Anonymous JTSEC #OpSudan Full Recon #8

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Nom de l'hôte www.agricmi.gov.sd FAI NICDC
4. Continent Afrique Drapeau
5. SD
6. Pays Soudan Code du pays SD
7. Région Inconnu Heure locale 14 Feb 2019 02:46 CAT
8. Ville Inconnu Code Postal Inconnu
9. Adresse IP 62.12.105.2 Latitude 15
10. Longitude 30
11. =======================================================================================================================================
12. #######################################################################################################################################
13. > www.agricmi.gov.sd
14. Server: 38.132.106.139
15. Address: 38.132.106.139#53
16.  
17. Non-authoritative answer:
18. Name: www.agricmi.gov.sd
19. Address: 62.12.105.2
20. >
21. #######################################################################################################################################
22. HostIP:62.12.105.2
23. HostName:www.agricmi.gov.sd
24.  
25. Gathered Inet-whois information for 62.12.105.2
26. ---------------------------------------------------------------------------------------------------------------------------------------
27.  
28.  
29. inetnum: 62.12.96.0 - 62.12.127.255
30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
31. descr: IPv4 address block not managed by the RIPE NCC
32. remarks: ------------------------------------------------------
33. remarks:
34. remarks: For registration information,
35. remarks: you can consult the following sources:
36. remarks:
37. remarks: IANA
38. remarks: http://www.iana.org/assignments/ipv4-address-space
39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
41. remarks:
42. remarks: AFRINIC (Africa)
43. remarks: http://www.afrinic.net/ whois.afrinic.net
44. remarks:
45. remarks: APNIC (Asia Pacific)
46. remarks: http://www.apnic.net/ whois.apnic.net
47. remarks:
48. remarks: ARIN (Northern America)
49. remarks: http://www.arin.net/ whois.arin.net
50. remarks:
51. remarks: LACNIC (Latin America and the Carribean)
52. remarks: http://www.lacnic.net/ whois.lacnic.net
53. remarks:
54. remarks: ------------------------------------------------------
55. country: EU # Country is really world wide
56. admin-c: IANA1-RIPE
57. tech-c: IANA1-RIPE
58. status: ALLOCATED UNSPECIFIED
59. mnt-by: RIPE-NCC-HM-MNT
60. created: 2019-01-07T10:46:54Z
61. last-modified: 2019-01-07T10:46:54Z
62. source: RIPE
63.  
64. role: Internet Assigned Numbers Authority
65. address: see http://www.iana.org.
66. admin-c: IANA1-RIPE
67. tech-c: IANA1-RIPE
68. nic-hdl: IANA1-RIPE
69. remarks: For more information on IANA services
70. remarks: go to IANA web site at http://www.iana.org.
71. mnt-by: RIPE-NCC-MNT
72. created: 1970-01-01T00:00:00Z
73. last-modified: 2001-09-22T09:31:27Z
74. source: RIPE # Filtered
75.  
76. % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
77.  
78.  
79.  
80. Gathered Inic-whois information for agricmi.gov.sd
81. ---------------------------------------------------------------------------------------------------------------------------------------
82. Error: Unable to connect - Invalid Host
83. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
84. close error
85.  
86. Gathered Netcraft information for www.agricmi.gov.sd
87. ---------------------------------------------------------------------------------------------------------------------------------------
88.  
89. Retrieving Netcraft.com information for www.agricmi.gov.sd
90. Netcraft.com Information gathered
91.  
92. Gathered Subdomain information for agricmi.gov.sd
93. ---------------------------------------------------------------------------------------------------------------------------------------
94. Searching Google.com:80...
95. HostName:www.agricmi.gov.sd
96. HostIP:62.12.105.2
97. Searching Altavista.com:80...
98. Found 1 possible subdomain(s) for host agricmi.gov.sd, Searched 0 pages containing 0 results
99.  
100. Gathered E-Mail information for agricmi.gov.sd
101. ---------------------------------------------------------------------------------------------------------------------------------------
102. Searching Google.com:80...
103. Searching Altavista.com:80...
104. Found 0 E-Mail(s) for host agricmi.gov.sd, Searched 0 pages containing 0 results
105.  
106. Gathered TCP Port information for 62.12.105.2
107. ---------------------------------------------------------------------------------------------------------------------------------------
108.  
109. Port State
110.  
111. 21/tcp open
112. 80/tcp open
113. 110/tcp open
114. 143/tcp open
115.  
116. Portscan Finished: Scanned 150 ports, 4 ports were in state closed
117. #######################################################################################################################################
118. [i] Scanning Site: http://www.agricmi.gov.sd
119.  
120.  
121.  
122. B A S I C I N F O
123. =======================================================================================================================================
124.  
125.  
126. [+] Site Title: الصــــفــحة الرئيســية
127. [+] IP address: 62.12.105.2
128. [+] Web Server: Could Not Detect
129. [+] CMS: Joomla
130. [+] Cloudflare: Not Detected
131. [+] Robots File: Found
132.  
133. -------------[ contents ]----------------
134. # If the Joomla site is installed within a folder such as at
135. # e.g. www.example.com/joomla/ the robots.txt file MUST be
136. # moved to the site root at e.g. www.example.com/robots.txt
137. # AND the joomla folder name MUST be prefixed to the disallowed
138. # path, e.g. the Disallow rule for the /administrator/ folder
139. # MUST be changed to read Disallow: /joomla/administrator/
140. #
141. # For more information about the robots.txt standard, see:
142. # http://www.robotstxt.org/orig.html
143. #
144. # For syntax checking, see:
145. # http://www.sxw.org.uk/computing/robots/check.html
146.  
147. User-agent: *
148. Disallow: /administrator/
149. Disallow: /cache/
150. Disallow: /cli/
151. Disallow: /components/
152. Disallow: /images/
153. Disallow: /includes/
154. Disallow: /installation/
155. Disallow: /language/
156. Disallow: /libraries/
157. Disallow: /logs/
158. Disallow: /media/
159. Disallow: /modules/
160. Disallow: /plugins/
161. Disallow: /templates/
162. Disallow: /tmp/
163.  
164.  
165. -----------[end of contents]-------------
166.  
167.  
168.  
169.  
170. G E O I P L O O K U P
171. =======================================================================================================================================
172.  
173. [i] IP Address: 62.12.105.2
174. [i] Country: Sudan
175. [i] State:
176. [i] City:
177. [i] Latitude: 15.0
178. [i] Longitude: 30.0
179.  
180.  
181.  
182.  
183. H T T P H E A D E R S
184. =======================================================================================================================================
185.  
186.  
187. [i] HTTP/1.1 200 OK
188. [i] Date: Thu, 14 Feb 2019 00:19:49 GMT
189. [i] Content-Type: text/html; charset=utf-8
190. [i] X-Powered-By: PHP/5.4.16
191. [i] P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
192. [i] Cache-Control: no-cache
193. [i] Pragma: no-cache
194. [i] Set-Cookie: 650a76b3bacb69cb3de623bd53c0ffc7=rpr2mdllop5m60eo2jlq1v21v6; path=/
195. [i] X-Powered-By: PleskLin
196. [i] Connection: close
197.  
198.  
199.  
200.  
201. D N S L O O K U P
202. =======================================================================================================================================
203.  
204. agricmi.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
205. agricmi.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
206. agricmi.gov.sd. 21599 IN A 62.12.105.2
207. agricmi.gov.sd. 21599 IN MX 10 mail.agricmi.gov.sd.
208. agricmi.gov.sd. 21599 IN TXT "v=spf1 mx -all"
209.  
210.  
211.  
212.  
213. S U B N E T C A L C U L A T I O N
214. =======================================================================================================================================
215.  
216. Address = 62.12.105.2
217. Network = 62.12.105.2 / 32
218. Netmask = 255.255.255.255
219. Broadcast = not needed on Point-to-Point links
220. Wildcard Mask = 0.0.0.0
221. Hosts Bits = 0
222. Max. Hosts = 1 (2^0 - 0)
223. Host Range = { 62.12.105.2 - 62.12.105.2 }
224.  
225.  
226.  
227. N M A P P O R T S C A N
228. =======================================================================================================================================
229.  
230.  
231. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 01:17 UTC
232. Nmap scan report for agricmi.gov.sd (62.12.105.2)
233. Host is up (0.17s latency).
234. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
235. PORT STATE SERVICE
236. 21/tcp filtered ftp
237. 22/tcp filtered ssh
238. 23/tcp filtered telnet
239. 80/tcp filtered http
240. 110/tcp filtered pop3
241. 143/tcp filtered imap
242. 443/tcp filtered https
243. 3389/tcp filtered ms-wbt-server
244.  
245. Nmap done: 1 IP address (1 host up) scanned in 10.74 seconds
246. #######################################################################################################################################
247. [?] Enter the target: example( http://domain.com )
248. http://www.agricmi.gov.sd/
249. [!] IP Address : 62.12.105.2
250. [!] www.agricmi.gov.sd doesn't seem to use a CMS
251. [+] Honeypot Probabilty: 0%
252. ---------------------------------------------------------------------------------------------------------------------------------------
253. [~] Trying to gather whois information for www.agricmi.gov.sd
254. [+] Whois information found
255. [-] Unable to build response, visit https://who.is/whois/www.agricmi.gov.sd
256. ---------------------------------------------------------------------------------------------------------------------------------------
257. PORT STATE SERVICE
258. 21/tcp filtered ftp
259. 22/tcp filtered ssh
260. 23/tcp filtered telnet
261. 80/tcp filtered http
262. 110/tcp filtered pop3
263. 143/tcp filtered imap
264. 443/tcp filtered https
265. 3389/tcp filtered ms-wbt-server
266. Nmap done: 1 IP address (1 host up) scanned in 13.75 seconds
267. ---------------------------------------------------------------------------------------------------------------------------------------
268. There was an error getting results
269.  
270. [-] DNS Records
271. [>] Initiating 3 intel modules
272. [>] Loading Alpha module (1/3)
273. [>] Beta module deployed (2/3)
274. [>] Gamma module initiated (3/3)
275.  
276.  
277. [+] Emails found:
278. ---------------------------------------------------------------------------------------------------------------------------------------
279. [email protected]
280. [email protected]
281. No hosts found
282. [+] Virtual hosts:
283. ---------------------------------------------------------------------------------------------------------------------------------------
284. #######################################################################################################################################
285. Enter Address Website = agricmi.gov.sd
286.  
287.  
288. Reverse IP With YouGetSignal 'agricmi.gov.sd'
289. ---------------------------------------------------------------------------------------------------------------------------------------
290.  
291. [*] IP: 62.12.105.2
292. [*] Domain: agricmi.gov.sd
293. [*] Total Domains: 5
294.  
295. [+] agricmi.gov.sd
296. [+] eastgezira.gov.sd
297. [+] sudan.gov.sd
298. [+] unionkhr.sd
299. [+] www.sudan.gov.sd
300. #######################################################################################################################################
301. Geo IP Lookup 'agricmi.gov.sd'
302. ---------------------------------------------------------------------------------------------------------------------------------------
303.  
304. [+] IP Address: 62.12.105.2
305. [+] Country: Sudan
306. [+] State:
307. [+] City:
308. [+] Latitude: 15.0
309. [+] Longitude: 30.0
310. #######################################################################################################################################
311. DNS Lookup 'agricmi.gov.sd'
312. ---------------------------------------------------------------------------------------------------------------------------------------
313.  
314. [+] agricmi.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
315. [+] agricmi.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
316. [+] agricmi.gov.sd. 21599 IN A 62.12.105.2
317. [+] agricmi.gov.sd. 21599 IN MX 10 mail.agricmi.gov.sd.
318. [+] agricmi.gov.sd. 21599 IN TXT "v=spf1 mx -all"
319. #######################################################################################################################################
320. Show HTTP Header 'agricmi.gov.sd'
321. ---------------------------------------------------------------------------------------------------------------------------------------
322.  
323. [+] HTTP/1.1 301 Moved Permanently
324. [+] Server: nginx
325. [+] Date: Thu, 14 Feb 2019 00:19:36 GMT
326. [+] Content-Type: text/html
327. [+] Content-Length: 178
328. [+] Connection: keep-alive
329. [+] Location: http://www.agricmi.gov.sd/
330. [+] X-Powered-By: PleskLin
331. #######################################################################################################################################
332. Port Scan 'agricmi.gov.sd'
333. --------------------------------------------------------------------------------------------------------------------------------------
334.  
335.  
336. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 01:17 UTC
337. Nmap scan report for agricmi.gov.sd (62.12.105.2)
338. Host is up (0.17s latency).
339. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
340. PORT STATE SERVICE
341. 21/tcp filtered ftp
342. 22/tcp filtered ssh
343. 23/tcp filtered telnet
344. 80/tcp filtered http
345. 110/tcp filtered pop3
346. 143/tcp filtered imap
347. 443/tcp filtered https
348. 3389/tcp filtered ms-wbt-server
349.  
350. Nmap done: 1 IP address (1 host up) scanned in 14.62 seconds
351. ######################################################################################################################################
352. Robot.txt 'agricmi.gov.sd'
353. ---------------------------------------------------------------------------------------------------------------------------------------
354.  
355. # If the Joomla site is installed within a folder such as at
356. # e.g. www.example.com/joomla/ the robots.txt file MUST be
357. # moved to the site root at e.g. www.example.com/robots.txt
358. # AND the joomla folder name MUST be prefixed to the disallowed
359. # path, e.g. the Disallow rule for the /administrator/ folder
360. # MUST be changed to read Disallow: /joomla/administrator/
361. #
362. # For more information about the robots.txt standard, see:
363. # http://www.robotstxt.org/orig.html
364. #
365. # For syntax checking, see:
366. # http://www.sxw.org.uk/computing/robots/check.html
367.  
368. User-agent: *
369. Disallow: /administrator/
370. Disallow: /cache/
371. Disallow: /cli/
372. Disallow: /components/
373. Disallow: /images/
374. Disallow: /includes/
375. Disallow: /installation/
376. Disallow: /language/
377. Disallow: /libraries/
378. Disallow: /logs/
379. Disallow: /media/
380. Disallow: /modules/
381. Disallow: /plugins/
382. Disallow: /templates/
383. Disallow: /tmp/
384. #######################################################################################################################################
385. Traceroute 'agricmi.gov.sd'
386. ---------------------------------------------------------------------------------------------------------------------------------------
387.  
388. Start: 2019-02-14T01:17:50+0000
389. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
390. 1.|-- 45.79.12.201 0.0% 3 1.7 1.2 0.7 1.7 0.5
391. 2.|-- 45.79.12.0 0.0% 3 0.6 0.7 0.6 0.8 0.1
392. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.6 1.5 1.3 1.8 0.3
393. 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 1.6 1.8 1.6 2.0 0.2
394. 5.|-- be2433.ccr22.mci01.atlas.cogentco.com 0.0% 3 11.6 12.0 11.6 12.4 0.4
395. 6.|-- be2832.ccr42.ord01.atlas.cogentco.com 0.0% 3 23.8 23.6 23.3 23.8 0.2
396. 7.|-- be2718.ccr22.cle04.atlas.cogentco.com 0.0% 3 30.2 30.3 30.1 30.4 0.2
397. 8.|-- be2879.ccr22.alb02.atlas.cogentco.com 0.0% 3 41.4 42.2 41.3 43.9 1.5
398. 9.|-- be3600.ccr32.bos01.atlas.cogentco.com 0.0% 3 45.8 45.8 45.5 46.0 0.3
399. 10.|-- be2983.ccr42.lon13.atlas.cogentco.com 0.0% 3 107.6 107.7 107.6 107.8 0.1
400. 11.|-- be2871.ccr21.lon01.atlas.cogentco.com 0.0% 3 107.9 108.1 107.9 108.4 0.3
401. 12.|-- expressotelecom.demarc.cogentco.com 0.0% 3 107.4 107.5 107.4 107.6 0.1
402. 13.|-- 185.153.20.70 0.0% 3 190.9 191.0 190.7 191.4 0.4
403. 14.|-- 185.153.20.82 0.0% 3 240.5 210.6 190.6 240.5 26.4
404. 15.|-- 185.153.20.94 0.0% 3 190.6 194.2 190.6 201.6 6.3
405. 16.|-- 185.153.20.153 0.0% 3 242.9 229.3 222.1 242.9 11.8
406. 17.|-- 212.0.131.109 0.0% 3 232.3 232.4 232.2 232.8 0.3
407. 18.|-- 196.202.137.249 0.0% 3 223.9 224.5 223.8 225.9 1.2
408. 19.|-- 196.202.145.94 0.0% 3 202.3 202.3 202.2 202.3 0.1
409. 20.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
410. #######################################################################################################################################
411. Ping 'agricmi.gov.sd'
412. ---------------------------------------------------------------------------------------------------------------------------------------
413.  
414.  
415. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-14 01:18 UTC
416. SENT (0.1854s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=1] IP [ttl=64 id=12921 iplen=28 ]
417. SENT (1.1857s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=2] IP [ttl=64 id=12921 iplen=28 ]
418. SENT (2.1870s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=3] IP [ttl=64 id=12921 iplen=28 ]
419. SENT (3.1883s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=4] IP [ttl=64 id=12921 iplen=28 ]
420.  
421. Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
422. Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
423. Nping done: 1 IP address pinged in 4.19 seconds
424. #######################################################################################################################################
425. Page Admin Finder 'agricmi.gov.sd'
426. ---------------------------------------------------------------------------------------------------------------------------------------
427.  
428.  
429.  
430. Avilable Links :
431.  
432. Find Page >> http://agricmi.gov.sd/administrator/
433.  
434. Find Page >> http://agricmi.gov.sd/administrator/index.php
435. #######################################################################################################################################
436. ; <<>> DiG 9.11.5-P1-1-Debian <<>> agricmi.gov.sd
437. ;; global options: +cmd
438. ;; Got answer:
439. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38241
440. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
441.  
442. ;; OPT PSEUDOSECTION:
443. ; EDNS: version: 0, flags:; udp: 4096
444. ;; QUESTION SECTION:
445. ;agricmi.gov.sd. IN A
446.  
447. ;; ANSWER SECTION:
448. agricmi.gov.sd. 83346 IN A 62.12.105.2
449.  
450. ;; Query time: 34 msec
451. ;; SERVER: 38.132.106.139#53(38.132.106.139)
452. ;; WHEN: mer fév 13 20:35:36 EST 2019
453. ;; MSG SIZE rcvd: 59
454. #######################################################################################################################################
455. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace agricmi.gov.sd
456. ;; global options: +cmd
457. . 85580 IN NS f.root-servers.net.
458. . 85580 IN NS e.root-servers.net.
459. . 85580 IN NS g.root-servers.net.
460. . 85580 IN NS l.root-servers.net.
461. . 85580 IN NS b.root-servers.net.
462. . 85580 IN NS i.root-servers.net.
463. . 85580 IN NS m.root-servers.net.
464. . 85580 IN NS d.root-servers.net.
465. . 85580 IN NS j.root-servers.net.
466. . 85580 IN NS h.root-servers.net.
467. . 85580 IN NS c.root-servers.net.
468. . 85580 IN NS a.root-servers.net.
469. . 85580 IN NS k.root-servers.net.
470. . 85580 IN RRSIG NS 8 0 518400 20190226220000 20190213210000 16749 . R628FVO9et4X/BNc8EzeiINuM/Xr8cA4DlDRErB80imz2KQF25GDSnLj LHSXEhUv2Dc23IvHPS5IfzYpF+A2fwYKmqEqgnxMPNVszNlsxG4XgENE yCi5LDOao4JUMDpJj9IbsVyxFRLRdkQrvUtJnRMly39WHwgrTR3LR6C+ MwEj1GPQR/PA0YjtJGEQNG9zS78u7HSTKovKX9dv3RG+A1M2jiZWxPHP AHqQR6sisBO9xyVXfwzR4G0eRwHDJFIto7xLv2lG6z949aMBglXRa5fn sUfrryLXinLnZGXY10mZIOfn01CpnFIrxihlX9uIAnq7hW8haFV/fabK plO7fA==
471. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 35 ms
472.  
473. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
474. sd. 172800 IN NS ns1.uaenic.ae.
475. sd. 172800 IN NS ns2.uaenic.ae.
476. sd. 172800 IN NS ans1.sis.sd.
477. sd. 172800 IN NS ans1.canar.sd.
478. sd. 172800 IN NS ans2.canar.sd.
479. sd. 172800 IN NS ns-sd.afrinic.net.
480. sd. 86400 IN NSEC se. NS RRSIG NSEC
481. sd. 86400 IN RRSIG NSEC 8 1 86400 20190226220000 20190213210000 16749 . pQY4I1sbZFrZUqOzkaQfawsU0HmOhvLWrAHaAvuwK1X4Alx4ubLDiXJN /se+vOsfqTJ2m1SrkwMZ8zpyRcO/9oNKvQgW3pMs4KD5Qga0YanFK+DH XTu0T2a8FLgYQvp2/tiLoJIrZhr6eX5Outdn7RvP5osKZgf9MwkVHEv+ IKkqtGlzwgslXUqPxveyfYF2C9hQpsFSc4LVeQVsw/Ak7GGY4Z02YEoV LPNx7JAolNNLtYY+N2yLoUQV3g3DI7rMrIB8dHsp6MuWZTxkd83xf+q7 S9gX4WRctaW88L3+qlaMUCw3hSYwzk6E/IRoX5nZItHoX/aYU/jb9q+I Dkwj7g==
482. ;; Received 701 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 44 ms
483.  
484. agricmi.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
485. agricmi.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
486. ;; Received 115 bytes from 2001:67c:e0::109#53(sd.cctld.authdns.ripe.net) in 105 ms
487.  
488. agricmi.gov.sd. 86400 IN A 62.12.105.2
489. agricmi.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
490. ;; Received 97 bytes from 62.12.109.2#53(ns0.ndc.gov.sd) in 198 ms
491. #######################################################################################################################################
492. [*] Performing General Enumeration of Domain: agricmi.gov.sd
493. [-] DNSSEC is not configured for agricmi.gov.sd
494. [*] SOA ns0.ndc.gov.sd 62.12.109.2
495. [*] NS ns0.ndc.gov.sd 62.12.109.2
496. [*] Bind Version for 62.12.109.2 you guess!
497. [*] MX mail.agricmi.gov.sd 197.254.200.161
498. [*] A agricmi.gov.sd 62.12.105.2
499. [*] TXT agricmi.gov.sd v=spf1 mx -all
500. [*] Enumerating SRV Records
501. [-] No SRV Records Found for agricmi.gov.sd
502. [+] 0 Records Found
503. #######################################################################################################################################
504. rocessing domain agricmi.gov.sd
505. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
506. [+] Getting nameservers
507. 62.12.109.2 - ns0.ndc.gov.sd
508. [+] Zone transfer sucessful using nameserver ns0.ndc.gov.sd
509. agricmi.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
510. agricmi.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
511. agricmi.gov.sd. 86400 IN A 62.12.105.2
512. agricmi.gov.sd. 86400 IN MX 10 mail.agricmi.gov.sd.
513. agricmi.gov.sd. 86400 IN TXT "v=spf1 mx -all"
514. mail.agricmi.gov.sd. 86400 IN A 197.254.200.161
515. mail.agricmi.gov.sd. 86400 IN MX 10 mail.agricmi.gov.sd.
516. webmail.agricmi.gov.sd. 86400 IN CNAME mail.agricmi.gov.sd.
517. www.agricmi.gov.sd. 86400 IN A 62.12.105.2
518. #######################################################################################################################################
519. Ip Address Status Type Domain Name Server
520. ---------- ------ ---- ----------- ------
521. 197.254.200.161 host mail.agricmi.gov.sd
522. 197.254.200.161 alias webmail.agricmi.gov.sd
523. 197.254.200.161 host mail.agricmi.gov.sd
524. 62.12.105.2 200 host www.agricmi.gov.sd nginx
525. #######################################################################################################################################
526. [+] Testing domain
527. www.agricmi.gov.sd 62.12.105.2
528. [+] Dns resolving
529. Domain name Ip address Name server
530. agricmi.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
531. Found 1 host(s) for agricmi.gov.sd
532. [+] Testing wildcard
533. Ok, no wildcard found.
534.  
535. [+] Scanning for subdomain on agricmi.gov.sd
536. [!] Wordlist not specified. I scannig with my internal wordlist...
537. Estimated time about 105.53 seconds
538.  
539. Subdomain Ip address Name server
540.  
541. www.agricmi.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
542. #######################################################################################################################################
543. =======================================================================================================================================
544. | E-mails:
545. | [+] E-mail Found: [email protected]
546. | [+] E-mail Found: [email protected]
547. | [+] E-mail Found: [email protected]
548. | [+] E-mail Found: [email protected]
549. | [+] E-mail Found: [email protected]
550. =======================================================================================================================================
551. | External hosts:
552. | [+] External Host Found: http://httpd.apache.org
553. =======================================================================================================================================
554. #######################################################################################################################################
555. dnsenum VERSION:1.2.4
556.  
557. ----- www.agricmi.gov.sd -----
558.  
559.  
560. Host's addresses:
561. __________________
562.  
563. www.agricmi.gov.sd. 83379 IN A 62.12.105.2
564.  
565.  
566. Name Servers:
567. ______________
568. #######################################################################################################################################
569. ===============================================
570. -=Subfinder v1.1.3 github.com/subfinder/subfinder
571. ===============================================
572.  
573.  
574. Running Source: Ask
575. Running Source: Archive.is
576. Running Source: Baidu
577. Running Source: Bing
578. Running Source: CertDB
579. Running Source: CertificateTransparency
580. Running Source: Certspotter
581. Running Source: Commoncrawl
582. Running Source: Crt.sh
583. Running Source: Dnsdb
584. Running Source: DNSDumpster
585. Running Source: DNSTable
586. Running Source: Dogpile
587. Running Source: Exalead
588. Running Source: Findsubdomains
589. Running Source: Googleter
590. Running Source: Hackertarget
591. Running Source: Ipv4Info
592. Running Source: PTRArchive
593. Running Source: Sitedossier
594. Running Source: Threatcrowd
595. Running Source: ThreatMiner
596. Running Source: WaybackArchive
597. Running Source: Yahoo
598.  
599. Running enumeration on www.agricmi.gov.sd
600.  
601. dnsdb: Unexpected return status 503
602.  
603. ipv4info: <nil>
604.  
605.  
606. Starting Bruteforcing of www.agricmi.gov.sd with 9985 words
607.  
608. Total 1 Unique subdomains found for www.agricmi.gov.sd
609.  
610. .www.agricmi.gov.sd
611. #######################################################################################################################################
612. [+] www.agricmi.gov.sd has no SPF record!
613. [*] No DMARC record found. Looking for organizational record
614. [+] No organizational DMARC record
615. [+] Spoofing possible for www.agricmi.gov.sd!
616. #######################################################################################################################################
617. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:40 EST
618. Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
619. Host is up (0.17s latency).
620. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
621. Not shown: 464 filtered ports, 4 closed ports
622. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
623. PORT STATE SERVICE
624. 21/tcp open ftp
625. 80/tcp open http
626. 110/tcp open pop3
627. 143/tcp open imap
628. 443/tcp open https
629. 993/tcp open imaps
630. 995/tcp open pop3s
631. 8443/tcp open https-alt
632. #######################################################################################################################################
633. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:40 EST
634. Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
635. Host is up (0.023s latency).
636. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
637. Not shown: 2 filtered ports
638. PORT STATE SERVICE
639. 53/udp open|filtered domain
640. 67/udp open|filtered dhcps
641. 68/udp open|filtered dhcpc
642. 69/udp open|filtered tftp
643. 88/udp open|filtered kerberos-sec
644. 123/udp open|filtered ntp
645. 139/udp open|filtered netbios-ssn
646. 161/udp open|filtered snmp
647. 162/udp open|filtered snmptrap
648. 389/udp open|filtered ldap
649. 520/udp open|filtered route
650. 2049/udp open|filtered nfs
651. #######################################################################################################################################
652. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:40 EST
653. Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
654. Host is up.
655. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
656.  
657. PORT STATE SERVICE VERSION
658. 21/tcp filtered ftp
659. Too many fingerprints match this host to give specific OS details
660.  
661. TRACEROUTE (using proto 1/icmp)
662. HOP RTT ADDRESS
663. 1 24.19 ms 10.242.200.1
664. 2 24.35 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
665. 3 44.97 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
666. 4 24.22 ms 82.102.29.44
667. 5 24.37 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
668. 6 24.23 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
669. 7 93.81 ms 154.54.44.165
670. 8 99.86 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
671. 9 100.90 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
672. 10 100.95 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
673. 11 100.75 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
674. 12 183.84 ms 185.153.20.70
675. 13 183.84 ms 185.153.20.82
676. 14 183.79 ms 185.153.20.94
677. 15 227.46 ms 185.153.20.153
678. 16 210.44 ms 212.0.131.109
679. 17 213.43 ms 196.202.137.249
680. 18 201.57 ms 196.202.145.94
681. 19 ... 30
682. #######################################################################################################################################
683. wig - WebApp Information Gatherer
684.  
685.  
686. Scanning http://www.agricmi.gov.sd...
687. ______________________________________________ SITE INFO ______________________________________________
688. IP Title
689. 62.12.105.2 الصــــفــحة الرئيســية
690.  
691. _______________________________________________ VERSION _______________________________________________
692. Name Versions Type
693. Joomla! 2.5.9 CMS
694. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
695. 2.4.9
696. PHP 5.4.16 Platform
697. nginx Platform
698. CentOS 7-1511 | 7.0-1406 | 7.1-1503 OS
699. Red Hat Enterprise Linux RHEL-7.0 | RHEL-7.1 | RHEL-7.2 OS
700. Scientific Linux 7.0 | 7.1 | 7.2 OS
701.  
702. _____________________________________________ INTERESTING _____________________________________________
703. URL Note Type
704. /robots.txt robots.txt index Interesting
705.  
706. ________________________________________________ TOOLS ________________________________________________
707. Name Link Software
708. CMSmap https://github.com/Dionach/CMSmap Joomla!
709. joomscan http://sourceforge.net/projects/joomscan/ Joomla!
710.  
711. _______________________________________________________________________________________________________
712. Time: 184.8 sec Urls: 807 Fingerprints: 40401
713. #######################################################################################################################################
714. HTTP/1.1 200 OK
715. Server: nginx
716. Date: Thu, 14 Feb 2019 00:47:16 GMT
717. Content-Type: text/html; charset=utf-8
718. Connection: keep-alive
719. X-Powered-By: PHP/5.4.16
720. P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
721. Cache-Control: no-cache
722. Pragma: no-cache
723. Set-Cookie: 650a76b3bacb69cb3de623bd53c0ffc7=lir99270da5tqhg2hc33rbg990; path=/
724. X-Powered-By: PleskLin
725.  
726. HTTP/1.1 200 OK
727. Server: nginx
728. Date: Thu, 14 Feb 2019 00:47:17 GMT
729. Content-Type: text/html; charset=utf-8
730. Connection: keep-alive
731. X-Powered-By: PHP/5.4.16
732. P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
733. Cache-Control: no-cache
734. Pragma: no-cache
735. Set-Cookie: 650a76b3bacb69cb3de623bd53c0ffc7=eci19585ej5rfcr5a32gogmma2; path=/
736. X-Powered-By: PleskLin
737. #######################################################################################################################################
738. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:45 EST
739. Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
740. Host is up (0.20s latency).
741. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
742.  
743. PORT STATE SERVICE VERSION
744. 110/tcp open pop3 Dovecot pop3d
745. | pop3-brute:
746. | Accounts: No valid accounts found
747. |_ Statistics: Performed 226 guesses in 197 seconds, average tps: 1.2
748. |_pop3-capabilities: AUTH-RESP-CODE SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) APOP USER STLS TOP PIPELINING CAPA UIDL RESP-CODES
749. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
750. Device type: specialized|WAP|general purpose|router
751. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
752. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
753. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
754. Network Distance: 20 hops
755. Service Info: Host: fo3-web02.nic.gov.sd
756.  
757. TRACEROUTE (using port 443/tcp)
758. HOP RTT ADDRESS
759. 1 27.91 ms 10.242.200.1
760. 2 28.77 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
761. 3 35.55 ms 37.120.128.168
762. 4 27.90 ms 82.102.29.44
763. 5 28.32 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
764. 6 28.79 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
765. 7 97.85 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
766. 8 103.41 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
767. 9 105.34 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
768. 10 105.44 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
769. 11 102.14 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
770. 12 185.87 ms 185.153.20.70
771. 13 185.84 ms 185.153.20.82
772. 14 185.21 ms 185.153.20.94
773. 15 196.39 ms 185.153.20.153
774. 16 ... 17
775. 18 196.21 ms 196.202.145.94
776. 19 ...
777. 20 210.91 ms f03-web02.nic.gov.sd (62.12.105.2)
778. #######################################################################################################################################
779. https://www.agricmi.gov.sd [200 OK] Cookies[650a76b3bacb69cb3de623bd53c0ffc7], Email[[email protected]], HTML5, HTTPServer[nginx], IP[62.12.105.2], Joomla[2.5.9], MetaGenerator[Joomla! - Open Source Content Management], PHP[5.4.16,], Plesk[Lin], Script[text/javascript], Title[الصــــفــحة الرئيســية], X-Powered-By[PHP/5.4.16, PleskLin], nginx
780. #######################################################################################################################################
781. Version: 1.11.12-static
782. OpenSSL 1.0.2-chacha (1.0.2g-dev)
783.  
784. Connected to 62.12.105.2
785.  
786. Testing SSL server www.agricmi.gov.sd on port 443 using SNI name www.agricmi.gov.sd
787.  
788. TLS Fallback SCSV:
789. Server supports TLS Fallback SCSV
790.  
791. TLS renegotiation:
792. Secure session renegotiation supported
793.  
794. TLS Compression:
795. Compression disabled
796.  
797. Heartbleed:
798. TLS 1.2 not vulnerable to heartbleed
799. TLS 1.1 not vulnerable to heartbleed
800. TLS 1.0 not vulnerable to heartbleed
801.  
802. Supported Server Cipher(s):
803. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
804. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
805. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
806. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
807. Accepted TLSv1.2 256 bits AES256-SHA256
808. Accepted TLSv1.2 256 bits AES256-SHA
809. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
810. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
811. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
812. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
813. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
814. Accepted TLSv1.2 128 bits AES128-SHA256
815. Accepted TLSv1.2 128 bits AES128-SHA
816. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
817. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
818. Accepted TLSv1.1 256 bits AES256-SHA
819. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
820. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
821. Accepted TLSv1.1 128 bits AES128-SHA
822. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
823. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
824. Accepted TLSv1.0 256 bits AES256-SHA
825. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
826. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
827. Accepted TLSv1.0 128 bits AES128-SHA
828. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
829.  
830. SSL Certificate:
831. Signature Algorithm: sha256WithRSAEncryption
832. RSA Key Strength: 2048
833.  
834. Subject: Plesk
835. Issuer: Plesk
836.  
837. Not valid before: Apr 20 02:40:27 2016 GMT
838. Not valid after: Apr 20 02:40:27 2017 GMT
839. #######################################################################################################################################
840. --------------------------------------------------------
841. <<<Yasuo discovered following vulnerable applications>>>
842. --------------------------------------------------------
843. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
844. | App Name | URL to Application | Potential Exploit | Username | Password |
845. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
846. | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
847. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
848. #######################################################################################################################################
849. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:35 EST
850. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
851. Host is up (0.10s latency).
852. Not shown: 464 filtered ports, 4 closed ports
853. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
854. PORT STATE SERVICE
855. 21/tcp open ftp
856. 80/tcp open http
857. 110/tcp open pop3
858. 143/tcp open imap
859. 443/tcp open https
860. 993/tcp open imaps
861. 995/tcp open pop3s
862. 8443/tcp open https-alt
863. #######################################################################################################################################
864. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:35 EST
865. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
866. Host is up (0.026s latency).
867. Not shown: 2 filtered ports
868. PORT STATE SERVICE
869. 53/udp open|filtered domain
870. 67/udp open|filtered dhcps
871. 68/udp open|filtered dhcpc
872. 69/udp open|filtered tftp
873. 88/udp open|filtered kerberos-sec
874. 123/udp open|filtered ntp
875. 139/udp open|filtered netbios-ssn
876. 161/udp open|filtered snmp
877. 162/udp open|filtered snmptrap
878. 389/udp open|filtered ldap
879. 520/udp open|filtered route
880. 2049/udp open|filtered nfs
881. #######################################################################################################################################
882. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:35 EST
883. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
884. Host is up (0.21s latency).
885.  
886. PORT STATE SERVICE VERSION
887. 21/tcp open tcpwrapped
888. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
889. Device type: specialized|WAP|general purpose|router
890. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
891. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
892. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
893. Network Distance: 20 hops
894.  
895. TRACEROUTE (using port 21/tcp)
896. HOP RTT ADDRESS
897. 1 29.44 ms 10.242.200.1
898. 2 29.50 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
899. 3 33.03 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
900. 4 30.33 ms 82.102.29.44
901. 5 29.95 ms 38.122.42.161
902. 6 30.31 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
903. 7 99.50 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
904. 8 105.46 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
905. 9 106.46 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
906. 10 106.47 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
907. 11 99.54 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
908. 12 182.65 ms 185.153.20.70
909. 13 182.65 ms 185.153.20.82
910. 14 182.61 ms 185.153.20.94
911. 15 195.37 ms 185.153.20.153
912. 16 ... 17
913. 18 198.14 ms 196.202.145.94
914. 19 ...
915. 20 211.83 ms f03-web02.nic.gov.sd (62.12.105.2)
916. #######################################################################################################################################
917. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:46 EST
918. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
919. Host is up.
920.  
921. PORT STATE SERVICE VERSION
922. 67/udp open|filtered dhcps
923. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
924. Too many fingerprints match this host to give specific OS details
925.  
926. TRACEROUTE (using proto 1/icmp)
927. HOP RTT ADDRESS
928. 1 27.43 ms 10.242.200.1
929. 2 27.82 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
930. 3 35.09 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
931. 4 27.46 ms 82.102.29.44
932. 5 28.04 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
933. 6 28.02 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
934. 7 97.78 ms 154.54.44.165
935. 8 103.72 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
936. 9 105.12 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
937. 10 105.15 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
938. 11 99.62 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
939. 12 183.66 ms 185.153.20.70
940. 13 183.33 ms 185.153.20.82
941. 14 183.37 ms 185.153.20.94
942. 15 194.88 ms 185.153.20.153
943. 16 211.49 ms 212.0.131.109
944. 17 211.46 ms 196.202.137.249
945. 18 196.21 ms 196.202.145.94
946. 19 ... 30
947. #######################################################################################################################################
948. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:48 EST
949. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
950. Host is up.
951.  
952. PORT STATE SERVICE VERSION
953. 68/udp open|filtered dhcpc
954. Too many fingerprints match this host to give specific OS details
955.  
956. TRACEROUTE (using proto 1/icmp)
957. HOP RTT ADDRESS
958. 1 24.29 ms 10.242.200.1
959. 2 50.58 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
960. 3 38.79 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
961. 4 24.32 ms 82.102.29.44
962. 5 24.33 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
963. 6 24.33 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
964. 7 94.93 ms 154.54.44.165
965. 8 99.68 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
966. 9 100.45 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
967. 10 100.51 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
968. 11 100.13 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
969. 12 183.37 ms 185.153.20.70
970. 13 183.37 ms 185.153.20.82
971. 14 183.34 ms 185.153.20.94
972. 15 196.47 ms 185.153.20.153
973. 16 209.03 ms 212.0.131.109
974. 17 208.21 ms 196.202.137.249
975. 18 196.25 ms 196.202.145.94
976. 19 ... 30
977. #######################################################################################################################################
978. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:50 EST
979. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
980. Host is up.
981.  
982. PORT STATE SERVICE VERSION
983. 69/udp open|filtered tftp
984. Too many fingerprints match this host to give specific OS details
985.  
986. TRACEROUTE (using proto 1/icmp)
987. HOP RTT ADDRESS
988. 1 21.82 ms 10.242.200.1
989. 2 22.31 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
990. 3 36.85 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
991. 4 22.28 ms 82.102.29.44
992. 5 22.72 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
993. 6 22.69 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
994. 7 91.88 ms 154.54.44.165
995. 8 97.70 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
996. 9 99.33 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
997. 10 99.40 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
998. 11 100.12 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
999. 12 183.45 ms 185.153.20.70
1000. 13 183.57 ms 185.153.20.82
1001. 14 183.40 ms 185.153.20.94
1002. 15 195.67 ms 185.153.20.153
1003. 16 212.15 ms 212.0.131.109
1004. 17 208.35 ms 196.202.137.249
1005. 18 198.15 ms 196.202.145.94
1006. 19 ... 30
1007. #######################################################################################################################################
1008. wig - WebApp Information Gatherer
1009.  
1010.  
1011. Scanning http://62.12.105.2...
1012. ________________________________________ SITE INFO _________________________________________
1013. IP Title
1014. 62.12.105.2 Domain Default page
1015.  
1016. _________________________________________ VERSION __________________________________________
1017. Name Versions Type
1018. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
1019. 2.4.9
1020. nginx Platform
1021.  
1022. ____________________________________________________________________________________________
1023. Time: 1.8 sec Urls: 811 Fingerprints: 40401
1024. #######################################################################################################################################
1025. HTTP/1.1 200 OK
1026. Server: nginx
1027. Date: Thu, 14 Feb 2019 00:55:38 GMT
1028. Content-Type: text/html
1029. Content-Length: 3750
1030. Connection: keep-alive
1031. Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
1032. ETag: "ea6-5649d8e57844b"
1033. Accept-Ranges: bytes
1034.  
1035. HTTP/1.1 200 OK
1036. Server: nginx
1037. Date: Thu, 14 Feb 2019 00:55:38 GMT
1038. Content-Type: text/html
1039. Content-Length: 3750
1040. Connection: keep-alive
1041. Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
1042. ETag: "ea6-5649d8e57844b"
1043. Accept-Ranges: bytes
1044. #######################################################################################################################################
1045. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:53 EST
1046. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
1047. Host is up (0.21s latency).
1048.  
1049. PORT STATE SERVICE VERSION
1050. 110/tcp open pop3 Dovecot pop3d
1051. | pop3-brute:
1052. | Accounts: No valid accounts found
1053. |_ Statistics: Performed 219 guesses in 196 seconds, average tps: 1.1
1054. |_pop3-capabilities: TOP CAPA SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) AUTH-RESP-CODE USER STLS PIPELINING RESP-CODES UIDL APOP
1055. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1056. Device type: general purpose
1057. Running: Linux 2.6.X
1058. OS CPE: cpe:/o:linux:linux_kernel:2.6
1059. OS details: Linux 2.6.18 - 2.6.22
1060. Network Distance: 20 hops
1061. Service Info: Host: fo3-web02.nic.gov.sd
1062.  
1063. TRACEROUTE (using port 443/tcp)
1064. HOP RTT ADDRESS
1065. 1 22.24 ms 10.242.200.1
1066. 2 47.67 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1067. 3 30.24 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
1068. 4 22.51 ms 82.102.29.44
1069. 5 23.47 ms 38.122.42.161
1070. 6 23.49 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
1071. 7 92.91 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
1072. 8 99.14 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
1073. 9 100.33 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
1074. 10 100.37 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
1075. 11 100.13 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1076. 12 184.08 ms 185.153.20.70
1077. 13 184.03 ms 185.153.20.82
1078. 14 184.05 ms 185.153.20.94
1079. 15 195.08 ms 185.153.20.153
1080. 16 ... 17
1081. 18 200.71 ms 196.202.145.94
1082. 19 ...
1083. 20 214.71 ms f03-web02.nic.gov.sd (62.12.105.2)
1084. #######################################################################################################################################
1085. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:57 EST
1086. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
1087. Host is up.
1088.  
1089. PORT STATE SERVICE VERSION
1090. 123/udp open|filtered ntp
1091. Too many fingerprints match this host to give specific OS details
1092.  
1093. TRACEROUTE (using proto 1/icmp)
1094. HOP RTT ADDRESS
1095. 1 22.71 ms 10.242.200.1
1096. 2 35.56 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1097. 3 40.34 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
1098. 4 22.92 ms 82.102.29.44
1099. 5 23.32 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
1100. 6 23.54 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
1101. 7 93.04 ms 154.54.44.165
1102. 8 98.41 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
1103. 9 99.80 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
1104. 10 99.85 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
1105. 11 98.25 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1106. 12 181.85 ms 185.153.20.70
1107. 13 181.85 ms 185.153.20.82
1108. 14 181.82 ms 185.153.20.94
1109. 15 196.11 ms 185.153.20.153
1110. 16 212.07 ms 212.0.131.109
1111. 17 210.40 ms 196.202.137.249
1112. 18 198.63 ms 196.202.145.94
1113. 19 ... 30
1114. #######################################################################################################################################
1115. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:59 EST
1116. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
1117. Host is up (0.21s latency).
1118.  
1119. PORT STATE SERVICE VERSION
1120. 161/tcp filtered snmp
1121. 161/udp open|filtered snmp
1122. Too many fingerprints match this host to give specific OS details
1123.  
1124. TRACEROUTE (using proto 1/icmp)
1125. HOP RTT ADDRESS
1126. 1 22.60 ms 10.242.200.1
1127. 2 23.22 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1128. 3 37.82 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
1129. 4 22.68 ms 82.102.29.44
1130. 5 23.29 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
1131. 6 23.33 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
1132. 7 92.65 ms 154.54.44.165
1133. 8 99.92 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
1134. 9 99.99 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
1135. 10 100.03 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
1136. 11 99.80 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1137. 12 182.45 ms 185.153.20.70
1138. 13 182.37 ms 185.153.20.82
1139. 14 182.40 ms 185.153.20.94
1140. 15 192.72 ms 185.153.20.153
1141. 16 209.64 ms 212.0.131.109
1142. 17 209.02 ms 196.202.137.249
1143. 18 197.35 ms 196.202.145.94
1144. 19 ... 30
1145. #######################################################################################################################################
1146. Version: 1.11.12-static
1147. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1148.  
1149. Connected to 62.12.105.2
1150.  
1151. Testing SSL server 62.12.105.2 on port 443 using SNI name 62.12.105.2
1152.  
1153. TLS Fallback SCSV:
1154. Server supports TLS Fallback SCSV
1155.  
1156. TLS renegotiation:
1157. Secure session renegotiation supported
1158.  
1159. TLS Compression:
1160. Compression disabled
1161.  
1162. Heartbleed:
1163. TLS 1.2 not vulnerable to heartbleed
1164. TLS 1.1 not vulnerable to heartbleed
1165. TLS 1.0 not vulnerable to heartbleed
1166.  
1167. Supported Server Cipher(s):
1168. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1169. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1170. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1171. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1172. Accepted TLSv1.2 256 bits AES256-SHA256
1173. Accepted TLSv1.2 256 bits AES256-SHA
1174. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1175. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1176. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1177. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1178. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1179. Accepted TLSv1.2 128 bits AES128-SHA256
1180. Accepted TLSv1.2 128 bits AES128-SHA
1181. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1182. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1183. Accepted TLSv1.1 256 bits AES256-SHA
1184. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1185. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1186. Accepted TLSv1.1 128 bits AES128-SHA
1187. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1188. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1189. Accepted TLSv1.0 256 bits AES256-SHA
1190. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
1191. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1192. Accepted TLSv1.0 128 bits AES128-SHA
1193. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
1194.  
1195. SSL Certificate:
1196. Signature Algorithm: sha256WithRSAEncryption
1197. RSA Key Strength: 2048
1198.  
1199. Subject: Plesk
1200. Issuer: Plesk
1201.  
1202. Not valid before: Apr 20 02:40:27 2016 GMT
1203. Not valid after: Apr 20 02:40:27 2017 GMT
1204. #######################################################################################################################################
1205. --------------------------------------------------------
1206. <<<Yasuo discovered following vulnerable applications>>>
1207. --------------------------------------------------------
1208. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
1209. | App Name | URL to Application | Potential Exploit | Username | Password |
1210. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
1211. | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
1212. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
1213. #######################################################################################################################################
1214. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 21:07 EST
1215. NSE: Loaded 148 scripts for scanning.
1216. NSE: Script Pre-scanning.
1217. NSE: Starting runlevel 1 (of 2) scan.
1218. Initiating NSE at 21:07
1219. Completed NSE at 21:07, 0.00s elapsed
1220. NSE: Starting runlevel 2 (of 2) scan.
1221. Initiating NSE at 21:07
1222. Completed NSE at 21:07, 0.00s elapsed
1223. Initiating Ping Scan at 21:07
1224. Scanning 62.12.105.2 [4 ports]
1225. Completed Ping Scan at 21:07, 0.24s elapsed (1 total hosts)
1226. Initiating Parallel DNS resolution of 1 host. at 21:07
1227. Completed Parallel DNS resolution of 1 host. at 21:07, 0.02s elapsed
1228. Initiating Connect Scan at 21:07
1229. Scanning f03-web02.nic.gov.sd (62.12.105.2) [1000 ports]
1230. Discovered open port 443/tcp on 62.12.105.2
1231. Discovered open port 143/tcp on 62.12.105.2
1232. Discovered open port 110/tcp on 62.12.105.2
1233. Discovered open port 80/tcp on 62.12.105.2
1234. Discovered open port 995/tcp on 62.12.105.2
1235. Discovered open port 993/tcp on 62.12.105.2
1236. Discovered open port 21/tcp on 62.12.105.2
1237. Discovered open port 8443/tcp on 62.12.105.2
1238. Completed Connect Scan at 21:08, 14.79s elapsed (1000 total ports)
1239. Initiating Service scan at 21:08
1240. Scanning 8 services on f03-web02.nic.gov.sd (62.12.105.2)
1241. Completed Service scan at 21:08, 14.43s elapsed (8 services on 1 host)
1242. Initiating OS detection (try #1) against f03-web02.nic.gov.sd (62.12.105.2)
1243. Retrying OS detection (try #2) against f03-web02.nic.gov.sd (62.12.105.2)
1244. WARNING: OS didn't match until try #2
1245. Initiating Traceroute at 21:08
1246. Completed Traceroute at 21:08, 6.15s elapsed
1247. Initiating Parallel DNS resolution of 18 hosts. at 21:08
1248. Completed Parallel DNS resolution of 18 hosts. at 21:08, 16.51s elapsed
1249. NSE: Script scanning 62.12.105.2.
1250. NSE: Starting runlevel 1 (of 2) scan.
1251. Initiating NSE at 21:08
1252. NSE Timing: About 98.90% done; ETC: 21:09 (0:00:00 remaining)
1253. NSE Timing: About 99.54% done; ETC: 21:09 (0:00:00 remaining)
1254. NSE Timing: About 99.72% done; ETC: 21:10 (0:00:00 remaining)
1255. NSE Timing: About 99.91% done; ETC: 21:10 (0:00:00 remaining)
1256. Completed NSE at 21:11, 139.14s elapsed
1257. NSE: Starting runlevel 2 (of 2) scan.
1258. Initiating NSE at 21:11
1259. Completed NSE at 21:11, 0.42s elapsed
1260. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
1261. Host is up, received syn-ack ttl 50 (0.15s latency).
1262. Scanned at 2019-02-13 21:07:46 EST for 199s
1263. Not shown: 988 filtered ports
1264. Reason: 987 no-responses and 1 host-unreach
1265. PORT STATE SERVICE REASON VERSION
1266. 21/tcp open tcpwrapped syn-ack
1267. 25/tcp closed smtp conn-refused
1268. 80/tcp open http syn-ack nginx
1269. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1270. | http-methods:
1271. |_ Supported Methods: GET HEAD POST OPTIONS
1272. |_http-server-header: nginx
1273. |_http-title: Domain Default page
1274. 110/tcp open pop3 syn-ack Dovecot pop3d
1275. |_pop3-capabilities: RESP-CODES SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) UIDL PIPELINING AUTH-RESP-CODE TOP CAPA USER STLS APOP
1276. |_ssl-date: TLS randomness does not represent time
1277. 113/tcp closed ident conn-refused
1278. 139/tcp closed netbios-ssn conn-refused
1279. 143/tcp open imap syn-ack Dovecot imapd
1280. |_imap-capabilities: listed LITERAL+ AUTH=PLAIN STARTTLS ENABLE capabilities LOGIN-REFERRALS OK more IMAP4rev1 AUTH=CRAM-MD5A0001 AUTH=LOGIN SASL-IR post-login Pre-login ID IDLE have AUTH=DIGEST-MD5
1281. |_ssl-date: TLS randomness does not represent time
1282. 443/tcp open ssl/http syn-ack nginx
1283. | http-methods:
1284. |_ Supported Methods: GET HEAD POST OPTIONS
1285. |_http-server-header: nginx
1286. |_http-title: 400 The plain HTTP request was sent to HTTPS port
1287. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/localityName=Seattle/organizationalUnitName=Plesk
1288. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/localityName=Seattle/organizationalUnitName=Plesk
1289. | Public Key type: rsa
1290. | Public Key bits: 2048
1291. | Signature Algorithm: sha256WithRSAEncryption
1292. | Not valid before: 2016-04-20T02:40:27
1293. | Not valid after: 2017-04-20T02:40:27
1294. | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
1295. | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
1296. | -----BEGIN CERTIFICATE-----
1297. | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
1298. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
1299. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
1300. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
1301. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
1302. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
1303. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
1304. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
1305. | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
1306. | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
1307. | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
1308. | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
1309. | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
1310. | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
1311. | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
1312. | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
1313. | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
1314. | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
1315. | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
1316. |_-----END CERTIFICATE-----
1317. |_ssl-date: TLS randomness does not represent time
1318. | tls-alpn:
1319. |_ http/1.1
1320. | tls-nextprotoneg:
1321. |_ http/1.1
1322. 445/tcp closed microsoft-ds conn-refused
1323. 993/tcp open ssl/imaps? syn-ack
1324. |_ssl-date: TLS randomness does not represent time
1325. 995/tcp open ssl/pop3s? syn-ack
1326. |_ssl-date: TLS randomness does not represent time
1327. 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.5.3)
1328. | http-methods:
1329. |_ Supported Methods: GET HEAD POST OPTIONS
1330. |_http-server-header: sw-cp-server
1331. |_http-title: Plesk Onyx 17.5.3
1332. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/localityName=Seattle/organizationalUnitName=Plesk
1333. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/localityName=Seattle/organizationalUnitName=Plesk
1334. | Public Key type: rsa
1335. | Public Key bits: 2048
1336. | Signature Algorithm: sha256WithRSAEncryption
1337. | Not valid before: 2016-04-20T02:40:27
1338. | Not valid after: 2017-04-20T02:40:27
1339. | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
1340. | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
1341. | -----BEGIN CERTIFICATE-----
1342. | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
1343. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
1344. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
1345. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
1346. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
1347. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
1348. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
1349. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
1350. | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
1351. | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
1352. | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
1353. | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
1354. | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
1355. | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
1356. | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
1357. | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
1358. | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
1359. | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
1360. | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
1361. |_-----END CERTIFICATE-----
1362. |_ssl-date: TLS randomness does not represent time
1363. | tls-nextprotoneg:
1364. |_ http/1.1
1365. Device type: general purpose
1366. Running: Linux 2.6.X
1367. OS CPE: cpe:/o:linux:linux_kernel:2.6
1368. OS details: Linux 2.6.18 - 2.6.22
1369. TCP/IP fingerprint:
1370. OS:SCAN(V=7.70%E=4%D=2/13%OT=80%CT=25%CU=%PV=N%G=N%TM=5C64CE39%P=x86_64-pc-
1371. OS:linux-gnu)SEQ(SP=106%GCD=1%ISR=10C%TI=Z%CI=Z%TS=A)SEQ(CI=Z)OPS(O1=M4B3ST
1372. OS:11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4
1373. OS:B3ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%
1374. OS:TG=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)ECN(R=N)T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=A
1375. OS:S%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD
1376. OS:=0%Q=)T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=N)IE(R=N)
1377.  
1378. Service Info: Host: fo3-web02.nic.gov.sd
1379.  
1380. TRACEROUTE (using proto 1/icmp)
1381. HOP RTT ADDRESS
1382. 1 23.16 ms 10.242.200.1
1383. 2 49.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1384. 3 35.53 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
1385. 4 23.18 ms 82.102.29.44
1386. 5 23.19 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
1387. 6 23.38 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
1388. 7 92.66 ms 154.54.44.165
1389. 8 98.66 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
1390. 9 99.88 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
1391. 10 100.00 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
1392. 11 98.64 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
1393. 12 182.33 ms 185.153.20.70
1394. 13 182.36 ms 185.153.20.82
1395. 14 182.10 ms 185.153.20.94
1396. 15 192.61 ms 185.153.20.153
1397. 16 208.12 ms 212.0.131.109
1398. 17 209.20 ms 196.202.137.249
1399. 18 197.39 ms 196.202.145.94
1400. 19 ... 30
1401.  
1402. NSE: Script Post-scanning.
1403. NSE: Starting runlevel 1 (of 2) scan.
1404. Initiating NSE at 21:11
1405. Completed NSE at 21:11, 0.00s elapsed
1406. NSE: Starting runlevel 2 (of 2) scan.
1407. Initiating NSE at 21:11
1408. Completed NSE at 21:11, 0.00s elapsed
1409. Read data files from: /usr/bin/../share/nmap
1410. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1411. Nmap done: 1 IP address (1 host up) scanned in 199.92 seconds
1412. Raw packets sent: 142 (10.432KB) | Rcvd: 54 (5.443KB)
1413. #######################################################################################################################################
1414. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 21:11 EST
1415. NSE: Loaded 148 scripts for scanning.
1416. NSE: Script Pre-scanning.
1417. Initiating NSE at 21:11
1418. Completed NSE at 21:11, 0.00s elapsed
1419. Initiating NSE at 21:11
1420. Completed NSE at 21:11, 0.00s elapsed
1421. Initiating Parallel DNS resolution of 1 host. at 21:11
1422. Completed Parallel DNS resolution of 1 host. at 21:11, 0.02s elapsed
1423. Initiating UDP Scan at 21:11
1424. Scanning f03-web02.nic.gov.sd (62.12.105.2) [14 ports]
1425. Completed UDP Scan at 21:11, 1.96s elapsed (14 total ports)
1426. Initiating Service scan at 21:11
1427. Scanning 12 services on f03-web02.nic.gov.sd (62.12.105.2)
1428. Service scan Timing: About 8.33% done; ETC: 21:30 (0:17:58 remaining)
1429. Completed Service scan at 21:12, 102.58s elapsed (12 services on 1 host)
1430. Initiating OS detection (try #1) against f03-web02.nic.gov.sd (62.12.105.2)
1431. Retrying OS detection (try #2) against f03-web02.nic.gov.sd (62.12.105.2)
1432. Initiating Traceroute at 21:12
1433. Completed Traceroute at 21:13, 7.09s elapsed
1434. Initiating Parallel DNS resolution of 1 host. at 21:13
1435. Completed Parallel DNS resolution of 1 host. at 21:13, 0.02s elapsed
1436. NSE: Script scanning 62.12.105.2.
1437. Initiating NSE at 21:13
1438. Completed NSE at 21:13, 20.30s elapsed
1439. Initiating NSE at 21:13
1440. Completed NSE at 21:13, 1.02s elapsed
1441. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
1442. Host is up (0.044s latency).
1443.  
1444. PORT STATE SERVICE VERSION
1445. 53/udp open|filtered domain
1446. 67/udp open|filtered dhcps
1447. 68/udp open|filtered dhcpc
1448. 69/udp open|filtered tftp
1449. 88/udp open|filtered kerberos-sec
1450. 123/udp open|filtered ntp
1451. 137/udp filtered netbios-ns
1452. 138/udp filtered netbios-dgm
1453. 139/udp open|filtered netbios-ssn
1454. 161/udp open|filtered snmp
1455. 162/udp open|filtered snmptrap
1456. 389/udp open|filtered ldap
1457. 520/udp open|filtered route
1458. 2049/udp open|filtered nfs
1459. Too many fingerprints match this host to give specific OS details
1460.  
1461. TRACEROUTE (using port 137/udp)
1462. HOP RTT ADDRESS
1463. 1 23.18 ms 10.242.200.1
1464. 2 ... 3
1465. 4 22.44 ms 10.242.200.1
1466. 5 27.07 ms 10.242.200.1
1467. 6 27.06 ms 10.242.200.1
1468. 7 27.05 ms 10.242.200.1
1469. 8 27.05 ms 10.242.200.1
1470. 9 27.04 ms 10.242.200.1
1471. 10 27.05 ms 10.242.200.1
1472. 11 ... 18
1473. 19 22.37 ms 10.242.200.1
1474. 20 25.32 ms 10.242.200.1
1475. 21 ... 28
1476. 29 23.89 ms 10.242.200.1
1477. 30 22.12 ms 10.242.200.1
1478.  
1479. NSE: Script Post-scanning.
1480. Initiating NSE at 21:13
1481. Completed NSE at 21:13, 0.00s elapsed
1482. Initiating NSE at 21:13
1483. Completed NSE at 21:13, 0.00s elapsed
1484. Read data files from: /usr/bin/../share/nmap
1485. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1486. Nmap done: 1 IP address (1 host up) scanned in 136.66 seconds
1487. Raw packets sent: 147 (13.614KB) | Rcvd: 33 (3.542KB)
1488. #######################################################################################################################################
1489. [+] FireWall Detector
1490. [++] Firewall not detected
1491.  
1492. [+] Detecting Joomla Version
1493. [++] Joomla 2.5.9
1494.  
1495. [+] Core Joomla Vulnerability
1496. [++] Joomla! Core Remote Privilege Escalation Vulnerability
1497. CVE : CVE-2016-9838
1498. EDB : https://www.exploit-db.com/exploits/41157/
1499.  
1500. Joomla! Component Akeeba Kickstart - Unserialize Remote Code Execution
1501. CVE : CVE-2014-7228
1502. EDB : https://www.exploit-db.com/exploits/35033/
1503.  
1504. Joomla! Core Authentication Bypass Vulnerability
1505. CVE :CVE-2014-6632
1506. http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html
1507.  
1508. Joomla! Core Remote Denial of Service Vulnerability
1509. CVE : CVE-2014-7229
1510. https://developer.joomla.org/security/596-20140904-core-denial-of-service.html
1511.  
1512. PHPMailer Remote Code Execution Vulnerability
1513. CVE : CVE-2016-10033
1514. https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
1515. https://github.com/opsxcq/exploit-CVE-2016-10033
1516. EDB : https://www.exploit-db.com/exploits/40969/
1517.  
1518. PPHPMailer Incomplete Fix Remote Code Execution Vulnerability
1519. CVE : CVE-2016-10045
1520. https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
1521. EDB : https://www.exploit-db.com/exploits/40969/
1522.  
1523.  
1524.  
1525. [+] Checking apache info/status files
1526. [++] Readable info/status files are not found
1527.  
1528. [+] admin finder
1529. [++] Admin page : http://www.agricmi.gov.sd/administrator/
1530.  
1531. [+] Checking robots.txt existing
1532. [++] robots.txt is found
1533. path : http://www.agricmi.gov.sd/robots.txt
1534.  
1535. Interesting path found from robots.txt
1536. http://www.agricmi.gov.sd/joomla/administrator/
1537. http://www.agricmi.gov.sd/administrator/
1538. http://www.agricmi.gov.sd/cache/
1539. http://www.agricmi.gov.sd/cli/
1540. http://www.agricmi.gov.sd/components/
1541. http://www.agricmi.gov.sd/images/
1542. http://www.agricmi.gov.sd/includes/
1543. http://www.agricmi.gov.sd/installation/
1544. http://www.agricmi.gov.sd/language/
1545. http://www.agricmi.gov.sd/libraries/
1546. http://www.agricmi.gov.sd/logs/
1547. http://www.agricmi.gov.sd/media/
1548. http://www.agricmi.gov.sd/modules/
1549. http://www.agricmi.gov.sd/plugins/
1550. http://www.agricmi.gov.sd/templates/
1551. http://www.agricmi.gov.sd/tmp/
1552.  
1553.  
1554. [+] Finding common backup files name
1555. [++] Backup files are not found
1556.  
1557. [+] Finding common log files name
1558. [++] error log is not found
1559.  
1560. [+] Checking user registration
1561. [++] registration is enabled
1562. http://www.agricmi.gov.sd/index.php?option=com_users&view=registration
1563.  
1564. [+] Checking sensitive config.php.x file
1565. [++] Readable config files are not found
1566. #######################################################################################################################################
1567. [-] Date & Time: 13/02/2019 19:48:45
1568. [I] Threads: 5
1569. [-] Target: http://www.agricmi.gov.sd (62.12.105.2)
1570. [M] Website Not in HTTPS: http://www.agricmi.gov.sd
1571. [I] X-Powered-By: PHP/5.4.16
1572. [L] X-Frame-Options: Not Enforced
1573. [I] Strict-Transport-Security: Not Enforced
1574. [I] X-Content-Security-Policy: Not Enforced
1575. [I] X-Content-Type-Options: Not Enforced
1576. [L] Robots.txt Found: http://www.agricmi.gov.sd/robots.txt
1577. [I] CMS Detection: Joomla
1578. [I] Joomla Version: 2.5.9
1579. [M] EDB-ID: 46200 "Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings"
1580. [M] EDB-ID: 42033 "Joomla! 3.7.0 - 'com_fields' SQL Injection"
1581. [M] EDB-ID: 40637 "Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation"
1582. [M] EDB-ID: 41157 "Joomla! < 3.6.4 - Admin Takeover"
1583. [M] EDB-ID: 38977 "Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution"
1584. [M] EDB-ID: 39033 "Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution"
1585. [M] EDB-ID: 38534 "Joomla! 3.2.x < 3.4.4 - SQL Injection"
1586. [M] EDB-ID: 31459 "Joomla! 3.2.1 - SQL Injection"
1587. [M] EDB-ID: 25087 "Joomla! 3.0.3 - 'remember.php' PHP Object Injection"
1588. [M] EDB-ID: 24551 "Joomla! 3.0.2 - 'highlight.php' PHP Object Injection"
1589. [M] EDB-ID: 44227 "Joomla! 3.7 - SQL Injection"
1590. [I] Joomla Website Template: siteground-j16-12
1591. [I] Joomla Administrator Template: hathor
1592. [-] Enumerating Joomla Usernames via "Feed" ...
1593. [I] Super User: [email protected]
1594. [I] Autocomplete Off Not Found: http://www.agricmi.gov.sd/administrator/index.php
1595. [-] Joomla Default Files:
1596. [-] Joomla is likely to have a large number of default files
1597. [-] Would you like to list them all?
1598. [y/N]: y
1599. [I] http://www.agricmi.gov.sd/LICENSE.txt
1600. [I] http://www.agricmi.gov.sd/README.txt
1601. [I] http://www.agricmi.gov.sd/administrator/cache/index.html
1602. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-06.sql
1603. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-16.sql
1604. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-19.sql
1605. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-20.sql
1606. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-21-1.sql
1607. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-21-2.sql
1608. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-22.sql
1609. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-23.sql
1610. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-24.sql
1611. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2012-01-10.sql
1612. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2012-01-14.sql
1613. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.1-2012-01-26.sql
1614. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.2-2012-03-05.sql
1615. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.3-2012-03-13.sql
1616. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-18.sql
1617. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-19.sql
1618. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.5.sql
1619. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.6.sql
1620. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.7.sql
1621. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.2-2012-03-05.sql
1622. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.3-2012-03-13.sql
1623. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.4-2012-03-18.sql
1624. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.4-2012-03-19.sql
1625. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.5.sql
1626. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.6.sql
1627. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.7.sql
1628. [I] http://www.agricmi.gov.sd/administrator/components/com_banners/sql/install.mysql.utf8.sql
1629. [I] http://www.agricmi.gov.sd/administrator/components/com_banners/sql/uninstall.mysql.utf8.sql
1630. [I] http://www.agricmi.gov.sd/administrator/components/com_contact/sql/install.mysql.utf8.sql
1631. [I] http://www.agricmi.gov.sd/administrator/components/com_contact/sql/uninstall.mysql.utf8.sql
1632. [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/install.mysql.sql
1633. [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/install.postgresql.sql
1634. [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/uninstall.mysql.sql
1635. [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/uninstall.postgresql.sql
1636. [I] http://www.agricmi.gov.sd/administrator/components/com_newsfeeds/sql/install.mysql.utf8.sql
1637. [I] http://www.agricmi.gov.sd/administrator/components/com_newsfeeds/sql/uninstall.mysql.utf8.sql
1638. [I] http://www.agricmi.gov.sd/administrator/language/overrides/index.html
1639. [I] http://www.agricmi.gov.sd/administrator/manifests/packages/index.html
1640. [I] http://www.agricmi.gov.sd/administrator/templates/hathor/LICENSE.txt
1641. [I] http://www.agricmi.gov.sd/cache/index.html
1642. [I] http://www.agricmi.gov.sd/cli/index.html
1643. [I] http://www.agricmi.gov.sd/components/index.html
1644. [I] http://www.agricmi.gov.sd/htaccess.txt
1645. [I] http://www.agricmi.gov.sd/images/index.html
1646. [I] http://www.agricmi.gov.sd/includes/index.html
1647. [I] http://www.agricmi.gov.sd/language/index.html
1648. [I] http://www.agricmi.gov.sd/language/overrides/index.html
1649. [I] http://www.agricmi.gov.sd/libraries/fof/LICENSE.txt
1650. [I] http://www.agricmi.gov.sd/libraries/fof/version.txt
1651. [I] http://www.agricmi.gov.sd/libraries/index.html
1652. [I] http://www.agricmi.gov.sd/media/editors/tinymce/templates/layout1.html
1653. [I] http://www.agricmi.gov.sd/media/editors/tinymce/templates/snippet1.html
1654. [I] http://www.agricmi.gov.sd/media/index.html
1655. [I] http://www.agricmi.gov.sd/modules/index.html
1656. [I] http://www.agricmi.gov.sd/plugins/index.html
1657. [I] http://www.agricmi.gov.sd/templates/index.html
1658. [I] http://www.agricmi.gov.sd/tmp/index.html
1659. [I] http://www.agricmi.gov.sd/web.config.txt
1660. [-] Searching Joomla Components ...
1661. [I] Checking for Directory Listing Enabled ...
1662. [-] Date & Time: 13/02/2019 20:07:58
1663. [-] Completed in: 0:19:12
1664. #######################################################################################################################################
1665. Anonymous JTSEC #OpSudan Full Recon #8