Advertisement
Guest User

Anonymous JTSEC #OpSudan Full Recon #15

a guest
Feb 16th, 2019
1,611
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Hostname fashir.edu.sd ISP SUDREN
  4. Continent Africa Flag
  5. SD
  6. Country Sudan Country Code SD
  7. Region Khartoum Local time 16 Feb 2019 16:33 CAT
  8. City Khartoum Postal Code Unknown
  9. IP Address 41.67.16.100 Latitude 15.588
  10. Longitude 32.534
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > fashir.edu.sd
  14. Server: 38.132.106.139
  15. Address: 38.132.106.139#53
  16.  
  17. Non-authoritative answer:
  18. Name: fashir.edu.sd
  19. Address: 41.67.16.100
  20. >
  21. #######################################################################################################################################
  22. HostIP:41.67.16.100
  23. HostName:fashir.edu.sd
  24.  
  25. Gathered Inet-whois information for 41.67.16.100
  26. ---------------------------------------------------------------------------------------------------------------------------------------
  27.  
  28.  
  29. inetnum: 38.0.0.0 - 43.225.111.255
  30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  31. descr: IPv4 address block not managed by the RIPE NCC
  32. remarks: ------------------------------------------------------
  33. remarks:
  34. remarks: For registration information,
  35. remarks: you can consult the following sources:
  36. remarks:
  37. remarks: IANA
  38. remarks: http://www.iana.org/assignments/ipv4-address-space
  39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
  40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
  41. remarks:
  42. remarks: AFRINIC (Africa)
  43. remarks: http://www.afrinic.net/ whois.afrinic.net
  44. remarks:
  45. remarks: APNIC (Asia Pacific)
  46. remarks: http://www.apnic.net/ whois.apnic.net
  47. remarks:
  48. remarks: ARIN (Northern America)
  49. remarks: http://www.arin.net/ whois.arin.net
  50. remarks:
  51. remarks: LACNIC (Latin America and the Carribean)
  52. remarks: http://www.lacnic.net/ whois.lacnic.net
  53. remarks:
  54. remarks: ------------------------------------------------------
  55. country: EU # Country is really world wide
  56. admin-c: IANA1-RIPE
  57. tech-c: IANA1-RIPE
  58. status: ALLOCATED UNSPECIFIED
  59. mnt-by: RIPE-NCC-HM-MNT
  60. created: 2019-01-07T10:45:04Z
  61. last-modified: 2019-01-07T10:45:04Z
  62. source: RIPE
  63.  
  64. role: Internet Assigned Numbers Authority
  65. address: see http://www.iana.org.
  66. admin-c: IANA1-RIPE
  67. tech-c: IANA1-RIPE
  68. nic-hdl: IANA1-RIPE
  69. remarks: For more information on IANA services
  70. remarks: go to IANA web site at http://www.iana.org.
  71. mnt-by: RIPE-NCC-MNT
  72. created: 1970-01-01T00:00:00Z
  73. last-modified: 2001-09-22T09:31:27Z
  74. source: RIPE # Filtered
  75.  
  76. % Information related to '41.67.0.0/18AS37179'
  77.  
  78. route: 41.67.0.0/18
  79. descr: SUIN Network IP range
  80. origin: AS37179
  81. mnt-by: TA56580-MNT
  82. created: 2010-12-19T19:48:25Z
  83. last-modified: 2018-09-04T16:25:57Z
  84. source: RIPE-NONAUTH
  85.  
  86. % Information related to '41.67.0.0/18AS37197'
  87.  
  88. route: 41.67.0.0/18
  89. descr: SUIN Network IP range
  90. origin: AS37197
  91. mnt-by: TA56580-MNT
  92. created: 2010-12-20T07:02:58Z
  93. last-modified: 2018-09-04T16:25:57Z
  94. source: RIPE-NONAUTH
  95.  
  96. % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
  97.  
  98.  
  99.  
  100. Gathered Inic-whois information for fashir.edu.sd
  101. ---------------------------------------------------------------------------------------------------------------------------------------
  102. Error: Unable to connect - Invalid Host
  103. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  104. close error
  105.  
  106. Gathered Netcraft information for fashir.edu.sd
  107. ---------------------------------------------------------------------------------------------------------------------------------------
  108.  
  109. Retrieving Netcraft.com information for fashir.edu.sd
  110. Netcraft.com Information gathered
  111.  
  112. Gathered Subdomain information for fashir.edu.sd
  113. ---------------------------------------------------------------------------------------------------------------------------------------
  114. Searching Google.com:80...
  115. HostName:www.fashir.edu.sd
  116. HostIP:41.67.16.100
  117. HostName:mail.fashir.edu.sd
  118. HostIP:41.67.16.100
  119. Searching Altavista.com:80...
  120. Found 2 possible subdomain(s) for host fashir.edu.sd, Searched 0 pages containing 0 results
  121.  
  122. Gathered E-Mail information for fashir.edu.sd
  123. ---------------------------------------------------------------------------------------------------------------------------------------
  124. Searching Google.com:80...
  125. Searching Altavista.com:80...
  126. Found 0 E-Mail(s) for host fashir.edu.sd, Searched 0 pages containing 0 results
  127.  
  128. Gathered TCP Port information for 41.67.16.100
  129. ---------------------------------------------------------------------------------------------------------------------------------------
  130.  
  131. Port State
  132.  
  133. 21/tcp open
  134. 22/tcp open
  135. 53/tcp open
  136. 80/tcp open
  137. 110/tcp open
  138. 143/tcp open
  139.  
  140. Portscan Finished: Scanned 150 ports, 143 ports were in state closed
  141. #######################################################################################################################################
  142. [i] Scanning Site: http://fashir.edu.sd
  143.  
  144.  
  145.  
  146. B A S I C I N F O
  147. =======================================================================================================================================
  148.  
  149.  
  150. [+] Site Title: جامعة الفاشر
  151. [+] IP address: 41.67.16.100
  152. [+] Web Server: Could Not Detect
  153. [+] CMS: Could Not Detect
  154. [+] Cloudflare: Not Detected
  155. [+] Robots File: Could NOT Find robots.txt!
  156.  
  157.  
  158.  
  159.  
  160.  
  161. G E O I P L O O K U P
  162. =======================================================================================================================================
  163.  
  164. [i] IP Address: 41.67.16.100
  165. [i] Country: Sudan
  166. [i] State: Khartoum
  167. [i] City: Khartoum
  168. [i] Latitude: 15.5881
  169. [i] Longitude: 32.5342
  170.  
  171.  
  172.  
  173.  
  174. H T T P H E A D E R S
  175. =======================================================================================================================================
  176.  
  177.  
  178. [i] HTTP/1.1 200 OK
  179. [i] Date: Sat, 16 Feb 2019 14:38:41 GMT
  180. [i] Last-Modified: Thu, 14 Feb 2019 09:32:48 GMT
  181. [i] ETag: "1ef-581d7576fbf0c"
  182. [i] Accept-Ranges: bytes
  183. [i] Content-Length: 495
  184. [i] Vary: Accept-Encoding
  185. [i] Content-Type: text/html
  186. [i] Connection: close
  187.  
  188.  
  189.  
  190.  
  191. D N S L O O K U P
  192. =======================================================================================================================================
  193.  
  194. fashir.edu.sd. 3599 IN NS ns2.fashir.edu.sd.
  195. fashir.edu.sd. 3599 IN NS ns1.fashir.edu.sd.
  196. fashir.edu.sd. 3599 IN SOA ns1.fashir.edu.sd. motasim.live.com. 2018121902 7200 540 604800 86400
  197. fashir.edu.sd. 3599 IN A 41.67.16.100
  198.  
  199.  
  200.  
  201.  
  202. S U B N E T C A L C U L A T I O N
  203. =======================================================================================================================================
  204.  
  205. Address = 41.67.16.100
  206. Network = 41.67.16.100 / 32
  207. Netmask = 255.255.255.255
  208. Broadcast = not needed on Point-to-Point links
  209. Wildcard Mask = 0.0.0.0
  210. Hosts Bits = 0
  211. Max. Hosts = 1 (2^0 - 0)
  212. Host Range = { 41.67.16.100 - 41.67.16.100 }
  213.  
  214.  
  215.  
  216. N M A P P O R T S C A N
  217. =======================================================================================================================================
  218.  
  219.  
  220. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-16 14:38 UTC
  221. Nmap scan report for fashir.edu.sd (41.67.16.100)
  222. Host is up (0.17s latency).
  223. PORT STATE SERVICE
  224. 21/tcp open ftp
  225. 22/tcp open ssh
  226. 23/tcp closed telnet
  227. 80/tcp open http
  228. 110/tcp open pop3
  229. 143/tcp open imap
  230. 443/tcp open https
  231. 3389/tcp closed ms-wbt-server
  232.  
  233. Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
  234.  
  235.  
  236.  
  237. S U B - D O M A I N F I N D E R
  238. =======================================================================================================================================
  239.  
  240.  
  241. [i] Total Subdomains Found : 2
  242.  
  243. [+] Subdomain: mail.fashir.edu.sd
  244. [-] IP: 41.67.16.100
  245.  
  246. [+] Subdomain: www.fashir.edu.sd
  247. [-] IP: 41.67.16.100
  248.  
  249. #######################################################################################################################################
  250. [?] Enter the target: example( http://domain.com )
  251. http://fashir.edu.sd/
  252. [!] IP Address : 41.67.16.100
  253. [+] Operating System : Ubuntu"
  254. [!] fashir.edu.sd doesn't seem to use a CMS
  255. [+] Honeypot Probabilty: 30%
  256. ---------------------------------------------------------------------------------------------------------------------------------------
  257. [~] Trying to gather whois information for fashir.edu.sd
  258. [+] Whois information found
  259. [-] Unable to build response, visit https://who.is/whois/fashir.edu.sd
  260. --------------------------------------------------------------------------------------------------------------------------------------
  261. PORT STATE SERVICE
  262. 21/tcp open ftp
  263. 22/tcp open ssh
  264. 23/tcp closed telnet
  265. 80/tcp open http
  266. 110/tcp open pop3
  267. 143/tcp open imap
  268. 443/tcp open https
  269. 3389/tcp closed ms-wbt-server
  270. Nmap done: 1 IP address (1 host up) scanned in 0.64 seconds
  271. ---------------------------------------------------------------------------------------------------------------------------------------
  272.  
  273. [+] DNS Records
  274. ns1.fashir.edu.sd. (41.67.16.100) AS37197 SUDREN Sudan
  275. ns2.fashir.edu.sd. (41.67.16.100) AS37197 SUDREN Sudan
  276.  
  277. [+] MX Records
  278. 10 (41.67.16.100) AS37197 SUDREN Sudan
  279.  
  280. [+] Host Records (A)
  281. ns2.fashir.edu.sd (41.67.16.100) AS37197 SUDREN Sudan
  282. mail.fashir.edu.sd (41.67.16.100) AS37197 SUDREN Sudan
  283. www.fashir.edu.sd (41.67.16.100) AS37197 SUDREN Sudan
  284.  
  285. [+] TXT Records
  286. "v=spf1 mx a ~all"
  287.  
  288. [+] DNS Map: https://dnsdumpster.com/static/map/fashir.edu.sd.png
  289.  
  290. [>] Initiating 3 intel modules
  291. [>] Loading Alpha module (1/3)
  292. [>] Beta module deployed (2/3)
  293. [>] Gamma module initiated (3/3)
  294.  
  295.  
  296. [+] Emails found:
  297. ---------------------------------------------------------------------------------------------------------------------------------------
  298. academy@fashir.edu.sd
  299. admin@fashir.edu.sd
  300. mahgoubturath@fashir.edu.sd
  301. pixel-1550327929497162-web-@fashir.edu.sd
  302. pixel-1550327930511686-web-@fashir.edu.sd
  303.  
  304. [+] Hosts found in search engines:
  305. ---------------------------------------------------------------------------------------------------------------------------------------
  306. [-] Resolving hostnames IPs...
  307. 41.67.16.100:ns1.fashir.edu.sd
  308. 41.67.16.100:ns2.fashir.edu.sd
  309. 41.67.16.100:www.fashir.edu.sd
  310. [+] Virtual hosts:
  311. ---------------------------------------------------------------------------------------------------------------------------------------
  312. #######################################################################################################################################
  313. Enter Address Website = fashir.edu.sd
  314.  
  315.  
  316.  
  317. Reversing IP With HackTarget 'fashir.edu.sd'
  318. ---------------------------------------------------------------------------------------------------------------------------------------
  319.  
  320. [+] fashir.edu.sd
  321. [+] karary.edu.sd
  322. [+] mail.fashir.edu.sd
  323. [+] mail.karary.edu.sd
  324. [+] newpanel.sudren.edu.sd
  325. [+] ns2.fashir.edu.sd
  326. [+] uek.edu.sd
  327. [+] www.fashir.edu.sd
  328. [+] www.karary.edu.sd
  329. [+] www.uek.edu.sd
  330. #######################################################################################################################################
  331.  
  332. Reverse IP With YouGetSignal 'fashir.edu.sd'
  333. ---------------------------------------------------------------------------------------------------------------------------------------
  334.  
  335. [*] IP: 41.67.16.100
  336. [*] Domain: fashir.edu.sd
  337. [*] Total Domains: 4
  338.  
  339. [+] fashir.edu.sd
  340. [+] karary.edu.sd
  341. [+] www.karary.edu.sd
  342. [+] www.uek.edu.sd
  343. #######################################################################################################################################
  344.  
  345. Geo IP Lookup 'fashir.edu.sd'
  346. ---------------------------------------------------------------------------------------------------------------------------------------
  347.  
  348. [+] IP Address: 41.67.16.100
  349. [+] Country: Sudan
  350. [+] State: Khartoum
  351. [+] City: Khartoum
  352. [+] Latitude: 15.5881
  353. [+] Longitude: 32.5342
  354. #######################################################################################################################################
  355.  
  356. DNS Lookup 'fashir.edu.sd'
  357. ---------------------------------------------------------------------------------------------------------------------------------------
  358.  
  359. [+] fashir.edu.sd. 3599 IN NS ns1.fashir.edu.sd.
  360. [+] fashir.edu.sd. 3599 IN NS ns2.fashir.edu.sd.
  361. [+] fashir.edu.sd. 3599 IN SOA ns1.fashir.edu.sd. motasim.live.com. 2018121902 7200 540 604800 86400
  362. [+] fashir.edu.sd. 3599 IN A 41.67.16.100
  363. #######################################################################################################################################
  364.  
  365. Show HTTP Header 'fashir.edu.sd'
  366. ---------------------------------------------------------------------------------------------------------------------------------------
  367.  
  368. [+] HTTP/1.1 200 OK
  369. [+] Date: Sat, 16 Feb 2019 14:38:34 GMT
  370. [+] Server: Apache/2.4.18 (Ubuntu)
  371. [+] Last-Modified: Thu, 14 Feb 2019 09:32:48 GMT
  372. [+] ETag: 1ef-581d7576fbf0c
  373. [+] Accept-Ranges: bytes
  374. [+] Content-Length: 495
  375. [+] Vary: Accept-Encoding
  376. [+] Content-Type: text/html
  377. #######################################################################################################################################
  378.  
  379. Port Scan 'fashir.edu.sd'
  380. ---------------------------------------------------------------------------------------------------------------------------------------
  381.  
  382.  
  383. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-16 14:38 UTC
  384. Nmap scan report for fashir.edu.sd (41.67.16.100)
  385. Host is up (0.17s latency).
  386. PORT STATE SERVICE
  387. 21/tcp open ftp
  388. 22/tcp open ssh
  389. 23/tcp closed telnet
  390. 80/tcp open http
  391. 110/tcp open pop3
  392. 143/tcp open imap
  393. 443/tcp open https
  394. 3389/tcp closed ms-wbt-server
  395.  
  396. Nmap done: 1 IP address (1 host up) scanned in 3.11 seconds
  397. #######################################################################################################################################
  398.  
  399. Traceroute 'fashir.edu.sd'
  400. ---------------------------------------------------------------------------------------------------------------------------------------
  401.  
  402. Start: 2019-02-16T14:38:43+0000
  403. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  404. 1.|-- 45.79.12.202 0.0% 3 0.7 0.8 0.7 0.8 0.0
  405. 2.|-- 45.79.12.2 0.0% 3 0.6 0.7 0.5 1.1 0.3
  406. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.7 1.6 1.5 1.7 0.1
  407. 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 1.7 1.9 1.7 2.4 0.4
  408. 5.|-- be2443.ccr42.iah01.atlas.cogentco.com 0.0% 3 7.0 7.0 7.0 7.0 0.0
  409. 6.|-- be2690.ccr42.atl01.atlas.cogentco.com 0.0% 3 21.2 21.2 21.0 21.5 0.3
  410. 7.|-- be2113.ccr42.dca01.atlas.cogentco.com 0.0% 3 32.1 32.0 31.9 32.1 0.1
  411. 8.|-- be2807.ccr42.jfk02.atlas.cogentco.com 0.0% 3 38.3 38.4 38.3 38.6 0.2
  412. 9.|-- be3628.ccr42.par01.atlas.cogentco.com 0.0% 3 111.0 111.0 110.9 111.1 0.1
  413. 10.|-- be3093.ccr22.mrs01.atlas.cogentco.com 0.0% 3 121.6 121.9 121.6 122.2 0.3
  414. 11.|-- stc.demarc.cogentco.com 0.0% 3 169.1 169.1 169.1 169.1 0.0
  415. 12.|-- 10.188.199.119 0.0% 3 169.3 169.6 169.3 169.9 0.3
  416. 13.|-- 84-235-111-161.igw.com.sa 0.0% 3 179.5 178.9 178.5 179.5 0.5
  417. 14.|-- 212.0.131.9 0.0% 3 216.0 217.1 216.0 218.7 1.4
  418. 15.|-- 196.1.197.233 0.0% 3 216.2 216.2 214.6 217.7 1.5
  419. 16.|-- 196.1.197.234 0.0% 3 214.5 214.0 213.5 214.5 0.5
  420. 17.|-- 41.67.16.100 0.0% 3 205.4 207.0 205.4 209.4 2.1
  421. #######################################################################################################################################
  422.  
  423. Ping 'fashir.edu.sd'
  424. ---------------------------------------------------------------------------------------------------------------------------------------
  425.  
  426.  
  427. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-16 14:39 UTC
  428. SENT (0.4683s) ICMP [104.237.144.6 > 41.67.16.100 Echo request (type=8/code=0) id=7264 seq=1] IP [ttl=64 id=21208 iplen=28 ]
  429. RCVD (0.6694s) ICMP [41.67.16.100 > 104.237.144.6 Echo reply (type=0/code=0) id=7264 seq=1] IP [ttl=50 id=21326 iplen=28 ]
  430. SENT (1.4686s) ICMP [104.237.144.6 > 41.67.16.100 Echo request (type=8/code=0) id=7264 seq=2] IP [ttl=64 id=21208 iplen=28 ]
  431. RCVD (1.6896s) ICMP [41.67.16.100 > 104.237.144.6 Echo reply (type=0/code=0) id=7264 seq=2] IP [ttl=50 id=21329 iplen=28 ]
  432. SENT (2.4705s) ICMP [104.237.144.6 > 41.67.16.100 Echo request (type=8/code=0) id=7264 seq=3] IP [ttl=64 id=21208 iplen=28 ]
  433. RCVD (2.7095s) ICMP [41.67.16.100 > 104.237.144.6 Echo reply (type=0/code=0) id=7264 seq=3] IP [ttl=50 id=21402 iplen=28 ]
  434. SENT (3.4724s) ICMP [104.237.144.6 > 41.67.16.100 Echo request (type=8/code=0) id=7264 seq=4] IP [ttl=64 id=21208 iplen=28 ]
  435. RCVD (3.7293s) ICMP [41.67.16.100 > 104.237.144.6 Echo reply (type=0/code=0) id=7264 seq=4] IP [ttl=50 id=21513 iplen=28 ]
  436.  
  437. Max rtt: 256.858ms | Min rtt: 201.064ms | Avg rtt: 229.339ms
  438. Raw packets sent: 4 (112B) | Rcvd: 4 (184B) | Lost: 0 (0.00%)
  439. Nping done: 1 IP address pinged in 3.73 seconds
  440. #######################################################################################################################################
  441.  
  442. Page Admin Finder 'fashir.edu.sd'
  443. ---------------------------------------------------------------------------------------------------------------------------------------
  444.  
  445.  
  446.  
  447. Avilable Links :
  448.  
  449. Find Page >> http://fashir.edu.sd/admin.php
  450. #######################################################################################################################################
  451. ; <<>> DiG 9.11.5-P1-1-Debian <<>> fashir.edu.sd
  452. ;; global options: +cmd
  453. ;; Got answer:
  454. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42422
  455. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  456.  
  457. ;; OPT PSEUDOSECTION:
  458. ; EDNS: version: 0, flags:; udp: 4096
  459. ;; QUESTION SECTION:
  460. ;fashir.edu.sd. IN A
  461.  
  462. ;; ANSWER SECTION:
  463. fashir.edu.sd. 2928 IN A 41.67.16.100
  464.  
  465. ;; Query time: 97 msec
  466. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  467. ;; WHEN: sam fév 16 10:44:12 EST 2019
  468. ;; MSG SIZE rcvd: 58
  469. #######################################################################################################################################
  470. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace fashir.edu.sd
  471. ;; global options: +cmd
  472. . 85107 IN NS a.root-servers.net.
  473. . 85107 IN NS c.root-servers.net.
  474. . 85107 IN NS i.root-servers.net.
  475. . 85107 IN NS f.root-servers.net.
  476. . 85107 IN NS m.root-servers.net.
  477. . 85107 IN NS k.root-servers.net.
  478. . 85107 IN NS j.root-servers.net.
  479. . 85107 IN NS h.root-servers.net.
  480. . 85107 IN NS l.root-servers.net.
  481. . 85107 IN NS e.root-servers.net.
  482. . 85107 IN NS b.root-servers.net.
  483. . 85107 IN NS d.root-servers.net.
  484. . 85107 IN NS g.root-servers.net.
  485. . 85107 IN RRSIG NS 8 0 518400 20190301050000 20190216040000 16749 . vfKS7tHy9asqLHJFQ+luvcRrWgxm15ila3+fTLntP36xqq4d8ucNpiGG x5tUj1oiHZNGlHxfk90ZOToIjNKaXx8Cb20zDysdfHTPXAtbvGR5TvhH VChadSu7qgkybbrTd+7FbIQXJdjlieQQrveIXMHnv36dnZz/drdcXoDc Jj1t+v7AtkpdD+iQ5HEq3ogrjPu2QnYaNIh8kwZFb4ZVo1NQuubEBeyw lwAKR9rNpkmOWAdR2STHasYi+hafZZtG7hzSKChhbRq73lPbvu4w4miQ R121OxiSTU79EIqL2DJ5scdTEzvUUVA4NM37ACv+oDEDNaZ5mZvlnIHs 5NgpaA==
  486. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 100 ms
  487.  
  488. sd. 172800 IN NS ans1.sis.sd.
  489. sd. 172800 IN NS ns-sd.afrinic.net.
  490. sd. 172800 IN NS ns2.uaenic.ae.
  491. sd. 172800 IN NS ans2.canar.sd.
  492. sd. 172800 IN NS ns1.uaenic.ae.
  493. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  494. sd. 172800 IN NS ans1.canar.sd.
  495. sd. 86400 IN NSEC se. NS RRSIG NSEC
  496. sd. 86400 IN RRSIG NSEC 8 1 86400 20190301050000 20190216040000 16749 . HK/Ktmf9QiKKkUXsmYKx5L9JjMsdd7h+blDFizNVJ9g8MeD4tznU4jTt doLipv38RLjREpDUQbR5FwzJH359kFq4pa1gYhEZq+QQFz/0NTwJC5fr 6XQOVtHXx/dR2Qal7iNQhCbw5OX+5mnXbor2zBJ/13QUamzgufx1i92k 2jg7iVBDArla4/NqOS2Y9Pt6ySl1SsDHrCpjKUzVL0O5Di2eNxAYsi6E o9xkc4i8Z3Nlng5YB2qgH+/ceUaulHZVGLbodtRm1+73BibrSrAuRBH8 iO8CO0oReeLEM8cZ65dPi5PlSBWpF1d5SYLCItai/zklnuHmehjUFkAb 65MNKg==
  497. ;; Received 728 bytes from 2001:500:12::d0d#53(g.root-servers.net) in 74 ms
  498.  
  499. fashir.edu.sd. 14400 IN NS ns2.fashir.edu.sd.
  500. fashir.edu.sd. 14400 IN NS ns1.fashir.edu.sd.
  501. ;; Received 110 bytes from 196.29.164.14#53(ans2.canar.sd) in 246 ms
  502.  
  503. fashir.edu.sd. 3600 IN A 41.67.16.100
  504. fashir.edu.sd. 3600 IN NS ns2.fashir.edu.sd.
  505. fashir.edu.sd. 3600 IN NS ns1.fashir.edu.sd.
  506. ;; Received 126 bytes from 41.67.16.100#53(ns1.fashir.edu.sd) in 268 ms
  507. #######################################################################################################################################
  508. [*] Performing General Enumeration of Domain: fashir.edu.sd
  509. [-] DNSSEC is not configured for fashir.edu.sd
  510. [*] SOA ns1.fashir.edu.sd 41.67.16.100
  511. [*] NS ns1.fashir.edu.sd 41.67.16.100
  512. [*] Bind Version for 41.67.16.100 9.10.3-P4-Ubuntu
  513. [*] NS ns2.fashir.edu.sd 41.67.16.100
  514. [*] Bind Version for 41.67.16.100 9.10.3-P4-Ubuntu
  515. [*] MX mail.fashir.edu.sd 41.67.16.100
  516. [*] A fashir.edu.sd 41.67.16.100
  517. [*] TXT fashir.edu.sd v=spf1 mx a ~all
  518. [*] Enumerating SRV Records
  519. [-] No SRV Records Found for fashir.edu.sd
  520. [+] 0 Records Found
  521. #######################################################################################################################################
  522. Processing domain fashir.edu.sd
  523. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  524. [+] Getting nameservers
  525. 41.67.16.100 - ns1.fashir.edu.sd
  526. 41.67.16.100 - ns2.fashir.edu.sd
  527. [-] Zone transfer failed
  528.  
  529. [+] TXT records found
  530. "v=spf1 mx a ~all"
  531.  
  532. [+] MX records found, added to target list
  533. 10 mail.fashir.edu.sd.
  534.  
  535. [*] Scanning fashir.edu.sd for A records
  536. 41.67.16.100 - fashir.edu.sd
  537. 41.67.16.100 - mail.fashir.edu.sd
  538. 41.67.16.100 - ns1.fashir.edu.sd
  539. 41.67.16.100 - ns2.fashir.edu.sd
  540. 41.67.16.100 - staff.fashir.edu.sd
  541. 41.67.16.100 - www.fashir.edu.sd
  542. #######################################################################################################################################
  543. Ip Address Status Type Domain Name Server
  544. ---------- ------ ---- ----------- ------
  545. 41.67.16.100 200 host mail.fashir.edu.sd Apache/2.4.18 (Ubuntu)
  546. 41.67.16.100 200 host ns1.fashir.edu.sd Apache/2.4.18 (Ubuntu)
  547. 41.67.16.100 200 host ns2.fashir.edu.sd Apache/2.4.18 (Ubuntu)
  548. 41.67.16.100 200 host reg.fashir.edu.sd Apache/2.4.18 (Ubuntu)
  549. 41.67.16.100 200 host staff.fashir.edu.sd Apache/2.4.18 (Ubuntu)
  550. 41.67.16.100 200 host www.fashir.edu.sd Apache/2.4.18 (Ubuntu)
  551. #######################################################################################################################################
  552. =======================================================================================================================================
  553. | E-mails:
  554. | [+] E-mail Found: filanca@fesmekan.dom
  555. | [+] E-mail Found: webmaster@mail.baygroup.org
  556. | [+] E-mail Found: dev@httpd.apache.org
  557. | [+] E-mail Found: webmaster@www1.example.com
  558. | [+] E-mail Found: untel@au.example.com
  559. | [+] E-mail Found: webgirl@example1.dom
  560. | [+] E-mail Found: falanca@mesela.dom
  561. | [+] E-mail Found: nate@tripod.com
  562. | [+] E-mail Found: klaus.hartl@stilbuero.de
  563. | [+] E-mail Found: untel@nz.example.com
  564. | [+] E-mail Found: someone@au.example.com
  565. | [+] E-mail Found: webmaster@mail.smallco.com
  566. | [+] E-mail Found: webgirl@abc.dom
  567. | [+] E-mail Found: alpha@zforms.ru
  568. | [+] E-mail Found: bilgi@example.org
  569. | [+] E-mail Found: marc@infomarc.info
  570. | [+] E-mail Found: crawleradmin.t-info@telekom.de
  571. | [+] E-mail Found: webgirl@example.dom
  572. | [+] E-mail Found: 1@example.com
  573. | [+] E-mail Found: nate@tripod.example.com
  574. | [+] E-mail Found: apache@example.com
  575. | [+] E-mail Found: webmaster@www2.example.org
  576. | [+] E-mail Found: users@httpd.apache.org
  577. | [+] E-mail Found: raj@cup.hp.com
  578. | [+] E-mail Found: bilgi@example.com
  579. | [+] E-mail Found: apache-docs@ml.apache.or.jp
  580. | [+] E-mail Found: www-admin@foo.example.com
  581. | [+] E-mail Found: webguy@example2.dom
  582. | [+] E-mail Found: hirsch@fjhirsch.com
  583. | [+] E-mail Found: info@fashir.edu.sd
  584. | [+] E-mail Found: webguy@def.dom
  585. | [+] E-mail Found: webmaster@host.example.com
  586. | [+] E-mail Found: webmaster@host.foo.com
  587. | [+] E-mail Found: rse@engelschall.com
  588. | [+] E-mail Found: somebody@nz.example.com
  589. =======================================================================================================================================
  590. | External hosts:
  591. | [+] External Host Found: http://dmoz.org
  592. | [+] External Host Found: http://pear.php.net
  593. | [+] External Host Found: http://www.perl.com
  594. | [+] External Host Found: http://www.cronolog.org
  595. | [+] External Host Found: http://ajax.googleapis.com
  596. | [+] External Host Found: http://en.wikipedia.org
  597. | [+] External Host Found: http://nasm.sourceforge.net
  598. | [+] External Host Found: http://www.acko.net
  599. | [+] External Host Found: http://www.apache-ssl.org
  600. | [+] External Host Found: http://dir.yahoo.com
  601. | [+] External Host Found: http://svn.eu.apache.org
  602. | [+] External Host Found: http://support.novell.com
  603. | [+] External Host Found: http://svn.apache.org
  604. | [+] External Host Found: http://lynx.isc.org
  605. | [+] External Host Found: http://dev.mysql.com
  606. | [+] External Host Found: http://software.opensuse.org
  607. | [+] External Host Found: http://wiki.phpmyadmin.net
  608. | [+] External Host Found: http://www.imagemagick.org
  609. | [+] External Host Found: http://www.openssl.org
  610. | [+] External Host Found: http://www.doxygen.org
  611. | [+] External Host Found: http://threebit.net
  612. | [+] External Host Found: http://www.lothar.com
  613. | [+] External Host Found: http://bugs.mysql.com
  614. | [+] External Host Found: http://www.thawte.com
  615. | [+] External Host Found: http://www.libpng.org
  616. | [+] External Host Found: http://www.opaque.net
  617. | [+] External Host Found: http://www.cs.princeton.edu
  618. | [+] External Host Found: http://sources.redhat.com
  619. | [+] External Host Found: https://hosted.weblate.org
  620. | [+] External Host Found: http://perl.apache.org
  621. | [+] External Host Found: http://net-snmp.sourceforge.net
  622. | [+] External Host Found: http://www.gzip.org
  623. | [+] External Host Found: http://www.mysql.com
  624. | [+] External Host Found: http://demo.phpmyadmin.net
  625. | [+] External Host Found: http://www.hardened-php.net
  626. | [+] External Host Found: http://www.drizzle.org
  627. | [+] External Host Found: http://mysql.com
  628. | [+] External Host Found: http://www.distcache.org
  629. | [+] External Host Found: https://www.gnupg.org
  630. | [+] External Host Found: http://www.sleepycat.com
  631. | [+] External Host Found: http://curl.haxx.se
  632. | [+] External Host Found: http://perldoc.perl.org
  633. | [+] External Host Found: http://memcached.org
  634. | [+] External Host Found: http://www.specbench.org
  635. | [+] External Host Found: https://cdn.rtlcss.com
  636. | [+] External Host Found: http://homepages.cwi.nl
  637. | [+] External Host Found: http://sphinx-doc.org
  638. | [+] External Host Found: http://www.fpdf.org
  639. | [+] External Host Found: http://online.securityfocus.com
  640. | [+] External Host Found: http://www.php.net
  641. | [+] External Host Found: http://www.apachelounge.com
  642. | [+] External Host Found: http://fr.wikipedia.org
  643. | [+] External Host Found: http://www.ora.com
  644. | [+] External Host Found: http://www.whiterabbitpress.com
  645. | [+] External Host Found: http://apache.webthing.com
  646. | [+] External Host Found: http://www.wampserver.com
  647. | [+] External Host Found: http://bugs.apache.org
  648. | [+] External Host Found: http://sf.net
  649. | [+] External Host Found: https://launchpad.net
  650. | [+] External Host Found: http://www.mozilla.org
  651. | [+] External Host Found: http://shop.oreilly.com
  652. | [+] External Host Found: http://www.webdav.org
  653. | [+] External Host Found: http://cgi-spec.golux.com
  654. | [+] External Host Found: http://svn.haxx.se
  655. | [+] External Host Found: https://keybase.io
  656. | [+] External Host Found: http://purl.org
  657. | [+] External Host Found: http://host
  658. | [+] External Host Found: http://pdflib.com
  659. | [+] External Host Found: http://tomcat.apache.org
  660. | [+] External Host Found: http://support.microsoft.com
  661. | [+] External Host Found: http://www.ntp.org
  662. | [+] External Host Found: http://www.google.com
  663. | [+] External Host Found: http://www.apple.com
  664. | [+] External Host Found: http://ftp.ics.uci.edu
  665. | [+] External Host Found: https://sourceforge.net
  666. | [+] External Host Found: http://www.apachetutor.org
  667. | [+] External Host Found: http://www.ozerov.de
  668. | [+] External Host Found: http://www.ietf.org
  669. | [+] External Host Found: http://www.kernel.org
  670. | [+] External Host Found: http://www.freetype.org
  671. | [+] External Host Found: http://cgiwrap.unixtools.org
  672. | [+] External Host Found: http://www.tcpdf.org
  673. | [+] External Host Found: http://developer.novell.com
  674. | [+] External Host Found: http://www.ics.uci.edu
  675. | [+] External Host Found: http://www.research.digital.com
  676. | [+] External Host Found: http://gcc.gnu.org
  677. | [+] External Host Found: http://www.netperf.org
  678. | [+] External Host Found: http://hoohoo.ncsa.uiuc.edu
  679. | [+] External Host Found: http://ci.apache.org
  680. | [+] External Host Found: http://www.loc.gov
  681. | [+] External Host Found: https://www.igvita.com
  682. | [+] External Host Found: http://ietf.org
  683. | [+] External Host Found: http://dev.apache.org
  684. | [+] External Host Found: http://xyz.abc.com
  685. | [+] External Host Found: http://www.verisign.com
  686. | [+] External Host Found: http://xyz.example.com
  687. | [+] External Host Found: http://www.imagemagick.com
  688. | [+] External Host Found: http://msdn.microsoft.com
  689. | [+] External Host Found: http://web.golux.com
  690. | [+] External Host Found: http://cve.mitre.org
  691. | [+] External Host Found: http://www.oracle.com
  692. | [+] External Host Found: http://www.cpan.org
  693. | [+] External Host Found: http://www.microsoft.com
  694. | [+] External Host Found: http://www.rfc-editor.org
  695. | [+] External Host Found: https://en.wikipedia.org
  696. | [+] External Host Found: http://www.pcre.org
  697. | [+] External Host Found: http://aspell.sourceforge.net
  698. | [+] External Host Found: http://www.eecis.udel.edu
  699. | [+] External Host Found: http://java.apache.org
  700. | [+] External Host Found: http://xmlsoft.org
  701. | [+] External Host Found: http://www.siemens.de
  702. | [+] External Host Found: http://www.apachehaus.com
  703. | [+] External Host Found: http://www.itu.int
  704. | [+] External Host Found: http://expat.sourceforge.net
  705. | [+] External Host Found: http://python.ca
  706. | [+] External Host Found: http://www.wassenaar.org
  707. | [+] External Host Found: https://blogs.oracle.com
  708. | [+] External Host Found: http://www.perl.org
  709. | [+] External Host Found: http://www.hpl.hp.com
  710. | [+] External Host Found: http://pecl.php.net
  711. | [+] External Host Found: http://www.apache.org
  712. | [+] External Host Found: http://www.iana.org
  713. | [+] External Host Found: http://www.example.com
  714. | [+] External Host Found: http://hpwww.ec-lyon.fr
  715. | [+] External Host Found: http://www.pdflib.com
  716. | [+] External Host Found: http://nghttp2.org
  717. | [+] External Host Found: http://www.redhat.com
  718. | [+] External Host Found: http://www.wikipedia.org
  719. | [+] External Host Found: https://github.com
  720. | [+] External Host Found: http://cm.bell-labs.com
  721. | [+] External Host Found: http://www.postgresql.org
  722. | [+] External Host Found: http://www.counterpane.com
  723. | [+] External Host Found: http://server
  724. | [+] External Host Found: https://wiki.mozilla.org
  725. | [+] External Host Found: http://mariadb.org
  726. | [+] External Host Found: http://www.gingerall.com
  727. | [+] External Host Found: http://bugzilla.mozilla.org
  728. | [+] External Host Found: http://www.ijg.org
  729. | [+] External Host Found: http://wiki.apache.org
  730. | [+] External Host Found: http://www.lua.org
  731. | [+] External Host Found: http://fastcgi.coremail.cn
  732. | [+] External Host Found: http://foo.com
  733. | [+] External Host Found: http://apr.apache.org
  734. | [+] External Host Found: http://www.iplanet.com
  735. | [+] External Host Found: http://pcre.org
  736. | [+] External Host Found: http://www.hwg.org
  737. | [+] External Host Found: http://bitnami.com
  738. | [+] External Host Found: http://home.earthlink.net
  739. | [+] External Host Found: http://bahumbug.wordpress.com
  740. | [+] External Host Found: http://sosc-dr.sun.com
  741. | [+] External Host Found: http://www.w3.org
  742. | [+] External Host Found: http://people.apache.org
  743. | [+] External Host Found: http://www.washington.edu
  744. | [+] External Host Found: http://www.serverwatch.com
  745. | [+] External Host Found: http://www.fastcgi.com
  746. | [+] External Host Found: http://www.rsasecurity.com
  747. | [+] External Host Found: http://httpd.apache.org
  748. | [+] External Host Found: https://tools.ietf.org
  749. | [+] External Host Found: http://modules.apache.org
  750. | [+] External Host Found: https://files.phpmyadmin.net
  751. | [+] External Host Found: http://www.freetds.org
  752. | [+] External Host Found: http://cgiwrap.sourceforge.net
  753. | [+] External Host Found: http://www.cygwin.com
  754. | [+] External Host Found: http://cr.yp.to
  755. | [+] External Host Found: http://www.phpmyadmin.net
  756. | [+] External Host Found: http://www.zlib.net
  757. | [+] External Host Found: http://www.freebsd.org
  758. | [+] External Host Found: http://pgp.cs.uu.nl
  759. | [+] External Host Found: http://www.faqs.org
  760. | [+] External Host Found: http://events.ccc.de
  761. | [+] External Host Found: http://www.apachefriends.org
  762. | [+] External Host Found: http://www.onlamp.com
  763. | [+] External Host Found: http://www.iso.ch
  764. | [+] External Host Found: http://subversion.apache.org
  765. | [+] External Host Found: http://apachetoday.com
  766. | [+] External Host Found: http://www.squid-cache.org
  767. | [+] External Host Found: http://www.netscape.com
  768. | [+] External Host Found: http://www.openldap.org
  769. | [+] External Host Found: http://tools.ietf.org
  770. | [+] External Host Found: http://example.com
  771. | [+] External Host Found: https://www.phpmyadmin.net
  772. | [+] External Host Found: http://php.net
  773. | [+] External Host Found: http://appserver.example.com
  774. | [+] External Host Found: http://www.cup.hp.com
  775. | [+] External Host Found: http://modsecurity.org
  776. | [+] External Host Found: http://www.gnu.org
  777. | [+] External Host Found: http://www.boutell.com
  778. | [+] External Host Found: http://bugs.php.net
  779. | [+] External Host Found: http://fedoraproject.org
  780. | [+] External Host Found: http://www.enlightenment.org
  781. =======================================================================================================================================
  782. #######################################################################################################################################
  783. dnsenum VERSION:1.2.4
  784.  
  785. ----- fashir.edu.sd -----
  786.  
  787.  
  788. Host's addresses:
  789. __________________
  790.  
  791. fashir.edu.sd. 2045 IN A 41.67.16.100
  792.  
  793.  
  794. Name Servers:
  795. ______________
  796.  
  797. ns2.fashir.edu.sd. 85171 IN A 41.67.16.100
  798. ns1.fashir.edu.sd. 85167 IN A 41.67.16.100
  799.  
  800.  
  801. Mail (MX) Servers:
  802. ___________________
  803.  
  804. mail.fashir.edu.sd. 2366 IN A 41.67.16.100
  805.  
  806.  
  807. Trying Zone Transfers and getting Bind Versions:
  808. _________________________________________________
  809.  
  810.  
  811. Trying Zone Transfer for fashir.edu.sd on ns2.fashir.edu.sd ...
  812.  
  813. Trying Zone Transfer for fashir.edu.sd on ns1.fashir.edu.sd ...
  814.  
  815. brute force file not specified, bay.
  816. #######################################################################################################################################
  817. ---------------------------------------------------------------------------------------------------------------------------------------
  818.  
  819. [1/25] /webhp?hl=en-CA
  820. [x] Error downloading /webhp?hl=en-CA
  821. [2/25] http://fashir.edu.sd/Journal/Applied_4.pdf
  822. [3/25] http://fashir.edu.sd/Journal/Human_4.pdf
  823. [x] Error in PDF metadata Creator
  824. [4/25] http://fashir.edu.sd/Journal/Applied_6.pdf
  825. [5/25] http://fashir.edu.sd/Journal/Applied_2.pdf
  826. [6/25] http://fashir.edu.sd/Journal/Applied_10.pdf
  827. [7/25] http://fashir.edu.sd/Journal/Applied_9.pdf
  828. [8/25] http://fashir.edu.sd/Journal/Applied_1.pdf
  829. [9/25] http://fashir.edu.sd/Journal/Applied_8.pdf
  830. [10/25] http://fashir.edu.sd/Journal/Applied_12.pdf
  831. [11/25] http://fashir.edu.sd/Journal/Human_2.pdf
  832.  
  833. [+] List of users found:
  834. ---------------------------------------------------------------------------------------------------------------------------------------
  835. adil
  836. adelmoh1
  837. ALFAFA@MOHAMED
  838. adelmoh1@ADIL-PC
  839. adil@ADIL-
  840.  
  841. [+] List of software found:
  842. ---------------------------------------------------------------------------------------------------------------------------------------
  843. 3-Heights(TM) PDF Security Shell 4.8.25.2 (http://www.pdf-tools.com) / pdcat (www.pdf-tools.com)
  844. PDFCreator Version 0.9.9
  845. iLovePDF.desktop
  846. GPL Ghostscript 8.70
  847. Jaws PDF Creator v4.10.2871
  848. PScript5.dll Version 5.2
  849. PScript5.dll Version 5.2.2
  850.  
  851. [+] List of paths and servers found:
  852. ---------------------------------------------------------------------------------------------------------------------------------------
  853.  
  854. [+] List of e-mails found:
  855. ---------------------------------------------------------------------------------------------------------------------------------------
  856. hassenabdallaabdalrahim@hotmail.com
  857. Adamhassan43@gmail.com
  858. anas.gafaar@yahoo.com1
  859. Adamhassan43@gmail.com
  860. 1@A
  861. samiarabi@ymail.com
  862. d.ibrahim2000@gmail.
  863. H@I
  864. Emails_abdelhag@yahoo.com
  865. atifa.issa@yahoo.com
  866. Pmho@phys.ntu.edu.tw
  867. ahmedgara26@gmail.com
  868. H@E
  869. AAHK@@E
  870. 5JK@O
  871. adamhassan43@gmail.com
  872. ragagasim@yahoo.com.
  873. yahiaeldie0@gmail.com
  874. atifa.issa@yahoo.com.
  875. sihamnahal@yahoo.com
  876. haduni@yemen.net.ye
  877. abmjsiam@gmail.com
  878. Email.yahiaeldie0@gmail.com
  879. anas.gafaar@yahoo.com
  880. anasgafaar@gmail.com
  881. jfuas@fashir.edu.sd
  882. tawella69@gmail.com
  883. dr.alabid@gmail.com
  884. mhdyousif@yahoo.com
  885. abdalla_taha@hotmail.com
  886. jfuoas@gmail.com
  887. jfuas@fashir.edu.sd
  888. ghhh4@hotmail.com
  889. daldoum@gmail.com
  890. dr.tissu25@gmail.com
  891. dibdelradi77@gmail.com
  892. ---------------------------------------------------------------------------------------------------------------------------------------
  893. ######################################################################################################################################
  894.  
  895. ____ _ _ _ _ _____
  896. / ___| _ _| |__ | (_)___| |_|___ / _ __
  897. \___ \| | | | '_ \| | / __| __| |_ \| '__|
  898. ___) | |_| | |_) | | \__ \ |_ ___) | |
  899. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  900.  
  901. # Coded By Ahmed Aboul-Ela - @aboul3la
  902.  
  903. [-] Enumerating subdomains now for fashir.edu.sd
  904. [-] verbosity is enabled, will show the subdomains results in realtime
  905. [-] Searching now in Baidu..
  906. [-] Searching now in Yahoo..
  907. [-] Searching now in Google..
  908. [-] Searching now in Bing..
  909. [-] Searching now in Ask..
  910. [-] Searching now in Netcraft..
  911. [-] Searching now in DNSdumpster..
  912. [-] Searching now in Virustotal..
  913. [-] Searching now in ThreatCrowd..
  914. [-] Searching now in SSL Certificates..
  915. [-] Searching now in PassiveDNS..
  916. Virustotal: www.fashir.edu.sd
  917. Virustotal: mail.fashir.edu.sd
  918. Yahoo: www.fashir.edu.sd
  919. DNSdumpster: mail.fashir.edu.sd
  920. DNSdumpster: www.fashir.edu.sd
  921. DNSdumpster: ns2.fashir.edu.sd
  922. Google: mail.fashir.edu.sd
  923. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-fashir.edu.sd.txt
  924. [-] Total Unique Subdomains Found: 3
  925. www.fashir.edu.sd
  926. mail.fashir.edu.sd
  927. ns2.fashir.edu.sd
  928. #######################################################################################################################################
  929.  
  930.  
  931. Running Source: Ask
  932. Running Source: Archive.is
  933. Running Source: Baidu
  934. Running Source: Bing
  935. Running Source: CertDB
  936. Running Source: CertificateTransparency
  937. Running Source: Certspotter
  938. Running Source: Commoncrawl
  939. Running Source: Crt.sh
  940. Running Source: Dnsdb
  941. Running Source: DNSDumpster
  942. Running Source: DNSTable
  943. Running Source: Dogpile
  944. Running Source: Exalead
  945. Running Source: Findsubdomains
  946. Running Source: Googleter
  947. Running Source: Hackertarget
  948. Running Source: Ipv4Info
  949. Running Source: PTRArchive
  950. Running Source: Sitedossier
  951. Running Source: Threatcrowd
  952. Running Source: ThreatMiner
  953. Running Source: WaybackArchive
  954. Running Source: Yahoo
  955.  
  956. Running enumeration on fashir.edu.sd
  957.  
  958. dnsdb: Unexpected return status 503
  959.  
  960.  
  961. Starting Bruteforcing of fashir.edu.sd with 9985 words
  962.  
  963. Total 10 Unique subdomains found for fashir.edu.sd
  964.  
  965. .fashir.edu.sd
  966. mail.fashir.edu.sd
  967. mail.fashir.edu.sd
  968. ns1.fashir.edu.sd
  969. ns1.fashir.edu.sd
  970. ns2.fashir.edu.sd
  971. ns2.fashir.edu.sd
  972. reg.fashir.edu.sd
  973. www.fashir.edu.sd
  974. www.fashir.edu.sd
  975. #######################################################################################################################################
  976. [+] fashir.edu.sd has no SPF record!
  977. [*] No DMARC record found. Looking for organizational record
  978. [+] No organizational DMARC record
  979. [+] Spoofing possible for fashir.edu.sd!
  980. ######################################################################################################################################
  981. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 10:15 EST
  982. Nmap scan report for fashir.edu.sd (41.67.16.100)
  983. Host is up (0.27s latency).
  984. Not shown: 339 closed ports, 124 filtered ports
  985. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  986. PORT STATE SERVICE
  987. 21/tcp open ftp
  988. 53/tcp open domain
  989. 80/tcp open http
  990. 110/tcp open pop3
  991. 143/tcp open imap
  992. 443/tcp open https
  993. 465/tcp open smtps
  994. 587/tcp open submission
  995. 993/tcp open imaps
  996. 995/tcp open pop3s
  997. 3306/tcp open mysql
  998. 8080/tcp open http-proxy
  999. 8081/tcp open blackice-icecap
  1000. #######################################################################################################################################
  1001. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 10:15 EST
  1002. Nmap scan report for fashir.edu.sd (41.67.16.100)
  1003. Host is up (0.20s latency).
  1004. Not shown: 9 closed ports, 2 filtered ports
  1005. PORT STATE SERVICE
  1006. 53/udp open|filtered domain
  1007. 69/udp open|filtered tftp
  1008. 123/udp open ntp
  1009. #######################################################################################################################################
  1010. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 10:16 EST
  1011. Nmap scan report for fashir.edu.sd (41.67.16.100)
  1012. Host is up (0.26s latency).
  1013.  
  1014. PORT STATE SERVICE VERSION
  1015. 21/tcp open ftp Pure-FTPd
  1016. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1017. Device type: firewall|general purpose|storage-misc|broadband router
  1018. Running: Linux 2.6.X|3.X, Netgear RAIDiator 4.X, Zhone embedded
  1019. OS CPE: cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:netgear:raidiator:4.1.4 cpe:/h:zhone:6211-i3
  1020. OS details: Vyatta router (Linux 2.6.26), Linux 2.6.18, Linux 2.6.18 - 2.6.22, Linux 2.6.28, Linux 3.2.0, Netgear ReadyNAS Duo NAS device (RAIDiator 4.1.4), Zhone 6211-I3 series ADSL2+ modem
  1021. Network Distance: 18 hops
  1022.  
  1023. TRACEROUTE (using port 21/tcp)
  1024. HOP RTT ADDRESS
  1025. 1 68.90 ms 10.238.200.1
  1026. 2 69.30 ms 193.37.252.209
  1027. 3 68.97 ms 82.102.29.174
  1028. 4 69.37 ms 38.140.53.65
  1029. 5 69.80 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
  1030. 6 69.77 ms be3411.ccr22.mia01.atlas.cogentco.com (154.54.26.41)
  1031. 7 83.87 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
  1032. 8 94.95 ms be2113.ccr42.dca01.atlas.cogentco.com (154.54.24.221)
  1033. 9 100.50 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
  1034. 10 173.57 ms be3628.ccr42.par01.atlas.cogentco.com (154.54.27.170)
  1035. 11 185.69 ms be3092.ccr21.mrs01.atlas.cogentco.com (130.117.49.154)
  1036. 12 233.35 ms stc.demarc.cogentco.com (149.14.124.98)
  1037. 13 233.68 ms 10.188.199.119
  1038. 14 261.80 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  1039. 15 ...
  1040. 16 276.06 ms 196.1.197.233
  1041. 17 263.32 ms 196.1.197.234
  1042. 18 268.87 ms 41.67.16.100
  1043. #######################################################################################################################################
  1044. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 10:27 EST
  1045. Nmap scan report for fashir.edu.sd (41.67.16.100)
  1046. Host is up (0.27s latency).
  1047.  
  1048. PORT STATE SERVICE VERSION
  1049. 53/tcp open domain ISC BIND 9.10.3-P4 (Ubuntu Linux)
  1050. |_dns-fuzz: Server didn't response to our probe, can't fuzz
  1051. | dns-nsec-enum:
  1052. |_ No NSEC records found
  1053. | dns-nsec3-enum:
  1054. |_ DNSSEC NSEC3 not supported
  1055. | dns-nsid:
  1056. |_ bind.version: 9.10.3-P4-Ubuntu
  1057. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1058. Device type: specialized|WAP|phone
  1059. Running: iPXE 1.X, Linux 2.4.X|2.6.X, Sony Ericsson embedded
  1060. OS CPE: cpe:/o:ipxe:ipxe:1.0.0%2b cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:sonyericsson:u8i_vivaz
  1061. OS details: iPXE 1.0.0+, Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22), Sony Ericsson U8i Vivaz mobile phone
  1062. Network Distance: 18 hops
  1063. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1064.  
  1065. Host script results:
  1066. | dns-brute:
  1067. |_ DNS Brute-force hostnames: No results.
  1068.  
  1069. TRACEROUTE (using port 53/tcp)
  1070. HOP RTT ADDRESS
  1071. 1 67.04 ms 10.238.200.1
  1072. 2 67.12 ms 193.37.252.209
  1073. 3 ...
  1074. 4 67.57 ms 38.140.53.65
  1075. 5 67.61 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
  1076. 6 67.65 ms be3411.ccr22.mia01.atlas.cogentco.com (154.54.26.41)
  1077. 7 80.96 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
  1078. 8 92.04 ms be2113.ccr42.dca01.atlas.cogentco.com (154.54.24.221)
  1079. 9 98.25 ms be2807.ccr42.jfk02.atlas.cogentco.com (154.54.40.109)
  1080. 10 171.56 ms be3628.ccr42.par01.atlas.cogentco.com (154.54.27.170)
  1081. 11 186.87 ms be3093.ccr22.mrs01.atlas.cogentco.com (130.117.50.166)
  1082. 12 233.88 ms stc.demarc.cogentco.com (149.14.124.98)
  1083. 13 234.85 ms 10.188.199.119
  1084. 14 263.02 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  1085. 15 ...
  1086. 16 272.36 ms 196.1.197.233
  1087. 17 261.45 ms 196.1.197.234
  1088. 18 272.51 ms 41.67.16.100
  1089. #######################################################################################################################################
  1090. wig - WebApp Information Gatherer
  1091.  
  1092.  
  1093. Scanning http://fashir.edu.sd...
  1094. _________________ SITE INFO __________________
  1095. IP Title
  1096. 41.67.16.100 جامعة الفاشر
  1097.  
  1098. __________________ VERSION ___________________
  1099. Name Versions Type
  1100. Roundcube CMS
  1101. Apache 2.4.18 Platform
  1102. PHP Platform
  1103. Ubuntu 16.04 OS
  1104.  
  1105. ______________________________________________
  1106. Time: 32.5 sec Urls: 384 Fingerprints: 40401
  1107. #######################################################################################################################################
  1108. HTTP/1.1 200 OK
  1109. Date: Sat, 16 Feb 2019 15:28:58 GMT
  1110. Server: Apache/2.4.18 (Ubuntu)
  1111. Last-Modified: Thu, 14 Feb 2019 09:32:48 GMT
  1112. ETag: "1ef-581d7576fbf0c"
  1113. Accept-Ranges: bytes
  1114. Content-Length: 495
  1115. Vary: Accept-Encoding
  1116. Content-Type: text/html
  1117.  
  1118. HTTP/1.1 200 OK
  1119. Date: Sat, 16 Feb 2019 15:28:59 GMT
  1120. Server: Apache/2.4.18 (Ubuntu)
  1121. Last-Modified: Thu, 14 Feb 2019 09:32:48 GMT
  1122. ETag: "1ef-581d7576fbf0c"
  1123. Accept-Ranges: bytes
  1124. Content-Length: 495
  1125. Vary: Accept-Encoding
  1126. Content-Type: text/html
  1127. #######################################################################################################################################
  1128. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-16 10:29 EST
  1129. Nmap scan report for fashir.edu.sd (41.67.16.100)
  1130. Host is up (0.27s latency).
  1131.  
  1132. PORT STATE SERVICE VERSION
  1133. 110/tcp open pop3 Dovecot pop3d
  1134. | pop3-brute:
  1135. | Accounts: No valid accounts found
  1136. | Statistics: Performed 35 guesses in 38 seconds, average tps: 0.8
  1137. |_ ERROR: Failed to connect.
  1138. |_pop3-capabilities: AUTH-RESP-CODE CAPA UIDL USER SASL(PLAIN LOGIN) STLS TOP RESP-CODES PIPELINING
  1139. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1140. Device type: firewall|general purpose|storage-misc|broadband router
  1141. Running: Linux 2.6.X|3.X, Netgear RAIDiator 4.X, Zhone embedded
  1142. OS CPE: cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:netgear:raidiator:4.1.4 cpe:/h:zhone:6211-i3
  1143. OS details: Vyatta router (Linux 2.6.26), Linux 2.6.18, Linux 2.6.18 - 2.6.22, Linux 2.6.28, Linux 3.2.0, Netgear ReadyNAS Duo NAS device (RAIDiator 4.1.4), Zhone 6211-I3 series ADSL2+ modem
  1144. Network Distance: 18 hops
  1145.  
  1146. TRACEROUTE (using port 443/tcp)
  1147. HOP RTT ADDRESS
  1148. 1 71.93 ms 10.238.200.1
  1149. 2 72.37 ms 193.37.252.209
  1150. 3 ...
  1151. 4 71.95 ms te0-3-1-14.201.nr51.b002802-5.mia01.atlas.cogentco.com (38.140.53.65)
  1152. 5 71.96 ms be3763.rcr21.b002802-2.mia01.atlas.cogentco.com (154.24.30.129)
  1153. 6 71.97 ms be3410.ccr21.mia01.atlas.cogentco.com (154.54.6.85)
  1154. 7 85.00 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
  1155. 8 96.56 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
  1156. 9 103.74 ms be2807.ccr42.jfk02.atlas.cogentco.com (154.54.40.109)
  1157. 10 178.84 ms 66.28.4.198
  1158. 11 191.78 ms be3093.ccr22.mrs01.atlas.cogentco.com (130.117.50.166)
  1159. 12 238.40 ms stc.demarc.cogentco.com (149.14.124.106)
  1160. 13 240.50 ms 10.188.199.119
  1161. 14 267.89 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  1162. 15 ...
  1163. 16 277.29 ms 196.1.197.233
  1164. 17 269.14 ms 196.1.197.234
  1165. 18 267.33 ms 41.67.16.100
  1166. #######################################################################################################################################
  1167. Version: 1.11.12-static
  1168. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1169.  
  1170. Connected to 41.67.16.100
  1171.  
  1172. Testing SSL server fashir.edu.sd on port 443 using SNI name fashir.edu.sd
  1173.  
  1174. TLS Fallback SCSV:
  1175. Server does not support TLS Fallback SCSV
  1176.  
  1177. TLS renegotiation:
  1178. Session renegotiation not supported
  1179.  
  1180. TLS Compression:
  1181. Compression disabled
  1182.  
  1183. Heartbleed:
  1184. TLS 1.2 not vulnerable to heartbleed
  1185. TLS 1.1 not vulnerable to heartbleed
  1186. TLS 1.0 not vulnerable to heartbleed
  1187.  
  1188. Supported Server Cipher(s):
  1189.  
  1190. ######################################################################################################################################
  1191. --------------------------------------------------------
  1192. <<<Yasuo discovered following vulnerable applications>>>
  1193. --------------------------------------------------------
  1194. +------------+--------------------------------------+--------------------------------------------------+-----------+-----------+
  1195. | App Name | URL to Application | Potential Exploit | Username | Password |
  1196. +------------+--------------------------------------+--------------------------------------------------+-----------+-----------+
  1197. | phpMyAdmin | http://41.67.16.100:80/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | Not Found | Not Found |
  1198. | phpMyAdmin | http://41.67.16.100:8081/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | Not Found | Not Found |
  1199. +------------+--------------------------------------+--------------------------------------------------+-----------+-----------+
  1200. #######################################################################################################################################
  1201. ---------------------------------------------------------------------------------------------------------------------------------------
  1202. + Target IP: 41.67.16.100
  1203. + Target Hostname: fashir.edu.sd
  1204. + Target Port: 80
  1205. + Start Time: 2019-02-16 09:58:09 (GMT-5)
  1206. ---------------------------------------------------------------------------------------------------------------------------------------
  1207. + Server: No banner retrieved
  1208. + Server leaks inodes via ETags, header found with file /, fields: 0x1ef 0x581d7576fbf0c
  1209. + The anti-clickjacking X-Frame-Options header is not present.
  1210. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1211. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1212. + Cookie PHPSESSID created without the httponly flag
  1213. + Server banner has changed from '' to 'Apache/2.4.18 (Ubuntu)' which may suggest a WAF, load balancer or proxy is in place
  1214. + OSVDB-3268: /: Directory indexing found.
  1215. + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
  1216. + Multiple index files found: /index.html, /index.php
  1217. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
  1218. + Scan terminated: 20 error(s) and 8 item(s) reported on remote host
  1219. + End Time: 2019-02-16 10:00:44 (GMT-5) (155 seconds)
  1220. ---------------------------------------------------------------------------------------------------------------------------------------
  1221. #######################################################################################################################################
  1222. ---------------------------------------------------------------------------------------------------------------------------------------
  1223. + Target IP: 41.67.16.100
  1224. + Target Hostname: 41.67.16.100
  1225. + Target Port: 443
  1226. + Start Time: 2019-02-16 09:58:49 (GMT-5)
  1227. ---------------------------------------------------------------------------------------------------------------------------------------
  1228. + Server: Apache/2.4.18 (Ubuntu)
  1229. + Server leaks inodes via ETags, header found with file /, fields: 0x2c39 0x5738d18cac15d
  1230. + The anti-clickjacking X-Frame-Options header is not present.
  1231. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1232. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1233. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
  1234. + Scan terminated: 20 error(s) and 4 item(s) reported on remote host
  1235. + End Time: 2019-02-16 10:01:35 (GMT-5) (166 seconds)
  1236. ---------------------------------------------------------------------------------------------------------------------------------------
  1237. + The anti-clickjacking X-Frame-Options header is not present.
  1238. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1239. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1240. ---------------------------------------------------------------------------------------------------------------------------------------
  1241. #######################################################################################################################################
  1242. Anonymous JTSEC #OpSudan Full Recon #15
Advertisement
RAW Paste Data Copied
Advertisement