Nmap

1. '---'
2.  
3.  
4. --------------------------------------------------------------------------
5. + Target IP: 164.77.218.22
6. + Target Hostname: 164.77.218.22
7. + Target Port: 80
8. + Start Time: 2021-06-14 18:51:09 (GMT-4)
9. ---------------------------------------------------------------------------
10. + Server: nginx
11. + The anti-clickjacking X-Frame-Options header is not present.
12. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
13. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
14. + No CGI Directories found (use '-C all' to force check all possible dirs)
15. + Server may leak inodes via ETags, header found with file /, inode: c9f, size: 5be160e4434d0, mtime: gzip
16. + Allowed HTTP Methods: GET, POST, OPTIONS, HEAD, TRACE
17. + OSVDB-3092: /phpmyadmin/ChangeLog: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
18. ^[[
19.  
20.  
21.  
22.  
23. + Uncommon header 'x-ob_mode' found, with contents: 1
24. + /phpmyadmin/: phpMyAdmin directory found
25. + OSVDB-3092: /phpmyadmin/README: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
26. + 8068 requests: 0 error(s) and 9 item(s) reported on remote host
27. + End Time: 2021-06-14 19:22:07 (GMT-4) (1858 seconds)
28.  
29.  
30.  
31.  
32. Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-14 19:14 EDT
33. Stats: 0:02:36 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
34. Service scan Timing: About 91.67% done; ETC: 19:17 (0:00:13 remaining)
35. Nmap scan report for panel.rodrix.ml (164.77.218.22)
36. Host is up (0.10s latency).
37. Not shown: 988 filtered ports
38. PORT STATE SERVICE VERSION
39. 21/tcp open ftp?
40. 22/tcp open ssh OpenSSH 7.4p1 (protocol 2.0)
41. 25/tcp open smtp Exim smtpd
42. 53/tcp open domain (generic dns response: NOTIMP)
43. 80/tcp open http nginx
44. 110/tcp open pop3
45. 143/tcp open imap?
46. 443/tcp open ssl/http nginx
47. 465/tcp open ssl/smtps?
48. 587/tcp open smtp Exim smtpd
49. 993/tcp open ssl/imap Dovecot imapd
50. 8083/tcp open http nginx
51. 5 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
52. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
53. SF-Port21-TCP:V=7.91%I=7%D=6/14%Time=60C7E308%P=x86_64-pc-linux-gnu%r(NULL
54. SF:,37,"220\x20Welcome!\x20Please\x20note\x20that\x20all\x20activity\x20is
55. SF:\x20logged\.\r\n")%r(GenericLines,37,"220\x20Welcome!\x20Please\x20note
56. SF:\x20that\x20all\x20activity\x20is\x20logged\.\r\n");
57. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
58. SF-Port53-TCP:V=7.91%I=7%D=6/14%Time=60C7E317%P=x86_64-pc-linux-gnu%r(DNSS
59. SF:tatusRequestTCP,E,"\0\x0c\0\0\x90\x04\0\0\0\0\0\0\0\0");
60. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
61. SF-Port110-TCP:V=7.91%I=7%D=6/14%Time=60C7E308%P=x86_64-pc-linux-gnu%r(NUL
62. SF:L,19,"\+OK\x20Mail\x20Delivery\x20Agent\r\n")%r(GenericLines,19,"\+OK\x
63. SF:20Mail\x20Delivery\x20Agent\r\n")%r(HTTPOptions,47,"\+OK\x20Mail\x20Del
64. SF:ivery\x20Agent\r\n-ERR\x20Unknown\x20command\.\r\n-ERR\x20Unknown\x20co
65. SF:mmand\.\r\n");
66. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
67. SF-Port143-TCP:V=7.91%I=7%D=6/14%Time=60C7E308%P=x86_64-pc-linux-gnu%r(NUL
68. SF:L,80,"\*\x20OK\x20\[CAPABILITY\x20IMAP4rev1\x20LITERAL\+\x20SASL-IR\x20
69. SF:LOGIN-REFERRALS\x20ID\x20ENABLE\x20IDLE\x20STARTTLS\x20AUTH=PLAIN\x20AU
70. SF:TH=LOGIN\]\x20Mail\x20Delivery\x20Agent\r\n")%r(GetRequest,80,"\*\x20OK
71. SF:\x20\[CAPABILITY\x20IMAP4rev1\x20LITERAL\+\x20SASL-IR\x20LOGIN-REFERRAL
72. SF:S\x20ID\x20ENABLE\x20IDLE\x20STARTTLS\x20AUTH=PLAIN\x20AUTH=LOGIN\]\x20
73. SF:Mail\x20Delivery\x20Agent\r\n");
74. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
75. SF-Port465-TCP:V=7.91%T=SSL%I=7%D=6/14%Time=60C7E319%P=x86_64-pc-linux-gnu
76. SF:%r(NULL,15,"220\x20panel\.rodrix\.ml\r\n")%r(Hello,41,"220\x20panel\.ro
77. SF:drix\.ml\r\n501\x20Syntactically\x20invalid\x20EHLO\x20argument\(s\)\r\
78. SF:n")%r(Help,6A,"220\x20panel\.rodrix\.ml\r\n214-Commands\x20supported:\r
79. SF:\n214\x20AUTH\x20HELO\x20EHLO\x20MAIL\x20RCPT\x20DATA\x20BDAT\x20NOOP\x
80. SF:20QUIT\x20RSET\x20HELP\r\n")%r(GenericLines,49,"220\x20panel\.rodrix\.m
81. SF:l\r\n500\x20unrecognized\x20command\r\n500\x20unrecognized\x20command\r
82. SF:\n")%r(GetRequest,49,"220\x20panel\.rodrix\.ml\r\n500\x20unrecognized\x
83. SF:20command\r\n500\x20unrecognized\x20command\r\n")%r(HTTPOptions,49,"220
84. SF:\x20panel\.rodrix\.ml\r\n500\x20unrecognized\x20command\r\n500\x20unrec
85. SF:ognized\x20command\r\n")%r(RTSPRequest,49,"220\x20panel\.rodrix\.ml\r\n
86. SF:500\x20unrecognized\x20command\r\n500\x20unrecognized\x20command\r\n")%
87. SF:r(RPCCheck,15,"220\x20panel\.rodrix\.ml\r\n")%r(DNSVersionBindReqTCP,15
88. SF:,"220\x20panel\.rodrix\.ml\r\n")%r(DNSStatusRequestTCP,15,"220\x20panel
89. SF:\.rodrix\.ml\r\n")%r(SSLSessionReq,4B,"220\x20panel\.rodrix\.ml\r\n501\
90. SF:x20NULL\x20characters\x20are\x20not\x20allowed\x20in\x20SMTP\x20command
91. SF:s\r\n")%r(TerminalServerCookie,4B,"220\x20panel\.rodrix\.ml\r\n501\x20N
92. SF:ULL\x20characters\x20are\x20not\x20allowed\x20in\x20SMTP\x20commands\r\
93. SF:n")%r(TLSSessionReq,4B,"220\x20panel\.rodrix\.ml\r\n501\x20NULL\x20char
94. SF:acters\x20are\x20not\x20allowed\x20in\x20SMTP\x20commands\r\n")%r(Kerbe
95. SF:ros,4B,"220\x20panel\.rodrix\.ml\r\n501\x20NULL\x20characters\x20are\x2
96. SF:0not\x20allowed\x20in\x20SMTP\x20commands\r\n")%r(SMBProgNeg,15,"220\x2
97. SF:0panel\.rodrix\.ml\r\n")%r(X11Probe,15,"220\x20panel\.rodrix\.ml\r\n")%
98. SF:r(FourOhFourRequest,49,"220\x20panel\.rodrix\.ml\r\n500\x20unrecognized
99. SF:\x20command\r\n500\x20unrecognized\x20command\r\n")%r(LPDString,2F,"220
100. SF:\x20panel\.rodrix\.ml\r\n500\x20unrecognized\x20command\r\n")%r(LDAPSea
101. SF:rchReq,81,"220\x20panel\.rodrix\.ml\r\n501\x20NULL\x20characters\x20are
102. SF:\x20not\x20allowed\x20in\x20SMTP\x20commands\r\n501\x20NULL\x20characte
103. SF:rs\x20are\x20not\x20allowed\x20in\x20SMTP\x20commands\r\n")%r(LDAPBindR
104. SF:eq,15,"220\x20panel\.rodrix\.ml\r\n");
105. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
106. Device type: bridge
107. Running: Oracle Virtualbox
108. OS CPE: cpe:/o:oracle:virtualbox
109. OS details: Oracle Virtualbox
110.  
111. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
112. Nmap done: 1 IP address (1 host up) scanned in 221.69 seconds
113.  
114.  
115.  
116. Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).
117.  
118. Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-06-14 19:52:51
119. [DATA] max 16 tasks per 1 server, overall 16 tasks, 66 login tries, ~5 tries per task
120. [DATA] attacking ftp://164.77.218.22:21/
121.  
122. [STATUS] 62.00 tries/min, 62 tries in 00:01h, 37 to do in 00:01h, 16 active
123.  
124. [STATUS] 47.00 tries/min, 94 tries in 00:02h, 5 to do in 00:01h, 16 active
125.  
126. 1 of 1 target completed, 0 valid password found
127. [WARNING] Writing restore file because 4 final worker threads did not complete until end.
128. Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-06-14 19:55:34
129.  
130.  
131.  
132.  
133.  
134.  
135.  
136.  
137.  
138.  
139.  
140.  
141.  
142. url https://carshopping.com.co/wp-json/
143. https://carshopping.com.co/phpmyadmin/
144. https://carshopping.com.co/phpmyadmin/ChangeLog
145.  
146.  
147.  
148.  
149. ,----, ,--.