API tools faq
paste
Advertisement
Guest User

Anonymous JTSEC #OpDeathEathers full Recon #13

a guest
Sep 21st, 2018
1,145
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 31.94 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. Nom de l'hôte 14lp.site FAI Cloudflare, Inc.
  3. Continent Amérique du Nord Drapeau
  4. US
  5. Pays Etats-Unis d'Amérique Code du pays US
  6. Région Caroline du Nord Heure locale 21 Sep 2018 10:07 EDT
  7. Ville Columbus Code Postal 28722
  8. Adresse IP (IPv6) 2400:cb00:2048:1::ac40:a902 Latitude 35.222
  9. Longitude -82.069
  10. #######################################################################################################################################
  11. [+] Site analysis: 14lp.site
  12. [+] CloudFlare IP is 2400:cb00:2048:1::ac40:a802
  13. [+] Real IP is 93.170.123.74
  14. [+] Hostname: k.hd.site
  15. [+] City: Moscow
  16. [+] Region: RU
  17. [+] Location: 55.7522,37.6156
  18. [+] Organization:AS48666 MAROSNET Telecommunication Company LLC
  19. [+] Email: x9c@93.170.123.74 (93.170.123.74)
  20. [+] Email: '@93.170.123.74 (93.170.123.74)
  21. [+] Email: pixel-1537540766628981-web-@93.170.123.74 (93.170.123.74)
  22. #######################################################################################################################################
  23. HostIP:93.170.123.74
  24. HostName:k.hd.site
  25.  
  26. Gathered Inet-whois information for 93.170.123.74
  27. ---------------------------------------------------------------------------------------------------------------------------------------
  28.  
  29.  
  30. inetnum: 93.170.123.0 - 93.170.123.255
  31. netname: TIME-HOST-NET
  32. descr: PE Gornostay Mikhailo Ivanovich
  33. country: UA
  34. org: ORG-PGMI1-RIPE
  35. admin-c: APGM3-RIPE
  36. tech-c: APGM3-RIPE
  37. status: ASSIGNED PA
  38. mnt-by: RIPE-DB-MNT
  39. mnt-lower: RIPE-DB-MNT
  40. mnt-domains: RIPE-DB-MNT
  41. mnt-routes: RIPE-DB-MNT
  42. mnt-routes: MAROSNET-MNT
  43. created: 2014-07-07T17:49:43Z
  44. last-modified: 2016-11-25T12:28:05Z
  45. source: RIPE
  46.  
  47. organisation: ORG-PGMI1-RIPE
  48. org-name: PE Gornostay Mikhailo Ivanovich
  49. org-type: OTHER
  50. phone: +380636641299
  51. address: 32 Ivana Pulyuya st., Lviv, Ukraine
  52. admin-c: APGM3-RIPE
  53. tech-c: APGM3-RIPE
  54. abuse-c: APGM3-RIPE
  55. mnt-ref: RIPE-DB-MNT
  56. mnt-by: RIPE-DB-MNT
  57. created: 2014-07-07T17:49:43Z
  58. last-modified: 2017-10-30T14:48:49Z
  59. source: RIPE # Filtered
  60.  
  61. role: PE Gornostay Mikhailo Ivanovich NOC
  62. address: 32 Ivana Pulyuya st., Lviv, Ukraine
  63. phone: +380636641299
  64. admin-c: MIG29-RIPE
  65. tech-c: MIG29-RIPE
  66. nic-hdl: APGM3-RIPE
  67. abuse-mailbox: admin@time-host.net
  68. mnt-by: RIPE-DB-MNT
  69. created: 2014-07-07T17:49:43Z
  70. last-modified: 2016-11-25T14:17:23Z
  71. source: RIPE # Filtered
  72.  
  73. % Information related to '93.170.123.0/24AS48666'
  74.  
  75. route: 93.170.123.0/24
  76. descr: Client's network
  77. descr: Moscow, Russia
  78. descr: http://www.marosnet.ru/
  79. origin: AS48666
  80. mnt-by: MAROSNET-MNT
  81. created: 2015-12-04T22:48:51Z
  82. last-modified: 2015-12-04T22:48:51Z
  83. source: RIPE
  84.  
  85. % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
  86.  
  87.  
  88.  
  89. Gathered Inic-whois information for k.hd.site
  90. ---------------------------------------------------------------------------------------------------------------------------------------
  91. Error: Unable to connect - Invalid Host
  92. ERROR: Connection to InicWhois Server site.whois-servers.net failed
  93. close error
  94.  
  95. Gathered Netcraft information for k.hd.site
  96. ---------------------------------------------------------------------------------------------------------------------------------------
  97.  
  98. Retrieving Netcraft.com information for k.hd.site
  99. Netcraft.com Information gathered
  100.  
  101. Gathered Subdomain information for k.hd.site
  102. ---------------------------------------------------------------------------------------------------------------------------------------
  103. Searching Google.com:80...
  104. Searching Altavista.com:80...
  105. Found 0 possible subdomain(s) for host k.hd.site, Searched 0 pages containing 0 results
  106.  
  107. Gathered E-Mail information for k.hd.site
  108. ---------------------------------------------------------------------------------------------------------------------------------------
  109. Searching Google.com:80...
  110. Searching Altavista.com:80...
  111. Found 0 E-Mail(s) for host k.hd.site, Searched 0 pages containing 0 results
  112.  
  113. Gathered TCP Port information for 93.170.123.74
  114. ---------------------------------------------------------------------------------------------------------------------------------------
  115.  
  116. Port State
  117.  
  118. 22/tcp open
  119. 80/tcp open
  120.  
  121. Portscan Finished: Scanned 150 ports, 140 ports were in state closed
  122.  
  123. #######################################################################################################################################
  124. [i] Scanning Site: http://93.170.123.74
  125.  
  126.  
  127.  
  128. B A S I C I N F O
  129. =======================================================================================================================================
  130.  
  131.  
  132. [+] Site Title: Welcome to nginx!
  133. [+] IP address: 93.170.123.74
  134. [+] Web Server: nginx/1.14.0
  135. [+] CMS: Could Not Detect
  136. [+] Cloudflare: Not Detected
  137. [+] Robots File: Could NOT Find robots.txt!
  138.  
  139.  
  140.  
  141.  
  142. W H O I S L O O K U P
  143. =======================================================================================================================================
  144.  
  145. % This is the RIPE Database query service.
  146. % The objects are in RPSL format.
  147. %
  148. % The RIPE Database is subject to Terms and Conditions.
  149. % See http://www.ripe.net/db/support/db-terms-conditions.pdf
  150.  
  151. %ERROR:201: access denied for 13.68.211.181
  152. %
  153. % Queries from your IP address have passed the daily limit of controlled objects.
  154. % Access from your host has been temporarily denied.
  155. % For more information, see
  156. % http://www.ripe.net/data-tools/db/faq/faq-db/why-did-you-receive-the-error-201-access-denied
  157.  
  158. % This query was served by the RIPE Database Query Service version 1.92.6 (WAGYU)
  159.  
  160.  
  161.  
  162.  
  163.  
  164.  
  165. G E O I P L O O K U P
  166. =======================================================================================================================================
  167.  
  168. [i] IP Address: 93.170.123.74
  169. [i] Country: CZ
  170. [i] State: N/A
  171. [i] City: N/A
  172. [i] Latitude: 50.084801
  173. [i] Longitude: 14.411200
  174.  
  175.  
  176.  
  177.  
  178. H T T P H E A D E R S
  179. =======================================================================================================================================
  180.  
  181.  
  182. [i] HTTP/1.1 200 OK
  183. [i] Server: nginx/1.14.0
  184. [i] Date: Fri, 21 Sep 2018 14:17:32 GMT
  185. [i] Content-Type: text/html
  186. [i] Content-Length: 612
  187. [i] Last-Modified: Tue, 17 Apr 2018 15:22:36 GMT
  188. [i] Connection: close
  189. [i] ETag: "5ad6113c-264"
  190. [i] Accept-Ranges: bytes
  191.  
  192.  
  193.  
  194.  
  195.  
  196.  
  197.  
  198. S U B N E T C A L C U L A T I O N
  199. =======================================================================================================================================
  200.  
  201. Address = 93.170.123.74
  202. Network = 93.170.123.74 / 32
  203. Netmask = 255.255.255.255
  204. Broadcast = not needed on Point-to-Point links
  205. Wildcard Mask = 0.0.0.0
  206. Hosts Bits = 0
  207. Max. Hosts = 1 (2^0 - 0)
  208. Host Range = { 93.170.123.74 - 93.170.123.74 }
  209.  
  210.  
  211.  
  212. N M A P P O R T S C A N
  213. =======================================================================================================================================
  214.  
  215.  
  216. Starting Nmap 7.40 ( https://nmap.org ) at 2018-09-21 14:17 UTC
  217. Nmap scan report for k.hd.site (93.170.123.74)
  218. Host is up (0.12s latency).
  219. PORT STATE SERVICE
  220. 21/tcp closed ftp
  221. 22/tcp open ssh
  222. 23/tcp closed telnet
  223. 80/tcp open http
  224. 110/tcp closed pop3
  225. 143/tcp closed imap
  226. 443/tcp closed https
  227. 3389/tcp closed ms-wbt-server
  228.  
  229. Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
  230.  
  231.  
  232.  
  233. #######################################################################################################################################
  234. [?] Enter the target: 93.170.123.74
  235. [!] IP Address : 93.170.123.74
  236. [!] Server: nginx/1.14.0
  237. [+] Clickjacking protection is not in place.
  238. [+] Operating System : Ubuntu
  239. [!] 93.170.123.74 doesn't seem to use a CMS
  240. [+] Honeypot Probabilty: 30%
  241. ---------------------------------------------------------------------------------------------------------------------------------------
  242. [~] Trying to gather whois information for 93.170.123.74
  243. [+] Whois information found
  244. [-] Unable to build response, visit https://who.is/whois/93.170.123.74
  245. ---------------------------------------------------------------------------------------------------------------------------------------
  246. PORT STATE SERVICE
  247. 21/tcp closed ftp
  248. 22/tcp open ssh
  249. 23/tcp closed telnet
  250. 80/tcp open http
  251. 110/tcp closed pop3
  252. 143/tcp closed imap
  253. 443/tcp closed https
  254. 3389/tcp closed ms-wbt-server
  255. Nmap done: 1 IP address (1 host up) scanned in 4.36 seconds
  256. ---------------------------------------------------------------------------------------------------------------------------------------
  257. ######################################################################################################################################
  258. Start: 2018-09-21T14:19:59+0000
  259. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  260. 1.|-- 45.79.12.201 0.0% 3 2.0 1.4 1.0 2.0 0.5
  261. 2.|-- 45.79.12.4 0.0% 3 0.8 0.8 0.5 1.2 0.3
  262. 3.|-- dls-b22-link.telia.net 0.0% 3 1.0 1.0 1.0 1.0 0.0
  263. 4.|-- atl-b22-link.telia.net 0.0% 3 19.5 19.3 19.1 19.5 0.2
  264. 5.|-- ash-bb4-link.telia.net 0.0% 3 158.5 158.7 158.5 158.9 0.2
  265. 6.|-- nyk-bb4-link.telia.net 0.0% 3 153.2 153.7 153.2 154.6 0.8
  266. 7.|-- kbn-bb4-link.telia.net 0.0% 3 159.5 158.8 158.2 159.5 0.6
  267. 8.|-- s-bb4-link.telia.net 0.0% 3 153.9 153.9 153.9 154.0 0.1
  268. 9.|-- mow-b4-link.telia.net 0.0% 3 157.6 157.6 157.4 157.7 0.1
  269. 10.|-- marosnet.msk.cloud-ix.net 0.0% 3 169.8 169.6 169.3 169.8 0.2
  270. 11.|-- 94.142.138.40 0.0% 3 171.5 170.7 170.2 171.5 0.7
  271. 12.|-- srv02.ovz-ssd.time-host.net 0.0% 3 165.8 165.6 165.2 165.8 0.4
  272. 13.|-- k.hd.site 0.0% 3 173.6 173.7 173.6 173.8 0.1
  273.  
  274. #######################################################################################################################################
  275.  
  276. Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-21 10:18 EDT
  277. Nmap scan report for k.hd.site (93.170.123.74)
  278. Host is up (0.50s latency).
  279. Not shown: 468 closed ports, 6 filtered ports
  280. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  281. PORT STATE SERVICE
  282. 22/tcp open ssh
  283. 80/tcp open http
  284.  
  285. Nmap done: 1 IP address (1 host up) scanned in 7.60 seconds
  286. #######################################################################################################################################
  287. Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-21 10:18 EDT
  288. Nmap scan report for k.hd.site (93.170.123.74)
  289. Host is up.
  290.  
  291. PORT STATE SERVICE
  292. 53/udp open|filtered domain
  293. 67/udp open|filtered dhcps
  294. 68/udp open|filtered dhcpc
  295. 69/udp open|filtered tftp
  296. 88/udp open|filtered kerberos-sec
  297. 123/udp open|filtered ntp
  298. 137/udp open|filtered netbios-ns
  299. 138/udp open|filtered netbios-dgm
  300. 139/udp open|filtered netbios-ssn
  301. 161/udp open|filtered snmp
  302. 162/udp open|filtered snmptrap
  303. 389/udp open|filtered ldap
  304. 520/udp open|filtered route
  305. 2049/udp open|filtered nfs
  306. #######################################################################################################################################
  307. + -- --=[Port 21 closed... skipping.
  308. + -- --=[Port 22 opened... running tests...
  309. modes/normal.sh: ligne 258 : [: trop d'arguments
  310. # general
  311. (gen) banner: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10
  312. (gen) software: OpenSSH 6.6.1p1
  313. (gen) compatibility: OpenSSH 6.5-6.6, Dropbear SSH 2013.62+ (some functionality from 0.52)
  314. (gen) compression: enabled (zlib@openssh.com)
  315.  
  316. # key exchange algorithms
  317. (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
  318. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
  319. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  320. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
  321. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  322. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
  323. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  324. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
  325. `- [info] available since OpenSSH 4.4
  326. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  327. `- [warn] using weak hashing algorithm
  328. `- [info] available since OpenSSH 2.3.0
  329. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
  330. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  331. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  332. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
  333. `- [warn] using small 1024-bit modulus
  334. `- [warn] using weak hashing algorithm
  335. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  336.  
  337. # host-key algorithms
  338. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  339. (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
  340. `- [warn] using small 1024-bit modulus
  341. `- [warn] using weak random number generator could reveal the key
  342. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  343. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
  344. `- [warn] using weak random number generator could reveal the key
  345. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  346. (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
  347.  
  348. # encryption algorithms (ciphers)
  349. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  350. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
  351. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  352. (enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  353. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  354. `- [warn] using weak cipher
  355. `- [info] available since OpenSSH 4.2
  356. (enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  357. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  358. `- [warn] using weak cipher
  359. `- [info] available since OpenSSH 4.2
  360. (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
  361. (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
  362. (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
  363. `- [info] default cipher since OpenSSH 6.9.
  364. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  365. `- [warn] using weak cipher mode
  366. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  367. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  368. `- [warn] using weak cipher
  369. `- [warn] using weak cipher mode
  370. `- [warn] using small 64-bit block size
  371. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  372. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  373. `- [fail] disabled since Dropbear SSH 0.53
  374. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  375. `- [warn] using weak cipher mode
  376. `- [warn] using small 64-bit block size
  377. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  378. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  379. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  380. `- [warn] using weak cipher mode
  381. `- [warn] using small 64-bit block size
  382. `- [info] available since OpenSSH 2.1.0
  383. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  384. `- [warn] using weak cipher mode
  385. `- [info] available since OpenSSH 2.3.0
  386. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  387. `- [warn] using weak cipher mode
  388. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
  389. (enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  390. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  391. `- [warn] using weak cipher
  392. `- [info] available since OpenSSH 2.1.0
  393. (enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  394. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  395. `- [warn] using weak cipher mode
  396. `- [info] available since OpenSSH 2.3.0
  397.  
  398. # message authentication code algorithms
  399. (mac) hmac-md5-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  400. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  401. `- [warn] using weak hashing algorithm
  402. `- [info] available since OpenSSH 6.2
  403. (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
  404. `- [info] available since OpenSSH 6.2
  405. (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
  406. `- [info] available since OpenSSH 6.2
  407. (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
  408. (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
  409. (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
  410. (mac) hmac-ripemd160-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  411. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  412. `- [info] available since OpenSSH 6.2
  413. (mac) hmac-sha1-96-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  414. `- [warn] using weak hashing algorithm
  415. `- [info] available since OpenSSH 6.2
  416. (mac) hmac-md5-96-etm@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  417. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  418. `- [warn] using weak hashing algorithm
  419. `- [info] available since OpenSSH 6.2
  420. (mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  421. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  422. `- [warn] using encrypt-and-MAC mode
  423. `- [warn] using weak hashing algorithm
  424. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  425. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
  426. `- [warn] using weak hashing algorithm
  427. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  428. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
  429. `- [warn] using small 64-bit tag size
  430. `- [info] available since OpenSSH 4.7
  431. (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
  432. `- [info] available since OpenSSH 6.2
  433. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
  434. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  435. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
  436. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  437. (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  438. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  439. `- [warn] using encrypt-and-MAC mode
  440. `- [info] available since OpenSSH 2.5.0
  441. (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  442. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  443. `- [warn] using encrypt-and-MAC mode
  444. `- [info] available since OpenSSH 2.1.0
  445. (mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  446. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  447. `- [warn] using encrypt-and-MAC mode
  448. `- [warn] using weak hashing algorithm
  449. `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
  450. (mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  451. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  452. `- [warn] using encrypt-and-MAC mode
  453. `- [warn] using weak hashing algorithm
  454. `- [info] available since OpenSSH 2.5.0
  455.  
  456. # algorithm recommendations (for OpenSSH 6.6.1)
  457. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
  458. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
  459. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
  460. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
  461. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
  462. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
  463. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
  464. (rec) -ssh-dss -- key algorithm to remove
  465. (rec) -arcfour -- enc algorithm to remove
  466. (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
  467. (rec) -blowfish-cbc -- enc algorithm to remove
  468. (rec) -3des-cbc -- enc algorithm to remove
  469. (rec) -aes256-cbc -- enc algorithm to remove
  470. (rec) -arcfour256 -- enc algorithm to remove
  471. (rec) -cast128-cbc -- enc algorithm to remove
  472. (rec) -aes192-cbc -- enc algorithm to remove
  473. (rec) -arcfour128 -- enc algorithm to remove
  474. (rec) -aes128-cbc -- enc algorithm to remove
  475. (rec) -hmac-sha2-512 -- mac algorithm to remove
  476. (rec) -hmac-md5-96 -- mac algorithm to remove
  477. (rec) -hmac-md5-etm@openssh.com -- mac algorithm to remove
  478. (rec) -hmac-sha1-96-etm@openssh.com -- mac algorithm to remove
  479. (rec) -hmac-ripemd160-etm@openssh.com -- mac algorithm to remove
  480. (rec) -hmac-md5-96-etm@openssh.com -- mac algorithm to remove
  481. (rec) -hmac-sha2-256 -- mac algorithm to remove
  482. (rec) -hmac-ripemd160 -- mac algorithm to remove
  483. (rec) -umac-128@openssh.com -- mac algorithm to remove
  484. (rec) -hmac-sha1-96 -- mac algorithm to remove
  485. (rec) -umac-64@openssh.com -- mac algorithm to remove
  486. (rec) -hmac-md5 -- mac algorithm to remove
  487. (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
  488. (rec) -hmac-sha1 -- mac algorithm to remove
  489. (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
  490. (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
  491.  
  492. backup is a valid user!
  493. mail is a valid user!
  494. nobody is a valid user!
  495. postfix is a valid user!
  496. root is a valid user!
  497. sys is a valid user!
  498. www-data is a valid user!
  499. Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-21 10:19 EDT
  500. Nmap scan report for k.hd.site (93.170.123.74)
  501. Host is up (0.086s latency).
  502.  
  503. PORT STATE SERVICE VERSION
  504. 22/tcp filtered ssh
  505. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  506. Device type: firewall|general purpose
  507. Running: Linux 2.4.X|2.6.X, ISS embedded
  508. OS CPE: cpe:/o:linux:linux_kernel:2.4.18 cpe:/h:iss:proventia_gx3002 cpe:/o:linux:linux_kernel:2.6.22
  509. OS details: ISS Proventia GX3002 firewall (Linux 2.4.18), Linux 2.6.22 (Debian 4.0)
  510.  
  511. TRACEROUTE (using proto 1/icmp)
  512. HOP RTT ADDRESS
  513. 1 ... 30
  514.  
  515. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  516. Nmap done: 1 IP address (1 host up) scanned in 11.68 seconds
  517.  
  518.  
  519. .:okOOOkdc' 'cdkOOOko:.
  520. .xOOOOOOOOOOOOc cOOOOOOOOOOOOx.
  521. :OOOOOOOOOOOOOOOk, ,kOOOOOOOOOOOOOOO:
  522. 'OOOOOOOOOkkkkOOOOO: :OOOOOOOOOOOOOOOOOO'
  523. oOOOOOOOO.MMMM.oOOOOoOOOOl.MMMM,OOOOOOOOo
  524. dOOOOOOOO.MMMMMM.cOOOOOc.MMMMMM,OOOOOOOOx
  525. lOOOOOOOO.MMMMMMMMM;d;MMMMMMMMM,OOOOOOOOl
  526. .OOOOOOOO.MMM.;MMMMMMMMMMM;MMMM,OOOOOOOO.
  527. cOOOOOOO.MMM.OOc.MMMMM'oOO.MMM,OOOOOOOc
  528. oOOOOOO.MMM.OOOO.MMM:OOOO.MMM,OOOOOOo
  529. lOOOOO.MMM.OOOO.MMM:OOOO.MMM,OOOOOl
  530. ;OOOO'MMM.OOOO.MMM:OOOO.MMM;OOOO;
  531. .dOOo'WM.OOOOocccxOOOO.MX'xOOd.
  532. ,kOl'M.OOOOOOOOOOOOO.M'dOk,
  533. :kk;.OOOOOOOOOOOOO.;Ok:
  534. ;kOOOOOOOOOOOOOOOk:
  535. ,xOOOOOOOOOOOx,
  536. .lOOOOOOOl.
  537. ,dOd,
  538. .
  539.  
  540. =[ metasploit v4.17.13-dev ]
  541. + -- --=[ 1808 exploits - 1028 auxiliary - 313 post ]
  542. + -- --=[ 539 payloads - 42 encoders - 10 nops ]
  543. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  544.  
  545. USER_FILE => /brutex/wordlists/simple-users.txt
  546. RHOSTS => 93.170.123.74
  547. RHOST => 93.170.123.74
  548. [+] 93.170.123.74:22 - SSH server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 ( service.version=6.6.1p1 openssh.comment=Ubuntu-2ubuntu2.10 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:{service.version} os.vendor=Ubuntu os.device=General os.family=Linux os.product=Linux os.version=14.04 os.cpe23=cpe:/o:canonical:ubuntu_linux:14.04 service.protocol=ssh fingerprint_db=ssh.banner )
  549. [*] 93.170.123.74:22 - Scanned 1 of 1 hosts (100% complete)
  550. [*] Auxiliary module execution completed
  551. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
  552. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
  553. [+] 93.170.123.74:22 - SSH server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 ( service.version=6.6.1p1 openssh.comment=Ubuntu-2ubuntu2.10 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:{service.version} os.vendor=Ubuntu os.device=General os.family=Linux os.product=Linux os.version=14.04 os.cpe23=cpe:/o:canonical:ubuntu_linux:14.04 service.protocol=ssh fingerprint_db=ssh.banner )
  554. [*] 93.170.123.74:22 - Scanned 1 of 1 hosts (100% complete)
  555. #######################################################################################################################################
  556.  
  557. ^ ^
  558. _ __ _ ____ _ __ _ _ ____
  559. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  560. | V V // o // _/ | V V // 0 // 0 // _/
  561. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  562. <
  563. ...'
  564.  
  565. WAFW00F - Web Application Firewall Detection Tool
  566.  
  567. By Sandro Gauci && Wendel G. Henrique
  568.  
  569. Checking http://93.170.123.74
  570. Generic Detection results:
  571. No WAF detected by the generic detection
  572. Number of requests: 14
  573. #######################################################################################################################################
  574. http://93.170.123.74 [200 OK] Country[CZECH REPUBLIC][CZ], HTML5, HTTPServer[nginx/1.14.0], IP[93.170.123.74], Title[Welcome to nginx!], nginx[1.14.0]
  575. #######################################################################################################################################
  576. wig - WebApp Information Gatherer
  577.  
  578.  
  579. Scanning http://93.170.123.74...
  580. __________________ SITE INFO __________________
  581. IP Title
  582. 93.170.123.74 Welcome to nginx!
  583.  
  584. ___________________ VERSION ___________________
  585. Name Versions Type
  586. nginx 1.14.0 Platform
  587.  
  588. _______________________________________________
  589. Time: 101.3 sec Urls: 599 Fingerprints: 40401
  590. #######################################################################################################################################
  591. Anonymous JTSEC #OpDeathEathers full Recon #13
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!