Searching now in ThreatCrowd..
885. [-] Searching now in SSL Certificates..
886. [-] Searching now in PassiveDNS..
887. Virustotal: www.aldabba.gov.sd
888. Virustotal: mail.aldabba.gov.sd
889. Yahoo: www.aldabba.gov.sd
890. Bing: www.aldabba.gov.sd
891. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-aldabba.gov.sd.txt
892. [-] Total Unique Subdomains Found: 2
893. www.aldabba.gov.sd
894. mail.aldabba.gov.sd
895. #######################################################################################################################################
896. mail.aldabba.gov.sd,197.254.200.161
897. webmail.aldabba.gov.sd,197.254.200.161
898. #######################################################################################################################################
899. ===============================================
900. -=Subfinder v1.1.3 github.com/subfinder/subfinder
901. ===============================================
902.  
903.  
904. Running Source: Ask
905. Running Source: Archive.is
906. Running Source: Baidu
907. Running Source: Bing
908. Running Source: CertDB
909. Running Source: CertificateTransparency
910. Running Source: Certspotter
911. Running Source: Commoncrawl
912. Running Source: Crt.sh
913. Running Source: Dnsdb
914. Running Source: DNSDumpster
915. Running Source: DNSTable
916. Running Source: Dogpile
917. Running Source: Exalead
918. Running Source: Findsubdomains
919. Running Source: Googleter
920. Running Source: Hackertarget
921. Running Source: Ipv4Info
922. Running Source: PTRArchive
923. Running Source: Sitedossier
924. Running Source: Threatcrowd
925. Running Source: ThreatMiner
926. Running Source: WaybackArchive
927. Running Source: Yahoo
928.  
929. Running enumeration on aldabba.gov.sd
930.  
931. dnsdb: Unexpected return status 503
932.  
933. waybackarchive: Get https://web.archive.org/cdx/search/cdx?url=*.aldabba.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/http: invalid header field value "http://web.archive.org/cdx/search/cdx?url=*.aldabba.gov.sd/*&output=json&fl=original&collapse=urlkey&page=\x00" for key Referer
934.  
935. archiveis: Get https://archive.fo/*.aldabba.gov.sd: dial tcp 213.183.51.24:443: connect: connection timed out
936.  
937.  
938. Starting Bruteforcing of aldabba.gov.sd with 9985 words
939.  
940. Total 6 Unique subdomains found for aldabba.gov.sd
941.  
942. .aldabba.gov.sd
943. mail.aldabba.gov.sd
944. mail.aldabba.gov.sd
945. webmail.aldabba.gov.sd
946. www.aldabba.gov.sd
947. www.aldabba.gov.sd
948. #######################################################################################################################################
949. [*] Found SPF record:
950. [*] v=spf1 mx -all
951. [*] SPF record contains an All item: -all
952. [*] No DMARC record found. Looking for organizational record
953. [+] No organizational DMARC record
954. [+] Spoofing possible for aldabba.gov.sd!
955. #######################################################################################################################################
956. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:57 EST
957. Warning: 62.12.105.4 giving up on port because retransmission cap hit (2).
958. Nmap scan report for aldabba.gov.sd (62.12.105.4)
959. Host is up (0.40s latency).
960. rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
961. Not shown: 464 filtered ports, 4 closed ports
962. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
963. PORT STATE SERVICE
964. 21/tcp open ftp
965. 80/tcp open http
966. 110/tcp open pop3
967. 143/tcp open imap
968. 443/tcp open https
969. 993/tcp open imaps
970. 995/tcp open pop3s
971. 8443/tcp open https-alt
972. #######################################################################################################################################
973. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:00 EST
974. Nmap scan report for aldabba.gov.sd (62.12.105.4)
975. Host is up (0.12s latency).
976. rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
977. Not shown: 2 filtered ports
978. PORT STATE SERVICE
979. 53/udp open|filtered domain
980. 67/udp open|filtered dhcps
981. 68/udp open|filtered dhcpc
982. 69/udp open|filtered tftp
983. 88/udp open|filtered kerberos-sec
984. 123/udp open|filtered ntp
985. 139/udp open|filtered netbios-ssn
986. 161/udp open|filtered snmp
987. 162/udp open|filtered snmptrap
988. 389/udp open|filtered ldap
989. 520/udp open|filtered route
990. 2049/udp open|filtered nfs
991. #######################################################################################################################################
992. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:00 EST
993. Nmap scan report for aldabba.gov.sd (62.12.105.4)
994. Host is up (0.37s latency).
995. rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
996.  
997. PORT STATE SERVICE VERSION
998. 21/tcp open ftp ProFTPD 1.3.5d
999. | ftp-brute:
1000. | Accounts: No valid accounts found
1001. |_ Statistics: Performed 1813 guesses in 181 seconds, average tps: 9.6
1002. Too many fingerprints match this host to give specific OS details
1003. Network Distance: 24 hops
1004. Service Info: OS: Unix
1005.  
1006. TRACEROUTE (using port 21/tcp)
1007. HOP RTT ADDRESS
1008. 1 125.40 ms 10.251.200.1
1009. 2 125.42 ms 190.124.251.129
1010. 3 125.43 ms 172.16.21.1
1011. 4 185.26 ms 91.205.233.128
1012. 5 185.27 ms 192.168.7.2
1013. 6 187.25 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1014. 7 187.24 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
1015. 8 187.25 ms te0-3-0-14.ccr21.mia03.atlas.cogentco.com (38.88.164.137)
1016. 9 187.25 ms 154.54.47.29
1017. 10 199.82 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
1018. 11 209.76 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1019. 12 214.27 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1020. 13 283.32 ms be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)
1021. 14 289.47 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
1022. 15 289.39 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1023. 16 363.40 ms 185.153.20.70
1024. 17 361.43 ms 185.153.20.82
1025. 18 362.71 ms 185.153.20.94
1026. 19 378.98 ms 185.153.20.153
1027. 20 ... 21
1028. 22 398.46 ms 196.202.145.94
1029. 23 ...
1030. 24 397.94 ms f05-web03.nic.gov.sd (62.12.105.4)
1031. #######################################################################################################################################
1032. http://aldabba.gov.sd [200 OK] Cookies[dba52603cb1126534e3b339094dcfc62], IP[62.12.105.4], Joomla[1.5,1.5.23,1.5.24,1.5.25,1.5.26][com_content,com_mailto], probably Mambo[com_content,com_mailto], MetaGenerator[Joomla! 1.5 - Open Source Content Management], PHP[5.4.16,], Plesk[Lin], Script[text/javascript], Title[محلية الدبة], X-Powered-By[PHP/5.4.16, PleskLin]
1033. #######################################################################################################################################
1034. wig - WebApp Information Gatherer
1035.  
1036.  
1037. Scanning http://aldabba.gov.sd...
1038. _________________________________________________ SITE INFO _________________________________________________
1039. IP Title
1040. 62.12.105.4 محلية الدبة
1041.  
1042. __________________________________________________ VERSION __________________________________________________
1043. Name Versions Type
1044. Joomla! 1.5 CMS
1045. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 Platform
1046. 2.4.8 | 2.4.9
1047.  
1048. ________________________________________________ INTERESTING ________________________________________________
1049. URL Note Type
1050. /robots.txt robots.txt index Interesting
1051.  
1052. ___________________________________________________ TOOLS ___________________________________________________
1053. Name Link Software
1054. CMSmap https://github.com/Dionach/CMSmap Joomla!
1055. joomscan http://sourceforge.net/projects/joomscan/ Joomla!
1056.  
1057. ______________________________________________ VULNERABILITIES ______________________________________________
1058. Affected #Vulns Link
1059. Joomla! 1.5 14 http://cvedetails.com/version/53796
1060.  
1061. _____________________________________________________________________________________________________________
1062. Time: 83.6 sec Urls: 437 Fingerprints: 40401
1063. #######################################################################################################################################
1064. HTTP/1.1 200 OK
1065. Date: Sat, 16 Feb 2019 00:00:16 GMT
1066. Content-Type: text/html; charset=utf-8
1067. X-Powered-By: PHP/5.4.16
1068. P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
1069. Expires: Mon, 1 Jan 2001 00:00:00 GMT
1070. Cache-Control: post-check=0, pre-check=0
1071. Pragma: no-cache
1072. Set-Cookie: dba52603cb1126534e3b339094dcfc62=spl9s16mn10quukgq0oue8h8l0; path=/
1073. Last-Modified: Sat, 16 Feb 2019 00:00:16 GMT
1074. X-Powered-By: PleskLin
1075. Connection: keep-alive
1076.  
1077. HTTP/1.1 200 OK
1078. Date: Sat, 16 Feb 2019 00:00:17 GMT
1079. Content-Type: text/html; charset=utf-8
1080. X-Powered-By: PHP/5.4.16
1081. P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
1082. Expires: Mon, 1 Jan 2001 00:00:00 GMT
1083. Cache-Control: post-check=0, pre-check=0
1084. Pragma: no-cache
1085. Set-Cookie: dba52603cb1126534e3b339094dcfc62=sl8drdjrggfhvj9ee01flpif30; path=/
1086. Last-Modified: Sat, 16 Feb 2019 00:00:17 GMT
1087. X-Powered-By: PleskLin
1088. Connection: keep-alive
1089. #######################################################################################################################################
1090. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:08 EST
1091. Nmap scan report for aldabba.gov.sd (62.12.105.4)
1092. Host is up (0.13s latency).
1093. rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
1094.  
1095. PORT STATE SERVICE VERSION
1096. 110/tcp open pop3 Dovecot pop3d
1097. | pop3-brute:
1098. | Accounts: No valid accounts found
1099. |_ Statistics: Performed 211 guesses in 187 seconds, average tps: 1.1
1100. |_pop3-capabilities: STLS RESP-CODES USER AUTH-RESP-CODE SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) PIPELINING TOP APOP UIDL CAPA
1101. Too many fingerprints match this host to give specific OS details
1102. Network Distance: 1 hop
1103.  
1104. TRACEROUTE (using port 80/tcp)
1105. HOP RTT ADDRESS
1106. 1 124.41 ms f05-web03.nic.gov.sd (62.12.105.4)
1107. #######################################################################################################################################
1108. Version: 1.11.12-static
1109. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1110.  
1111. Connected to 62.12.105.4
1112.  
1113. Testing SSL server aldabba.gov.sd on port 443 using SNI name aldabba.gov.sd
1114.  
1115. TLS Fallback SCSV:
1116. Server supports TLS Fallback SCSV
1117.  
1118. TLS renegotiation:
1119. Secure session renegotiation supported
1120.  
1121. TLS Compression:
1122. Compression disabled
1123.  
1124. Heartbleed:
1125. TLS 1.2 not vulnerable to heartbleed
1126. TLS 1.1 not vulnerable to heartbleed
1127. TLS 1.0 not vulnerable to heartbleed
1128.  
1129. Supported Server Cipher(s):
1130. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1131. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1132. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1133. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1134. Accepted TLSv1.2 256 bits AES256-SHA256
1135. Accepted TLSv1.2 256 bits AES256-SHA
1136. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1137. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1138. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1139. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1140. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1141. Accepted TLSv1.2 128 bits AES128-SHA256
1142. Accepted TLSv1.2 128 bits AES128-SHA
1143. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1144. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1145. Accepted TLSv1.1 256 bits AES256-SHA
1146. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1147. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1148. Accepted TLSv1.1 128 bits AES128-SHA
1149. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1150. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1151. Accepted TLSv1.0 256 bits AES256-SHA
1152. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
1153. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1154. Accepted TLSv1.0 128 bits AES128-SHA
1155. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
1156.  
1157. SSL Certificate:
1158. Signature Algorithm: sha256WithRSAEncryption
1159. RSA Key Strength: 2048
1160.  
1161. Subject: Plesk
1162. Issuer: Plesk
1163.  
1164. Not valid before: Jul 20 00:21:23 2015 GMT
1165. Not valid after: Jul 19 00:21:23 2016 GMT
1166. ######################################################################################################################################
1167. --------------------------------------------------------
1168. <<<Yasuo discovered following vulnerable applications>>>
1169. --------------------------------------------------------
1170. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
1171. | App Name | URL to Application | Potential Exploit | Username | Password |
1172. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
1173. | phpMyAdmin | https://62.12.105.4:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
1174. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
1175. #######################################################################################################################################
1176. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:46 EST
1177. Warning: 62.12.105.4 giving up on port because retransmission cap hit (2).
1178. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
1179. Host is up (0.40s latency).
1180. Not shown: 464 filtered ports, 4 closed ports
1181. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1182. PORT STATE SERVICE
1183. 21/tcp open ftp
1184. 80/tcp open http
1185. 110/tcp open pop3
1186. 143/tcp open imap
1187. 443/tcp open https
1188. 993/tcp open imaps
1189. 995/tcp open pop3s
1190. 8443/tcp open https-alt
1191. #######################################################################################################################################
1192. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:48 EST
1193. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
1194. Host is up (0.12s latency).
1195. Not shown: 2 filtered ports
1196. PORT STATE SERVICE
1197. 53/udp open|filtered domain
1198. 67/udp open|filtered dhcps
1199. 68/udp open|filtered dhcpc
1200. 69/udp open|filtered tftp
1201. 88/udp open|filtered kerberos-sec
1202. 123/udp open|filtered ntp
1203. 139/udp open|filtered netbios-ssn
1204. 161/udp open|filtered snmp
1205. 162/udp open|filtered snmptrap
1206. 389/udp open|filtered ldap
1207. 520/udp open|filtered route
1208. 2049/udp open|filtered nfs
1209. ######################################################################################################################################
1210. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:48 EST
1211. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
1212. Host is up (0.36s latency).
1213.  
1214. PORT STATE SERVICE VERSION
1215. 21/tcp open ftp ProFTPD 1.3.5d
1216. | ftp-brute:
1217. | Accounts: No valid accounts found
1218. |_ Statistics: Performed 1943 guesses in 188 seconds, average tps: 10.0
1219. Too many fingerprints match this host to give specific OS details
1220. Network Distance: 24 hops
1221. Service Info: OS: Unix
1222.  
1223. TRACEROUTE (using port 21/tcp)
1224. HOP RTT ADDRESS
1225. 1 124.75 ms 10.251.200.1
1226. 2 124.79 ms 190.124.251.129
1227. 3 124.82 ms 172.16.21.1
1228. 4 184.43 ms 91.205.233.128
1229. 5 185.05 ms 192.168.7.2
1230. 6 185.12 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1231. 7 185.10 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
1232. 8 185.12 ms te0-3-0-14.ccr21.mia03.atlas.cogentco.com (38.88.164.137)
1233. 9 185.11 ms 154.54.47.29
1234. 10 199.59 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
1235. 11 208.19 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1236. 12 214.15 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1237. 13 289.82 ms be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)
1238. 14 288.51 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
1239. 15 285.91 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1240. 16 365.90 ms 185.153.20.70
1241. 17 363.89 ms 185.153.20.82
1242. 18 365.87 ms 185.153.20.94
1243. 19 380.70 ms 185.153.20.153
1244. 20 ... 21
1245. 22 417.90 ms 196.202.145.94
1246. 23 ...
1247. 24 394.11 ms f05-web03.nic.gov.sd (62.12.105.4)
1248. #######################################################################################################################################
1249. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:53 EST
1250. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
1251. Host is up.
1252.  
1253. PORT STATE SERVICE VERSION
1254. 67/udp open|filtered dhcps
1255. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
1256. Too many fingerprints match this host to give specific OS details
1257.  
1258. TRACEROUTE (using proto 1/icmp)
1259. HOP RTT ADDRESS
1260. 1 125.49 ms 10.251.200.1
1261. 2 125.53 ms 190.124.251.129
1262. 3 125.89 ms 172.16.21.1
1263. 4 185.73 ms 91.205.233.128
1264. 5 187.50 ms 192.168.7.2
1265. 6 187.94 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1266. 7 188.27 ms 69.25.0.3
1267. 8 189.34 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
1268. 9 187.94 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
1269. 10 202.20 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
1270. 11 207.79 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1271. 12 214.34 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1272. 13 286.35 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
1273. 14 283.37 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
1274. 15 284.16 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1275. 16 362.76 ms 185.153.20.70
1276. 17 361.97 ms 185.153.20.82
1277. 18 362.77 ms 185.153.20.94
1278. 19 386.33 ms 185.153.20.153
1279. 20 395.62 ms 212.0.131.109
1280. 21 390.02 ms 196.202.137.249
1281. 22 399.11 ms 196.202.145.94
1282. 23 ... 30
1283. #######################################################################################################################################
1284. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:56 EST
1285. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
1286. Host is up.
1287.  
1288. PORT STATE SERVICE VERSION
1289. 68/udp open|filtered dhcpc
1290. Too many fingerprints match this host to give specific OS details
1291.  
1292. TRACEROUTE (using proto 1/icmp)
1293. HOP RTT ADDRESS
1294. 1 124.45 ms 10.251.200.1
1295. 2 124.50 ms 190.124.251.129
1296. 3 124.53 ms 172.16.21.1
1297. 4 185.18 ms 91.205.233.128
1298. 5 185.12 ms 192.168.7.2
1299. 6 185.17 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1300. 7 185.26 ms 69.25.0.3
1301. 8 185.28 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
1302. 9 185.25 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
1303. 10 198.65 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
1304. 11 209.52 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1305. 12 215.67 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1306. 13 287.05 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
1307. 14 284.50 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
1308. 15 285.21 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1309. 16 363.48 ms 185.153.20.70
1310. 17 362.84 ms 185.153.20.82
1311. 18 363.48 ms 185.153.20.94
1312. 19 379.60 ms 185.153.20.153
1313. 20 392.82 ms 212.0.131.109
1314. 21 390.28 ms 196.202.137.249
1315. 22 400.80 ms 196.202.145.94
1316. 23 ... 30
1317. ######################################################################################################################################
1318. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:58 EST
1319. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
1320. Host is up.
1321.  
1322. PORT STATE SERVICE VERSION
1323. 69/udp open|filtered tftp
1324. Too many fingerprints match this host to give specific OS details
1325.  
1326. TRACEROUTE (using proto 1/icmp)
1327. HOP RTT ADDRESS
1328. 1 124.37 ms 10.251.200.1
1329. 2 124.30 ms 190.124.251.129
1330. 3 124.35 ms 172.16.21.1
1331. 4 185.02 ms 91.205.233.128
1332. 5 185.06 ms 192.168.7.2
1333. 6 185.05 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1334. 7 185.26 ms 69.25.0.3
1335. 8 185.08 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
1336. 9 185.10 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
1337. 10 198.80 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
1338. 11 209.85 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1339. 12 216.19 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1340. 13 287.79 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
1341. 14 285.39 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
1342. 15 285.70 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1343. 16 365.48 ms 185.153.20.70
1344. 17 365.44 ms 185.153.20.82
1345. 18 365.45 ms 185.153.20.94
1346. 19 381.33 ms 185.153.20.153
1347. 20 394.20 ms 212.0.131.109
1348. 21 388.89 ms 196.202.137.249
1349. 22 399.53 ms 196.202.145.94
1350. 23 ... 30
1351. #######################################################################################################################################
1352.  
1353. wig - WebApp Information Gatherer
1354.  
1355.  
1356. Scanning http://62.12.105.4...
1357. _________________________________________ SITE INFO _________________________________________
1358. IP Title
1359. 62.12.105.4 Domain Default page
1360.  
1361. __________________________________________ VERSION __________________________________________
1362. Name Versions Type
1363. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 Platform
1364. 2.4.8 | 2.4.9
1365.  
1366. _____________________________________________________________________________________________
1367. Time: 79.2 sec Urls: 810 Fingerprints: 40401
1368. #######################################################################################################################################
1369. HTTP/1.1 200 OK
1370. Date: Fri, 15 Feb 2019 23:54:34 GMT
1371. Content-Type: text/html
1372. Content-Length: 3750
1373. Last-Modified: Wed, 31 Jan 2018 01:28:47 GMT
1374. ETag: "ea6-5640866950aeb"
1375. Accept-Ranges: bytes
1376. Connection: keep-alive
1377.  
1378. HTTP/1.1 200 OK
1379. Date: Fri, 15 Feb 2019 23:54:35 GMT
1380. Content-Type: text/html
1381. Content-Length: 3750
1382. Last-Modified: Wed, 31 Jan 2018 01:28:47 GMT
1383. ETag: "ea6-5640866950aeb"
1384. Accept-Ranges: bytes
1385. Connection: keep-alive
1386. #######################################################################################################################################
1387. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:02 EST
1388. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
1389. Host is up (0.13s latency).
1390.  
1391. PORT STATE SERVICE VERSION
1392. 110/tcp open pop3 Dovecot pop3d
1393. | pop3-brute:
1394. | Accounts: No valid accounts found
1395. |_ Statistics: Performed 212 guesses in 187 seconds, average tps: 1.1
1396. |_pop3-capabilities: UIDL TOP SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) APOP PIPELINING STLS USER CAPA AUTH-RESP-CODE RESP-CODES
1397. Too many fingerprints match this host to give specific OS details
1398. Network Distance: 1 hop
1399.  
1400. TRACEROUTE (using port 80/tcp)
1401. HOP RTT ADDRESS
1402. 1 124.41 ms f05-web03.nic.gov.sd (62.12.105.4)
1403. #######################################################################################################################################
1404. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:05 EST
1405. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
1406. Host is up.
1407.  
1408. PORT STATE SERVICE VERSION
1409. 123/udp open|filtered ntp
1410. Too many fingerprints match this host to give specific OS details
1411.  
1412. TRACEROUTE (using proto 1/icmp)
1413. HOP RTT ADDRESS
1414. 1 123.82 ms 10.251.200.1
1415. 2 123.85 ms 190.124.251.129
1416. 3 123.87 ms 172.16.21.1
1417. 4 184.58 ms 91.205.233.128
1418. 5 184.60 ms 192.168.7.2
1419. 6 184.62 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1420. 7 184.66 ms 69.25.0.3
1421. 8 184.66 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
1422. 9 184.66 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
1423. 10 198.32 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
1424. 11 208.70 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1425. 12 215.28 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1426. 13 287.02 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
1427. 14 284.70 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
1428. 15 285.44 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1429. 16 374.27 ms 185.153.20.70
1430. 17 373.77 ms 185.153.20.82
1431. 18 374.22 ms 185.153.20.94
1432. 19 391.49 ms 185.153.20.153
1433. 20 403.85 ms 212.0.131.109
1434. 21 390.92 ms 196.202.137.249
1435. 22 401.79 ms 196.202.145.94
1436. 23 ... 30
1437. ######################################################################################################################################
1438. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:08 EST
1439. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
1440. Host is up (0.12s latency).
1441.  
1442. PORT STATE SERVICE VERSION
1443. 161/tcp filtered snmp
1444. 161/udp open|filtered snmp
1445. Too many fingerprints match this host to give specific OS details
1446.  
1447. TRACEROUTE (using proto 1/icmp)
1448. HOP RTT ADDRESS
1449. 1 124.57 ms 10.251.200.1
1450. 2 124.51 ms 190.124.251.129
1451. 3 124.57 ms 172.16.21.1
1452. 4 184.53 ms 91.205.233.128
1453. 5 184.59 ms 192.168.7.2
1454. 6 184.94 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1455. 7 185.62 ms 69.25.0.3
1456. 8 185.59 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
1457. 9 188.03 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
1458. 10 199.49 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
1459. 11 208.45 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1460. 12 215.02 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1461. 13 287.31 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
1462. 14 289.72 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
1463. 15 289.70 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1464. 16 368.52 ms 185.153.20.70
1465. 17 367.70 ms 185.153.20.82
1466. 18 368.53 ms 185.153.20.94
1467. 19 385.24 ms 185.153.20.153
1468. 20 394.74 ms 212.0.131.109
1469. 21 390.24 ms 196.202.137.249
1470. 22 403.24 ms 196.202.145.94
1471. 23 ... 30
1472. #######################################################################################################################################
1473. Version: 1.11.12-static
1474. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1475.  
1476. Connected to 62.12.105.4
1477.  
1478. Testing SSL server 62.12.105.4 on port 443 using SNI name 62.12.105.4
1479.  
1480. TLS Fallback SCSV:
1481. Server supports TLS Fallback SCSV
1482.  
1483. TLS renegotiation:
1484. Secure session renegotiation supported
1485.  
1486. TLS Compression:
1487. Compression disabled
1488.  
1489. Heartbleed:
1490. TLS 1.2 not vulnerable to heartbleed
1491. TLS 1.1 not vulnerable to heartbleed
1492. TLS 1.0 not vulnerable to heartbleed
1493.  
1494. Supported Server Cipher(s):
1495. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1496. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1497. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1498. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1499. Accepted TLSv1.2 256 bits AES256-SHA256
1500. Accepted TLSv1.2 256 bits AES256-SHA
1501. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1502. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1503. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1504. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1505. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1506. Accepted TLSv1.2 128 bits AES128-SHA256
1507. Accepted TLSv1.2 128 bits AES128-SHA
1508. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1509. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1510. Accepted TLSv1.1 256 bits AES256-SHA
1511. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1512. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1513. Accepted TLSv1.1 128 bits AES128-SHA
1514. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1515. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1516. Accepted TLSv1.0 256 bits AES256-SHA
1517. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
1518. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1519. Accepted TLSv1.0 128 bits AES128-SHA
1520. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
1521.  
1522. SSL Certificate:
1523. Signature Algorithm: sha256WithRSAEncryption
1524. RSA Key Strength: 2048
1525.  
1526. Subject: Plesk
1527. Issuer: Plesk
1528.  
1529. Not valid before: Jul 20 00:21:23 2015 GMT
1530. Not valid after: Jul 19 00:21:23 2016 GMT
1531. #######################################################################################################################################
1532. --------------------------------------------------------
1533. <<<Yasuo discovered following vulnerable applications>>>
1534. --------------------------------------------------------
1535. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
1536. | App Name | URL to Application | Potential Exploit | Username | Password |
1537. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
1538. | phpMyAdmin | https://62.12.105.4:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
1539. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
1540. #######################################################################################################################################
1541. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:19 EST
1542. NSE: Loaded 148 scripts for scanning.
1543. NSE: Script Pre-scanning.
1544. NSE: Starting runlevel 1 (of 2) scan.
1545. Initiating NSE at 20:19
1546. Completed NSE at 20:19, 0.00s elapsed
1547. NSE: Starting runlevel 2 (of 2) scan.
1548. Initiating NSE at 20:19
1549. Completed NSE at 20:19, 0.00s elapsed
1550. Initiating Ping Scan at 20:19
1551. Scanning 62.12.105.4 [4 ports]
1552. Completed Ping Scan at 20:19, 0.16s elapsed (1 total hosts)
1553. Initiating Parallel DNS resolution of 1 host. at 20:19
1554. Completed Parallel DNS resolution of 1 host. at 20:19, 0.02s elapsed
1555. Initiating Connect Scan at 20:19
1556. Scanning f05-web03.nic.gov.sd (62.12.105.4) [1000 ports]
1557. Discovered open port 80/tcp on 62.12.105.4
1558. Discovered open port 110/tcp on 62.12.105.4
1559. Discovered open port 995/tcp on 62.12.105.4
1560. Discovered open port 443/tcp on 62.12.105.4
1561. Discovered open port 993/tcp on 62.12.105.4
1562. Discovered open port 21/tcp on 62.12.105.4
1563. Discovered open port 143/tcp on 62.12.105.4
1564. Discovered open port 8443/tcp on 62.12.105.4
1565. Completed Connect Scan at 20:20, 20.69s elapsed (1000 total ports)
1566. Initiating Service scan at 20:20
1567. Scanning 8 services on f05-web03.nic.gov.sd (62.12.105.4)
1568. Completed Service scan at 20:20, 35.61s elapsed (8 services on 1 host)
1569. Initiating OS detection (try #1) against f05-web03.nic.gov.sd (62.12.105.4)
1570. Retrying OS detection (try #2) against f05-web03.nic.gov.sd (62.12.105.4)
1571. Initiating Traceroute at 20:20
1572. Completed Traceroute at 20:21, 3.62s elapsed
1573. Initiating Parallel DNS resolution of 22 hosts. at 20:21
1574. Completed Parallel DNS resolution of 22 hosts. at 20:21, 16.50s elapsed
1575. NSE: Script scanning 62.12.105.4.
1576. NSE: Starting runlevel 1 (of 2) scan.
1577. Initiating NSE at 20:21
1578. NSE Timing: About 99.08% done; ETC: 20:21 (0:00:00 remaining)
1579. NSE Timing: About 99.17% done; ETC: 20:22 (0:00:01 remaining)
1580. NSE Timing: About 99.27% done; ETC: 20:22 (0:00:01 remaining)
1581. NSE Timing: About 99.63% done; ETC: 20:23 (0:00:00 remaining)
1582. Completed NSE at 20:23, 142.26s elapsed
1583. NSE: Starting runlevel 2 (of 2) scan.
1584. Initiating NSE at 20:23
1585. Completed NSE at 20:23, 0.81s elapsed
1586. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
1587. Host is up, received reset ttl 64 (0.37s latency).
1588. Scanned at 2019-02-15 20:19:50 EST for 229s
1589. Not shown: 987 filtered ports
1590. Reason: 986 no-responses and 1 host-unreach
1591. PORT STATE SERVICE REASON VERSION
1592. 20/tcp closed ftp-data conn-refused
1593. 21/tcp open ftp syn-ack ProFTPD 1.3.5d
1594. | ssl-cert: Subject: commonName=f05-web03.nic.gov.sd
1595. | Subject Alternative Name: DNS:f05-web03.nic.gov.sd
1596. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1597. | Public Key type: rsa
1598. | Public Key bits: 2048
1599. | Signature Algorithm: sha256WithRSAEncryption
1600. | Not valid before: 2017-11-26T15:16:33
1601. | Not valid after: 2018-02-24T15:16:33
1602. | MD5: 3f63 49c9 d709 5130 4b48 50d5 32c1 abb5
1603. | SHA-1: 5b15 5a3e d920 1f11 81ff 444b 5712 f23a 8b68 b5af
1604. | -----BEGIN CERTIFICATE-----
1605. | MIIFCzCCA/OgAwIBAgISA8ZuVjBzi24EU0kWvASakIcgMA0GCSqGSIb3DQEBCwUA
1606. | MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
1607. | ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzExMjYxNTE2MzNaFw0x
1608. | ODAyMjQxNTE2MzNaMB8xHTAbBgNVBAMTFGYwNS13ZWIwMy5uaWMuZ292LnNkMIIB
1609. | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweoZBgm5eWY8rANaRF54HDHO
1610. | uSbolGAdJxgvFvvo/2cjxfAtlRY1Q/9GZWnSK5q9WMVxY19DvzG9tGui50Rh4iUe
1611. | pbTt5AoCaxDCmVSSzXSnvV26L0FVJaFr80EvbfcY+Y3fPaUST6ju5SqhhGDmrKmJ
1612. | RsP8WS03/nrwY9rUCRLSCJDByxW9LrWLzAIiSp5z570xCUQXrDcoxHU9F3+zIYgL
1613. | v8L6fea76VyQWxhggbogR4qU1Ixo3ezBuaL0eZ/b0t8CYJ9XLH6DqWrDc55LWIGI
1614. | 2ZKv3Ib5l2hpZ3l65HzBJNJnGPa4X9EhJM0Akla+9C0alnzb/8X5EWujmTFRSQID
1615. | AQABo4ICFDCCAhAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
1616. | BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTa9bmnWLF1iaNLyfRi
1617. | I3TeSbYtpTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEF
1618. | BQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
1619. | cnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5j
1620. | cnlwdC5vcmcvMB8GA1UdEQQYMBaCFGYwNS13ZWIwMy5uaWMuZ292LnNkMIH+BgNV
1621. | HSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcC
1622. | ARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGb
1623. | VGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5
1624. | aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0
1625. | aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcv
1626. | cmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAdZAbiKPfbg5rdICOdfKevK
1627. | M8emQgL8dtOnRuZiP39Z7X05t/c+vVv7RFrT4aiT84r7qYVmFZ/qiHQ/IxInm18U
1628. | tvbuSEvM2AaXdsfc8x8L5Hf1kHflt956MfC70J6x4JyU3Fxtz34yiXPDR2E8FHBi
1629. | vjs2nVqbrl4VePh5usaRwWfogYUDysuxK4kEqsNVYJKy3c3a5iB7eGrF6tV/gMtF
1630. | kfYFGULdFU2CcB7TItSOUUi6oClNJgrEtfG4/2u/bZi6ypt0Dd9xqAOFRjaoViR8
1631. | WUDFhDbmPsfLnx8ID73fflxYm2+SLd+zuKPxgDqUiTwMKEk5fMgiK+DnPc0OXJA=
1632. |_-----END CERTIFICATE-----
1633. |_ssl-date: TLS randomness does not represent time
1634. 25/tcp closed smtp conn-refused
1635. 80/tcp open http-proxy syn-ack Squid http proxy
1636. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1637. | http-methods:
1638. |_ Supported Methods: GET HEAD POST OPTIONS
1639. |_http-open-proxy: Proxy might be redirecting requests
1640. |_http-title: Domain Default page
1641. 110/tcp open pop3 syn-ack Dovecot pop3d
1642. |_pop3-capabilities: STLS UIDL USER CAPA SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) TOP APOP RESP-CODES PIPELINING AUTH-RESP-CODE
1643. |_ssl-date: TLS randomness does not represent time
1644. 113/tcp closed ident conn-refused
1645. 139/tcp closed netbios-ssn conn-refused
1646. 143/tcp open imap syn-ack Dovecot imapd
1647. |_imap-capabilities: OK SASL-IR ENABLE AUTH=LOGIN IDLE IMAP4rev1 STARTTLS more AUTH=PLAIN ID listed capabilities LOGIN-REFERRALS have AUTH=DIGEST-MD5 post-login Pre-login LITERAL+ AUTH=CRAM-MD5A0001
1648. |_ssl-date: TLS randomness does not represent time
1649. 443/tcp open ssl/http syn-ack nginx
1650. | http-methods:
1651. |_ Supported Methods: GET
1652. |_http-server-header: nginx
1653. |_http-title: 400 The plain HTTP request was sent to HTTPS port
1654. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/organizationalUnitName=Plesk/localityName=Seattle
1655. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/organizationalUnitName=Plesk/localityName=Seattle
1656. | Public Key type: rsa
1657. | Public Key bits: 2048
1658. | Signature Algorithm: sha256WithRSAEncryption
1659. | Not valid before: 2015-07-20T00:21:23
1660. | Not valid after: 2016-07-19T00:21:23
1661. | MD5: 081e a803 762a f7a0 8cff 7a71 192c 7cfb
1662. | SHA-1: 0cdb 447d b0e9 070c 8a69 b2fe 1b86 9aa0 7697 10fb
1663. | -----BEGIN CERTIFICATE-----
1664. | MIIDfTCCAmUCBFWsPwMwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
1665. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
1666. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
1667. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE1MDcyMDAwMjEyM1oXDTE2MDcxOTAwMjEy
1668. | M1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
1669. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
1670. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
1671. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAd1dWnJxCatqhs1eGGmK3DkvHNP9ZOO
1672. | ub2jqqdVsE5OBnhEcRVjF9sErfabSo2m1fDfaNv4CcxfzD1a59ADubR5wcq0orf0
1673. | qIEiACfV6lqQP2Lv4BhqNNlo0d1wj9xCzTcv1GZq0VO+q9Bl0iB1GgXQGrKCZVNh
1674. | YM1njL7AG9s0yVPfhLIPdmqmB0KhahyqaLCgQJMLFmhVsP+H9h6BaAbxFyklxUnF
1675. | Vpryi28oscOOYDaSLwb+ZWFNlkKKk1BWc/3y2KniwSDnsXSueCIZQ4iKbapuHHk7
1676. | dLC6v+L+hbW6JyB+fDp3nK1eVgC8aP4D/CYi3IPjHNri8c957SCWEQIDAQABMA0G
1677. | CSqGSIb3DQEBCwUAA4IBAQCtUeqEmmV5PGWiIAaJv1TVqisoQiE+iPF5RJXKKN2w
1678. | btOW6h03jxU1KV8yzPfcjgseRNzYB8/+4Zm7HllusV2O27NnQ0lVlQDVGfsqx0gX
1679. | W0TOSt1MjMW7lSWTnAEUC+k/AbARjbihXfsxKQfI7w8e1ai9/Pe3aa+eZwihkV0e
1680. | 85vdXd3W6GjntKcEycQwLVWxPK8awVnAXOhF7a3b04fLCy16TTwWLK2NnstIOEdb
1681. | KQUhBFkld2VvYNDfRLaO7v++PdkDB2cXQFExMwhlu5S0bhKW6Kv0+Mg0gMU1CDQS
1682. | kcTfsoE+yhqkrExc9N/qn1Aa0mf9P3Lm4y5tPJkXTD33
1683. |_-----END CERTIFICATE-----
1684. |_ssl-date: TLS randomness does not represent time
1685. | tls-alpn:
1686. | h2
1687. |_ http/1.1
1688. | tls-nextprotoneg:
1689. | h2
1690. |_ http/1.1
1691. 445/tcp closed microsoft-ds conn-refused
1692. 993/tcp open ssl/imaps? syn-ack
1693. |_ssl-date: TLS randomness does not represent time
1694. 995/tcp open ssl/pop3s? syn-ack
1695. |_ssl-date: TLS randomness does not represent time
1696. 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.5.3)
1697. | http-methods:
1698. |_ Supported Methods: GET HEAD POST OPTIONS
1699. |_http-server-header: sw-cp-server
1700. | http-title: Plesk Onyx 17.5.3
1701. |_Requested resource was https://f05-web03.nic.gov.sd:8443/
1702. | ssl-cert: Subject: commonName=f05-web03.nic.gov.sd
1703. | Subject Alternative Name: DNS:f05-web03.nic.gov.sd
1704. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1705. | Public Key type: rsa
1706. | Public Key bits: 2048
1707. | Signature Algorithm: sha256WithRSAEncryption
1708. | Not valid before: 2017-11-26T15:16:33
1709. | Not valid after: 2018-02-24T15:16:33
1710. | MD5: 3f63 49c9 d709 5130 4b48 50d5 32c1 abb5
1711. | SHA-1: 5b15 5a3e d920 1f11 81ff 444b 5712 f23a 8b68 b5af
1712. | -----BEGIN CERTIFICATE-----
1713. | MIIFCzCCA/OgAwIBAgISA8ZuVjBzi24EU0kWvASakIcgMA0GCSqGSIb3DQEBCwUA
1714. | MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
1715. | ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzExMjYxNTE2MzNaFw0x
1716. | ODAyMjQxNTE2MzNaMB8xHTAbBgNVBAMTFGYwNS13ZWIwMy5uaWMuZ292LnNkMIIB
1717. | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweoZBgm5eWY8rANaRF54HDHO
1718. | uSbolGAdJxgvFvvo/2cjxfAtlRY1Q/9GZWnSK5q9WMVxY19DvzG9tGui50Rh4iUe
1719. | pbTt5AoCaxDCmVSSzXSnvV26L0FVJaFr80EvbfcY+Y3fPaUST6ju5SqhhGDmrKmJ
1720. | RsP8WS03/nrwY9rUCRLSCJDByxW9LrWLzAIiSp5z570xCUQXrDcoxHU9F3+zIYgL
1721. | v8L6fea76VyQWxhggbogR4qU1Ixo3ezBuaL0eZ/b0t8CYJ9XLH6DqWrDc55LWIGI
1722. | 2ZKv3Ib5l2hpZ3l65HzBJNJnGPa4X9EhJM0Akla+9C0alnzb/8X5EWujmTFRSQID
1723. | AQABo4ICFDCCAhAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
1724. | BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTa9bmnWLF1iaNLyfRi
1725. | I3TeSbYtpTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEF
1726. | BQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
1727. | cnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5j
1728. | cnlwdC5vcmcvMB8GA1UdEQQYMBaCFGYwNS13ZWIwMy5uaWMuZ292LnNkMIH+BgNV
1729. | HSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcC
1730. | ARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGb
1731. | VGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5
1732. | aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0
1733. | aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcv
1734. | cmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAdZAbiKPfbg5rdICOdfKevK
1735. | M8emQgL8dtOnRuZiP39Z7X05t/c+vVv7RFrT4aiT84r7qYVmFZ/qiHQ/IxInm18U
1736. | tvbuSEvM2AaXdsfc8x8L5Hf1kHflt956MfC70J6x4JyU3Fxtz34yiXPDR2E8FHBi
1737. | vjs2nVqbrl4VePh5usaRwWfogYUDysuxK4kEqsNVYJKy3c3a5iB7eGrF6tV/gMtF
1738. | kfYFGULdFU2CcB7TItSOUUi6oClNJgrEtfG4/2u/bZi6ypt0Dd9xqAOFRjaoViR8
1739. | WUDFhDbmPsfLnx8ID73fflxYm2+SLd+zuKPxgDqUiTwMKEk5fMgiK+DnPc0OXJA=
1740. |_-----END CERTIFICATE-----
1741. |_ssl-date: TLS randomness does not represent time
1742. | tls-nextprotoneg:
1743. |_ http/1.1
1744. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
1745. Aggressive OS guesses: AVtech Room Alert 26W environmental monitor (98%), HP ProCurve Secure Router 7102dl (93%), Ricoh Aficio SP C240SF printer (93%), Linksys BEFSR41 EtherFast router (91%), OpenBSD 4.0 (91%), FreeBSD 6.2-RELEASE (90%), Linux 2.6.18 - 2.6.22 (90%), OpenBSD 4.3 (90%), Android 7.1.2 (Linux 3.10) (90%), Apple AirPort Extreme WAP (88%)
1746. No exact OS matches for host (test conditions non-ideal).
1747. TCP/IP fingerprint:
1748. SCAN(V=7.70%E=4%D=2/15%OT=21%CT=20%CU=%PV=N%G=N%TM=5C67661B%P=x86_64-pc-linux-gnu)
1749. SEQ(SP=105%GCD=1%ISR=104%TI=Z%TS=U)
1750. OPS(O1=M4B3W7N%O2=M4B3W7N%O3=M4B3W7N%O4=M4B3W7N%O5=M4B3W7N%O6=M4B3)
1751. WIN(W1=7210%W2=7210%W3=7210%W4=7210%W5=7210%W6=7210)
1752. ECN(R=Y%DF=Y%TG=40%W=7210%O=M4B3W7N%CC=Y%Q=)
1753. ECN(R=N)
1754. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
1755. T2(R=N)
1756. T3(R=N)
1757. T4(R=N)
1758. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
1759. T6(R=N)
1760. T7(R=N)
1761. U1(R=N)
1762. IE(R=N)
1763.  
1764. Service Info: OS: Unix
1765.  
1766. TRACEROUTE (using proto 1/icmp)
1767. HOP RTT ADDRESS
1768. 1 124.12 ms 10.251.200.1
1769. 2 124.29 ms 190.124.251.129
1770. 3 124.32 ms 172.16.21.1
1771. 4 184.42 ms 91.205.233.128
1772. 5 184.44 ms 192.168.7.2
1773. 6 184.46 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
1774. 7 184.84 ms 69.25.0.3
1775. 8 184.84 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
1776. 9 184.85 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
1777. 10 198.67 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
1778. 11 209.29 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
1779. 12 216.07 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
1780. 13 287.60 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
1781. 14 284.68 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
1782. 15 285.23 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1783. 16 363.75 ms 185.153.20.70
1784. 17 363.36 ms 185.153.20.82
1785. 18 363.79 ms 185.153.20.94
1786. 19 379.79 ms 185.153.20.153
1787. 20 392.62 ms 212.0.131.109
1788. 21 390.77 ms 196.202.137.249
1789. 22 399.43 ms 196.202.145.94
1790. 23 ... 30
1791.  
1792. NSE: Script Post-scanning.
1793. NSE: Starting runlevel 1 (of 2) scan.
1794. Initiating NSE at 20:23
1795. Completed NSE at 20:23, 0.00s elapsed
1796. NSE: Starting runlevel 2 (of 2) scan.
1797. Initiating NSE at 20:23
1798. Completed NSE at 20:23, 0.00s elapsed
1799. Read data files from: /usr/bin/../share/nmap
1800. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1801. Nmap done: 1 IP address (1 host up) scanned in 229.76 seconds
1802. Raw packets sent: 140 (10.568KB) | Rcvd: 128 (18.431KB)
1803. #######################################################################################################################################
1804. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:23 EST
1805. NSE: Loaded 148 scripts for scanning.
1806. NSE: Script Pre-scanning.
1807. Initiating NSE at 20:23
1808. Completed NSE at 20:23, 0.00s elapsed
1809. Initiating NSE at 20:23
1810. Completed NSE at 20:23, 0.00s elapsed
1811. Initiating Parallel DNS resolution of 1 host. at 20:23
1812. Completed Parallel DNS resolution of 1 host. at 20:23, 0.02s elapsed
1813. Initiating UDP Scan at 20:23
1814. Scanning f05-web03.nic.gov.sd (62.12.105.4) [14 ports]
1815. Completed UDP Scan at 20:23, 2.15s elapsed (14 total ports)
1816. Initiating Service scan at 20:23
1817. Scanning 12 services on f05-web03.nic.gov.sd (62.12.105.4)
1818. Service scan Timing: About 8.33% done; ETC: 20:43 (0:17:58 remaining)
1819. Completed Service scan at 20:25, 102.58s elapsed (12 services on 1 host)
1820. Initiating OS detection (try #1) against f05-web03.nic.gov.sd (62.12.105.4)
1821. Retrying OS detection (try #2) against f05-web03.nic.gov.sd (62.12.105.4)
1822. Initiating Traceroute at 20:25
1823. Completed Traceroute at 20:25, 7.31s elapsed
1824. Initiating Parallel DNS resolution of 1 host. at 20:25
1825. Completed Parallel DNS resolution of 1 host. at 20:25, 0.02s elapsed
1826. NSE: Script scanning 62.12.105.4.
1827. Initiating NSE at 20:25
1828. Completed NSE at 20:25, 20.30s elapsed
1829. Initiating NSE at 20:25
1830. Completed NSE at 20:25, 1.03s elapsed
1831. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
1832. Host is up (0.12s latency).
1833.  
1834. PORT STATE SERVICE VERSION
1835. 53/udp open|filtered domain
1836. 67/udp open|filtered dhcps
1837. 68/udp open|filtered dhcpc
1838. 69/udp open|filtered tftp
1839. 88/udp open|filtered kerberos-sec
1840. 123/udp open|filtered ntp
1841. 137/udp filtered netbios-ns
1842. 138/udp filtered netbios-dgm
1843. 139/udp open|filtered netbios-ssn
1844. 161/udp open|filtered snmp
1845. 162/udp open|filtered snmptrap
1846. 389/udp open|filtered ldap
1847. 520/udp open|filtered route
1848. 2049/udp open|filtered nfs
1849. Too many fingerprints match this host to give specific OS details
1850.  
1851. TRACEROUTE (using port 137/udp)
1852. HOP RTT ADDRESS
1853. 1 124.11 ms 10.251.200.1
1854. 2 ... 3
1855. 4 123.00 ms 10.251.200.1
1856. 5 124.39 ms 10.251.200.1
1857. 6 124.41 ms 10.251.200.1
1858. 7 124.41 ms 10.251.200.1
1859. 8 124.41 ms 10.251.200.1
1860. 9 124.43 ms 10.251.200.1
1861. 10 124.55 ms 10.251.200.1
1862. 11 ... 18
1863. 19 123.21 ms 10.251.200.1
1864. 20 123.23 ms 10.251.200.1
1865. 21 ... 27
1866. 28 124.30 ms 10.251.200.1
1867. 29 124.61 ms 10.251.200.1
1868. 30 123.31 ms 10.251.200.1
1869.  
1870. NSE: Script Post-scanning.
1871. Initiating NSE at 20:25
1872. Completed NSE at 20:25, 0.00s elapsed
1873. Initiating NSE at 20:25
1874. Completed NSE at 20:25, 0.00s elapsed
1875. Read data files from: /usr/bin/../share/nmap
1876. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1877. Nmap done: 1 IP address (1 host up) scanned in 138.73 seconds
1878. Raw packets sent: 148 (13.692KB) | Rcvd: 30 (3.265KB)
1879. #######################################################################################################################################
1880. [+] FireWall Detector
1881. [++] Firewall not detected
1882.  
1883. [+] Detecting Joomla Version
1884. [++] Joomla 1.5
1885.  
1886. [+] Core Joomla Vulnerability
1887. [++] Joomla! 1.5 Beta 2 - 'Search' Remote Code Execution
1888. EDB : https://www.exploit-db.com/exploits/4212/
1889.  
1890. Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection
1891. CVE : CVE-2007-4781
1892. EDB : https://www.exploit-db.com/exploits/4350/
1893.  
1894. Joomla! 1.5.x - (Token) Remote Admin Change Password
1895. CVE : CVE-2008-3681
1896. EDB : https://www.exploit-db.com/exploits/6234/
1897.  
1898. Joomla! 1.5.x - Cross-Site Scripting / Information Disclosure
1899. CVE: CVE-2011-4909
1900. EDB : https://www.exploit-db.com/exploits/33061/
1901.  
1902. Joomla! 1.5.x - 404 Error Page Cross-Site Scripting
1903. EDB : https://www.exploit-db.com/exploits/33378/
1904.  
1905. Joomla! 1.5.12 - read/exec Remote files
1906. EDB : https://www.exploit-db.com/exploits/11263/
1907.  
1908. Joomla! 1.5.12 - connect back Exploit
1909. EDB : https://www.exploit-db.com/exploits/11262/
1910.  
1911. Joomla! Plugin 'tinybrowser' 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)
1912. CVE : CVE-2011-4908
1913. EDB : https://www.exploit-db.com/exploits/9926/
1914.  
1915. Joomla! 1.5 - URL Redirecting
1916. EDB : https://www.exploit-db.com/exploits/14722/
1917.  
1918. Joomla! 1.5.x - SQL Error Information Disclosure
1919. EDB : https://www.exploit-db.com/exploits/34955/
1920.  
1921. Joomla! - Spam Mail Relay
1922. EDB : https://www.exploit-db.com/exploits/15979/
1923.  
1924. Joomla! 1.5/1.6 - JFilterInput Cross-Site Scripting Bypass
1925. EDB : https://www.exploit-db.com/exploits/16091/
1926.  
1927. Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities
1928. EDB : https://www.exploit-db.com/exploits/36176/
1929.  
1930. Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution
1931. CVE : CVE-2015-8562
1932. EDB : https://www.exploit-db.com/exploits/38977/
1933.  
1934. Joomla! 1.0 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution
1935. CVE : CVE-2015-8562 , CVE-2015-8566
1936. EDB : https://www.exploit-db.com/exploits/39033/
1937.  
1938. Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion
1939. CVE : CVE-2007-2199
1940. EDB : https://www.exploit-db.com/exploits/3781/
1941.  
1942. Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
1943. CVE : CVE-2009-0113
1944. EDB : https://www.exploit-db.com/exploits/7691/
1945.  
1946.  
1947.  
1948. [+] Checking apache info/status files
1949. [++] Readable info/status files are not found
1950.  
1951. [+] admin finder
1952. [++] Admin page : http://aldabba.gov.sd/admin/
1953.  
1954. [+] Checking robots.txt existing
1955. [++] robots.txt is found
1956. path : http://aldabba.gov.sd/robots.txt
1957.  
1958. Interesting path found from robots.txt
1959. http://aldabba.gov.sd/administrator/
1960. http://aldabba.gov.sd/cache/
1961. http://aldabba.gov.sd/components/
1962. http://aldabba.gov.sd/images/
1963. http://aldabba.gov.sd/includes/
1964. http://aldabba.gov.sd/installation/
1965. http://aldabba.gov.sd/language/
1966. http://aldabba.gov.sd/libraries/
1967. http://aldabba.gov.sd/media/
1968. http://aldabba.gov.sd/modules/
1969. http://aldabba.gov.sd/plugins/
1970. http://aldabba.gov.sd/templates/
1971. http://aldabba.gov.sd/tmp/
1972. http://aldabba.gov.sd/xmlrpc/
1973.  
1974.  
1975. [+] Finding common backup files name
1976. [++] Backup files are not found
1977.  
1978. [+] Finding common log files name
1979. [++] error log is not found
1980.  
1981. [+] Checking sensitive config.php.x file
1982. [++] Readable config files are not found
1983.  
1984.  
1985. Your Report : reports/aldabba.gov.sd/
1986. #######################################################################################################################################
1987. [-] Date & Time: 15/02/2019 19:09:44
1988. [I] Threads: 5
1989. [-] Target: http://aldabba.gov.sd (62.12.105.4)
1990. [M] Website Not in HTTPS: http://aldabba.gov.sd
1991. [I] X-Powered-By: PHP/5.4.16
1992. [L] X-Frame-Options: Not Enforced
1993. [I] Strict-Transport-Security: Not Enforced
1994. [I] X-Content-Security-Policy: Not Enforced
1995. [I] X-Content-Type-Options: Not Enforced
1996. [L] Robots.txt Found: http://aldabba.gov.sd/robots.txt
1997. [I] CMS Detection: Joomla
1998. [I] Joomla Website Template: rhuk_milkyway
1999. [I] Joomla Website Template: system
2000. [H] Configuration File Found: http://aldabba.gov.sd/configuration
2001. [-] Enumerating Joomla Usernames via "Feed" ...
2002. [I] Administrator: [email protected]
2003. [I] Autocomplete Off Not Found: http://aldabba.gov.sd/administrator/index.php
2004. [-] Joomla Default Files:
2005. [-] Joomla is likely to have a large number of default files
2006. [-] Would you like to list them all?
2007. [y/N]: y
2008. [I] http://aldabba.gov.sd/bin/index.html
2009. [I] http://aldabba.gov.sd/cache/index.html
2010. [I] http://aldabba.gov.sd/cli/index.html
2011. [I] http://aldabba.gov.sd/components/index.html
2012. [I] http://aldabba.gov.sd/htaccess.txt
2013. [I] http://aldabba.gov.sd/images/index.html
2014. [I] http://aldabba.gov.sd/includes/index.html
2015. [I] http://aldabba.gov.sd/installation/cache/index.html
2016. [I] http://aldabba.gov.sd/language/index.html
2017. [I] http://aldabba.gov.sd/language/overrides/index.html
2018. [I] http://aldabba.gov.sd/layouts/index.html
2019. [I] http://aldabba.gov.sd/layouts/joomla/error/index.html
2020. [I] http://aldabba.gov.sd/libraries/index.html
2021. [I] http://aldabba.gov.sd/media/editors/codemirror/mode/rpm/changes/index.html
2022. [I] http://aldabba.gov.sd/media/editors/tinymce/plugins/example/dialog.html
2023. [I] http://aldabba.gov.sd/media/editors/tinymce/templates/layout1.html
2024. [I] http://aldabba.gov.sd/media/editors/tinymce/templates/snippet1.html
2025. [I] http://aldabba.gov.sd/media/index.html
2026. [I] http://aldabba.gov.sd/modules/index.html
2027. [I] http://aldabba.gov.sd/plugins/index.html
2028. [I] http://aldabba.gov.sd/templates/index.html
2029. [I] http://aldabba.gov.sd/tests/javascript/calendar/fixtures/fixture.html
2030. [I] http://aldabba.gov.sd/tests/javascript/caption/fixtures/fixture.html
2031. [I] http://aldabba.gov.sd/tests/javascript/combobox/fixtures/fixture.html
2032. [I] http://aldabba.gov.sd/tests/javascript/core/fixtures/fixture.html
2033. [I] http://aldabba.gov.sd/tests/javascript/highlighter/fixtures/fixture.html
2034. [I] http://aldabba.gov.sd/tests/javascript/permissions/fixtures/fixture.html
2035. [I] http://aldabba.gov.sd/tests/javascript/repeatable/fixtures/fixture.html
2036. [I] http://aldabba.gov.sd/tests/javascript/sendtestmail/fixtures/fixture.html
2037. [I] http://aldabba.gov.sd/tests/javascript/subform-repeatable/fixtures/fixture.html
2038. [I] http://aldabba.gov.sd/tests/javascript/switcher/fixtures/fixture.html
2039. [I] http://aldabba.gov.sd/tests/javascript/validate/fixtures/fixture.html
2040. [I] http://aldabba.gov.sd/tmp/index.html
2041. [-] Searching Joomla Components ...
2042. [I] Checking for Directory Listing Enabled ...
2043. [-] Date & Time: 15/02/2019 19:31:35
2044. [-] Completed in: 0:21:50
2045. #######################################################################################################################################
2046. Anonymous JTSEC #OpSudan Full Recon #13