Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- =======================================================================================================================================
- Hostname www.mop.gov.sd ISP Hostinger International Limited
- Continent North America Flag
- US
- Country United States Country Code US
- Region Unknown Local time 02 May 2019 08:00 CDT
- City Unknown Postal Code Unknown
- IP Address 185.28.23.9 Latitude 37.751
- Longitude -97.822
- =======================================================================================================================================
- #######################################################################################################################################
- > www.mop.gov.sd
- Server: 38.132.106.139
- Address: 38.132.106.139#53
- Non-authoritative answer:
- www.mop.gov.sd canonical name = mop.gov.sd.
- Name: mop.gov.sd
- Address: 185.28.23.9
- >
- #######################################################################################################################################
- HostIP:185.28.23.9
- HostName:www.mop.gov.sd
- Gathered Inet-whois information for 185.28.23.9
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 185.28.23.0 - 185.28.23.255
- netname: HOSTING24-SERVERS
- descr: Hosting24.com shared hosting servers
- country: US
- admin-c: HN1858-RIPE
- tech-c: HN1858-RIPE
- status: ASSIGNED PA
- mnt-by: MNT-HOSTINGER
- created: 2013-10-14T12:52:20Z
- last-modified: 2013-12-03T09:26:12Z
- source: RIPE
- person: Hostinger NOC
- address: Hostinger International Ltd.
- address: 61 Lordou Vyronos
- address: Lumiel Building, 4th floor
- address: 6023
- address: Larnaca
- address: CYPRUS
- phone: +37064503378
- nic-hdl: HN1858-RIPE
- mnt-by: HN19812-MNT
- created: 2013-12-02T20:17:12Z
- last-modified: 2016-09-29T07:03:26Z
- source: RIPE # Filtered
- % Information related to '185.28.23.0/24AS47583'
- route: 185.28.23.0/24
- descr: HOSTING24.COM ROUTE US
- origin: AS47583
- mnt-by: MNT-HOSTINGER
- created: 2013-10-14T12:53:51Z
- last-modified: 2013-12-03T09:25:24Z
- source: RIPE
- % This query was served by the RIPE Database Query Service version 1.93.2 (WAGYU)
- Gathered Inic-whois information for mop.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Error: Unable to connect - Invalid Host
- ERROR: Connection to InicWhois Server sd.whois-servers.net failed
- close error
- Gathered Netcraft information for www.mop.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for www.mop.gov.sd
- Netcraft.com Information gathered
- Gathered Subdomain information for mop.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- HostName:www.mop.gov.sd
- HostIP:185.28.23.9
- Searching Altavista.com:80...
- Found 1 possible subdomain(s) for host mop.gov.sd, Searched 0 pages containing 0 results
- Gathered E-Mail information for mop.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host mop.gov.sd, Searched 0 pages containing 0 results
- Gathered TCP Port information for 185.28.23.9
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 21/tcp open
- 22/tcp open
- 53/tcp open
- 80/tcp open
- 110/tcp open
- 143/tcp open
- Portscan Finished: Scanned 150 ports, 4 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: http://www.mop.gov.sd
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: الصفحة الرئيسة » وزارة النفط والغاز والمعادن
- [+] IP address: 185.28.23.9
- [+] Web Server: Could Not Detect
- [+] CMS: Could Not Detect
- [+] Cloudflare: Not Detected
- [+] Robots File: Could NOT Find robots.txt!
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 185.28.23.9
- [i] Country: United States
- [i] State:
- [i] City:
- [i] Latitude: 37.751
- [i] Longitude: -97.822
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] X-Powered-By: PHP/5.6.40
- [i] Set-Cookie: GXDPHP=3bl84kr29inmu4lvd2ikb7d3m1; expires=Mon, 27-May-2019 13:04:40 GMT; Max-Age=2160000; path=/; HttpOnly
- [i] Content-Type: text/html; charset=UTF-8
- [i] Vary: Accept-Encoding
- [i] Date: Thu, 02 May 2019 13:04:41 GMT
- [i] Connection: close
- D N S L O O K U P
- =======================================================================================================================================
- mop.gov.sd. 59 IN TXT "v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all"
- mop.gov.sd. 21599 IN SOA ns43.boxsecured.com. cpanel.boxsecured.com. 2019040604 3600 1800 1209600 86400
- mop.gov.sd. 21599 IN NS ns43.boxsecured.com.
- mop.gov.sd. 21599 IN NS ns44.boxsecured.com.
- mop.gov.sd. 59 IN A 185.28.23.9
- mop.gov.sd. 59 IN MX 0 mop.gov.sd.
- S U B N E T C A L C U L A T I O N
- =======================================================================================================================================
- Address = 185.28.23.9
- Network = 185.28.23.9 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 185.28.23.9 - 185.28.23.9 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 13:04 UTC
- Nmap scan report for mop.gov.sd (185.28.23.9)
- Host is up (0.023s latency).
- rDNS record for 185.28.23.9: srv23-9.hosting24.com
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 1.25 seconds
- #######################################################################################################################################
- [?] Enter the target: example( http://domain.com )
- http://www.mop.gov.sd/
- [!] IP Address : 185.28.23.9
- [!] www.mop.gov.sd doesn't seem to use a CMS
- [+] Honeypot Probabilty: 30%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for www.mop.gov.sd
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/www.mop.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 1.25 seconds
- --------------------------------------------------------------------------------------------------------------------------------------
- [+] DNS Records
- ns44.boxsecured.com. (212.1.210.106) AS47583 Hostinger International Limited United States
- ns43.boxsecured.com. (212.1.210.66) AS47583 Hostinger International Limited United States
- [+] MX Records
- 0 (185.28.23.9) AS47583 Hostinger International Limited United States
- [+] Host Records (A)
- www.mop.gov.sdHTTP: (srv23-9.hosting24.com) (185.28.23.9) AS47583 Hostinger International Limited United States
- [+] TXT Records
- "v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all"
- [+] DNS Map: https://dnsdumpster.com/static/map/mop.gov.sd.png
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- pixel-1556802278297679-web-@www.mop.gov.sd
- pixel-1556802279786529-web-@www.mop.gov.sd
- No hosts found
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- Enter Address Website = mop.gov.sd
- Reverse IP With YouGetSignal 'mop.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [*] IP: 185.28.23.9
- [*] Domain: mop.gov.sd
- [*] Total Domains: 2
- [+] mop.gov.sd
- [+] omdurmansd.com
- #######################################################################################################################################
- Geo IP Lookup 'mop.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] IP Address: 185.28.23.9
- [+] Country: United States
- [+] State:
- [+] City:
- [+] Latitude: 37.751
- [+] Longitude: -97.822
- #######################################################################################################################################
- Bypass Cloudflare 'mop.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [!] CloudFlare Bypass 185.28.23.9 | ftp.mop.gov.sd
- [!] CloudFlare Bypass 185.28.23.9 | cpanel.mop.gov.sd
- [!] CloudFlare Bypass 185.28.23.9 | webmail.mop.gov.sd
- [!] CloudFlare Bypass 185.28.23.9 | mail.mop.gov.sd
- [!] CloudFlare Bypass 185.28.23.9 | www.mop.gov.sd
- #######################################################################################################################################
- DNS Lookup 'mop.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] mop.gov.sd. 59 IN TXT "v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all"
- [+] mop.gov.sd. 21599 IN SOA ns43.boxsecured.com. cpanel.boxsecured.com. 2019040604 3600 1800 1209600 86400
- [+] mop.gov.sd. 21599 IN NS ns43.boxsecured.com.
- [+] mop.gov.sd. 21599 IN NS ns44.boxsecured.com.
- [+] mop.gov.sd. 59 IN A 185.28.23.9
- [+] mop.gov.sd. 59 IN MX 0 mop.gov.sd.
- #######################################################################################################################################
- Show HTTP Header 'mop.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] HTTP/1.1 200 OK
- [+] X-Powered-By: PHP/5.6.40
- [+] Set-Cookie: GXDPHP=7gvupsfs5cmkkatu2cnmh7jfk6; expires=Mon, 27-May-2019 13:04:17 GMT; Max-Age=2160000; path=/; HttpOnly
- [+] Content-Type: text/html; charset=UTF-8
- [+] Content-Length: 97999
- [+] Date: Thu, 02 May 2019 13:04:18 GMT
- [+] Server: LiteSpeed
- [+] Connection: Keep-Alive
- #######################################################################################################################################
- Port Scan 'mop.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 13:04 UTC
- Nmap scan report for mop.gov.sd (185.28.23.9)
- Host is up (0.025s latency).
- rDNS record for 185.28.23.9: srv23-9.hosting24.com
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 1.96 seconds
- #######################################################################################################################################
- Traceroute 'mop.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Start: 2019-05-02T13:04:27+0000
- HOST: web01 Loss% Snt Last Avg Best Wrst StDev
- 1.|-- 45.79.12.202 0.0% 3 0.7 0.9 0.7 1.0 0.1
- 2.|-- 45.79.12.2 0.0% 3 1.2 0.9 0.7 1.2 0.3
- 3.|-- ae-37.a01.dllstx04.us.bb.gin.ntt.net 0.0% 3 1.6 1.9 1.0 3.0 1.0
- 4.|-- ae-9.r10.dllstx09.us.bb.gin.ntt.net 0.0% 3 1.9 1.6 1.3 1.9 0.3
- 5.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 6.|-- ae-2-3513.edge1.Atlanta4.Level3.net 0.0% 3 20.0 20.3 20.0 20.7 0.4
- 7.|-- IMMEDION-LL.edge1.Atlanta4.Level3.net 0.0% 3 22.1 23.2 22.1 23.9 1.0
- 8.|-- 74.112.175.1 0.0% 3 30.2 30.4 30.2 30.5 0.2
- 9.|-- 74.112.174.195 0.0% 3 28.0 27.8 27.5 28.0 0.3
- 10.|-- 74.112.175.229 0.0% 3 29.0 29.2 29.0 29.7 0.4
- 11.|-- ashv1.main-hosting.com 0.0% 3 45.2 34.4 28.5 45.2 9.4
- 12.|-- srv23-9.hosting24.com 0.0% 3 28.2 28.3 28.2 28.4 0.1
- #######################################################################################################################################
- Ping 'mop.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-05-02 13:04 UTC
- SENT (0.2293s) ICMP [104.237.144.6 > 185.28.23.9 Echo request (type=8/code=0) id=18150 seq=1] IP [ttl=64 id=31121 iplen=28 ]
- RCVD (0.4310s) ICMP [185.28.23.9 > 104.237.144.6 Echo reply (type=0/code=0) id=18150 seq=1] IP [ttl=52 id=13449 iplen=28 ]
- SENT (1.2307s) ICMP [104.237.144.6 > 185.28.23.9 Echo request (type=8/code=0) id=18150 seq=2] IP [ttl=64 id=31121 iplen=28 ]
- RCVD (1.4510s) ICMP [185.28.23.9 > 104.237.144.6 Echo reply (type=0/code=0) id=18150 seq=2] IP [ttl=52 id=13640 iplen=28 ]
- SENT (2.2319s) ICMP [104.237.144.6 > 185.28.23.9 Echo request (type=8/code=0) id=18150 seq=3] IP [ttl=64 id=31121 iplen=28 ]
- RCVD (2.2678s) ICMP [185.28.23.9 > 104.237.144.6 Echo reply (type=0/code=0) id=18150 seq=3] IP [ttl=52 id=13915 iplen=28 ]
- SENT (3.2340s) ICMP [104.237.144.6 > 185.28.23.9 Echo request (type=8/code=0) id=18150 seq=4] IP [ttl=64 id=31121 iplen=28 ]
- RCVD (3.2870s) ICMP [185.28.23.9 > 104.237.144.6 Echo reply (type=0/code=0) id=18150 seq=4] IP [ttl=52 id=14909 iplen=28 ]
- Max rtt: 220.104ms | Min rtt: 35.682ms | Avg rtt: 127.602ms
- Raw packets sent: 4 (112B) | Rcvd: 4 (184B) | Lost: 0 (0.00%)
- Nping done: 1 IP address pinged in 3.29 seconds
- #######################################################################################################################################
- Page Admin Finder 'mop.gov.sd'
- -------------------------------------------------------------------------------------------------------------------------------------
- Avilable Links :
- Find Page >> http://mop.gov.sd/admin/
- Find Page >> http://mop.gov.sd/adm/
- #######################################################################################################################################
- =======================================================================================================================================
- | E-mails:
- | [+] E-mail Found: mailman@www.mop.gov.sd
- | [+] E-mail Found: fancybox_loading@2x.gif
- | [+] E-mail Found: fancybox_sprite@2x.png
- | [+] E-mail Found: info@mopg.gov.sd
- =======================================================================================================================================
- | External hosts:
- | [+] External Host Found: https://code.highcharts.com
- | [+] External Host Found: http://www.adobe.com
- | [+] External Host Found: https://oss.maxcdn.com
- | [+] External Host Found: http://mopg.gov.sd
- | [+] External Host Found: http://www.gnu.org
- =======================================================================================================================================
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P4-5-Debian <<>> mop.gov.sd
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39949
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;mop.gov.sd. IN A
- ;; ANSWER SECTION:
- mop.gov.sd. 59 IN A 185.28.23.9
- ;; Query time: 49 msec
- ;; SERVER: 38.132.106.139#53(38.132.106.139)
- ;; WHEN: lun mai 06 20:02:58 EDT 2019
- ;; MSG SIZE rcvd: 55
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P4-5-Debian <<>> +trace mop.gov.sd
- ;; global options: +cmd
- . 84971 IN NS l.root-servers.net.
- . 84971 IN NS f.root-servers.net.
- . 84971 IN NS i.root-servers.net.
- . 84971 IN NS b.root-servers.net.
- . 84971 IN NS k.root-servers.net.
- . 84971 IN NS c.root-servers.net.
- . 84971 IN NS j.root-servers.net.
- . 84971 IN NS d.root-servers.net.
- . 84971 IN NS g.root-servers.net.
- . 84971 IN NS m.root-servers.net.
- . 84971 IN NS e.root-servers.net.
- . 84971 IN NS h.root-servers.net.
- . 84971 IN NS a.root-servers.net.
- . 84971 IN RRSIG NS 8 0 518400 20190519210000 20190506200000 25266 . Cd4VxMZQnTTXg42ezedP1w3JJHP/0pzNeu12gwrSCECUC/wA+L8UNgEt priMB8Fqr9MCwkrVv8EX7UNT5eV0Ib3M9fp+bWykB6DFHCDMKD/FZgN2 u0vbOJzt+ITh6Qv17CKkOcaaxZY2+tWjPLfEqHwp92h07t/rRw3SkvKz xNG48xLSjl3ih0nst5a99adRIMtl0za9ZXssI1q/8D+a6oa23kQ+mJrU urvRgopqXd58I1qjIzgqqpsxEX/ZHeAE7hbs7YfCpETB6hrCDVYM4AJi BcLB15Ry8c+f22YNnxZxiX6s8aVqGYJ26OBtsrxkXVSxQmM+UogBUM+v IDrwsQ==
- ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 70 ms
- sd. 172800 IN NS ans1.sis.sd.
- sd. 172800 IN NS ns1.uaenic.ae.
- sd. 172800 IN NS ans1.canar.sd.
- sd. 172800 IN NS ns-sd.afrinic.net.
- sd. 172800 IN NS ns2.uaenic.ae.
- sd. 172800 IN NS sd.cctld.authdns.ripe.net.
- sd. 172800 IN NS ans2.canar.sd.
- sd. 86400 IN NSEC se. NS RRSIG NSEC
- sd. 86400 IN RRSIG NSEC 8 1 86400 20190519210000 20190506200000 25266 . NY/P7GyJ03+fQdG6P//WPFq5Oh/G14cd77ITJ8rvc0pOnZFu0v88SEJU wuuAoIAfdl4UeKTIGWCV+cLaiQjWCl1jHK+urjJ/gCWngLcpbVVkcLyU 7vamRfPB4VDzTC10nTCbErX+UZfYf8uJILRpYQjVXcu9yK5pb0cn+h7E kOyV6p68BEIyO1CN8egdNPYdv6LrHpcJA8HQwQM3vdOFn6d3znvZxa1/ RTbB40bxkU0VGJECMz3Av8rwJ0oot52PGa3YAvZDGB2j5SItwlab+UWH vm/Gu1EwvrhPXFZeEcBAblQMkFsHxUGBWf4DCD4mqh1oKcvIv6Ielt5Q SgtShg==
- ;; Received 697 bytes from 2001:dc3::35#53(m.root-servers.net) in 95 ms
- ;; Received 67 bytes from 195.229.0.186#53(ns2.uaenic.ae) in 234 ms
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: mop.gov.sd
- [-] DNSSEC is not configured for mop.gov.sd
- [*] SOA ns43.boxsecured.com 212.1.210.66
- [*] NS ns44.boxsecured.com 212.1.210.106
- [*] NS ns43.boxsecured.com 212.1.210.66
- [*] MX mop.gov.sd 185.28.23.9
- [*] A mop.gov.sd 185.28.23.9
- [*] TXT mop.gov.sd v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all
- [*] Enumerating SRV Records
- [-] No SRV Records Found for mop.gov.sd
- [+] 0 Records Found
- #######################################################################################################################################
- [*] Processing domain mop.gov.sd
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
- [+] Getting nameservers
- 212.1.210.106 - ns44.boxsecured.com
- 212.1.210.66 - ns43.boxsecured.com
- [-] Zone transfer failed
- [+] TXT records found
- "v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all"
- [+] MX records found, added to target list
- 0 mop.gov.sd.
- [*] Scanning mop.gov.sd for A records
- 185.28.23.9 - mop.gov.sd
- 185.28.23.9 - cpanel.mop.gov.sd
- 185.28.23.9 - ftp.mop.gov.sd
- 185.28.23.9 - mail.mop.gov.sd
- 185.28.23.9 - webdisk.mop.gov.sd
- 185.28.23.9 - webmail.mop.gov.sd
- 185.28.23.9 - whm.mop.gov.sd
- 185.28.23.9 - www.mop.gov.sd
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------- ------ ---- ----------- ------
- 185.28.23.9 alias ftp.mop.gov.sd
- 185.28.23.9 host mop.gov.sd
- 185.28.23.9 alias mail.mop.gov.sd
- 185.28.23.9 host mop.gov.sd
- 185.28.23.9 host webmail.mop.gov.sd
- 185.28.23.9 alias www.mop.gov.sd
- 185.28.23.9 host mop.gov.sd
- #######################################################################################################################################
- [+] Testing domain
- www.mop.gov.sd 185.28.23.9
- [+] Dns resolving
- Domain name Ip address Name server
- mop.gov.sd 185.28.23.9 srv23-9.hosting24.com
- Found 1 host(s) for mop.gov.sd
- [+] Testing wildcard
- Ok, no wildcard found.
- [+] Scanning for subdomain on mop.gov.sd
- [!] Wordlist not specified. I scannig with my internal wordlist...
- Estimated time about 48.62 seconds
- Subdomain Ip address Name server
- ftp.mop.gov.sd 185.28.23.9 srv23-9.hosting24.com
- mail.mop.gov.sd 185.28.23.9 srv23-9.hosting24.com
- webmail.mop.gov.sd 185.28.23.9 srv23-9.hosting24.com
- www.mop.gov.sd 185.28.23.9 srv23-9.hosting24.com
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 185.28.23.9
- + Target Hostname: www.mop.gov.sd
- + Target Port: 80
- + Start Time: 2019-05-06 19:58:35 (GMT-4)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: No banner retrieved
- + Retrieved x-powered-by header: PHP/5.6.40
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_REQ 0
- + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
- + Scan terminated: 20 error(s) and 5 item(s) reported on remote host
- + End Time: 2019-05-06 20:10:57 (GMT-4) (742 seconds)
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 185.28.23.9
- + Target Hostname: 185.28.23.9
- + Target Port: 443
- ---------------------------------------------------------------------------------------------------------------------------------------
- + SSL Info: Subject: /CN=pen.boxsecured.com
- Ciphers: TLS_AES_256_GCM_SHA384
- Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
- + Start Time: 2019-05-06 19:59:11 (GMT-4)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: LiteSpeed
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + Uncommon header 'alt-svc' found, with contents: quic=":443"; ma=2592000; v="35,39,43,44"
- + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
- + The site uses SSL and Expect-CT header is not present.
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Hostname '185.28.23.9' does not match certificate's names: pen.boxsecured.com
- + Server banner has changed from 'LiteSpeed' to 'Apache/2.2.16 (Debian)' which may suggest a WAF, load balancer or proxy is in place
- ---------------------------------------------------------------------------------------------------------------------------------------#######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- www.mop.gov.sd -----
- Host's addresses:
- __________________
- mop.gov.sd. 59 IN A 185.28.23.9
- Name Servers:
- ______________
- ns44.boxsecured.com. 86397 IN A 212.1.210.106
- ns43.boxsecured.com. 86400 IN A 212.1.210.66
- Mail (MX) Servers:
- ___________________
- mop.gov.sd. 60 IN A 185.28.23.9
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for www.mop.gov.sd on ns44.boxsecured.com ...
- Trying Zone Transfer for www.mop.gov.sd on ns43.boxsecured.com ...
- brute force file not specified, bay.
- #######################################################################################################################################
- ===============================================
- -=Subfinder v1.1.3 github.com/subfinder/subfinder
- ===============================================
- Running Source: Ask
- Running Source: Archive.is
- Running Source: Baidu
- Running Source: Bing
- Running Source: CertDB
- Running Source: CertificateTransparency
- Running Source: Certspotter
- Running Source: Commoncrawl
- Running Source: Crt.sh
- Running Source: Dnsdb
- Running Source: DNSDumpster
- Running Source: DNSTable
- Running Source: Dogpile
- Running Source: Exalead
- Running Source: Findsubdomains
- Running Source: Googleter
- Running Source: Hackertarget
- Running Source: Ipv4Info
- Running Source: PTRArchive
- Running Source: Sitedossier
- Running Source: Threatcrowd
- Running Source: ThreatMiner
- Running Source: WaybackArchive
- Running Source: Yahoo
- Running enumeration on www.mop.gov.sd
- dnsdb: Unexpected return status 503
- dogpile: Get https://www.dogpile.com/search/web?q=www.mop.gov.sd&qsi=1: EOF
- waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.www.mop.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
- Starting Bruteforcing of www.mop.gov.sd with 9985 words
- Total 1 Unique subdomains found for www.mop.gov.sd
- .www.mop.gov.sd
- #######################################################################################################################################
- [*] Processing domain www.mop.gov.sd
- [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
- [+] Getting nameservers
- 212.1.210.66 - ns43.boxsecured.com
- 212.1.210.106 - ns44.boxsecured.com
- [-] Zone transfer failed
- [+] TXT records found
- "v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all"
- [+] MX records found, added to target list
- 0 mop.gov.sd.
- [*] Scanning www.mop.gov.sd for A records
- 185.28.23.9 - www.mop.gov.sd
- #######################################################################################################################################
- [*] Found SPF record:
- [*] v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all
- [*] SPF record contains an All item: ~all
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for www.mop.gov.sd!
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 06:13 EDT
- Nmap scan report for www.mop.gov.sd (185.28.23.9)
- Host is up (0.17s latency).
- rDNS record for 185.28.23.9: srv23-9.hosting24.com
- Not shown: 458 filtered ports, 6 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp open ssh
- 53/tcp open domain
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 465/tcp open smtps
- 587/tcp open submission
- 993/tcp open imaps
- 995/tcp open pop3s
- 3306/tcp open mysql
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 06:14 EDT
- Nmap scan report for www.mop.gov.sd (185.28.23.9)
- Host is up (0.12s latency).
- rDNS record for 185.28.23.9: srv23-9.hosting24.com
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 06:14 EDT
- Nmap scan report for www.mop.gov.sd (185.28.23.9)
- Host is up (0.21s latency).
- rDNS record for 185.28.23.9: srv23-9.hosting24.com
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Pure-FTPd
- | ftp-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 3761 guesses in 187 seconds, average tps: 20.7
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose
- Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (89%)
- OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
- Aggressive OS guesses: Linux 4.9 (89%), Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.10 (85%), Linux 3.16 (85%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 12 hops
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 109.64 ms 10.250.200.1
- 2 110.36 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
- 3 109.88 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
- 4 109.91 ms prs-b8-link.telia.net (213.248.70.225)
- 5 206.39 ms prs-bb4-link.telia.net (62.115.138.138)
- 6 209.94 ms ash-bb4-link.telia.net (62.115.112.242)
- 7 206.39 ms cha-b1-link.telia.net (213.155.132.167)
- 8 211.14 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
- 9 201.37 ms 74.112.175.7
- 10 204.46 ms 74.112.175.17
- 11 213.25 ms ashv1.main-hosting.com (208.69.231.10)
- 12 212.66 ms srv23-9.hosting24.com (185.28.23.9)
- #######################################################################################################################################
- # general
- (gen) banner: SSH-2.0-OpenSSH_7.4
- (gen) software: OpenSSH 7.4
- (gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 2016.73+ (some functionality from 0.52)
- (gen) compression: enabled (zlib@openssh.com)
- # key exchange algorithms
- (kex) curve25519-sha256 -- [warn] unknown algorithm
- (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
- (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
- `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
- (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
- `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
- (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
- `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
- (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
- `- [info] available since OpenSSH 4.4
- (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
- (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
- (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.3.0
- (kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
- (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
- (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
- `- [warn] using small 1024-bit modulus
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
- # host-key algorithms
- (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
- (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
- (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
- (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
- `- [warn] using weak random number generator could reveal the key
- `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
- (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
- # encryption algorithms (ciphers)
- (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
- `- [info] default cipher since OpenSSH 6.9.
- (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) aes192-ctr -- [info] available since OpenSSH 3.7
- (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
- (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
- (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
- (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0
- (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
- (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [fail] disabled since Dropbear SSH 0.53
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher mode
- `- [warn] using small 64-bit block size
- `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
- (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher mode
- `- [warn] using small 64-bit block size
- `- [info] available since OpenSSH 2.1.0
- (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher
- `- [warn] using weak cipher mode
- `- [warn] using small 64-bit block size
- `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
- # message authentication code algorithms
- (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
- `- [info] available since OpenSSH 6.2
- (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
- (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
- (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
- (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 6.2
- (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
- `- [warn] using small 64-bit tag size
- `- [info] available since OpenSSH 4.7
- (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 6.2
- (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- # algorithm recommendations (for OpenSSH 7.4)
- (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
- (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
- (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
- (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
- (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
- (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
- (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
- (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
- (rec) -blowfish-cbc -- enc algorithm to remove
- (rec) -3des-cbc -- enc algorithm to remove
- (rec) -aes256-cbc -- enc algorithm to remove
- (rec) -cast128-cbc -- enc algorithm to remove
- (rec) -aes192-cbc -- enc algorithm to remove
- (rec) -aes128-cbc -- enc algorithm to remove
- (rec) -hmac-sha2-512 -- mac algorithm to remove
- (rec) -umac-128@openssh.com -- mac algorithm to remove
- (rec) -hmac-sha2-256 -- mac algorithm to remove
- (rec) -umac-64@openssh.com -- mac algorithm to remove
- (rec) -hmac-sha1 -- mac algorithm to remove
- (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
- (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 06:18 EDT
- NSE: [ssh-run] Failed to specify credentials and command to run.
- Nmap scan report for www.mop.gov.sd (185.28.23.9)
- Host is up (0.22s latency).
- rDNS record for 185.28.23.9: srv23-9.hosting24.com
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
- | ssh-auth-methods:
- | Supported authentication methods:
- |_ publickey
- |_ssh-brute: Password authentication not allowed
- | ssh-hostkey:
- | 2048 ec:2d:3c:a6:c4:61:d5:11:d4:a4:13:53:d9:dc:23:7a (RSA)
- | 256 48:86:03:7a:f8:6d:76:f6:b9:f0:92:ec:7a:5f:f1:5d (ECDSA)
- |_ 256 f1:33:6a:fb:fe:b7:15:1e:eb:07:d5:53:dd:fa:88:a0 (ED25519)
- | ssh-publickey-acceptance:
- |_ Accepted Public Keys: No public keys accepted
- |_ssh-run: Failed to specify credentials and command to run.
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose
- Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (89%)
- OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
- Aggressive OS guesses: Linux 4.9 (89%), Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.10 (85%), Linux 3.16 (85%), OpenWrt Chaos Calmer (Linux 3.18) (85%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 12 hops
- TRACEROUTE (using port 22/tcp)
- HOP RTT ADDRESS
- 1 110.32 ms 10.250.200.1
- 2 110.58 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
- 3 110.56 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
- 4 110.58 ms prs-b8-link.telia.net (213.248.70.225)
- 5 206.20 ms prs-bb4-link.telia.net (62.115.138.138)
- 6 211.47 ms ash-bb4-link.telia.net (62.115.112.242)
- 7 208.27 ms cha-b1-link.telia.net (213.155.132.167)
- 8 211.06 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
- 9 217.07 ms 74.112.175.5
- 10 201.73 ms 74.112.175.15
- 11 200.23 ms ashv1.main-hosting.com (208.69.231.10)
- 12 201.27 ms srv23-9.hosting24.com (185.28.23.9)
- #######################################################################################################################################
- USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
- RHOSTS => www.mop.gov.sd
- RHOST => www.mop.gov.sd
- [*] 185.28.23.9:22 - SSH - Using malformed packet technique
- [*] 185.28.23.9:22 - SSH - Starting scan
- [-] 185.28.23.9:22 - SSH - User 'admin' not found
- [-] 185.28.23.9:22 - SSH - User 'administrator' not found
- [-] 185.28.23.9:22 - SSH - User 'anonymous' not found
- [-] 185.28.23.9:22 - SSH - User 'backup' not found
- [-] 185.28.23.9:22 - SSH - User 'bee' not found
- [+] 185.28.23.9:22 - SSH - User 'ftp' found
- [-] 185.28.23.9:22 - SSH - User 'guest' not found
- [-] 185.28.23.9:22 - SSH - User 'GUEST' not found
- [-] 185.28.23.9:22 - SSH - User 'info' not found
- [+] 185.28.23.9:22 - SSH - User 'mail' found
- [-] 185.28.23.9:22 - SSH - User 'mailadmin' not found
- [-] 185.28.23.9:22 - SSH - User 'msfadmin' not found
- [-] 185.28.23.9:22 - SSH - User 'mysql' not found
- [-] 185.28.23.9:22 - SSH - User 'nobody' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'oracle' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'owaspbwa' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'postfix' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'postgres' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'private' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'proftpd' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'public' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'root' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'superadmin' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'support' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'sys' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'system' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'systemadmin' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'systemadministrator' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'test' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'tomcat' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'user' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'webmaster' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'www-data' on could not connect
- [-] 185.28.23.9:22 - SSH - User 'Fortimanager_Access' on could not connect
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 06:31 EDT
- Nmap scan report for www.mop.gov.sd (185.28.23.9)
- Host is up (0.20s latency).
- rDNS record for 185.28.23.9: srv23-9.hosting24.com
- PORT STATE SERVICE VERSION
- 53/tcp open domain ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
- |_dns-fuzz: Server didn't response to our probe, can't fuzz
- | dns-nsec-enum:
- |_ No NSEC records found
- | dns-nsec3-enum:
- |_ DNSSEC NSEC3 not supported
- | dns-nsid:
- |_ bind.version: 9.9.4-RedHat-9.9.4-73.el7_6
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose
- Running (JUST GUESSING): Linux 4.X|3.X (89%)
- OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18
- Aggressive OS guesses: Linux 4.9 (89%), Linux 3.18 (86%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 12 hops
- Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
- Host script results:
- | dns-brute:
- | DNS Brute-force hostnames:
- | mail.mop.gov.sd - 185.28.23.9
- | www.mop.gov.sd - 185.28.23.9
- |_ ftp.mop.gov.sd - 185.28.23.9
- TRACEROUTE (using port 53/tcp)
- HOP RTT ADDRESS
- 1 115.79 ms 10.250.200.1
- 2 116.01 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
- 3 115.83 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
- 4 116.58 ms prs-b8-link.telia.net (213.248.70.225)
- 5 211.46 ms prs-bb4-link.telia.net (62.115.138.138)
- 6 215.84 ms ash-bb4-link.telia.net (62.115.112.242)
- 7 204.25 ms cha-b1-link.telia.net (213.155.132.167)
- 8 210.84 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
- 9 214.89 ms 74.112.175.5
- 10 201.59 ms 74.112.175.15
- 11 200.41 ms ashv1.main-hosting.com (208.69.231.10)
- 12 212.66 ms srv23-9.hosting24.com (185.28.23.9)
- #######################################################################################################################################
- http://www.mop.gov.sd [200 OK] Cookies[GXDPHP], Country[LITHUANIA][LT], Email[info@mopg.gov.sd], HTML5, HttpOnly[GXDPHP], IP[185.28.23.9], JQuery[1.11.2], MetaGenerator[Croogo - Content Management System], Modernizr, PHP[5.6.40], PasswordField[data[User][password]], PoweredBy[:], Script[text/javascript], Title[الصفحة الرئيسة » وزارة النفط والغاز والمعادن], X-Powered-By[PHP/5.6.40], X-UA-Compatible[IE=edge]
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://www.mop.gov.sd...
- __________________________ SITE INFO ___________________________
- IP Title
- 185.28.23.9 الصفحة الرئيسة » وزارة النفط والغاز و
- ___________________________ VERSION ____________________________
- Name Versions Type
- PHP 5.6.40 Platform
- _________________________ INTERESTING __________________________
- URL Note Type
- /sql/ This might be interesting Interesting
- ________________________________________________________________
- Time: 1040.9 sec Urls: 680 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- X-Powered-By: PHP/5.6.40
- Set-Cookie: GXDPHP=vjo5crprl3plpim29n1qepekl3; expires=Wed, 29-May-2019 10:50:33 GMT; Max-Age=2160000; path=/; HttpOnly
- Content-Type: text/html; charset=UTF-8
- Content-Length: 98027
- Date: Sat, 04 May 2019 10:50:41 GMT
- Connection: keep-alive
- HTTP/1.1 200 OK
- X-Powered-By: PHP/5.6.40
- Set-Cookie: GXDPHP=6b3q1041s1255d1ldb2vdj60m2; expires=Wed, 29-May-2019 10:50:46 GMT; Max-Age=2160000; path=/; HttpOnly
- Content-Type: text/html; charset=UTF-8
- Content-Length: 98026
- Date: Sat, 04 May 2019 10:50:58 GMT
- Connection: keep-alive
- #######################################################################################################################################
- Apache 2.2.16
- AngularJS
- reCAPTCHA
- WordPress 2.5
- #######################################################################################################################################
- Version: 1.11.13-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 185.28.23.9
- Testing SSL server www.mop.gov.sd on port 443 using SNI name www.mop.gov.sd
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Session renegotiation not supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Accepted TLSv1.2 112 bits DES-CBC3-SHA
- Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Accepted TLSv1.1 112 bits DES-CBC3-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: mopg.gov.sd
- Altnames: DNS:mopg.gov.sd, DNS:mail.mopg.gov.sd, DNS:www.mopg.gov.sd, DNS:cpanel.mopg.gov.sd, DNS:webdisk.mopg.gov.sd, DNS:webmail.mopg.gov.sd
- Issuer: mopg.gov.sd
- Not valid before: Apr 6 17:05:42 2019 GMT
- Not valid after: Apr 5 17:05:42 2020 GMT
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 06:54 EDT
- Nmap scan report for www.mop.gov.sd (185.28.23.9)
- Host is up.
- rDNS record for 185.28.23.9: srv23-9.hosting24.com
- PORT STATE SERVICE VERSION
- 3306/tcp filtered mysql
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 114.70 ms 10.250.200.1
- 2 115.98 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
- 3 116.00 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
- 4 115.72 ms prs-b8-link.telia.net (213.248.70.225)
- 5 210.78 ms prs-bb3-link.telia.net (62.115.138.132)
- 6 ...
- 7 211.50 ms cha-b1-link.telia.net (213.155.132.167)
- 8 228.75 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
- 9 219.35 ms 74.112.175.7
- 10 222.57 ms 74.112.175.17
- 11 212.80 ms ashv1.main-hosting.com (208.69.231.10)
- 12 ... 30
- ######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +----------+-----------------------------+----------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +----------+-----------------------------+----------------------------------------------+----------+----------+
- | SVN | http://185.28.23.9:80/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
- +----------+-----------------------------+----------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:47 EDT
- Nmap scan report for srv23-9.hosting24.com (185.28.23.9)
- Host is up (0.11s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:47 EDT
- Nmap scan report for srv23-9.hosting24.com (185.28.23.9)
- Host is up.
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 110.45 ms 10.250.200.1
- 2 113.56 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
- 3 111.76 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
- 4 111.98 ms prs-b8-link.telia.net (213.248.70.225)
- 5 206.37 ms prs-bb3-link.telia.net (62.115.138.132)
- 6 209.45 ms ash-bb4-link.telia.net (62.115.112.242)
- 7 206.42 ms cha-b1-link.telia.net (213.155.132.167)
- 8 223.45 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
- 9 213.66 ms 74.112.175.7
- 10 217.12 ms 74.112.175.17
- 11 213.43 ms ashv1.main-hosting.com (208.69.231.10)
- 12 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:49 EDT
- Nmap scan report for srv23-9.hosting24.com (185.28.23.9)
- Host is up.
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 110.72 ms 10.250.200.1
- 2 111.09 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
- 3 110.77 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
- 4 110.79 ms prs-b8-link.telia.net (213.248.70.225)
- 5 206.57 ms prs-bb3-link.telia.net (62.115.138.132)
- 6 210.76 ms ash-bb4-link.telia.net (62.115.112.242)
- 7 207.95 ms cha-b1-link.telia.net (213.155.132.167)
- 8 225.00 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
- 9 217.05 ms 74.112.175.7
- 10 219.54 ms 74.112.175.17
- 11 212.43 ms ashv1.main-hosting.com (208.69.231.10)
- 12 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:50 EDT
- Nmap scan report for srv23-9.hosting24.com (185.28.23.9)
- Host is up.
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 110.26 ms 10.250.200.1
- 2 110.36 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
- 3 110.32 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
- 4 110.35 ms prs-b8-link.telia.net (213.248.70.225)
- 5 206.82 ms prs-bb3-link.telia.net (62.115.138.132)
- 6 210.27 ms ash-bb4-link.telia.net (62.115.112.242)
- 7 207.38 ms cha-b1-link.telia.net (213.155.132.167)
- 8 224.67 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
- 9 215.25 ms 74.112.175.7
- 10 218.59 ms 74.112.175.17
- 11 330.06 ms ashv1.main-hosting.com (208.69.231.10)
- 12 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:53 EDT
- Nmap scan report for srv23-9.hosting24.com (185.28.23.9)
- Host is up.
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 115.03 ms 10.250.200.1
- 2 115.43 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
- 3 115.07 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
- 4 116.23 ms prs-b8-link.telia.net (213.248.70.225)
- 5 211.08 ms prs-bb3-link.telia.net (62.115.138.132)
- 6 215.25 ms ash-bb4-link.telia.net (62.115.112.242)
- 7 206.22 ms cha-b1-link.telia.net (213.155.132.167)
- 8 223.35 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
- 9 213.53 ms 74.112.175.7
- 10 217.17 ms 74.112.175.17
- 11 213.12 ms ashv1.main-hosting.com (208.69.231.10)
- 12 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:55 EDT
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 08:55
- Completed NSE at 08:55, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 08:55
- Completed NSE at 08:55, 0.00s elapsed
- Initiating Ping Scan at 08:55
- Scanning 185.28.23.9 [4 ports]
- Completed Ping Scan at 08:55, 2.04s elapsed (1 total hosts)
- Nmap scan report for 185.28.23.9 [host down, received no-response]
- NSE: Script Post-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 08:55
- Completed NSE at 08:55, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 08:55
- Completed NSE at 08:55, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
- Nmap done: 1 IP address (0 hosts up) scanned in 2.62 seconds
- Raw packets sent: 8 (304B) | Rcvd: 0 (0B)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:55 EDT
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 08:55
- Completed NSE at 08:55, 0.00s elapsed
- Initiating NSE at 08:55
- Completed NSE at 08:55, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 08:55
- Completed Parallel DNS resolution of 1 host. at 08:55, 0.03s elapsed
- Initiating UDP Scan at 08:55
- Scanning srv23-9.hosting24.com (185.28.23.9) [14 ports]
- Completed UDP Scan at 08:55, 2.90s elapsed (14 total ports)
- Initiating Service scan at 08:55
- Scanning 12 services on srv23-9.hosting24.com (185.28.23.9)
- Service scan Timing: About 8.33% done; ETC: 09:15 (0:17:58 remaining)
- Completed Service scan at 08:57, 102.59s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against srv23-9.hosting24.com (185.28.23.9)
- Retrying OS detection (try #2) against srv23-9.hosting24.com (185.28.23.9)
- Initiating Traceroute at 08:57
- Completed Traceroute at 08:57, 7.14s elapsed
- Initiating Parallel DNS resolution of 1 host. at 08:57
- Completed Parallel DNS resolution of 1 host. at 08:57, 0.00s elapsed
- NSE: Script scanning 185.28.23.9.
- Initiating NSE at 08:57
- Completed NSE at 08:58, 20.31s elapsed
- Initiating NSE at 08:58
- Completed NSE at 08:58, 1.03s elapsed
- Nmap scan report for srv23-9.hosting24.com (185.28.23.9)
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 137/udp)
- HOP RTT ADDRESS
- 1 109.72 ms 10.250.200.1
- 2 ... 3
- 4 109.00 ms 10.250.200.1
- 5 109.38 ms 10.250.200.1
- 6 109.37 ms 10.250.200.1
- 7 109.36 ms 10.250.200.1
- 8 109.36 ms 10.250.200.1
- 9 109.37 ms 10.250.200.1
- 10 109.39 ms 10.250.200.1
- 11 ... 18
- 19 112.86 ms 10.250.200.1
- 20 109.29 ms 10.250.200.1
- 21 ... 28
- 29 109.96 ms 10.250.200.1
- 30 110.19 ms 10.250.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 08:58
- Completed NSE at 08:58, 0.00s elapsed
- Initiating NSE at 08:58
- Completed NSE at 08:58, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 138.97 seconds
- Raw packets sent: 147 (13.614KB) | Rcvd: 25 (2.746KB)
- #######################################################################################################################################
- Anonymous JTSEC #OpSudan Full Recon #68
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement