Advertisement
Guest User

Anonymous JTSEC #OpSudan Full Recon #8

a guest
Feb 13th, 2019
906
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Nom de l'hôte www.agricmi.gov.sd FAI NICDC
  4. Continent Afrique Drapeau
  5. SD
  6. Pays Soudan Code du pays SD
  7. Région Inconnu Heure locale 14 Feb 2019 02:46 CAT
  8. Ville Inconnu Code Postal Inconnu
  9. Adresse IP 62.12.105.2 Latitude 15
  10. Longitude 30
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > www.agricmi.gov.sd
  14. Server: 38.132.106.139
  15. Address: 38.132.106.139#53
  16.  
  17. Non-authoritative answer:
  18. Name: www.agricmi.gov.sd
  19. Address: 62.12.105.2
  20. >
  21. #######################################################################################################################################
  22. HostIP:62.12.105.2
  23. HostName:www.agricmi.gov.sd
  24.  
  25. Gathered Inet-whois information for 62.12.105.2
  26. ---------------------------------------------------------------------------------------------------------------------------------------
  27.  
  28.  
  29. inetnum: 62.12.96.0 - 62.12.127.255
  30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  31. descr: IPv4 address block not managed by the RIPE NCC
  32. remarks: ------------------------------------------------------
  33. remarks:
  34. remarks: For registration information,
  35. remarks: you can consult the following sources:
  36. remarks:
  37. remarks: IANA
  38. remarks: http://www.iana.org/assignments/ipv4-address-space
  39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
  40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
  41. remarks:
  42. remarks: AFRINIC (Africa)
  43. remarks: http://www.afrinic.net/ whois.afrinic.net
  44. remarks:
  45. remarks: APNIC (Asia Pacific)
  46. remarks: http://www.apnic.net/ whois.apnic.net
  47. remarks:
  48. remarks: ARIN (Northern America)
  49. remarks: http://www.arin.net/ whois.arin.net
  50. remarks:
  51. remarks: LACNIC (Latin America and the Carribean)
  52. remarks: http://www.lacnic.net/ whois.lacnic.net
  53. remarks:
  54. remarks: ------------------------------------------------------
  55. country: EU # Country is really world wide
  56. admin-c: IANA1-RIPE
  57. tech-c: IANA1-RIPE
  58. status: ALLOCATED UNSPECIFIED
  59. mnt-by: RIPE-NCC-HM-MNT
  60. created: 2019-01-07T10:46:54Z
  61. last-modified: 2019-01-07T10:46:54Z
  62. source: RIPE
  63.  
  64. role: Internet Assigned Numbers Authority
  65. address: see http://www.iana.org.
  66. admin-c: IANA1-RIPE
  67. tech-c: IANA1-RIPE
  68. nic-hdl: IANA1-RIPE
  69. remarks: For more information on IANA services
  70. remarks: go to IANA web site at http://www.iana.org.
  71. mnt-by: RIPE-NCC-MNT
  72. created: 1970-01-01T00:00:00Z
  73. last-modified: 2001-09-22T09:31:27Z
  74. source: RIPE # Filtered
  75.  
  76. % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
  77.  
  78.  
  79.  
  80. Gathered Inic-whois information for agricmi.gov.sd
  81. ---------------------------------------------------------------------------------------------------------------------------------------
  82. Error: Unable to connect - Invalid Host
  83. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  84. close error
  85.  
  86. Gathered Netcraft information for www.agricmi.gov.sd
  87. ---------------------------------------------------------------------------------------------------------------------------------------
  88.  
  89. Retrieving Netcraft.com information for www.agricmi.gov.sd
  90. Netcraft.com Information gathered
  91.  
  92. Gathered Subdomain information for agricmi.gov.sd
  93. ---------------------------------------------------------------------------------------------------------------------------------------
  94. Searching Google.com:80...
  95. HostName:www.agricmi.gov.sd
  96. HostIP:62.12.105.2
  97. Searching Altavista.com:80...
  98. Found 1 possible subdomain(s) for host agricmi.gov.sd, Searched 0 pages containing 0 results
  99.  
  100. Gathered E-Mail information for agricmi.gov.sd
  101. ---------------------------------------------------------------------------------------------------------------------------------------
  102. Searching Google.com:80...
  103. Searching Altavista.com:80...
  104. Found 0 E-Mail(s) for host agricmi.gov.sd, Searched 0 pages containing 0 results
  105.  
  106. Gathered TCP Port information for 62.12.105.2
  107. ---------------------------------------------------------------------------------------------------------------------------------------
  108.  
  109. Port State
  110.  
  111. 21/tcp open
  112. 80/tcp open
  113. 110/tcp open
  114. 143/tcp open
  115.  
  116. Portscan Finished: Scanned 150 ports, 4 ports were in state closed
  117. #######################################################################################################################################
  118. [i] Scanning Site: http://www.agricmi.gov.sd
  119.  
  120.  
  121.  
  122. B A S I C I N F O
  123. =======================================================================================================================================
  124.  
  125.  
  126. [+] Site Title: الصــــفــحة الرئيســية
  127. [+] IP address: 62.12.105.2
  128. [+] Web Server: Could Not Detect
  129. [+] CMS: Joomla
  130. [+] Cloudflare: Not Detected
  131. [+] Robots File: Found
  132.  
  133. -------------[ contents ]----------------
  134. # If the Joomla site is installed within a folder such as at
  135. # e.g. www.example.com/joomla/ the robots.txt file MUST be
  136. # moved to the site root at e.g. www.example.com/robots.txt
  137. # AND the joomla folder name MUST be prefixed to the disallowed
  138. # path, e.g. the Disallow rule for the /administrator/ folder
  139. # MUST be changed to read Disallow: /joomla/administrator/
  140. #
  141. # For more information about the robots.txt standard, see:
  142. # http://www.robotstxt.org/orig.html
  143. #
  144. # For syntax checking, see:
  145. # http://www.sxw.org.uk/computing/robots/check.html
  146.  
  147. User-agent: *
  148. Disallow: /administrator/
  149. Disallow: /cache/
  150. Disallow: /cli/
  151. Disallow: /components/
  152. Disallow: /images/
  153. Disallow: /includes/
  154. Disallow: /installation/
  155. Disallow: /language/
  156. Disallow: /libraries/
  157. Disallow: /logs/
  158. Disallow: /media/
  159. Disallow: /modules/
  160. Disallow: /plugins/
  161. Disallow: /templates/
  162. Disallow: /tmp/
  163.  
  164.  
  165. -----------[end of contents]-------------
  166.  
  167.  
  168.  
  169.  
  170. G E O I P L O O K U P
  171. =======================================================================================================================================
  172.  
  173. [i] IP Address: 62.12.105.2
  174. [i] Country: Sudan
  175. [i] State:
  176. [i] City:
  177. [i] Latitude: 15.0
  178. [i] Longitude: 30.0
  179.  
  180.  
  181.  
  182.  
  183. H T T P H E A D E R S
  184. =======================================================================================================================================
  185.  
  186.  
  187. [i] HTTP/1.1 200 OK
  188. [i] Date: Thu, 14 Feb 2019 00:19:49 GMT
  189. [i] Content-Type: text/html; charset=utf-8
  190. [i] X-Powered-By: PHP/5.4.16
  191. [i] P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  192. [i] Cache-Control: no-cache
  193. [i] Pragma: no-cache
  194. [i] Set-Cookie: 650a76b3bacb69cb3de623bd53c0ffc7=rpr2mdllop5m60eo2jlq1v21v6; path=/
  195. [i] X-Powered-By: PleskLin
  196. [i] Connection: close
  197.  
  198.  
  199.  
  200.  
  201. D N S L O O K U P
  202. =======================================================================================================================================
  203.  
  204. agricmi.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
  205. agricmi.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  206. agricmi.gov.sd. 21599 IN A 62.12.105.2
  207. agricmi.gov.sd. 21599 IN MX 10 mail.agricmi.gov.sd.
  208. agricmi.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  209.  
  210.  
  211.  
  212.  
  213. S U B N E T C A L C U L A T I O N
  214. =======================================================================================================================================
  215.  
  216. Address = 62.12.105.2
  217. Network = 62.12.105.2 / 32
  218. Netmask = 255.255.255.255
  219. Broadcast = not needed on Point-to-Point links
  220. Wildcard Mask = 0.0.0.0
  221. Hosts Bits = 0
  222. Max. Hosts = 1 (2^0 - 0)
  223. Host Range = { 62.12.105.2 - 62.12.105.2 }
  224.  
  225.  
  226.  
  227. N M A P P O R T S C A N
  228. =======================================================================================================================================
  229.  
  230.  
  231. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 01:17 UTC
  232. Nmap scan report for agricmi.gov.sd (62.12.105.2)
  233. Host is up (0.17s latency).
  234. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  235. PORT STATE SERVICE
  236. 21/tcp filtered ftp
  237. 22/tcp filtered ssh
  238. 23/tcp filtered telnet
  239. 80/tcp filtered http
  240. 110/tcp filtered pop3
  241. 143/tcp filtered imap
  242. 443/tcp filtered https
  243. 3389/tcp filtered ms-wbt-server
  244.  
  245. Nmap done: 1 IP address (1 host up) scanned in 10.74 seconds
  246. #######################################################################################################################################
  247. [?] Enter the target: example( http://domain.com )
  248. http://www.agricmi.gov.sd/
  249. [!] IP Address : 62.12.105.2
  250. [!] www.agricmi.gov.sd doesn't seem to use a CMS
  251. [+] Honeypot Probabilty: 0%
  252. ---------------------------------------------------------------------------------------------------------------------------------------
  253. [~] Trying to gather whois information for www.agricmi.gov.sd
  254. [+] Whois information found
  255. [-] Unable to build response, visit https://who.is/whois/www.agricmi.gov.sd
  256. ---------------------------------------------------------------------------------------------------------------------------------------
  257. PORT STATE SERVICE
  258. 21/tcp filtered ftp
  259. 22/tcp filtered ssh
  260. 23/tcp filtered telnet
  261. 80/tcp filtered http
  262. 110/tcp filtered pop3
  263. 143/tcp filtered imap
  264. 443/tcp filtered https
  265. 3389/tcp filtered ms-wbt-server
  266. Nmap done: 1 IP address (1 host up) scanned in 13.75 seconds
  267. ---------------------------------------------------------------------------------------------------------------------------------------
  268. There was an error getting results
  269.  
  270. [-] DNS Records
  271. [>] Initiating 3 intel modules
  272. [>] Loading Alpha module (1/3)
  273. [>] Beta module deployed (2/3)
  274. [>] Gamma module initiated (3/3)
  275.  
  276.  
  277. [+] Emails found:
  278. ---------------------------------------------------------------------------------------------------------------------------------------
  279. pixel-1550107083678550-web-@www.agricmi.gov.sd
  280. pixel-1550107084325699-web-@www.agricmi.gov.sd
  281. No hosts found
  282. [+] Virtual hosts:
  283. ---------------------------------------------------------------------------------------------------------------------------------------
  284. #######################################################################################################################################
  285. Enter Address Website = agricmi.gov.sd
  286.  
  287.  
  288. Reverse IP With YouGetSignal 'agricmi.gov.sd'
  289. ---------------------------------------------------------------------------------------------------------------------------------------
  290.  
  291. [*] IP: 62.12.105.2
  292. [*] Domain: agricmi.gov.sd
  293. [*] Total Domains: 5
  294.  
  295. [+] agricmi.gov.sd
  296. [+] eastgezira.gov.sd
  297. [+] sudan.gov.sd
  298. [+] unionkhr.sd
  299. [+] www.sudan.gov.sd
  300. #######################################################################################################################################
  301. Geo IP Lookup 'agricmi.gov.sd'
  302. ---------------------------------------------------------------------------------------------------------------------------------------
  303.  
  304. [+] IP Address: 62.12.105.2
  305. [+] Country: Sudan
  306. [+] State:
  307. [+] City:
  308. [+] Latitude: 15.0
  309. [+] Longitude: 30.0
  310. #######################################################################################################################################
  311. DNS Lookup 'agricmi.gov.sd'
  312. ---------------------------------------------------------------------------------------------------------------------------------------
  313.  
  314. [+] agricmi.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
  315. [+] agricmi.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  316. [+] agricmi.gov.sd. 21599 IN A 62.12.105.2
  317. [+] agricmi.gov.sd. 21599 IN MX 10 mail.agricmi.gov.sd.
  318. [+] agricmi.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  319. #######################################################################################################################################
  320. Show HTTP Header 'agricmi.gov.sd'
  321. ---------------------------------------------------------------------------------------------------------------------------------------
  322.  
  323. [+] HTTP/1.1 301 Moved Permanently
  324. [+] Server: nginx
  325. [+] Date: Thu, 14 Feb 2019 00:19:36 GMT
  326. [+] Content-Type: text/html
  327. [+] Content-Length: 178
  328. [+] Connection: keep-alive
  329. [+] Location: http://www.agricmi.gov.sd/
  330. [+] X-Powered-By: PleskLin
  331. #######################################################################################################################################
  332. Port Scan 'agricmi.gov.sd'
  333. --------------------------------------------------------------------------------------------------------------------------------------
  334.  
  335.  
  336. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-14 01:17 UTC
  337. Nmap scan report for agricmi.gov.sd (62.12.105.2)
  338. Host is up (0.17s latency).
  339. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  340. PORT STATE SERVICE
  341. 21/tcp filtered ftp
  342. 22/tcp filtered ssh
  343. 23/tcp filtered telnet
  344. 80/tcp filtered http
  345. 110/tcp filtered pop3
  346. 143/tcp filtered imap
  347. 443/tcp filtered https
  348. 3389/tcp filtered ms-wbt-server
  349.  
  350. Nmap done: 1 IP address (1 host up) scanned in 14.62 seconds
  351. ######################################################################################################################################
  352. Robot.txt 'agricmi.gov.sd'
  353. ---------------------------------------------------------------------------------------------------------------------------------------
  354.  
  355. # If the Joomla site is installed within a folder such as at
  356. # e.g. www.example.com/joomla/ the robots.txt file MUST be
  357. # moved to the site root at e.g. www.example.com/robots.txt
  358. # AND the joomla folder name MUST be prefixed to the disallowed
  359. # path, e.g. the Disallow rule for the /administrator/ folder
  360. # MUST be changed to read Disallow: /joomla/administrator/
  361. #
  362. # For more information about the robots.txt standard, see:
  363. # http://www.robotstxt.org/orig.html
  364. #
  365. # For syntax checking, see:
  366. # http://www.sxw.org.uk/computing/robots/check.html
  367.  
  368. User-agent: *
  369. Disallow: /administrator/
  370. Disallow: /cache/
  371. Disallow: /cli/
  372. Disallow: /components/
  373. Disallow: /images/
  374. Disallow: /includes/
  375. Disallow: /installation/
  376. Disallow: /language/
  377. Disallow: /libraries/
  378. Disallow: /logs/
  379. Disallow: /media/
  380. Disallow: /modules/
  381. Disallow: /plugins/
  382. Disallow: /templates/
  383. Disallow: /tmp/
  384. #######################################################################################################################################
  385. Traceroute 'agricmi.gov.sd'
  386. ---------------------------------------------------------------------------------------------------------------------------------------
  387.  
  388. Start: 2019-02-14T01:17:50+0000
  389. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  390. 1.|-- 45.79.12.201 0.0% 3 1.7 1.2 0.7 1.7 0.5
  391. 2.|-- 45.79.12.0 0.0% 3 0.6 0.7 0.6 0.8 0.1
  392. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.6 1.5 1.3 1.8 0.3
  393. 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 1.6 1.8 1.6 2.0 0.2
  394. 5.|-- be2433.ccr22.mci01.atlas.cogentco.com 0.0% 3 11.6 12.0 11.6 12.4 0.4
  395. 6.|-- be2832.ccr42.ord01.atlas.cogentco.com 0.0% 3 23.8 23.6 23.3 23.8 0.2
  396. 7.|-- be2718.ccr22.cle04.atlas.cogentco.com 0.0% 3 30.2 30.3 30.1 30.4 0.2
  397. 8.|-- be2879.ccr22.alb02.atlas.cogentco.com 0.0% 3 41.4 42.2 41.3 43.9 1.5
  398. 9.|-- be3600.ccr32.bos01.atlas.cogentco.com 0.0% 3 45.8 45.8 45.5 46.0 0.3
  399. 10.|-- be2983.ccr42.lon13.atlas.cogentco.com 0.0% 3 107.6 107.7 107.6 107.8 0.1
  400. 11.|-- be2871.ccr21.lon01.atlas.cogentco.com 0.0% 3 107.9 108.1 107.9 108.4 0.3
  401. 12.|-- expressotelecom.demarc.cogentco.com 0.0% 3 107.4 107.5 107.4 107.6 0.1
  402. 13.|-- 185.153.20.70 0.0% 3 190.9 191.0 190.7 191.4 0.4
  403. 14.|-- 185.153.20.82 0.0% 3 240.5 210.6 190.6 240.5 26.4
  404. 15.|-- 185.153.20.94 0.0% 3 190.6 194.2 190.6 201.6 6.3
  405. 16.|-- 185.153.20.153 0.0% 3 242.9 229.3 222.1 242.9 11.8
  406. 17.|-- 212.0.131.109 0.0% 3 232.3 232.4 232.2 232.8 0.3
  407. 18.|-- 196.202.137.249 0.0% 3 223.9 224.5 223.8 225.9 1.2
  408. 19.|-- 196.202.145.94 0.0% 3 202.3 202.3 202.2 202.3 0.1
  409. 20.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  410. #######################################################################################################################################
  411. Ping 'agricmi.gov.sd'
  412. ---------------------------------------------------------------------------------------------------------------------------------------
  413.  
  414.  
  415. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-14 01:18 UTC
  416. SENT (0.1854s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=1] IP [ttl=64 id=12921 iplen=28 ]
  417. SENT (1.1857s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=2] IP [ttl=64 id=12921 iplen=28 ]
  418. SENT (2.1870s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=3] IP [ttl=64 id=12921 iplen=28 ]
  419. SENT (3.1883s) ICMP [104.237.144.6 > 62.12.105.2 Echo request (type=8/code=0) id=18649 seq=4] IP [ttl=64 id=12921 iplen=28 ]
  420.  
  421. Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
  422. Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
  423. Nping done: 1 IP address pinged in 4.19 seconds
  424. #######################################################################################################################################
  425. Page Admin Finder 'agricmi.gov.sd'
  426. ---------------------------------------------------------------------------------------------------------------------------------------
  427.  
  428.  
  429.  
  430. Avilable Links :
  431.  
  432. Find Page >> http://agricmi.gov.sd/administrator/
  433.  
  434. Find Page >> http://agricmi.gov.sd/administrator/index.php
  435. #######################################################################################################################################
  436. ; <<>> DiG 9.11.5-P1-1-Debian <<>> agricmi.gov.sd
  437. ;; global options: +cmd
  438. ;; Got answer:
  439. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38241
  440. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  441.  
  442. ;; OPT PSEUDOSECTION:
  443. ; EDNS: version: 0, flags:; udp: 4096
  444. ;; QUESTION SECTION:
  445. ;agricmi.gov.sd. IN A
  446.  
  447. ;; ANSWER SECTION:
  448. agricmi.gov.sd. 83346 IN A 62.12.105.2
  449.  
  450. ;; Query time: 34 msec
  451. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  452. ;; WHEN: mer fév 13 20:35:36 EST 2019
  453. ;; MSG SIZE rcvd: 59
  454. #######################################################################################################################################
  455. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace agricmi.gov.sd
  456. ;; global options: +cmd
  457. . 85580 IN NS f.root-servers.net.
  458. . 85580 IN NS e.root-servers.net.
  459. . 85580 IN NS g.root-servers.net.
  460. . 85580 IN NS l.root-servers.net.
  461. . 85580 IN NS b.root-servers.net.
  462. . 85580 IN NS i.root-servers.net.
  463. . 85580 IN NS m.root-servers.net.
  464. . 85580 IN NS d.root-servers.net.
  465. . 85580 IN NS j.root-servers.net.
  466. . 85580 IN NS h.root-servers.net.
  467. . 85580 IN NS c.root-servers.net.
  468. . 85580 IN NS a.root-servers.net.
  469. . 85580 IN NS k.root-servers.net.
  470. . 85580 IN RRSIG NS 8 0 518400 20190226220000 20190213210000 16749 . R628FVO9et4X/BNc8EzeiINuM/Xr8cA4DlDRErB80imz2KQF25GDSnLj LHSXEhUv2Dc23IvHPS5IfzYpF+A2fwYKmqEqgnxMPNVszNlsxG4XgENE yCi5LDOao4JUMDpJj9IbsVyxFRLRdkQrvUtJnRMly39WHwgrTR3LR6C+ MwEj1GPQR/PA0YjtJGEQNG9zS78u7HSTKovKX9dv3RG+A1M2jiZWxPHP AHqQR6sisBO9xyVXfwzR4G0eRwHDJFIto7xLv2lG6z949aMBglXRa5fn sUfrryLXinLnZGXY10mZIOfn01CpnFIrxihlX9uIAnq7hW8haFV/fabK plO7fA==
  471. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 35 ms
  472.  
  473. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  474. sd. 172800 IN NS ns1.uaenic.ae.
  475. sd. 172800 IN NS ns2.uaenic.ae.
  476. sd. 172800 IN NS ans1.sis.sd.
  477. sd. 172800 IN NS ans1.canar.sd.
  478. sd. 172800 IN NS ans2.canar.sd.
  479. sd. 172800 IN NS ns-sd.afrinic.net.
  480. sd. 86400 IN NSEC se. NS RRSIG NSEC
  481. sd. 86400 IN RRSIG NSEC 8 1 86400 20190226220000 20190213210000 16749 . pQY4I1sbZFrZUqOzkaQfawsU0HmOhvLWrAHaAvuwK1X4Alx4ubLDiXJN /se+vOsfqTJ2m1SrkwMZ8zpyRcO/9oNKvQgW3pMs4KD5Qga0YanFK+DH XTu0T2a8FLgYQvp2/tiLoJIrZhr6eX5Outdn7RvP5osKZgf9MwkVHEv+ IKkqtGlzwgslXUqPxveyfYF2C9hQpsFSc4LVeQVsw/Ak7GGY4Z02YEoV LPNx7JAolNNLtYY+N2yLoUQV3g3DI7rMrIB8dHsp6MuWZTxkd83xf+q7 S9gX4WRctaW88L3+qlaMUCw3hSYwzk6E/IRoX5nZItHoX/aYU/jb9q+I Dkwj7g==
  482. ;; Received 701 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 44 ms
  483.  
  484. agricmi.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
  485. agricmi.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
  486. ;; Received 115 bytes from 2001:67c:e0::109#53(sd.cctld.authdns.ripe.net) in 105 ms
  487.  
  488. agricmi.gov.sd. 86400 IN A 62.12.105.2
  489. agricmi.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  490. ;; Received 97 bytes from 62.12.109.2#53(ns0.ndc.gov.sd) in 198 ms
  491. #######################################################################################################################################
  492. [*] Performing General Enumeration of Domain: agricmi.gov.sd
  493. [-] DNSSEC is not configured for agricmi.gov.sd
  494. [*] SOA ns0.ndc.gov.sd 62.12.109.2
  495. [*] NS ns0.ndc.gov.sd 62.12.109.2
  496. [*] Bind Version for 62.12.109.2 you guess!
  497. [*] MX mail.agricmi.gov.sd 197.254.200.161
  498. [*] A agricmi.gov.sd 62.12.105.2
  499. [*] TXT agricmi.gov.sd v=spf1 mx -all
  500. [*] Enumerating SRV Records
  501. [-] No SRV Records Found for agricmi.gov.sd
  502. [+] 0 Records Found
  503. #######################################################################################################################################
  504. rocessing domain agricmi.gov.sd
  505. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  506. [+] Getting nameservers
  507. 62.12.109.2 - ns0.ndc.gov.sd
  508. [+] Zone transfer sucessful using nameserver ns0.ndc.gov.sd
  509. agricmi.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
  510. agricmi.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  511. agricmi.gov.sd. 86400 IN A 62.12.105.2
  512. agricmi.gov.sd. 86400 IN MX 10 mail.agricmi.gov.sd.
  513. agricmi.gov.sd. 86400 IN TXT "v=spf1 mx -all"
  514. mail.agricmi.gov.sd. 86400 IN A 197.254.200.161
  515. mail.agricmi.gov.sd. 86400 IN MX 10 mail.agricmi.gov.sd.
  516. webmail.agricmi.gov.sd. 86400 IN CNAME mail.agricmi.gov.sd.
  517. www.agricmi.gov.sd. 86400 IN A 62.12.105.2
  518. #######################################################################################################################################
  519. Ip Address Status Type Domain Name Server
  520. ---------- ------ ---- ----------- ------
  521. 197.254.200.161 host mail.agricmi.gov.sd
  522. 197.254.200.161 alias webmail.agricmi.gov.sd
  523. 197.254.200.161 host mail.agricmi.gov.sd
  524. 62.12.105.2 200 host www.agricmi.gov.sd nginx
  525. #######################################################################################################################################
  526. [+] Testing domain
  527. www.agricmi.gov.sd 62.12.105.2
  528. [+] Dns resolving
  529. Domain name Ip address Name server
  530. agricmi.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
  531. Found 1 host(s) for agricmi.gov.sd
  532. [+] Testing wildcard
  533. Ok, no wildcard found.
  534.  
  535. [+] Scanning for subdomain on agricmi.gov.sd
  536. [!] Wordlist not specified. I scannig with my internal wordlist...
  537. Estimated time about 105.53 seconds
  538.  
  539. Subdomain Ip address Name server
  540.  
  541. www.agricmi.gov.sd 62.12.105.2 f03-web02.nic.gov.sd
  542. #######################################################################################################################################
  543. =======================================================================================================================================
  544. | E-mails:
  545. | [+] E-mail Found: yousif.m.yousif@hotmail.com
  546. | [+] E-mail Found: ousif.m.yousif@hotmail.com
  547. | [+] E-mail Found: humbedooh@apache.org
  548. | [+] E-mail Found: mike@hyperreal.org
  549. | [+] E-mail Found: kevinh@kevcom.com
  550. =======================================================================================================================================
  551. | External hosts:
  552. | [+] External Host Found: http://httpd.apache.org
  553. =======================================================================================================================================
  554. #######################################################################################################################################
  555. dnsenum VERSION:1.2.4
  556.  
  557. ----- www.agricmi.gov.sd -----
  558.  
  559.  
  560. Host's addresses:
  561. __________________
  562.  
  563. www.agricmi.gov.sd. 83379 IN A 62.12.105.2
  564.  
  565.  
  566. Name Servers:
  567. ______________
  568. #######################################################################################################################################
  569. ===============================================
  570. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  571. ===============================================
  572.  
  573.  
  574. Running Source: Ask
  575. Running Source: Archive.is
  576. Running Source: Baidu
  577. Running Source: Bing
  578. Running Source: CertDB
  579. Running Source: CertificateTransparency
  580. Running Source: Certspotter
  581. Running Source: Commoncrawl
  582. Running Source: Crt.sh
  583. Running Source: Dnsdb
  584. Running Source: DNSDumpster
  585. Running Source: DNSTable
  586. Running Source: Dogpile
  587. Running Source: Exalead
  588. Running Source: Findsubdomains
  589. Running Source: Googleter
  590. Running Source: Hackertarget
  591. Running Source: Ipv4Info
  592. Running Source: PTRArchive
  593. Running Source: Sitedossier
  594. Running Source: Threatcrowd
  595. Running Source: ThreatMiner
  596. Running Source: WaybackArchive
  597. Running Source: Yahoo
  598.  
  599. Running enumeration on www.agricmi.gov.sd
  600.  
  601. dnsdb: Unexpected return status 503
  602.  
  603. ipv4info: <nil>
  604.  
  605.  
  606. Starting Bruteforcing of www.agricmi.gov.sd with 9985 words
  607.  
  608. Total 1 Unique subdomains found for www.agricmi.gov.sd
  609.  
  610. .www.agricmi.gov.sd
  611. #######################################################################################################################################
  612. [+] www.agricmi.gov.sd has no SPF record!
  613. [*] No DMARC record found. Looking for organizational record
  614. [+] No organizational DMARC record
  615. [+] Spoofing possible for www.agricmi.gov.sd!
  616. #######################################################################################################################################
  617. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:40 EST
  618. Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
  619. Host is up (0.17s latency).
  620. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  621. Not shown: 464 filtered ports, 4 closed ports
  622. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  623. PORT STATE SERVICE
  624. 21/tcp open ftp
  625. 80/tcp open http
  626. 110/tcp open pop3
  627. 143/tcp open imap
  628. 443/tcp open https
  629. 993/tcp open imaps
  630. 995/tcp open pop3s
  631. 8443/tcp open https-alt
  632. #######################################################################################################################################
  633. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:40 EST
  634. Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
  635. Host is up (0.023s latency).
  636. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  637. Not shown: 2 filtered ports
  638. PORT STATE SERVICE
  639. 53/udp open|filtered domain
  640. 67/udp open|filtered dhcps
  641. 68/udp open|filtered dhcpc
  642. 69/udp open|filtered tftp
  643. 88/udp open|filtered kerberos-sec
  644. 123/udp open|filtered ntp
  645. 139/udp open|filtered netbios-ssn
  646. 161/udp open|filtered snmp
  647. 162/udp open|filtered snmptrap
  648. 389/udp open|filtered ldap
  649. 520/udp open|filtered route
  650. 2049/udp open|filtered nfs
  651. #######################################################################################################################################
  652. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:40 EST
  653. Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
  654. Host is up.
  655. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  656.  
  657. PORT STATE SERVICE VERSION
  658. 21/tcp filtered ftp
  659. Too many fingerprints match this host to give specific OS details
  660.  
  661. TRACEROUTE (using proto 1/icmp)
  662. HOP RTT ADDRESS
  663. 1 24.19 ms 10.242.200.1
  664. 2 24.35 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  665. 3 44.97 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  666. 4 24.22 ms 82.102.29.44
  667. 5 24.37 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  668. 6 24.23 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  669. 7 93.81 ms 154.54.44.165
  670. 8 99.86 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  671. 9 100.90 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  672. 10 100.95 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  673. 11 100.75 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  674. 12 183.84 ms 185.153.20.70
  675. 13 183.84 ms 185.153.20.82
  676. 14 183.79 ms 185.153.20.94
  677. 15 227.46 ms 185.153.20.153
  678. 16 210.44 ms 212.0.131.109
  679. 17 213.43 ms 196.202.137.249
  680. 18 201.57 ms 196.202.145.94
  681. 19 ... 30
  682. #######################################################################################################################################
  683. wig - WebApp Information Gatherer
  684.  
  685.  
  686. Scanning http://www.agricmi.gov.sd...
  687. ______________________________________________ SITE INFO ______________________________________________
  688. IP Title
  689. 62.12.105.2 الصــــفــحة الرئيســية
  690.  
  691. _______________________________________________ VERSION _______________________________________________
  692. Name Versions Type
  693. Joomla! 2.5.9 CMS
  694. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
  695. 2.4.9
  696. PHP 5.4.16 Platform
  697. nginx Platform
  698. CentOS 7-1511 | 7.0-1406 | 7.1-1503 OS
  699. Red Hat Enterprise Linux RHEL-7.0 | RHEL-7.1 | RHEL-7.2 OS
  700. Scientific Linux 7.0 | 7.1 | 7.2 OS
  701.  
  702. _____________________________________________ INTERESTING _____________________________________________
  703. URL Note Type
  704. /robots.txt robots.txt index Interesting
  705.  
  706. ________________________________________________ TOOLS ________________________________________________
  707. Name Link Software
  708. CMSmap https://github.com/Dionach/CMSmap Joomla!
  709. joomscan http://sourceforge.net/projects/joomscan/ Joomla!
  710.  
  711. _______________________________________________________________________________________________________
  712. Time: 184.8 sec Urls: 807 Fingerprints: 40401
  713. #######################################################################################################################################
  714. HTTP/1.1 200 OK
  715. Server: nginx
  716. Date: Thu, 14 Feb 2019 00:47:16 GMT
  717. Content-Type: text/html; charset=utf-8
  718. Connection: keep-alive
  719. X-Powered-By: PHP/5.4.16
  720. P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  721. Cache-Control: no-cache
  722. Pragma: no-cache
  723. Set-Cookie: 650a76b3bacb69cb3de623bd53c0ffc7=lir99270da5tqhg2hc33rbg990; path=/
  724. X-Powered-By: PleskLin
  725.  
  726. HTTP/1.1 200 OK
  727. Server: nginx
  728. Date: Thu, 14 Feb 2019 00:47:17 GMT
  729. Content-Type: text/html; charset=utf-8
  730. Connection: keep-alive
  731. X-Powered-By: PHP/5.4.16
  732. P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  733. Cache-Control: no-cache
  734. Pragma: no-cache
  735. Set-Cookie: 650a76b3bacb69cb3de623bd53c0ffc7=eci19585ej5rfcr5a32gogmma2; path=/
  736. X-Powered-By: PleskLin
  737. #######################################################################################################################################
  738. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:45 EST
  739. Nmap scan report for www.agricmi.gov.sd (62.12.105.2)
  740. Host is up (0.20s latency).
  741. rDNS record for 62.12.105.2: f03-web02.nic.gov.sd
  742.  
  743. PORT STATE SERVICE VERSION
  744. 110/tcp open pop3 Dovecot pop3d
  745. | pop3-brute:
  746. | Accounts: No valid accounts found
  747. |_ Statistics: Performed 226 guesses in 197 seconds, average tps: 1.2
  748. |_pop3-capabilities: AUTH-RESP-CODE SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) APOP USER STLS TOP PIPELINING CAPA UIDL RESP-CODES
  749. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  750. Device type: specialized|WAP|general purpose|router
  751. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
  752. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
  753. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
  754. Network Distance: 20 hops
  755. Service Info: Host: fo3-web02.nic.gov.sd
  756.  
  757. TRACEROUTE (using port 443/tcp)
  758. HOP RTT ADDRESS
  759. 1 27.91 ms 10.242.200.1
  760. 2 28.77 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  761. 3 35.55 ms 37.120.128.168
  762. 4 27.90 ms 82.102.29.44
  763. 5 28.32 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  764. 6 28.79 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  765. 7 97.85 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  766. 8 103.41 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  767. 9 105.34 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  768. 10 105.44 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  769. 11 102.14 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  770. 12 185.87 ms 185.153.20.70
  771. 13 185.84 ms 185.153.20.82
  772. 14 185.21 ms 185.153.20.94
  773. 15 196.39 ms 185.153.20.153
  774. 16 ... 17
  775. 18 196.21 ms 196.202.145.94
  776. 19 ...
  777. 20 210.91 ms f03-web02.nic.gov.sd (62.12.105.2)
  778. #######################################################################################################################################
  779. https://www.agricmi.gov.sd [200 OK] Cookies[650a76b3bacb69cb3de623bd53c0ffc7], Email[Yousif.m.yousif@hotmail.com], HTML5, HTTPServer[nginx], IP[62.12.105.2], Joomla[2.5.9], MetaGenerator[Joomla! - Open Source Content Management], PHP[5.4.16,], Plesk[Lin], Script[text/javascript], Title[الصــــفــحة الرئيســية], X-Powered-By[PHP/5.4.16, PleskLin], nginx
  780. #######################################################################################################################################
  781. Version: 1.11.12-static
  782. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  783.  
  784. Connected to 62.12.105.2
  785.  
  786. Testing SSL server www.agricmi.gov.sd on port 443 using SNI name www.agricmi.gov.sd
  787.  
  788. TLS Fallback SCSV:
  789. Server supports TLS Fallback SCSV
  790.  
  791. TLS renegotiation:
  792. Secure session renegotiation supported
  793.  
  794. TLS Compression:
  795. Compression disabled
  796.  
  797. Heartbleed:
  798. TLS 1.2 not vulnerable to heartbleed
  799. TLS 1.1 not vulnerable to heartbleed
  800. TLS 1.0 not vulnerable to heartbleed
  801.  
  802. Supported Server Cipher(s):
  803. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  804. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  805. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  806. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  807. Accepted TLSv1.2 256 bits AES256-SHA256
  808. Accepted TLSv1.2 256 bits AES256-SHA
  809. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  810. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  811. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  812. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  813. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  814. Accepted TLSv1.2 128 bits AES128-SHA256
  815. Accepted TLSv1.2 128 bits AES128-SHA
  816. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  817. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  818. Accepted TLSv1.1 256 bits AES256-SHA
  819. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  820. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  821. Accepted TLSv1.1 128 bits AES128-SHA
  822. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  823. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  824. Accepted TLSv1.0 256 bits AES256-SHA
  825. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  826. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  827. Accepted TLSv1.0 128 bits AES128-SHA
  828. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  829.  
  830. SSL Certificate:
  831. Signature Algorithm: sha256WithRSAEncryption
  832. RSA Key Strength: 2048
  833.  
  834. Subject: Plesk
  835. Issuer: Plesk
  836.  
  837. Not valid before: Apr 20 02:40:27 2016 GMT
  838. Not valid after: Apr 20 02:40:27 2017 GMT
  839. #######################################################################################################################################
  840. --------------------------------------------------------
  841. <<<Yasuo discovered following vulnerable applications>>>
  842. --------------------------------------------------------
  843. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  844. | App Name | URL to Application | Potential Exploit | Username | Password |
  845. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  846. | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
  847. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  848. #######################################################################################################################################
  849. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:35 EST
  850. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  851. Host is up (0.10s latency).
  852. Not shown: 464 filtered ports, 4 closed ports
  853. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  854. PORT STATE SERVICE
  855. 21/tcp open ftp
  856. 80/tcp open http
  857. 110/tcp open pop3
  858. 143/tcp open imap
  859. 443/tcp open https
  860. 993/tcp open imaps
  861. 995/tcp open pop3s
  862. 8443/tcp open https-alt
  863. #######################################################################################################################################
  864. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:35 EST
  865. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  866. Host is up (0.026s latency).
  867. Not shown: 2 filtered ports
  868. PORT STATE SERVICE
  869. 53/udp open|filtered domain
  870. 67/udp open|filtered dhcps
  871. 68/udp open|filtered dhcpc
  872. 69/udp open|filtered tftp
  873. 88/udp open|filtered kerberos-sec
  874. 123/udp open|filtered ntp
  875. 139/udp open|filtered netbios-ssn
  876. 161/udp open|filtered snmp
  877. 162/udp open|filtered snmptrap
  878. 389/udp open|filtered ldap
  879. 520/udp open|filtered route
  880. 2049/udp open|filtered nfs
  881. #######################################################################################################################################
  882. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:35 EST
  883. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  884. Host is up (0.21s latency).
  885.  
  886. PORT STATE SERVICE VERSION
  887. 21/tcp open tcpwrapped
  888. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  889. Device type: specialized|WAP|general purpose|router
  890. Running: AVtech embedded, Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
  891. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
  892. OS details: AVtech Room Alert 26W environmental monitor, Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
  893. Network Distance: 20 hops
  894.  
  895. TRACEROUTE (using port 21/tcp)
  896. HOP RTT ADDRESS
  897. 1 29.44 ms 10.242.200.1
  898. 2 29.50 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  899. 3 33.03 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  900. 4 30.33 ms 82.102.29.44
  901. 5 29.95 ms 38.122.42.161
  902. 6 30.31 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  903. 7 99.50 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  904. 8 105.46 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  905. 9 106.46 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  906. 10 106.47 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  907. 11 99.54 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  908. 12 182.65 ms 185.153.20.70
  909. 13 182.65 ms 185.153.20.82
  910. 14 182.61 ms 185.153.20.94
  911. 15 195.37 ms 185.153.20.153
  912. 16 ... 17
  913. 18 198.14 ms 196.202.145.94
  914. 19 ...
  915. 20 211.83 ms f03-web02.nic.gov.sd (62.12.105.2)
  916. #######################################################################################################################################
  917. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:46 EST
  918. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  919. Host is up.
  920.  
  921. PORT STATE SERVICE VERSION
  922. 67/udp open|filtered dhcps
  923. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  924. Too many fingerprints match this host to give specific OS details
  925.  
  926. TRACEROUTE (using proto 1/icmp)
  927. HOP RTT ADDRESS
  928. 1 27.43 ms 10.242.200.1
  929. 2 27.82 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  930. 3 35.09 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  931. 4 27.46 ms 82.102.29.44
  932. 5 28.04 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  933. 6 28.02 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  934. 7 97.78 ms 154.54.44.165
  935. 8 103.72 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  936. 9 105.12 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  937. 10 105.15 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  938. 11 99.62 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  939. 12 183.66 ms 185.153.20.70
  940. 13 183.33 ms 185.153.20.82
  941. 14 183.37 ms 185.153.20.94
  942. 15 194.88 ms 185.153.20.153
  943. 16 211.49 ms 212.0.131.109
  944. 17 211.46 ms 196.202.137.249
  945. 18 196.21 ms 196.202.145.94
  946. 19 ... 30
  947. #######################################################################################################################################
  948. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:48 EST
  949. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  950. Host is up.
  951.  
  952. PORT STATE SERVICE VERSION
  953. 68/udp open|filtered dhcpc
  954. Too many fingerprints match this host to give specific OS details
  955.  
  956. TRACEROUTE (using proto 1/icmp)
  957. HOP RTT ADDRESS
  958. 1 24.29 ms 10.242.200.1
  959. 2 50.58 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  960. 3 38.79 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  961. 4 24.32 ms 82.102.29.44
  962. 5 24.33 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  963. 6 24.33 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  964. 7 94.93 ms 154.54.44.165
  965. 8 99.68 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  966. 9 100.45 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  967. 10 100.51 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  968. 11 100.13 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  969. 12 183.37 ms 185.153.20.70
  970. 13 183.37 ms 185.153.20.82
  971. 14 183.34 ms 185.153.20.94
  972. 15 196.47 ms 185.153.20.153
  973. 16 209.03 ms 212.0.131.109
  974. 17 208.21 ms 196.202.137.249
  975. 18 196.25 ms 196.202.145.94
  976. 19 ... 30
  977. #######################################################################################################################################
  978. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:50 EST
  979. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  980. Host is up.
  981.  
  982. PORT STATE SERVICE VERSION
  983. 69/udp open|filtered tftp
  984. Too many fingerprints match this host to give specific OS details
  985.  
  986. TRACEROUTE (using proto 1/icmp)
  987. HOP RTT ADDRESS
  988. 1 21.82 ms 10.242.200.1
  989. 2 22.31 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  990. 3 36.85 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  991. 4 22.28 ms 82.102.29.44
  992. 5 22.72 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  993. 6 22.69 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  994. 7 91.88 ms 154.54.44.165
  995. 8 97.70 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  996. 9 99.33 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  997. 10 99.40 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  998. 11 100.12 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  999. 12 183.45 ms 185.153.20.70
  1000. 13 183.57 ms 185.153.20.82
  1001. 14 183.40 ms 185.153.20.94
  1002. 15 195.67 ms 185.153.20.153
  1003. 16 212.15 ms 212.0.131.109
  1004. 17 208.35 ms 196.202.137.249
  1005. 18 198.15 ms 196.202.145.94
  1006. 19 ... 30
  1007. #######################################################################################################################################
  1008. wig - WebApp Information Gatherer
  1009.  
  1010.  
  1011. Scanning http://62.12.105.2...
  1012. ________________________________________ SITE INFO _________________________________________
  1013. IP Title
  1014. 62.12.105.2 Domain Default page
  1015.  
  1016. _________________________________________ VERSION __________________________________________
  1017. Name Versions Type
  1018. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
  1019. 2.4.9
  1020. nginx Platform
  1021.  
  1022. ____________________________________________________________________________________________
  1023. Time: 1.8 sec Urls: 811 Fingerprints: 40401
  1024. #######################################################################################################################################
  1025. HTTP/1.1 200 OK
  1026. Server: nginx
  1027. Date: Thu, 14 Feb 2019 00:55:38 GMT
  1028. Content-Type: text/html
  1029. Content-Length: 3750
  1030. Connection: keep-alive
  1031. Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
  1032. ETag: "ea6-5649d8e57844b"
  1033. Accept-Ranges: bytes
  1034.  
  1035. HTTP/1.1 200 OK
  1036. Server: nginx
  1037. Date: Thu, 14 Feb 2019 00:55:38 GMT
  1038. Content-Type: text/html
  1039. Content-Length: 3750
  1040. Connection: keep-alive
  1041. Last-Modified: Wed, 07 Feb 2018 11:25:44 GMT
  1042. ETag: "ea6-5649d8e57844b"
  1043. Accept-Ranges: bytes
  1044. #######################################################################################################################################
  1045. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:53 EST
  1046. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1047. Host is up (0.21s latency).
  1048.  
  1049. PORT STATE SERVICE VERSION
  1050. 110/tcp open pop3 Dovecot pop3d
  1051. | pop3-brute:
  1052. | Accounts: No valid accounts found
  1053. |_ Statistics: Performed 219 guesses in 196 seconds, average tps: 1.1
  1054. |_pop3-capabilities: TOP CAPA SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) AUTH-RESP-CODE USER STLS PIPELINING RESP-CODES UIDL APOP
  1055. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1056. Device type: general purpose
  1057. Running: Linux 2.6.X
  1058. OS CPE: cpe:/o:linux:linux_kernel:2.6
  1059. OS details: Linux 2.6.18 - 2.6.22
  1060. Network Distance: 20 hops
  1061. Service Info: Host: fo3-web02.nic.gov.sd
  1062.  
  1063. TRACEROUTE (using port 443/tcp)
  1064. HOP RTT ADDRESS
  1065. 1 22.24 ms 10.242.200.1
  1066. 2 47.67 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1067. 3 30.24 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1068. 4 22.51 ms 82.102.29.44
  1069. 5 23.47 ms 38.122.42.161
  1070. 6 23.49 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  1071. 7 92.91 ms be3043.ccr22.lpl01.atlas.cogentco.com (154.54.44.165)
  1072. 8 99.14 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1073. 9 100.33 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  1074. 10 100.37 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  1075. 11 100.13 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1076. 12 184.08 ms 185.153.20.70
  1077. 13 184.03 ms 185.153.20.82
  1078. 14 184.05 ms 185.153.20.94
  1079. 15 195.08 ms 185.153.20.153
  1080. 16 ... 17
  1081. 18 200.71 ms 196.202.145.94
  1082. 19 ...
  1083. 20 214.71 ms f03-web02.nic.gov.sd (62.12.105.2)
  1084. #######################################################################################################################################
  1085. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:57 EST
  1086. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1087. Host is up.
  1088.  
  1089. PORT STATE SERVICE VERSION
  1090. 123/udp open|filtered ntp
  1091. Too many fingerprints match this host to give specific OS details
  1092.  
  1093. TRACEROUTE (using proto 1/icmp)
  1094. HOP RTT ADDRESS
  1095. 1 22.71 ms 10.242.200.1
  1096. 2 35.56 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1097. 3 40.34 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1098. 4 22.92 ms 82.102.29.44
  1099. 5 23.32 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1100. 6 23.54 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1101. 7 93.04 ms 154.54.44.165
  1102. 8 98.41 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1103. 9 99.80 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1104. 10 99.85 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1105. 11 98.25 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1106. 12 181.85 ms 185.153.20.70
  1107. 13 181.85 ms 185.153.20.82
  1108. 14 181.82 ms 185.153.20.94
  1109. 15 196.11 ms 185.153.20.153
  1110. 16 212.07 ms 212.0.131.109
  1111. 17 210.40 ms 196.202.137.249
  1112. 18 198.63 ms 196.202.145.94
  1113. 19 ... 30
  1114. #######################################################################################################################################
  1115. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 20:59 EST
  1116. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1117. Host is up (0.21s latency).
  1118.  
  1119. PORT STATE SERVICE VERSION
  1120. 161/tcp filtered snmp
  1121. 161/udp open|filtered snmp
  1122. Too many fingerprints match this host to give specific OS details
  1123.  
  1124. TRACEROUTE (using proto 1/icmp)
  1125. HOP RTT ADDRESS
  1126. 1 22.60 ms 10.242.200.1
  1127. 2 23.22 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1128. 3 37.82 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1129. 4 22.68 ms 82.102.29.44
  1130. 5 23.29 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1131. 6 23.33 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1132. 7 92.65 ms 154.54.44.165
  1133. 8 99.92 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1134. 9 99.99 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1135. 10 100.03 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1136. 11 99.80 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1137. 12 182.45 ms 185.153.20.70
  1138. 13 182.37 ms 185.153.20.82
  1139. 14 182.40 ms 185.153.20.94
  1140. 15 192.72 ms 185.153.20.153
  1141. 16 209.64 ms 212.0.131.109
  1142. 17 209.02 ms 196.202.137.249
  1143. 18 197.35 ms 196.202.145.94
  1144. 19 ... 30
  1145. #######################################################################################################################################
  1146. Version: 1.11.12-static
  1147. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1148.  
  1149. Connected to 62.12.105.2
  1150.  
  1151. Testing SSL server 62.12.105.2 on port 443 using SNI name 62.12.105.2
  1152.  
  1153. TLS Fallback SCSV:
  1154. Server supports TLS Fallback SCSV
  1155.  
  1156. TLS renegotiation:
  1157. Secure session renegotiation supported
  1158.  
  1159. TLS Compression:
  1160. Compression disabled
  1161.  
  1162. Heartbleed:
  1163. TLS 1.2 not vulnerable to heartbleed
  1164. TLS 1.1 not vulnerable to heartbleed
  1165. TLS 1.0 not vulnerable to heartbleed
  1166.  
  1167. Supported Server Cipher(s):
  1168. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  1169. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  1170. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1171. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  1172. Accepted TLSv1.2 256 bits AES256-SHA256
  1173. Accepted TLSv1.2 256 bits AES256-SHA
  1174. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  1175. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  1176. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  1177. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1178. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  1179. Accepted TLSv1.2 128 bits AES128-SHA256
  1180. Accepted TLSv1.2 128 bits AES128-SHA
  1181. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  1182. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1183. Accepted TLSv1.1 256 bits AES256-SHA
  1184. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  1185. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1186. Accepted TLSv1.1 128 bits AES128-SHA
  1187. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  1188. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1189. Accepted TLSv1.0 256 bits AES256-SHA
  1190. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  1191. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1192. Accepted TLSv1.0 128 bits AES128-SHA
  1193. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  1194.  
  1195. SSL Certificate:
  1196. Signature Algorithm: sha256WithRSAEncryption
  1197. RSA Key Strength: 2048
  1198.  
  1199. Subject: Plesk
  1200. Issuer: Plesk
  1201.  
  1202. Not valid before: Apr 20 02:40:27 2016 GMT
  1203. Not valid after: Apr 20 02:40:27 2017 GMT
  1204. #######################################################################################################################################
  1205. --------------------------------------------------------
  1206. <<<Yasuo discovered following vulnerable applications>>>
  1207. --------------------------------------------------------
  1208. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1209. | App Name | URL to Application | Potential Exploit | Username | Password |
  1210. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1211. | phpMyAdmin | https://62.12.105.2:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
  1212. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1213. #######################################################################################################################################
  1214. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 21:07 EST
  1215. NSE: Loaded 148 scripts for scanning.
  1216. NSE: Script Pre-scanning.
  1217. NSE: Starting runlevel 1 (of 2) scan.
  1218. Initiating NSE at 21:07
  1219. Completed NSE at 21:07, 0.00s elapsed
  1220. NSE: Starting runlevel 2 (of 2) scan.
  1221. Initiating NSE at 21:07
  1222. Completed NSE at 21:07, 0.00s elapsed
  1223. Initiating Ping Scan at 21:07
  1224. Scanning 62.12.105.2 [4 ports]
  1225. Completed Ping Scan at 21:07, 0.24s elapsed (1 total hosts)
  1226. Initiating Parallel DNS resolution of 1 host. at 21:07
  1227. Completed Parallel DNS resolution of 1 host. at 21:07, 0.02s elapsed
  1228. Initiating Connect Scan at 21:07
  1229. Scanning f03-web02.nic.gov.sd (62.12.105.2) [1000 ports]
  1230. Discovered open port 443/tcp on 62.12.105.2
  1231. Discovered open port 143/tcp on 62.12.105.2
  1232. Discovered open port 110/tcp on 62.12.105.2
  1233. Discovered open port 80/tcp on 62.12.105.2
  1234. Discovered open port 995/tcp on 62.12.105.2
  1235. Discovered open port 993/tcp on 62.12.105.2
  1236. Discovered open port 21/tcp on 62.12.105.2
  1237. Discovered open port 8443/tcp on 62.12.105.2
  1238. Completed Connect Scan at 21:08, 14.79s elapsed (1000 total ports)
  1239. Initiating Service scan at 21:08
  1240. Scanning 8 services on f03-web02.nic.gov.sd (62.12.105.2)
  1241. Completed Service scan at 21:08, 14.43s elapsed (8 services on 1 host)
  1242. Initiating OS detection (try #1) against f03-web02.nic.gov.sd (62.12.105.2)
  1243. Retrying OS detection (try #2) against f03-web02.nic.gov.sd (62.12.105.2)
  1244. WARNING: OS didn't match until try #2
  1245. Initiating Traceroute at 21:08
  1246. Completed Traceroute at 21:08, 6.15s elapsed
  1247. Initiating Parallel DNS resolution of 18 hosts. at 21:08
  1248. Completed Parallel DNS resolution of 18 hosts. at 21:08, 16.51s elapsed
  1249. NSE: Script scanning 62.12.105.2.
  1250. NSE: Starting runlevel 1 (of 2) scan.
  1251. Initiating NSE at 21:08
  1252. NSE Timing: About 98.90% done; ETC: 21:09 (0:00:00 remaining)
  1253. NSE Timing: About 99.54% done; ETC: 21:09 (0:00:00 remaining)
  1254. NSE Timing: About 99.72% done; ETC: 21:10 (0:00:00 remaining)
  1255. NSE Timing: About 99.91% done; ETC: 21:10 (0:00:00 remaining)
  1256. Completed NSE at 21:11, 139.14s elapsed
  1257. NSE: Starting runlevel 2 (of 2) scan.
  1258. Initiating NSE at 21:11
  1259. Completed NSE at 21:11, 0.42s elapsed
  1260. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1261. Host is up, received syn-ack ttl 50 (0.15s latency).
  1262. Scanned at 2019-02-13 21:07:46 EST for 199s
  1263. Not shown: 988 filtered ports
  1264. Reason: 987 no-responses and 1 host-unreach
  1265. PORT STATE SERVICE REASON VERSION
  1266. 21/tcp open tcpwrapped syn-ack
  1267. 25/tcp closed smtp conn-refused
  1268. 80/tcp open http syn-ack nginx
  1269. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
  1270. | http-methods:
  1271. |_ Supported Methods: GET HEAD POST OPTIONS
  1272. |_http-server-header: nginx
  1273. |_http-title: Domain Default page
  1274. 110/tcp open pop3 syn-ack Dovecot pop3d
  1275. |_pop3-capabilities: RESP-CODES SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) UIDL PIPELINING AUTH-RESP-CODE TOP CAPA USER STLS APOP
  1276. |_ssl-date: TLS randomness does not represent time
  1277. 113/tcp closed ident conn-refused
  1278. 139/tcp closed netbios-ssn conn-refused
  1279. 143/tcp open imap syn-ack Dovecot imapd
  1280. |_imap-capabilities: listed LITERAL+ AUTH=PLAIN STARTTLS ENABLE capabilities LOGIN-REFERRALS OK more IMAP4rev1 AUTH=CRAM-MD5A0001 AUTH=LOGIN SASL-IR post-login Pre-login ID IDLE have AUTH=DIGEST-MD5
  1281. |_ssl-date: TLS randomness does not represent time
  1282. 443/tcp open ssl/http syn-ack nginx
  1283. | http-methods:
  1284. |_ Supported Methods: GET HEAD POST OPTIONS
  1285. |_http-server-header: nginx
  1286. |_http-title: 400 The plain HTTP request was sent to HTTPS port
  1287. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
  1288. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
  1289. | Public Key type: rsa
  1290. | Public Key bits: 2048
  1291. | Signature Algorithm: sha256WithRSAEncryption
  1292. | Not valid before: 2016-04-20T02:40:27
  1293. | Not valid after: 2017-04-20T02:40:27
  1294. | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
  1295. | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
  1296. | -----BEGIN CERTIFICATE-----
  1297. | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
  1298. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
  1299. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
  1300. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
  1301. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
  1302. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
  1303. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
  1304. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
  1305. | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
  1306. | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
  1307. | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
  1308. | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
  1309. | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
  1310. | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
  1311. | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
  1312. | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
  1313. | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
  1314. | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
  1315. | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
  1316. |_-----END CERTIFICATE-----
  1317. |_ssl-date: TLS randomness does not represent time
  1318. | tls-alpn:
  1319. |_ http/1.1
  1320. | tls-nextprotoneg:
  1321. |_ http/1.1
  1322. 445/tcp closed microsoft-ds conn-refused
  1323. 993/tcp open ssl/imaps? syn-ack
  1324. |_ssl-date: TLS randomness does not represent time
  1325. 995/tcp open ssl/pop3s? syn-ack
  1326. |_ssl-date: TLS randomness does not represent time
  1327. 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.5.3)
  1328. | http-methods:
  1329. |_ Supported Methods: GET HEAD POST OPTIONS
  1330. |_http-server-header: sw-cp-server
  1331. |_http-title: Plesk Onyx 17.5.3
  1332. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
  1333. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
  1334. | Public Key type: rsa
  1335. | Public Key bits: 2048
  1336. | Signature Algorithm: sha256WithRSAEncryption
  1337. | Not valid before: 2016-04-20T02:40:27
  1338. | Not valid after: 2017-04-20T02:40:27
  1339. | MD5: a38f 7308 6ca0 a95d 2faa d3f0 6cb4 5553
  1340. | SHA-1: 1479 6658 f803 6987 8f42 5473 9eaf 97e1 50dd 2d68
  1341. | -----BEGIN CERTIFICATE-----
  1342. | MIIDfTCCAmUCBFcW7BswDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
  1343. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
  1344. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
  1345. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE2MDQyMDAyNDAyN1oXDTE3MDQyMDAyNDAy
  1346. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
  1347. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
  1348. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
  1349. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZDNfEWzRPuiKR6QpFWONPYHX+Pl6rwn
  1350. | 6ctlVkGd2xcdnPKqzuL8z06rprVz1ro/kK7O9Xna4YfMzqoZjanxdzvjg5936PKF
  1351. | jjf5+AA4mmbD1SD1wFCE4+U4PnE2lz/Ae/Nj5wSLK1xAL3zitACHRLTXs3a4GMQC
  1352. | Q1LD36PSzhTl2EhDgQbSK+HB3YqsuJ8tKvn7P4qIGTZJ+HPikTXZ2e+bztPJGN4H
  1353. | iL16zcL5F8DcIKuRx6qpmGjji8As/JsNLckYD0O8CFWZHNjbAniQ+c64Umif9UrD
  1354. | IMcNJ3sgChQA7o8A1Qlu63FqJWGwxKlnPGt94tRpTUT1SGDCCMTTTwIDAQABMA0G
  1355. | CSqGSIb3DQEBCwUAA4IBAQAmNWQp2HI7DaKdIhVqqviur4Z852Z1RCrqWXMl95DP
  1356. | vtMpgRNrfdqC33xw627iWLJo4vKLvFK0OBgZ6O1gcLhcOeTGGbJLykhNjiPd0YU1
  1357. | oIg7G6HWKeQ30q2FTv43qoc1s6uiuflihbctsF7tnLxMXQcZO3nwWkkLcuQtMDFS
  1358. | RAkfBKbIoI/36MFs4GUh/nS78k9b3RgnSWwAD7DQi2+FrVr712EelRT627XIDp0U
  1359. | t3D2RhpH0SqBX1ncmzF5P9wll3Yqoy0nrJOpXXEf3nP9LyTBA2imWclm4NHaBVat
  1360. | CfsxXtJeFHpedfALThLxsTPAz/fsZoMC4s4N/ViMbF62
  1361. |_-----END CERTIFICATE-----
  1362. |_ssl-date: TLS randomness does not represent time
  1363. | tls-nextprotoneg:
  1364. |_ http/1.1
  1365. Device type: general purpose
  1366. Running: Linux 2.6.X
  1367. OS CPE: cpe:/o:linux:linux_kernel:2.6
  1368. OS details: Linux 2.6.18 - 2.6.22
  1369. TCP/IP fingerprint:
  1370. OS:SCAN(V=7.70%E=4%D=2/13%OT=80%CT=25%CU=%PV=N%G=N%TM=5C64CE39%P=x86_64-pc-
  1371. OS:linux-gnu)SEQ(SP=106%GCD=1%ISR=10C%TI=Z%CI=Z%TS=A)SEQ(CI=Z)OPS(O1=M4B3ST
  1372. OS:11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4
  1373. OS:B3ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%
  1374. OS:TG=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)ECN(R=N)T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=A
  1375. OS:S%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD
  1376. OS:=0%Q=)T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=N)IE(R=N)
  1377.  
  1378. Service Info: Host: fo3-web02.nic.gov.sd
  1379.  
  1380. TRACEROUTE (using proto 1/icmp)
  1381. HOP RTT ADDRESS
  1382. 1 23.16 ms 10.242.200.1
  1383. 2 49.02 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1384. 3 35.53 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1385. 4 23.18 ms 82.102.29.44
  1386. 5 23.19 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1387. 6 23.38 ms hu0-4-0-1.ccr22.ymq01.atlas.cogentco.com (154.54.31.222)
  1388. 7 92.66 ms 154.54.44.165
  1389. 8 98.66 ms be2491.ccr52.lhr01.atlas.cogentco.com (154.54.39.118)
  1390. 9 99.88 ms be3488.ccr42.lon13.atlas.cogentco.com (154.54.60.13)
  1391. 10 100.00 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1392. 11 98.64 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1393. 12 182.33 ms 185.153.20.70
  1394. 13 182.36 ms 185.153.20.82
  1395. 14 182.10 ms 185.153.20.94
  1396. 15 192.61 ms 185.153.20.153
  1397. 16 208.12 ms 212.0.131.109
  1398. 17 209.20 ms 196.202.137.249
  1399. 18 197.39 ms 196.202.145.94
  1400. 19 ... 30
  1401.  
  1402. NSE: Script Post-scanning.
  1403. NSE: Starting runlevel 1 (of 2) scan.
  1404. Initiating NSE at 21:11
  1405. Completed NSE at 21:11, 0.00s elapsed
  1406. NSE: Starting runlevel 2 (of 2) scan.
  1407. Initiating NSE at 21:11
  1408. Completed NSE at 21:11, 0.00s elapsed
  1409. Read data files from: /usr/bin/../share/nmap
  1410. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1411. Nmap done: 1 IP address (1 host up) scanned in 199.92 seconds
  1412. Raw packets sent: 142 (10.432KB) | Rcvd: 54 (5.443KB)
  1413. #######################################################################################################################################
  1414. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-13 21:11 EST
  1415. NSE: Loaded 148 scripts for scanning.
  1416. NSE: Script Pre-scanning.
  1417. Initiating NSE at 21:11
  1418. Completed NSE at 21:11, 0.00s elapsed
  1419. Initiating NSE at 21:11
  1420. Completed NSE at 21:11, 0.00s elapsed
  1421. Initiating Parallel DNS resolution of 1 host. at 21:11
  1422. Completed Parallel DNS resolution of 1 host. at 21:11, 0.02s elapsed
  1423. Initiating UDP Scan at 21:11
  1424. Scanning f03-web02.nic.gov.sd (62.12.105.2) [14 ports]
  1425. Completed UDP Scan at 21:11, 1.96s elapsed (14 total ports)
  1426. Initiating Service scan at 21:11
  1427. Scanning 12 services on f03-web02.nic.gov.sd (62.12.105.2)
  1428. Service scan Timing: About 8.33% done; ETC: 21:30 (0:17:58 remaining)
  1429. Completed Service scan at 21:12, 102.58s elapsed (12 services on 1 host)
  1430. Initiating OS detection (try #1) against f03-web02.nic.gov.sd (62.12.105.2)
  1431. Retrying OS detection (try #2) against f03-web02.nic.gov.sd (62.12.105.2)
  1432. Initiating Traceroute at 21:12
  1433. Completed Traceroute at 21:13, 7.09s elapsed
  1434. Initiating Parallel DNS resolution of 1 host. at 21:13
  1435. Completed Parallel DNS resolution of 1 host. at 21:13, 0.02s elapsed
  1436. NSE: Script scanning 62.12.105.2.
  1437. Initiating NSE at 21:13
  1438. Completed NSE at 21:13, 20.30s elapsed
  1439. Initiating NSE at 21:13
  1440. Completed NSE at 21:13, 1.02s elapsed
  1441. Nmap scan report for f03-web02.nic.gov.sd (62.12.105.2)
  1442. Host is up (0.044s latency).
  1443.  
  1444. PORT STATE SERVICE VERSION
  1445. 53/udp open|filtered domain
  1446. 67/udp open|filtered dhcps
  1447. 68/udp open|filtered dhcpc
  1448. 69/udp open|filtered tftp
  1449. 88/udp open|filtered kerberos-sec
  1450. 123/udp open|filtered ntp
  1451. 137/udp filtered netbios-ns
  1452. 138/udp filtered netbios-dgm
  1453. 139/udp open|filtered netbios-ssn
  1454. 161/udp open|filtered snmp
  1455. 162/udp open|filtered snmptrap
  1456. 389/udp open|filtered ldap
  1457. 520/udp open|filtered route
  1458. 2049/udp open|filtered nfs
  1459. Too many fingerprints match this host to give specific OS details
  1460.  
  1461. TRACEROUTE (using port 137/udp)
  1462. HOP RTT ADDRESS
  1463. 1 23.18 ms 10.242.200.1
  1464. 2 ... 3
  1465. 4 22.44 ms 10.242.200.1
  1466. 5 27.07 ms 10.242.200.1
  1467. 6 27.06 ms 10.242.200.1
  1468. 7 27.05 ms 10.242.200.1
  1469. 8 27.05 ms 10.242.200.1
  1470. 9 27.04 ms 10.242.200.1
  1471. 10 27.05 ms 10.242.200.1
  1472. 11 ... 18
  1473. 19 22.37 ms 10.242.200.1
  1474. 20 25.32 ms 10.242.200.1
  1475. 21 ... 28
  1476. 29 23.89 ms 10.242.200.1
  1477. 30 22.12 ms 10.242.200.1
  1478.  
  1479. NSE: Script Post-scanning.
  1480. Initiating NSE at 21:13
  1481. Completed NSE at 21:13, 0.00s elapsed
  1482. Initiating NSE at 21:13
  1483. Completed NSE at 21:13, 0.00s elapsed
  1484. Read data files from: /usr/bin/../share/nmap
  1485. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1486. Nmap done: 1 IP address (1 host up) scanned in 136.66 seconds
  1487. Raw packets sent: 147 (13.614KB) | Rcvd: 33 (3.542KB)
  1488. #######################################################################################################################################
  1489. [+] FireWall Detector
  1490. [++] Firewall not detected
  1491.  
  1492. [+] Detecting Joomla Version
  1493. [++] Joomla 2.5.9
  1494.  
  1495. [+] Core Joomla Vulnerability
  1496. [++] Joomla! Core Remote Privilege Escalation Vulnerability
  1497. CVE : CVE-2016-9838
  1498. EDB : https://www.exploit-db.com/exploits/41157/
  1499.  
  1500. Joomla! Component Akeeba Kickstart - Unserialize Remote Code Execution
  1501. CVE : CVE-2014-7228
  1502. EDB : https://www.exploit-db.com/exploits/35033/
  1503.  
  1504. Joomla! Core Authentication Bypass Vulnerability
  1505. CVE :CVE-2014-6632
  1506. http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html
  1507.  
  1508. Joomla! Core Remote Denial of Service Vulnerability
  1509. CVE : CVE-2014-7229
  1510. https://developer.joomla.org/security/596-20140904-core-denial-of-service.html
  1511.  
  1512. PHPMailer Remote Code Execution Vulnerability
  1513. CVE : CVE-2016-10033
  1514. https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
  1515. https://github.com/opsxcq/exploit-CVE-2016-10033
  1516. EDB : https://www.exploit-db.com/exploits/40969/
  1517.  
  1518. PPHPMailer Incomplete Fix Remote Code Execution Vulnerability
  1519. CVE : CVE-2016-10045
  1520. https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection
  1521. EDB : https://www.exploit-db.com/exploits/40969/
  1522.  
  1523.  
  1524.  
  1525. [+] Checking apache info/status files
  1526. [++] Readable info/status files are not found
  1527.  
  1528. [+] admin finder
  1529. [++] Admin page : http://www.agricmi.gov.sd/administrator/
  1530.  
  1531. [+] Checking robots.txt existing
  1532. [++] robots.txt is found
  1533. path : http://www.agricmi.gov.sd/robots.txt
  1534.  
  1535. Interesting path found from robots.txt
  1536. http://www.agricmi.gov.sd/joomla/administrator/
  1537. http://www.agricmi.gov.sd/administrator/
  1538. http://www.agricmi.gov.sd/cache/
  1539. http://www.agricmi.gov.sd/cli/
  1540. http://www.agricmi.gov.sd/components/
  1541. http://www.agricmi.gov.sd/images/
  1542. http://www.agricmi.gov.sd/includes/
  1543. http://www.agricmi.gov.sd/installation/
  1544. http://www.agricmi.gov.sd/language/
  1545. http://www.agricmi.gov.sd/libraries/
  1546. http://www.agricmi.gov.sd/logs/
  1547. http://www.agricmi.gov.sd/media/
  1548. http://www.agricmi.gov.sd/modules/
  1549. http://www.agricmi.gov.sd/plugins/
  1550. http://www.agricmi.gov.sd/templates/
  1551. http://www.agricmi.gov.sd/tmp/
  1552.  
  1553.  
  1554. [+] Finding common backup files name
  1555. [++] Backup files are not found
  1556.  
  1557. [+] Finding common log files name
  1558. [++] error log is not found
  1559.  
  1560. [+] Checking user registration
  1561. [++] registration is enabled
  1562. http://www.agricmi.gov.sd/index.php?option=com_users&view=registration
  1563.  
  1564. [+] Checking sensitive config.php.x file
  1565. [++] Readable config files are not found
  1566. #######################################################################################################################################
  1567. [-] Date & Time: 13/02/2019 19:48:45
  1568. [I] Threads: 5
  1569. [-] Target: http://www.agricmi.gov.sd (62.12.105.2)
  1570. [M] Website Not in HTTPS: http://www.agricmi.gov.sd
  1571. [I] X-Powered-By: PHP/5.4.16
  1572. [L] X-Frame-Options: Not Enforced
  1573. [I] Strict-Transport-Security: Not Enforced
  1574. [I] X-Content-Security-Policy: Not Enforced
  1575. [I] X-Content-Type-Options: Not Enforced
  1576. [L] Robots.txt Found: http://www.agricmi.gov.sd/robots.txt
  1577. [I] CMS Detection: Joomla
  1578. [I] Joomla Version: 2.5.9
  1579. [M] EDB-ID: 46200 "Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings"
  1580. [M] EDB-ID: 42033 "Joomla! 3.7.0 - 'com_fields' SQL Injection"
  1581. [M] EDB-ID: 40637 "Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation"
  1582. [M] EDB-ID: 41157 "Joomla! < 3.6.4 - Admin Takeover"
  1583. [M] EDB-ID: 38977 "Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution"
  1584. [M] EDB-ID: 39033 "Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution"
  1585. [M] EDB-ID: 38534 "Joomla! 3.2.x < 3.4.4 - SQL Injection"
  1586. [M] EDB-ID: 31459 "Joomla! 3.2.1 - SQL Injection"
  1587. [M] EDB-ID: 25087 "Joomla! 3.0.3 - 'remember.php' PHP Object Injection"
  1588. [M] EDB-ID: 24551 "Joomla! 3.0.2 - 'highlight.php' PHP Object Injection"
  1589. [M] EDB-ID: 44227 "Joomla! 3.7 - SQL Injection"
  1590. [I] Joomla Website Template: siteground-j16-12
  1591. [I] Joomla Administrator Template: hathor
  1592. [-] Enumerating Joomla Usernames via "Feed" ...
  1593. [I] Super User: yousif.m.yousif@hotmail.com
  1594. [I] Autocomplete Off Not Found: http://www.agricmi.gov.sd/administrator/index.php
  1595. [-] Joomla Default Files:
  1596. [-] Joomla is likely to have a large number of default files
  1597. [-] Would you like to list them all?
  1598. [y/N]: y
  1599. [I] http://www.agricmi.gov.sd/LICENSE.txt
  1600. [I] http://www.agricmi.gov.sd/README.txt
  1601. [I] http://www.agricmi.gov.sd/administrator/cache/index.html
  1602. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-06.sql
  1603. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-16.sql
  1604. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-19.sql
  1605. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-20.sql
  1606. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-21-1.sql
  1607. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-21-2.sql
  1608. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-22.sql
  1609. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-23.sql
  1610. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-24.sql
  1611. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2012-01-10.sql
  1612. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.0-2012-01-14.sql
  1613. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.1-2012-01-26.sql
  1614. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.2-2012-03-05.sql
  1615. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.3-2012-03-13.sql
  1616. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-18.sql
  1617. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-19.sql
  1618. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.5.sql
  1619. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.6.sql
  1620. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/mysql/2.5.7.sql
  1621. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.2-2012-03-05.sql
  1622. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.3-2012-03-13.sql
  1623. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.4-2012-03-18.sql
  1624. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.4-2012-03-19.sql
  1625. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.5.sql
  1626. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.6.sql
  1627. [I] http://www.agricmi.gov.sd/administrator/components/com_admin/sql/updates/sqlazure/2.5.7.sql
  1628. [I] http://www.agricmi.gov.sd/administrator/components/com_banners/sql/install.mysql.utf8.sql
  1629. [I] http://www.agricmi.gov.sd/administrator/components/com_banners/sql/uninstall.mysql.utf8.sql
  1630. [I] http://www.agricmi.gov.sd/administrator/components/com_contact/sql/install.mysql.utf8.sql
  1631. [I] http://www.agricmi.gov.sd/administrator/components/com_contact/sql/uninstall.mysql.utf8.sql
  1632. [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/install.mysql.sql
  1633. [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/install.postgresql.sql
  1634. [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/uninstall.mysql.sql
  1635. [I] http://www.agricmi.gov.sd/administrator/components/com_finder/sql/uninstall.postgresql.sql
  1636. [I] http://www.agricmi.gov.sd/administrator/components/com_newsfeeds/sql/install.mysql.utf8.sql
  1637. [I] http://www.agricmi.gov.sd/administrator/components/com_newsfeeds/sql/uninstall.mysql.utf8.sql
  1638. [I] http://www.agricmi.gov.sd/administrator/language/overrides/index.html
  1639. [I] http://www.agricmi.gov.sd/administrator/manifests/packages/index.html
  1640. [I] http://www.agricmi.gov.sd/administrator/templates/hathor/LICENSE.txt
  1641. [I] http://www.agricmi.gov.sd/cache/index.html
  1642. [I] http://www.agricmi.gov.sd/cli/index.html
  1643. [I] http://www.agricmi.gov.sd/components/index.html
  1644. [I] http://www.agricmi.gov.sd/htaccess.txt
  1645. [I] http://www.agricmi.gov.sd/images/index.html
  1646. [I] http://www.agricmi.gov.sd/includes/index.html
  1647. [I] http://www.agricmi.gov.sd/language/index.html
  1648. [I] http://www.agricmi.gov.sd/language/overrides/index.html
  1649. [I] http://www.agricmi.gov.sd/libraries/fof/LICENSE.txt
  1650. [I] http://www.agricmi.gov.sd/libraries/fof/version.txt
  1651. [I] http://www.agricmi.gov.sd/libraries/index.html
  1652. [I] http://www.agricmi.gov.sd/media/editors/tinymce/templates/layout1.html
  1653. [I] http://www.agricmi.gov.sd/media/editors/tinymce/templates/snippet1.html
  1654. [I] http://www.agricmi.gov.sd/media/index.html
  1655. [I] http://www.agricmi.gov.sd/modules/index.html
  1656. [I] http://www.agricmi.gov.sd/plugins/index.html
  1657. [I] http://www.agricmi.gov.sd/templates/index.html
  1658. [I] http://www.agricmi.gov.sd/tmp/index.html
  1659. [I] http://www.agricmi.gov.sd/web.config.txt
  1660. [-] Searching Joomla Components ...
  1661. [I] Checking for Directory Listing Enabled ...
  1662. [-] Date & Time: 13/02/2019 20:07:58
  1663. [-] Completed in: 0:19:12
  1664. #######################################################################################################################################
  1665. Anonymous JTSEC #OpSudan Full Recon #8
Advertisement
RAW Paste Data Copied
Advertisement