SHARE
TWEET

Anonymous JTSEC #OpTurkey Full Recon #10

JTSEC1333 Nov 19th, 2019 455 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Hostname    en.hmb.gov.tr       ISP     Turk Telekom
  4. Continent   Asia        Flag    
  5. TR
  6. Country     Turkey      Country Code    TR
  7. Region  Adana       Local time  19 Nov 2019 19:30 +03
  8. City    Adana       Postal Code     01010
  9. IP Address  212.174.188.50      Latitude    37.002
  10.             Longitude   35.329
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > en.hmb.gov.tr
  14. Server:     194.187.251.67
  15. Address:    194.187.251.67#53
  16.  
  17. Non-authoritative answer:
  18. Name:   en.hmb.gov.tr
  19. Address: 212.174.188.50
  20. >
  21. ######################################################################################################################################
  22. [+] Target : en.hmb.gov.tr
  23.  
  24. [+] IP Address : 212.174.188.50
  25.  
  26. [+] Headers :
  27.  
  28. [+] Server : nginx
  29. [+] Date : Tue, 19 Nov 2019 16:34:55 GMT
  30. [+] Content-Type : text/html
  31. [+] Last-Modified : Tue, 19 Nov 2019 10:59:34 GMT
  32. [+] Transfer-Encoding : chunked
  33. [+] Connection : keep-alive
  34. [+] ETag : W/"5dd3cb16-1837"
  35. [+] Content-Encoding : gzip
  36.  
  37. [+] SSL Certificate Information :
  38.  
  39. [+] countryName : TR
  40. [+] stateOrProvinceName : Ankara
  41. [+] localityName : Cankaya
  42. [+] organizationalUnitName : Bilgi Islem Dairesi
  43. [+] organizationName : Hazine ve Maliye Bakanligi
  44. [+] commonName : *.hmb.gov.tr
  45. [+] countryName : BE
  46. [+] organizationName : GlobalSign nv-sa
  47. [+] commonName : GlobalSign Organization Validation CA - SHA256 - G2
  48. [+] Version : 3
  49. [+] Serial Number : 7CA3923562E521E1BEDD787C
  50. [+] Not Before : Oct  5 16:39:41 2018 GMT
  51. [+] Not After : Oct  5 16:39:41 2020 GMT
  52. [+] OCSP : ('http://ocsp2.globalsign.com/gsorganizationvalsha2g2',)
  53. [+] subject Alt Name : (('DNS', '*.hmb.gov.tr'), ('DNS', 'hmb.gov.tr'))
  54. [+] CA Issuers : ('http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt',)
  55. [+] CRL Distribution Points : ('http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl',)
  56.  
  57. [+] Whois Lookup :
  58.  
  59. [+] NIR : None
  60. [+] ASN Registry : ripencc
  61. [+] ASN : 9121
  62. [+] ASN CIDR : 212.174.128.0/17
  63. [+] ASN Country Code : TR
  64. [+] ASN Date : 1999-04-07
  65. [+] ASN Description : TTNET, TR
  66. [+] cidr : 212.174.188.0/24
  67. [+] name : MALIYE
  68. [+] handle : ED4533-RIPE
  69. [+] range : 212.174.188.0 - 212.174.188.255
  70. [+] description : MALIYE BAKANLIGI BILGI ISLEM DAIRESI BASKANLIGI
  71. [+] country : TR
  72. [+] state : None
  73. [+] city : None
  74. [+] address : Bilgi Islem Merkezi Kat:1 Dikmen/ANKARA
  75. [+] postal_code : None
  76. [+] emails : None
  77. [+] created : 1970-01-01T00:00:00Z
  78. [+] updated : 2017-10-02T09:00:57Z
  79.  
  80. [+] Crawling Target...
  81.  
  82. [+] Looking for robots.txt........[ Found ]
  83. [+] Extracting robots Links.......[ 1 ]
  84. [+] Looking for sitemap.xml.......[ Found ]
  85. [+] Extracting sitemap Links......[ 0 ]
  86. [+] Extracting CSS Links..........[ 2 ]
  87. [+] Extracting Javascript Links...[ 2 ]
  88. [+] Extracting Internal Links.....[ 0 ]
  89. [+] Extracting External Links.....[ 0 ]
  90. [+] Extracting Images.............[ 0 ]
  91.  
  92. [+] Total Links Extracted : 5
  93.  
  94. [+] Dumping Links in /opt/FinalRecon/dumps/en.hmb.gov.tr.dump
  95. [+] Completed!
  96. ######################################################################################################################################
  97. [i] Scanning Site: https://en.hmb.gov.tr
  98.  
  99.  
  100.  
  101. B A S I C   I N F O
  102. ====================
  103.  
  104.  
  105. [+] Site Title: T.C. Hazine ve Maliye Bakanlığı
  106. [+] IP address: 212.174.188.50
  107. [+] Web Server: nginx
  108. [+] CMS: Could Not Detect
  109. [+] Cloudflare: Not Detected
  110. [+] Robots File: Found
  111.  
  112. -------------[ contents ]----------------  
  113. # http://www.robotstxt.org
  114. User-agent: *
  115. Disallow:
  116.  
  117. -----------[end of contents]-------------
  118.  
  119.  
  120.  
  121. W H O I S   L O O K U P
  122. ========================
  123.  
  124.     error check your api query
  125.  
  126.  
  127.  
  128. G E O  I P  L O O K  U P
  129. =========================
  130.  
  131. [i] IP Address: 212.174.188.50
  132. [i] Country: Turkey
  133. [i] State: Istanbul
  134. [i] City: Bueyuekcekmece
  135. [i] Latitude: 41.0156
  136. [i] Longitude: 28.56
  137.  
  138.  
  139.  
  140.  
  141. H T T P   H E A D E R S
  142. =======================
  143.  
  144.  
  145. [i]  HTTP/1.1 200 OK
  146. [i]  Server: nginx
  147. [i]  Date: Tue, 19 Nov 2019 16:35:32 GMT
  148. [i]  Content-Type: text/html
  149. [i]  Content-Length: 6199
  150. [i]  Last-Modified: Tue, 19 Nov 2019 10:59:34 GMT
  151. [i]  Connection: close
  152. [i]  ETag: "5dd3cb16-1837"
  153. [i]  Accept-Ranges: bytes
  154.  
  155.  
  156.  
  157.  
  158. D N S   L O O K U P
  159. ===================
  160.  
  161. en.hmb.gov.tr.      3599    IN  A   212.174.188.50
  162.  
  163.  
  164.  
  165.  
  166. S U B N E T   C A L C U L A T I O N
  167. ====================================
  168.  
  169. Address       = 212.174.188.50
  170. Network       = 212.174.188.50 / 32
  171. Netmask       = 255.255.255.255
  172. Broadcast     = not needed on Point-to-Point links
  173. Wildcard Mask = 0.0.0.0
  174. Hosts Bits    = 0
  175. Max. Hosts    = 1   (2^0 - 0)
  176. Host Range    = { 212.174.188.50 - 212.174.188.50 }
  177.  
  178.  
  179.  
  180. N M A P   P O R T   S C A N
  181. ============================
  182.  
  183. Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-19 16:36 UTC
  184. Nmap scan report for en.hmb.gov.tr (212.174.188.50)
  185. Host is up (0.13s latency).
  186.  
  187. PORT     STATE    SERVICE
  188. 21/tcp   filtered ftp
  189. 22/tcp   filtered ssh
  190. 23/tcp   filtered telnet
  191. 80/tcp   open     http
  192. 110/tcp  filtered pop3
  193. 143/tcp  filtered imap
  194. 443/tcp  open     https
  195. 3389/tcp filtered ms-wbt-server
  196.  
  197. Nmap done: 1 IP address (1 host up) scanned in 19.19 seconds
  198. #######################################################################################################################################
  199. [+] Starting At 2019-11-19 11:37:00.379638
  200. [+] Collecting Information On: https://en.hmb.gov.tr/
  201. [#] Status: 200
  202. --------------------------------------------------
  203. [#] Web Server Detected: nginx
  204. [!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
  205. - Server: nginx
  206. - Date: Tue, 19 Nov 2019 16:36:21 GMT
  207. - Content-Type: text/html
  208. - Last-Modified: Tue, 19 Nov 2019 10:59:34 GMT
  209. - Transfer-Encoding: chunked
  210. - Connection: keep-alive
  211. - ETag: W/"5dd3cb16-1837"
  212. - Content-Encoding: gzip
  213. --------------------------------------------------
  214. [#] Finding Location..!
  215. [#] status: success
  216. [#] country: Turkey
  217. [#] countryCode: TR
  218. [#] region: 06
  219. [#] regionName: Ankara
  220. [#] city: Ankara
  221. [#] zip:
  222. [#] lat: 39.9104
  223. [#] lon: 32.847
  224. [#] timezone: Europe/Istanbul
  225. [#] isp: TurkTelecom
  226. [#] org:
  227. [#] as: AS9121 Turk Telekomunikasyon Anonim Sirketi
  228. [#] query: 212.174.188.50
  229. --------------------------------------------------
  230. [x] Didn't Detect WAF Presence on: https://en.hmb.gov.tr/
  231. --------------------------------------------------
  232. [#] Starting Reverse DNS
  233. [!] Found 4 any Domain
  234. - en.hmb.gov.tr
  235. - hmb.gov.tr
  236. - muhasebat.gov.tr
  237. - muhasebat.hmb.gov.tr
  238. --------------------------------------------------
  239. [!] Scanning Open Port
  240. [#] 80/tcp  open http
  241. [#] 443/tcp  open https
  242. --------------------------------------------------
  243. [+] Collecting Information Disclosure!
  244. [#] Detecting sitemap.xml file
  245. [-] sitemap.xml file not Found!?
  246. [#] Detecting robots.txt file
  247. [!] robots.txt File Found: https://en.hmb.gov.tr//robots.txt
  248. [#] Detecting GNU Mailman
  249. [-] GNU Mailman App Not Detected!?
  250. --------------------------------------------------
  251. [+] Crawling Url Parameter On: https://en.hmb.gov.tr/
  252. --------------------------------------------------
  253. [#] Searching Html Form !
  254. [-] No Html Form Found!?
  255. --------------------------------------------------
  256. [-] No DOM Paramter Found!?
  257. --------------------------------------------------
  258. [-] No internal Dynamic Parameter Found!?
  259. --------------------------------------------------
  260. [!] 1 External Dynamic Parameter Discovered
  261. [#] https://fonts.googleapis.com/css?family=Open+Sans:300,400,500,700
  262. --------------------------------------------------
  263. [!] 29 Internal links Discovered
  264. [+] https://en.hmb.gov.tr///assets/vendor-2874a984551b4c780366c120d51dd084.css
  265. [+] https://en.hmb.gov.tr///assets/hmb-frontend-ef09e05d94f874c05048e18aade1ac3b.css
  266. [+] https://en.hmb.gov.tr///favicon.ico
  267. [+] https://en.hmb.gov.tr///favicon-16x16.png
  268. [+] https://en.hmb.gov.tr///favicon-32x32.png
  269. [+] https://en.hmb.gov.tr///manifest.json
  270. [+] https://en.hmb.gov.tr///apple-touch-icon-57x57.png
  271. [+] https://en.hmb.gov.tr///apple-touch-icon-60x60.png
  272. [+] https://en.hmb.gov.tr///apple-touch-icon-72x72.png
  273. [+] https://en.hmb.gov.tr///apple-touch-icon-76x76.png
  274. [+] https://en.hmb.gov.tr///apple-touch-icon-114x114.png
  275. [+] https://en.hmb.gov.tr///apple-touch-icon-120x120.png
  276. [+] https://en.hmb.gov.tr///apple-touch-icon-144x144.png
  277. [+] https://en.hmb.gov.tr///apple-touch-icon-152x152.png
  278. [+] https://en.hmb.gov.tr///apple-touch-icon-167x167.png
  279. [+] https://en.hmb.gov.tr///apple-touch-icon-180x180.png
  280. [+] https://en.hmb.gov.tr///apple-touch-icon-1024x1024.png
  281. [+] https://en.hmb.gov.tr///apple-touch-startup-image-320x460.png
  282. [+] https://en.hmb.gov.tr///apple-touch-startup-image-640x920.png
  283. [+] https://en.hmb.gov.tr///apple-touch-startup-image-640x1096.png
  284. [+] https://en.hmb.gov.tr///apple-touch-startup-image-750x1294.png
  285. [+] https://en.hmb.gov.tr///apple-touch-startup-image-1182x2208.png
  286. [+] https://en.hmb.gov.tr///apple-touch-startup-image-1242x2148.png
  287. [+] https://en.hmb.gov.tr///apple-touch-startup-image-748x1024.png
  288. [+] https://en.hmb.gov.tr///apple-touch-startup-image-768x1004.png
  289. [+] https://en.hmb.gov.tr///apple-touch-startup-image-1496x2048.png
  290. [+] https://en.hmb.gov.tr///apple-touch-startup-image-1536x2008.png
  291. [+] https://en.hmb.gov.tr///coast-228x228.png
  292. [+] https://en.hmb.gov.tr///yandex-browser-manifest.json
  293. --------------------------------------------------
  294. [-] No External Link Found!?
  295. --------------------------------------------------
  296. [#] Mapping Subdomain..
  297. [!] Found 10 Subdomain
  298. - mailgw01.hmb.gov.tr
  299. - mailgw02.hmb.gov.tr
  300. - mailgw03.hmb.gov.tr
  301. - mailgw04.hmb.gov.tr
  302. - webmail.hmb.gov.tr
  303. - en.hmb.gov.tr
  304. - bkmybs.hmb.gov.tr
  305. - ms.hmb.gov.tr
  306. - muhasebat.hmb.gov.tr
  307. - www.hmb.gov.tr
  308. --------------------------------------------------
  309. [!] Done At 2019-11-19 11:37:42.485226
  310. #######################################################################################################################################
  311. [INFO] ------TARGET info------
  312. [*] TARGET: https://en.hmb.gov.tr/
  313. [*] TARGET IP: 212.174.188.50
  314. [INFO] NO load balancer detected for en.hmb.gov.tr...
  315. [*] DNS servers: ns1.muhasebat.gov.tr.
  316. [*] TARGET server: nginx
  317. [*] CC: TR
  318. [*] Country: Turkey
  319. [*] RegionCode: 06
  320. [*] RegionName: Ankara
  321. [*] City: Ankara
  322. [*] ASN: AS9121
  323. [*] BGP_PREFIX: 212.174.0.0/15
  324. [*] ISP: TTNet Turk Telekomunikasyon Anonim Sirketi, TR
  325. [INFO] SSL/HTTPS certificate detected
  326. [*] Issuer: issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
  327. [*] Subject: subject=C = TR, ST = Ankara, L = Cankaya, OU = Bilgi Islem Dairesi, O = Hazine ve Maliye Bakanligi, CN = *.hmb.gov.tr
  328. [INFO] DNS enumeration:
  329. [*] mail.hmb.gov.tr      212.174.188.10
  330. [*] ns1.hmb.gov.tr   212.174.189.24
  331. [*] ns2.hmb.gov.tr   212.174.189.29
  332. [*] vpn.hmb.gov.tr   212.174.189.60
  333. [*] webmail.hmb.gov.tr   212.174.188.9
  334. [INFO] Possible abuse mails are:
  335. [*] abuse@en.hmb.gov.tr
  336. [*] abuse@hmb.gov.tr
  337. [*] abuse@ttnet.com.tr
  338. [INFO] NO PAC (Proxy Auto Configuration) file FOUND
  339. [ALERT] robots.txt file FOUND in http://en.hmb.gov.tr/robots.txt
  340. [INFO] Checking for HTTP status codes recursively from http://en.hmb.gov.tr/robots.txt
  341. [INFO] Status code   Folders
  342. [INFO] Starting FUZZing in http://en.hmb.gov.tr/FUzZzZzZzZz...
  343. [INFO] Status code   Folders
  344. [*]      200         http://en.hmb.gov.tr/index
  345. [*]      200         http://en.hmb.gov.tr/download
  346. [*]      200         http://en.hmb.gov.tr/2006
  347. [*]      200         http://en.hmb.gov.tr/news
  348. [*]      200         http://en.hmb.gov.tr/crack
  349. [*]      200         http://en.hmb.gov.tr/serial
  350. [*]      200         http://en.hmb.gov.tr/warez
  351. [*]      200         http://en.hmb.gov.tr/full
  352. [*]      200         http://en.hmb.gov.tr/12
  353. [ALERT] Look in the source code. It may contain passwords
  354. [ALERT] Content in http://en.hmb.gov.tr/ AND http://www.en.hmb.gov.tr/ is different
  355. [INFO] MD5 for http://en.hmb.gov.tr/ is: 5a5ce3ca8fd6b411e6c1bbd378737bff
  356. [INFO] MD5 for http://www.en.hmb.gov.tr/ is: d41d8cd98f00b204e9800998ecf8427e
  357. [INFO] http://en.hmb.gov.tr/ redirects to https://en.hmb.gov.tr/
  358. [INFO] http://www.en.hmb.gov.tr/ redirects to http://www.en.hmb.gov.tr/
  359. [INFO] SAME content in http://en.hmb.gov.tr/ AND http://212.174.188.50/
  360. [INFO] Links found from https://en.hmb.gov.tr/:
  361. cut: intervalle de champ incorrecte
  362. Saisissez « cut --help » pour plus d'informations.
  363. [INFO] BING shows 212.174.188.50 is shared with 29 hosts/vhosts
  364. [INFO] Shodan detected the following opened ports on 212.174.188.50:
  365. [*] 443
  366. [*] 80
  367. [INFO] ------VirusTotal SECTION------
  368. [INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
  369. [INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
  370. [INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
  371. [INFO] ------Alexa Rank SECTION------
  372. [INFO] Percent of Visitors Rank in Country:
  373. [INFO] Percent of Search Traffic:
  374. [INFO] Percent of Unique Visits:
  375. [INFO] Total Sites Linking In:
  376. [*] Total  Sites
  377. [INFO] Useful links related to en.hmb.gov.tr - 212.174.188.50:
  378. [*] https://www.virustotal.com/pt/ip-address/212.174.188.50/information/
  379. [*] https://www.hybrid-analysis.com/search?host=212.174.188.50
  380. [*] https://www.shodan.io/host/212.174.188.50
  381. [*] https://www.senderbase.org/lookup/?search_string=212.174.188.50
  382. [*] https://www.alienvault.com/open-threat-exchange/ip/212.174.188.50
  383. [*] http://pastebin.com/search?q=212.174.188.50
  384. [*] http://urlquery.net/search.php?q=212.174.188.50
  385. [*] http://www.alexa.com/siteinfo/en.hmb.gov.tr
  386. [*] http://www.google.com/safebrowsing/diagnostic?site=en.hmb.gov.tr
  387. [*] https://censys.io/ipv4/212.174.188.50
  388. [*] https://www.abuseipdb.com/check/212.174.188.50
  389. [*] https://urlscan.io/search/#212.174.188.50
  390. [*] https://github.com/search?q=212.174.188.50&type=Code
  391. [INFO] Useful links related to AS9121 - 212.174.0.0/15:
  392. [*] http://www.google.com/safebrowsing/diagnostic?site=AS:9121
  393. [*] https://www.senderbase.org/lookup/?search_string=212.174.0.0/15
  394. [*] http://bgp.he.net/AS9121
  395. [*] https://stat.ripe.net/AS9121
  396. [INFO] Date: 19/11/19 | Time: 11:40:40
  397. [INFO] Total time: 2 minute(s) and 50 second(s)
  398. #######################################################################################################################################
  399. Trying "hmb.gov.tr"
  400. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2540
  401. ;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 2, ADDITIONAL: 2
  402.  
  403. ;; QUESTION SECTION:
  404. ;hmb.gov.tr.            IN  ANY
  405.  
  406. ;; ANSWER SECTION:
  407. hmb.gov.tr.     3600    IN  TXT "v=spf1 a:mailgw01.hmb.gov.tr a:mailgw02.hmb.gov.tr a:mailgw03.hmb.gov.tr a:mailgw04.hmb.gov.tr -all"
  408. hmb.gov.tr.     3600    IN  TXT "o29HIxyAOTdkKpaQqijdur8WlK2EwBw2bOCsF3kmyCs="
  409. hmb.gov.tr.     3600    IN  MX  10 mailgw02.hmb.gov.tr.
  410. hmb.gov.tr.     3600    IN  MX  10 mailgw01.hmb.gov.tr.
  411. hmb.gov.tr.     3600    IN  MX  10 mailgw03.hmb.gov.tr.
  412. hmb.gov.tr.     3600    IN  SOA ns1.muhasebat.gov.tr. sisyon.muhasebat.gov.tr. 134 900 600 3600 3600
  413. hmb.gov.tr.     3600    IN  A   212.174.188.50
  414. hmb.gov.tr.     3600    IN  NS  ns3.muhasebat.gov.tr.
  415. hmb.gov.tr.     3600    IN  NS  ns1.muhasebat.gov.tr.
  416.  
  417. ;; AUTHORITY SECTION:
  418. hmb.gov.tr.     3600    IN  NS  ns3.muhasebat.gov.tr.
  419. hmb.gov.tr.     3600    IN  NS  ns1.muhasebat.gov.tr.
  420.  
  421. ;; ADDITIONAL SECTION:
  422. ns3.muhasebat.gov.tr.   42839   IN  A   212.174.189.24
  423. ns1.muhasebat.gov.tr.   42839   IN  A   212.174.189.29
  424.  
  425. Received 437 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 1225 ms
  426. #######################################################################################################################################
  427. ; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace hmb.gov.tr
  428. ;; global options: +cmd
  429. .           85056   IN  NS  d.root-servers.net.
  430. .           85056   IN  NS  f.root-servers.net.
  431. .           85056   IN  NS  b.root-servers.net.
  432. .           85056   IN  NS  h.root-servers.net.
  433. .           85056   IN  NS  e.root-servers.net.
  434. .           85056   IN  NS  l.root-servers.net.
  435. .           85056   IN  NS  a.root-servers.net.
  436. .           85056   IN  NS  m.root-servers.net.
  437. .           85056   IN  NS  c.root-servers.net.
  438. .           85056   IN  NS  g.root-servers.net.
  439. .           85056   IN  NS  k.root-servers.net.
  440. .           85056   IN  NS  j.root-servers.net.
  441. .           85056   IN  NS  i.root-servers.net.
  442. .           85056   IN  RRSIG   NS 8 0 518400 20191202050000 20191119040000 22545 . doxX3m0dpMZaN1Z0AWT1dCee3/gKpmS8Jeksj2leEXy+otnQ9HKZpBvE M8dLPSSZqgCAK8js/MxMN88U6ZFDzWaEwkvUiHYurp0Tadg1H60dt7wA G414ERjdDgGoi+RoyGxiSWl/1YkAWPjMKm1XsxiwTBXb0Adx9PyB39uV kO5QcBpYMsgKeeM51IdvTaUHcDKbXpWjnd3Fh1QOmKUF0qVkdiN0DkZl 3QsY5OOqz3HwcJxkBoVV6bvizDfvdTKhruG9oyWn+KOakQHsLKGEYgNh aSiwjMhRrzFNRpfO3XMPYyRuZbkISeivJsuOy0MHadZ+FgIGMebts/X8 81ykJA==
  443. ;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 184 ms
  444.  
  445. tr.         172800  IN  NS  ns91.nic.tr.
  446. tr.         172800  IN  NS  ns22.nic.tr.
  447. tr.         172800  IN  NS  ns21.nic.tr.
  448. tr.         172800  IN  NS  ns42.nic.tr.
  449. tr.         172800  IN  NS  ns31.nic.tr.
  450. tr.         172800  IN  NS  ns41.nic.tr.
  451. tr.         172800  IN  NS  ns92.nic.tr.
  452. tr.         86400   IN  NSEC    trade. NS RRSIG NSEC
  453. tr.         86400   IN  RRSIG   NSEC 8 1 86400 20191202050000 20191119040000 22545 . DiJEN37h4vL8ud5BbrqWLuRcDiH3V+E5zxnA7XEVcrGQxN7u7YjMUglu msbU0pMwOobnrD9gQAOktR/yRzPjwt5UHMLJF1yocth0XyGOmAInktoU pLHlu0DbOwPCZRx5BY5h3JWoBvoDORBvdJ0FMTs1BiAbuHWxxNEeC5Qv qyxUyTt8RWGkoThePAZYS8bBu7V0321s1oeq2wIGtf31R9VcmrOR0pvY IXSsqxcfs+fEuP1toSn4cA+AC96uXkSL8v/YwJzBQmZK2Nlm5ZMNErTw tviW27asdbLa5oojRTLvmXOcVL3+k9gwp+UT5WhUQnmK+K7hyhviDiJ2 EEMoZw==
  454. ;; Received 714 bytes from 202.12.27.33#53(m.root-servers.net) in 183 ms
  455.  
  456. hmb.gov.tr.     43200   IN  NS  ns1.muhasebat.gov.tr.
  457. hmb.gov.tr.     43200   IN  NS  ns3.muhasebat.gov.tr.
  458. ;; Received 117 bytes from 2001:a98:10:eeee::42#53(ns42.nic.tr) in 160 ms
  459.  
  460. ;; Received 51 bytes from 212.174.189.24#53(ns3.muhasebat.gov.tr) in 208 ms
  461.  
  462. ######################################################################################################################################
  463. [*] Processing domain hmb.gov.tr
  464. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
  465. [+] Getting nameservers
  466. 212.174.189.29 - ns1.muhasebat.gov.tr
  467. [-] Getting nameservers failed
  468. [-] Zone transfer failed
  469.  
  470. [+] TXT records found
  471. "o29HIxyAOTdkKpaQqijdur8WlK2EwBw2bOCsF3kmyCs="
  472. "v=spf1 a:mailgw01.hmb.gov.tr a:mailgw02.hmb.gov.tr a:mailgw03.hmb.gov.tr a:mailgw04.hmb.gov.tr -all"
  473.  
  474. [+] MX records found, added to target list
  475. 10 mailgw03.hmb.gov.tr.
  476. 10 mailgw01.hmb.gov.tr.
  477. 10 mailgw02.hmb.gov.tr.
  478.  
  479. [*] Scanning hmb.gov.tr for A records
  480. 212.174.188.50 - hmb.gov.tr                        
  481. 212.174.188.11 - mailgw01.hmb.gov.tr
  482. 212.174.188.13 - mailgw03.hmb.gov.tr            
  483. 212.174.188.12 - mailgw02.hmb.gov.tr        
  484. 212.174.188.10 - autodiscover.hmb.gov.tr              
  485. 212.174.188.50 - en.hmb.gov.tr.tr                              
  486. 212.174.188.10 - mail.hmb.gov.tr                    
  487. 212.174.188.50 - ms.hmb.gov.tr                    
  488. 212.174.189.24 - ns1.hmb.gov.tr                    
  489. 212.174.189.29 - ns2.hmb.gov.tr              
  490. 193.25.125.60 - portal.hmb.gov.tr                  
  491. 212.174.189.60 - vpn.hmb.gov.tr                        
  492. 212.174.188.9 - webmail.hmb.gov.tr              
  493. 212.174.188.50 - www.hmb.gov.tr  
  494. #######################################################################################################################################
  495.  
  496.  AVAILABLE PLUGINS
  497.  -----------------
  498.  
  499.   SessionRenegotiationPlugin
  500.   SessionResumptionPlugin
  501.   FallbackScsvPlugin
  502.   HttpHeadersPlugin
  503.   OpenSslCipherSuitesPlugin
  504.   EarlyDataPlugin
  505.   CertificateInfoPlugin
  506.   HeartbleedPlugin
  507.   RobotPlugin
  508.   OpenSslCcsInjectionPlugin
  509.   CompressionPlugin
  510.  
  511.  
  512.  
  513.  CHECKING HOST(S) AVAILABILITY
  514.  -----------------------------
  515.  
  516.    212.174.188.50:443                       => 212.174.188.50
  517.  
  518.  
  519.  
  520.  
  521.  SCAN RESULTS FOR 212.174.188.50:443 - 212.174.188.50
  522.  ----------------------------------------------------
  523.  
  524.  * OpenSSL CCS Injection:
  525.                                           OK - Not vulnerable to OpenSSL CCS injection
  526.  
  527.  * SSLV2 Cipher Suites:
  528.       Server rejected all cipher suites.
  529.  
  530.  * Deflate Compression:
  531.                                           OK - Compression disabled
  532.  
  533.  * Session Renegotiation:
  534.        Client-initiated Renegotiation:    OK - Rejected
  535.        Secure Renegotiation:              OK - Supported
  536.  
  537.  * TLS 1.2 Session Resumption Support:
  538.       With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
  539.       With TLS Tickets:                  NOT SUPPORTED - TLS ticket not assigned.
  540.  
  541.  * Downgrade Attacks:
  542.        TLS_FALLBACK_SCSV:                 OK - Supported
  543.  
  544.  * TLSV1_3 Cipher Suites:
  545.        Forward Secrecy                    OK - Supported
  546.        RC4                                OK - Not Supported
  547.  
  548.      Preferred:
  549.         TLS_AES_256_GCM_SHA384                                           256 bits      HTTP 301 Moved Permanently - https://www.hmb.gov.tr        
  550.      Accepted:
  551.         TLS_CHACHA20_POLY1305_SHA256                                     256 bits      HTTP 301 Moved Permanently - https://www.hmb.gov.tr        
  552.         TLS_AES_256_GCM_SHA384                                           256 bits      HTTP 301 Moved Permanently - https://www.hmb.gov.tr        
  553.         TLS_AES_128_GCM_SHA256                                           128 bits      HTTP 301 Moved Permanently - https://www.hmb.gov.tr        
  554.  
  555.  * ROBOT Attack:
  556.                                           OK - Not vulnerable
  557.  
  558.  * Certificate Information:
  559.      Content
  560.        SHA1 Fingerprint:                  97a7ad852f9fe53dbae797aabdeef469cbd38cef
  561.        Common Name:                       *.hmb.gov.tr
  562.        Issuer:                            GlobalSign Organization Validation CA - SHA256 - G2
  563.        Serial Number:                     38573886576754047190994614396
  564.        Not Before:                        2018-10-05 16:39:41
  565.        Not After:                         2020-10-05 16:39:41
  566.        Signature Algorithm:               sha256
  567.        Public Key Algorithm:              RSA
  568.        Key Size:                          2048
  569.        Exponent:                          65537 (0x10001)
  570.        DNS Subject Alternative Names:     ['*.hmb.gov.tr', 'hmb.gov.tr']
  571.  
  572.      Trust
  573.        Hostname Validation:               FAILED - Certificate does NOT match 212.174.188.50
  574.        Android CA Store (9.0.0_r9):       OK - Certificate is trusted
  575.        Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
  576.        Java CA Store (jdk-12.0.1):        OK - Certificate is trusted
  577.        Mozilla CA Store (2019-03-14):     OK - Certificate is trusted
  578.        Windows CA Store (2019-05-27):     OK - Certificate is trusted
  579.        Symantec 2018 Deprecation:         WARNING: Certificate distrusted by Google and Mozilla on September 2018
  580.        Received Chain:                    *.hmb.gov.tr --> GlobalSign Organization Validation CA - SHA256 - G2
  581.        Verified Chain:                    *.hmb.gov.tr --> GlobalSign Organization Validation CA - SHA256 - G2 --> GlobalSign
  582.        Received Chain Contains Anchor:    OK - Anchor certificate not sent
  583.        Received Chain Order:              OK - Order is valid
  584.        Verified Chain contains SHA1:      OK - No SHA1-signed certificate in the verified certificate chain
  585.  
  586.      Extensions
  587.        OCSP Must-Staple:                  NOT SUPPORTED - Extension not found
  588.        Certificate Transparency:          OK - 3 SCTs included
  589.  
  590.      OCSP Stapling
  591.                                           NOT SUPPORTED - Server did not send back an OCSP response
  592.  
  593.  * OpenSSL Heartbleed:
  594.                                           OK - Not vulnerable to Heartbleed
  595.  
  596.  * TLSV1_1 Cipher Suites:
  597.       Server rejected all cipher suites.
  598.      Undefined - An unexpected error happened:
  599.         TLS_DH_anon_WITH_AES_256_CBC_SHA                  timeout - timed out                                        
  600.  
  601.  * TLSV1 Cipher Suites:
  602.       Server rejected all cipher suites.
  603.  
  604.  * TLSV1_2 Cipher Suites:
  605.        Forward Secrecy                    OK - Supported
  606.        RC4                                OK - Not Supported
  607.  
  608.      Preferred:
  609.         TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384                            256 bits      HTTP 301 Moved Permanently - https://www.hmb.gov.tr        
  610.      Accepted:
  611.         TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384                            256 bits      HTTP 301 Moved Permanently - https://www.hmb.gov.tr        
  612.         TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384                            256 bits      HTTP 301 Moved Permanently - https://www.hmb.gov.tr        
  613.      Undefined - An unexpected error happened:
  614.         TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256              timeout - timed out                                        
  615.  
  616.  * SSLV3 Cipher Suites:
  617.       Server rejected all cipher suites.
  618.  
  619.  
  620.  SCAN COMPLETED IN 21.22 S
  621.  -------------------------
  622. ######################################################################################################################################
  623.  1  10.243.200.1 (10.243.200.1)  134.392 ms  134.347 ms  134.330 ms
  624.  2  * * *
  625.  3  te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)  139.663 ms  141.793 ms  141.789 ms
  626.  4  be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)  139.608 ms  139.613 ms  139.515 ms
  627.  5  be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)  144.590 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)  144.586 ms  144.721 ms
  628.  6  be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105)  159.729 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1)  158.068 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105)  162.606 ms
  629.  7  be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205)  171.369 ms  171.266 ms be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209)  167.319 ms
  630.  8  be2440.agr21.ams03.atlas.cogentco.com (130.117.50.6)  175.122 ms be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241)  171.233 ms  171.173 ms
  631.  9  ntt.ams03.atlas.cogentco.com (130.117.15.130)  174.791 ms  171.340 ms  171.340 ms
  632. 10  ae-10.r24.amstnl02.nl.bb.gin.ntt.net (129.250.3.44)  167.889 ms ae-5.r25.amstnl02.nl.bb.gin.ntt.net (129.250.3.104)  172.036 ms  166.860 ms
  633. 11  ae-3.r02.amstnl02.nl.bb.gin.ntt.net (129.250.2.127)  171.617 ms  167.037 ms  174.050 ms
  634. 12  ae-0.turk-telekom.amstnl02.nl.bb.gin.ntt.net (81.20.64.102)  164.233 ms  164.355 ms  164.499 ms
  635. 13  06-ebgp-ulus1-k---302-ams-col-3.statik.turktelekom.com.tr (212.156.102.118)  227.227 ms  227.098 ms 34-acibadem-xrs-t2-2---302-ams-col-3.statik.turktelekom.com.tr (212.156.102.169)  206.432 ms
  636. 14  212.156.117.186.29-gumushane-t3-1.25-erzurum-t2-1.statik.turktelekom.com.tr (212.156.117.186)  229.970 ms 06-ulus-xrs-t2-2---06-incesu-xrs-t2-2.statik.turktelekom.com.tr (212.156.120.135)  229.396 ms 212.156.117.186.29-gumushane-t3-1.25-erzurum-t2-1.statik.turktelekom.com.tr (212.156.117.186)  227.355 ms
  637. 15  212.156.109.137.21-egil-sasx-t4-1.21-fuaralani-t4-1.statik.turktelekom.com.tr (212.156.109.137)  216.349 ms  214.957 ms 81.212.216.128.static.turktelekom.com.tr (81.212.216.128)  216.643 ms
  638. 16  81.212.215.188.static.turktelekom.com.tr (81.212.215.188)  238.606 ms  231.694 ms  231.383 ms
  639. 17  81.212.215.188.static.turktelekom.com.tr (81.212.215.188)  229.788 ms  223.884 ms  225.821 ms
  640. #######################################################################################################################################
  641. -----   hmb.gov.tr   -----
  642.  
  643.  
  644. Host's addresses:
  645. __________________
  646.  
  647. hmb.gov.tr.                              378      IN    A        212.174.188.50
  648.  
  649.  
  650. Name Servers:
  651. ______________
  652.  
  653. ns3.muhasebat.gov.tr.                    43172    IN    A        212.174.189.24
  654. ns1.muhasebat.gov.tr.                    43172    IN    A        212.174.189.29
  655.  
  656.  
  657. Mail (MX) Servers:
  658. ___________________
  659.  
  660. mailgw03.hmb.gov.tr.                     2371     IN    A        212.174.188.13
  661. mailgw02.hmb.gov.tr.                     2371     IN    A        212.174.188.12
  662. mailgw01.hmb.gov.tr.                     2371     IN    A        212.174.188.11
  663.  
  664.  
  665. Trying Zone Transfers and getting Bind Versions:
  666. _________________________________________________
  667.  
  668.  
  669. Trying Zone Transfer for hmb.gov.tr on ns3.muhasebat.gov.tr ...
  670. AXFR record query failed: NXDOMAIN
  671.  
  672. Trying Zone Transfer for hmb.gov.tr on ns1.muhasebat.gov.tr ...
  673. AXFR record query failed: REFUSED
  674.  
  675.  
  676. Scraping hmb.gov.tr subdomains from Google:
  677. ____________________________________________
  678.  
  679.  
  680.  ----   Google search page: 1   ----
  681.  
  682.  
  683.  ----   Google search page: 2   ----
  684.  
  685.  
  686.  ----   Google search page: 3   ----
  687.  
  688.  
  689.  ----   Google search page: 4   ----
  690.  
  691.  
  692.  ----   Google search page: 5   ----
  693.  
  694.  
  695.  
  696. Google Results:
  697. ________________
  698.  
  699.   perhaps Google is blocking our queries.
  700.  Check manually.
  701.  
  702.  
  703. Brute forcing with /usr/share/dnsenum/dns.txt:
  704. _______________________________________________
  705.  
  706. mail.hmb.gov.tr.                         2330     IN    A        212.174.188.10
  707. ns1.hmb.gov.tr.                          1969     IN    A        212.174.189.24
  708. ns2.hmb.gov.tr.                          1969     IN    A        212.174.189.29
  709. portal.hmb.gov.tr.                       2353     IN    A        193.25.125.60
  710. vpn.hmb.gov.tr.                          1959     IN    A        212.174.189.60
  711. webmail.hmb.gov.tr.                      1958     IN    A        212.174.188.9
  712. www.hmb.gov.tr.                          1523     IN    A        212.174.188.50
  713.  
  714.  
  715. Launching Whois Queries:
  716. _________________________
  717.  
  718.  whois ip result:   212.174.188.0      ->      212.174.188.0/24
  719.  whois ip result:   212.174.189.0      ->      212.174.189.0/26
  720.  whois ip result:   193.25.125.0       ->      193.25.124.0/23
  721.  
  722.  
  723. hmb.gov.tr__________
  724.  
  725.  193.25.124.0/23
  726.  212.174.189.0/26
  727.  212.174.188.0/24
  728.  
  729.  
  730. Performing reverse lookup on 832 ip addresses:
  731. _______________________________________________
  732.  
  733. 7.189.174.212.in-addr.arpa.              3600     IN    PTR      apigw.hmb.gov.tr.
  734. 24.189.174.212.in-addr.arpa.             3600     IN    PTR      ns1.hmb.gov.tr.
  735. 29.189.174.212.in-addr.arpa.             3600     IN    PTR      ns2.hmb.gov.tr.
  736. 60.189.174.212.in-addr.arpa.             3600     IN    PTR      vpn.hmb.gov.tr.
  737.  
  738. 4 results out of 832 IP addresses.
  739.  
  740.  
  741. hmb.gov.tr ip blocks:
  742. ______________________
  743.  
  744.  212.174.189.7/32
  745.  212.174.189.24/32
  746.  212.174.189.29/32
  747.  212.174.189.60/32
  748.  
  749. #######################################################################################################################################
  750.  
  751. Domains still to check: 1
  752.     Checking if the hostname hmb.gov.tr. given is in fact a domain...
  753.  
  754. Analyzing domain: hmb.gov.tr.
  755.     Checking NameServers using system default resolver...
  756.         IP: 212.174.189.29 (Turkey)
  757.             HostName: ns1.muhasebat.gov.tr          Type: NS
  758.             HostName: 212.174.189.29.static.ttnet.com.tr        Type: PTR
  759.         IP: 212.174.189.24 (Turkey)
  760.             HostName: ns3.muhasebat.gov.tr          Type: NS
  761.             HostName: 212.174.189.24.static.ttnet.com.tr        Type: PTR
  762.  
  763.     Checking MailServers using system default resolver...
  764.         IP: 212.174.188.13 (Turkey)
  765.             HostName: mailgw03.hmb.gov.tr           Type: MX
  766.             HostName: mailgw03.hmb.gov.tr           Type: PTR
  767.         IP: 212.174.188.12 (Turkey)
  768.             HostName: mailgw02.hmb.gov.tr           Type: MX
  769.             HostName: mailgw02.maliye.gov.tr            Type: PTR
  770.         IP: 212.174.188.11 (Turkey)
  771.             HostName: mailgw01.hmb.gov.tr           Type: MX
  772.             HostName: mailgw01.maliye.gov.tr            Type: PTR
  773.  
  774.     Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
  775.         No zone transfer found on nameserver 212.174.189.24
  776.         No zone transfer found on nameserver 212.174.189.29
  777.  
  778.     Checking SPF record...
  779.         New hostname found: mailgw01
  780.         New hostname found: mailgw02
  781.         New hostname found: mailgw03
  782.         New hostname found: mailgw04
  783.  
  784.     Checking 196 most common hostnames using system default resolver...
  785.         IP: 212.174.188.50 (Turkey)
  786.             HostName: www.hmb.gov.tr.           Type: A
  787.         IP: 212.174.188.10 (Turkey)
  788.             HostName: mail.hmb.gov.tr.          Type: A
  789.         IP: 212.174.189.24 (Turkey)
  790.             HostName: ns3.muhasebat.gov.tr          Type: NS
  791.             HostName: 212.174.189.24.static.ttnet.com.tr        Type: PTR
  792.             HostName: ns1.hmb.gov.tr.           Type: A
  793.         IP: 212.174.189.29 (Turkey)
  794.             HostName: ns1.muhasebat.gov.tr          Type: NS
  795.             HostName: 212.174.189.29.static.ttnet.com.tr        Type: PTR
  796.             HostName: ns2.hmb.gov.tr.           Type: A
  797.         IP: 212.174.188.9 (Turkey)
  798.             HostName: webmail.hmb.gov.tr.           Type: A
  799.         IP: 212.174.188.11 (Turkey)
  800.             HostName: mailgw01.hmb.gov.tr           Type: MX
  801.             HostName: mailgw01.maliye.gov.tr            Type: PTR
  802.             HostName: mailgw01.hmb.gov.tr.          Type: A
  803.         IP: 212.174.188.12 (Turkey)
  804.             HostName: mailgw02.hmb.gov.tr           Type: MX
  805.             HostName: mailgw02.maliye.gov.tr            Type: PTR
  806.             HostName: mailgw02.hmb.gov.tr.          Type: A
  807.         IP: 212.174.188.13 (Turkey)
  808.             HostName: mailgw03.hmb.gov.tr           Type: MX
  809.             HostName: mailgw03.hmb.gov.tr           Type: PTR
  810.             HostName: mailgw03.hmb.gov.tr.          Type: A
  811.         IP: 212.174.188.15 (Turkey)
  812.             HostName: mailgw04.hmb.gov.tr.          Type: A
  813.  
  814.     Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
  815.         Checking netblock 212.174.188.0
  816.         Checking netblock 212.174.189.0
  817.  
  818.     Searching for hmb.gov.tr. emails in Google
  819.         dhdb_sostes@hmb.gov.tr.
  820.         istanbuldef@hmb.gov.tr.
  821.         sancaktepemm@hmb.gov.tr.
  822.  
  823.     Checking 9 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
  824.         Host 212.174.188.9 is up (reset ttl 64)
  825.         Host 212.174.188.12 is up (reset ttl 64)
  826.         Host 212.174.188.11 is up (reset ttl 64)
  827.         Host 212.174.188.10 is up (reset ttl 64)
  828.         Host 212.174.188.13 is up (reset ttl 64)
  829.         Host 212.174.189.24 is up (reset ttl 64)
  830.         Host 212.174.188.15 is up (reset ttl 64)
  831.         Host 212.174.188.50 is up (reset ttl 64)
  832.         Host 212.174.189.29 is up (reset ttl 64)
  833.  
  834.     Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
  835.         Scanning ip 212.174.188.9 (webmail.hmb.gov.tr.):
  836.             80/tcp  open   http-proxy   syn-ack ttl 236 F5 BIG-IP load balancer http proxy
  837.                 | http-methods:
  838.                 |_  Supported Methods: GET HEAD POST OPTIONS
  839.                 |_http-server-header: BigIP
  840.                 |_http-title: Did not follow redirect to https://212.174.188.9/
  841.                 |_https-redirect: ERROR: Script execution failed (use -d to debug)
  842.             443/tcp open   ssl/https?   syn-ack ttl 236
  843.                 |_http-favicon: Unknown favicon MD5: 486373B021971D0A95AF04C811799E21
  844.                 | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
  845.                 | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
  846.                 | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  847.                 | Public Key type: rsa
  848.                 | Public Key bits: 2048
  849.                 | Signature Algorithm: sha256WithRSAEncryption
  850.                 | Not valid before: 2018-10-05T16:39:41
  851.                 | Not valid after:  2020-10-05T16:39:41
  852.                 | MD5:   d9a6 828e 3cb7 f9b5 8a71 1d50 fb89 5033
  853.                 |_SHA-1: 97a7 ad85 2f9f e53d bae7 97aa bdee f469 cbd3 8cef
  854.                 |_ssl-date: TLS randomness does not represent time
  855.                 Device type: general purpose|WAP
  856.             OS Info: Service Info: Device: load balancer
  857.         Scanning ip 212.174.188.12 (mailgw02.hmb.gov.tr.):
  858.         Scanning ip 212.174.188.11 (mailgw01.hmb.gov.tr.):
  859.             80/tcp  open   http         syn-ack ttl 109 Microsoft IIS httpd 7.5
  860.                 | http-methods:
  861.                 |_  Supported Methods: GET HEAD POST OPTIONS
  862.                 |_http-server-header: Microsoft-IIS/7.5
  863.                 |_http-title: Did not follow redirect to https://mail.muhasebat.gov.tr/owa
  864.             443/tcp open   ssl/https?   syn-ack ttl 112
  865.                 |_ssl-date: 2019-11-19T17:14:46+00:00; -44s from scanner time.
  866.                 Device type: general purpose|WAP
  867.                 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista (85%)
  868.             OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  869.                 |_clock-skew: -44s
  870.         Scanning ip 212.174.188.10 (mail.hmb.gov.tr.):
  871.             80/tcp  open   http-proxy     syn-ack ttl 239 F5 BIG-IP load balancer http proxy
  872.                 | http-methods:
  873.                 |_  Supported Methods: GET HEAD POST OPTIONS
  874.                 |_http-server-header: BigIP
  875.                 |_http-title: Did not follow redirect to https://212.174.188.10/
  876.                 |_https-redirect: ERROR: Script execution failed (use -d to debug)
  877.             443/tcp open   ssl/http-proxy syn-ack ttl 236 F5 BIG-IP load balancer http proxy
  878.                 | http-methods:
  879.                 |_  Supported Methods: GET HEAD POST OPTIONS
  880.                 |_http-server-header: BigIP
  881.                 | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
  882.                 | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
  883.                 | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  884.                 | Public Key type: rsa
  885.                 | Public Key bits: 2048
  886.                 | Signature Algorithm: sha256WithRSAEncryption
  887.                 | Not valid before: 2018-10-05T16:39:41
  888.                 | Not valid after:  2020-10-05T16:39:41
  889.                 | MD5:   d9a6 828e 3cb7 f9b5 8a71 1d50 fb89 5033
  890.                 |_SHA-1: 97a7 ad85 2f9f e53d bae7 97aa bdee f469 cbd3 8cef
  891.                 |_ssl-date: TLS randomness does not represent time
  892.                 Device type: general purpose|WAP
  893.             OS Info: Service Info: Device: load balancer
  894.         Scanning ip 212.174.188.13 (mailgw03.hmb.gov.tr.):
  895.         Scanning ip 212.174.189.24 (ns1.hmb.gov.tr.):
  896.             53/tcp  open   domain       syn-ack ttl 110 Microsoft DNS 6.1.7601 (1DB15EC5) (Windows Server 2008 R2 SP1)
  897.                 | dns-nsid:
  898.                 |_  bind.version: Microsoft DNS 6.1.7601 (1DB15EC5)
  899.                 Device type: general purpose|WAP
  900.                 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista (86%)
  901.             OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1
  902.         Scanning ip 212.174.188.15 (mailgw04.hmb.gov.tr.):
  903.         Scanning ip 212.174.188.50 (www.hmb.gov.tr.):
  904.             80/tcp  open   http         syn-ack ttl 43 nginx
  905.                 | http-methods:
  906.                 |_  Supported Methods: GET HEAD POST OPTIONS
  907.                 |_http-title: Did not follow redirect to https://www.hmb.gov.tr
  908.             443/tcp open   ssl/http     syn-ack ttl 43 nginx
  909.                 | http-methods:
  910.                 |_  Supported Methods: GET HEAD POST OPTIONS
  911.                 |_http-title: Did not follow redirect to https://www.hmb.gov.tr
  912.                 | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
  913.                 | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
  914.                 | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  915.                 | Public Key type: rsa
  916.                 | Public Key bits: 2048
  917.                 | Signature Algorithm: sha256WithRSAEncryption
  918.                 | Not valid before: 2018-10-05T16:39:41
  919.                 | Not valid after:  2020-10-05T16:39:41
  920.                 | MD5:   d9a6 828e 3cb7 f9b5 8a71 1d50 fb89 5033
  921.                 |_SHA-1: 97a7 ad85 2f9f e53d bae7 97aa bdee f469 cbd3 8cef
  922.                 Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (91%)
  923.         Scanning ip 212.174.189.29 (ns2.hmb.gov.tr.):
  924.             53/tcp  open   domain       syn-ack ttl 110 Microsoft DNS 6.1.7601 (1DB15F75) (Windows Server 2008 R2 SP1)
  925.                 | dns-nsid:
  926.                 |_  bind.version: Microsoft DNS 6.1.7601 (1DB15F75)
  927.                 Device type: general purpose|WAP
  928.                 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista|8.1 (86%)
  929.             OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1
  930.     WebCrawling domain's web servers... up to 50 max links.
  931.  
  932.     + URL to crawl: http://webmail.hmb.gov.tr.
  933.     + Date: 2019-11-19
  934.  
  935.     + Crawling URL: http://webmail.hmb.gov.tr.:
  936.         + Links:
  937.             + Crawling http://webmail.hmb.gov.tr.
  938.         + Searching for directories...
  939.         + Searching open folders...
  940.  
  941.  
  942.     + URL to crawl: http://mailgw01.hmb.gov.tr.
  943.     + Date: 2019-11-19
  944.  
  945.     + Crawling URL: http://mailgw01.hmb.gov.tr.:
  946.         + Links:
  947.             + Crawling http://mailgw01.hmb.gov.tr.  (400 Bad Request)
  948.         + Searching for directories...
  949.         + Searching open folders...
  950.  
  951.  
  952.     + URL to crawl: http://mailgw01.hmb.gov.tr
  953.     + Date: 2019-11-19
  954.  
  955.     + Crawling URL: http://mailgw01.hmb.gov.tr:
  956.         + Links:
  957.             + Crawling http://mailgw01.hmb.gov.tr  ([SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:727))
  958.         + Searching for directories...
  959.         + Searching open folders...
  960.  
  961.  
  962.     + URL to crawl: http://mail.hmb.gov.tr.
  963.     + Date: 2019-11-19
  964.  
  965.     + Crawling URL: http://mail.hmb.gov.tr.:
  966.         + Links:
  967.             + Crawling http://mail.hmb.gov.tr.
  968.         + Searching for directories...
  969.         + Searching open folders...
  970.  
  971.  
  972.     + URL to crawl: http://mail.hmb.gov.tr.:443
  973.     + Date: 2019-11-19
  974.  
  975.     + Crawling URL: http://mail.hmb.gov.tr.:443:
  976.         + Links:
  977.             + Crawling http://mail.hmb.gov.tr.:443
  978.         + Searching for directories...
  979.         + Searching open folders...
  980.  
  981.  
  982.     + URL to crawl: http://www.hmb.gov.tr.
  983.     + Date: 2019-11-19
  984.  
  985.     + Crawling URL: http://www.hmb.gov.tr.:
  986.         + Links:
  987.             + Crawling http://www.hmb.gov.tr.
  988.             + Crawling http://www.hmb.gov.tr./manifest.json (File! Not crawling it.)
  989.             + Crawling http://www.hmb.gov.tr./yandex-browser-manifest.json (File! Not crawling it.)
  990.         + Searching for directories...
  991.             - Found: http://www.hmb.gov.tr./assets/
  992.         + Searching open folders...
  993.             - http://www.hmb.gov.tr./assets/ (403 Forbidden)
  994.  
  995.  
  996.     + URL to crawl: https://www.hmb.gov.tr.
  997.     + Date: 2019-11-19
  998.  
  999.     + Crawling URL: https://www.hmb.gov.tr.:
  1000.         + Links:
  1001.             + Crawling https://www.hmb.gov.tr.
  1002.         + Searching for directories...
  1003.         + Searching open folders...
  1004.  
  1005. --Finished--
  1006. Summary information for domain hmb.gov.tr.
  1007. -----------------------------------------
  1008.     Domain Specific Information:
  1009.         Email: dhdb_sostes@hmb.gov.tr.
  1010.         Email: istanbuldef@hmb.gov.tr.
  1011.         Email: sancaktepemm@hmb.gov.tr.
  1012.  
  1013.     Domain Ips Information:
  1014.         IP: 212.174.188.9
  1015.             HostName: webmail.hmb.gov.tr.           Type: A
  1016.             Country: Turkey
  1017.             Is Active: True (reset ttl 64)
  1018.             Port: 80/tcp  open   http-proxy   syn-ack ttl 236 F5 BIG-IP load balancer http proxy
  1019.                 Script Info: | http-methods:
  1020.                 Script Info: |_  Supported Methods: GET HEAD POST OPTIONS
  1021.                 Script Info: |_http-server-header: BigIP
  1022.                 Script Info: |_http-title: Did not follow redirect to https://212.174.188.9/
  1023.                 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
  1024.             Port: 443/tcp open   ssl/https?   syn-ack ttl 236
  1025.                 Script Info: |_http-favicon: Unknown favicon MD5: 486373B021971D0A95AF04C811799E21
  1026.                 Script Info: | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
  1027.                 Script Info: | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
  1028.                 Script Info: | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  1029.                 Script Info: | Public Key type: rsa
  1030.                 Script Info: | Public Key bits: 2048
  1031.                 Script Info: | Signature Algorithm: sha256WithRSAEncryption
  1032.                 Script Info: | Not valid before: 2018-10-05T16:39:41
  1033.                 Script Info: | Not valid after:  2020-10-05T16:39:41
  1034.                 Script Info: | MD5:   d9a6 828e 3cb7 f9b5 8a71 1d50 fb89 5033
  1035.                 Script Info: |_SHA-1: 97a7 ad85 2f9f e53d bae7 97aa bdee f469 cbd3 8cef
  1036.                 Script Info: |_ssl-date: TLS randomness does not represent time
  1037.                 Script Info: Device type: general purpose|WAP
  1038.             Os Info:  Device: load balancer
  1039.         IP: 212.174.188.12
  1040.             HostName: mailgw02.hmb.gov.tr           Type: MX
  1041.             HostName: mailgw02.maliye.gov.tr            Type: PTR
  1042.             HostName: mailgw02.hmb.gov.tr.          Type: A
  1043.             Country: Turkey
  1044.             Is Active: True (reset ttl 64)
  1045.         IP: 212.174.188.11
  1046.             HostName: mailgw01.hmb.gov.tr           Type: MX
  1047.             HostName: mailgw01.maliye.gov.tr            Type: PTR
  1048.             HostName: mailgw01.hmb.gov.tr.          Type: A
  1049.             Country: Turkey
  1050.             Is Active: True (reset ttl 64)
  1051.             Port: 80/tcp  open   http         syn-ack ttl 109 Microsoft IIS httpd 7.5
  1052.                 Script Info: | http-methods:
  1053.                 Script Info: |_  Supported Methods: GET HEAD POST OPTIONS
  1054.                 Script Info: |_http-server-header: Microsoft-IIS/7.5
  1055.                 Script Info: |_http-title: Did not follow redirect to https://mail.muhasebat.gov.tr/owa
  1056.             Port: 443/tcp open   ssl/https?   syn-ack ttl 112
  1057.                 Script Info: |_ssl-date: 2019-11-19T17:14:46+00:00; -44s from scanner time.
  1058.                 Script Info: Device type: general purpose|WAP
  1059.                 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista (85%)
  1060.             Os Info:  OS: Windows; CPE: cpe:/o:microsoft:windows
  1061.                 Script Info: |_clock-skew: -44s
  1062.         IP: 212.174.188.10
  1063.             HostName: mail.hmb.gov.tr.          Type: A
  1064.             Country: Turkey
  1065.             Is Active: True (reset ttl 64)
  1066.             Port: 80/tcp  open   http-proxy     syn-ack ttl 239 F5 BIG-IP load balancer http proxy
  1067.                 Script Info: | http-methods:
  1068.                 Script Info: |_  Supported Methods: GET HEAD POST OPTIONS
  1069.                 Script Info: |_http-server-header: BigIP
  1070.                 Script Info: |_http-title: Did not follow redirect to https://212.174.188.10/
  1071.                 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
  1072.             Port: 443/tcp open   ssl/http-proxy syn-ack ttl 236 F5 BIG-IP load balancer http proxy
  1073.                 Script Info: | http-methods:
  1074.                 Script Info: |_  Supported Methods: GET HEAD POST OPTIONS
  1075.                 Script Info: |_http-server-header: BigIP
  1076.                 Script Info: | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
  1077.                 Script Info: | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
  1078.                 Script Info: | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  1079.                 Script Info: | Public Key type: rsa
  1080.                 Script Info: | Public Key bits: 2048
  1081.                 Script Info: | Signature Algorithm: sha256WithRSAEncryption
  1082.                 Script Info: | Not valid before: 2018-10-05T16:39:41
  1083.                 Script Info: | Not valid after:  2020-10-05T16:39:41
  1084.                 Script Info: | MD5:   d9a6 828e 3cb7 f9b5 8a71 1d50 fb89 5033
  1085.                 Script Info: |_SHA-1: 97a7 ad85 2f9f e53d bae7 97aa bdee f469 cbd3 8cef
  1086.                 Script Info: |_ssl-date: TLS randomness does not represent time
  1087.                 Script Info: Device type: general purpose|WAP
  1088.             Os Info:  Device: load balancer
  1089.         IP: 212.174.188.13
  1090.             HostName: mailgw03.hmb.gov.tr           Type: MX
  1091.             HostName: mailgw03.hmb.gov.tr           Type: PTR
  1092.             HostName: mailgw03.hmb.gov.tr.          Type: A
  1093.             Country: Turkey
  1094.             Is Active: True (reset ttl 64)
  1095.         IP: 212.174.189.24
  1096.             HostName: ns3.muhasebat.gov.tr          Type: NS
  1097.             HostName: 212.174.189.24.static.ttnet.com.tr        Type: PTR
  1098.             HostName: ns1.hmb.gov.tr.           Type: A
  1099.             Country: Turkey
  1100.             Is Active: True (reset ttl 64)
  1101.             Port: 53/tcp  open   domain       syn-ack ttl 110 Microsoft DNS 6.1.7601 (1DB15EC5) (Windows Server 2008 R2 SP1)
  1102.                 Script Info: | dns-nsid:
  1103.                 Script Info: |_  bind.version: Microsoft DNS 6.1.7601 (1DB15EC5)
  1104.                 Script Info: Device type: general purpose|WAP
  1105.                 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista (86%)
  1106.             Os Info:  OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1
  1107.         IP: 212.174.188.15
  1108.             HostName: mailgw04.hmb.gov.tr.          Type: A
  1109.             Country: Turkey
  1110.             Is Active: True (reset ttl 64)
  1111.         IP: 212.174.188.50
  1112.             HostName: www.hmb.gov.tr.           Type: A
  1113.             Country: Turkey
  1114.             Is Active: True (reset ttl 64)
  1115.             Port: 80/tcp  open   http         syn-ack ttl 43 nginx
  1116.                 Script Info: | http-methods:
  1117.                 Script Info: |_  Supported Methods: GET HEAD POST OPTIONS
  1118.                 Script Info: |_http-title: Did not follow redirect to https://www.hmb.gov.tr
  1119.             Port: 443/tcp open   ssl/http     syn-ack ttl 43 nginx
  1120.                 Script Info: | http-methods:
  1121.                 Script Info: |_  Supported Methods: GET HEAD POST OPTIONS
  1122.                 Script Info: |_http-title: Did not follow redirect to https://www.hmb.gov.tr
  1123.                 Script Info: | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
  1124.                 Script Info: | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
  1125.                 Script Info: | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
  1126.                 Script Info: | Public Key type: rsa
  1127.                 Script Info: | Public Key bits: 2048
  1128.                 Script Info: | Signature Algorithm: sha256WithRSAEncryption
  1129.                 Script Info: | Not valid before: 2018-10-05T16:39:41
  1130.                 Script Info: | Not valid after:  2020-10-05T16:39:41
  1131.                 Script Info: | MD5:   d9a6 828e 3cb7 f9b5 8a71 1d50 fb89 5033
  1132.                 Script Info: |_SHA-1: 97a7 ad85 2f9f e53d bae7 97aa bdee f469 cbd3 8cef
  1133.                 Script Info: Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (91%)
  1134.         IP: 212.174.189.29
  1135.             HostName: ns1.muhasebat.gov.tr          Type: NS
  1136.             HostName: 212.174.189.29.static.ttnet.com.tr        Type: PTR
  1137.             HostName: ns2.hmb.gov.tr.           Type: A
  1138.             Country: Turkey
  1139.             Is Active: True (reset ttl 64)
  1140.             Port: 53/tcp  open   domain       syn-ack ttl 110 Microsoft DNS 6.1.7601 (1DB15F75) (Windows Server 2008 R2 SP1)
  1141.                 Script Info: | dns-nsid:
  1142.                 Script Info: |_  bind.version: Microsoft DNS 6.1.7601 (1DB15F75)
  1143.                 Script Info: Device type: general purpose|WAP
  1144.                 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista|8.1 (86%)
  1145.             Os Info:  OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1
  1146.  
  1147. --------------End Summary --------------
  1148. -----------------------------------------
  1149. ################################################################################################################################
  1150. Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-19 12:31 EST
  1151. Nmap scan report for 212.174.188.50
  1152. Host is up (0.17s latency).
  1153. Not shown: 998 filtered ports
  1154. PORT    STATE SERVICE
  1155. 80/tcp  open  http
  1156. 443/tcp open  https
  1157. #######################################################################################################################################
  1158. Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-19 12:34 EST
  1159. Nmap scan report for 212.174.188.50
  1160. Host is up (0.16s latency).
  1161. Not shown: 995 filtered ports
  1162. PORT    STATE  SERVICE
  1163. 25/tcp  closed smtp
  1164. 80/tcp  open   http
  1165. 139/tcp closed netbios-ssn
  1166. 443/tcp open   https
  1167. 445/tcp closed microsoft-ds
  1168. ######################################################################################################################################
  1169. Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-19 12:25 EST
  1170. Nmap scan report for 212.174.188.50
  1171. Host is up (0.20s latency).
  1172. Not shown: 995 filtered ports
  1173. PORT    STATE  SERVICE      VERSION
  1174. 25/tcp  closed smtp
  1175. 80/tcp  open   http         nginx
  1176. |_http-title: Did not follow redirect to https://www.hmb.gov.tr
  1177. 139/tcp closed netbios-ssn
  1178. 443/tcp open   ssl/http     nginx
  1179. |_http-title: Did not follow redirect to https://www.hmb.gov.tr
  1180. | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
  1181. | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
  1182. | Not valid before: 2018-10-05T16:39:41
  1183. |_Not valid after:  2020-10-05T16:39:41
  1184. 445/tcp closed microsoft-ds
  1185. Device type: general purpose
  1186. Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (91%)
  1187. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4.0 cpe:/o:linux:linux_kernel:3.10
  1188. Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), Linux 4.0 (87%), Linux 4.4 (86%), Linux 3.10 (86%), Linux 3.10 - 3.16 (86%), Linux 3.10 - 4.11 (85%), Linux 4.9 (85%), Linux 3.10 - 3.12 (85%)
  1189. No exact OS matches for host (test conditions non-ideal).
  1190. ######################################################################################################################################
  1191. root@kali:~# nmap -A 212.174.188.50
  1192. Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-19 12:28 EST
  1193. Nmap scan report for 212.174.188.50
  1194. Host is up (0.15s latency).
  1195. Not shown: 995 filtered ports
  1196. PORT    STATE  SERVICE      VERSION
  1197. 25/tcp  closed smtp
  1198. 80/tcp  open   http         nginx
  1199. |_http-title: Did not follow redirect to https://www.hmb.gov.tr
  1200. 139/tcp closed netbios-ssn
  1201. 443/tcp open   ssl/http     nginx
  1202. |_http-title: Did not follow redirect to https://www.hmb.gov.tr
  1203. | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
  1204. | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
  1205. | Not valid before: 2018-10-05T16:39:41
  1206. |_Not valid after:  2020-10-05T16:39:41
  1207. 445/tcp closed microsoft-ds
  1208. Device type: general purpose
  1209. Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (91%)
  1210. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
  1211. Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), Linux 3.10 - 4.11 (85%), Linux 4.0 (85%), Linux 4.4 (85%)
  1212. No exact OS matches for host (test conditions non-ideal).
  1213. Network Distance: 2 hops
  1214.  
  1215. TRACEROUTE (using port 445/tcp)
  1216. HOP RTT       ADDRESS
  1217. 1   137.86 ms 10.243.200.1
  1218. 2   137.85 ms 212.174.188.50
  1219. #######################################################################################################################################
  1220. Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-19 12:35 EST
  1221. Nmap scan report for 212.174.188.50
  1222. Host is up (0.16s latency).
  1223. Not shown: 995 filtered ports
  1224. PORT    STATE  SERVICE      VERSION
  1225. 25/tcp  closed smtp
  1226. 80/tcp  open   http         nginx
  1227. | vulscan: VulDB - https://vuldb.com:
  1228. | [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
  1229. | [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
  1230. | [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
  1231. | [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
  1232. | [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
  1233. | [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
  1234. | [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
  1235. | [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
  1236. | [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
  1237. | [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
  1238. | [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
  1239. | [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
  1240. | [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
  1241. | [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
  1242. | [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
  1243. | [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
  1244. | [67677] nginx up to 1.7.3 SSL weak authentication
  1245. | [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
  1246. | [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
  1247. | [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
  1248. | [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
  1249. | [65364] nginx up to 1.1.13 Default Configuration information disclosure
  1250. | [8671] nginx up to 1.4 proxy_pass denial of service
  1251. | [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
  1252. | [7247] nginx 1.2.6 Proxy Function spoofing
  1253. | [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
  1254. | [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
  1255. | [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
  1256. | [59645] nginx up to 0.8.9 Heap-based memory corruption
  1257. | [53592] nginx 0.8.36 memory corruption
  1258. | [53590] nginx up to 0.8.9 unknown vulnerability
  1259. | [51533] nginx 0.7.64 Terminal privilege escalation
  1260. | [50905] nginx up to 0.8.9 directory traversal
  1261. | [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
  1262. | [50043] nginx up to 0.8.10 memory corruption
  1263. |
  1264. | MITRE CVE - https://cve.mitre.org:
  1265. | [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
  1266. | [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
  1267. | [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
  1268. | [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
  1269. | [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
  1270. | [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
  1271. | [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
  1272. | [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
  1273. | [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
  1274. | [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
  1275. | [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
  1276. | [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
  1277. | [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
  1278. |
  1279. | SecurityFocus - https://www.securityfocus.com/bid/:
  1280. | [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
  1281. | [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
  1282. | [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
  1283. | [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
  1284. | [82230] nginx Multiple Denial of Service Vulnerabilities
  1285. | [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
  1286. | [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
  1287. | [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
  1288. | [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
  1289. | [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
  1290. | [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
  1291. | [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
  1292. | [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
  1293. | [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
  1294. | [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
  1295. | [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
  1296. | [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
  1297. | [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
  1298. | [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
  1299. | [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
  1300. | [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
  1301. | [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
  1302. | [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
  1303. | [40434] nginx Space String Remote Source Code Disclosure Vulnerability
  1304. | [40420] nginx Directory Traversal Vulnerability
  1305. | [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
  1306. | [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
  1307. | [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
  1308. | [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
  1309. | [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
  1310. |
  1311. | IBM X-Force - https://exchange.xforce.ibmcloud.com:
  1312. | [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
  1313. | [84172] nginx denial of service
  1314. | [84048] nginx buffer overflow
  1315. | [83923] nginx ngx_http_close_connection() integer overflow
  1316. | [83688] nginx null byte code execution
  1317. | [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
  1318. | [82319] nginx access.log information disclosure
  1319. | [80952] nginx SSL spoofing
  1320. | [77244] nginx and Microsoft Windows request security bypass
  1321. | [76778] Naxsi module for Nginx nx_extract.py directory traversal
  1322. | [74831] nginx ngx_http_mp4_module.c buffer overflow
  1323. | [74191] nginx ngx_cpystrn() information disclosure
  1324. | [74045] nginx header response information disclosure
  1325. | [71355] nginx ngx_resolver_copy() buffer overflow
  1326. | [59370] nginx characters denial of service
  1327. | [59369] nginx DATA source code disclosure
  1328. | [59047] nginx space source code disclosure
  1329. | [58966] nginx unspecified directory traversal
  1330. | [54025] nginx ngx_http_parse.c denial of service
  1331. | [53431] nginx WebDAV component directory traversal
  1332. | [53328] Nginx CRC-32 cached domain name spoofing
  1333. | [53250] Nginx ngx_http_parse_complex_uri() function code execution
  1334. |
  1335. | Exploit-DB - https://www.exploit-db.com:
  1336. | [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
  1337. | [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
  1338. | [25499] nginx 1.3.9-1.4.0 DoS PoC
  1339. | [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
  1340. | [14830] nginx 0.6.38 - Heap Corruption Exploit
  1341. | [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
  1342. | [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
  1343. | [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
  1344. | [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
  1345. | [9829] nginx 0.7.61 WebDAV directory traversal
  1346. |
  1347. | OpenVAS (Nessus) - http://www.openvas.org:
  1348. | [864418] Fedora Update for nginx FEDORA-2012-3846
  1349. | [864310] Fedora Update for nginx FEDORA-2012-6238
  1350. | [864209] Fedora Update for nginx FEDORA-2012-6411
  1351. | [864204] Fedora Update for nginx FEDORA-2012-6371
  1352. | [864121] Fedora Update for nginx FEDORA-2012-4006
  1353. | [864115] Fedora Update for nginx FEDORA-2012-3991
  1354. | [864065] Fedora Update for nginx FEDORA-2011-16075
  1355. | [863654] Fedora Update for nginx FEDORA-2011-16110
  1356. | [861232] Fedora Update for nginx FEDORA-2007-1158
  1357. | [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
  1358. | [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
  1359. | [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
  1360. | [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
  1361. | [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
  1362. | [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
  1363. | [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
  1364. | [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
  1365. | [100659] nginx Directory Traversal Vulnerability
  1366. | [100658] nginx Space String Remote Source Code Disclosure Vulnerability
  1367. | [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
  1368. | [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
  1369. | [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
  1370. | [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
  1371. | [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
  1372. | [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
  1373. | [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
  1374. | [71297] FreeBSD Ports: nginx
  1375. | [71276] FreeBSD Ports: nginx
  1376. | [71239] Debian Security Advisory DSA 2434-1 (nginx)
  1377. | [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
  1378. | [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
  1379. | [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
  1380. | [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
  1381. | [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
  1382. | [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
  1383. | [64894] FreeBSD Ports: nginx
  1384. | [64869] Debian Security Advisory DSA 1884-1 (nginx)
  1385. |
  1386. | SecurityTracker - https://www.securitytracker.com:
  1387. | [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
  1388. | [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
  1389. | [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
  1390. | [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
  1391. |
  1392. | OSVDB - http://www.osvdb.org:
  1393. | [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
  1394. | [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
  1395. | [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
  1396. | [92796] nginx ngx_http_close_connection Function Crafted r-&gt
  1397. | [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
  1398. | [90518] nginx Log Directory Permission Weakness Local Information Disclosure
  1399. | [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
  1400. | [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
  1401. | [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
  1402. | [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
  1403. | [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
  1404. | [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
  1405. | [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
  1406. | [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
  1407. | [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
  1408. | [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
  1409. | [62617] nginx Internal DNS Cache Poisoning Weakness
  1410. | [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
  1411. | [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
  1412. | [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
  1413. | [58128] nginx ngx_http_parse_complex_uri() Function Underflow
  1414. | [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
  1415. | [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
  1416. | [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
  1417. | [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
  1418. | [44443] nginx (engine x) rtsig Method Signal Queue Overflow
  1419. | [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
  1420. |_
  1421. 139/tcp closed netbios-ssn
  1422. 443/tcp open   ssl/http     nginx
  1423. | vulscan: VulDB - https://vuldb.com:
  1424. | [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
  1425. | [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
  1426. | [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
  1427. | [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
  1428. | [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
  1429. | [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
  1430. | [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
  1431. | [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
  1432. | [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
  1433. | [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
  1434. | [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
  1435. | [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
  1436. | [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
  1437. | [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
  1438. | [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
  1439. | [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
  1440. | [67677] nginx up to 1.7.3 SSL weak authentication
  1441. | [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
  1442. | [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
  1443. | [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
  1444. | [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
  1445. | [65364] nginx up to 1.1.13 Default Configuration information disclosure
  1446. | [8671] nginx up to 1.4 proxy_pass denial of service
  1447. | [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
  1448. | [7247] nginx 1.2.6 Proxy Function spoofing
  1449. | [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
  1450. | [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
  1451. | [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
  1452. | [59645] nginx up to 0.8.9 Heap-based memory corruption
  1453. | [53592] nginx 0.8.36 memory corruption
  1454. | [53590] nginx up to 0.8.9 unknown vulnerability
  1455. | [51533] nginx 0.7.64 Terminal privilege escalation
  1456. | [50905] nginx up to 0.8.9 directory traversal
  1457. | [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
  1458. | [50043] nginx up to 0.8.10 memory corruption
  1459. |
  1460. | MITRE CVE - https://cve.mitre.org:
  1461. | [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
  1462. | [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
  1463. | [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
  1464. | [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
  1465. | [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
  1466. | [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
  1467. | [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
  1468. | [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
  1469. | [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
  1470. | [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
  1471. | [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
  1472. | [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
  1473. | [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
  1474. |
  1475. | SecurityFocus - https://www.securityfocus.com/bid/:
  1476. | [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
  1477. | [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
  1478. | [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
  1479. | [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
  1480. | [82230] nginx Multiple Denial of Service Vulnerabilities
  1481. | [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
  1482. | [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
  1483. | [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
  1484. | [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
  1485. | [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
  1486. | [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
  1487. | [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
  1488. | [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
  1489. | [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
  1490. | [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
  1491. | [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
  1492. | [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
  1493. | [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
  1494. | [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
  1495. | [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
  1496. | [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
  1497. | [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
  1498. | [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
  1499. | [40434] nginx Space String Remote Source Code Disclosure Vulnerability
  1500. | [40420] nginx Directory Traversal Vulnerability
  1501. | [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
  1502. | [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
  1503. | [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
  1504. | [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
  1505. | [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
  1506. |
  1507. | IBM X-Force - https://exchange.xforce.ibmcloud.com:
  1508. | [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
  1509. | [84172] nginx denial of service
  1510. | [84048] nginx buffer overflow
  1511. | [83923] nginx ngx_http_close_connection() integer overflow
  1512. | [83688] nginx null byte code execution
  1513. | [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
  1514. | [82319] nginx access.log information disclosure
  1515. | [80952] nginx SSL spoofing
  1516. | [77244] nginx and Microsoft Windows request security bypass
  1517. | [76778] Naxsi module for Nginx nx_extract.py directory traversal
  1518. | [74831] nginx ngx_http_mp4_module.c buffer overflow
  1519. | [74191] nginx ngx_cpystrn() information disclosure
  1520. | [74045] nginx header response information disclosure
  1521. | [71355] nginx ngx_resolver_copy() buffer overflow
  1522. | [59370] nginx characters denial of service
  1523. | [59369] nginx DATA source code disclosure
  1524. | [59047] nginx space source code disclosure
  1525. | [58966] nginx unspecified directory traversal
  1526. | [54025] nginx ngx_http_parse.c denial of service
  1527. | [53431] nginx WebDAV component directory traversal
  1528. | [53328] Nginx CRC-32 cached domain name spoofing
  1529. | [53250] Nginx ngx_http_parse_complex_uri() function code execution
  1530. |
  1531. | Exploit-DB - https://www.exploit-db.com:
  1532. | [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
  1533. | [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
  1534. | [25499] nginx 1.3.9-1.4.0 DoS PoC
  1535. | [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
  1536. | [14830] nginx 0.6.38 - Heap Corruption Exploit
  1537. | [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
  1538. | [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
  1539. | [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
  1540. | [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
  1541. | [9829] nginx 0.7.61 WebDAV directory traversal
  1542. |
  1543. | OpenVAS (Nessus) - http://www.openvas.org:
  1544. | [864418] Fedora Update for nginx FEDORA-2012-3846
  1545. | [864310] Fedora Update for nginx FEDORA-2012-6238
  1546. | [864209] Fedora Update for nginx FEDORA-2012-6411
  1547. | [864204] Fedora Update for nginx FEDORA-2012-6371
  1548. | [864121] Fedora Update for nginx FEDORA-2012-4006
  1549. | [864115] Fedora Update for nginx FEDORA-2012-3991
  1550. | [864065] Fedora Update for nginx FEDORA-2011-16075
  1551. | [863654] Fedora Update for nginx FEDORA-2011-16110
  1552. | [861232] Fedora Update for nginx FEDORA-2007-1158
  1553. | [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
  1554. | [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
  1555. | [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
  1556. | [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
  1557. | [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
  1558. | [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
  1559. | [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
  1560. | [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
  1561. | [100659] nginx Directory Traversal Vulnerability
  1562. | [100658] nginx Space String Remote Source Code Disclosure Vulnerability
  1563. | [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
  1564. | [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
  1565. | [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
  1566. | [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
  1567. | [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
  1568. | [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
  1569. | [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
  1570. | [71297] FreeBSD Ports: nginx
  1571. | [71276] FreeBSD Ports: nginx
  1572. | [71239] Debian Security Advisory DSA 2434-1 (nginx)
  1573. | [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
  1574. | [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
  1575. | [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
  1576. | [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
  1577. | [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
  1578. | [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
  1579. | [64894] FreeBSD Ports: nginx
  1580. | [64869] Debian Security Advisory DSA 1884-1 (nginx)
  1581. |
  1582. | SecurityTracker - https://www.securitytracker.com:
  1583. | [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
  1584. | [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
  1585. | [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
  1586. | [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
  1587. |
  1588. | OSVDB - http://www.osvdb.org:
  1589. | [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
  1590. | [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
  1591. | [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
  1592. | [92796] nginx ngx_http_close_connection Function Crafted r-&gt
  1593. | [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
  1594. | [90518] nginx Log Directory Permission Weakness Local Information Disclosure
  1595. | [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
  1596. | [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
  1597. | [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
  1598. | [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
  1599. | [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
  1600. | [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
  1601. | [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
  1602. | [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
  1603. | [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
  1604. | [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
  1605. | [62617] nginx Internal DNS Cache Poisoning Weakness
  1606. | [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
  1607. | [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
  1608. | [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
  1609. | [58128] nginx ngx_http_parse_complex_uri() Function Underflow
  1610. | [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
  1611. | [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
  1612. | [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
  1613. | [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
  1614. | [44443] nginx (engine x) rtsig Method Signal Queue Overflow
  1615. | [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
  1616. #######################################################################################################################################
  1617.                                      Anonymous JTSEC #OpTurkey Full  Recon #10
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top