Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- =======================================================================================================================================
- Hostname mofeca.gov.sd ISP NICDC
- Continent Africa Flag
- SD
- Country Sudan Country Code SD
- Region Unknown Local time 14 Feb 2019 15:19 CAT
- City Unknown Postal Code Unknown
- IP Address 62.12.105.6 Latitude 15
- Longitude 30
- =======================================================================================================================================
- #######################################################################################################################################
- > mofeca.gov.sd
- Server: 38.132.106.139
- Address: 38.132.106.139#53
- Non-authoritative answer:
- Name: mofeca.gov.sd
- Address: 62.12.105.6
- >
- #######################################################################################################################################
- HostIP:62.12.105.6
- HostName:mofeca.gov.sd
- Gathered Inet-whois information for 62.12.105.6
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 62.12.96.0 - 62.12.127.255
- netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
- descr: IPv4 address block not managed by the RIPE NCC
- remarks: ------------------------------------------------------
- remarks:
- remarks: For registration information,
- remarks: you can consult the following sources:
- remarks:
- remarks: IANA
- remarks: http://www.iana.org/assignments/ipv4-address-space
- remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
- remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
- remarks:
- remarks: AFRINIC (Africa)
- remarks: http://www.afrinic.net/ whois.afrinic.net
- remarks:
- remarks: APNIC (Asia Pacific)
- remarks: http://www.apnic.net/ whois.apnic.net
- remarks:
- remarks: ARIN (Northern America)
- remarks: http://www.arin.net/ whois.arin.net
- remarks:
- remarks: LACNIC (Latin America and the Carribean)
- remarks: http://www.lacnic.net/ whois.lacnic.net
- remarks:
- remarks: ------------------------------------------------------
- country: EU # Country is really world wide
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- status: ALLOCATED UNSPECIFIED
- mnt-by: RIPE-NCC-HM-MNT
- created: 2019-01-07T10:46:54Z
- last-modified: 2019-01-07T10:46:54Z
- source: RIPE
- role: Internet Assigned Numbers Authority
- address: see http://www.iana.org.
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- nic-hdl: IANA1-RIPE
- remarks: For more information on IANA services
- remarks: go to IANA web site at http://www.iana.org.
- mnt-by: RIPE-NCC-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2001-09-22T09:31:27Z
- source: RIPE # Filtered
- % This query was served by the RIPE Database Query Service version 1.92.6 (BLAARKOP)
- Gathered Inic-whois information for mofeca.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Error: Unable to connect - Invalid Host
- ERROR: Connection to InicWhois Server sd.whois-servers.net failed
- close error
- Gathered Netcraft information for mofeca.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for mofeca.gov.sd
- Netcraft.com Information gathered
- Gathered Subdomain information for mofeca.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- HostName:www.mofeca.gov.sd
- HostIP:62.12.105.6
- Searching Altavista.com:80...
- Found 1 possible subdomain(s) for host mofeca.gov.sd, Searched 0 pages containing 0 results
- Gathered E-Mail information for mofeca.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host mofeca.gov.sd, Searched 0 pages containing 0 results
- Gathered TCP Port information for 62.12.105.6
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 21/tcp open
- 80/tcp open
- 110/tcp open
- Portscan Finished: Scanned 150 ports, 5 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: http://mofeca.gov.sd
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: وزارة المالية و الإقتصاد و شؤون المستهلك - ولاية الخرطوم
- [+] IP address: 62.12.105.6
- [+] Web Server: Could Not Detect
- [+] CMS: Could Not Detect
- [+] Cloudflare: Not Detected
- [+] Robots File: Could NOT Find robots.txt!
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 62.12.105.6
- [i] Country: Sudan
- [i] State:
- [i] City:
- [i] Latitude: 15.0
- [i] Longitude: 30.0
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Date: Thu, 14 Feb 2019 12:23:37 GMT
- [i] Content-Type: text/html
- [i] X-Powered-By: PHP/5.4.16
- [i] X-Powered-By: PleskLin
- [i] Connection: close
- D N S L O O K U P
- =======================================================================================================================================
- mofeca.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016110600 10800 900 604800 86400
- mofeca.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
- mofeca.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
- mofeca.gov.sd. 21599 IN A 62.12.105.6
- mofeca.gov.sd. 21599 IN MX 10 mail.mofeca.gov.sd.
- mofeca.gov.sd. 21599 IN TXT "v=spf1 mx -all"
- S U B N E T C A L C U L A T I O N
- =======================================================================================================================================
- Address = 62.12.105.6
- Network = 62.12.105.6 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 62.12.105.6 - 62.12.105.6 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 13:23 UTC
- Nmap scan report for mofeca.gov.sd (62.12.105.6)
- Host is up (0.18s latency).
- rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 13.87 seconds
- ######################################################################################################################################
- [?] Enter the target: example( http://domain.com )
- http://mofeca.gov.sd/
- [!] IP Address : 62.12.105.6
- [!] mofeca.gov.sd doesn't seem to use a CMS
- [+] Honeypot Probabilty: 30%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for mofeca.gov.sd
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/mofeca.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 14.20 seconds
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] DNS Records
- ns0.ndc.gov.sd. (62.12.109.2) Egypt Egypt
- ns1.ndc.gov.sd. (62.12.109.3) Egypt Egypt
- [+] MX Records
- 10 (196.29.167.142) AS33788 KANARTEL Sudan
- [+] Host Records (A)
- mofeca.gov.sd (62.12.105.6) Egypt Egypt
- [+] TXT Records
- "v=spf1 mx -all"
- [+] DNS Map: https://dnsdumpster.com/static/map/mofeca.gov.sd.png
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- pixel-1550150659805332-web-@mofeca.gov.sd
- pixel-1550150660604541-web-@mofeca.gov.sd
- [+] Hosts found in search engines:
- ---------------------------------------------------------------------------------------------------------------------------------------
- [-] Resolving hostnames IPs...
- 196.29.167.142:mail.mofeca.gov.sd
- 62.12.105.6:www.mofeca.gov.sd
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- 62.12.105.6 zalingei.edu.sd
- 62.12.105.6 minv.gov.sd
- 62.12.105.6 mhd.gov.sd
- 62.12.105.6 www.minv.gov.sd
- 62.12.105.6 mofa.gov.sd
- 62.12.105.6 khrland.gov.sd
- 62.12.105.6 arcsudan.sd
- 62.12.105.6 cbs.gov.sd
- 62.12.105.6 snrra.gov.sd
- #######################################################################################################################################
- Enter Address Website = mofeca.gov.sd
- Reverse IP With YouGetSignal 'mofeca.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [*] IP: 62.12.105.6
- [*] Domain: mofeca.gov.sd
- [*] Total Domains: 9
- [+] aladia.gov.sd
- [+] arcsudan.sd
- [+] khplan.gov.sd
- [+] minv.gov.sd
- [+] mofeca.gov.sd
- [+] nilestatefinance.gov.sd
- [+] nk-agric.gov.sd
- [+] redseaeducation.gov.sd
- [+] yfit.org.sd
- #######################################################################################################################################
- Geo IP Lookup 'mofeca.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] IP Address: 62.12.105.6
- [+] Country: Sudan
- [+] State:
- [+] City:
- [+] Latitude: 15.0
- [+] Longitude: 30.0
- #######################################################################################################################################
- DNS Lookup 'mofeca.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] mofeca.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016110600 10800 900 604800 86400
- [+] mofeca.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
- [+] mofeca.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
- [+] mofeca.gov.sd. 21599 IN A 62.12.105.6
- [+] mofeca.gov.sd. 21599 IN MX 10 mail.mofeca.gov.sd.
- [+] mofeca.gov.sd. 21599 IN TXT "v=spf1 mx -all"
- #######################################################################################################################################
- Show HTTP Header 'mofeca.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] HTTP/1.1 200 OK
- [+] Server: nginx
- [+] Date: Thu, 14 Feb 2019 12:23:35 GMT
- [+] Content-Type: text/html
- [+] Connection: keep-alive
- [+] X-Powered-By: PHP/5.4.16
- [+] X-Powered-By: PleskLin
- #######################################################################################################################################
- Port Scan 'mofeca.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 13:23 UTC
- Nmap scan report for mofeca.gov.sd (62.12.105.6)
- Host is up (0.18s latency).
- rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 14.21 seconds
- #######################################################################################################################################
- Traceroute 'mofeca.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Start: 2019-02-14T13:24:06+0000
- HOST: web01 Loss% Snt Last Avg Best Wrst StDev
- 1.|-- 45.79.12.202 0.0% 3 0.7 0.9 0.7 1.0 0.2
- 2.|-- 45.79.12.2 0.0% 3 0.9 0.7 0.5 0.9 0.2
- 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.7 1.5 1.3 1.7 0.2
- 4.|-- be2763.ccr31.dfw01.atlas.cogentco.com 0.0% 3 2.0 1.9 1.4 2.3 0.5
- 5.|-- be2432.ccr21.mci01.atlas.cogentco.com 0.0% 3 12.1 11.9 11.6 12.1 0.3
- 6.|-- be2831.ccr41.ord01.atlas.cogentco.com 0.0% 3 23.5 23.4 23.2 23.5 0.1
- 7.|-- be2717.ccr21.cle04.atlas.cogentco.com 0.0% 3 30.3 30.3 30.3 30.4 0.1
- 8.|-- be2878.ccr21.alb02.atlas.cogentco.com 0.0% 3 41.9 41.6 41.4 41.9 0.3
- 9.|-- be3599.ccr31.bos01.atlas.cogentco.com 0.0% 3 44.9 45.0 44.9 45.3 0.2
- 10.|-- be2982.ccr41.lon13.atlas.cogentco.com 0.0% 3 107.8 107.5 107.2 107.8 0.3
- 11.|-- be2868.ccr21.lon01.atlas.cogentco.com 0.0% 3 107.7 107.9 107.7 108.2 0.3
- 12.|-- expressotelecom.demarc.cogentco.com 0.0% 3 107.4 107.4 107.4 107.4 0.0
- 13.|-- 185.153.20.70 0.0% 3 185.8 186.1 185.8 186.5 0.4
- 14.|-- 185.153.20.82 0.0% 3 198.1 196.8 186.1 206.2 10.1
- 15.|-- 185.153.20.94 0.0% 3 185.6 185.7 185.5 186.0 0.2
- 16.|-- 185.153.20.153 0.0% 3 242.3 242.7 219.8 266.0 23.1
- 17.|-- 212.0.131.109 0.0% 3 226.9 228.2 226.9 229.6 1.4
- 18.|-- 196.202.137.249 0.0% 3 219.1 219.7 219.1 220.6 0.8
- 19.|-- 196.202.145.94 0.0% 3 219.3 219.4 219.1 219.8 0.3
- 20.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- #######################################################################################################################################
- Ping 'mofeca.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-14 13:24 UTC
- SENT (0.0039s) ICMP [104.237.144.6 > 62.12.105.6 Echo request (type=8/code=0) id=6756 seq=1] IP [ttl=64 id=60713 iplen=28 ]
- SENT (1.0042s) ICMP [104.237.144.6 > 62.12.105.6 Echo request (type=8/code=0) id=6756 seq=2] IP [ttl=64 id=60713 iplen=28 ]
- SENT (2.0061s) ICMP [104.237.144.6 > 62.12.105.6 Echo request (type=8/code=0) id=6756 seq=3] IP [ttl=64 id=60713 iplen=28 ]
- SENT (3.0077s) ICMP [104.237.144.6 > 62.12.105.6 Echo request (type=8/code=0) id=6756 seq=4] IP [ttl=64 id=60713 iplen=28 ]
- Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
- Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
- Nping done: 1 IP address pinged in 4.01 seconds
- #######################################################################################################################################
- =======================================================================================================================================
- | E-mails:
- | [+] E-mail Found: kevinh@kevcom.com
- | [+] E-mail Found: humbedooh@apache.org
- | [+] E-mail Found: mike@hyperreal.org
- | [+] E-mail Found: info@krtstrategy.gov.sd
- | [+] E-mail Found: adilalfaki@hotmail.com
- =======================================================================================================================================
- | Source Code Disclosure:
- | [+] Source Code Found: http://mofeca.gov.sd/test.html
- | [+] Source Code Found: http://mofeca.gov.sd/test/apacheasp/test.asp
- =======================================================================================================================================
- | External hosts:
- | [+] External Host Found: http://www.parallels.com
- | [+] External Host Found: http://www.showmyweather.com
- | [+] External Host Found: http://httpd.apache.org
- =======================================================================================================================================
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-1-Debian <<>> mofeca.gov.sd
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35346
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;mofeca.gov.sd. IN A
- ;; ANSWER SECTION:
- mofeca.gov.sd. 82826 IN A 62.12.105.6
- ;; Query time: 1392 msec
- ;; SERVER: 38.132.106.139#53(38.132.106.139)
- ;; WHEN: jeu fév 14 09:17:07 EST 2019
- ;; MSG SIZE rcvd: 58
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace mofeca.gov.sd
- ;; global options: +cmd
- . 83109 IN NS f.root-servers.net.
- . 83109 IN NS d.root-servers.net.
- . 83109 IN NS c.root-servers.net.
- . 83109 IN NS m.root-servers.net.
- . 83109 IN NS h.root-servers.net.
- . 83109 IN NS l.root-servers.net.
- . 83109 IN NS i.root-servers.net.
- . 83109 IN NS g.root-servers.net.
- . 83109 IN NS j.root-servers.net.
- . 83109 IN NS e.root-servers.net.
- . 83109 IN NS b.root-servers.net.
- . 83109 IN NS k.root-servers.net.
- . 83109 IN NS a.root-servers.net.
- . 83109 IN RRSIG NS 8 0 518400 20190227050000 20190214040000 16749 . KjRJi44YfIrOlhPKeg7qiGlwP2QsgQmM2rTFegujHBe0cRTA1uH0NEgj FPJX+q10aSbYdSr3FGT2cW1YTRmLmAbNXGwZz84jYBm+Z+Au+Yhr9TRN 4DHs4voHtgr8u/sm5Hx72ghRbXOSK+ffIljYBTSwk4TKkFi1sqYbs7V6 tMz0LjK1rEuWHnPi2Vnrp93/WKdWMQmytU2qvKr9x6/s8TSkWWOKzaEX sOGlz9aFDRpYkreMZvOWKjUJbkzz9BgvKhnT72q0oDdhdrhle1bTM+yV rZ4pgndNM0b3TAdcMiNhNEISL0uQ0b5tUM3Y3rOT9YLlF4gA+p01UD3a cuep6w==
- ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 96 ms
- sd. 172800 IN NS ans1.sis.sd.
- sd. 172800 IN NS ans1.canar.sd.
- sd. 172800 IN NS ns1.uaenic.ae.
- sd. 172800 IN NS ans2.canar.sd.
- sd. 172800 IN NS sd.cctld.authdns.ripe.net.
- sd. 172800 IN NS ns-sd.afrinic.net.
- sd. 172800 IN NS ns2.uaenic.ae.
- sd. 86400 IN NSEC se. NS RRSIG NSEC
- sd. 86400 IN RRSIG NSEC 8 1 86400 20190227050000 20190214040000 16749 . p5xCmXr6/UJpXVFgnTVrZf/qZ0bsqHWSMXrkDI4WLDsbzoK/TSBtEgO2 KSA9Is1n0hWTqY3HfWl5R0HypWb+vtX32FbjdPNUpm2FBtpujLQgxvry /nJRvXzYKmy1NPoLesExvMg/3coxIQKAPxmfwm09ddZ5vfvc+NKc5X7D znXBTk+j6KILgL7LvhhJ0/TsikCqL3gPGKH8aW6RId4tcxJV1dmgRR8F FcGkESYs2KJmG6KN/JG5OiJ/rOVUSQCkHjUAMoX1x+qKLAy+dDJkBnyy OkdQ+04CkijYHauuo/VvJjk14/60ChpgDqc//AF+VJgvGPs9tSEQLApC wFQsOg==
- ;; Received 728 bytes from 199.9.14.201#53(b.root-servers.net) in 65 ms
- ;; Received 70 bytes from 195.229.0.186#53(ns2.uaenic.ae) in 283 ms
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-1-Debian <<>> mofeca.gov.sd ns
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45629
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;mofeca.gov.sd. IN NS
- ;; ANSWER SECTION:
- mofeca.gov.sd. 82716 IN NS ns1.ndc.gov.sd.
- mofeca.gov.sd. 82716 IN NS ns0.ndc.gov.sd.
- ;; Query time: 97 msec
- ;; SERVER: 38.132.106.139#53(38.132.106.139)
- ;; WHEN: jeu fév 14 09:18:57 EST 2019
- ;; MSG SIZE rcvd: 82
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- mofeca.gov.sd -----
- Host's addresses:
- __________________
- mofeca.gov.sd. 84184 IN A 62.12.105.6
- Name Servers:
- ______________
- ns0.ndc.gov.sd. 12196 IN A 62.12.109.2
- ns1.ndc.gov.sd. 12195 IN A 62.12.109.3
- Mail (MX) Servers:
- ___________________
- mail.mofeca.gov.sd. 84194 IN A 196.29.167.142
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for mofeca.gov.sd on ns0.ndc.gov.sd ...
- mofeca.gov.sd. 86400 IN SOA (
- mofeca.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- mofeca.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
- mofeca.gov.sd. 86400 IN A 62.12.105.6
- mofeca.gov.sd. 86400 IN MX 10
- mofeca.gov.sd. 86400 IN TXT "v=spf1
- mail.mofeca.gov.sd. 86400 IN A 196.29.167.142
- mail.mofeca.gov.sd. 86400 IN MX 10
- test.mofeca.gov.sd. 86400 IN A 62.12.105.6
- webmail.mofeca.gov.sd. 86400 IN CNAME mail.mofeca.gov.sd.
- www.mofeca.gov.sd. 86400 IN A 62.12.105.6
- Trying Zone Transfer for mofeca.gov.sd on ns1.ndc.gov.sd ...
- mofeca.gov.sd. 86400 IN SOA (
- mofeca.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- mofeca.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
- mofeca.gov.sd. 86400 IN A 62.12.105.6
- mofeca.gov.sd. 86400 IN MX 10
- mofeca.gov.sd. 86400 IN TXT "v=spf1
- mail.mofeca.gov.sd. 86400 IN A 196.29.167.142
- mail.mofeca.gov.sd. 86400 IN MX 10
- test.mofeca.gov.sd. 86400 IN A 62.12.105.6
- webmail.mofeca.gov.sd. 86400 IN CNAME mail.mofeca.gov.sd.
- www.mofeca.gov.sd. 86400 IN A 62.12.105.6
- #######################################################################################################################################
- ____ _ _ _ _ _____
- / ___| _ _| |__ | (_)___| |_|___ / _ __
- \___ \| | | | '_ \| | / __| __| |_ \| '__|
- ___) | |_| | |_) | | \__ \ |_ ___) | |
- |____/ \__,_|_.__/|_|_|___/\__|____/|_|
- # Coded By Ahmed Aboul-Ela - @aboul3la
- [-] Enumerating subdomains now for mofeca.gov.sd
- [-] verbosity is enabled, will show the subdomains results in realtime
- [-] Searching now in Baidu..
- [-] Searching now in Yahoo..
- [-] Searching now in Google..
- [-] Searching now in Bing..
- [-] Searching now in Ask..
- [-] Searching now in Netcraft..
- [-] Searching now in DNSdumpster..
- [-] Searching now in Virustotal..
- [-] Searching now in ThreatCrowd..
- [-] Searching now in SSL Certificates..
- [-] Searching now in PassiveDNS..
- Virustotal: www.mofeca.gov.sd
- Virustotal: mail.mofeca.gov.sd
- Yahoo: www.mofeca.gov.sd
- [-] Saving results to file: /usr/share/sniper/loot//domains/domains-mofeca.gov.sd.txt
- [-] Total Unique Subdomains Found: 2
- www.mofeca.gov.sd
- mail.mofeca.gov.sd
- #######################################################################################################################################
- mail.mofeca.gov.sd,196.29.167.142
- webmail.mofeca.gov.sd,196.29.167.142
- #######################################################################################################################################
- ===============================================
- -=Subfinder v1.1.3 github.com/subfinder/subfinder
- ===============================================
- Running Source: Ask
- Running Source: Archive.is
- Running Source: Baidu
- Running Source: Bing
- Running Source: CertDB
- Running Source: CertificateTransparency
- Running Source: Certspotter
- Running Source: Commoncrawl
- Running Source: Crt.sh
- Running Source: Dnsdb
- Running Source: DNSDumpster
- Running Source: DNSTable
- Running Source: Dogpile
- Running Source: Exalead
- Running Source: Findsubdomains
- Running Source: Googleter
- Running Source: Hackertarget
- Running Source: Ipv4Info
- Running Source: PTRArchive
- Running Source: Sitedossier
- Running Source: Threatcrowd
- Running Source: ThreatMiner
- Running Source: WaybackArchive
- Running Source: Yahoo
- Running enumeration on mofeca.gov.sd
- dnsdb: Unexpected return status 503
- archiveis: Get http://archive.is/*.mofeca.gov.sd: dial tcp 213.183.51.24:80: connect: connection timed out
- Starting Bruteforcing of mofeca.gov.sd with 9985 words
- Total 7 Unique subdomains found for mofeca.gov.sd
- .mofeca.gov.sd
- mail.mofeca.gov.sd
- mail.mofeca.gov.sd
- test.mofeca.gov.sd
- webmail.mofeca.gov.sd
- www.mofeca.gov.sd
- www.mofeca.gov.sd
- #######################################################################################################################################
- [*] Processing domain mofeca.gov.sd
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
- [+] Getting nameservers
- 62.12.109.3 - ns1.ndc.gov.sd
- [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
- mofeca.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016110600 10800 900 604800 86400
- mofeca.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- mofeca.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
- mofeca.gov.sd. 86400 IN A 62.12.105.6
- mofeca.gov.sd. 86400 IN MX 10 mail.mofeca.gov.sd.
- mofeca.gov.sd. 86400 IN TXT "v=spf1 mx -all"
- mail.mofeca.gov.sd. 86400 IN A 196.29.167.142
- mail.mofeca.gov.sd. 86400 IN MX 10 mail.mofeca.gov.sd.
- test.mofeca.gov.sd. 86400 IN A 62.12.105.6
- webmail.mofeca.gov.sd. 86400 IN CNAME mail.mofeca.gov.sd.
- www.mofeca.gov.sd. 86400 IN A 62.12.105.6
- #######################################################################################################################################
- [*] Found SPF record:
- [*] v=spf1 mx -all
- [*] SPF record contains an All item: -all
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for mofeca.gov.sd!
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 09:03 EST
- Nmap scan report for mofeca.gov.sd (62.12.105.6)
- Host is up (0.23s latency).
- rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
- Not shown: 464 filtered ports, 4 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 80/tcp open http
- 110/tcp open pop3
- 443/tcp open https
- 465/tcp open smtps
- 993/tcp open imaps
- 995/tcp open pop3s
- 8443/tcp open https-alt
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 09:03 EST
- Nmap scan report for mofeca.gov.sd (62.12.105.6)
- Host is up (0.069s latency).
- rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 09:03 EST
- Nmap scan report for mofeca.gov.sd (62.12.105.6)
- Host is up (0.28s latency).
- rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
- PORT STATE SERVICE VERSION
- 21/tcp open ftp ProFTPD 1.3.5d
- | ftp-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 2205 guesses in 192 seconds, average tps: 11.3
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: specialized|general purpose
- Running: AVtech embedded, Linux 2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.6
- OS details: AVtech Room Alert 26W environmental monitor, Linux 2.6.18 - 2.6.22
- Network Distance: 21 hops
- Service Info: OS: Unix
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 65.26 ms 10.238.200.1
- 2 65.64 ms 193.37.252.209
- 3 65.34 ms vlan2905.bb1.mia1.us.m247.com (82.102.29.174)
- 4 65.71 ms te0-3-1-14.201.nr51.b002802-5.mia01.atlas.cogentco.com (38.140.53.65)
- 5 68.22 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
- 6 66.13 ms be3410.ccr21.mia01.atlas.cogentco.com (154.54.6.85)
- 7 80.10 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
- 8 90.70 ms be2113.ccr42.dca01.atlas.cogentco.com (154.54.24.221)
- 9 96.72 ms be2807.ccr42.jfk02.atlas.cogentco.com (154.54.40.109)
- 10 168.41 ms be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)
- 11 168.50 ms 154.54.57.154
- 12 170.30 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 13 247.75 ms 185.153.20.70
- 14 244.49 ms 185.153.20.82
- 15 246.67 ms 185.153.20.94
- 16 261.44 ms 185.153.20.153
- 17 ... 18
- 19 284.95 ms 196.202.145.94
- 20 ...
- 21 283.95 ms f03-web04.nic.gov.sd (62.12.105.6)
- #######################################################################################################################################
- http://mofeca.gov.sd [200 OK] Email[adilalfaki@hotmail.com,info@krtstrategy.gov.sd], HTTPServer[nginx], IP[62.12.105.6], PHP[5.4.16,], Plesk[Lin], Script[text/javascript], Title[وزارة المالية و الإقتصاد و شؤون المستهلك - ولاية الخرطوم], X-Powered-By[PHP/5.4.16, PleskLin], nginx
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://mofeca.gov.sd...
- ______________________________________________ SITE INFO ______________________________________________
- IP Title
- 62.12.105.6 وزارة المالية و الإقتصاد و شؤون المستهلك - ولاية الخرطوم
- _______________________________________________ VERSION _______________________________________________
- Name Versions Type
- Joomla! 3.6.3-rc1 CMS
- Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
- 2.4.9
- PHP 5.4.16 Platform
- nginx Platform
- CentOS 7-1511 | 7.0-1406 | 7.1-1503 OS
- Red Hat Enterprise Linux RHEL-7.0 | RHEL-7.1 | RHEL-7.2 OS
- Scientific Linux 7.0 | 7.1 | 7.2 OS
- _____________________________________________ INTERESTING _____________________________________________
- URL Note Type
- /test.html Test file Interesting
- ________________________________________________ TOOLS ________________________________________________
- Name Link Software
- CMSmap https://github.com/Dionach/CMSmap Joomla!
- joomscan http://sourceforge.net/projects/joomscan/ Joomla!
- _______________________________________________________________________________________________________
- Time: 351.1 sec Urls: 895 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Server: nginx
- Date: Thu, 14 Feb 2019 13:14:49 GMT
- Content-Type: text/html
- Connection: keep-alive
- X-Powered-By: PHP/5.4.16
- X-Powered-By: PleskLin
- HTTP/1.1 200 OK
- Server: nginx
- Date: Thu, 14 Feb 2019 13:14:50 GMT
- Content-Type: text/html
- Connection: keep-alive
- X-Powered-By: PHP/5.4.16
- X-Powered-By: PleskLin
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 09:15 EST
- Nmap scan report for mofeca.gov.sd (62.12.105.6)
- Host is up (0.28s latency).
- rDNS record for 62.12.105.6: f03-web04.nic.gov.sd
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 213 guesses in 186 seconds, average tps: 1.1
- |_pop3-capabilities: UIDL APOP CAPA TOP SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) PIPELINING USER STLS AUTH-RESP-CODE RESP-CODES
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: specialized|WAP|general purpose|router
- Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
- OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
- Network Distance: 21 hops
- TRACEROUTE (using port 443/tcp)
- HOP RTT ADDRESS
- 1 64.75 ms 10.238.200.1
- 2 65.12 ms 193.37.252.209
- 3 65.10 ms 82.102.29.174
- 4 65.14 ms te0-3-1-14.201.nr51.b002802-5.mia01.atlas.cogentco.com (38.140.53.65)
- 5 65.50 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
- 6 65.86 ms be3411.ccr22.mia01.atlas.cogentco.com (154.54.26.41)
- 7 79.74 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 8 90.91 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 9 96.74 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 10 167.14 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 11 167.43 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 12 169.79 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 13 248.24 ms 185.153.20.70
- 14 247.14 ms 185.153.20.82
- 15 245.56 ms 185.153.20.94
- 16 263.80 ms 185.153.20.153
- 17 ... 18
- 19 279.72 ms 196.202.145.94
- 20 ...
- 21 286.05 ms f03-web04.nic.gov.sd (62.12.105.6)
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 62.12.105.6
- Testing SSL server mofeca.gov.sd on port 443 using SNI name mofeca.gov.sd
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: Plesk
- Issuer: Plesk
- Not valid before: Apr 20 02:45:28 2016 GMT
- Not valid after: Apr 20 02:45:28 2017 GMT
- ######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | phpMyAdmin | https://62.12.105.6:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 08:54 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up (0.18s latency).
- Not shown: 464 filtered ports, 4 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 80/tcp open http
- 110/tcp open pop3
- 443/tcp open https
- 465/tcp open smtps
- 993/tcp open imaps
- 995/tcp open pop3s
- 8443/tcp open https-alt
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 08:54 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up (0.068s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 08:54 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up (0.26s latency).
- PORT STATE SERVICE VERSION
- 21/tcp open ftp ProFTPD 1.3.5d
- | ftp-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 2091 guesses in 182 seconds, average tps: 11.3
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: specialized|WAP|general purpose|router
- Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
- OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
- Network Distance: 21 hops
- Service Info: OS: Unix
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 66.42 ms 10.238.200.1
- 2 66.82 ms 193.37.252.209
- 3 ...
- 4 66.89 ms te0-3-1-14.201.nr51.b002802-5.mia01.atlas.cogentco.com (38.140.53.65)
- 5 66.92 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
- 6 67.46 ms be3410.ccr21.mia01.atlas.cogentco.com (154.54.6.85)
- 7 80.70 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
- 8 91.69 ms be2113.ccr42.dca01.atlas.cogentco.com (154.54.24.221)
- 9 98.13 ms be2807.ccr42.jfk02.atlas.cogentco.com (154.54.40.109)
- 10 170.75 ms be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)
- 11 165.62 ms 154.54.57.154
- 12 167.73 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 13 246.36 ms 185.153.20.70
- 14 244.54 ms 185.153.20.82
- 15 245.48 ms 185.153.20.94
- 16 262.94 ms 185.153.20.153
- 17 ... 18
- 19 282.42 ms 196.202.145.94
- 20 ...
- 21 284.23 ms f03-web04.nic.gov.sd (62.12.105.6)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 08:59 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up.
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 65.19 ms 10.238.200.1
- 2 65.61 ms 193.37.252.209
- 3 65.63 ms vlan2905.bb1.mia1.us.m247.com (82.102.29.174)
- 4 65.65 ms te0-3-1-14.201.nr51.b002802-5.mia01.atlas.cogentco.com (38.140.53.65)
- 5 66.02 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
- 6 66.46 ms be3410.ccr21.mia01.atlas.cogentco.com (154.54.6.85)
- 7 79.68 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 8 90.74 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 9 97.12 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 10 167.57 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 11 164.46 ms 154.54.57.154
- 12 166.62 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 13 244.06 ms 185.153.20.70
- 14 243.10 ms 185.153.20.82
- 15 243.06 ms 185.153.20.94
- 16 260.15 ms 185.153.20.153
- 17 280.52 ms 212.0.131.109
- 18 270.12 ms 196.202.137.249
- 19 278.09 ms 196.202.145.94
- 20 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 09:01 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up.
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 65.22 ms 10.238.200.1
- 2 65.30 ms 193.37.252.209
- 3 65.29 ms vlan2905.bb1.mia1.us.m247.com (82.102.29.174)
- 4 65.84 ms te0-3-1-14.201.nr51.b002802-5.mia01.atlas.cogentco.com (38.140.53.65)
- 5 66.47 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
- 6 66.53 ms be3410.ccr21.mia01.atlas.cogentco.com (154.54.6.85)
- 7 79.89 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 8 90.69 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 9 97.09 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 10 167.80 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 11 169.04 ms 154.54.57.154
- 12 170.56 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 13 248.01 ms 185.153.20.70
- 14 247.16 ms 185.153.20.82
- 15 246.91 ms 185.153.20.94
- 16 271.11 ms 185.153.20.153
- 17 281.42 ms 212.0.131.109
- 18 273.00 ms 196.202.137.249
- 19 279.25 ms 196.202.145.94
- 20 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 09:03 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up.
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 69.61 ms 10.238.200.1
- 2 70.09 ms 193.37.252.209
- 3 70.07 ms vlan2905.bb1.mia1.us.m247.com (82.102.29.174)
- 4 70.12 ms te0-3-1-14.201.nr51.b002802-5.mia01.atlas.cogentco.com (38.140.53.65)
- 5 70.86 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
- 6 70.84 ms be3410.ccr21.mia01.atlas.cogentco.com (154.54.6.85)
- 7 84.25 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 8 95.26 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 9 101.47 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 10 166.75 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 11 165.50 ms 154.54.57.154
- 12 166.70 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 13 244.15 ms 185.153.20.70
- 14 243.11 ms 185.153.20.82
- 15 242.89 ms 185.153.20.94
- 16 263.21 ms 185.153.20.153
- 17 281.45 ms 212.0.131.109
- 18 273.79 ms 196.202.137.249
- 19 277.96 ms 196.202.145.94
- 20 ... 30
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://62.12.105.6...
- _________________ SITE INFO _________________
- IP Title
- 62.12.105.6
- __________________ VERSION __________________
- Name Versions Type
- nginx Platform
- _____________________________________________
- Time: 1.2 sec Urls: 599 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Server: nginx
- Date: Thu, 14 Feb 2019 13:06:41 GMT
- Content-Type: text/html
- Content-Length: 3750
- Connection: keep-alive
- Last-Modified: Wed, 31 Jan 2018 01:43:44 GMT
- ETag: "ea6-564089c14acef"
- Accept-Ranges: bytes
- HTTP/1.1 200 OK
- Server: nginx
- Date: Thu, 14 Feb 2019 13:06:42 GMT
- Content-Type: text/html
- Content-Length: 3750
- Connection: keep-alive
- Last-Modified: Wed, 31 Jan 2018 01:43:44 GMT
- ETag: "ea6-564089c14acef"
- Accept-Ranges: bytes
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 09:06 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up (0.28s latency).
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 212 guesses in 184 seconds, average tps: 1.1
- |_pop3-capabilities: AUTH-RESP-CODE USER SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) APOP PIPELINING STLS RESP-CODES UIDL CAPA TOP
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: specialized|WAP|general purpose|router
- Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
- OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
- Network Distance: 21 hops
- TRACEROUTE (using port 443/tcp)
- HOP RTT ADDRESS
- 1 65.19 ms 10.238.200.1
- 2 65.38 ms 193.37.252.209
- 3 ...
- 4 65.58 ms te0-3-1-14.201.nr51.b002802-5.mia01.atlas.cogentco.com (38.140.53.65)
- 5 65.60 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
- 6 66.01 ms be3410.ccr21.mia01.atlas.cogentco.com (154.54.6.85)
- 7 79.90 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
- 8 90.40 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 9 96.42 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 10 167.03 ms 154.54.30.186
- 11 171.17 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 12 169.85 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 13 248.23 ms 185.153.20.70
- 14 247.25 ms 185.153.20.82
- 15 246.26 ms 185.153.20.94
- 16 265.40 ms 185.153.20.153
- 17 ... 18
- 19 278.89 ms 196.202.145.94
- 20 ...
- 21 281.63 ms f03-web04.nic.gov.sd (62.12.105.6)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 09:10 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up.
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 65.18 ms 10.238.200.1
- 2 65.58 ms 193.37.252.209
- 3 65.22 ms vlan2905.bb1.mia1.us.m247.com (82.102.29.174)
- 4 65.62 ms te0-3-1-14.201.nr51.b002802-5.mia01.atlas.cogentco.com (38.140.53.65)
- 5 68.27 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
- 6 66.28 ms be3410.ccr21.mia01.atlas.cogentco.com (154.54.6.85)
- 7 80.22 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 8 91.04 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 9 97.46 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 10 168.21 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 11 164.11 ms 154.54.57.154
- 12 166.25 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 13 244.01 ms 185.153.20.70
- 14 242.75 ms 185.153.20.82
- 15 242.72 ms 185.153.20.94
- 16 326.31 ms 185.153.20.153
- 17 281.30 ms 212.0.131.109
- 18 277.32 ms 196.202.137.249
- 19 283.40 ms 196.202.145.94
- 20 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 09:12 EST
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up (0.28s latency).
- PORT STATE SERVICE VERSION
- 161/tcp filtered snmp
- 161/udp open|filtered snmp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 67.41 ms 10.238.200.1
- 2 67.61 ms 193.37.252.209
- 3 67.45 ms vlan2905.bb1.mia1.us.m247.com (82.102.29.174)
- 4 68.07 ms te0-3-1-14.201.nr51.b002802-5.mia01.atlas.cogentco.com (38.140.53.65)
- 5 68.10 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
- 6 68.48 ms be3410.ccr21.mia01.atlas.cogentco.com (154.54.6.85)
- 7 81.90 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 8 93.71 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 9 98.95 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 10 169.42 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 11 163.84 ms 154.54.57.154
- 12 165.96 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 13 243.34 ms 185.153.20.70
- 14 242.49 ms 185.153.20.82
- 15 242.52 ms 185.153.20.94
- 16 259.24 ms 185.153.20.153
- 17 282.53 ms 212.0.131.109
- 18 273.19 ms 196.202.137.249
- 19 281.16 ms 196.202.145.94
- 20 ... 30
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 62.12.105.6
- Testing SSL server 62.12.105.6 on port 443 using SNI name 62.12.105.6
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: Plesk
- Issuer: Plesk
- Not valid before: Apr 20 02:45:28 2016 GMT
- Not valid after: Apr 20 02:45:28 2017 GMT
- #######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | phpMyAdmin | https://62.12.105.6:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 09:22 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 09:22
- Completed NSE at 09:22, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 09:22
- Completed NSE at 09:22, 0.00s elapsed
- Initiating Ping Scan at 09:22
- Scanning 62.12.105.6 [4 ports]
- Completed Ping Scan at 09:22, 0.32s elapsed (1 total hosts)
- Initiating Parallel DNS resolution of 1 host. at 09:22
- Completed Parallel DNS resolution of 1 host. at 09:22, 0.02s elapsed
- Initiating Connect Scan at 09:22
- Scanning f03-web04.nic.gov.sd (62.12.105.6) [1000 ports]
- Discovered open port 993/tcp on 62.12.105.6
- Discovered open port 21/tcp on 62.12.105.6
- Discovered open port 443/tcp on 62.12.105.6
- Discovered open port 110/tcp on 62.12.105.6
- Discovered open port 995/tcp on 62.12.105.6
- Discovered open port 80/tcp on 62.12.105.6
- Discovered open port 8443/tcp on 62.12.105.6
- Discovered open port 465/tcp on 62.12.105.6
- Completed Connect Scan at 09:23, 18.19s elapsed (1000 total ports)
- Initiating Service scan at 09:23
- Scanning 8 services on f03-web04.nic.gov.sd (62.12.105.6)
- Completed Service scan at 09:23, 14.57s elapsed (8 services on 1 host)
- Initiating OS detection (try #1) against f03-web04.nic.gov.sd (62.12.105.6)
- Retrying OS detection (try #2) against f03-web04.nic.gov.sd (62.12.105.6)
- Initiating Traceroute at 09:23
- Completed Traceroute at 09:23, 6.21s elapsed
- Initiating Parallel DNS resolution of 19 hosts. at 09:23
- Completed Parallel DNS resolution of 19 hosts. at 09:23, 16.50s elapsed
- NSE: Script scanning 62.12.105.6.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 09:23
- NSE Timing: About 98.81% done; ETC: 09:24 (0:00:00 remaining)
- NSE Timing: About 99.17% done; ETC: 09:24 (0:00:01 remaining)
- NSE Timing: About 99.45% done; ETC: 09:25 (0:00:01 remaining)
- NSE Timing: About 99.54% done; ETC: 09:25 (0:00:01 remaining)
- NSE Timing: About 99.63% done; ETC: 09:26 (0:00:01 remaining)
- NSE Timing: About 99.82% done; ETC: 09:26 (0:00:00 remaining)
- Completed NSE at 09:27, 192.42s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 09:27
- Completed NSE at 09:27, 0.62s elapsed
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up, received syn-ack ttl 44 (0.26s latency).
- Scanned at 2019-02-14 09:22:53 EST for 256s
- Not shown: 987 filtered ports
- Reason: 986 no-responses and 1 host-unreach
- PORT STATE SERVICE REASON VERSION
- 20/tcp closed ftp-data conn-refused
- 21/tcp open ftp syn-ack ProFTPD 1.3.5d
- | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
- | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2016-04-20T02:45:28
- | Not valid after: 2017-04-20T02:45:28
- | MD5: 7790 b36b c2b6 d7ed 7ba2 d554 6da3 7722
- | SHA-1: 841a 764b b72e 7a1d 9675 599a 9f2c 7fcf d4fa 5c45
- | -----BEGIN CERTIFICATE-----
- | MIIDfTCCAmUCBFcW7UgwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
- | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
- | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
- | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDUyOFoXDTE3MDQyMDAyNDUy
- | OFowgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
- | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
- | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
- | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/mGOjB9R263rGI70CUL//UClIxX9sRm
- | IuKfcX9ZsryYXi9ZY1nks2E4EzVce2cIahRlr/KtupiVwgPqAyxnBnoNAnoJf0au
- | +6bdHYIwmCinxYihoCRDk/NSJkVkxP6mfI/lz6Pj4ph8kU+FZHoFsvxGPFe8xenD
- | 25LSnXXD/RsnNScXU0QkriBF7mwajEjJeed77Z1++29i1U0Z+5kwP6k9WogbBHiP
- | 1DnqSeNaIAqS/JGoLYcZxERrikSbDolKGcBor2Btj/+ntbQ/cGIp0u6TOreSysYL
- | dosYZJlki/cyRqIOFw/Ey0OJ+E1rjNxRJFt6ix1SmtjTvWqMiwmUXwIDAQABMA0G
- | CSqGSIb3DQEBCwUAA4IBAQALJy22o5EMfr+JcQU0y921/8otr5ONs3kDKA0aTw48
- | 0+i3fqVTVxbuNLGwBc6UJOA5+ZUsRK4hHz+uchwiJ63In3Qeurp7/f6aUhlNSEHs
- | wirA7AIRjE6nmMWVBkL7eoCql45VqTbtKvfF//hDV3Y7H9wpXYmv3W5D7lW1leuY
- | zeEXwHUvkVzulFLW5UsgW06L6wID/qDwjCe5n+qxTWBWT9rf66w+ZOpMKjqI2+ds
- | S/QW/9BYVSdYdiercNJ8ubWzB27o/GPYAZGKA6zQFlAOqI2KSyI/v8wmp4McanHB
- | kSU3KNEZZO9gSQwBk+pRKTnwnvwnMC7NIc6zoS7rq4Gp
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- 25/tcp closed smtp conn-refused
- 80/tcp open http syn-ack nginx
- |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: nginx
- |_http-title: Domain Default page
- 110/tcp open pop3 syn-ack Dovecot pop3d
- |_pop3-capabilities: APOP AUTH-RESP-CODE RESP-CODES USER CAPA UIDL TOP STLS SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) PIPELINING
- |_ssl-date: TLS randomness does not represent time
- 113/tcp closed ident conn-refused
- 139/tcp closed netbios-ssn conn-refused
- 443/tcp open ssl/http syn-ack nginx
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: nginx
- |_http-title: Domain Default page
- | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
- | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2016-04-20T02:45:28
- | Not valid after: 2017-04-20T02:45:28
- | MD5: 7790 b36b c2b6 d7ed 7ba2 d554 6da3 7722
- | SHA-1: 841a 764b b72e 7a1d 9675 599a 9f2c 7fcf d4fa 5c45
- | -----BEGIN CERTIFICATE-----
- | MIIDfTCCAmUCBFcW7UgwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
- | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
- | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
- | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDUyOFoXDTE3MDQyMDAyNDUy
- | OFowgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
- | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
- | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
- | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/mGOjB9R263rGI70CUL//UClIxX9sRm
- | IuKfcX9ZsryYXi9ZY1nks2E4EzVce2cIahRlr/KtupiVwgPqAyxnBnoNAnoJf0au
- | +6bdHYIwmCinxYihoCRDk/NSJkVkxP6mfI/lz6Pj4ph8kU+FZHoFsvxGPFe8xenD
- | 25LSnXXD/RsnNScXU0QkriBF7mwajEjJeed77Z1++29i1U0Z+5kwP6k9WogbBHiP
- | 1DnqSeNaIAqS/JGoLYcZxERrikSbDolKGcBor2Btj/+ntbQ/cGIp0u6TOreSysYL
- | dosYZJlki/cyRqIOFw/Ey0OJ+E1rjNxRJFt6ix1SmtjTvWqMiwmUXwIDAQABMA0G
- | CSqGSIb3DQEBCwUAA4IBAQALJy22o5EMfr+JcQU0y921/8otr5ONs3kDKA0aTw48
- | 0+i3fqVTVxbuNLGwBc6UJOA5+ZUsRK4hHz+uchwiJ63In3Qeurp7/f6aUhlNSEHs
- | wirA7AIRjE6nmMWVBkL7eoCql45VqTbtKvfF//hDV3Y7H9wpXYmv3W5D7lW1leuY
- | zeEXwHUvkVzulFLW5UsgW06L6wID/qDwjCe5n+qxTWBWT9rf66w+ZOpMKjqI2+ds
- | S/QW/9BYVSdYdiercNJ8ubWzB27o/GPYAZGKA6zQFlAOqI2KSyI/v8wmp4McanHB
- | kSU3KNEZZO9gSQwBk+pRKTnwnvwnMC7NIc6zoS7rq4Gp
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- | tls-alpn:
- | h2
- |_ http/1.1
- | tls-nextprotoneg:
- | h2
- |_ http/1.1
- 445/tcp closed microsoft-ds conn-refused
- 465/tcp open ssl/smtps? syn-ack
- |_smtp-commands: Couldn't establish connection on port 465
- |_ssl-date: TLS randomness does not represent time
- 993/tcp open ssl/imaps? syn-ack
- |_ssl-date: TLS randomness does not represent time
- 995/tcp open ssl/pop3s? syn-ack
- |_ssl-date: TLS randomness does not represent time
- 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.5.3)
- |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
- | http-methods:
- |_ Supported Methods: GET HEAD OPTIONS
- |_http-server-header: sw-cp-server
- |_http-title: Plesk Onyx 17.5.3
- | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
- | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2016-04-20T02:45:28
- | Not valid after: 2017-04-20T02:45:28
- | MD5: 7790 b36b c2b6 d7ed 7ba2 d554 6da3 7722
- | SHA-1: 841a 764b b72e 7a1d 9675 599a 9f2c 7fcf d4fa 5c45
- | -----BEGIN CERTIFICATE-----
- | MIIDfTCCAmUCBFcW7UgwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
- | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
- | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
- | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDUyOFoXDTE3MDQyMDAyNDUy
- | OFowgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
- | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
- | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
- | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/mGOjB9R263rGI70CUL//UClIxX9sRm
- | IuKfcX9ZsryYXi9ZY1nks2E4EzVce2cIahRlr/KtupiVwgPqAyxnBnoNAnoJf0au
- | +6bdHYIwmCinxYihoCRDk/NSJkVkxP6mfI/lz6Pj4ph8kU+FZHoFsvxGPFe8xenD
- | 25LSnXXD/RsnNScXU0QkriBF7mwajEjJeed77Z1++29i1U0Z+5kwP6k9WogbBHiP
- | 1DnqSeNaIAqS/JGoLYcZxERrikSbDolKGcBor2Btj/+ntbQ/cGIp0u6TOreSysYL
- | dosYZJlki/cyRqIOFw/Ey0OJ+E1rjNxRJFt6ix1SmtjTvWqMiwmUXwIDAQABMA0G
- | CSqGSIb3DQEBCwUAA4IBAQALJy22o5EMfr+JcQU0y921/8otr5ONs3kDKA0aTw48
- | 0+i3fqVTVxbuNLGwBc6UJOA5+ZUsRK4hHz+uchwiJ63In3Qeurp7/f6aUhlNSEHs
- | wirA7AIRjE6nmMWVBkL7eoCql45VqTbtKvfF//hDV3Y7H9wpXYmv3W5D7lW1leuY
- | zeEXwHUvkVzulFLW5UsgW06L6wID/qDwjCe5n+qxTWBWT9rf66w+ZOpMKjqI2+ds
- | S/QW/9BYVSdYdiercNJ8ubWzB27o/GPYAZGKA6zQFlAOqI2KSyI/v8wmp4McanHB
- | kSU3KNEZZO9gSQwBk+pRKTnwnvwnMC7NIc6zoS7rq4Gp
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- | tls-nextprotoneg:
- |_ http/1.1
- OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
- Aggressive OS guesses: AVtech Room Alert 26W environmental monitor (98%), HP ProCurve Secure Router 7102dl (93%), Ricoh Aficio SP C240SF printer (93%), Linksys BEFSR41 EtherFast router (91%), OpenBSD 4.0 (91%), FreeBSD 6.2-RELEASE (90%), Linux 2.6.18 - 2.6.22 (90%), OpenBSD 4.3 (90%), Android 7.1.2 (Linux 3.10) (90%), Apple AirPort Extreme WAP (88%)
- No exact OS matches for host (test conditions non-ideal).
- TCP/IP fingerprint:
- SCAN(V=7.70%E=4%D=2/14%OT=21%CT=20%CU=%PV=N%G=N%TM=5C657ABD%P=x86_64-pc-linux-gnu)
- SEQ(SP=106%GCD=1%ISR=109%TI=Z%TS=U)
- OPS(O1=M4B3W7N%O2=M4B3W7N%O3=M4B3W7N%O4=M4B3W7N%O5=M4B3W7N%O6=M4B3)
- WIN(W1=7210%W2=7210%W3=7210%W4=7210%W5=7210%W6=7210)
- ECN(R=Y%DF=Y%TG=40%W=7210%O=M4B3W7N%CC=Y%Q=)
- ECN(R=N)
- T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
- T2(R=N)
- T3(R=N)
- T4(R=N)
- T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
- T6(R=N)
- T7(R=N)
- U1(R=N)
- IE(R=N)
- Service Info: OS: Unix
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 65.11 ms 10.238.200.1
- 2 65.88 ms 193.37.252.209
- 3 65.15 ms vlan2905.bb1.mia1.us.m247.com (82.102.29.174)
- 4 65.68 ms te0-3-1-14.201.nr51.b002802-5.mia01.atlas.cogentco.com (38.140.53.65)
- 5 65.89 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
- 6 66.35 ms be3410.ccr21.mia01.atlas.cogentco.com (154.54.6.85)
- 7 79.98 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 8 90.96 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 9 96.95 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 10 167.64 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 11 164.57 ms 154.54.57.154
- 12 166.12 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 13 243.65 ms 185.153.20.70
- 14 242.60 ms 185.153.20.82
- 15 242.57 ms 185.153.20.94
- 16 259.94 ms 185.153.20.153
- 17 281.05 ms 212.0.131.109
- 18 269.75 ms 196.202.137.249
- 19 277.41 ms 196.202.145.94
- 20 ... 30
- NSE: Script Post-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 09:27
- Completed NSE at 09:27, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 09:27
- Completed NSE at 09:27, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 256.93 seconds
- Raw packets sent: 146 (10.736KB) | Rcvd: 174 (28.842KB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-14 09:27 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 09:27
- Completed NSE at 09:27, 0.00s elapsed
- Initiating NSE at 09:27
- Completed NSE at 09:27, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 09:27
- Completed Parallel DNS resolution of 1 host. at 09:27, 0.02s elapsed
- Initiating UDP Scan at 09:27
- Scanning f03-web04.nic.gov.sd (62.12.105.6) [14 ports]
- Completed UDP Scan at 09:27, 1.64s elapsed (14 total ports)
- Initiating Service scan at 09:27
- Scanning 12 services on f03-web04.nic.gov.sd (62.12.105.6)
- Service scan Timing: About 8.33% done; ETC: 09:46 (0:17:47 remaining)
- Completed Service scan at 09:28, 102.58s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against f03-web04.nic.gov.sd (62.12.105.6)
- Retrying OS detection (try #2) against f03-web04.nic.gov.sd (62.12.105.6)
- Initiating Traceroute at 09:28
- Completed Traceroute at 09:29, 7.13s elapsed
- Initiating Parallel DNS resolution of 1 host. at 09:29
- Completed Parallel DNS resolution of 1 host. at 09:29, 0.02s elapsed
- NSE: Script scanning 62.12.105.6.
- Initiating NSE at 09:29
- Completed NSE at 09:29, 20.32s elapsed
- Initiating NSE at 09:29
- Completed NSE at 09:29, 1.02s elapsed
- Nmap scan report for f03-web04.nic.gov.sd (62.12.105.6)
- Host is up (0.065s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 137/udp)
- HOP RTT ADDRESS
- 1 64.56 ms 10.238.200.1
- 2 ... 3
- 4 64.91 ms 10.238.200.1
- 5 66.75 ms 10.238.200.1
- 6 66.73 ms 10.238.200.1
- 7 66.59 ms 10.238.200.1
- 8 66.59 ms 10.238.200.1
- 9 66.58 ms 10.238.200.1
- 10 66.60 ms 10.238.200.1
- 11 ... 18
- 19 63.65 ms 10.238.200.1
- 20 65.08 ms 10.238.200.1
- 21 ... 28
- 29 66.49 ms 10.238.200.1
- 30 64.48 ms 10.238.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 09:29
- Completed NSE at 09:29, 0.00s elapsed
- Initiating NSE at 09:29
- Completed NSE at 09:29, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 136.50 seconds
- Raw packets sent: 147 (13.614KB) | Rcvd: 28 (2.926KB)
- #######################################################################################################################################
- Anonymous JTSEC #OpSudan Full Recon #11
Add Comment
Please, Sign In to add comment