Anonymous JTSEC #OpSudan Full Recon #92

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname whitenilestate.gov.sd ISP NICDC
4. Continent Africa Flag
5. SD
6. Country Sudan Country Code SD
7. Region Unknown Local time 15 Jun 2019 06:26 CAT
8. City Unknown Postal Code Unknown
9. IP Address 62.12.105.3 Latitude 15
10. Longitude 30
11. =======================================================================================================================================
12. #######################################################################################################################################
13. > whitenilestate.gov.sd
14. Server: 185.93.180.131
15. Address: 185.93.180.131#53
16.  
17. Non-authoritative answer:
18. Name: whitenilestate.gov.sd
19. Address: 62.12.105.3
20. >
21. #######################################################################################################################################
22. [+] Target : whitenilestate.gov.sd
23.  
24. [+] IP Address : 62.12.105.3
25.  
26. [+] Headers :
27.  
28. [+] Cache-Control : private
29. [+] Content-Type : text/html; charset=utf-8
30. [+] Content-Encoding : gzip
31. [+] Vary : Accept-Encoding
32. [+] Server : Microsoft-IIS/8.5
33. [+] X-AspNet-Version : 4.0.30319
34. [+] X-Powered-By : ASP.NET
35. [+] X-Powered-By-Plesk : PleskWin
36. [+] Date : Sat, 15 Jun 2019 04:31:40 GMT
37. [+] Content-Length : 6805
38.  
39. [+] SSL Certificate Information :
40.  
41. [-] SSL is not Present on Target URL...Skipping...
42.  
43. [+] Whois Lookup :
44.  
45. [+] NIR : None
46. [+] ASN Registry : afrinic
47. [+] ASN : 327881
48. [+] ASN CIDR : 62.12.105.0/24
49. [+] ASN Country Code : SD
50. [+] ASN Date : 2015-05-11
51. [+] ASN Description : NICDC, SD
52. [+] cidr : 62.12.105.0/24
53. [+] name : ORG-MoTa1-AFRINIC
54. [+] handle : IAEI1-AFRINIC
55. [+] range : 62.12.105.0 - 62.12.105.255
56. [+] description : National Information Center (NIC)
57. [+] country : SD
58. [+] state : None
59. [+] city : None
60. [+] address : National Information Center (NIC)
61. [+] postal_code : None
62. [+] emails : None
63. [+] created : None
64. [+] updated : None
65.  
66. [+] Crawling Target...
67.  
68. [+] Looking for robots.txt........[ Not Found ]
69. [+] Looking for sitemap.xml.......[ Not Found ]
70. [+] Extracting CSS Links..........[ 6 ]
71. [+] Extracting Javascript Links...[ 17 ]
72. [+] Extracting Internal Links.....[ 0 ]
73. [+] Extracting External Links.....[ 10 ]
74. [+] Extracting Images.............[ 16 ]
75.  
76. [+] Total Links Extracted : 49
77.  
78. [+] Dumping Links in /opt/FinalRecon/dumps/whitenilestate.gov.sd.dump
79. [+] Completed!
80. #######################################################################################################################################
81. [+] Starting At 2019-06-15 00:31:40.588942
82. [+] Collecting Information On: whitenilestate.gov.sd
83. [#] Status: 200
84. ---------------------------------------------------------------------------------------------------------------------------------------
85. [#] Web Server Detected: Microsoft-IIS/8.5
86. [#] X-Powered-By: ASP.NET
87. [!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
88. - Cache-Control: private
89. - Content-Type: text/html; charset=utf-8
90. - Content-Encoding: gzip
91. - Vary: Accept-Encoding
92. - Server: Microsoft-IIS/8.5
93. - X-AspNet-Version: 4.0.30319
94. - X-Powered-By: ASP.NET
95. - X-Powered-By-Plesk: PleskWin
96. - Date: Sat, 15 Jun 2019 04:31:35 GMT
97. - Content-Length: 6805
98. ---------------------------------------------------------------------------------------------------------------------------------------
99. [#] Finding Location..!
100. [#] as: AS327881 National Information Center (NIC)
101. [#] city: Khartoum
102. [#] country: Sudan
103. [#] countryCode: SD
104. [#] isp: National Information Center
105. [#] lat: 15.5007
106. [#] lon: 32.5599
107. [#] org: ORG MoTa1 AFRINIC
108. [#] query: 62.12.105.3
109. [#] region: KH
110. [#] regionName: Khartoum
111. [#] status: success
112. [#] timezone: Africa/Khartoum
113. [#] zip:
114. ---------------------------------------------------------------------------------------------------------------------------------------
115. [+] Detected WAF Presence in web application: ASP.NET Generic Web Application Protection
116. ---------------------------------------------------------------------------------------------------------------------------------------
117. [#] Starting Reverse DNS
118. [!] Found 4 any Domain
119. - moiat.gov.sd
120. - ombudsman.gov.sd
121. - trafficpolice.gov.sd
122. - whitenilestate.gov.sd
123. ---------------------------------------------------------------------------------------------------------------------------------------
124. [!] Scanning Open Port
125. [#] 21/tcp open ftp
126. [#] 80/tcp open http
127. [#] 110/tcp open pop3
128. [#] 143/tcp open imap
129. [#] 443/tcp open https
130. [#] 8443/tcp open https-alt
131. ---------------------------------------------------------------------------------------------------------------------------------------
132. [+] Collecting Information Disclosure!
133. #######################################################################################################################################
134. [i] Scanning Site: http://whitenilestate.gov.sd
135.  
136.  
137.  
138. B A S I C I N F O
139. ====================
140.  
141.  
142. [+] Site Title: ولاية النيل الابيض
143. [+] IP address: 62.12.105.3
144. [+] Web Server: Microsoft-IIS/8.5
145. [+] CMS: Could Not Detect
146. [+] Cloudflare: Not Detected
147. [+] Robots File: Could NOT Find robots.txt!
148. #######################################################################################################################################
149.  
150.  
151.  
152.  
153.  
154. G E O I P L O O K U P
155. =========================
156.  
157. [i] IP Address: 62.12.105.3
158. [i] Country: Sudan
159. [i] State:
160. [i] City:
161. [i] Latitude: 15.0
162. [i] Longitude: 30.0
163. #######################################################################################################################################
164.  
165.  
166.  
167. H T T P H E A D E R S
168. =======================
169.  
170.  
171. [i] HTTP/1.1 200 OK
172. [i] Cache-Control: private
173. [i] Content-Type: text/html; charset=utf-8
174. [i] Server: Microsoft-IIS/8.5
175. [i] X-AspNet-Version: 4.0.30319
176. [i] X-Powered-By: ASP.NET
177. [i] X-Powered-By-Plesk: PleskWin
178. [i] Date: Sat, 15 Jun 2019 04:31:58 GMT
179. [i] Connection: close
180. [i] Content-Length: 31905
181. #######################################################################################################################################
182.  
183.  
184.  
185. D N S L O O K U P
186. ===================
187.  
188. whitenilestate.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017092500 10800 900 604800 86400
189. whitenilestate.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
190. whitenilestate.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
191. whitenilestate.gov.sd. 21599 IN A 62.12.105.3
192. whitenilestate.gov.sd. 21599 IN MX 10 mail.whitenilestate.gov.sd.
193. whitenilestate.gov.sd. 21599 IN TXT "v=spf1 mx -all"
194. #######################################################################################################################################
195.  
196.  
197.  
198. S U B N E T C A L C U L A T I O N
199. ====================================
200.  
201. Address = 62.12.105.3
202. Network = 62.12.105.3 / 32
203. Netmask = 255.255.255.255
204. Broadcast = not needed on Point-to-Point links
205. Wildcard Mask = 0.0.0.0
206. Hosts Bits = 0
207. Max. Hosts = 1 (2^0 - 0)
208. Host Range = { 62.12.105.3 - 62.12.105.3 }
209. #######################################################################################################################################
210.  
211.  
212. N M A P P O R T S C A N
213. ============================
214.  
215. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 04:32 UTC
216. Nmap scan report for whitenilestate.gov.sd (62.12.105.3)
217. Host is up (0.20s latency).
218. rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
219.  
220. PORT STATE SERVICE
221. 21/tcp open ftp
222. 22/tcp filtered ssh
223. 23/tcp filtered telnet
224. 80/tcp open http
225. 110/tcp open pop3
226. 143/tcp open imap
227. 443/tcp open https
228. 3389/tcp filtered ms-wbt-server
229.  
230. Nmap done: 1 IP address (1 host up) scanned in 3.21 seconds
231. #######################################################################################################################################
232. Enter Address Website = whitenilestate.gov.sd
233.  
234. Reversing IP With HackTarget 'whitenilestate.gov.sd'
235. -------------------------------------------------------
236.  
237. [+] eservices.motrb.gov.sd
238. [+] mail.nashattolabi.sd
239. [+] mail.saec.gov.sd
240. [+] mail.test.net.sd
241. [+] moiat.gov.sd
242. [+] ncsp.gov.sd
243. [+] penfund.gov.sd
244. [+] saec.gov.sd
245. [+] sudanpolice.gov.sd
246. [+] test.net.sd
247. [+] whitenilestate.gov.sd
248. [+] www.sudanpolice.gov.sd
249. #######################################################################################################################################
250.  
251.  
252. Reverse IP With YouGetSignal 'whitenilestate.gov.sd'
253. -------------------------------------------------------
254.  
255. [*] IP: 62.12.105.3
256. [*] Domain: whitenilestate.gov.sd
257. [*] Total Domains: 4
258.  
259. [+] moiat.gov.sd
260. [+] ombudsman.gov.sd
261. [+] trafficpolice.gov.sd
262. [+] whitenilestate.gov.sd
263. #######################################################################################################################################
264.  
265.  
266. Geo IP Lookup 'whitenilestate.gov.sd'
267. ----------------------------------------
268.  
269. [+] IP Address: 62.12.105.3
270. [+] Country: Sudan
271. [+] State:
272. [+] City:
273. [+] Latitude: 15.0
274. [+] Longitude: 30.0
275. #######################################################################################################################################
276.  
277. Bypass Cloudflare 'whitenilestate.gov.sd'
278. --------------------------------------------
279.  
280.  
281. [!] CloudFlare Bypass 62.12.105.3 | webmail.whitenilestate.gov.sd
282. [!] CloudFlare Bypass 62.12.105.3 | mail.whitenilestate.gov.sd
283. [!] CloudFlare Bypass 62.12.105.3 | www.whitenilestate.gov.sd
284. #######################################################################################################################################
285.  
286.  
287. DNS Lookup 'whitenilestate.gov.sd'
288. -------------------------------------
289.  
290. [+] whitenilestate.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017092500 10800 900 604800 86400
291. [+] whitenilestate.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
292. [+] whitenilestate.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
293. [+] whitenilestate.gov.sd. 21599 IN A 62.12.105.3
294. [+] whitenilestate.gov.sd. 21599 IN MX 10 mail.whitenilestate.gov.sd.
295. [+] whitenilestate.gov.sd. 21599 IN TXT "v=spf1 mx -all"
296. #######################################################################################################################################
297.  
298.  
299. Show HTTP Header 'whitenilestate.gov.sd'
300. -------------------------------------------
301.  
302. [+] HTTP/1.1 200 OK
303. [+] Cache-Control: private
304. [+] Content-Length: 31905
305. [+] Content-Type: text/html; charset=utf-8
306. [+] Server: Microsoft-IIS/8.5
307. [+] X-AspNet-Version: 4.0.30319
308. [+] X-Powered-By: ASP.NET
309. [+] X-Powered-By-Plesk: PleskWin
310. [+] Date: Sat, 15 Jun 2019 04:32:08 GMT
311. #######################################################################################################################################
312.  
313. Port Scan 'whitenilestate.gov.sd'
314. ------------------------------------
315.  
316. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 04:32 UTC
317. Nmap scan report for whitenilestate.gov.sd (62.12.105.3)
318. Host is up (0.20s latency).
319. rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
320.  
321. PORT STATE SERVICE
322. 21/tcp open ftp
323. 22/tcp filtered ssh
324. 23/tcp filtered telnet
325. 80/tcp open http
326. 110/tcp open pop3
327. 143/tcp open imap
328. 443/tcp open https
329. 3389/tcp filtered ms-wbt-server
330.  
331. Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds
332. #######################################################################################################################################
333.  
334. Traceroute 'whitenilestate.gov.sd'
335. -------------------------------------
336.  
337. Start: 2019-06-15T04:32:23+0000
338. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
339. 1.|-- 45.79.12.202 0.0% 3 0.9 0.8 0.7 0.9 0.1
340. 2.|-- 45.79.12.6 0.0% 3 0.4 0.5 0.4 0.8 0.2
341. 3.|-- 199.245.16.65 0.0% 3 1.8 2.2 1.5 3.1 0.9
342. 4.|-- ae-14.r22.dllstx09.us.bb.gin.ntt.net 0.0% 3 1.3 1.3 1.2 1.3 0.0
343. 5.|-- ae-1.r22.asbnva02.us.bb.gin.ntt.net 0.0% 3 38.9 39.0 38.9 39.0 0.1
344. 6.|-- ae-0.r23.asbnva02.us.bb.gin.ntt.net 0.0% 3 39.5 39.2 39.0 39.5 0.3
345. 7.|-- ae-2.r25.amstnl02.nl.bb.gin.ntt.net 0.0% 3 126.0 126.0 126.0 126.0 0.0
346. 8.|-- ae-3.r24.amstnl02.nl.bb.gin.ntt.net 0.0% 3 126.6 128.0 126.0 131.4 2.9
347. 9.|-- ae-1.r04.parsfr01.fr.bb.gin.ntt.net 0.0% 3 136.0 136.2 136.0 136.5 0.3
348. 10.|-- ae-3.r03.parsfr02.fr.bb.gin.ntt.net 0.0% 3 138.3 138.2 138.1 138.3 0.1
349. 11.|-- ae-8.r02.parsfr02.fr.bb.gin.ntt.net 0.0% 3 129.1 129.8 129.1 130.8 0.9
350. 12.|-- 82.112.96.166 0.0% 3 132.0 132.1 131.7 132.6 0.5
351. 13.|-- ae5.0.cjr04.prs001.flagtel.com 0.0% 3 131.2 131.3 131.2 131.3 0.1
352. 14.|-- xe-0-0-1.0.pjr04.dxb001.flagtel.com 0.0% 3 258.6 258.6 258.5 258.6 0.1
353. 15.|-- 80.77.2.42 0.0% 3 234.1 234.1 234.0 234.1 0.1
354. 16.|-- 196.29.177.113 0.0% 3 237.6 237.6 237.6 237.6 0.0
355. 17.|-- 197.254.196.62 0.0% 3 242.6 241.7 241.2 242.6 0.8
356. 18.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
357. #######################################################################################################################################
358. Trying "whitenilestate.gov.sd"
359. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56516
360. ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 2
361.  
362. ;; QUESTION SECTION:
363. ;whitenilestate.gov.sd. IN ANY
364.  
365. ;; ANSWER SECTION:
366. whitenilestate.gov.sd. 86400 IN TXT "v=spf1 mx -all"
367. whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
368. whitenilestate.gov.sd. 86400 IN A 62.12.105.3
369. whitenilestate.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017092500 10800 900 604800 86400
370. whitenilestate.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
371. whitenilestate.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
372.  
373. ;; AUTHORITY SECTION:
374. whitenilestate.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
375. whitenilestate.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
376.  
377. ;; ADDITIONAL SECTION:
378. ns0.ndc.gov.sd. 14400 IN A 62.12.109.2
379. ns1.ndc.gov.sd. 14400 IN A 62.12.109.3
380.  
381. Received 247 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 341 ms
382. #######################################################################################################################################
383.  
384. ----- whitenilestate.gov.sd -----
385.  
386.  
387. Host's addresses:
388. __________________
389.  
390. whitenilestate.gov.sd. 84744 IN A 62.12.105.3
391.  
392. ----------------
393. Wildcards test:
394. ----------------
395. good
396.  
397.  
398. Name Servers:
399. ______________
400.  
401. ns1.ndc.gov.sd. 12766 IN A 62.12.109.3
402. ns0.ndc.gov.sd. 13071 IN A 62.12.109.2
403.  
404.  
405. Mail (MX) Servers:
406. ___________________
407.  
408. mail.whitenilestate.gov.sd. 85077 IN A 62.12.105.3
409.  
410.  
411. Trying Zone Transfers and getting Bind Versions:
412. _________________________________________________
413.  
414.  
415. Trying Zone Transfer for whitenilestate.gov.sd on ns0.ndc.gov.sd ...
416. whitenilestate.gov.sd. 86400 IN SOA (
417. whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
418. whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
419. whitenilestate.gov.sd. 86400 IN A 62.12.105.3
420. whitenilestate.gov.sd. 86400 IN MX 10
421. whitenilestate.gov.sd. 86400 IN TXT "v=spf1
422. mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
423. mail.whitenilestate.gov.sd. 86400 IN MX 10
424. mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
425. webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
426. www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
427.  
428. Trying Zone Transfer for whitenilestate.gov.sd on ns1.ndc.gov.sd ...
429. whitenilestate.gov.sd. 86400 IN SOA (
430. whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
431. whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
432. whitenilestate.gov.sd. 86400 IN A 62.12.105.3
433. whitenilestate.gov.sd. 86400 IN MX 10
434. whitenilestate.gov.sd. 86400 IN TXT "v=spf1
435. mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
436. mail.whitenilestate.gov.sd. 86400 IN MX 10
437. mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
438. webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
439. www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
440.  
441. brute force file not specified, bay.
442. #######################################################################################################################################
443.  
444. ; <<>> DiG 9.11.5-P4-5-Debian <<>> whitenilestate.gov.sd +dnssec
445. ;; global options: +cmd
446. ;; Got answer:
447. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57939
448. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
449.  
450. ;; OPT PSEUDOSECTION:
451. ; EDNS: version: 0, flags: do; udp: 4096
452. ;; QUESTION SECTION:
453. ;whitenilestate.gov.sd. IN A
454.  
455. ;; ANSWER SECTION:
456. whitenilestate.gov.sd. 84667 IN A 62.12.105.3
457.  
458. ;; Query time: 112 msec
459. ;; SERVER: 185.93.180.131#53(185.93.180.131)
460. ;; WHEN: sam jun 15 00:54:57 EDT 2019
461. ;; MSG SIZE rcvd: 66
462. #######################################################################################################################################
463. ; <<>> DiG 9.11.5-P4-5-Debian <<>> +trace whitenilestate.gov.sd
464. ;; global options: +cmd
465. . 82451 IN NS l.root-servers.net.
466. . 82451 IN NS f.root-servers.net.
467. . 82451 IN NS d.root-servers.net.
468. . 82451 IN NS a.root-servers.net.
469. . 82451 IN NS j.root-servers.net.
470. . 82451 IN NS c.root-servers.net.
471. . 82451 IN NS g.root-servers.net.
472. . 82451 IN NS e.root-servers.net.
473. . 82451 IN NS h.root-servers.net.
474. . 82451 IN NS m.root-servers.net.
475. . 82451 IN NS k.root-servers.net.
476. . 82451 IN NS b.root-servers.net.
477. . 82451 IN NS i.root-servers.net.
478. . 82451 IN RRSIG NS 8 0 518400 20190627170000 20190614160000 25266 . 21CJJEpZ30ZdfNAfEpN6Y8fJ2PN6Y+xtLSWLqeZVbiS8faVrKFmC3zsL EPgetyceuwXArZtOZb8POQU9VOxf3Sr3E0O6X2zPykBd/QnD2mn9u8vh 03tfCQi9ir8M8cHrLEhCyoLCXYmlWHpYZFuxwBLSYk3lNGn6Cn+DAVWa 6JeoLUSX/AJvOIcfq3NfIbh7jrqB8HU1Go+EkmQXe/iMLx1i2C8p+Cgi xpa7LYwEL3x9N22nKpwyWhUAAFFOmIRhkw5b5ijOzVd2u3BBaAbbrnQ0 belHPmKsx+x9b1zjmdOSW8RjI7/GQv+QuobcDELc6D0iEjYeFXozuXiH ys1Qrg==
479. ;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 117 ms
480.  
481. sd. 172800 IN NS ans2.canar.sd.
482. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
483. sd. 172800 IN NS ans1.sis.sd.
484. sd. 172800 IN NS ns-sd.afrinic.net.
485. sd. 172800 IN NS ans1.canar.sd.
486. sd. 172800 IN NS ns2.uaenic.ae.
487. sd. 172800 IN NS ns1.uaenic.ae.
488. sd. 86400 IN NSEC se. NS RRSIG NSEC
489. sd. 86400 IN RRSIG NSEC 8 1 86400 20190627170000 20190614160000 25266 . MjKCNtsNQnEJVz5cPYtkXVbByrRTMlQ1myLs8Pi2+FkFic00RpnZnk5w Pg1lbNn4MQZdx9L090dGjNO3WyleHv1t7HznzWMJ8qCENSIcE1uoRe6r Ak9F/wMKEKvQjra906vPpUlLMG3QcnbyhkP/eoRm2qeN7Ig5/Zsx0J6M gE154HbBf0Lehuk+gd6T/pMkxDs4Idb7z0btkGbQtXo2rrj4jSfRpg1R U7xPKgKJfjqp9ns1z+7dxCE9GWRg9El3ssDyi2Nw4YbRs/qPDh/upUFN /4IY0aeTOsumRH/3FBZ7xs0BaVcNU9RG0YcmEXuNyCnvaPQOkdw315my dR7WMQ==
490. ;; Received 708 bytes from 202.12.27.33#53(m.root-servers.net) in 131 ms
491.  
492. gov.sd. 14400 IN NS sd.cctld.authdns.ripe.net.
493. gov.sd. 14400 IN NS ns1.uaenic.ae.
494. gov.sd. 14400 IN NS ns2.uaenic.ae.
495. gov.sd. 14400 IN NS ans1.sis.sd.
496. gov.sd. 14400 IN NS ans1.canar.sd.
497. gov.sd. 14400 IN NS ans2.canar.sd.
498. gov.sd. 14400 IN NS ns-sd.afrinic.net.
499. ;; Received 277 bytes from 196.216.168.26#53(ns-sd.afrinic.net) in 296 ms
500.  
501. whitenilestate.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
502. whitenilestate.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
503. ;; Received 122 bytes from 2001:67c:e0::109#53(sd.cctld.authdns.ripe.net) in 105 ms
504.  
505. whitenilestate.gov.sd. 86400 IN A 62.12.105.3
506. whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
507. whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
508. ;; Received 138 bytes from 62.12.109.3#53(ns1.ndc.gov.sd) in 248 ms
509. #######################################################################################################################################
510. [*] Performing General Enumeration of Domain: whitenilestate.gov.sd
511. [-] DNSSEC is not configured for whitenilestate.gov.sd
512. [*] SOA ns0.ndc.gov.sd 62.12.109.2
513. [*] NS ns0.ndc.gov.sd 62.12.109.2
514. [*] Bind Version for 62.12.109.2 you guess!
515. [*] NS ns1.ndc.gov.sd 62.12.109.3
516. [*] Bind Version for 62.12.109.3 you guess!
517. [*] MX mail.whitenilestate.gov.sd 62.12.105.3
518. [*] A whitenilestate.gov.sd 62.12.105.3
519. [*] TXT whitenilestate.gov.sd v=spf1 mx -all
520. [*] Enumerating SRV Records
521. [-] No SRV Records Found for whitenilestate.gov.sd
522. [+] 0 Records Found
523. #######################################################################################################################################
524. [*] Processing domain whitenilestate.gov.sd
525. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
526. [+] Getting nameservers
527. 62.12.109.2 - ns0.ndc.gov.sd
528. [+] Zone transfer sucessful using nameserver ns0.ndc.gov.sd
529. whitenilestate.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017092500 10800 900 604800 86400
530. whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
531. whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
532. whitenilestate.gov.sd. 86400 IN A 62.12.105.3
533. whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
534. whitenilestate.gov.sd. 86400 IN TXT "v=spf1 mx -all"
535. mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
536. mail.whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
537. mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
538. webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
539. www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
540. #######################################################################################################################################
541. WhatWeb report for http://whitenilestate.gov.sd
542. Status : 200 OK
543. Title : ولاية النيل الابيض
544. IP : <Unknown>
545. Country : <Unknown>
546.  
547. Summary : Script[text/javascript], ASP_NET[4.0.30319], Email[hamdinto@gmail.com], Microsoft-IIS[8.5], JQuery[1.10.2], HTML5, UncommonHeaders[x-powered-by-plesk], Meta-Author[The Red Team], X-UA-Compatible[IE=edge], X-Powered-By[ASP.NET], HTTPServer[Microsoft-IIS/8.5]
548.  
549. Detected Plugins:
550. [ ASP_NET ]
551. ASP.NET is a free web framework that enables great Web
552. applications. Used by millions of developers, it runs some
553. of the biggest sites in the world.
554.  
555. Version : 4.0.30319 (from X-AspNet-Version HTTP header)
556. Google Dorks: (2)
557. Website : http://www.asp.net/
558.  
559. [ Email ]
560. Extract email addresses. Find valid email address and
561. syntactically invalid email addresses from mailto: link
562. tags. We match syntactically invalid links containing
563. mailto: to catch anti-spam email addresses, eg. bob at
564. gmail.com. This uses the simplified email regular
565. expression from
566. http://www.regular-expressions.info/email.html for valid
567. email address matching.
568.  
569. String : hamdinto@gmail.com
570.  
571. [ HTML5 ]
572. HTML version 5, detected by the doctype declaration
573.  
574.  
575. [ HTTPServer ]
576. HTTP server header string. This plugin also attempts to
577. identify the operating system from the server header.
578.  
579. String : Microsoft-IIS/8.5 (from server string)
580.  
581. [ JQuery ]
582. A fast, concise, JavaScript that simplifies how to traverse
583. HTML documents, handle events, perform animations, and add
584. AJAX.
585.  
586. Version : 1.10.2
587. Website : http://jquery.com/
588.  
589. [ Meta-Author ]
590. This plugin retrieves the author name from the meta name
591. tag - info:
592. http://www.webmarketingnow.com/tips/meta-tags-uncovered.html
593. #author
594.  
595. String : The Red Team
596.  
597. [ Microsoft-IIS ]
598. Microsoft Internet Information Services (IIS) for Windows
599. Server is a flexible, secure and easy-to-manage Web server
600. for hosting anything on the Web. From media streaming to
601. web application hosting, IIS's scalable and open
602. architecture is ready to handle the most demanding tasks.
603.  
604. Version : 8.5
605. Website : http://www.iis.net/
606.  
607. [ Script ]
608. This plugin detects instances of script HTML elements and
609. returns the script language/type.
610.  
611. String : text/javascript
612.  
613. [ UncommonHeaders ]
614. Uncommon HTTP server headers. The blacklist includes all
615. the standard headers and many non standard but common ones.
616. Interesting but fairly common headers should have their own
617. plugins, eg. x-powered-by, server and x-aspnet-version.
618. Info about headers can be found at www.http-stats.com
619.  
620. String : x-powered-by-plesk (from headers)
621.  
622. [ X-Powered-By ]
623. X-Powered-By HTTP header
624.  
625. String : ASP.NET (from x-powered-by string)
626.  
627. [ X-UA-Compatible ]
628. This plugin retrieves the X-UA-Compatible value from the
629. HTTP header and meta http-equiv tag. - More Info:
630. http://msdn.microsoft.com/en-us/library/cc817574.aspx
631.  
632. String : IE=edge
633.  
634. HTTP Headers:
635. HTTP/1.1 200 OK
636. Cache-Control: private
637. Content-Type: text/html; charset=utf-8
638. Content-Encoding: gzip
639. Vary: Accept-Encoding
640. Server: Microsoft-IIS/8.5
641. X-AspNet-Version: 4.0.30319
642. X-Powered-By: ASP.NET
643. X-Powered-By-Plesk: PleskWin
644. Date: Sat, 15 Jun 2019 05:00:38 GMT
645. Connection: close
646. Content-Length: 6805
647. #######################################################################################################################################
648. DNS Servers for whitenilestate.gov.sd:
649. ns0.ndc.gov.sd
650. ns1.ndc.gov.sd
651.  
652. Trying zone transfer first...
653. Testing ns0.ndc.gov.sd
654.  
655. Whoah, it worked - misconfigured DNS server found:
656. whitenilestate.gov.sd. 86400 IN SOA ( ns0.ndc.gov.sd. root.ndc.gov.sd.
657. 2017092500 ;serial
658. 10800 ;refresh
659. 900 ;retry
660. 604800 ;expire
661. 86400 ;minimum
662. )
663. whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
664. whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
665. whitenilestate.gov.sd. 86400 IN A 62.12.105.3
666. whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
667. whitenilestate.gov.sd. 86400 IN TXT "v=spf1 mx -all"
668. mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
669. mail.whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
670. mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
671. webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
672. www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
673.  
674. There isn't much point continuing, you have everything.
675. Have a nice day.
676. Exiting...
677. #######################################################################################################################################
678. Domains still to check: 1
679. Checking if the hostname whitenilestate.gov.sd. given is in fact a domain...
680.  
681. Analyzing domain: whitenilestate.gov.sd.
682. Checking NameServers using system default resolver...
683. IP: 62.12.109.2 (Sudan)
684. HostName: ns0.ndc.gov.sd Type: NS
685. IP: 62.12.109.3 (Sudan)
686. HostName: ns1.ndc.gov.sd Type: NS
687.  
688. Checking MailServers using system default resolver...
689. IP: 62.12.105.3 (Sudan)
690. HostName: mail.whitenilestate.gov.sd Type: MX
691. HostName: f03-web01.nic.gov.sd Type: PTR
692.  
693. Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
694. Zone transfer successful on name server 62.12.109.2 (5 hosts)
695. Zone transfer successful on name server 62.12.109.3 (5 hosts)
696.  
697. Checking SPF record...
698.  
699. Checking 5 most common hostnames using system default resolver...
700. IP: 62.12.105.3 (Sudan)
701. HostName: mail.whitenilestate.gov.sd Type: MX
702. HostName: f03-web01.nic.gov.sd Type: PTR
703. HostName: mssql.whitenilestate.gov.sd. Type: A
704. IP: 62.12.105.3 (Sudan)
705. HostName: mail.whitenilestate.gov.sd Type: MX
706. HostName: f03-web01.nic.gov.sd Type: PTR
707. HostName: mssql.whitenilestate.gov.sd. Type: A
708. HostName: mail.whitenilestate.gov.sd. Type: A
709. IP: 62.12.105.3 (Sudan)
710. HostName: mail.whitenilestate.gov.sd Type: MX
711. HostName: f03-web01.nic.gov.sd Type: PTR
712. HostName: mssql.whitenilestate.gov.sd. Type: A
713. HostName: mail.whitenilestate.gov.sd. Type: A
714. HostName: www.whitenilestate.gov.sd. Type: A
715. IP: 62.12.105.3 (Sudan)
716. HostName: mail.whitenilestate.gov.sd Type: MX
717. HostName: f03-web01.nic.gov.sd Type: PTR
718. HostName: mssql.whitenilestate.gov.sd. Type: A
719. HostName: mail.whitenilestate.gov.sd. Type: A
720. HostName: www.whitenilestate.gov.sd. Type: A
721. HostName: webmail.whitenilestate.gov.sd. Type: A
722.  
723. Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
724. Checking netblock 62.12.109.0
725. Checking netblock 62.12.105.0
726.  
727. Searching for whitenilestate.gov.sd. emails in Google
728.  
729. Checking 3 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
730. Host 62.12.109.2 is up (reset ttl 64)
731. Host 62.12.109.3 is up (reset ttl 64)
732. Host 62.12.105.3 is up (reset ttl 64)
733.  
734. Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
735. Scanning ip 62.12.109.2 (ns0.ndc.gov.sd):
736. 53/tcp open domain syn-ack ttl 45 (unknown banner: you guess!)
737. | dns-nsid:
738. |_ bind.version: you guess!
739. | fingerprint-strings:
740. | DNSVersionBindReqTCP:
741. | version
742. | bind
743. |_ guess!
744. Scanning ip 62.12.109.3 (ns1.ndc.gov.sd):
745. 53/tcp open domain syn-ack ttl 46 (unknown banner: you guess!)
746. | dns-nsid:
747. |_ bind.version: you guess!
748. | fingerprint-strings:
749. | DNSVersionBindReqTCP:
750. | version
751. | bind
752. |_ guess!
753. Scanning ip 62.12.105.3 (webmail.whitenilestate.gov.sd.):
754. 21/tcp open ftp syn-ack ttl 110 Microsoft ftpd
755. | ftp-syst:
756. |_ SYST: Windows_NT
757. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
758. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
759. | Public Key type: rsa
760. | Public Key bits: 2048
761. | Signature Algorithm: sha256WithRSAEncryption
762. | Not valid before: 2016-04-19T09:30:36
763. | Not valid after: 2017-04-19T09:30:36
764. | MD5: 8d45 138f 8b9f f882 90d9 90be 195a f4d0
765. |_SHA-1: 69d9 baa7 b23e 96ac 6090 cc93 d352 5c78 acba 9790
766. 80/tcp open http syn-ack ttl 110 Microsoft IIS httpd 8.5
767. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
768. | http-methods:
769. | Supported Methods: OPTIONS TRACE GET HEAD POST
770. |_ Potentially risky methods: TRACE
771. |_http-server-header: Microsoft-IIS/8.5
772. |_http-title: Domain Default page
773. 110/tcp open pop3 syn-ack ttl 110 MailEnable POP3 Server
774. |_pop3-capabilities: USER UIDL TOP
775. 143/tcp open imap syn-ack ttl 109 MailEnable imapd
776. |_imap-capabilities: IMAP4 AUTH=LOGIN CAPABILITY IMAP4rev1 CHILDREN IDLE UIDPLUSA0001 completed AUTH=CRAM-MD5 OK
777. 443/tcp open https? syn-ack ttl 110
778. 8443/tcp open ssl/http syn-ack ttl 110 Microsoft IIS httpd 8.5
779. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
780. | http-methods:
781. |_ Supported Methods: GET HEAD POST OPTIONS
782. | http-robots.txt: 1 disallowed entry
783. |_/
784. |_http-server-header: Microsoft-IIS/8.5
785. |_http-title: Plesk Onyx 17.8.11
786. | ssl-cert: Subject: commonName=f03-web01.nic.gov.sd
787. | Subject Alternative Name: DNS:f03-web01.nic.gov.sd
788. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
789. | Public Key type: rsa
790. | Public Key bits: 2048
791. | Signature Algorithm: sha256WithRSAEncryption
792. | Not valid before: 2019-05-16T00:30:46
793. | Not valid after: 2019-08-14T00:30:46
794. | MD5: 8a76 d806 383f 0437 1e28 3297 e8bc 357a
795. |_SHA-1: 2d8f b6fa 2b1d d78f 9c4f 7916 a2b0 d7c3 e5c9 5305
796. Device type: general purpose|WAP|router
797. Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (98%), MikroTik RouterOS 6.X (92%)
798. OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
799. WebCrawling domain's web servers... up to 50 max links.
800.  
801. + URL to crawl: http://mail.whitenilestate.gov.sd
802. + Date: 2019-06-15
803.  
804. + Crawling URL: http://mail.whitenilestate.gov.sd:
805. + Links:
806. + Crawling http://mail.whitenilestate.gov.sd
807. + Searching for directories...
808. - Found: http://mail.whitenilestate.gov.sd/css/
809. - Found: http://mail.whitenilestate.gov.sd/img/
810. + Searching open folders...
811. - http://mail.whitenilestate.gov.sd/css/ (403 Forbidden)
812. - http://mail.whitenilestate.gov.sd/img/ (403 Forbidden)
813.  
814.  
815. + URL to crawl: http://webmail.whitenilestate.gov.sd.
816. + Date: 2019-06-15
817.  
818. + Crawling URL: http://webmail.whitenilestate.gov.sd.:
819. + Links:
820. + Crawling http://webmail.whitenilestate.gov.sd. (400 Bad Request)
821. + Searching for directories...
822. + Searching open folders...
823.  
824.  
825. + URL to crawl: http://mssql.whitenilestate.gov.sd.
826. + Date: 2019-06-15
827.  
828. + Crawling URL: http://mssql.whitenilestate.gov.sd.:
829. + Links:
830. + Crawling http://mssql.whitenilestate.gov.sd. (400 Bad Request)
831. + Searching for directories...
832. + Searching open folders...
833.  
834.  
835. + URL to crawl: http://mail.whitenilestate.gov.sd.
836. + Date: 2019-06-15
837.  
838. + Crawling URL: http://mail.whitenilestate.gov.sd.:
839. + Links:
840. + Crawling http://mail.whitenilestate.gov.sd. (400 Bad Request)
841. + Searching for directories...
842. + Searching open folders...
843.  
844.  
845. + URL to crawl: http://www.whitenilestate.gov.sd.
846. + Date: 2019-06-15
847.  
848. + Crawling URL: http://www.whitenilestate.gov.sd.:
849. + Links:
850. + Crawling http://www.whitenilestate.gov.sd. (400 Bad Request)
851. + Searching for directories...
852. + Searching open folders...
853.  
854.  
855. + URL to crawl: https://mail.whitenilestate.gov.sd:8443
856. + Date: 2019-06-15
857.  
858. + Crawling URL: https://mail.whitenilestate.gov.sd:8443:
859. + Links:
860. + Crawling https://mail.whitenilestate.gov.sd:8443
861. + Searching for directories...
862. + Searching open folders...
863.  
864.  
865. + URL to crawl: https://webmail.whitenilestate.gov.sd.:8443
866. + Date: 2019-06-15
867.  
868. + Crawling URL: https://webmail.whitenilestate.gov.sd.:8443:
869. + Links:
870. + Crawling https://webmail.whitenilestate.gov.sd.:8443 ([Errno 104] Connection reset by peer)
871. + Searching for directories...
872. + Searching open folders...
873.  
874.  
875. + URL to crawl: https://mssql.whitenilestate.gov.sd.:8443
876. + Date: 2019-06-15
877.  
878. + Crawling URL: https://mssql.whitenilestate.gov.sd.:8443:
879. + Links:
880. + Crawling https://mssql.whitenilestate.gov.sd.:8443 ([Errno 104] Connection reset by peer)
881. + Searching for directories...
882. + Searching open folders...
883.  
884.  
885. + URL to crawl: https://mail.whitenilestate.gov.sd.:8443
886. + Date: 2019-06-15
887.  
888. + Crawling URL: https://mail.whitenilestate.gov.sd.:8443:
889. + Links:
890. + Crawling https://mail.whitenilestate.gov.sd.:8443 ([Errno 104] Connection reset by peer)
891. + Searching for directories...
892. + Searching open folders...
893.  
894.  
895. + URL to crawl: https://www.whitenilestate.gov.sd.:8443
896. + Date: 2019-06-15
897.  
898. + Crawling URL: https://www.whitenilestate.gov.sd.:8443:
899. + Links:
900. + Crawling https://www.whitenilestate.gov.sd.:8443 ([Errno 104] Connection reset by peer)
901. + Searching for directories...
902. + Searching open folders...
903.  
904. --Finished--
905. Summary information for domain whitenilestate.gov.sd.
906. ---------------------------------------------------------------------------------------------------------------------------------------
907.  
908. Domain Ips Information:
909. IP: 62.12.109.2
910. HostName: ns0.ndc.gov.sd Type: NS
911. Country: Sudan
912. Zone Transfer: 5
913. Is Active: True (reset ttl 64)
914. Port: 53/tcp open domain syn-ack ttl 45 (unknown banner: you guess!)
915. Script Info: | dns-nsid:
916. Script Info: |_ bind.version: you guess!
917. Script Info: | fingerprint-strings:
918. Script Info: | DNSVersionBindReqTCP:
919. Script Info: | version
920. Script Info: | bind
921. Script Info: |_ guess!
922. IP: 62.12.109.3
923. HostName: ns1.ndc.gov.sd Type: NS
924. Country: Sudan
925. Zone Transfer: 5
926. Is Active: True (reset ttl 64)
927. Port: 53/tcp open domain syn-ack ttl 46 (unknown banner: you guess!)
928. Script Info: | dns-nsid:
929. Script Info: |_ bind.version: you guess!
930. Script Info: | fingerprint-strings:
931. Script Info: | DNSVersionBindReqTCP:
932. Script Info: | version
933. Script Info: | bind
934. Script Info: |_ guess!
935. IP: 62.12.105.3
936. HostName: mail.whitenilestate.gov.sd Type: MX
937. HostName: f03-web01.nic.gov.sd Type: PTR
938. HostName: mssql.whitenilestate.gov.sd. Type: A
939. HostName: mail.whitenilestate.gov.sd. Type: A
940. HostName: www.whitenilestate.gov.sd. Type: A
941. HostName: webmail.whitenilestate.gov.sd. Type: A
942. Country: Sudan
943. Is Active: True (reset ttl 64)
944. Port: 21/tcp open ftp syn-ack ttl 110 Microsoft ftpd
945. Script Info: | ftp-syst:
946. Script Info: |_ SYST: Windows_NT
947. Script Info: | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
948. Script Info: | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
949. Script Info: | Public Key type: rsa
950. Script Info: | Public Key bits: 2048
951. Script Info: | Signature Algorithm: sha256WithRSAEncryption
952. Script Info: | Not valid before: 2016-04-19T09:30:36
953. Script Info: | Not valid after: 2017-04-19T09:30:36
954. Script Info: | MD5: 8d45 138f 8b9f f882 90d9 90be 195a f4d0
955. Script Info: |_SHA-1: 69d9 baa7 b23e 96ac 6090 cc93 d352 5c78 acba 9790
956. Port: 80/tcp open http syn-ack ttl 110 Microsoft IIS httpd 8.5
957. Script Info: |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
958. Script Info: | http-methods:
959. Script Info: | Supported Methods: OPTIONS TRACE GET HEAD POST
960. Script Info: |_ Potentially risky methods: TRACE
961. Script Info: |_http-server-header: Microsoft-IIS/8.5
962. Script Info: |_http-title: Domain Default page
963. Port: 110/tcp open pop3 syn-ack ttl 110 MailEnable POP3 Server
964. Script Info: |_pop3-capabilities: USER UIDL TOP
965. Port: 143/tcp open imap syn-ack ttl 109 MailEnable imapd
966. Script Info: |_imap-capabilities: IMAP4 AUTH=LOGIN CAPABILITY IMAP4rev1 CHILDREN IDLE UIDPLUSA0001 completed AUTH=CRAM-MD5 OK
967. Port: 443/tcp open https? syn-ack ttl 110
968. Port: 8443/tcp open ssl/http syn-ack ttl 110 Microsoft IIS httpd 8.5
969. Script Info: |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
970. Script Info: | http-methods:
971. Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
972. Script Info: | http-robots.txt: 1 disallowed entry
973. Script Info: |_/
974. Script Info: |_http-server-header: Microsoft-IIS/8.5
975. Script Info: |_http-title: Plesk Onyx 17.8.11
976. Script Info: | ssl-cert: Subject: commonName=f03-web01.nic.gov.sd
977. Script Info: | Subject Alternative Name: DNS:f03-web01.nic.gov.sd
978. Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
979. Script Info: | Public Key type: rsa
980. Script Info: | Public Key bits: 2048
981. Script Info: | Signature Algorithm: sha256WithRSAEncryption
982. Script Info: | Not valid before: 2019-05-16T00:30:46
983. Script Info: | Not valid after: 2019-08-14T00:30:46
984. Script Info: | MD5: 8a76 d806 383f 0437 1e28 3297 e8bc 357a
985. Script Info: |_SHA-1: 2d8f b6fa 2b1d d78f 9c4f 7916 a2b0 d7c3 e5c9 5305
986. Script Info: Device type: general purpose|WAP|router
987. Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (98%), MikroTik RouterOS 6.X (92%)
988. Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
989. #######################################################################################################################################
990. adding 62.12.105.3/32 mode `TCPscan' ports `7,9,11,13,18,19,21-23,25,37,39,42,49,50,53,65,67-70,79-81,88,98,100,105-107,109-111,113,118,119,123,129,135,137-139,143,150,161-164,174,177-179,191,199-202,204,206,209,210,213,220,345,346,347,369-372,389,406,407,422,443-445,487,500,512-514,517,518,520,525,533,538,548,554,563,587,610-612,631-634,636,642,653,655,657,666,706,750-752,765,779,808,873,901,923,941,946,992-995,1001,1023-1030,1080,1210,1214,1234,1241,1334,1349,1352,1423-1425,1433,1434,1524,1525,1645,1646,1649,1701,1718,1719,1720,1723,1755,1812,1813,2048-2050,2101-2104,2140,2150,2233,2323,2345,2401,2430,2431,2432,2433,2583,2628,2776,2777,2988,2989,3050,3130,3150,3232,3306,3389,3456,3493,3542-3545,3632,3690,3801,4000,4400,4321,4567,4899,5002,5136-5139,5150,5151,5222,5269,5308,5354,5355,5422-5425,5432,5503,5555,5556,5678,6000-6007,6346,6347,6543,6544,6789,6838,6666-6670,7000-7009,7028,7100,7983,8079-8082,8088,8787,8879,9090,9101-9103,9325,9359,10000,10026,10027,10067,10080,10081,10167,10498,11201,15345,17001-17003,18753,20011,20012,21554,22273,26274,27374,27444,27573,31335-31338,31787,31789,31790,31791,32668,32767-32780,33390,47262,49301,54320,54321,57341,58008,58009,58666,59211,60000,60006,61000,61348,61466,61603,63485,63808,63809,64429,65000,65506,65530-65535' pps 300
991. using interface(s) eth0
992. added module payload for port 80 proto 6
993. added module payload for port 518 proto 17
994. added module payload for port 1900 proto 17
995. added module payload for port 5060 proto 17
996. added module payload for port 80 proto 6
997. added module payload for port 53 proto 17
998. scaning 1.00e+00 total hosts with 3.38e+02 total packets, should take a little longer than 8 Seconds
999. drone type Unknown on fd 4 is version 1.1
1000. drone type Unknown on fd 3 is version 1.1
1001. added module payload for port 80 proto 6
1002. added module payload for port 518 proto 17
1003. added module payload for port 1900 proto 17
1004. added module payload for port 5060 proto 17
1005. added module payload for port 80 proto 6
1006. added module payload for port 53 proto 17
1007. scan iteration 1 out of 1
1008. using pcap filter: `dst 192.168.0.52 and ! src 192.168.0.52 and (tcp)'
1009. using TSC delay
1010. sender statistics 300.5 pps with 338 packets sent total
1011. listener statistics 0 packets recieved 0 packets droped and 0 interface drops
1012. #######################################################################################################################################
1013. dnsenum VERSION:1.2.4
1014.  
1015. ----- whitenilestate.gov.sd -----
1016.  
1017.  
1018. Host's addresses:
1019. __________________
1020.  
1021. whitenilestate.gov.sd. 83652 IN A 62.12.105.3
1022.  
1023.  
1024. Name Servers:
1025. ______________
1026.  
1027. ns0.ndc.gov.sd. 11978 IN A 62.12.109.2
1028. ns1.ndc.gov.sd. 11673 IN A 62.12.109.3
1029.  
1030.  
1031. Mail (MX) Servers:
1032. ___________________
1033.  
1034. mail.whitenilestate.gov.sd. 83984 IN A 62.12.105.3
1035.  
1036.  
1037. Trying Zone Transfers and getting Bind Versions:
1038. _________________________________________________
1039.  
1040.  
1041. Trying Zone Transfer for whitenilestate.gov.sd on ns0.ndc.gov.sd ...
1042. whitenilestate.gov.sd. 86400 IN SOA (
1043. whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
1044. whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
1045. whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1046. whitenilestate.gov.sd. 86400 IN MX 10
1047. whitenilestate.gov.sd. 86400 IN TXT "v=spf1
1048. mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1049. mail.whitenilestate.gov.sd. 86400 IN MX 10
1050. mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1051. webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
1052. www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1053.  
1054. Trying Zone Transfer for whitenilestate.gov.sd on ns1.ndc.gov.sd ...
1055. whitenilestate.gov.sd. 86400 IN SOA (
1056. whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
1057. whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
1058. whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1059. whitenilestate.gov.sd. 86400 IN MX 10
1060. whitenilestate.gov.sd. 86400 IN TXT "v=spf1
1061. mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1062. mail.whitenilestate.gov.sd. 86400 IN MX 10
1063. mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1064. webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
1065. www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1066.  
1067. brute force file not specified, bay.
1068. #######################################################################################################################################
1069. ===============================================
1070. -=Subfinder v1.1.3 github.com/subfinder/subfinder
1071. ===============================================
1072.  
1073.  
1074. Running Source: Ask
1075. Running Source: Archive.is
1076. Running Source: Baidu
1077. Running Source: Bing
1078. Running Source: CertDB
1079. Running Source: CertificateTransparency
1080. Running Source: Certspotter
1081. Running Source: Commoncrawl
1082. Running Source: Crt.sh
1083. Running Source: Dnsdb
1084. Running Source: DNSDumpster
1085. Running Source: DNSTable
1086. Running Source: Dogpile
1087. Running Source: Exalead
1088. Running Source: Findsubdomains
1089. Running Source: Googleter
1090. Running Source: Hackertarget
1091. Running Source: Ipv4Info
1092. Running Source: PTRArchive
1093. Running Source: Sitedossier
1094. Running Source: Threatcrowd
1095. Running Source: ThreatMiner
1096. Running Source: WaybackArchive
1097. Running Source: Yahoo
1098.  
1099. Running enumeration on whitenilestate.gov.sd
1100.  
1101. dnsdb: Unexpected return status 503
1102.  
1103. waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.whitenilestate.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
1104.  
1105. dogpile: Get https://www.dogpile.com/search/web?q=whitenilestate.gov.sd&qsi=1: EOF
1106.  
1107.  
1108. Starting Bruteforcing of whitenilestate.gov.sd with 9985 words
1109.  
1110. Total 8 Unique subdomains found for whitenilestate.gov.sd
1111.  
1112. .whitenilestate.gov.sd
1113. mail.whitenilestate.gov.sd
1114. mail.whitenilestate.gov.sd
1115. mssql.whitenilestate.gov.sd
1116. webmail.whitenilestate.gov.sd
1117. webmail.whitenilestate.gov.sd
1118. www.whitenilestate.gov.sd
1119. www.whitenilestate.gov.sd
1120. #######################################################################################################################################
1121. [*] Processing domain whitenilestate.gov.sd
1122. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
1123. [+] Getting nameservers
1124. 62.12.109.2 - ns0.ndc.gov.sd
1125. [+] Zone transfer sucessful using nameserver ns0.ndc.gov.sd
1126. whitenilestate.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017092500 10800 900 604800 86400
1127. whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
1128. whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
1129. whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1130. whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
1131. whitenilestate.gov.sd. 86400 IN TXT "v=spf1 mx -all"
1132. mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1133. mail.whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
1134. mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1135. webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
1136. www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1137. #######################################################################################################################################
1138. [*] Found SPF record:
1139. [*] v=spf1 mx -all
1140. [*] SPF record contains an All item: -all
1141. [*] No DMARC record found. Looking for organizational record
1142. [+] No organizational DMARC record
1143. [+] Spoofing possible for whitenilestate.gov.sd!
1144. #######################################################################################################################################
1145. dig: '.whitenilestate.gov.sd' is not a legal name (empty label)
1146.  
1147. SubOver v.1.2 Nizamul Rana (@Ice3man)
1148. ==================================================
1149.  
1150.  
1151. [~] Enjoy your hunt !
1152. [Not Vulnerable] 77.72.0.146
1153. [Not Vulnerable] 147.237.77.18
1154. [Not Vulnerable] domain
1155. [Not Vulnerable] IN
1156. [Not Vulnerable] 62.12.105.4
1157. [Not Vulnerable] 62.12.105.3
1158. [Not Vulnerable] .whitenilestate.gov.sd
1159. [Not Vulnerable] mail.whitenilestate.gov.sd
1160. [Not Vulnerable] 52.64.99.208
1161. [Not Vulnerable] www.sviva.gov.il
1162. [Not Vulnerable] www.whitenilestate.gov.sd
1163. [Not Vulnerable] sennarstate.gov.sd
1164. [Not Vulnerable] www.cbs.gov.ws
1165. [Not Vulnerable] webmail.whitenilestate.gov.sd
1166. [Not Vulnerable] mssql.whitenilestate.gov.sd
1167. [Not Vulnerable] whitenilestate.gov.sd
1168. [Not Vulnerable] ombudsman.gov.sd
1169. #######################################################################################################################################
1170. 62.12.96.0/20
1171. 62.12.96.0/24
1172. 62.12.97.0/24
1173. 62.12.98.0/24
1174. 62.12.99.0/24
1175. 62.12.100.0/24
1176. 62.12.101.0/24
1177. 62.12.102.0/23
1178. 62.12.104.0/24
1179. 62.12.105.0/24
1180. 62.12.106.0/24
1181. 62.12.107.0/24
1182. 62.12.108.0/24
1183. 62.12.109.0/24
1184. 62.12.110.0/24
1185. 62.12.111.0/24
1186. #######################################################################################################################################
1187. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:14 EDT
1188. Nmap scan report for whitenilestate.gov.sd (62.12.105.3)
1189. Host is up (0.22s latency).
1190. rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
1191. Not shown: 464 filtered ports, 6 closed ports
1192. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1193. PORT STATE SERVICE
1194. 21/tcp open ftp
1195. 80/tcp open http
1196. 110/tcp open pop3
1197. 143/tcp open imap
1198. 443/tcp open https
1199. 8443/tcp open https-alt
1200.  
1201. Nmap done: 1 IP address (1 host up) scanned in 7.14 seconds
1202. #######################################################################################################################################
1203. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:14 EDT
1204. Nmap scan report for whitenilestate.gov.sd (62.12.105.3)
1205. Host is up (0.11s latency).
1206. rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
1207. Not shown: 2 filtered ports
1208. PORT STATE SERVICE
1209. 53/udp open|filtered domain
1210. 67/udp open|filtered dhcps
1211. 68/udp open|filtered dhcpc
1212. 69/udp open|filtered tftp
1213. 88/udp open|filtered kerberos-sec
1214. 123/udp open|filtered ntp
1215. 139/udp open|filtered netbios-ssn
1216. 161/udp open|filtered snmp
1217. 162/udp open|filtered snmptrap
1218. 389/udp open|filtered ldap
1219. 520/udp open|filtered route
1220. 2049/udp open|filtered nfs
1221.  
1222. Nmap done: 1 IP address (1 host up) scanned in 2.27 seconds
1223. #######################################################################################################################################
1224. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:14 EDT
1225. Nmap scan report for whitenilestate.gov.sd (62.12.105.3)
1226. Host is up (0.25s latency).
1227. rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
1228.  
1229. PORT STATE SERVICE VERSION
1230. 21/tcp open ftp Microsoft ftpd
1231. | ftp-brute:
1232. | Accounts: No valid accounts found
1233. |_ Statistics: Performed 3030 guesses in 180 seconds, average tps: 16.5
1234. | ftp-syst:
1235. |_ SYST: Windows_NT
1236. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1237. Device type: phone
1238. Running: Nokia Symbian OS
1239. OS CPE: cpe:/o:nokia:symbian_os
1240. OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1241. Network Distance: 14 hops
1242. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1243.  
1244. TRACEROUTE (using port 21/tcp)
1245. HOP RTT ADDRESS
1246. 1 111.89 ms 10.242.200.1
1247. 2 112.18 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
1248. 3 106.98 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
1249. 4 107.56 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1250. 5 112.84 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1251. 6 114.41 ms 80.77.2.193
1252. 7 283.52 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
1253. 8 126.50 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
1254. 9 283.00 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1255. 10 221.83 ms 80.77.2.42
1256. 11 234.18 ms 196.29.177.113
1257. 12 244.37 ms 197.254.196.62
1258. 13 ...
1259. 14 247.86 ms f03-web01.nic.gov.sd (62.12.105.3)
1260. #######################################################################################################################################
1261. wig - WebApp Information Gatherer
1262.  
1263.  
1264. Scanning http://whitenilestate.gov.sd...
1265. ______________________ SITE INFO _______________________
1266. IP Title
1267. 62.12.105.3 ولاية النيل الابيض
1268.  
1269. _______________________ VERSION ________________________
1270. Name Versions Type
1271. ASP.NET 4.0.30319 Platform
1272. IIS 8.5 Platform
1273. Microsoft Windows Server 2012 R2 OS
1274.  
1275. ________________________________________________________
1276. Time: 59.6 sec Urls: 639 Fingerprints: 40401
1277. #######################################################################################################################################
1278. HTTP/1.1 200 OK
1279. Cache-Control: private
1280. Content-Length: 31905
1281. Content-Type: text/html; charset=utf-8
1282. Server: Microsoft-IIS/8.5
1283. X-AspNet-Version: 4.0.30319
1284. X-Powered-By: ASP.NET
1285. X-Powered-By-Plesk: PleskWin
1286. Date: Sat, 15 Jun 2019 05:20:21 GMT
1287.  
1288. HTTP/1.1 200 OK
1289. Cache-Control: private
1290. Content-Length: 31905
1291. Content-Type: text/html; charset=utf-8
1292. Server: Microsoft-IIS/8.5
1293. X-AspNet-Version: 4.0.30319
1294. X-Powered-By: ASP.NET
1295. X-Powered-By-Plesk: PleskWin
1296. Date: Sat, 15 Jun 2019 05:20:22 GMT
1297.  
1298. Allow: OPTIONS, TRACE, GET, HEAD, POST
1299. #######################################################################################################################################
1300. Bootstrap
1301. Microsoft ASP.NET 4.0.30319
1302. jQuery 1.10.2
1303. Google Font API
1304. jQuery Sparklines
1305. IIS 8.5
1306. Plesk
1307. #######################################################################################################################################
1308. tee: /usr/share/sniper/loot//output/nmap-whitenilestate.gov.sd-port110.txt: Aucun fichier ou dossier de ce type
1309. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:20 EDT
1310. Nmap scan report for whitenilestate.gov.sd (62.12.105.3)
1311. Host is up (0.22s latency).
1312. rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
1313.  
1314. PORT STATE SERVICE VERSION
1315. 110/tcp open pop3 MailEnable POP3 Server
1316. | pop3-brute:
1317. | Accounts: No valid accounts found
1318. | Statistics: Performed 25 guesses in 2 seconds, average tps: 12.5
1319. |_ ERROR: Failed to make a pop-connection.
1320. |_pop3-capabilities: UIDL USER TOP
1321. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1322. Device type: phone
1323. Running: Nokia Symbian OS
1324. OS CPE: cpe:/o:nokia:symbian_os
1325. OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1326. Network Distance: 14 hops
1327. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1328.  
1329. TRACEROUTE (using port 443/tcp)
1330. HOP RTT ADDRESS
1331. 1 113.58 ms 10.242.200.1
1332. 2 113.87 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
1333. 3 113.66 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
1334. 4 113.65 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1335. 5 119.78 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1336. 6 121.15 ms 80.77.2.193
1337. 7 290.24 ms xe-9-1-0.0.pjr04.ldn004.flagtel.com (85.95.27.197)
1338. 8 132.97 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
1339. 9 289.73 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1340. 10 228.68 ms 80.77.2.42
1341. 11 240.56 ms 196.29.177.113
1342. 12 250.68 ms 197.254.196.62
1343. 13 ...
1344. 14 254.07 ms f03-web01.nic.gov.sd (62.12.105.3)
1345. #######################################################################################################################################
1346. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 00:53 EDT
1347. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1348. Host is up (0.22s latency).
1349. Not shown: 464 filtered ports, 6 closed ports
1350. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1351. PORT STATE SERVICE
1352. 21/tcp open ftp
1353. 80/tcp open http
1354. 110/tcp open pop3
1355. 143/tcp open imap
1356. 443/tcp open https
1357. 8443/tcp open https-alt
1358.  
1359. Nmap done: 1 IP address (1 host up) scanned in 6.83 seconds
1360. #######################################################################################################################################
1361. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 00:53 EDT
1362. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1363. Host is up (0.11s latency).
1364. Not shown: 2 filtered ports
1365. PORT STATE SERVICE
1366. 53/udp open|filtered domain
1367. 67/udp open|filtered dhcps
1368. 68/udp open|filtered dhcpc
1369. 69/udp open|filtered tftp
1370. 88/udp open|filtered kerberos-sec
1371. 123/udp open|filtered ntp
1372. 139/udp open|filtered netbios-ssn
1373. 161/udp open|filtered snmp
1374. 162/udp open|filtered snmptrap
1375. 389/udp open|filtered ldap
1376. 520/udp open|filtered route
1377. 2049/udp open|filtered nfs
1378.  
1379. Nmap done: 1 IP address (1 host up) scanned in 3.00 seconds
1380. #######################################################################################################################################
1381. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 00:53 EDT
1382. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1383. Host is up (0.25s latency).
1384.  
1385. PORT STATE SERVICE VERSION
1386. 21/tcp open ftp Microsoft ftpd
1387. | ftp-brute:
1388. | Accounts: No valid accounts found
1389. |_ Statistics: Performed 3029 guesses in 180 seconds, average tps: 16.4
1390. | ftp-syst:
1391. |_ SYST: Windows_NT
1392. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1393. Device type: phone
1394. Running: Nokia Symbian OS
1395. OS CPE: cpe:/o:nokia:symbian_os
1396. OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1397. Network Distance: 14 hops
1398. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1399.  
1400. TRACEROUTE (using port 21/tcp)
1401. HOP RTT ADDRESS
1402. 1 108.01 ms 10.242.200.1
1403. 2 108.26 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
1404. 3 108.08 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
1405. 4 108.08 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1406. 5 114.07 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1407. 6 115.67 ms 80.77.2.193
1408. 7 285.51 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
1409. 8 127.43 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
1410. 9 284.61 ms xe-11-1-1.0.pjr04.dxb001.flagtel.com (85.95.25.162)
1411. 10 223.01 ms 80.77.2.42
1412. 11 235.68 ms 196.29.177.113
1413. 12 245.64 ms 197.254.196.62
1414. 13 ...
1415. 14 249.41 ms f03-web01.nic.gov.sd (62.12.105.3)
1416. #######################################################################################################################################
1417. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 00:57 EDT
1418. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1419. Host is up.
1420.  
1421. PORT STATE SERVICE VERSION
1422. 67/udp open|filtered dhcps
1423. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
1424. Too many fingerprints match this host to give specific OS details
1425.  
1426. TRACEROUTE (using proto 1/icmp)
1427. HOP RTT ADDRESS
1428. 1 113.61 ms 10.242.200.1
1429. 2 114.22 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
1430. 3 113.85 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
1431. 4 114.29 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1432. 5 119.67 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1433. 6 121.25 ms 80.77.2.193
1434. 7 283.57 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
1435. 8 126.93 ms xe-8-0-0.0.cjr04.prs001.flagtel.com (85.95.25.182)
1436. 9 283.44 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1437. 10 222.38 ms 80.77.2.42
1438. 11 237.63 ms 196.29.177.113
1439. 12 247.53 ms 197.254.196.62
1440. 13 ... 30
1441. #######################################################################################################################################
1442. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 00:59 EDT
1443. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1444. Host is up.
1445.  
1446. PORT STATE SERVICE VERSION
1447. 68/udp open|filtered dhcpc
1448. Too many fingerprints match this host to give specific OS details
1449.  
1450. TRACEROUTE (using proto 1/icmp)
1451. HOP RTT ADDRESS
1452. 1 113.28 ms 10.242.200.1
1453. 2 113.48 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
1454. 3 113.48 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
1455. 4 113.47 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1456. 5 119.11 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1457. 6 120.72 ms 80.77.2.193
1458. 7 289.17 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
1459. 8 126.85 ms xe-8-0-0.0.cjr04.prs001.flagtel.com (85.95.25.182)
1460. 9 282.98 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1461. 10 221.99 ms 80.77.2.42
1462. 11 237.56 ms 196.29.177.113
1463. 12 247.59 ms 197.254.196.62
1464. 13 ... 30
1465. #######################################################################################################################################
1466. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:01 EDT
1467. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1468. Host is up.
1469.  
1470. PORT STATE SERVICE VERSION
1471. 69/udp open|filtered tftp
1472. Too many fingerprints match this host to give specific OS details
1473.  
1474. TRACEROUTE (using proto 1/icmp)
1475. HOP RTT ADDRESS
1476. 1 113.00 ms 10.242.200.1
1477. 2 113.78 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
1478. 3 113.39 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
1479. 4 197.62 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1480. 5 119.18 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1481. 6 120.62 ms 80.77.2.193
1482. 7 289.47 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
1483. 8 132.54 ms xe-8-0-0.0.cjr04.prs001.flagtel.com (85.95.25.182)
1484. 9 282.59 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1485. 10 221.54 ms 80.77.2.42
1486. 11 234.04 ms 196.29.177.113
1487. 12 250.41 ms 197.254.196.62
1488. 13 ... 30
1489. #######################################################################################################################################
1490. wig - WebApp Information Gatherer
1491.  
1492.  
1493. Scanning http://62.12.105.3...
1494. ______________________ SITE INFO _______________________
1495. IP Title
1496. 62.12.105.3 Domain Default page
1497.  
1498. _______________________ VERSION ________________________
1499. Name Versions Type
1500. ASP.NET 4.0.30319 Platform
1501. IIS 8.5 Platform
1502. Microsoft Windows Server 2012 R2 OS
1503.  
1504. ________________________________________________________
1505. Time: 1.1 sec Urls: 601 Fingerprints: 40401
1506. #######################################################################################################################################
1507. HTTP/1.1 200 OK
1508. Content-Length: 3815
1509. Content-Type: text/html
1510. Last-Modified: Sun, 24 Apr 2016 21:37:41 GMT
1511. Accept-Ranges: bytes
1512. ETag: "f1eb6487719ed11:0"
1513. Server: Microsoft-IIS/8.5
1514. X-Powered-By: ASP.NET
1515. Date: Sat, 15 Jun 2019 05:03:49 GMT
1516.  
1517. HTTP/1.1 200 OK
1518. Content-Length: 3815
1519. Content-Type: text/html
1520. Last-Modified: Sun, 24 Apr 2016 21:37:41 GMT
1521. Accept-Ranges: bytes
1522. ETag: "f1eb6487719ed11:0"
1523. Server: Microsoft-IIS/8.5
1524. X-Powered-By: ASP.NET
1525. Date: Sat, 15 Jun 2019 05:03:50 GMT
1526.  
1527. Allow: OPTIONS, TRACE, GET, HEAD, POST
1528. #######################################################################################################################################
1529. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:03 EDT
1530. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1531. Host is up (0.25s latency).
1532.  
1533. PORT STATE SERVICE VERSION
1534. 110/tcp open pop3 MailEnable POP3 Server
1535. | pop3-brute:
1536. | Accounts: No valid accounts found
1537. | Statistics: Performed 45 guesses in 3 seconds, average tps: 15.0
1538. |_ ERROR: Failed to make a pop-connection.
1539. |_pop3-capabilities: TOP USER UIDL
1540. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1541. Device type: phone
1542. Running: Nokia Symbian OS
1543. OS CPE: cpe:/o:nokia:symbian_os
1544. OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1545. Network Distance: 14 hops
1546. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1547.  
1548. TRACEROUTE (using port 443/tcp)
1549. HOP RTT ADDRESS
1550. 1 111.59 ms 10.242.200.1
1551. 2 106.82 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
1552. 3 106.66 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
1553. 4 135.98 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1554. 5 112.67 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1555. 6 114.47 ms 80.77.2.193
1556. 7 282.84 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
1557. 8 125.75 ms xe-8-2-2.0.cjr04.prs001.flagtel.com (85.95.27.69)
1558. 9 282.90 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1559. 10 221.60 ms 80.77.2.42
1560. 11 234.25 ms 196.29.177.113
1561. 12 245.03 ms 197.254.196.62
1562. 13 ...
1563. 14 250.06 ms f03-web01.nic.gov.sd (62.12.105.3)
1564. #######################################################################################################################################
1565. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:04 EDT
1566. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1567. Host is up.
1568.  
1569. PORT STATE SERVICE VERSION
1570. 123/udp open|filtered ntp
1571. Too many fingerprints match this host to give specific OS details
1572.  
1573. TRACEROUTE (using proto 1/icmp)
1574. HOP RTT ADDRESS
1575. 1 113.97 ms 10.242.200.1
1576. 2 116.35 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
1577. 3 114.38 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
1578. 4 114.99 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1579. 5 120.17 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1580. 6 121.63 ms 80.77.2.193
1581. 7 290.41 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
1582. 8 134.39 ms xe-8-0-0.0.cjr04.prs001.flagtel.com (85.95.25.182)
1583. 9 283.67 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1584. 10 222.65 ms 80.77.2.42
1585. 11 233.64 ms 196.29.177.113
1586. 12 243.60 ms 197.254.196.62
1587. 13 ... 30
1588. #######################################################################################################################################
1589. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:08 EDT
1590. NSE: Loaded 148 scripts for scanning.
1591. NSE: Script Pre-scanning.
1592. NSE: Starting runlevel 1 (of 2) scan.
1593. Initiating NSE at 01:08
1594. Completed NSE at 01:08, 0.00s elapsed
1595. NSE: Starting runlevel 2 (of 2) scan.
1596. Initiating NSE at 01:08
1597. Completed NSE at 01:08, 0.00s elapsed
1598. Initiating Ping Scan at 01:08
1599. Scanning 62.12.105.3 [4 ports]
1600. Completed Ping Scan at 01:08, 0.30s elapsed (1 total hosts)
1601. Initiating Parallel DNS resolution of 1 host. at 01:08
1602. Completed Parallel DNS resolution of 1 host. at 01:08, 0.02s elapsed
1603. Initiating Connect Scan at 01:08
1604. Scanning f03-web01.nic.gov.sd (62.12.105.3) [65535 ports]
1605. Discovered open port 443/tcp on 62.12.105.3
1606. Discovered open port 143/tcp on 62.12.105.3
1607. Discovered open port 80/tcp on 62.12.105.3
1608. Discovered open port 21/tcp on 62.12.105.3
1609. Discovered open port 110/tcp on 62.12.105.3
1610. Connect Scan Timing: About 2.43% done; ETC: 01:29 (0:20:43 remaining)
1611. Connect Scan Timing: About 9.14% done; ETC: 01:19 (0:10:07 remaining)
1612. Connect Scan Timing: About 18.61% done; ETC: 01:16 (0:06:38 remaining)
1613. Connect Scan Timing: About 30.08% done; ETC: 01:15 (0:04:41 remaining)
1614. Connect Scan Timing: About 42.66% done; ETC: 01:14 (0:03:23 remaining)
1615. Connect Scan Timing: About 56.80% done; ETC: 01:13 (0:02:18 remaining)
1616. Discovered open port 8443/tcp on 62.12.105.3
1617. Connect Scan Timing: About 72.63% done; ETC: 01:13 (0:01:20 remaining)
1618. Completed Connect Scan at 01:12, 266.98s elapsed (65535 total ports)
1619. Initiating Service scan at 01:13
1620. Scanning 6 services on f03-web01.nic.gov.sd (62.12.105.3)
1621. Completed Service scan at 01:13, 25.64s elapsed (6 services on 1 host)
1622. Initiating OS detection (try #1) against f03-web01.nic.gov.sd (62.12.105.3)
1623. Retrying OS detection (try #2) against f03-web01.nic.gov.sd (62.12.105.3)
1624. Initiating Traceroute at 01:13
1625. Completed Traceroute at 01:13, 6.34s elapsed
1626. Initiating Parallel DNS resolution of 12 hosts. at 01:13
1627. Completed Parallel DNS resolution of 12 hosts. at 01:13, 0.19s elapsed
1628. NSE: Script scanning 62.12.105.3.
1629. NSE: Starting runlevel 1 (of 2) scan.
1630. Initiating NSE at 01:13
1631. NSE Timing: About 99.15% done; ETC: 01:14 (0:00:00 remaining)
1632. NSE Timing: About 99.51% done; ETC: 01:14 (0:00:00 remaining)
1633. NSE Timing: About 99.88% done; ETC: 01:15 (0:00:00 remaining)
1634. Completed NSE at 01:15, 94.10s elapsed
1635. NSE: Starting runlevel 2 (of 2) scan.
1636. Initiating NSE at 01:15
1637. Completed NSE at 01:15, 0.50s elapsed
1638. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1639. Host is up, received syn-ack ttl 110 (0.25s latency).
1640. Scanned at 2019-06-15 01:08:32 EDT for 401s
1641. Not shown: 65520 filtered ports
1642. Reason: 65519 no-responses and 1 host-unreach
1643. PORT STATE SERVICE REASON VERSION
1644. 20/tcp closed ftp-data conn-refused
1645. 21/tcp open ftp syn-ack Microsoft ftpd
1646. | ftp-syst:
1647. |_ SYST: Windows_NT
1648. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
1649. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
1650. | Public Key type: rsa
1651. | Public Key bits: 2048
1652. | Signature Algorithm: sha256WithRSAEncryption
1653. | Not valid before: 2016-04-19T09:30:36
1654. | Not valid after: 2017-04-19T09:30:36
1655. | MD5: 8d45 138f 8b9f f882 90d9 90be 195a f4d0
1656. | SHA-1: 69d9 baa7 b23e 96ac 6090 cc93 d352 5c78 acba 9790
1657. | -----BEGIN CERTIFICATE-----
1658. | MIIEajCCA1KgAwIBAgIEBNin+DANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMC
1659. | VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxDTALBgNV
1660. | BAoTBE9kaW4xDjAMBgNVBAsTBVBsZXNrMQ4wDAYDVQQDEwVQbGVzazEdMBsGCSqG
1661. | SIb3DQEJARYOaW5mb0BwbGVzay5jb20wHhcNMTYwNDE5MDkzMDM2WhcNMTcwNDE5
1662. | MDkzMDM2WjCBgjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO
1663. | BgNVBAcTB1NlYXR0bGUxDTALBgNVBAoTBE9kaW4xDjAMBgNVBAsTBVBsZXNrMQ4w
1664. | DAYDVQQDEwVQbGVzazEdMBsGCSqGSIb3DQEJARYOaW5mb0BwbGVzay5jb20wggEi
1665. | MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSBgk7uIcz0ea9fN1QDp3Pl19b
1666. | rjqqnl3b7UIxbZaPhoraBvBknLJ0hEzOitQmKsxIsGKPLjxSb6WMmiE+YRH0kvOU
1667. | oXWa/yjRx3rG6Z+Wd6U7r7IIbWdBMGgbTQ2OdzmrKXVqoaXM2crH9cPDhWJgkVu9
1668. | Q6zuUiMjo7cwFR1X/vAVPW1C4l5HQcW3oGC14ll5jC15IbB04YusglQVfD/8u246
1669. | nMRgToyj+gxMvsifYG9h53OT0qJz/MFk4PvtG2MAy8ipR10VMtOUrMqzaZ1ntjex
1670. | sqog2cNgT6LLRMi870OCRaT/cVYCjNlhcQIE2Tpyf9MYKK0myMokTBXs+WNHAgMB
1671. | AAGjgeUwgeIwHQYDVR0OBBYEFKXkfR1gs1JC6WRjoLsdij8g/DVYMIGyBgNVHSME
1672. | gaowgaeAFKXkfR1gs1JC6WRjoLsdij8g/DVYoYGIpIGFMIGCMQswCQYDVQQGEwJV
1673. | UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTENMAsGA1UE
1674. | ChMET2RpbjEOMAwGA1UECxMFUGxlc2sxDjAMBgNVBAMTBVBsZXNrMR0wGwYJKoZI
1675. | hvcNAQkBFg5pbmZvQHBsZXNrLmNvbYIEBNin+DAMBgNVHRMEBTADAQH/MA0GCSqG
1676. | SIb3DQEBCwUAA4IBAQARU5/ZcbkEx+CNZjqAY2r5h5m2Bq5kt0CY+j6uH05oreL9
1677. | 5gKbBctsDTehfCw5+VpFpv4lCogQ9QJlQ8A3VQXV4kjueRIMvrShPbh7vZ1LcQNR
1678. | PXDUyNZpbItE29/rJe4qvgFWMd73yw18H871kwLtddx0XfOv2tgO5fzLr9BT5hzq
1679. | E9upUN40ATHb/bDcAVLsUTOmYM9idZ4AS/oj0oCeBR9eqcw3IHNneIO3Qk2EA2UO
1680. | U93iDngn3tuYqUFlLZSjcVfWIWvY7cDMfqGEdanpz42V5nFqUQ76sWvYb8iF73uy
1681. | uxIFo3Edw+sf2D1fyEpbDQZNsNiNSyUUHUq3qagk
1682. |_-----END CERTIFICATE-----
1683. 25/tcp closed smtp conn-refused
1684. 80/tcp open http syn-ack Microsoft IIS httpd 8.5
1685. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1686. | http-methods:
1687. | Supported Methods: OPTIONS TRACE GET HEAD POST
1688. |_ Potentially risky methods: TRACE
1689. |_http-server-header: Microsoft-IIS/8.5
1690. |_http-title: Domain Default page
1691. 110/tcp open pop3 syn-ack MailEnable POP3 Server
1692. |_pop3-capabilities: TOP USER UIDL
1693. 113/tcp closed ident conn-refused
1694. 139/tcp closed netbios-ssn conn-refused
1695. 143/tcp open imap syn-ack MailEnable imapd
1696. |_imap-capabilities: CAPABILITY AUTH=CRAM-MD5 IMAP4rev1 IDLE OK completed IMAP4 AUTH=LOGIN CHILDREN UIDPLUSA0001
1697. 443/tcp open https? syn-ack
1698. 445/tcp closed microsoft-ds conn-refused
1699. 993/tcp closed imaps conn-refused
1700. 995/tcp closed pop3s conn-refused
1701. 1025/tcp closed NFS-or-IIS conn-refused
1702. 5224/tcp closed hpvirtctrl conn-refused
1703. 8443/tcp open ssl/http syn-ack Microsoft IIS httpd 8.5
1704. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1705. | http-methods:
1706. |_ Supported Methods: GET HEAD POST OPTIONS
1707. | http-robots.txt: 1 disallowed entry
1708. |_/
1709. |_http-title: Plesk Onyx 17.8.11
1710. | ssl-cert: Subject: commonName=f03-web01.nic.gov.sd
1711. | Subject Alternative Name: DNS:f03-web01.nic.gov.sd
1712. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1713. | Public Key type: rsa
1714. | Public Key bits: 2048
1715. | Signature Algorithm: sha256WithRSAEncryption
1716. | Not valid before: 2019-05-16T00:30:46
1717. | Not valid after: 2019-08-14T00:30:46
1718. | MD5: 8a76 d806 383f 0437 1e28 3297 e8bc 357a
1719. | SHA-1: 2d8f b6fa 2b1d d78f 9c4f 7916 a2b0 d7c3 e5c9 5305
1720. | -----BEGIN CERTIFICATE-----
1721. | MIIFYDCCBEigAwIBAgISBFNVeQHogggr933o4G6lR9GSMA0GCSqGSIb3DQEBCwUA
1722. | MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
1723. | ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA1MTYwMDMwNDZaFw0x
1724. | OTA4MTQwMDMwNDZaMB8xHTAbBgNVBAMTFGYwMy13ZWIwMS5uaWMuZ292LnNkMIIB
1725. | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7FghMuMoTafAsdsb7xWducGu
1726. | Xmy/lWqrDMQfF+DnpO/tpKVUN/UL0O7OAP2qUnX//dMFpeTk0yP9UzM4a7sh/pcr
1727. | m7iYtUTVYf0o4fNKFqlShIf3jTWbhwekYOEq8DjiPnixWUXqt4f7l+ubnriECKkt
1728. | UzhUxKJ5cV4ZayK/GmDVI/UucGE9gw5T9KGjQMICLm+2yQ5iApnOTJzhRAHRGXCI
1729. | cVS9yDR68pL08mrU/wgOCpPUjzXEBUAlNl8DSxA/7W3uEdnijkxjtSEXuNxaJbVh
1730. | xwBdIwp3CjFOUYr53yR+5kPT2xMYNr0MW4Nkurj5ds1Lm8/5MdGkm3LYuX4bKwID
1731. | AQABo4ICaTCCAmUwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
1732. | BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSJd386usPcwukt0lCN
1733. | k8OwN+ZGCTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEF
1734. | BQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
1735. | cnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5j
1736. | cnlwdC5vcmcvMB8GA1UdEQQYMBaCFGYwMy13ZWIwMS5uaWMuZ292LnNkMEwGA1Ud
1737. | IARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0
1738. | dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDw
1739. | AHcAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFqvkNdXAAABAMA
1740. | SDBGAiEA+Iiz8LgD/f95XsMuRWD/whq2zQvgb6xd0Zb8jgcJ9DwCIQDtKck8GHC/
1741. | X1nX2U3nEFQFAFpzQLTa+D8SnMaNYlw1WAB1ACk8UZZUyDlluqpQ/FgH1Ldvv1h6
1742. | KXLcpMMM9OVFR/R4AAABar5DXZMAAAQDAEYwRAIgRLadkchNrmPpfIxm0VPB0wmE
1743. | sCY9mUfX+AopiIt6v6MCIG/Cd3HylFu+69F2p7OF3jz7L6wx46vbDJMdaFQIOwET
1744. | MA0GCSqGSIb3DQEBCwUAA4IBAQAv5QdsPGoq14dzMbDA9Ap6YLPicpr2FE+PMO4g
1745. | z4hZnOAlx7gamaIxJo0mJQV+qQgAC0q5aCuCyqMjGTh1nqCxGDNUg223LiHQHH02
1746. | llGFzNGB4r+oMbiMN7rpYYDn/pos89iV0/8qCZ65dQ4P7jQ7vnzxPpPbKpzHo5fL
1747. | ar8FNFXz49fMQDVQFLS+WvmCYtbDaRipp9DPAMeErDkY4SF/6UHEXPTuRpQhVdt3
1748. | ZlsFJQdCzGW+H9cHPPKzACT8muKd7kzEQY03pqLQf9oVptZi/5XDv5D/2KFKdJwE
1749. | eCKEDcxYY3LzzXhy6tDjEOXWvx1NR4l+goHtqAcslJYTEWrA
1750. |_-----END CERTIFICATE-----
1751. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
1752. Aggressive OS guesses: AVtech Room Alert 26W environmental monitor (95%), HP ProCurve Secure Router 7102dl (93%), Ricoh Aficio SP C240SF printer (93%), Linksys BEFSR41 EtherFast router (91%), Microsoft Windows Vista Home Premium SP1 (90%), OpenBSD 4.0 (88%), FreeBSD 6.2-RELEASE (87%), Linux 2.6.18 - 2.6.22 (87%), OpenBSD 4.3 (87%), Polycom SoundPoint IP 331 VoIP phone (87%)
1753. No exact OS matches for host (test conditions non-ideal).
1754. TCP/IP fingerprint:
1755. SCAN(V=7.70%E=4%D=6/15%OT=21%CT=20%CU=%PV=N%G=N%TM=5D047EE1%P=x86_64-pc-linux-gnu)
1756. SEQ(SP=107%GCD=1%ISR=10A%TI=I%TS=U)
1757. OPS(O1=M44FW8N%O2=M44FW8N%O3=M44FW8N%O4=M44FW8N%O5=M44FW8N%O6=M44F)
1758. WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
1759. ECN(R=Y%DF=Y%TG=80%W=2000%O=M44FW8N%CC=Y%Q=)
1760. ECN(R=N)
1761. T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
1762. T2(R=N)
1763. T3(R=N)
1764. T4(R=N)
1765. T5(R=Y%DF=Y%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
1766. T6(R=N)
1767. T7(R=N)
1768. U1(R=N)
1769. IE(R=N)
1770.  
1771. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1772.  
1773. TRACEROUTE (using proto 1/icmp)
1774. HOP RTT ADDRESS
1775. 1 112.89 ms 10.242.200.1
1776. 2 113.08 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
1777. 3 112.93 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
1778. 4 177.61 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1779. 5 113.87 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1780. 6 114.71 ms 80.77.2.193
1781. 7 283.59 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
1782. 8 126.56 ms xe-8-0-0.0.cjr04.prs001.flagtel.com (85.95.25.182)
1783. 9 283.21 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1784. 10 222.53 ms 80.77.2.42
1785. 11 233.66 ms 196.29.177.113
1786. 12 243.77 ms 197.254.196.62
1787. 13 ... 30
1788.  
1789. NSE: Script Post-scanning.
1790. NSE: Starting runlevel 1 (of 2) scan.
1791. Initiating NSE at 01:15
1792. Completed NSE at 01:15, 0.00s elapsed
1793. NSE: Starting runlevel 2 (of 2) scan.
1794. Initiating NSE at 01:15
1795. Completed NSE at 01:15, 0.00s elapsed
1796. Read data files from: /usr/bin/../share/nmap
1797. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1798. Nmap done: 1 IP address (1 host up) scanned in 401.40 seconds
1799. Raw packets sent: 161 (11.188KB) | Rcvd: 39 (2.728KB)
1800. #######################################################################################################################################
1801. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:15 EDT
1802. NSE: Loaded 148 scripts for scanning.
1803. NSE: Script Pre-scanning.
1804. Initiating NSE at 01:15
1805. Completed NSE at 01:15, 0.00s elapsed
1806. Initiating NSE at 01:15
1807. Completed NSE at 01:15, 0.00s elapsed
1808. Initiating Parallel DNS resolution of 1 host. at 01:15
1809. Completed Parallel DNS resolution of 1 host. at 01:15, 0.03s elapsed
1810. Initiating UDP Scan at 01:15
1811. Scanning f03-web01.nic.gov.sd (62.12.105.3) [14 ports]
1812. Completed UDP Scan at 01:15, 2.02s elapsed (14 total ports)
1813. Initiating Service scan at 01:15
1814. Scanning 12 services on f03-web01.nic.gov.sd (62.12.105.3)
1815. Service scan Timing: About 8.33% done; ETC: 01:34 (0:17:47 remaining)
1816. Completed Service scan at 01:16, 102.57s elapsed (12 services on 1 host)
1817. Initiating OS detection (try #1) against f03-web01.nic.gov.sd (62.12.105.3)
1818. Retrying OS detection (try #2) against f03-web01.nic.gov.sd (62.12.105.3)
1819. Initiating Traceroute at 01:17
1820. Completed Traceroute at 01:17, 7.30s elapsed
1821. Initiating Parallel DNS resolution of 1 host. at 01:17
1822. Completed Parallel DNS resolution of 1 host. at 01:17, 0.00s elapsed
1823. NSE: Script scanning 62.12.105.3.
1824. Initiating NSE at 01:17
1825. Completed NSE at 01:17, 20.32s elapsed
1826. Initiating NSE at 01:17
1827. Completed NSE at 01:17, 1.03s elapsed
1828. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1829. Host is up (0.11s latency).
1830.  
1831. PORT STATE SERVICE VERSION
1832. 53/udp open|filtered domain
1833. 67/udp open|filtered dhcps
1834. 68/udp open|filtered dhcpc
1835. 69/udp open|filtered tftp
1836. 88/udp open|filtered kerberos-sec
1837. 123/udp open|filtered ntp
1838. 137/udp filtered netbios-ns
1839. 138/udp filtered netbios-dgm
1840. 139/udp open|filtered netbios-ssn
1841. 161/udp open|filtered snmp
1842. 162/udp open|filtered snmptrap
1843. 389/udp open|filtered ldap
1844. 520/udp open|filtered route
1845. 2049/udp open|filtered nfs
1846. Too many fingerprints match this host to give specific OS details
1847.  
1848. TRACEROUTE (using port 138/udp)
1849. HOP RTT ADDRESS
1850. 1 108.20 ms 10.242.200.1
1851. 2 ... 3
1852. 4 112.28 ms 10.242.200.1
1853. 5 107.59 ms 10.242.200.1
1854. 6 107.58 ms 10.242.200.1
1855. 7 107.57 ms 10.242.200.1
1856. 8 107.55 ms 10.242.200.1
1857. 9 107.53 ms 10.242.200.1
1858. 10 107.53 ms 10.242.200.1
1859. 11 ... 18
1860. 19 105.60 ms 10.242.200.1
1861. 20 107.26 ms 10.242.200.1
1862. 21 108.07 ms 10.242.200.1
1863. 22 ... 27
1864. 28 109.48 ms 10.242.200.1
1865. 29 ...
1866. 30 107.10 ms 10.242.200.1
1867.  
1868. NSE: Script Post-scanning.
1869. Initiating NSE at 01:17
1870. Completed NSE at 01:17, 0.00s elapsed
1871. Initiating NSE at 01:17
1872. Completed NSE at 01:17, 0.00s elapsed
1873. Read data files from: /usr/bin/../share/nmap
1874. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1875. Nmap done: 1 IP address (1 host up) scanned in 138.13 seconds
1876. Raw packets sent: 149 (10.020KB) | Rcvd: 1622 (88.314KB)
1877. #######################################################################################################################################
1878. Hosts
1879. =====
1880.  
1881. address mac name os_name os_flavor os_sp purpose info comments
1882. ------- --- ---- ------- --------- ----- ------- ---- --------
1883. 52.64.99.208 cbs.gov.ws Linux 3.X server
1884. 62.12.105.3 f03-web01.nic.gov.sd embedded 2.6.X device
1885. 62.12.105.4 f05-web03.nic.gov.sd Linux 2.6.X server
1886. 77.72.0.146 argon.cloudhosting.co.uk Unknown device
1887. 147.237.77.18 Unknown device
1888.  
1889. Services
1890. ========
1891.  
1892. host port proto name state info
1893. ---- ---- ----- ---- ----- ----
1894. 52.64.99.208 20 tcp ftp-data closed
1895. 52.64.99.208 21 tcp ftp open vsftpd 3.0.2
1896. 52.64.99.208 25 tcp smtp closed
1897. 52.64.99.208 53 udp domain unknown
1898. 52.64.99.208 67 udp dhcps unknown
1899. 52.64.99.208 68 udp dhcpc unknown
1900. 52.64.99.208 69 udp tftp unknown
1901. 52.64.99.208 80 tcp http open Apache httpd
1902. 52.64.99.208 88 udp kerberos-sec unknown
1903. 52.64.99.208 123 udp ntp unknown
1904. 52.64.99.208 137 udp netbios-ns filtered
1905. 52.64.99.208 138 udp netbios-dgm filtered
1906. 52.64.99.208 139 tcp netbios-ssn closed
1907. 52.64.99.208 139 udp netbios-ssn unknown
1908. 52.64.99.208 161 udp snmp unknown
1909. 52.64.99.208 162 udp snmptrap unknown
1910. 52.64.99.208 389 udp ldap unknown
1911. 52.64.99.208 443 tcp ssl/http open Apache httpd
1912. 52.64.99.208 445 tcp microsoft-ds closed
1913. 52.64.99.208 520 udp route unknown
1914. 52.64.99.208 1024 tcp kdm closed
1915. 52.64.99.208 1025 tcp nfs-or-iis closed
1916. 52.64.99.208 1026 tcp lsa-or-nterm closed
1917. 52.64.99.208 1027 tcp iis closed
1918. 52.64.99.208 1028 tcp unknown closed
1919. 52.64.99.208 1029 tcp ms-lsa closed
1920. 52.64.99.208 1030 tcp iad1 closed
1921. 52.64.99.208 1031 tcp iad2 closed
1922. 52.64.99.208 1032 tcp iad3 closed
1923. 52.64.99.208 1033 tcp netinfo closed
1924. 52.64.99.208 1034 tcp zincite-a closed
1925. 52.64.99.208 1035 tcp multidropper closed
1926. 52.64.99.208 1036 tcp nsstp closed
1927. 52.64.99.208 1037 tcp ams closed
1928. 52.64.99.208 1038 tcp mtqp closed
1929. 52.64.99.208 1039 tcp sbl closed
1930. 52.64.99.208 1040 tcp netsaint closed
1931. 52.64.99.208 1041 tcp danf-ak2 closed
1932. 52.64.99.208 1042 tcp afrog closed
1933. 52.64.99.208 1043 tcp boinc closed
1934. 52.64.99.208 1044 tcp dcutility closed
1935. 52.64.99.208 1045 tcp fpitp closed
1936. 52.64.99.208 1046 tcp wfremotertm closed
1937. 52.64.99.208 1047 tcp neod1 closed
1938. 52.64.99.208 1048 tcp neod2 closed
1939. 52.64.99.208 2049 udp nfs unknown
1940. 62.12.105.3 20 tcp ftp-data closed
1941. 62.12.105.3 21 tcp ftp open Microsoft ftpd
1942. 62.12.105.3 25 tcp smtp closed
1943. 62.12.105.3 53 udp domain unknown
1944. 62.12.105.3 67 udp dhcps unknown
1945. 62.12.105.3 68 udp dhcpc unknown
1946. 62.12.105.3 69 udp tftp unknown
1947. 62.12.105.3 80 tcp http open Microsoft IIS httpd 8.5
1948. 62.12.105.3 88 udp kerberos-sec unknown
1949. 62.12.105.3 110 tcp pop3 open MailEnable POP3 Server
1950. 62.12.105.3 113 tcp ident closed
1951. 62.12.105.3 123 udp ntp unknown
1952. 62.12.105.3 137 udp netbios-ns filtered
1953. 62.12.105.3 138 udp netbios-dgm filtered
1954. 62.12.105.3 139 tcp netbios-ssn closed
1955. 62.12.105.3 139 udp netbios-ssn unknown
1956. 62.12.105.3 143 tcp imap open MailEnable imapd
1957. 62.12.105.3 161 udp snmp unknown
1958. 62.12.105.3 162 udp snmptrap unknown
1959. 62.12.105.3 389 udp ldap unknown
1960. 62.12.105.3 443 tcp https open
1961. 62.12.105.3 445 tcp microsoft-ds closed
1962. 62.12.105.3 520 udp route unknown
1963. 62.12.105.3 993 tcp imaps closed
1964. 62.12.105.3 995 tcp pop3s closed
1965. 62.12.105.3 1025 tcp nfs-or-iis closed
1966. 62.12.105.3 2049 udp nfs unknown
1967. 62.12.105.3 5224 tcp hpvirtctrl closed
1968. 62.12.105.3 8443 tcp ssl/http open Microsoft IIS httpd 8.5
1969. 62.12.105.4 21 tcp ftp open ProFTPD 1.3.5d
1970. 62.12.105.4 25 tcp smtp closed
1971. 62.12.105.4 53 udp domain unknown
1972. 62.12.105.4 67 udp dhcps unknown
1973. 62.12.105.4 68 udp dhcpc unknown
1974. 62.12.105.4 69 udp tftp unknown
1975. 62.12.105.4 80 tcp http open nginx
1976. 62.12.105.4 88 udp kerberos-sec unknown
1977. 62.12.105.4 110 tcp pop3 open Dovecot pop3d
1978. 62.12.105.4 113 tcp ident closed
1979. 62.12.105.4 123 udp ntp unknown
1980. 62.12.105.4 137 udp netbios-ns filtered
1981. 62.12.105.4 138 udp netbios-dgm filtered
1982. 62.12.105.4 139 tcp netbios-ssn closed
1983. 62.12.105.4 139 udp netbios-ssn unknown
1984. 62.12.105.4 143 tcp imap open Dovecot imapd
1985. 62.12.105.4 161 udp snmp unknown
1986. 62.12.105.4 162 udp snmptrap unknown
1987. 62.12.105.4 389 udp ldap unknown
1988. 62.12.105.4 443 tcp ssl/http open nginx
1989. 62.12.105.4 445 tcp microsoft-ds closed
1990. 62.12.105.4 520 udp route unknown
1991. 62.12.105.4 993 tcp ssl/imaps open
1992. 62.12.105.4 995 tcp ssl/pop3s open
1993. 62.12.105.4 2049 udp nfs unknown
1994. 62.12.105.4 8443 tcp https-alt open
1995. 77.72.0.146 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 50 allowed.\x0d\x0a220-Local time is now 23:05. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
1996. 77.72.0.146 67 udp dhcps unknown
1997. 77.72.0.146 68 udp dhcpc unknown
1998. 77.72.0.146 69 udp tftp unknown
1999. 77.72.0.146 80 tcp http open
2000. 77.72.0.146 88 udp kerberos-sec unknown
2001. 77.72.0.146 110 tcp pop3 open
2002. 77.72.0.146 123 udp ntp unknown
2003. 77.72.0.146 139 udp netbios-ssn unknown
2004. 77.72.0.146 143 tcp imap open
2005. 77.72.0.146 389 udp ldap unknown
2006. 77.72.0.146 443 tcp https open
2007. 77.72.0.146 465 tcp smtps open
2008. 77.72.0.146 520 udp route unknown
2009. 77.72.0.146 587 tcp submission open
2010. 77.72.0.146 993 tcp imaps open
2011. 77.72.0.146 995 tcp pop3s open
2012. 77.72.0.146 2049 udp nfs unknown
2013. 147.237.77.18 53 udp domain unknown
2014. 147.237.77.18 67 udp dhcps unknown
2015. 147.237.77.18 68 udp dhcpc unknown
2016. 147.237.77.18 69 udp tftp unknown
2017. 147.237.77.18 80 tcp http open
2018. 147.237.77.18 88 udp kerberos-sec unknown
2019. 147.237.77.18 123 udp ntp unknown
2020. 147.237.77.18 139 udp netbios-ssn unknown
2021. 147.237.77.18 161 udp snmp unknown
2022. 147.237.77.18 162 udp snmptrap unknown
2023. 147.237.77.18 389 udp ldap unknown
2024. 147.237.77.18 520 udp route unknown
2025. 147.237.77.18 2049 udp nfs unknown
2026. #######################################################################################################################################
2027. Anonymous JTSEC #OpSudan Full Recon #92