API tools faq
paste
Advertisement
Guest User

Anonymous #OpNicaragua JTSEC Full Recon #7

a guest
Jun 23rd, 2018
1,308
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.03 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. Hostname conicyt.gob.ni ISP EQUIPOS Y SISTEMAS S.A.
  3. Continent North America Flag
  4. NI
  5. Country Nicaragua Country Code NI
  6. Region Departamento de Managua Local time 23 Jun 2018 10:08 CST
  7. City Managua Postal Code Unknown
  8. IP Address 186.1.31.40 Latitude 12.151
  9. Longitude -86.268
  10. #######################################################################################################################################
  11. HostIP:186.1.31.40
  12. HostName:conicyt.gob.ni
  13.  
  14. Gathered Inet-whois information for 186.1.31.40
  15. ---------------------------------------------------------------------------------------------------------------------------------------
  16.  
  17.  
  18. inetnum: 186.0.0.0 - 186.255.255.255
  19. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  20. descr: IPv4 address block not managed by the RIPE NCC
  21. remarks: ------------------------------------------------------
  22. remarks:
  23. remarks: You can find the whois server to query, or the
  24. remarks: IANA registry to query on this web page:
  25. remarks: http://www.iana.org/assignments/ipv4-address-space
  26. remarks:
  27. remarks: You can access databases of other RIRs at:
  28. remarks:
  29. remarks: AFRINIC (Africa)
  30. remarks: http://www.afrinic.net/ whois.afrinic.net
  31. remarks:
  32. remarks: APNIC (Asia Pacific)
  33. remarks: http://www.apnic.net/ whois.apnic.net
  34. remarks:
  35. remarks: ARIN (Northern America)
  36. remarks: http://www.arin.net/ whois.arin.net
  37. remarks:
  38. remarks: LACNIC (Latin America and the Carribean)
  39. remarks: http://www.lacnic.net/ whois.lacnic.net
  40. remarks:
  41. remarks: IANA IPV4 Recovered Address Space
  42. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
  43. remarks:
  44. remarks: ------------------------------------------------------
  45. country: EU # Country is really world wide
  46. admin-c: IANA1-RIPE
  47. tech-c: IANA1-RIPE
  48. status: ALLOCATED UNSPECIFIED
  49. mnt-by: RIPE-NCC-HM-MNT
  50. mnt-lower: RIPE-NCC-HM-MNT
  51. mnt-routes: RIPE-NCC-RPSL-MNT
  52. created: 2014-11-07T14:15:06Z
  53. last-modified: 2015-10-29T15:14:39Z
  54. source: RIPE
  55.  
  56. role: Internet Assigned Numbers Authority
  57. address: see http://www.iana.org.
  58. admin-c: IANA1-RIPE
  59. tech-c: IANA1-RIPE
  60. nic-hdl: IANA1-RIPE
  61. remarks: For more information on IANA services
  62. remarks: go to IANA web site at http://www.iana.org.
  63. mnt-by: RIPE-NCC-MNT
  64. created: 1970-01-01T00:00:00Z
  65. last-modified: 2001-09-22T09:31:27Z
  66. source: RIPE # Filtered
  67.  
  68. % This query was served by the RIPE Database Query Service version 1.91.2 (ANGUS)
  69.  
  70.  
  71.  
  72. Gathered Inic-whois information for conicyt.gob.ni
  73. ---------------------------------------------------------------------------------------------------------------------------------------
  74. Error: Unable to connect - Invalid Host
  75. ERROR: Connection to InicWhois Server ni.whois-servers.net failed
  76. close error
  77.  
  78. Gathered Netcraft information for conicyt.gob.ni
  79. ---------------------------------------------------------------------------------------------------------------------------------------
  80.  
  81. Retrieving Netcraft.com information for conicyt.gob.ni
  82. Netcraft.com Information gathered
  83.  
  84. Gathered Subdomain information for conicyt.gob.ni
  85. ---------------------------------------------------------------------------------------------------------------------------------------
  86. Searching Google.com:80...
  87. Searching Altavista.com:80...
  88. Found 0 possible subdomain(s) for host conicyt.gob.ni, Searched 0 pages containing 0 results
  89.  
  90. Gathered E-Mail information for conicyt.gob.ni
  91. ---------------------------------------------------------------------------------------------------------------------------------------
  92. Searching Google.com:80...
  93. Searching Altavista.com:80...
  94. Found 0 E-Mail(s) for host conicyt.gob.ni, Searched 0 pages containing 0 results
  95.  
  96. Gathered TCP Port information for 186.1.31.40
  97. ---------------------------------------------------------------------------------------------------------------------------------------
  98.  
  99. Port State
  100.  
  101.  
  102. Portscan Finished: Scanned 150 ports, 0 ports were in state closed
  103.  
  104.  
  105. #######################################################################################################################################
  106. [i] Scanning Site: http://conicyt.gob.ni
  107.  
  108.  
  109.  
  110. B A S I C I N F O
  111. =======================================================================================================================================
  112.  
  113.  
  114. [+] Site Title:
  115. [+] IP address: 186.1.31.40
  116. [+] Web Server: nginx
  117. [+] CMS: WordPress
  118. [+] Cloudflare: Not Detected
  119. [+] Robots File: Found
  120.  
  121. -------------[ contents ]----------------
  122. User-agent: *
  123.  
  124. Disallow: /feed/
  125. Disallow: /trackback/
  126. Disallow: /wp-admin/
  127. Disallow: /wp-content/
  128. Disallow: /wp-includes/
  129. Disallow: /xmlrpc.php
  130. Disallow: /wp-
  131. -----------[end of contents]-------------
  132.  
  133.  
  134.  
  135. G E O I P L O O K U P
  136. =======================================================================================================================================
  137.  
  138. [i] IP Address: 186.1.31.40
  139. [i] Country: NI
  140. [i] State: Managua
  141. [i] City: Managua
  142. [i] Latitude: 12.150800
  143. [i] Longitude: -86.268303
  144.  
  145.  
  146.  
  147.  
  148. H T T P H E A D E R S
  149. =======================================================================================================================================
  150.  
  151.  
  152. [i] HTTP/1.1 200 OK
  153. [i] Server: nginx
  154. [i] Date: Sat, 23 Jun 2018 16:12:24 GMT
  155. [i] Content-Type: text/html; charset=UTF-8
  156. [i] Connection: close
  157. [i] Vary: Accept-Encoding
  158. [i] Link: <http://conicyt.gob.ni/index.php/wp-json/>; rel="https://api.w.org/", <http://conicyt.gob.ni/>; rel=shortlink
  159. [i] X-TEC-API-VERSION: v1
  160. [i] X-TEC-API-ROOT: http://conicyt.gob.ni/index.php/wp-json/tribe/events/v1/
  161. [i] X-TEC-API-ORIGIN: http://conicyt.gob.ni
  162. [i] X-Frame-Options: SAMEORIGIN
  163. [i] Strict-Transport-Security: max-age=63072000; includeSubdomains;
  164. [i] X-XSS-Protection: 1; mode=block
  165. [i] X-Content-Type-Options: nosniff
  166. [i] Referrer-Policy: no-referrer-when-downgrade
  167. [i] X-Powered-By: PleskLin
  168.  
  169.  
  170.  
  171.  
  172. D N S L O O K U P
  173. =======================================================================================================================================
  174.  
  175. ;; Truncated, retrying in TCP mode.
  176. conicyt.gob.ni. 86400 IN MX 0 mail1.ideay.net.ni.
  177. conicyt.gob.ni. 86400 IN MX 10 corporativo.ideay.net.ni.
  178. conicyt.gob.ni. 86400 IN TXT "v=spf1 mx a ip4:186.1.31.37/32 ip4:186.1.31.34/32 a:corporativo.ideay.net.ni -all"
  179. conicyt.gob.ni. 86400 IN NS ns.ideay.com.ni.
  180. conicyt.gob.ni. 86400 IN NS ns.ideay.net.ni.
  181. conicyt.gob.ni. 86400 IN A 186.1.31.40
  182. conicyt.gob.ni. 86400 IN SOA ns.ideay.net.ni. soporte.conicyt.gob.ni. 2018010901 3600 1200 604800 7200
  183.  
  184.  
  185.  
  186.  
  187. S U B N E T C A L C U L A T I O N
  188. =======================================================================================================================================
  189.  
  190. Address = 186.1.31.40
  191. Network = 186.1.31.40 / 32
  192. Netmask = 255.255.255.255
  193. Broadcast = not needed on Point-to-Point links
  194. Wildcard Mask = 0.0.0.0
  195. Hosts Bits = 0
  196. Max. Hosts = 1 (2^0 - 0)
  197. Host Range = { 186.1.31.40 - 186.1.31.40 }
  198.  
  199.  
  200.  
  201. N M A P P O R T S C A N
  202. =======================================================================================================================================
  203.  
  204.  
  205. Starting Nmap 7.01 ( https://nmap.org ) at 2018-06-23 16:12 UTC
  206. Nmap scan report for conicyt.gob.ni (186.1.31.40)
  207. Host is up (0.065s latency).
  208. rDNS record for 186.1.31.40: webplesk.ideay.net.ni
  209. PORT STATE SERVICE VERSION
  210. 21/tcp open ftp ProFTPD
  211. 22/tcp filtered ssh
  212. 23/tcp filtered telnet
  213. 80/tcp open http nginx
  214. 110/tcp filtered pop3
  215. 143/tcp filtered imap
  216. 443/tcp open ssl/http nginx
  217. 3389/tcp filtered ms-wbt-server
  218.  
  219. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  220. Nmap done: 1 IP address (1 host up) scanned in 18.87 seconds
  221. #######################################################################################################################################
  222. [?] Enter the target: http://conicyt.gob.ni/
  223. [!] IP Address : 186.1.31.40
  224. [!] conicyt.gob.ni doesn't seem to use a CMS
  225. ---------------------------------------------------------------------------------------------------------------------------------------
  226. [~] Trying to gather whois information for conicyt.gob.ni
  227. [+] Whois information found
  228. [-] Unable to build response, visit https://who.is/whois/conicyt.gob.ni
  229. ---------------------------------------------------------------------------------------------------------------------------------------
  230. PORT STATE SERVICE VERSION
  231. 21/tcp open ftp ProFTPD
  232. 22/tcp filtered ssh
  233. 23/tcp filtered telnet
  234. 80/tcp open http nginx
  235. 110/tcp filtered pop3
  236. 143/tcp filtered imap
  237. 443/tcp open ssl/http nginx
  238. 3389/tcp filtered ms-wbt-server
  239. ---------------------------------------------------------------------------------------------------------------------------------------
  240.  
  241. [+] DNS Records
  242. ns.ideay.com.ni. (186.1.31.2) AS18840 EQUIPOS Y SISTEMAS S.A. Nicaragua
  243. ns.ideay.net.ni. (200.9.190.130) Nicaragua Nicaragua
  244.  
  245. [+] MX Records
  246. 0 (186.1.31.37) AS18840 EQUIPOS Y SISTEMAS S.A. Nicaragua
  247.  
  248. [+] MX Records
  249. 10 (186.1.31.34) AS18840 EQUIPOS Y SISTEMAS S.A. Nicaragua
  250.  
  251. [+] Host Records (A)
  252. www.conicyt.gob.niHTTP: (186.1.31.40) AS18840 EQUIPOS Y SISTEMAS S.A. Nicaragua
  253.  
  254. [+] TXT Records
  255. "v=spf1 mx a ip4:186.1.31.37/32 ip4:186.1.31.34/32 a:corporativo.ideay.net.ni -all"
  256.  
  257. [+] DNS Map: https://dnsdumpster.com/static/map/conicyt.gob.ni.png
  258.  
  259. [>] Initiating 3 intel modules
  260. [>] Loading Alpha module (1/3)
  261. [>] Beta module deployed (2/3)
  262. [>] Gamma module initiated (3/3)
  263.  
  264.  
  265. [+] Emails found:
  266. ---------------------------------------------------------------------------------------------------------------------------------------
  267. Guadalupe.Martinez@conicyt.gob.ni
  268. Guadalupe.martinez@conicyt.gob.ni
  269. Lopez@conicyt.gob.ni
  270. Martinez@conicyt.gob.ni
  271. ciencia.educacion@conicyt.gob.ni
  272. conicyt@conicyt.gob.ni
  273. elsa.lopez@conicyt.gob.ni
  274. empresarial@conicyt.gob.ni
  275. guadalupe.martinez@conicyt.gob.ni
  276. helen.sobalvarro@conicyt.gob.ni
  277. n@conicyt.gob.ni
  278. nez@conicyt.gob.ni
  279. nicolas.osorno@conicyt.gob.ni
  280. pixel-1529770487162805-web-@conicyt.gob.ni
  281. premioinnovacion@conicyt.gob.ni
  282. rene.lucio@conicyt.gob.ni
  283. saray.gaitan@conicyt.gob.ni
  284. trayectoriacientifica@conicyt.gob.ni
  285.  
  286. [+] Hosts found in search engines:
  287. ---------------------------------------------------------------------------------------------------------------------------------------
  288. [-] Resolving hostnames IPs...
  289. 186.1.31.40:www.conicyt.gob.ni
  290. [+] Virtual hosts:
  291. ---------------------------------------------------------------------------------------------------------------------------------------
  292. 186.1.31.40 www.agricorp.com.ni
  293. 186.1.31.40 agronovanic.com
  294. 186.1.31.40 www.nicadrive.com
  295. 186.1.31.40 www.drycleanusa.com.ni
  296. 186.1.31.40 www.provalores.com.ni
  297. 186.1.31.40 www.hotelhex.com.ni
  298. 186.1.31.40 www.payless.com.ni
  299. 186.1.31.40 www.fundacionvictoria.org.ni
  300. 186.1.31.40 www.sierrasdepaz.com.ni
  301. 186.1.31.40 www.contesa.com.ni
  302. 186.1.31.40 prefanicsa.com.ni
  303. 186.1.31.40 www.factoring.com.ni
  304. 186.1.31.40 www.haima.com.ni
  305. 186.1.31.40 lacayofiallos.com
  306. 186.1.31.40 www.tenerialafuente.com.ni
  307. 186.1.31.40 www.sinter.com.ni
  308. 186.1.31.40 www.centaurologistic.com.ni
  309. 186.1.31.40 www.systec.com.ni
  310. 186.1.31.40 conicyt.gob.ni
  311. 186.1.31.40 artemar.com.ni
  312. 186.1.31.40 megaimpresiones.com.ni
  313. 186.1.31.40 ccsn.org.ni
  314. 186.1.31.40 www.nicasalud.org.ni
  315. 186.1.31.40 www.ana.gob.ni
  316. 186.1.31.40 agroalfa.com.ni
  317. 186.1.31.40 oei.org.ni
  318. 186.1.31.40 www.congresoualn.cnu.edu.ni
  319. 186.1.31.40 www.montessori.edu.ni
  320. 186.1.31.40 eminsa.com.ni
  321. 186.1.31.40 viiceanicaragua2015.gob.ni
  322. 186.1.31.40 www.anifoda.org.ni
  323. 186.1.31.40 medco.com.ni
  324. 186.1.31.40 abaco.com.ni
  325. 186.1.31.40 www.abaco.com.ni
  326. 186.1.31.40 www.agroalfa.com.ni
  327. 186.1.31.40 www.elreal.com.ni
  328. 186.1.31.40 ana.gob.ni
  329. #######################################################################################################################################
  330. Server: 10.211.254.254
  331. Address: 10.211.254.254#53
  332.  
  333. Non-authoritative answer:
  334. Name: conicyt.gob.ni
  335. Address: 186.1.31.40
  336.  
  337. conicyt.gob.ni has address 186.1.31.40
  338. conicyt.gob.ni mail is handled by 10 corporativo.ideay.net.ni.
  339. conicyt.gob.ni mail is handled by 0 mail1.ideay.net.ni.
  340. #######################################################################################################################################
  341. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  342.  
  343. [+] Target is conicyt.gob.ni
  344. [+] Loading modules.
  345. [+] Following modules are loaded:
  346. [x] [1] ping:icmp_ping - ICMP echo discovery module
  347. [x] [2] ping:tcp_ping - TCP-based ping discovery module
  348. [x] [3] ping:udp_ping - UDP-based ping discovery module
  349. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
  350. [x] [5] infogather:portscan - TCP and UDP PortScanner
  351. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
  352. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
  353. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
  354. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
  355. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
  356. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
  357. [x] [12] fingerprint:smb - SMB fingerprinting module
  358. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
  359. [+] 13 modules registered
  360. [+] Initializing scan engine
  361. [+] Running scan engine
  362. [-] ping:tcp_ping module: no closed/open TCP ports known on 186.1.31.40. Module test failed
  363. [-] ping:udp_ping module: no closed/open UDP ports known on 186.1.31.40. Module test failed
  364. [-] No distance calculation. 186.1.31.40 appears to be dead or no ports known
  365. [+] Host: 186.1.31.40 is down (Guess probability: 0%)
  366. [+] Cleaning up scan engine
  367. [+] Modules deinitialized
  368. [+] Execution completed.
  369. #######################################################################################################################################
  370. ; <<>> DiG 9.11.3-2-Debian <<>> -x conicyt.gob.ni
  371. ;; global options: +cmd
  372. ;; Got answer:
  373. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16663
  374. ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  375.  
  376. ;; OPT PSEUDOSECTION:
  377. ; EDNS: version: 0, flags:; udp: 1280
  378. ;; QUESTION SECTION:
  379. ;ni.gob.conicyt.in-addr.arpa. IN PTR
  380.  
  381. ;; AUTHORITY SECTION:
  382. in-addr.arpa. 1332 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2018013435 1800 900 604800 3600
  383.  
  384. ;; Query time: 231 msec
  385. ;; SERVER: 10.211.254.254#53(10.211.254.254)
  386. ;; WHEN: Sat Jun 23 12:49:40 EDT 2018
  387. ;; MSG SIZE rcvd: 124
  388.  
  389. dnsenum VERSION:1.2.4
  390.  
  391. ----- conicyt.gob.ni -----
  392.  
  393.  
  394. Host's addresses:
  395. __________________
  396.  
  397. conicyt.gob.ni. 83828 IN A 186.1.31.40
  398.  
  399.  
  400. Name Servers:
  401. ______________
  402.  
  403. ns.ideay.com.ni. 84132 IN A 186.1.31.2
  404. ns.ideay.net.ni. 900 IN A 186.1.31.8
  405.  
  406.  
  407. Mail (MX) Servers:
  408. ___________________
  409.  
  410. corporativo.ideay.net.ni. 900 IN A 186.1.31.34
  411. mail1.ideay.net.ni. 900 IN A 186.1.31.37
  412.  
  413.  
  414. Trying Zone Transfers and getting Bind Versions:
  415. _________________________________________________
  416.  
  417.  
  418. Trying Zone Transfer for conicyt.gob.ni on ns.ideay.com.ni ...
  419.  
  420. Trying Zone Transfer for conicyt.gob.ni on ns.ideay.net.ni ...
  421.  
  422. brute force file not specified, bay.
  423. #######################################################################################################################################
  424. [-] Enumerating subdomains now for conicyt.gob.ni
  425. [-] verbosity is enabled, will show the subdomains results in realtime
  426. [-] Searching now in Baidu..
  427. [-] Searching now in Yahoo..
  428. [-] Searching now in Google..
  429. [-] Searching now in Bing..
  430. [-] Searching now in Ask..
  431. [-] Searching now in Netcraft..
  432. [-] Searching now in DNSdumpster..
  433. [-] Searching now in Virustotal..
  434. [-] Searching now in ThreatCrowd..
  435. [-] Searching now in SSL Certificates..
  436. [-] Searching now in PassiveDNS..
  437. Virustotal: www.conicyt.gob.ni
  438. DNSdumpster: www.conicyt.gob.ni
  439. [-] Saving results to file: /usr/share/sniper/loot/conicyt.gob.ni/domains/domains-conicyt.gob.ni.txt
  440. [-] Total Unique Subdomains Found: 1
  441. www.conicyt.gob.ni
  442. #######################################################################################################################################
  443. ____ _____ ___ ______ _/ /_____ ____ ___
  444. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  445. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  446. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  447. /_/ discover v0.5.0 - by @michenriksen
  448.  
  449. Identifying nameservers for conicyt.gob.ni... Done
  450. Using nameservers:
  451.  
  452. - 186.1.31.2
  453. - 186.1.31.8
  454.  
  455. Checking for wildcard DNS... Done
  456.  
  457. Running collector: PassiveTotal... Skipped
  458. -> Key 'passivetotal_key' has not been set
  459. Running collector: Certificate Search... Done (0 hosts)
  460. Running collector: DNSDB... Done (2 hosts)
  461. Running collector: Riddler... Skipped
  462. -> Key 'riddler_username' has not been set
  463. Running collector: Threat Crowd... Done (0 hosts)
  464. Running collector: Dictionary... Done (27 hosts)
  465. Running collector: PTRArchive... Error
  466. -> PTRArchive returned unexpected response code: 404
  467. Running collector: Wayback Machine... Done (2 hosts)
  468. Running collector: Censys... Skipped
  469. -> Key 'censys_secret' has not been set
  470. Running collector: PublicWWW... Done (0 hosts)
  471. Running collector: HackerTarget... Done (1 host)
  472. Running collector: Google Transparency Report... Done (0 hosts)
  473. Running collector: VirusTotal... Skipped
  474. -> Key 'virustotal' has not been set
  475. Running collector: Shodan... Skipped
  476. -> Key 'shodan' has not been set
  477. Running collector: Netcraft... Done (0 hosts)
  478.  
  479. Resolving 30 unique hosts...
  480. 186.1.31.40 .conicyt.gob.ni
  481. 186.1.31.40 conicyt.gob.ni
  482. 186.1.31.37 mail.conicyt.gob.ni
  483. 186.1.31.40 www.conicyt.gob.ni
  484.  
  485. Found subnets:
  486.  
  487. - 186.1.31.0-255 : 4 hosts
  488.  
  489. Wrote 4 hosts to:
  490.  
  491. - file:///root/aquatone/conicyt.gob.ni/hosts.txt
  492. - file:///root/aquatone/conicyt.gob.ni/hosts.json
  493. __
  494. ____ _____ ___ ______ _/ /_____ ____ ___
  495. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  496. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  497. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  498. /_/ takeover v0.5.0 - by @michenriksen
  499.  
  500. Loaded 4 hosts from /root/aquatone/conicyt.gob.ni/hosts.json
  501. Loaded 25 domain takeover detectors
  502.  
  503. Identifying nameservers for conicyt.gob.ni... Done
  504. Using nameservers:
  505.  
  506. - 186.1.31.8
  507. - 186.1.31.2
  508.  
  509. Checking hosts for domain takeover vulnerabilities...
  510.  
  511. Finished checking hosts:
  512.  
  513. - Vulnerable : 0
  514. - Not Vulnerable : 4
  515.  
  516. Wrote 0 potential subdomain takeovers to:
  517.  
  518. - file:///root/aquatone/conicyt.gob.ni/takeovers.json
  519.  
  520. __
  521. ____ _____ ___ ______ _/ /_____ ____ ___
  522. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  523. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  524. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  525. /_/ scan v0.5.0 - by @michenriksen
  526.  
  527. Loaded 4 hosts from /root/aquatone/conicyt.gob.ni/hosts.json
  528.  
  529. Probing 4 ports...
  530.  
  531. Wrote open ports to file:///root/aquatone/conicyt.gob.ni/open_ports.txt
  532. Wrote URLs to file:///root/aquatone/conicyt.gob.ni/urls.txt
  533. __
  534. ____ _____ ___ ______ _/ /_____ ____ ___
  535. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  536. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  537. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  538. /_/ gather v0.5.0 - by @michenriksen
  539.  
  540. ---------------------------------------------------------------------------------------------------------------------------------------
  541.  
  542. Total hosts: 3
  543.  
  544. [-] Resolving hostnames IPs...
  545.  
  546. 253Dwww.conicyt.gob.ni : empty
  547. www.conicyt.gob.ni : 186.1.31.40
  548.  
  549. [+] Virtual hosts:
  550. ---------------------------------------------------------------------------------------------------------------------------------------
  551. #######################################################################################################################################
  552. Starting Nmap 7.70 ( https://nmap.org ) at 2018-06-23 12:55 EDT
  553. Nmap scan report for conicyt.gob.ni (186.1.31.40)
  554. Host is up.
  555. rDNS record for 186.1.31.40: webplesk.ideay.net.ni
  556.  
  557. PORT STATE SERVICE
  558. 53/udp open|filtered domain
  559. 67/udp open|filtered dhcps
  560. 68/udp open|filtered dhcpc
  561. 69/udp open|filtered tftp
  562. 88/udp open|filtered kerberos-sec
  563. 123/udp open|filtered ntp
  564. 137/udp open|filtered netbios-ns
  565. 138/udp open|filtered netbios-dgm
  566. 139/udp open|filtered netbios-ssn
  567. 161/udp open|filtered snmp
  568. 162/udp open|filtered snmptrap
  569. 389/udp open|filtered ldap
  570. 520/udp open|filtered route
  571. 2049/udp open|filtered nfs
  572.  
  573. #######################################################################################################################################
  574. I, [2018-06-23T12:55:15.831237 #7451] INFO -- : Initiating port scan
  575. I, [2018-06-23T12:55:19.383236 #7451] INFO -- : Using nmap scan output file logs/nmap_output_2018-06-23_12-55-15.xml
  576. #######################################################################################################################################
  577. [*] Performing General Enumeration of Domain: conicyt.gob.ni
  578. [-] DNSSEC is not configured for conicyt.gob.ni
  579. [*] SOA ns.ideay.net.ni 186.1.31.8
  580. [*] NS ns.ideay.com.ni 186.1.31.2
  581. [*] Bind Version for 186.1.31.2 Equipos y Sistemas - ns.ideay.com.ni
  582. [*] NS ns.ideay.net.ni 186.1.31.8
  583. [*] Bind Version for 186.1.31.8 Equipos y Sistemas - ns.ideay.net.ni
  584. [*] MX corporativo.ideay.net.ni 186.1.31.34
  585. [*] MX mail1.ideay.net.ni 186.1.31.37
  586. [*] A conicyt.gob.ni 186.1.31.40
  587. [*] TXT conicyt.gob.ni v=spf1 mx a ip4:186.1.31.37/32 ip4:186.1.31.34/32 a:corporativo.ideay.net.ni -all
  588. [*] Enumerating SRV Records
  589. [-] No SRV Records Found for conicyt.gob.ni
  590. [+] 0 Records Found
  591. #######################################################################################################################################
  592. *] Processing domain conicyt.gob.ni
  593. [+] Getting nameservers
  594. 186.1.31.2 - ns.ideay.com.ni
  595. 186.1.31.8 - ns.ideay.net.ni
  596. [-] Zone transfer failed
  597. [+] TXT records found
  598. "v=spf1 mx a ip4:186.1.31.37/32 ip4:186.1.31.34/32 a:corporativo.ideay.net.ni -all"
  599. [+] MX records found, added to target list
  600. 10 corporativo.ideay.net.ni.
  601. 0 mail1.ideay.net.ni.
  602. [*] Scanning conicyt.gob.ni for A records
  603. 186.1.31.40 - conicyt.gob.ni
  604. 186.1.31.37 - mail.conicyt.gob.ni
  605. 186.1.31.36 - pop3.conicyt.gob.ni
  606. 186.1.31.40 - www.conicyt.gob.ni
  607. #######################################################################################################################################
  608. Starting Nmap 7.01 ( https://nmap.org ) at 2018-06-23 16:27 UTC
  609. Nmap scan report for conicyt.gob.ni (186.1.31.40)
  610. Host is up (0.065s latency).
  611. rDNS record for 186.1.31.40: webplesk.ideay.net.ni
  612. PORT STATE SERVICE VERSION
  613. 21/tcp open ftp ProFTPD
  614. 22/tcp filtered ssh
  615. 23/tcp filtered telnet
  616. 80/tcp open http nginx
  617. 110/tcp filtered pop3
  618. 143/tcp filtered imap
  619. 443/tcp open ssl/http nginx
  620. 3389/tcp filtered ms-wbt-server
  621. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  622. Nmap done: 1 IP address (1 host up) scanned in 16.28 seconds
  623. #######################################################################################################################################
  624. Start: Sat Jun 23 16:30:25 2018
  625. HOST: whatweb Loss% Snt Last Avg Best Wrst StDev
  626. 1.|-- 45.55.64.254 0.0% 3 0.3 0.5 0.3 0.7 0.0
  627. 2.|-- 138.197.251.22 0.0% 3 2.9 1.4 0.3 2.9 1.0
  628. 3.|-- nyk-b3-link.telia.net 0.0% 3 1.5 1.2 1.0 1.5 0.0
  629. 4.|-- nyk-bb3-link.telia.net 0.0% 3 34.1 34.1 34.1 34.2 0.0
  630. 5.|-- ash-bb3-link.telia.net 0.0% 3 7.8 7.8 7.8 7.9 0.0
  631. 6.|-- mai-b3-link.telia.net 0.0% 3 33.6 33.6 33.6 33.6 0.0
  632. 7.|-- asurnet-ic-323721-mai-b2.c.telia.net 0.0% 3 35.8 38.1 35.8 42.7 3.9
  633. 8.|-- 63.245.107.49 0.0% 3 38.1 38.2 38.1 38.3 0.0
  634. 9.|-- 63.245.74.33 0.0% 3 37.7 37.7 37.7 37.8 0.0
  635. 10.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  636. #######################################################################################################################################
  637. Anonymous #OpNicaragua JTSEC Full Recon #7
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!