SHARE
TWEET

OPDeathEather JTSEC full recon 36

a guest Feb 14th, 2017 5,849 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. nudistfa.com
  2.  
  3. ###########################################################################################
  4.  
  5. whois nudistfa.com
  6.  
  7. Whois Server Version 2.0
  8.  
  9. Domain names in the .com and .net domains can now be registered
  10. with many different competing registrars. Go to http://www.internic.net
  11. for detailed information.
  12.  
  13.    Domain Name: NUDISTFA.COM
  14.    Registrar: URL SOLUTIONS INC.
  15.    Sponsoring Registrar IANA ID: 1449
  16.    Whois Server: whois.pananames.com
  17.    Referral URL: http://www.pananames.com
  18.    Name Server: NS1.PANASERVERS.COM
  19.    Name Server: NS2.PANASERVERS.COM
  20.    Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  21.    Updated Date: 26-jan-2017
  22.    Creation Date: 16-jan-2017
  23.    Expiration Date: 16-jan-2018
  24.  
  25.  
  26. Domain Name: NUDISTFA.COM
  27. Registry Domain ID: 2090460580_DOMAIN_COM-VRSN
  28. Registrar WHOIS Server: whois.pananames.com
  29. Registrar URL: http://www.pananames.com
  30. Updated Date: 2017-01-26T00:37:05Z
  31. Creation Date: 2017-01-16T11:37:05Z
  32. Registrar Registration Expiration Date: 2018-01-16T11:37:05.000Z
  33. Sponsoring Registrar: URL SOLUTIONS INC.
  34. Sponsoring Registrar IANA ID: 1449
  35. Registrar Abuse Contact Email: abuse@pananames.com
  36. Registrar Abuse Contact Phone: +507.8339556
  37. Reseller:
  38. Domain Status: clientTransferProhibited -- https://icann.org/epp#clientTransferProhibited
  39. Registry Registrant ID:
  40. Registrant Name: Private Whois
  41. Registrant Organization: GLOBAL DOMAIN PRIVACY SERVICES INC
  42. Registrant Street: Salduba Bldg, 3rd floor, 53rd East Street, Marbella
  43. Registrant City: Panama
  44. Registrant State/Province: NA
  45. Registrant Postal Code: NA
  46. Registrant Country: PA
  47. Registrant Phone: +507.8365260
  48. Registrant Phone Ext:
  49. Registrant Fax:
  50. Registrant Fax Ext:
  51. Registrant Email: nudistfa.com_1ibe9sv16z67q@domains-anonymizer.com
  52. Registry Admin ID:
  53. Admin Name: Private Whois
  54. Admin Organization: GLOBAL DOMAIN PRIVACY SERVICES INC
  55. Admin Street: Salduba Bldg, 3rd floor, 53rd East Street, Marbella
  56. Admin City: Panama
  57. Admin State/Province: NA
  58. Admin Postal Code: NA
  59. Admin Country: PA
  60. Admin Phone: +507.8365260
  61. Admin Phone Ext:
  62. Admin Fax:
  63. Admin Fax Ext:
  64. Admin Email: nudistfa.com_1ibe9sv16z67q@domains-anonymizer.com
  65. Registry Tech ID:
  66. Tech Name: Private Whois
  67. Tech Organization: GLOBAL DOMAIN PRIVACY SERVICES INC
  68. Tech Street: Salduba Bldg, 3rd floor, 53rd East Street, Marbella
  69. Tech City: Panama
  70. Tech State/Province: NA
  71. Tech Postal Code: NA
  72. Tech Country: PA
  73. Tech Phone: +507.8365260
  74. Tech Phone Ext:
  75. Tech Fax:
  76. Tech Fax Ext:
  77. Tech Email: nudistfa.com_1ibe9sv16z67q@domains-anonymizer.com
  78. Name Server: NS1.PANASERVERS.COM
  79. Name Server: NS2.PANASERVERS.COM
  80.  
  81. ###########################################################################################
  82.  
  83. dig nudistfa.com any
  84. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  85.  
  86. ; <<>> DiG 9.10.3-P4-Debian <<>> nudistfa.com any
  87. ;; global options: +cmd
  88. ;; Got answer:
  89. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33220
  90. ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
  91.  
  92. ;; OPT PSEUDOSECTION:
  93. ; EDNS: version: 0, flags:; udp: 4096
  94. ;; QUESTION SECTION:
  95. ;nudistfa.com.          IN  ANY
  96.  
  97. ;; ANSWER SECTION:
  98. nudistfa.com.       86400   IN  SOA ns.nudistfa.com. hostmaster.nudistfa.com. 3 28800 7200 604800 86400
  99. nudistfa.com.       149 IN  A   80.82.78.14
  100.  
  101. ;; Query time: 107 msec
  102. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  103. ;; WHEN: Sat Feb 11 01:15:48 EST 2017
  104. ;; MSG SIZE  rcvd: 107
  105.  
  106. ###########################################################################################
  107.  
  108. host -l nudistfa.com
  109.  
  110. Host nudistfa.com not found: 5(REFUSED)
  111. ; Transfer failed.
  112.  
  113. ###########################################################################################
  114.  
  115. tcptraceroute -i eth0 nudistfa.com
  116.  
  117. Running:
  118.     traceroute -T -O info -i eth0 nudistfa.com
  119. traceroute to nudistfa.com (80.82.78.14), 30 hops max, 60 byte packets
  120. send: Opération non permise
  121.  
  122. ###########################################################################################
  123.  
  124. cd /pentest/enumeration/dnsenum
  125. perl dnsenum.pl --enum -f dns.txt --update a -r nudistfa.com
  126.  
  127. ./Recon.sh: ligne 44 : cd: /pentest/enumeration/dnsenum: Aucun fichier ou dossier de ce type
  128. Can't open perl script "dnsenum.pl": Aucun fichier ou dossier de ce type
  129.  
  130. ###########################################################################################
  131.  
  132. dnstracer nudistfa.com
  133.  
  134. Tracing to nudistfa.com[a] via 0.0.0.0, maximum of 3 retries
  135. 0.0.0.0 (0.0.0.0) * * *
  136.  
  137. ###########################################################################################
  138.  
  139. cd /pentest/enumeration/fierce
  140. perl fierce.pl -dns nudistfa.com
  141.  
  142. ./Recon.sh: ligne 58 : cd: /pentest/enumeration/fierce: Aucun fichier ou dossier de ce type
  143. Can't open perl script "fierce.pl": Aucun fichier ou dossier de ce type
  144.  
  145. ###########################################################################################
  146.  
  147. cd /pentest/enumeration/lbd
  148. ./lbd.sh nudistfa.com
  149. ./Recon.sh: ligne 65 : cd: /pentest/enumeration/lbd: Aucun fichier ou dossier de ce type
  150.  
  151. lbd - load balancing detector 0.2 - Checks if a given domain uses load-balancing.
  152.                                     Written by Stefan Behte (http://ge.mine.nu)
  153.                                     Proof-of-concept! Might give false positives.
  154.  
  155. Checking for DNS-Loadbalancing:../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  156.  NOT FOUND
  157. Checking for HTTP-Loadbalancing [Server]:
  158.  nginx
  159.  NOT FOUND
  160.  
  161. Checking for HTTP-Loadbalancing [Date]: 06:17:11, 06:17:11, 06:17:11, 06:17:11, 06:17:12, 06:17:12, 06:17:12, 06:17:12, 06:17:13, 06:17:13, 06:17:13, 06:17:13, 06:17:14, 06:17:14, 06:17:14, 06:17:14, 06:17:15, 06:17:15, 06:17:15, 06:17:15, 06:17:16, 06:17:16, 06:17:16, 06:17:16, 06:17:17, 06:17:17, 06:17:17, 06:17:17, 06:17:18, 06:17:18, 06:17:18, 06:17:18, 06:17:19, 06:17:19, 06:17:19, 06:17:20, 06:17:20, 06:17:20, 06:17:20, 06:17:21, 06:17:21, 06:17:21, 06:17:21, 06:17:22, 06:17:22, 06:17:22, 06:17:22, 06:17:23, 06:17:23, 06:17:23, NOT FOUND
  162.  
  163. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  164.  
  165. nudistfa.com does NOT use Load-balancing.
  166.  
  167. ###########################################################################################
  168.  
  169. cd /pentest/enumeration/list-urls
  170. ./list-urls.py http://www.nudistfa.com
  171. ./Recon.sh: ligne 71 : cd: /pentest/enumeration/list-urls: Aucun fichier ou dossier de ce type
  172. ./Recon.sh: ligne 72: ./list-urls.py: Aucun fichier ou dossier de ce type
  173.  
  174. ###########################################################################################
  175.  
  176. nmap -PN -n -F -T4 -sV -A -oG temp.txt nudistfa.com
  177.  
  178. Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-11 01:17 EST
  179. Nmap scan report for nudistfa.com (80.82.78.14)
  180. Host is up (0.046s latency).
  181. Not shown: 83 filtered ports
  182. PORT     STATE  SERVICE      VERSION
  183. 21/tcp   open   ftp          vsftpd 2.2.2
  184. 22/tcp   open   ssh          OpenSSH 5.3 (protocol 2.0)
  185. | ssh-hostkey:
  186. |   1024 c9:5e:16:64:4a:6d:f2:df:83:62:c7:3c:98:b2:95:9e (DSA)
  187. |_  2048 34:cc:15:7a:41:b1:3a:e1:da:28:e5:0d:4e:0a:d1:3d (RSA)
  188. 25/tcp   closed smtp
  189. 80/tcp   open   http         nginx
  190. | http-robots.txt: 1 disallowed entry
  191. |_/
  192. |_http-server-header: nginx
  193. |_http-title: nudistfa.com
  194. 110/tcp  open   pop3         Dovecot pop3d
  195. |_pop3-capabilities: TOP SASL(PLAIN LOGIN) RESP-CODES STLS UIDL CAPA PIPELINING USER
  196. | ssl-cert: Subject: commonName=80.82.78.14/organizationName=name/stateOrProvinceName=MOblin/countryName=US
  197. | Not valid before: 2014-11-07T18:56:07
  198. |_Not valid after:  2017-04-25T18:56:07
  199. |_ssl-date: 2017-02-11T06:17:58+00:00; +26s from scanner time.
  200. 135/tcp  closed msrpc
  201. 139/tcp  closed netbios-ssn
  202. 143/tcp  open   imap         Dovecot imapd
  203. |_imap-capabilities: IDLE completed AUTH=LOGINA0001 SASL-IR Capability OK IMAP4rev1 ENABLE ID AUTH=PLAIN LITERAL+ LOGIN-REFERRALS STARTTLS
  204. | ssl-cert: Subject: commonName=80.82.78.14/organizationName=name/stateOrProvinceName=MOblin/countryName=US
  205. | Not valid before: 2014-11-07T18:56:07
  206. |_Not valid after:  2017-04-25T18:56:07
  207. |_ssl-date: 2017-02-11T06:17:57+00:00; +26s from scanner time.
  208. 443/tcp  closed https
  209. 445/tcp  closed microsoft-ds
  210. 465/tcp  open   ssl/smtp     Exim smtpd 4.84_2
  211. | smtp-commands: xbaboon.com Hello testbed-users.calyx.net [162.247.73.193], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
  212. |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
  213. | ssl-cert: Subject: commonName=80.82.78.14/organizationName=name/stateOrProvinceName=MOblin/countryName=US
  214. | Not valid before: 2014-11-07T18:56:07
  215. |_Not valid after:  2017-04-25T18:56:07
  216. 587/tcp  open   smtp         Exim smtpd 4.84_2
  217. | smtp-commands: xbaboon.com Hello testbed-users.calyx.net [162.247.73.193], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
  218. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
  219. | ssl-cert: Subject: commonName=80.82.78.14/organizationName=name/stateOrProvinceName=MOblin/countryName=US
  220. | Not valid before: 2014-11-07T18:56:07
  221. |_Not valid after:  2017-04-25T18:56:07
  222. |_ssl-date: 2017-02-11T06:18:03+00:00; +26s from scanner time.
  223. 993/tcp  open   ssl/imap     Dovecot imapd
  224. |_imap-capabilities: IDLE AUTH=LOGINA0001 SASL-IR Capability completed AUTH=PLAIN ENABLE ID OK IMAP4rev1 LOGIN-REFERRALS LITERAL+
  225. | ssl-cert: Subject: commonName=80.82.78.14/organizationName=name/stateOrProvinceName=MOblin/countryName=US
  226. | Not valid before: 2014-11-07T18:56:07
  227. |_Not valid after:  2017-04-25T18:56:07
  228. |_ssl-date: 2017-02-11T06:17:57+00:00; +26s from scanner time.
  229. 995/tcp  open   ssl/pop3     Dovecot pop3d
  230. |_pop3-capabilities: TOP RESP-CODES SASL(PLAIN LOGIN) UIDL CAPA PIPELINING USER
  231. | ssl-cert: Subject: commonName=80.82.78.14/organizationName=name/stateOrProvinceName=MOblin/countryName=US
  232. | Not valid before: 2014-11-07T18:56:07
  233. |_Not valid after:  2017-04-25T18:56:07
  234. |_ssl-date: 2017-02-11T06:17:57+00:00; +26s from scanner time.
  235. 3306/tcp open   mysql        MySQL 5.5.43
  236. | mysql-info:
  237. |   Protocol: 10
  238. |   Version: 5.5.43
  239. |   Thread ID: 76262019
  240. |   Capabilities flags: 63487
  241. |   Some Capabilities: Support41Auth, ConnectWithDatabase, Speaks41ProtocolOld, FoundRows, Speaks41ProtocolNew, IgnoreSigpipes, SupportsCompression, LongColumnFlag, LongPassword, InteractiveClient, SupportsTransactions, ODBCClient, DontAllowDatabaseTableColumn, IgnoreSpaceBeforeParenthesis, SupportsLoadDataLocal, SupportsAuthPlugins, SupportsMultipleStatments, SupportsMultipleResults
  242. |   Status: Autocommit
  243. |   Salt: Kx;\>`K4bo+%u@!~{o="
  244. |_  Auth Plugin Name: 79
  245. 5432/tcp closed postgresql
  246. 8080/tcp open   http         Apache httpd 2.2.15 ((CentOS))
  247. |_http-open-proxy: Proxy might be redirecting requests
  248. | http-robots.txt: 1 disallowed entry
  249. |_/
  250. |_http-server-header: Apache/2.2.15 (CentOS)
  251. |_http-title: nudistfa.com
  252. Aggressive OS guesses: Linux 3.2 (94%), Linux 3.1 (93%), AVM FRITZ!WLAN Repeater 450E (FritzOS 6.51) (93%), Linux 2.6.32 (93%), Linux 2.6.32 - 2.6.39 (93%), Linux 2.6.32 - 3.1 (93%), Linux 2.6.39 (93%), ProVision-ISR security DVR (93%), OpenWrt 12.09-rc1 Attitude Adjustment (Linux 3.3 - 3.7) (93%), MikroTik RouterOS 6.19 (Linux 3.3.5) (93%)
  253. No exact OS matches for host (test conditions non-ideal).
  254. Network Distance: 2 hops
  255. Service Info: Host: xbaboon.com; OS: Unix
  256.  
  257. Host script results:
  258. |_clock-skew: mean: 25s, deviation: 0s, median: 25s
  259.  
  260. TRACEROUTE (using port 445/tcp)
  261. HOP RTT      ADDRESS
  262. 1   31.23 ms 10.42.0.1
  263. 2   31.23 ms 80.82.78.14
  264.  
  265. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  266. Nmap done: 1 IP address (1 host up) scanned in 35.70 seconds
  267.  
  268. ###########################################################################################
  269.  
  270. amap -i temp.txt
  271. amap v5.4 (www.thc.org/thc-amap) started at 2017-02-11 01:17:45 - APPLICATION MAPPING mode
  272.  
  273. Protocol on 80.82.78.14:80/tcp matches http
  274. Protocol on 80.82.78.14:80/tcp matches http-apache-2
  275. Protocol on 80.82.78.14:21/tcp matches ftp
  276. Protocol on 80.82.78.14:8080/tcp matches http
  277. Protocol on 80.82.78.14:8080/tcp matches http-apache-2
  278. Protocol on 80.82.78.14:3306/tcp matches mysql
  279. Protocol on 80.82.78.14:22/tcp matches ssh
  280. Protocol on 80.82.78.14:22/tcp matches ssh-openssh
  281. Protocol on 80.82.78.14:143/tcp matches imap
  282. Protocol on 80.82.78.14:110/tcp matches pop3
  283. Protocol on 80.82.78.14:993/tcp matches ntp
  284. Protocol on 80.82.78.14:993/tcp matches ssl
  285. Protocol on 80.82.78.14:995/tcp matches ntp
  286. Protocol on 80.82.78.14:995/tcp matches ssl
  287. Unrecognized response from 80.82.78.14:587/tcp (by trigger http) received.
  288. Please send this output and the name of the application to vh@thc.org:
  289. 0000:  3535 3420 534d 5450 2073 796e 6368 726f    [ 554 SMTP synchro ]
  290. 0010:  6e69 7a61 7469 6f6e 2065 7272 6f72 0d0a    [ nization error.. ]
  291. Protocol on 80.82.78.14:465/tcp matches ntp
  292. Protocol on 80.82.78.14:465/tcp matches ssl
  293.  
  294.  
  295. Unidentified ports: 80.82.78.14:587/tcp (total 1).
  296.  
  297. amap v5.4 finished at 2017-02-11 01:18:16
  298.  
  299. ###########################################################################################
  300.  
  301. cd /pentest/enumeration/www/httprint/linux
  302. ./httprint -h www.nudistfa.com -s signatures.txt -P0
  303.  
  304. ./Recon.sh: ligne 90 : cd: /pentest/enumeration/www/httprint/linux: Aucun fichier ou dossier de ce type
  305. ./Recon.sh: ligne 91: ./httprint: Aucun fichier ou dossier de ce type
  306.  
  307. ###########################################################################################
  308.  
  309. [+] Emails found:
  310. ------------------
  311. pixel-1486793771559201-web-@nudistfa.com
  312. pixel-1486793772366176-web-@nudistfa.com
  313. ---------------------------------------------------------------------------
  314. + Target IP:          80.82.78.14
  315. + Target Hostname:    nudistfa.com
  316. + Target Port:        80
  317. + Start Time:         2017-02-11 01:15:38 (GMT-5)
  318. ---------------------------------------------------------------------------
  319. + Server: nginx
  320. + The anti-clickjacking X-Frame-Options header is not present.
  321. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  322. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  323. + Cookie from created without the httponly flag
  324. + Cookie lfrom created without the httponly flag
  325. + Cookie idcheck created without the httponly flag
  326. + Cookie index_page created without the httponly flag
  327. + Server leaks inodes via ETags, header found with file /YGNObHlh.iso8859-8, inode: 15075094, size: 1411, mtime: Mon Jan 16 06:41:44 2017
  328. + Allowed HTTP Methods: GET, HEAD, POST
  329. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  330. + OSVDB-8204: /gb/index.php?login=true: gBook may allow admin login by setting the value 'login' equal to 'true'.
  331. + Uncommon header 'x-dns-prefetch-control' found, with contents: off
  332. + OSVDB-3092: /db/: This might be interesting...
  333. + Uncommon header 'x-ob_mode' found, with contents: 1
  334. + OSVDB-3268: /icons/: Directory indexing found.
  335. + OSVDB-3233: /icons/README: Apache default file found.
  336. + OSVDB-3092: /af/: This might be interesting... potential country code (Afghanistan)
  337. + OSVDB-3092: /ax/: This might be interesting... potential country code (Aland Islands)
  338. + OSVDB-3092: /al/: This might be interesting... potential country code (Albania)
  339. + OSVDB-3092: /dz/: This might be interesting... potential country code (Algeria)
  340. + OSVDB-3092: /as/: This might be interesting... potential country code (American Samoa)
  341. + OSVDB-3092: /ad/: This might be interesting... potential country code (Andorra)
  342. + OSVDB-3092: /ao/: This might be interesting... potential country code (Angola)
  343. + OSVDB-3092: /ai/: This might be interesting... potential country code (Anguilla)
  344. + OSVDB-3092: /aq/: This might be interesting... potential country code (Antarctica)
  345. + OSVDB-3092: /ag/: This might be interesting... potential country code (Antigua And Barbuda)
  346. + OSVDB-3092: /ar/: This might be interesting... potential country code (Argentina)
  347. + OSVDB-3092: /am/: This might be interesting... potential country code (Armenia)
  348. + OSVDB-3092: /aw/: This might be interesting... potential country code (Aruba)
  349. + OSVDB-3092: /au/: This might be interesting... potential country code (Australia)
  350. + OSVDB-3092: /at/: This might be interesting... potential country code (Austria)
  351. + OSVDB-3092: /az/: This might be interesting... potential country code (Azerbaijan)
  352. + OSVDB-3092: /bs/: This might be interesting... potential country code (Bahamas)
  353. + OSVDB-3092: /bh/: This might be interesting... potential country code (Bahrain)
  354. + OSVDB-3092: /bd/: This might be interesting... potential country code (Bangladesh)
  355. + OSVDB-3092: /bb/: This might be interesting... potential country code (Barbados)
  356. + OSVDB-3092: /by/: This might be interesting... potential country code (Belarus)
  357. + OSVDB-3092: /be/: This might be interesting... potential country code (Belgium)
  358. + OSVDB-3092: /bz/: This might be interesting... potential country code (Belize)
  359. + OSVDB-3092: /bj/: This might be interesting... potential country code (Benin)
  360. + OSVDB-3092: /bm/: This might be interesting... potential country code (Bermuda)
  361. + OSVDB-3092: /bt/: This might be interesting... potential country code (Bhutan)
  362. + OSVDB-3092: /bo/: This might be interesting... potential country code (Bolivia)
  363. + OSVDB-3092: /ba/: This might be interesting... potential country code (Bosnia And Herzegovina)
  364. + OSVDB-3092: /bw/: This might be interesting... potential country code (Botswana)
  365. + OSVDB-3092: /bv/: This might be interesting... potential country code (Bouvet Island)
  366. + OSVDB-3092: /br/: This might be interesting... potential country code (Brazil)
  367. + OSVDB-3092: /io/: This might be interesting... potential country code (British Indian Ocean Territory)
  368. + OSVDB-3092: /bn/: This might be interesting... potential country code (Brunei Darussalam)
  369. + OSVDB-3092: /bg/: This might be interesting... potential country code (Bulgaria)
  370. + OSVDB-3092: /bf/: This might be interesting... potential country code (Burkina Faso)
  371. + OSVDB-3092: /bi/: This might be interesting... potential country code (Burundi)
  372. + OSVDB-3092: /kh/: This might be interesting... potential country code (Cambodia)
  373. + OSVDB-3092: /cm/: This might be interesting... potential country code (Cameroon)
  374. + OSVDB-3092: /ca/: This might be interesting... potential country code (Canada)
  375. + OSVDB-3092: /cv/: This might be interesting... potential country code (Cape Verde)
  376. + OSVDB-3092: /ky/: This might be interesting... potential country code (Cayman Islands)
  377. + OSVDB-3092: /cf/: This might be interesting... potential country code (Central African Republic)
  378. + OSVDB-3092: /td/: This might be interesting... potential country code (Chad)
  379. + OSVDB-3092: /cl/: This might be interesting... potential country code (Chile)
  380. + OSVDB-3092: /cn/: This might be interesting... potential country code (China)
  381. + OSVDB-3092: /cx/: This might be interesting... potential country code (Christmas Island)
  382. + OSVDB-3092: /cc/: This might be interesting... potential country code (Cocos (keeling) Islands)
  383. + OSVDB-3092: /co/: This might be interesting... potential country code (Colombia)
  384. + OSVDB-3092: /km/: This might be interesting... potential country code (Comoros)
  385. + OSVDB-3092: /cg/: This might be interesting... potential country code (Congo)
  386. + OSVDB-3092: /cd/: This might be interesting... potential country code (The Democratic Republic Of The Congo)
  387. + OSVDB-3092: /ck/: This might be interesting... potential country code (Cook Islands)
  388. + OSVDB-3092: /cr/: This might be interesting... potential country code (Costa Rica)
  389. + OSVDB-3092: /ci/: This might be interesting... potential country code (CÔte D'ivoire)
  390. + OSVDB-3092: /hr/: This might be interesting... potential country code (Croatia)
  391. + OSVDB-3092: /cu/: This might be interesting... potential country code (Cuba)
  392. + OSVDB-3092: /cy/: This might be interesting... potential country code (Cyprus)
  393. + OSVDB-3092: /cz/: This might be interesting... potential country code (Czech Republic)
  394. + OSVDB-3092: /dk/: This might be interesting... potential country code (Denmark)
  395. + OSVDB-3092: /dj/: This might be interesting... potential country code (Djibouti)
  396. + OSVDB-3092: /dm/: This might be interesting... potential country code (Dominica)
  397. + OSVDB-3092: /do/: This might be interesting... potential country code (Dominican Republic)
  398. + OSVDB-3092: /ec/: This might be interesting... potential country code (Ecuador)
  399. + OSVDB-3092: /eg/: This might be interesting... potential country code (Egypt)
  400. + OSVDB-3092: /sv/: This might be interesting... potential country code (El Salvador)
  401. + OSVDB-3092: /gq/: This might be interesting... potential country code (Equatorial Guinea)
  402. + OSVDB-3092: /er/: This might be interesting... potential country code (Eritrea)
  403. + OSVDB-3092: /ee/: This might be interesting... potential country code (Estonia)
  404. + OSVDB-3092: /et/: This might be interesting... potential country code (Ethiopia)
  405. + OSVDB-3092: /fk/: This might be interesting... potential country code (Falkland Islands (malvinas))
  406. + OSVDB-3092: /fo/: This might be interesting... potential country code (Faroe Islands)
  407. + OSVDB-3092: /fj/: This might be interesting... potential country code (Fiji)
  408. + OSVDB-3092: /fi/: This might be interesting... potential country code (Finland)
  409. + OSVDB-3092: /fr/: This might be interesting... potential country code (France)
  410. + OSVDB-3092: /gf/: This might be interesting... potential country code (French Guiana)
  411. + OSVDB-3092: /pf/: This might be interesting... potential country code (French Polynesia)
  412. + OSVDB-3092: /tf/: This might be interesting... potential country code (French Southern Territories)
  413. + OSVDB-3092: /ga/: This might be interesting... potential country code (Gabon)
  414. + OSVDB-3092: /gm/: This might be interesting... potential country code (Gambia)
  415. + OSVDB-3092: /ge/: This might be interesting... potential country code (Georgia)
  416. + OSVDB-3092: /de/: This might be interesting... potential country code (Germany)
  417. + OSVDB-3092: /gh/: This might be interesting... potential country code (Ghana)
  418. + OSVDB-3092: /gi/: This might be interesting... potential country code (Gibraltar)
  419. + OSVDB-3092: /gr/: This might be interesting... potential country code (Greece)
  420. + OSVDB-3092: /gl/: This might be interesting... potential country code (Greenland)
  421. + OSVDB-3092: /gd/: This might be interesting... potential country code (Grenada)
  422. + OSVDB-3092: /gp/: This might be interesting... potential country code (Guadeloupe)
  423. + OSVDB-3092: /gu/: This might be interesting... potential country code (Guam)
  424. + OSVDB-3092: /gt/: This might be interesting... potential country code (Guatemala)
  425. + OSVDB-3092: /gg/: This might be interesting... potential country code (Guernsey)
  426. + OSVDB-3092: /gn/: This might be interesting... potential country code (Guinea)
  427. + OSVDB-3092: /gw/: This might be interesting... potential country code (Guinea-bissau)
  428. + OSVDB-3092: /gy/: This might be interesting... potential country code (Guyana)
  429. + OSVDB-3092: /ht/: This might be interesting... potential country code (Haiti)
  430. + OSVDB-3092: /hm/: This might be interesting... potential country code (Heard Island And Mcdonald Islands)
  431. + OSVDB-3092: /va/: This might be interesting... potential country code (Holy See (vatican City State))
  432. + OSVDB-3092: /hn/: This might be interesting... potential country code (Honduras)
  433. + OSVDB-3092: /hk/: This might be interesting... potential country code (Hong Kong)
  434. + OSVDB-3092: /hu/: This might be interesting... potential country code (Hungary)
  435. + OSVDB-3092: /is/: This might be interesting... potential country code (Iceland)
  436. + OSVDB-3092: /in/: This might be interesting... potential country code (India)
  437. + OSVDB-3092: /id/: This might be interesting... potential country code (Indonesia)
  438. + OSVDB-3092: /ir/: This might be interesting... potential country code (Islamic Republic Of Iran)
  439. + OSVDB-3092: /iq/: This might be interesting... potential country code (Iraq)
  440. + OSVDB-3092: /ie/: This might be interesting... potential country code (Ireland)
  441. + OSVDB-3092: /im/: This might be interesting... potential country code (Isle Of Man)
  442. + OSVDB-3092: /il/: This might be interesting... potential country code (Israel)
  443. + OSVDB-3092: /it/: This might be interesting... potential country code (Italy)
  444. + OSVDB-3092: /jm/: This might be interesting... potential country code (Jamaica)
  445. + OSVDB-3092: /jp/: This might be interesting... potential country code (Japan)
  446. + OSVDB-3092: /je/: This might be interesting... potential country code (Jersey)
  447. + OSVDB-3092: /jo/: This might be interesting... potential country code (Jordan)
  448. + OSVDB-3092: /kz/: This might be interesting... potential country code (Kazakhstan)
  449. + OSVDB-3092: /ke/: This might be interesting... potential country code (Kenya)
  450. + OSVDB-3092: /ki/: This might be interesting... potential country code (Kiribati)
  451. + OSVDB-3092: /kp/: This might be interesting... potential country code (Democratic People's Republic Of Korea)
  452. + OSVDB-3092: /kr/: This might be interesting... potential country code (Republic Of Korea)
  453. + OSVDB-3092: /kw/: This might be interesting... potential country code (Kuwait)
  454. + OSVDB-3092: /kg/: This might be interesting... potential country code (Kyrgyzstan)
  455. + OSVDB-3092: /la/: This might be interesting... potential country code (Lao People's Democratic Republic)
  456. + OSVDB-3092: /lv/: This might be interesting... potential country code (Latvia)
  457. + OSVDB-3092: /lb/: This might be interesting... potential country code (Lebanon)
  458. + OSVDB-3092: /ls/: This might be interesting... potential country code (Lesotho)
  459. + OSVDB-3092: /lr/: This might be interesting... potential country code (Liberia)
  460. + OSVDB-3092: /ly/: This might be interesting... potential country code (Libyan Arab Jamahiriya)
  461. + OSVDB-3092: /li/: This might be interesting... potential country code (Liechtenstein)
  462. + OSVDB-3092: /lt/: This might be interesting... potential country code (Lithuania)
  463. + OSVDB-3092: /lu/: This might be interesting... potential country code (Luxembourg)
  464. + OSVDB-3092: /mo/: This might be interesting... potential country code (Macao)
  465. + OSVDB-3092: /mk/: This might be interesting... potential country code (Macedonia)
  466. + OSVDB-3092: /mg/: This might be interesting... potential country code (Madagascar)
  467. + OSVDB-3092: /mw/: This might be interesting... potential country code (Malawi)
  468. + OSVDB-3092: /my/: This might be interesting... potential country code (Malaysia)
  469. + OSVDB-3092: /mv/: This might be interesting... potential country code (Maldives)
  470. + OSVDB-3092: /ml/: This might be interesting... potential country code (Mali)
  471. + OSVDB-3092: /mt/: This might be interesting... potential country code (Malta)
  472. + OSVDB-3092: /mh/: This might be interesting... potential country code (Marshall Islands)
  473. + OSVDB-3092: /mq/: This might be interesting... potential country code (Martinique)
  474. + OSVDB-3092: /mr/: This might be interesting... potential country code (Mauritania)
  475. + OSVDB-3092: /mu/: This might be interesting... potential country code (Mauritius)
  476. + OSVDB-3092: /yt/: This might be interesting... potential country code (Mayotte)
  477. + OSVDB-3092: /mx/: This might be interesting... potential country code (Mexico)
  478. + OSVDB-3092: /fm/: This might be interesting... potential country code (Federated States Of Micronesia)
  479. + OSVDB-3092: /md/: This might be interesting... potential country code (Republic Of Moldova)
  480. + OSVDB-3092: /mc/: This might be interesting... potential country code (Monaco)
  481. + OSVDB-3092: /mn/: This might be interesting... potential country code (Mongolia)
  482. + OSVDB-3092: /me/: This might be interesting... potential country code (Montenegro)
  483. + OSVDB-3092: /ms/: This might be interesting... potential country code (Montserrat)
  484. + OSVDB-3092: /ma/: This might be interesting... potential country code (Morocco)
  485. + OSVDB-3092: /mz/: This might be interesting... potential country code (Mozambique)
  486. + OSVDB-3092: /mm/: This might be interesting... potential country code (Myanmar)
  487. + OSVDB-3092: /na/: This might be interesting... potential country code (Namibia)
  488. + OSVDB-3092: /nr/: This might be interesting... potential country code (Nauru)
  489. + OSVDB-3092: /np/: This might be interesting... potential country code (Nepal)
  490. + OSVDB-3092: /nl/: This might be interesting... potential country code (Netherlands)
  491. + OSVDB-3092: /an/: This might be interesting... potential country code (Netherlands Antilles)
  492. + OSVDB-3092: /nc/: This might be interesting... potential country code (New Caledonia)
  493. + OSVDB-3092: /nz/: This might be interesting... potential country code (New Zealand)
  494. + OSVDB-3092: /ni/: This might be interesting... potential country code (Nicaragua)
  495. + OSVDB-3092: /ne/: This might be interesting... potential country code (Niger)
  496. + OSVDB-3092: /ng/: This might be interesting... potential country code (Nigeria)
  497. + OSVDB-3092: /nu/: This might be interesting... potential country code (Niue)
  498. + OSVDB-3092: /nf/: This might be interesting... potential country code (Norfolk Island)
  499. + OSVDB-3092: /mp/: This might be interesting... potential country code (Northern Mariana Islands)
  500. + OSVDB-3092: /no/: This might be interesting... potential country code (Norway)
  501. + OSVDB-3092: /om/: This might be interesting... potential country code (Oman)
  502. + OSVDB-3092: /pk/: This might be interesting... potential country code (Pakistan)
  503. + OSVDB-3092: /pw/: This might be interesting... potential country code (Palau)
  504. + OSVDB-3092: /ps/: This might be interesting... potential country code (Palestinian Territory)
  505. + OSVDB-3092: /pa/: This might be interesting... potential country code (Panama)
  506. + OSVDB-3092: /pg/: This might be interesting... potential country code (Papua New Guinea)
  507. + OSVDB-3092: /py/: This might be interesting... potential country code (Paraguay)
  508. + OSVDB-3092: /pe/: This might be interesting... potential country code (Peru)
  509. + OSVDB-3092: /ph/: This might be interesting... potential country code (Philippines)
  510. + OSVDB-3092: /pn/: This might be interesting... potential country code (Pitcairn)
  511. + OSVDB-3092: /pl/: This might be interesting... potential country code (Poland)
  512. + OSVDB-3092: /pt/: This might be interesting... potential country code (Portugal)
  513. + OSVDB-3092: /pr/: This might be interesting... potential country code (Puerto Rico)
  514. + OSVDB-3092: /qa/: This might be interesting... potential country code (Qatar)
  515. + OSVDB-3092: /re/: This might be interesting... potential country code (RÉunion)
  516. + OSVDB-3092: /ro/: This might be interesting... potential country code (Romania)
  517. + Cookie force_lng created without the httponly flag
  518. + OSVDB-3092: /ru/: This might be interesting... potential country code (Russian Federation)
  519. + OSVDB-3092: /rw/: This might be interesting... potential country code (Rwanda)
  520. + OSVDB-3092: /bl/: This might be interesting... potential country code (Saint BarthÉlemy)
  521. + OSVDB-3092: /sh/: This might be interesting... potential country code (Saint Helena)
  522. + OSVDB-3092: /kn/: This might be interesting... potential country code (Saint Kitts And Nevis)
  523. + OSVDB-3092: /lc/: This might be interesting... potential country code (Saint Lucia)
  524. + OSVDB-3092: /mf/: This might be interesting... potential country code (Saint Martin)
  525. + OSVDB-3092: /pm/: This might be interesting... potential country code (Saint Pierre And Miquelon)
  526. + OSVDB-3092: /vc/: This might be interesting... potential country code (Saint Vincent And The Grenadines)
  527. + OSVDB-3092: /ws/: This might be interesting... potential country code (Samoa)
  528. + OSVDB-3092: /sm/: This might be interesting... potential country code (San Marino)
  529. + OSVDB-3092: /st/: This might be interesting... potential country code (Sao Tome And Principe)
  530. + OSVDB-3092: /sa/: This might be interesting... potential country code (Saudi Arabia)
  531. + OSVDB-3092: /sn/: This might be interesting... potential country code (Senegal)
  532. + OSVDB-3092: /rs/: This might be interesting... potential country code (Serbia)
  533. + OSVDB-3092: /sc/: This might be interesting... potential country code (Seychelles)
  534. + OSVDB-3092: /sl/: This might be interesting... potential country code (Sierra Leone)
  535. + OSVDB-3092: /sg/: This might be interesting... potential country code (Singapore)
  536. + OSVDB-3092: /sk/: This might be interesting... potential country code (Slovakia)
  537. + OSVDB-3092: /si/: This might be interesting... potential country code (Slovenia)
  538. + OSVDB-3092: /sb/: This might be interesting... potential country code (Solomon Islands)
  539. + OSVDB-3092: /so/: This might be interesting... potential country code (Somalia)
  540. + OSVDB-3092: /za/: This might be interesting... potential country code (South Africa)
  541. + OSVDB-3092: /gs/: This might be interesting... potential country code (South Georgia And The South Sandwich Islands)
  542. + OSVDB-3092: /es/: This might be interesting... potential country code (Spain)
  543. + OSVDB-3092: /lk/: This might be interesting... potential country code (Sri Lanka)
  544. + OSVDB-3092: /sd/: This might be interesting... potential country code (Sudan)
  545. + OSVDB-3092: /sr/: This might be interesting... potential country code (Suriname)
  546. + OSVDB-3092: /sj/: This might be interesting... potential country code (Svalbard And Jan Mayen)
  547. + OSVDB-3092: /sz/: This might be interesting... potential country code (Swaziland)
  548. + OSVDB-3092: /se/: This might be interesting... potential country code (Sweden)
  549. + OSVDB-3092: /ch/: This might be interesting... potential country code (Switzerland)
  550. + OSVDB-3092: /sy/: This might be interesting... potential country code (Syrian Arab Republic)
  551. + OSVDB-3092: /tw/: This might be interesting... potential country code (Taiwan)
  552. + OSVDB-3092: /tj/: This might be interesting... potential country code (Tajikistan)
  553. + OSVDB-3092: /tz/: This might be interesting... potential country code (United Republic Of Tanzania)
  554. + OSVDB-3092: /th/: This might be interesting... potential country code (Thailand)
  555. + OSVDB-3092: /tl/: This might be interesting... potential country code (Timor-leste)
  556. + OSVDB-3092: /tg/: This might be interesting... potential country code (Togo)
  557. + OSVDB-3092: /tk/: This might be interesting... potential country code (Tokelau)
  558. + OSVDB-3092: /to/: This might be interesting... potential country code (Tonga)
  559. + OSVDB-3092: /tt/: This might be interesting... potential country code (Trinidad And Tobago)
  560. + OSVDB-3092: /tn/: This might be interesting... potential country code (Tunisia)
  561. + OSVDB-3092: /tr/: This might be interesting... potential country code (Turkey)
  562. + OSVDB-3092: /tm/: This might be interesting... potential country code (Turkmenistan)
  563. + OSVDB-3092: /tc/: This might be interesting... potential country code (Turks And Caicos Islands)
  564. + OSVDB-3092: /tv/: This might be interesting... potential country code (Tuvalu)
  565. + OSVDB-3092: /ug/: This might be interesting... potential country code (Uganda)
  566. + OSVDB-3092: /ua/: This might be interesting... potential country code (Ukraine)
  567. + OSVDB-3092: /ae/: This might be interesting... potential country code (United Arab Emirates)
  568. + OSVDB-3092: /gb/: This might be interesting... potential country code (United Kingdom)
  569. + OSVDB-3092: /us/: This might be interesting... potential country code (United States)
  570. + OSVDB-3092: /um/: This might be interesting... potential country code (United States Minor Outlying Islands)
  571. + OSVDB-3092: /uy/: This might be interesting... potential country code (Uruguay)
  572. + OSVDB-3092: /uz/: This might be interesting... potential country code (Uzbekistan)
  573. + OSVDB-3092: /vu/: This might be interesting... potential country code (Vanuatu)
  574. + OSVDB-3092: /ve/: This might be interesting... potential country code (Venezuela)
  575. + OSVDB-3092: /vn/: This might be interesting... potential country code (Viet Nam)
  576. + OSVDB-3092: /vg/: This might be interesting... potential country code (British Virgin Islands)
  577. + OSVDB-3092: /vi/: This might be interesting... potential country code (U.S. Virgin Islands)
  578. + OSVDB-3092: /wf/: This might be interesting... potential country code (Wallis And Futuna)
  579. + OSVDB-3092: /eh/: This might be interesting... potential country code (Western Sahara)
  580. + OSVDB-3092: /ye/: This might be interesting... potential country code (Yemen)
  581. + OSVDB-3092: /zm/: This might be interesting... potential country code (Zambia)
  582. + OSVDB-3092: /zw/: This might be interesting... potential country code (Zimbabwe)
  583. + /phpMyAdmin/: phpMyAdmin directory found
  584. + /phpmyadmin/: phpMyAdmin directory found
  585. + 8257 requests: 0 error(s) and 265 item(s) reported on remote host
  586. + End Time:           2017-02-11 01:32:30 (GMT-5) (1012 seconds)
  587. ------------------------------------------------------------------------
  588. teenymodels.top
  589.  
  590. ###########################################################################################
  591.  
  592. whois teenymodels.top
  593. Domain Name: teenymodels.top
  594. Domain ID: D20160706G10001G_71357867-TOP
  595. WHOIS Server: whois.1api.net
  596. Referral URL: http://www.1api.net
  597. Updated Date: 2016-12-20T13:23:51Z
  598. Creation Date: 2016-07-05T20:46:40Z
  599. Registry Expiry Date: 2017-07-05T20:46:40Z
  600. Sponsoring Registrar: 1API GmbH
  601. Sponsoring Registrar IANA ID: 1387
  602. Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
  603. Registrant ID: lcn28617469-oynt
  604. Registrant Name: Lao Ci
  605. Registrant Organization: n/a
  606. Registrant Street: Oak 49
  607. Registrant City: Boedburg
  608. Registrant State/Province:
  609. Registrant Postal Code: 49382
  610. Registrant Country: SE
  611. Registrant Phone: +46.493782309475
  612. Registrant Phone Ext:
  613. Registrant Fax:
  614. Registrant Fax Ext:
  615. Registrant Email: laoci@bk.ru
  616. Admin ID: lcn28617469-oynt
  617. Admin Name: Lao Ci
  618. Admin Organization: n/a
  619. Admin Street: Oak 49
  620. Admin City: Boedburg
  621. Admin State/Province:
  622. Admin Postal Code: 49382
  623. Admin Country: SE
  624. Admin Phone: +46.493782309475
  625. Admin Phone Ext:
  626. Admin Fax:
  627. Admin Fax Ext:
  628. Admin Email: laoci@bk.ru
  629. Tech ID: lcn28617469-oynt
  630. Tech Name: Lao Ci
  631. Tech Organization: n/a
  632. Tech Street: Oak 49
  633. Tech City: Boedburg
  634. Tech State/Province:
  635. Tech Postal Code: 49382
  636. Tech Country: SE
  637. Tech Phone: +46.493782309475
  638. Tech Phone Ext:
  639. Tech Fax:
  640. Tech Fax Ext:
  641. Tech Email: laoci@bk.ru
  642. Name Server: pns21.cloudns.net
  643. Name Server: ns21.cloudns.net
  644. Name Server: pns22.cloudns.net
  645. Name Server: pns23.cloudns.net
  646.  
  647. ###########################################################################################
  648.  
  649. ;teenymodels.top.       IN  ANY
  650.  
  651. ;; ANSWER SECTION:
  652. teenymodels.top.    3600    IN  SOA ns21.cloudns.net. support.cloudns.net. 2017021001 7200 1800 1209600 3600
  653. teenymodels.top.    3493    IN  A   191.101.242.101
  654. teenymodels.top.    3600    IN  NS  pns23.cloudns.net.
  655. teenymodels.top.    3600    IN  NS  pns21.cloudns.net.
  656. teenymodels.top.    3600    IN  NS  ns21.cloudns.net.
  657. teenymodels.top.    3600    IN  NS  pns22.cloudns.net.
  658.  
  659. ;; Query time: 111 msec
  660. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  661. ;; WHEN: Sat Feb 11 01:40:44 EST 2017
  662. ;; MSG SIZE  rcvd: 194
  663.  
  664. ###########################################################################################
  665.  
  666.  
  667. ###########################################################################################
  668.  
  669. dnstracer teenymodels.top
  670.  
  671. Tracing to teenymodels.top[a] via 0.0.0.0, maximum of 3 retries
  672. 0.0.0.0 (0.0.0.0) * * *
  673.  
  674. ###########################################################################################
  675.  
  676. cd /pentest/enumeration/fierce
  677. perl fierce.pl -dns teenymodels.top
  678.  
  679. ./Recon.sh: ligne 58 : cd: /pentest/enumeration/fierce: Aucun fichier ou dossier de ce type
  680. Can't open perl script "fierce.pl": Aucun fichier ou dossier de ce type
  681.  
  682. ###########################################################################################
  683.  
  684. Checking for HTTP-Loadbalancing [Date]: 06:42:27, 06:42:28, 06:42:28, 06:42:29, 06:42:30, 06:42:30, 06:42:31, 06:42:31, 06:42:32, 06:42:33, 06:42:33, 06:42:34, 06:42:34, 06:42:35, 06:42:36, 06:42:36, 06:42:37, 06:42:37, 06:42:38, 06:42:39, 06:42:39, 06:42:40, 06:42:41, 06:42:41, 06:42:42, 06:42:42, 06:42:43, 06:42:44, 06:42:44, 06:42:45, 06:42:45, 06:42:46, 06:42:47, 06:42:47, 06:42:48, 06:42:49, 06:42:49, 06:42:50, 06:42:50, 06:42:51, 06:42:53, 06:42:54, 06:42:55, 06:42:55, 06:42:56, 06:42:57, 06:42:57, 06:42:58, 06:42:58, 06:42:59, NOT FOUND
  685.  
  686. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  687.  
  688. teenymodels.top does NOT use Load-balancing.
  689.  
  690. ###########################################################################################
  691.  
  692. cd /pentest/enumeration/list-urls
  693. ./list-urls.py http://www.teenymodels.top
  694. ./Recon.sh: ligne 71 : cd: /pentest/enumeration/list-urls: Aucun fichier ou dossier de ce type
  695. ./Recon.sh: ligne 72: ./list-urls.py: Aucun fichier ou dossier de ce type
  696.  
  697. ###########################################################################################
  698.  
  699. nmap -PN -n -F -T4 -sV -A -oG temp.txt teenymodels.top
  700.  
  701. Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-11 01:43 EST
  702. Nmap scan report for teenymodels.top (191.101.242.101)
  703. Host is up (0.089s latency).
  704. Not shown: 97 closed ports
  705. PORT   STATE    SERVICE VERSION
  706. 22/tcp open     ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0)
  707. | ssh-hostkey:
  708. |   1024 02:a4:13:5b:ce:a8:c0:20:36:72:aa:5f:57:3a:a1:be (DSA)
  709. |   2048 57:55:7a:13:ea:65:f7:77:27:6a:68:f0:33:20:0b:47 (RSA)
  710. |_  256 b8:30:c6:b3:13:18:0d:cd:f0:10:65:4e:d4:7e:f9:53 (ECDSA)
  711. 53/tcp filtered domain
  712. 80/tcp open     http    nginx 1.10.3
  713. | http-server-header:
  714. |   nginx
  715. |_  nginx/1.10.3
  716. |_http-title: Teeny Models
  717. Device type: general purpose|storage-misc|router|media device|WAP|broadband router
  718. Running (JUST GUESSING): Linux 2.6.X|3.X (95%), HP embedded (93%), MikroTik RouterOS 6.X (92%), Infomir embedded (92%), Ubiquiti AirOS 5.X (92%), Netgear RAIDiator 4.X (91%)
  719. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.32.1 cpe:/h:infomir:mag-250 cpe:/o:ubnt:airos:5.5.9 cpe:/o:netgear:raidiator:4.2.21 cpe:/o:linux:linux_kernel:2.6.37
  720. Aggressive OS guesses: Linux 2.6.32 - 3.13 (95%), Linux 2.6.32 (94%), Linux 2.6.32 - 3.1 (94%), Linux 2.6.32 - 2.6.39 (94%), Linux 2.6.39 (94%), HP P2000 G3 NAS device (93%), Linux 3.10 (93%), Linux 3.2 (93%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.9 (92%)
  721. No exact OS matches for host (test conditions non-ideal).
  722. Network Distance: 2 hops
  723. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  724.  
  725. TRACEROUTE (using port 135/tcp)
  726. HOP RTT      ADDRESS
  727. 1   30.11 ms 10.42.0.1
  728. 2   30.31 ms 191.101.242.101
  729.  
  730. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  731. Nmap done: 1 IP address (1 host up) scanned in 31.26 seconds
  732.  
  733. ###########################################################################################
  734.  
  735. amap -i temp.txt
  736. amap v5.4 (www.thc.org/thc-amap) started at 2017-02-11 01:43:33 - APPLICATION MAPPING mode
  737.  
  738. Protocol on 191.101.242.101:80/tcp matches http
  739. Protocol on 191.101.242.101:22/tcp matches ssh
  740. Protocol on 191.101.242.101:22/tcp matches ssh-openssh
  741.  
  742. Unidentified ports: none.
  743.  
  744. amap v5.4 finished at 2017-02-11 01:43:39
  745.  
  746. ###########################################################################################
  747.  
  748. cd /pentest/enumeration/www/httprint/linux
  749. ./httprint -h www.teenymodels.top -s signatures.txt -P0
  750.  
  751. ./Recon.sh: ligne 90 : cd: /pentest/enumeration/www/httprint/linux: Aucun fichier ou dossier de ce type
  752. ./Recon.sh: ligne 91: ./httprint: Aucun fichier ou dossier de ce type
  753.  
  754. ###########################################################################################
  755. [+] using maximum random delay of 10 millisecond(s) between requests
  756.  
  757. www.teenymodels.top
  758. IP address #1: 191.101.242.101
  759.  
  760. [+] 1 (sub)domains and 1 IP address(es) found
  761. [-] Resolving hostnames IPs...
  762. 191.101.242.101:www.teenymodels.top
  763. [+] Virtual hosts:
  764. ---------------------------------------------------------------------------
  765. + Target IP:          191.101.242.101
  766. + Target Hostname:    teenymodels.top
  767. + Target Port:        80
  768. + Start Time:         2017-02-11 01:40:43 (GMT-5)
  769. ---------------------------------------------------------------------------
  770. + Server: nginx
  771. + Retrieved x-powered-by header: PHP/5.5.9-1ubuntu4.20
  772. + The anti-clickjacking X-Frame-Options header is not present.
  773. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  774. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  775. + No CGI Directories found (use '-C all' to force check all possible dirs)
  776. + Server banner has changed from 'nginx' to 'nginx/1.10.3' which may suggest a WAF, load balancer or proxy is in place
  777. + Server leaks inodes via ETags, header found with file /, fields: 0x5890a6b7 0x264
  778. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  779. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  780. + OSVDB-561: /server-status: This reveals Apache information. Comment out appropriate line in the Apache conf file or restrict access to allowed sources.
  781. + Uncommon header 'x-ob_mode' found, with contents: 0
  782. + OSVDB-3233: /icons/README: Apache default file found.
  783. + /phpmyadmin/: phpMyAdmin directory found
  784. + /server-status: Apache server-status interface found (pass protected)
  785. + 7605 requests: 7 error(s) and 12 item(s) reported on remote host
  786. + End Time:           2017-02-11 03:31:48 (GMT-5) (6665 seconds)
  787. ---------------------------------------------------------------------------
  788. crazyteens.win
  789.  
  790. ###########################################################################################
  791.  
  792. whois crazyteens.win
  793. Domain Name: CRAZYTEENS.WIN
  794. Domain ID: D2304002-WIN
  795. WHOIS Server: whois.nic.win
  796. Referral URL: http://www.1api.net
  797. Updated Date: 2016-12-20T09:15:32Z
  798. Creation Date: 2016-07-05T20:46:44Z
  799. Registry Expiry Date: 2017-07-04T23:59:59Z
  800. Sponsoring Registrar: 1API GmbH
  801. Sponsoring Registrar IANA ID: 1387
  802. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  803. Registrant ID: C2304000-WIN
  804. Registrant Name: Lao Ci
  805. Registrant Organization: n/a
  806. Registrant Street: Oak 49
  807. Registrant City: Boedburg
  808. Registrant Postal Code: 49382
  809. Registrant Country: SE
  810. Registrant Phone: +46.493782309475
  811. Registrant Email: laoci@bk.ru
  812. Admin ID: C2304000-WIN
  813. Admin Name: Lao Ci
  814. Admin Organization: n/a
  815. Admin Street: Oak 49
  816. Admin City: Boedburg
  817. Admin Postal Code: 49382
  818. Admin Country: SE
  819. Admin Phone: +46.493782309475
  820. Admin Email: laoci@bk.ru
  821. Tech ID: C2304000-WIN
  822. Tech Name: Lao Ci
  823. Tech Organization: n/a
  824. Tech Street: Oak 49
  825. Tech City: Boedburg
  826. Tech Postal Code: 49382
  827. Tech Country: SE
  828. Tech Phone: +46.493782309475
  829. Tech Email: laoci@bk.ru
  830. Billing ID: C2304000-WIN
  831. Billing Name: Lao Ci
  832. Billing Organization: n/a
  833. Billing Street: Oak 49
  834. Billing City: Boedburg
  835. Billing Postal Code: 49382
  836. Billing Country: SE
  837. Billing Phone: +46.493782309475
  838. Billing Email: laoci@bk.ru
  839. Name Server: NS21.CLOUDNS.NET
  840. Name Server: PNS23.CLOUDNS.NET
  841. Name Server: PNS22.CLOUDNS.NET
  842. Name Server: PNS21.CLOUDNS.NET
  843.  
  844.  
  845. ###########################################################################################
  846.  
  847. IN  ANY
  848.  
  849. ;; ANSWER SECTION:
  850. crazyteens.win.     3600    IN  SOA ns21.cloudns.net. support.cloudns.net. 2017021001 7200 1800 1209600 3600
  851. crazyteens.win.     3474    IN  A   191.101.242.101
  852. crazyteens.win.     3600    IN  NS  pns23.cloudns.net.
  853. crazyteens.win.     3600    IN  NS  ns21.cloudns.net.
  854. crazyteens.win.     3600    IN  NS  pns21.cloudns.net.
  855. crazyteens.win.     3600    IN  NS  pns22.cloudns.net.
  856.  
  857. ;; Query time: 94 msec
  858. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  859. ;; WHEN: Sat Feb 11 01:57:55 EST 2017
  860. ;; MSG SIZE  rcvd: 193
  861.  
  862. ###########################################################################################
  863.  
  864.  
  865.  NOT FOUND
  866.  
  867. Checking for HTTP-Loadbalancing [Date]: 07:00:48, 07:00:49, 07:00:50, 07:00:50, 07:00:51, 07:00:51, 07:00:52, 07:00:52, 07:00:53, 07:00:54, 07:00:54, 07:00:55, 07:00:55, 07:00:56, 07:00:57, 07:00:57, 07:00:58, 07:00:58, 07:00:59, 07:01:00, 07:01:00, 07:01:01, 07:01:01, 07:01:02, 07:01:02, 07:01:03, 07:01:04, 07:01:04, 07:01:05, 07:01:05, 07:01:06, 07:01:07, 07:01:07, 07:01:08, 07:01:08, 07:01:09, 07:01:10, 07:01:10, 07:01:11, 07:01:11, 07:01:12, 07:01:12, 07:01:13, 07:01:14, 07:01:14, 07:01:15, 07:01:15, 07:01:16, 07:01:17, 07:01:17, NOT FOUND
  868.  
  869.  
  870.  
  871. ###########################################################################################
  872.  
  873. nmap -PN -n -F -T4 -sV -A -oG temp.txt crazyteens.win
  874.  
  875. Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-11 02:01 EST
  876. Nmap scan report for crazyteens.win (191.101.242.101)
  877. Host is up (0.087s latency).
  878. Not shown: 97 closed ports
  879. PORT   STATE    SERVICE VERSION
  880. 22/tcp open     ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0)
  881. | ssh-hostkey:
  882. |   1024 02:a4:13:5b:ce:a8:c0:20:36:72:aa:5f:57:3a:a1:be (DSA)
  883. |   2048 57:55:7a:13:ea:65:f7:77:27:6a:68:f0:33:20:0b:47 (RSA)
  884. |_  256 b8:30:c6:b3:13:18:0d:cd:f0:10:65:4e:d4:7e:f9:53 (ECDSA)
  885. 53/tcp filtered domain
  886. 80/tcp open     http    nginx 1.10.3
  887. | http-server-header:
  888. |   nginx
  889. |_  nginx/1.10.3
  890. |_http-title: Crazy Teens
  891. Aggressive OS guesses: Linux 2.6.32 (95%), Linux 2.6.32 - 3.13 (95%), Linux 2.6.32 - 3.1 (94%), Linux 2.6.32 - 2.6.39 (94%), Linux 2.6.39 (94%), Linux 3.2 (94%), Linux 3.10 (94%), HP P2000 G3 NAS device (93%), Linux 3.8 (93%), Linux 2.6.32 - 3.10 (92%)
  892. No exact OS matches for host (test conditions non-ideal).
  893. Network Distance: 2 hops
  894. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  895.  
  896. TRACEROUTE (using port 135/tcp)
  897. HOP RTT      ADDRESS
  898. 1   30.44 ms 10.42.0.1
  899. 2   30.12 ms 191.101.242.101
  900.  
  901. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  902. Nmap done: 1 IP address (1 host up) scanned in 39.09 seconds
  903.  
  904. ###########################################################################################
  905.  
  906. amap -i temp.txt
  907. amap v5.4 (www.thc.org/thc-amap) started at 2017-02-11 02:01:58 - APPLICATION MAPPING mode
  908.  
  909. Protocol on 191.101.242.101:80/tcp matches http
  910. Protocol on 191.101.242.101:22/tcp matches ssh
  911. Protocol on 191.101.242.101:22/tcp matches ssh-openssh
  912.  
  913. Unidentified ports: none.
  914.  
  915. amap v5.4 finished at 2017-02-11 02:02:04
  916.  
  917. ###########################################################################################
  918.  
  919. cd /pentest/enumeration/www/httprint/linux
  920. ./httprint -h www.crazyteens.win -s signatures.txt -P0
  921.  
  922. ./Recon.sh: ligne 90 : cd: /pentest/enumeration/www/httprint/linux: Aucun fichier ou dossier de ce type
  923. ./Recon.sh: ligne 91: ./httprint: Aucun fichier ou dossier de ce type
  924.  
  925. ###########################################################################################
  926. [+] searching (sub)domains for crazyteens.win using built-in wordlist
  927. [+] using maximum random delay of 10 millisecond(s) between requests
  928.  
  929. www.crazyteens.win
  930. IP address #1: 191.101.242.101
  931.  
  932. [+] 1 (sub)domains and 1 IP address(es) found
  933. -----------------------------------
  934. [-] Resolving hostnames IPs...
  935. 191.101.242.101:www.crazyteens.win
  936. teenmodels.click
  937.  
  938. ###########################################################################################
  939.  
  940. whois teenmodels.click
  941. Domain Name: teenmodels.click
  942. Domain ID: DO_fe991df3c6594f64026844800b8d09a8-UR
  943. WHOIS Server: whois.uniregistry.net
  944. Referral URL: http://whois.uniregistry.net
  945. Updated Date: 2016-12-20T11:04:36.587Z
  946. Creation Date: 2015-11-09T12:30:01.792Z
  947. Registry Expiry Date: 2017-11-09T12:30:01.792Z
  948. Sponsoring Registrar: 1API GmbH
  949. Sponsoring Registrar IANA ID: 1387
  950. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  951. Registrant ID: CO_91c0f91fdc4a72d26f445c40814a89b2-UR
  952. Registrant Name: Lao Ci
  953. Registrant Organization: n/a
  954. Registrant Street: Oak 49
  955. Registrant City: Boedburg
  956. Registrant State/Province:
  957. Registrant Postal Code: 49382
  958. Registrant Country: SE
  959. Registrant Phone: +46.493782309475
  960. Registrant Email: laoci@bk.ru
  961. Admin ID: CO_91c0f91fdc4a72d26f445c40814a89b2-UR
  962. Admin Name: Lao Ci
  963. Admin Organization: n/a
  964. Admin Street: Oak 49
  965. Admin City: Boedburg
  966. Admin State/Province:
  967. Admin Postal Code: 49382
  968. Admin Country: SE
  969. Admin Phone: +46.493782309475
  970. Admin Email: laoci@bk.ru
  971. Tech ID: CO_91c0f91fdc4a72d26f445c40814a89b2-UR
  972. Tech Name: Lao Ci
  973. Tech Organization: n/a
  974. Tech Street: Oak 49
  975. Tech City: Boedburg
  976. Tech State/Province:
  977. Tech Postal Code: 49382
  978. Tech Country: SE
  979. Tech Phone: +46.493782309475
  980. Tech Email: laoci@bk.ru
  981. Billing ID: CO_91c0f91fdc4a72d26f445c40814a89b2-UR
  982. Billing Name: Lao Ci
  983. Billing Organization: n/a
  984. Billing Street: Oak 49
  985. Billing City: Boedburg
  986. Billing State/Province:
  987. Billing Postal Code: 49382
  988. Billing Country: SE
  989. Billing Phone: +46.493782309475
  990. Billing Email: laoci@bk.ru
  991. Name Server: ns23.cloudns.net
  992. Name Server: pns23.cloudns.net
  993. Name Server: pns24.cloudns.net
  994. Name Server: pns30.cloudns.net
  995.  
  996. ###########################################################################################
  997.  
  998. dig teenmodels.click any
  999. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  1000.  
  1001. ; <<>> DiG 9.10.3-P4-Debian <<>> teenmodels.click any
  1002. ;; global options: +cmd
  1003. ;; Got answer:
  1004. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3454
  1005. ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
  1006.  
  1007. ;; OPT PSEUDOSECTION:
  1008. ; EDNS: version: 0, flags:; udp: 4096
  1009. ;; QUESTION SECTION:
  1010. ;teenmodels.click.      IN  ANY
  1011.  
  1012. ;; ANSWER SECTION:
  1013. teenmodels.click.   3600    IN  SOA ns21.cloudns.net. support.cloudns.net. 2017021001 7200 1800 1209600 3600
  1014. teenmodels.click.   3453    IN  A   191.101.242.101
  1015. teenmodels.click.   3600    IN  NS  pns24.cloudns.net.
  1016. teenmodels.click.   3600    IN  NS  ns23.cloudns.net.
  1017. teenmodels.click.   3600    IN  NS  pns30.cloudns.net.
  1018. teenmodels.click.   3600    IN  NS  pns23.cloudns.net.
  1019.  
  1020. ;; Query time: 160 msec
  1021. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  1022. ;; WHEN: Sat Feb 11 02:01:19 EST 2017
  1023. ;; MSG SIZE  rcvd: 200
  1024.  
  1025. ###########################################################################################
  1026.  
  1027.  
  1028.  
  1029. Checking for HTTP-Loadbalancing [Date]: 07:03:00, 07:03:01, 07:03:01, 07:03:02, 07:03:02, 07:03:03, 07:03:04, 07:03:04, 07:03:05, 07:03:05, 07:03:06, 07:03:06, 07:03:07, 07:03:08, 07:03:08, 07:03:09, 07:03:09, 07:03:10, 07:03:11, 07:03:11, 07:03:12, 07:03:12, 07:03:13, 07:03:14, 07:03:14, 07:03:15, 07:03:15, 07:03:16, 07:03:16, 07:03:17, 07:03:18, 07:03:18, 07:03:19, 07:03:19, 07:03:20, 07:03:21, 07:03:21, 07:03:22, 07:03:22, 07:03:23, 07:03:24, 07:03:24, 07:03:25, 07:03:25, 07:03:26, 07:03:26, 07:03:27, 07:03:28, 07:03:28, 07:03:29, NOT FOUND
  1030.  
  1031. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  1032.  
  1033. teenmodels.click does NOT use Load-balancing.
  1034.  
  1035. ###########################################################################################
  1036.  
  1037. cd /pentest/enumeration/list-urls
  1038. ./list-urls.py http://www.teenmodels.click
  1039. ./Recon.sh: ligne 71 : cd: /pentest/enumeration/list-urls: Aucun fichier ou dossier de ce type
  1040. ./Recon.sh: ligne 72: ./list-urls.py: Aucun fichier ou dossier de ce type
  1041.  
  1042. ###########################################################################################
  1043.  
  1044. nmap -PN -n -F -T4 -sV -A -oG temp.txt teenmodels.click
  1045.  
  1046. Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-11 02:03 EST
  1047. Nmap scan report for teenmodels.click (191.101.242.101)
  1048. Host is up (0.083s latency).
  1049. Not shown: 97 closed ports
  1050. PORT   STATE    SERVICE VERSION
  1051. 22/tcp open     ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0)
  1052. | ssh-hostkey:
  1053. |   1024 02:a4:13:5b:ce:a8:c0:20:36:72:aa:5f:57:3a:a1:be (DSA)
  1054. |   2048 57:55:7a:13:ea:65:f7:77:27:6a:68:f0:33:20:0b:47 (RSA)
  1055. |_  256 b8:30:c6:b3:13:18:0d:cd:f0:10:65:4e:d4:7e:f9:53 (ECDSA)
  1056. 53/tcp filtered domain
  1057. 80/tcp open     http    nginx 1.10.3
  1058. | http-server-header:
  1059. |   nginx
  1060. |_  nginx/1.10.3
  1061. |_http-title: Teen Models
  1062. Aggressive OS guesses: Linux 2.6.32 (95%), Linux 2.6.32 - 3.1 (95%), Linux 2.6.32 - 3.13 (95%), Linux 2.6.32 - 2.6.39 (94%), Linux 2.6.39 (94%), Linux 3.10 (94%), Linux 3.2 (94%), HP P2000 G3 NAS device (93%), Linux 3.11 (93%), Linux 3.5 (93%)
  1063. No exact OS matches for host (test conditions non-ideal).
  1064. Network Distance: 2 hops
  1065. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1066.  
  1067. TRACEROUTE (using port 135/tcp)
  1068. HOP RTT      ADDRESS
  1069. 1   30.01 ms 10.42.0.1
  1070. 2   30.22 ms 191.101.242.101
  1071.  
  1072. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1073. Nmap done: 1 IP address (1 host up) scanned in 32.55 seconds
  1074.  
  1075. ###########################################################################################
  1076.  
  1077. amap -i temp.txt
  1078. amap v5.4 (www.thc.org/thc-amap) started at 2017-02-11 02:04:03 - APPLICATION MAPPING mode
  1079.  
  1080. Protocol on 191.101.242.101:80/tcp matches http
  1081. Protocol on 191.101.242.101:22/tcp matches ssh
  1082. Protocol on 191.101.242.101:22/tcp matches ssh-openssh
  1083.  
  1084. Unidentified ports: none.
  1085.  
  1086. amap v5.4 finished at 2017-02-11 02:04:09
  1087.  
  1088. ###########################################################################################
  1089.  
  1090. cd /pentest/enumeration/www/httprint/linux
  1091. ./httprint -h www.teenmodels.click -s signatures.txt -P0
  1092.  
  1093. ./Recon.sh: ligne 90 : cd: /pentest/enumeration/www/httprint/linux: Aucun fichier ou dossier de ce type
  1094. ./Recon.sh: ligne 91: ./httprint: Aucun fichier ou dossier de ce type
  1095.  
  1096. ###########################################################################################
  1097. [+] using maximum random delay of 10 millisecond(s) between requests
  1098.  
  1099. www.teenmodels.click
  1100. IP address #1: 191.101.242.101
  1101.  
  1102. [+] 1 (sub)domains and 1 IP address(es) found
  1103. +] Hosts found in search engines:
  1104. ------------------------------------
  1105. [-] Resolving hostnames IPs...
  1106. 191.101.242.101:www.teenmodels.click
  1107. [+] Virtual hosts:
  1108. ---------------------------------------------------------------------------
  1109. + Target IP:          191.101.242.101
  1110. + Target Hostname:    teenmodels.click
  1111. + Target Port:        80
  1112. + Start Time:         2017-02-11 02:01:12 (GMT-5)
  1113. ---------------------------------------------------------------------------
  1114. + Server: nginx
  1115. + Retrieved x-powered-by header: PHP/5.5.9-1ubuntu4.20
  1116. + The anti-clickjacking X-Frame-Options header is not present.
  1117. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1118. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1119. + No CGI Directories found (use '-C all' to force check all possible dirs)
  1120. + Server banner has changed from 'nginx' to 'nginx/1.10.3' which may suggest a WAF, load balancer or proxy is in place
  1121. + Server leaks inodes via ETags, header found with file /, fields: 0x5890a6b7 0x264
  1122. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  1123. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  1124. + OSVDB-561: /server-status: This reveals Apache information. Comment out appropriate line in the Apache conf file or restrict access to allowed sources.
  1125. + Uncommon header 'x-ob_mode' found, with contents: 0
  1126. + OSVDB-3233: /icons/README: Apache default file found.
  1127. + /phpmyadmin/: phpMyAdmin directory found
  1128. + /server-status: Apache server-status interface found (pass protected)
  1129. + 7596 requests: 0 error(s) and 12 item(s) reported on remote host
  1130. + End Time:           2017-02-11 03:47:54 (GMT-5) (6402 seconds)
  1131. alltogfs.com
  1132.  
  1133. ###########################################################################################
  1134.  
  1135. whois alltogfs.com
  1136.  
  1137. Whois Server Version 2.0
  1138.  
  1139. Domain names in the .com and .net domains can now be registered
  1140. with many different competing registrars. Go to http://www.internic.net
  1141. for detailed information.
  1142.  
  1143.    Domain Name: ALLTOGFS.COM
  1144.    Registrar: DOMAINPEOPLE, INC.
  1145.    Sponsoring Registrar IANA ID: 65
  1146.    Whois Server: whois.domainpeople.com
  1147.    Referral URL: http://www.domainpeople.com
  1148.    Name Server: A.DNS.HOSTWAY.NET
  1149.    Name Server: B.DNS.HOSTWAY.NET
  1150.    Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  1151.    Updated Date: 02-feb-2017
  1152.    Creation Date: 02-feb-2017
  1153.    Expiration Date: 02-feb-2018
  1154.  
  1155.  
  1156. Domain Name: ALLTOGFS.COM
  1157. Registry Domain ID: 2094804154_DOMAIN_COM-VRSN
  1158. Registrar WHOIS Server: whois.domainpeople.com
  1159. Registrar URL: www.domainpeople.com
  1160. Updated Date: 2017-02-01T16:39:36.00Z
  1161. Creation Date: 2017-02-02T00:39:00.00Z
  1162. Registrar Registration Expiration Date: 2018-02-02T00:39:00.00Z
  1163. Registrar: DOMAINPEOPLE, INC.
  1164. Registrar IANA ID: 65
  1165. Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
  1166. Registry Registrant ID:
  1167. Registrant Name: LIRILK SOKOLOV
  1168. Registrant Organization: LIRILK
  1169. Registrant Street: PUSHKINA STR., 24
  1170. Registrant City: PIT
  1171. Registrant State/Province: CR
  1172. Registrant Postal Code: 663161
  1173. Registrant Country: RU
  1174. Registrant Phone: +7.80971234567
  1175. Registrant Phone Ext:
  1176. Registrant Fax:
  1177. Registrant Fax Ext:
  1178. Registrant Email: QWZBOX@GMAIL.COM
  1179. Registry Admin ID:
  1180. Admin Name: LIRILK SOKOLOV
  1181. Admin Organization: LIRILK
  1182. Admin Street: PUSHKINA STR., 24
  1183. Admin City: PIT
  1184. Admin State/Province: CR
  1185. Admin Postal Code: 663161
  1186. Admin Country: RU
  1187. Admin Phone: +7.80971234567
  1188. Admin Phone Ext:
  1189. Admin Fax:
  1190. Admin Fax Ext:
  1191. Admin Email: QWZBOX@GMAIL.COM
  1192. Registry Tech ID:
  1193. Tech Name: LIRILK SOKOLOV
  1194. Tech Organization: LIRILK
  1195. Tech Street: PUSHKINA STR., 24
  1196. Tech City: PIT
  1197. Tech State/Province: CR
  1198. Tech Postal Code: 663161
  1199. Tech Country: RU
  1200. Tech Phone: +7.80971234567
  1201. Tech Phone Ext:
  1202. Tech Fax:
  1203. Tech Fax Ext:
  1204. Tech Email: QWZBOX@GMAIL.COM
  1205. Name Server: A.DNS.HOSTWAY.NET
  1206. Name Server: B.DNS.HOSTWAY.NET
  1207. DNSSEC: unSigned
  1208. Registrar Abuse Contact Email: abuse@domainpeople.com
  1209. Registrar Abuse Contact Phone: +1.6046391680
  1210.  
  1211. ###########################################################################################
  1212.  
  1213. dig alltogfs.com any
  1214. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  1215.  
  1216. ; <<>> DiG 9.10.3-P4-Debian <<>> alltogfs.com any
  1217. ;; global options: +cmd
  1218. ;; Got answer:
  1219. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20910
  1220. ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
  1221.  
  1222. ;; OPT PSEUDOSECTION:
  1223. ; EDNS: version: 0, flags:; udp: 4096
  1224. ;; QUESTION SECTION:
  1225. ;alltogfs.com.          IN  ANY
  1226.  
  1227. ;; ANSWER SECTION:
  1228. alltogfs.com.       14057   IN  A   37.1.206.90
  1229. alltogfs.com.       14400   IN  NS  a.dns.hostway.net.
  1230. alltogfs.com.       14400   IN  NS  b.dns.hostway.net.
  1231. alltogfs.com.       14400   IN  SOA a.dns.hostway.net. hostmaster.alltogfs.com. 2017020209 172800 900 1209600 3600
  1232.  
  1233. ;; Query time: 209 msec
  1234. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  1235. ;; WHEN: Sat Feb 11 08:07:27 EST 2017
  1236. ;; MSG SIZE  rcvd: 151
  1237.  
  1238. ###########################################################################################
  1239.  
  1240. host -l alltogfs.com
  1241.  
  1242. Host alltogfs.com not found: 5(REFUSED)
  1243. ; Transfer failed.
  1244.  
  1245. ###########################################################################################
  1246.  
  1247.  
  1248.  
  1249. Checking for HTTP-Loadbalancing [Date]: 10:30:08, 10:30:08, 10:30:08, 10:30:08, 10:30:09, 10:30:09, 10:30:09, 10:30:09, 10:30:10, 10:30:10, 10:30:10, 10:30:11, 10:30:11, 10:30:11, 10:30:11, 10:30:12, 10:30:12, 10:30:12, 10:30:12, 10:30:13, 10:30:13, 10:30:13, 10:30:13, 10:30:14, 10:30:14, 10:30:14, 10:30:15, 10:30:15, 10:30:15, 10:30:15, 10:30:16, 10:30:16, 10:30:16, 10:30:16, 10:30:17, 10:30:17, 10:30:17, 10:30:17, 10:30:18, 10:30:18, 10:30:18, 10:30:19, 10:30:19, 10:30:19, 10:30:19, 10:30:20, 10:30:20, 10:30:20, 10:30:20, 10:30:21, NOT FOUND
  1250.  
  1251. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  1252.  
  1253. alltogfs.com does NOT use Load-balancing.
  1254.  
  1255. ###########################################################################################
  1256.  
  1257.  
  1258.  
  1259. ###########################################################################################
  1260.  
  1261. nmap -PN -n -F -T4 -sV -A -oG temp.txt alltogfs.com
  1262.  
  1263. Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-11 08:08 EST
  1264. Nmap scan report for alltogfs.com (37.1.206.90)
  1265. Host is up (0.054s latency).
  1266. Not shown: 94 closed ports
  1267. PORT      STATE    SERVICE VERSION
  1268. 21/tcp    open     ftp     vsftpd 2.2.2
  1269. | ftp-anon: Anonymous FTP login allowed (FTP code 230)
  1270. |_drwxr-xr-x    2 0        0            4096 Jul 24  2015 pub
  1271. 22/tcp    open     ssh     OpenSSH 5.3 (protocol 2.0)
  1272. | ssh-hostkey:
  1273. |   1024 47:54:0d:0d:74:20:7b:73:98:65:5b:e6:15:02:40:84 (DSA)
  1274. |_  2048 6c:be:a6:48:34:9c:df:0c:13:f1:11:46:fe:fb:e1:14 (RSA)
  1275. 53/tcp    filtered domain
  1276. 80/tcp    open     http    lighttpd 1.4.20
  1277. |_http-server-header: lighttpd/1.4.20
  1278. |_http-title: Cool Sex Site - All Pictures Here
  1279. 8000/tcp  open     http    lighttpd 1.4.20
  1280. |_http-server-header: lighttpd/1.4.20
  1281. |_http-title: Cool Sex Site - All Pictures Here
  1282. 10000/tcp open     http    MiniServ 1.760 (Webmin httpd)
  1283. |_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
  1284. Aggressive OS guesses: Linux 3.10 - 4.2 (95%), Linux 3.18 (93%), Linux 3.2 - 4.6 (93%), Linux 3.13 (92%), Linux 3.13 or 4.2 (92%), Linux 4.1 (92%), Linux 4.4 (92%), Asus RT-AC66U WAP (92%), Linux 3.10 (92%), Linux 3.11 - 3.12 (92%)
  1285. No exact OS matches for host (test conditions non-ideal).
  1286. Network Distance: 2 hops
  1287. Service Info: OS: Unix
  1288.  
  1289. TRACEROUTE (using port 25/tcp)
  1290. HOP RTT      ADDRESS
  1291. 1   31.41 ms 10.42.0.1
  1292. 2   30.93 ms 37.1.206.90
  1293.  
  1294. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1295. Nmap done: 1 IP address (1 host up) scanned in 43.97 seconds
  1296.  
  1297. ###########################################################################################
  1298.  
  1299. amap -i temp.txt
  1300. amap v5.4 (www.thc.org/thc-amap) started at 2017-02-11 08:09:34 - APPLICATION MAPPING mode
  1301.  
  1302. Protocol on 37.1.206.90:8000/tcp matches http
  1303. Protocol on 37.1.206.90:80/tcp matches http
  1304. Protocol on 37.1.206.90:21/tcp matches ftp
  1305. Protocol on 37.1.206.90:10000/tcp matches http
  1306. Protocol on 37.1.206.90:22/tcp matches ssh
  1307. Protocol on 37.1.206.90:22/tcp matches ssh-openssh
  1308. Protocol on 37.1.206.90:10000/tcp matches ntp
  1309. Protocol on 37.1.206.90:10000/tcp matches ssl
  1310.  
  1311. Unidentified ports: none.
  1312.  
  1313. amap v5.4 finished at 2017-02-11 08:09:47
  1314.  
  1315. ###########################################################################################
  1316.  
  1317. cd /pentest/enumeration/www/httprint/linux
  1318. ./httprint -h www.alltogfs.com -s signatures.txt -P0
  1319.  
  1320. ./Recon.sh: ligne 90 : cd: /pentest/enumeration/www/httprint/linux: Aucun fichier ou dossier de ce type
  1321. ./Recon.sh: ligne 91: ./httprint: Aucun fichier ou dossier de ce type
  1322.  
  1323. ###########################################################################################
  1324. [+] using maximum random delay of 10 millisecond(s) between requests
  1325.  
  1326. www.alltogfs.com
  1327. IP address #1: 37.1.206.90
  1328.  
  1329. [+] 1 (sub)domains and 1 IP address(es) found
  1330. ---------------------------------------------------------------------------
  1331. + Target IP:          37.1.206.90
  1332. + Target Hostname:    alltogfs.com
  1333. + Target Port:        80
  1334. + Start Time:         2017-02-11 08:07:22 (GMT-5)
  1335. ---------------------------------------------------------------------------
  1336. + Server: lighttpd/1.4.20
  1337. + Retrieved x-powered-by header: PHP/5.2.16
  1338. + The anti-clickjacking X-Frame-Options header is not present.
  1339. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1340. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1341. + No CGI Directories found (use '-C all' to force check all possible dirs)
  1342. + Allowed HTTP Methods: OPTIONS, GET, HEAD, POST
  1343. + /test.php?%3CSCRIPT%3Ealert('Vulnerable')%3C%2FSCRIPT%3E=x: Output from the phpinfo() function was found.
  1344. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1345. + OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1346. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1347. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1348. + /test.php: Output from the phpinfo() function was found.
  1349. + OSVDB-3233: /test.php: PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information.
  1350. + OSVDB-3092: /test.php: This might be interesting...
  1351. + 7445 requests: 0 error(s) and 13 item(s) reported on remote host
  1352. + End Time:           2017-02-11 08:37:34 (GMT-5) (1812 seconds)
  1353. ---------------------------------------------------------------------------
  1354. nudeteenlist.com
  1355.  
  1356. ###########################################################################################
  1357.  
  1358. whois nudeteenlist.com
  1359.  
  1360. Whois Server Version 2.0
  1361.  
  1362. Domain names in the .com and .net domains can now be registered
  1363. with many different competing registrars. Go to http://www.internic.net
  1364. for detailed information.
  1365.  
  1366.    Domain Name: NUDETEENLIST.COM
  1367.    Registrar: GODADDY.COM, LLC
  1368.    Sponsoring Registrar IANA ID: 146
  1369.    Whois Server: whois.godaddy.com
  1370.    Referral URL: http://www.godaddy.com
  1371.    Name Server: NS1.JUMPINGROO.COM
  1372.    Name Server: NS2.JUMPINGROO.COM
  1373.    Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
  1374.    Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
  1375.    Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  1376.    Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
  1377.    Updated Date: 24-jan-2017
  1378.    Creation Date: 23-jan-2006
  1379.    Expiration Date: 23-jan-2018
  1380.  
  1381.  
  1382. Domain Name: NUDETEENLIST.COM
  1383. Registry Domain ID: 324868434_DOMAIN_COM-VRSN
  1384. Registrar WHOIS Server: whois.godaddy.com
  1385. Registrar URL: http://www.godaddy.com
  1386. Update Date: 2017-01-24T15:00:37Z
  1387. Creation Date: 2006-01-23T19:41:02Z
  1388. Registrar Registration Expiration Date: 2018-01-23T19:41:02Z
  1389. Registrar: GoDaddy.com, LLC
  1390. Registrar IANA ID: 146
  1391. Registrar Abuse Contact Email: abuse@godaddy.com
  1392. Registrar Abuse Contact Phone: +1.4806242505
  1393. Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
  1394. Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
  1395. Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
  1396. Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
  1397. Registry Registrant ID: Not Available From Registry
  1398. Registrant Name: Registration Private
  1399. Registrant Organization: Domains By Proxy, LLC
  1400. Registrant Street: DomainsByProxy.com
  1401. Registrant Street: 14455 N. Hayden Road
  1402. Registrant City: Scottsdale
  1403. Registrant State/Province: AZ
  1404. Registrant Postal Code: 85260
  1405. Registrant Country: US
  1406. Registrant Phone: +1.4806242599
  1407. Registrant Phone Ext:
  1408. Registrant Fax: +1.4806242598
  1409. Registrant Fax Ext:
  1410. Registrant Email: NUDETEENLIST.COM@domainsbyproxy.com
  1411. Registry Admin ID: Not Available From Registry
  1412. Admin Name: Registration Private
  1413. Admin Organization: Domains By Proxy, LLC
  1414. Admin Street: DomainsByProxy.com
  1415. Admin Street: 14455 N. Hayden Road
  1416. Admin City: Scottsdale
  1417. Admin State/Province: AZ
  1418. Admin Postal Code: 85260
  1419. Admin Country: US
  1420. Admin Phone: +1.4806242599
  1421. Admin Phone Ext:
  1422. Admin Fax: +1.4806242598
  1423. Admin Fax Ext:
  1424. Admin Email: NUDETEENLIST.COM@domainsbyproxy.com
  1425. Registry Tech ID: Not Available From Registry
  1426. Tech Name: Registration Private
  1427. Tech Organization: Domains By Proxy, LLC
  1428. Tech Street: DomainsByProxy.com
  1429. Tech Street: 14455 N. Hayden Road
  1430. Tech City: Scottsdale
  1431. Tech State/Province: AZ
  1432. Tech Postal Code: 85260
  1433. Tech Country: US
  1434. Tech Phone: +1.4806242599
  1435. Tech Phone Ext:
  1436. Tech Fax: +1.4806242598
  1437. Tech Fax Ext:
  1438. Tech Email: NUDETEENLIST.COM@domainsbyproxy.com
  1439. Name Server: NS1.JUMPINGROO.COM
  1440. Name Server: NS2.JUMPINGROO.COM
  1441.  
  1442. ###########################################################################################
  1443.  
  1444. dig nudeteenlist.com any
  1445. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  1446.  
  1447. ; <<>> DiG 9.10.3-P4-Debian <<>> nudeteenlist.com any
  1448. ;; global options: +cmd
  1449. ;; Got answer:
  1450. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61785
  1451. ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
  1452.  
  1453. ;; OPT PSEUDOSECTION:
  1454. ; EDNS: version: 0, flags:; udp: 4096
  1455. ;; QUESTION SECTION:
  1456. ;nudeteenlist.com.      IN  ANY
  1457.  
  1458. ;; ANSWER SECTION:
  1459. nudeteenlist.com.   14400   IN  MX  0 nudeteenlist.com.
  1460. nudeteenlist.com.   86400   IN  SOA ns1.jumpingroo.com. support.gigecdn.com. 2015062300 86400 7200 3600000 86400
  1461. nudeteenlist.com.   86400   IN  NS  ns2.jumpingroo.com.
  1462. nudeteenlist.com.   86400   IN  NS  ns1.jumpingroo.com.
  1463. nudeteenlist.com.   14196   IN  A   204.93.61.114
  1464.  
  1465. ;; Query time: 52 msec
  1466. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  1467. ;; WHEN: Sat Feb 11 08:07:19 EST 2017
  1468. ;; MSG SIZE  rcvd: 176
  1469.  
  1470. ###########################################################################################
  1471.  
  1472. host -l nudeteenlist.com
  1473.  
  1474. Host nudeteenlist.com not found: 5(REFUSED)
  1475. ; Transfer failed.
  1476.  
  1477. ###########################################################################################
  1478.  
  1479. tcptraceroute -i eth0 nudeteenlist.com
  1480.  
  1481. Running:
  1482.     traceroute -T -O info -i eth0 nudeteenlist.com
  1483. traceroute to nudeteenlist.com (204.93.61.114), 30 hops max, 60 byte packets
  1484. send: Opération non permise
  1485.  
  1486. ###########################################################################################
  1487.  
  1488. cd /pentest/enumeration/dnsenum
  1489. perl dnsenum.pl --enum -f dns.txt --update a -r nudeteenlist.com
  1490.  
  1491. ./Recon.sh: ligne 44 : cd: /pentest/enumeration/dnsenum: Aucun fichier ou dossier de ce type
  1492. Can't open perl script "dnsenum.pl": Aucun fichier ou dossier de ce type
  1493.  
  1494. ###########################################################################################
  1495.  
  1496. dnstracer nudeteenlist.com
  1497.  
  1498. Tracing to nudeteenlist.com[a] via 0.0.0.0, maximum of 3 retries
  1499. 0.0.0.0 (0.0.0.0) * * *
  1500.  
  1501. ###########################################################################################
  1502.  
  1503. cd /pentest/enumeration/fierce
  1504. perl fierce.pl -dns nudeteenlist.com
  1505.  
  1506. ./Recon.sh: ligne 58 : cd: /pentest/enumeration/fierce: Aucun fichier ou dossier de ce type
  1507. Can't open perl script "fierce.pl": Aucun fichier ou dossier de ce type
  1508.  
  1509. ###########################################################################################
  1510.  
  1511.  
  1512.  
  1513. Checking for HTTP-Loadbalancing [Date]: 13:08:30, 13:08:30, 13:08:31, 13:08:31, 13:08:31, 13:08:31, 13:08:31, 13:08:31, 13:08:32, 13:08:32, 13:08:32, 13:08:32, 13:08:32, 13:08:32, 13:08:32, 13:08:33, 13:08:33, 13:08:33, 13:08:33, 13:08:33, 13:08:33, 13:08:33, 13:08:34, 13:08:34, 13:08:34, 13:08:34, 13:08:34, 13:08:34, 13:08:35, 13:08:35, 13:08:35, 13:08:35, 13:08:35, 13:08:35, 13:08:36, 13:08:36, 13:08:36, 13:08:36, 13:08:36, 13:08:36, 13:08:36, 13:08:37, 13:08:37, 13:08:37, 13:08:37, 13:08:37, 13:08:37, 13:08:37, 13:08:38, 13:08:38, NOT FOUND
  1514.  
  1515. Checking for HTTP-Loadbalancing [Diff]: FOUND
  1516. < HTTP/1.0 200 OK
  1517. > HTTP/1.1 200 OK
  1518. > Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.3.28
  1519. > Last-Modified: Sun, 08 Jun 2014 11:38:44 GMT
  1520. > ETag: "ca0549-6f-4fb5189765900"
  1521. > Accept-Ranges: bytes
  1522. > Content-Length: 111
  1523. < X-Powered-By: PHP/5.2.16
  1524. < Content-type: text/html
  1525. < Date: Sat, 11 Feb 2017 10:29:54 GMT
  1526. < Server: lighttpd/1.4.20
  1527. <
  1528. < HTTP/1.0 200 OK
  1529. < Connection: close
  1530. < X-Powered-By: PHP/5.2.16
  1531. < Content-type: text/html
  1532. < Date: Sat, 11 Feb 2017 10:29:54 GMT
  1533. < Server: lighttpd/1.4.20
  1534. <
  1535. < HTTP/1.0 200 OK
  1536. < Connection: close
  1537. < X-Powered-By: PHP/5.2.16
  1538. < Content-type: text/html
  1539. < Date: Sat, 11 Feb 2017 10:29:55 GMT
  1540. < Server: lighttpd/1.4.20
  1541. <
  1542. < HTTP/1.0 200 OK
  1543. < Connection: close
  1544. < X-Powered-By: PHP/5.2.16
  1545. < Content-type: text/html
  1546. < Date: Sat, 11 Feb 2017 10:29:55 GMT
  1547. < Server: lighttpd/1.4.20
  1548. <
  1549. < HTTP/1.0 200 OK
  1550. < Connection: close
  1551. < X-Powered-By: PHP/5.2.16
  1552. < Content-type: text/html
  1553. < Date: Sat, 11 Feb 2017 10:29:55 GMT
  1554. < Server: lighttpd/1.4.20
  1555. <
  1556. < HTTP/1.0 200 OK
  1557. < Connection: close
  1558. < X-Powered-By: PHP/5.2.16
  1559. < Content-type: text/html
  1560. < Date: Sat, 11 Feb 2017 10:29:55 GMT
  1561. < Server: lighttpd/1.4.20
  1562. <
  1563. < HTTP/1.0 200 OK
  1564. < Connection: close
  1565. < X-Powered-By: PHP/5.2.16
  1566. < Content-type: text/html
  1567. < Date: Sat, 11 Feb 2017 10:29:56 GMT
  1568. < Server: lighttpd/1.4.20
  1569. <
  1570. < HTTP/1.0 200 OK
  1571. < Connection: close
  1572. < X-Powered-By: PHP/5.2.16
  1573. < Content-type: text/html
  1574. < Date: Sat, 11 Feb 2017 10:29:56 GMT
  1575. < Server: lighttpd/1.4.20
  1576. <
  1577. < HTTP/1.0 200 OK
  1578. < Connection: close
  1579. < X-Powered-By: PHP/5.2.16
  1580. < Content-type: text/html
  1581. < Date: Sat, 11 Feb 2017 10:29:56 GMT
  1582. < Server: lighttpd/1.4.20
  1583. <
  1584. < HTTP/1.0 200 OK
  1585. < Connection: close
  1586. < X-Powered-By: PHP/5.2.16
  1587. < Content-type: text/html
  1588. < Date: Sat, 11 Feb 2017 10:29:56 GMT
  1589. < Server: lighttpd/1.4.20
  1590. <
  1591. < HTTP/1.0 200 OK
  1592. < Connection: close
  1593. < X-Powered-By: PHP/5.2.16
  1594. < Content-type: text/html
  1595. < Date: Sat, 11 Feb 2017 10:29:57 GMT
  1596. < Server: lighttpd/1.4.20
  1597. <
  1598. < HTTP/1.0 200 OK
  1599. < Connection: close
  1600. < X-Powered-By: PHP/5.2.16
  1601. < Content-type: text/html
  1602. < Date: Sat, 11 Feb 2017 10:29:57 GMT
  1603. < Server: lighttpd/1.4.20
  1604. <
  1605. < HTTP/1.0 200 OK
  1606. < Connection: close
  1607. < X-Powered-By: PHP/5.2.16
  1608. < Content-type: text/html
  1609. < Date: Sat, 11 Feb 2017 10:29:57 GMT
  1610. < Server: lighttpd/1.4.20
  1611. <
  1612. < HTTP/1.0 200 OK
  1613. < Connection: close
  1614. < X-Powered-By: PHP/5.2.16
  1615. < Content-type: text/html
  1616. < Date: Sat, 11 Feb 2017 10:29:57 GMT
  1617. < Server: lighttpd/1.4.20
  1618. <
  1619. < HTTP/1.0 200 OK
  1620. < Connection: close
  1621. < X-Powered-By: PHP/5.2.16
  1622. < Content-type: text/html
  1623. < Date: Sat, 11 Feb 2017 10:29:58 GMT
  1624. < Server: lighttpd/1.4.20
  1625. <
  1626. < HTTP/1.0 200 OK
  1627. < Connection: close
  1628. < X-Powered-By: PHP/5.2.16
  1629. < Content-type: text/html
  1630. < Date: Sat, 11 Feb 2017 10:29:58 GMT
  1631. < Server: lighttpd/1.4.20
  1632. <
  1633. < HTTP/1.0 200 OK
  1634. < Connection: close
  1635. < X-Powered-By: PHP/5.2.16
  1636. < Content-type: text/html
  1637. < Date: Sat, 11 Feb 2017 10:29:58 GMT
  1638. < Server: lighttpd/1.4.20
  1639. <
  1640. < HTTP/1.0 200 OK
  1641. < Connection: close
  1642. < X-Powered-By: PHP/5.2.16
  1643. < Content-type: text/html
  1644. < Date: Sat, 11 Feb 2017 10:29:58 GMT
  1645. < Server: lighttpd/1.4.20
  1646. <
  1647. < HTTP/1.0 200 OK
  1648. < Connection: close
  1649. < X-Powered-By: PHP/5.2.16
  1650. < Content-type: text/html
  1651. < Date: Sat, 11 Feb 2017 10:29:59 GMT
  1652. < Server: lighttpd/1.4.20
  1653. <
  1654. < HTTP/1.0 200 OK
  1655. < Connection: close
  1656. < X-Powered-By: PHP/5.2.16
  1657. < Content-type: text/html
  1658. < Date: Sat, 11 Feb 2017 10:29:59 GMT
  1659. < Server: lighttpd/1.4.20
  1660. <
  1661. < HTTP/1.0 200 OK
  1662. < Connection: close
  1663. < X-Powered-By: PHP/5.2.16
  1664. < Content-type: text/html
  1665. < Date: Sat, 11 Feb 2017 10:29:59 GMT
  1666. < Server: lighttpd/1.4.20
  1667. <
  1668. < HTTP/1.0 200 OK
  1669. < Connection: close
  1670. < X-Powered-By: PHP/5.2.16
  1671. < Content-type: text/html
  1672. < Date: Sat, 11 Feb 2017 10:30:00 GMT
  1673. < Server: lighttpd/1.4.20
  1674. <
  1675. < HTTP/1.0 200 OK
  1676. < Connection: close
  1677. < X-Powered-By: PHP/5.2.16
  1678. < Content-type: text/html
  1679. < Date: Sat, 11 Feb 2017 10:30:00 GMT
  1680. < Server: lighttpd/1.4.20
  1681. <
  1682. < HTTP/1.0 200 OK
  1683. < Connection: close
  1684. < X-Powered-By: PHP/5.2.16
  1685. < Content-type: text/html
  1686. < Date: Sat, 11 Feb 2017 10:30:00 GMT
  1687. < Server: lighttpd/1.4.20
  1688. <
  1689. < HTTP/1.0 200 OK
  1690. < Connection: close
  1691. < X-Powered-By: PHP/5.2.16
  1692. < Content-type: text/html
  1693. < Date: Sat, 11 Feb 2017 10:30:00 GMT
  1694. < Server: lighttpd/1.4.20
  1695. > Content-Type: text/html
  1696.  
  1697. nudeteenlist.com does Load-balancing. Found via Methods: HTTP[Diff]
  1698.  
  1699. ###########################################################################################
  1700.  
  1701. cd /pentest/enumeration/list-urls
  1702. ./list-urls.py http://www.nudeteenlist.com
  1703. ./Recon.sh: ligne 71 : cd: /pentest/enumeration/list-urls: Aucun fichier ou dossier de ce type
  1704. ./Recon.sh: ligne 72: ./list-urls.py: Aucun fichier ou dossier de ce type
  1705.  
  1706. ###########################################################################################
  1707.  
  1708. nmap -PN -n -F -T4 -sV -A -oG temp.txt nudeteenlist.com
  1709.  
  1710. Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-11 08:08 EST
  1711. Nmap scan report for nudeteenlist.com (204.93.61.114)
  1712. Host is up (0.037s latency).
  1713. Not shown: 88 closed ports
  1714. PORT     STATE    SERVICE  VERSION
  1715. 21/tcp   open     ftp      Pure-FTPd
  1716. | ssl-cert: Subject: commonName=cdn204-93-61-114.gigecdn.com
  1717. | Subject Alternative Name: DNS:cdn204-93-61-114.gigecdn.com, DNS:www.cdn204-93-61-114.gigecdn.com
  1718. | Not valid before: 2016-04-27T00:00:00
  1719. |_Not valid after:  2017-04-27T23:59:59
  1720. |_ssl-date: 2017-02-11T13:08:57+00:00; +20s from scanner time.
  1721. 22/tcp   open     ssh      OpenSSH 5.3 (protocol 2.0)
  1722. | ssh-hostkey:
  1723. |   1024 81:3d:d4:65:22:28:86:ca:ea:09:94:d9:ee:51:44:38 (DSA)
  1724. |_  2048 6e:2d:9f:11:a8:1c:f3:0b:98:16:4a:4b:95:13:a3:24 (RSA)
  1725. 53/tcp   filtered domain
  1726. 80/tcp   open     http     Apache httpd 2.2.27 ((Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.3.28)
  1727. |_http-server-header: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.3.28
  1728. |_http-title: Nude Teen List
  1729. 110/tcp  open     pop3     Dovecot pop3d
  1730. |_pop3-capabilities: STLS CAPA PIPELINING SASL(PLAIN LOGIN) TOP RESP-CODES USER UIDL AUTH-RESP-CODE
  1731. | ssl-cert: Subject: commonName=cdn204-93-61-114.gigecdn.com
  1732. | Subject Alternative Name: DNS:cdn204-93-61-114.gigecdn.com, DNS:www.cdn204-93-61-114.gigecdn.com
  1733. | Not valid before: 2016-04-27T00:00:00
  1734. |_Not valid after:  2017-04-27T23:59:59
  1735. |_ssl-date: 2017-02-11T13:08:59+00:00; +21s from scanner time.
  1736. 143/tcp  open     imap     Dovecot imapd
  1737. |_imap-capabilities: more IMAP4rev1 ID LOGIN-REFERRALS LITERAL+ NAMESPACE OK SASL-IR ENABLE AUTH=LOGINA0001 AUTH=PLAIN have post-login STARTTLS listed IDLE capabilities Pre-login
  1738. | ssl-cert: Subject: commonName=cdn204-93-61-114.gigecdn.com
  1739. | Subject Alternative Name: DNS:cdn204-93-61-114.gigecdn.com, DNS:www.cdn204-93-61-114.gigecdn.com
  1740. | Not valid before: 2016-04-27T00:00:00
  1741. |_Not valid after:  2017-04-27T23:59:59
  1742. |_ssl-date: 2017-02-11T13:08:58+00:00; +20s from scanner time.
  1743. 443/tcp  open     ssl/ssl  Apache httpd (SSL-only mode)
  1744. | http-methods:
  1745. |_  Potentially risky methods: TRACE
  1746. |_http-server-header: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.3.28
  1747. |_http-title: Site doesn't have a title (text/html).
  1748. | ssl-cert: Subject: commonName=cdn204-93-61-114.gigecdn.com
  1749. | Subject Alternative Name: DNS:cdn204-93-61-114.gigecdn.com, DNS:www.cdn204-93-61-114.gigecdn.com
  1750. | Not valid before: 2016-04-27T00:00:00
  1751. |_Not valid after:  2017-04-27T23:59:59
  1752. |_ssl-date: 2017-02-11T13:08:57+00:00; +21s from scanner time.
  1753. 465/tcp  open     ssl/smtp Exim smtpd 4.88
  1754. | smtp-commands: cdn204-93-61-114.gigecdn.com Hello testbed-users.calyx.net [162.247.73.193], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, CHUNKING, HELP,
  1755. |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
  1756. | ssl-cert: Subject: commonName=cdn204-93-61-114.gigecdn.com
  1757. | Subject Alternative Name: DNS:cdn204-93-61-114.gigecdn.com, DNS:www.cdn204-93-61-114.gigecdn.com
  1758. | Not valid before: 2016-04-27T00:00:00
  1759. |_Not valid after:  2017-04-27T23:59:59
  1760. |_ssl-date: 2017-02-11T13:08:58+00:00; +20s from scanner time.
  1761. 587/tcp  open     smtp     Exim smtpd 4.88
  1762. | smtp-commands: cdn204-93-61-114.gigecdn.com Hello testbed-users.calyx.net [162.247.73.193], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, CHUNKING, STARTTLS, HELP,
  1763. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
  1764. | ssl-cert: Subject: commonName=cdn204-93-61-114.gigecdn.com
  1765. | Subject Alternative Name: DNS:cdn204-93-61-114.gigecdn.com, DNS:www.cdn204-93-61-114.gigecdn.com
  1766. | Not valid before: 2016-04-27T00:00:00
  1767. |_Not valid after:  2017-04-27T23:59:59
  1768. |_ssl-date: 2017-02-11T13:08:58+00:00; +21s from scanner time.
  1769. 993/tcp  open     ssl/imap Dovecot imapd
  1770. |_imap-capabilities: more IMAP4rev1 ID Pre-login LITERAL+ NAMESPACE OK SASL-IR ENABLE AUTH=LOGINA0001 AUTH=PLAIN have post-login listed IDLE capabilities LOGIN-REFERRALS
  1771. | ssl-cert: Subject: commonName=cdn204-93-61-114.gigecdn.com
  1772. | Subject Alternative Name: DNS:cdn204-93-61-114.gigecdn.com, DNS:www.cdn204-93-61-114.gigecdn.com
  1773. | Not valid before: 2016-04-27T00:00:00
  1774. |_Not valid after:  2017-04-27T23:59:59
  1775. |_ssl-date: 2017-02-11T13:08:57+00:00; +20s from scanner time.
  1776. 995/tcp  open     ssl/pop3 Dovecot pop3d
  1777. |_pop3-capabilities: SASL(PLAIN LOGIN) CAPA TOP UIDL USER PIPELINING RESP-CODES AUTH-RESP-CODE
  1778. | ssl-cert: Subject: commonName=cdn204-93-61-114.gigecdn.com
  1779. | Subject Alternative Name: DNS:cdn204-93-61-114.gigecdn.com, DNS:www.cdn204-93-61-114.gigecdn.com
  1780. | Not valid before: 2016-04-27T00:00:00
  1781. |_Not valid after:  2017-04-27T23:59:59
  1782. |_ssl-date: 2017-02-11T13:08:58+00:00; +21s from scanner time.
  1783. 3306/tcp open     mysql    MySQL (unauthorized)
  1784. Device type: general purpose|storage-misc|broadband router|router|media device|WAP
  1785. Running (JUST GUESSING): Linux 2.6.X|3.X (95%), HP embedded (93%), MikroTik RouterOS 6.X (92%), Infomir embedded (92%), Ubiquiti embedded (92%), Ubiquiti AirOS 5.X (92%)
  1786. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.32.1 cpe:/h:infomir:mag-250 cpe:/o:linux:linux_kernel:2.6.32 cpe:/h:ubnt:airmax_nanostation cpe:/o:ubnt:airos:5.5.9
  1787. Aggressive OS guesses: Linux 2.6.32 - 3.13 (95%), Linux 2.6.32 (94%), Linux 2.6.32 - 3.1 (94%), Linux 2.6.32 - 2.6.39 (94%), Linux 2.6.39 (94%), Linux 3.2 (94%), HP P2000 G3 NAS device (93%), Linux 3.10 (93%), Linux 3.8 (93%), Linux 2.6.32 - 3.10 (92%)
  1788. No exact OS matches for host (test conditions non-ideal).
  1789. Network Distance: 2 hops
  1790. Service Info: Host: cdn204-93-61-114.gigecdn.com
  1791.  
  1792. Host script results:
  1793. |_clock-skew: mean: 20s, deviation: 0s, median: 19s
  1794.  
  1795. TRACEROUTE (using port 445/tcp)
  1796. HOP RTT      ADDRESS
  1797. 1   30.53 ms 10.42.0.1
  1798. 2   31.28 ms 204.93.61.114
  1799.  
  1800. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1801. Nmap done: 1 IP address (1 host up) scanned in 27.39 seconds
  1802.  
  1803. ###########################################################################################
  1804.  
  1805. amap -i temp.txt
  1806. amap v5.4 (www.thc.org/thc-amap) started at 2017-02-11 08:08:45 - APPLICATION MAPPING mode
  1807.  
  1808. Protocol on 204.93.61.114:110/tcp matches pop3
  1809. Protocol on 204.93.61.114:21/tcp matches ftp
  1810. Protocol on 204.93.61.114:3306/tcp matches mysql
  1811. Protocol on 204.93.61.114:3306/tcp matches mysql-secured
  1812. Protocol on 204.93.61.114:443/tcp matches http
  1813. Protocol on 204.93.61.114:443/tcp matches http-apache-2
  1814. Protocol on 204.93.61.114:80/tcp matches http
  1815. Protocol on 204.93.61.114:80/tcp matches http-apache-2
  1816. Protocol on 204.93.61.114:143/tcp matches imap
  1817. Protocol on 204.93.61.114:22/tcp matches ssh
  1818. Protocol on 204.93.61.114:22/tcp matches ssh-openssh
  1819. Protocol on 204.93.61.114:993/tcp matches ssl
  1820. Protocol on 204.93.61.114:443/tcp matches ssl
  1821. Protocol on 204.93.61.114:995/tcp matches ssl
  1822. Protocol on 204.93.61.114:587/tcp matches smtp
  1823. Protocol on 204.93.61.114:465/tcp matches ssl
  1824.  
  1825. Unidentified ports: none.
  1826.  
  1827. amap v5.4 finished at 2017-02-11 08:09:09
  1828.  
  1829. ###########################################################################################
  1830.  
  1831. cd /pentest/enumeration/www/httprint/linux
  1832. ./httprint -h www.nudeteenlist.com -s signatures.txt -P0
  1833.  
  1834. ./Recon.sh: ligne 90 : cd: /pentest/enumeration/www/httprint/linux: Aucun fichier ou dossier de ce type
  1835. ./Recon.sh: ligne 91: ./httprint: Aucun fichier ou dossier de ce type
  1836.  
  1837. ###########################################################################################
  1838. [+] using maximum random delay of 10 millisecond(s) between requests
  1839.  
  1840. cpanel.nudeteenlist.com
  1841. IP address #1: 204.93.61.114
  1842.  
  1843. ftp.nudeteenlist.com
  1844. IP address #1: 204.93.61.114
  1845.  
  1846. localhost.nudeteenlist.com
  1847. IP address #1: 127.0.0.1
  1848. [+] warning: domain might be vulnerable to "same site" scripting (http://snipurl.com/etbcv)
  1849.  
  1850. mail.nudeteenlist.com
  1851. IP address #1: 204.93.61.114
  1852.  
  1853. webmail.nudeteenlist.com
  1854. IP address #1: 204.93.61.114
  1855.  
  1856. www.nudeteenlist.com
  1857. IP address #1: 204.93.61.114
  1858.  
  1859. [+] 6 (sub)domains and 6 IP address(es) found
  1860. [+] Hosts found in search engines:
  1861. ------------------------------------
  1862. [-] Resolving hostnames IPs...
  1863. 204.93.61.114:Www.nudeteenlist.com
  1864. 204.93.61.114:www.nudeteenlist.com
  1865. [+] Virtual hosts:
  1866. ---------------------------------------------------------------------------
  1867. + Target IP:          204.93.61.114
  1868. + Target Hostname:    nudeteenlist.com
  1869. + Target Port:        80
  1870. + Start Time:         2017-02-11 08:07:14 (GMT-5)
  1871. ---------------------------------------------------------------------------
  1872. + Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.3.28
  1873. + Retrieved x-powered-by header: PHP/5.3.28
  1874. + The anti-clickjacking X-Frame-Options header is not present.
  1875. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1876. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1877. + Cookie PHPSESSID created without the httponly flag
  1878. + Cookie phrt created without the httponly flag
  1879. + Cookie draupnir_src created without the httponly flag
  1880. + Cookie draupnir_clickcount created without the httponly flag
  1881. + Server leaks inodes via ETags, header found with file /, inode: 13239625, size: 111, mtime: Sun Jun  8 07:38:44 2014
  1882. + PHP/5.3.28 appears to be outdated (current is at least 5.6.9). PHP 5.5.25 and 5.4.41 are also current.
  1883. + OpenSSL/1.0.1e-fips appears to be outdated (current is at least 1.0.1j). OpenSSL 1.0.0o and 0.9.8zc are also current.
  1884. + Apache/2.2.27 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
  1885. + mod_ssl/2.2.27 appears to be outdated (current is at least 2.8.31) (may depend on server version)
  1886. + mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 PHP/5.3.28 - mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0082, OSVDB-756.
  1887. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  1888. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
  1889. + /cgi-sys/guestbook.cgi: May allow attackers to execute commands as the web daemon.
  1890. + /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
  1891. + /securecontrolpanel/: Web Server Control Panel
  1892. + /webmail/: Web based mail package installed.
  1893. + /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
  1894. + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
  1895. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1896. + OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1897. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1898. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  1899. + OSVDB-2117: /cpanel/: Web-based control panel
  1900. + OSVDB-3092: /cgi-sys/entropysearch.cgi?query=asdfasdf&user=root&basehref=%2F%2Fwww.yourdomain.com/: CPanel's Entropy Search allows username enumeration via the user parameter.
  1901. + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
  1902. + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.
  1903. + OSVDB-3093: /webmail/lib/emailreader_execute_on_each_page.inc.php: This might be interesting... has been seen in web logs from an unknown scanner.
  1904. + OSVDB-3268: /_vti_bin/: Directory indexing found.
  1905. + OSVDB-3233: /_vti_bin/: FrontPage directory found.
  1906. + OSVDB-3268: /images/: Directory indexing found.
  1907. + OSVDB-3268: /images/?pattern=/etc/*&sort=name: Directory indexing found.
  1908. + /controlpanel/: Admin login page/section found.
  1909. + 9217 requests: 0 error(s) and 36 item(s) reported on remote host
  1910. + End Time:           2017-02-11 08:28:44 (GMT-5) (1290 seconds)
  1911. ---------------------------------------------------------------------------
  1912. dadsandgirls.org
  1913.  
  1914. ###########################################################################################
  1915.  
  1916. whois dadsandgirls.org
  1917. Domain Name: DADSANDGIRLS.ORG
  1918. Domain ID: D135316123-LROR
  1919. WHOIS Server:
  1920. Referral URL:
  1921. Updated Date: 2017-01-30T02:54:13Z
  1922. Creation Date: 2006-12-18T16:10:33Z
  1923. Registry Expiry Date: 2017-12-18T16:10:33Z
  1924. Sponsoring Registrar: Danesco Trading Ltd.
  1925. Sponsoring Registrar IANA ID: 1418
  1926. Domain Status: ok https://icann.org/epp#ok
  1927. Registrant ID: MR_6352956WP
  1928. Registrant Name: WhoisProtectService.net
  1929. Registrant Organization: PROTECTSERVICE, LTD.
  1930. Registrant Street: 27 Old Gloucester Street
  1931. Registrant City: London
  1932. Registrant State/Province:
  1933. Registrant Postal Code: WC1N 3AX
  1934. Registrant Country: GB
  1935. Registrant Phone: +44.02074195061
  1936. Registrant Phone Ext:
  1937. Registrant Fax:
  1938. Registrant Fax Ext:
  1939. Registrant Email: dadsandgirls.org@whoisprotectservice.net
  1940. Admin ID: MR_6352956WP
  1941. Admin Name: WhoisProtectService.net
  1942. Admin Organization: PROTECTSERVICE, LTD.
  1943. Admin Street: 27 Old Gloucester Street
  1944. Admin City: London
  1945. Admin State/Province:
  1946. Admin Postal Code: WC1N 3AX
  1947. Admin Country: GB
  1948. Admin Phone: +44.02074195061
  1949. Admin Phone Ext:
  1950. Admin Fax:
  1951. Admin Fax Ext:
  1952. Admin Email: dadsandgirls.org@whoisprotectservice.net
  1953. Tech ID: MR_6352956WP
  1954. Tech Name: WhoisProtectService.net
  1955. Tech Organization: PROTECTSERVICE, LTD.
  1956. Tech Street: 27 Old Gloucester Street
  1957. Tech City: London
  1958. Tech State/Province:
  1959. Tech Postal Code: WC1N 3AX
  1960. Tech Country: GB
  1961. Tech Phone: +44.02074195061
  1962. Tech Phone Ext:
  1963. Tech Fax:
  1964. Tech Fax Ext:
  1965. Tech Email: dadsandgirls.org@whoisprotectservice.net
  1966. Name Server: NS1.HOSTISERVICES.COM
  1967. Name Server: NS2.HOSTISERVICES.COM
  1968.  
  1969. ###########################################################################################
  1970.  
  1971. IN  ANY
  1972.  
  1973. ;; ANSWER SECTION:
  1974. dadsandgirls.org.   1200    IN  SOA ns1.hostiservices.com. hostmaster.dadsandgirls.org. 1235045596 21600 3600 691200 38400
  1975. dadsandgirls.org.   1200    IN  NS  ns1.hostiservices.com.
  1976. dadsandgirls.org.   1200    IN  NS  ns2.hostiservices.com.
  1977. dadsandgirls.org.   926 IN  A   162.254.188.4
  1978.  
  1979. ;; Query time: 111 msec
  1980. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  1981. ;; WHEN: Sat Feb 11 09:02:04 EST 2017
  1982. ;; MSG SIZE  rcvd: 161
  1983.  
  1984. ###########################################################################################
  1985.  
  1986. host -l dadsandgirls.org
  1987.  
  1988. Host dadsandgirls.org not found: 5(REFUSED)
  1989. ; Transfer failed.
  1990.  
  1991. ###########################################################################################
  1992.  
  1993. tcptraceroute -i eth0 dadsandgirls.org
  1994.  
  1995. Running:
  1996.     traceroute -T -O info -i eth0 dadsandgirls.org
  1997. traceroute to dadsandgirls.org (162.254.188.4), 30 hops max, 60 byte packets
  1998. send: Opération non permise
  1999.  
  2000. ###########################################################################################
  2001.  
  2002.  
  2003. Checking for HTTP-Loadbalancing [Date]: 14:03:28, 14:03:28, 14:03:28, 14:03:29, 14:03:29, 14:03:29, 14:03:29, 14:03:30, 14:03:30, 14:03:30, 14:03:30, 14:03:31, 14:03:31, 14:03:31, 14:03:31, 14:03:32, 14:03:32, 14:03:32, 14:03:32, 14:03:33, 14:03:33, 14:03:33, 14:03:33, 14:03:34, 14:03:34, 14:03:34, 14:03:35, 14:03:35, 14:03:35, 14:03:35, 14:03:36, 14:03:36, 14:03:36, 14:03:36, 14:03:37, 14:03:37, 14:03:37, 14:03:38, 14:03:39, 14:03:39, 14:03:39, 14:03:39, 14:03:40, 14:03:40, 14:03:40, 14:03:40, 14:03:41, 14:03:41, 14:03:41, 14:03:41, NOT FOUND
  2004.  
  2005. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  2006.  
  2007. dadsandgirls.org does NOT use Load-balancing.
  2008.  
  2009. ###########################################################################################
  2010.  
  2011. cd /pentest/enumeration/list-urls
  2012. ./list-urls.py http://www.dadsandgirls.org
  2013. ./Recon.sh: ligne 71 : cd: /pentest/enumeration/list-urls: Aucun fichier ou dossier de ce type
  2014. ./Recon.sh: ligne 72: ./list-urls.py: Aucun fichier ou dossier de ce type
  2015.  
  2016. ###########################################################################################
  2017.  
  2018. nmap -PN -n -F -T4 -sV -A -oG temp.txt dadsandgirls.org
  2019.  
  2020. Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-11 09:03 EST
  2021. Nmap scan report for dadsandgirls.org (162.254.188.4)
  2022. Host is up (0.058s latency).
  2023. Not shown: 95 closed ports
  2024. PORT   STATE    SERVICE VERSION
  2025. 21/tcp filtered ftp
  2026. 22/tcp filtered ssh
  2027. 53/tcp filtered domain
  2028. 80/tcp open     http    nginx 1.6.2
  2029. |_http-server-header: nginx/1.6.2
  2030. |_http-title: Dads and Girls. Family old young sex streaming porn movies. Ol...
  2031. 81/tcp open     http    nginx 1.6.2
  2032. |_http-server-header: nginx/1.6.2
  2033. |_http-title: Dads and Girls. Family old young sex streaming porn movies. Ol...
  2034. Aggressive OS guesses: Linux 3.10 - 4.2 (95%), Linux 3.2 - 4.6 (93%), Linux 3.13 (92%), Linux 3.13 or 4.2 (92%), Linux 4.1 (92%), Linux 4.4 (92%), Asus RT-AC66U WAP (92%), Linux 3.10 (92%), Linux 3.11 - 3.12 (92%), Linux 3.18 (92%)
  2035. No exact OS matches for host (test conditions non-ideal).
  2036. Network Distance: 2 hops
  2037.  
  2038. TRACEROUTE (using port 25/tcp)
  2039. HOP RTT      ADDRESS
  2040. 1   31.25 ms 10.42.0.1
  2041. 2   31.00 ms 162.254.188.4
  2042.  
  2043. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2044. Nmap done: 1 IP address (1 host up) scanned in 19.59 seconds
  2045.  
  2046. ###########################################################################################
  2047.  
  2048. amap -i temp.txt
  2049. amap v5.4 (www.thc.org/thc-amap) started at 2017-02-11 09:03:47 - APPLICATION MAPPING mode
  2050.  
  2051. Protocol on 162.254.188.4:81/tcp matches http
  2052. Protocol on 162.254.188.4:80/tcp matches http
  2053. Protocol on 162.254.188.4:80/tcp matches http-apache-2
  2054. Protocol on 162.254.188.4:81/tcp matches http-apache-2
  2055.  
  2056. Unidentified ports: none.
  2057.  
  2058. amap v5.4 finished at 2017-02-11 09:03:48
  2059.  
  2060. ###########################################################################################
  2061.  
  2062. cd /pentest/enumeration/www/httprint/linux
  2063. ./httprint -h www.dadsandgirls.org -s signatures.txt -P0
  2064.  
  2065. ./Recon.sh: ligne 90 : cd: /pentest/enumeration/www/httprint/linux: Aucun fichier ou dossier de ce type
  2066. ./Recon.sh: ligne 91: ./httprint: Aucun fichier ou dossier de ce type
  2067.  
  2068. ###########################################################################################
  2069. +] using maximum random delay of 10 millisecond(s) between requests
  2070.  
  2071. www.dadsandgirls.org
  2072. IP address #1: 162.254.188.4
  2073.  
  2074. [+] 1 (sub)domains and 1 IP address(es) found
  2075. [+] Hosts found in search engines:
  2076. ------------------------------------
  2077. [-] Resolving hostnames IPs...
  2078. 162.254.188.4:Www.dadsandgirls.org
  2079. 162.254.188.4:www.dadsandgirls.org
  2080. [+] Virtual hosts:
  2081. ==================
  2082. 162.254.188.4   3dfuckgalleries.com
  2083. 162.254.188.4   momandson.tv
  2084. 162.254.188.4   bizarregalleries.net
  2085. 162.254.188.4   www.swingergf.com
  2086. 162.254.188.4   gfsmature.com
  2087. 162.254.188.4   www.maturefuckyoung.net
  2088. 162.254.188.4   vintagegalleries.net
  2089. 162.254.188.4   masohism-thumbs
  2090. 162.254.188.4   bizarregalleries
  2091. 162.254.188.4   swingingwives
  2092. 162.254.188.4   roughporn
  2093. 162.254.188.4   brutalsex
  2094. 162.254.188.4   momsfucksons.net
  2095. 162.254.188.4   maturefuckyoung.net
  2096. 162.254.188.4   vintagegalleries
  2097. 162.254.188.4   tabooretrotube
  2098. 162.254.188.4   taboofucktube.com
  2099. 162.254.188.4   smut-tube
  2100. 162.254.188.4   bondagefetishfilms
  2101. 162.254.188.4   momsfuckporn.com
  2102. 162.254.188.4   orgygaytube
  2103. 162.254.188.4   www.gdtube
  2104. 162.254.188.4   tubezip
  2105. 162.254.188.4   asianpornmoviez
  2106. 162.254.188.4   www.orientalfuckmovies
  2107. 162.254.188.4   www.bondagefetishfilms.com
  2108. 162.254.188.4   orientalfuckmovies.com
  2109. 162.254.188.4   tabooretrotube.com
  2110. 162.254.188.4   retrofuckclips
  2111. 162.254.188.4   porn-tube-online
  2112. 162.254.188.4   brutalsex.in
  2113. 162.254.188.4   asianpornmoviez.com
  2114. ---------------------------------------------------------------------------
  2115. + Target IP:          162.254.188.4
  2116. + Target Hostname:    dadsandgirls.org
  2117. + Target Port:        80
  2118. + Start Time:         2017-02-11 09:02:00 (GMT-5)
  2119. ---------------------------------------------------------------------------
  2120. + Server: nginx/1.6.2
  2121. + Retrieved x-powered-by header: PHP/5.3.28
  2122. + The anti-clickjacking X-Frame-Options header is not present.
  2123. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  2124. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  2125. + No CGI Directories found (use '-C all' to force check all possible dirs)
  2126. + Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x586e5108 0x98
  2127. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  2128. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  2129. + Cookie PHPSESSID created without the httponly flag
  2130. + OSVDB-29786: /admin.php?en_log_id=0&action=config: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
  2131. + OSVDB-29786: /admin.php?en_log_id=0&action=users: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
  2132. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  2133. + OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  2134. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  2135. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  2136. + OSVDB-3092: /admin.php: This might be interesting...
  2137. + 7446 requests: 0 error(s) and 15 item(s) reported on remote host
  2138. + End Time:           2017-02-11 09:19:13 (GMT-5) (1033 seconds)
  2139. ---------------------------------------------------------------------------
  2140. + 1 host(s) tested
  2141. fatherfuckdaughter.site
  2142.  
  2143. ###########################################################################################
  2144.  
  2145. whois fatherfuckdaughter.site
  2146. Temps limite dépassé.
  2147. ###########################################################################################
  2148.  
  2149. dig fatherfuckdaughter.site any
  2150. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  2151.  
  2152. ; <<>> DiG 9.10.3-P4-Debian <<>> fatherfuckdaughter.site any
  2153. ;; global options: +cmd
  2154. ;; Got answer:
  2155. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43471
  2156. ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
  2157.  
  2158. ;; OPT PSEUDOSECTION:
  2159. ; EDNS: version: 0, flags:; udp: 4096
  2160. ;; QUESTION SECTION:
  2161. ;fatherfuckdaughter.site.   IN  ANY
  2162.  
  2163. ;; ANSWER SECTION:
  2164. fatherfuckdaughter.site. 1200   IN  SOA ns1.hostiservices.com. hostmaster.fatherfuckdaughter.site. 1235045596 21600 3600 691200 38400
  2165. fatherfuckdaughter.site. 1200   IN  NS  ns1.hostiservices.com.
  2166. fatherfuckdaughter.site. 1200   IN  NS  ns2.hostiservices.com.
  2167. fatherfuckdaughter.site. 1028   IN  A   162.254.191.8
  2168.  
  2169. ;; Query time: 109 msec
  2170. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  2171. ;; WHEN: Sat Feb 11 09:02:51 EST 2017
  2172. ;; MSG SIZE  rcvd: 168
  2173.  
  2174. ###########################################################################################
  2175.  
  2176.  
  2177.  
  2178. Checking for HTTP-Loadbalancing [Date]: 14:04:17, 14:04:17, 14:04:17, 14:04:18, 14:04:18, 14:04:18, 14:04:19, 14:04:19, 14:04:19, 14:04:20, 14:04:20, 14:04:20, 14:04:20, 14:04:21, 14:04:21, 14:04:21, 14:04:22, 14:04:22, 14:04:22, 14:04:22, 14:04:23, 14:04:23, 14:04:23, 14:04:24, 14:04:24, 14:04:24, 14:04:24, 14:04:25, 14:04:25, 14:04:25, 14:04:26, 14:04:26, 14:04:26, 14:04:26, 14:04:27, 14:04:27, 14:04:27, 14:04:28, 14:04:28, 14:04:28, 14:04:28, 14:04:29, 14:04:29, 14:04:29, 14:04:30, 14:04:30, 14:04:30, 14:04:31, 14:04:31, 14:04:31, NOT FOUND
  2179.  
  2180. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  2181.  
  2182. fatherfuckdaughter.site does NOT use Load-balancing.
  2183.  
  2184. ###########################################################################################
  2185.  
  2186. cd /pentest/enumeration/list-urls
  2187. ./list-urls.py http://www.fatherfuckdaughter.site
  2188. ./Recon.sh: ligne 71 : cd: /pentest/enumeration/list-urls: Aucun fichier ou dossier de ce type
  2189. ./Recon.sh: ligne 72: ./list-urls.py: Aucun fichier ou dossier de ce type
  2190.  
  2191. ###########################################################################################
  2192.  
  2193. nmap -PN -n -F -T4 -sV -A -oG temp.txt fatherfuckdaughter.site
  2194.  
  2195. Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-11 09:04 EST
  2196. Nmap scan report for fatherfuckdaughter.site (162.254.191.8)
  2197. Host is up (0.058s latency).
  2198. Not shown: 95 closed ports
  2199. PORT   STATE    SERVICE VERSION
  2200. 21/tcp filtered ftp
  2201. 22/tcp filtered ssh
  2202. 53/tcp filtered domain
  2203. 80/tcp open     http    nginx 1.6.2
  2204. |_http-server-header: nginx/1.6.2
  2205. |_http-title: Father Fuck Daughter Site. Free porn movies site. Old young po...
  2206. 81/tcp open     http    nginx 1.6.2
  2207. |_http-server-header: nginx/1.6.2
  2208. |_http-title: Father Fuck Daughter Site. Free porn movies site. Old young po...
  2209. Aggressive OS guesses: HP P2000 G3 NAS device (93%), Linux 3.10 - 4.2 (92%), Linux 2.6.32 (92%), Linux 2.6.32 - 3.1 (92%), Infomir MAG-250 set-top box (92%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (92%), Linux 3.10 (92%), Linux 3.11 - 3.12 (92%), Linux 3.2 (92%), Linux 3.7 (92%)
  2210. No exact OS matches for host (test conditions non-ideal).
  2211. Network Distance: 2 hops
  2212.  
  2213. TRACEROUTE (using port 139/tcp)
  2214. HOP RTT      ADDRESS
  2215. 1   31.16 ms 10.42.0.1
  2216. 2   31.16 ms 162.254.191.8
  2217.  
  2218. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2219. Nmap done: 1 IP address (1 host up) scanned in 19.07 seconds
  2220.  
  2221. ###########################################################################################
  2222.  
  2223. amap -i temp.txt
  2224. amap v5.4 (www.thc.org/thc-amap) started at 2017-02-11 09:04:39 - APPLICATION MAPPING mode
  2225.  
  2226. Protocol on 162.254.191.8:81/tcp matches http
  2227. Protocol on 162.254.191.8:81/tcp matches http-apache-2
  2228. Protocol on 162.254.191.8:80/tcp matches http
  2229.  
  2230. Unidentified ports: none.
  2231.  
  2232. amap v5.4 finished at 2017-02-11 09:04:40
  2233.  
  2234. ###########################################################################################
  2235.  
  2236. cd /pentest/enumeration/www/httprint/linux
  2237. ./httprint -h www.fatherfuckdaughter.site -s signatures.txt -P0
  2238.  
  2239. ./Recon.sh: ligne 90 : cd: /pentest/enumeration/www/httprint/linux: Aucun fichier ou dossier de ce type
  2240. ./Recon.sh: ligne 91: ./httprint: Aucun fichier ou dossier de ce type
  2241.  
  2242. ###########################################################################################
  2243. [+] using maximum random delay of 10 millisecond(s) between requests
  2244.  
  2245. www.fatherfuckdaughter.site
  2246. IP address #1: 162.254.191.8
  2247.  
  2248. [+] 1 (sub)domains and 1 IP address(es) found
  2249. [+] Hosts found in search engines:
  2250. ------------------------------------
  2251. [-] Resolving hostnames IPs...
  2252. 162.254.191.8:www.fatherfuckdaughter.site
  2253. [+] Virtual hosts:
  2254. ==================
  2255. 162.254.191.8   rxhome
  2256. 162.254.191.8   chibakogyo-bank.com
  2257. 162.254.191.8   rxhomedesign.com
  2258. ---------------------------------------------------------------------------
  2259. + Target IP:          162.254.191.8
  2260. + Target Hostname:    fatherfuckdaughter.site
  2261. + Target Port:        80
  2262. + Start Time:         2017-02-11 09:01:52 (GMT-5)
  2263. ---------------------------------------------------------------------------
  2264. + Server: nginx/1.6.2
  2265. + Retrieved x-powered-by header: PHP/5.4.37
  2266. + The anti-clickjacking X-Frame-Options header is not present.
  2267. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  2268. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  2269. + No CGI Directories found (use '-C all' to force check all possible dirs)
  2270. + Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x587fa4ee 0x6c
  2271. + Uncommon header 'link' found, with contents: <http://wp.me/1iyKl>; rel=shortlink
  2272. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  2273. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  2274. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
  2275. + Scan terminated:  20 error(s) and 8 item(s) reported on remote host
  2276. + End Time:           2017-02-11 09:04:30 (GMT-5) (158 seconds)
  2277. ---------------------------------------------------------------------------
  2278. soyoungteens.com
  2279.  
  2280. ###########################################################################################
  2281.  
  2282. whois soyoungteens.com
  2283.  
  2284. Whois Server Version 2.0
  2285.  
  2286. Domain names in the .com and .net domains can now be registered
  2287. with many different competing registrars. Go to http://www.internic.net
  2288. for detailed information.
  2289.  
  2290.    Domain Name: SOYOUNGTEENS.COM
  2291.    Registrar: ENOM, INC.
  2292.    Sponsoring Registrar IANA ID: 48
  2293.    Whois Server: whois.enom.com
  2294.    Referral URL: http://www.enom.com
  2295.    Name Server: NS5.PUBLIC-NS.COM
  2296.    Name Server: NS6.PUBLIC-NS.COM
  2297.    Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  2298.    Updated Date: 24-jul-2016
  2299.    Creation Date: 24-jul-2010
  2300.    Expiration Date: 24-jul-2017
  2301.  
  2302.  
  2303. Domain Name: SOYOUNGTEENS.COM
  2304. Registry Domain ID: 1608071144_DOMAIN_COM-VRSN
  2305. Registrar WHOIS Server: whois.enom.com
  2306. Registrar URL: www.enom.com
  2307. Updated Date:
  2308. Creation Date: 2010-07-24T20:59:00.00Z
  2309. Registrar Registration Expiration Date: 2017-07-24T19:59:02.00Z
  2310. Registrar: ENOM, INC.
  2311. Registrar IANA ID: 48
  2312. Reseller: NAMECHEAP.COM
  2313. Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
  2314. Registry Registrant ID:
  2315. Registrant Name: RALPH PETERSON
  2316. Registrant Organization: N/A
  2317. Registrant Street: 126 MASSACHUSETTS AVENUE
  2318. Registrant City: BOSTON
  2319. Registrant State/Province: STATE
  2320. Registrant Postal Code: 02115
  2321. Registrant Country: US
  2322. Registrant Phone: +1.7412263
  2323. Registrant Phone Ext:
  2324. Registrant Fax:
  2325. Registrant Fax Ext:
  2326. Registrant Email: RALPHPETERSN@GMAIL.COM
  2327. Registry Admin ID:
  2328. Admin Name:  PETERSON
  2329. Admin Organization: N/A
  2330. Admin Street: 126 MASSACHUSETTS AVENUE
  2331. Admin City: BOSTON
  2332. Admin State/Province: STATE
  2333. Admin Postal Code: 02115
  2334. Admin Country: US
  2335. Admin Phone: +1.7412263
  2336. Admin Phone Ext:
  2337. Admin Fax:
  2338. Admin Fax Ext:
  2339. Admin Email: RALPHPETERSN@GMAIL.COM
  2340. Registry Tech ID:
  2341. Tech Name: RALPH PETERSON
  2342. Tech Organization: N/A
  2343. Tech Street: 126 MASSACHUSETTS AVENUE
  2344. Tech City: BOSTON
  2345. Tech State/Province: STATE
  2346. Tech Postal Code: 02115
  2347. Tech Country: US
  2348. Tech Phone: +1.7412263
  2349. Tech Phone Ext:
  2350. Tech Fax:
  2351. Tech Fax Ext:
  2352. Tech Email: RALPHPETERSN@GMAIL.COM
  2353. Name Server: NS5.PUBLIC-NS.COM
  2354. Name Server: NS6.PUBLIC-NS.COM
  2355. DNSSEC: unSigned
  2356. Registrar Abuse Contact Email: abuse@enom.com
  2357. Registrar Abuse Contact Phone: +1.4252982646
  2358. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
  2359.  
  2360. ###########################################################################################
  2361.  
  2362. d   ANY
  2363.  
  2364. ;; ANSWER SECTION:
  2365. soyoungteens.com.   1200    IN  SOA ns6.public-ns.com. admin.soyoungteens.com. 1470311110 21600 3600 691200 38400
  2366. soyoungteens.com.   1200    IN  NS  ns6.public-ns.com.
  2367. soyoungteens.com.   1200    IN  NS  ns5.public-ns.com.
  2368. soyoungteens.com.   1200    IN  MX  10 mail.soyoungteens.com.
  2369. soyoungteens.com.   1200    IN  MX  20 mail2.soyoungteens.com.
  2370. soyoungteens.com.   981 IN  A   213.174.132.87
  2371.  
  2372. ;; ADDITIONAL SECTION:
  2373. mail.soyoungteens.com.  1200    IN  A   213.174.151.151
  2374. mail2.soyoungteens.com. 1200    IN  A   88.208.36.36
  2375.  
  2376. ;; Query time: 116 msec
  2377. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  2378. ;; WHEN: Sat Feb 11 09:44:55 EST 2017
  2379. ;; MSG SIZE  rcvd: 224
  2380.  
  2381. ###########################################################################################
  2382.  
  2383.  
  2384.  
  2385. Checking for HTTP-Loadbalancing [Date]: 14:46:12, 14:46:12, 14:46:12, 14:46:12, 14:46:12, 14:46:13, 14:46:13, 14:46:13, 14:46:13, 14:46:13, 14:46:13, 14:46:13, 14:46:13, 14:46:13, 14:46:14, 14:46:14, 14:46:14, 14:46:14, 14:46:14, 14:46:14, 14:46:14, 14:46:14, 14:46:14, 14:46:15, 14:46:15, 14:46:15, 14:46:15, 14:46:15, 14:46:15, 14:46:15, 14:46:15, 14:46:16, 14:46:16, 14:46:16, 14:46:16, 14:46:16, 14:46:16, 14:46:16, 14:46:16, 14:46:16, 14:46:17, 14:46:17, 14:46:17, 14:46:17, 14:46:17, 14:46:17, 14:46:17, 14:46:17, 14:46:18, 14:46:18, NOT FOUND
  2386.  
  2387. Checking for HTTP-Loadbalancing [Diff]: FOUND
  2388. < Server: nginx/1.6.2
  2389. < Date: Sat, 11 Feb 2017 14:46:12 GMT
  2390. < Content-Type: text/html
  2391. < Connection: close
  2392. < Vary: Accept-Encoding
  2393. < X-Powered-By: PHP/5.3.28
  2394. <
  2395. < HTTP/1.1 200 OK
  2396. < Server: nginx/1.6.2
  2397. < Date: Sat, 11 Feb 2017 14:46:12 GMT
  2398. < Content-Type: text/html
  2399. < Connection: close
  2400. < Vary: Accept-Encoding
  2401. < X-Powered-By: PHP/5.3.28
  2402. <
  2403. < HTTP/1.1 200 OK
  2404. < Server: nginx/1.6.2
  2405. < Date: Sat, 11 Feb 2017 14:46:13 GMT
  2406. < Content-Type: text/html
  2407. < Connection: close
  2408. < Vary: Accept-Encoding
  2409. < X-Powered-By: PHP/5.3.28
  2410. <
  2411. < HTTP/1.1 200 OK
  2412. < Server: nginx/1.6.2
  2413. < Date: Sat, 11 Feb 2017 14:46:13 GMT
  2414. < Content-Type: text/html
  2415. < Connection: close
  2416. < Vary: Accept-Encoding
  2417. < X-Powered-By: PHP/5.3.28
  2418. <
  2419. < HTTP/1.1 200 OK
  2420. < Server: nginx/1.6.2
  2421. < Date: Sat, 11 Feb 2017 14:46:13 GMT
  2422. < Content-Type: text/html
  2423. < Connection: close
  2424. < Vary: Accept-Encoding
  2425. < X-Powered-By: PHP/5.3.28
  2426. <
  2427. < HTTP/1.1 200 OK
  2428. < Server: nginx/1.6.2
  2429. < Date: Sat, 11 Feb 2017 14:46:13 GMT
  2430. < Content-Type: text/html
  2431. < Connection: close
  2432. < Vary: Accept-Encoding
  2433. < X-Powered-By: PHP/5.3.28
  2434. <
  2435. < HTTP/1.1 200 OK
  2436. < Server: nginx/1.6.2
  2437. < Date: Sat, 11 Feb 2017 14:46:14 GMT
  2438. < Content-Type: text/html
  2439. < Connection: close
  2440. < Vary: Accept-Encoding
  2441. < X-Powered-By: PHP/5.3.28
  2442. <
  2443. < HTTP/1.1 200 OK
  2444. < Server: nginx/1.6.2
  2445. < Date: Sat, 11 Feb 2017 14:46:14 GMT
  2446. < Content-Type: text/html
  2447. < Connection: close
  2448. < Vary: Accept-Encoding
  2449. < X-Powered-By: PHP/5.3.28
  2450. <
  2451. < HTTP/1.1 200 OK
  2452. < Server: nginx/1.6.2
  2453. < Date: Sat, 11 Feb 2017 14:46:14 GMT
  2454. < Content-Type: text/html
  2455. < Connection: close
  2456. < Vary: Accept-Encoding
  2457. < X-Powered-By: PHP/5.3.28
  2458. <
  2459. < HTTP/1.1 200 OK
  2460. < Server: nginx/1.6.2
  2461. < Date: Sat, 11 Feb 2017 14:46:14 GMT
  2462. < Content-Type: text/html
  2463. < Connection: close
  2464. < Vary: Accept-Encoding
  2465. < X-Powered-By: PHP/5.3.28
  2466. <
  2467. < HTTP/1.1 200 OK
  2468. < Server: nginx/1.6.2
  2469. < Date: Sat, 11 Feb 2017 14:46:15 GMT
  2470. < Content-Type: text/html
  2471. > Server: Apache/2.2.31 (Unix) PHP/5.4.45
  2472. > X-Powered-By: PHP/5.4.45
  2473. < Vary: Accept-Encoding
  2474. < X-Powered-By: PHP/5.3.28
  2475. <
  2476. < HTTP/1.1 200 OK
  2477. < Server: nginx/1.6.2
  2478. < Date: Sat, 11 Feb 2017 14:46:15 GMT
  2479. < Connection: close
  2480. < Vary: Accept-Encoding
  2481. < X-Powered-By: PHP/5.3.28
  2482. <
  2483. < HTTP/1.1 200 OK
  2484. < Server: nginx/1.6.2
  2485. < Date: Sat, 11 Feb 2017 14:46:15 GMT
  2486. < Content-Type: text/html
  2487. < Connection: close
  2488. < Vary: Accept-Encoding
  2489. < X-Powered-By: PHP/5.3.28
  2490. <
  2491. < HTTP/1.1 200 OK
  2492. < Server: nginx/1.6.2
  2493. < Date: Sat, 11 Feb 2017 14:46:15 GMT
  2494. < Content-Type: text/html
  2495. < Connection: close
  2496. < Vary: Accept-Encoding
  2497. < X-Powered-By: PHP/5.3.28
  2498. <
  2499. < HTTP/1.1 200 OK
  2500. < Server: nginx/1.6.2
  2501. < Date: Sat, 11 Feb 2017 14:46:16 GMT
  2502. < Content-Type: text/html
  2503. < Connection: close
  2504. < Vary: Accept-Encoding
  2505. < X-Powered-By: PHP/5.3.28
  2506. <
  2507. < HTTP/1.1 200 OK
  2508. < Server: nginx/1.6.2
  2509. < Date: Sat, 11 Feb 2017 14:46:16 GMT
  2510. < Content-Type: text/html
  2511. < Connection: close
  2512. < Vary: Accept-Encoding
  2513. < X-Powered-By: PHP/5.3.28
  2514. <
  2515. < HTTP/1.1 200 OK
  2516. < Server: nginx/1.6.2
  2517. < Date: Sat, 11 Feb 2017 14:46:16 GMT
  2518. < Content-Type: text/html
  2519. < Connection: close
  2520. < Vary: Accept-Encoding
  2521. < X-Powered-By: PHP/5.3.28
  2522. <
  2523. < HTTP/1.1 200 OK
  2524. < Server: nginx/1.6.2
  2525. < Date: Sat, 11 Feb 2017 14:46:17 GMT
  2526. < Content-Type: text/html
  2527. < Connection: close
  2528. < Vary: Accept-Encoding
  2529. < X-Powered-By: PHP/5.3.28
  2530. <
  2531. < HTTP/1.1 200 OK
  2532. < Server: nginx/1.6.2
  2533. < Date: Sat, 11 Feb 2017 14:46:17 GMT
  2534. < Content-Type: text/html
  2535. < Connection: close
  2536. < Vary: Accept-Encoding
  2537. < X-Powered-By: PHP/5.3.28
  2538. <
  2539. < HTTP/1.1 200 OK
  2540. < Server: nginx/1.6.2
  2541. < Date: Sat, 11 Feb 2017 14:46:17 GMT
  2542. < Content-Type: text/html
  2543. < Connection: close
  2544. < Vary: Accept-Encoding
  2545. < X-Powered-By: PHP/5.3.28
  2546. <
  2547. < HTTP/1.1 200 OK
  2548. < Server: nginx/1.6.2
  2549. < Date: Sat, 11 Feb 2017 14:46:17 GMT
  2550. < Content-Type: text/html
  2551. < Connection: close
  2552. < Vary: Accept-Encoding
  2553. < X-Powered-By: PHP/5.3.28
  2554. <
  2555. < HTTP/1.1 200 OK
  2556. < Server: nginx/1.6.2
  2557. < Date: Sat, 11 Feb 2017 14:46:18 GMT
  2558. < Content-Type: text/html
  2559. < Connection: close
  2560. < Vary: Accept-Encoding
  2561. < X-Powered-By: PHP/5.3.28
  2562.  
  2563. soyoungteens.com does Load-balancing. Found via Methods: HTTP[Server] HTTP[Diff]
  2564.  
  2565. ###########################################################################################
  2566.  
  2567. cd /pentest/enumeration/list-urls
  2568. ./list-urls.py http://www.soyoungteens.com
  2569. ./Recon.sh: ligne 71 : cd: /pentest/enumeration/list-urls: Aucun fichier ou dossier de ce type
  2570. ./Recon.sh: ligne 72: ./list-urls.py: Aucun fichier ou dossier de ce type
  2571.  
  2572. ###########################################################################################
  2573.  
  2574. nmap -PN -n -F -T4 -sV -A -oG temp.txt soyoungteens.com
  2575.  
  2576. Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-11 09:45 EST
  2577. Nmap scan report for soyoungteens.com (213.174.132.87)
  2578. Host is up (0.034s latency).
  2579. Not shown: 93 filtered ports
  2580. PORT    STATE  SERVICE      VERSION
  2581. 21/tcp  open   ftp          OpenBSD ftpd
  2582. 22/tcp  open   ssh          OpenSSH 7.2 (FreeBSD 20160310; protocol 2.0)
  2583. | ssh-hostkey:
  2584. |_  1024 65:27:1a:07:b1:d6:2b:29:7a:ea:60:8c:94:af:95:e8 (DSA)
  2585. 25/tcp  closed smtp
  2586. 80/tcp  open   http         Apache httpd 2.2.31 ((Unix) PHP/5.4.45)
  2587. |_http-server-header: Apache/2.2.31 (Unix) PHP/5.4.45
  2588. |_http-title: So Young Teens
  2589. 135/tcp closed msrpc
  2590. 139/tcp closed netbios-ssn
  2591. 445/tcp closed microsoft-ds
  2592. Aggressive OS guesses: FreeBSD 7.0-STABLE (96%), FreeBSD 7.1-RELEASE - 9.0-CURRENT (96%), FreeBSD 8.1-RELEASE (94%), FreeBSD 9.0-RELEASE (94%), FreeBSD 10.3-RELEASE (92%), FreeBSD 8.2-RELEASE (92%), FreeBSD 7.0-BETA4 - 7.0 (92%), FreeBSD 7.1-PRERELEASE - 7.3-RELEASE (92%), FreeBSD 8.0-RELEASE (92%), FreeBSD 6.3-RELEASE (92%)
  2593. No exact OS matches for host (test conditions non-ideal).
  2594. Network Distance: 2 hops
  2595. Service Info: Host: DS2153; OS: FreeBSD; CPE: cpe:/o:freebsd:freebsd
  2596.  
  2597. TRACEROUTE (using port 445/tcp)
  2598. HOP RTT      ADDRESS
  2599. 1   31.57 ms 10.42.0.1
  2600. 2   31.07 ms 213.174.132.87
  2601.  
  2602. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2603. Nmap done: 1 IP address (1 host up) scanned in 21.48 seconds
  2604.  
  2605. ###########################################################################################
  2606.  
  2607. amap -i temp.txt
  2608. amap v5.4 (www.thc.org/thc-amap) started at 2017-02-11 09:46:12 - APPLICATION MAPPING mode
  2609.  
  2610. Protocol on 213.174.132.87:21/tcp matches ftp
  2611. Protocol on 213.174.132.87:80/tcp matches http
  2612. Protocol on 213.174.132.87:80/tcp matches http-apache-2
  2613. Protocol on 213.174.132.87:22/tcp matches ssh
  2614. Protocol on 213.174.132.87:22/tcp matches ssh-openssh
  2615.  
  2616. Unidentified ports: none.
  2617.  
  2618. amap v5.4 finished at 2017-02-11 09:46:19
  2619.  
  2620. ###########################################################################################
  2621.  
  2622. cd /pentest/enumeration/www/httprint/linux
  2623. ./httprint -h www.soyoungteens.com -s signatures.txt -P0
  2624.  
  2625. ./Recon.sh: ligne 90 : cd: /pentest/enumeration/www/httprint/linux: Aucun fichier ou dossier de ce type
  2626. ./Recon.sh: ligne 91: ./httprint: Aucun fichier ou dossier de ce type
  2627.  
  2628. ###########################################################################################
  2629. +] searching (sub)domains for soyoungteens.com using built-in wordlist
  2630. [+] using maximum random delay of 10 millisecond(s) between requests
  2631.  
  2632. mail.soyoungteens.com
  2633. IP address #1: 213.174.151.151
  2634.  
  2635. www.soyoungteens.com
  2636. IP address #1: 213.174.132.87
  2637.  
  2638. [+] 2 (sub)domains and 2 IP address(es) found
  2639. ------------------------------------
  2640. [-] Resolving hostnames IPs...
  2641. 46.229.171.38:img.soyoungteens.com
  2642. 46.229.171.38:thumbs.soyoungteens.com
  2643. 213.174.132.87:www.soyoungteens.com
  2644. [+] Virtual hosts:
  2645. ==================
  2646. 46.229.171.38   latinsex-x.com
  2647. 213.174.132.87  purebbwmovies.com
  2648. 213.174.132.87  www.activevoyeur
  2649. 213.174.132.87  yogranny.com
  2650. 213.174.132.87  www.purebbwmovies.com
  2651. 213.174.132.87  www.gaysexdesire
  2652. 213.174.132.87  www.hqasiansex
  2653. 213.174.132.87  www.soyoungteens.com
  2654. 213.174.132.87  dailybbwporn
  2655. 213.174.132.87  bbwpassions
  2656. 213.174.132.87  www.tryteensex
  2657. 213.174.132.87  activevoyeur
  2658. 213.174.132.87  zimom.com
  2659. 213.174.132.87  moreasiansex
  2660. 213.174.132.87  www.activevoyeur.com
  2661. 213.174.132.87  moreasiansex.com
  2662. ---------------------------------------------------------------------------
  2663. + Target IP:          213.174.132.87
  2664. + Target Hostname:    soyoungteens.com
  2665. + Target Port:        80
  2666. + Start Time:         2017-02-11 09:44:44 (GMT-5)
  2667. ---------------------------------------------------------------------------
  2668. + Server: Apache/2.2.31 (Unix) PHP/5.4.45
  2669. + Retrieved x-powered-by header: PHP/5.4.45
  2670. + The anti-clickjacking X-Frame-Options header is not present.
  2671. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  2672. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  2673. + Server leaks inodes via ETags, header found with file /favicon.ico, inode: 12120481, size: 4286, mtime: Fri Jul 13 02:05:42 2012
  2674. + Apache/2.2.31 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
  2675. + PHP/5.4.45 appears to be outdated (current is at least 5.6.9). PHP 5.5.25 and 5.4.41 are also current.
  2676. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  2677. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  2678. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
  2679. + /phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script>: Output from the phpinfo() function was found.
  2680. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  2681. + OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  2682. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  2683. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  2684. + /phpinfo.php: Output from the phpinfo() function was found.
  2685. + OSVDB-3233: /phpinfo.php: PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information.
  2686. + /phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script>: Output from the phpinfo() function was found.
  2687. taboo-family-thumbs.com
  2688.  
  2689. ###########################################################################################
  2690.  
  2691. whois taboo-family-thumbs.com
  2692.  
  2693. Whois Server Version 2.0
  2694.  
  2695. Domain names in the .com and .net domains can now be registered
  2696. with many different competing registrars. Go to http://www.internic.net
  2697. for detailed information.
  2698.  
  2699.    Domain Name: TABOO-FAMILY-THUMBS.COM
  2700.    Registrar: EVOPLUS LTD
  2701.    Sponsoring Registrar IANA ID: 1418
  2702.    Whois Server: whois.evonames.com
  2703.    Referral URL: http://www.evonames.com
  2704.    Name Server: NS1.HOSTISERVICES.COM
  2705.    Name Server: NS2.HOSTISERVICES.COM
  2706.    Status: ok https://icann.org/epp#ok
  2707.    Updated Date: 30-dec-2016
  2708.    Creation Date: 19-jul-2006
  2709.    Expiration Date: 19-jul-2017
  2710.  
  2711.  
  2712.  
  2713. Domain Name: TABOO-FAMILY-THUMBS.COM
  2714. Registry Domain ID:
  2715. Registrar WHOIS Server: whois.evonames.com
  2716. Registrar URL: https://evonames.com/
  2717. Updated Date: 2016-12-30 04:33:18.079018
  2718. Creation Date: 2006-07-19
  2719. Registrar Registration Expiration Date: 2017-07-19
  2720. Registrar: EVOPLUS LTD
  2721. Registrar IANA ID: 1418
  2722. Registrar Abuse Contact Email: abuse@evonames.com
  2723. Registrar Abuse Contact Phone: +1.5144959001
  2724. Reseller: AHnames.com  https://www.AHnames.com/
  2725. Domain Status: ok
  2726. Registry Registrant ID: MR_7096451WP
  2727. Registrant Name: WhoisProtectService.net
  2728. Registrant Organization: PROTECTSERVICE, LTD.
  2729. Registrant Street: 27 Old Gloucester Street  
  2730. Registrant City: London
  2731. Registrant State/Province:
  2732. Registrant Postal Code: WC1N 3AX
  2733. Registrant Country: United Kingdom
  2734. Registrant Phone: +44.02074195061
  2735. Registrant Phone Ext:
  2736. Registrant Fax:
  2737. Registrant Fax Ext:
  2738. Registrant Email: taboo-family-thumbs.com@whoisprotectservice.net
  2739. Registry Admin ID: MR_7096451WP
  2740. Admin Name: WhoisProtectService.net
  2741. Admin Organization: PROTECTSERVICE, LTD.
  2742. Admin Street: 27 Old Gloucester Street  
  2743. Admin City: London
  2744. Admin State/Province:
  2745. Admin Postal Code: WC1N 3AX
  2746. Admin Country: United Kingdom
  2747. Admin Phone: +44.02074195061
  2748. Admin Phone Ext:
  2749. Admin Fax:
  2750. Admin Fax Ext:
  2751. Admin Email: taboo-family-thumbs.com@whoisprotectservice.net
  2752. Registry Tech ID: MR_7096451WP
  2753. Tech Name: WhoisProtectService.net
  2754. Tech Organization: PROTECTSERVICE, LTD.
  2755. Tech Street: 27 Old Gloucester Street  
  2756. Tech City: London
  2757. Tech State/Province:
  2758. Tech Postal Code: WC1N 3AX
  2759. Tech Country: United Kingdom
  2760. Tech Phone: +44.02074195061
  2761. Tech Phone Ext:
  2762. Tech Fax:
  2763. Tech Fax Ext:
  2764. Tech Email: taboo-family-thumbs.com@whoisprotectservice.net
  2765. Registry Billing ID: MR_7096451WP
  2766. Billing Name: WhoisProtectService.net
  2767. Billing Organization: PROTECTSERVICE, LTD.
  2768. Billing Street: 27 Old Gloucester Street  
  2769. Billing City: London
  2770. Billing State/Province:
  2771. Billing Postal Code: WC1N 3AX
  2772. Billing Country: United Kingdom
  2773. Billing Phone: +44.02074195061
  2774. Billing Phone Ext:
  2775. Billing Fax:
  2776. Billing Fax Ext:
  2777. Billing Email: taboo-family-thumbs.com@whoisprotectservice.net
  2778. Name Server: NS1.HOSTISERVICES.COM
  2779. Name Server: NS2.HOSTISERVICES.COM
  2780. DNSSEC: unsigned
  2781. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
  2782. >>> Last update of WHOIS database: 2017-02-02 07:00:37 <<<
  2783.  
  2784. Abuse email: abuse@ahnames.com
  2785.  
  2786. ###########################################################################################
  2787.  
  2788. dig taboo-family-thumbs.com any
  2789. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  2790.  
  2791. ; <<>> DiG 9.10.3-P4-Debian <<>> taboo-family-thumbs.com any
  2792. ;; global options: +cmd
  2793. ;; Got answer:
  2794. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62260
  2795. ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
  2796.  
  2797. ;; OPT PSEUDOSECTION:
  2798. ; EDNS: version: 0, flags:; udp: 4096
  2799. ;; QUESTION SECTION:
  2800. ;taboo-family-thumbs.com.   IN  ANY
  2801.  
  2802. ;; ANSWER SECTION:
  2803. taboo-family-thumbs.com. 1200   IN  SOA ns1.hostiservices.com. hostmaster.taboo-family-thumbs.com. 1235045596 21600 3600 691200 38400
  2804. taboo-family-thumbs.com. 1200   IN  NS  ns1.hostiservices.com.
  2805. taboo-family-thumbs.com. 1200   IN  NS  ns2.hostiservices.com.
  2806. taboo-family-thumbs.com. 1089   IN  A   162.251.108.55
  2807.  
  2808. ;; Query time: 108 msec
  2809. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  2810. ;; WHEN: Sat Feb 11 09:45:01 EST 2017
  2811. ;; MSG SIZE  rcvd: 165
  2812.  
  2813. ###########################################################################################
  2814.  
  2815. h
  2816.  
  2817. Checking for HTTP-Loadbalancing [Date]: 14:46:24, 14:46:24, 14:46:25, 14:46:25, 14:46:25, 14:46:25, 14:46:26, 14:46:26, 14:46:26, 14:46:26, 14:46:27, 14:46:27, 14:46:27, 14:46:28, 14:46:28, 14:46:28, 14:46:28, 14:46:29, 14:46:29, 14:46:29, 14:46:29, 14:46:30, 14:46:30, 14:46:30, 14:46:30, 14:46:31, 14:46:31, 14:46:31, 14:46:32, 14:46:32, 14:46:32, 14:46:32, 14:46:33, 14:46:33, 14:46:33, 14:46:33, 14:46:34, 14:46:34, 14:46:34, 14:46:34, 14:46:35, 14:46:35, 14:46:35, 14:46:35, 14:46:36, 14:46:36, 14:46:36, 14:46:36, 14:46:37, 14:46:37, NOT FOUND
  2818.  
  2819. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  2820.  
  2821. taboo-family-thumbs.com does NOT use Load-balancing.
  2822.  
  2823. ###########################################################################################
  2824.  
  2825. cd /pentest/enumeration/list-urls
  2826. ./list-urls.py http://www.taboo-family-thumbs.com
  2827. ./Recon.sh: ligne 71 : cd: /pentest/enumeration/list-urls: Aucun fichier ou dossier de ce type
  2828. ./Recon.sh: ligne 72: ./list-urls.py: Aucun fichier ou dossier de ce type
  2829.  
  2830. ###########################################################################################
  2831.  
  2832. nmap -PN -n -F -T4 -sV -A -oG temp.txt taboo-family-thumbs.com
  2833.  
  2834. Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-11 09:46 EST
  2835. Nmap scan report for taboo-family-thumbs.com (162.251.108.55)
  2836. Host is up (0.058s latency).
  2837. Not shown: 95 closed ports
  2838. PORT   STATE    SERVICE VERSION
  2839. 21/tcp filtered ftp
  2840. 22/tcp filtered ssh
  2841. 53/tcp filtered domain
  2842. 80/tcp open     http    nginx 1.6.2
  2843. |_http-server-header: nginx/1.6.2
  2844. |_http-title: Taboo Family Thumbs. Family perversion sex streaming porn movi...
  2845. 81/tcp open     http    nginx 1.6.2
  2846. |_http-server-header: nginx/1.6.2
  2847. |_http-title: Taboo Family Thumbs. Family perversion sex streaming porn movi...
  2848. Aggressive OS guesses: Linux 3.10 - 4.2 (95%), Linux 3.2 - 4.6 (93%), Linux 3.13 (92%), Linux 3.13 or 4.2 (92%), Linux 4.4 (92%), Asus RT-AC66U WAP (92%), Linux 3.10 (92%), Linux 3.11 - 3.12 (92%), Linux 3.18 (92%), Linux 3.2 (92%)
  2849. No exact OS matches for host (test conditions non-ideal).
  2850. Network Distance: 2 hops
  2851.  
  2852. TRACEROUTE (using port 445/tcp)
  2853. HOP RTT      ADDRESS
  2854. 1   31.11 ms 10.42.0.1
  2855. 2   31.12 ms 162.251.108.55
  2856.  
  2857. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2858. Nmap done: 1 IP address (1 host up) scanned in 20.34 seconds
  2859.  
  2860. ###########################################################################################
  2861.  
  2862. amap -i temp.txt
  2863. amap v5.4 (www.thc.org/thc-amap) started at 2017-02-11 09:46:43 - APPLICATION MAPPING mode
  2864.  
  2865. Protocol on 162.251.108.55:81/tcp matches http
  2866. Protocol on 162.251.108.55:80/tcp matches http
  2867. Protocol on 162.251.108.55:81/tcp matches http-apache-2
  2868. Protocol on 162.251.108.55:80/tcp matches http-apache-2
  2869.  
  2870. Unidentified ports: none.
  2871.  
  2872. amap v5.4 finished at 2017-02-11 09:46:44
  2873.  
  2874. ###########################################################################################
  2875.  
  2876. cd /pentest/enumeration/www/httprint/linux
  2877. ./httprint -h www.taboo-family-thumbs.com -s signatures.txt -P0
  2878.  
  2879. ./Recon.sh: ligne 90 : cd: /pentest/enumeration/www/httprint/linux: Aucun fichier ou dossier de ce type
  2880. ./Recon.sh: ligne 91: ./httprint: Aucun fichier ou dossier de ce type
  2881.  
  2882. ###########################################################################################
  2883.  
  2884. [+] searching (sub)domains for taboo-family-thumbs.com using built-in wordlist
  2885. [+] using maximum random delay of 10 millisecond(s) between requests
  2886.  
  2887. www.taboo-family-thumbs.com
  2888. IP address #1: 162.251.108.55
  2889.  
  2890. [+] 1 (sub)domains and 1 IP address(es) found
  2891. [+] Hosts found in search engines:
  2892. ------------------------------------
  2893. [-] Resolving hostnames IPs...
  2894. 162.251.108.55:www.taboo-family-thumbs.com
  2895. [+] Virtual hosts:
  2896. ==================
  2897. 162.251.108.55  smutmomtube.com
  2898. 162.251.108.55  olderfuckteen
  2899. 162.251.108.55  indianfuckfilms.com
  2900. 162.251.108.55  nudesportfilms
  2901. 162.251.108.55  smutmilf.com
  2902. 162.251.108.55  taboo-family-thumbs.com
  2903. 162.251.108.55  dadsfuckdaughters
  2904. 162.251.108.55  www.gfsmilf
  2905. 162.251.108.55  hardcoretube
  2906. 162.251.108.55  www.bdsm-thumbs.net
  2907. 162.251.108.55  momfucksonmovies.com
  2908. 162.251.108.55  swingerorgymovies.com
  2909. 162.251.108.55  momslovesex.net
  2910. 162.251.108.55  olderfuckteen.com
  2911. 162.251.108.55  sexflashclips
  2912. 162.251.108.55  www.swingerorgymovies.com
  2913. 162.251.108.55  roughsex
  2914. 162.251.108.55  dadsfuckdaughters.net
  2915. 162.251.108.55  indianfuckfilms
  2916. 162.251.108.55  vintagehairyporn.com
  2917. 162.251.108.55  sexflashclips.com
  2918. 162.251.108.55  hardcoretube.tv
  2919. 162.251.108.55  gaytubegod
  2920. 162.251.108.55  www.indecencytube
  2921. 162.251.108.55  3dfuckfilms
  2922. 162.251.108.55  www.wstube
  2923. 162.251.108.55  vintagefuckfilms
  2924. 162.251.108.55  vintagehairyporn
  2925. 162.251.108.55  retroporngalleries
  2926. 162.251.108.55  www.motherfucktube
  2927. 162.251.108.55  searchporno
  2928. 162.251.108.55  motherfucktube.org
  2929. 162.251.108.55  retroporngalleries.com
  2930. 162.251.108.55  nudesportfilms.com
  2931. 162.251.108.55  taboo-family-thumbs
  2932. 162.251.108.55  www.bdsm-thumbs
  2933. 162.251.108.55  roughsex.in
  2934. 162.251.108.55  www.wstube.com
  2935. ---------------------------------------------------------------------------
  2936. + Target IP:          162.251.108.55
  2937. + Target Hostname:    taboo-family-thumbs.com
  2938. + Target Port:        80
  2939. + Start Time:         2017-02-11 09:45:01 (GMT-5)
  2940. ---------------------------------------------------------------------------
  2941. + Server: nginx/1.6.2
  2942. + Retrieved x-powered-by header: PHP/5.3.28
  2943. + The anti-clickjacking X-Frame-Options header is not present.
  2944. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  2945. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  2946. + No CGI Directories found (use '-C all' to force check all possible dirs)
  2947. + Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x586e5108 0x98
  2948. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  2949. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  2950. + Cookie PHPSESSID created without the httponly flag
  2951. + OSVDB-29786: /admin.php?en_log_id=0&action=config: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
  2952. + OSVDB-29786: /admin.php?en_log_id=0&action=users: EasyNews from http://www.webrc.ca version 4.3 allows remote admin access. This PHP file should be protected.
  2953. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  2954. + OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  2955. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  2956. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  2957. + OSVDB-3092: /admin.php: This might be interesting...
  2958. + 7446 requests: 0 error(s) and 15 item(s) reported on remote host
  2959. + End Time:           2017-02-11 10:02:05 (GMT-5) (1024 seconds)
  2960. ---------------------------------------------------------------------------
  2961. dadfuckdaughterporn.com
  2962.  
  2963. ###########################################################################################
  2964.  
  2965. whois dadfuckdaughterporn.com
  2966.  
  2967. Whois Server Version 2.0
  2968.  
  2969. Domain names in the .com and .net domains can now be registered
  2970. with many different competing registrars. Go to http://www.internic.net
  2971. for detailed information.
  2972.  
  2973.    Domain Name: DADFUCKDAUGHTERPORN.COM
  2974.    Registrar: EVOPLUS LTD
  2975.    Sponsoring Registrar IANA ID: 1418
  2976.    Whois Server: whois.evonames.com
  2977.    Referral URL: http://www.evonames.com
  2978.    Name Server: NS1.KWIKDNS.COM
  2979.    Name Server: NS2.KWIKDNS.COM
  2980.    Status: ok https://icann.org/epp#ok
  2981.    Updated Date: 13-nov-2016
  2982.    Creation Date: 02-oct-2015
  2983.    Expiration Date: 02-oct-2017
  2984.  
  2985.  
  2986. Domain Name: DADFUCKDAUGHTERPORN.COM
  2987. Registry Domain ID:
  2988. Registrar WHOIS Server: whois.evonames.com
  2989. Registrar URL: https://evonames.com/
  2990. Updated Date: 2016-11-13 19:09:45.365494
  2991. Creation Date: 2015-10-02
  2992. Registrar Registration Expiration Date: 2017-10-02
  2993. Registrar: EVOPLUS LTD
  2994. Registrar IANA ID: 1418
  2995. Registrar Abuse Contact Email: abuse@evonames.com
  2996. Registrar Abuse Contact Phone: +1.5144959001
  2997. Reseller: AHnames.com  https://www.AHnames.com/
  2998. Domain Status: ok
  2999. Registry Registrant ID: MR_7507292WP
  3000. Registrant Name: WhoisProtectService.net
  3001. Registrant Organization: PROTECTSERVICE, LTD.
  3002. Registrant Street: 27 Old Gloucester Street  
  3003. Registrant City: London
  3004. Registrant State/Province:
  3005. Registrant Postal Code: WC1N 3AX
  3006. Registrant Country: United Kingdom
  3007. Registrant Phone: +44.02074195061
  3008. Registrant Phone Ext:
  3009. Registrant Fax:
  3010. Registrant Fax Ext:
  3011. Registrant Email: dadfuckdaughterporn.com@whoisprotectservice.net
  3012. Registry Admin ID: MR_7507292WP
  3013. Admin Name: WhoisProtectService.net
  3014. Admin Organization: PROTECTSERVICE, LTD.
  3015. Admin Street: 27 Old Gloucester Street  
  3016. Admin City: London
  3017. Admin State/Province:
  3018. Admin Postal Code: WC1N 3AX
  3019. Admin Country: United Kingdom
  3020. Admin Phone: +44.02074195061
  3021. Admin Phone Ext:
  3022. Admin Fax:
  3023. Admin Fax Ext:
  3024. Admin Email: dadfuckdaughterporn.com@whoisprotectservice.net
  3025. Registry Tech ID: MR_7507292WP
  3026. Tech Name: WhoisProtectService.net
  3027. Tech Organization: PROTECTSERVICE, LTD.
  3028. Tech Street: 27 Old Gloucester Street  
  3029. Tech City: London
  3030. Tech State/Province:
  3031. Tech Postal Code: WC1N 3AX
  3032. Tech Country: United Kingdom
  3033. Tech Phone: +44.02074195061
  3034. Tech Phone Ext:
  3035. Tech Fax:
  3036. Tech Fax Ext:
  3037. Tech Email: dadfuckdaughterporn.com@whoisprotectservice.net
  3038. Registry Billing ID: MR_7507292WP
  3039. Billing Name: WhoisProtectService.net
  3040. Billing Organization: PROTECTSERVICE, LTD.
  3041. Billing Street: 27 Old Gloucester Street  
  3042. Billing City: London
  3043. Billing State/Province:
  3044. Billing Postal Code: WC1N 3AX
  3045. Billing Country: United Kingdom
  3046. Billing Phone: +44.02074195061
  3047. Billing Phone Ext:
  3048. Billing Fax:
  3049. Billing Fax Ext:
  3050. Billing Email: dadfuckdaughterporn.com@whoisprotectservice.net
  3051. Name Server: NS1.KWIKDNS.COM
  3052. Name Server: NS2.KWIKDNS.COM
  3053. DNSSEC: unsigned
  3054. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
  3055. >>> Last update of WHOIS database: 2017-01-29 01:55:33 <<<
  3056.  
  3057. Abuse email: abuse@ahnames.com
  3058.  
  3059. ###########################################################################################
  3060.  
  3061. dig dadfuckdaughterporn.com any
  3062. ../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
  3063.  
  3064. ; <<>> DiG 9.10.3-P4-Debian <<>> dadfuckdaughterporn.com any
  3065. ;; global options: +cmd
  3066. ;; Got answer:
  3067. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30637
  3068. ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
  3069.  
  3070. ;; OPT PSEUDOSECTION:
  3071. ; EDNS: version: 0, flags:; udp: 4096
  3072. ;; QUESTION SECTION:
  3073. ;dadfuckdaughterporn.com.   IN  ANY
  3074.  
  3075. ;; ANSWER SECTION:
  3076. dadfuckdaughterporn.com. 30 IN  SOA ns1.kwikdns.com. hostmaster.kwikdns.com. 1611130 60 30 604800 30
  3077. dadfuckdaughterporn.com. 30 IN  NS  ns1.kwikdns.com.
  3078. dadfuckdaughterporn.com. 30 IN  NS  ns2.kwikdns.com.
  3079. dadfuckdaughterporn.com. 30 IN  A   199.80.52.211
  3080. dadfuckdaughterporn.com. 30 IN  MX  10 dadfuckdaughterporn.com.
  3081.  
  3082. ;; Query time: 74 msec
  3083. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  3084. ;; WHEN: Sun Feb 12 20:42:17 EST 2017
  3085. ;; MSG SIZE  rcvd: 175
  3086.  
  3087. ###########################################################################################
  3088.  
  3089.  
  3090.  
  3091. Checking for HTTP-Loadbalancing [Date]: 01:43:41, 01:43:41, 01:43:42, 01:43:42, 01:43:42, 01:43:42, 01:43:43, 01:43:43, 01:43:43, 01:43:43, 01:43:44, 01:43:44, 01:43:44, 01:43:44, 01:43:44, 01:43:45, 01:43:45, 01:43:45, 01:43:45, 01:43:46, 01:43:46, 01:43:46, 01:43:46, 01:43:47, 01:43:47, 01:43:47, 01:43:47, 01:43:47, 01:43:48, 01:43:48, 01:43:48, 01:43:48, 01:43:49, 01:43:49, 01:43:49, 01:43:49, 01:43:49, 01:43:50, 01:43:50, 01:43:50, 01:43:50, 01:43:51, 01:43:51, 01:43:51, 01:43:52, 01:43:52, 01:43:52, 01:43:52, 01:43:53, 01:43:53, NOT FOUND
  3092.  
  3093. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  3094.  
  3095. dadfuckdaughterporn.com does NOT use Load-balancing.
  3096.  
  3097. ###########################################################################################
  3098.  
  3099. cd /pentest/enumeration/list-urls
  3100. ./list-urls.py http://www.dadfuckdaughterporn.com
  3101. ./Recon.sh: ligne 71 : cd: /pentest/enumeration/list-urls: Aucun fichier ou dossier de ce type
  3102. ./Recon.sh: ligne 72: ./list-urls.py: Aucun fichier ou dossier de ce type
  3103.  
  3104. ###########################################################################################
  3105.  
  3106. nmap -PN -n -F -T4 -sV -A -oG temp.txt dadfuckdaughterporn.com
  3107.  
  3108. Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-12 20:43 EST
  3109. Nmap scan report for dadfuckdaughterporn.com (199.80.52.211)
  3110. Host is up (0.049s latency).
  3111. Not shown: 95 closed ports
  3112. PORT     STATE    SERVICE    VERSION
  3113. 21/tcp   open     ftp?
  3114. | fingerprint-strings:
  3115. |   DNSStatusRequest, DNSVersionBindReq, FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, Help, Kerberos, LANDesk-RC, LDAPBindReq, LDAPSearchReq, LPDString, NCP, NULL, NotesRPC, RPCCheck, RTSPRequest, SIPOptions, SMBProgNeg, SSLSessionReq, TLSSessionReq, TerminalServer, WMSRequest, X11Probe, afp, giop, oracle-tns:
  3116. |_    421 Service not available.
  3117. 22/tcp   filtered ssh
  3118. 53/tcp   filtered domain
  3119. 80/tcp   open     http       nginx
  3120. |_http-server-header: nginx
  3121. |_http-title: Dad Fuck Daughter Porn. Free old young porn tube movies. Famil...
  3122. 5666/tcp open     tcpwrapped
  3123. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  3124. SF-Port21-TCP:V=7.40%I=7%D=2/12%Time=58A10F4B%P=x86_64-pc-linux-gnu%r(NULL
  3125. SF:,1C,"421\x20Service\x20not\x20available\.\r\n")%r(GenericLines,1C,"421\
  3126. SF:x20Service\x20not\x20available\.\r\n")%r(Help,1C,"421\x20Service\x20not
  3127. SF:\x20available\.\r\n")%r(GetRequest,1C,"421\x20Service\x20not\x20availab
  3128. SF:le\.\r\n")%r(HTTPOptions,1C,"421\x20Service\x20not\x20available\.\r\n")
  3129. SF:%r(RTSPRequest,1C,"421\x20Service\x20not\x20available\.\r\n")%r(RPCChec
  3130. SF:k,1C,"421\x20Service\x20not\x20available\.\r\n")%r(DNSVersionBindReq,1C
  3131. SF:,"421\x20Service\x20not\x20available\.\r\n")%r(DNSStatusRequest,1C,"421
  3132. SF:\x20Service\x20not\x20available\.\r\n")%r(SSLSessionReq,1C,"421\x20Serv
  3133. SF:ice\x20not\x20available\.\r\n")%r(TLSSessionReq,1C,"421\x20Service\x20n
  3134. SF:ot\x20available\.\r\n")%r(Kerberos,1C,"421\x20Service\x20not\x20availab
  3135. SF:le\.\r\n")%r(SMBProgNeg,1C,"421\x20Service\x20not\x20available\.\r\n")%
  3136. SF:r(X11Probe,1C,"421\x20Service\x20not\x20available\.\r\n")%r(FourOhFourR
  3137. SF:equest,1C,"421\x20Service\x20not\x20available\.\r\n")%r(LPDString,1C,"4
  3138. SF:21\x20Service\x20not\x20available\.\r\n")%r(LDAPSearchReq,1C,"421\x20Se
  3139. SF:rvice\x20not\x20available\.\r\n")%r(LDAPBindReq,1C,"421\x20Service\x20n
  3140. SF:ot\x20available\.\r\n")%r(SIPOptions,1C,"421\x20Service\x20not\x20avail
  3141. SF:able\.\r\n")%r(LANDesk-RC,1C,"421\x20Service\x20not\x20available\.\r\n"
  3142. SF:)%r(TerminalServer,1C,"421\x20Service\x20not\x20available\.\r\n")%r(NCP
  3143. SF:,1C,"421\x20Service\x20not\x20available\.\r\n")%r(NotesRPC,1C,"421\x20S
  3144. SF:ervice\x20not\x20available\.\r\n")%r(WMSRequest,1C,"421\x20Service\x20n
  3145. SF:ot\x20available\.\r\n")%r(oracle-tns,1C,"421\x20Service\x20not\x20avail
  3146. SF:able\.\r\n")%r(afp,1C,"421\x20Service\x20not\x20available\.\r\n")%r(gio
  3147. SF:p,1C,"421\x20Service\x20not\x20available\.\r\n");
  3148. Device type: general purpose|storage-misc|broadband router|router|WAP|media device
  3149. Running (JUST GUESSING): Linux 2.6.X|3.X (95%), HP embedded (93%), MikroTik RouterOS 6.X (92%), Ubiquiti AirOS 5.X (92%), Infomir embedded (91%), Ubiquiti embedded (91%)
  3150. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.32.1 cpe:/o:ubnt:airos:5.5.9 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/h:ubnt:airmax_nanostation
  3151. Aggressive OS guesses: Linux 2.6.32 (95%), Linux 2.6.32 - 3.1 (95%), Linux 2.6.32 - 3.13 (95%), Linux 2.6.32 - 2.6.39 (94%), Linux 2.6.39 (94%), Linux 3.10 (94%), Linux 3.2 (94%), HP P2000 G3 NAS device (93%), Linux 3.8 (93%), Linux 2.6.32 - 3.10 (92%)
  3152. No exact OS matches for host (test conditions non-ideal).
  3153. Network Distance: 2 hops
  3154.  
  3155. TRACEROUTE (using port 139/tcp)
  3156. HOP RTT      ADDRESS
  3157. 1   30.89 ms 10.42.0.1
  3158. 2   30.89 ms 199.80.52.211
  3159.  
  3160. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  3161. Nmap done: 1 IP address (1 host up) scanned in 18.28 seconds
  3162.  
  3163. ###########################################################################################
  3164.  
  3165. amap -i temp.txt
  3166. amap v5.4 (www.thc.org/thc-amap) started at 2017-02-12 20:43:55 - APPLICATION MAPPING mode
  3167.  
  3168. Protocol on 199.80.52.211:80/tcp matches http
  3169. Unrecognized response from 199.80.52.211:21/tcp (by trigger ssl) received.
  3170. Please send this output and the name of the application to vh@thc.org:
  3171. 0000:  3432 3120 5365 7276 6963 6520 6e6f 7420    [ 421 Service not  ]
  3172. 0010:  6176 6169 6c61 626c 652e 0d0a              [ available...     ]
  3173.  
  3174. Unidentified ports: 199.80.52.211:21/tcp 199.80.52.211:5666/tcp (total 2).
  3175.  
  3176. amap v5.4 finished at 2017-02-12 20:44:02
  3177.  
  3178. ###########################################################################################
  3179.  
  3180. cd /pentest/enumeration/www/httprint/linux
  3181. ./httprint -h www.dadfuckdaughterporn.com -s signatures.txt -P0
  3182.  
  3183. ./Recon.sh: ligne 90 : cd: /pentest/enumeration/www/httprint/linux: Aucun fichier ou dossier de ce type
  3184. ./Recon.sh: ligne 91: ./httprint: Aucun fichier ou dossier de ce type
  3185.  
  3186. ###########################################################################################
  3187.  
  3188. [+] Emails found:
  3189. ------------------
  3190. pixel-1486950176578581-web-@dadfuckdaughterporn.com
  3191. pixel-1486950177374505-web-@dadfuckdaughterporn.com
  3192. ---------------------------------------------------------------------------
  3193. + Target IP:          199.80.52.211
  3194. + Target Hostname:    dadfuckdaughterporn.com
  3195. + Target Port:        80
  3196. + Start Time:         2017-02-12 20:42:20 (GMT-5)
  3197. ---------------------------------------------------------------------------
  3198. + Server: nginx
  3199. + Retrieved x-powered-by header: PHP/5.3.29
  3200. + The anti-clickjacking X-Frame-Options header is not present.
  3201. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  3202. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  3203. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  3204. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  3205. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  3206. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  3207. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  3208. + Server leaks inodes via ETags, header found with file /icons/README, inode: 671, size: 5108, mtime: Tue Aug 28 06:48:10 2007
  3209. + OSVDB-3233: /icons/README: Apache default file found.
  3210. + 8257 requests: 0 error(s) and 11 item(s) reported on remote host
  3211. + End Time:           2017-02-12 20:55:04 (GMT-5) (764 seconds)
  3212. ---------------------------------------------------------------------------
  3213. oldyoungfuck.net
  3214.  
  3215. ###########################################################################################
  3216.  
  3217. whois oldyoungfuck.net
  3218.  
  3219. Whois Server Version 2.0
  3220.  
  3221. Domain names in the .com and .net domains can now be registered
  3222. with many different competing registrars. Go to http://www.internic.net
  3223. for detailed information.
  3224.  
  3225.    Domain Name: OLDYOUNGFUCK.NET
  3226.    Registrar: EVOPLUS LTD
  3227.    Sponsoring Registrar IANA ID: 1418
  3228.    Whois Server: whois.evonames.com
  3229.    Referral URL: http://www.evonames.com
  3230.    Name Server: NS1.BONDAGEORGIES.COM
  3231.    Name Server: NS2.BONDAGEORGIES.COM
  3232.    Status: ok https://icann.org/epp#ok
  3233.    Updated Date: 08-feb-2017
  3234.    Creation Date: 08-feb-2015
  3235.    Expiration Date: 08-feb-2018
  3236.  
  3237.  
  3238. Domain Name: OLDYOUNGFUCK.NET
  3239. Registry Domain ID:
  3240. Registrar WHOIS Server: whois.evonames.com
  3241. Registrar URL: https://evonames.com/
  3242. Updated Date: 2017-02-08 08:56:22.028061
  3243. Creation Date: 2015-02-08
  3244. Registrar Registration Expiration Date: 2018-02-08
  3245. Registrar: EVOPLUS LTD
  3246. Registrar IANA ID: 1418
  3247. Registrar Abuse Contact Email: abuse@evonames.com
  3248. Registrar Abuse Contact Phone: +1.5144959001
  3249. Reseller: AHnames.com  https://www.AHnames.com/
  3250. Domain Status: ok
  3251. Registry Registrant ID: MR_6388461WP
  3252. Registrant Name: WhoisProtectService.net
  3253. Registrant Organization: PROTECTSERVICE, LTD.
  3254. Registrant Street: 27 Old Gloucester Street  
  3255. Registrant City: London
  3256. Registrant State/Province:
  3257. Registrant Postal Code: WC1N 3AX
  3258. Registrant Country: United Kingdom
  3259. Registrant Phone: +44.02074195061
  3260. Registrant Phone Ext:
  3261. Registrant Fax:
  3262. Registrant Fax Ext:
  3263. Registrant Email: oldyoungfuck.net@whoisprotectservice.net
  3264. Registry Admin ID: MR_6388461WP
  3265. Admin Name: WhoisProtectService.net
  3266. Admin Organization: PROTECTSERVICE, LTD.
  3267. Admin Street: 27 Old Gloucester Street  
  3268. Admin City: London
  3269. Admin State/Province:
  3270. Admin Postal Code: WC1N 3AX
  3271. Admin Country: United Kingdom
  3272. Admin Phone: +44.02074195061
  3273. Admin Phone Ext:
  3274. Admin Fax:
  3275. Admin Fax Ext:
  3276. Admin Email: oldyoungfuck.net@whoisprotectservice.net
  3277. Registry Tech ID: MR_6388461WP
  3278. Tech Name: WhoisProtectService.net
  3279. Tech Organization: PROTECTSERVICE, LTD.
  3280. Tech Street: 27 Old Gloucester Street  
  3281. Tech City: London
  3282. Tech State/Province:
  3283. Tech Postal Code: WC1N 3AX
  3284. Tech Country: United Kingdom
  3285. Tech Phone: +44.02074195061
  3286. Tech Phone Ext:
  3287. Tech Fax:
  3288. Tech Fax Ext:
  3289. Tech Email: oldyoungfuck.net@whoisprotectservice.net
  3290. Registry Billing ID: MR_6388461WP
  3291. Billing Name: WhoisProtectService.net
  3292. Billing Organization: PROTECTSERVICE, LTD.
  3293. Billing Street: 27 Old Gloucester Street  
  3294. Billing City: London
  3295. Billing State/Province:
  3296. Billing Postal Code: WC1N 3AX
  3297. Billing Country: United Kingdom
  3298. Billing Phone: +44.02074195061
  3299. Billing Phone Ext:
  3300. Billing Fax:
  3301. Billing Fax Ext:
  3302. Billing Email: oldyoungfuck.net@whoisprotectservice.net
  3303. Name Server: NS1.BONDAGEORGIES.COM
  3304. Name Server: NS2.BONDAGEORGIES.COM
  3305. DNSSEC: unsigned
  3306. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
  3307. >>> Last update of WHOIS database: 2017-02-08 08:57:10 <<<
  3308.  
  3309. Abuse email: abuse@ahnames.com
  3310.  
  3311. ###########################################################################################
  3312.  
  3313. IN  ANY
  3314.  
  3315. ;; ANSWER SECTION:
  3316. oldyoungfuck.net.   14400   IN  MX  10 mail.oldyoungfuck.net.
  3317. oldyoungfuck.net.   14400   IN  TXT "v=spf1 a mx ip4:83.149.124.211 ?all"
  3318. oldyoungfuck.net.   14400   IN  SOA ns1.bondageorgies.com. root.oldyoungfuck.net. 2015020806 7200 3600 1209600 180
  3319. oldyoungfuck.net.   14400   IN  NS  ns2.bondageorgies.com.
  3320. oldyoungfuck.net.   14400   IN  NS  ns1.bondageorgies.com.
  3321. oldyoungfuck.net.   14054   IN  A   83.149.124.211
  3322.  
  3323. ;; ADDITIONAL SECTION:
  3324. mail.oldyoungfuck.net.  14400   IN  A   83.149.124.211
  3325.  
  3326. ;; Query time: 125 msec
  3327. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  3328. ;; WHEN: Sun Feb 12 20:43:07 EST 2017
  3329. ;; MSG SIZE  rcvd: 240
  3330.  
  3331. ###########################################################################################
  3332.  
  3333.  
  3334. Checking for HTTP-Loadbalancing [Date]: 01:44:31, 01:44:32, 01:44:32, 01:44:32, 01:44:32, 01:44:33, 01:44:33, 01:44:33, 01:44:34, 01:44:34, 01:44:34, 01:44:34, 01:44:35, 01:44:35, 01:44:35, 01:44:36, 01:44:36, 01:44:36, 01:44:36, 01:44:37, 01:44:37, 01:44:37, 01:44:38, 01:44:38, 01:44:38, 01:44:38, 01:44:39, 01:44:39, 01:44:39, 01:44:40, 01:44:40, 01:44:41, 01:44:41, 01:44:41, 01:44:41, 01:44:42, 01:44:42, 01:44:42, 01:44:43, 01:44:43, 01:44:43, 01:44:43, 01:44:44, 01:44:44, 01:44:44, 01:44:45, 01:44:45, 01:44:45, 01:44:45, 01:44:46, NOT FOUND
  3335.  
  3336. Checking for HTTP-Loadbalancing [Diff]: NOT FOUND
  3337.  
  3338. oldyoungfuck.net does NOT use Load-balancing.
  3339.  
  3340. ###########################################################################################
  3341.  
  3342. cd /pentest/enumeration/list-urls
  3343. ./list-urls.py http://www.oldyoungfuck.net
  3344. ./Recon.sh: ligne 71 : cd: /pentest/enumeration/list-urls: Aucun fichier ou dossier de ce type
  3345. ./Recon.sh: ligne 72: ./list-urls.py: Aucun fichier ou dossier de ce type
  3346.  
  3347. ###########################################################################################
  3348.  
  3349. nmap -PN -n -F -T4 -sV -A -oG temp.txt oldyoungfuck.net
  3350.  
  3351. Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-12 20:44 EST
  3352. Nmap scan report for oldyoungfuck.net (83.149.124.211)
  3353. Host is up (0.044s latency).
  3354. Not shown: 92 filtered ports
  3355. PORT     STATE  SERVICE      VERSION
  3356. 25/tcp   closed smtp
  3357. 80/tcp   open   http         nginx
  3358. |_http-server-header: nginx
  3359. |_http-title: Old Fucks Young - old men and moms fuck young teens and boys
  3360. 81/tcp   closed hosts2-ns
  3361. 135/tcp  closed msrpc
  3362. 139/tcp  closed netbios-ssn
  3363. 443/tcp  closed https
  3364. 445/tcp  closed microsoft-ds
  3365. 8080/tcp open   http         Apache httpd 2.2.15 ((CentOS))
  3366. |_http-open-proxy: Proxy might be redirecting requests
  3367. |_http-server-header: Apache/2.2.15 (CentOS)
  3368. |_http-title: Old Fucks Young - old men and moms fuck young teens and boys
  3369. Aggressive OS guesses: Linux 3.2 (94%), Linux 3.1 (93%), AVM FRITZ!WLAN Repeater 450E (FritzOS 6.51) (93%), Linux 2.6.32 (93%), Linux 2.6.32 - 2.6.39 (93%), Linux 2.6.32 - 3.1 (93%), Linux 2.6.39 (93%), ProVision-ISR security DVR (93%), OpenWrt 12.09-rc1 Attitude Adjustment (Linux 3.3 - 3.7) (93%), MikroTik RouterOS 6.19 (Linux 3.3.5) (93%)
  3370. No exact OS matches for host (test conditions non-ideal).
  3371. Network Distance: 2 hops
  3372.  
  3373. TRACEROUTE (using port 135/tcp)
  3374. HOP RTT      ADDRESS
  3375. 1   30.73 ms 10.42.0.1
  3376. 2   31.51 ms 83.149.124.211
  3377.  
  3378. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  3379. Nmap done: 1 IP address (1 host up) scanned in 22.75 seconds
  3380.  
  3381. ###########################################################################################
  3382.  
  3383. amap -i temp.txt
  3384. amap v5.4 (www.thc.org/thc-amap) started at 2017-02-12 20:44:56 - APPLICATION MAPPING mode
  3385.  
  3386. Protocol on 83.149.124.211:80/tcp matches http
  3387. Protocol on 83.149.124.211:8080/tcp matches http
  3388. Protocol on 83.149.124.211:8080/tcp matches http-apache-2
  3389. Protocol on 83.149.124.211:80/tcp matches http-apache-2
  3390.  
  3391. Unidentified ports: none.
  3392.  
  3393. amap v5.4 finished at 2017-02-12 20:45:03
  3394.  
  3395. ###########################################################################################
  3396.  
  3397. cd /pentest/enumeration/www/httprint/linux
  3398. ./httprint -h www.oldyoungfuck.net -s signatures.txt -P0
  3399.  
  3400. ./Recon.sh: ligne 90 : cd: /pentest/enumeration/www/httprint/linux: Aucun fichier ou dossier de ce type
  3401. ./Recon.sh: ligne 91: ./httprint: Aucun fichier ou dossier de ce type
  3402.  
  3403. ###########################################################################################
  3404. +] using maximum random delay of 10 millisecond(s) between requests
  3405.  
  3406. ftp.oldyoungfuck.net
  3407. IP address #1: 83.149.124.211
  3408.  
  3409. mail.oldyoungfuck.net
  3410. IP address #1: 83.149.124.211
  3411.  
  3412. pop.oldyoungfuck.net
  3413. IP address #1: 83.149.124.211
  3414.  
  3415. th.oldyoungfuck.net
  3416. IP address #1: 83.149.124.211
  3417.  
  3418. www.oldyoungfuck.net
  3419. IP address #1: 83.149.124.211
  3420.  
  3421. [+] 5 (sub)domains and 5 IP address(es) foun
  3422. +] Hosts found in search engines:
  3423. ------------------------------------
  3424. [-] Resolving hostnames IPs...
  3425. 83.149.124.211:mail.oldyoungfuck.net
  3426. 83.149.124.211:www.oldyoungfuck.net
  3427. [+] Virtual hosts:
  3428. ==================
  3429. 83.149.124.211  rapenow
  3430. 83.149.124.211  theforced
  3431. 83.149.124.211  theraped
  3432. 83.149.124.211  therapesex
  3433. 83.149.124.211  thescreams.net
  3434. 83.149.124.211  ravishment.net
  3435. 83.149.124.211  therape.net
  3436. 83.149.124.211  www.asianrape
  3437. 83.149.124.211  www.rapetube
  3438. 83.149.124.211  teen-sex
  3439. 83.149.124.211  www.sexteenstube
  3440. 83.149.124.211  forced-tube
  3441. 83.149.124.211  bondageorgies
  3442. 83.149.124.211  sexmom
  3443. 83.149.124.211  incest-porn
  3444. 83.149.124.211  www.cruelrape
  3445. 83.149.124.211  www.family-sex
  3446. 83.149.124.211  www.incest
  3447. 83.149.124.211  www.oldyoungfuck.net
  3448. 83.149.124.211  momsfuck.me
  3449. 83.149.124.211  bondageorgies.com
  3450. 83.149.124.211  rapedvideo.com
  3451. 83.149.124.211  asianrape.net
  3452. 83.149.124.211  teen-sex.tv
  3453. 83.149.124.211  rapetube.tv
  3454. 83.149.124.211  www.rarebdsm.com
  3455. 83.149.124.211  mom-fuck.net
  3456. 83.149.124.211  momsfuck.me
  3457. 83.149.124.211  family-sex.org
  3458. 83.149.124.211  young-porn.tv
  3459. 83.149.124.211  teen-porn.biz
  3460. 83.149.124.211  sexmom.tv
  3461. 83.149.124.211  www.teen-tube
  3462. 83.149.124.211  sexymomporn
  3463. ---------------------------------------------------------------------------
  3464. + Target IP:          83.149.124.211
  3465. + Target Hostname:    oldyoungfuck.net
  3466. + Target Port:        80
  3467. + Start Time:         2017-02-12 20:43:00 (GMT-5)
  3468. ---------------------------------------------------------------------------
  3469. + Server: nginx
  3470. + Retrieved x-powered-by header: PHP/5.4.34
  3471. + The anti-clickjacking X-Frame-Options header is not present.
  3472. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  3473. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  3474. + Server leaks inodes via ETags, header found with file /cgi-bin/, inode: 1183522, size: 1240, mtime: Sun Feb  8 03:44:35 2015
  3475. + Multiple index files found: /index.html, /index.php
  3476. + Allowed HTTP Methods: GET, HEAD, POST
  3477. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  3478. + Cookie PHPSESSID created without the httponly flag
  3479. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  3480. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  3481. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  3482. + OSVDB-3092: /data/: This might be interesting...
  3483. + OSVDB-3268: /icons/: Directory indexing found.
  3484. + OSVDB-3233: /icons/README: Apache default file found.
  3485. + Uncommon header 'got-member' found, with contents: xxxmompussy.com (http://www.xxxmompussy.com/)
  3486. + Uncommon header 'current-click' found, with contents: 1
  3487. + Uncommon header 'traffic-trade' found, with contents: Sending to trade
  3488. + Uncommon header 'x-current-click' found, with contents: nocookie
  3489. + Uncommon header 'traffic-sell-x' found, with contents: check nocookie sell_skim = 0
  3490. + Uncommon header 'cache-cookie-set-vs' found, with contents: xxxmompussy.com| (1)
  3491. + Uncommon header 'select-trade' found, with contents: xxxmompussy.com,teen-porn.biz,seeteenporn.com,teen-sex.tv,originalmaturetube.com,milfporn.biz,upmatureporn.com,milfstube.biz,maturevideos.site,naked-moms.org,maturesporn.org,fuckedmom.net,matureporn.pro,momsporn.tv,momtube.club,milfsex.biz,asianmatures.net,asianmilfs.biz,longmilfsex.com,sexymomporn.net,yourmatures.com,momslut.net,upmomtube.com,milfsex.pro,momsex.xyz,wetmaturesex.com,youngsex.org,milfsexfun.com,sex-mom-sex.com,wowmilfporn.com,shyteentube.com,vipmomfuck.com,sexyoungsex.com,sexteenstube.net,maturetubeporn.xyz,wildteenstube.com,maturehdvids.com,hotmatureclips.com,finemomtube.com,sexymature69.com,americanmommy.net,onlymomporn.com,motherpornvideos.com,bustymom.org,morematuretube.com,royalmatureporn.com,wildmaturetube.com,momxxxass.com,fuckmaturevideos.com,momsex.biz,wildmaturesex.com,upmaturesex.com,xxxteenfilms.com,wowyoungsex.com,porncortex.com,sonwithmom.com,perfectgirls.net,cuckoldplacetube.com,milfmovies.tv,sexymoms.tv,22hub.com,dadfuckdaughterporn.com,maturesladies.com,fuckingfreeporn.com,maturewithboy.com,originalteentube.com,mypornfox.com,ultrateengirls.com,teen-tube.org,incestvideo.net,daddyfucks.net,momsandlovers.com,mom-fuck.net,teenpornjizz.com,godteenporn.com,smoothteentube.com,primemomsex.com,momsexlovers.com,youngsex.adult,stepmom-porn.com,youngtube.me,maturespornvideo.com,youngpornvideos.me,dadfuckdaughtermovies.com,mom-porn.com,mom-son-porn.com,sexymilfsporn.net,hotmilfpussytube.com,freeyoungvideos.com,xxxmaturevideos.com,youngmomporn.com,youngfamilysex.com,cumshotlist.com,free-teen-porn.org,younginporn.com,motherfuckboy.com,realteenfuck.com,russianold.com,grannyseducesboy.com,oldxv.com,babe2.sexy,momsfuckyoung.com,teenporntube.pro,mutterficktsohn.com,raped-moms.com,orgymoms.com,lildaughter.com,teenfuckhd.com,maturewomenporn.org,18xxxvideo.com,wowmomsex.com,granny1.net,milf-hot.com,hqmommy.com,hdincest.org,hairymom.sexy,hdpornvideoz.com,dostube.com,mommypornvideos.com,ultrayoungtube.com,bbwmom.com,maturegrandmother.com,young-sex-videos.com,mompornpleasure.com,littlegirlsanal.com,naughtymomfucks.com,teen-porn-videos.net,topmaturevideos.com,ultrateenporn.com,sexmom.tv,sexmomsex.com,mature-videos.net,youngporn.pro,funteensex.com,ultrateensex.com,megayoungtube.com,teensexytube.net,omatures.com,youngpornme.com,teentubeme.com,niceteenvideos.com,sluttymothers.net,youngsex.club,nastyteentube.com,playyoungtube.com,teenagedporn.com,upteentube.com,allteenfuck.com,youngchinesesex.com,teenass.sex,momsex.pro,freeteentube.tv,youngtubemovies.com,freemomboy.com,deviantmom.com,18nudeteens.net,momsonmom.com,ultramother.com,ukgrandma.com,motherseducesyoung.com,motherboyporn.com,youngsex.sex,motherxxxvideos.com,momneedson.com,maturetits.tv,teensporngallery.com,mothersonsexxx.com,porntube247.com,teenscreampie.com,teenpussy.tv,maturehdsex.com,perversemother.com,momsexattack.com,sex-orgy.net,teentube.pro,wetmaturepussy.com,teen-sex.pro,themomsex.com,dadsandgirls.org,tryteenstube.com,longmatureporn.com,meatyteens.com,fm959.net,msxxx.net,oldph.com,oldxh.com,sexmom.eu,sh-dm.net,xxxfa.com,18tube.xxx,milf2.sexy,msporn.net,tube18.sex,xteenx.com,3fucked.com,faptube.xxx,gfcrush.com,hdmilfs.xxx,hnntube.com,hot-milf.me,hotmom.sexy,hqyoung.com,lil19yo.com,mature3.com,mom-fuck.me,momfuck.biz,momsexx.com,oufsexe.com,rumporn.com,skupaut.biz,te-teen.com,teenporn.lu,tubemix.top,tubered.top,xxxporn.bid,familysex.me,hdteensex.tv,lerochka.com,lovedmom.com,mature66.com,milfsporn.tv,momandson.tv,momasian.com,momboysex.cc,mominsex.net,momxfuck.com,porn2018.com,pornreal.top,quinporn.com,sexhdxxx.com,slutdump.com,teen-fuck.pw,teen-porn.me,teen-porn.tv,teensxxx.pro,tubeteen.top,ubuntuci.org,18girlsex.net,18teenvid.com,8teen-sex.com,boymother.com,bustymilf.org,daddyfucks.me,familyporn.co,firstfuck.biz,freehqsex.com,freeporno.xxx,hdteenporn.tv,hotmomfuck.me,hotmomporn.eu,hqteenass.com,justatube.com,lustylist.com,matureporn.me,maturesex.red,mom-pussy.com,mom-taboo.com,mom-tube.sexy,momfuckson.tv,mommytube.xyz,momporntv.com,moms-porn.biz,moms-sons.com,momsporno.net,mypornmom.com,mysexmoms.com,newsexxxx.com,spymature.com,teen-sex.name,teenaxual.com,teenbabes.top,teenersex.net,teensex77.com,the-mommy.com,theemosex.com,tinypussy.biz,tubeadult.top,tubesporn.top,virginsex.biz,wankytube.com,xxxmomboy.com,18girlssex.com,18teenfuck.net,18tubefuck.com,8teen-vids.com,aged-w0man.com,alohateens.com,asteenporn.com,ateensporn.com,bigteentube.me,crazy-fuck.com,dirtyteens.top,fuck-milfs.com,fuck18teen.com,girlstaboo.com,hddsexporn.com,hdpornteen.net,hotmomfuck.net,inteenporn.com,jerkwithme.com,justmomsex.com,maturedump.com,maturesgal.com,maturexxx8.com,milf-porn.sexy,momandmilf.com,mombangboy.com,momboyporn.org,momloveson.com,mommyfucks.org,momneedboy.com,momsexporn.net,momsextube.xxx,momsononly.com,momsonorgy.com,momsonsexx.com,momwantboy.com,momwantson.com,motherfuck.org,nicemomsex.com,orgasmlist.com,plentytube.com,porn-mature.me,porn-young.net,pornsearch.top,pornsonmom.com,sex-teenie.com,sexwithmom.net,sexybition.com,sexytigger.com,stepmomboy.com,teen-pussy.org,teenageporn.tv,teenontube.com,teens-sexy.pro,teens-tube.pro,teensfucks.com,teentube18.net,teenwhores.top,theindecent.me,tubersteen.net,vipmomporn.com,worldoftgp.com,wowteenass.com,xgirlsporn.com,xteenclips.com,xxxteenxxx.net,18pornvideo.com,19teenmovie.com,amteensporn.com,angrymomsex.com,boobsmature.net,dream-filth.com,fapteentube.com,freehotteen.com,freemomtube.net,fuck-vagina.com,fuckablemom.com,girlsporn18.net,grannymommy.com,hdmaturesex.net,lolteentube.com,longmomporn.com,mature-mom.porn,mature-porn.xxx,maturecunts.net,maturespussy.me,maturetaboo.net,milf-pornos.xxx,milfrussian.com,mom-son-sex.com,momgangbang.net,mommy-taboo.com,momperverse.com,mompornclub.com,momsextubea.com,nakedmature.net,naughtym0ms.com,nicexvideos.com,nudeteenporn.me,orangeteens.com,pornmovie43.com,realcamtube.com,realgirlsex.com,teenfaptube.com,teeniestube.net,teenpornone.com,teentube-18.com,topteenfuck.com,tryteenfuck.com,vipteenfuck.com,xporn-clips.com,xxxyoungsex.net,young-porn.name,young-teens.com,18schoolgirlz.me,18teen-girls.com,24pornvideos.com,amateurtube.name,boyandmature.com,breedingmoms.com,familysex.online,fuckmywifetv.com,hot-teenporn.com,hotmilfvideo.com,hotnudeteens.top,hqteenpornos.com,kingsofteens.com,lovedgrandma.com,loveteenporn.com,maturehqporn.com,maturesnaked.com,melonsmature.com,milfhdvideos.com,mom-son-porn.org,momandsonsex.org,moms-and-son.com,momsonincest.com,momsonlovers.com,momsonvideos.com,mymatureporn.pro,naked-mother.com,nakedteentub.com,newteenstube.com,niceteentube.com,nudeteenvids.pro,pornoteenxxx.net,primeteensex.com,realcamteens.com,sex-with-mom.com,sexmomandson.org,sexteenclips.net,sexteenmodel.net,sexvideoshot.com,stepmomtaboo.com,sweetmomtube.com,teen-tube-19.com,teen-tubster.com,teenfucklive.com,teenporncave.com,teenpornporn.com,teens-kitten.com,teensexclips.top,teensextube.name,teensextubez.com,teenshottube.com,teenshottube.net,teenstubesex.com,teensxxxtube.com,wellteenporn.com,xnxxteenporn.com,youngpornhdv.com,youngteensex.top,youngxxxtube.net,youngxxxvidz.com,adultpornfile.com,freeteenanal8.com,fuckedbydaddy.com,fuckmomvideos.com,fuckteenshere.com,fuckthathussy.com,hotmatureanal.com,hotmatureporn.net,hotmomsonporn.com,hotmomxxxtube.com,hotmotherfuck.com,hotyoungteens.top,hqteensvideo8.com,hugetitsfiles.com,jizzteenpussy.com,mature-lovely.com,maturebritish.com,maturecuckold.net,maturefatporn.com,maturefilmxxx.com,maturewithson.com,milfadultporn.com,modelukraines.com,momfuckvirgin.com,mommysextubes.com,momsxxxvideos.com,motherfreesex.org,motherfuckson.org,motherneedsex.com,olderfuckteen.com,oldtightpussy.com,pornmomvideos.com,pornoxxxteens.com,pornvideo-box.com,realteensporn.net,sexmaturetube.net,sexnakedteens.com,sexynudeteens.pro,sexyoldmother.net,sexyteen-porn.com,teenpornclips.top,teenporncloud.com,teentubebitch.com,videochatenhd.com,xhamstervideo.org,xnxxmothersex.org,xxxmilfsclips.com,xxxwifevideos.com,youngteenporn.org,youngteensxxx.com,youngtitstube.com,bestteenpalace.com,british-mature.com,familyfucktube.com,free-milf-porn.com,freeporntube.space,freeteens-tube.com,grannybigboobs.com,hardcoremature.net,hot-xxx-videos.com,hotmaturetubes.net,hotnude18teens.pro,iknowthatteens.com,likematureporn.com,madmaturewomen.com,mature-gallery.com,maturesextubea.com,maturesexywife.com,maturevideosex.com,maturewifetube.net,momboypleasure.com,mommyfucksonny.com,momporntubecom.com,mompornvideos8.com,mother-sextube.com,mothercreampie.com,mothersontaboo.com,nakedfreeteens.com,nudeteenvideos.top,oldmenfuckteen.com,oldpussyfucked.com,pornteensclips.com,pussypornlinks.com,riskyteenvideo.com,russianmomporn.com,scandalmothers.com,sexy-teen-porn.com,sexynakedgirls.xyz,sexyteenmovies.pro,teen-xxx-girls.com,teenpornhdtube.com,teenporntitans.com,teentubevideos.com,xxvideospornos.com,youngpussyvids.com,youngsexyteens.pro,youngteensfuck.pro,youngteensnude.top,18teenfuckmovie.com,allcategorytube.com,fantasies-girls.com,granniecreampie.com,hot-mature-moms.com,hotteensfucking.pro,mature-wild-sex.com,model-teenvideo.com,mothersfuckboys.com,nakedgirlsclips.com,nakedgirlsholes.com,pornoteenmovies.com,roughmatureporn.com,seematurevideos.com,sexyteensonline.com,supermaturefuck.com,taboofamilyporn.com,teenspornoclips.com,teenspornovideo.com,uncensoredteens.org,wetperfectgirls.com,young-teen-porn.net,afterschoolteens.com,college-teen-sex.com,collegeteenporno.com,cuckoldfuckclips.com,deflorationyoung.com,extremenudegirls.com,free-grandmother.com,free-mature-porn.com,grandmothertaboo.com,mature-sex-video.com,maturewomenyoung.com,naked-teens-porn.com,realteencreampie.com,sexywifeporntube.com,uncensoredmother.com,8maturepornmovies.com,mature-porn-sites.com,maturefreesextube.com,momandsonsexvideo.org,teen-hardcore-sex.net,fuckingteenpussyhd.com,mature-granny-porn.com,youngteensexvideos.top,taboo-family-thumbs.com,8maturefuckingmovies.com,free-mature-porn-videos.com,mature8.com,mom-fuck.com,teenhatefucked.com,wildmomporn.com,upteensex.com,playyoungsex.com,amateur-teen.xyz,holloporn.com,slutteensex.com,upyoungporn.com,teenagedtube.com,hqyoungpussy.com,newteenass.com,family-sex.org,teensfuck.xyz,tryteengirls.com,madmomtube.com,maturesexfun.com,incest-porn.org,teen-porn.name,megateenstube.com,young-tube.org,wowteensex.com,nudeteenshub.com,playteentube.com,teen-tube.tv,seeteenvideos.com,teensextube.pro,yourteenporn.com,teensexass.com,teenassclips.com,upyoungtube.com,youngfuck.xyz,madurasmature.net,teenfuckclips.com,teenyqueens.com,madyoungtube.com,easyteenporn.com,asianteentube.org,young-porn.tv,free-maturesex.com,free-momsex.com,mom-sextube.com,moviesmoms.net,fullyoungsex.com,xmaturefucks.com,freeteenworld.com,ateenssex.com,asipornteens.com,18pussyporn.com,analmature.net,momfuckjunior.com,wetyoungporn.com,momboyfree.com,dream-fuck.com,mysexymommy.com,dadstrydaughters.com,familyfuck.online,outporno.com,teenamporn.com,goldnakedgirls.com,maturetags.com,maturewithyoung.com,hardyoungporn.com,maturep.com,russianteensporn.com,realteensporn.com,matpor.com,hqteensexclub.com,perversemom.com,lil18girl.com,cucksandbulls.com,mommyporntubes.com,momsfucktube.net,boywantmom.com,rudeteenporn.com..(2430)..677
  3492. + Uncommon header 'x-current-trader' found, with contents: nocookie
  3493. + Uncommon header 'x-setting-skimming' found, with contents: 30
  3494. + Uncommon header 'cache-cookie-set-to' found, with contents: |xxxmompussy.com (1)
  3495. + Uncommon header 'rand' found, with contents: 562 (2430)
  3496. + Uncommon header 'script-group' found, with contents: pbf (q: 3) (97 100) (70, 15, 15)
  3497. + Uncommon header 'field set' found, with contents: No traders so this set, change it to main
  3498. + Uncommon header 'x-cookie-engine' found, with contents: cache
  3499. + Cookie from created without the httponly flag
  3500. + Cookie lfrom created without the httponly flag
  3501. + Cookie idcheck created without the httponly flag
  3502. + Cookie vs created without the httponly flag
  3503. + 8256 requests: 0 error(s) and 33 item(s) reported on remote host
  3504. + End Time:           2017-02-12 21:53:12 (GMT-5) (4212 seconds)
  3505. ---------------------------------------------------------------------------
RAW Paste Data
Pastebin PRO Autumn Special!
Get 40% OFF on Pastebin PRO accounts!
Top