API tools faq
paste
Advertisement
JTSEC1333

Anonymous JTSEC #OpSudan Full Recon #68

JTSEC1333
May 7th, 2019
422
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 65.84 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Hostname www.mop.gov.sd ISP Hostinger International Limited
  4. Continent North America Flag
  5. US
  6. Country United States Country Code US
  7. Region Unknown Local time 02 May 2019 08:00 CDT
  8. City Unknown Postal Code Unknown
  9. IP Address 185.28.23.9 Latitude 37.751
  10. Longitude -97.822
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > www.mop.gov.sd
  14. Server: 38.132.106.139
  15. Address: 38.132.106.139#53
  16.  
  17. Non-authoritative answer:
  18. www.mop.gov.sd canonical name = mop.gov.sd.
  19. Name: mop.gov.sd
  20. Address: 185.28.23.9
  21. >
  22. #######################################################################################################################################
  23. HostIP:185.28.23.9
  24. HostName:www.mop.gov.sd
  25.  
  26. Gathered Inet-whois information for 185.28.23.9
  27. ---------------------------------------------------------------------------------------------------------------------------------------
  28.  
  29.  
  30. inetnum: 185.28.23.0 - 185.28.23.255
  31. netname: HOSTING24-SERVERS
  32. descr: Hosting24.com shared hosting servers
  33. country: US
  34. admin-c: HN1858-RIPE
  35. tech-c: HN1858-RIPE
  36. status: ASSIGNED PA
  37. mnt-by: MNT-HOSTINGER
  38. created: 2013-10-14T12:52:20Z
  39. last-modified: 2013-12-03T09:26:12Z
  40. source: RIPE
  41.  
  42. person: Hostinger NOC
  43. address: Hostinger International Ltd.
  44. address: 61 Lordou Vyronos
  45. address: Lumiel Building, 4th floor
  46. address: 6023
  47. address: Larnaca
  48. address: CYPRUS
  49. phone: +37064503378
  50. nic-hdl: HN1858-RIPE
  51. mnt-by: HN19812-MNT
  52. created: 2013-12-02T20:17:12Z
  53. last-modified: 2016-09-29T07:03:26Z
  54. source: RIPE # Filtered
  55.  
  56. % Information related to '185.28.23.0/24AS47583'
  57.  
  58. route: 185.28.23.0/24
  59. descr: HOSTING24.COM ROUTE US
  60. origin: AS47583
  61. mnt-by: MNT-HOSTINGER
  62. created: 2013-10-14T12:53:51Z
  63. last-modified: 2013-12-03T09:25:24Z
  64. source: RIPE
  65.  
  66. % This query was served by the RIPE Database Query Service version 1.93.2 (WAGYU)
  67.  
  68.  
  69.  
  70. Gathered Inic-whois information for mop.gov.sd
  71. ---------------------------------------------------------------------------------------------------------------------------------------
  72. Error: Unable to connect - Invalid Host
  73. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  74. close error
  75.  
  76. Gathered Netcraft information for www.mop.gov.sd
  77. ---------------------------------------------------------------------------------------------------------------------------------------
  78.  
  79. Retrieving Netcraft.com information for www.mop.gov.sd
  80. Netcraft.com Information gathered
  81.  
  82. Gathered Subdomain information for mop.gov.sd
  83. ---------------------------------------------------------------------------------------------------------------------------------------
  84. Searching Google.com:80...
  85. HostName:www.mop.gov.sd
  86. HostIP:185.28.23.9
  87. Searching Altavista.com:80...
  88. Found 1 possible subdomain(s) for host mop.gov.sd, Searched 0 pages containing 0 results
  89.  
  90. Gathered E-Mail information for mop.gov.sd
  91. ---------------------------------------------------------------------------------------------------------------------------------------
  92. Searching Google.com:80...
  93. Searching Altavista.com:80...
  94. Found 0 E-Mail(s) for host mop.gov.sd, Searched 0 pages containing 0 results
  95.  
  96. Gathered TCP Port information for 185.28.23.9
  97. ---------------------------------------------------------------------------------------------------------------------------------------
  98.  
  99. Port State
  100.  
  101. 21/tcp open
  102. 22/tcp open
  103. 53/tcp open
  104. 80/tcp open
  105. 110/tcp open
  106. 143/tcp open
  107.  
  108. Portscan Finished: Scanned 150 ports, 4 ports were in state closed
  109. #######################################################################################################################################
  110. [i] Scanning Site: http://www.mop.gov.sd
  111.  
  112.  
  113.  
  114. B A S I C I N F O
  115. =======================================================================================================================================
  116.  
  117.  
  118. [+] Site Title: الصفحة الرئيسة » وزارة النفط والغاز والمعادن
  119. [+] IP address: 185.28.23.9
  120. [+] Web Server: Could Not Detect
  121. [+] CMS: Could Not Detect
  122. [+] Cloudflare: Not Detected
  123. [+] Robots File: Could NOT Find robots.txt!
  124.  
  125.  
  126.  
  127.  
  128.  
  129. G E O I P L O O K U P
  130. =======================================================================================================================================
  131.  
  132. [i] IP Address: 185.28.23.9
  133. [i] Country: United States
  134. [i] State:
  135. [i] City:
  136. [i] Latitude: 37.751
  137. [i] Longitude: -97.822
  138.  
  139.  
  140.  
  141.  
  142. H T T P H E A D E R S
  143. =======================================================================================================================================
  144.  
  145.  
  146. [i] HTTP/1.1 200 OK
  147. [i] X-Powered-By: PHP/5.6.40
  148. [i] Set-Cookie: GXDPHP=3bl84kr29inmu4lvd2ikb7d3m1; expires=Mon, 27-May-2019 13:04:40 GMT; Max-Age=2160000; path=/; HttpOnly
  149. [i] Content-Type: text/html; charset=UTF-8
  150. [i] Vary: Accept-Encoding
  151. [i] Date: Thu, 02 May 2019 13:04:41 GMT
  152. [i] Connection: close
  153.  
  154.  
  155.  
  156.  
  157. D N S L O O K U P
  158. =======================================================================================================================================
  159.  
  160. mop.gov.sd. 59 IN TXT "v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all"
  161. mop.gov.sd. 21599 IN SOA ns43.boxsecured.com. cpanel.boxsecured.com. 2019040604 3600 1800 1209600 86400
  162. mop.gov.sd. 21599 IN NS ns43.boxsecured.com.
  163. mop.gov.sd. 21599 IN NS ns44.boxsecured.com.
  164. mop.gov.sd. 59 IN A 185.28.23.9
  165. mop.gov.sd. 59 IN MX 0 mop.gov.sd.
  166.  
  167.  
  168.  
  169.  
  170. S U B N E T C A L C U L A T I O N
  171. =======================================================================================================================================
  172.  
  173. Address = 185.28.23.9
  174. Network = 185.28.23.9 / 32
  175. Netmask = 255.255.255.255
  176. Broadcast = not needed on Point-to-Point links
  177. Wildcard Mask = 0.0.0.0
  178. Hosts Bits = 0
  179. Max. Hosts = 1 (2^0 - 0)
  180. Host Range = { 185.28.23.9 - 185.28.23.9 }
  181.  
  182.  
  183.  
  184. N M A P P O R T S C A N
  185. =======================================================================================================================================
  186.  
  187. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 13:04 UTC
  188. Nmap scan report for mop.gov.sd (185.28.23.9)
  189. Host is up (0.023s latency).
  190. rDNS record for 185.28.23.9: srv23-9.hosting24.com
  191.  
  192. PORT STATE SERVICE
  193. 21/tcp open ftp
  194. 22/tcp filtered ssh
  195. 23/tcp filtered telnet
  196. 80/tcp open http
  197. 110/tcp filtered pop3
  198. 143/tcp filtered imap
  199. 443/tcp open https
  200. 3389/tcp filtered ms-wbt-server
  201.  
  202. Nmap done: 1 IP address (1 host up) scanned in 1.25 seconds
  203. #######################################################################################################################################
  204. [?] Enter the target: example( http://domain.com )
  205. http://www.mop.gov.sd/
  206. [!] IP Address : 185.28.23.9
  207. [!] www.mop.gov.sd doesn't seem to use a CMS
  208. [+] Honeypot Probabilty: 30%
  209. ---------------------------------------------------------------------------------------------------------------------------------------
  210. [~] Trying to gather whois information for www.mop.gov.sd
  211. [+] Whois information found
  212. [-] Unable to build response, visit https://who.is/whois/www.mop.gov.sd
  213. ---------------------------------------------------------------------------------------------------------------------------------------
  214. PORT STATE SERVICE
  215. 21/tcp open ftp
  216. 22/tcp filtered ssh
  217. 23/tcp filtered telnet
  218. 80/tcp open http
  219. 110/tcp filtered pop3
  220. 143/tcp filtered imap
  221. 443/tcp open https
  222. 3389/tcp filtered ms-wbt-server
  223. Nmap done: 1 IP address (1 host up) scanned in 1.25 seconds
  224. --------------------------------------------------------------------------------------------------------------------------------------
  225.  
  226. [+] DNS Records
  227. ns44.boxsecured.com. (212.1.210.106) AS47583 Hostinger International Limited United States
  228. ns43.boxsecured.com. (212.1.210.66) AS47583 Hostinger International Limited United States
  229.  
  230. [+] MX Records
  231. 0 (185.28.23.9) AS47583 Hostinger International Limited United States
  232.  
  233. [+] Host Records (A)
  234. www.mop.gov.sdHTTP: (srv23-9.hosting24.com) (185.28.23.9) AS47583 Hostinger International Limited United States
  235.  
  236. [+] TXT Records
  237. "v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all"
  238.  
  239. [+] DNS Map: https://dnsdumpster.com/static/map/mop.gov.sd.png
  240.  
  241. [>] Initiating 3 intel modules
  242. [>] Loading Alpha module (1/3)
  243. [>] Beta module deployed (2/3)
  244. [>] Gamma module initiated (3/3)
  245.  
  246.  
  247. [+] Emails found:
  248. ---------------------------------------------------------------------------------------------------------------------------------------
  249. pixel-1556802278297679-web-@www.mop.gov.sd
  250. pixel-1556802279786529-web-@www.mop.gov.sd
  251. No hosts found
  252. [+] Virtual hosts:
  253. ---------------------------------------------------------------------------------------------------------------------------------------
  254. #######################################################################################################################################
  255. Enter Address Website = mop.gov.sd
  256.  
  257. Reverse IP With YouGetSignal 'mop.gov.sd'
  258. ---------------------------------------------------------------------------------------------------------------------------------------
  259.  
  260. [*] IP: 185.28.23.9
  261. [*] Domain: mop.gov.sd
  262. [*] Total Domains: 2
  263.  
  264. [+] mop.gov.sd
  265. [+] omdurmansd.com
  266. #######################################################################################################################################
  267.  
  268. Geo IP Lookup 'mop.gov.sd'
  269. ---------------------------------------------------------------------------------------------------------------------------------------
  270.  
  271. [+] IP Address: 185.28.23.9
  272. [+] Country: United States
  273. [+] State:
  274. [+] City:
  275. [+] Latitude: 37.751
  276. [+] Longitude: -97.822
  277. #######################################################################################################################################
  278.  
  279. Bypass Cloudflare 'mop.gov.sd'
  280. ---------------------------------------------------------------------------------------------------------------------------------------
  281.  
  282. [!] CloudFlare Bypass 185.28.23.9 | ftp.mop.gov.sd
  283. [!] CloudFlare Bypass 185.28.23.9 | cpanel.mop.gov.sd
  284. [!] CloudFlare Bypass 185.28.23.9 | webmail.mop.gov.sd
  285. [!] CloudFlare Bypass 185.28.23.9 | mail.mop.gov.sd
  286. [!] CloudFlare Bypass 185.28.23.9 | www.mop.gov.sd
  287. #######################################################################################################################################
  288.  
  289. DNS Lookup 'mop.gov.sd'
  290. ---------------------------------------------------------------------------------------------------------------------------------------
  291.  
  292. [+] mop.gov.sd. 59 IN TXT "v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all"
  293. [+] mop.gov.sd. 21599 IN SOA ns43.boxsecured.com. cpanel.boxsecured.com. 2019040604 3600 1800 1209600 86400
  294. [+] mop.gov.sd. 21599 IN NS ns43.boxsecured.com.
  295. [+] mop.gov.sd. 21599 IN NS ns44.boxsecured.com.
  296. [+] mop.gov.sd. 59 IN A 185.28.23.9
  297. [+] mop.gov.sd. 59 IN MX 0 mop.gov.sd.
  298. #######################################################################################################################################
  299.  
  300. Show HTTP Header 'mop.gov.sd'
  301. ---------------------------------------------------------------------------------------------------------------------------------------
  302.  
  303. [+] HTTP/1.1 200 OK
  304. [+] X-Powered-By: PHP/5.6.40
  305. [+] Set-Cookie: GXDPHP=7gvupsfs5cmkkatu2cnmh7jfk6; expires=Mon, 27-May-2019 13:04:17 GMT; Max-Age=2160000; path=/; HttpOnly
  306. [+] Content-Type: text/html; charset=UTF-8
  307. [+] Content-Length: 97999
  308. [+] Date: Thu, 02 May 2019 13:04:18 GMT
  309. [+] Server: LiteSpeed
  310. [+] Connection: Keep-Alive
  311. #######################################################################################################################################
  312.  
  313. Port Scan 'mop.gov.sd'
  314. ---------------------------------------------------------------------------------------------------------------------------------------
  315.  
  316. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 13:04 UTC
  317. Nmap scan report for mop.gov.sd (185.28.23.9)
  318. Host is up (0.025s latency).
  319. rDNS record for 185.28.23.9: srv23-9.hosting24.com
  320.  
  321. PORT STATE SERVICE
  322. 21/tcp open ftp
  323. 22/tcp filtered ssh
  324. 23/tcp filtered telnet
  325. 80/tcp open http
  326. 110/tcp filtered pop3
  327. 143/tcp filtered imap
  328. 443/tcp open https
  329. 3389/tcp filtered ms-wbt-server
  330.  
  331. Nmap done: 1 IP address (1 host up) scanned in 1.96 seconds
  332. #######################################################################################################################################
  333.  
  334. Traceroute 'mop.gov.sd'
  335. ---------------------------------------------------------------------------------------------------------------------------------------
  336.  
  337. Start: 2019-05-02T13:04:27+0000
  338. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  339. 1.|-- 45.79.12.202 0.0% 3 0.7 0.9 0.7 1.0 0.1
  340. 2.|-- 45.79.12.2 0.0% 3 1.2 0.9 0.7 1.2 0.3
  341. 3.|-- ae-37.a01.dllstx04.us.bb.gin.ntt.net 0.0% 3 1.6 1.9 1.0 3.0 1.0
  342. 4.|-- ae-9.r10.dllstx09.us.bb.gin.ntt.net 0.0% 3 1.9 1.6 1.3 1.9 0.3
  343. 5.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  344. 6.|-- ae-2-3513.edge1.Atlanta4.Level3.net 0.0% 3 20.0 20.3 20.0 20.7 0.4
  345. 7.|-- IMMEDION-LL.edge1.Atlanta4.Level3.net 0.0% 3 22.1 23.2 22.1 23.9 1.0
  346. 8.|-- 74.112.175.1 0.0% 3 30.2 30.4 30.2 30.5 0.2
  347. 9.|-- 74.112.174.195 0.0% 3 28.0 27.8 27.5 28.0 0.3
  348. 10.|-- 74.112.175.229 0.0% 3 29.0 29.2 29.0 29.7 0.4
  349. 11.|-- ashv1.main-hosting.com 0.0% 3 45.2 34.4 28.5 45.2 9.4
  350. 12.|-- srv23-9.hosting24.com 0.0% 3 28.2 28.3 28.2 28.4 0.1
  351. #######################################################################################################################################
  352.  
  353. Ping 'mop.gov.sd'
  354. ---------------------------------------------------------------------------------------------------------------------------------------
  355.  
  356.  
  357. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-05-02 13:04 UTC
  358. SENT (0.2293s) ICMP [104.237.144.6 > 185.28.23.9 Echo request (type=8/code=0) id=18150 seq=1] IP [ttl=64 id=31121 iplen=28 ]
  359. RCVD (0.4310s) ICMP [185.28.23.9 > 104.237.144.6 Echo reply (type=0/code=0) id=18150 seq=1] IP [ttl=52 id=13449 iplen=28 ]
  360. SENT (1.2307s) ICMP [104.237.144.6 > 185.28.23.9 Echo request (type=8/code=0) id=18150 seq=2] IP [ttl=64 id=31121 iplen=28 ]
  361. RCVD (1.4510s) ICMP [185.28.23.9 > 104.237.144.6 Echo reply (type=0/code=0) id=18150 seq=2] IP [ttl=52 id=13640 iplen=28 ]
  362. SENT (2.2319s) ICMP [104.237.144.6 > 185.28.23.9 Echo request (type=8/code=0) id=18150 seq=3] IP [ttl=64 id=31121 iplen=28 ]
  363. RCVD (2.2678s) ICMP [185.28.23.9 > 104.237.144.6 Echo reply (type=0/code=0) id=18150 seq=3] IP [ttl=52 id=13915 iplen=28 ]
  364. SENT (3.2340s) ICMP [104.237.144.6 > 185.28.23.9 Echo request (type=8/code=0) id=18150 seq=4] IP [ttl=64 id=31121 iplen=28 ]
  365. RCVD (3.2870s) ICMP [185.28.23.9 > 104.237.144.6 Echo reply (type=0/code=0) id=18150 seq=4] IP [ttl=52 id=14909 iplen=28 ]
  366.  
  367. Max rtt: 220.104ms | Min rtt: 35.682ms | Avg rtt: 127.602ms
  368. Raw packets sent: 4 (112B) | Rcvd: 4 (184B) | Lost: 0 (0.00%)
  369. Nping done: 1 IP address pinged in 3.29 seconds
  370. #######################################################################################################################################
  371.  
  372. Page Admin Finder 'mop.gov.sd'
  373. -------------------------------------------------------------------------------------------------------------------------------------
  374.  
  375. Avilable Links :
  376.  
  377. Find Page >> http://mop.gov.sd/admin/
  378.  
  379. Find Page >> http://mop.gov.sd/adm/
  380. #######################################################################################################################################
  381. =======================================================================================================================================
  382. | E-mails:
  383. | [+] E-mail Found: mailman@www.mop.gov.sd
  384. | [+] E-mail Found: fancybox_loading@2x.gif
  385. | [+] E-mail Found: fancybox_sprite@2x.png
  386. | [+] E-mail Found: info@mopg.gov.sd
  387. =======================================================================================================================================
  388. | External hosts:
  389. | [+] External Host Found: https://code.highcharts.com
  390. | [+] External Host Found: http://www.adobe.com
  391. | [+] External Host Found: https://oss.maxcdn.com
  392. | [+] External Host Found: http://mopg.gov.sd
  393. | [+] External Host Found: http://www.gnu.org
  394. =======================================================================================================================================
  395. #######################################################################################################################################
  396. ; <<>> DiG 9.11.5-P4-5-Debian <<>> mop.gov.sd
  397. ;; global options: +cmd
  398. ;; Got answer:
  399. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39949
  400. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  401.  
  402. ;; OPT PSEUDOSECTION:
  403. ; EDNS: version: 0, flags:; udp: 4096
  404. ;; QUESTION SECTION:
  405. ;mop.gov.sd. IN A
  406.  
  407. ;; ANSWER SECTION:
  408. mop.gov.sd. 59 IN A 185.28.23.9
  409.  
  410. ;; Query time: 49 msec
  411. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  412. ;; WHEN: lun mai 06 20:02:58 EDT 2019
  413. ;; MSG SIZE rcvd: 55
  414. #######################################################################################################################################
  415. ; <<>> DiG 9.11.5-P4-5-Debian <<>> +trace mop.gov.sd
  416. ;; global options: +cmd
  417. . 84971 IN NS l.root-servers.net.
  418. . 84971 IN NS f.root-servers.net.
  419. . 84971 IN NS i.root-servers.net.
  420. . 84971 IN NS b.root-servers.net.
  421. . 84971 IN NS k.root-servers.net.
  422. . 84971 IN NS c.root-servers.net.
  423. . 84971 IN NS j.root-servers.net.
  424. . 84971 IN NS d.root-servers.net.
  425. . 84971 IN NS g.root-servers.net.
  426. . 84971 IN NS m.root-servers.net.
  427. . 84971 IN NS e.root-servers.net.
  428. . 84971 IN NS h.root-servers.net.
  429. . 84971 IN NS a.root-servers.net.
  430. . 84971 IN RRSIG NS 8 0 518400 20190519210000 20190506200000 25266 . Cd4VxMZQnTTXg42ezedP1w3JJHP/0pzNeu12gwrSCECUC/wA+L8UNgEt priMB8Fqr9MCwkrVv8EX7UNT5eV0Ib3M9fp+bWykB6DFHCDMKD/FZgN2 u0vbOJzt+ITh6Qv17CKkOcaaxZY2+tWjPLfEqHwp92h07t/rRw3SkvKz xNG48xLSjl3ih0nst5a99adRIMtl0za9ZXssI1q/8D+a6oa23kQ+mJrU urvRgopqXd58I1qjIzgqqpsxEX/ZHeAE7hbs7YfCpETB6hrCDVYM4AJi BcLB15Ry8c+f22YNnxZxiX6s8aVqGYJ26OBtsrxkXVSxQmM+UogBUM+v IDrwsQ==
  431. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 70 ms
  432.  
  433. sd. 172800 IN NS ans1.sis.sd.
  434. sd. 172800 IN NS ns1.uaenic.ae.
  435. sd. 172800 IN NS ans1.canar.sd.
  436. sd. 172800 IN NS ns-sd.afrinic.net.
  437. sd. 172800 IN NS ns2.uaenic.ae.
  438. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  439. sd. 172800 IN NS ans2.canar.sd.
  440. sd. 86400 IN NSEC se. NS RRSIG NSEC
  441. sd. 86400 IN RRSIG NSEC 8 1 86400 20190519210000 20190506200000 25266 . NY/P7GyJ03+fQdG6P//WPFq5Oh/G14cd77ITJ8rvc0pOnZFu0v88SEJU wuuAoIAfdl4UeKTIGWCV+cLaiQjWCl1jHK+urjJ/gCWngLcpbVVkcLyU 7vamRfPB4VDzTC10nTCbErX+UZfYf8uJILRpYQjVXcu9yK5pb0cn+h7E kOyV6p68BEIyO1CN8egdNPYdv6LrHpcJA8HQwQM3vdOFn6d3znvZxa1/ RTbB40bxkU0VGJECMz3Av8rwJ0oot52PGa3YAvZDGB2j5SItwlab+UWH vm/Gu1EwvrhPXFZeEcBAblQMkFsHxUGBWf4DCD4mqh1oKcvIv6Ielt5Q SgtShg==
  442. ;; Received 697 bytes from 2001:dc3::35#53(m.root-servers.net) in 95 ms
  443.  
  444. ;; Received 67 bytes from 195.229.0.186#53(ns2.uaenic.ae) in 234 ms
  445. #######################################################################################################################################
  446. [*] Performing General Enumeration of Domain: mop.gov.sd
  447. [-] DNSSEC is not configured for mop.gov.sd
  448. [*] SOA ns43.boxsecured.com 212.1.210.66
  449. [*] NS ns44.boxsecured.com 212.1.210.106
  450. [*] NS ns43.boxsecured.com 212.1.210.66
  451. [*] MX mop.gov.sd 185.28.23.9
  452. [*] A mop.gov.sd 185.28.23.9
  453. [*] TXT mop.gov.sd v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all
  454. [*] Enumerating SRV Records
  455. [-] No SRV Records Found for mop.gov.sd
  456. [+] 0 Records Found
  457. #######################################################################################################################################
  458. [*] Processing domain mop.gov.sd
  459. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
  460. [+] Getting nameservers
  461. 212.1.210.106 - ns44.boxsecured.com
  462. 212.1.210.66 - ns43.boxsecured.com
  463. [-] Zone transfer failed
  464.  
  465. [+] TXT records found
  466. "v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all"
  467.  
  468. [+] MX records found, added to target list
  469. 0 mop.gov.sd.
  470.  
  471. [*] Scanning mop.gov.sd for A records
  472. 185.28.23.9 - mop.gov.sd
  473. 185.28.23.9 - cpanel.mop.gov.sd
  474. 185.28.23.9 - ftp.mop.gov.sd
  475. 185.28.23.9 - mail.mop.gov.sd
  476. 185.28.23.9 - webdisk.mop.gov.sd
  477. 185.28.23.9 - webmail.mop.gov.sd
  478. 185.28.23.9 - whm.mop.gov.sd
  479. 185.28.23.9 - www.mop.gov.sd
  480. #######################################################################################################################################
  481. Ip Address Status Type Domain Name Server
  482. ---------- ------ ---- ----------- ------
  483. 185.28.23.9 alias ftp.mop.gov.sd
  484. 185.28.23.9 host mop.gov.sd
  485. 185.28.23.9 alias mail.mop.gov.sd
  486. 185.28.23.9 host mop.gov.sd
  487. 185.28.23.9 host webmail.mop.gov.sd
  488. 185.28.23.9 alias www.mop.gov.sd
  489. 185.28.23.9 host mop.gov.sd
  490. #######################################################################################################################################
  491. [+] Testing domain
  492. www.mop.gov.sd 185.28.23.9
  493. [+] Dns resolving
  494. Domain name Ip address Name server
  495. mop.gov.sd 185.28.23.9 srv23-9.hosting24.com
  496. Found 1 host(s) for mop.gov.sd
  497. [+] Testing wildcard
  498. Ok, no wildcard found.
  499.  
  500. [+] Scanning for subdomain on mop.gov.sd
  501. [!] Wordlist not specified. I scannig with my internal wordlist...
  502. Estimated time about 48.62 seconds
  503.  
  504. Subdomain Ip address Name server
  505.  
  506. ftp.mop.gov.sd 185.28.23.9 srv23-9.hosting24.com
  507. mail.mop.gov.sd 185.28.23.9 srv23-9.hosting24.com
  508. webmail.mop.gov.sd 185.28.23.9 srv23-9.hosting24.com
  509. www.mop.gov.sd 185.28.23.9 srv23-9.hosting24.com
  510. #######################################################################################################################################
  511. ---------------------------------------------------------------------------------------------------------------------------------------
  512. + Target IP: 185.28.23.9
  513. + Target Hostname: www.mop.gov.sd
  514. + Target Port: 80
  515. + Start Time: 2019-05-06 19:58:35 (GMT-4)
  516. ---------------------------------------------------------------------------------------------------------------------------------------
  517. + Server: No banner retrieved
  518. + Retrieved x-powered-by header: PHP/5.6.40
  519. + The anti-clickjacking X-Frame-Options header is not present.
  520. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  521. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  522. + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_REQ 0
  523. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
  524. + Scan terminated: 20 error(s) and 5 item(s) reported on remote host
  525. + End Time: 2019-05-06 20:10:57 (GMT-4) (742 seconds)
  526. ---------------------------------------------------------------------------------------------------------------------------------------
  527. #######################################################################################################################################
  528. ---------------------------------------------------------------------------------------------------------------------------------------
  529. + Target IP: 185.28.23.9
  530. + Target Hostname: 185.28.23.9
  531. + Target Port: 443
  532. ---------------------------------------------------------------------------------------------------------------------------------------
  533. + SSL Info: Subject: /CN=pen.boxsecured.com
  534. Ciphers: TLS_AES_256_GCM_SHA384
  535. Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
  536. + Start Time: 2019-05-06 19:59:11 (GMT-4)
  537. ---------------------------------------------------------------------------------------------------------------------------------------
  538. + Server: LiteSpeed
  539. + The anti-clickjacking X-Frame-Options header is not present.
  540. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  541. + Uncommon header 'alt-svc' found, with contents: quic=":443"; ma=2592000; v="35,39,43,44"
  542. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
  543. + The site uses SSL and Expect-CT header is not present.
  544. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  545. + Hostname '185.28.23.9' does not match certificate's names: pen.boxsecured.com
  546. + Server banner has changed from 'LiteSpeed' to 'Apache/2.2.16 (Debian)' which may suggest a WAF, load balancer or proxy is in place
  547. ---------------------------------------------------------------------------------------------------------------------------------------#######################################################################################################################################
  548. dnsenum VERSION:1.2.4
  549.  
  550. ----- www.mop.gov.sd -----
  551.  
  552.  
  553. Host's addresses:
  554. __________________
  555.  
  556. mop.gov.sd. 59 IN A 185.28.23.9
  557.  
  558.  
  559. Name Servers:
  560. ______________
  561.  
  562. ns44.boxsecured.com. 86397 IN A 212.1.210.106
  563. ns43.boxsecured.com. 86400 IN A 212.1.210.66
  564.  
  565.  
  566. Mail (MX) Servers:
  567. ___________________
  568.  
  569. mop.gov.sd. 60 IN A 185.28.23.9
  570.  
  571.  
  572. Trying Zone Transfers and getting Bind Versions:
  573. _________________________________________________
  574.  
  575.  
  576. Trying Zone Transfer for www.mop.gov.sd on ns44.boxsecured.com ...
  577.  
  578. Trying Zone Transfer for www.mop.gov.sd on ns43.boxsecured.com ...
  579.  
  580. brute force file not specified, bay.
  581. #######################################################################################################################################
  582. ===============================================
  583. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  584. ===============================================
  585.  
  586.  
  587. Running Source: Ask
  588. Running Source: Archive.is
  589. Running Source: Baidu
  590. Running Source: Bing
  591. Running Source: CertDB
  592. Running Source: CertificateTransparency
  593. Running Source: Certspotter
  594. Running Source: Commoncrawl
  595. Running Source: Crt.sh
  596. Running Source: Dnsdb
  597. Running Source: DNSDumpster
  598. Running Source: DNSTable
  599. Running Source: Dogpile
  600. Running Source: Exalead
  601. Running Source: Findsubdomains
  602. Running Source: Googleter
  603. Running Source: Hackertarget
  604. Running Source: Ipv4Info
  605. Running Source: PTRArchive
  606. Running Source: Sitedossier
  607. Running Source: Threatcrowd
  608. Running Source: ThreatMiner
  609. Running Source: WaybackArchive
  610. Running Source: Yahoo
  611.  
  612. Running enumeration on www.mop.gov.sd
  613.  
  614. dnsdb: Unexpected return status 503
  615.  
  616. dogpile: Get https://www.dogpile.com/search/web?q=www.mop.gov.sd&qsi=1: EOF
  617.  
  618. waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.www.mop.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
  619.  
  620.  
  621. Starting Bruteforcing of www.mop.gov.sd with 9985 words
  622.  
  623. Total 1 Unique subdomains found for www.mop.gov.sd
  624.  
  625. .www.mop.gov.sd
  626. #######################################################################################################################################
  627. [*] Processing domain www.mop.gov.sd
  628. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
  629. [+] Getting nameservers
  630. 212.1.210.66 - ns43.boxsecured.com
  631. 212.1.210.106 - ns44.boxsecured.com
  632. [-] Zone transfer failed
  633.  
  634. [+] TXT records found
  635. "v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all"
  636.  
  637. [+] MX records found, added to target list
  638. 0 mop.gov.sd.
  639.  
  640. [*] Scanning www.mop.gov.sd for A records
  641. 185.28.23.9 - www.mop.gov.sd
  642. #######################################################################################################################################
  643. [*] Found SPF record:
  644. [*] v=spf1 ip4:212.1.210.50 +a +mx +ip4:212.1.211.6 +ip4:212.1.211.158 +include:relay.mailchannels.net +include:relay.mailchannels.net ~all
  645. [*] SPF record contains an All item: ~all
  646. [*] No DMARC record found. Looking for organizational record
  647. [+] No organizational DMARC record
  648. [+] Spoofing possible for www.mop.gov.sd!
  649. #######################################################################################################################################
  650. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 06:13 EDT
  651. Nmap scan report for www.mop.gov.sd (185.28.23.9)
  652. Host is up (0.17s latency).
  653. rDNS record for 185.28.23.9: srv23-9.hosting24.com
  654. Not shown: 458 filtered ports, 6 closed ports
  655. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  656. PORT STATE SERVICE
  657. 21/tcp open ftp
  658. 22/tcp open ssh
  659. 53/tcp open domain
  660. 80/tcp open http
  661. 110/tcp open pop3
  662. 143/tcp open imap
  663. 443/tcp open https
  664. 465/tcp open smtps
  665. 587/tcp open submission
  666. 993/tcp open imaps
  667. 995/tcp open pop3s
  668. 3306/tcp open mysql
  669. #######################################################################################################################################
  670. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 06:14 EDT
  671. Nmap scan report for www.mop.gov.sd (185.28.23.9)
  672. Host is up (0.12s latency).
  673. rDNS record for 185.28.23.9: srv23-9.hosting24.com
  674. Not shown: 2 filtered ports
  675. PORT STATE SERVICE
  676. 53/udp open domain
  677. 67/udp open|filtered dhcps
  678. 68/udp open|filtered dhcpc
  679. 69/udp open|filtered tftp
  680. 88/udp open|filtered kerberos-sec
  681. 123/udp open|filtered ntp
  682. 139/udp open|filtered netbios-ssn
  683. 161/udp open|filtered snmp
  684. 162/udp open|filtered snmptrap
  685. 389/udp open|filtered ldap
  686. 520/udp open|filtered route
  687. 2049/udp open|filtered nfs
  688. #######################################################################################################################################
  689. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 06:14 EDT
  690. Nmap scan report for www.mop.gov.sd (185.28.23.9)
  691. Host is up (0.21s latency).
  692. rDNS record for 185.28.23.9: srv23-9.hosting24.com
  693.  
  694. PORT STATE SERVICE VERSION
  695. 21/tcp open ftp Pure-FTPd
  696. | ftp-brute:
  697. | Accounts: No valid accounts found
  698. |_ Statistics: Performed 3761 guesses in 187 seconds, average tps: 20.7
  699. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  700. Device type: general purpose
  701. Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (89%)
  702. OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
  703. Aggressive OS guesses: Linux 4.9 (89%), Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.10 (85%), Linux 3.16 (85%)
  704. No exact OS matches for host (test conditions non-ideal).
  705. Network Distance: 12 hops
  706.  
  707. TRACEROUTE (using port 21/tcp)
  708. HOP RTT ADDRESS
  709. 1 109.64 ms 10.250.200.1
  710. 2 110.36 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
  711. 3 109.88 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
  712. 4 109.91 ms prs-b8-link.telia.net (213.248.70.225)
  713. 5 206.39 ms prs-bb4-link.telia.net (62.115.138.138)
  714. 6 209.94 ms ash-bb4-link.telia.net (62.115.112.242)
  715. 7 206.39 ms cha-b1-link.telia.net (213.155.132.167)
  716. 8 211.14 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
  717. 9 201.37 ms 74.112.175.7
  718. 10 204.46 ms 74.112.175.17
  719. 11 213.25 ms ashv1.main-hosting.com (208.69.231.10)
  720. 12 212.66 ms srv23-9.hosting24.com (185.28.23.9)
  721. #######################################################################################################################################
  722. # general
  723. (gen) banner: SSH-2.0-OpenSSH_7.4
  724. (gen) software: OpenSSH 7.4
  725. (gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 2016.73+ (some functionality from 0.52)
  726. (gen) compression: enabled (zlib@openssh.com)
  727.  
  728. # key exchange algorithms
  729. (kex) curve25519-sha256 -- [warn] unknown algorithm
  730. (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
  731. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
  732. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  733. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
  734. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  735. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
  736. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  737. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
  738. `- [info] available since OpenSSH 4.4
  739. (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
  740. (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
  741. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  742. `- [warn] using weak hashing algorithm
  743. `- [info] available since OpenSSH 2.3.0
  744. (kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
  745. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
  746. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  747. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  748. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
  749. `- [warn] using small 1024-bit modulus
  750. `- [warn] using weak hashing algorithm
  751. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  752.  
  753. # host-key algorithms
  754. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  755. (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
  756. (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
  757. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
  758. `- [warn] using weak random number generator could reveal the key
  759. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  760. (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
  761.  
  762. # encryption algorithms (ciphers)
  763. (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
  764. `- [info] default cipher since OpenSSH 6.9.
  765. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  766. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
  767. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  768. (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
  769. (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
  770. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  771. `- [warn] using weak cipher mode
  772. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  773. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  774. `- [warn] using weak cipher mode
  775. `- [info] available since OpenSSH 2.3.0
  776. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  777. `- [warn] using weak cipher mode
  778. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
  779. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  780. `- [fail] disabled since Dropbear SSH 0.53
  781. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  782. `- [warn] using weak cipher mode
  783. `- [warn] using small 64-bit block size
  784. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  785. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  786. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  787. `- [warn] using weak cipher mode
  788. `- [warn] using small 64-bit block size
  789. `- [info] available since OpenSSH 2.1.0
  790. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  791. `- [warn] using weak cipher
  792. `- [warn] using weak cipher mode
  793. `- [warn] using small 64-bit block size
  794. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  795.  
  796. # message authentication code algorithms
  797. (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
  798. `- [info] available since OpenSSH 6.2
  799. (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
  800. (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
  801. (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
  802. (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
  803. `- [info] available since OpenSSH 6.2
  804. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
  805. `- [warn] using small 64-bit tag size
  806. `- [info] available since OpenSSH 4.7
  807. (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
  808. `- [info] available since OpenSSH 6.2
  809. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
  810. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  811. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
  812. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  813. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
  814. `- [warn] using weak hashing algorithm
  815. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  816.  
  817. # algorithm recommendations (for OpenSSH 7.4)
  818. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
  819. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
  820. (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
  821. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
  822. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
  823. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
  824. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
  825. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
  826. (rec) -blowfish-cbc -- enc algorithm to remove
  827. (rec) -3des-cbc -- enc algorithm to remove
  828. (rec) -aes256-cbc -- enc algorithm to remove
  829. (rec) -cast128-cbc -- enc algorithm to remove
  830. (rec) -aes192-cbc -- enc algorithm to remove
  831. (rec) -aes128-cbc -- enc algorithm to remove
  832. (rec) -hmac-sha2-512 -- mac algorithm to remove
  833. (rec) -umac-128@openssh.com -- mac algorithm to remove
  834. (rec) -hmac-sha2-256 -- mac algorithm to remove
  835. (rec) -umac-64@openssh.com -- mac algorithm to remove
  836. (rec) -hmac-sha1 -- mac algorithm to remove
  837. (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
  838. (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
  839. #######################################################################################################################################
  840. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 06:18 EDT
  841. NSE: [ssh-run] Failed to specify credentials and command to run.
  842. Nmap scan report for www.mop.gov.sd (185.28.23.9)
  843. Host is up (0.22s latency).
  844. rDNS record for 185.28.23.9: srv23-9.hosting24.com
  845.  
  846. PORT STATE SERVICE VERSION
  847. 22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
  848. | ssh-auth-methods:
  849. | Supported authentication methods:
  850. |_ publickey
  851. |_ssh-brute: Password authentication not allowed
  852. | ssh-hostkey:
  853. | 2048 ec:2d:3c:a6:c4:61:d5:11:d4:a4:13:53:d9:dc:23:7a (RSA)
  854. | 256 48:86:03:7a:f8:6d:76:f6:b9:f0:92:ec:7a:5f:f1:5d (ECDSA)
  855. |_ 256 f1:33:6a:fb:fe:b7:15:1e:eb:07:d5:53:dd:fa:88:a0 (ED25519)
  856. | ssh-publickey-acceptance:
  857. |_ Accepted Public Keys: No public keys accepted
  858. |_ssh-run: Failed to specify credentials and command to run.
  859. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  860. Device type: general purpose
  861. Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (89%)
  862. OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:2.6
  863. Aggressive OS guesses: Linux 4.9 (89%), Linux 3.18 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.12 - 4.10 (85%), Linux 3.16 (85%), OpenWrt Chaos Calmer (Linux 3.18) (85%)
  864. No exact OS matches for host (test conditions non-ideal).
  865. Network Distance: 12 hops
  866.  
  867. TRACEROUTE (using port 22/tcp)
  868. HOP RTT ADDRESS
  869. 1 110.32 ms 10.250.200.1
  870. 2 110.58 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
  871. 3 110.56 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
  872. 4 110.58 ms prs-b8-link.telia.net (213.248.70.225)
  873. 5 206.20 ms prs-bb4-link.telia.net (62.115.138.138)
  874. 6 211.47 ms ash-bb4-link.telia.net (62.115.112.242)
  875. 7 208.27 ms cha-b1-link.telia.net (213.155.132.167)
  876. 8 211.06 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
  877. 9 217.07 ms 74.112.175.5
  878. 10 201.73 ms 74.112.175.15
  879. 11 200.23 ms ashv1.main-hosting.com (208.69.231.10)
  880. 12 201.27 ms srv23-9.hosting24.com (185.28.23.9)
  881. #######################################################################################################################################
  882. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
  883. RHOSTS => www.mop.gov.sd
  884. RHOST => www.mop.gov.sd
  885. [*] 185.28.23.9:22 - SSH - Using malformed packet technique
  886. [*] 185.28.23.9:22 - SSH - Starting scan
  887. [-] 185.28.23.9:22 - SSH - User 'admin' not found
  888. [-] 185.28.23.9:22 - SSH - User 'administrator' not found
  889. [-] 185.28.23.9:22 - SSH - User 'anonymous' not found
  890. [-] 185.28.23.9:22 - SSH - User 'backup' not found
  891. [-] 185.28.23.9:22 - SSH - User 'bee' not found
  892. [+] 185.28.23.9:22 - SSH - User 'ftp' found
  893. [-] 185.28.23.9:22 - SSH - User 'guest' not found
  894. [-] 185.28.23.9:22 - SSH - User 'GUEST' not found
  895. [-] 185.28.23.9:22 - SSH - User 'info' not found
  896. [+] 185.28.23.9:22 - SSH - User 'mail' found
  897. [-] 185.28.23.9:22 - SSH - User 'mailadmin' not found
  898. [-] 185.28.23.9:22 - SSH - User 'msfadmin' not found
  899. [-] 185.28.23.9:22 - SSH - User 'mysql' not found
  900. [-] 185.28.23.9:22 - SSH - User 'nobody' on could not connect
  901. [-] 185.28.23.9:22 - SSH - User 'oracle' on could not connect
  902. [-] 185.28.23.9:22 - SSH - User 'owaspbwa' on could not connect
  903. [-] 185.28.23.9:22 - SSH - User 'postfix' on could not connect
  904. [-] 185.28.23.9:22 - SSH - User 'postgres' on could not connect
  905. [-] 185.28.23.9:22 - SSH - User 'private' on could not connect
  906. [-] 185.28.23.9:22 - SSH - User 'proftpd' on could not connect
  907. [-] 185.28.23.9:22 - SSH - User 'public' on could not connect
  908. [-] 185.28.23.9:22 - SSH - User 'root' on could not connect
  909. [-] 185.28.23.9:22 - SSH - User 'superadmin' on could not connect
  910. [-] 185.28.23.9:22 - SSH - User 'support' on could not connect
  911. [-] 185.28.23.9:22 - SSH - User 'sys' on could not connect
  912. [-] 185.28.23.9:22 - SSH - User 'system' on could not connect
  913. [-] 185.28.23.9:22 - SSH - User 'systemadmin' on could not connect
  914. [-] 185.28.23.9:22 - SSH - User 'systemadministrator' on could not connect
  915. [-] 185.28.23.9:22 - SSH - User 'test' on could not connect
  916. [-] 185.28.23.9:22 - SSH - User 'tomcat' on could not connect
  917. [-] 185.28.23.9:22 - SSH - User 'user' on could not connect
  918. [-] 185.28.23.9:22 - SSH - User 'webmaster' on could not connect
  919. [-] 185.28.23.9:22 - SSH - User 'www-data' on could not connect
  920. [-] 185.28.23.9:22 - SSH - User 'Fortimanager_Access' on could not connect
  921. [*] Scanned 1 of 1 hosts (100% complete)
  922. [*] Auxiliary module execution completed
  923. #######################################################################################################################################
  924. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 06:31 EDT
  925. Nmap scan report for www.mop.gov.sd (185.28.23.9)
  926. Host is up (0.20s latency).
  927. rDNS record for 185.28.23.9: srv23-9.hosting24.com
  928.  
  929. PORT STATE SERVICE VERSION
  930. 53/tcp open domain ISC BIND 9.9.4 (RedHat Enterprise Linux 7)
  931. |_dns-fuzz: Server didn't response to our probe, can't fuzz
  932. | dns-nsec-enum:
  933. |_ No NSEC records found
  934. | dns-nsec3-enum:
  935. |_ DNSSEC NSEC3 not supported
  936. | dns-nsid:
  937. |_ bind.version: 9.9.4-RedHat-9.9.4-73.el7_6
  938. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  939. Device type: general purpose
  940. Running (JUST GUESSING): Linux 4.X|3.X (89%)
  941. OS CPE: cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:3.18
  942. Aggressive OS guesses: Linux 4.9 (89%), Linux 3.18 (86%)
  943. No exact OS matches for host (test conditions non-ideal).
  944. Network Distance: 12 hops
  945. Service Info: OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
  946.  
  947. Host script results:
  948. | dns-brute:
  949. | DNS Brute-force hostnames:
  950. | mail.mop.gov.sd - 185.28.23.9
  951. | www.mop.gov.sd - 185.28.23.9
  952. |_ ftp.mop.gov.sd - 185.28.23.9
  953.  
  954. TRACEROUTE (using port 53/tcp)
  955. HOP RTT ADDRESS
  956. 1 115.79 ms 10.250.200.1
  957. 2 116.01 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
  958. 3 115.83 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
  959. 4 116.58 ms prs-b8-link.telia.net (213.248.70.225)
  960. 5 211.46 ms prs-bb4-link.telia.net (62.115.138.138)
  961. 6 215.84 ms ash-bb4-link.telia.net (62.115.112.242)
  962. 7 204.25 ms cha-b1-link.telia.net (213.155.132.167)
  963. 8 210.84 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
  964. 9 214.89 ms 74.112.175.5
  965. 10 201.59 ms 74.112.175.15
  966. 11 200.41 ms ashv1.main-hosting.com (208.69.231.10)
  967. 12 212.66 ms srv23-9.hosting24.com (185.28.23.9)
  968. #######################################################################################################################################
  969. http://www.mop.gov.sd [200 OK] Cookies[GXDPHP], Country[LITHUANIA][LT], Email[info@mopg.gov.sd], HTML5, HttpOnly[GXDPHP], IP[185.28.23.9], JQuery[1.11.2], MetaGenerator[Croogo - Content Management System], Modernizr, PHP[5.6.40], PasswordField[data[User][password]], PoweredBy[:], Script[text/javascript], Title[الصفحة الرئيسة &raquo; وزارة النفط والغاز والمعادن], X-Powered-By[PHP/5.6.40], X-UA-Compatible[IE=edge]
  970. #######################################################################################################################################
  971.  
  972. wig - WebApp Information Gatherer
  973.  
  974.  
  975. Scanning http://www.mop.gov.sd...
  976. __________________________ SITE INFO ___________________________
  977. IP Title
  978. 185.28.23.9 الصفحة الرئيسة &raquo; وزارة النفط والغاز و
  979.  
  980. ___________________________ VERSION ____________________________
  981. Name Versions Type
  982. PHP 5.6.40 Platform
  983.  
  984. _________________________ INTERESTING __________________________
  985. URL Note Type
  986. /sql/ This might be interesting Interesting
  987.  
  988. ________________________________________________________________
  989. Time: 1040.9 sec Urls: 680 Fingerprints: 40401
  990. #######################################################################################################################################
  991. HTTP/1.1 200 OK
  992. X-Powered-By: PHP/5.6.40
  993. Set-Cookie: GXDPHP=vjo5crprl3plpim29n1qepekl3; expires=Wed, 29-May-2019 10:50:33 GMT; Max-Age=2160000; path=/; HttpOnly
  994. Content-Type: text/html; charset=UTF-8
  995. Content-Length: 98027
  996. Date: Sat, 04 May 2019 10:50:41 GMT
  997. Connection: keep-alive
  998.  
  999. HTTP/1.1 200 OK
  1000. X-Powered-By: PHP/5.6.40
  1001. Set-Cookie: GXDPHP=6b3q1041s1255d1ldb2vdj60m2; expires=Wed, 29-May-2019 10:50:46 GMT; Max-Age=2160000; path=/; HttpOnly
  1002. Content-Type: text/html; charset=UTF-8
  1003. Content-Length: 98026
  1004. Date: Sat, 04 May 2019 10:50:58 GMT
  1005. Connection: keep-alive
  1006. #######################################################################################################################################
  1007. Apache 2.2.16
  1008. AngularJS
  1009. reCAPTCHA
  1010. WordPress 2.5
  1011. #######################################################################################################################################
  1012. Version: 1.11.13-static
  1013. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1014.  
  1015. Connected to 185.28.23.9
  1016.  
  1017. Testing SSL server www.mop.gov.sd on port 443 using SNI name www.mop.gov.sd
  1018.  
  1019. TLS Fallback SCSV:
  1020. Server supports TLS Fallback SCSV
  1021.  
  1022. TLS renegotiation:
  1023. Session renegotiation not supported
  1024.  
  1025. TLS Compression:
  1026. Compression disabled
  1027.  
  1028. Heartbleed:
  1029. TLS 1.2 not vulnerable to heartbleed
  1030. TLS 1.1 not vulnerable to heartbleed
  1031. TLS 1.0 not vulnerable to heartbleed
  1032.  
  1033. Supported Server Cipher(s):
  1034. Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  1035. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  1036. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
  1037. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
  1038. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  1039. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1040. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  1041. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1042. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
  1043. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  1044. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
  1045. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  1046. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  1047. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  1048. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  1049. Accepted TLSv1.2 128 bits AES128-SHA256
  1050. Accepted TLSv1.2 256 bits AES256-SHA256
  1051. Accepted TLSv1.2 128 bits AES128-SHA
  1052. Accepted TLSv1.2 256 bits AES256-SHA
  1053. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  1054. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  1055. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  1056. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  1057. Accepted TLSv1.2 112 bits DES-CBC3-SHA
  1058. Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1059. Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1060. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  1061. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  1062. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  1063. Accepted TLSv1.1 128 bits AES128-SHA
  1064. Accepted TLSv1.1 256 bits AES256-SHA
  1065. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  1066. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  1067. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  1068. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  1069. Accepted TLSv1.1 112 bits DES-CBC3-SHA
  1070.  
  1071. SSL Certificate:
  1072. Signature Algorithm: sha256WithRSAEncryption
  1073. RSA Key Strength: 2048
  1074.  
  1075. Subject: mopg.gov.sd
  1076. Altnames: DNS:mopg.gov.sd, DNS:mail.mopg.gov.sd, DNS:www.mopg.gov.sd, DNS:cpanel.mopg.gov.sd, DNS:webdisk.mopg.gov.sd, DNS:webmail.mopg.gov.sd
  1077. Issuer: mopg.gov.sd
  1078.  
  1079. Not valid before: Apr 6 17:05:42 2019 GMT
  1080. Not valid after: Apr 5 17:05:42 2020 GMT
  1081. #######################################################################################################################################
  1082. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 06:54 EDT
  1083. Nmap scan report for www.mop.gov.sd (185.28.23.9)
  1084. Host is up.
  1085. rDNS record for 185.28.23.9: srv23-9.hosting24.com
  1086.  
  1087. PORT STATE SERVICE VERSION
  1088. 3306/tcp filtered mysql
  1089. Too many fingerprints match this host to give specific OS details
  1090.  
  1091. TRACEROUTE (using proto 1/icmp)
  1092. HOP RTT ADDRESS
  1093. 1 114.70 ms 10.250.200.1
  1094. 2 115.98 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
  1095. 3 116.00 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
  1096. 4 115.72 ms prs-b8-link.telia.net (213.248.70.225)
  1097. 5 210.78 ms prs-bb3-link.telia.net (62.115.138.132)
  1098. 6 ...
  1099. 7 211.50 ms cha-b1-link.telia.net (213.155.132.167)
  1100. 8 228.75 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
  1101. 9 219.35 ms 74.112.175.7
  1102. 10 222.57 ms 74.112.175.17
  1103. 11 212.80 ms ashv1.main-hosting.com (208.69.231.10)
  1104. 12 ... 30
  1105. ######################################################################################################################################
  1106. --------------------------------------------------------
  1107. <<<Yasuo discovered following vulnerable applications>>>
  1108. --------------------------------------------------------
  1109. +----------+-----------------------------+----------------------------------------------+----------+----------+
  1110. | App Name | URL to Application | Potential Exploit | Username | Password |
  1111. +----------+-----------------------------+----------------------------------------------+----------+----------+
  1112. | SVN | http://185.28.23.9:80/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
  1113. +----------+-----------------------------+----------------------------------------------+----------+----------+
  1114. #######################################################################################################################################
  1115. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:47 EDT
  1116. Nmap scan report for srv23-9.hosting24.com (185.28.23.9)
  1117. Host is up (0.11s latency).
  1118. Not shown: 2 filtered ports
  1119. PORT STATE SERVICE
  1120. 53/udp open|filtered domain
  1121. 67/udp open|filtered dhcps
  1122. 68/udp open|filtered dhcpc
  1123. 69/udp open|filtered tftp
  1124. 88/udp open|filtered kerberos-sec
  1125. 123/udp open|filtered ntp
  1126. 139/udp open|filtered netbios-ssn
  1127. 161/udp open|filtered snmp
  1128. 162/udp open|filtered snmptrap
  1129. 389/udp open|filtered ldap
  1130. 520/udp open|filtered route
  1131. 2049/udp open|filtered nfs
  1132. #######################################################################################################################################
  1133. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:47 EDT
  1134. Nmap scan report for srv23-9.hosting24.com (185.28.23.9)
  1135. Host is up.
  1136.  
  1137. PORT STATE SERVICE VERSION
  1138. 67/udp open|filtered dhcps
  1139. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  1140. Too many fingerprints match this host to give specific OS details
  1141.  
  1142. TRACEROUTE (using proto 1/icmp)
  1143. HOP RTT ADDRESS
  1144. 1 110.45 ms 10.250.200.1
  1145. 2 113.56 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
  1146. 3 111.76 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
  1147. 4 111.98 ms prs-b8-link.telia.net (213.248.70.225)
  1148. 5 206.37 ms prs-bb3-link.telia.net (62.115.138.132)
  1149. 6 209.45 ms ash-bb4-link.telia.net (62.115.112.242)
  1150. 7 206.42 ms cha-b1-link.telia.net (213.155.132.167)
  1151. 8 223.45 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
  1152. 9 213.66 ms 74.112.175.7
  1153. 10 217.12 ms 74.112.175.17
  1154. 11 213.43 ms ashv1.main-hosting.com (208.69.231.10)
  1155. 12 ... 30
  1156. #######################################################################################################################################
  1157. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:49 EDT
  1158. Nmap scan report for srv23-9.hosting24.com (185.28.23.9)
  1159. Host is up.
  1160.  
  1161. PORT STATE SERVICE VERSION
  1162. 68/udp open|filtered dhcpc
  1163. Too many fingerprints match this host to give specific OS details
  1164.  
  1165. TRACEROUTE (using proto 1/icmp)
  1166. HOP RTT ADDRESS
  1167. 1 110.72 ms 10.250.200.1
  1168. 2 111.09 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
  1169. 3 110.77 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
  1170. 4 110.79 ms prs-b8-link.telia.net (213.248.70.225)
  1171. 5 206.57 ms prs-bb3-link.telia.net (62.115.138.132)
  1172. 6 210.76 ms ash-bb4-link.telia.net (62.115.112.242)
  1173. 7 207.95 ms cha-b1-link.telia.net (213.155.132.167)
  1174. 8 225.00 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
  1175. 9 217.05 ms 74.112.175.7
  1176. 10 219.54 ms 74.112.175.17
  1177. 11 212.43 ms ashv1.main-hosting.com (208.69.231.10)
  1178. 12 ... 30
  1179. #######################################################################################################################################
  1180. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:50 EDT
  1181. Nmap scan report for srv23-9.hosting24.com (185.28.23.9)
  1182. Host is up.
  1183.  
  1184. PORT STATE SERVICE VERSION
  1185. 69/udp open|filtered tftp
  1186. Too many fingerprints match this host to give specific OS details
  1187.  
  1188. TRACEROUTE (using proto 1/icmp)
  1189. HOP RTT ADDRESS
  1190. 1 110.26 ms 10.250.200.1
  1191. 2 110.36 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
  1192. 3 110.32 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
  1193. 4 110.35 ms prs-b8-link.telia.net (213.248.70.225)
  1194. 5 206.82 ms prs-bb3-link.telia.net (62.115.138.132)
  1195. 6 210.27 ms ash-bb4-link.telia.net (62.115.112.242)
  1196. 7 207.38 ms cha-b1-link.telia.net (213.155.132.167)
  1197. 8 224.67 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
  1198. 9 215.25 ms 74.112.175.7
  1199. 10 218.59 ms 74.112.175.17
  1200. 11 330.06 ms ashv1.main-hosting.com (208.69.231.10)
  1201. 12 ... 30
  1202. #######################################################################################################################################
  1203. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:53 EDT
  1204. Nmap scan report for srv23-9.hosting24.com (185.28.23.9)
  1205. Host is up.
  1206.  
  1207. PORT STATE SERVICE VERSION
  1208. 123/udp open|filtered ntp
  1209. Too many fingerprints match this host to give specific OS details
  1210.  
  1211. TRACEROUTE (using proto 1/icmp)
  1212. HOP RTT ADDRESS
  1213. 1 115.03 ms 10.250.200.1
  1214. 2 115.43 ms vlan200.as02.par3.fr.m247.com (194.59.249.145)
  1215. 3 115.07 ms xe-2-0-1-0.bb2.par1.fr.m247.com (212.103.51.52)
  1216. 4 116.23 ms prs-b8-link.telia.net (213.248.70.225)
  1217. 5 211.08 ms prs-bb3-link.telia.net (62.115.138.132)
  1218. 6 215.25 ms ash-bb4-link.telia.net (62.115.112.242)
  1219. 7 206.22 ms cha-b1-link.telia.net (213.155.132.167)
  1220. 8 223.35 ms giglinx-ic-156088-cha-b1.c.telia.net (213.248.68.138)
  1221. 9 213.53 ms 74.112.175.7
  1222. 10 217.17 ms 74.112.175.17
  1223. 11 213.12 ms ashv1.main-hosting.com (208.69.231.10)
  1224. 12 ... 30
  1225. #######################################################################################################################################
  1226. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:55 EDT
  1227. NSE: Loaded 148 scripts for scanning.
  1228. NSE: Script Pre-scanning.
  1229. NSE: Starting runlevel 1 (of 2) scan.
  1230. Initiating NSE at 08:55
  1231. Completed NSE at 08:55, 0.00s elapsed
  1232. NSE: Starting runlevel 2 (of 2) scan.
  1233. Initiating NSE at 08:55
  1234. Completed NSE at 08:55, 0.00s elapsed
  1235. Initiating Ping Scan at 08:55
  1236. Scanning 185.28.23.9 [4 ports]
  1237. Completed Ping Scan at 08:55, 2.04s elapsed (1 total hosts)
  1238. Nmap scan report for 185.28.23.9 [host down, received no-response]
  1239. NSE: Script Post-scanning.
  1240. NSE: Starting runlevel 1 (of 2) scan.
  1241. Initiating NSE at 08:55
  1242. Completed NSE at 08:55, 0.00s elapsed
  1243. NSE: Starting runlevel 2 (of 2) scan.
  1244. Initiating NSE at 08:55
  1245. Completed NSE at 08:55, 0.00s elapsed
  1246. Read data files from: /usr/bin/../share/nmap
  1247. Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
  1248. Nmap done: 1 IP address (0 hosts up) scanned in 2.62 seconds
  1249. Raw packets sent: 8 (304B) | Rcvd: 0 (0B)
  1250. #######################################################################################################################################
  1251. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-04 08:55 EDT
  1252. NSE: Loaded 148 scripts for scanning.
  1253. NSE: Script Pre-scanning.
  1254. Initiating NSE at 08:55
  1255. Completed NSE at 08:55, 0.00s elapsed
  1256. Initiating NSE at 08:55
  1257. Completed NSE at 08:55, 0.00s elapsed
  1258. Initiating Parallel DNS resolution of 1 host. at 08:55
  1259. Completed Parallel DNS resolution of 1 host. at 08:55, 0.03s elapsed
  1260. Initiating UDP Scan at 08:55
  1261. Scanning srv23-9.hosting24.com (185.28.23.9) [14 ports]
  1262. Completed UDP Scan at 08:55, 2.90s elapsed (14 total ports)
  1263. Initiating Service scan at 08:55
  1264. Scanning 12 services on srv23-9.hosting24.com (185.28.23.9)
  1265. Service scan Timing: About 8.33% done; ETC: 09:15 (0:17:58 remaining)
  1266. Completed Service scan at 08:57, 102.59s elapsed (12 services on 1 host)
  1267. Initiating OS detection (try #1) against srv23-9.hosting24.com (185.28.23.9)
  1268. Retrying OS detection (try #2) against srv23-9.hosting24.com (185.28.23.9)
  1269. Initiating Traceroute at 08:57
  1270. Completed Traceroute at 08:57, 7.14s elapsed
  1271. Initiating Parallel DNS resolution of 1 host. at 08:57
  1272. Completed Parallel DNS resolution of 1 host. at 08:57, 0.00s elapsed
  1273. NSE: Script scanning 185.28.23.9.
  1274. Initiating NSE at 08:57
  1275. Completed NSE at 08:58, 20.31s elapsed
  1276. Initiating NSE at 08:58
  1277. Completed NSE at 08:58, 1.03s elapsed
  1278. Nmap scan report for srv23-9.hosting24.com (185.28.23.9)
  1279. Host is up (0.11s latency).
  1280.  
  1281. PORT STATE SERVICE VERSION
  1282. 53/udp open|filtered domain
  1283. 67/udp open|filtered dhcps
  1284. 68/udp open|filtered dhcpc
  1285. 69/udp open|filtered tftp
  1286. 88/udp open|filtered kerberos-sec
  1287. 123/udp open|filtered ntp
  1288. 137/udp filtered netbios-ns
  1289. 138/udp filtered netbios-dgm
  1290. 139/udp open|filtered netbios-ssn
  1291. 161/udp open|filtered snmp
  1292. 162/udp open|filtered snmptrap
  1293. 389/udp open|filtered ldap
  1294. 520/udp open|filtered route
  1295. 2049/udp open|filtered nfs
  1296. Too many fingerprints match this host to give specific OS details
  1297.  
  1298. TRACEROUTE (using port 137/udp)
  1299. HOP RTT ADDRESS
  1300. 1 109.72 ms 10.250.200.1
  1301. 2 ... 3
  1302. 4 109.00 ms 10.250.200.1
  1303. 5 109.38 ms 10.250.200.1
  1304. 6 109.37 ms 10.250.200.1
  1305. 7 109.36 ms 10.250.200.1
  1306. 8 109.36 ms 10.250.200.1
  1307. 9 109.37 ms 10.250.200.1
  1308. 10 109.39 ms 10.250.200.1
  1309. 11 ... 18
  1310. 19 112.86 ms 10.250.200.1
  1311. 20 109.29 ms 10.250.200.1
  1312. 21 ... 28
  1313. 29 109.96 ms 10.250.200.1
  1314. 30 110.19 ms 10.250.200.1
  1315.  
  1316. NSE: Script Post-scanning.
  1317. Initiating NSE at 08:58
  1318. Completed NSE at 08:58, 0.00s elapsed
  1319. Initiating NSE at 08:58
  1320. Completed NSE at 08:58, 0.00s elapsed
  1321. Read data files from: /usr/bin/../share/nmap
  1322. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1323. Nmap done: 1 IP address (1 host up) scanned in 138.97 seconds
  1324. Raw packets sent: 147 (13.614KB) | Rcvd: 25 (2.746KB)
  1325. #######################################################################################################################################
  1326. Anonymous JTSEC #OpSudan Full Recon #68
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!