Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ____
- _________ / _/___ ___ _____
- / ___/ __ \ / // __ \/ _ \/ ___/
- (__ ) / / // // /_/ / __/ /
- /____/_/ /_/___/ .___/\___/_/
- /_/
- + -- --=[http://crowdshield.com
- + -- --=[sniper v2.7 by 1N3
- + -- ----------------------------=[Running Nslookup]=------------------------ -- +
- Server: 192.168.1.254
- Address: 192.168.1.254#53
- Non-authoritative answer:
- Name: www.kingslynnacademy.co.uk
- Address: 176.32.230.250
- www.kingslynnacademy.co.uk has address 176.32.230.250
- + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
- Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
- [+] Target is www.kingslynnacademy.co.uk
- [+] Loading modules.
- [+] Following modules are loaded:
- [x] [1] ping:icmp_ping - ICMP echo discovery module
- [x] [2] ping:tcp_ping - TCP-based ping discovery module
- [x] [3] ping:udp_ping - UDP-based ping discovery module
- [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
- [x] [5] infogather:portscan - TCP and UDP PortScanner
- [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
- [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
- [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
- [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
- [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
- [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
- [x] [12] fingerprint:smb - SMB fingerprinting module
- [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
- [+] 13 modules registered
- [+] Initializing scan engine
- [+] Running scan engine
- [-] ping:tcp_ping module: no closed/open TCP ports known on 176.32.230.250. Module test failed
- [-] ping:udp_ping module: no closed/open UDP ports known on 176.32.230.250. Module test failed
- [-] No distance calculation. 176.32.230.250 appears to be dead or no ports known
- [+] Host: 176.32.230.250 is up (Guess probability: 50%)
- [+] Target: 176.32.230.250 is alive. Round-Trip Time: 0.50018 sec
- [+] Selected safe Round-Trip Time value is: 1.00035 sec
- [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
- [-] fingerprint:smb need either TCP port 139 or 445 to run
- [-] fingerprint:snmp: need UDP port 161 open
- [+] Primary guess:
- [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
- [+] Other guesses:
- [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
- [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
- [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
- [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
- [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
- [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
- [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
- [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
- [+] Host 176.32.230.250 Running OS: (Guess probability: 100%)
- [+] Cleaning up scan engine
- [+] Modules deinitialized
- [+] Execution completed.
- + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
- Error for "www.kingslynnacademy.co.uk".
- This domain cannot be registered because it contravenes the Nominet UK
- naming rules. The reason is:
- the domain name contains too many parts.
- WHOIS lookup made at 20:11:44 14-Sep-2017
- --
- This WHOIS information is provided for free by Nominet UK the central registry
- for .uk domain names. This information and the .uk WHOIS are:
- Copyright Nominet UK 1996 - 2017.
- You may not access the .uk WHOIS or use any data from it except as permitted
- by the terms of use available in full at http://www.nominet.uk/whoisterms,
- which includes restrictions on: (A) use of the data for advertising, or its
- repackaging, recompilation, redistribution or reuse (B) obscuring, removing
- or hiding any or all of this notice and (C) exceeding query rate or volume
- limits. The data is provided on an 'as-is' basis and may lag behind the
- register. Access may be withdrawn or restricted at any time.
- + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
- *******************************************************************
- * *
- * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
- * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
- * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
- * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
- * *
- * TheHarvester Ver. 2.7 *
- * Coded by Christian Martorella *
- * Edge-Security Research *
- * cmartorella@edge-security.com *
- *******************************************************************
- [-] Searching in Bing:
- Searching 50 results...
- Searching 100 results...
- [+] Emails found:
- ------------------
- No emails found
- [+] Hosts found in search engines:
- ------------------------------------
- No hosts found
- + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
- ; <<>> DiG 9.10.3-P4-Debian <<>> -x www.kingslynnacademy.co.uk
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32486
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 512
- ;; QUESTION SECTION:
- ;uk.co.kingslynnacademy.www.in-addr.arpa. IN PTR
- ;; AUTHORITY SECTION:
- in-addr.arpa. 600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017043116 1800 900 604800 3600
- ;; Query time: 43 msec
- ;; SERVER: 192.168.1.254#53(192.168.1.254)
- ;; WHEN: Thu Sep 14 15:11:50 EDT 2017
- ;; MSG SIZE rcvd: 136
- dnsenum.pl VERSION:1.2.3
- ----- www.kingslynnacademy.co.uk -----
- Host's addresses:
- __________________
- www.kingslynnacademy.co.uk. 585 IN A 176.32.230.250
- Wildcard detection using: sysmnqmbqszd
- _______________________________________
- sysmnqmbqszd.www.kingslynnacademy.co.uk. 30 IN A 92.242.132.15
- !!!!!!!!!!!!!!!!!!!!!!!!!!!!
- Wildcards detected, all subdomains will point to the same IP address
- Omitting results containing 92.242.132.15.
- Maybe you are using OpenDNS servers.
- !!!!!!!!!!!!!!!!!!!!!!!!!!!!
- Name Servers:
- ______________
- www.kingslynnacademy.co.uk NS record query failed: NOERROR
- + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
- ____ _ _ _ _ _____
- / ___| _ _| |__ | (_)___| |_|___ / _ __
- \___ \| | | | '_ \| | / __| __| |_ \| '__|
- ___) | |_| | |_) | | \__ \ |_ ___) | |
- |____/ \__,_|_.__/|_|_|___/\__|____/|_|
- # Coded By Ahmed Aboul-Ela - @aboul3la
- [-] Enumerating subdomains now for www.kingslynnacademy.co.uk
- [-] verbosity is enabled, will show the subdomains results in realtime
- [-] Searching now in Baidu..
- [-] Searching now in Yahoo..
- [-] Searching now in Google..
- [-] Searching now in Bing..
- [-] Searching now in Ask..
- [-] Searching now in Netcraft..
- [-] Searching now in DNSdumpster..
- [-] Searching now in Virustotal..
- [-] Searching now in ThreatCrowd..
- [-] Searching now in SSL Certificates..
- [-] Searching now in PassiveDNS..
- ╔═╗╦═╗╔╦╗╔═╗╦ ╦
- ║ ╠╦╝ ║ ╚═╗╠═╣
- ╚═╝╩╚═ ╩o╚═╝╩ ╩
- + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +
- [+] Domains saved to: /usr/share/sniper/loot/domains/domains-www.kingslynnacademy.co.uk-full.txt
- + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
- + -- ----------------------------=[Checking Email Security]=----------------- -- +
- + -- ----------------------------=[Pinging host]=---------------------------- -- +
- PING www.kingslynnacademy.co.uk (176.32.230.250) 56(84) bytes of data.
- 64 bytes from web250.extendcp.co.uk (176.32.230.250): icmp_seq=1 ttl=50 time=16.6 ms
- --- www.kingslynnacademy.co.uk ping statistics ---
- 1 packets transmitted, 1 received, 0% packet loss, time 0ms
- rtt min/avg/max/mdev = 16.679/16.679/16.679/0.000 ms
- + -- ----------------------------=[Running TCP port scan]=------------------- -- +
- Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-14 15:12 EDT
- Nmap scan report for www.kingslynnacademy.co.uk (176.32.230.250)
- Host is up (0.84s latency).
- rDNS record for 176.32.230.250: web250.extendcp.co.uk
- Not shown: 33 filtered ports, 11 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 22/tcp open ssh
- 25/tcp open smtp
- 80/tcp open http
- 443/tcp open https
- 3306/tcp open mysql
- Nmap done: 1 IP address (1 host up) scanned in 2.16 seconds
- + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
- + -- --=[Port 21 closed... skipping.
- + -- --=[Port 22 opened... running tests...
- # general
- (gen) banner: SSH-2.0-OpenSSH_5.3
- (gen) software: OpenSSH 5.3
- (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
- (gen) compression: enabled (zlib@openssh.com)
- # key exchange algorithms
- (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
- `- [info] available since OpenSSH 4.4
- (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.3.0
- (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
- (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
- `- [warn] using small 1024-bit modulus
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
- # host-key algorithms
- (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
- (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
- `- [warn] using small 1024-bit modulus
- `- [warn] using weak random number generator could reveal the key
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- # encryption algorithms (ciphers)
- (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) aes192-ctr -- [info] available since OpenSSH 3.7
- (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher
- `- [info] available since OpenSSH 4.2
- (enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher
- `- [info] available since OpenSSH 4.2
- (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
- (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher
- `- [warn] using weak cipher mode
- `- [warn] using small 64-bit block size
- `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
- (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [fail] disabled since Dropbear SSH 0.53
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher mode
- `- [warn] using small 64-bit block size
- `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
- (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher mode
- `- [warn] using small 64-bit block size
- `- [info] available since OpenSSH 2.1.0
- (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0
- (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
- (enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher
- `- [info] available since OpenSSH 2.1.0
- (enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using weak cipher mode
- `- [info] available since OpenSSH 2.3.0
- # message authentication code algorithms
- (mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
- `- [warn] using small 64-bit tag size
- `- [info] available since OpenSSH 4.7
- (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 2.5.0
- (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 2.1.0
- (mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
- (mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [warn] using weak hashing algorithm
- `- [info] available since OpenSSH 2.5.0
- # algorithm recommendations (for OpenSSH 5.3)
- (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
- (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
- (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
- (rec) -ssh-dss -- key algorithm to remove
- (rec) -arcfour -- enc algorithm to remove
- (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
- (rec) -blowfish-cbc -- enc algorithm to remove
- (rec) -3des-cbc -- enc algorithm to remove
- (rec) -aes256-cbc -- enc algorithm to remove
- (rec) -arcfour256 -- enc algorithm to remove
- (rec) -cast128-cbc -- enc algorithm to remove
- (rec) -aes192-cbc -- enc algorithm to remove
- (rec) -arcfour128 -- enc algorithm to remove
- (rec) -aes128-cbc -- enc algorithm to remove
- (rec) -hmac-md5-96 -- mac algorithm to remove
- (rec) -hmac-ripemd160 -- mac algorithm to remove
- (rec) -hmac-sha1-96 -- mac algorithm to remove
- (rec) -umac-64@openssh.com -- mac algorithm to remove
- (rec) -hmac-md5 -- mac algorithm to remove
- (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
- (rec) -hmac-sha1 -- mac algorithm to remove
- Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-14 15:12 EDT
- Nmap scan report for www.kingslynnacademy.co.uk (176.32.230.250)
- Host is up (0.013s latency).
- rDNS record for 176.32.230.250: web250.extendcp.co.uk
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
- | ssh-hostkey:
- | 1024 ad:e8:e1:74:7c:a0:4e:d9:40:63:e2:ba:8c:3c:0d:1f (DSA)
- |_ 2048 b3:8d:7d:40:e3:65:ba:11:8f:62:b1:bc:5e:78:23:8d (RSA)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: bridge|general purpose
- Running (JUST GUESSING): Oracle Virtualbox (98%), QEMU (93%)
- OS CPE: cpe:/o:oracle:virtualbox cpe:/a:qemu:qemu
- Aggressive OS guesses: Oracle Virtualbox (98%), QEMU user mode network gateway (93%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 2 hops
- TRACEROUTE (using port 22/tcp)
- HOP RTT ADDRESS
- 1 1.40 ms 10.0.2.2
- 2 18.69 ms web250.extendcp.co.uk (176.32.230.250)
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 7.14 seconds
- . .
- .
- dBBBBBBb dBBBP dBBBBBBP dBBBBBb . o
- ' dB' BBP
- dB'dB'dB' dBBP dBP dBP BB
- dB'dB'dB' dBP dBP dBP BB
- dB'dB'dB' dBBBBP dBP dBBBBBBB
- dBBBBBP dBBBBBb dBP dBBBBP dBP dBBBBBBP
- . . dB' dBP dB'.BP
- | dBP dBBBB' dBP dB'.BP dBP dBP
- --o-- dBP dBP dBP dB'.BP dBP dBP
- | dBBBBP dBP dBBBBP dBBBBP dBP dBP
- .
- .
- o To boldly go where no
- shell has gone before
- Frustrated with proxy pivoting? Upgrade to layer-2 VPN pivoting with
- Metasploit Pro -- learn more on http://rapid7.com/metasploit
- =[ metasploit v4.14.10-dev ]
- + -- --=[ 1639 exploits - 944 auxiliary - 289 post ]
- + -- --=[ 472 payloads - 40 encoders - 9 nops ]
- + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
- USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
- RHOSTS => www.kingslynnacademy.co.uk
- [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
- RHOST => www.kingslynnacademy.co.uk
- [*] 176.32.230.250:22 - SSH - Checking for false positives
- [*] 176.32.230.250:22 - SSH - Starting scan
- [-] 176.32.230.250:22 - SSH - User 'admin' not found
- [-] 176.32.230.250:22 - SSH - User 'administrator' not found
- [-] 176.32.230.250:22 - SSH - User 'anonymous' not found
- [-] 176.32.230.250:22 - SSH - User 'backup' not found
- [-] 176.32.230.250:22 - SSH - User 'bee' not found
- [-] 176.32.230.250:22 - SSH - User 'ftp' not found
- [-] 176.32.230.250:22 - SSH - User 'guest' not found
- [-] 176.32.230.250:22 - SSH - User 'GUEST' not found
- [-] 176.32.230.250:22 - SSH - User 'info' not found
- [-] 176.32.230.250:22 - SSH - User 'mail' not found
- [-] 176.32.230.250:22 - SSH - User 'mailadmin' not found
- [-] 176.32.230.250:22 - SSH - User 'msfadmin' not found
- [-] 176.32.230.250:22 - SSH - User 'mysql' not found
- [-] 176.32.230.250:22 - SSH - User 'nobody' not found
- [-] 176.32.230.250:22 - SSH - User 'oracle' not found
- [-] 176.32.230.250:22 - SSH - User 'owaspbwa' not found
- [-] 176.32.230.250:22 - SSH - User 'postfix' not found
- [-] 176.32.230.250:22 - SSH - User 'postgres' not found
- [+] 176.32.230.250:22 - SSH - User 'private' found
- [-] 176.32.230.250:22 - SSH - User 'proftpd' not found
- [-] 176.32.230.250:22 - SSH - User 'public' not found
- [-] 176.32.230.250:22 - SSH - User 'root' not found
- [-] 176.32.230.250:22 - SSH - User 'superadmin' not found
- [-] 176.32.230.250:22 - SSH - User 'support' not found
- [-] 176.32.230.250:22 - SSH - User 'sys' not found
- [-] 176.32.230.250:22 - SSH - User 'system' not found
- [-] 176.32.230.250:22 - SSH - User 'systemadmin' not found
- [-] 176.32.230.250:22 - SSH - User 'systemadministrator' not found
- [-] 176.32.230.250:22 - SSH - User 'test' not found
- [-] 176.32.230.250:22 - SSH - User 'tomcat' not found
- [+] 176.32.230.250:22 - SSH - User 'user' found
- [+] 176.32.230.250:22 - SSH - User 'webmaster' found
- [-] 176.32.230.250:22 - SSH - User 'www-data' not found
- [+] 176.32.230.250:22 - SSH - User 'Fortimanager_Access' found
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: KEY_FILE.
- [*] 176.32.230.250:22 - SSH server version: SSH-2.0-OpenSSH_5.3 ( service.version=5.3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.protocol=ssh fingerprint_db=ssh.banner )
- [*] www.kingslynnacademy.co.uk:22 - Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- + -- --=[Port 23 closed... skipping.
- + -- --=[Port 25 opened... running tests...
- Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-14 15:14 EDT
- Nmap scan report for www.kingslynnacademy.co.uk (176.32.230.250)
- Host is up (0.057s latency).
- rDNS record for 176.32.230.250: web250.extendcp.co.uk
- PORT STATE SERVICE VERSION
- 25/tcp open smtp Exim smtpd 4.87
- |_smtp-commands: SMTP EHLO www.kingslynnacademy.co.uk: failed to receive data: connection closed
- | smtp-enum-users:
- |_ SMTP EHLO www.kingslynnacademy.co.uk: failed to receive data: connection closed
- |_smtp-open-relay: SMTP EHLO nmap.scanme.org: failed to receive data: connection closed
- | smtp-vuln-cve2010-4344:
- |_ The SMTP server is not Exim: NOT VULNERABLE
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: bridge|general purpose
- Running (JUST GUESSING): Oracle Virtualbox (98%), QEMU (93%)
- OS CPE: cpe:/o:oracle:virtualbox cpe:/a:qemu:qemu
- Aggressive OS guesses: Oracle Virtualbox (98%), QEMU user mode network gateway (93%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 2 hops
- Service Info: Host: sharedlb6.extendcp.co.uk
- TRACEROUTE (using port 25/tcp)
- HOP RTT ADDRESS
- 1 0.42 ms 10.0.2.2
- 2 106.32 ms web250.extendcp.co.uk (176.32.230.250)
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 11.25 seconds
- Starting smtp-user-enum v1.2 ( http://pentestmonkey.net/tools/smtp-user-enum )
- ----------------------------------------------------------
- | Scan Information |
- ----------------------------------------------------------
- Mode ..................... VRFY
- Worker Processes ......... 5
- Usernames file ........... /usr/share/brutex/wordlists/simple-users.txt
- Target count ............. 1
- Username count ........... 34
- Target TCP port .......... 25
- Query timeout ............ 5 secs
- Target domain ............
- ######## Scan started at Thu Sep 14 15:14:51 2017 #########
- ######## Scan completed at Thu Sep 14 15:14:51 2017 #########
- 0 results.
- 34 queries in 1 seconds (34.0 queries / sec)
- Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
- EFLAGS: 00010046
- eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
- esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
- ds: 0018 es: 0018 ss: 0018
- Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
- Stack: 90909090990909090990909090
- 90909090990909090990909090
- 90909090.90909090.90909090
- 90909090.90909090.90909090
- 90909090.90909090.09090900
- 90909090.90909090.09090900
- ..........................
- cccccccccccccccccccccccccc
- cccccccccccccccccccccccccc
- ccccccccc.................
- cccccccccccccccccccccccccc
- cccccccccccccccccccccccccc
- .................ccccccccc
- cccccccccccccccccccccccccc
- cccccccccccccccccccccccccc
- ..........................
- ffffffffffffffffffffffffff
- ffffffff..................
- ffffffffffffffffffffffffff
- ffffffff..................
- ffffffff..................
- ffffffff..................
- Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
- Aiee, Killing Interrupt handler
- Kernel panic: Attempted to kill the idle task!
- In swapper task - not syncing
- Easy phishing: Set up email templates, landing pages and listeners
- in Metasploit Pro -- learn more on http://rapid7.com/metasploit
- =[ metasploit v4.14.10-dev ]
- + -- --=[ 1639 exploits - 944 auxiliary - 289 post ]
- + -- --=[ 472 payloads - 40 encoders - 9 nops ]
- + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
- RHOSTS => www.kingslynnacademy.co.uk
- [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
- RHOST => www.kingslynnacademy.co.uk
- [*] 176.32.230.250:25 - 176.32.230.250:25 Banner: 220 sharedlb6.extendcp.co.uk ESMTP Exim 4.87 Thu, 14 Sep 2017 20:15:31 +0100
- [*] 176.32.230.250:25 - 176.32.230.250:25 could not be enumerated (no EXPN, no VRFY, invalid RCPT)
- [*] www.kingslynnacademy.co.uk:25 - Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- + -- --=[Port 53 closed... skipping.
- + -- --=[Port 79 closed... skipping.
- + -- --=[Port 80 opened... running tests...
- + -- ----------------------------=[Checking for WAF]=------------------------ -- +
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://www.kingslynnacademy.co.uk
- Generic Detection results:
- No WAF detected by the generic detection
- Number of requests: 13
- + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
- http://www.kingslynnacademy.co.uk [301 Moved Permanently] Apache[2.4.27], Country[UNITED KINGDOM][GB], HTTPServer[Unix][Apache/2.4.27 (Unix)], IP[176.32.230.250], PHP[5.6.31], RedirectLocation[http://kingslynnacademy.co.uk/], X-Powered-By[PHP/5.6.31]
- http://kingslynnacademy.co.uk/ [200 OK] Apache[2.4.27], Cookies[PHPSESSID], Country[UNITED KINGDOM][GB], HTML5, HTTPServer[Unix][Apache/2.4.27 (Unix)], IP[176.32.230.250], JQuery[1.12.4], MetaGenerator[WordPress 4.8.1], Open-Graph-Protocol[website], PHP[5.6.31], Script[application/ld+json,text/javascript], Title[Welcome to King's Lynn Academy | King's Lynn Academy], UncommonHeaders[link], WordPress[4.8.1], X-Powered-By[PHP/5.6.31]
- __ ______ _____
- \ \/ / ___|_ _|
- \ /\___ \ | |
- / \ ___) || |
- /_/\_|____/ |_|
- + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
- + -- --=[Target: www.kingslynnacademy.co.uk:80
- + -- --=[Site not vulnerable to Cross-Site Tracing!
- + -- --=[Site not vulnerable to Host Header Injection!
- + -- --=[Site vulnerable to Cross-Frame Scripting!
- + -- --=[Site vulnerable to Clickjacking!
- HTTP/1.1 400 Bad Request
- Date: Thu, 14 Sep 2017 19:15:54 GMT
- Server: Apache/2.4.27 (Unix)
- Content-Length: 315
- Content-Type: text/html; charset=iso-8859-1
- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
- <html><head>
- <title>400 Bad Request</title>
- </head><body>
- <h1>Bad Request</h1>
- <p>Your browser sent a request that this server could not understand.<br />
- </p>
- <hr>
- <address>Apache/2.4.27 (Unix) Server at mv0.web250.extendcp.co.uk Port 80</address>
- </body></html>
- HTTP/1.1 400 Bad Request
- Date: Thu, 14 Sep 2017 19:15:54 GMT
- Server: Apache/2.4.27 (Unix)
- Content-Length: 315
- Content-Type: text/html; charset=iso-8859-1
- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
- <html><head>
- <title>400 Bad Request</title>
- </head><body>
- <h1>Bad Request</h1>
- <p>Your browser sent a request that this server could not understand.<br />
- </p>
- <hr>
- <address>Apache/2.4.27 (Unix) Server at mv0.web250.extendcp.co.uk Port 80</address>
- </body></html>
- + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
- + -- --=[Checking if X-Content options are enabled on www.kingslynnacademy.co.uk...
- + -- --=[Checking if X-Frame options are enabled on www.kingslynnacademy.co.uk...
- + -- --=[Checking if X-XSS-Protection header is enabled on www.kingslynnacademy.co.uk...
- + -- --=[Checking HTTP methods on www.kingslynnacademy.co.uk...
- + -- --=[Checking if TRACE method is enabled on www.kingslynnacademy.co.uk...
- + -- --=[Checking for META tags on www.kingslynnacademy.co.uk...
- + -- --=[Checking for open proxy on www.kingslynnacademy.co.uk...
- <h1 align='center'>This page has been reserved for future use</h1>
- + -- --=[Enumerating software on www.kingslynnacademy.co.uk...
- Server: Apache/2.4.27 (Unix)
- X-Powered-By: PHP/5.6.31
- + -- --=[Checking if Strict-Transport-Security is enabled on www.kingslynnacademy.co.uk...
- + -- --=[Checking for Flash cross-domain policy on www.kingslynnacademy.co.uk...
- + -- --=[Checking for Silverlight cross-domain policy on www.kingslynnacademy.co.uk...
- + -- --=[Checking for HTML5 cross-origin resource sharing on www.kingslynnacademy.co.uk...
- + -- --=[Retrieving robots.txt on www.kingslynnacademy.co.uk...
- User-agent: *
- Crawl-delay: 2
- + -- --=[Retrieving sitemap.xml on www.kingslynnacademy.co.uk...
- + -- --=[Checking cookie attributes on www.kingslynnacademy.co.uk...
- + -- --=[Checking for ASP.NET Detailed Errors on www.kingslynnacademy.co.uk...
- var fm_objectL10n = {"plugin_url":"http:\/\/kingslynnacademy.co.uk\/wp-content\/plugins\/form-maker","fm_file_type_error":"Can not upload this type of file","fm_field_is_required":"Field is required","fm_min_max_check_1":"The ","fm_min_max_check_2":" value must be between ","fm_spinner_check":"Value must be between "};
- <body class="error404 group-blog unknown">
- <section class="error-404 not-found">
- <!-- .error-404 --></section>
- + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + Target IP: 176.32.230.250
- + Target Hostname: www.kingslynnacademy.co.uk
- + Target Port: 80
- + Start Time: 2017-09-14 15:16:08 (GMT-4)
- ---------------------------------------------------------------------------
- + Server: Apache/2.4.27 (Unix)
- + Retrieved x-powered-by header: PHP/5.6.31
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Root page / redirects to: http://kingslynnacademy.co.uk/
- + Server leaks inodes via ETags, header found with file /robots.txt, fields: 0x1d 0x54b2670bf9f00
- + Server banner has changed from 'Apache/2.4.27 (Unix)' to 'Apache/2.2.24 (Red Hat)' which may suggest a WAF, load balancer or proxy is in place
- + Cookie PHPSESSID created without the httponly flag
- + Uncommon header 'link' found, with contents: <http://kingslynnacademy.co.uk/wp-json/>; rel="https://api.w.org/"
- + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
- + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement