API tools faq
paste
Advertisement
Guest User

KLA MORE INFO

a guest
Sep 14th, 2017
2,063
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 35.55 KB | None | 0 0
raw download clone embed print report
  1.  
  2. ____
  3. _________ / _/___ ___ _____
  4. / ___/ __ \ / // __ \/ _ \/ ___/
  5. (__ ) / / // // /_/ / __/ /
  6. /____/_/ /_/___/ .___/\___/_/
  7. /_/
  8.  
  9. + -- --=[http://crowdshield.com
  10. + -- --=[sniper v2.7 by 1N3
  11.  
  12. + -- ----------------------------=[Running Nslookup]=------------------------ -- +
  13. Server: 192.168.1.254
  14. Address: 192.168.1.254#53
  15.  
  16. Non-authoritative answer:
  17. Name: www.kingslynnacademy.co.uk
  18. Address: 176.32.230.250
  19.  
  20. www.kingslynnacademy.co.uk has address 176.32.230.250
  21. + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
  22.  
  23. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  24.  
  25. [+] Target is www.kingslynnacademy.co.uk
  26. [+] Loading modules.
  27. [+] Following modules are loaded:
  28. [x] [1] ping:icmp_ping - ICMP echo discovery module
  29. [x] [2] ping:tcp_ping - TCP-based ping discovery module
  30. [x] [3] ping:udp_ping - UDP-based ping discovery module
  31. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
  32. [x] [5] infogather:portscan - TCP and UDP PortScanner
  33. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
  34. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
  35. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
  36. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
  37. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
  38. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
  39. [x] [12] fingerprint:smb - SMB fingerprinting module
  40. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
  41. [+] 13 modules registered
  42. [+] Initializing scan engine
  43. [+] Running scan engine
  44. [-] ping:tcp_ping module: no closed/open TCP ports known on 176.32.230.250. Module test failed
  45. [-] ping:udp_ping module: no closed/open UDP ports known on 176.32.230.250. Module test failed
  46. [-] No distance calculation. 176.32.230.250 appears to be dead or no ports known
  47. [+] Host: 176.32.230.250 is up (Guess probability: 50%)
  48. [+] Target: 176.32.230.250 is alive. Round-Trip Time: 0.50018 sec
  49. [+] Selected safe Round-Trip Time value is: 1.00035 sec
  50. [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
  51. [-] fingerprint:smb need either TCP port 139 or 445 to run
  52. [-] fingerprint:snmp: need UDP port 161 open
  53. [+] Primary guess:
  54. [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
  55. [+] Other guesses:
  56. [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
  57. [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
  58. [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
  59. [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
  60. [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
  61. [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
  62. [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
  63. [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
  64. [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
  65. [+] Cleaning up scan engine
  66. [+] Modules deinitialized
  67. [+] Execution completed.
  68. + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
  69.  
  70. Error for "www.kingslynnacademy.co.uk".
  71.  
  72. This domain cannot be registered because it contravenes the Nominet UK
  73. naming rules. The reason is:
  74. the domain name contains too many parts.
  75.  
  76. WHOIS lookup made at 20:11:44 14-Sep-2017
  77.  
  78. --
  79. This WHOIS information is provided for free by Nominet UK the central registry
  80. for .uk domain names. This information and the .uk WHOIS are:
  81.  
  82. Copyright Nominet UK 1996 - 2017.
  83.  
  84. You may not access the .uk WHOIS or use any data from it except as permitted
  85. by the terms of use available in full at http://www.nominet.uk/whoisterms,
  86. which includes restrictions on: (A) use of the data for advertising, or its
  87. repackaging, recompilation, redistribution or reuse (B) obscuring, removing
  88. or hiding any or all of this notice and (C) exceeding query rate or volume
  89. limits. The data is provided on an 'as-is' basis and may lag behind the
  90. register. Access may be withdrawn or restricted at any time.
  91. + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
  92.  
  93. *******************************************************************
  94. * *
  95. * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
  96. * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
  97. * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
  98. * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
  99. * *
  100. * TheHarvester Ver. 2.7 *
  101. * Coded by Christian Martorella *
  102. * Edge-Security Research *
  103. * cmartorella@edge-security.com *
  104. *******************************************************************
  105.  
  106.  
  107. [-] Searching in Bing:
  108. Searching 50 results...
  109. Searching 100 results...
  110.  
  111.  
  112. [+] Emails found:
  113. ------------------
  114. No emails found
  115.  
  116. [+] Hosts found in search engines:
  117. ------------------------------------
  118. No hosts found
  119. + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
  120.  
  121. ; <<>> DiG 9.10.3-P4-Debian <<>> -x www.kingslynnacademy.co.uk
  122. ;; global options: +cmd
  123. ;; Got answer:
  124. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32486
  125. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  126.  
  127. ;; OPT PSEUDOSECTION:
  128. ; EDNS: version: 0, flags:; udp: 512
  129. ;; QUESTION SECTION:
  130. ;uk.co.kingslynnacademy.www.in-addr.arpa. IN PTR
  131.  
  132. ;; AUTHORITY SECTION:
  133. in-addr.arpa. 600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017043116 1800 900 604800 3600
  134.  
  135. ;; Query time: 43 msec
  136. ;; SERVER: 192.168.1.254#53(192.168.1.254)
  137. ;; WHEN: Thu Sep 14 15:11:50 EDT 2017
  138. ;; MSG SIZE rcvd: 136
  139.  
  140. dnsenum.pl VERSION:1.2.3
  141.  
  142. ----- www.kingslynnacademy.co.uk -----
  143.  
  144.  
  145. Host's addresses:
  146. __________________
  147.  
  148. www.kingslynnacademy.co.uk. 585 IN A 176.32.230.250
  149.  
  150.  
  151. Wildcard detection using: sysmnqmbqszd
  152. _______________________________________
  153.  
  154. sysmnqmbqszd.www.kingslynnacademy.co.uk. 30 IN A 92.242.132.15
  155.  
  156.  
  157. !!!!!!!!!!!!!!!!!!!!!!!!!!!!
  158.  
  159. Wildcards detected, all subdomains will point to the same IP address
  160. Omitting results containing 92.242.132.15.
  161. Maybe you are using OpenDNS servers.
  162.  
  163. !!!!!!!!!!!!!!!!!!!!!!!!!!!!
  164.  
  165.  
  166. Name Servers:
  167. ______________
  168.  
  169. www.kingslynnacademy.co.uk NS record query failed: NOERROR
  170. + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
  171.  
  172. ____ _ _ _ _ _____
  173. / ___| _ _| |__ | (_)___| |_|___ / _ __
  174. \___ \| | | | '_ \| | / __| __| |_ \| '__|
  175. ___) | |_| | |_) | | \__ \ |_ ___) | |
  176. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  177.  
  178. # Coded By Ahmed Aboul-Ela - @aboul3la
  179.  
  180. [-] Enumerating subdomains now for www.kingslynnacademy.co.uk
  181. [-] verbosity is enabled, will show the subdomains results in realtime
  182. [-] Searching now in Baidu..
  183. [-] Searching now in Yahoo..
  184. [-] Searching now in Google..
  185. [-] Searching now in Bing..
  186. [-] Searching now in Ask..
  187. [-] Searching now in Netcraft..
  188. [-] Searching now in DNSdumpster..
  189. [-] Searching now in Virustotal..
  190. [-] Searching now in ThreatCrowd..
  191. [-] Searching now in SSL Certificates..
  192. [-] Searching now in PassiveDNS..
  193.  
  194. ╔═╗╦═╗╔╦╗╔═╗╦ ╦
  195. ║ ╠╦╝ ║ ╚═╗╠═╣
  196. ╚═╝╩╚═ ╩o╚═╝╩ ╩
  197. + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
  198.  
  199. [+] Domains saved to: /usr/share/sniper/loot/domains/domains-www.kingslynnacademy.co.uk-full.txt
  200.  
  201. + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
  202. + -- ----------------------------=[Checking Email Security]=----------------- -- +
  203.  
  204. + -- ----------------------------=[Pinging host]=---------------------------- -- +
  205. PING www.kingslynnacademy.co.uk (176.32.230.250) 56(84) bytes of data.
  206. 64 bytes from web250.extendcp.co.uk (176.32.230.250): icmp_seq=1 ttl=50 time=16.6 ms
  207.  
  208. --- www.kingslynnacademy.co.uk ping statistics ---
  209. 1 packets transmitted, 1 received, 0% packet loss, time 0ms
  210. rtt min/avg/max/mdev = 16.679/16.679/16.679/0.000 ms
  211.  
  212. + -- ----------------------------=[Running TCP port scan]=------------------- -- +
  213.  
  214. Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-14 15:12 EDT
  215. Nmap scan report for www.kingslynnacademy.co.uk (176.32.230.250)
  216. Host is up (0.84s latency).
  217. rDNS record for 176.32.230.250: web250.extendcp.co.uk
  218. Not shown: 33 filtered ports, 11 closed ports
  219. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  220. PORT STATE SERVICE
  221. 22/tcp open ssh
  222. 25/tcp open smtp
  223. 80/tcp open http
  224. 443/tcp open https
  225. 3306/tcp open mysql
  226.  
  227. Nmap done: 1 IP address (1 host up) scanned in 2.16 seconds
  228.  
  229. + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
  230. + -- --=[Port 21 closed... skipping.
  231. + -- --=[Port 22 opened... running tests...
  232. # general
  233. (gen) banner: SSH-2.0-OpenSSH_5.3
  234. (gen) software: OpenSSH 5.3
  235. (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
  236. (gen) compression: enabled (zlib@openssh.com)
  237.  
  238. # key exchange algorithms
  239. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
  240. `- [info] available since OpenSSH 4.4
  241. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  242. `- [warn] using weak hashing algorithm
  243. `- [info] available since OpenSSH 2.3.0
  244. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
  245. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  246. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  247. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
  248. `- [warn] using small 1024-bit modulus
  249. `- [warn] using weak hashing algorithm
  250. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  251.  
  252. # host-key algorithms
  253. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  254. (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
  255. `- [warn] using small 1024-bit modulus
  256. `- [warn] using weak random number generator could reveal the key
  257. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  258.  
  259. # encryption algorithms (ciphers)
  260. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  261. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
  262. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  263. (enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  264. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  265. `- [warn] using weak cipher
  266. `- [info] available since OpenSSH 4.2
  267. (enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  268. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  269. `- [warn] using weak cipher
  270. `- [info] available since OpenSSH 4.2
  271. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  272. `- [warn] using weak cipher mode
  273. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  274. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  275. `- [warn] using weak cipher
  276. `- [warn] using weak cipher mode
  277. `- [warn] using small 64-bit block size
  278. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  279. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  280. `- [fail] disabled since Dropbear SSH 0.53
  281. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  282. `- [warn] using weak cipher mode
  283. `- [warn] using small 64-bit block size
  284. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  285. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  286. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  287. `- [warn] using weak cipher mode
  288. `- [warn] using small 64-bit block size
  289. `- [info] available since OpenSSH 2.1.0
  290. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  291. `- [warn] using weak cipher mode
  292. `- [info] available since OpenSSH 2.3.0
  293. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  294. `- [warn] using weak cipher mode
  295. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
  296. (enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  297. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  298. `- [warn] using weak cipher
  299. `- [info] available since OpenSSH 2.1.0
  300. (enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  301. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  302. `- [warn] using weak cipher mode
  303. `- [info] available since OpenSSH 2.3.0
  304.  
  305. # message authentication code algorithms
  306. (mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  307. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  308. `- [warn] using encrypt-and-MAC mode
  309. `- [warn] using weak hashing algorithm
  310. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  311. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
  312. `- [warn] using weak hashing algorithm
  313. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  314. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
  315. `- [warn] using small 64-bit tag size
  316. `- [info] available since OpenSSH 4.7
  317. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
  318. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  319. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
  320. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  321. (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  322. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  323. `- [warn] using encrypt-and-MAC mode
  324. `- [info] available since OpenSSH 2.5.0
  325. (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  326. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  327. `- [warn] using encrypt-and-MAC mode
  328. `- [info] available since OpenSSH 2.1.0
  329. (mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  330. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  331. `- [warn] using encrypt-and-MAC mode
  332. `- [warn] using weak hashing algorithm
  333. `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
  334. (mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  335. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  336. `- [warn] using encrypt-and-MAC mode
  337. `- [warn] using weak hashing algorithm
  338. `- [info] available since OpenSSH 2.5.0
  339.  
  340. # algorithm recommendations (for OpenSSH 5.3)
  341. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
  342. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
  343. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
  344. (rec) -ssh-dss -- key algorithm to remove
  345. (rec) -arcfour -- enc algorithm to remove
  346. (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
  347. (rec) -blowfish-cbc -- enc algorithm to remove
  348. (rec) -3des-cbc -- enc algorithm to remove
  349. (rec) -aes256-cbc -- enc algorithm to remove
  350. (rec) -arcfour256 -- enc algorithm to remove
  351. (rec) -cast128-cbc -- enc algorithm to remove
  352. (rec) -aes192-cbc -- enc algorithm to remove
  353. (rec) -arcfour128 -- enc algorithm to remove
  354. (rec) -aes128-cbc -- enc algorithm to remove
  355. (rec) -hmac-md5-96 -- mac algorithm to remove
  356. (rec) -hmac-ripemd160 -- mac algorithm to remove
  357. (rec) -hmac-sha1-96 -- mac algorithm to remove
  358. (rec) -umac-64@openssh.com -- mac algorithm to remove
  359. (rec) -hmac-md5 -- mac algorithm to remove
  360. (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
  361. (rec) -hmac-sha1 -- mac algorithm to remove
  362.  
  363.  
  364. Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-14 15:12 EDT
  365. Nmap scan report for www.kingslynnacademy.co.uk (176.32.230.250)
  366. Host is up (0.013s latency).
  367. rDNS record for 176.32.230.250: web250.extendcp.co.uk
  368. PORT STATE SERVICE VERSION
  369. 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
  370. | ssh-hostkey:
  371. | 1024 ad:e8:e1:74:7c:a0:4e:d9:40:63:e2:ba:8c:3c:0d:1f (DSA)
  372. |_ 2048 b3:8d:7d:40:e3:65:ba:11:8f:62:b1:bc:5e:78:23:8d (RSA)
  373. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  374. Device type: bridge|general purpose
  375. Running (JUST GUESSING): Oracle Virtualbox (98%), QEMU (93%)
  376. OS CPE: cpe:/o:oracle:virtualbox cpe:/a:qemu:qemu
  377. Aggressive OS guesses: Oracle Virtualbox (98%), QEMU user mode network gateway (93%)
  378. No exact OS matches for host (test conditions non-ideal).
  379. Network Distance: 2 hops
  380.  
  381. TRACEROUTE (using port 22/tcp)
  382. HOP RTT ADDRESS
  383. 1 1.40 ms 10.0.2.2
  384. 2 18.69 ms web250.extendcp.co.uk (176.32.230.250)
  385.  
  386. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  387. Nmap done: 1 IP address (1 host up) scanned in 7.14 seconds
  388.  
  389.  
  390. . .
  391. .
  392.  
  393. dBBBBBBb dBBBP dBBBBBBP dBBBBBb . o
  394. ' dB' BBP
  395. dB'dB'dB' dBBP dBP dBP BB
  396. dB'dB'dB' dBP dBP dBP BB
  397. dB'dB'dB' dBBBBP dBP dBBBBBBB
  398.  
  399. dBBBBBP dBBBBBb dBP dBBBBP dBP dBBBBBBP
  400. . . dB' dBP dB'.BP
  401. | dBP dBBBB' dBP dB'.BP dBP dBP
  402. --o-- dBP dBP dBP dB'.BP dBP dBP
  403. | dBBBBP dBP dBBBBP dBBBBP dBP dBP
  404.  
  405. .
  406. .
  407. o To boldly go where no
  408. shell has gone before
  409.  
  410.  
  411. Frustrated with proxy pivoting? Upgrade to layer-2 VPN pivoting with
  412. Metasploit Pro -- learn more on http://rapid7.com/metasploit
  413.  
  414. =[ metasploit v4.14.10-dev ]
  415. + -- --=[ 1639 exploits - 944 auxiliary - 289 post ]
  416. + -- --=[ 472 payloads - 40 encoders - 9 nops ]
  417. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  418.  
  419. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
  420. RHOSTS => www.kingslynnacademy.co.uk
  421. [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
  422. RHOST => www.kingslynnacademy.co.uk
  423. [*] 176.32.230.250:22 - SSH - Checking for false positives
  424. [*] 176.32.230.250:22 - SSH - Starting scan
  425. [-] 176.32.230.250:22 - SSH - User 'admin' not found
  426. [-] 176.32.230.250:22 - SSH - User 'administrator' not found
  427. [-] 176.32.230.250:22 - SSH - User 'anonymous' not found
  428. [-] 176.32.230.250:22 - SSH - User 'backup' not found
  429. [-] 176.32.230.250:22 - SSH - User 'bee' not found
  430. [-] 176.32.230.250:22 - SSH - User 'ftp' not found
  431. [-] 176.32.230.250:22 - SSH - User 'guest' not found
  432. [-] 176.32.230.250:22 - SSH - User 'GUEST' not found
  433. [-] 176.32.230.250:22 - SSH - User 'info' not found
  434. [-] 176.32.230.250:22 - SSH - User 'mail' not found
  435. [-] 176.32.230.250:22 - SSH - User 'mailadmin' not found
  436. [-] 176.32.230.250:22 - SSH - User 'msfadmin' not found
  437. [-] 176.32.230.250:22 - SSH - User 'mysql' not found
  438. [-] 176.32.230.250:22 - SSH - User 'nobody' not found
  439. [-] 176.32.230.250:22 - SSH - User 'oracle' not found
  440. [-] 176.32.230.250:22 - SSH - User 'owaspbwa' not found
  441. [-] 176.32.230.250:22 - SSH - User 'postfix' not found
  442. [-] 176.32.230.250:22 - SSH - User 'postgres' not found
  443. [+] 176.32.230.250:22 - SSH - User 'private' found
  444. [-] 176.32.230.250:22 - SSH - User 'proftpd' not found
  445. [-] 176.32.230.250:22 - SSH - User 'public' not found
  446. [-] 176.32.230.250:22 - SSH - User 'root' not found
  447. [-] 176.32.230.250:22 - SSH - User 'superadmin' not found
  448. [-] 176.32.230.250:22 - SSH - User 'support' not found
  449. [-] 176.32.230.250:22 - SSH - User 'sys' not found
  450. [-] 176.32.230.250:22 - SSH - User 'system' not found
  451. [-] 176.32.230.250:22 - SSH - User 'systemadmin' not found
  452. [-] 176.32.230.250:22 - SSH - User 'systemadministrator' not found
  453. [-] 176.32.230.250:22 - SSH - User 'test' not found
  454. [-] 176.32.230.250:22 - SSH - User 'tomcat' not found
  455. [+] 176.32.230.250:22 - SSH - User 'user' found
  456. [+] 176.32.230.250:22 - SSH - User 'webmaster' found
  457. [-] 176.32.230.250:22 - SSH - User 'www-data' not found
  458. [+] 176.32.230.250:22 - SSH - User 'Fortimanager_Access' found
  459. [*] Scanned 1 of 1 hosts (100% complete)
  460. [*] Auxiliary module execution completed
  461. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: KEY_FILE.
  462. [*] 176.32.230.250:22 - SSH server version: SSH-2.0-OpenSSH_5.3 ( service.version=5.3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.protocol=ssh fingerprint_db=ssh.banner )
  463. [*] www.kingslynnacademy.co.uk:22 - Scanned 1 of 1 hosts (100% complete)
  464. [*] Auxiliary module execution completed
  465. + -- --=[Port 23 closed... skipping.
  466. + -- --=[Port 25 opened... running tests...
  467.  
  468. Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-14 15:14 EDT
  469. Nmap scan report for www.kingslynnacademy.co.uk (176.32.230.250)
  470. Host is up (0.057s latency).
  471. rDNS record for 176.32.230.250: web250.extendcp.co.uk
  472. PORT STATE SERVICE VERSION
  473. 25/tcp open smtp Exim smtpd 4.87
  474. |_smtp-commands: SMTP EHLO www.kingslynnacademy.co.uk: failed to receive data: connection closed
  475. | smtp-enum-users:
  476. |_ SMTP EHLO www.kingslynnacademy.co.uk: failed to receive data: connection closed
  477. |_smtp-open-relay: SMTP EHLO nmap.scanme.org: failed to receive data: connection closed
  478. | smtp-vuln-cve2010-4344:
  479. |_ The SMTP server is not Exim: NOT VULNERABLE
  480. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  481. Device type: bridge|general purpose
  482. Running (JUST GUESSING): Oracle Virtualbox (98%), QEMU (93%)
  483. OS CPE: cpe:/o:oracle:virtualbox cpe:/a:qemu:qemu
  484. Aggressive OS guesses: Oracle Virtualbox (98%), QEMU user mode network gateway (93%)
  485. No exact OS matches for host (test conditions non-ideal).
  486. Network Distance: 2 hops
  487. Service Info: Host: sharedlb6.extendcp.co.uk
  488.  
  489. TRACEROUTE (using port 25/tcp)
  490. HOP RTT ADDRESS
  491. 1 0.42 ms 10.0.2.2
  492. 2 106.32 ms web250.extendcp.co.uk (176.32.230.250)
  493.  
  494. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  495. Nmap done: 1 IP address (1 host up) scanned in 11.25 seconds
  496. Starting smtp-user-enum v1.2 ( http://pentestmonkey.net/tools/smtp-user-enum )
  497.  
  498. ----------------------------------------------------------
  499. | Scan Information |
  500. ----------------------------------------------------------
  501.  
  502. Mode ..................... VRFY
  503. Worker Processes ......... 5
  504. Usernames file ........... /usr/share/brutex/wordlists/simple-users.txt
  505. Target count ............. 1
  506. Username count ........... 34
  507. Target TCP port .......... 25
  508. Query timeout ............ 5 secs
  509. Target domain ............
  510.  
  511. ######## Scan started at Thu Sep 14 15:14:51 2017 #########
  512. ######## Scan completed at Thu Sep 14 15:14:51 2017 #########
  513. 0 results.
  514.  
  515. 34 queries in 1 seconds (34.0 queries / sec)
  516.  
  517.  
  518. Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
  519. EFLAGS: 00010046
  520. eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
  521. esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
  522. ds: 0018 es: 0018 ss: 0018
  523. Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
  524.  
  525.  
  526. Stack: 90909090990909090990909090
  527. 90909090990909090990909090
  528. 90909090.90909090.90909090
  529. 90909090.90909090.90909090
  530. 90909090.90909090.09090900
  531. 90909090.90909090.09090900
  532. ..........................
  533. cccccccccccccccccccccccccc
  534. cccccccccccccccccccccccccc
  535. ccccccccc.................
  536. cccccccccccccccccccccccccc
  537. cccccccccccccccccccccccccc
  538. .................ccccccccc
  539. cccccccccccccccccccccccccc
  540. cccccccccccccccccccccccccc
  541. ..........................
  542. ffffffffffffffffffffffffff
  543. ffffffff..................
  544. ffffffffffffffffffffffffff
  545. ffffffff..................
  546. ffffffff..................
  547. ffffffff..................
  548.  
  549.  
  550. Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
  551. Aiee, Killing Interrupt handler
  552. Kernel panic: Attempted to kill the idle task!
  553. In swapper task - not syncing
  554.  
  555.  
  556. Easy phishing: Set up email templates, landing pages and listeners
  557. in Metasploit Pro -- learn more on http://rapid7.com/metasploit
  558.  
  559. =[ metasploit v4.14.10-dev ]
  560. + -- --=[ 1639 exploits - 944 auxiliary - 289 post ]
  561. + -- --=[ 472 payloads - 40 encoders - 9 nops ]
  562. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  563.  
  564. RHOSTS => www.kingslynnacademy.co.uk
  565. [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
  566. RHOST => www.kingslynnacademy.co.uk
  567. [*] 176.32.230.250:25 - 176.32.230.250:25 Banner: 220 sharedlb6.extendcp.co.uk ESMTP Exim 4.87 Thu, 14 Sep 2017 20:15:31 +0100
  568. [*] 176.32.230.250:25 - 176.32.230.250:25 could not be enumerated (no EXPN, no VRFY, invalid RCPT)
  569. [*] www.kingslynnacademy.co.uk:25 - Scanned 1 of 1 hosts (100% complete)
  570. [*] Auxiliary module execution completed
  571. + -- --=[Port 53 closed... skipping.
  572. + -- --=[Port 79 closed... skipping.
  573. + -- --=[Port 80 opened... running tests...
  574. + -- ----------------------------=[Checking for WAF]=------------------------ -- +
  575.  
  576. ^ ^
  577. _ __ _ ____ _ __ _ _ ____
  578. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  579. | V V // o // _/ | V V // 0 // 0 // _/
  580. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  581. <
  582. ...'
  583.  
  584. WAFW00F - Web Application Firewall Detection Tool
  585.  
  586. By Sandro Gauci && Wendel G. Henrique
  587.  
  588. Checking http://www.kingslynnacademy.co.uk
  589. Generic Detection results:
  590. No WAF detected by the generic detection
  591. Number of requests: 13
  592.  
  593. + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
  594. http://www.kingslynnacademy.co.uk [301 Moved Permanently] Apache[2.4.27], Country[UNITED KINGDOM][GB], HTTPServer[Unix][Apache/2.4.27 (Unix)], IP[176.32.230.250], PHP[5.6.31], RedirectLocation[http://kingslynnacademy.co.uk/], X-Powered-By[PHP/5.6.31]
  595. http://kingslynnacademy.co.uk/ [200 OK] Apache[2.4.27], Cookies[PHPSESSID], Country[UNITED KINGDOM][GB], HTML5, HTTPServer[Unix][Apache/2.4.27 (Unix)], IP[176.32.230.250], JQuery[1.12.4], MetaGenerator[WordPress 4.8.1], Open-Graph-Protocol[website], PHP[5.6.31], Script[application/ld+json,text/javascript], Title[Welcome to King&#039;s Lynn Academy | King&#039;s Lynn Academy], UncommonHeaders[link], WordPress[4.8.1], X-Powered-By[PHP/5.6.31]
  596.  
  597. __ ______ _____
  598. \ \/ / ___|_ _|
  599. \ /\___ \ | |
  600. / \ ___) || |
  601. /_/\_|____/ |_|
  602.  
  603. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  604. + -- --=[Target: www.kingslynnacademy.co.uk:80
  605. + -- --=[Site not vulnerable to Cross-Site Tracing!
  606. + -- --=[Site not vulnerable to Host Header Injection!
  607. + -- --=[Site vulnerable to Cross-Frame Scripting!
  608. + -- --=[Site vulnerable to Clickjacking!
  609.  
  610. HTTP/1.1 400 Bad Request
  611. Date: Thu, 14 Sep 2017 19:15:54 GMT
  612. Server: Apache/2.4.27 (Unix)
  613. Content-Length: 315
  614. Content-Type: text/html; charset=iso-8859-1
  615.  
  616. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  617. <html><head>
  618. <title>400 Bad Request</title>
  619. </head><body>
  620. <h1>Bad Request</h1>
  621. <p>Your browser sent a request that this server could not understand.<br />
  622. </p>
  623. <hr>
  624. <address>Apache/2.4.27 (Unix) Server at mv0.web250.extendcp.co.uk Port 80</address>
  625. </body></html>
  626.  
  627. HTTP/1.1 400 Bad Request
  628. Date: Thu, 14 Sep 2017 19:15:54 GMT
  629. Server: Apache/2.4.27 (Unix)
  630. Content-Length: 315
  631. Content-Type: text/html; charset=iso-8859-1
  632.  
  633. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  634. <html><head>
  635. <title>400 Bad Request</title>
  636. </head><body>
  637. <h1>Bad Request</h1>
  638. <p>Your browser sent a request that this server could not understand.<br />
  639. </p>
  640. <hr>
  641. <address>Apache/2.4.27 (Unix) Server at mv0.web250.extendcp.co.uk Port 80</address>
  642. </body></html>
  643.  
  644.  
  645.  
  646.  
  647. + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
  648. + -- --=[Checking if X-Content options are enabled on www.kingslynnacademy.co.uk...
  649.  
  650. + -- --=[Checking if X-Frame options are enabled on www.kingslynnacademy.co.uk...
  651.  
  652. + -- --=[Checking if X-XSS-Protection header is enabled on www.kingslynnacademy.co.uk...
  653.  
  654. + -- --=[Checking HTTP methods on www.kingslynnacademy.co.uk...
  655.  
  656. + -- --=[Checking if TRACE method is enabled on www.kingslynnacademy.co.uk...
  657.  
  658. + -- --=[Checking for META tags on www.kingslynnacademy.co.uk...
  659.  
  660. + -- --=[Checking for open proxy on www.kingslynnacademy.co.uk...
  661. <h1 align='center'>This page has been reserved for future use</h1>
  662. + -- --=[Enumerating software on www.kingslynnacademy.co.uk...
  663. Server: Apache/2.4.27 (Unix)
  664. X-Powered-By: PHP/5.6.31
  665.  
  666. + -- --=[Checking if Strict-Transport-Security is enabled on www.kingslynnacademy.co.uk...
  667.  
  668. + -- --=[Checking for Flash cross-domain policy on www.kingslynnacademy.co.uk...
  669.  
  670. + -- --=[Checking for Silverlight cross-domain policy on www.kingslynnacademy.co.uk...
  671.  
  672. + -- --=[Checking for HTML5 cross-origin resource sharing on www.kingslynnacademy.co.uk...
  673.  
  674. + -- --=[Retrieving robots.txt on www.kingslynnacademy.co.uk...
  675. User-agent: *
  676. Crawl-delay: 2
  677.  
  678. + -- --=[Retrieving sitemap.xml on www.kingslynnacademy.co.uk...
  679.  
  680. + -- --=[Checking cookie attributes on www.kingslynnacademy.co.uk...
  681.  
  682. + -- --=[Checking for ASP.NET Detailed Errors on www.kingslynnacademy.co.uk...
  683. var fm_objectL10n = {"plugin_url":"http:\/\/kingslynnacademy.co.uk\/wp-content\/plugins\/form-maker","fm_file_type_error":"Can not upload this type of file","fm_field_is_required":"Field is required","fm_min_max_check_1":"The ","fm_min_max_check_2":" value must be between ","fm_spinner_check":"Value must be between "};
  684. <body class="error404 group-blog unknown">
  685. <section class="error-404 not-found">
  686. <!-- .error-404 --></section>
  687.  
  688.  
  689. + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
  690. - Nikto v2.1.6
  691. ---------------------------------------------------------------------------
  692. + Target IP: 176.32.230.250
  693. + Target Hostname: www.kingslynnacademy.co.uk
  694. + Target Port: 80
  695. + Start Time: 2017-09-14 15:16:08 (GMT-4)
  696. ---------------------------------------------------------------------------
  697. + Server: Apache/2.4.27 (Unix)
  698. + Retrieved x-powered-by header: PHP/5.6.31
  699. + The anti-clickjacking X-Frame-Options header is not present.
  700. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  701. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  702. + Root page / redirects to: http://kingslynnacademy.co.uk/
  703. + Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x1d 0x54b2670bf9f00
  704. + Server banner has changed from 'Apache/2.4.27 (Unix)' to 'Apache/2.2.24 (Red Hat)' which may suggest a WAF, load balancer or proxy is in place
  705. + Cookie PHPSESSID created without the httponly flag
  706. + Uncommon header 'link' found, with contents: <http://kingslynnacademy.co.uk/wp-json/>; rel="https://api.w.org/"
  707. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  708. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!