JTSEC1333

Anonymous JTSEC #OpSudan Full Recon #19

Feb 21st, 2019
1,301
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Nom de l'hôte moe.gov.sd FAI NICDC
  4. Continent Afrique Drapeau
  5. SD
  6. Pays Soudan Code du pays SD
  7. Région Inconnu Heure locale 22 Feb 2019 02:33 CAT
  8. Ville Inconnu Code Postal Inconnu
  9. Adresse IP 62.12.98.17 Latitude 15
  10. Longitude 30
  11.  
  12. =======================================================================================================================================
  13. #######################################################################################################################################
  14. > moe.gov.sd
  15. Server: 27.50.70.139
  16. Address: 27.50.70.139#53
  17.  
  18. Non-authoritative answer:
  19. Name: moe.gov.sd
  20. Address: 62.12.98.17
  21. >
  22. #######################################################################################################################################
  23. HostIP:62.12.98.17
  24. HostName:moe.gov.sd
  25.  
  26. Gathered Inet-whois information for 62.12.98.17
  27. ---------------------------------------------------------------------------------------------------------------------------------------
  28.  
  29.  
  30. inetnum: 62.12.96.0 - 62.12.127.255
  31. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  32. descr: IPv4 address block not managed by the RIPE NCC
  33. remarks: ------------------------------------------------------
  34. remarks:
  35. remarks: For registration information,
  36. remarks: you can consult the following sources:
  37. remarks:
  38. remarks: IANA
  39. remarks: http://www.iana.org/assignments/ipv4-address-space
  40. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
  41. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
  42. remarks:
  43. remarks: AFRINIC (Africa)
  44. remarks: http://www.afrinic.net/ whois.afrinic.net
  45. remarks:
  46. remarks: APNIC (Asia Pacific)
  47. remarks: http://www.apnic.net/ whois.apnic.net
  48. remarks:
  49. remarks: ARIN (Northern America)
  50. remarks: http://www.arin.net/ whois.arin.net
  51. remarks:
  52. remarks: LACNIC (Latin America and the Carribean)
  53. remarks: http://www.lacnic.net/ whois.lacnic.net
  54. remarks:
  55. remarks: ------------------------------------------------------
  56. country: EU # Country is really world wide
  57. admin-c: IANA1-RIPE
  58. tech-c: IANA1-RIPE
  59. status: ALLOCATED UNSPECIFIED
  60. mnt-by: RIPE-NCC-HM-MNT
  61. created: 2019-01-07T10:46:54Z
  62. last-modified: 2019-01-07T10:46:54Z
  63. source: RIPE
  64.  
  65. role: Internet Assigned Numbers Authority
  66. address: see http://www.iana.org.
  67. admin-c: IANA1-RIPE
  68. tech-c: IANA1-RIPE
  69. nic-hdl: IANA1-RIPE
  70. remarks: For more information on IANA services
  71. remarks: go to IANA web site at http://www.iana.org.
  72. mnt-by: RIPE-NCC-MNT
  73. created: 1970-01-01T00:00:00Z
  74. last-modified: 2001-09-22T09:31:27Z
  75. source: RIPE # Filtered
  76.  
  77. % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
  78.  
  79.  
  80.  
  81. Gathered Inic-whois information for moe.gov.sd
  82. ---------------------------------------------------------------------------------------------------------------------------------------
  83. Error: Unable to connect - Invalid Host
  84. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  85. close error
  86.  
  87. Gathered Netcraft information for moe.gov.sd
  88. ---------------------------------------------------------------------------------------------------------------------------------------
  89.  
  90. Retrieving Netcraft.com information for moe.gov.sd
  91. Netcraft.com Information gathered
  92.  
  93. Gathered Subdomain information for moe.gov.sd
  94. ---------------------------------------------------------------------------------------------------------------------------------------
  95. Searching Google.com:80...
  96. Searching Altavista.com:80...
  97. Found 0 possible subdomain(s) for host moe.gov.sd, Searched 0 pages containing 0 results
  98.  
  99. Gathered E-Mail information for moe.gov.sd
  100. ---------------------------------------------------------------------------------------------------------------------------------------
  101. Searching Google.com:80...
  102. Searching Altavista.com:80...
  103. Found 0 E-Mail(s) for host moe.gov.sd, Searched 0 pages containing 0 results
  104.  
  105. Gathered TCP Port information for 62.12.98.17
  106. ---------------------------------------------------------------------------------------------------------------------------------------
  107.  
  108. Port State
  109.  
  110. 80/tcp open
  111.  
  112. Portscan Finished: Scanned 150 ports, 4 ports were in state closed
  113. #######################################################################################################################################
  114. [i] Scanning Site: http://moe.gov.sd
  115.  
  116.  
  117.  
  118. B A S I C I N F O
  119. =======================================================================================================================================
  120.  
  121.  
  122. [+] Site Title: وزارة التربية والتعليم
  123. [+] IP address: 62.12.98.17
  124. [+] Web Server: Apache/2.2.15 (CentOS)
  125. [+] CMS: Could Not Detect
  126. [+] Cloudflare: Not Detected
  127. [+] Robots File: Could NOT Find robots.txt!
  128.  
  129.  
  130.  
  131.  
  132.  
  133. G E O I P L O O K U P
  134. =======================================================================================================================================
  135.  
  136. [i] IP Address: 62.12.98.17
  137. [i] Country: Sudan
  138. [i] State:
  139. [i] City:
  140. [i] Latitude: 15.0
  141. [i] Longitude: 30.0
  142.  
  143.  
  144.  
  145.  
  146. H T T P H E A D E R S
  147. =======================================================================================================================================
  148.  
  149.  
  150. [i] HTTP/1.1 200 OK
  151. [i] Date: Thu, 21 Feb 2019 23:37:59 GMT
  152. [i] Server: Apache/2.2.15 (CentOS)
  153. [i] X-Powered-By: PHP/5.5.38
  154. [i] Connection: close
  155. [i] Content-Type: text/html; charset=UTF-8
  156.  
  157.  
  158.  
  159.  
  160. D N S L O O K U P
  161. =======================================================================================================================================
  162.  
  163. moe.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  164. moe.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  165. moe.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
  166. moe.gov.sd. 21599 IN A 62.12.98.17
  167. moe.gov.sd. 21599 IN MX 10 f03-web04.nic.gov.sd.
  168. moe.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  169.  
  170.  
  171.  
  172.  
  173. S U B N E T C A L C U L A T I O N
  174. =======================================================================================================================================
  175.  
  176. Address = 62.12.98.17
  177. Network = 62.12.98.17 / 32
  178. Netmask = 255.255.255.255
  179. Broadcast = not needed on Point-to-Point links
  180. Wildcard Mask = 0.0.0.0
  181. Hosts Bits = 0
  182. Max. Hosts = 1 (2^0 - 0)
  183. Host Range = { 62.12.98.17 - 62.12.98.17 }
  184.  
  185.  
  186.  
  187. N M A P P O R T S C A N
  188. =======================================================================================================================================
  189.  
  190.  
  191. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-22 00:40 UTC
  192. Nmap scan report for moe.gov.sd (62.12.98.17)
  193. Host is up (0.22s latency).
  194. PORT STATE SERVICE
  195. 21/tcp filtered ftp
  196. 22/tcp filtered ssh
  197. 23/tcp filtered telnet
  198. 80/tcp filtered http
  199. 110/tcp filtered pop3
  200. 143/tcp filtered imap
  201. 443/tcp filtered https
  202. 3389/tcp filtered ms-wbt-server
  203.  
  204. Nmap done: 1 IP address (1 host up) scanned in 3.92 seconds
  205. #######################################################################################################################################
  206. [?] Enter the target: example( http://domain.com )
  207. http://moe.gov.sd/
  208. [!] IP Address : 62.12.98.17
  209. [!] moe.gov.sd doesn't seem to use a CMS
  210. [+] Honeypot Probabilty: 0%
  211. ---------------------------------------------------------------------------------------------------------------------------------------
  212. [~] Trying to gather whois information for moe.gov.sd
  213. [+] Whois information found
  214. [-] Unable to build response, visit https://who.is/whois/moe.gov.sd
  215. ---------------------------------------------------------------------------------------------------------------------------------------
  216. PORT STATE SERVICE
  217. 21/tcp filtered ftp
  218. 22/tcp filtered ssh
  219. 23/tcp filtered telnet
  220. 80/tcp filtered http
  221. 110/tcp filtered pop3
  222. 143/tcp filtered imap
  223. 443/tcp filtered https
  224. 3389/tcp filtered ms-wbt-server
  225. Nmap done: 1 IP address (1 host up) scanned in 3.32 seconds
  226. ---------------------------------------------------------------------------------------------------------------------------------------
  227.  
  228. [+] DNS Records
  229. ns0.ndc.gov.sd. (62.12.109.2) Egypt Egypt
  230. ns1.ndc.gov.sd. (62.12.109.3) Egypt Egypt
  231.  
  232. [+] MX Records
  233. 10 (62.12.105.6) Egypt Egypt
  234.  
  235. [+] Host Records (A)
  236. moe.gov.sd (62.12.98.17) Egypt Egypt
  237.  
  238. [+] TXT Records
  239. "v=spf1 mx -all"
  240.  
  241. [+] DNS Map: https://dnsdumpster.com/static/map/moe.gov.sd.png
  242.  
  243. [>] Initiating 3 intel modules
  244. [>] Loading Alpha module (1/3)
  245. [>] Beta module deployed (2/3)
  246. [>] Gamma module initiated (3/3)
  247.  
  248.  
  249. [+] Emails found:
  250. ---------------------------------------------------------------------------------------------------------------------------------------
  251. info@moe.gov.sd
  252. pixel-1550796154670190-web-@moe.gov.sd
  253. pixel-1550796159202740-web-@moe.gov.sd
  254.  
  255. [+] Hosts found in search engines:
  256. ---------------------------------------------------------------------------------------------------------------------------------------
  257. [-] Resolving hostnames IPs...
  258. 62.12.98.17:www.moe.gov.sd
  259. [+] Virtual hosts:
  260. ---------------------------------------------------------------------------------------------------------------------------------------
  261. #######################################################################################################################################
  262. Enter Address Website = moe.gov.sd
  263.  
  264. Reverse IP With YouGetSignal 'moe.gov.sd'
  265. --------------------------------------------
  266.  
  267. [*] IP: 62.12.98.17
  268. [*] Domain: moe.gov.sd
  269. [*] Total Domains: 1
  270.  
  271. [+] moe.gov.sd
  272. #######################################################################################################################################
  273.  
  274. Geo IP Lookup 'moe.gov.sd'
  275. ---------------------------------------------------------------------------------------------------------------------------------------
  276.  
  277. [+] IP Address: 62.12.98.17
  278. [+] Country: Sudan
  279. [+] State:
  280. [+] City:
  281. [+] Latitude: 15.0
  282. [+] Longitude: 30.0
  283. #######################################################################################################################################
  284.  
  285. DNS Lookup 'moe.gov.sd'
  286. ---------------------------------------------------------------------------------------------------------------------------------------
  287.  
  288. [+] moe.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  289. [+] moe.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
  290. [+] moe.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  291. [+] moe.gov.sd. 21599 IN A 62.12.98.17
  292. [+] moe.gov.sd. 21599 IN MX 10 f03-web04.nic.gov.sd.
  293. [+] moe.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  294. #######################################################################################################################################
  295.  
  296. Show HTTP Header 'moe.gov.sd'
  297. ---------------------------------------------------------------------------------------------------------------------------------------
  298.  
  299. [+] HTTP/1.1 200 OK
  300. [+] Date: Thu, 21 Feb 2019 23:38:15 GMT
  301. [+] Server: Apache/2.2.15 (CentOS)
  302. [+] X-Powered-By: PHP/5.5.38
  303. [+] Connection: close
  304. [+] Content-Type: text/html; charset=UTF-8
  305. #######################################################################################################################################
  306.  
  307. Port Scan 'moe.gov.sd'
  308. ---------------------------------------------------------------------------------------------------------------------------------------
  309.  
  310.  
  311. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-22 00:40 UTC
  312. Nmap scan report for moe.gov.sd (62.12.98.17)
  313. Host is up (0.22s latency).
  314. PORT STATE SERVICE
  315. 21/tcp filtered ftp
  316. 22/tcp filtered ssh
  317. 23/tcp filtered telnet
  318. 80/tcp filtered http
  319. 110/tcp filtered pop3
  320. 143/tcp filtered imap
  321. 443/tcp filtered https
  322. 3389/tcp filtered ms-wbt-server
  323.  
  324. Nmap done: 1 IP address (1 host up) scanned in 3.32 seconds
  325. #######################################################################################################################################
  326.  
  327. Traceroute 'moe.gov.sd'
  328. ---------------------------------------------------------------------------------------------------------------------------------------
  329.  
  330. Start: 2019-02-22T00:40:25+0000
  331. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  332. 1.|-- 45.79.12.202 0.0% 3 1.1 1.4 0.7 2.4 0.9
  333. 2.|-- 45.79.12.6 0.0% 3 0.8 0.9 0.7 1.2 0.2
  334. 3.|-- dls-b22-link.telia.net 0.0% 3 0.9 1.1 0.9 1.4 0.3
  335. 4.|-- atl-b22-link.telia.net 0.0% 3 18.9 18.8 18.5 19.0 0.3
  336. 5.|-- ash-bb4-link.telia.net 0.0% 3 40.0 37.0 35.3 40.0 2.6
  337. 6.|-- prs-bb3-link.telia.net 0.0% 3 133.5 133.5 133.5 133.6 0.1
  338. 7.|-- mei-b2-link.telia.net 0.0% 3 130.7 130.6 130.4 130.7 0.1
  339. 8.|-- flagtelecom-ic-324599-mei-b2.c.telia.net 0.0% 3 143.9 152.3 143.9 162.1 9.2
  340. 9.|-- ae1.0.cjr01.mrs002.flagtel.com 0.0% 3 281.9 281.7 281.7 281.9 0.1
  341. 10.|-- ae3.0.cjr02.prs001.flagtel.com 0.0% 3 161.2 155.5 149.1 161.2 6.1
  342. 11.|-- xe-0-0-1.0.pjr04.dxb001.flagtel.com 0.0% 3 283.3 282.3 281.4 283.3 0.9
  343. 12.|-- 80.77.2.42 0.0% 3 258.2 266.6 257.9 283.6 14.8
  344. 13.|-- 196.29.177.113 0.0% 3 260.1 260.4 260.1 260.6 0.3
  345. 14.|-- 197.254.196.62 0.0% 3 282.0 282.2 282.0 282.4 0.2
  346. 15.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  347. #######################################################################################################################################
  348.  
  349. Ping 'moe.gov.sd'
  350. ---------------------------------------------------------------------------------------------------------------------------------------
  351.  
  352.  
  353. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-22 00:40 UTC
  354. SENT (0.2264s) ICMP [104.237.144.6 > 62.12.98.17 Echo request (type=8/code=0) id=53932 seq=1] IP [ttl=64 id=22091 iplen=28 ]
  355. SENT (1.2269s) ICMP [104.237.144.6 > 62.12.98.17 Echo request (type=8/code=0) id=53932 seq=2] IP [ttl=64 id=22091 iplen=28 ]
  356. SENT (2.2282s) ICMP [104.237.144.6 > 62.12.98.17 Echo request (type=8/code=0) id=53932 seq=3] IP [ttl=64 id=22091 iplen=28 ]
  357. SENT (3.2299s) ICMP [104.237.144.6 > 62.12.98.17 Echo request (type=8/code=0) id=53932 seq=4] IP [ttl=64 id=22091 iplen=28 ]
  358.  
  359. Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
  360. Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
  361. Nping done: 1 IP address pinged in 4.23 seconds
  362. #######################################################################################################################################
  363. ; <<>> DiG 9.11.5-P1-1-Debian <<>> moe.gov.sd
  364. ;; global options: +cmd
  365. ;; Got answer:
  366. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2357
  367. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  368.  
  369. ;; OPT PSEUDOSECTION:
  370. ; EDNS: version: 0, flags:; udp: 4096
  371. ;; QUESTION SECTION:
  372. ;moe.gov.sd. IN A
  373.  
  374. ;; ANSWER SECTION:
  375. moe.gov.sd. 84995 IN A 62.12.98.17
  376.  
  377. ;; Query time: 32 msec
  378. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  379. ;; WHEN: jeu fév 21 20:24:57 EST 2019
  380. ;; MSG SIZE rcvd: 55
  381. #######################################################################################################################################
  382. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace moe.gov.sd
  383. ;; global options: +cmd
  384. . 86322 IN NS a.root-servers.net.
  385. . 86322 IN NS i.root-servers.net.
  386. . 86322 IN NS h.root-servers.net.
  387. . 86322 IN NS c.root-servers.net.
  388. . 86322 IN NS g.root-servers.net.
  389. . 86322 IN NS l.root-servers.net.
  390. . 86322 IN NS d.root-servers.net.
  391. . 86322 IN NS f.root-servers.net.
  392. . 86322 IN NS b.root-servers.net.
  393. . 86322 IN NS e.root-servers.net.
  394. . 86322 IN NS m.root-servers.net.
  395. . 86322 IN NS k.root-servers.net.
  396. . 86322 IN NS j.root-servers.net.
  397. . 86322 IN RRSIG NS 8 0 518400 20190306190000 20190221180000 16749 . gKVEm9q+rOziudKwvQyhGJuw93Srx3lC7c4ap9Swq9pXz0/Wcee8HS4n +t9s/q7Il0WwjpieR4MevEtDz3jmOY98hlcZ9myg28XLKYMw/ofsyqCz Rm/JdVU+sdX9NZRFDC3sV3tDUb+mQwn+/0EUNOAjWcegy+YKcIvam++3 hV+O8d34RBf2KsKBNEG6Gg7Qb86aqc7VsnD2aE+c/tf0eTw5HC/UBmXM RQfKRHaIvtSa2xnrvgwhXI4ieqCZv4f7vr/hXZFzurdGQwV/ksxUv/s7 ttWFNuwdco0g5fa/x2ENvIdp25/ozIkKZsy9gp0XFTdpXcNxtxaZGNCM SPaTyA==
  398. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 35 ms
  399.  
  400. sd. 172800 IN NS ans1.canar.sd.
  401. sd. 172800 IN NS ans2.canar.sd.
  402. sd. 172800 IN NS ns1.uaenic.ae.
  403. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  404. sd. 172800 IN NS ans1.sis.sd.
  405. sd. 172800 IN NS ns2.uaenic.ae.
  406. sd. 172800 IN NS ns-sd.afrinic.net.
  407. sd. 86400 IN NSEC se. NS RRSIG NSEC
  408. sd. 86400 IN RRSIG NSEC 8 1 86400 20190306190000 20190221180000 16749 . de4ySUGmhO0Ko1yG3xxBlKlKNt6OS4imgnlZya5GZp8e3JjEPMf8Zb5D YG22ZVprg2dsF+NQbluL+IcmgfHNbyR9jNwBasS75yFk/ZT+11W0HuAO Lhp/F/2hsSg3PmJA03xvfiQjg/KXaAEAyaLWiQoBmEgFfxlvVWLDl1Lz /kUNnCcthWn/1x9GHAOhdKgykOToKjepWmAphil+SWR7hVyNsIlN2mvC QiQzhA6Ne0ZEe5inxYh3UfjAbkZqc6bmPIauUyIbAhggrZdaWXntV7Uj PuBhDIewJCBeB2qVpRcU+/l1NEb1rFYxJjEWfdCb7mpGVlPZsHcqlSX5 pKBzXQ==
  409. ;; Received 725 bytes from 192.112.36.4#53(g.root-servers.net) in 64 ms
  410.  
  411. ;; Received 67 bytes from 213.42.0.226#53(ns1.uaenic.ae) in 211 ms
  412. #######################################################################################################################################
  413. [*] Performing General Enumeration of Domain: moe.gov.sd
  414. [-] DNSSEC is not configured for moe.gov.sd
  415. [*] SOA ns0.ndc.gov.sd 62.12.109.2
  416. [*] NS ns1.ndc.gov.sd 62.12.109.3
  417. [*] Bind Version for 62.12.109.3 you guess!
  418. [*] NS ns0.ndc.gov.sd 62.12.109.2
  419. [*] Bind Version for 62.12.109.2 you guess!
  420. [*] MX f03-web04.nic.gov.sd 62.12.105.6
  421. [*] A moe.gov.sd 62.12.98.17
  422. [*] TXT moe.gov.sd v=spf1 mx -all
  423. [*] Enumerating SRV Records
  424. [-] No SRV Records Found for moe.gov.sd
  425. [+] 0 Records Found
  426. #######################################################################################################################################
  427. [*] Processing domain moe.gov.sd
  428. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  429. [+] Getting nameservers
  430. 62.12.109.3 - ns1.ndc.gov.sd
  431. [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
  432. moe.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  433. moe.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  434. moe.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  435. moe.gov.sd. 86400 IN A 62.12.98.17
  436. moe.gov.sd. 86400 IN MX 10 f03-web04.nic.gov.sd.
  437. moe.gov.sd. 86400 IN TXT "v=spf1 mx -all"
  438. emis.moe.gov.sd. 86400 IN A 62.12.98.17
  439. mail.moe.gov.sd. 86400 IN A 62.12.105.6
  440. mail.moe.gov.sd. 86400 IN MX 10 mail.moe.gov.sd.
  441. webmail.moe.gov.sd. 86400 IN CNAME mail.moe.gov.sd.
  442. www.moe.gov.sd. 86400 IN A 62.12.98.17
  443. #######################################################################################################################################
  444. Port État Service
  445. 25/tcp closed smtp
  446. 80/tcp open http
  447. 113/tcp closed ident
  448. 139/tcp closed netbios-ssn
  449. 445/tcp closed microsoft-ds
  450. #######################################################################################################################################
  451. Source TTL Type d'adresse Type d'enregistrement Résolution
  452. moe.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  453. moe.gov.sd. 86400 IN MX f03-web04.nic.gov.sd. (10)
  454. moe.gov.sd. 86400 IN A 62.12.98.17
  455. moe.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  456. moe.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  457. moe.gov.sd. 86400 IN TXT "v=spf1 mx -all"
  458. #######################################################################################################################################
  459. Saut Nom d'hôte Adresse IP Temps 1
  460. 1 10.243.200.1 10.243.200.1 23.429
  461. 1 10.243.200.1 10.243.200.1 31.602
  462. 2 vlan102.as02.qc1.ca.m247.com 176.113.74.17 21.969
  463. 3 irb-0.agg1.qc1.ca.m247.com 37.120.128.168 36.949
  464. 4 te-1-5-2-0.bb1.fra2.de.m247.com 82.102.29.44 29.933
  465. 5 te0-7-0-2.rcr21.ymq02.atlas.cogentco.com 38.122.42.161 22.551
  466. 6 hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com 154.54.25.126 23.951
  467. 7 be3043.ccr22.lpl01.atlas.cogentco.com 154.54.44.165 93.507
  468. 8 be2391.ccr51.lhr01.atlas.cogentco.com 154.54.39.149 97.720
  469. 9 be3488.ccr42.lon13.atlas.cogentco.com 154.54.60.13 99.494
  470. 10 be2868.ccr21.lon01.atlas.cogentco.com 154.54.57.154 100.340
  471. 11 expressotelecom.demarc.cogentco.com 149.14.248.202 99.660
  472. 12 185.153.20.70 185.153.20.70 178.216
  473. 13 185.153.20.82 185.153.20.82 178.572
  474. 14 185.153.20.94 185.153.20.94 176.924
  475. 15 185.153.20.153 185.153.20.153 188.347
  476. 16 212.0.131.109 212.0.131.109 201.673
  477. 17 196.202.137.249 196.202.137.249 205.682
  478. 18 196.202.145.94 196.202.145.94 200.494
  479. #######################################################################################################################################
  480. =======================================================================================================================================
  481. | External hosts:
  482. | [+] External Host Found: http://www.mohe.gov.sd
  483. | [+] External Host Found: http://www.alecso.org
  484. | [+] External Host Found: http://httpd.apache.org
  485. | [+] External Host Found: https://code.jquery.com
  486. | [+] External Host Found: http://www.isesco.org.ma
  487. | [+] External Host Found: https://twitter.com
  488. | [+] External Host Found: http://nashattolabi.sd
  489. | [+] External Host Found: http://nctte.gov.sd
  490. | [+] External Host Found: http://pagead2.googlesyndication.com
  491. | [+] External Host Found: http://nashattolbi.blogspot.com
  492. | [+] External Host Found: http://www.jssor.com
  493. | [+] External Host Found: http://www.education.gov.sd
  494. | [+] External Host Found: https://maps.googleapis.com
  495. | [+] External Host Found: https://www.facebook.com
  496. | [+] External Host Found: https://cdnjs.cloudflare.com
  497. | [+] External Host Found: http://www.admission.gov.sd
  498. | [+] External Host Found: http://www.manahg.edu.sd
  499. | [+] External Host Found: http://www.eschoolsudan.com
  500. | [+] External Host Found: https://oss.maxcdn.com
  501. | [+] External Host Found: http://code.jquery.com
  502. =======================================================================================================================================
  503. | E-mails:
  504. | [+] E-mail Found: siddgas555@gmail.com
  505. | [+] E-mail Found: mahgoub1955@gmail.com
  506. | [+] E-mail Found: info@moe.gov.sd
  507. | [+] E-mail Found: mike@hyperreal.org
  508. | [+] E-mail Found: kevinh@kevcom.com
  509. | [+] E-mail Found: nashtfs2017@gmail.com
  510. | [+] E-mail Found: nashatfs2016@gmail.com
  511. =======================================================================================================================================
  512. #######################################################################################################################################
  513. dnsenum VERSION:1.2.4
  514.  
  515. ----- moe.gov.sd -----
  516.  
  517.  
  518. Host's addresses:
  519. __________________
  520.  
  521. moe.gov.sd. 85098 IN A 62.12.98.17
  522.  
  523.  
  524. Name Servers:
  525. ______________
  526.  
  527. ns1.ndc.gov.sd. 12937 IN A 62.12.109.3
  528. ns0.ndc.gov.sd. 12937 IN A 62.12.109.2
  529.  
  530.  
  531. Mail (MX) Servers:
  532. ___________________
  533.  
  534. f03-web04.nic.gov.sd. 84935 IN A 62.12.105.6
  535.  
  536.  
  537. Trying Zone Transfers and getting Bind Versions:
  538. _________________________________________________
  539.  
  540.  
  541. Trying Zone Transfer for moe.gov.sd on ns1.ndc.gov.sd ...
  542. moe.gov.sd. 86400 IN SOA (
  543. moe.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  544. moe.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  545. moe.gov.sd. 86400 IN A 62.12.98.17
  546. moe.gov.sd. 86400 IN MX 10
  547. moe.gov.sd. 86400 IN TXT "v=spf1
  548. emis.moe.gov.sd. 86400 IN A 62.12.98.17
  549. mail.moe.gov.sd. 86400 IN A 62.12.105.6
  550. mail.moe.gov.sd. 86400 IN MX 10
  551. webmail.moe.gov.sd. 86400 IN CNAME mail.moe.gov.sd.
  552. www.moe.gov.sd. 86400 IN A 62.12.98.17
  553.  
  554. Trying Zone Transfer for moe.gov.sd on ns0.ndc.gov.sd ...
  555. moe.gov.sd. 86400 IN SOA (
  556. moe.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  557. moe.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  558. moe.gov.sd. 86400 IN A 62.12.98.17
  559. moe.gov.sd. 86400 IN MX 10
  560. moe.gov.sd. 86400 IN TXT "v=spf1
  561. emis.moe.gov.sd. 86400 IN A 62.12.98.17
  562. mail.moe.gov.sd. 86400 IN A 62.12.105.6
  563. mail.moe.gov.sd. 86400 IN MX 10
  564. webmail.moe.gov.sd. 86400 IN CNAME mail.moe.gov.sd.
  565. www.moe.gov.sd. 86400 IN A 62.12.98.17
  566. #######################################################################################################################################
  567.  
  568. ____ _ _ _ _ _____
  569. / ___| _ _| |__ | (_)___| |_|___ / _ __
  570. \___ \| | | | '_ \| | / __| __| |_ \| '__|
  571. ___) | |_| | |_) | | \__ \ |_ ___) | |
  572. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  573.  
  574. # Coded By Ahmed Aboul-Ela - @aboul3la
  575.  
  576. [-] Enumerating subdomains now for moe.gov.sd
  577. [-] verbosity is enabled, will show the subdomains results in realtime
  578. [-] Searching now in Baidu..
  579. [-] Searching now in Yahoo..
  580. [-] Searching now in Google..
  581. [-] Searching now in Bing..
  582. [-] Searching now in Ask..
  583. [-] Searching now in Netcraft..
  584. [-] Searching now in DNSdumpster..
  585. [-] Searching now in Virustotal..
  586. [-] Searching now in ThreatCrowd..
  587. [-] Searching now in SSL Certificates..
  588. [-] Searching now in PassiveDNS..
  589. Virustotal: www.moe.gov.sd
  590. Virustotal: emis.moe.gov.sd
  591. Virustotal: mail.moe.gov.sd
  592. Bing: webmail.moe.gov.sd
  593. Bing: emis.moe.gov.sd
  594. Yahoo: www.moe.gov.sd
  595. Yahoo: emis.moe.gov.sd
  596. Google: emis.moe.gov.sd
  597. Google: webmail.moe.gov.sd
  598. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-moe.gov.sd.txt
  599. [-] Total Unique Subdomains Found: 4
  600. www.moe.gov.sd
  601. emis.moe.gov.sd
  602. mail.moe.gov.sd
  603. webmail.moe.gov.sd
  604. #######################################################################################################################################
  605. ===============================================
  606. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  607. ===============================================
  608.  
  609.  
  610. Running Source: Ask
  611. Running Source: Archive.is
  612. Running Source: Baidu
  613. Running Source: Bing
  614. Running Source: CertDB
  615. Running Source: CertificateTransparency
  616. Running Source: Certspotter
  617. Running Source: Commoncrawl
  618. Running Source: Crt.sh
  619. Running Source: Dnsdb
  620. Running Source: DNSDumpster
  621. Running Source: DNSTable
  622. Running Source: Dogpile
  623. Running Source: Exalead
  624. Running Source: Findsubdomains
  625. Running Source: Googleter
  626. Running Source: Hackertarget
  627. Running Source: Ipv4Info
  628. Running Source: PTRArchive
  629. Running Source: Sitedossier
  630. Running Source: Threatcrowd
  631. Running Source: ThreatMiner
  632. Running Source: WaybackArchive
  633. Running Source: Yahoo
  634.  
  635. Running enumeration on moe.gov.sd
  636.  
  637. dnsdb: Unexpected return status 503
  638.  
  639.  
  640. Starting Bruteforcing of moe.gov.sd with 9985 words
  641.  
  642. Total 9 Unique subdomains found for moe.gov.sd
  643.  
  644. .moe.gov.sd
  645. emis.moe.gov.sd
  646. emis.moe.gov.sd
  647. mail.moe.gov.sd
  648. mail.moe.gov.sd
  649. webmail.moe.gov.sd
  650. webmail.moe.gov.sd
  651. www.moe.gov.sd
  652. www.moe.gov.sd
  653. ######################################################################################################################################
  654. [*] Processing domain moe.gov.sd
  655. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  656. [+] Getting nameservers
  657. 62.12.109.3 - ns1.ndc.gov.sd
  658. [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
  659. moe.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017042400 10800 900 604800 86400
  660. moe.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  661. moe.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  662. moe.gov.sd. 86400 IN A 62.12.98.17
  663. moe.gov.sd. 86400 IN MX 10 f03-web04.nic.gov.sd.
  664. moe.gov.sd. 86400 IN TXT "v=spf1 mx -all"
  665. emis.moe.gov.sd. 86400 IN A 62.12.98.17
  666. mail.moe.gov.sd. 86400 IN A 62.12.105.6
  667. mail.moe.gov.sd. 86400 IN MX 10 mail.moe.gov.sd.
  668. webmail.moe.gov.sd. 86400 IN CNAME mail.moe.gov.sd.
  669. www.moe.gov.sd. 86400 IN A 62.12.98.17
  670. #######################################################################################################################################
  671. [*] Found SPF record:
  672. [*] v=spf1 mx -all
  673. [*] SPF record contains an All item: -all
  674. [*] No DMARC record found. Looking for organizational record
  675. [+] No organizational DMARC record
  676. [+] Spoofing possible for moe.gov.sd!
  677. #######################################################################################################################################
  678. INFO[0000] Starting to process queue....
  679. INFO[0000] Starting to process permutations....
  680. INFO[0000] FORBIDDEN http://moe-uploads.s3.amazonaws.com (http://moe.gov.sd)
  681. INFO[0000] FORBIDDEN http://moe-builds.s3.amazonaws.com (http://moe.gov.sd)
  682. INFO[0000] FORBIDDEN http://moe-testing.s3.amazonaws.com (http://moe.gov.sd)
  683. INFO[0000] FORBIDDEN http://moe-cluster.s3.amazonaws.com (http://moe.gov.sd)
  684. INFO[0000] FORBIDDEN http://moe-test.s3.amazonaws.com (http://moe.gov.sd)
  685. INFO[0000] FORBIDDEN http://moe-bucket.s3.amazonaws.com (http://moe.gov.sd)
  686. INFO[0000] FORBIDDEN http://moe-training.s3.amazonaws.com (http://moe.gov.sd)
  687. INFO[0000] FORBIDDEN http://moe.s3.amazonaws.com (http://moe.gov.sd)
  688. INFO[0000] FORBIDDEN http://moe-stats.s3.amazonaws.com (http://moe.gov.sd)
  689. INFO[0000] FORBIDDEN http://moe-staging.s3.amazonaws.com (http://moe.gov.sd)
  690. INFO[0000] FORBIDDEN http://moe-dev.s3.amazonaws.com (http://moe.gov.sd)
  691. INFO[0000] FORBIDDEN http://moe-src.s3.amazonaws.com (http://moe.gov.sd)
  692. INFO[0000] FORBIDDEN http://moe-data.s3.amazonaws.com (http://moe.gov.sd)
  693. #######################################################################################################################################
  694. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 20:31 EST
  695. Nmap scan report for moe.gov.sd (62.12.98.17)
  696. Host is up (0.049s latency).
  697. Not shown: 471 filtered ports, 4 closed ports
  698. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  699. PORT STATE SERVICE
  700. 80/tcp open http
  701. #######################################################################################################################################
  702. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 20:31 EST
  703. Nmap scan report for moe.gov.sd (62.12.98.17)
  704. Host is up (0.023s latency).
  705. Not shown: 2 filtered ports
  706. PORT STATE SERVICE
  707. 53/udp open|filtered domain
  708. 67/udp open|filtered dhcps
  709. 68/udp open|filtered dhcpc
  710. 69/udp open|filtered tftp
  711. 88/udp open|filtered kerberos-sec
  712. 123/udp open|filtered ntp
  713. 139/udp open|filtered netbios-ssn
  714. 161/udp open|filtered snmp
  715. 162/udp open|filtered snmptrap
  716. 389/udp open|filtered ldap
  717. 520/udp open|filtered route
  718. 2049/udp open|filtered nfs
  719. #######################################################################################################################################
  720. http://moe.gov.sd [200 OK] Email[info@moe.gov.sd], IP[62.12.98.17], JQuery[1.11.3,1.4.2], PHP[5.5.38], Script[text/javascript], Title[وزارة التربية والتعليم], X-Powered-By[PHP/5.5.38], X-UA-Compatible[IE=edge]
  721. #######################################################################################################################################
  722.  
  723. wig - WebApp Information Gatherer
  724.  
  725.  
  726. Scanning http://moe.gov.sd...
  727. _________________ SITE INFO _________________
  728. IP Title
  729. 62.12.98.17 وزارة التربية والتعليم
  730.  
  731. __________________ VERSION __________________
  732. Name Versions Type
  733. Apache 2.2.15 Platform
  734. PHP 5.5.38 Platform
  735. jQuery 1.4.2 JavaScript
  736. CentOS 6.6 | 6.8 OS
  737.  
  738. ________________ INTERESTING ________________
  739. URL Note Type
  740. /test.php Test file Interesting
  741.  
  742. _____________________________________________
  743. Time: 2.2 sec Urls: 833 Fingerprints: 40401
  744. #######################################################################################################################################
  745. HTTP/1.1 200 OK
  746. Date: Fri, 22 Feb 2019 00:30:11 GMT
  747. X-Powered-By: PHP/5.5.38
  748. Content-Type: text/html; charset=UTF-8
  749. Connection: keep-alive
  750.  
  751. HTTP/1.1 200 OK
  752. Date: Fri, 22 Feb 2019 00:30:11 GMT
  753. X-Powered-By: PHP/5.5.38
  754. Content-Type: text/html; charset=UTF-8
  755. Connection: keep-alive
  756. #######################################################################################################################################
  757. --------------------------------------------------------
  758. <<<Yasuo discovered following vulnerable applications>>>
  759. --------------------------------------------------------
  760. +------------+-----------------------------------+--------------------------------------------------+----------+----------+
  761. | App Name | URL to Application | Potential Exploit | Username | Password |
  762. +------------+-----------------------------------+--------------------------------------------------+----------+----------+
  763. | phpMyAdmin | http://62.12.98.17:80/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | | |
  764. +------------+-----------------------------------+--------------------------------------------------+----------+----------+
  765. #######################################################################################################################################
  766. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 20:24 EST
  767. Nmap scan report for 62.12.98.17
  768. Host is up (0.058s latency).
  769. Not shown: 471 filtered ports, 4 closed ports
  770. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  771. PORT STATE SERVICE
  772. 80/tcp open http
  773. #######################################################################################################################################
  774. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 20:24 EST
  775. Nmap scan report for 62.12.98.17
  776. Host is up (0.023s latency).
  777. Not shown: 2 filtered ports
  778. PORT STATE SERVICE
  779. 53/udp open|filtered domain
  780. 67/udp open|filtered dhcps
  781. 68/udp open|filtered dhcpc
  782. 69/udp open|filtered tftp
  783. 88/udp open|filtered kerberos-sec
  784. 123/udp open|filtered ntp
  785. 139/udp open|filtered netbios-ssn
  786. 161/udp open|filtered snmp
  787. 162/udp open|filtered snmptrap
  788. 389/udp open|filtered ldap
  789. 520/udp open|filtered route
  790. 2049/udp open|filtered nfs
  791. #######################################################################################################################################
  792. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 20:24 EST
  793. Nmap scan report for 62.12.98.17
  794. Host is up.
  795.  
  796. PORT STATE SERVICE VERSION
  797. 67/udp open|filtered dhcps
  798. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  799. Too many fingerprints match this host to give specific OS details
  800.  
  801. TRACEROUTE (using proto 1/icmp)
  802. HOP RTT ADDRESS
  803. 1 22.08 ms 10.243.200.1
  804. 2 22.91 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  805. 3 35.29 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  806. 4 22.90 ms 82.102.29.44
  807. 5 22.94 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  808. 6 22.96 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  809. 7 91.73 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  810. 8 98.15 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  811. 9 98.76 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  812. 10 99.59 ms 154.54.57.154
  813. 11 98.07 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  814. 12 177.07 ms 185.153.20.70
  815. 13 177.10 ms 185.153.20.82
  816. 14 177.11 ms 185.153.20.94
  817. 15 186.80 ms 185.153.20.153
  818. 16 200.82 ms 212.0.131.109
  819. 17 205.86 ms 196.202.137.249
  820. 18 198.66 ms 196.202.145.94
  821. 19 ... 30
  822. #######################################################################################################################################
  823. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 20:26 EST
  824. Nmap scan report for 62.12.98.17
  825. Host is up.
  826.  
  827. PORT STATE SERVICE VERSION
  828. 68/udp open|filtered dhcpc
  829. Too many fingerprints match this host to give specific OS details
  830.  
  831. TRACEROUTE (using proto 1/icmp)
  832. HOP RTT ADDRESS
  833. 1 22.79 ms 10.243.200.1
  834. 2 23.49 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  835. 3 34.77 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  836. 4 23.28 ms 82.102.29.44
  837. 5 23.51 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  838. 6 23.90 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  839. 7 93.94 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  840. 8 99.78 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  841. 9 99.81 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  842. 10 100.40 ms 154.54.57.154
  843. 11 100.89 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  844. 12 179.39 ms 185.153.20.70
  845. 13 179.39 ms 185.153.20.82
  846. 14 179.34 ms 185.153.20.94
  847. 15 189.68 ms 185.153.20.153
  848. 16 203.11 ms 212.0.131.109
  849. 17 203.41 ms 196.202.137.249
  850. 18 197.33 ms 196.202.145.94
  851. 19 ... 30
  852. #######################################################################################################################################
  853. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 20:28 EST
  854. Nmap scan report for 62.12.98.17
  855. Host is up.
  856.  
  857. PORT STATE SERVICE VERSION
  858. 69/udp open|filtered tftp
  859. Too many fingerprints match this host to give specific OS details
  860.  
  861. TRACEROUTE (using proto 1/icmp)
  862. HOP RTT ADDRESS
  863. 1 21.33 ms 10.243.200.1
  864. 2 22.31 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  865. 3 40.53 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  866. 4 21.70 ms 82.102.29.44
  867. 5 22.35 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  868. 6 22.37 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  869. 7 91.25 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  870. 8 97.23 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  871. 9 98.59 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  872. 10 98.65 ms 154.54.57.154
  873. 11 101.39 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  874. 12 179.98 ms 185.153.20.70
  875. 13 180.15 ms 185.153.20.82
  876. 14 180.15 ms 185.153.20.94
  877. 15 190.99 ms 185.153.20.153
  878. 16 204.94 ms 212.0.131.109
  879. 17 204.83 ms 196.202.137.249
  880. 18 198.90 ms 196.202.145.94
  881. 19 ... 30
  882. #######################################################################################################################################
  883.  
  884. wig - WebApp Information Gatherer
  885.  
  886.  
  887. Scanning http://62.12.98.17...
  888. ___________________________________________ SITE INFO ___________________________________________
  889. IP Title
  890. 62.12.98.17 وزارة التربية والتعليم
  891.  
  892. ____________________________________________ VERSION ____________________________________________
  893. Name Versions Type
  894. Apache 2.2.11 | 2.2.12 | 2.2.13 | 2.2.14 | 2.2.15 | 2.2.16 | 2.2.17 Platform
  895. 2.2.18 | 2.2.19 | 2.2.20 | 2.2.21 | 2.2.22 | 2.2.23 | 2.2.24
  896. 2.2.25 | 2.2.26 | 2.2.27 | 2.2.28 | 2.2.29 | 2.3.0 | 2.3.1
  897. 2.3.10 | 2.3.11 | 2.3.12 | 2.3.13 | 2.3.14 | 2.3.15 | 2.3.16
  898. 2.3.2 | 2.3.3 | 2.3.4 | 2.3.5 | 2.3.6 | 2.3.7 | 2.3.8
  899. 2.3.9 | 2.4.0 | 2.4.1 | 2.4.2 | 2.4.3
  900. PHP 5.5.38 Platform
  901. jQuery 1.4.2 JavaScript
  902.  
  903. __________________________________________ INTERESTING __________________________________________
  904. URL Note Type
  905. /test.php Test file Interesting
  906.  
  907. _________________________________________________________________________________________________
  908. Time: 75.7 sec Urls: 833 Fingerprints: 40401
  909. #######################################################################################################################################
  910. HTTP/1.1 200 OK
  911. Date: Fri, 22 Feb 2019 00:30:33 GMT
  912. X-Powered-By: PHP/5.5.38
  913. Content-Type: text/html; charset=UTF-8
  914. Connection: keep-alive
  915.  
  916. HTTP/1.1 200 OK
  917. Date: Fri, 22 Feb 2019 00:30:34 GMT
  918. X-Powered-By: PHP/5.5.38
  919. Content-Type: text/html; charset=UTF-8
  920. Connection: keep-alive
  921. #######################################################################################################################################
  922. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 20:32 EST
  923. Nmap scan report for 62.12.98.17
  924. Host is up.
  925.  
  926. PORT STATE SERVICE VERSION
  927. 123/udp open|filtered ntp
  928. Too many fingerprints match this host to give specific OS details
  929.  
  930. TRACEROUTE (using proto 1/icmp)
  931. HOP RTT ADDRESS
  932. 1 23.50 ms 10.243.200.1
  933. 2 23.54 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  934. 3 33.13 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  935. 4 26.67 ms 82.102.29.44
  936. 5 23.84 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  937. 6 23.58 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  938. 7 93.35 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  939. 8 99.12 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  940. 9 100.18 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  941. 10 100.18 ms 154.54.57.154
  942. 11 99.16 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  943. 12 177.66 ms 185.153.20.70
  944. 13 177.99 ms 185.153.20.82
  945. 14 177.61 ms 185.153.20.94
  946. 15 187.94 ms 185.153.20.153
  947. 16 209.83 ms 212.0.131.109
  948. 17 220.43 ms 196.202.137.249
  949. 18 200.93 ms 196.202.145.94
  950. 19 ... 30
  951. #######################################################################################################################################
  952. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 20:35 EST
  953. Nmap scan report for 62.12.98.17
  954. Host is up (0.025s latency).
  955.  
  956. PORT STATE SERVICE VERSION
  957. 161/tcp filtered snmp
  958. 161/udp open|filtered snmp
  959. Too many fingerprints match this host to give specific OS details
  960.  
  961. TRACEROUTE (using proto 1/icmp)
  962. HOP RTT ADDRESS
  963. 1 23.85 ms 10.243.200.1
  964. 2 24.40 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  965. 3 46.10 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  966. 4 24.39 ms 82.102.29.44
  967. 5 24.69 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  968. 6 24.72 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  969. 7 96.68 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  970. 8 112.05 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  971. 9 112.67 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  972. 10 113.11 ms 154.54.57.154
  973. 11 101.17 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  974. 12 180.14 ms 185.153.20.70
  975. 13 180.36 ms 185.153.20.82
  976. 14 180.11 ms 185.153.20.94
  977. 15 190.12 ms 185.153.20.153
  978. 16 201.60 ms 212.0.131.109
  979. 17 210.31 ms 196.202.137.249
  980. 18 201.49 ms 196.202.145.94
  981. 19 ... 30
  982. #######################################################################################################################################
  983. --------------------------------------------------------
  984. <<<Yasuo discovered following vulnerable applications>>>
  985. --------------------------------------------------------
  986. +------------+-----------------------------------+--------------------------------------------------+----------+----------+
  987. | App Name | URL to Application | Potential Exploit | Username | Password |
  988. +------------+-----------------------------------+--------------------------------------------------+----------+----------+
  989. | phpMyAdmin | http://62.12.98.17:80/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | | |
  990. +------------+-----------------------------------+--------------------------------------------------+----------+----------+
  991. #######################################################################################################################################
  992. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 20:38 EST
  993. NSE: Loaded 148 scripts for scanning.
  994. NSE: Script Pre-scanning.
  995. NSE: Starting runlevel 1 (of 2) scan.
  996. Initiating NSE at 20:38
  997. Completed NSE at 20:38, 0.00s elapsed
  998. NSE: Starting runlevel 2 (of 2) scan.
  999. Initiating NSE at 20:38
  1000. Completed NSE at 20:38, 0.00s elapsed
  1001. Initiating Ping Scan at 20:38
  1002. Scanning 62.12.98.17 [4 ports]
  1003. Completed Ping Scan at 20:38, 0.06s elapsed (1 total hosts)
  1004. Initiating Parallel DNS resolution of 1 host. at 20:38
  1005. Completed Parallel DNS resolution of 1 host. at 20:38, 0.02s elapsed
  1006. Initiating Connect Scan at 20:38
  1007. Scanning 62.12.98.17 [1000 ports]
  1008. Discovered open port 80/tcp on 62.12.98.17
  1009. Completed Connect Scan at 20:38, 13.36s elapsed (1000 total ports)
  1010. Initiating Service scan at 20:38
  1011. Scanning 1 service on 62.12.98.17
  1012. Completed Service scan at 20:39, 25.43s elapsed (1 service on 1 host)
  1013. Initiating OS detection (try #1) against 62.12.98.17
  1014. Retrying OS detection (try #2) against 62.12.98.17
  1015. Initiating Traceroute at 20:39
  1016. Completed Traceroute at 20:39, 6.15s elapsed
  1017. Initiating Parallel DNS resolution of 18 hosts. at 20:39
  1018. Completed Parallel DNS resolution of 18 hosts. at 20:39, 16.50s elapsed
  1019. NSE: Script scanning 62.12.98.17.
  1020. NSE: Starting runlevel 1 (of 2) scan.
  1021. Initiating NSE at 20:39
  1022. Completed NSE at 20:39, 6.25s elapsed
  1023. NSE: Starting runlevel 2 (of 2) scan.
  1024. Initiating NSE at 20:39
  1025. Completed NSE at 20:39, 0.00s elapsed
  1026. Nmap scan report for 62.12.98.17
  1027. Host is up, received reset ttl 64 (0.031s latency).
  1028. Scanned at 2019-02-21 20:38:40 EST for 72s
  1029. Not shown: 995 filtered ports
  1030. Reason: 994 no-responses and 1 host-unreach
  1031. PORT STATE SERVICE REASON VERSION
  1032. 25/tcp closed smtp conn-refused
  1033. 80/tcp open http-proxy syn-ack Squid http proxy (PHP 5.5.38)
  1034. | http-methods:
  1035. |_ Supported Methods: GET HEAD POST OPTIONS
  1036. |_http-open-proxy: Proxy might be redirecting requests
  1037. |_http-title: \xD9\x88\xD8\xB2\xD8\xA7\xD8\xB1\xD8\xA9 \xD8\xA7\xD9\x84\xD8\xAA\xD8\xB1\xD8\xA8\xD9\x8A\xD8\xA9 \xD9\x88\xD8\xA7\xD9\x84\xD8\xAA\xD8\xB9\xD9\x84\xD9\x8A\xD9\x85
  1038. 113/tcp closed ident conn-refused
  1039. 139/tcp closed netbios-ssn conn-refused
  1040. 445/tcp closed microsoft-ds conn-refused
  1041. Device type: general purpose|storage-misc|broadband router|WAP
  1042. Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (93%), HP embedded (90%), Asus embedded (87%)
  1043. OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:4 cpe:/h:hp:p2000_g3 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel cpe:/h:asus:rt-ac66u
  1044. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
  1045. Aggressive OS guesses: Linux 3.18 (93%), Linux 3.16 - 4.6 (93%), Linux 3.10 - 4.11 (91%), Linux 3.13 (91%), Linux 3.13 or 4.2 (91%), Linux 4.2 (91%), Linux 4.4 (91%), HP P2000 G3 NAS device (90%), Linux 3.2 - 4.9 (90%), Linux 2.6.32 (89%)
  1046. No exact OS matches for host (test conditions non-ideal).
  1047. TCP/IP fingerprint:
  1048. SCAN(V=7.70%E=4%D=2/21%OT=80%CT=25%CU=%PV=N%G=N%TM=5C6F52E8%P=x86_64-pc-linux-gnu)
  1049. SEQ(SP=105%GCD=1%ISR=10A%TI=Z%CI=Z%TS=8)
  1050. OPS(O1=M4B3ST11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4B3ST11)
  1051. WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
  1052. ECN(R=Y%DF=Y%TG=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)
  1053. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
  1054. T2(R=N)
  1055. T3(R=N)
  1056. T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
  1057. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
  1058. T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
  1059. T7(R=N)
  1060. U1(R=N)
  1061. IE(R=N)
  1062.  
  1063. Uptime guess: 24.695 days (since Mon Jan 28 03:58:42 2019)
  1064. TCP Sequence Prediction: Difficulty=261 (Good luck!)
  1065. IP ID Sequence Generation: All zeros
  1066.  
  1067. TRACEROUTE (using proto 1/icmp)
  1068. HOP RTT ADDRESS
  1069. 1 22.28 ms 10.243.200.1
  1070. 2 22.67 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
  1071. 3 39.89 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
  1072. 4 22.34 ms 82.102.29.44
  1073. 5 23.08 ms te0-7-0-2.rcr21.ymq02.atlas.cogentco.com (38.122.42.161)
  1074. 6 22.73 ms hu0-4-0-1.ccr21.ymq01.atlas.cogentco.com (154.54.25.126)
  1075. 7 92.20 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
  1076. 8 97.90 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
  1077. 9 98.74 ms be3487.ccr41.lon13.atlas.cogentco.com (154.54.60.5)
  1078. 10 99.38 ms 154.54.57.154
  1079. 11 98.69 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1080. 12 176.82 ms 185.153.20.70
  1081. 13 176.94 ms 185.153.20.82
  1082. 14 176.78 ms 185.153.20.94
  1083. 15 191.75 ms 185.153.20.153
  1084. 16 211.11 ms 212.0.131.109
  1085. 17 204.47 ms 196.202.137.249
  1086. 18 198.05 ms 196.202.145.94
  1087. 19 ... 30
  1088.  
  1089. NSE: Script Post-scanning.
  1090. NSE: Starting runlevel 1 (of 2) scan.
  1091. Initiating NSE at 20:39
  1092. Completed NSE at 20:39, 0.00s elapsed
  1093. NSE: Starting runlevel 2 (of 2) scan.
  1094. Initiating NSE at 20:39
  1095. Completed NSE at 20:39, 0.00s elapsed
  1096. Read data files from: /usr/bin/../share/nmap
  1097. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1098. Nmap done: 1 IP address (1 host up) scanned in 72.82 seconds
  1099. Raw packets sent: 126 (9.504KB) | Rcvd: 65 (4.514KB)
  1100. #######################################################################################################################################
  1101. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-21 20:39 EST
  1102. NSE: Loaded 148 scripts for scanning.
  1103. NSE: Script Pre-scanning.
  1104. Initiating NSE at 20:39
  1105. Completed NSE at 20:39, 0.00s elapsed
  1106. Initiating NSE at 20:39
  1107. Completed NSE at 20:39, 0.00s elapsed
  1108. Initiating Parallel DNS resolution of 1 host. at 20:39
  1109. Completed Parallel DNS resolution of 1 host. at 20:39, 0.02s elapsed
  1110. Initiating UDP Scan at 20:39
  1111. Scanning 62.12.98.17 [14 ports]
  1112. Completed UDP Scan at 20:39, 1.24s elapsed (14 total ports)
  1113. Initiating Service scan at 20:39
  1114. Scanning 12 services on 62.12.98.17
  1115. Service scan Timing: About 8.33% done; ETC: 20:59 (0:17:58 remaining)
  1116. Completed Service scan at 20:41, 102.58s elapsed (12 services on 1 host)
  1117. Initiating OS detection (try #1) against 62.12.98.17
  1118. Retrying OS detection (try #2) against 62.12.98.17
  1119. Initiating Traceroute at 20:41
  1120. Completed Traceroute at 20:41, 7.09s elapsed
  1121. Initiating Parallel DNS resolution of 1 host. at 20:41
  1122. Completed Parallel DNS resolution of 1 host. at 20:41, 0.02s elapsed
  1123. NSE: Script scanning 62.12.98.17.
  1124. Initiating NSE at 20:41
  1125. Completed NSE at 20:42, 20.36s elapsed
  1126. Initiating NSE at 20:42
  1127. Completed NSE at 20:42, 1.02s elapsed
  1128. Nmap scan report for 62.12.98.17
  1129. Host is up (0.024s latency).
  1130.  
  1131. PORT STATE SERVICE VERSION
  1132. 53/udp open|filtered domain
  1133. 67/udp open|filtered dhcps
  1134. 68/udp open|filtered dhcpc
  1135. 69/udp open|filtered tftp
  1136. 88/udp open|filtered kerberos-sec
  1137. 123/udp open|filtered ntp
  1138. 137/udp filtered netbios-ns
  1139. 138/udp filtered netbios-dgm
  1140. 139/udp open|filtered netbios-ssn
  1141. 161/udp open|filtered snmp
  1142. 162/udp open|filtered snmptrap
  1143. 389/udp open|filtered ldap
  1144. 520/udp open|filtered route
  1145. 2049/udp open|filtered nfs
  1146. Too many fingerprints match this host to give specific OS details
  1147.  
  1148. TRACEROUTE (using port 137/udp)
  1149. HOP RTT ADDRESS
  1150. 1 22.48 ms 10.243.200.1
  1151. 2 ... 3
  1152. 4 25.76 ms 10.243.200.1
  1153. 5 27.20 ms 10.243.200.1
  1154. 6 27.19 ms 10.243.200.1
  1155. 7 27.18 ms 10.243.200.1
  1156. 8 27.18 ms 10.243.200.1
  1157. 9 27.17 ms 10.243.200.1
  1158. 10 27.17 ms 10.243.200.1
  1159. 11 ... 18
  1160. 19 21.80 ms 10.243.200.1
  1161. 20 23.75 ms 10.243.200.1
  1162. 21 ... 28
  1163. 29 23.65 ms 10.243.200.1
  1164. 30 27.08 ms 10.243.200.1
  1165.  
  1166. NSE: Script Post-scanning.
  1167. Initiating NSE at 20:42
  1168. Completed NSE at 20:42, 0.00s elapsed
  1169. Initiating NSE at 20:42
  1170. Completed NSE at 20:42, 0.00s elapsed
  1171. Read data files from: /usr/bin/../share/nmap
  1172. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1173. Nmap done: 1 IP address (1 host up) scanned in 135.51 seconds
  1174. Raw packets sent: 146 (13.536KB) | Rcvd: 27 (2.930KB)
  1175. #######################################################################################################################################
  1176. Anonymous JTSEC #OpSudan Full Recon #19
RAW Paste Data