Guest User

Anonymous JTSEC #OpSudan Full Recon #21

a guest
Feb 23rd, 2019
365
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 71.63 KB | None | 0 0
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Nom de l'hôte www.rnspolice.gov.sd FAI NICDC
  4. Continent Afrique Drapeau
  5. SD
  6. Pays Soudan Code du pays SD
  7. Région Inconnu Heure locale 23 Feb 2019 12:24 CAT
  8. Ville Inconnu Code Postal Inconnu
  9. Adresse IP 62.12.105.2 Latitude 15
  10. Longitude 30
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > www.rnspolice.gov.sd
  14. Server: 38.132.106.139
  15. Address: 38.132.106.139#53
  16.  
  17. Non-authoritative answer:
  18. Name: www.rnspolice.gov.sd
  19. Address: 62.12.105.2
  20. >
  21. #######################################################################################################################################
  22. HostIP:62.12.105.2
  23. HostName:www.rnspolice.gov.sd
  24.  
  25. Gathered Inet-whois information for 62.12.105.2
  26. ---------------------------------------------------------------------------------------------------------------------------------------
  27.  
  28.  
  29. inetnum: 62.12.96.0 - 62.12.127.255
  30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  31. descr: IPv4 address block not managed by the RIPE NCC
  32. remarks: ------------------------------------------------------
  33. remarks:
  34. remarks: For registration information,
  35. remarks: you can consult the following sources:
  36. remarks:
  37. remarks: IANA
  38. remarks: http://www.iana.org/assignments/ipv4-address-space
  39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
  40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
  41. remarks:
  42. remarks: AFRINIC (Africa)
  43. remarks: http://www.afrinic.net/ whois.afrinic.net
  44. remarks:
  45. remarks: APNIC (Asia Pacific)
  46. remarks: http://www.apnic.net/ whois.apnic.net
  47. remarks:
  48. remarks: ARIN (Northern America)
  49. remarks: http://www.arin.net/ whois.arin.net
  50. remarks:
  51. remarks: LACNIC (Latin America and the Carribean)
  52. remarks: http://www.lacnic.net/ whois.lacnic.net
  53. remarks:
  54. remarks: ------------------------------------------------------
  55. country: EU # Country is really world wide
  56. admin-c: IANA1-RIPE
  57. tech-c: IANA1-RIPE
  58. status: ALLOCATED UNSPECIFIED
  59. mnt-by: RIPE-NCC-HM-MNT
  60. created: 2019-01-07T10:46:54Z
  61. last-modified: 2019-01-07T10:46:54Z
  62. source: RIPE
  63.  
  64. role: Internet Assigned Numbers Authority
  65. address: see http://www.iana.org.
  66. admin-c: IANA1-RIPE
  67. tech-c: IANA1-RIPE
  68. nic-hdl: IANA1-RIPE
  69. remarks: For more information on IANA services
  70. remarks: go to IANA web site at http://www.iana.org.
  71. mnt-by: RIPE-NCC-MNT
  72. created: 1970-01-01T00:00:00Z
  73. last-modified: 2001-09-22T09:31:27Z
  74. source: RIPE # Filtered
  75.  
  76. % This query was served by the RIPE Database Query Service version 1.92.6 (HEREFORD)
  77.  
  78.  
  79.  
  80. Gathered Inic-whois information for rnspolice.gov.sd
  81. ---------------------------------------------------------------------------------------------------------------------------------------
  82. Error: Unable to connect - Invalid Host
  83. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  84. close error
  85.  
  86. Gathered Netcraft information for www.rnspolice.gov.sd
  87. ---------------------------------------------------------------------------------------------------------------------------------------
  88.  
  89. Retrieving Netcraft.com information for www.rnspolice.gov.sd
  90. Netcraft.com Information gathered
  91.  
  92. Gathered Subdomain information for rnspolice.gov.sd
  93. ---------------------------------------------------------------------------------------------------------------------------------------
  94. Searching Google.com:80...
  95. HostName:www.rnspolice.gov.sd
  96. HostIP:62.12.105.2
  97. Searching Altavista.com:80...
  98. Found 1 possible subdomain(s) for host rnspolice.gov.sd, Searched 0 pages containing 0 results
  99.  
  100. Gathered E-Mail information for rnspolice.gov.sd
  101. ---------------------------------------------------------------------------------------------------------------------------------------
  102. Searching Google.com:80...
  103. Searching Altavista.com:80...
  104. Found 0 E-Mail(s) for host rnspolice.gov.sd, Searched 0 pages containing 0 results
  105.  
  106. Gathered TCP Port information for 62.12.105.2
  107. ---------------------------------------------------------------------------------------------------------------------------------------
  108.  
  109. Port State
  110.  
  111. 21/tcp open
  112. 80/tcp open
  113. 110/tcp open
  114. 143/tcp open
  115.  
  116. Portscan Finished: Scanned 150 ports, 4 ports were in state closed
  117. #######################################################################################################################################
  118. [i] Scanning Site: http://www.rnspolice.gov.sd
  119.  
  120.  
  121.  
  122. B A S I C I N F O
  123. =======================================================================================================================================
  124.  
  125.  
  126. [+] Site Title: ���� ����� ��� �����
  127. [+] IP address: 62.12.105.2
  128. [+] Web Server: Could Not Detect
  129. [+] CMS: Could Not Detect
  130. [+] Cloudflare: Not Detected
  131. [+] Robots File: Could NOT Find robots.txt!
  132.  
  133.  
  134.  
  135.  
  136.  
  137. G E O I P L O O K U P
  138. =======================================================================================================================================
  139.  
  140. [i] IP Address: 62.12.105.2
  141. [i] Country: Sudan
  142. [i] State:
  143. [i] City:
  144. [i] Latitude: 15.0
  145. [i] Longitude: 30.0
  146.  
  147.  
  148.  
  149.  
  150. H T T P H E A D E R S
  151. =======================================================================================================================================
  152.  
  153.  
  154. [i] HTTP/1.1 200 OK
  155. [i] Date: Sat, 23 Feb 2019 09:42:15 GMT
  156. [i] Content-Type: text/html
  157. [i] Content-Length: 26247
  158. [i] Last-Modified: Mon, 07 May 2018 05:27:34 GMT
  159. [i] ETag: "5aefe3c6-6687"
  160. [i] X-Powered-By: PleskLin
  161. [i] Accept-Ranges: bytes
  162. [i] Connection: close
  163.  
  164.  
  165.  
  166.  
  167. D N S L O O K U P
  168. =======================================================================================================================================
  169.  
  170. rnspolice.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
  171. rnspolice.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
  172. rnspolice.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  173. rnspolice.gov.sd. 21599 IN A 62.12.105.2
  174. rnspolice.gov.sd. 21599 IN MX 10 mail.rnspolice.gov.sd.
  175. rnspolice.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  176.  
  177.  
  178.  
  179.  
  180. S U B N E T C A L C U L A T I O N
  181. =======================================================================================================================================
  182.  
  183. Address = 62.12.105.2
  184. Network = 62.12.105.2 / 32
  185. Netmask = 255.255.255.255
  186. Broadcast = not needed on Point-to-Point links
  187. Wildcard Mask = 0.0.0.0
  188. Hosts Bits = 0
  189. Max. Hosts = 1 (2^0 - 0)
  190. Host Range = { 62.12.105.2 - 62.12.105.2 }
  191.  
  192.  
  193.  
  194. N M A P P O R T S C A N
  195. =======================================================================================================================================
  196.  
  197.  
  198. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-23 10:40 UTC
  199. Nmap scan report for rnspolice.gov.sd (62.12.105.2)
  200. Host is up (0.22s latency).
  201. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  202. PORT STATE SERVICE
  203. 21/tcp filtered ftp
  204. 22/tcp filtered ssh
  205. 23/tcp filtered telnet
  206. 80/tcp filtered http
  207. 110/tcp filtered pop3
  208. 143/tcp filtered imap
  209. 443/tcp filtered https
  210. 3389/tcp filtered ms-wbt-server
  211.  
  212. Nmap done: 1 IP address (1 host up) scanned in 14.28 seconds
  213. #######################################################################################################################################
  214. [?] Enter the target: example( http://domain.com )
  215. http://www.rnspolice.gov.sd/
  216. [!] IP Address : 62.12.105.2
  217. [!] www.rnspolice.gov.sd doesn't seem to use a CMS
  218. [+] Honeypot Probabilty: 30%
  219. ---------------------------------------------------------------------------------------------------------------------------------------
  220. [~] Trying to gather whois information for www.rnspolice.gov.sd
  221. [+] Whois information found
  222. [-] Unable to build response, visit https://who.is/whois/www.rnspolice.gov.sd
  223. ---------------------------------------------------------------------------------------------------------------------------------------
  224. PORT STATE SERVICE
  225. 21/tcp filtered ftp
  226. 22/tcp filtered ssh
  227. 23/tcp filtered telnet
  228. 80/tcp filtered http
  229. 110/tcp filtered pop3
  230. 143/tcp filtered imap
  231. 443/tcp filtered https
  232. 3389/tcp filtered ms-wbt-server
  233. Nmap done: 1 IP address (1 host up) scanned in 14.57 seconds
  234. ---------------------------------------------------------------------------------------------------------------------------------------
  235. There was an error getting results
  236.  
  237. [-] DNS Records
  238. [>] Initiating 3 intel modules
  239. [>] Loading Alpha module (1/3)
  240. [>] Beta module deployed (2/3)
  241. [>] Gamma module initiated (3/3)
  242.  
  243. [+] Emails found:
  244. ---------------------------------------------------------------------------------------------------------------------------------------
  245. pixel-1550918432554067-web-@www.rnspolice.gov.sd
  246. pixel-1550918433179696-web-@www.rnspolice.gov.sd
  247. No hosts found
  248. [+] Virtual hosts:
  249. ---------------------------------------------------------------------------------------------------------------------------------------
  250. #######################################################################################################################################
  251. Enter Address Website = rnspolice.gov.sd
  252.  
  253. Reverse IP With YouGetSignal 'rnspolice.gov.sd'
  254. ---------------------------------------------------------------------------------------------------------------------------------------
  255.  
  256. [*] IP: 62.12.105.2
  257. [*] Domain: rnspolice.gov.sd
  258. [*] Total Domains: 7
  259.  
  260. [+] agricmi.gov.sd
  261. [+] eastgezira.gov.sd
  262. [+] mocit.gov.sd
  263. [+] rnspolice.gov.sd
  264. [+] sudan.gov.sd
  265. [+] unionkhr.sd
  266. [+] www.sudan.gov.sd
  267. #######################################################################################################################################
  268.  
  269. Geo IP Lookup 'rnspolice.gov.sd'
  270. ---------------------------------------------------------------------------------------------------------------------------------------
  271.  
  272. [+] IP Address: 62.12.105.2
  273. [+] Country: Sudan
  274. [+] State:
  275. [+] City:
  276. [+] Latitude: 15.0
  277. [+] Longitude: 30.0
  278. #######################################################################################################################################
  279.  
  280. Bypass Cloudflare 'rnspolice.gov.sd'
  281. ---------------------------------------------------------------------------------------------------------------------------------------
  282.  
  283. [!] CloudFlare Bypass 197.254.200.161 | webmail.rnspolice.gov.sd
  284. [!] CloudFlare Bypass 197.254.200.161 | mail.rnspolice.gov.sd
  285. [!] CloudFlare Bypass 62.12.105.2 | www.rnspolice.gov.sd
  286. #######################################################################################################################################
  287.  
  288. DNS Lookup 'rnspolice.gov.sd'
  289. ---------------------------------------------------------------------------------------------------------------------------------------
  290.  
  291. [+] rnspolice.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
  292. [+] rnspolice.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
  293. [+] rnspolice.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  294. [+] rnspolice.gov.sd. 21599 IN A 62.12.105.2
  295. [+] rnspolice.gov.sd. 21599 IN MX 10 mail.rnspolice.gov.sd.
  296. [+] rnspolice.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  297. #######################################################################################################################################
  298.  
  299. Show HTTP Header 'rnspolice.gov.sd'
  300. ---------------------------------------------------------------------------------------------------------------------------------------
  301.  
  302. [+] HTTP/1.1 301 Moved Permanently
  303. [+] Server: nginx
  304. [+] Date: Sat, 23 Feb 2019 09:42:10 GMT
  305. [+] Content-Type: text/html
  306. [+] Content-Length: 178
  307. [+] Connection: keep-alive
  308. [+] Location: http://www.rnspolice.gov.sd/
  309. [+] X-Powered-By: PleskLin
  310. #######################################################################################################################################
  311.  
  312. Port Scan 'rnspolice.gov.sd'
  313. ---------------------------------------------------------------------------------------------------------------------------------------
  314.  
  315. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-23 10:40 UTC
  316. Nmap scan report for rnspolice.gov.sd (62.12.105.2)
  317. Host is up (0.22s latency).
  318. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  319. PORT STATE SERVICE
  320. 21/tcp filtered ftp
  321. 22/tcp filtered ssh
  322. 23/tcp filtered telnet
  323. 80/tcp filtered http
  324. 110/tcp filtered pop3
  325. 143/tcp filtered imap
  326. 443/tcp filtered https
  327. 3389/tcp filtered ms-wbt-server
  328.  
  329. Nmap done: 1 IP address (1 host up) scanned in 14.59 seconds
  330. #######################################################################################################################################
  331.  
  332. Traceroute 'rnspolice.gov.sd'
  333. ---------------------------------------------------------------------------------------------------------------------------------------
  334.  
  335. Start: 2019-02-23T10:40:24+0000
  336. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  337. 1.|-- 45.79.12.201 0.0% 3 1.2 1.0 0.7 1.2 0.3
  338. 2.|-- 45.79.12.0 0.0% 3 1.3 0.9 0.5 1.3 0.4
  339. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.9 1.7 1.4 1.9 0.2
  340. 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 2.6 2.1 1.4 2.6 0.6
  341. 5.|-- be2443.ccr42.iah01.atlas.cogentco.com 0.0% 3 7.0 6.8 6.7 7.0 0.2
  342. 6.|-- be2690.ccr42.atl01.atlas.cogentco.com 0.0% 3 21.3 21.7 21.1 22.7 0.8
  343. 7.|-- be2113.ccr42.dca01.atlas.cogentco.com 0.0% 3 32.1 32.3 32.1 32.6 0.2
  344. 8.|-- be2807.ccr42.jfk02.atlas.cogentco.com 0.0% 3 38.0 38.0 38.0 38.0 0.0
  345. 9.|-- be2490.ccr42.lon13.atlas.cogentco.com 0.0% 3 108.7 108.6 108.5 108.7 0.1
  346. 10.|-- be2871.ccr21.lon01.atlas.cogentco.com 0.0% 3 110.3 110.1 110.0 110.3 0.2
  347. 11.|-- expressotelecom.demarc.cogentco.com 0.0% 3 108.5 108.5 108.5 108.5 0.0
  348. 12.|-- 185.153.20.70 0.0% 3 188.2 188.3 188.2 188.6 0.2
  349. 13.|-- 185.153.20.82 0.0% 3 190.6 192.4 190.6 194.2 1.8
  350. 14.|-- 185.153.20.94 0.0% 3 188.1 188.3 188.1 188.6 0.3
  351. 15.|-- 185.153.20.153 0.0% 3 217.2 215.8 214.9 217.2 1.2
  352. 16.|-- 212.0.131.109 0.0% 3 218.9 219.5 218.9 220.1 0.6
  353. 17.|-- 196.202.137.249 0.0% 3 229.1 229.6 229.1 230.1 0.5
  354. 18.|-- 196.202.145.94 33.3% 3 226.7 226.9 226.7 227.1 0.3
  355. 19.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  356. #######################################################################################################################################
  357.  
  358. Ping 'rnspolice.gov.sd'
  359. --------------------------------------------------------------------------------------------------------------------------------------
  360.  
  361.  
  362. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-23 10:40 UTC
  363. SENT (0.3695s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=60165 seq=1] IP [ttl=64 id=43444 iplen=28 ]
  364. SENT (1.3698s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=60165 seq=2] IP [ttl=64 id=43444 iplen=28 ]
  365. SENT (2.3716s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=60165 seq=3] IP [ttl=64 id=43444 iplen=28 ]
  366. SENT (3.3729s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=60165 seq=4] IP [ttl=64 id=43444 iplen=28 ]
  367.  
  368. Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
  369. Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
  370. Nping done: 1 IP address pinged in 4.37 seconds
  371. #######################################################################################################################################
  372. ; <<>> DiG 9.11.5-P1-2-Debian <<>> rnspolice.gov.sd
  373. ;; global options: +cmd
  374. ;; Got answer:
  375. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50946
  376. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  377.  
  378. ;; OPT PSEUDOSECTION:
  379. ; EDNS: version: 0, flags:; udp: 4096
  380. ;; QUESTION SECTION:
  381. ;rnspolice.gov.sd. IN A
  382.  
  383. ;; ANSWER SECTION:
  384. rnspolice.gov.sd. 81704 IN A 62.12.105.2
  385.  
  386. ;; Query time: 32 msec
  387. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  388. ;; WHEN: sam fév 23 06:42:30 EST 2019
  389. ;; MSG SIZE rcvd: 61
  390. #######################################################################################################################################
  391. ; <<>> DiG 9.11.5-P1-2-Debian <<>> +trace rnspolice.gov.sd
  392. ;; global options: +cmd
  393. . 85250 IN NS m.root-servers.net.
  394. . 85250 IN NS a.root-servers.net.
  395. . 85250 IN NS j.root-servers.net.
  396. . 85250 IN NS g.root-servers.net.
  397. . 85250 IN NS d.root-servers.net.
  398. . 85250 IN NS i.root-servers.net.
  399. . 85250 IN NS e.root-servers.net.
  400. . 85250 IN NS f.root-servers.net.
  401. . 85250 IN NS b.root-servers.net.
  402. . 85250 IN NS h.root-servers.net.
  403. . 85250 IN NS l.root-servers.net.
  404. . 85250 IN NS k.root-servers.net.
  405. . 85250 IN NS c.root-servers.net.
  406. . 85250 IN RRSIG NS 8 0 518400 20190308050000 20190223040000 16749 . JQeMGgmm0+LV3FW5wHpe975hhAP4/zE9iLeXH/YcrsuZAgpk5gTYdZ6e SR/JC5tJOOsU9CPqO2WhNf5bcjAbYmkt/sioFOR3xQpjvHIfBGqRiWBZ YaBGcAylp8JxqK5Y+CzZAaCKq8hRAmD0YSTL8Yd6/6RQEitkLQ2u+38R qK4T+kfuCd62q7eC34/+q14Ckrh4kIO4A2H/VkfQcwBbknyQtfyiJmMM jDlaujc2oHONbfbbKTaG77i3mNBxRkuaFx6vJ/UQjstxtK4k/pS0jUK3 MO7TPYRWP9LG3VCHyQLUVLMWE/Fe3l2LxyfoQ5BXSrolsnkTfvDQgVI6 h1d8XA==
  407. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 32 ms
  408.  
  409. sd. 172800 IN NS ns2.uaenic.ae.
  410. sd. 172800 IN NS ans2.canar.sd.
  411. sd. 172800 IN NS ns1.uaenic.ae.
  412. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  413. sd. 172800 IN NS ns-sd.afrinic.net.
  414. sd. 172800 IN NS ans1.sis.sd.
  415. sd. 172800 IN NS ans1.canar.sd.
  416. sd. 86400 IN NSEC se. NS RRSIG NSEC
  417. sd. 86400 IN RRSIG NSEC 8 1 86400 20190308050000 20190223040000 16749 . Otzo1k4hYXEQuqSyxCH0ju6ESXmE8lnmmfbQGZbhRD2LfB1sfKpftrPP S/fOpZB8EIaR+RYL7JUPpEG01aaKeoPTbLdzHx5/wIEFTl82+WXJ+10H DAxS8V0z+AtmJZQZyuCJyBFohx7CH1AB/vDYExd0iuq5U5ACXS/RpsgI TLt3OjPxvsuQzS3JI/T19nW17HQ1WE45EJRFmI3pv44wy2dpnzkyn67d Yq9ov/Ng+RoyKXl1O0LD48h1EGv5SWV93q8l4JMHV74GwkRRjPs3hJfo jWPcn1UWTG8lbeLKuWsgahFwK7/3JdlJUUFuWCEzwt+2fF5NqwRoXgVA Ed+mNw==
  418. ;; Received 731 bytes from 2001:500:200::b#53(b.root-servers.net) in 70 ms
  419. ;; Received 73 bytes from 195.229.0.186#53(ns2.uaenic.ae) in 237 ms
  420. #######################################################################################################################################
  421. [*] Performing General Enumeration of Domain: rnspolice.gov.sd
  422. [-] DNSSEC is not configured for rnspolice.gov.sd
  423. [*] SOA ns0.ndc.gov.sd 62.12.109.2
  424. [*] NS ns1.ndc.gov.sd 62.12.109.3
  425. [*] Bind Version for 62.12.109.3 you guess!
  426. [*] NS ns0.ndc.gov.sd 62.12.109.2
  427. [*] Bind Version for 62.12.109.2 you guess!
  428. [*] MX mail.rnspolice.gov.sd 197.254.200.161
  429. [*] A rnspolice.gov.sd 62.12.105.2
  430. [*] TXT rnspolice.gov.sd v=spf1 mx -all
  431. [*] Enumerating SRV Records
  432. [-] No SRV Records Found for rnspolice.gov.sd
  433. [+] 0 Records Found
  434. #######################################################################################################################################
  435. [*] Processing domain rnspolice.gov.sd
  436. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2', '205.151.67.6', '205.151.67.34', '205.151.67.2']
  437. [+] Getting nameservers
  438. 62.12.109.3 - ns1.ndc.gov.sd
  439. [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
  440. rnspolice.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
  441. rnspolice.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  442. rnspolice.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  443. rnspolice.gov.sd. 86400 IN A 62.12.105.2
  444. rnspolice.gov.sd. 86400 IN MX 10 mail.rnspolice.gov.sd.
  445. rnspolice.gov.sd. 86400 IN TXT "v=spf1 mx -all"
  446. mail.rnspolice.gov.sd. 86400 IN A 197.254.200.161
  447. mail.rnspolice.gov.sd. 86400 IN MX 10 mail.rnspolice.gov.sd.
  448. webmail.rnspolice.gov.sd. 86400 IN CNAME mail.rnspolice.gov.sd.
  449. www.rnspolice.gov.sd. 86400 IN A 62.12.105.2
  450. #######################################################################################################################################
  451. =======================================================================================================================================
  452. External hosts:
  453. | [+] External Host Found: http://ajax.googleapis.com
  454. | [+] External Host Found: http://httpd.apache.org
  455. | [+] External Host Found: http://www.youtube.com
  456. | [+] External Host Found: http://www.facebook.com
  457. | [+] External Host Found: http://www.traidnt.net
  458. | [+] External Host Found: http://www.e-zeeinternet.com
  459. | [+] External Host Found: http://ajax.microsoft.com
  460. | [+] External Host Found: http://gezirapolice.gov.sd
  461. | [+] External Host Found: http://rnspolice.info
  462. =======================================================================================================================================
  463. | E-mails:
  464. | [+] E-mail Found: mike@hyperreal.org
  465. | [+] E-mail Found: humbedooh@apache.org
  466. | [+] E-mail Found: kevinh@kevcom.com
  467. | [+] E-mail Found: mims777@hotmail.com
  468. =======================================================================================================================================
  469. #######################################################################################################################################
  470. dnsenum VERSION:1.2.4
  471.  
  472. ----- www.rnspolice.gov.sd -----
  473.  
  474.  
  475. Host's addresses:
  476. __________________
  477.  
  478. www.rnspolice.gov.sd. 83391 IN A 62.12.105.2
  479.  
  480.  
  481. Name Servers:
  482. ______________
  483. #######################################################################################################################################
  484. ===============================================
  485. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  486. ===============================================
  487.  
  488.  
  489. Running Source: Ask
  490. Running Source: Archive.is
  491. Running Source: Baidu
  492. Running Source: Bing
  493. Running Source: CertDB
  494. Running Source: CertificateTransparency
  495. Running Source: Certspotter
  496. Running Source: Commoncrawl
  497. Running Source: Crt.sh
  498. Running Source: Dnsdb
  499. Running Source: DNSDumpster
  500. Running Source: DNSTable
  501. Running Source: Dogpile
  502. Running Source: Exalead
  503. Running Source: Findsubdomains
  504. Running Source: Googleter
  505. Running Source: Hackertarget
  506. Running Source: Ipv4Info
  507. Running Source: PTRArchive
  508. Running Source: Sitedossier
  509. Running Source: Threatcrowd
  510. Running Source: ThreatMiner
  511. Running Source: WaybackArchive
  512. Running Source: Yahoo
  513.  
  514. Running enumeration on www.rnspolice.gov.sd
  515.  
  516. dnsdb: Unexpected return status 503
  517.  
  518. ipv4info: <nil>
  519.  
  520.  
  521. Starting Bruteforcing of www.rnspolice.gov.sd with 9985 words
  522.  
  523. Total 1 Unique subdomains found for www.rnspolice.gov.sd
  524.  
  525. .www.rnspolice.gov.sd
  526. #######################################################################################################################################
  527. [+] www.rnspolice.gov.sd has no SPF record!
  528. [*] No DMARC record found. Looking for organizational record
  529. [+] No organizational DMARC record
  530. [+] Spoofing possible for www.rnspolice.gov.sd!
  531. #######################################################################################################################################
  532. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:20 EST
  533. Nmap scan report for www.rnspolice.gov.sd (62.12.105.2)
  534. Host is up (0.16s latency).
  535. Not shown: 464 filtered ports, 4 closed ports
  536. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  537. PORT STATE SERVICE
  538. 21/tcp open ftp
  539. 80/tcp open http
  540. 110/tcp open pop3
  541. 143/tcp open imap
  542. 443/tcp open https
  543. 993/tcp open imaps
  544. 995/tcp open pop3s
  545. 8443/tcp open https-alt
  546. #######################################################################################################################################
  547. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:20 EST
  548. Nmap scan report for www.rnspolice.gov.sd (62.12.105.2)
  549. Host is up (0.023s latency).
  550. Not shown: 2 filtered ports
  551. PORT STATE SERVICE
  552. 53/udp open|filtered domain
  553. 67/udp open|filtered dhcps
  554. 68/udp open|filtered dhcpc
  555. 69/udp open|filtered tftp
  556. 88/udp open|filtered kerberos-sec
  557. 123/udp open|filtered ntp
  558. 139/udp open|filtered netbios-ssn
  559. 161/udp open|filtered snmp
  560. 162/udp open|filtered snmptrap
  561. 389/udp open|filtered ldap
  562. 520/udp open|filtered route
  563. 2049/udp open|filtered nfs
  564. #######################################################################################################################################
  565. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:21 EST
  566. Nmap scan report for www.rnspolice.gov.sd (62.12.105.2)
  567. Host is up (0.20s latency).
  568.  
  569. PORT STATE SERVICE VERSION
  570. 21/tcp open tcpwrapped
  571. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  572. Device type: specialized|WAP|general purpose|router
  573. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
  574. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
  575. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
  576. Network Distance: 20 hops
  577.  
  578. TRACEROUTE (using port 21/tcp)
  579. HOP RTT ADDRESS
  580. 1 22.79 ms 10.245.200.1
  581. 2 23.18 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  582. 3 29.95 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  583. 4 24.48 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  584. 5 23.79 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  585. 6 23.78 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  586. 7 92.90 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  587. 8 98.58 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  588. 9 99.77 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  589. 10 99.76 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  590. 11 100.57 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  591. 12 179.19 ms 185.153.20.70
  592. 13 179.75 ms 185.153.20.82
  593. 14 179.70 ms 185.153.20.94
  594. 15 250.30 ms 185.153.20.153
  595. 16 ... 17
  596. 18 204.07 ms 196.202.145.94
  597. 19 ...
  598. 20 193.01 ms f03-web02.nic.gov.sd (62.12.105.2)
  599. #######################################################################################################################################
  600. wig - WebApp Information Gatherer
  601.  
  602.  
  603. Scanning http://www.rnspolice.gov.sd...
  604. _________________________________________ SITE INFO _________________________________________
  605. IP Title
  606. 62.12.105.2 ���� ����� ��� �����
  607.  
  608. __________________________________________ VERSION __________________________________________
  609. Name Versions Type
  610. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
  611. 2.4.9
  612. nginx Platform
  613.  
  614. _____________________________________________________________________________________________
  615. Time: 60.4 sec Urls: 848 Fingerprints: 40401
  616. #######################################################################################################################################
  617. HTTP/1.1 200 OK
  618. Server: nginx
  619. Date: Sat, 23 Feb 2019 10:36:17 GMT
  620. Content-Type: text/html
  621. Content-Length: 26247
  622. Connection: keep-alive
  623. X-Accel-Version: 0.01
  624. Last-Modified: Mon, 07 May 2018 05:27:34 GMT
  625. ETag: "6687-56b96ed4eae25"
  626. Accept-Ranges: bytes
  627. X-Powered-By: PleskLin
  628.  
  629. HTTP/1.1 200 OK
  630. Server: nginx
  631. Date: Sat, 23 Feb 2019 10:36:17 GMT
  632. Content-Type: text/html
  633. Content-Length: 26247
  634. Connection: keep-alive
  635. X-Accel-Version: 0.01
  636. Last-Modified: Mon, 07 May 2018 05:27:34 GMT
  637. ETag: "6687-56b96ed4eae25"
  638. Accept-Ranges: bytes
  639. X-Powered-By: PleskLin
  640. #######################################################################################################################################
  641. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:34 EST
  642. Nmap scan report for www.rnspolice.gov.sd (62.12.105.2)
  643. Host is up (0.20s latency).
  644.  
  645. PORT STATE SERVICE VERSION
  646. 110/tcp open pop3 Dovecot pop3d
  647. | pop3-brute:
  648. | Accounts: No valid accounts found
  649. |_ Statistics: Performed 226 guesses in 197 seconds, average tps: 1.1
  650. |_pop3-capabilities: PIPELINING RESP-CODES APOP UIDL CAPA TOP STLS USER SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) AUTH-RESP-CODE
  651. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  652. Device type: specialized|WAP|general purpose|router
  653. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
  654. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
  655. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
  656. Network Distance: 20 hops
  657. Service Info: Host: fo3-web02.nic.gov.sd
  658.  
  659. TRACEROUTE (using port 443/tcp)
  660. HOP RTT ADDRESS
  661. 1 21.78 ms 10.245.200.1
  662. 2 45.01 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  663. 3 25.21 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  664. 4 21.87 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  665. 5 22.26 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  666. 6 22.70 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  667. 7 91.93 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  668. 8 97.54 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  669. 9 98.55 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  670. 10 98.58 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  671. 11 99.68 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  672. 12 178.27 ms 185.153.20.70
  673. 13 178.23 ms 185.153.20.82
  674. 14 178.17 ms 185.153.20.94
  675. 15 182.47 ms 185.153.20.153
  676. 16 ... 17
  677. 18 208.88 ms 196.202.145.94
  678. 19 ...
  679. 20 197.80 ms f03-web02.nic.gov.sd (62.12.105.2)
  680. #######################################################################################################################################
  681. Version: 1.11.12-static
  682. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  683.  
  684. Connected to 62.12.105.2
  685.  
  686. Testing SSL server www.rnspolice.gov.sd on port 443 using SNI name www.rnspolice.gov.sd
  687.  
  688. TLS Fallback SCSV:
  689. Server supports TLS Fallback SCSV
  690.  
  691. TLS renegotiation:
  692. Secure session renegotiation supported
  693.  
  694. TLS Compression:
  695. Compression disabled
  696.  
  697. Heartbleed:
  698. TLS 1.2 not vulnerable to heartbleed
  699. TLS 1.1 not vulnerable to heartbleed
  700. TLS 1.0 not vulnerable to heartbleed
  701.  
  702. Supported Server Cipher(s):
  703. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  704. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  705. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  706. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  707. Accepted TLSv1.2 256 bits AES256-SHA256
  708. Accepted TLSv1.2 256 bits AES256-SHA
  709. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  710. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  711. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  712. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  713. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  714. Accepted TLSv1.2 128 bits AES128-SHA256
  715. Accepted TLSv1.2 128 bits AES128-SHA
  716. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  717. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  718. Accepted TLSv1.1 256 bits AES256-SHA
  719. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  720. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  721. Accepted TLSv1.1 128 bits AES128-SHA
  722. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  723. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  724. Accepted TLSv1.0 256 bits AES256-SHA
  725. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  726. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  727. Accepted TLSv1.0 128 bits AES128-SHA
  728. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  729.  
  730. SSL Certificate:
  731. Signature Algorithm: sha256WithRSAEncryption
  732. RSA Key Strength: 2048
  733.  
  734. Subject: Plesk
  735. Issuer: Plesk
  736.  
  737. Not valid before: Apr 20 02:40:27 2016 GMT
  738. Not valid after: Apr 20 02:40:27 2017 GMT
  739. #######################################################################################################################################
  740. --------------------------------------------------------
  741. <<<Yasuo discovered following vulnerable applications>>>
  742. --------------------------------------------------------
  743. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  744. | App Name | URL to Application | Potential Exploit | Username | Password |
  745. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  746. | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
  747. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  748. #######################################################################################################################################
  749. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:25 EST
  750. Nmap scan report for 62.12.105.2
  751. Host is up (0.17s latency).
  752. Not shown: 464 filtered ports, 4 closed ports
  753. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  754. PORT STATE SERVICE
  755. 21/tcp open ftp
  756. 80/tcp open http
  757. 110/tcp open pop3
  758. 143/tcp open imap
  759. 443/tcp open https
  760. 993/tcp open imaps
  761. 995/tcp open pop3s
  762. 8443/tcp open https-alt
  763. #######################################################################################################################################
  764. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:25 EST
  765. Nmap scan report for 62.12.105.2
  766. Host is up (0.025s latency).
  767. Not shown: 2 filtered ports
  768. PORT STATE SERVICE
  769. 53/udp open|filtered domain
  770. 67/udp open|filtered dhcps
  771. 68/udp open|filtered dhcpc
  772. 69/udp open|filtered tftp
  773. 88/udp open|filtered kerberos-sec
  774. 123/udp open|filtered ntp
  775. 139/udp open|filtered netbios-ssn
  776. 161/udp open|filtered snmp
  777. 162/udp open|filtered snmptrap
  778. 389/udp open|filtered ldap
  779. 520/udp open|filtered route
  780. 2049/udp open|filtered nfs
  781. #######################################################################################################################################
  782. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:25 EST
  783. Nmap scan report for 62.12.105.2
  784. Host is up (0.19s latency).
  785.  
  786. PORT STATE SERVICE VERSION
  787. 21/tcp open tcpwrapped
  788. Too many fingerprints match this host to give specific OS details
  789. Network Distance: 20 hops
  790.  
  791. TRACEROUTE (using port 21/tcp)
  792. HOP RTT ADDRESS
  793. 1 22.93 ms 10.245.200.1
  794. 2 23.29 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  795. 3 26.93 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  796. 4 23.31 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  797. 5 23.31 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  798. 6 23.31 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  799. 7 92.75 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  800. 8 98.58 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  801. 9 100.03 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  802. 10 100.03 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  803. 11 98.91 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  804. 12 177.50 ms 185.153.20.70
  805. 13 177.51 ms 185.153.20.82
  806. 14 177.46 ms 185.153.20.94
  807. 15 181.48 ms 185.153.20.153
  808. 16 ... 17
  809. 18 206.30 ms 196.202.145.94
  810. 19 ...
  811. 20 195.48 ms f03-web02.nic.gov.sd (62.12.105.2)
  812. #######################################################################################################################################
  813. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:37 EST
  814. Nmap scan report for 62.12.105.2
  815. Host is up.
  816.  
  817. PORT STATE SERVICE VERSION
  818. 67/udp open|filtered dhcps
  819. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  820. Too many fingerprints match this host to give specific OS details
  821.  
  822. TRACEROUTE (using proto 1/icmp)
  823. HOP RTT ADDRESS
  824. 1 22.77 ms 10.245.200.1
  825. 2 23.20 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  826. 3 41.93 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  827. 4 23.04 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  828. 5 23.48 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  829. 6 23.47 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  830. 7 92.53 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  831. 8 98.51 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  832. 9 99.77 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  833. 10 99.57 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  834. 11 98.01 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  835. 12 176.87 ms 185.153.20.70
  836. 13 176.66 ms 185.153.20.82
  837. 14 176.51 ms 185.153.20.94
  838. 15 185.06 ms 185.153.20.153
  839. 16 211.84 ms 212.0.131.109
  840. 17 204.62 ms 196.202.137.249
  841. 18 206.20 ms 196.202.145.94
  842. 19 ... 30
  843. #######################################################################################################################################
  844. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:39 EST
  845. Nmap scan report for 62.12.105.2
  846. Host is up.
  847.  
  848. PORT STATE SERVICE VERSION
  849. 68/udp open|filtered dhcpc
  850. Too many fingerprints match this host to give specific OS details
  851.  
  852. TRACEROUTE (using proto 1/icmp)
  853. HOP RTT ADDRESS
  854. 1 25.30 ms 10.245.200.1
  855. 2 25.57 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  856. 3 41.39 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  857. 4 25.38 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  858. 5 25.66 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  859. 6 25.66 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  860. 7 95.26 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  861. 8 101.04 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  862. 9 101.90 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  863. 10 102.52 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  864. 11 98.91 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  865. 12 177.61 ms 185.153.20.70
  866. 13 177.60 ms 185.153.20.82
  867. 14 177.57 ms 185.153.20.94
  868. 15 181.47 ms 185.153.20.153
  869. 16 212.85 ms 212.0.131.109
  870. 17 203.22 ms 196.202.137.249
  871. 18 204.19 ms 196.202.145.94
  872. 19 ... 30
  873. #######################################################################################################################################
  874. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:42 EST
  875. Nmap scan report for 62.12.105.2
  876. Host is up.
  877.  
  878. PORT STATE SERVICE VERSION
  879. 69/udp open|filtered tftp
  880. Too many fingerprints match this host to give specific OS details
  881.  
  882. TRACEROUTE (using proto 1/icmp)
  883. HOP RTT ADDRESS
  884. 1 22.87 ms 10.245.200.1
  885. 2 23.22 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  886. 3 38.27 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  887. 4 23.22 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  888. 5 23.58 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  889. 6 23.44 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  890. 7 92.76 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  891. 8 98.76 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  892. 9 99.90 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  893. 10 99.98 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  894. 11 101.02 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  895. 12 179.67 ms 185.153.20.70
  896. 13 179.68 ms 185.153.20.82
  897. 14 179.61 ms 185.153.20.94
  898. 15 183.20 ms 185.153.20.153
  899. 16 212.69 ms 212.0.131.109
  900. 17 203.43 ms 196.202.137.249
  901. 18 204.98 ms 196.202.145.94
  902. 19 ... 30
  903. #######################################################################################################################################
  904. wig - WebApp Information Gatherer
  905.  
  906.  
  907. Scanning http://62.12.105.2...
  908. _________________________________________ SITE INFO _________________________________________
  909. IP Title
  910. 62.12.105.2 Domain Default page
  911.  
  912. __________________________________________ VERSION __________________________________________
  913. Name Versions Type
  914. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
  915. 2.4.9
  916. nginx Platform
  917.  
  918. _____________________________________________________________________________________________
  919. Time: 39.7 sec Urls: 811 Fingerprints: 40401
  920. #######################################################################################################################################
  921. HTTP/1.1 200 OK
  922. Server: nginx
  923. Date: Sat, 23 Feb 2019 10:48:14 GMT
  924. Content-Type: text/html
  925. Content-Length: 3750
  926. Connection: keep-alive
  927. Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
  928. ETag: "ea6-5649d8e57844b"
  929. Accept-Ranges: bytes
  930.  
  931. HTTP/1.1 200 OK
  932. Server: nginx
  933. Date: Sat, 23 Feb 2019 10:48:14 GMT
  934. Content-Type: text/html
  935. Content-Length: 3750
  936. Connection: keep-alive
  937. Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
  938. ETag: "ea6-5649d8e57844b"
  939. Accept-Ranges: bytes
  940. #######################################################################################################################################
  941. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:46 EST
  942. Nmap scan report for 62.12.105.2
  943. Host is up (0.20s latency).
  944.  
  945. PORT STATE SERVICE VERSION
  946. 110/tcp open pop3 Dovecot pop3d
  947. | pop3-brute:
  948. | Accounts: No valid accounts found
  949. |_ Statistics: Performed 223 guesses in 196 seconds, average tps: 1.1
  950. |_pop3-capabilities: RESP-CODES APOP CAPA TOP STLS UIDL SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) USER AUTH-RESP-CODE PIPELINING
  951. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  952. Device type: specialized|WAP|general purpose|router
  953. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
  954. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
  955. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
  956. Network Distance: 20 hops
  957. Service Info: Host: fo3-web02.nic.gov.sd
  958.  
  959. TRACEROUTE (using port 443/tcp)
  960. HOP RTT ADDRESS
  961. 1 22.67 ms 10.245.200.1
  962. 2 23.00 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  963. 3 24.60 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  964. 4 22.82 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  965. 5 23.40 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  966. 6 23.21 ms 154.54.25.126
  967. 7 92.17 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  968. 8 98.55 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  969. 9 99.55 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  970. 10 99.42 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  971. 11 98.50 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  972. 12 177.29 ms 185.153.20.70
  973. 13 177.29 ms 185.153.20.82
  974. 14 177.20 ms 185.153.20.94
  975. 15 204.15 ms 185.153.20.153
  976. 16 ... 17
  977. 18 204.45 ms 196.202.145.94
  978. 19 ...
  979. 20 193.65 ms f03-web02.nic.gov.sd (62.12.105.2)
  980. #######################################################################################################################################
  981. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:50 EST
  982. Nmap scan report for 62.12.105.2
  983. Host is up.
  984.  
  985. PORT STATE SERVICE VERSION
  986. 123/udp open|filtered ntp
  987. Too many fingerprints match this host to give specific OS details
  988.  
  989. TRACEROUTE (using proto 1/icmp)
  990. HOP RTT ADDRESS
  991. 1 26.03 ms 10.245.200.1
  992. 2 26.61 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  993. 3 44.44 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  994. 4 26.19 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  995. 5 26.84 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  996. 6 26.86 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  997. 7 95.93 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  998. 8 101.93 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  999. 9 102.86 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1000. 10 103.11 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1001. 11 104.18 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1002. 12 182.81 ms 185.153.20.70
  1003. 13 182.81 ms 185.153.20.82
  1004. 14 182.79 ms 185.153.20.94
  1005. 15 187.31 ms 185.153.20.153
  1006. 16 218.14 ms 212.0.131.109
  1007. 17 204.53 ms 196.202.137.249
  1008. 18 207.99 ms 196.202.145.94
  1009. 19 ... 30
  1010. #######################################################################################################################################
  1011. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 06:52 EST
  1012. Nmap scan report for 62.12.105.2
  1013. Host is up (0.21s latency).
  1014.  
  1015. PORT STATE SERVICE VERSION
  1016. 161/tcp filtered snmp
  1017. 161/udp open|filtered snmp
  1018. Too many fingerprints match this host to give specific OS details
  1019.  
  1020. TRACEROUTE (using proto 1/icmp)
  1021. HOP RTT ADDRESS
  1022. 1 23.39 ms 10.245.200.1
  1023. 2 24.16 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1024. 3 35.81 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  1025. 4 24.15 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  1026. 5 24.18 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1027. 6 24.18 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1028. 7 93.46 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  1029. 8 99.27 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1030. 9 100.26 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1031. 10 100.10 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1032. 11 99.56 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1033. 12 178.01 ms 185.153.20.70
  1034. 13 178.02 ms 185.153.20.82
  1035. 14 178.01 ms 185.153.20.94
  1036. 15 182.74 ms 185.153.20.153
  1037. 16 213.23 ms 212.0.131.109
  1038. 17 204.09 ms 196.202.137.249
  1039. 18 205.29 ms 196.202.145.94
  1040. 19 ... 30
  1041. #######################################################################################################################################
  1042. Version: 1.11.12-static
  1043. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1044.  
  1045. Connected to 62.12.105.2
  1046.  
  1047. Testing SSL server 62.12.105.2 on port 443 using SNI name 62.12.105.2
  1048.  
  1049. TLS Fallback SCSV:
  1050. Server supports TLS Fallback SCSV
  1051.  
  1052. TLS renegotiation:
  1053. Secure session renegotiation supported
  1054.  
  1055. TLS Compression:
  1056. Compression disabled
  1057.  
  1058. Heartbleed:
  1059. TLS 1.2 not vulnerable to heartbleed
  1060. TLS 1.1 not vulnerable to heartbleed
  1061. TLS 1.0 not vulnerable to heartbleed
  1062.  
  1063. Supported Server Cipher(s):
  1064. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  1065. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  1066. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1067. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  1068. Accepted TLSv1.2 256 bits AES256-SHA256
  1069. Accepted TLSv1.2 256 bits AES256-SHA
  1070. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  1071. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  1072. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  1073. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1074. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  1075. Accepted TLSv1.2 128 bits AES128-SHA256
  1076. Accepted TLSv1.2 128 bits AES128-SHA
  1077. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  1078. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1079. Accepted TLSv1.1 256 bits AES256-SHA
  1080. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  1081. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1082. Accepted TLSv1.1 128 bits AES128-SHA
  1083. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  1084. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1085. Accepted TLSv1.0 256 bits AES256-SHA
  1086. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  1087. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1088. Accepted TLSv1.0 128 bits AES128-SHA
  1089. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  1090.  
  1091. SSL Certificate:
  1092. Signature Algorithm: sha256WithRSAEncryption
  1093. RSA Key Strength: 2048
  1094.  
  1095. Subject: Plesk
  1096. Issuer: Plesk
  1097.  
  1098. Not valid before: Apr 20 02:40:27 2016 GMT
  1099. Not valid after: Apr 20 02:40:27 2017 GMT
  1100. ######################################################################################################################################
  1101. --------------------------------------------------------
  1102. <<<Yasuo discovered following vulnerable applications>>>
  1103. --------------------------------------------------------
  1104. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1105. | App Name | URL to Application | Potential Exploit | Username | Password |
  1106. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1107. | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
  1108. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1109. #######################################################################################################################################
  1110. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 07:00 EST
  1111. NSE: Loaded 148 scripts for scanning.
  1112. NSE: Script Pre-scanning.
  1113. NSE: Starting runlevel 1 (of 2) scan.
  1114. Initiating NSE at 07:00
  1115. Completed NSE at 07:00, 0.00s elapsed
  1116. NSE: Starting runlevel 2 (of 2) scan.
  1117. Initiating NSE at 07:00
  1118. Completed NSE at 07:00, 0.00s elapsed
  1119. Initiating Ping Scan at 07:00
  1120. Scanning 62.12.105.2 [4 ports]
  1121. Completed Ping Scan at 07:00, 0.23s elapsed (1 total hosts)
  1122. Initiating Parallel DNS resolution of 1 host. at 07:00
  1123. Completed Parallel DNS resolution of 1 host. at 07:01, 16.50s elapsed
  1124. Initiating Connect Scan at 07:01
  1125. Scanning 62.12.105.2 [1000 ports]
  1126. Discovered open port 110/tcp on 62.12.105.2
  1127. Discovered open port 80/tcp on 62.12.105.2
  1128. Discovered open port 143/tcp on 62.12.105.2
  1129. Discovered open port 995/tcp on 62.12.105.2
  1130. Discovered open port 443/tcp on 62.12.105.2
  1131. Discovered open port 21/tcp on 62.12.105.2
  1132. Discovered open port 993/tcp on 62.12.105.2
  1133. Discovered open port 8443/tcp on 62.12.105.2
  1134. Completed Connect Scan at 07:01, 11.68s elapsed (1000 total ports)
  1135. Initiating Service scan at 07:01
  1136. Scanning 8 services on 62.12.105.2
  1137. Completed Service scan at 07:02, 40.80s elapsed (8 services on 1 host)
  1138. Initiating OS detection (try #1) against 62.12.105.2
  1139. Retrying OS detection (try #2) against 62.12.105.2
  1140. WARNING: OS didn't match until try #2
  1141. Initiating Traceroute at 07:02
  1142. Completed Traceroute at 07:02, 6.16s elapsed
  1143. Initiating Parallel DNS resolution of 18 hosts. at 07:02
  1144. Completed Parallel DNS resolution of 18 hosts. at 07:02, 16.50s elapsed
  1145. NSE: Script scanning 62.12.105.2.
  1146. NSE: Starting runlevel 1 (of 2) scan.
  1147. Initiating NSE at 07:02
  1148. NSE Timing: About 98.90% done; ETC: 07:03 (0:00:00 remaining)
  1149. NSE Timing: About 99.54% done; ETC: 07:03 (0:00:00 remaining)
  1150. NSE Timing: About 99.63% done; ETC: 07:04 (0:00:00 remaining)
  1151. NSE Timing: About 99.91% done; ETC: 07:04 (0:00:00 remaining)
  1152. Completed NSE at 07:04, 138.34s elapsed
  1153. NSE: Starting runlevel 2 (of 2) scan.
  1154. Initiating NSE at 07:04
  1155. Completed NSE at 07:04, 0.44s elapsed
  1156. Nmap scan report for 62.12.105.2
  1157. Host is up, received syn-ack ttl 43 (0.15s latency).
  1158. Scanned at 2019-02-23 07:00:52 EST for 237s
  1159. Not shown: 988 filtered ports
  1160. Reason: 987 no-responses and 1 host-unreach
  1161. PORT STATE SERVICE REASON VERSION
  1162. 21/tcp open tcpwrapped syn-ack
  1163. 25/tcp closed smtp conn-refused
  1164. 80/tcp open http syn-ack nginx
  1165. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
  1166. | http-methods:
  1167. |_ Supported Methods: GET HEAD POST OPTIONS
  1168. |_http-server-header: nginx
  1169. |_http-title: Domain Default page
  1170. 110/tcp open pop3 syn-ack Dovecot pop3d
  1171. |_pop3-capabilities: USER CAPA UIDL PIPELINING AUTH-RESP-CODE RESP-CODES STLS TOP SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) APOP
  1172. |_ssl-date: TLS randomness does not represent time
  1173. 113/tcp closed ident conn-refused
  1174. 139/tcp closed netbios-ssn conn-refused
  1175. 143/tcp open imap syn-ack Dovecot imapd
  1176. |_imap-capabilities: STARTTLS Pre-login have listed IDLE AUTH=CRAM-MD5A0001 capabilities SASL-IR AUTH=PLAIN AUTH=DIGEST-MD5 LOGIN-REFERRALS AUTH=LOGIN IMAP4rev1 LITERAL+ more ID OK post-login ENABLE
  1177. |_ssl-date: TLS randomness does not represent time
  1178. 443/tcp open ssl/http syn-ack nginx
  1179. | http-methods:
  1180. |_ Supported Methods: GET HEAD POST OPTIONS
  1181. |_http-title: 400 The plain HTTP request was sent to HTTPS port
  1182. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
  1183. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
  1184. | Public Key type: rsa
  1185. | Public Key bits: 2048
  1186. | Signature Algorithm: sha256WithRSAEncryption
  1187. | Not valid before: 2016-04-20T02:40:27
  1188. | Not valid after: 2017-04-20T02:40:27
  1189. | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
  1190. | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
  1191. | -----BEGIN CERTIFICATE-----
  1192. | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
  1193. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
  1194. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
  1195. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
  1196. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
  1197. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
  1198. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
  1199. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
  1200. | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
  1201. | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
  1202. | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
  1203. | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
  1204. | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
  1205. | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
  1206. | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
  1207. | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
  1208. | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
  1209. | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
  1210. | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
  1211. |_-----END CERTIFICATE-----
  1212. |_ssl-date: TLS randomness does not represent time
  1213. | tls-alpn:
  1214. |_ http/1.1
  1215. | tls-nextprotoneg:
  1216. |_ http/1.1
  1217. 445/tcp closed microsoft-ds conn-refused
  1218. 993/tcp open ssl/imaps? syn-ack
  1219. |_ssl-date: TLS randomness does not represent time
  1220. 995/tcp open ssl/pop3s? syn-ack
  1221. |_ssl-date: TLS randomness does not represent time
  1222. 8443/tcp open ssl/https-alt syn-ack sw-cp-server
  1223. | fingerprint-strings:
  1224. | FourOhFourRequest:
  1225. | HTTP/1.1 404 Not Found
  1226. | Server: sw-cp-server
  1227. | Date: Sat, 23 Feb 2019 11:03:44 GMT
  1228. | Content-Type: text/html
  1229. | Content-Length: 2644
  1230. | Connection: close
  1231. | ETag: "58cbaa24-a54"
  1232. | <!DOCTYPE html>
  1233. | <html lang="en">
  1234. | <head>
  1235. | <meta charset="utf-8">
  1236. | <meta http-equiv="x-ua-compatible" content="ie=edge">
  1237. | <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  1238. | <title>404 Not Found</title>
  1239. | <link rel="stylesheet" href="/error_docs/styles.css">
  1240. | </head>
  1241. | <body>
  1242. | <div class="page">
  1243. | <div class="main">
  1244. | <div class="error-description">
  1245. | <h1>Server Error</h1>
  1246. | <div class="error-code">404</div>
  1247. | <h2>Page Not Found</h2>
  1248. | class="lead">This page either doesn't exist, or it moved somewhere else.</p>
  1249. | <hr/>
  1250. | <p>If you think this is an error, please <a href="https://www.plesk.com/bug-report/"
  1251. | RTSPRequest:
  1252. | <!DOCTYPE html>
  1253. | <html lang="en">
  1254. | <head>
  1255. | <meta charset="utf-8">
  1256. | <meta http-equiv="x-ua-compatible" content="ie=edge">
  1257. | <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  1258. | <title>400 Bad Request</title>
  1259. | <link rel="stylesheet" href="/error_docs/styles.css">
  1260. | </head>
  1261. | <body>
  1262. | <div class="page">
  1263. | <div class="main">
  1264. | <div class="error-description">
  1265. | <h1>Server Error</h1>
  1266. | <div class="error-code">400</div>
  1267. | <h2>Bad Request</h2>
  1268. | class="lead">Your browser sent a request that this server could not understand. Client sent malformed Host header.</p>
  1269. | <hr/>
  1270. | <p>If you think this is an error, please <a href="https://www.plesk.com/bug-report/" target="_blank">let us know</a> so we can fix it!</p>
  1271. | <p>That's what you can do</p>
  1272. |_ <div class="help-actions">
  1273. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
  1274. | http-methods:
  1275. |_ Supported Methods: GET HEAD POST OPTIONS
  1276. |_http-server-header: sw-cp-server
  1277. |_http-title: Plesk Onyx 17.5.3
  1278. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
  1279. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/localityName=Seattle/emailAddress=info@plesk.com/organizationalUnitName=Plesk
  1280. | Public Key type: rsa
  1281. | Public Key bits: 2048
  1282. | Signature Algorithm: sha256WithRSAEncryption
  1283. | Not valid before: 2016-04-20T02:40:27
  1284. | Not valid after: 2017-04-20T02:40:27
  1285. | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
  1286. | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
  1287. | -----BEGIN CERTIFICATE-----
  1288. | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
  1289. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
  1290. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
  1291. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
  1292. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
  1293. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
  1294. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
  1295. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
  1296. | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
  1297. | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
  1298. | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
  1299. | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
  1300. | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
  1301. | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
  1302. | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
  1303. | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
  1304. | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
  1305. | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
  1306. | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
  1307. |_-----END CERTIFICATE-----
  1308. |_ssl-date: TLS randomness does not represent time
  1309. | tls-nextprotoneg:
  1310. |_ http/1.1
  1311. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  1312. SF-Port8443-TCP:V=7.70%T=SSL%I=7%D=2/23%Time=5C71361F%P=x86_64-pc-linux-gn
  1313. SF:u%r(FourOhFourRequest,B01,"HTTP/1\.1\x20404\x20Not\x20Found\r\nServer:\
  1314. SF:x20sw-cp-server\r\nDate:\x20Sat,\x2023\x20Feb\x202019\x2011:03:44\x20GM
  1315. SF:T\r\nContent-Type:\x20text/html\r\nContent-Length:\x202644\r\nConnectio
  1316. SF:n:\x20close\r\nETag:\x20\"58cbaa24-a54\"\r\n\r\n<!DOCTYPE\x20html>\n<ht
  1317. SF:ml\x20lang=\"en\">\n\x20\x20<head>\n\x20\x20\x20\x20<meta\x20charset=\"
  1318. SF:utf-8\">\n\x20\x20\x20\x20<meta\x20http-equiv=\"x-ua-compatible\"\x20co
  1319. SF:ntent=\"ie=edge\">\n\x20\x20\x20\x20<meta\x20name=\"viewport\"\x20conte
  1320. SF:nt=\"width=device-width,\x20initial-scale=1,\x20shrink-to-fit=no\">\n\x
  1321. SF:20\x20\x20\x20<title>404\x20Not\x20Found</title>\n\x20\x20\x20\x20<link
  1322. SF:\x20rel=\"stylesheet\"\x20href=\"/error_docs/styles\.css\">\n\x20\x20</
  1323. SF:head>\n\x20\x20<body>\n\x20\x20\x20\x20<div\x20class=\"page\">\n\x20\x2
  1324. SF:0\x20\x20\x20\x20<div\x20class=\"main\">\n\x20\x20\x20\x20\x20\x20\x20\
  1325. SF:x20<div\x20class=\"error-description\">\n\x20\x20\x20\x20\x20\x20\x20\x
  1326. SF:20\x20\x20<h1>Server\x20Error</h1>\n\x20\x20\x20\x20\x20\x20\x20\x20\x2
  1327. SF:0\x20<div\x20class=\"error-code\">404</div>\n\x20\x20\x20\x20\x20\x20\x
  1328. SF:20\x20\x20\x20<h2>Page\x20Not\x20Found</h2>\n\x20\x20\x20\x20\x20\x20\x
  1329. SF:20\x20\x20\x20<p\x20class=\"lead\">This\x20page\x20either\x20doesn't\x2
  1330. SF:0exist,\x20or\x20it\x20moved\x20somewhere\x20else\.</p>\n\x20\x20\x20\x
  1331. SF:20\x20\x20\x20\x20\x20\x20<hr/>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
  1332. SF:20<p>If\x20you\x20think\x20this\x20is\x20an\x20error,\x20please\x20<a\x
  1333. SF:20href=\"https://www\.plesk\.com/bug-report/\"\x20")%r(RTSPRequest,A7D,
  1334. SF:"<!DOCTYPE\x20html>\n<html\x20lang=\"en\">\n\x20\x20<head>\n\x20\x20\x2
  1335. SF:0\x20<meta\x20charset=\"utf-8\">\n\x20\x20\x20\x20<meta\x20http-equiv=\
  1336. SF:"x-ua-compatible\"\x20content=\"ie=edge\">\n\x20\x20\x20\x20<meta\x20na
  1337. SF:me=\"viewport\"\x20content=\"width=device-width,\x20initial-scale=1,\x2
  1338. SF:0shrink-to-fit=no\">\n\x20\x20\x20\x20<title>400\x20Bad\x20Request</tit
  1339. SF:le>\n\x20\x20\x20\x20<link\x20rel=\"stylesheet\"\x20href=\"/error_docs/
  1340. SF:styles\.css\">\n\x20\x20</head>\n\x20\x20<body>\n\x20\x20\x20\x20<div\x
  1341. SF:20class=\"page\">\n\x20\x20\x20\x20\x20\x20<div\x20class=\"main\">\n\x2
  1342. SF:0\x20\x20\x20\x20\x20\x20\x20<div\x20class=\"error-description\">\n\x20
  1343. SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20<h1>Server\x20Error</h1>\n\x20\x20\
  1344. SF:x20\x20\x20\x20\x20\x20\x20\x20<div\x20class=\"error-code\">400</div>\n
  1345. SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<h2>Bad\x20Request</h2>\n\x20\x
  1346. SF:20\x20\x20\x20\x20\x20\x20\x20\x20<p\x20class=\"lead\">Your\x20browser\
  1347. SF:x20sent\x20a\x20request\x20that\x20this\x20server\x20could\x20not\x20un
  1348. SF:derstand\.\x20Client\x20sent\x20malformed\x20Host\x20header\.</p>\n\x20
  1349. SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20<hr/>\n\x20\x20\x20\x20\x20\x20\x20
  1350. SF:\x20\x20\x20<p>If\x20you\x20think\x20this\x20is\x20an\x20error,\x20plea
  1351. SF:se\x20<a\x20href=\"https://www\.plesk\.com/bug-report/\"\x20target=\"_b
  1352. SF:lank\">let\x20us\x20know</a>\x20so\x20we\x20can\x20fix\x20it!</p>\n\x20
  1353. SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20<p>That's\x20what\x20you\x20can\x20
  1354. SF:do</p>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20<div\x20class=\"help-ac
  1355. SF:tions\">\n\x20");
  1356. Device type: general purpose
  1357. Running: Linux 2.6.X
  1358. OS CPE: cpe:/o:linux:linux_kernel:2.6
  1359. OS details: Linux 2.6.18 - 2.6.22
  1360. TCP/IP fingerprint:
  1361. OS:SCAN(V=7.70%E=4%D=2/23%OT=80%CT=25%CU=%PV=N%G=N%TM=5C7136E1%P=x86_64-pc-
  1362. OS:linux-gnu)SEQ(SP=FE%GCD=1%ISR=10E%TI=Z%CI=Z%TS=D)SEQ(CI=Z)OPS(O1=M4B3ST1
  1363. OS:1NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4B
  1364. OS:3ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%T
  1365. OS:G=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)ECN(R=N)T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS
  1366. OS:%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=
  1367. OS:0%Q=)T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=N)IE(R=N)
  1368.  
  1369. Service Info: Host: fo3-web02.nic.gov.sd
  1370.  
  1371. TRACEROUTE (using proto 1/icmp)
  1372. HOP RTT ADDRESS
  1373. 1 22.17 ms 10.245.200.1
  1374. 2 22.54 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1375. 3 34.29 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
  1376. 4 22.23 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
  1377. 5 22.59 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1378. 6 22.54 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1379. 7 91.70 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  1380. 8 97.98 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1381. 9 98.87 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1382. 10 98.71 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1383. 11 98.25 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1384. 12 176.69 ms 185.153.20.70
  1385. 13 176.92 ms 185.153.20.82
  1386. 14 176.65 ms 185.153.20.94
  1387. 15 183.06 ms 185.153.20.153
  1388. 16 213.54 ms 212.0.131.109
  1389. 17 204.48 ms 196.202.137.249
  1390. 18 205.22 ms 196.202.145.94
  1391. 19 ... 30
  1392.  
  1393. NSE: Script Post-scanning.
  1394. NSE: Starting runlevel 1 (of 2) scan.
  1395. Initiating NSE at 07:04
  1396. Completed NSE at 07:04, 0.00s elapsed
  1397. NSE: Starting runlevel 2 (of 2) scan.
  1398. Initiating NSE at 07:04
  1399. Completed NSE at 07:04, 0.00s elapsed
  1400. Read data files from: /usr/bin/../share/nmap
  1401. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1402. Nmap done: 1 IP address (1 host up) scanned in 238.16 seconds
  1403. Raw packets sent: 150 (10.896KB) | Rcvd: 167 (26.826KB)
  1404. #######################################################################################################################################
  1405. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-23 07:04 EST
  1406. NSE: Loaded 148 scripts for scanning.
  1407. NSE: Script Pre-scanning.
  1408. Initiating NSE at 07:04
  1409. Completed NSE at 07:04, 0.00s elapsed
  1410. Initiating NSE at 07:04
  1411. Completed NSE at 07:04, 0.00s elapsed
  1412. Initiating Parallel DNS resolution of 1 host. at 07:04
  1413. Completed Parallel DNS resolution of 1 host. at 07:05, 16.50s elapsed
  1414. Initiating UDP Scan at 07:05
  1415. Scanning 62.12.105.2 [14 ports]
  1416. Completed UDP Scan at 07:05, 1.24s elapsed (14 total ports)
  1417. Initiating Service scan at 07:05
  1418. Scanning 12 services on 62.12.105.2
  1419. Service scan Timing: About 8.33% done; ETC: 07:24 (0:17:47 remaining)
  1420. Completed Service scan at 07:06, 102.59s elapsed (12 services on 1 host)
  1421. Initiating OS detection (try #1) against 62.12.105.2
  1422. Retrying OS detection (try #2) against 62.12.105.2
  1423. Initiating Traceroute at 07:06
  1424. Completed Traceroute at 07:07, 7.12s elapsed
  1425. Initiating Parallel DNS resolution of 1 host. at 07:07
  1426. Completed Parallel DNS resolution of 1 host. at 07:07, 16.50s elapsed
  1427. NSE: Script scanning 62.12.105.2.
  1428. Initiating NSE at 07:07
  1429. Completed NSE at 07:07, 20.31s elapsed
  1430. Initiating NSE at 07:07
  1431. Completed NSE at 07:07, 1.02s elapsed
  1432. Nmap scan report for 62.12.105.2
  1433. Host is up (0.022s latency).
  1434.  
  1435. PORT STATE SERVICE VERSION
  1436. 53/udp open|filtered domain
  1437. 67/udp open|filtered dhcps
  1438. 68/udp open|filtered dhcpc
  1439. 69/udp open|filtered tftp
  1440. 88/udp open|filtered kerberos-sec
  1441. 123/udp open|filtered ntp
  1442. 137/udp filtered netbios-ns
  1443. 138/udp filtered netbios-dgm
  1444. 139/udp open|filtered netbios-ssn
  1445. 161/udp open|filtered snmp
  1446. 162/udp open|filtered snmptrap
  1447. 389/udp open|filtered ldap
  1448. 520/udp open|filtered route
  1449. 2049/udp open|filtered nfs
  1450. Too many fingerprints match this host to give specific OS details
  1451.  
  1452. TRACEROUTE (using port 137/udp)
  1453. HOP RTT ADDRESS
  1454. 1 ... 3
  1455. 4 21.64 ms 10.245.200.1
  1456. 5 22.90 ms 10.245.200.1
  1457. 6 22.89 ms 10.245.200.1
  1458. 7 22.89 ms 10.245.200.1
  1459. 8 22.89 ms 10.245.200.1
  1460. 9 22.88 ms 10.245.200.1
  1461. 10 22.88 ms 10.245.200.1
  1462. 11 22.90 ms 10.245.200.1
  1463. 12 ... 18
  1464. 19 22.46 ms 10.245.200.1
  1465. 20 21.89 ms 10.245.200.1
  1466. 21 20.89 ms 10.245.200.1
  1467. 22 ... 29
  1468. 30 22.44 ms 10.245.200.1
  1469.  
  1470. NSE: Script Post-scanning.
  1471. Initiating NSE at 07:07
  1472. Completed NSE at 07:07, 0.00s elapsed
  1473. Initiating NSE at 07:07
  1474. Completed NSE at 07:07, 0.00s elapsed
  1475. Read data files from: /usr/bin/../share/nmap
  1476. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1477. Nmap done: 1 IP address (1 host up) scanned in 168.35 seconds
  1478. Raw packets sent: 147 (13.614KB) | Rcvd: 149 (19.279KB)
  1479. #######################################################################################################################################
  1480. ---------------------------------------------------------------------------------------------------------------------------------------
  1481. + Target IP: 62.12.105.2
  1482. + Target Hostname: 62.12.105.2
  1483. + Target Port: 443
  1484. ---------------------------------------------------------------------------------------------------------------------------------------
  1485. + SSL Info: Subject: /C=US/ST=Washington/L=Seattle/O=Odin/OU=Plesk/CN=Plesk/emailAddress=info@plesk.com
  1486. Ciphers: ECDHE-RSA-AES256-GCM-SHA384
  1487. Issuer: /C=US/ST=Washington/L=Seattle/O=Odin/OU=Plesk/CN=Plesk/emailAddress=info@plesk.com
  1488. + Start Time: 2019-02-23 06:24:31 (GMT-5)
  1489. --------------------------------------------------------------------------------------------------------------------------------------
  1490. + Server: nginx
  1491. + Server leaks inodes via ETags, header found with file /, fields: 0xea6 0x5649d8e57844b
  1492. + The anti-clickjacking X-Frame-Options header is not present.
  1493. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1494. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
  1495. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1496. + Hostname '62.12.105.2' does not match certificate's names: Plesk
  1497. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
  1498. + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
  1499. + OSVDB-3268: /icons/: Directory indexing found.
  1500. + OSVDB-3233: /icons/README: Apache default file found.
  1501. ---------------------------------------------------------------------------------------------------------------------------------------
  1502. #######################################################################################################################################
  1503. Anonymous JTSEC #OpSudan Full Recon #21
Add Comment
Please, Sign In to add comment