Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- =======================================================================================================================================
- Nom de l'hôte www.agricmi.gov.sd FAI NICDC
- Continent Afrique Drapeau
- SD
- Pays Soudan Code du pays SD
- Région Inconnu Heure locale 14 Feb 2019 02:46 CAT
- Ville Inconnu Code Postal Inconnu
- Adresse IP 62.12.105.2 Latitude 15
- Longitude 30
- =======================================================================================================================================
- #######################################################################################################################################
- > www.agricmi.gov.sd
- Server: 38.132.106.139
- Address: 38.132.106.139#53
- Non-authoritative answer:
- Name: www.agricmi.gov.sd
- Address: 62.12.105.2
- >
- #######################################################################################################################################
- HostIP:62.12.105.2
- HostName:www.agricmi.gov.sd
- Gathered Inet-whois information for 62.12.105.2
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 62.12.96.0 - 62.12.127.255
- netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
- descr: IPv4 address block not managed by the RIPE NCC
- remarks: ------------------------------------------------------
- remarks:
- remarks: For registration information,
- remarks: you can consult the following sources:
- remarks:
- remarks: IANA
- remarks: http://www.iana.org/assignments/ipv4-address-space
- remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
- remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
- remarks:
- remarks: AFRINIC (Africa)
- remarks: http://www.afrinic.net/ whois.afrinic.net
- remarks:
- remarks: APNIC (Asia Pacific)
- remarks: http://www.apnic.net/ whois.apnic.net
- remarks:
- remarks: ARIN (Northern America)
- remarks: http://www.arin.net/ whois.arin.net
- remarks:
- remarks: LACNIC (Latin America and the Carribean)
- remarks: http://www.lacnic.net/ whois.lacnic.net
- remarks:
- remarks: ------------------------------------------------------
- country: EU # Country is really world wide
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- status: ALLOCATED UNSPECIFIED
- mnt-by: RIPE-NCC-HM-MNT
- created: 2019-01-07T10:46:54Z
- last-modified: 2019-01-07T10:46:54Z
- source: RIPE
- role: Internet Assigned Numbers Authority
- address: see http://www.iana.org.
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- nic-hdl: IANA1-RIPE
- remarks: For more information on IANA services
- remarks: go to IANA web site at http://www.iana.org.
- mnt-by: RIPE-NCC-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2001-09-22T09:31:27Z
- source: RIPE # Filtered
- % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
- Gathered Inic-whois information for agricmi.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Error: Unable to connect - Invalid Host
- ERROR: Connection to InicWhois Server sd.whois-servers.net failed
- close error
- Gathered Netcraft information for www.agricmi.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for www.agricmi.gov.sd
- Netcraft.com Information gathered
- Gathered Subdomain information for agricmi.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- HostName:www.agricmi.gov.sd
- HostIP:62.12.105.2
- Searching Altavista.com:80...
- Found 1 possible subdomain(s) for host agricmi.gov.sd, Searched 0 pages containing 0 results
- Gathered E-Mail information for agricmi.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host agricmi.gov.sd, Searched 0 pages containing 0 results
- Gathered TCP Port information for 62.12.105.2
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 21/tcp open
- 80/tcp open
- 110/tcp open
- 143/tcp open
- Portscan Finished: Scanned 150 ports, 4 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: http://www.agricmi.gov.sd
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: الصــــفــحة الرئيســية
- [+] IP address: 62.12.105.2
- [+] Web Server: Could Not Detect
- [+] CMS: Joomla
- [+] Cloudflare: Not Detected
- [+] Robots File: Found
- -------------[ contents ]----------------
- # If the Joomla site is installed within a folder such as at
- # e.g. www.example.com/joomla/ the robots.txt file MUST be
- # moved to the site root at e.g. www.example.com/robots.txt
- # AND the joomla folder name MUST be prefixed to the disallowed
- # path, e.g. the Disallow rule for the /administrator/ folder
- # MUST be changed to read Disallow: /joomla/administrator/
- #
- # For more information about the robots.txt standard, see:
- # http://www.robotstxt.org/orig.html
- #
- # For syntax checking, see:
- # http://www.sxw.org.uk/computing/robots/check.html
- User-agent: *
- Disallow: /administrator/
- Disallow: /cache/
- Disallow: /cli/
- Disallow: /components/
- Disallow: /images/
- Disallow: /includes/
- Disallow: /installation/
- Disallow: /language/
- Disallow: /libraries/
- Disallow: /logs/
- Disallow: /media/
- Disallow: /modules/
- Disallow: /plugins/
- Disallow: /templates/
- Disallow: /tmp/
- -----------[end of contents]-------------
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 62.12.105.2
- [i] Country: Sudan
- [i] State:
- [i] City:
- [i] Latitude: 15.0
- [i] Longitude: 30.0
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Date: Thu, 14 Feb 2019 00:19:49 GMT
- [i] Content-Type: text/html; charset=utf-8
- [i] X-Powered-By: PHP/5.4.16
- [i] P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
- [i] Cache-Control: no-cache
- [i] Pragma: no-cache
- [i] Set-Cookie: 650a76b3bacb69cb3de623bd53c0ffc7=rpr2mdllop5m60eo2jlq1v21v6; path=/
- [i] X-Powered-By: PleskLin
- [i] Connection: close
- D N S L O O K U P
- =======================================================================================================================================
- agricmi.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
- agricmi.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
- agricmi.gov.sd. 21599 IN A 62.12.105.2
- agricmi.gov.sd. 21599 IN MX 10 mail.agricmi.gov.sd.
- agricmi.gov.sd. 21599 IN TXT "v=spf1 mx -all"
- S U B N E T C A L C U L A T I O N
- =======================================================================================================================================
- Address = 62.12.105.2
- Network = 62.12.105.2 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 62.12.105.2 - 62.12.105.2 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 01:17 UTC
- Nmap scan report for agricmi.gov.sd (62.12.105.2)
- Host is up (0.17s latency).
- rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 10.74 seconds
- #######################################################################################################################################
- [?] Enter the target: example( http://domain.com )
- http://www.agricmi.gov.sd/
- [!] IP Address : 62.12.105.2
- [!] www.agricmi.gov.sd doesn't seem to use a CMS
- [+] Honeypot Probabilty: 0%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for www.agricmi.gov.sd
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/www.agricmi.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 13.75 seconds
- ---------------------------------------------------------------------------------------------------------------------------------------
- There was an error getting results
- [-] DNS Records
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- No hosts found
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- Enter Address Website = agricmi.gov.sd
- Reverse IP With YouGetSignal 'agricmi.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [*] IP: 62.12.105.2
- [*] Domain: agricmi.gov.sd
- [*] Total Domains: 5
- [+] agricmi.gov.sd
- [+] eastgezira.gov.sd
- [+] sudan.gov.sd
- [+] unionkhr.sd
- [+] www.sudan.gov.sd
- #######################################################################################################################################
- Geo IP Lookup 'agricmi.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] IP Address: 62.12.105.2
- [+] Country: Sudan
- [+] State:
- [+] City:
- [+] Latitude: 15.0
- [+] Longitude: 30.0
- #######################################################################################################################################
- DNS Lookup 'agricmi.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] agricmi.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
- [+] agricmi.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
- [+] agricmi.gov.sd. 21599 IN A 62.12.105.2
- [+] agricmi.gov.sd. 21599 IN MX 10 mail.agricmi.gov.sd.
- [+] agricmi.gov.sd. 21599 IN TXT "v=spf1 mx -all"
- #######################################################################################################################################
- Show HTTP Header 'agricmi.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] HTTP/1.1 301 Moved Permanently
- [+] Server: nginx
- [+] Date: Thu, 14 Feb 2019 00:19:36 GMT
- [+] Content-Type: text/html
- [+] Content-Length: 178
- [+] Connection: keep-alive
- [+] Location: http://www.agricmi.gov.sd/
- [+] X-Powered-By: PleskLin
- #######################################################################################################################################
- Port Scan 'agricmi.gov.sd'
- --------------------------------------------------------------------------------------------------------------------------------------
- Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 01:17 UTC
- Nmap scan report for agricmi.gov.sd (62.12.105.2)
- Host is up (0.17s latency).
- rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 14.62 seconds
- ######################################################################################################################################
- Robot.txt 'agricmi.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- # If the Joomla site is installed within a folder such as at
- # e.g. www.example.com/joomla/ the robots.txt file MUST be
- # moved to the site root at e.g. www.example.com/robots.txt
- # AND the joomla folder name MUST be prefixed to the disallowed
- # path, e.g. the Disallow rule for the /administrator/ folder
- # MUST be changed to read Disallow: /joomla/administrator/
- #
- # For more information about the robots.txt standard, see:
- # http://www.robotstxt.org/orig.html
- #
- # For syntax checking, see:
- # http://www.sxw.org.uk/computing/robots/check.html
- User-agent: *
- Disallow: /administrator/
- Disallow: /cache/
- Disallow: /cli/
- Disallow: /components/
- Disallow: /images/
- Disallow: /includes/
- Disallow: /installation/
- Disallow: /language/
- Disallow: /libraries/
- Disallow: /logs/
- Disallow: /media/
- Disallow: /modules/
- Disallow: /plugins/
- Disallow: /templates/
- Disallow: /tmp/
- #######################################################################################################################################
- Traceroute 'agricmi.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Start: 2019-02-14T01:17:50+0000
- HOST: web01 Loss% Snt Last Avg Best Wrst StDev
- 1.|-- 45.79.12.201 0.0% 3 1.7 1.2 0.7 1.7 0.5
- 2.|-- 45.79.12.0 0.0% 3 0.6 0.7 0.6 0.8 0.1
- 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.6 1.5 1.3 1.8 0.3
- 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 1.6 1.8 1.6 2.0 0.2
- 5.|-- be2433.ccr22.mci01.atlas.cogentco.com 0.0% 3 11.6 12.0 11.6 12.4 0.4
- 6.|-- be2832.ccr42.ord01.atlas.cogentco.com 0.0% 3 23.8 23.6 23.3 23.8 0.2
- 7.|-- be2718.ccr22.cle04.atlas.cogentco.com 0.0% 3 30.2 30.3 30.1 30.4 0.2
- 8.|-- be2879.ccr22.alb02.atlas.cogentco.com 0.0% 3 41.4 42.2 41.3 43.9 1.5
- 9.|-- be3600.ccr32.bos01.atlas.cogentco.com 0.0% 3 45.8 45.8 45.5 46.0 0.3
- 10.|-- be2983.ccr42.lon13.atlas.cogentco.com 0.0% 3 107.6 107.7 107.6 107.8 0.1
- 11.|-- be2871.ccr21.lon01.atlas.cogentco.com 0.0% 3 107.9 108.1 107.9 108.4 0.3
- 12.|-- expressotelecom.demarc.cogentco.com 0.0% 3 107.4 107.5 107.4 107.6 0.1
- 13.|-- 185.153.20.70 0.0% 3 190.9 191.0 190.7 191.4 0.4
- 14.|-- 185.153.20.82 0.0% 3 240.5 210.6 190.6 240.5 26.4
- 15.|-- 185.153.20.94 0.0% 3 190.6 194.2 190.6 201.6 6.3
- 16.|-- 185.153.20.153 0.0% 3 242.9 229.3 222.1 242.9 11.8
- 17.|-- 212.0.131.109 0.0% 3 232.3 232.4 232.2 232.8 0.3
- 18.|-- 196.202.137.249 0.0% 3 223.9 224.5 223.8 225.9 1.2
- 19.|-- 196.202.145.94 0.0% 3 202.3 202.3 202.2 202.3 0.1
- 20.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- #######################################################################################################################################
- Ping 'agricmi.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-14 01:18 UTC
- SENT (0.1854s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=1] IP [ttl=64 id=12921 iplen=28 ]
- SENT (1.1857s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=2] IP [ttl=64 id=12921 iplen=28 ]
- SENT (2.1870s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=3] IP [ttl=64 id=12921 iplen=28 ]
- SENT (3.1883s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=4] IP [ttl=64 id=12921 iplen=28 ]
- Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
- Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
- Nping done: 1 IP address pinged in 4.19 seconds
- #######################################################################################################################################
- Page Admin Finder 'agricmi.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Avilable Links :
- Find Page >> http://agricmi.gov.sd/administrator/
- Find Page >> http://agricmi.gov.sd/administrator/index.php
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-1-Debian <<>> agricmi.gov.sd
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38241
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;agricmi.gov.sd. IN A
- ;; ANSWER SECTION:
- agricmi.gov.sd. 83346 IN A 62.12.105.2
- ;; Query time: 34 msec
- ;; SERVER: 38.132.106.139#53(38.132.106.139)
- ;; WHEN: mer fév 13 20:35:36 EST 2019
- ;; MSG SIZE rcvd: 59
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace agricmi.gov.sd
- ;; global options: +cmd
- . 85580 IN NS f.root-servers.net.
- . 85580 IN NS e.root-servers.net.
- . 85580 IN NS g.root-servers.net.
- . 85580 IN NS l.root-servers.net.
- . 85580 IN NS b.root-servers.net.
- . 85580 IN NS i.root-servers.net.
- . 85580 IN NS m.root-servers.net.
- . 85580 IN NS d.root-servers.net.
- . 85580 IN NS j.root-servers.net.
- . 85580 IN NS h.root-servers.net.
- . 85580 IN NS c.root-servers.net.
- . 85580 IN NS a.root-servers.net.
- . 85580 IN NS k.root-servers.net.
- . 85580 IN RRSIG NS 8 0 518400 20190226220000 20190213210000 16749 . R628FVO9et4X/BNc8EzeiINuM/Xr8cA4DlDRErB80imz2KQF25GDSnLj LHSXEhUv2Dc23IvHPS5IfzYpF+A2fwYKmqEqgnxMPNVszNlsxG4XgENE yCi5LDOao4JUMDpJj9IbsVyxFRLRdkQrvUtJnRMly39WHwgrTR3LR6C+ MwEj1GPQR/PA0YjtJGEQNG9zS78u7HSTKovKX9dv3RG+A1M2jiZWxPHP AHqQR6sisBO9xyVXfwzR4G0eRwHDJFIto7xLv2lG6z949aMBglXRa5fn sUfrryLXinLnZGXY10mZIOfn01CpnFIrxihlX9uIAnq7hW8haFV/fabK plO7fA==
- ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 35 ms
- sd. 172800 IN NS sd.cctld.authdns.ripe.net.
- sd. 172800 IN NS ns1.uaenic.ae.
- sd. 172800 IN NS ns2.uaenic.ae.
- sd. 172800 IN NS ans1.sis.sd.
- sd. 172800 IN NS ans1.canar.sd.
- sd. 172800 IN NS ans2.canar.sd.
- sd. 172800 IN NS ns-sd.afrinic.net.
- sd. 86400 IN NSEC se. NS RRSIG NSEC
- sd. 86400 IN RRSIG NSEC 8 1 86400 20190226220000 20190213210000 16749 . pQY4I1sbZFrZUqOzkaQfawsU0HmOhvLWrAHaAvuwK1X4Alx4ubLDiXJN /se+vOsfqTJ2m1SrkwMZ8zpyRcO/9oNKvQgW3pMs4KD5Qga0YanFK+DH XTu0T2a8FLgYQvp2/tiLoJIrZhr6eX5Outdn7RvP5osKZgf9MwkVHEv+ IKkqtGlzwgslXUqPxveyfYF2C9hQpsFSc4LVeQVsw/Ak7GGY4Z02YEoV LPNx7JAolNNLtYY+N2yLoUQV3g3DI7rMrIB8dHsp6MuWZTxkd83xf+q7 S9gX4WRctaW88L3+qlaMUCw3hSYwzk6E/IRoX5nZItHoX/aYU/jb9q+I Dkwj7g==
- ;; Received 701 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 44 ms
- agricmi.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
- agricmi.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
- ;; Received 115 bytes from 2001:67c:e0::109#53(sd.cctld.authdns.ripe.net) in 105 ms
- agricmi.gov.sd. 86400 IN A 62.12.105.2
- agricmi.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- ;; Received 97 bytes from 62.12.109.2#53(ns0.ndc.gov.sd) in 198 ms
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: agricmi.gov.sd
- [-] DNSSEC is not configured for agricmi.gov.sd
- [*] SOA ns0.ndc.gov.sd 62.12.109.2
- [*] NS ns0.ndc.gov.sd 62.12.109.2
- [*] Bind Version for 62.12.109.2 you guess!
- [*] MX mail.agricmi.gov.sd 197.254.200.161
- [*] A agricmi.gov.sd 62.12.105.2
- [*] TXT agricmi.gov.sd v=spf1 mx -all
- [*] Enumerating SRV Records
- [-] No SRV Records Found for agricmi.gov.sd
- [+] 0 Records Found
- #######################################################################################################################################
- rocessing domain agricmi.gov.sd
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
- [+] Getting nameservers
- 62.12.109.2 - ns0.ndc.gov.sd
- [+] Zone transfer sucessful using nameserver ns0.ndc.gov.sd
- agricmi.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
- agricmi.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- agricmi.gov.sd. 86400 IN A 62.12.105.2
- agricmi.gov.sd. 86400 IN MX 10 mail.agricmi.gov.sd.
- agricmi.gov.sd. 86400 IN TXT "v=spf1 mx -all"
- mail.agricmi.gov.sd. 86400 IN A 197.254.200.161
- mail.agricmi.gov.sd. 86400 IN MX 10 mail.agricmi.gov.sd.
- webmail.agricmi.gov.sd. 86400 IN CNAME mail.agricmi.gov.sd.
- www.agricmi.gov.sd. 86400 IN A 62.12.105.2
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------- ------ ---- ----------- ------
- 197.254.200.161 host mail.agricmi.gov.sd
- 197.254.200.161 alias webmail.agricmi.gov.sd
- 197.254.200.161 host mail.agricmi.gov.sd
- 62.12.105.2 200 host www.agricmi.gov.sd nginx
- #######################################################################################################################################
- [+] Testing domain
- www.agricmi.gov.sd 62.12.105.2
- [+] Dns resolving
- Domain name Ip address Name server
- agricmi.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
- Found 1 host(s) for agricmi.gov.sd
- [+] Testing wildcard
- Ok, no wildcard found.
- [+] Scanning for subdomain on agricmi.gov.sd
- [!] Wordlist not specified. I scannig with my internal wordlist...
- Estimated time about 105.53 seconds
- Subdomain Ip address Name server
- www.agricmi.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
- #######################################################################################################################################
- =======================================================================================================================================
- | E-mails:
- | [+] E-mail Found: [email protected]
- | [+] E-mail Found: [email protected]
- | [+] E-mail Found: [email protected]
- | [+] E-mail Found: [email protected]
- | [+] E-mail Found: [email protected]
- =======================================================================================================================================
- | External hosts:
- | [+] External Host Found: http://httpd.apache.org
- =======================================================================================================================================
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- www.agricmi.gov.sd -----
- Host's addresses:
- __________________
- www.agricmi.gov.sd. 83379 IN A 62.12.105.2
- Name Servers:
- ______________
- #######################################################################################################################################
- ===============================================
- -=Subfinder v1.1.3 github.com/subfinder/subfinder
- ===============================================
- Running Source: Ask
- Running Source: Archive.is
- Running Source: Baidu
- Running Source: Bing
- Running Source: CertDB
- Running Source: CertificateTransparency
- Running Source: Certspotter
- Running Source: Commoncrawl
- Running Source: Crt.sh
- Running Source: Dnsdb
- Running Source: DNSDumpster
- Running Source: DNSTable
- Running Source: Dogpile
- Running Source: Exalead
- Running Source: Findsubdomains
- Running Source: Googleter
- Running Source: Hackertarget
- Running Source: Ipv4Info
- Running Source: PTRArchive
- Running Source: Sitedossier
- Running Source: Threatcrowd
- Running Source: ThreatMiner
- Running Source: WaybackArchive
- Running Source: Yahoo
- Running enumeration on www.agricmi.gov.sd
- dnsdb: Unexpected return status 503
- ipv4info: <nil>
- Starting Bruteforcing of www.agricmi.gov.sd with 9985 words
- Total 1 Unique subdomains found for www.agricmi.gov.sd
- .www.agricmi.gov.sd
- #######################################################################################################################################
- [+] www.agricmi.gov.sd has no SPF record!
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for www.agricmi.gov.sd!
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:40 EST
- Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
- Host is up (0.17s latency).
- rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
- Not shown: 464 filtered ports, 4 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 993/tcp open imaps
- 995/tcp open pop3s
- 8443/tcp open https-alt
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:40 EST
- Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
- Host is up (0.023s latency).
- rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:40 EST
- Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
- Host is up.
- rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
- PORT STATE SERVICE VERSION
- 21/tcp filtered ftp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 24.19 ms 10.242.200.1
- 2 24.35 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 44.97 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 24.22 ms 82.102.29.44
- 5 24.37 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 24.23 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 93.81 ms 154.54.44.165
- 8 99.86 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 100.90 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 100.95 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 100.75 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 183.84 ms 185.153.20.70
- 13 183.84 ms 185.153.20.82
- 14 183.79 ms 185.153.20.94
- 15 227.46 ms 185.153.20.153
- 16 210.44 ms 212.0.131.109
- 17 213.43 ms 196.202.137.249
- 18 201.57 ms 196.202.145.94
- 19 ... 30
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://www.agricmi.gov.sd...
- ______________________________________________ SITE INFO ______________________________________________
- IP Title
- 62.12.105.2 الصــــفــحة الرئيســية
- _______________________________________________ VERSION _______________________________________________
- Name Versions Type
- Joomla! 2.5.9 CMS
- Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
- 2.4.9
- PHP 5.4.16 Platform
- nginx Platform
- CentOS 7-1511 | 7.0-1406 | 7.1-1503 OS
- Red Hat Enterprise Linux RHEL-7.0 | RHEL-7.1 | RHEL-7.2 OS
- Scientific Linux 7.0 | 7.1 | 7.2 OS
- _____________________________________________ INTERESTING _____________________________________________
- URL Note Type
- /robots.txt robots.txt index Interesting
- ________________________________________________ TOOLS ________________________________________________
- Name Link Software
- CMSmap https://github.com/Dionach/CMSmap Joomla!
- joomscan http://sourceforge.net/projects/joomscan/ Joomla!
- _______________________________________________________________________________________________________
- Time: 184.8 sec Urls: 807 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Server: nginx
- Date: Thu, 14 Feb 2019 00:47:16 GMT
- Content-Type: text/html; charset=utf-8
- Connection: keep-alive
- X-Powered-By: PHP/5.4.16
- P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
- Cache-Control: no-cache
- Pragma: no-cache
- Set-Cookie: 650a76b3bacb69cb3de623bd53c0ffc7=lir99270da5tqhg2hc33rbg990; path=/
- X-Powered-By: PleskLin
- HTTP/1.1 200 OK
- Server: nginx
- Date: Thu, 14 Feb 2019 00:47:17 GMT
- Content-Type: text/html; charset=utf-8
- Connection: keep-alive
- X-Powered-By: PHP/5.4.16
- P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
- Cache-Control: no-cache
- Pragma: no-cache
- Set-Cookie: 650a76b3bacb69cb3de623bd53c0ffc7=eci19585ej5rfcr5a32gogmma2; path=/
- X-Powered-By: PleskLin
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:45 EST
- Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
- Host is up (0.20s latency).
- rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 226 guesses in 197 seconds, average tps: 1.2
- |_pop3-capabilities: AUTH-RESP-CODE SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) APOP USER STLS TOP PIPELINING CAPA UIDL RESP-CODES
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: specialized|WAP|general purpose|router
- Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
- OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
- Network Distance: 20 hops
- Service Info: Host: fo3-web02.nic.gov.sd
- TRACEROUTE (using port 443/tcp)
- HOP RTT ADDRESS
- 1 27.91 ms 10.242.200.1
- 2 28.77 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 35.55 ms 37.120.128.168
- 4 27.90 ms 82.102.29.44
- 5 28.32 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 28.79 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 97.85 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
- 8 103.41 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
- 9 105.34 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
- 10 105.44 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 102.14 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 185.87 ms 185.153.20.70
- 13 185.84 ms 185.153.20.82
- 14 185.21 ms 185.153.20.94
- 15 196.39 ms 185.153.20.153
- 16 ... 17
- 18 196.21 ms 196.202.145.94
- 19 ...
- 20 210.91 ms f03-web02.nic.gov.sd (62.12.105.2)
- #######################################################################################################################################
- https://www.agricmi.gov.sd [200 OK] Cookies[650a76b3bacb69cb3de623bd53c0ffc7], Email[[email protected]], HTML5, HTTPServer[nginx], IP[62.12.105.2], Joomla[2.5.9], MetaGenerator[Joomla! - Open Source Content Management], PHP[5.4.16,], Plesk[Lin], Script[text/javascript], Title[الصــــفــحة الرئيســية], X-Powered-By[PHP/5.4.16, PleskLin], nginx
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 62.12.105.2
- Testing SSL server www.agricmi.gov.sd on port 443 using SNI name www.agricmi.gov.sd
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: Plesk
- Issuer: Plesk
- Not valid before: Apr 20 02:40:27 2016 GMT
- Not valid after: Apr 20 02:40:27 2017 GMT
- #######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:35 EST
- Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
- Host is up (0.10s latency).
- Not shown: 464 filtered ports, 4 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 993/tcp open imaps
- 995/tcp open pop3s
- 8443/tcp open https-alt
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:35 EST
- Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
- Host is up (0.026s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:35 EST
- Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
- Host is up (0.21s latency).
- PORT STATE SERVICE VERSION
- 21/tcp open tcpwrapped
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: specialized|WAP|general purpose|router
- Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
- OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
- Network Distance: 20 hops
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 29.44 ms 10.242.200.1
- 2 29.50 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 33.03 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 30.33 ms 82.102.29.44
- 5 29.95 ms 38.122.42.161
- 6 30.31 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
- 7 99.50 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
- 8 105.46 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 106.46 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 106.47 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 11 99.54 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 182.65 ms 185.153.20.70
- 13 182.65 ms 185.153.20.82
- 14 182.61 ms 185.153.20.94
- 15 195.37 ms 185.153.20.153
- 16 ... 17
- 18 198.14 ms 196.202.145.94
- 19 ...
- 20 211.83 ms f03-web02.nic.gov.sd (62.12.105.2)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:46 EST
- Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
- Host is up.
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 27.43 ms 10.242.200.1
- 2 27.82 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 35.09 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 27.46 ms 82.102.29.44
- 5 28.04 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 28.02 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 97.78 ms 154.54.44.165
- 8 103.72 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 105.12 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 105.15 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 99.62 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 183.66 ms 185.153.20.70
- 13 183.33 ms 185.153.20.82
- 14 183.37 ms 185.153.20.94
- 15 194.88 ms 185.153.20.153
- 16 211.49 ms 212.0.131.109
- 17 211.46 ms 196.202.137.249
- 18 196.21 ms 196.202.145.94
- 19 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:48 EST
- Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
- Host is up.
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 24.29 ms 10.242.200.1
- 2 50.58 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 38.79 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 24.32 ms 82.102.29.44
- 5 24.33 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 24.33 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 94.93 ms 154.54.44.165
- 8 99.68 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 100.45 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 100.51 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 100.13 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 183.37 ms 185.153.20.70
- 13 183.37 ms 185.153.20.82
- 14 183.34 ms 185.153.20.94
- 15 196.47 ms 185.153.20.153
- 16 209.03 ms 212.0.131.109
- 17 208.21 ms 196.202.137.249
- 18 196.25 ms 196.202.145.94
- 19 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:50 EST
- Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
- Host is up.
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 21.82 ms 10.242.200.1
- 2 22.31 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 36.85 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 22.28 ms 82.102.29.44
- 5 22.72 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 22.69 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 91.88 ms 154.54.44.165
- 8 97.70 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 99.33 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 99.40 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 100.12 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 183.45 ms 185.153.20.70
- 13 183.57 ms 185.153.20.82
- 14 183.40 ms 185.153.20.94
- 15 195.67 ms 185.153.20.153
- 16 212.15 ms 212.0.131.109
- 17 208.35 ms 196.202.137.249
- 18 198.15 ms 196.202.145.94
- 19 ... 30
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://62.12.105.2...
- ________________________________________ SITE INFO _________________________________________
- IP Title
- 62.12.105.2 Domain Default page
- _________________________________________ VERSION __________________________________________
- Name Versions Type
- Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
- 2.4.9
- nginx Platform
- ____________________________________________________________________________________________
- Time: 1.8 sec Urls: 811 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Server: nginx
- Date: Thu, 14 Feb 2019 00:55:38 GMT
- Content-Type: text/html
- Content-Length: 3750
- Connection: keep-alive
- Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
- ETag: "ea6-5649d8e57844b"
- Accept-Ranges: bytes
- HTTP/1.1 200 OK
- Server: nginx
- Date: Thu, 14 Feb 2019 00:55:38 GMT
- Content-Type: text/html
- Content-Length: 3750
- Connection: keep-alive
- Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
- ETag: "ea6-5649d8e57844b"
- Accept-Ranges: bytes
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:53 EST
- Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
- Host is up (0.21s latency).
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 219 guesses in 196 seconds, average tps: 1.1
- |_pop3-capabilities: TOP CAPA SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) AUTH-RESP-CODE USER STLS PIPELINING RESP-CODES UIDL APOP
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose
- Running: Linux 2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.6
- OS details: Linux 2.6.18 - 2.6.22
- Network Distance: 20 hops
- Service Info: Host: fo3-web02.nic.gov.sd
- TRACEROUTE (using port 443/tcp)
- HOP RTT ADDRESS
- 1 22.24 ms 10.242.200.1
- 2 47.67 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 30.24 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 22.51 ms 82.102.29.44
- 5 23.47 ms 38.122.42.161
- 6 23.49 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
- 7 92.91 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
- 8 99.14 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 100.33 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
- 10 100.37 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 11 100.13 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 184.08 ms 185.153.20.70
- 13 184.03 ms 185.153.20.82
- 14 184.05 ms 185.153.20.94
- 15 195.08 ms 185.153.20.153
- 16 ... 17
- 18 200.71 ms 196.202.145.94
- 19 ...
- 20 214.71 ms f03-web02.nic.gov.sd (62.12.105.2)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:57 EST
- Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
- Host is up.
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 22.71 ms 10.242.200.1
- 2 35.56 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 40.34 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 22.92 ms 82.102.29.44
- 5 23.32 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 23.54 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 93.04 ms 154.54.44.165
- 8 98.41 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 99.80 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 99.85 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 98.25 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 181.85 ms 185.153.20.70
- 13 181.85 ms 185.153.20.82
- 14 181.82 ms 185.153.20.94
- 15 196.11 ms 185.153.20.153
- 16 212.07 ms 212.0.131.109
- 17 210.40 ms 196.202.137.249
- 18 198.63 ms 196.202.145.94
- 19 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:59 EST
- Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
- Host is up (0.21s latency).
- PORT STATE SERVICE VERSION
- 161/tcp filtered snmp
- 161/udp open|filtered snmp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 22.60 ms 10.242.200.1
- 2 23.22 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 37.82 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 22.68 ms 82.102.29.44
- 5 23.29 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 23.33 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 92.65 ms 154.54.44.165
- 8 99.92 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 99.99 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 100.03 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 99.80 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 182.45 ms 185.153.20.70
- 13 182.37 ms 185.153.20.82
- 14 182.40 ms 185.153.20.94
- 15 192.72 ms 185.153.20.153
- 16 209.64 ms 212.0.131.109
- 17 209.02 ms 196.202.137.249
- 18 197.35 ms 196.202.145.94
- 19 ... 30
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 62.12.105.2
- Testing SSL server 62.12.105.2 on port 443 using SNI name 62.12.105.2
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: Plesk
- Issuer: Plesk
- Not valid before: Apr 20 02:40:27 2016 GMT
- Not valid after: Apr 20 02:40:27 2017 GMT
- #######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 21:07 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 21:07
- Completed NSE at 21:07, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 21:07
- Completed NSE at 21:07, 0.00s elapsed
- Initiating Ping Scan at 21:07
- Scanning 62.12.105.2 [4 ports]
- Completed Ping Scan at 21:07, 0.24s elapsed (1 total hosts)
- Initiating Parallel DNS resolution of 1 host. at 21:07
- Completed Parallel DNS resolution of 1 host. at 21:07, 0.02s elapsed
- Initiating Connect Scan at 21:07
- Scanning f03-web02.nic.gov.sd (62.12.105.2) [1000 ports]
- Discovered open port 443/tcp on 62.12.105.2
- Discovered open port 143/tcp on 62.12.105.2
- Discovered open port 110/tcp on 62.12.105.2
- Discovered open port 80/tcp on 62.12.105.2
- Discovered open port 995/tcp on 62.12.105.2
- Discovered open port 993/tcp on 62.12.105.2
- Discovered open port 21/tcp on 62.12.105.2
- Discovered open port 8443/tcp on 62.12.105.2
- Completed Connect Scan at 21:08, 14.79s elapsed (1000 total ports)
- Initiating Service scan at 21:08
- Scanning 8 services on f03-web02.nic.gov.sd (62.12.105.2)
- Completed Service scan at 21:08, 14.43s elapsed (8 services on 1 host)
- Initiating OS detection (try #1) against f03-web02.nic.gov.sd (62.12.105.2)
- Retrying OS detection (try #2) against f03-web02.nic.gov.sd (62.12.105.2)
- WARNING: OS didn't match until try #2
- Initiating Traceroute at 21:08
- Completed Traceroute at 21:08, 6.15s elapsed
- Initiating Parallel DNS resolution of 18 hosts. at 21:08
- Completed Parallel DNS resolution of 18 hosts. at 21:08, 16.51s elapsed
- NSE: Script scanning 62.12.105.2.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 21:08
- NSE Timing: About 98.90% done; ETC: 21:09 (0:00:00 remaining)
- NSE Timing: About 99.54% done; ETC: 21:09 (0:00:00 remaining)
- NSE Timing: About 99.72% done; ETC: 21:10 (0:00:00 remaining)
- NSE Timing: About 99.91% done; ETC: 21:10 (0:00:00 remaining)
- Completed NSE at 21:11, 139.14s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 21:11
- Completed NSE at 21:11, 0.42s elapsed
- Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
- Host is up, received syn-ack ttl 50 (0.15s latency).
- Scanned at 2019-02-13 21:07:46 EST for 199s
- Not shown: 988 filtered ports
- Reason: 987 no-responses and 1 host-unreach
- PORT STATE SERVICE REASON VERSION
- 21/tcp open tcpwrapped syn-ack
- 25/tcp closed smtp conn-refused
- 80/tcp open http syn-ack nginx
- |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: nginx
- |_http-title: Domain Default page
- 110/tcp open pop3 syn-ack Dovecot pop3d
- |_pop3-capabilities: RESP-CODES SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) UIDL PIPELINING AUTH-RESP-CODE TOP CAPA USER STLS APOP
- |_ssl-date: TLS randomness does not represent time
- 113/tcp closed ident conn-refused
- 139/tcp closed netbios-ssn conn-refused
- 143/tcp open imap syn-ack Dovecot imapd
- |_imap-capabilities: listed LITERAL+ AUTH=PLAIN STARTTLS ENABLE capabilities LOGIN-REFERRALS OK more IMAP4rev1 AUTH=CRAM-MD5A0001 AUTH=LOGIN SASL-IR post-login Pre-login ID IDLE have AUTH=DIGEST-MD5
- |_ssl-date: TLS randomness does not represent time
- 443/tcp open ssl/http syn-ack nginx
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: nginx
- |_http-title: 400 The plain HTTP request was sent to HTTPS port
- | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/localityName=Seattle/organizationalUnitName=Plesk
- | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/localityName=Seattle/organizationalUnitName=Plesk
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2016-04-20T02:40:27
- | Not valid after: 2017-04-20T02:40:27
- | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
- | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
- | -----BEGIN CERTIFICATE-----
- | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
- | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
- | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
- | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
- | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
- | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
- | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
- | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
- | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
- | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
- | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
- | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
- | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
- | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
- | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
- | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
- | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
- | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
- | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- | tls-alpn:
- |_ http/1.1
- | tls-nextprotoneg:
- |_ http/1.1
- 445/tcp closed microsoft-ds conn-refused
- 993/tcp open ssl/imaps? syn-ack
- |_ssl-date: TLS randomness does not represent time
- 995/tcp open ssl/pop3s? syn-ack
- |_ssl-date: TLS randomness does not represent time
- 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.5.3)
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: sw-cp-server
- |_http-title: Plesk Onyx 17.5.3
- | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/localityName=Seattle/organizationalUnitName=Plesk
- | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/[email protected]/localityName=Seattle/organizationalUnitName=Plesk
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2016-04-20T02:40:27
- | Not valid after: 2017-04-20T02:40:27
- | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
- | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
- | -----BEGIN CERTIFICATE-----
- | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
- | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
- | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
- | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
- | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
- | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
- | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
- | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
- | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
- | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
- | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
- | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
- | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
- | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
- | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
- | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
- | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
- | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
- | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- | tls-nextprotoneg:
- |_ http/1.1
- Device type: general purpose
- Running: Linux 2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.6
- OS details: Linux 2.6.18 - 2.6.22
- TCP/IP fingerprint:
- OS:SCAN(V=7.70%E=4%D=2/13%OT=80%CT=25%CU=%PV=N%G=N%TM=5C64CE39%P=x86_64-pc-
- OS:linux-gnu)SEQ(SP=106%GCD=1%ISR=10C%TI=Z%CI=Z%TS=A)SEQ(CI=Z)OPS(O1=M4B3ST
- OS:11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4
- OS:B3ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%
- OS:TG=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)ECN(R=N)T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=A
- OS:S%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD
- OS:=0%Q=)T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=N)IE(R=N)
- Service Info: Host: fo3-web02.nic.gov.sd
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 23.16 ms 10.242.200.1
- 2 49.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 35.53 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 23.18 ms 82.102.29.44
- 5 23.19 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
- 6 23.38 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
- 7 92.66 ms 154.54.44.165
- 8 98.66 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
- 9 99.88 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
- 10 100.00 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 11 98.64 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 12 182.33 ms 185.153.20.70
- 13 182.36 ms 185.153.20.82
- 14 182.10 ms 185.153.20.94
- 15 192.61 ms 185.153.20.153
- 16 208.12 ms 212.0.131.109
- 17 209.20 ms 196.202.137.249
- 18 197.39 ms 196.202.145.94
- 19 ... 30
- NSE: Script Post-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 21:11
- Completed NSE at 21:11, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 21:11
- Completed NSE at 21:11, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 199.92 seconds
- Raw packets sent: 142 (10.432KB) | Rcvd: 54 (5.443KB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 21:11 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 21:11
- Completed NSE at 21:11, 0.00s elapsed
- Initiating NSE at 21:11
- Completed NSE at 21:11, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 21:11
- Completed Parallel DNS resolution of 1 host. at 21:11, 0.02s elapsed
- Initiating UDP Scan at 21:11
- Scanning f03-web02.nic.gov.sd (62.12.105.2) [14 ports]
- Completed UDP Scan at 21:11, 1.96s elapsed (14 total ports)
- Initiating Service scan at 21:11
- Scanning 12 services on f03-web02.nic.gov.sd (62.12.105.2)
- Service scan Timing: About 8.33% done; ETC: 21:30 (0:17:58 remaining)
- Completed Service scan at 21:12, 102.58s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against f03-web02.nic.gov.sd (62.12.105.2)
- Retrying OS detection (try #2) against f03-web02.nic.gov.sd (62.12.105.2)
- Initiating Traceroute at 21:12
- Completed Traceroute at 21:13, 7.09s elapsed
- Initiating Parallel DNS resolution of 1 host. at 21:13
- Completed Parallel DNS resolution of 1 host. at 21:13, 0.02s elapsed
- NSE: Script scanning 62.12.105.2.
- Initiating NSE at 21:13
- Completed NSE at 21:13, 20.30s elapsed
- Initiating NSE at 21:13
- Completed NSE at 21:13, 1.02s elapsed
- Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
- Host is up (0.044s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 137/udp)
- HOP RTT ADDRESS
- 1 23.18 ms 10.242.200.1
- 2 ... 3
- 4 22.44 ms 10.242.200.1
- 5 27.07 ms 10.242.200.1
- 6 27.06 ms 10.242.200.1
- 7 27.05 ms 10.242.200.1
- 8 27.05 ms 10.242.200.1
- 9 27.04 ms 10.242.200.1
- 10 27.05 ms 10.242.200.1
- 11 ... 18
- 19 22.37 ms 10.242.200.1
- 20 25.32 ms 10.242.200.1
- 21 ... 28
- 29 23.89 ms 10.242.200.1
- 30 22.12 ms 10.242.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 21:13
- Completed NSE at 21:13, 0.00s elapsed
- Initiating NSE at 21:13
- Completed NSE at 21:13, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 136.66 seconds
- Raw packets sent: 147 (13.614KB) | Rcvd: 33 (3.542KB)
- #######################################################################################################################################
- [+] FireWall Detector
- [++] Firewall not detected
- [+] Detecting Joomla Version
- [++] Joomla 2.5.9
- [+] Core Joomla Vulnerability
- [++] Joomla! Core Remote Privilege Escalation Vulnerability
- CVE : CVE-2016-9838
- EDB : https://www.exploit-db.com/exploits/41157/
- Joomla! Component Akeeba Kickstart - Unserialize Remote Code Execution
- CVE : CVE-2014-7228
- EDB : https://www.exploit-db.com/exploits/35033/
- Joomla! Core Authentication Bypass Vulnerability
- CVE :CVE-2014-6632
- http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html
- Joomla! Core Remote Denial of Service Vulnerability
- CVE : CVE-2014-7229
- https://developer.joomla.org/security/596-20140904-core-denial-of-service.html
- PHPMailer Remote Code Execution Vulnerability
- CVE : CVE-2016-10033
- https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
- https://github.com/opsxcq/exploit-CVE-2016-10033
- EDB : https://www.exploit-db.com/exploits/40969/
- PPHPMailer Incomplete Fix Remote Code Execution Vulnerability
- CVE : CVE-2016-10045
- https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
- EDB : https://www.exploit-db.com/exploits/40969/
- [+] Checking apache info/status files
- [++] Readable info/status files are not found
- [+] admin finder
- [++] Admin page : http://www.agricmi.gov.sd/administrator/
- [+] Checking robots.txt existing
- [++] robots.txt is found
- path : http://www.agricmi.gov.sd/robots.txt
- Interesting path found from robots.txt
- http://www.agricmi.gov.sd/joomla/administrator/
- http://www.agricmi.gov.sd/administrator/
- http://www.agricmi.gov.sd/cache/
- http://www.agricmi.gov.sd/cli/
- http://www.agricmi.gov.sd/components/
- http://www.agricmi.gov.sd/images/
- http://www.agricmi.gov.sd/includes/
- http://www.agricmi.gov.sd/installation/
- http://www.agricmi.gov.sd/language/
- http://www.agricmi.gov.sd/libraries/
- http://www.agricmi.gov.sd/logs/
- http://www.agricmi.gov.sd/media/
- http://www.agricmi.gov.sd/modules/
- http://www.agricmi.gov.sd/plugins/
- http://www.agricmi.gov.sd/templates/
- http://www.agricmi.gov.sd/tmp/
- [+] Finding common backup files name
- [++] Backup files are not found
- [+] Finding common log files name
- [++] error log is not found
- [+] Checking user registration
- [++] registration is enabled
- http://www.agricmi.gov.sd/index.php?option=com_users&view=registration
- [+] Checking sensitive config.php.x file
- [++] Readable config files are not found
- #######################################################################################################################################
- [-] Date & Time: 13/02/2019 19:48:45
- [I] Threads: 5
- [-] Target: http://www.agricmi.gov.sd (62.12.105.2)
- [M] Website Not in HTTPS: http://www.agricmi.gov.sd
- [I] X-Powered-By: PHP/5.4.16
- [L] X-Frame-Options: Not Enforced
- [I] Strict-Transport-Security: Not Enforced
- [I] X-Content-Security-Policy: Not Enforced
- [I] X-Content-Type-Options: Not Enforced
- [L] Robots.txt Found: http://www.agricmi.gov.sd/robots.txt
- [I] CMS Detection: Joomla
- [I] Joomla Version: 2.5.9
- [M] EDB-ID: 46200 "Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings"
- [M] EDB-ID: 42033 "Joomla! 3.7.0 - 'com_fields' SQL Injection"
- [M] EDB-ID: 40637 "Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation"
- [M] EDB-ID: 41157 "Joomla! < 3.6.4 - Admin Takeover"
- [M] EDB-ID: 38977 "Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution"
- [M] EDB-ID: 39033 "Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution"
- [M] EDB-ID: 38534 "Joomla! 3.2.x < 3.4.4 - SQL Injection"
- [M] EDB-ID: 31459 "Joomla! 3.2.1 - SQL Injection"
- [M] EDB-ID: 25087 "Joomla! 3.0.3 - 'remember.php' PHP Object Injection"
- [M] EDB-ID: 24551 "Joomla! 3.0.2 - 'highlight.php' PHP Object Injection"
- [M] EDB-ID: 44227 "Joomla! 3.7 - SQL Injection"
- [I] Joomla Website Template: siteground-j16-12
- [I] Joomla Administrator Template: hathor
- [-] Enumerating Joomla Usernames via "Feed" ...
- [I] Super User: [email protected]
- [I] Autocomplete Off Not Found: http://www.agricmi.gov.sd/administrator/index.php
- [-] Joomla Default Files:
- [-] Joomla is likely to have a large number of default files
- [-] Would you like to list them all?
- [y/N]: y
- [I] http://www.agricmi.gov.sd/LICENSE.txt
- [I] http://www.agricmi.gov.sd/README.txt
- [I] http://www.agricmi.gov.sd/administrator/cache/index.html
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-06.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-16.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-19.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-20.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-21-1.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-21-2.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-22.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-23.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-24.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2012-01-10.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2012-01-14.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.1-2012-01-26.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.2-2012-03-05.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.3-2012-03-13.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-18.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-19.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.5.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.6.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.7.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.2-2012-03-05.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.3-2012-03-13.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.4-2012-03-18.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.4-2012-03-19.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.5.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.6.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.7.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_banners/sql/install.mysql.utf8.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_banners/sql/uninstall.mysql.utf8.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_contact/sql/install.mysql.utf8.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_contact/sql/uninstall.mysql.utf8.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/install.mysql.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/install.postgresql.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/uninstall.mysql.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/uninstall.postgresql.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_newsfeeds/sql/install.mysql.utf8.sql
- [I] http://www.agricmi.gov.sd/administrator/components/com_newsfeeds/sql/uninstall.mysql.utf8.sql
- [I] http://www.agricmi.gov.sd/administrator/language/overrides/index.html
- [I] http://www.agricmi.gov.sd/administrator/manifests/packages/index.html
- [I] http://www.agricmi.gov.sd/administrator/templates/hathor/LICENSE.txt
- [I] http://www.agricmi.gov.sd/cache/index.html
- [I] http://www.agricmi.gov.sd/cli/index.html
- [I] http://www.agricmi.gov.sd/components/index.html
- [I] http://www.agricmi.gov.sd/htaccess.txt
- [I] http://www.agricmi.gov.sd/images/index.html
- [I] http://www.agricmi.gov.sd/includes/index.html
- [I] http://www.agricmi.gov.sd/language/index.html
- [I] http://www.agricmi.gov.sd/language/overrides/index.html
- [I] http://www.agricmi.gov.sd/libraries/fof/LICENSE.txt
- [I] http://www.agricmi.gov.sd/libraries/fof/version.txt
- [I] http://www.agricmi.gov.sd/libraries/index.html
- [I] http://www.agricmi.gov.sd/media/editors/tinymce/templates/layout1.html
- [I] http://www.agricmi.gov.sd/media/editors/tinymce/templates/snippet1.html
- [I] http://www.agricmi.gov.sd/media/index.html
- [I] http://www.agricmi.gov.sd/modules/index.html
- [I] http://www.agricmi.gov.sd/plugins/index.html
- [I] http://www.agricmi.gov.sd/templates/index.html
- [I] http://www.agricmi.gov.sd/tmp/index.html
- [I] http://www.agricmi.gov.sd/web.config.txt
- [-] Searching Joomla Components ...
- [I] Checking for Directory Listing Enabled ...
- [-] Date & Time: 13/02/2019 20:07:58
- [-] Completed in: 0:19:12
- #######################################################################################################################################
- Anonymous JTSEC #OpSudan Full Recon #8
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement