API tools faq
paste
SaintDruG

#OpTurkey_tbmm.gov.tr_Hacked

SaintDruG
Jul 24th, 2016
77
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.08 KB | None | 0 0
raw download clone embed print report
  1. OPTurkey
  2.  
  3. Anon_CY
  4.  
  5. We are Legion
  6.  
  7. **Target: #OpTurkey_tbmm.gov.tr_Hacked **
  8.  
  9.  
  10.  
  11.  
  12.  
  13.  
  14.  
  15.  
  16. ____
  17. _________ / _/___ ___ _____
  18. / ___/ __ \ / // __ \/ _ \/ ___/
  19. (__ ) / / // // /_/ / __/ /
  20. /____/_/ /_/___/ .___/\___/_/
  21. /_/
  22.  
  23. + -- --=[http://crowdshield.com
  24. + -- --=[sn1per v1.7 by 1N3
  25.  
  26. ################################### Running recon #################################
  27. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  28. Server: 8.8.8.8
  29. Address: 8.8.8.8#53
  30.  
  31. Non-authoritative answer:
  32. Name: tbmm.gov.tr
  33. Address: 212.174.157.41
  34. Name: tbmm.gov.tr
  35. Address: 192.168.3.31
  36. Name: tbmm.gov.tr
  37. Address: 192.168.2.31
  38.  
  39. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  40. tbmm.gov.tr has address 212.174.157.41
  41. tbmm.gov.tr has address 192.168.3.31
  42. tbmm.gov.tr has address 192.168.2.31
  43. tbmm.gov.tr mail is handled by 10 mail.tbmm.gov.tr.
  44.  
  45. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  46.  
  47. [+] Target is tbmm.gov.tr
  48. [+] Loading modules.
  49. [+] Following modules are loaded:
  50. [x] [1] ping:icmp_ping - ICMP echo discovery module
  51. [x] [2] ping:tcp_ping - TCP-based ping discovery module
  52. [x] [3] ping:udp_ping - UDP-based ping discovery module
  53. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
  54. [x] [5] infogather:portscan - TCP and UDP PortScanner
  55. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
  56. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
  57. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
  58. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
  59. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
  60. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
  61. [x] [12] fingerprint:smb - SMB fingerprinting module
  62. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
  63. [+] 13 modules registered
  64. [+] Initializing scan engine
  65. [+] Running scan engine
  66. [-] ping:tcp_ping module: no closed/open TCP ports known on 212.174.157.41. Module test failed
  67. [-] ping:udp_ping module: no closed/open UDP ports known on 212.174.157.41. Module test failed
  68. [-] No distance calculation. 212.174.157.41 appears to be dead or no ports known
  69. [+] Host: 212.174.157.41 is down (Guess probability: 0%)
  70. [+] Cleaning up scan engine
  71. [+] Modules deinitialized
  72. [+] Execution completed.
  73. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  74.  
  75. ; <<>> DiG 9.10.3-P4-Debian <<>> -x tbmm.gov.tr
  76. ;; global options: +cmd
  77. ;; Got answer:
  78. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21511
  79. ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  80.  
  81. ;; OPT PSEUDOSECTION:
  82. ; EDNS: version: 0, flags:; udp: 4096
  83. ;; QUESTION SECTION:
  84. ;tr.gov.tbmm.in-addr.arpa. IN PTR
  85.  
  86. ;; AUTHORITY SECTION:
  87. in-addr.arpa. 3032 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2015074094 1800 900 604800 3600
  88.  
  89. ;; Query time: 329 msec
  90. ;; SERVER: 8.8.8.8#53(8.8.8.8)
  91. ;; WHEN: Sun Jul 24 12:23:41 EEST 2016
  92. ;; MSG SIZE rcvd: 121
  93.  
  94. ** Registrant:
  95. Türkiye Büyük Millet Meclisi
  96. TBMM Bilgi İşlem Başkanlığı Bakanlıklar
  97.  
  98. Ankara,
  99. Türkiye
  100. domreg@tbmm.gov.tr
  101. + 90-312-4206850-
  102. + 90-312-4207807-
  103.  
  104.  
  105. ** Administrative Contact:
  106. NIC Handle : tbi86-metu
  107. Organization Name : TBMM Bilgi İşlem Başkanlığı
  108. Address : TBMM Bilgi İşlem Başkanlığı
  109. Bakanlıklar
  110. Ankara,06543
  111. Türkiye
  112. Phone : + 90-420-7857-
  113. Fax : + 90-420-7807-
  114.  
  115.  
  116. ** Technical Contact:
  117. NIC Handle : tbi86-metu
  118. Organization Name : TBMM Bilgi İşlem Başkanlığı
  119. Address : TBMM Bilgi İşlem Başkanlığı
  120. Bakanlıklar
  121. Ankara,06543
  122. Türkiye
  123. Phone : + 90-420-7857-
  124. Fax : + 90-420-7807-
  125.  
  126.  
  127. ** Billing Contact:
  128. NIC Handle : tbi86-metu
  129. Organization Name : TBMM Bilgi İşlem Başkanlığı
  130. Address : TBMM Bilgi İşlem Başkanlığı
  131. Bakanlıklar
  132. Ankara,06543
  133. Türkiye
  134. Phone : + 90-420-7857-
  135. Fax : + 90-420-7807-
  136.  
  137.  
  138. ** Domain Servers:
  139. ns.tbmm.gov.tr 212.174.157.1
  140. ns2.tbmm.gov.tr 212.174.157.2
  141.  
  142. ** Additional Info:
  143. Created on..............: 1999-Nov-09.
  144. Expires on..............: 2016-Nov-08.
  145. Smartmatch is experimental at ./dnsenum.pl line 698.
  146. Smartmatch is experimental at ./dnsenum.pl line 698.
  147. dnsenum.pl VERSION:1.2.4
  148.  
  149. ----- tbmm.gov.tr -----
  150.  
  151.  
  152. Host's addresses:
  153. __________________
  154.  
  155. tbmm.gov.tr. 3587 IN A 212.174.157.41
  156. tbmm.gov.tr. 587 IN A 192.168.3.31
  157. tbmm.gov.tr. 587 IN A 192.168.2.31
  158.  
  159.  
  160. Name Servers:
  161. ______________
  162.  
  163. ns.tbmm.gov.tr. 3600 IN A 212.174.157.1
  164. ns01.tbmm.gov.tr. 3600 IN A 212.174.157.1
  165.  
  166.  
  167. Mail (MX) Servers:
  168. ___________________
  169.  
  170. mail.tbmm.gov.tr. 3600 IN CNAME tmg02.tbmm.gov.tr.
  171. tmg02.tbmm.gov.tr. 3600 IN A 212.174.157.17
  172.  
  173.  
  174. Trying Zone Transfers and getting Bind Versions:
  175. _________________________________________________
  176.  
  177.  
  178. Trying Zone Transfer for tbmm.gov.tr on ns01.tbmm.gov.tr ...
  179. AXFR record query failed: REFUSED
  180.  
  181. Trying Zone Transfer for tbmm.gov.tr on ns.tbmm.gov.tr ...
  182. AXFR record query failed: REFUSED
  183.  
  184. brute force file not specified, bay.
  185.  
  186. ____ _ _ _ _ _____
  187. / ___| _ _| |__ | (_)___| |_|___ / _ __
  188. \___ \| | | | '_ \| | / __| __| |_ \| '__|
  189. ___) | |_| | |_) | | \__ \ |_ ___) | |
  190. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  191.  
  192. # Fast Subdomains Enumeration tool using Search Engines and BruteForce
  193. # Coded By Ahmed Aboul-Ela - @aboul3la
  194. # Special Thanks to Ibrahim Mosaad - @ibrahim_mosaad for his contributions
  195.  
  196. [-] Enumerating subdomains now for tbmm.gov.tr
  197. [-] verbosity is enabled, will show the subdomains results in realtime
  198. [-] Searching now in Baidu..
  199. [-] Searching now in Yahoo..
  200. [-] Searching now in Google..
  201. [-] Searching now in Bing..
  202. [-] Searching now in Ask..
  203. [-] Searching now in Netcraft..
  204. [-] Searching now in DNSdumpster..
  205. Ask: baskanlik.tbmm.gov.tr
  206. Ask: www4.tbmm.gov.tr
  207. Ask: yenianayasa.tbmm.gov.tr
  208. Ask: anayasa.tbmm.gov.tr
  209. Ask: mevzuat.tbmm.gov.tr
  210. Ask: cocuk.tbmm.gov.tr
  211. Bing: web.tbmm.gov.tr
  212. Bing: www2.tbmm.gov.tr
  213. Bing: anayasa.tbmm.gov.tr
  214. Bing: global.tbmm.gov.tr
  215. Bing: saglik.tbmm.gov.tr
  216. Ask: acikerisim.tbmm.gov.tr
  217. Ask: eczane.tbmm.gov.tr
  218. Ask: komisyon.tbmm.gov.tr
  219. Ask: pbk.tbmm.gov.tr
  220. Bing: www.www2.tbmm.gov.tr
  221. Bing: www.web.tbmm.gov.tr
  222. Ask: edilekce.tbmm.gov.tr
  223. Ask: global.tbmm.gov.tr
  224. Yahoo: global.tbmm.gov.tr
  225. Yahoo: www.tbmm.gov.tr
  226. Yahoo: web.tbmm.gov.tr
  227. [!] Error: Google probably now is blocking our requests
  228. [~] Finished now the Google Enumeration ...
  229. Bing: eczane.tbmm.gov.tr
  230. Bing: pbk.tbmm.gov.tr
  231. Bing: komisyon.tbmm.gov.tr
  232. Bing: cocuk.tbmm.gov.tr
  233. Bing: acikerisim.tbmm.gov.tr
  234. Bing: baskanlik.tbmm.gov.tr
  235. Bing: rss.tbmm.gov.tr
  236. Bing: mevzuat.tbmm.gov.tr
  237. DNSdumpster: edilekce.tbmm.gov.tr
  238. DNSdumpster: tmg02.tbmm.gov.tr
  239. DNSdumpster: web.tbmm.gov.tr
  240. DNSdumpster: karasu.tbmm.gov.tr
  241. Baidu: global.tbmm.gov.tr
  242. Ask: web.tbmm.gov.tr
  243. [-] Total Unique Subdomains Found: 21
  244. acikerisim.tbmm.gov.tr
  245. anayasa.tbmm.gov.tr
  246. baskanlik.tbmm.gov.tr
  247. cocuk.tbmm.gov.tr
  248. eczane.tbmm.gov.tr
  249. edilekce.tbmm.gov.tr
  250. global.tbmm.gov.tr
  251. karasu.tbmm.gov.tr
  252. komisyon.tbmm.gov.tr
  253. mevzuat.tbmm.gov.tr
  254. pbk.tbmm.gov.tr
  255. rss.tbmm.gov.tr
  256. saglik.tbmm.gov.tr
  257. tmg02.tbmm.gov.tr
  258. web.tbmm.gov.tr
  259. www.tbmm.gov.tr
  260. www.web.tbmm.gov.tr
  261. www.www2.tbmm.gov.tr
  262. www2.tbmm.gov.tr
  263. www4.tbmm.gov.tr
  264. yenianayasa.tbmm.gov.tr
  265.  
  266. ################################### Pinging host ###################################
  267. PING tbmm.gov.tr (212.174.157.41) 56(84) bytes of data.
  268.  
  269. --- tbmm.gov.tr ping statistics ---
  270. 1 packets transmitted, 0 received, 100% packet loss, time 0ms
  271.  
  272.  
  273. ################################### Running TCP port scan ##########################
  274.  
  275. Starting Nmap 7.12SVN ( https://nmap.org ) at 2016-07-24 12:24 EEST
  276. Nmap scan report for tbmm.gov.tr (212.174.157.41)
  277. Host is up (0.13s latency).
  278. Other addresses for tbmm.gov.tr (not scanned): 192.168.3.31 192.168.2.31
  279. rDNS record for 212.174.157.41: 212.174.157.41.dynamic.ttnet.com.tr
  280. Not shown: 35 filtered ports
  281. PORT STATE SERVICE
  282. 80/tcp open http
  283. 443/tcp open https
  284.  
  285. Nmap done: 1 IP address (1 host up) scanned in 3.57 seconds
  286. ################################### Running UDP port scan ##########################
  287.  
  288. Starting Nmap 7.12SVN ( https://nmap.org ) at 2016-07-24 12:24 EEST
  289. WARNING: a TCP scan type was requested, but no tcp ports were specified. Skipping this scan type.
  290. Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds
  291.  
  292. ################################### Running Intrusive Scans ########################
  293. + -- --=[Port 21 closed... skipping.
  294. + -- --=[Port 22 closed... skipping.
  295. + -- --=[Port 23 closed... skipping.
  296. + -- --=[Port 25 closed... skipping.
  297. + -- --=[Port 53 closed... skipping.
  298. + -- --=[Port 79 closed... skipping.
  299. + -- --=[Port 80 opened... running tests...
  300. ################################### Checking for WAF ##############################
  301.  
  302. ^ ^
  303. _ __ _ ____ _ __ _ _ ____
  304. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  305. | V V // o // _/ | V V // 0 // 0 // _/
  306. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  307. <
  308. ...'
  309.  
  310. WAFW00F - Web Application Firewall Detection Tool
  311.  
  312. By Sandro Gauci && Wendel G. Henrique
  313.  
  314. Checking http://tbmm.gov.tr
  315. The site http://tbmm.gov.tr is behind a F5 BIG-IP LTM
  316. Number of requests: 2
  317.  
  318. ################################### Gathering HTTP Info ###########################
  319. http://tbmm.gov.tr [200 OK] Content-Language[tr], Country[TURKEY][TR], HTTPServer, IP[212.174.157.41], Meta-Refresh-Redirect[http://www.tbmm.gov.tr/offline/index.htm], Title[Yeni Siteye Y�nlendiriliyor.]
  320. http://www.tbmm.gov.tr/offline/index.htm [302 Found] Country[TURKEY][TR], HTTPServer[tbmm_http], IP[212.174.157.41], RedirectLocation[https://www.tbmm.gov.tr/offline/index.htm]
  321. https://www.tbmm.gov.tr/offline/index.htm [200 OK] Content-Language[tr], Country[TURKEY][TR], Email[www@tbmm.gov.tr], Frame, IP[212.174.157.41], JQuery[1.8.1], Meta-Author[Tasarım: Emre Baydur], Script[text/javascript], Strict-Transport-Security[max-age=31536000 ; includeSubDomains], Title[TÜRKİYE BÜYÜK MİLLET MECLİSİ], YouTube
  322.  
  323. __ ______ _____
  324. \ \/ / ___|_ _|
  325. \ /\___ \ | |
  326. / \ ___) || |
  327. /_/\_|____/ |_|
  328.  
  329. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  330. + -- --=[Target: tbmm.gov.tr:80
  331. + -- --=[Site not vulnerable to Cross-Site Tracing!
  332. + -- --=[Site not vulnerable to Host Header Injection!
  333. + -- --=[Site vulnerable to Cross-Frame Scripting!
  334. + -- --=[Site vulnerable to Clickjacking!
  335.  
  336. HTTP/1.1 405 Method Not Allowed
  337. Date: Sun, 24 Jul 2016 09:25:26 GMT
  338. Server:
  339. Allow:
  340. Content-Length: 257
  341. Content-Type: text/html; charset=iso-8859-1
  342.  
  343. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  344. <html><head>
  345. <title>405 Method Not Allowed</title>
  346. </head><body>
  347. <h1>Method Not Allowed</h1>
  348. <p>The requested resource cannot be accessed using the method TRACE specified in the request.</p>
  349. </body></html>
  350.  
  351. HTTP/1.1 200 OK
  352. Server:
  353. Last-Modified: Thu, 14 May 2015 05:55:40 GMT
  354. ETag: "16e1041-25c-51604609aef00"
  355. Accept-Ranges: bytes
  356. Keep-Alive: timeout=5, max=100
  357. Content-Type: text/html
  358. Content-Language: tr
  359. Connection: Keep-Alive
  360. Date: Sun, 24 Jul 2016 09:24:27 GMT
  361. Age: 6
  362. Content-Length: 604
  363.  
  364. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  365. <html xmlns="http://www.w3.org/1999/xhtml">
  366. <head>
  367. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  368. <title>Yeni Siteye Y�nlendiriliyor.</title>
  369. <!--<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.tbmm.gov.tr/offline/index.htm">-->
  370. <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.tbmm.gov.tr/develop/owa/tbmm_internet.anasayfa">
  371.  
  372. <!--<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.tbmm.gov.tr/bakim.htm">-->
  373. </head>
  374. <body>
  375. </body>
  376. </html>
  377.  
  378.  
  379.  
  380. ################################### Checking HTTP Headers #########################
  381. + -- --=[Checking if X-Content options are enabled on tbmm.gov.tr...
  382.  
  383. + -- --=[Checking if X-Frame options are enabled on tbmm.gov.tr...
  384.  
  385. + -- --=[Checking if X-XSS-Protection header is enabled on tbmm.gov.tr...
  386.  
  387. + -- --=[Checking HTTP methods on tbmm.gov.tr...
  388. Allow: GET,HEAD,POST,OPTIONS
  389.  
  390. + -- --=[Checking if TRACE method is enabled on tbmm.gov.tr...
  391.  
  392. + -- --=[Checking for open proxy on tbmm.gov.tr...
  393.  
  394. + -- --=[Enumerating software on tbmm.gov.tr...
  395. Server:
  396.  
  397. + -- --=[Checking if Strict-Transport-Security is enabled on tbmm.gov.tr...
  398.  
  399. + -- --=[Checking for Flash cross-domain policy on tbmm.gov.tr...
  400. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  401. <html><head>
  402. <title>404 Not Found</title>
  403. </head><body>
  404. <h1>Not Found</h1>
  405. <p>The requested URL /crossdomain.xml was not found.</p>
  406. </body></html>
  407.  
  408. + -- --=[Checking for Silverlight cross-domain policy on tbmm.gov.tr...
  409. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  410. <html><head>
  411. <title>404 Not Found</title>
  412. </head><body>
  413. <h1>Not Found</h1>
  414. <p>The requested URL /clientaccesspolicy.xml was not found.</p>
  415. </body></html>
  416.  
  417. + -- --=[Checking for HTML5 cross-origin resource sharing on tbmm.gov.tr...
  418.  
  419. + -- --=[Retrieving robots.txt on tbmm.gov.tr...
  420. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  421. <html><head>
  422. <title>404 Not Found</title>
  423. </head><body>
  424. <h1>Not Found</h1>
  425. <p>The requested URL /robots.txt was not found.</p>
  426. </body></html>
  427.  
  428. + -- --=[Retrieving sitemap.xml on tbmm.gov.tr...
  429. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  430. <html><head>
  431. <title>404 Not Found</title>
  432. </head><body>
  433. <h1>Not Found</h1>
  434. <p>The requested URL /sitemap.xml was not found.</p>
  435. </body></html>
  436.  
  437. + -- --=[Checking cookie attributes on tbmm.gov.tr...
  438.  
  439. + -- --=[Checking for ASP.NET Detailed Errors on tbmm.gov.tr...
  440.  
  441.  
  442. ################################### Running Web Vulnerability Scan ################
  443. - Nikto v2.1.6
  444. ---------------------------------------------------------------------------
  445. + Target IP: 212.174.157.41
  446. + Target Hostname: tbmm.gov.tr
  447. + Target Port: 80
  448. + Start Time: 2016-07-24 13:01:27 (GMT3)
  449. ---------------------------------------------------------------------------
  450. + Server: No banner retrieved
  451. + Server leaks inodes via ETags, header found with file /, inode: 23990337, size: 604, mtime: Thu May 14 08:55:40 2015
  452. + The anti-clickjacking X-Frame-Options header is not present.
  453. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  454. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  455. + Multiple index files found: /index.html, /index.htm
  456. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
  457. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
  458. + Scan terminated: 20 error(s) and 6 item(s) reported on remote host
  459. + End Time: 2016-07-24 13:09:23 (GMT3) (476 seconds)
  460. ---------------------------------------------------------------------------
  461. + 1 host(s) tested
  462. ################################### Saving Web Screenshots ########################
  463. [+] Screenshot saved to /root/Sn1per/loot/tbmm.gov.tr-port80.jpg
  464.  
  465. (cutycapt:5749): Gtk-WARNING **: Theme directory devices/scalable of theme maia has no size field
  466.  
  467. ################################### Running Google Hacking Queries #############
  468. ################################### Running InUrlBR OSINT Queries ##############
  469.  
  470. _____ .701F. .iBR. .7CL. .70BR. .7BR. .7BR'''Cq. .70BR. .1BR'''Yp, .8BR'''Cq.
  471. (_____) 01 01N. C 01 C 01 .01. 01 01 Yb 01 .01.
  472. (() ()) 01 C YCb C 01 C 01 ,C9 01 01 dP 01 ,C9
  473. \ / 01 C .CN. C 01 C 0101dC9 01 01'''bg. 0101dC9
  474. \ / 01 C .01.C 01 C 01 YC. 01 , 01 .Y 01 YC.
  475. /=\ 01 C Y01 YC. ,C 01 .Cb. 01 ,C 01 ,9 01 .Cb.
  476. [___] .J01L. .JCL. YC .b0101d'. .J01L. .J01. .J01010101C .J0101Cd9 .J01L. .J01./ 2.1
  477.  
  478. __[ ! ] Neither war between hackers, nor peace for the system.
  479. __[ ! ] http://blog.inurl.com.br
  480. __[ ! ] http://fb.com/InurlBrasil
  481. __[ ! ] http://twitter.com/@googleinurl
  482. __[ ! ] http://github.com/googleinurl
  483. __[ ! ] Current PHP version::[ 7.0.8-5 ]
  484. __[ ! ] Current script owner::[ root ]
  485. __[ ! ] Current uname::[ Linux anonymous 4.6.0-parrot-amd64 #1 SMP Parrot 4.6.3-1parrot1 (2016-07-15) x86_64 ]
  486. __[ ! ] Current pwd::[ /root/Sn1per ]
  487. __[ ! ] Help: php inurlbr.php --help
  488. ------------------------------------------------------------------------------------------------------------------------
  489.  
  490. [ ! ] Starting SCANNER INURLBR 2.1 at [24-07-2016 13:09:37]
  491. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
  492. It is the end user's responsibility to obey all applicable local, state and federal laws.
  493. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  494.  
  495. [ INFO ][ OUTPUT FILE ]:: [ /root/Sn1per/output/loot/inurlbr-tbmm.gov.tr.txt ]
  496. [ INFO ][ DORK ]::[ site:tbmm.gov.tr ]
  497. [ INFO ][ SEARCHING ]:: {
  498. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.mt ]
  499.  
  500. [ INFO ][ SEARCHING ]::
  501. -[:::]
  502. [ INFO ][ ENGINE ]::[ GOOGLE API ]
  503.  
  504. [ INFO ][ SEARCHING ]::
  505. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  506. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.bn ID: 005911257635119896548:iiolgmwf2se ]
  507.  
  508. [ INFO ][ SEARCHING ]::
  509. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  510.  
  511. [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
  512. [ INFO ] Not a satisfactory result was found!
  513.  
  514.  
  515. [ INFO ] [ Shutting down ]
  516. [ INFO ] [ End of process INURLBR at [24-07-2016 13:09:55]
  517. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
  518. [ INFO ] [ OUTPUT FILE ]:: [ /root/Sn1per/output/loot/inurlbr-tbmm.gov.tr.txt ]
  519. |_________________________________________________________________________________________
  520.  
  521. \_________________________________________________________________________________________/
  522.  
  523. + -- --=[Port 110 closed... skipping.
  524. + -- --=[Port 111 closed... skipping.
  525. + -- --=[Port 135 closed... skipping.
  526. + -- --=[Port 139 closed... skipping.
  527. + -- --=[Port 162 closed... skipping.
  528. + -- --=[Port 389 closed... skipping.
  529. + -- --=[Port 443 opened... running tests...
  530. ################################### Checking for WAF ##############################
  531.  
  532. ^ ^
  533. _ __ _ ____ _ __ _ _ ____
  534. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  535. | V V // o // _/ | V V // 0 // 0 // _/
  536. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  537. <
  538. ...'
  539.  
  540. WAFW00F - Web Application Firewall Detection Tool
  541.  
  542. By Sandro Gauci && Wendel G. Henrique
  543.  
  544. Checking https://tbmm.gov.tr
  545. The site https://tbmm.gov.tr is behind a ModSecurity (OWASP CRS)
  546. Number of requests: 11
  547.  
  548. ################################### Gathering HTTP Info ###########################
  549. https://tbmm.gov.tr [200 OK] Content-Language[tr], Country[TURKEY][TR], HTTPServer, IP[212.174.157.41], Meta-Refresh-Redirect[http://www.tbmm.gov.tr/offline/index.htm], Title[Yeni Siteye Y�nlendiriliyor.]
  550. http://www.tbmm.gov.tr/offline/index.htm [302 Found] Country[TURKEY][TR], HTTPServer[tbmm_http], IP[212.174.157.41], RedirectLocation[https://www.tbmm.gov.tr/offline/index.htm]
  551. https://www.tbmm.gov.tr/offline/index.htm [200 OK] Content-Language[tr], Country[TURKEY][TR], Email[www@tbmm.gov.tr], Frame, IP[212.174.157.41], JQuery[1.8.1], Meta-Author[Tasarım: Emre Baydur], Script[text/javascript], Strict-Transport-Security[max-age=31536000 ; includeSubDomains], Title[TÜRKİYE BÜYÜK MİLLET MECLİSİ], YouTube
  552.  
  553. ################################### Gathering SSL/TLS Info ########################
  554. Version: 1.11.7-static
  555. OpenSSL 1.0.2i-dev xx XXX xxxx
  556.  
  557. Testing SSL server tbmm.gov.tr on port 443
  558.  
  559. TLS Fallback SCSV:
  560. Server supports TLS Fallback SCSV
  561.  
  562. TLS renegotiation:
  563. Secure session renegotiation supported
  564.  
  565. TLS Compression:
  566. Compression disabled
  567.  
  568. Heartbleed:
  569. TLS 1.2 not vulnerable to heartbleed
  570. TLS 1.1 not vulnerable to heartbleed
  571. TLS 1.0 not vulnerable to heartbleed
  572.  
  573. Supported Server Cipher(s):
  574. Preferred TLSv1.2 256 bits AES256-GCM-SHA384
  575. Accepted TLSv1.2 256 bits AES256-SHA256
  576. Accepted TLSv1.2 256 bits AES256-SHA
  577. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  578. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  579. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  580. Accepted TLSv1.2 112 bits DES-CBC3-SHA
  581. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  582. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  583. Accepted TLSv1.2 128 bits AES128-SHA256
  584. Accepted TLSv1.2 128 bits AES128-SHA
  585. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  586. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  587. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  588. Preferred TLSv1.1 256 bits AES256-SHA
  589. Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  590. Accepted TLSv1.1 112 bits DES-CBC3-SHA
  591. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  592. Accepted TLSv1.1 128 bits AES128-SHA
  593. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  594. Preferred TLSv1.0 256 bits AES256-SHA
  595. Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  596. Accepted TLSv1.0 112 bits DES-CBC3-SHA
  597. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  598. Accepted TLSv1.0 128 bits AES128-SHA
  599. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  600.  
  601. SSL Certificate:
  602. Signature Algorithm: sha256WithRSAEncryption
  603. RSA Key Strength: 2048
  604.  
  605. Subject: www.tbmm.gov.tr
  606. Altnames: DNS:www.tbmm.gov.tr, DNS:e-posta.tbmm.gov.tr, DNS:autodiscover.tbmm.gov.tr, DNS:tbmm.gov.tr
  607. Issuer: GlobalSign Extended Validation CA - SHA256 - G2
  608.  
  609. Not valid before: Dec 29 13:55:01 2014 GMT
  610. Not valid after: Dec 24 11:14:46 2016 GMT
  611.  
  612.  
  613.  
  614. AVAILABLE PLUGINS
  615. -----------------
  616.  
  617. PluginHeartbleed
  618. PluginHSTS
  619. PluginSessionRenegotiation
  620. PluginSessionResumption
  621. PluginOpenSSLCipherSuites
  622. PluginChromeSha1Deprecation
  623. PluginCompression
  624. PluginCertInfo
  625.  
  626.  
  627.  
  628. CHECKING HOST(S) AVAILABILITY
  629. -----------------------------
  630.  
  631. tbmm.gov.tr:443 => 212.174.157.41:443
  632.  
  633.  
  634.  
  635. SCAN RESULTS FOR TBMM.GOV.TR:443 - 212.174.157.41:443
  636. -----------------------------------------------------
  637.  
  638. * Deflate Compression:
  639. OK - Compression disabled
  640.  
  641. * Session Renegotiation:
  642. Client-initiated Renegotiations: VULNERABLE - Server honors client-initiated renegotiations
  643. Secure Renegotiation: OK - Supported
  644.  
  645. * Certificate - Content:
  646. SHA1 Fingerprint: 2e6311328b23677e87722c2e785b7377de6ed4c9
  647. Common Name: www.tbmm.gov.tr
  648. Issuer: GlobalSign Extended Validation CA - SHA256 - G2
  649. Serial Number: 3F66886C4FF250160BBE49C5
  650. Not Before: Dec 29 13:55:01 2014 GMT
  651. Not After: Dec 24 11:14:46 2016 GMT
  652. Signature Algorithm: sha256WithRSAEncryption
  653. Public Key Algorithm: rsaEncryption
  654. Key Size: 2048 bit
  655. Exponent: 65537 (0x10001)
  656. X509v3 Subject Alternative Name: {'DNS': ['www.tbmm.gov.tr', 'e-posta.tbmm.gov.tr', 'autodiscover.tbmm.gov.tr', 'tbmm.gov.tr']}
  657.  
  658. * Certificate - Trust:
  659. Hostname Validation: OK - Subject Alternative Name matches
  660. Google CA Store (09/2015): OK - Certificate is trusted
  661. Java 6 CA Store (Update 65): OK - Certificate is trusted
  662. Microsoft CA Store (09/2015): OK - Certificate is trusted
  663. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
  664. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
  665. Certificate Chain Received: ['www.tbmm.gov.tr', 'GlobalSign Extended Validation CA - SHA256 - G2']
  666.  
  667. * Certificate - OCSP Stapling:
  668. NOT SUPPORTED - Server did not send back an OCSP response.
  669.  
  670. * SSLV2 Cipher Suites:
  671. Server rejected all cipher suites.
  672.  
  673. * SSLV3 Cipher Suites:
  674. Server rejected all cipher suites.
  675.  
  676. * Session Resumption:
  677. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
  678. With TLS Session Tickets: NOT SUPPORTED - TLS ticket not assigned.
  679.  
  680.  
  681.  
  682. SCAN COMPLETED IN 3.03 S
  683. ------------------------
  684.  
  685. ███▄ ▄███▓ ▄▄▄ ██████ ██████ ▄▄▄▄ ██▓ ▓█████ ▓█████ ▓█████▄
  686. ▓██▒▀█▀ ██▒▒████▄ ▒██ ▒ ▒██ ▒ ▓█████▄ ▓██▒ ▓█ ▀ ▓█ ▀ ▒██▀ ██▌
  687. ▓██ ▓██░▒██ ▀█▄ ░ ▓██▄ ░ ▓██▄ ▒██▒ ▄██▒██░ ▒███ ▒███ ░██ █▌
  688. ▒██ ▒██ ░██▄▄▄▄██ ▒ ██▒ ▒ ██▒▒██░█▀ ▒██░ ▒▓█ ▄ ▒▓█ ▄ ░▓█▄ ▌
  689. ▒██▒ ░██▒ ▓█ ▓██▒▒██████▒▒▒██████▒▒░▓█ ▀█▓░██████▒░▒████▒░▒████▒░▒████▓
  690. ░ ▒░ ░ ░ ▒▒ ▓▒█░▒ ▒▓▒ ▒ ░▒ ▒▓▒ ▒ ░░▒▓███▀▒░ ▒░▓ ░░░ ▒░ ░░░ ▒░ ░ ▒▒▓ ▒
  691. ░ ░ ░ ▒ ▒▒ ░░ ░▒ ░ ░░ ░▒ ░ ░▒░▒ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ▒
  692. ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
  693. ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
  694. ░ ░
  695. + -- --=[MÄŚŚBĻËËĐ V20160303 BŸ 1Ņ3 @ ĊŖÖŴĐŚȞÏËĻĐ - https://crowdshield.com
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!