Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- =======================================================================================================================================
- Nom de l'hôte www.rnspolice.gov.sd FAI NICDC
- Continent Afrique Drapeau
- SD
- Pays Soudan Code du pays SD
- Région Inconnu Heure locale 23 Feb 2019 12:24 CAT
- Ville Inconnu Code Postal Inconnu
- Adresse IP 62.12.105.2 Latitude 15
- Longitude 30
- =======================================================================================================================================
- #######################################################################################################################################
- > www.rnspolice.gov.sd
- Server: 38.132.106.139
- Address: 38.132.106.139#53
- Non-authoritative answer:
- Name: www.rnspolice.gov.sd
- Address: 62.12.105.2
- >
- #######################################################################################################################################
- HostIP:62.12.105.2
- HostName:www.rnspolice.gov.sd
- Gathered Inet-whois information for 62.12.105.2
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 62.12.96.0 - 62.12.127.255
- netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
- descr: IPv4 address block not managed by the RIPE NCC
- remarks: ------------------------------------------------------
- remarks:
- remarks: For registration information,
- remarks: you can consult the following sources:
- remarks:
- remarks: IANA
- remarks: http://www.iana.org/assignments/ipv4-address-space
- remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
- remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
- remarks:
- remarks: AFRINIC (Africa)
- remarks: http://www.afrinic.net/ whois.afrinic.net
- remarks:
- remarks: APNIC (Asia Pacific)
- remarks: http://www.apnic.net/ whois.apnic.net
- remarks:
- remarks: ARIN (Northern America)
- remarks: http://www.arin.net/ whois.arin.net
- remarks:
- remarks: LACNIC (Latin America and the Carribean)
- remarks: http://www.lacnic.net/ whois.lacnic.net
- remarks:
- remarks: ------------------------------------------------------
- country: EU # Country is really world wide
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- status: ALLOCATED UNSPECIFIED
- mnt-by: RIPE-NCC-HM-MNT
- created: 2019-01-07T10:46:54Z
- last-modified: 2019-01-07T10:46:54Z
- source: RIPE
- role: Internet Assigned Numbers Authority
- address: see http://www.iana.org.
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- nic-hdl: IANA1-RIPE
- remarks: For more information on IANA services
- remarks: go to IANA web site at http://www.iana.org.
- mnt-by: RIPE-NCC-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2001-09-22T09:31:27Z
- source: RIPE # Filtered
- % This query was served by the RIPE Database Query Service version 1.92.6 (HEREFORD)
- Gathered Inic-whois information for rnspolice.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Error: Unable to connect - Invalid Host
- ERROR: Connection to InicWhois Server sd.whois-servers.net failed
- close error
- Gathered Netcraft information for www.rnspolice.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for www.rnspolice.gov.sd
- Netcraft.com Information gathered
- Gathered Subdomain information for rnspolice.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- HostName:www.rnspolice.gov.sd
- HostIP:62.12.105.2
- Searching Altavista.com:80...
- Found 1 possible subdomain(s) for host rnspolice.gov.sd, Searched 0 pages containing 0 results
- Gathered E-Mail information for rnspolice.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host rnspolice.gov.sd, Searched 0 pages containing 0 results
- Gathered TCP Port information for 62.12.105.2
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 21/tcp open
- 80/tcp open
- 110/tcp open
- 143/tcp open
- Portscan Finished: Scanned 150 ports, 4 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: http://www.rnspolice.gov.sd
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: ���� ����� ��� �����
- [+] IP address: 62.12.105.2
- [+] Web Server: Could Not Detect
- [+] CMS: Could Not Detect
- [+] Cloudflare: Not Detected
- [+] Robots File: Could NOT Find robots.txt!
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 62.12.105.2
- [i] Country: Sudan
- [i] State:
- [i] City:
- [i] Latitude: 15.0
- [i] Longitude: 30.0
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Date: Sat, 23 Feb 2019 09:42:15 GMT
- [i] Content-Type: text/html
- [i] Content-Length: 26247
- [i] Last-Modified: Mon, 07 May 2018 05:27:34 GMT
- [i] ETag: "5aefe3c6-6687"
- [i] X-Powered-By: PleskLin
- [i] Accept-Ranges: bytes
- [i] Connection: close
- D N S L O O K U P
- =======================================================================================================================================
- rnspolice.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
- rnspolice.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
- rnspolice.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
- rnspolice.gov.sd. 21599 IN A 62.12.105.2
- rnspolice.gov.sd. 21599 IN MX 10 mail.rnspolice.gov.sd.
- rnspolice.gov.sd. 21599 IN TXT "v=spf1 mx -all"
- S U B N E T C A L C U L A T I O N
- =======================================================================================================================================
- Address = 62.12.105.2
- Network = 62.12.105.2 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 62.12.105.2 - 62.12.105.2 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-23 10:40 UTC
- Nmap scan report for rnspolice.gov.sd (62.12.105.2)
- Host is up (0.22s latency).
- rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 14.28 seconds
- #######################################################################################################################################
- [?] Enter the target: example( http://domain.com )
- http://www.rnspolice.gov.sd/
- [!] IP Address : 62.12.105.2
- [!] www.rnspolice.gov.sd doesn't seem to use a CMS
- [+] Honeypot Probabilty: 30%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for www.rnspolice.gov.sd
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/www.rnspolice.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 14.57 seconds
- ---------------------------------------------------------------------------------------------------------------------------------------
- There was an error getting results
- [-] DNS Records
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- pixel-1550918432554067-web-@www.rnspolice.gov.sd
- pixel-1550918433179696-web-@www.rnspolice.gov.sd
- No hosts found
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- Enter Address Website = rnspolice.gov.sd
- Reverse IP With YouGetSignal 'rnspolice.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [*] IP: 62.12.105.2
- [*] Domain: rnspolice.gov.sd
- [*] Total Domains: 7
- [+] agricmi.gov.sd
- [+] eastgezira.gov.sd
- [+] mocit.gov.sd
- [+] rnspolice.gov.sd
- [+] sudan.gov.sd
- [+] unionkhr.sd
- [+] www.sudan.gov.sd
- #######################################################################################################################################
- Geo IP Lookup 'rnspolice.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] IP Address: 62.12.105.2
- [+] Country: Sudan
- [+] State:
- [+] City:
- [+] Latitude: 15.0
- [+] Longitude: 30.0
- #######################################################################################################################################
- Bypass Cloudflare 'rnspolice.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [!] CloudFlare Bypass 197.254.200.161 | webmail.rnspolice.gov.sd
- [!] CloudFlare Bypass 197.254.200.161 | mail.rnspolice.gov.sd
- [!] CloudFlare Bypass 62.12.105.2 | www.rnspolice.gov.sd
- #######################################################################################################################################
- DNS Lookup 'rnspolice.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] rnspolice.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
- [+] rnspolice.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
- [+] rnspolice.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
- [+] rnspolice.gov.sd. 21599 IN A 62.12.105.2
- [+] rnspolice.gov.sd. 21599 IN MX 10 mail.rnspolice.gov.sd.
- [+] rnspolice.gov.sd. 21599 IN TXT "v=spf1 mx -all"
- #######################################################################################################################################
- Show HTTP Header 'rnspolice.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] HTTP/1.1 301 Moved Permanently
- [+] Server: nginx
- [+] Date: Sat, 23 Feb 2019 09:42:10 GMT
- [+] Content-Type: text/html
- [+] Content-Length: 178
- [+] Connection: keep-alive
- [+] Location: http://www.rnspolice.gov.sd/
- [+] X-Powered-By: PleskLin
- #######################################################################################################################################
- Port Scan 'rnspolice.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-23 10:40 UTC
- Nmap scan report for rnspolice.gov.sd (62.12.105.2)
- Host is up (0.22s latency).
- rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 14.59 seconds
- #######################################################################################################################################
- Traceroute 'rnspolice.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Start: 2019-02-23T10:40:24+0000
- HOST: web01 Loss% Snt Last Avg Best Wrst StDev
- 1.|-- 45.79.12.201 0.0% 3 1.2 1.0 0.7 1.2 0.3
- 2.|-- 45.79.12.0 0.0% 3 1.3 0.9 0.5 1.3 0.4
- 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.9 1.7 1.4 1.9 0.2
- 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 2.6 2.1 1.4 2.6 0.6
- 5.|-- be2443.ccr42.iah01.atlas.cogentco.com 0.0% 3 7.0 6.8 6.7 7.0 0.2
- 6.|-- be2690.ccr42.atl01.atlas.cogentco.com 0.0% 3 21.3 21.7 21.1 22.7 0.8
- 7.|-- be2113.ccr42.dca01.atlas.cogentco.com 0.0% 3 32.1 32.3 32.1 32.6 0.2
- 8.|-- be2807.ccr42.jfk02.atlas.cogentco.com 0.0% 3 38.0 38.0 38.0 38.0 0.0
- 9.|-- be2490.ccr42.lon13.atlas.cogentco.com 0.0% 3 108.7 108.6 108.5 108.7 0.1
- 10.|-- be2871.ccr21.lon01.atlas.cogentco.com 0.0% 3 110.3 110.1 110.0 110.3 0.2
- 11.|-- expressotelecom.demarc.cogentco.com 0.0% 3 108.5 108.5 108.5 108.5 0.0
- 12.|-- 185.153.20.70 0.0% 3 188.2 188.3 188.2 188.6 0.2
- 13.|-- 185.153.20.82 0.0% 3 190.6 192.4 190.6 194.2 1.8
- 14.|-- 185.153.20.94 0.0% 3 188.1 188.3 188.1 188.6 0.3
- 15.|-- 185.153.20.153 0.0% 3 217.2 215.8 214.9 217.2 1.2
- 16.|-- 212.0.131.109 0.0% 3 218.9 219.5 218.9 220.1 0.6
- 17.|-- 196.202.137.249 0.0% 3 229.1 229.6 229.1 230.1 0.5
- 18.|-- 196.202.145.94 33.3% 3 226.7 226.9 226.7 227.1 0.3
- 19.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- #######################################################################################################################################
- Ping 'rnspolice.gov.sd'
- --------------------------------------------------------------------------------------------------------------------------------------
- Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-23 10:40 UTC
- SENT (0.3695s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=60165 seq=1] IP [ttl=64 id=43444 iplen=28 ]
- SENT (1.3698s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=60165 seq=2] IP [ttl=64 id=43444 iplen=28 ]
- SENT (2.3716s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=60165 seq=3] IP [ttl=64 id=43444 iplen=28 ]
- SENT (3.3729s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=60165 seq=4] IP [ttl=64 id=43444 iplen=28 ]
- Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
- Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
- Nping done: 1 IP address pinged in 4.37 seconds
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-2-Debian <<>> rnspolice.gov.sd
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50946
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;rnspolice.gov.sd. IN A
- ;; ANSWER SECTION:
- rnspolice.gov.sd. 81704 IN A 62.12.105.2
- ;; Query time: 32 msec
- ;; SERVER: 38.132.106.139#53(38.132.106.139)
- ;; WHEN: sam fév 23 06:42:30 EST 2019
- ;; MSG SIZE rcvd: 61
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-2-Debian <<>> +trace rnspolice.gov.sd
- ;; global options: +cmd
- . 85250 IN NS m.root-servers.net.
- . 85250 IN NS a.root-servers.net.
- . 85250 IN NS j.root-servers.net.
- . 85250 IN NS g.root-servers.net.
- . 85250 IN NS d.root-servers.net.
- . 85250 IN NS i.root-servers.net.
- . 85250 IN NS e.root-servers.net.
- . 85250 IN NS f.root-servers.net.
- . 85250 IN NS b.root-servers.net.
- . 85250 IN NS h.root-servers.net.
- . 85250 IN NS l.root-servers.net.
- . 85250 IN NS k.root-servers.net.
- . 85250 IN NS c.root-servers.net.
- . 85250 IN RRSIG NS 8 0 518400 20190308050000 20190223040000 16749 . JQeMGgmm0+LV3FW5wHpe975hhAP4/zE9iLeXH/YcrsuZAgpk5gTYdZ6e SR/JC5tJOOsU9CPqO2WhNf5bcjAbYmkt/sioFOR3xQpjvHIfBGqRiWBZ YaBGcAylp8JxqK5Y+CzZAaCKq8hRAmD0YSTL8Yd6/6RQEitkLQ2u+38R qK4T+kfuCd62q7eC34/+q14Ckrh4kIO4A2H/VkfQcwBbknyQtfyiJmMM jDlaujc2oHONbfbbKTaG77i3mNBxRkuaFx6vJ/UQjstxtK4k/pS0jUK3 MO7TPYRWP9LG3VCHyQLUVLMWE/Fe3l2LxyfoQ5BXSrolsnkTfvDQgVI6 h1d8XA==
- ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 32 ms
- sd. 172800 IN NS ns2.uaenic.ae.
- sd. 172800 IN NS ans2.canar.sd.
- sd. 172800 IN NS ns1.uaenic.ae.
- sd. 172800 IN NS sd.cctld.authdns.ripe.net.
- sd. 172800 IN NS ns-sd.afrinic.net.
- sd. 172800 IN NS ans1.sis.sd.
- sd. 172800 IN NS ans1.canar.sd.
- sd. 86400 IN NSEC se. NS RRSIG NSEC
- sd. 86400 IN RRSIG NSEC 8 1 86400 20190308050000 20190223040000 16749 . Otzo1k4hYXEQuqSyxCH0ju6ESXmE8lnmmfbQGZbhRD2LfB1sfKpftrPP S/fOpZB8EIaR+RYL7JUPpEG01aaKeoPTbLdzHx5/wIEFTl82+WXJ+10H DAxS8V0z+AtmJZQZyuCJyBFohx7CH1AB/vDYExd0iuq5U5ACXS/RpsgI TLt3OjPxvsuQzS3JI/T19nW17HQ1WE45EJRFmI3pv44wy2dpnzkyn67d Yq9ov/Ng+RoyKXl1O0LD48h1EGv5SWV93q8l4JMHV74GwkRRjPs3hJfo jWPcn1UWTG8lbeLKuWsgahFwK7/3JdlJUUFuWCEzwt+2fF5NqwRoXgVA Ed+mNw==
- ;; Received 731 bytes from 2001:500:200::b#53(b.root-servers.net) in 70 ms
- ;; Received 73 bytes from 195.229.0.186#53(ns2.uaenic.ae) in 237 ms
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: rnspolice.gov.sd
- [-] DNSSEC is not configured for rnspolice.gov.sd
- [*] SOA ns0.ndc.gov.sd 62.12.109.2
- [*] NS ns1.ndc.gov.sd 62.12.109.3
- [*] Bind Version for 62.12.109.3 you guess!
- [*] NS ns0.ndc.gov.sd 62.12.109.2
- [*] Bind Version for 62.12.109.2 you guess!
- [*] MX mail.rnspolice.gov.sd 197.254.200.161
- [*] A rnspolice.gov.sd 62.12.105.2
- [*] TXT rnspolice.gov.sd v=spf1 mx -all
- [*] Enumerating SRV Records
- [-] No SRV Records Found for rnspolice.gov.sd
- [+] 0 Records Found
- #######################################################################################################################################
- [*] Processing domain rnspolice.gov.sd
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2', '205.151.67.6', '205.151.67.34', '205.151.67.2']
- [+] Getting nameservers
- 62.12.109.3 - ns1.ndc.gov.sd
- [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
- rnspolice.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
- rnspolice.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- rnspolice.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
- rnspolice.gov.sd. 86400 IN A 62.12.105.2
- rnspolice.gov.sd. 86400 IN MX 10 mail.rnspolice.gov.sd.
- rnspolice.gov.sd. 86400 IN TXT "v=spf1 mx -all"
- mail.rnspolice.gov.sd. 86400 IN A 197.254.200.161
- mail.rnspolice.gov.sd. 86400 IN MX 10 mail.rnspolice.gov.sd.
- webmail.rnspolice.gov.sd. 86400 IN CNAME mail.rnspolice.gov.sd.
- www.rnspolice.gov.sd. 86400 IN A 62.12.105.2
- #######################################################################################################################################
- =======================================================================================================================================
- External hosts:
- | [+] External Host Found: http://ajax.googleapis.com
- | [+] External Host Found: http://httpd.apache.org
- | [+] External Host Found: http://www.youtube.com
- | [+] External Host Found: http://www.facebook.com
- | [+] External Host Found: http://www.traidnt.net
- | [+] External Host Found: http://www.e-zeeinternet.com
- | [+] External Host Found: http://ajax.microsoft.com
- | [+] External Host Found: http://gezirapolice.gov.sd
- | [+] External Host Found: http://rnspolice.info
- =======================================================================================================================================
- | E-mails:
- | [+] E-mail Found: mike@hyperreal.org
- | [+] E-mail Found: humbedooh@apache.org
- | [+] E-mail Found: kevinh@kevcom.com
- | [+] E-mail Found: mims777@hotmail.com
- =======================================================================================================================================
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- www.rnspolice.gov.sd -----
- Host's addresses:
- __________________
- www.rnspolice.gov.sd. 83391 IN A 62.12.105.2
- Name Servers:
- ______________
- #######################################################################################################################################
- ===============================================
- -=Subfinder v1.1.3 github.com/subfinder/subfinder
- ===============================================
- Running Source: Ask
- Running Source: Archive.is
- Running Source: Baidu
- Running Source: Bing
- Running Source: CertDB
- Running Source: CertificateTransparency
- Running Source: Certspotter
- Running Source: Commoncrawl
- Running Source: Crt.sh
- Running Source: Dnsdb
- Running Source: DNSDumpster
- Running Source: DNSTable
- Running Source: Dogpile
- Running Source: Exalead
- Running Source: Findsubdomains
- Running Source: Googleter
- Running Source: Hackertarget
- Running Source: Ipv4Info
- Running Source: PTRArchive
- Running Source: Sitedossier
- Running Source: Threatcrowd
- Running Source: ThreatMiner
- Running Source: WaybackArchive
- Running Source: Yahoo
- Running enumeration on www.rnspolice.gov.sd
- dnsdb: Unexpected return status 503
- ipv4info: <nil>
- Starting Bruteforcing of www.rnspolice.gov.sd with 9985 words
- Total 1 Unique subdomains found for www.rnspolice.gov.sd
- .www.rnspolice.gov.sd
- #######################################################################################################################################
- [+] www.rnspolice.gov.sd has no SPF record!
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for www.rnspolice.gov.sd!
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:20 EST
- Nmap scan report for www.rnspolice.gov.sd (62.12.105.2)
- Host is up (0.16s latency).
- Not shown: 464 filtered ports, 4 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 993/tcp open imaps
- 995/tcp open pop3s
- 8443/tcp open https-alt
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:20 EST
- Nmap scan report for www.rnspolice.gov.sd (62.12.105.2)
- Host is up (0.023s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:21 EST
- Nmap scan report for www.rnspolice.gov.sd (62.12.105.2)
- Host is up (0.20s latency).
- PORT STATE SERVICE VERSION
- 21/tcp open tcpwrapped
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: specialized|WAP|general purpose|router
- Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
- OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
- Network Distance: 20 hops
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 22.79 ms 10.245.200.1
- 2 23.18 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 29.95 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 24.48 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 23.79 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 23.78 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 92.90 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
- 8 98.58 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
- 9 99.77 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
- 10 99.76 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 100.57 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 179.19 ms 185.153.20.70
- 13 179.75 ms 185.153.20.82
- 14 179.70 ms 185.153.20.94
- 15 250.30 ms 185.153.20.153
- 16 ... 17
- 18 204.07 ms 196.202.145.94
- 19 ...
- 20 193.01 ms f03-web02.nic.gov.sd (62.12.105.2)
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://www.rnspolice.gov.sd...
- _________________________________________ SITE INFO _________________________________________
- IP Title
- 62.12.105.2 ���� ����� ��� �����
- __________________________________________ VERSION __________________________________________
- Name Versions Type
- Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
- 2.4.9
- nginx Platform
- _____________________________________________________________________________________________
- Time: 60.4 sec Urls: 848 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Server: nginx
- Date: Sat, 23 Feb 2019 10:36:17 GMT
- Content-Type: text/html
- Content-Length: 26247
- Connection: keep-alive
- X-Accel-Version: 0.01
- Last-Modified: Mon, 07 May 2018 05:27:34 GMT
- ETag: "6687-56b96ed4eae25"
- Accept-Ranges: bytes
- X-Powered-By: PleskLin
- HTTP/1.1 200 OK
- Server: nginx
- Date: Sat, 23 Feb 2019 10:36:17 GMT
- Content-Type: text/html
- Content-Length: 26247
- Connection: keep-alive
- X-Accel-Version: 0.01
- Last-Modified: Mon, 07 May 2018 05:27:34 GMT
- ETag: "6687-56b96ed4eae25"
- Accept-Ranges: bytes
- X-Powered-By: PleskLin
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:34 EST
- Nmap scan report for www.rnspolice.gov.sd (62.12.105.2)
- Host is up (0.20s latency).
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 226 guesses in 197 seconds, average tps: 1.1
- |_pop3-capabilities: PIPELINING RESP-CODES APOP UIDL CAPA TOP STLS USER SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) AUTH-RESP-CODE
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: specialized|WAP|general purpose|router
- Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
- OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
- Network Distance: 20 hops
- Service Info: Host: fo3-web02.nic.gov.sd
- TRACEROUTE (using port 443/tcp)
- HOP RTT ADDRESS
- 1 21.78 ms 10.245.200.1
- 2 45.01 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 25.21 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 21.87 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 22.26 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 22.70 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 91.93 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
- 8 97.54 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
- 9 98.55 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
- 10 98.58 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 99.68 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 178.27 ms 185.153.20.70
- 13 178.23 ms 185.153.20.82
- 14 178.17 ms 185.153.20.94
- 15 182.47 ms 185.153.20.153
- 16 ... 17
- 18 208.88 ms 196.202.145.94
- 19 ...
- 20 197.80 ms f03-web02.nic.gov.sd (62.12.105.2)
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 62.12.105.2
- Testing SSL server www.rnspolice.gov.sd on port 443 using SNI name www.rnspolice.gov.sd
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: Plesk
- Issuer: Plesk
- Not valid before: Apr 20 02:40:27 2016 GMT
- Not valid after: Apr 20 02:40:27 2017 GMT
- #######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:25 EST
- Nmap scan report for 62.12.105.2
- Host is up (0.17s latency).
- Not shown: 464 filtered ports, 4 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 993/tcp open imaps
- 995/tcp open pop3s
- 8443/tcp open https-alt
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:25 EST
- Nmap scan report for 62.12.105.2
- Host is up (0.025s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:25 EST
- Nmap scan report for 62.12.105.2
- Host is up (0.19s latency).
- PORT STATE SERVICE VERSION
- 21/tcp open tcpwrapped
- Too many fingerprints match this host to give specific OS details
- Network Distance: 20 hops
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 22.93 ms 10.245.200.1
- 2 23.29 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 26.93 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 23.31 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 23.31 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 23.31 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 92.75 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
- 8 98.58 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
- 9 100.03 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 100.03 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 98.91 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 177.50 ms 185.153.20.70
- 13 177.51 ms 185.153.20.82
- 14 177.46 ms 185.153.20.94
- 15 181.48 ms 185.153.20.153
- 16 ... 17
- 18 206.30 ms 196.202.145.94
- 19 ...
- 20 195.48 ms f03-web02.nic.gov.sd (62.12.105.2)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:37 EST
- Nmap scan report for 62.12.105.2
- Host is up.
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 22.77 ms 10.245.200.1
- 2 23.20 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 41.93 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 23.04 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 23.48 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 23.47 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 92.53 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
- 8 98.51 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 99.77 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 99.57 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 98.01 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 176.87 ms 185.153.20.70
- 13 176.66 ms 185.153.20.82
- 14 176.51 ms 185.153.20.94
- 15 185.06 ms 185.153.20.153
- 16 211.84 ms 212.0.131.109
- 17 204.62 ms 196.202.137.249
- 18 206.20 ms 196.202.145.94
- 19 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:39 EST
- Nmap scan report for 62.12.105.2
- Host is up.
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 25.30 ms 10.245.200.1
- 2 25.57 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 41.39 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 25.38 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 25.66 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 25.66 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 95.26 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
- 8 101.04 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 101.90 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 102.52 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 98.91 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 177.61 ms 185.153.20.70
- 13 177.60 ms 185.153.20.82
- 14 177.57 ms 185.153.20.94
- 15 181.47 ms 185.153.20.153
- 16 212.85 ms 212.0.131.109
- 17 203.22 ms 196.202.137.249
- 18 204.19 ms 196.202.145.94
- 19 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:42 EST
- Nmap scan report for 62.12.105.2
- Host is up.
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 22.87 ms 10.245.200.1
- 2 23.22 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 38.27 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 23.22 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 23.58 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 23.44 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 92.76 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
- 8 98.76 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 99.90 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 99.98 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 101.02 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 179.67 ms 185.153.20.70
- 13 179.68 ms 185.153.20.82
- 14 179.61 ms 185.153.20.94
- 15 183.20 ms 185.153.20.153
- 16 212.69 ms 212.0.131.109
- 17 203.43 ms 196.202.137.249
- 18 204.98 ms 196.202.145.94
- 19 ... 30
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://62.12.105.2...
- _________________________________________ SITE INFO _________________________________________
- IP Title
- 62.12.105.2 Domain Default page
- __________________________________________ VERSION __________________________________________
- Name Versions Type
- Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
- 2.4.9
- nginx Platform
- _____________________________________________________________________________________________
- Time: 39.7 sec Urls: 811 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Server: nginx
- Date: Sat, 23 Feb 2019 10:48:14 GMT
- Content-Type: text/html
- Content-Length: 3750
- Connection: keep-alive
- Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
- ETag: "ea6-5649d8e57844b"
- Accept-Ranges: bytes
- HTTP/1.1 200 OK
- Server: nginx
- Date: Sat, 23 Feb 2019 10:48:14 GMT
- Content-Type: text/html
- Content-Length: 3750
- Connection: keep-alive
- Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
- ETag: "ea6-5649d8e57844b"
- Accept-Ranges: bytes
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:46 EST
- Nmap scan report for 62.12.105.2
- Host is up (0.20s latency).
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 223 guesses in 196 seconds, average tps: 1.1
- |_pop3-capabilities: RESP-CODES APOP CAPA TOP STLS UIDL SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) USER AUTH-RESP-CODE PIPELINING
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: specialized|WAP|general purpose|router
- Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
- OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
- Network Distance: 20 hops
- Service Info: Host: fo3-web02.nic.gov.sd
- TRACEROUTE (using port 443/tcp)
- HOP RTT ADDRESS
- 1 22.67 ms 10.245.200.1
- 2 23.00 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 24.60 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 22.82 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 23.40 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 23.21 ms 154.54.25.126
- 7 92.17 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
- 8 98.55 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 99.55 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 99.42 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 11 98.50 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 177.29 ms 185.153.20.70
- 13 177.29 ms 185.153.20.82
- 14 177.20 ms 185.153.20.94
- 15 204.15 ms 185.153.20.153
- 16 ... 17
- 18 204.45 ms 196.202.145.94
- 19 ...
- 20 193.65 ms f03-web02.nic.gov.sd (62.12.105.2)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:50 EST
- Nmap scan report for 62.12.105.2
- Host is up.
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 26.03 ms 10.245.200.1
- 2 26.61 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 44.44 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 26.19 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 26.84 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 26.86 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 95.93 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
- 8 101.93 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 102.86 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 103.11 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 104.18 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 182.81 ms 185.153.20.70
- 13 182.81 ms 185.153.20.82
- 14 182.79 ms 185.153.20.94
- 15 187.31 ms 185.153.20.153
- 16 218.14 ms 212.0.131.109
- 17 204.53 ms 196.202.137.249
- 18 207.99 ms 196.202.145.94
- 19 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:52 EST
- Nmap scan report for 62.12.105.2
- Host is up (0.21s latency).
- PORT STATE SERVICE VERSION
- 161/tcp filtered snmp
- 161/udp open|filtered snmp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 23.39 ms 10.245.200.1
- 2 24.16 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 35.81 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 24.15 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 24.18 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 24.18 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 93.46 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
- 8 99.27 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 100.26 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 100.10 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 99.56 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 178.01 ms 185.153.20.70
- 13 178.02 ms 185.153.20.82
- 14 178.01 ms 185.153.20.94
- 15 182.74 ms 185.153.20.153
- 16 213.23 ms 212.0.131.109
- 17 204.09 ms 196.202.137.249
- 18 205.29 ms 196.202.145.94
- 19 ... 30
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 62.12.105.2
- Testing SSL server 62.12.105.2 on port 443 using SNI name 62.12.105.2
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: Plesk
- Issuer: Plesk
- Not valid before: Apr 20 02:40:27 2016 GMT
- Not valid after: Apr 20 02:40:27 2017 GMT
- ######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 07:00 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 07:00
- Completed NSE at 07:00, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 07:00
- Completed NSE at 07:00, 0.00s elapsed
- Initiating Ping Scan at 07:00
- Scanning 62.12.105.2 [4 ports]
- Completed Ping Scan at 07:00, 0.23s elapsed (1 total hosts)
- Initiating Parallel DNS resolution of 1 host. at 07:00
- Completed Parallel DNS resolution of 1 host. at 07:01, 16.50s elapsed
- Initiating Connect Scan at 07:01
- Scanning 62.12.105.2 [1000 ports]
- Discovered open port 110/tcp on 62.12.105.2
- Discovered open port 80/tcp on 62.12.105.2
- Discovered open port 143/tcp on 62.12.105.2
- Discovered open port 995/tcp on 62.12.105.2
- Discovered open port 443/tcp on 62.12.105.2
- Discovered open port 21/tcp on 62.12.105.2
- Discovered open port 993/tcp on 62.12.105.2
- Discovered open port 8443/tcp on 62.12.105.2
- Completed Connect Scan at 07:01, 11.68s elapsed (1000 total ports)
- Initiating Service scan at 07:01
- Scanning 8 services on 62.12.105.2
- Completed Service scan at 07:02, 40.80s elapsed (8 services on 1 host)
- Initiating OS detection (try #1) against 62.12.105.2
- Retrying OS detection (try #2) against 62.12.105.2
- WARNING: OS didn't match until try #2
- Initiating Traceroute at 07:02
- Completed Traceroute at 07:02, 6.16s elapsed
- Initiating Parallel DNS resolution of 18 hosts. at 07:02
- Completed Parallel DNS resolution of 18 hosts. at 07:02, 16.50s elapsed
- NSE: Script scanning 62.12.105.2.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 07:02
- NSE Timing: About 98.90% done; ETC: 07:03 (0:00:00 remaining)
- NSE Timing: About 99.54% done; ETC: 07:03 (0:00:00 remaining)
- NSE Timing: About 99.63% done; ETC: 07:04 (0:00:00 remaining)
- NSE Timing: About 99.91% done; ETC: 07:04 (0:00:00 remaining)
- Completed NSE at 07:04, 138.34s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 07:04
- Completed NSE at 07:04, 0.44s elapsed
- Nmap scan report for 62.12.105.2
- Host is up, received syn-ack ttl 43 (0.15s latency).
- Scanned at 2019-02-23 07:00:52 EST for 237s
- Not shown: 988 filtered ports
- Reason: 987 no-responses and 1 host-unreach
- PORT STATE SERVICE REASON VERSION
- 21/tcp open tcpwrapped syn-ack
- 25/tcp closed smtp conn-refused
- 80/tcp open http syn-ack nginx
- |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: nginx
- |_http-title: Domain Default page
- 110/tcp open pop3 syn-ack Dovecot pop3d
- |_pop3-capabilities: USER CAPA UIDL PIPELINING AUTH-RESP-CODE RESP-CODES STLS TOP SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) APOP
- |_ssl-date: TLS randomness does not represent time
- 113/tcp closed ident conn-refused
- 139/tcp closed netbios-ssn conn-refused
- 143/tcp open imap syn-ack Dovecot imapd
- |_imap-capabilities: STARTTLS Pre-login have listed IDLE AUTH=CRAM-MD5A0001 capabilities SASL-IR AUTH=PLAIN AUTH=DIGEST-MD5 LOGIN-REFERRALS AUTH=LOGIN IMAP4rev1 LITERAL+ more ID OK post-login ENABLE
- |_ssl-date: TLS randomness does not represent time
- 443/tcp open ssl/http syn-ack nginx
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-title: 400 The plain HTTP request was sent to HTTPS port
- | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
- | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2016-04-20T02:40:27
- | Not valid after: 2017-04-20T02:40:27
- | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
- | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
- | -----BEGIN CERTIFICATE-----
- | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
- | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
- | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
- | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
- | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
- | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
- | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
- | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
- | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
- | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
- | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
- | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
- | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
- | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
- | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
- | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
- | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
- | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
- | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- | tls-alpn:
- |_ http/1.1
- | tls-nextprotoneg:
- |_ http/1.1
- 445/tcp closed microsoft-ds conn-refused
- 993/tcp open ssl/imaps? syn-ack
- |_ssl-date: TLS randomness does not represent time
- 995/tcp open ssl/pop3s? syn-ack
- |_ssl-date: TLS randomness does not represent time
- 8443/tcp open ssl/https-alt syn-ack sw-cp-server
- | fingerprint-strings:
- | FourOhFourRequest:
- | HTTP/1.1 404 Not Found
- | Server: sw-cp-server
- | Date: Sat, 23 Feb 2019 11:03:44 GMT
- | Content-Type: text/html
- | Content-Length: 2644
- | Connection: close
- | ETag: "58cbaa24-a54"
- | <!DOCTYPE html>
- | <html lang="en">
- | <head>
- | <meta charset="utf-8">
- | <meta http-equiv="x-ua-compatible" content="ie=edge">
- | <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
- | <title>404 Not Found</title>
- | <link rel="stylesheet" href="/error_docs/styles.css">
- | </head>
- | <body>
- | <div class="page">
- | <div class="main">
- | <div class="error-description">
- | <h1>Server Error</h1>
- | <div class="error-code">404</div>
- | <h2>Page Not Found</h2>
- | class="lead">This page either doesn't exist, or it moved somewhere else.</p>
- | <hr/>
- | <p>If you think this is an error, please <a href="https://www.plesk.com/bug-report/"
- | RTSPRequest:
- | <!DOCTYPE html>
- | <html lang="en">
- | <head>
- | <meta charset="utf-8">
- | <meta http-equiv="x-ua-compatible" content="ie=edge">
- | <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
- | <title>400 Bad Request</title>
- | <link rel="stylesheet" href="/error_docs/styles.css">
- | </head>
- | <body>
- | <div class="page">
- | <div class="main">
- | <div class="error-description">
- | <h1>Server Error</h1>
- | <div class="error-code">400</div>
- | <h2>Bad Request</h2>
- | class="lead">Your browser sent a request that this server could not understand. Client sent malformed Host header.</p>
- | <hr/>
- | <p>If you think this is an error, please <a href="https://www.plesk.com/bug-report/" target="_blank">let us know</a> so we can fix it!</p>
- | <p>That's what you can do</p>
- |_ <div class="help-actions">
- |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: sw-cp-server
- |_http-title: Plesk Onyx 17.5.3
- | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
- | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2016-04-20T02:40:27
- | Not valid after: 2017-04-20T02:40:27
- | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
- | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
- | -----BEGIN CERTIFICATE-----
- | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
- | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
- | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
- | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
- | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
- | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
- | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
- | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
- | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
- | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
- | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
- | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
- | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
- | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
- | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
- | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
- | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
- | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
- | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- | tls-nextprotoneg:
- |_ http/1.1
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
- SF-Port8443-TCP:V=7.70%T=SSL%I=7%D=2/23%Time=5C71361F%P=x86_64-pc-linux-gn
- SF:u%r(FourOhFourRequest,B01,"HTTP/1\.1\x20404\x20Not\x20Found\r\nServer:\
- SF:x20sw-cp-server\r\nDate:\x20Sat,\x2023\x20Feb\x202019\x2011:03:44\x20GM
- SF:T\r\nContent-Type:\x20text/html\r\nContent-Length:\x202644\r\nConnectio
- SF:n:\x20close\r\nETag:\x20\"58cbaa24-a54\"\r\n\r\n<!DOCTYPE\x20html>\n<ht
- SF:ml\x20lang=\"en\">\n\x20\x20<head>\n\x20\x20\x20\x20<meta\x20charset=\"
- SF:utf-8\">\n\x20\x20\x20\x20<meta\x20http-equiv=\"x-ua-compatible\"\x20co
- SF:ntent=\"ie=edge\">\n\x20\x20\x20\x20<meta\x20name=\"viewport\"\x20conte
- SF:nt=\"width=device-width,\x20initial-scale=1,\x20shrink-to-fit=no\">\n\x
- SF:20\x20\x20\x20<title>404\x20Not\x20Found</title>\n\x20\x20\x20\x20<link
- SF:\x20rel=\"stylesheet\"\x20href=\"/error_docs/styles\.css\">\n\x20\x20</
- SF:head>\n\x20\x20<body>\n\x20\x20\x20\x20<div\x20class=\"page\">\n\x20\x2
- SF:0\x20\x20\x20\x20<div\x20class=\"main\">\n\x20\x20\x20\x20\x20\x20\x20\
- SF:x20<div\x20class=\"error-description\">\n\x20\x20\x20\x20\x20\x20\x20\x
- SF:20\x20\x20<h1>Server\x20Error</h1>\n\x20\x20\x20\x20\x20\x20\x20\x20\x2
- SF:0\x20<div\x20class=\"error-code\">404</div>\n\x20\x20\x20\x20\x20\x20\x
- SF:20\x20\x20\x20<h2>Page\x20Not\x20Found</h2>\n\x20\x20\x20\x20\x20\x20\x
- SF:20\x20\x20\x20<p\x20class=\"lead\">This\x20page\x20either\x20doesn't\x2
- SF:0exist,\x20or\x20it\x20moved\x20somewhere\x20else\.</p>\n\x20\x20\x20\x
- SF:20\x20\x20\x20\x20\x20\x20<hr/>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
- SF:20<p>If\x20you\x20think\x20this\x20is\x20an\x20error,\x20please\x20<a\x
- SF:20href=\"https://www\.plesk\.com/bug-report/\"\x20")%r(RTSPRequest,A7D,
- SF:"<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n\x20\x20<head>\n\x20\x20\x2
- SF:0\x20<meta\x20charset=\"utf-8\">\n\x20\x20\x20\x20<meta\x20http-equiv=\
- SF:"x-ua-compatible\"\x20content=\"ie=edge\">\n\x20\x20\x20\x20<meta\x20na
- SF:me=\"viewport\"\x20content=\"width=device-width,\x20initial-scale=1,\x2
- SF:0shrink-to-fit=no\">\n\x20\x20\x20\x20<title>400\x20Bad\x20Request</tit
- SF:le>\n\x20\x20\x20\x20<link\x20rel=\"stylesheet\"\x20href=\"/error_docs/
- SF:styles\.css\">\n\x20\x20</head>\n\x20\x20<body>\n\x20\x20\x20\x20<div\x
- SF:20class=\"page\">\n\x20\x20\x20\x20\x20\x20<div\x20class=\"main\">\n\x2
- SF:0\x20\x20\x20\x20\x20\x20\x20<div\x20class=\"error-description\">\n\x20
- SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20<h1>Server\x20Error</h1>\n\x20\x20\
- SF:x20\x20\x20\x20\x20\x20\x20\x20<div\x20class=\"error-code\">400</div>\n
- SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<h2>Bad\x20Request</h2>\n\x20\x
- SF:20\x20\x20\x20\x20\x20\x20\x20\x20<p\x20class=\"lead\">Your\x20browser\
- SF:x20sent\x20a\x20request\x20that\x20this\x20server\x20could\x20not\x20un
- SF:derstand\.\x20Client\x20sent\x20malformed\x20Host\x20header\.</p>\n\x20
- SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20<hr/>\n\x20\x20\x20\x20\x20\x20\x20
- SF:\x20\x20\x20<p>If\x20you\x20think\x20this\x20is\x20an\x20error,\x20plea
- SF:se\x20<a\x20href=\"https://www\.plesk\.com/bug-report/\"\x20target=\"_b
- SF:lank\">let\x20us\x20know</a>\x20so\x20we\x20can\x20fix\x20it!</p>\n\x20
- SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20<p>That's\x20what\x20you\x20can\x20
- SF:do</p>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<div\x20class=\"help-ac
- SF:tions\">\n\x20");
- Device type: general purpose
- Running: Linux 2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.6
- OS details: Linux 2.6.18 - 2.6.22
- TCP/IP fingerprint:
- OS:SCAN(V=7.70%E=4%D=2/23%OT=80%CT=25%CU=%PV=N%G=N%TM=5C7136E1%P=x86_64-pc-
- OS:linux-gnu)SEQ(SP=FE%GCD=1%ISR=10E%TI=Z%CI=Z%TS=D)SEQ(CI=Z)OPS(O1=M4B3ST1
- OS:1NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4B
- OS:3ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%T
- OS:G=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)ECN(R=N)T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS
- OS:%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=
- OS:0%Q=)T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=N)IE(R=N)
- Service Info: Host: fo3-web02.nic.gov.sd
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 22.17 ms 10.245.200.1
- 2 22.54 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 34.29 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
- 4 22.23 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
- 5 22.59 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 22.54 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 91.70 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
- 8 97.98 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 98.87 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 98.71 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 98.25 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 176.69 ms 185.153.20.70
- 13 176.92 ms 185.153.20.82
- 14 176.65 ms 185.153.20.94
- 15 183.06 ms 185.153.20.153
- 16 213.54 ms 212.0.131.109
- 17 204.48 ms 196.202.137.249
- 18 205.22 ms 196.202.145.94
- 19 ... 30
- NSE: Script Post-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 07:04
- Completed NSE at 07:04, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 07:04
- Completed NSE at 07:04, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 238.16 seconds
- Raw packets sent: 150 (10.896KB) | Rcvd: 167 (26.826KB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 07:04 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 07:04
- Completed NSE at 07:04, 0.00s elapsed
- Initiating NSE at 07:04
- Completed NSE at 07:04, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 07:04
- Completed Parallel DNS resolution of 1 host. at 07:05, 16.50s elapsed
- Initiating UDP Scan at 07:05
- Scanning 62.12.105.2 [14 ports]
- Completed UDP Scan at 07:05, 1.24s elapsed (14 total ports)
- Initiating Service scan at 07:05
- Scanning 12 services on 62.12.105.2
- Service scan Timing: About 8.33% done; ETC: 07:24 (0:17:47 remaining)
- Completed Service scan at 07:06, 102.59s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against 62.12.105.2
- Retrying OS detection (try #2) against 62.12.105.2
- Initiating Traceroute at 07:06
- Completed Traceroute at 07:07, 7.12s elapsed
- Initiating Parallel DNS resolution of 1 host. at 07:07
- Completed Parallel DNS resolution of 1 host. at 07:07, 16.50s elapsed
- NSE: Script scanning 62.12.105.2.
- Initiating NSE at 07:07
- Completed NSE at 07:07, 20.31s elapsed
- Initiating NSE at 07:07
- Completed NSE at 07:07, 1.02s elapsed
- Nmap scan report for 62.12.105.2
- Host is up (0.022s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 137/udp)
- HOP RTT ADDRESS
- 1 ... 3
- 4 21.64 ms 10.245.200.1
- 5 22.90 ms 10.245.200.1
- 6 22.89 ms 10.245.200.1
- 7 22.89 ms 10.245.200.1
- 8 22.89 ms 10.245.200.1
- 9 22.88 ms 10.245.200.1
- 10 22.88 ms 10.245.200.1
- 11 22.90 ms 10.245.200.1
- 12 ... 18
- 19 22.46 ms 10.245.200.1
- 20 21.89 ms 10.245.200.1
- 21 20.89 ms 10.245.200.1
- 22 ... 29
- 30 22.44 ms 10.245.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 07:07
- Completed NSE at 07:07, 0.00s elapsed
- Initiating NSE at 07:07
- Completed NSE at 07:07, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 168.35 seconds
- Raw packets sent: 147 (13.614KB) | Rcvd: 149 (19.279KB)
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 62.12.105.2
- + Target Hostname: 62.12.105.2
- + Target Port: 443
- ---------------------------------------------------------------------------------------------------------------------------------------
- + SSL Info: Subject: /C=US/ST=Washington/L=Seattle/O=Odin/OU=Plesk/CN=Plesk/emailAddress=info@plesk.com
- Ciphers: ECDHE-RSA-AES256-GCM-SHA384
- Issuer: /C=US/ST=Washington/L=Seattle/O=Odin/OU=Plesk/CN=Plesk/emailAddress=info@plesk.com
- + Start Time: 2019-02-23 06:24:31 (GMT-5)
- --------------------------------------------------------------------------------------------------------------------------------------
- + Server: nginx
- + Server leaks inodes via ETags, header found with file /, fields: 0xea6 0x5649d8e57844b
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Hostname '62.12.105.2' does not match certificate's names: Plesk
- + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
- + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
- + OSVDB-3268: /icons/: Directory indexing found.
- + OSVDB-3233: /icons/README: Apache default file found.
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- Anonymous JTSEC #OpSudan Full Recon #21
Add Comment
Please, Sign In to add comment