API tools faq
paste
Advertisement
Guest User

Anonymous JTSEC #OpDeathEathers full Recon #4

a guest
Aug 27th, 2018
1,390
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 38.67 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. Hostname top.play-kitty.com ISP Hostmaze Inc Srl-d
  3. Continent Europe Flag
  4. RO
  5. Country Romania Country Code RO
  6. Region Unknown Local time 27 Aug 2018 12:19 EEST
  7. City Unknown Postal Code Unknown
  8. IP Address 89.46.222.229 Latitude 46
  9. Longitude 25
  10.  
  11. #######################################################################################################################################
  12.  
  13. HostIP:89.46.222.229
  14. HostName:top.play-kitty.com
  15.  
  16. Gathered Inet-whois information for 89.46.222.229
  17. ---------------------------------------------------------------------------------------------------------------------------------------
  18.  
  19.  
  20. inetnum: 89.46.222.0 - 89.46.222.255
  21. netname: HOSTMAZE-INC-SRL-D
  22. descr: HOSTMAZE INC SRL-D
  23. descr: Platanilor nr 5 sc a ap 3
  24. descr: Timisoara Timis 300185
  25. country: ro
  26. admin-c: VAC38-RIPE
  27. tech-c: VAC38-RIPE
  28. abuse-c: HISD5-RIPE
  29. status: ASSIGNED PA
  30. remarks: Registered through http://www.ip.ro/ip.html
  31. mnt-by: RO-MNT
  32. mnt-lower: RO-MNT
  33. mnt-routes: HOSTMAZE-MNT
  34. created: 2015-04-20T15:47:35Z
  35. last-modified: 2017-11-07T12:23:58Z
  36. source: RIPE
  37.  
  38. person: VERES ALEXANDRU CRISTIAN
  39. address: HOSTMAZE INC SRL-D
  40. address: Platanilor nr 5
  41. address: Timisoara Timis 300185
  42. phone: +40763117997
  43. nic-hdl: VAC38-RIPE
  44. mnt-by: HOSTMAZE-MNT
  45. created: 2016-03-23T06:13:36Z
  46. last-modified: 2017-11-30T02:40:34Z
  47. source: RIPE # Filtered
  48.  
  49. % Information related to '89.46.222.0/24AS48874'
  50.  
  51. route: 89.46.222.0/24
  52. origin: AS48874
  53. mnt-by: HOSTMAZE-MNT
  54. created: 2017-05-08T20:41:05Z
  55. last-modified: 2017-05-08T20:41:05Z
  56. source: RIPE
  57.  
  58. % This query was served by the RIPE Database Query Service version 1.91.2 (BLAARKOP)
  59.  
  60.  
  61.  
  62. Gathered Inic-whois information for top.play-kitty.com
  63. ---------------------------------------------------------------------------------------------------------------------------------------
  64. ERROR: Unable to locate Name Whois data on top.play-kitty.com
  65.  
  66. Gathered Netcraft information for top.play-kitty.com
  67. ---------------------------------------------------------------------------------------------------------------------------------------
  68.  
  69. Retrieving Netcraft.com information for top.play-kitty.com
  70. Netcraft.com Information gathered
  71.  
  72. Gathered Subdomain information for top.play-kitty.com
  73. ---------------------------------------------------------------------------------------------------------------------------------------
  74. Searching Google.com:80...
  75. Searching Altavista.com:80...
  76. Found 0 possible subdomain(s) for host top.play-kitty.com, Searched 0 pages containing 0 results
  77.  
  78. Gathered E-Mail information for top.play-kitty.com
  79. ---------------------------------------------------------------------------------------------------------------------------------------
  80. Searching Google.com:80...
  81. Searching Altavista.com:80...
  82. Found 0 E-Mail(s) for host top.play-kitty.com, Searched 0 pages containing 0 results
  83.  
  84. Gathered TCP Port information for 89.46.222.229
  85. ---------------------------------------------------------------------------------------------------------------------------------------
  86.  
  87. Port State
  88.  
  89. 22/tcp open
  90. 80/tcp open
  91.  
  92. Portscan Finished: Scanned 150 ports, 141 ports were in state closed
  93.  
  94. #######################################################################################################################################
  95.  
  96. [i] Scanning Site: http://top.play-kitty.com
  97.  
  98.  
  99.  
  100. B A S I C I N F O
  101. =======================================================================================================================================
  102.  
  103.  
  104. [+] Site Title: Top Sites
  105. [+] IP address: 89.46.222.229
  106. [+] Web Server: nginx/1.10.2
  107. [+] CMS: Could Not Detect
  108. [+] Cloudflare: Not Detected
  109. [+] Robots File: Could NOT Find robots.txt!
  110.  
  111.  
  112.  
  113.  
  114. W H O I S L O O K U P
  115. =======================================================================================================================================
  116.  
  117. No match for "TOP.PLAY-KITTY.COM".
  118. >>> Last update of whois database: 2018-08-27T09:26:04Z <<<
  119.  
  120. NOTICE: The expiration date displayed in this record is the date the
  121. registrar's sponsorship of the domain name registration in the registry is
  122. currently set to expire. This date does not necessarily reflect the expiration
  123. date of the domain name registrant's agreement with the sponsoring
  124. registrar. Users may consult the sponsoring registrar's Whois database to
  125. view the registrar's reported date of expiration for this registration.
  126.  
  127.  
  128. The Registry database contains ONLY .COM, .NET, .EDU domains and
  129. Registrars.
  130.  
  131.  
  132.  
  133.  
  134. G E O I P L O O K U P
  135. =======================================================================================================================================
  136.  
  137. [i] IP Address: 89.46.222.229
  138. [i] Country: RO
  139. [i] State: N/A
  140. [i] City: N/A
  141. [i] Latitude: 46.000000
  142. [i] Longitude: 25.000000
  143.  
  144.  
  145.  
  146.  
  147. H T T P H E A D E R S
  148. =======================================================================================================================================
  149.  
  150.  
  151. [i] HTTP/1.1 200 OK
  152. [i] Server: nginx/1.10.2
  153. [i] Date: Mon, 27 Aug 2018 09:26:28 GMT
  154. [i] Content-Type: text/html; charset=UTF-8
  155. [i] Content-Length: 34342
  156. [i] Connection: close
  157. [i] Accept-Ranges: bytes
  158.  
  159.  
  160.  
  161.  
  162. D N S L O O K U P
  163. =======================================================================================================================================
  164.  
  165. ;; Truncated, retrying in TCP mode.
  166. top.play-kitty.com. 3789 IN HINFO "ANY/RRSIG query Disabled" "See draft-ietf-dnsop-refuse-any"
  167.  
  168.  
  169.  
  170.  
  171. S U B N E T C A L C U L A T I O N
  172. =======================================================================================================================================
  173.  
  174. Address = 89.46.222.229
  175. Network = 89.46.222.229 / 32
  176. Netmask = 255.255.255.255
  177. Broadcast = not needed on Point-to-Point links
  178. Wildcard Mask = 0.0.0.0
  179. Hosts Bits = 0
  180. Max. Hosts = 1 (2^0 - 0)
  181. Host Range = { 89.46.222.229 - 89.46.222.229 }
  182.  
  183.  
  184.  
  185. N M A P P O R T S C A N
  186. =======================================================================================================================================
  187.  
  188.  
  189. Starting Nmap 7.40 ( https://nmap.org ) at 2018-08-27 09:26 UTC
  190. Nmap scan report for top.play-kitty.com (89.46.222.229)
  191. Host is up (0.12s latency).
  192. rDNS record for 89.46.222.229: anticenz.org
  193. PORT STATE SERVICE
  194. 21/tcp closed ftp
  195. 22/tcp open ssh
  196. 23/tcp closed telnet
  197. 80/tcp open http
  198. 110/tcp closed pop3
  199. 143/tcp closed imap
  200. 443/tcp closed https
  201. 3389/tcp closed ms-wbt-server
  202.  
  203. Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds
  204. #######################################################################################################################################
  205. [?] Enter the target: http://top.play-kitty.com/
  206. [!] IP Address : 89.46.222.229
  207. [!] Server: nginx/1.10.2
  208. [+] Clickjacking protection is not in place.
  209. [!] top.play-kitty.com doesn't seem to use a CMS
  210. [+] Honeypot Probabilty: 0%
  211. ---------------------------------------------------------------------------------------------------------------------------------------
  212. [~] Trying to gather whois information for top.play-kitty.com
  213. [+] Whois information found
  214. [-] Unable to build response, visit https://who.is/whois/top.play-kitty.com
  215. ---------------------------------------------------------------------------------------------------------------------------------------
  216. PORT STATE SERVICE
  217. 21/tcp closed ftp
  218. 22/tcp open ssh
  219. 23/tcp closed telnet
  220. 80/tcp open http
  221. 110/tcp closed pop3
  222. 143/tcp closed imap
  223. 443/tcp closed https
  224. 3389/tcp closed ms-wbt-server
  225. Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds
  226. ---------------------------------------------------------------------------------------------------------------------------------------
  227.  
  228. [+] DNS Records
  229.  
  230. [+] Host Records (A)
  231. top.play-kitty.comHTTP: (89.46.222.229) AS48874 Hostmaze Inc Srl-d Romania
  232.  
  233. [+] TXT Records
  234.  
  235. [+] DNS Map: https://dnsdumpster.com/static/map/top.play-kitty.com.png
  236.  
  237. [>] Initiating 3 intel modules
  238. [>] Loading Alpha module (1/3)
  239. [>] Beta module deployed (2/3)
  240. [>] Gamma module initiated (3/3)
  241.  
  242.  
  243. [+] Emails found:
  244. ---------------------------------------------------------------------------------------------------------------------------------------
  245. pixel-1535362002749880-web-@top.play-kitty.com
  246. pixel-1535362010614193-web-@top.play-kitty.com
  247. No hosts found
  248. [+] Virtual hosts:
  249. ---------------------------------------------------------------------------------------------------------------------------------------
  250. [~] Crawling the target for fuzzable URLs
  251. [-] No fuzzable URLs found
  252. #######################################################################################################################################
  253. dnsenum VERSION:1.2.4
  254.  
  255. ----- top.play-kitty.com -----
  256.  
  257.  
  258. Host's addresses:
  259. __________________
  260.  
  261. top.play-kitty.com. 28798 IN A 89.46.222.229
  262.  
  263.  
  264. Name Servers:
  265. ______________
  266. #######################################################################################################################################
  267. Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-27 05:23 EDT
  268. Nmap scan report for top.play-kitty.com (89.46.222.229)
  269. Host is up (0.55s latency).
  270. rDNS record for 89.46.222.229: anticenz.org
  271. Not shown: 468 closed ports, 6 filtered ports
  272. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  273. PORT STATE SERVICE
  274. 22/tcp open ssh
  275. 80/tcp open http
  276.  
  277. Nmap done: 1 IP address (1 host up) scanned in 14.95 seconds
  278. #######################################################################################################################################
  279. Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-27 05:23 EDT
  280. Nmap scan report for top.play-kitty.com (89.46.222.229)
  281. Host is up.
  282. rDNS record for 89.46.222.229: anticenz.org
  283.  
  284. PORT STATE SERVICE
  285. 53/udp open|filtered domain
  286. 67/udp open|filtered dhcps
  287. 68/udp open|filtered dhcpc
  288. 69/udp open|filtered tftp
  289. 88/udp open|filtered kerberos-sec
  290. 123/udp open|filtered ntp
  291. 137/udp open|filtered netbios-ns
  292. 138/udp open|filtered netbios-dgm
  293. 139/udp open|filtered netbios-ssn
  294. 161/udp open|filtered snmp
  295. 162/udp open|filtered snmptrap
  296. 389/udp open|filtered ldap
  297. 520/udp open|filtered route
  298. 2049/udp open|filtered nfs
  299.  
  300. Nmap done: 1 IP address (1 host up) scanned in 3.50 seconds
  301. #######################################################################################################################################
  302. + -- --=[Port 21 closed... skipping.
  303. + -- --=[Port 22 opened... running tests...
  304. # general
  305. (gen) banner: SSH-2.0-OpenSSH_4.3
  306. (gen) software: OpenSSH 4.3
  307. (gen) compatibility: OpenSSH 4.2-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)
  308. (gen) compression: enabled (zlib@openssh.com)
  309.  
  310. # key exchange algorithms
  311. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  312. `- [warn] using weak hashing algorithm
  313. `- [info] available since OpenSSH 2.3.0
  314. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
  315. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  316. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  317. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
  318. `- [warn] using small 1024-bit modulus
  319. `- [warn] using weak hashing algorithm
  320. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  321.  
  322. # host-key algorithms
  323. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  324. (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
  325. `- [warn] using small 1024-bit modulus
  326. `- [warn] using weak random number generator could reveal the key
  327. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  328.  
  329. # encryption algorithms (ciphers)
  330. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  331. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
  332. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  333. (enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  334. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  335. `- [warn] using weak cipher
  336. `- [info] available since OpenSSH 4.2
  337. (enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  338. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  339. `- [warn] using weak cipher
  340. `- [info] available since OpenSSH 4.2
  341. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  342. `- [warn] using weak cipher mode
  343. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  344. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  345. `- [warn] using weak cipher
  346. `- [warn] using weak cipher mode
  347. `- [warn] using small 64-bit block size
  348. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  349. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  350. `- [fail] disabled since Dropbear SSH 0.53
  351. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  352. `- [warn] using weak cipher mode
  353. `- [warn] using small 64-bit block size
  354. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  355. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  356. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  357. `- [warn] using weak cipher mode
  358. `- [warn] using small 64-bit block size
  359. `- [info] available since OpenSSH 2.1.0
  360. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  361. `- [warn] using weak cipher mode
  362. `- [info] available since OpenSSH 2.3.0
  363. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  364. `- [warn] using weak cipher mode
  365. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
  366. (enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  367. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  368. `- [warn] using weak cipher
  369. `- [info] available since OpenSSH 2.1.0
  370. (enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  371. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  372. `- [warn] using weak cipher mode
  373. `- [info] available since OpenSSH 2.3.0
  374.  
  375. # message authentication code algorithms
  376. (mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  377. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  378. `- [warn] using encrypt-and-MAC mode
  379. `- [warn] using weak hashing algorithm
  380. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  381. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
  382. `- [warn] using weak hashing algorithm
  383. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  384. (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  385. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  386. `- [warn] using encrypt-and-MAC mode
  387. `- [info] available since OpenSSH 2.5.0
  388. (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  389. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  390. `- [warn] using encrypt-and-MAC mode
  391. `- [info] available since OpenSSH 2.1.0
  392. (mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  393. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  394. `- [warn] using encrypt-and-MAC mode
  395. `- [warn] using weak hashing algorithm
  396. `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
  397. (mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  398. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  399. `- [warn] using encrypt-and-MAC mode
  400. `- [warn] using weak hashing algorithm
  401. `- [info] available since OpenSSH 2.5.0
  402.  
  403. # algorithm recommendations (for OpenSSH 4.3)
  404. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
  405. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
  406. (rec) -ssh-dss -- key algorithm to remove
  407. (rec) -arcfour -- enc algorithm to remove
  408. (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
  409. (rec) -blowfish-cbc -- enc algorithm to remove
  410. (rec) -3des-cbc -- enc algorithm to remove
  411. (rec) -aes256-cbc -- enc algorithm to remove
  412. (rec) -arcfour256 -- enc algorithm to remove
  413. (rec) -cast128-cbc -- enc algorithm to remove
  414. (rec) -aes192-cbc -- enc algorithm to remove
  415. (rec) -arcfour128 -- enc algorithm to remove
  416. (rec) -aes128-cbc -- enc algorithm to remove
  417. (rec) -hmac-ripemd160 -- mac algorithm to remove
  418. (rec) -hmac-md5-96 -- mac algorithm to remove
  419. (rec) -hmac-sha1-96 -- mac algorithm to remove
  420. (rec) -hmac-md5 -- mac algorithm to remove
  421. (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
  422.  
  423. Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-27 05:23 EDT
  424. Nmap scan report for top.play-kitty.com (89.46.222.229)
  425. Host is up (0.084s latency).
  426. rDNS record for 89.46.222.229: anticenz.org
  427.  
  428. PORT STATE SERVICE VERSION
  429. 22/tcp filtered ssh
  430. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  431. Device type: firewall|general purpose
  432. Running: Linux 2.4.X|2.6.X, ISS embedded
  433. OS CPE: cpe:/o:linux:linux_kernel:2.4.18 cpe:/h:iss:proventia_gx3002 cpe:/o:linux:linux_kernel:2.6.22
  434. OS details: ISS Proventia GX3002 firewall (Linux 2.4.18), Linux 2.6.22 (Debian 4.0)
  435.  
  436. TRACEROUTE (using proto 1/icmp)
  437. HOP RTT ADDRESS
  438. 1 ... 30
  439.  
  440. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  441. Nmap done: 1 IP address (1 host up) scanned in 12.18 seconds
  442.  
  443. # cowsay++
  444. ____________
  445. < metasploit >
  446. ------------
  447. \ ,__,
  448. \ (oo)____
  449. (__) )\
  450. ||--|| *
  451.  
  452.  
  453. =[ metasploit v4.17.8-dev ]
  454. + -- --=[ 1803 exploits - 1027 auxiliary - 311 post ]
  455. + -- --=[ 538 payloads - 41 encoders - 10 nops ]
  456. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  457.  
  458. USER_FILE => /brutex/wordlists/simple-users.txt
  459. RHOSTS => top.play-kitty.com
  460. RHOST => top.play-kitty.com
  461. [+] 89.46.222.229:22 - SSH server version: SSH-2.0-OpenSSH_4.3 ( service.version=4.3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.protocol=ssh fingerprint_db=ssh.banner )
  462. [*] top.play-kitty.com:22 - Scanned 1 of 1 hosts (100% complete)
  463. [*] Auxiliary module execution completed
  464. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
  465. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
  466. [+] 89.46.222.229:22 - SSH server version: SSH-2.0-OpenSSH_4.3 ( service.version=4.3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.protocol=ssh fingerprint_db=ssh.banner )
  467. [*] top.play-kitty.com:22 - Scanned 1 of 1 hosts (100% complete)
  468. [*] Auxiliary module execution completed
  469. #######################################################################################################################################
  470.  
  471. ^ ^
  472. _ __ _ ____ _ __ _ _ ____
  473. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  474. | V V // o // _/ | V V // 0 // 0 // _/
  475. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  476. <
  477. ...'
  478.  
  479. WAFW00F - Web Application Firewall Detection Tool
  480.  
  481. By Sandro Gauci && Wendel G. Henrique
  482.  
  483. Checking http://top.play-kitty.com
  484. Generic Detection results:
  485. No WAF detected by the generic detection
  486. Number of requests: 14
  487. #######################################################################################################################################
  488.  
  489. wig - WebApp Information Gatherer
  490.  
  491.  
  492. Scanning http://top.play-kitty.com...
  493. ___________________________________________ SITE INFO ____________________________________________
  494. IP Title
  495. 89.46.222.229 Top Sites
  496.  
  497. ____________________________________________ VERSION _____________________________________________
  498. Name Versions Type
  499. Apache 2.0.48 | 2.0.49 | 2.0.50 | 2.0.51 | 2.0.52 | 2.0.53 | 2.0.54 Platform
  500. 2.0.55 | 2.0.56 | 2.0.57 | 2.0.58 | 2.0.59 | 2.0.60 | 2.1.1
  501. 2.1.10 | 2.1.2 | 2.1.3 | 2.1.4 | 2.1.5 | 2.1.6 | 2.1.7
  502. 2.1.8 | 2.1.9 | 2.2.0 | 2.2.1 | 2.2.2 | 2.2.3 | 2.2.4
  503. 2.2.5
  504. nginx 1.10.2 Platform
  505.  
  506. __________________________________________________________________________________________________
  507. Time: 353.5 sec Urls: 599 Fingerprints: 40401
  508. #######################################################################################################################################
  509. HTTP/1.1 200 OK
  510. Server: nginx/1.10.2
  511. Date: Mon, 27 Aug 2018 09:30:56 GMT
  512. Content-Type: text/html; charset=UTF-8
  513. Content-Length: 34342
  514. Connection: keep-alive
  515. Accept-Ranges: bytes
  516.  
  517. #######################################################################################################################################
  518.  
  519. I, [2018-08-27T05:30:58.411841 #2964] INFO -- : Initiating port scan
  520. I, [2018-08-27T05:31:54.968880 #2964] INFO -- : Using nmap scan output file logs/nmap_output_2018-08-27_05-30-58.xml
  521. W, [2018-08-27T05:31:54.970137 #2964] WARN -- : Yasuo did not find any potential hosts to enumerate
  522. ____
  523. #######################################################################################################################################
  524. [*] Processing domain top.play-kitty.com
  525. [+] Getting nameservers
  526. [-] Getting nameservers failed
  527. [-] Zone transfer failed
  528.  
  529. [*] Scanning top.play-kitty.com for A records
  530. 89.46.222.229 - top.play-kitty.com
  531.  
  532. #######################################################################################################################################
  533. *] Performing General Enumeration of Domain: top.play-kitty.com
  534. [-] DNSSEC is not configured for top.play-kitty.com
  535. [*] SOA ns8.seattledomains.net 162.251.82.124
  536. [*] SOA ns8.seattledomains.net 162.251.82.125
  537. [*] SOA ns8.seattledomains.net 162.251.82.252
  538. [*] SOA ns8.seattledomains.net 162.251.82.253
  539. [-] Could not Resolve NS Records for top.play-kitty.com
  540. [-] Could not Resolve MX Records for top.play-kitty.com
  541. [*] A top.play-kitty.com 89.46.222.229
  542. [*] Enumerating SRV Records
  543. [-] No SRV Records Found for top.play-kitty.com
  544. [+] 0 Records Found
  545. #######################################################################################################################################
  546. =======================================================================================================================================
  547. Hosts 5
  548. DNS Records 5
  549.  
  550. Hosts (5)
  551. =======================================================================================================================================
  552. 89.46.222.229
  553. 162.251.82.124
  554. 162.251.82.125
  555. 162.251.82.252
  556. 162.251.82.253
  557.  
  558. DNS Records (5)
  559. =======================================================================================================================================
  560. top.play-kitty.com A 89.46.222.229
  561. ns8.seattledomains.net SOA 162.251.82.124
  562. ns8.seattledomains.net SOA 162.251.82.125
  563. ns8.seattledomains.net SOA 162.251.82.252
  564. ns8.seattledomains.net SOA 162.251.82.253
  565.  
  566. Loadbalancing
  567. =======================================================================================================================================
  568. Checking for DNS-Loadbalancing:
  569. NOT FOUND
  570.  
  571. Checking for HTTP-Loadbalancing [Server]:
  572. nginx/1.10.2
  573. NOT FOUND
  574.  
  575. Checking for HTTP-Loadbalancing [Date]:
  576. 09:46:09, 09:46:10, 09:46:13, 09:46:14, 09:46:16, 09:46:18, 09:46:20, 09:46:22, 09:46:24, 09:46:26,
  577. 09:46:28, 09:46:31, 09:46:34, 09:46:37, 09:46:39, 09:46:41, 09:46:44, 09:46:48, 09:46:51, 09:46:53,
  578. 09:46:55, 09:46:57, 09:46:58, 09:47:01, 09:47:03, 09:47:05, 09:47:07, 09:47:09, 09:47:11, 09:47:13,
  579. 09:47:15, 09:47:17, 09:47:19, 09:47:21, 09:47:23, 09:47:25, 09:47:27, 09:47:29, 09:47:31, 09:47:32,
  580. 09:47:34, 09:47:36, 09:47:38, 09:47:40, 09:47:43, 09:47:45, 09:47:47, 09:47:49, 09:47:51, 09:47:52,
  581. NOT FOUND
  582.  
  583. Checking for HTTP-Loadbalancing [Diff]:
  584. NOT FOUND
  585. #######################################################################################################################################
  586. ICMP ECHO
  587. 1 public-gw.vpngate.net (10.211.254.254)
  588. 2 WRC-1167GHBK2-S.elecom (192.168.2.1)
  589. 3 softbank219188212218.bbtec.net (219.188.212.218)
  590. 4 softbank221110220117.bbtec.net (221.110.220.117)
  591. 5 softbank221110220065.bbtec.net (221.110.220.65)
  592. 6 10.0.61.13 (10.0.61.13)
  593. 7 10.0.60.101 (10.0.60.101)
  594. 8 10.9.203.90 (10.9.203.90)
  595. 9 ae-13.a01.tokyjp05.jp.bb.gin.ntt.net (203.105.72.85)
  596. 10 ae-23.r02.tokyjp05.jp.bb.gin.ntt.net (129.250.5.247)
  597. 11 ae-3.r31.tokyjp05.jp.bb.gin.ntt.net (129.250.3.29)
  598. 12 ae-7.r23.lsanca07.us.bb.gin.ntt.net (129.250.3.14)
  599. 13 ae-6.r22.asbnva02.us.bb.gin.ntt.net (129.250.3.188)
  600. 14 ae-6.r25.frnkge08.de.bb.gin.ntt.net (129.250.4.97)
  601. 15 ae-28.r03.frnkge03.de.bb.gin.ntt.net (129.250.5.147)
  602. 16 213.198.77.198 (213.198.77.198)
  603. 17 * *
  604. 18 * *
  605. 19 * *
  606. 20 * *
  607. 21 tms0.banatnet.ro (85.204.98.6)
  608. 22 85.120.160.130 (85.120.160.130)
  609. 23 89.46.222.3 (89.46.222.3)
  610. 24 anticenz.org (89.46.222.229)
  611.  
  612. TCP SYN
  613. 1 anticenz.org (89.46.222.229)
  614.  
  615. Zone Transfer
  616. =======================================================================================================================================
  617. #######################################################################################################################################
  618. Resolving SOA Record
  619. SOA ns8.seattledomains.net 162.251.82.253
  620. SOA ns8.seattledomains.net 162.251.82.125
  621. SOA ns8.seattledomains.net 162.251.82.124
  622. SOA ns8.seattledomains.net 162.251.82.252
  623. Resolving NS Records
  624. Could not Resolve NS Records
  625.  
  626. Trying NS server 162.251.82.125
  627. Zone transfer error: NOTIMP
  628.  
  629. Trying NS server 162.251.82.252
  630. Zone transfer error: NOTIMP
  631.  
  632. Trying NS server 162.251.82.124
  633. Zone transfer error: NOTIMP
  634.  
  635. Trying NS server 162.251.82.253
  636. Zone transfer error: NOTIMP
  637.  
  638. Whatweb
  639. =======================================================================================================================================
  640. #######################################################################################################################################
  641. ---------------------------------------------------------------------------------------------------------------------------------------
  642. + Target IP: 89.46.222.229
  643. + Target Hostname: top.play-kitty.com
  644. + Target Port: 80
  645. + Start Time: 2018-08-27 10:40:37 (GMT-4)
  646. ---------------------------------------------------------------------------------------------------------------------------------------
  647. + Server: nginx/1.10.2
  648. + The anti-clickjacking X-Frame-Options header is not present.
  649. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  650. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  651. + Server leaks inodes via ETags, header found with file /index.htm, inode: 18104394, size: 15140, mtime: Sun Oct 31 07:19:12 2066
  652. + Multiple index files found: /index.htm, /index.html
  653. + ERROR: Error limit (20) reached for host, giving up. Last error:
  654. + Scan terminated: 4 error(s) and 5 item(s) reported on remote host
  655. + End Time: 2018-08-27 11:19:32 (GMT-4) (2335 seconds)
  656. ---------------------------------------------------------------------------------------------------------------------------------------#######################################################################################################################################
  657. =======================================================================================================================================
  658. | Domain: http://top.play-kitty.com/
  659. | Server: nginx/1.10.2
  660. | IP: 89.46.222.229
  661. =======================================================================================================================================
  662. |
  663. | Directory check:
  664. | [+] CODE: 200 URL: http://top.play-kitty.com/awstats/
  665. | [+] CODE: 200 URL: http://top.play-kitty.com/banners/
  666. | [+] CODE: 200 URL: http://top.play-kitty.com/cgi-bin/
  667. | [+] CODE: 200 URL: http://top.play-kitty.com/error/
  668. | [+] CODE: 200 URL: http://top.play-kitty.com/icons/
  669. | [+] CODE: 200 URL: http://top.play-kitty.com/top/
  670. =======================================================================================================================================
  671. |
  672. | File check:
  673. | [+] CODE: 200 URL: http://top.play-kitty.com/server-status
  674. | [+] CODE: 200 URL: http://top.play-kitty.com/cgi-bin/.htaccess~
  675. | [+] CODE: 200 URL: http://top.play-kitty.com/cgi-bin/.htaccess.old
  676. | [+] CODE: 200 URL: http://top.play-kitty.com/cgi-bin/.htaccess.save
  677. | [+] CODE: 200 URL: http://top.play-kitty.com/cgi-bin/.htaccess
  678. | [+] CODE: 200 URL: http://top.play-kitty.com/cgi-bin/.htpasswd
  679. | [+] CODE: 200 URL: http://top.play-kitty.com/error/HTTP_NOT_FOUND.html.var
  680. | [+] CODE: 200 URL: http://top.play-kitty.com/.htpasswd
  681. | [+] CODE: 200 URL: http://top.play-kitty.com/.htaccess
  682. | [+] CODE: 200 URL: http://top.play-kitty.com/index.htm
  683. | [+] CODE: 200 URL: http://top.play-kitty.com/index.html
  684. | [+] CODE: 200 URL: http://top.play-kitty.com/index.html~
  685. =======================================================================================================================================
  686. #######################################################################################################################################
  687. | External hosts:
  688. | [+] External Host Found: http://yulia2.feburo.com
  689. | [+] External Host Found: http://nonuchan.net
  690. | [+] External Host Found: http://euro2.finelady.biz
  691. | [+] External Host Found: http://www.shameless-preteens.net
  692. | [+] External Host Found: http://out.php?url=part2.candydoll.lv
  693. | [+] External Host Found: http://janet.topmodelsart.com
  694. | [+] External Host Found: http://nn-models.review
  695. | [+] External Host Found: http://kristina2.feburo.com
  696. | [+] External Host Found: http://out.php?url=part1.candydoll.lv
  697. | [+] External Host Found: http://out.php?url=part6.candydoll.lv
  698. | [+] External Host Found: http://www.100nn.net
  699. | [+] External Host Found: http://out.php?url=part4.candydoll.lv
  700. | [+] External Host Found: http://usenetbrowser.net
  701. | [+] External Host Found: http://daphne2.feburo.com
  702. | [+] External Host Found: http://euro.finelady.biz
  703. | [+] External Host Found: http://www.preteen-goddesses.com
  704. | [+] External Host Found: http://cgi-works.net
  705. | [+] External Host Found: http://karen.topmodelsart.com
  706. | [+] External Host Found: http://art-modeling.net
  707. | [+] External Host Found: http://top.merryangels.com
  708. | [+] External Host Found: http://out.php?url=part5.candydoll.lv
  709. | [+] External Host Found: http://www.youth-and-beauty.info
  710. | [+] External Host Found: http://nn-forum.net
  711. | [+] External Host Found: http://nnville.net
  712. | [+] External Host Found: http://100nn.net
  713. | [+] External Host Found: http://hdvid.feburo.com
  714. | [+] External Host Found: http://www.candydoll.lv
  715. | [+] External Host Found: http://yulia.feburo.com
  716. | [+] External Host Found: http://findbetterresults.com
  717. | [+] External Host Found: http://japstars1.finelady.biz
  718. | [+] External Host Found: http://out.php?url=part9.candydoll.lv
  719. | [+] External Host Found: http://ww31.little-cuties.biz
  720. | [+] External Host Found: http://top.modedolls.com
  721. | [+] External Host Found: http://out.php?url=part10.candydoll.lv
  722. | [+] External Host Found: http://candydollchan.net
  723. | [+] External Host Found: http://out.php?url=part3.candydoll.lv
  724. #######################################################################################################################################
  725. | File Upload Forms:
  726. | [+] Upload Form Found: http://top.play-kitty.com/cgi-bin/top/out.cgi?id=nnchan
  727. | [+] Upload Form Found: http://top.play-kitty.com/cgi-bin/top/out.cgi?id=candy
  728. |
  729. | E-mails:
  730. | [+] E-mail Found: dotnet@mail.nu
  731. | [+] E-mail Found: support@play-kitty.info
  732. ######################################################################################################################################
  733. | FCKeditor tests:
  734. |
  735. |
  736. | Timthumb < 1.33 vulnerability:
  737. |
  738. |
  739. | Backup Files:
  740. | [+] CODE: 200 URL: http://top.play-kitty.com/index.html~
  741. |
  742. |
  743. | Blind SQL Injection:
  744. | [+] Vul [Blind SQL-i]: http://top.play-kitty.com/cgi-bin/top/out.cgi?id=candy+AND+1=1
  745. | [+] Keyword: Subject
  746. | [+] Vul [Blind SQL-i]: http://top.play-kitty.com/cgi-bin/top/out.cgi?id=vica123+AND+1=1
  747. | [+] Keyword: NoNude
  748. | [+] Vul [Blind SQL-i]: http://top.play-kitty.com/cgi-bin/top/out.cgi?id=hqnn'+AND+'1'='1
  749. | [+] Keyword: nonude
  750. | [+] Vul [Blind SQL-i]: http://top.play-kitty.com/cgi-bin/top/out.cgi?id=nnchan'+AND+'1'='1
  751. | [+] Keyword: preview
  752. | [+] Vul [Blind SQL-i]: http://top.play-kitty.com/cgi-bin/top/out.cgi?id=vica123'+AND+'1'='1
  753. | [+] Keyword: gallery
  754. | [+] Vul [Blind SQL-i]: http://top.play-kitty.com/cgi-bin/top/out.cgi?id=shpre'+AND+'1'='1
  755. | [+] Keyword: beauty
  756. | [+] Vul [Blind SQL-i]: http://top.play-kitty.com/cgi-bin/top/out.cgi?id=godd'+AND+'1'='1
  757. | [+] Keyword: LITTLE
  758. | [+] Vul [Blind SQL-i]: http://top.play-kitty.com/cgi-bin/top/out.cgi?id=starz'+AND+'1'='1
  759. | [+] Keyword: PRETEEN
  760. |
  761. #######################################################################################################################################
  762. Anonymous JTSEC #OpDeathEathers full Recon #4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!