Advertisement
Guest User

Anonymous JTSEC #OpSudan Full Recon #8

a guest
Feb 13th, 2019
3,288
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 78.52 KB | None | 0 0
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Nom de l'hôte www.agricmi.gov.sd FAI NICDC
  4. Continent Afrique Drapeau
  5. SD
  6. Pays Soudan Code du pays SD
  7. Région Inconnu Heure locale 14 Feb 2019 02:46 CAT
  8. Ville Inconnu Code Postal Inconnu
  9. Adresse IP 62.12.105.2 Latitude 15
  10. Longitude 30
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > www.agricmi.gov.sd
  14. Server: 38.132.106.139
  15. Address: 38.132.106.139#53
  16.  
  17. Non-authoritative answer:
  18. Name: www.agricmi.gov.sd
  19. Address: 62.12.105.2
  20. >
  21. #######################################################################################################################################
  22. HostIP:62.12.105.2
  23. HostName:www.agricmi.gov.sd
  24.  
  25. Gathered Inet-whois information for 62.12.105.2
  26. ---------------------------------------------------------------------------------------------------------------------------------------
  27.  
  28.  
  29. inetnum: 62.12.96.0 - 62.12.127.255
  30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  31. descr: IPv4 address block not managed by the RIPE NCC
  32. remarks: ------------------------------------------------------
  33. remarks:
  34. remarks: For registration information,
  35. remarks: you can consult the following sources:
  36. remarks:
  37. remarks: IANA
  38. remarks: http://www.iana.org/assignments/ipv4-address-space
  39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
  40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
  41. remarks:
  42. remarks: AFRINIC (Africa)
  43. remarks: http://www.afrinic.net/ whois.afrinic.net
  44. remarks:
  45. remarks: APNIC (Asia Pacific)
  46. remarks: http://www.apnic.net/ whois.apnic.net
  47. remarks:
  48. remarks: ARIN (Northern America)
  49. remarks: http://www.arin.net/ whois.arin.net
  50. remarks:
  51. remarks: LACNIC (Latin America and the Carribean)
  52. remarks: http://www.lacnic.net/ whois.lacnic.net
  53. remarks:
  54. remarks: ------------------------------------------------------
  55. country: EU # Country is really world wide
  56. admin-c: IANA1-RIPE
  57. tech-c: IANA1-RIPE
  58. status: ALLOCATED UNSPECIFIED
  59. mnt-by: RIPE-NCC-HM-MNT
  60. created: 2019-01-07T10:46:54Z
  61. last-modified: 2019-01-07T10:46:54Z
  62. source: RIPE
  63.  
  64. role: Internet Assigned Numbers Authority
  65. address: see http://www.iana.org.
  66. admin-c: IANA1-RIPE
  67. tech-c: IANA1-RIPE
  68. nic-hdl: IANA1-RIPE
  69. remarks: For more information on IANA services
  70. remarks: go to IANA web site at http://www.iana.org.
  71. mnt-by: RIPE-NCC-MNT
  72. created: 1970-01-01T00:00:00Z
  73. last-modified: 2001-09-22T09:31:27Z
  74. source: RIPE # Filtered
  75.  
  76. % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
  77.  
  78.  
  79.  
  80. Gathered Inic-whois information for agricmi.gov.sd
  81. ---------------------------------------------------------------------------------------------------------------------------------------
  82. Error: Unable to connect - Invalid Host
  83. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  84. close error
  85.  
  86. Gathered Netcraft information for www.agricmi.gov.sd
  87. ---------------------------------------------------------------------------------------------------------------------------------------
  88.  
  89. Retrieving Netcraft.com information for www.agricmi.gov.sd
  90. Netcraft.com Information gathered
  91.  
  92. Gathered Subdomain information for agricmi.gov.sd
  93. ---------------------------------------------------------------------------------------------------------------------------------------
  94. Searching Google.com:80...
  95. HostName:www.agricmi.gov.sd
  96. HostIP:62.12.105.2
  97. Searching Altavista.com:80...
  98. Found 1 possible subdomain(s) for host agricmi.gov.sd, Searched 0 pages containing 0 results
  99.  
  100. Gathered E-Mail information for agricmi.gov.sd
  101. ---------------------------------------------------------------------------------------------------------------------------------------
  102. Searching Google.com:80...
  103. Searching Altavista.com:80...
  104. Found 0 E-Mail(s) for host agricmi.gov.sd, Searched 0 pages containing 0 results
  105.  
  106. Gathered TCP Port information for 62.12.105.2
  107. ---------------------------------------------------------------------------------------------------------------------------------------
  108.  
  109. Port State
  110.  
  111. 21/tcp open
  112. 80/tcp open
  113. 110/tcp open
  114. 143/tcp open
  115.  
  116. Portscan Finished: Scanned 150 ports, 4 ports were in state closed
  117. #######################################################################################################################################
  118. [i] Scanning Site: http://www.agricmi.gov.sd
  119.  
  120.  
  121.  
  122. B A S I C I N F O
  123. =======================================================================================================================================
  124.  
  125.  
  126. [+] Site Title: الصــــفــحة الرئيســية
  127. [+] IP address: 62.12.105.2
  128. [+] Web Server: Could Not Detect
  129. [+] CMS: Joomla
  130. [+] Cloudflare: Not Detected
  131. [+] Robots File: Found
  132.  
  133. -------------[ contents ]----------------
  134. # If the Joomla site is installed within a folder such as at
  135. # e.g. www.example.com/joomla/ the robots.txt file MUST be
  136. # moved to the site root at e.g. www.example.com/robots.txt
  137. # AND the joomla folder name MUST be prefixed to the disallowed
  138. # path, e.g. the Disallow rule for the /administrator/ folder
  139. # MUST be changed to read Disallow: /joomla/administrator/
  140. #
  141. # For more information about the robots.txt standard, see:
  142. # http://www.robotstxt.org/orig.html
  143. #
  144. # For syntax checking, see:
  145. # http://www.sxw.org.uk/computing/robots/check.html
  146.  
  147. User-agent: *
  148. Disallow: /administrator/
  149. Disallow: /cache/
  150. Disallow: /cli/
  151. Disallow: /components/
  152. Disallow: /images/
  153. Disallow: /includes/
  154. Disallow: /installation/
  155. Disallow: /language/
  156. Disallow: /libraries/
  157. Disallow: /logs/
  158. Disallow: /media/
  159. Disallow: /modules/
  160. Disallow: /plugins/
  161. Disallow: /templates/
  162. Disallow: /tmp/
  163.  
  164.  
  165. -----------[end of contents]-------------
  166.  
  167.  
  168.  
  169.  
  170. G E O I P L O O K U P
  171. =======================================================================================================================================
  172.  
  173. [i] IP Address: 62.12.105.2
  174. [i] Country: Sudan
  175. [i] State:
  176. [i] City:
  177. [i] Latitude: 15.0
  178. [i] Longitude: 30.0
  179.  
  180.  
  181.  
  182.  
  183. H T T P H E A D E R S
  184. =======================================================================================================================================
  185.  
  186.  
  187. [i] HTTP/1.1 200 OK
  188. [i] Date: Thu, 14 Feb 2019 00:19:49 GMT
  189. [i] Content-Type: text/html; charset=utf-8
  190. [i] X-Powered-By: PHP/5.4.16
  191. [i] P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  192. [i] Cache-Control: no-cache
  193. [i] Pragma: no-cache
  194. [i] Set-Cookie: 650a76b3bacb69cb3de623bd53c0ffc7=rpr2mdllop5m60eo2jlq1v21v6; path=/
  195. [i] X-Powered-By: PleskLin
  196. [i] Connection: close
  197.  
  198.  
  199.  
  200.  
  201. D N S L O O K U P
  202. =======================================================================================================================================
  203.  
  204. agricmi.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
  205. agricmi.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  206. agricmi.gov.sd. 21599 IN A 62.12.105.2
  207. agricmi.gov.sd. 21599 IN MX 10 mail.agricmi.gov.sd.
  208. agricmi.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  209.  
  210.  
  211.  
  212.  
  213. S U B N E T C A L C U L A T I O N
  214. =======================================================================================================================================
  215.  
  216. Address = 62.12.105.2
  217. Network = 62.12.105.2 / 32
  218. Netmask = 255.255.255.255
  219. Broadcast = not needed on Point-to-Point links
  220. Wildcard Mask = 0.0.0.0
  221. Hosts Bits = 0
  222. Max. Hosts = 1 (2^0 - 0)
  223. Host Range = { 62.12.105.2 - 62.12.105.2 }
  224.  
  225.  
  226.  
  227. N M A P P O R T S C A N
  228. =======================================================================================================================================
  229.  
  230.  
  231. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 01:17 UTC
  232. Nmap scan report for agricmi.gov.sd (62.12.105.2)
  233. Host is up (0.17s latency).
  234. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  235. PORT STATE SERVICE
  236. 21/tcp filtered ftp
  237. 22/tcp filtered ssh
  238. 23/tcp filtered telnet
  239. 80/tcp filtered http
  240. 110/tcp filtered pop3
  241. 143/tcp filtered imap
  242. 443/tcp filtered https
  243. 3389/tcp filtered ms-wbt-server
  244.  
  245. Nmap done: 1 IP address (1 host up) scanned in 10.74 seconds
  246. #######################################################################################################################################
  247. [?] Enter the target: example( http://domain.com )
  248. http://www.agricmi.gov.sd/
  249. [!] IP Address : 62.12.105.2
  250. [!] www.agricmi.gov.sd doesn't seem to use a CMS
  251. [+] Honeypot Probabilty: 0%
  252. ---------------------------------------------------------------------------------------------------------------------------------------
  253. [~] Trying to gather whois information for www.agricmi.gov.sd
  254. [+] Whois information found
  255. [-] Unable to build response, visit https://who.is/whois/www.agricmi.gov.sd
  256. ---------------------------------------------------------------------------------------------------------------------------------------
  257. PORT STATE SERVICE
  258. 21/tcp filtered ftp
  259. 22/tcp filtered ssh
  260. 23/tcp filtered telnet
  261. 80/tcp filtered http
  262. 110/tcp filtered pop3
  263. 143/tcp filtered imap
  264. 443/tcp filtered https
  265. 3389/tcp filtered ms-wbt-server
  266. Nmap done: 1 IP address (1 host up) scanned in 13.75 seconds
  267. ---------------------------------------------------------------------------------------------------------------------------------------
  268. There was an error getting results
  269.  
  270. [-] DNS Records
  271. [>] Initiating 3 intel modules
  272. [>] Loading Alpha module (1/3)
  273. [>] Beta module deployed (2/3)
  274. [>] Gamma module initiated (3/3)
  275.  
  276.  
  277. [+] Emails found:
  278. ---------------------------------------------------------------------------------------------------------------------------------------
  279. No hosts found
  280. [+] Virtual hosts:
  281. ---------------------------------------------------------------------------------------------------------------------------------------
  282. #######################################################################################################################################
  283. Enter Address Website = agricmi.gov.sd
  284.  
  285.  
  286. Reverse IP With YouGetSignal 'agricmi.gov.sd'
  287. ---------------------------------------------------------------------------------------------------------------------------------------
  288.  
  289. [*] IP: 62.12.105.2
  290. [*] Domain: agricmi.gov.sd
  291. [*] Total Domains: 5
  292.  
  293. [+] agricmi.gov.sd
  294. [+] eastgezira.gov.sd
  295. [+] sudan.gov.sd
  296. [+] unionkhr.sd
  297. [+] www.sudan.gov.sd
  298. #######################################################################################################################################
  299. Geo IP Lookup 'agricmi.gov.sd'
  300. ---------------------------------------------------------------------------------------------------------------------------------------
  301.  
  302. [+] IP Address: 62.12.105.2
  303. [+] Country: Sudan
  304. [+] State:
  305. [+] City:
  306. [+] Latitude: 15.0
  307. [+] Longitude: 30.0
  308. #######################################################################################################################################
  309. DNS Lookup 'agricmi.gov.sd'
  310. ---------------------------------------------------------------------------------------------------------------------------------------
  311.  
  312. [+] agricmi.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
  313. [+] agricmi.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  314. [+] agricmi.gov.sd. 21599 IN A 62.12.105.2
  315. [+] agricmi.gov.sd. 21599 IN MX 10 mail.agricmi.gov.sd.
  316. [+] agricmi.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  317. #######################################################################################################################################
  318. Show HTTP Header 'agricmi.gov.sd'
  319. ---------------------------------------------------------------------------------------------------------------------------------------
  320.  
  321. [+] HTTP/1.1 301 Moved Permanently
  322. [+] Server: nginx
  323. [+] Date: Thu, 14 Feb 2019 00:19:36 GMT
  324. [+] Content-Type: text/html
  325. [+] Content-Length: 178
  326. [+] Connection: keep-alive
  327. [+] Location: http://www.agricmi.gov.sd/
  328. [+] X-Powered-By: PleskLin
  329. #######################################################################################################################################
  330. Port Scan 'agricmi.gov.sd'
  331. --------------------------------------------------------------------------------------------------------------------------------------
  332.  
  333.  
  334. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 01:17 UTC
  335. Nmap scan report for agricmi.gov.sd (62.12.105.2)
  336. Host is up (0.17s latency).
  337. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  338. PORT STATE SERVICE
  339. 21/tcp filtered ftp
  340. 22/tcp filtered ssh
  341. 23/tcp filtered telnet
  342. 80/tcp filtered http
  343. 110/tcp filtered pop3
  344. 143/tcp filtered imap
  345. 443/tcp filtered https
  346. 3389/tcp filtered ms-wbt-server
  347.  
  348. Nmap done: 1 IP address (1 host up) scanned in 14.62 seconds
  349. ######################################################################################################################################
  350. Robot.txt 'agricmi.gov.sd'
  351. ---------------------------------------------------------------------------------------------------------------------------------------
  352.  
  353. # If the Joomla site is installed within a folder such as at
  354. # e.g. www.example.com/joomla/ the robots.txt file MUST be
  355. # moved to the site root at e.g. www.example.com/robots.txt
  356. # AND the joomla folder name MUST be prefixed to the disallowed
  357. # path, e.g. the Disallow rule for the /administrator/ folder
  358. # MUST be changed to read Disallow: /joomla/administrator/
  359. #
  360. # For more information about the robots.txt standard, see:
  361. # http://www.robotstxt.org/orig.html
  362. #
  363. # For syntax checking, see:
  364. # http://www.sxw.org.uk/computing/robots/check.html
  365.  
  366. User-agent: *
  367. Disallow: /administrator/
  368. Disallow: /cache/
  369. Disallow: /cli/
  370. Disallow: /components/
  371. Disallow: /images/
  372. Disallow: /includes/
  373. Disallow: /installation/
  374. Disallow: /language/
  375. Disallow: /libraries/
  376. Disallow: /logs/
  377. Disallow: /media/
  378. Disallow: /modules/
  379. Disallow: /plugins/
  380. Disallow: /templates/
  381. Disallow: /tmp/
  382. #######################################################################################################################################
  383. Traceroute 'agricmi.gov.sd'
  384. ---------------------------------------------------------------------------------------------------------------------------------------
  385.  
  386. Start: 2019-02-14T01:17:50+0000
  387. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  388. 1.|-- 45.79.12.201 0.0% 3 1.7 1.2 0.7 1.7 0.5
  389. 2.|-- 45.79.12.0 0.0% 3 0.6 0.7 0.6 0.8 0.1
  390. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.6 1.5 1.3 1.8 0.3
  391. 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 1.6 1.8 1.6 2.0 0.2
  392. 5.|-- be2433.ccr22.mci01.atlas.cogentco.com 0.0% 3 11.6 12.0 11.6 12.4 0.4
  393. 6.|-- be2832.ccr42.ord01.atlas.cogentco.com 0.0% 3 23.8 23.6 23.3 23.8 0.2
  394. 7.|-- be2718.ccr22.cle04.atlas.cogentco.com 0.0% 3 30.2 30.3 30.1 30.4 0.2
  395. 8.|-- be2879.ccr22.alb02.atlas.cogentco.com 0.0% 3 41.4 42.2 41.3 43.9 1.5
  396. 9.|-- be3600.ccr32.bos01.atlas.cogentco.com 0.0% 3 45.8 45.8 45.5 46.0 0.3
  397. 10.|-- be2983.ccr42.lon13.atlas.cogentco.com 0.0% 3 107.6 107.7 107.6 107.8 0.1
  398. 11.|-- be2871.ccr21.lon01.atlas.cogentco.com 0.0% 3 107.9 108.1 107.9 108.4 0.3
  399. 12.|-- expressotelecom.demarc.cogentco.com 0.0% 3 107.4 107.5 107.4 107.6 0.1
  400. 13.|-- 185.153.20.70 0.0% 3 190.9 191.0 190.7 191.4 0.4
  401. 14.|-- 185.153.20.82 0.0% 3 240.5 210.6 190.6 240.5 26.4
  402. 15.|-- 185.153.20.94 0.0% 3 190.6 194.2 190.6 201.6 6.3
  403. 16.|-- 185.153.20.153 0.0% 3 242.9 229.3 222.1 242.9 11.8
  404. 17.|-- 212.0.131.109 0.0% 3 232.3 232.4 232.2 232.8 0.3
  405. 18.|-- 196.202.137.249 0.0% 3 223.9 224.5 223.8 225.9 1.2
  406. 19.|-- 196.202.145.94 0.0% 3 202.3 202.3 202.2 202.3 0.1
  407. 20.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  408. #######################################################################################################################################
  409. Ping 'agricmi.gov.sd'
  410. ---------------------------------------------------------------------------------------------------------------------------------------
  411.  
  412.  
  413. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-14 01:18 UTC
  414. SENT (0.1854s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=1] IP [ttl=64 id=12921 iplen=28 ]
  415. SENT (1.1857s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=2] IP [ttl=64 id=12921 iplen=28 ]
  416. SENT (2.1870s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=3] IP [ttl=64 id=12921 iplen=28 ]
  417. SENT (3.1883s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=4] IP [ttl=64 id=12921 iplen=28 ]
  418.  
  419. Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
  420. Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
  421. Nping done: 1 IP address pinged in 4.19 seconds
  422. #######################################################################################################################################
  423. Page Admin Finder 'agricmi.gov.sd'
  424. ---------------------------------------------------------------------------------------------------------------------------------------
  425.  
  426.  
  427.  
  428. Avilable Links :
  429.  
  430. Find Page >> http://agricmi.gov.sd/administrator/
  431.  
  432. Find Page >> http://agricmi.gov.sd/administrator/index.php
  433. #######################################################################################################################################
  434. ; <<>> DiG 9.11.5-P1-1-Debian <<>> agricmi.gov.sd
  435. ;; global options: +cmd
  436. ;; Got answer:
  437. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38241
  438. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  439.  
  440. ;; OPT PSEUDOSECTION:
  441. ; EDNS: version: 0, flags:; udp: 4096
  442. ;; QUESTION SECTION:
  443. ;agricmi.gov.sd. IN A
  444.  
  445. ;; ANSWER SECTION:
  446. agricmi.gov.sd. 83346 IN A 62.12.105.2
  447.  
  448. ;; Query time: 34 msec
  449. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  450. ;; WHEN: mer fév 13 20:35:36 EST 2019
  451. ;; MSG SIZE rcvd: 59
  452. #######################################################################################################################################
  453. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace agricmi.gov.sd
  454. ;; global options: +cmd
  455. . 85580 IN NS f.root-servers.net.
  456. . 85580 IN NS e.root-servers.net.
  457. . 85580 IN NS g.root-servers.net.
  458. . 85580 IN NS l.root-servers.net.
  459. . 85580 IN NS b.root-servers.net.
  460. . 85580 IN NS i.root-servers.net.
  461. . 85580 IN NS m.root-servers.net.
  462. . 85580 IN NS d.root-servers.net.
  463. . 85580 IN NS j.root-servers.net.
  464. . 85580 IN NS h.root-servers.net.
  465. . 85580 IN NS c.root-servers.net.
  466. . 85580 IN NS a.root-servers.net.
  467. . 85580 IN NS k.root-servers.net.
  468. . 85580 IN RRSIG NS 8 0 518400 20190226220000 20190213210000 16749 . R628FVO9et4X/BNc8EzeiINuM/Xr8cA4DlDRErB80imz2KQF25GDSnLj LHSXEhUv2Dc23IvHPS5IfzYpF+A2fwYKmqEqgnxMPNVszNlsxG4XgENE yCi5LDOao4JUMDpJj9IbsVyxFRLRdkQrvUtJnRMly39WHwgrTR3LR6C+ MwEj1GPQR/PA0YjtJGEQNG9zS78u7HSTKovKX9dv3RG+A1M2jiZWxPHP AHqQR6sisBO9xyVXfwzR4G0eRwHDJFIto7xLv2lG6z949aMBglXRa5fn sUfrryLXinLnZGXY10mZIOfn01CpnFIrxihlX9uIAnq7hW8haFV/fabK plO7fA==
  469. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 35 ms
  470.  
  471. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  472. sd. 172800 IN NS ns1.uaenic.ae.
  473. sd. 172800 IN NS ns2.uaenic.ae.
  474. sd. 172800 IN NS ans1.sis.sd.
  475. sd. 172800 IN NS ans1.canar.sd.
  476. sd. 172800 IN NS ans2.canar.sd.
  477. sd. 172800 IN NS ns-sd.afrinic.net.
  478. sd. 86400 IN NSEC se. NS RRSIG NSEC
  479. sd. 86400 IN RRSIG NSEC 8 1 86400 20190226220000 20190213210000 16749 . pQY4I1sbZFrZUqOzkaQfawsU0HmOhvLWrAHaAvuwK1X4Alx4ubLDiXJN /se+vOsfqTJ2m1SrkwMZ8zpyRcO/9oNKvQgW3pMs4KD5Qga0YanFK+DH XTu0T2a8FLgYQvp2/tiLoJIrZhr6eX5Outdn7RvP5osKZgf9MwkVHEv+ IKkqtGlzwgslXUqPxveyfYF2C9hQpsFSc4LVeQVsw/Ak7GGY4Z02YEoV LPNx7JAolNNLtYY+N2yLoUQV3g3DI7rMrIB8dHsp6MuWZTxkd83xf+q7 S9gX4WRctaW88L3+qlaMUCw3hSYwzk6E/IRoX5nZItHoX/aYU/jb9q+I Dkwj7g==
  480. ;; Received 701 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 44 ms
  481.  
  482. agricmi.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
  483. agricmi.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
  484. ;; Received 115 bytes from 2001:67c:e0::109#53(sd.cctld.authdns.ripe.net) in 105 ms
  485.  
  486. agricmi.gov.sd. 86400 IN A 62.12.105.2
  487. agricmi.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  488. ;; Received 97 bytes from 62.12.109.2#53(ns0.ndc.gov.sd) in 198 ms
  489. #######################################################################################################################################
  490. [*] Performing General Enumeration of Domain: agricmi.gov.sd
  491. [-] DNSSEC is not configured for agricmi.gov.sd
  492. [*] SOA ns0.ndc.gov.sd 62.12.109.2
  493. [*] NS ns0.ndc.gov.sd 62.12.109.2
  494. [*] Bind Version for 62.12.109.2 you guess!
  495. [*] MX mail.agricmi.gov.sd 197.254.200.161
  496. [*] A agricmi.gov.sd 62.12.105.2
  497. [*] TXT agricmi.gov.sd v=spf1 mx -all
  498. [*] Enumerating SRV Records
  499. [-] No SRV Records Found for agricmi.gov.sd
  500. [+] 0 Records Found
  501. #######################################################################################################################################
  502. rocessing domain agricmi.gov.sd
  503. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  504. [+] Getting nameservers
  505. 62.12.109.2 - ns0.ndc.gov.sd
  506. [+] Zone transfer sucessful using nameserver ns0.ndc.gov.sd
  507. agricmi.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
  508. agricmi.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  509. agricmi.gov.sd. 86400 IN A 62.12.105.2
  510. agricmi.gov.sd. 86400 IN MX 10 mail.agricmi.gov.sd.
  511. agricmi.gov.sd. 86400 IN TXT "v=spf1 mx -all"
  512. mail.agricmi.gov.sd. 86400 IN A 197.254.200.161
  513. mail.agricmi.gov.sd. 86400 IN MX 10 mail.agricmi.gov.sd.
  514. webmail.agricmi.gov.sd. 86400 IN CNAME mail.agricmi.gov.sd.
  515. www.agricmi.gov.sd. 86400 IN A 62.12.105.2
  516. #######################################################################################################################################
  517. Ip Address Status Type Domain Name Server
  518. ---------- ------ ---- ----------- ------
  519. 197.254.200.161 host mail.agricmi.gov.sd
  520. 197.254.200.161 alias webmail.agricmi.gov.sd
  521. 197.254.200.161 host mail.agricmi.gov.sd
  522. 62.12.105.2 200 host www.agricmi.gov.sd nginx
  523. #######################################################################################################################################
  524. [+] Testing domain
  525. www.agricmi.gov.sd 62.12.105.2
  526. [+] Dns resolving
  527. Domain name Ip address Name server
  528. agricmi.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
  529. Found 1 host(s) for agricmi.gov.sd
  530. [+] Testing wildcard
  531. Ok, no wildcard found.
  532.  
  533. [+] Scanning for subdomain on agricmi.gov.sd
  534. [!] Wordlist not specified. I scannig with my internal wordlist...
  535. Estimated time about 105.53 seconds
  536.  
  537. Subdomain Ip address Name server
  538.  
  539. www.agricmi.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
  540. #######################################################################################################################################
  541. =======================================================================================================================================
  542. | E-mails:
  543. | [+] E-mail Found: [email protected]
  544. | [+] E-mail Found: [email protected]
  545. | [+] E-mail Found: [email protected]
  546. | [+] E-mail Found: [email protected]
  547. | [+] E-mail Found: [email protected]
  548. =======================================================================================================================================
  549. | External hosts:
  550. | [+] External Host Found: http://httpd.apache.org
  551. =======================================================================================================================================
  552. #######################################################################################################################################
  553. dnsenum VERSION:1.2.4
  554.  
  555. ----- www.agricmi.gov.sd -----
  556.  
  557.  
  558. Host's addresses:
  559. __________________
  560.  
  561. www.agricmi.gov.sd. 83379 IN A 62.12.105.2
  562.  
  563.  
  564. Name Servers:
  565. ______________
  566. #######################################################################################################################################
  567. ===============================================
  568. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  569. ===============================================
  570.  
  571.  
  572. Running Source: Ask
  573. Running Source: Archive.is
  574. Running Source: Baidu
  575. Running Source: Bing
  576. Running Source: CertDB
  577. Running Source: CertificateTransparency
  578. Running Source: Certspotter
  579. Running Source: Commoncrawl
  580. Running Source: Crt.sh
  581. Running Source: Dnsdb
  582. Running Source: DNSDumpster
  583. Running Source: DNSTable
  584. Running Source: Dogpile
  585. Running Source: Exalead
  586. Running Source: Findsubdomains
  587. Running Source: Googleter
  588. Running Source: Hackertarget
  589. Running Source: Ipv4Info
  590. Running Source: PTRArchive
  591. Running Source: Sitedossier
  592. Running Source: Threatcrowd
  593. Running Source: ThreatMiner
  594. Running Source: WaybackArchive
  595. Running Source: Yahoo
  596.  
  597. Running enumeration on www.agricmi.gov.sd
  598.  
  599. dnsdb: Unexpected return status 503
  600.  
  601. ipv4info: <nil>
  602.  
  603.  
  604. Starting Bruteforcing of www.agricmi.gov.sd with 9985 words
  605.  
  606. Total 1 Unique subdomains found for www.agricmi.gov.sd
  607.  
  608. .www.agricmi.gov.sd
  609. #######################################################################################################################################
  610. [+] www.agricmi.gov.sd has no SPF record!
  611. [*] No DMARC record found. Looking for organizational record
  612. [+] No organizational DMARC record
  613. [+] Spoofing possible for www.agricmi.gov.sd!
  614. #######################################################################################################################################
  615. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:40 EST
  616. Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
  617. Host is up (0.17s latency).
  618. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  619. Not shown: 464 filtered ports, 4 closed ports
  620. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  621. PORT STATE SERVICE
  622. 21/tcp open ftp
  623. 80/tcp open http
  624. 110/tcp open pop3
  625. 143/tcp open imap
  626. 443/tcp open https
  627. 993/tcp open imaps
  628. 995/tcp open pop3s
  629. 8443/tcp open https-alt
  630. #######################################################################################################################################
  631. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:40 EST
  632. Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
  633. Host is up (0.023s latency).
  634. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  635. Not shown: 2 filtered ports
  636. PORT STATE SERVICE
  637. 53/udp open|filtered domain
  638. 67/udp open|filtered dhcps
  639. 68/udp open|filtered dhcpc
  640. 69/udp open|filtered tftp
  641. 88/udp open|filtered kerberos-sec
  642. 123/udp open|filtered ntp
  643. 139/udp open|filtered netbios-ssn
  644. 161/udp open|filtered snmp
  645. 162/udp open|filtered snmptrap
  646. 389/udp open|filtered ldap
  647. 520/udp open|filtered route
  648. 2049/udp open|filtered nfs
  649. #######################################################################################################################################
  650. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:40 EST
  651. Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
  652. Host is up.
  653. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  654.  
  655. PORT STATE SERVICE VERSION
  656. 21/tcp filtered ftp
  657. Too many fingerprints match this host to give specific OS details
  658.  
  659. TRACEROUTE (using proto 1/icmp)
  660. HOP RTT ADDRESS
  661. 1 24.19 ms 10.242.200.1
  662. 2 24.35 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  663. 3 44.97 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  664. 4 24.22 ms 82.102.29.44
  665. 5 24.37 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  666. 6 24.23 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  667. 7 93.81 ms 154.54.44.165
  668. 8 99.86 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  669. 9 100.90 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  670. 10 100.95 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  671. 11 100.75 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  672. 12 183.84 ms 185.153.20.70
  673. 13 183.84 ms 185.153.20.82
  674. 14 183.79 ms 185.153.20.94
  675. 15 227.46 ms 185.153.20.153
  676. 16 210.44 ms 212.0.131.109
  677. 17 213.43 ms 196.202.137.249
  678. 18 201.57 ms 196.202.145.94
  679. 19 ... 30
  680. #######################################################################################################################################
  681. wig - WebApp Information Gatherer
  682.  
  683.  
  684. Scanning http://www.agricmi.gov.sd...
  685. ______________________________________________ SITE INFO ______________________________________________
  686. IP Title
  687. 62.12.105.2 الصــــفــحة الرئيســية
  688.  
  689. _______________________________________________ VERSION _______________________________________________
  690. Name Versions Type
  691. Joomla! 2.5.9 CMS
  692. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
  693. 2.4.9
  694. PHP 5.4.16 Platform
  695. nginx Platform
  696. CentOS 7-1511 | 7.0-1406 | 7.1-1503 OS
  697. Red Hat Enterprise Linux RHEL-7.0 | RHEL-7.1 | RHEL-7.2 OS
  698. Scientific Linux 7.0 | 7.1 | 7.2 OS
  699.  
  700. _____________________________________________ INTERESTING _____________________________________________
  701. URL Note Type
  702. /robots.txt robots.txt index Interesting
  703.  
  704. ________________________________________________ TOOLS ________________________________________________
  705. Name Link Software
  706. CMSmap https://github.com/Dionach/CMSmap Joomla!
  707. joomscan http://sourceforge.net/projects/joomscan/ Joomla!
  708.  
  709. _______________________________________________________________________________________________________
  710. Time: 184.8 sec Urls: 807 Fingerprints: 40401
  711. #######################################################################################################################################
  712. HTTP/1.1 200 OK
  713. Server: nginx
  714. Date: Thu, 14 Feb 2019 00:47:16 GMT
  715. Content-Type: text/html; charset=utf-8
  716. Connection: keep-alive
  717. X-Powered-By: PHP/5.4.16
  718. P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  719. Cache-Control: no-cache
  720. Pragma: no-cache
  721. Set-Cookie: 650a76b3bacb69cb3de623bd53c0ffc7=lir99270da5tqhg2hc33rbg990; path=/
  722. X-Powered-By: PleskLin
  723.  
  724. HTTP/1.1 200 OK
  725. Server: nginx
  726. Date: Thu, 14 Feb 2019 00:47:17 GMT
  727. Content-Type: text/html; charset=utf-8
  728. Connection: keep-alive
  729. X-Powered-By: PHP/5.4.16
  730. P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  731. Cache-Control: no-cache
  732. Pragma: no-cache
  733. Set-Cookie: 650a76b3bacb69cb3de623bd53c0ffc7=eci19585ej5rfcr5a32gogmma2; path=/
  734. X-Powered-By: PleskLin
  735. #######################################################################################################################################
  736. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:45 EST
  737. Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
  738. Host is up (0.20s latency).
  739. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  740.  
  741. PORT STATE SERVICE VERSION
  742. 110/tcp open pop3 Dovecot pop3d
  743. | pop3-brute:
  744. | Accounts: No valid accounts found
  745. |_ Statistics: Performed 226 guesses in 197 seconds, average tps: 1.2
  746. |_pop3-capabilities: AUTH-RESP-CODE SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) APOP USER STLS TOP PIPELINING CAPA UIDL RESP-CODES
  747. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  748. Device type: specialized|WAP|general purpose|router
  749. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
  750. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
  751. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
  752. Network Distance: 20 hops
  753. Service Info: Host: fo3-web02.nic.gov.sd
  754.  
  755. TRACEROUTE (using port 443/tcp)
  756. HOP RTT ADDRESS
  757. 1 27.91 ms 10.242.200.1
  758. 2 28.77 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  759. 3 35.55 ms 37.120.128.168
  760. 4 27.90 ms 82.102.29.44
  761. 5 28.32 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  762. 6 28.79 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  763. 7 97.85 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  764. 8 103.41 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  765. 9 105.34 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  766. 10 105.44 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  767. 11 102.14 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  768. 12 185.87 ms 185.153.20.70
  769. 13 185.84 ms 185.153.20.82
  770. 14 185.21 ms 185.153.20.94
  771. 15 196.39 ms 185.153.20.153
  772. 16 ... 17
  773. 18 196.21 ms 196.202.145.94
  774. 19 ...
  775. 20 210.91 ms f03-web02.nic.gov.sd (62.12.105.2)
  776. #######################################################################################################################################
  777. https://www.agricmi.gov.sd [200 OK] Cookies[650a76b3bacb69cb3de623bd53c0ffc7], Email[[email protected]], HTML5, HTTPServer[nginx], IP[62.12.105.2], Joomla[2.5.9], MetaGenerator[Joomla! - Open Source Content Management], PHP[5.4.16,], Plesk[Lin], Script[text/javascript], Title[الصــــفــحة الرئيســية], X-Powered-By[PHP/5.4.16, PleskLin], nginx
  778. #######################################################################################################################################
  779. Version: 1.11.12-static
  780. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  781.  
  782. Connected to 62.12.105.2
  783.  
  784. Testing SSL server www.agricmi.gov.sd on port 443 using SNI name www.agricmi.gov.sd
  785.  
  786. TLS Fallback SCSV:
  787. Server supports TLS Fallback SCSV
  788.  
  789. TLS renegotiation:
  790. Secure session renegotiation supported
  791.  
  792. TLS Compression:
  793. Compression disabled
  794.  
  795. Heartbleed:
  796. TLS 1.2 not vulnerable to heartbleed
  797. TLS 1.1 not vulnerable to heartbleed
  798. TLS 1.0 not vulnerable to heartbleed
  799.  
  800. Supported Server Cipher(s):
  801. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  802. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  803. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  804. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  805. Accepted TLSv1.2 256 bits AES256-SHA256
  806. Accepted TLSv1.2 256 bits AES256-SHA
  807. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  808. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  809. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  810. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  811. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  812. Accepted TLSv1.2 128 bits AES128-SHA256
  813. Accepted TLSv1.2 128 bits AES128-SHA
  814. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  815. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  816. Accepted TLSv1.1 256 bits AES256-SHA
  817. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  818. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  819. Accepted TLSv1.1 128 bits AES128-SHA
  820. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  821. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  822. Accepted TLSv1.0 256 bits AES256-SHA
  823. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  824. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  825. Accepted TLSv1.0 128 bits AES128-SHA
  826. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  827.  
  828. SSL Certificate:
  829. Signature Algorithm: sha256WithRSAEncryption
  830. RSA Key Strength: 2048
  831.  
  832. Subject: Plesk
  833. Issuer: Plesk
  834.  
  835. Not valid before: Apr 20 02:40:27 2016 GMT
  836. Not valid after: Apr 20 02:40:27 2017 GMT
  837. #######################################################################################################################################
  838. --------------------------------------------------------
  839. <<<Yasuo discovered following vulnerable applications>>>
  840. --------------------------------------------------------
  841. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  842. | App Name | URL to Application | Potential Exploit | Username | Password |
  843. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  844. | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
  845. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  846. #######################################################################################################################################
  847. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:35 EST
  848. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  849. Host is up (0.10s latency).
  850. Not shown: 464 filtered ports, 4 closed ports
  851. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  852. PORT STATE SERVICE
  853. 21/tcp open ftp
  854. 80/tcp open http
  855. 110/tcp open pop3
  856. 143/tcp open imap
  857. 443/tcp open https
  858. 993/tcp open imaps
  859. 995/tcp open pop3s
  860. 8443/tcp open https-alt
  861. #######################################################################################################################################
  862. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:35 EST
  863. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  864. Host is up (0.026s latency).
  865. Not shown: 2 filtered ports
  866. PORT STATE SERVICE
  867. 53/udp open|filtered domain
  868. 67/udp open|filtered dhcps
  869. 68/udp open|filtered dhcpc
  870. 69/udp open|filtered tftp
  871. 88/udp open|filtered kerberos-sec
  872. 123/udp open|filtered ntp
  873. 139/udp open|filtered netbios-ssn
  874. 161/udp open|filtered snmp
  875. 162/udp open|filtered snmptrap
  876. 389/udp open|filtered ldap
  877. 520/udp open|filtered route
  878. 2049/udp open|filtered nfs
  879. #######################################################################################################################################
  880. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:35 EST
  881. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  882. Host is up (0.21s latency).
  883.  
  884. PORT STATE SERVICE VERSION
  885. 21/tcp open tcpwrapped
  886. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  887. Device type: specialized|WAP|general purpose|router
  888. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
  889. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
  890. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
  891. Network Distance: 20 hops
  892.  
  893. TRACEROUTE (using port 21/tcp)
  894. HOP RTT ADDRESS
  895. 1 29.44 ms 10.242.200.1
  896. 2 29.50 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  897. 3 33.03 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  898. 4 30.33 ms 82.102.29.44
  899. 5 29.95 ms 38.122.42.161
  900. 6 30.31 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  901. 7 99.50 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  902. 8 105.46 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  903. 9 106.46 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  904. 10 106.47 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  905. 11 99.54 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  906. 12 182.65 ms 185.153.20.70
  907. 13 182.65 ms 185.153.20.82
  908. 14 182.61 ms 185.153.20.94
  909. 15 195.37 ms 185.153.20.153
  910. 16 ... 17
  911. 18 198.14 ms 196.202.145.94
  912. 19 ...
  913. 20 211.83 ms f03-web02.nic.gov.sd (62.12.105.2)
  914. #######################################################################################################################################
  915. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:46 EST
  916. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  917. Host is up.
  918.  
  919. PORT STATE SERVICE VERSION
  920. 67/udp open|filtered dhcps
  921. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  922. Too many fingerprints match this host to give specific OS details
  923.  
  924. TRACEROUTE (using proto 1/icmp)
  925. HOP RTT ADDRESS
  926. 1 27.43 ms 10.242.200.1
  927. 2 27.82 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  928. 3 35.09 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  929. 4 27.46 ms 82.102.29.44
  930. 5 28.04 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  931. 6 28.02 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  932. 7 97.78 ms 154.54.44.165
  933. 8 103.72 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  934. 9 105.12 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  935. 10 105.15 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  936. 11 99.62 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  937. 12 183.66 ms 185.153.20.70
  938. 13 183.33 ms 185.153.20.82
  939. 14 183.37 ms 185.153.20.94
  940. 15 194.88 ms 185.153.20.153
  941. 16 211.49 ms 212.0.131.109
  942. 17 211.46 ms 196.202.137.249
  943. 18 196.21 ms 196.202.145.94
  944. 19 ... 30
  945. #######################################################################################################################################
  946. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:48 EST
  947. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  948. Host is up.
  949.  
  950. PORT STATE SERVICE VERSION
  951. 68/udp open|filtered dhcpc
  952. Too many fingerprints match this host to give specific OS details
  953.  
  954. TRACEROUTE (using proto 1/icmp)
  955. HOP RTT ADDRESS
  956. 1 24.29 ms 10.242.200.1
  957. 2 50.58 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  958. 3 38.79 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  959. 4 24.32 ms 82.102.29.44
  960. 5 24.33 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  961. 6 24.33 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  962. 7 94.93 ms 154.54.44.165
  963. 8 99.68 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  964. 9 100.45 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  965. 10 100.51 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  966. 11 100.13 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  967. 12 183.37 ms 185.153.20.70
  968. 13 183.37 ms 185.153.20.82
  969. 14 183.34 ms 185.153.20.94
  970. 15 196.47 ms 185.153.20.153
  971. 16 209.03 ms 212.0.131.109
  972. 17 208.21 ms 196.202.137.249
  973. 18 196.25 ms 196.202.145.94
  974. 19 ... 30
  975. #######################################################################################################################################
  976. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:50 EST
  977. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  978. Host is up.
  979.  
  980. PORT STATE SERVICE VERSION
  981. 69/udp open|filtered tftp
  982. Too many fingerprints match this host to give specific OS details
  983.  
  984. TRACEROUTE (using proto 1/icmp)
  985. HOP RTT ADDRESS
  986. 1 21.82 ms 10.242.200.1
  987. 2 22.31 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  988. 3 36.85 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  989. 4 22.28 ms 82.102.29.44
  990. 5 22.72 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  991. 6 22.69 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  992. 7 91.88 ms 154.54.44.165
  993. 8 97.70 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  994. 9 99.33 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  995. 10 99.40 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  996. 11 100.12 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  997. 12 183.45 ms 185.153.20.70
  998. 13 183.57 ms 185.153.20.82
  999. 14 183.40 ms 185.153.20.94
  1000. 15 195.67 ms 185.153.20.153
  1001. 16 212.15 ms 212.0.131.109
  1002. 17 208.35 ms 196.202.137.249
  1003. 18 198.15 ms 196.202.145.94
  1004. 19 ... 30
  1005. #######################################################################################################################################
  1006. wig - WebApp Information Gatherer
  1007.  
  1008.  
  1009. Scanning http://62.12.105.2...
  1010. ________________________________________ SITE INFO _________________________________________
  1011. IP Title
  1012. 62.12.105.2 Domain Default page
  1013.  
  1014. _________________________________________ VERSION __________________________________________
  1015. Name Versions Type
  1016. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
  1017. 2.4.9
  1018. nginx Platform
  1019.  
  1020. ____________________________________________________________________________________________
  1021. Time: 1.8 sec Urls: 811 Fingerprints: 40401
  1022. #######################################################################################################################################
  1023. HTTP/1.1 200 OK
  1024. Server: nginx
  1025. Date: Thu, 14 Feb 2019 00:55:38 GMT
  1026. Content-Type: text/html
  1027. Content-Length: 3750
  1028. Connection: keep-alive
  1029. Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
  1030. ETag: "ea6-5649d8e57844b"
  1031. Accept-Ranges: bytes
  1032.  
  1033. HTTP/1.1 200 OK
  1034. Server: nginx
  1035. Date: Thu, 14 Feb 2019 00:55:38 GMT
  1036. Content-Type: text/html
  1037. Content-Length: 3750
  1038. Connection: keep-alive
  1039. Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
  1040. ETag: "ea6-5649d8e57844b"
  1041. Accept-Ranges: bytes
  1042. #######################################################################################################################################
  1043. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:53 EST
  1044. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1045. Host is up (0.21s latency).
  1046.  
  1047. PORT STATE SERVICE VERSION
  1048. 110/tcp open pop3 Dovecot pop3d
  1049. | pop3-brute:
  1050. | Accounts: No valid accounts found
  1051. |_ Statistics: Performed 219 guesses in 196 seconds, average tps: 1.1
  1052. |_pop3-capabilities: TOP CAPA SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) AUTH-RESP-CODE USER STLS PIPELINING RESP-CODES UIDL APOP
  1053. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1054. Device type: general purpose
  1055. Running: Linux 2.6.X
  1056. OS CPE: cpe:/o:linux:linux_kernel:2.6
  1057. OS details: Linux 2.6.18 - 2.6.22
  1058. Network Distance: 20 hops
  1059. Service Info: Host: fo3-web02.nic.gov.sd
  1060.  
  1061. TRACEROUTE (using port 443/tcp)
  1062. HOP RTT ADDRESS
  1063. 1 22.24 ms 10.242.200.1
  1064. 2 47.67 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1065. 3 30.24 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1066. 4 22.51 ms 82.102.29.44
  1067. 5 23.47 ms 38.122.42.161
  1068. 6 23.49 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  1069. 7 92.91 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  1070. 8 99.14 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1071. 9 100.33 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  1072. 10 100.37 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  1073. 11 100.13 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1074. 12 184.08 ms 185.153.20.70
  1075. 13 184.03 ms 185.153.20.82
  1076. 14 184.05 ms 185.153.20.94
  1077. 15 195.08 ms 185.153.20.153
  1078. 16 ... 17
  1079. 18 200.71 ms 196.202.145.94
  1080. 19 ...
  1081. 20 214.71 ms f03-web02.nic.gov.sd (62.12.105.2)
  1082. #######################################################################################################################################
  1083. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:57 EST
  1084. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1085. Host is up.
  1086.  
  1087. PORT STATE SERVICE VERSION
  1088. 123/udp open|filtered ntp
  1089. Too many fingerprints match this host to give specific OS details
  1090.  
  1091. TRACEROUTE (using proto 1/icmp)
  1092. HOP RTT ADDRESS
  1093. 1 22.71 ms 10.242.200.1
  1094. 2 35.56 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1095. 3 40.34 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1096. 4 22.92 ms 82.102.29.44
  1097. 5 23.32 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1098. 6 23.54 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1099. 7 93.04 ms 154.54.44.165
  1100. 8 98.41 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1101. 9 99.80 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1102. 10 99.85 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1103. 11 98.25 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1104. 12 181.85 ms 185.153.20.70
  1105. 13 181.85 ms 185.153.20.82
  1106. 14 181.82 ms 185.153.20.94
  1107. 15 196.11 ms 185.153.20.153
  1108. 16 212.07 ms 212.0.131.109
  1109. 17 210.40 ms 196.202.137.249
  1110. 18 198.63 ms 196.202.145.94
  1111. 19 ... 30
  1112. #######################################################################################################################################
  1113. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:59 EST
  1114. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1115. Host is up (0.21s latency).
  1116.  
  1117. PORT STATE SERVICE VERSION
  1118. 161/tcp filtered snmp
  1119. 161/udp open|filtered snmp
  1120. Too many fingerprints match this host to give specific OS details
  1121.  
  1122. TRACEROUTE (using proto 1/icmp)
  1123. HOP RTT ADDRESS
  1124. 1 22.60 ms 10.242.200.1
  1125. 2 23.22 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1126. 3 37.82 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1127. 4 22.68 ms 82.102.29.44
  1128. 5 23.29 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1129. 6 23.33 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1130. 7 92.65 ms 154.54.44.165
  1131. 8 99.92 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1132. 9 99.99 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1133. 10 100.03 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1134. 11 99.80 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1135. 12 182.45 ms 185.153.20.70
  1136. 13 182.37 ms 185.153.20.82
  1137. 14 182.40 ms 185.153.20.94
  1138. 15 192.72 ms 185.153.20.153
  1139. 16 209.64 ms 212.0.131.109
  1140. 17 209.02 ms 196.202.137.249
  1141. 18 197.35 ms 196.202.145.94
  1142. 19 ... 30
  1143. #######################################################################################################################################
  1144. Version: 1.11.12-static
  1145. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1146.  
  1147. Connected to 62.12.105.2
  1148.  
  1149. Testing SSL server 62.12.105.2 on port 443 using SNI name 62.12.105.2
  1150.  
  1151. TLS Fallback SCSV:
  1152. Server supports TLS Fallback SCSV
  1153.  
  1154. TLS renegotiation:
  1155. Secure session renegotiation supported
  1156.  
  1157. TLS Compression:
  1158. Compression disabled
  1159.  
  1160. Heartbleed:
  1161. TLS 1.2 not vulnerable to heartbleed
  1162. TLS 1.1 not vulnerable to heartbleed
  1163. TLS 1.0 not vulnerable to heartbleed
  1164.  
  1165. Supported Server Cipher(s):
  1166. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  1167. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  1168. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1169. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  1170. Accepted TLSv1.2 256 bits AES256-SHA256
  1171. Accepted TLSv1.2 256 bits AES256-SHA
  1172. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  1173. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  1174. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  1175. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1176. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  1177. Accepted TLSv1.2 128 bits AES128-SHA256
  1178. Accepted TLSv1.2 128 bits AES128-SHA
  1179. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  1180. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1181. Accepted TLSv1.1 256 bits AES256-SHA
  1182. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  1183. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1184. Accepted TLSv1.1 128 bits AES128-SHA
  1185. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  1186. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1187. Accepted TLSv1.0 256 bits AES256-SHA
  1188. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  1189. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1190. Accepted TLSv1.0 128 bits AES128-SHA
  1191. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  1192.  
  1193. SSL Certificate:
  1194. Signature Algorithm: sha256WithRSAEncryption
  1195. RSA Key Strength: 2048
  1196.  
  1197. Subject: Plesk
  1198. Issuer: Plesk
  1199.  
  1200. Not valid before: Apr 20 02:40:27 2016 GMT
  1201. Not valid after: Apr 20 02:40:27 2017 GMT
  1202. #######################################################################################################################################
  1203. --------------------------------------------------------
  1204. <<<Yasuo discovered following vulnerable applications>>>
  1205. --------------------------------------------------------
  1206. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1207. | App Name | URL to Application | Potential Exploit | Username | Password |
  1208. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1209. | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
  1210. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1211. #######################################################################################################################################
  1212. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 21:07 EST
  1213. NSE: Loaded 148 scripts for scanning.
  1214. NSE: Script Pre-scanning.
  1215. NSE: Starting runlevel 1 (of 2) scan.
  1216. Initiating NSE at 21:07
  1217. Completed NSE at 21:07, 0.00s elapsed
  1218. NSE: Starting runlevel 2 (of 2) scan.
  1219. Initiating NSE at 21:07
  1220. Completed NSE at 21:07, 0.00s elapsed
  1221. Initiating Ping Scan at 21:07
  1222. Scanning 62.12.105.2 [4 ports]
  1223. Completed Ping Scan at 21:07, 0.24s elapsed (1 total hosts)
  1224. Initiating Parallel DNS resolution of 1 host. at 21:07
  1225. Completed Parallel DNS resolution of 1 host. at 21:07, 0.02s elapsed
  1226. Initiating Connect Scan at 21:07
  1227. Scanning f03-web02.nic.gov.sd (62.12.105.2) [1000 ports]
  1228. Discovered open port 443/tcp on 62.12.105.2
  1229. Discovered open port 143/tcp on 62.12.105.2
  1230. Discovered open port 110/tcp on 62.12.105.2
  1231. Discovered open port 80/tcp on 62.12.105.2
  1232. Discovered open port 995/tcp on 62.12.105.2
  1233. Discovered open port 993/tcp on 62.12.105.2
  1234. Discovered open port 21/tcp on 62.12.105.2
  1235. Discovered open port 8443/tcp on 62.12.105.2
  1236. Completed Connect Scan at 21:08, 14.79s elapsed (1000 total ports)
  1237. Initiating Service scan at 21:08
  1238. Scanning 8 services on f03-web02.nic.gov.sd (62.12.105.2)
  1239. Completed Service scan at 21:08, 14.43s elapsed (8 services on 1 host)
  1240. Initiating OS detection (try #1) against f03-web02.nic.gov.sd (62.12.105.2)
  1241. Retrying OS detection (try #2) against f03-web02.nic.gov.sd (62.12.105.2)
  1242. WARNING: OS didn't match until try #2
  1243. Initiating Traceroute at 21:08
  1244. Completed Traceroute at 21:08, 6.15s elapsed
  1245. Initiating Parallel DNS resolution of 18 hosts. at 21:08
  1246. Completed Parallel DNS resolution of 18 hosts. at 21:08, 16.51s elapsed
  1247. NSE: Script scanning 62.12.105.2.
  1248. NSE: Starting runlevel 1 (of 2) scan.
  1249. Initiating NSE at 21:08
  1250. NSE Timing: About 98.90% done; ETC: 21:09 (0:00:00 remaining)
  1251. NSE Timing: About 99.54% done; ETC: 21:09 (0:00:00 remaining)
  1252. NSE Timing: About 99.72% done; ETC: 21:10 (0:00:00 remaining)
  1253. NSE Timing: About 99.91% done; ETC: 21:10 (0:00:00 remaining)
  1254. Completed NSE at 21:11, 139.14s elapsed
  1255. NSE: Starting runlevel 2 (of 2) scan.
  1256. Initiating NSE at 21:11
  1257. Completed NSE at 21:11, 0.42s elapsed
  1258. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1259. Host is up, received syn-ack ttl 50 (0.15s latency).
  1260. Scanned at 2019-02-13 21:07:46 EST for 199s
  1261. Not shown: 988 filtered ports
  1262. Reason: 987 no-responses and 1 host-unreach
  1263. PORT STATE SERVICE REASON VERSION
  1264. 21/tcp open tcpwrapped syn-ack
  1265. 25/tcp closed smtp conn-refused
  1266. 80/tcp open http syn-ack nginx
  1267. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
  1268. | http-methods:
  1269. |_ Supported Methods: GET HEAD POST OPTIONS
  1270. |_http-server-header: nginx
  1271. |_http-title: Domain Default page
  1272. 110/tcp open pop3 syn-ack Dovecot pop3d
  1273. |_pop3-capabilities: RESP-CODES SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) UIDL PIPELINING AUTH-RESP-CODE TOP CAPA USER STLS APOP
  1274. |_ssl-date: TLS randomness does not represent time
  1275. 113/tcp closed ident conn-refused
  1276. 139/tcp closed netbios-ssn conn-refused
  1277. 143/tcp open imap syn-ack Dovecot imapd
  1278. |_imap-capabilities: listed LITERAL+ AUTH=PLAIN STARTTLS ENABLE capabilities LOGIN-REFERRALS OK more IMAP4rev1 AUTH=CRAM-MD5A0001 AUTH=LOGIN SASL-IR post-login Pre-login ID IDLE have AUTH=DIGEST-MD5
  1279. |_ssl-date: TLS randomness does not represent time
  1280. 443/tcp open ssl/http syn-ack nginx
  1281. | http-methods:
  1282. |_ Supported Methods: GET HEAD POST OPTIONS
  1283. |_http-server-header: nginx
  1284. |_http-title: 400 The plain HTTP request was sent to HTTPS port
  1285. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/localityName=Seattle/organizationalUnitName=Plesk
  1286. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/localityName=Seattle/organizationalUnitName=Plesk
  1287. | Public Key type: rsa
  1288. | Public Key bits: 2048
  1289. | Signature Algorithm: sha256WithRSAEncryption
  1290. | Not valid before: 2016-04-20T02:40:27
  1291. | Not valid after: 2017-04-20T02:40:27
  1292. | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
  1293. | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
  1294. | -----BEGIN CERTIFICATE-----
  1295. | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
  1296. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
  1297. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
  1298. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
  1299. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
  1300. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
  1301. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
  1302. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
  1303. | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
  1304. | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
  1305. | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
  1306. | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
  1307. | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
  1308. | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
  1309. | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
  1310. | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
  1311. | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
  1312. | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
  1313. | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
  1314. |_-----END CERTIFICATE-----
  1315. |_ssl-date: TLS randomness does not represent time
  1316. | tls-alpn:
  1317. |_ http/1.1
  1318. | tls-nextprotoneg:
  1319. |_ http/1.1
  1320. 445/tcp closed microsoft-ds conn-refused
  1321. 993/tcp open ssl/imaps? syn-ack
  1322. |_ssl-date: TLS randomness does not represent time
  1323. 995/tcp open ssl/pop3s? syn-ack
  1324. |_ssl-date: TLS randomness does not represent time
  1325. 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.5.3)
  1326. | http-methods:
  1327. |_ Supported Methods: GET HEAD POST OPTIONS
  1328. |_http-server-header: sw-cp-server
  1329. |_http-title: Plesk Onyx 17.5.3
  1330. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/localityName=Seattle/organizationalUnitName=Plesk
  1331. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/localityName=Seattle/organizationalUnitName=Plesk
  1332. | Public Key type: rsa
  1333. | Public Key bits: 2048
  1334. | Signature Algorithm: sha256WithRSAEncryption
  1335. | Not valid before: 2016-04-20T02:40:27
  1336. | Not valid after: 2017-04-20T02:40:27
  1337. | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
  1338. | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
  1339. | -----BEGIN CERTIFICATE-----
  1340. | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
  1341. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
  1342. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
  1343. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
  1344. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
  1345. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
  1346. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
  1347. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
  1348. | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
  1349. | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
  1350. | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
  1351. | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
  1352. | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
  1353. | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
  1354. | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
  1355. | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
  1356. | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
  1357. | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
  1358. | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
  1359. |_-----END CERTIFICATE-----
  1360. |_ssl-date: TLS randomness does not represent time
  1361. | tls-nextprotoneg:
  1362. |_ http/1.1
  1363. Device type: general purpose
  1364. Running: Linux 2.6.X
  1365. OS CPE: cpe:/o:linux:linux_kernel:2.6
  1366. OS details: Linux 2.6.18 - 2.6.22
  1367. TCP/IP fingerprint:
  1368. OS:SCAN(V=7.70%E=4%D=2/13%OT=80%CT=25%CU=%PV=N%G=N%TM=5C64CE39%P=x86_64-pc-
  1369. OS:linux-gnu)SEQ(SP=106%GCD=1%ISR=10C%TI=Z%CI=Z%TS=A)SEQ(CI=Z)OPS(O1=M4B3ST
  1370. OS:11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4
  1371. OS:B3ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%
  1372. OS:TG=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)ECN(R=N)T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=A
  1373. OS:S%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD
  1374. OS:=0%Q=)T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=N)IE(R=N)
  1375.  
  1376. Service Info: Host: fo3-web02.nic.gov.sd
  1377.  
  1378. TRACEROUTE (using proto 1/icmp)
  1379. HOP RTT ADDRESS
  1380. 1 23.16 ms 10.242.200.1
  1381. 2 49.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1382. 3 35.53 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1383. 4 23.18 ms 82.102.29.44
  1384. 5 23.19 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1385. 6 23.38 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1386. 7 92.66 ms 154.54.44.165
  1387. 8 98.66 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1388. 9 99.88 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1389. 10 100.00 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1390. 11 98.64 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1391. 12 182.33 ms 185.153.20.70
  1392. 13 182.36 ms 185.153.20.82
  1393. 14 182.10 ms 185.153.20.94
  1394. 15 192.61 ms 185.153.20.153
  1395. 16 208.12 ms 212.0.131.109
  1396. 17 209.20 ms 196.202.137.249
  1397. 18 197.39 ms 196.202.145.94
  1398. 19 ... 30
  1399.  
  1400. NSE: Script Post-scanning.
  1401. NSE: Starting runlevel 1 (of 2) scan.
  1402. Initiating NSE at 21:11
  1403. Completed NSE at 21:11, 0.00s elapsed
  1404. NSE: Starting runlevel 2 (of 2) scan.
  1405. Initiating NSE at 21:11
  1406. Completed NSE at 21:11, 0.00s elapsed
  1407. Read data files from: /usr/bin/../share/nmap
  1408. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1409. Nmap done: 1 IP address (1 host up) scanned in 199.92 seconds
  1410. Raw packets sent: 142 (10.432KB) | Rcvd: 54 (5.443KB)
  1411. #######################################################################################################################################
  1412. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 21:11 EST
  1413. NSE: Loaded 148 scripts for scanning.
  1414. NSE: Script Pre-scanning.
  1415. Initiating NSE at 21:11
  1416. Completed NSE at 21:11, 0.00s elapsed
  1417. Initiating NSE at 21:11
  1418. Completed NSE at 21:11, 0.00s elapsed
  1419. Initiating Parallel DNS resolution of 1 host. at 21:11
  1420. Completed Parallel DNS resolution of 1 host. at 21:11, 0.02s elapsed
  1421. Initiating UDP Scan at 21:11
  1422. Scanning f03-web02.nic.gov.sd (62.12.105.2) [14 ports]
  1423. Completed UDP Scan at 21:11, 1.96s elapsed (14 total ports)
  1424. Initiating Service scan at 21:11
  1425. Scanning 12 services on f03-web02.nic.gov.sd (62.12.105.2)
  1426. Service scan Timing: About 8.33% done; ETC: 21:30 (0:17:58 remaining)
  1427. Completed Service scan at 21:12, 102.58s elapsed (12 services on 1 host)
  1428. Initiating OS detection (try #1) against f03-web02.nic.gov.sd (62.12.105.2)
  1429. Retrying OS detection (try #2) against f03-web02.nic.gov.sd (62.12.105.2)
  1430. Initiating Traceroute at 21:12
  1431. Completed Traceroute at 21:13, 7.09s elapsed
  1432. Initiating Parallel DNS resolution of 1 host. at 21:13
  1433. Completed Parallel DNS resolution of 1 host. at 21:13, 0.02s elapsed
  1434. NSE: Script scanning 62.12.105.2.
  1435. Initiating NSE at 21:13
  1436. Completed NSE at 21:13, 20.30s elapsed
  1437. Initiating NSE at 21:13
  1438. Completed NSE at 21:13, 1.02s elapsed
  1439. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1440. Host is up (0.044s latency).
  1441.  
  1442. PORT STATE SERVICE VERSION
  1443. 53/udp open|filtered domain
  1444. 67/udp open|filtered dhcps
  1445. 68/udp open|filtered dhcpc
  1446. 69/udp open|filtered tftp
  1447. 88/udp open|filtered kerberos-sec
  1448. 123/udp open|filtered ntp
  1449. 137/udp filtered netbios-ns
  1450. 138/udp filtered netbios-dgm
  1451. 139/udp open|filtered netbios-ssn
  1452. 161/udp open|filtered snmp
  1453. 162/udp open|filtered snmptrap
  1454. 389/udp open|filtered ldap
  1455. 520/udp open|filtered route
  1456. 2049/udp open|filtered nfs
  1457. Too many fingerprints match this host to give specific OS details
  1458.  
  1459. TRACEROUTE (using port 137/udp)
  1460. HOP RTT ADDRESS
  1461. 1 23.18 ms 10.242.200.1
  1462. 2 ... 3
  1463. 4 22.44 ms 10.242.200.1
  1464. 5 27.07 ms 10.242.200.1
  1465. 6 27.06 ms 10.242.200.1
  1466. 7 27.05 ms 10.242.200.1
  1467. 8 27.05 ms 10.242.200.1
  1468. 9 27.04 ms 10.242.200.1
  1469. 10 27.05 ms 10.242.200.1
  1470. 11 ... 18
  1471. 19 22.37 ms 10.242.200.1
  1472. 20 25.32 ms 10.242.200.1
  1473. 21 ... 28
  1474. 29 23.89 ms 10.242.200.1
  1475. 30 22.12 ms 10.242.200.1
  1476.  
  1477. NSE: Script Post-scanning.
  1478. Initiating NSE at 21:13
  1479. Completed NSE at 21:13, 0.00s elapsed
  1480. Initiating NSE at 21:13
  1481. Completed NSE at 21:13, 0.00s elapsed
  1482. Read data files from: /usr/bin/../share/nmap
  1483. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1484. Nmap done: 1 IP address (1 host up) scanned in 136.66 seconds
  1485. Raw packets sent: 147 (13.614KB) | Rcvd: 33 (3.542KB)
  1486. #######################################################################################################################################
  1487. [+] FireWall Detector
  1488. [++] Firewall not detected
  1489.  
  1490. [+] Detecting Joomla Version
  1491. [++] Joomla 2.5.9
  1492.  
  1493. [+] Core Joomla Vulnerability
  1494. [++] Joomla! Core Remote Privilege Escalation Vulnerability
  1495. CVE : CVE-2016-9838
  1496. EDB : https://www.exploit-db.com/exploits/41157/
  1497.  
  1498. Joomla! Component Akeeba Kickstart - Unserialize Remote Code Execution
  1499. CVE : CVE-2014-7228
  1500. EDB : https://www.exploit-db.com/exploits/35033/
  1501.  
  1502. Joomla! Core Authentication Bypass Vulnerability
  1503. CVE :CVE-2014-6632
  1504. http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html
  1505.  
  1506. Joomla! Core Remote Denial of Service Vulnerability
  1507. CVE : CVE-2014-7229
  1508. https://developer.joomla.org/security/596-20140904-core-denial-of-service.html
  1509.  
  1510. PHPMailer Remote Code Execution Vulnerability
  1511. CVE : CVE-2016-10033
  1512. https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
  1513. https://github.com/opsxcq/exploit-CVE-2016-10033
  1514. EDB : https://www.exploit-db.com/exploits/40969/
  1515.  
  1516. PPHPMailer Incomplete Fix Remote Code Execution Vulnerability
  1517. CVE : CVE-2016-10045
  1518. https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
  1519. EDB : https://www.exploit-db.com/exploits/40969/
  1520.  
  1521.  
  1522.  
  1523. [+] Checking apache info/status files
  1524. [++] Readable info/status files are not found
  1525.  
  1526. [+] admin finder
  1527. [++] Admin page : http://www.agricmi.gov.sd/administrator/
  1528.  
  1529. [+] Checking robots.txt existing
  1530. [++] robots.txt is found
  1531. path : http://www.agricmi.gov.sd/robots.txt
  1532.  
  1533. Interesting path found from robots.txt
  1534. http://www.agricmi.gov.sd/joomla/administrator/
  1535. http://www.agricmi.gov.sd/administrator/
  1536. http://www.agricmi.gov.sd/cache/
  1537. http://www.agricmi.gov.sd/cli/
  1538. http://www.agricmi.gov.sd/components/
  1539. http://www.agricmi.gov.sd/images/
  1540. http://www.agricmi.gov.sd/includes/
  1541. http://www.agricmi.gov.sd/installation/
  1542. http://www.agricmi.gov.sd/language/
  1543. http://www.agricmi.gov.sd/libraries/
  1544. http://www.agricmi.gov.sd/logs/
  1545. http://www.agricmi.gov.sd/media/
  1546. http://www.agricmi.gov.sd/modules/
  1547. http://www.agricmi.gov.sd/plugins/
  1548. http://www.agricmi.gov.sd/templates/
  1549. http://www.agricmi.gov.sd/tmp/
  1550.  
  1551.  
  1552. [+] Finding common backup files name
  1553. [++] Backup files are not found
  1554.  
  1555. [+] Finding common log files name
  1556. [++] error log is not found
  1557.  
  1558. [+] Checking user registration
  1559. [++] registration is enabled
  1560. http://www.agricmi.gov.sd/index.php?option=com_users&view=registration
  1561.  
  1562. [+] Checking sensitive config.php.x file
  1563. [++] Readable config files are not found
  1564. #######################################################################################################################################
  1565. [-] Date & Time: 13/02/2019 19:48:45
  1566. [I] Threads: 5
  1567. [-] Target: http://www.agricmi.gov.sd (62.12.105.2)
  1568. [M] Website Not in HTTPS: http://www.agricmi.gov.sd
  1569. [I] X-Powered-By: PHP/5.4.16
  1570. [L] X-Frame-Options: Not Enforced
  1571. [I] Strict-Transport-Security: Not Enforced
  1572. [I] X-Content-Security-Policy: Not Enforced
  1573. [I] X-Content-Type-Options: Not Enforced
  1574. [L] Robots.txt Found: http://www.agricmi.gov.sd/robots.txt
  1575. [I] CMS Detection: Joomla
  1576. [I] Joomla Version: 2.5.9
  1577. [M] EDB-ID: 46200 "Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings"
  1578. [M] EDB-ID: 42033 "Joomla! 3.7.0 - 'com_fields' SQL Injection"
  1579. [M] EDB-ID: 40637 "Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation"
  1580. [M] EDB-ID: 41157 "Joomla! < 3.6.4 - Admin Takeover"
  1581. [M] EDB-ID: 38977 "Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution"
  1582. [M] EDB-ID: 39033 "Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution"
  1583. [M] EDB-ID: 38534 "Joomla! 3.2.x < 3.4.4 - SQL Injection"
  1584. [M] EDB-ID: 31459 "Joomla! 3.2.1 - SQL Injection"
  1585. [M] EDB-ID: 25087 "Joomla! 3.0.3 - 'remember.php' PHP Object Injection"
  1586. [M] EDB-ID: 24551 "Joomla! 3.0.2 - 'highlight.php' PHP Object Injection"
  1587. [M] EDB-ID: 44227 "Joomla! 3.7 - SQL Injection"
  1588. [I] Joomla Website Template: siteground-j16-12
  1589. [I] Joomla Administrator Template: hathor
  1590. [-] Enumerating Joomla Usernames via "Feed" ...
  1591. [I] Super User: [email protected]
  1592. [I] Autocomplete Off Not Found: http://www.agricmi.gov.sd/administrator/index.php
  1593. [-] Joomla Default Files:
  1594. [-] Joomla is likely to have a large number of default files
  1595. [-] Would you like to list them all?
  1596. [y/N]: y
  1597. [I] http://www.agricmi.gov.sd/LICENSE.txt
  1598. [I] http://www.agricmi.gov.sd/README.txt
  1599. [I] http://www.agricmi.gov.sd/administrator/cache/index.html
  1600. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-06.sql
  1601. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-16.sql
  1602. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-19.sql
  1603. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-20.sql
  1604. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-21-1.sql
  1605. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-21-2.sql
  1606. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-22.sql
  1607. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-23.sql
  1608. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-24.sql
  1609. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2012-01-10.sql
  1610. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2012-01-14.sql
  1611. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.1-2012-01-26.sql
  1612. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.2-2012-03-05.sql
  1613. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.3-2012-03-13.sql
  1614. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-18.sql
  1615. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-19.sql
  1616. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.5.sql
  1617. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.6.sql
  1618. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.7.sql
  1619. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.2-2012-03-05.sql
  1620. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.3-2012-03-13.sql
  1621. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.4-2012-03-18.sql
  1622. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.4-2012-03-19.sql
  1623. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.5.sql
  1624. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.6.sql
  1625. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.7.sql
  1626. [I] http://www.agricmi.gov.sd/administrator/components/com_banners/sql/install.mysql.utf8.sql
  1627. [I] http://www.agricmi.gov.sd/administrator/components/com_banners/sql/uninstall.mysql.utf8.sql
  1628. [I] http://www.agricmi.gov.sd/administrator/components/com_contact/sql/install.mysql.utf8.sql
  1629. [I] http://www.agricmi.gov.sd/administrator/components/com_contact/sql/uninstall.mysql.utf8.sql
  1630. [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/install.mysql.sql
  1631. [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/install.postgresql.sql
  1632. [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/uninstall.mysql.sql
  1633. [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/uninstall.postgresql.sql
  1634. [I] http://www.agricmi.gov.sd/administrator/components/com_newsfeeds/sql/install.mysql.utf8.sql
  1635. [I] http://www.agricmi.gov.sd/administrator/components/com_newsfeeds/sql/uninstall.mysql.utf8.sql
  1636. [I] http://www.agricmi.gov.sd/administrator/language/overrides/index.html
  1637. [I] http://www.agricmi.gov.sd/administrator/manifests/packages/index.html
  1638. [I] http://www.agricmi.gov.sd/administrator/templates/hathor/LICENSE.txt
  1639. [I] http://www.agricmi.gov.sd/cache/index.html
  1640. [I] http://www.agricmi.gov.sd/cli/index.html
  1641. [I] http://www.agricmi.gov.sd/components/index.html
  1642. [I] http://www.agricmi.gov.sd/htaccess.txt
  1643. [I] http://www.agricmi.gov.sd/images/index.html
  1644. [I] http://www.agricmi.gov.sd/includes/index.html
  1645. [I] http://www.agricmi.gov.sd/language/index.html
  1646. [I] http://www.agricmi.gov.sd/language/overrides/index.html
  1647. [I] http://www.agricmi.gov.sd/libraries/fof/LICENSE.txt
  1648. [I] http://www.agricmi.gov.sd/libraries/fof/version.txt
  1649. [I] http://www.agricmi.gov.sd/libraries/index.html
  1650. [I] http://www.agricmi.gov.sd/media/editors/tinymce/templates/layout1.html
  1651. [I] http://www.agricmi.gov.sd/media/editors/tinymce/templates/snippet1.html
  1652. [I] http://www.agricmi.gov.sd/media/index.html
  1653. [I] http://www.agricmi.gov.sd/modules/index.html
  1654. [I] http://www.agricmi.gov.sd/plugins/index.html
  1655. [I] http://www.agricmi.gov.sd/templates/index.html
  1656. [I] http://www.agricmi.gov.sd/tmp/index.html
  1657. [I] http://www.agricmi.gov.sd/web.config.txt
  1658. [-] Searching Joomla Components ...
  1659. [I] Checking for Directory Listing Enabled ...
  1660. [-] Date & Time: 13/02/2019 20:07:58
  1661. [-] Completed in: 0:19:12
  1662. #######################################################################################################################################
  1663. Anonymous JTSEC #OpSudan Full Recon #8
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement