Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- =======================================================================================================================================
- Hostname www.inae.gob.ec ISP CORPORACION NACIONAL DE TELECOMUNICACIONES - CNT EP
- Continent South America Flag
- EC
- Country Ecuador Country Code EC
- Region Unknown Local time 29 Apr 2019 06:53 -05
- City Unknown Postal Code Unknown
- IP Address 190.214.11.74 Latitude -2
- Longitude -77.5
- =======================================================================================================================================
- #######################################################################################################################################
- > www.inae.gob.ec
- Server: 38.132.106.139
- Address: 38.132.106.139#53
- Non-authoritative answer:
- Name: www.inae.gob.ec
- Address: 190.214.11.74
- >
- #######################################################################################################################################
- HostIP:190.214.11.74
- HostName:www.inae.gob.ec
- Gathered Inet-whois information for 190.214.11.74
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 189.0.0.0 - 192.5.27.255
- netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
- descr: IPv4 address block not managed by the RIPE NCC
- remarks: ------------------------------------------------------
- remarks:
- remarks: For registration information,
- remarks: you can consult the following sources:
- remarks:
- remarks: IANA
- remarks: http://www.iana.org/assignments/ipv4-address-space
- remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
- remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
- remarks:
- remarks: AFRINIC (Africa)
- remarks: http://www.afrinic.net/ whois.afrinic.net
- remarks:
- remarks: APNIC (Asia Pacific)
- remarks: http://www.apnic.net/ whois.apnic.net
- remarks:
- remarks: ARIN (Northern America)
- remarks: http://www.arin.net/ whois.arin.net
- remarks:
- remarks: LACNIC (Latin America and the Carribean)
- remarks: http://www.lacnic.net/ whois.lacnic.net
- remarks:
- remarks: ------------------------------------------------------
- country: EU # Country is really world wide
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- status: ALLOCATED UNSPECIFIED
- mnt-by: RIPE-NCC-HM-MNT
- created: 2019-01-07T10:49:25Z
- last-modified: 2019-01-07T10:49:25Z
- source: RIPE
- role: Internet Assigned Numbers Authority
- address: see http://www.iana.org.
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- nic-hdl: IANA1-RIPE
- remarks: For more information on IANA services
- remarks: go to IANA web site at http://www.iana.org.
- mnt-by: RIPE-NCC-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2001-09-22T09:31:27Z
- source: RIPE # Filtered
- % This query was served by the RIPE Database Query Service version 1.93.2 (HEREFORD)
- Gathered Inic-whois information for inae.gob.ec
- ---------------------------------------------------------------------------------------------------------------------------------------
- Unable to connect: Socket Connect Error
- ERROR: Connection to InicWhois Server ec.whois-servers.net failed
- Gathered Netcraft information for www.inae.gob.ec
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for www.inae.gob.ec
- Netcraft.com Information gathered
- Gathered Subdomain information for inae.gob.ec
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- HostName:www.inae.gob.ec
- HostIP:190.214.11.74
- Searching Altavista.com:80...
- Found 1 possible subdomain(s) for host inae.gob.ec, Searched 0 pages containing 0 results
- Gathered E-Mail information for inae.gob.ec
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host inae.gob.ec, Searched 0 pages containing 0 results
- Gathered TCP Port information for 190.214.11.74
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 80/tcp open
- Portscan Finished: Scanned 150 ports, 2 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: http://www.inae.gob.ec
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: Instituto Antártico Ecuatoriano – INAE
- [+] IP address: 190.214.11.74
- [+] Web Server: Could Not Detect
- [+] CMS: WordPress
- [+] Cloudflare: Not Detected
- [+] Robots File: Could NOT Find robots.txt!
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Date: Mon, 29 Apr 2019 12:48:37 GMT
- [i] X-Powered-By: PHP/5.4.16
- [i] X-UA-Compatible: IE=edge
- [i] Link: <http://www.inae.gob.ec/index.php/wp-json/>; rel="https://api.w.org/"
- [i] Link: <https://wp.me/P7hq3p-6>; rel=shortlink
- [i] Content-Type: text/html; charset=UTF-8
- [i] Connection: close
- D N S L O O K U P
- =======================================================================================================================================
- inae.gob.ec. 7199 IN SOA root.andinanet.net. hostmaster.andinanet.net. 2018092401 14400 3600 604800 3600
- inae.gob.ec. 7199 IN NS pichincha.andinanet.net.
- inae.gob.ec. 7199 IN NS tungurahua.andinanet.net.
- inae.gob.ec. 7199 IN MX 10 mail.inae.gob.ec.
- S U B - D O M A I N F I N D E R
- =======================================================================================================================================
- [i] Total Subdomains Found : 1
- [+] Subdomain: www.inae.gob.ec
- [-] IP: 190.214.11.74
- #######################################################################################################################################
- [?] Enter the target: example( http://domain.com )
- http://www.inae.gob.ec/
- [!] IP Address : 190.214.11.74
- [+] Operating System : CentOS
- [!] www.inae.gob.ec doesn't seem to use a CMS
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for www.inae.gob.ec
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/www.inae.gob.ec
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 2.36 seconds
- ---------------------------------------------------------------------------------------------------------------------------------------
- There was an error getting results
- [-] DNS Records
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- pixel-1556542231560544-web-@www.inae.gob.ec
- No hosts found
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- =======================================================================================================================================
- | E-mails:
- | [+] E-mail Found: hmartinez@inae.gob.ec
- | [+] E-mail Found: pocket@2x.png
- | [+] E-mail Found: enhanced-distribution@2x.png
- | [+] E-mail Found: humbedooh@apache.org
- | [+] E-mail Found: gdoming@espol.edu.ec
- | [+] E-mail Found: bl44tkip@gmail.com
- | [+] E-mail Found: omalvara@espol.edu.ec
- | [+] E-mail Found: info@jumping-duck.com
- | [+] E-mail Found: mgonzal@espol.edu.ec
- | [+] E-mail Found: sharing-hidden@2x.png
- | [+] E-mail Found: dialog-separator@2x.png
- | [+] E-mail Found: linkedin-nocount@2x.png
- | [+] E-mail Found: jproanio@inae.gob.ec
- | [+] E-mail Found: smart-pocket@2x.png
- | [+] E-mail Found: digg@2x.png
- | [+] E-mail Found: info@huge-it.com,
- | [+] E-mail Found: info@nao-net.com
- | [+] E-mail Found: rss@2x.png
- | [+] E-mail Found: dinal.shirts@gmail.com
- | [+] E-mail Found: allen.macias@inocar.mil.ec
- | [+] E-mail Found: arturocad@hotmail.com
- | [+] E-mail Found: smart-skype@2x.png
- | [+] E-mail Found: more@2x.png
- | [+] E-mail Found: lmolina@inae.gob.ec
- | [+] E-mail Found: caray@inae.gob.ec
- | [+] E-mail Found: 181138991@qq.com
- | [+] E-mail Found: ambranomzambrano@inae.gob.ec
- | [+] E-mail Found: contact-form@2x.png
- | [+] E-mail Found: after-the-deadline@2x.png
- | [+] E-mail Found: info@1245.ru
- | [+] E-mail Found: jsamaniego@inae.gob.ec
- | [+] E-mail Found: smart-stumbleupon@2x.png
- | [+] E-mail Found: averah@inae.gob.ec
- | [+] E-mail Found: wordpress@2x.png
- | [+] E-mail Found: maria.gamboa@inocar.mil.ec
- | [+] E-mail Found: sulym.roman@gmail.com
- | [+] E-mail Found: daniel.koskinen@gmail.com
- | [+] E-mail Found: m@tidakada.com
- | [+] E-mail Found: antillajcedeno@inae.gob.ec
- | [+] E-mail Found: jriofrio@inae.gob.ec
- | [+] E-mail Found: chosen-sprite@2x.png
- | [+] E-mail Found: smart-facebook@2x.png
- | [+] E-mail Found: teonia@utn.edu.ec
- | [+] E-mail Found: jorellana@inae.gob.ec
- | [+] E-mail Found: linkedin@2x.png
- | [+] E-mail Found: inae@inae.gob.ec
- | [+] E-mail Found: kevinh@kevcom.com
- | [+] E-mail Found: smart-twitter@2x.png
- | [+] E-mail Found: smart-like@2x.png
- | [+] E-mail Found: nzamora@inae.gob.ec
- | [+] E-mail Found: jcedeno@inae.gob.ec
- | [+] E-mail Found: reddit@2x.png
- | [+] E-mail Found: danicajiao@gmail.com
- | [+] E-mail Found: support@siteorigin.com
- | [+] E-mail Found: comments@2x.png
- | [+] E-mail Found: info@getid3.org
- | [+] E-mail Found: mauro.mascarenhas@nintersoft.ml
- | [+] E-mail Found: mamsds@live.com
- | [+] E-mail Found: print@2x.png
- | [+] E-mail Found: cmb-icon-remove@2x.png
- | [+] E-mail Found: susanmvillalta@gmail.com
- | [+] E-mail Found: googleplus1@2x.png
- | [+] E-mail Found: facebook@2x.png
- | [+] E-mail Found: divider@2x.png
- | [+] E-mail Found: smart-digg@2x.png
- | [+] E-mail Found: jomedina@inae.gob.ec
- | [+] E-mail Found: aespinar@inae.gob.ec
- | [+] E-mail Found: email@2x.png
- | [+] E-mail Found: referencement@fb-graphiklab.com
- | [+] E-mail Found: kindle@2x.png
- | [+] E-mail Found: smart-googleplus1@2x.png
- | [+] E-mail Found: dani@dani.fi
- | [+] E-mail Found: mathewhendry@hotmail.com
- | [+] E-mail Found: marisol.pizarror@usach.cl
- | [+] E-mail Found: ymacio@inae.gob.ec
- | [+] E-mail Found: jose.reyes@inocar.mil.ec
- | [+] E-mail Found: contact@atar4u.com
- | [+] E-mail Found: rodrigo.cortes@usach.cl
- | [+] E-mail Found: mail@ferdinand-malcher.de
- | [+] E-mail Found: linkedin-horizontal@2x.png
- | [+] E-mail Found: linkedin-vertical@2x.png
- | [+] E-mail Found: contacto@eltipografico.com
- | [+] E-mail Found: jorge.nath@inocar.mil.ec
- | [+] E-mail Found: mdctitan@gmail.com
- | [+] E-mail Found: luis.caiza@mailigmgob.ec
- | [+] E-mail Found: pinterest@2x.png
- | [+] E-mail Found: mzambrano@inae.gob.ec
- | [+] E-mail Found: custom@2x.png
- | [+] E-mail Found: twitter@2x.png
- | [+] E-mail Found: mike@hyperreal.org
- | [+] E-mail Found: support@dreamsoft.no
- | [+] E-mail Found: smart-pinterest@2x.png
- | [+] E-mail Found: linkedin-smart@2x.png
- | [+] E-mail Found: smart-reddit@2x.png
- | [+] E-mail Found: jzuniga@inae.gob.ec
- | [+] E-mail Found: giovanny.vergara@geograficomilitar.gob.ec
- | [+] E-mail Found: scoral@inae.gob.ec
- | [+] E-mail Found: mriofrio@inae.gob.ec
- | [+] E-mail Found: info@huge-it.com
- | [+] E-mail Found: smart-tumblr@2x.png
- | [+] E-mail Found: tumblr@2x.png
- | [+] E-mail Found: jpacheco@inae.gob.ec
- | [+] E-mail Found: pcastro@inae.gob.ec
- | [+] E-mail Found: mail@example.com
- | [+] E-mail Found: eric@eamann.com
- | [+] E-mail Found: draggy@2x.png
- | [+] E-mail Found: hmoreano@gye.satnet.net
- | [+] E-mail Found: roger@dreamsoft.no
- =======================================================================================================================================
- | External hosts:
- | [+] External Host Found: http://wordpress.org
- | [+] External Host Found: https://www.ccamlr.org
- | [+] External Host Found: http://www.eltelegrafo.com.ec
- | [+] External Host Found: http://site.com
- | [+] External Host Found: https://www.ats.aq
- | [+] External Host Found: https://www.eluniverso.com
- | [+] External Host Found: https://twitter.com
- | [+] External Host Found: http://www.elcomercio.com
- | [+] External Host Found: https://es.unesco.org
- | [+] External Host Found: http://www.ilo.org
- | [+] External Host Found: https://www.researchgate.net
- | [+] External Host Found: https://www.facebook.com
- | [+] External Host Found: http://www.mysql.com
- | [+] External Host Found: https://i1.wp.com
- | [+] External Host Found: https://www.metaslider.com
- | [+] External Host Found: https://codex.wordpress.org
- | [+] External Host Found: http://www.socioempleo.gob.ec)
- | [+] External Host Found: https://www.publimetro.cl
- | [+] External Host Found: https://i0.wp.com
- | [+] External Host Found: http://planet.wordpress.org
- | [+] External Host Found: https://roundme.com
- | [+] External Host Found: http://www.subpesca.cl
- | [+] External Host Found: http://inae.gob.ec
- | [+] External Host Found: https://siteorigin.com
- | [+] External Host Found: https://wp.me
- | [+] External Host Found: https://wordpress.org
- | [+] External Host Found: http://codex.wordpress.org
- | [+] External Host Found: http://www.expreso.ec
- | [+] External Host Found: http://gmpg.org
- | [+] External Host Found: http://es.wikipedia.org
- | [+] External Host Found: http://www.biodiversity.aq
- | [+] External Host Found: http://www.wpcolumns.com
- | [+] External Host Found: https://github.com
- | [+] External Host Found: https://s0.wp.com
- | [+] External Host Found: https://secure.gravatar.com
- | [+] External Host Found: https://www.scar.org
- | [+] External Host Found: https://www.comnap.aq
- | [+] External Host Found: http://expreso.ec
- | [+] External Host Found: http://192.168.0.12
- | [+] External Host Found: https://themepoints.com
- | [+] External Host Found: http://www.persistenciathemovie.com
- | [+] External Host Found: http://www.scar.org
- | [+] External Host Found: https://scontent-lga3-1.xx.fbcdn.net
- | [+] External Host Found: http://httpd.apache.org
- | [+] External Host Found: https://www.lahora.com.ec
- | [+] External Host Found: http://es.forums.wordpress.org
- | [+] External Host Found: http://php.net
- | [+] External Host Found: https://lahora.com.ec
- | [+] External Host Found: http://comunidadplanetaazul.com
- =======================================================================================================================================
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P4-3-Debian <<>> inae.gob.ec
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59663
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;inae.gob.ec. IN A
- ;; AUTHORITY SECTION:
- inae.gob.ec. 3600 IN SOA root.andinanet.net. hostmaster.andinanet.net. 2018092401 14400 3600 604800 3600
- ;; Query time: 65 msec
- ;; SERVER: 38.132.106.139#53(38.132.106.139)
- ;; WHEN: lun avr 29 10:32:11 EDT 2019
- ;; MSG SIZE rcvd: 105
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P4-3-Debian <<>> +trace inae.gob.ec
- ;; global options: +cmd
- . 83086 IN NS k.root-servers.net.
- . 83086 IN NS h.root-servers.net.
- . 83086 IN NS i.root-servers.net.
- . 83086 IN NS a.root-servers.net.
- . 83086 IN NS m.root-servers.net.
- . 83086 IN NS d.root-servers.net.
- . 83086 IN NS g.root-servers.net.
- . 83086 IN NS c.root-servers.net.
- . 83086 IN NS l.root-servers.net.
- . 83086 IN NS j.root-servers.net.
- . 83086 IN NS b.root-servers.net.
- . 83086 IN NS e.root-servers.net.
- . 83086 IN NS f.root-servers.net.
- . 83086 IN RRSIG NS 8 0 518400 20190512050000 20190429040000 25266 . bQWAaqwMGyuKJ43sy8YDogYmQbm0CPjSlIxhdSa5QhQXjWArYKeHpS/F oaoDGBoDxxTkNKDqhFp5NWZikNXGfzDr6VdYnWoRzhscK7gMC0UFdiLf HelwaJ8agLehlq9Hp6mX2AVUdTd0UfZcRioI3OS6azSMGEocNI96T4+9 AJ633UU62cSMEzxE/t+5U6p2Vc/JDwg4Ji9n9mPNJSN3oeBlyB4MXfLz 0/GpNbEagyWJOhWzpRyo4/DOTFxG8tyrnZWYLe88f8Brkdxm0AFg7xAh E55hO+57oGciCR0xffYvtJMX/oPll1Qa6tlGBBIZXtKwSsiktKA115Mw w6mLWQ==
- ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 31 ms
- ec. 172800 IN NS sns-pb.isc.org.
- ec. 172800 IN NS a.lactld.org.
- ec. 172800 IN NS n3.dns.ec.
- ec. 172800 IN NS n2.nic.ec.
- ec. 86400 IN NSEC eco. NS RRSIG NSEC
- ec. 86400 IN RRSIG NSEC 8 1 86400 20190512050000 20190429040000 25266 . AAKUGZvhFeyG7SUGomscjoUOE5zx2Ho+5hKKtKKq3PGxYrBYYB6zh93H 7C1zZdGvz4sr4PDcUVw9XrGTYK/E5nAphwuwTZvQA46Q6XBObaRm8n7a uSucjLzbzdCEi1q2BQKi/cWej6gJ3dpQ8UGwFxbofckxXRm8uRAEUgG2 o2S5BMIMl2lUDpFua1aRw6h4cN2TlCs0kgxWwP+LKWqvsgEby35m/a/p sqJ6jq2Y3Krj+w7857+uKFm7p9yJ7M1Zif+U3SitFPpAB7zBLSP+YtwI PE4l11/1coj+pVQn/M1G1IK0vBZ6ItdAGr74iTx6s5bGHLWWz8Mi0Oo9 dwrNNQ==
- ;; Received 649 bytes from 192.33.4.12#53(c.root-servers.net) in 29 ms
- inae.gob.ec. 129600 IN NS pichincha.andinanet.net.
- inae.gob.ec. 129600 IN NS tungurahua.andinanet.net.
- ;; Received 130 bytes from 2001:500:2e::1#53(sns-pb.isc.org) in 98 ms
- inae.gob.ec. 3600 IN SOA root.andinanet.net. hostmaster.andinanet.net. 2018092401 14400 3600 604800 3600
- ;; Received 105 bytes from 200.107.10.110#53(pichincha.andinanet.net) in 74 ms
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: inae.gob.ec
- [-] DNSSEC is not configured for inae.gob.ec
- [-] Error while resolving SOA record.
- [-] Error while resolving SOA record.
- [*] NS tungurahua.andinanet.net 200.107.10.110
- [*] Bind Version for 200.107.10.110 3.2.2
- [*] NS tungurahua.andinanet.net 2800:370:10::110
- [*] Bind Version for 2800:370:10::110 3.2.2
- [*] NS pichincha.andinanet.net 200.107.10.110
- [*] Bind Version for 200.107.10.110 3.2.2
- [*] NS pichincha.andinanet.net 2800:370:10::110
- [*] Bind Version for 2800:370:10::110 3.2.2
- [*] MX mail.inae.gob.ec 190.214.11.76
- [*] Enumerating SRV Records
- [-] No SRV Records Found for inae.gob.ec
- [+] 0 Records Found
- #######################################################################################################################################
- [*] Processing domain inae.gob.ec
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
- [+] Getting nameservers
- 200.107.10.110 - tungurahua.andinanet.net
- 200.107.10.110 - pichincha.andinanet.net
- [-] Zone transfer failed
- [+] MX records found, added to target list
- 10 mail.inae.gob.ec.
- [*] Scanning inae.gob.ec for A records
- 190.214.11.76 - mail.inae.gob.ec
- 190.214.11.74 - www.inae.gob.ec
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------- ------ ---- ----------- ------
- 190.214.11.76 host mail.inae.gob.ec
- 190.214.11.74 200 host www.inae.gob.ec Apache/2.4.6 (CentOS) PHP/5.4.16
- #######################################################################################################################################
- [+] Testing domain
- www.inae.gob.ec 190.214.11.74
- [+] Dns resolving
- No address associated with hostname inae.gob.ec
- [+] Testing wildcard
- Ok, no wildcard found.
- [+] Scanning for subdomain on inae.gob.ec
- [!] Wordlist not specified. I scannig with my internal wordlist...
- Estimated time about 57.68 seconds
- Subdomain Ip address Name server
- mail.inae.gob.ec 190.214.11.76 76.11.214.190.static.anycast.cnt-grms.ec
- www.inae.gob.ec 190.214.11.74 74.11.214.190.static.anycast.cnt-grms.ec
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 190.214.11.74
- + Target Hostname: www.inae.gob.ec
- + Target Port: 80
- + Start Time: 2019-04-29 09:24:52 (GMT-4)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: No banner retrieved
- + Retrieved x-powered-by header: PHP/5.4.16
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + Uncommon header 'link' found, with multiple values: (<http://www.inae.gob.ec/index.php/wp-json/>; rel="https://api.w.org/",<https://wp.me/P7hq3p-6>; rel=shortlink,)
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Server banner has changed from '' to 'Apache/2.4.6 (CentOS) PHP/5.4.16' which may suggest a WAF, load balancer or proxy is in place
- + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
- + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
- + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
- + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
- + OSVDB-3268: /icons/: Directory indexing found.
- + OSVDB-3233: /icons/README: Apache default file found.
- + /wp-content/plugins/akismet/readme.txt: The WordPress Akismet plugin 'Tested up to' version usually matches the WordPress version
- + /wp-links-opml.php: This WordPress script reveals the installed version.
- + OSVDB-3092: /license.txt: License file found may identify site software.
- + /: A Wordpress installation was found.
- + Cookie wordpress_test_cookie created without the httponly flag
- + OSVDB-3268: /wp-content/uploads/: Directory indexing found.
- + /wp-content/uploads/: Wordpress uploads directory is browsable. This may reveal sensitive information
- + 26589 requests: 0 error(s) and 20 item(s) reported on remote host
- + End Time: 2019-04-29 10:48:09 (GMT-4) (4997 seconds)
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- www.inae.gob.ec -----
- Host's addresses:
- __________________
- www.inae.gob.ec. 7200 IN A 190.214.11.74
- Name Servers:
- ______________
- #######################################################################################################################################
- ===============================================
- -=Subfinder v1.1.3 github.com/subfinder/subfinder
- ===============================================
- Running Source: Ask
- Running Source: Archive.is
- Running Source: Baidu
- Running Source: Bing
- Running Source: CertDB
- Running Source: CertificateTransparency
- Running Source: Certspotter
- Running Source: Commoncrawl
- Running Source: Crt.sh
- Running Source: Dnsdb
- Running Source: DNSDumpster
- Running Source: DNSTable
- Running Source: Dogpile
- Running Source: Exalead
- Running Source: Findsubdomains
- Running Source: Googleter
- Running Source: Hackertarget
- Running Source: Ipv4Info
- Running Source: PTRArchive
- Running Source: Sitedossier
- Running Source: Threatcrowd
- Running Source: ThreatMiner
- Running Source: WaybackArchive
- Running Source: Yahoo
- Running enumeration on www.inae.gob.ec
- dnsdb: Unexpected return status 503
- waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.www.inae.gob.ec/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
- dogpile: Get https://www.dogpile.com/search/web?q=www.inae.gob.ec&qsi=1: EOF
- Starting Bruteforcing of www.inae.gob.ec with 9985 words
- Total 1 Unique subdomains found for www.inae.gob.ec
- .www.inae.gob.ec
- #######################################################################################################################################
- [*] Processing domain www.inae.gob.ec
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
- [+] Getting nameservers
- [-] Getting nameservers failed
- [-] Zone transfer failed
- [*] Scanning www.inae.gob.ec for A records
- 190.214.11.74 - www.inae.gob.ec
- #######################################################################################################################################
- [+] www.inae.gob.ec has no SPF record!
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for www.inae.gob.ec!
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 09:34 EDT
- Nmap scan report for www.inae.gob.ec (190.214.11.74)
- Host is up (0.068s latency).
- rDNS record for 190.214.11.74: 74.11.214.190.static.anycast.cnt-grms.ec
- Not shown: 472 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 09:34 EDT
- Nmap scan report for www.inae.gob.ec (190.214.11.74)
- Host is up (0.025s latency).
- rDNS record for 190.214.11.74: 74.11.214.190.static.anycast.cnt-grms.ec
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- http://www.inae.gob.ec/wp-content/themes/twentyten/languages/twentyten.pot ERROR: Timed out execution expired
- http://www.inae.gob.ec [200 OK] Apache[2.4.6], Country[ECUADOR][EC], Email[inae@inae.gob.ec], Frame, HTML5, HTTPServer[CentOS][Apache/2.4.6 (CentOS) PHP/5.4.16], IP[190.214.11.74], JQuery[1.12.4], MetaGenerator[WordPress 4.7.3], Open-Graph-Protocol[website], PHP[5.4.16], PoweredBy[Shareaholic], Script[text/javascript], Title[Instituto Antártico Ecuatoriano – INAE], UncommonHeaders[link], WordPress[4.7,4.7.3], X-Powered-By[PHP/5.4.16], X-UA-Compatible[IE=10,IE=edge], YouTube
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://www.inae.gob.ec...
- _______________________________ SITE INFO ________________________________
- IP Title
- 190.214.11.74 Instituto Antártico Ecuatoriano – INAE
- ________________________________ VERSION _________________________________
- Name Versions Type
- WordPress 4.7 CMS
- Apache 2.4.6 Platform
- PHP 5.4.16 Platform
- CentOS 7-1511 | 7.0-1406 | 7.1-1503 OS
- ______________________________ INTERESTING _______________________________
- URL Note Type
- /readme.html Wordpress readme Interesting
- /readme.html Readme file Interesting
- _________________________________ TOOLS __________________________________
- Name Link Software
- wpscan https://github.com/wpscanteam/wpscan WordPress
- CMSmap https://github.com/Dionach/CMSmap WordPress
- __________________________________________________________________________
- Time: 420.1 sec Urls: 824 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Date: Mon, 29 Apr 2019 13:42:47 GMT
- Server: Apache/2.4.6 (CentOS) PHP/5.4.16
- X-Powered-By: PHP/5.4.16
- X-UA-Compatible: IE=edge
- Link: <http://www.inae.gob.ec/index.php/wp-json/>; rel="https://api.w.org/"
- Link: <https://wp.me/P7hq3p-6>; rel=shortlink
- Content-Type: text/html; charset=UTF-8
- HTTP/1.1 200 OK
- Date: Mon, 29 Apr 2019 13:42:50 GMT
- Server: Apache/2.4.6 (CentOS) PHP/5.4.16
- X-Powered-By: PHP/5.4.16
- X-UA-Compatible: IE=edge
- Link: <http://www.inae.gob.ec/index.php/wp-json/>; rel="https://api.w.org/"
- Link: <https://wp.me/P7hq3p-6>; rel=shortlink
- Content-Type: text/html; charset=UTF-8
- #######################################################################################################################################
- jQuery Migrate
- Apache 2.4.6
- Twitter
- WordPress 4.7.3
- jQuery 1.12.4
- PHP 5.4.16
- YouTube
- CentOS
- WordPress
- X-UA-Compatible: IE=edge
- #######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +------------+-------------------------------------+--------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +------------+-------------------------------------+--------------------------------------------------+----------+----------+
- | phpMyAdmin | http://190.214.11.74:80/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | | |
- +------------+-------------------------------------+--------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:07 EDT
- Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Host is up (0.11s latency).
- Not shown: 472 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:07 EDT
- Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Host is up (0.021s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:07 EDT
- Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Host is up (0.14s latency).
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 13 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 24.82 ms 10.247.200.1
- 2 25.17 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 46.60 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 24.85 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
- 5 24.99 ms motl-b1-link.telia.net (62.115.162.41)
- 6 ...
- 7 35.28 ms nyk-b6-link.telia.net (62.115.125.63)
- 8 37.28 ms corporacionnacional-ic-326985-nyk-b6.c.telia.net (213.248.91.41)
- 9 ...
- 10 142.48 ms 190.152.253.154
- 11 ... 12
- 13 137.84 ms 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:09 EDT
- Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Host is up (0.14s latency).
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- Network Distance: 13 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 961.47 ms 10.247.200.1
- 2 964.59 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 969.26 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 962.11 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
- 5 965.02 ms motl-b1-link.telia.net (62.115.162.41)
- 6 ...
- 7 969.10 ms nyk-b6-link.telia.net (62.115.125.63)
- 8 969.23 ms corporacionnacional-ic-326985-nyk-b6.c.telia.net (213.248.91.41)
- 9 ...
- 10 1073.80 ms 190.152.253.154
- 11 ... 12
- 13 140.98 ms 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:11 EDT
- Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Host is up (0.14s latency).
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- Network Distance: 13 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 27.33 ms 10.247.200.1
- 2 22.19 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 43.33 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 22.16 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
- 5 22.19 ms motl-b1-link.telia.net (62.115.162.41)
- 6 ...
- 7 32.74 ms nyk-b6-link.telia.net (62.115.125.63)
- 8 34.35 ms corporacionnacional-ic-326985-nyk-b6.c.telia.net (213.248.91.41)
- 9 ...
- 10 139.84 ms 190.152.253.154
- 11 ... 12
- 13 138.62 ms 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- #######################################################################################################################################
- http://190.214.11.74 [301 Moved Permanently] Apache[2.4.6], Country[ECUADOR][EC], HTTPServer[CentOS][Apache/2.4.6 (CentOS) PHP/5.4.16], IP[190.214.11.74], PHP[5.4.16], RedirectLocation[http://www.inae.gob.ec/], X-Powered-By[PHP/5.4.16], X-UA-Compatible[IE=edge]
- http://www.inae.gob.ec/ [200 OK] Apache[2.4.6], Country[ECUADOR][EC], Email[inae@inae.gob.ec], Frame, HTML5, HTTPServer[CentOS][Apache/2.4.6 (CentOS) PHP/5.4.16], IP[190.214.11.74], JQuery[1.12.4], MetaGenerator[WordPress 4.7.3], Open-Graph-Protocol[website], PHP[5.4.16], PoweredBy[Shareaholic], Script[text/javascript], Title[Instituto Antártico Ecuatoriano – INAE], UncommonHeaders[link], WordPress[4.7,4.7.3], X-Powered-By[PHP/5.4.16], X-UA-Compatible[IE=10,IE=edge], YouTube
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://www.inae.gob.ec...
- ______________________________ SITE INFO _______________________________
- IP Title
- 190.214.11.74 Instituto Antártico Ecuatoriano – INAE
- _______________________________ VERSION ________________________________
- Name Versions Type
- WordPress 4.7 CMS
- Apache 2.4.6 Platform
- PHP 5.4.16 Platform
- CentOS 7-1511 | 7.0-1406 | 7.1-1503 OS
- _____________________________ INTERESTING ______________________________
- URL Note Type
- /readme.html Wordpress readme Interesting
- /readme.html Readme file Interesting
- ________________________________ TOOLS _________________________________
- Name Link Software
- wpscan https://github.com/wpscanteam/wpscan WordPress
- CMSmap https://github.com/Dionach/CMSmap WordPress
- ________________________________________________________________________
- Time: 3.3 sec Urls: 826 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 301 Moved Permanently
- Date: Mon, 29 Apr 2019 14:14:02 GMT
- Server: Apache/2.4.6 (CentOS) PHP/5.4.16
- X-Powered-By: PHP/5.4.16
- X-UA-Compatible: IE=edge
- Location: http://www.inae.gob.ec/
- Content-Type: text/html; charset=UTF-8
- HTTP/1.1 301 Moved Permanently
- Date: Mon, 29 Apr 2019 14:14:03 GMT
- Server: Apache/2.4.6 (CentOS) PHP/5.4.16
- X-Powered-By: PHP/5.4.16
- X-UA-Compatible: IE=edge
- Location: http://www.inae.gob.ec/
- Content-Type: text/html; charset=UTF-8
- HTTP/1.1 200 OK
- Date: Mon, 29 Apr 2019 14:14:03 GMT
- Server: Apache/2.4.6 (CentOS) PHP/5.4.16
- X-Powered-By: PHP/5.4.16
- X-UA-Compatible: IE=edge
- Link: <http://www.inae.gob.ec/index.php/wp-json/>; rel="https://api.w.org/"
- Link: <https://wp.me/P7hq3p-6>; rel=shortlink
- Content-Type: text/html; charset=UTF-8
- #######################################################################################################################################
- jQuery Migrate
- Apache 2.4.6
- Twitter
- WordPress 4.7.3
- jQuery 1.12.4
- PHP 5.4.16
- YouTube
- CentOS
- WordPress
- X-UA-Compatible: IE=edge
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:14 EDT
- Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Host is up (0.14s latency).
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- Network Distance: 13 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 27.79 ms 10.247.200.1
- 2 51.58 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 39.58 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 27.87 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
- 5 27.93 ms motl-b1-link.telia.net (62.115.162.41)
- 6 ...
- 7 38.19 ms nyk-b6-link.telia.net (62.115.125.63)
- 8 40.06 ms corporacionnacional-ic-326985-nyk-b6.c.telia.net (213.248.91.41)
- 9 ...
- 10 138.97 ms 190.152.253.154
- 11 ... 12
- 13 138.09 ms 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:16 EDT
- Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Host is up (0.14s latency).
- PORT STATE SERVICE VERSION
- 161/tcp filtered snmp
- 161/udp open|filtered snmp
- Too many fingerprints match this host to give specific OS details
- Network Distance: 13 hops
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 21.32 ms 10.247.200.1
- 2 21.71 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 32.65 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 21.46 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
- 5 21.49 ms motl-b1-link.telia.net (62.115.162.41)
- 6 ...
- 7 31.79 ms nyk-b6-link.telia.net (62.115.125.63)
- 8 33.59 ms corporacionnacional-ic-326985-nyk-b6.c.telia.net (213.248.91.41)
- 9 ...
- 10 139.11 ms 190.152.253.154
- 11 ... 12
- 13 139.92 ms 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- #######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +------------+-------------------------------------+--------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +------------+-------------------------------------+--------------------------------------------------+----------+----------+
- | phpMyAdmin | http://190.214.11.74:80/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | | |
- +------------+-------------------------------------+--------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:19 EDT
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 10:19
- Completed NSE at 10:19, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 10:19
- Completed NSE at 10:19, 0.00s elapsed
- Initiating Ping Scan at 10:19
- Scanning 190.214.11.74 [4 ports]
- Completed Ping Scan at 10:19, 0.17s elapsed (1 total hosts)
- Initiating Parallel DNS resolution of 1 host. at 10:19
- Completed Parallel DNS resolution of 1 host. at 10:19, 0.03s elapsed
- Initiating Connect Scan at 10:19
- Scanning 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74) [65535 ports]
- Discovered open port 80/tcp on 190.214.11.74
- Connect Scan Timing: About 7.34% done; ETC: 10:26 (0:06:32 remaining)
- Connect Scan Timing: About 34.38% done; ETC: 10:22 (0:01:56 remaining)
- Completed Connect Scan at 10:20, 104.46s elapsed (65535 total ports)
- Initiating Service scan at 10:20
- Scanning 1 service on 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Completed Service scan at 10:21, 7.14s elapsed (1 service on 1 host)
- Initiating OS detection (try #1) against 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Retrying OS detection (try #2) against 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Initiating Traceroute at 10:21
- Completed Traceroute at 10:21, 3.04s elapsed
- Initiating Parallel DNS resolution of 10 hosts. at 10:21
- Completed Parallel DNS resolution of 10 hosts. at 10:21, 0.38s elapsed
- NSE: Script scanning 190.214.11.74.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 10:21
- Completed NSE at 10:21, 14.26s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 10:21
- Completed NSE at 10:21, 0.00s elapsed
- Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Host is up, received echo-reply ttl 52 (0.11s latency).
- Scanned at 2019-04-29 10:19:08 EDT for 135s
- Not shown: 65531 filtered ports
- Reason: 65531 no-responses
- PORT STATE SERVICE REASON VERSION
- 25/tcp closed smtp conn-refused
- 80/tcp open http syn-ack Apache httpd 2.4.6 ((CentOS) PHP/5.4.16)
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache/2.4.6 (CentOS) PHP/5.4.16
- |_http-title: Did not follow redirect to http://www.inae.gob.ec/
- 139/tcp closed netbios-ssn conn-refused
- 445/tcp closed microsoft-ds conn-refused
- OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
- Aggressive OS guesses: Linux 3.10 - 4.11 (92%), HP P2000 G3 NAS device (91%), Linux 3.2 - 4.9 (91%), Linux 3.16 - 4.6 (90%), Linux 2.6.32 (90%), Linux 2.6.32 - 3.1 (90%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (90%), Linux 3.7 (90%), Ubiquiti AirOS 5.5.9 (90%), Linux 4.4 (90%)
- No exact OS matches for host (test conditions non-ideal).
- TCP/IP fingerprint:
- SCAN(V=7.70%E=4%D=4/29%OT=80%CT=25%CU=%PV=N%DS=13%DC=T%G=N%TM=5CC70863%P=x86_64-pc-linux-gnu)
- SEQ(SP=105%GCD=1%ISR=108%TI=Z%CI=Z%II=I%TS=A)
- OPS(O1=M44FST11NW7%O2=M44FST11NW7%O3=M44FNNT11NW7%O4=M44FST11NW7%O5=M44FST11NW7%O6=M44FST11)
- WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
- ECN(R=Y%DF=Y%TG=40%W=7210%O=M44FNNSNW7%CC=Y%Q=)
- T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
- T2(R=N)
- T3(R=N)
- T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
- T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
- T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
- T7(R=N)
- U1(R=N)
- IE(R=Y%DFI=N%TG=40%CD=S)
- Uptime guess: 0.961 days (since Sun Apr 28 11:17:38 2019)
- Network Distance: 13 hops
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 27.13 ms 10.247.200.1
- 2 27.38 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
- 3 43.86 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
- 4 27.37 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
- 5 21.65 ms motl-b1-link.telia.net (62.115.162.41)
- 6 33.66 ms nyk-bb3-link.telia.net (62.115.137.142)
- 7 32.29 ms nyk-b6-link.telia.net (62.115.125.63)
- 8 33.73 ms corporacionnacional-ic-326985-nyk-b6.c.telia.net (213.248.91.41)
- 9 ...
- 10 139.54 ms 190.152.253.154
- 11 ... 12
- 13 138.26 ms 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- NSE: Script Post-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 10:21
- Completed NSE at 10:21, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 10:21
- Completed NSE at 10:21, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 135.81 seconds
- Raw packets sent: 85 (6.736KB) | Rcvd: 111 (24.961KB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:21 EDT
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 10:21
- Completed NSE at 10:21, 0.00s elapsed
- Initiating NSE at 10:21
- Completed NSE at 10:21, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 10:21
- Completed Parallel DNS resolution of 1 host. at 10:21, 0.03s elapsed
- Initiating UDP Scan at 10:21
- Scanning 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74) [14 ports]
- Completed UDP Scan at 10:21, 1.26s elapsed (14 total ports)
- Initiating Service scan at 10:21
- Scanning 12 services on 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Service scan Timing: About 8.33% done; ETC: 10:41 (0:17:58 remaining)
- Completed Service scan at 10:23, 102.59s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Retrying OS detection (try #2) against 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Initiating Traceroute at 10:23
- Completed Traceroute at 10:23, 7.10s elapsed
- Initiating Parallel DNS resolution of 1 host. at 10:23
- Completed Parallel DNS resolution of 1 host. at 10:23, 0.01s elapsed
- NSE: Script scanning 190.214.11.74.
- Initiating NSE at 10:23
- Completed NSE at 10:23, 20.36s elapsed
- Initiating NSE at 10:23
- Completed NSE at 10:23, 1.02s elapsed
- Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
- Host is up (0.025s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 137/udp)
- HOP RTT ADDRESS
- 1 ... 3
- 4 20.02 ms 10.247.200.1
- 5 26.21 ms 10.247.200.1
- 6 26.20 ms 10.247.200.1
- 7 26.19 ms 10.247.200.1
- 8 26.18 ms 10.247.200.1
- 9 26.19 ms 10.247.200.1
- 10 26.19 ms 10.247.200.1
- 11 ... 15
- 16 21.91 ms 10.247.200.1
- 17 ... 18
- 19 19.85 ms 10.247.200.1
- 20 20.82 ms 10.247.200.1
- 21 21.12 ms 10.247.200.1
- 22 ... 29
- 30 19.91 ms 10.247.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 10:23
- Completed NSE at 10:23, 0.00s elapsed
- Initiating NSE at 10:23
- Completed NSE at 10:23, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 135.49 seconds
- Raw packets sent: 147 (13.614KB) | Rcvd: 117 (21.802KB)
- #######################################################################################################################################
- [+] URL: http://www.inae.gob.ec/
- [+] Started: Mon Apr 29 07:56:57 2019
- Interesting Finding(s):
- [+] http://www.inae.gob.ec/
- | Interesting Entries:
- | - X-Powered-By: PHP/5.4.16
- | - X-UA-Compatible: IE=edge
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [+] http://www.inae.gob.ec/xmlrpc.php
- | Found By: Link Tag (Passive Detection)
- | Confidence: 100%
- | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] http://www.inae.gob.ec/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] Registration is enabled: http://www.inae.gob.ec/wp-login.php?action=register
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] Upload directory has listing enabled: http://www.inae.gob.ec/wp-content/uploads/
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] http://www.inae.gob.ec/wp-cron.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 60%
- | References:
- | - https://www.iplocation.net/defend-wordpress-from-ddos
- | - https://github.com/wpscanteam/wpscan/issues/1299
- [+] WordPress version 4.7.3 identified (Insecure, released on 2017-03-06).
- | Detected By: Rss Generator (Passive Detection)
- | - http://www.inae.gob.ec/index.php/feed/, <generator>https://wordpress.org/?v=4.7.3</generator>
- | - http://www.inae.gob.ec/index.php/comments/feed/, <generator>https://wordpress.org/?v=4.7.3</generator>
- |
- | [!] 34 vulnerabilities identified:
- |
- | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
- | References:
- | - https://wpvulndb.com/vulnerabilities/8807
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
- | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
- | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
- | - https://core.trac.wordpress.org/ticket/25239
- |
- | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8815
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
- | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- |
- | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8816
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
- |
- | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8817
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
- |
- | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8818
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
- | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
- |
- | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8819
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
- | - https://hackerone.com/reports/203515
- | - https://hackerone.com/reports/203515
- |
- | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8820
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
- |
- | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
- | Fixed in: 4.7.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/8905
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
- |
- | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8906
- | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- | - https://wpvulndb.com/vulnerabilities/8905
- |
- | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
- | Fixed in: 4.7.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/8910
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41398
- |
- | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
- | Fixed in: 4.7.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/8911
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41457
- |
- | [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer
- | Fixed in: 4.7.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/8912
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41397
- |
- | [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
- | Fixed in: 4.7.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/8913
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41448
- |
- | [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
- | Fixed in: 4.7.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/8914
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41395
- | - https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
- |
- | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
- | Fixed in: 4.7.7
- | References:
- | - https://wpvulndb.com/vulnerabilities/8941
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
- | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
- | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
- | - https://twitter.com/ircmaxell/status/923662170092638208
- | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
- |
- | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
- | Fixed in: 4.7.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/8966
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
- |
- | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
- | Fixed in: 4.7.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/8967
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
- |
- | [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
- | Fixed in: 4.7.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/8968
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
- |
- | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
- | Fixed in: 4.7.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/8969
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
- |
- | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
- | Fixed in: 4.7.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9006
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
- | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
- | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/ticket/42720
- |
- | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
- | References:
- | - https://wpvulndb.com/vulnerabilities/9021
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
- | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
- | - https://github.com/quitten/doser.py
- | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- |
- | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
- | Fixed in: 4.7.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/9053
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
- |
- | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
- | Fixed in: 4.7.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/9054
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
- |
- | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
- | Fixed in: 4.7.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/9055
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
- |
- | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
- | Fixed in: 4.7.11
- | References:
- | - https://wpvulndb.com/vulnerabilities/9100
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
- | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
- | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
- | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
- | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated File Delete
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9169
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9170
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
- |
- | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9171
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9172
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9173
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
- |
- | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9174
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9175
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
- |
- | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
- | Fixed in: 5.0.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/9222
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
- | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
- |
- | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
- | Fixed in: 4.7.13
- | References:
- | - https://wpvulndb.com/vulnerabilities/9230
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
- | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
- | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
- | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
- [+] WordPress theme in use: vantage
- | Location: http://www.inae.gob.ec/wp-content/themes/vantage/
- | Last Updated: 2019-04-22T00:00:00.000Z
- | Readme: http://www.inae.gob.ec/wp-content/themes/vantage/readme.txt
- | [!] The version is out of date, the latest version is 1.10.1
- | Style URL: http://www.inae.gob.ec/wp-content/themes/vantage/style.css?ver=1.7.8
- | Style Name: Vantage
- | Style URI: https://siteorigin.com/theme/vantage/
- | Description: Vantage is a flexible multipurpose theme. Its strength lies in its tight integration with some power...
- | Author: SiteOrigin
- | Author URI: https://siteorigin.com/
- |
- | Detected By: Css Style (Passive Detection)
- |
- | Version: 1.7.8 (80% confidence)
- | Detected By: Style (Passive Detection)
- | - http://www.inae.gob.ec/wp-content/themes/vantage/style.css?ver=1.7.8, Match: 'Version: 1.7.8'
- [+] Enumerating All Plugins (via Passive Methods)
- [+] Checking Plugin Versions (via Passive and Aggressive Methods)
- [i] Plugin(s) Identified:
- [+] accordions-wp
- | Location: http://www.inae.gob.ec/wp-content/plugins/accordions-wp/
- | Latest Version: 2.4 (up to date)
- | Last Updated: 2018-08-13T12:06:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 2.4 (100% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/accordions-wp/readme.txt
- | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/accordions-wp/readme.txt
- [+] advanced-wp-columns
- | Location: http://www.inae.gob.ec/wp-content/plugins/advanced-wp-columns/
- | Last Updated: 2015-12-28T03:37:00.000Z
- | [!] The version is out of date, the latest version is 2.0.6
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 2.0 (80% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/advanced-wp-columns/readme.txt
- [+] arconix-shortcodes
- | Location: http://www.inae.gob.ec/wp-content/plugins/arconix-shortcodes/
- | Last Updated: 2018-12-14T06:30:00.000Z
- | [!] The version is out of date, the latest version is 2.1.6
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 2.0.4 (100% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/arconix-shortcodes/includes/css/arconix-shortcodes.min.css?ver=2.0.4
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/arconix-shortcodes/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/arconix-shortcodes/readme.txt
- [+] fuse-social-floating-sidebar
- | Location: http://www.inae.gob.ec/wp-content/plugins/fuse-social-floating-sidebar/
- | Last Updated: 2019-03-09T11:43:00.000Z
- | [!] The version is out of date, the latest version is 4.0
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 2.0 (80% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/fuse-social-floating-sidebar/readme.txt
- [+] imagemapper
- | Location: http://www.inae.gob.ec/wp-content/plugins/imagemapper/
- | Latest Version: 1.2.6 (up to date)
- | Last Updated: 2016-04-20T09:52:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.2.6 (100% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/imagemapper/readme.txt
- | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/imagemapper/readme.txt
- [+] jetpack
- | Location: http://www.inae.gob.ec/wp-content/plugins/jetpack/
- | Last Updated: 2019-04-04T21:00:00.000Z
- | [!] The version is out of date, the latest version is 7.2.1
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | [!] 1 vulnerability identified:
- |
- | [!] Title: Jetpack <= 6.4.2 - Authenticated Stored Cross-Site Scripting (XSS)
- | Fixed in: 6.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/9168
- | - https://www.ripstech.com/php-security-calendar-2018/#day-11
- |
- | Version: 6.3.3 (100% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/jetpack/css/jetpack.css?ver=6.3.3
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/jetpack/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/jetpack/readme.txt
- [+] jquery-mega-menu
- | Location: http://www.inae.gob.ec/wp-content/plugins/jquery-mega-menu/
- | Latest Version: 1.3.10 (up to date)
- | Last Updated: 2012-11-02T16:20:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | [!] 1 vulnerability identified:
- |
- | [!] Title: jQuery Mega Menu 1.0 - Local File Inclusion
- | References:
- | - https://wpvulndb.com/vulnerabilities/6417
- | - https://www.exploit-db.com/exploits/16250/
- |
- | Version: 1.3.10 (100% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/jquery-mega-menu/readme.txt
- | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/jquery-mega-menu/readme.txt
- [+] ml-slider
- | Location: http://www.inae.gob.ec/wp-content/plugins/ml-slider/
- | Last Updated: 2019-03-25T15:15:00.000Z
- | [!] The version is out of date, the latest version is 3.12.1
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 3.10.0 (80% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/ml-slider/readme.txt
- [+] shareaholic
- | Location: http://www.inae.gob.ec/wp-content/plugins/shareaholic/
- | Last Updated: 2019-04-18T22:46:00.000Z
- | [!] The version is out of date, the latest version is 8.12.4
- |
- | Detected By: Meta Tag (Passive Detection)
- |
- | Version: 8.0.1 (100% confidence)
- | Detected By: Meta Tag (Passive Detection)
- | - http://www.inae.gob.ec/, Match: '8.0.1'
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/shareaholic/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/shareaholic/readme.txt
- [+] siteorigin-panels
- | Location: http://www.inae.gob.ec/wp-content/plugins/siteorigin-panels/
- | Last Updated: 2019-04-06T00:55:00.000Z
- | [!] The version is out of date, the latest version is 2.10.5
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 2.7.2 (100% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/siteorigin-panels/readme.txt
- | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/siteorigin-panels/readme.txt
- [+] so-widgets-bundle
- | Location: http://www.inae.gob.ec/wp-content/plugins/so-widgets-bundle/
- | Last Updated: 2019-03-27T20:27:00.000Z
- | [!] The version is out of date, the latest version is 1.15.4
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.9.2 (80% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/so-widgets-bundle/readme.txt
- [+] wp-publication-archive
- | Location: http://www.inae.gob.ec/wp-content/plugins/wp-publication-archive/
- | Latest Version: 3.0.1 (up to date)
- | Last Updated: 2013-07-25T18:04:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 3.0.1 (80% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://www.inae.gob.ec/wp-content/plugins/wp-publication-archive/readme.txt
- [+] Enumerating Config Backups (via Passive and Aggressive Methods)
- Checking Config Backups - Time: 00:00:02 <=============> (21 / 21) 100.00% Time: 00:00:02
- [i] No Config Backups Found.
- [+] Finished: Mon Apr 29 07:57:20 2019
- [+] Requests Done: 73
- [+] Cached Requests: 5
- [+] Data Sent: 14.342 KB
- [+] Data Received: 525.88 KB
- [+] Memory used: 170.77 MB
- [+] Elapsed time: 00:00:22
- #######################################################################################################################################
- [+] URL: http://www.inae.gob.ec/
- [+] Started: Mon Apr 29 07:56:59 2019
- Interesting Finding(s):
- [+] http://www.inae.gob.ec/
- | Interesting Entries:
- | - X-Powered-By: PHP/5.4.16
- | - X-UA-Compatible: IE=edge
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [+] http://www.inae.gob.ec/xmlrpc.php
- | Found By: Link Tag (Passive Detection)
- | Confidence: 100%
- | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] http://www.inae.gob.ec/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] Registration is enabled: http://www.inae.gob.ec/wp-login.php?action=register
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] Upload directory has listing enabled: http://www.inae.gob.ec/wp-content/uploads/
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] http://www.inae.gob.ec/wp-cron.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 60%
- | References:
- | - https://www.iplocation.net/defend-wordpress-from-ddos
- | - https://github.com/wpscanteam/wpscan/issues/1299
- [+] WordPress version 4.7.3 identified (Insecure, released on 2017-03-06).
- | Detected By: Rss Generator (Passive Detection)
- | - http://www.inae.gob.ec/index.php/feed/, <generator>https://wordpress.org/?v=4.7.3</generator>
- | - http://www.inae.gob.ec/index.php/comments/feed/, <generator>https://wordpress.org/?v=4.7.3</generator>
- |
- | [!] 34 vulnerabilities identified:
- |
- | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
- | References:
- | - https://wpvulndb.com/vulnerabilities/8807
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
- | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
- | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
- | - https://core.trac.wordpress.org/ticket/25239
- |
- | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8815
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
- | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- |
- | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8816
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
- |
- | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8817
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
- |
- | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8818
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
- | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
- |
- | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8819
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
- | - https://hackerone.com/reports/203515
- | - https://hackerone.com/reports/203515
- |
- | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8820
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
- |
- | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
- | Fixed in: 4.7.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/8905
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
- |
- | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8906
- | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- | - https://wpvulndb.com/vulnerabilities/8905
- |
- | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
- | Fixed in: 4.7.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/8910
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41398
- |
- | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
- | Fixed in: 4.7.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/8911
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41457
- |
- | [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer
- | Fixed in: 4.7.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/8912
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41397
- |
- | [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
- | Fixed in: 4.7.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/8913
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41448
- |
- | [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
- | Fixed in: 4.7.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/8914
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41395
- | - https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
- |
- | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
- | Fixed in: 4.7.7
- | References:
- | - https://wpvulndb.com/vulnerabilities/8941
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
- | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
- | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
- | - https://twitter.com/ircmaxell/status/923662170092638208
- | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
- |
- | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
- | Fixed in: 4.7.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/8966
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
- |
- | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
- | Fixed in: 4.7.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/8967
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
- |
- | [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
- | Fixed in: 4.7.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/8968
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
- |
- | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
- | Fixed in: 4.7.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/8969
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
- |
- | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
- | Fixed in: 4.7.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9006
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
- | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
- | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/ticket/42720
- |
- | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
- | References:
- | - https://wpvulndb.com/vulnerabilities/9021
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
- | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
- | - https://github.com/quitten/doser.py
- | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- |
- | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
- | Fixed in: 4.7.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/9053
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
- |
- | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
- | Fixed in: 4.7.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/9054
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
- |
- | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
- | Fixed in: 4.7.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/9055
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
- |
- | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
- | Fixed in: 4.7.11
- | References:
- | - https://wpvulndb.com/vulnerabilities/9100
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
- | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
- | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
- | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
- | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated File Delete
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9169
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9170
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
- |
- | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9171
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9172
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9173
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
- |
- | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9174
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
- | Fixed in: 4.7.12
- | References:
- | - https://wpvulndb.com/vulnerabilities/9175
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
- |
- | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
- | Fixed in: 5.0.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/9222
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
- | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
- |
- | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
- | Fixed in: 4.7.13
- | References:
- | - https://wpvulndb.com/vulnerabilities/9230
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
- | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
- | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
- | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
- [+] WordPress theme in use: vantage
- | Location: http://www.inae.gob.ec/wp-content/themes/vantage/
- | Last Updated: 2019-04-22T00:00:00.000Z
- | Readme: http://www.inae.gob.ec/wp-content/themes/vantage/readme.txt
- | [!] The version is out of date, the latest version is 1.10.1
- | Style URL: http://www.inae.gob.ec/wp-content/themes/vantage/style.css?ver=1.7.8
- | Style Name: Vantage
- | Style URI: https://siteorigin.com/theme/vantage/
- | Description: Vantage is a flexible multipurpose theme. Its strength lies in its tight integration with some power...
- | Author: SiteOrigin
- | Author URI: https://siteorigin.com/
- |
- | Detected By: Css Style (Passive Detection)
- |
- | Version: 1.7.8 (80% confidence)
- | Detected By: Style (Passive Detection)
- | - http://www.inae.gob.ec/wp-content/themes/vantage/style.css?ver=1.7.8, Match: 'Version: 1.7.8'
- [+] Enumerating Users (via Passive and Aggressive Methods)
- Brute Forcing Author IDs - Time: 00:00:12 <==> (10 / 10) 100.00% Time: 00:00:12
- [i] User(s) Identified:
- [+] inae_web2
- | Detected By: Rss Generator (Passive Detection)
- | Confirmed By:
- | Wp Json Api (Aggressive Detection)
- | - http://www.inae.gob.ec/index.php/wp-json/wp/v2/users/?per_page=100&page=1
- | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- [+] inae_web
- | Detected By: Wp Json Api (Aggressive Detection)
- | - http://www.inae.gob.ec/index.php/wp-json/wp/v2/users/?per_page=100&page=1
- | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- [+] administrador
- | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- [+] alejandro3438
- | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- [+] roughmountpaddzuara
- | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- [+] stephany9922
- | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- [+] tahliaoram8
- | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- [+] robertomarconi6
- | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- [+] moselemmone96
- | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- [+] lanbraley6
- | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- [+] Finished: Mon Apr 29 07:57:40 2019
- [+] Requests Done: 54
- [+] Cached Requests: 17
- [+] Data Sent: 11.645 KB
- [+] Data Received: 936.63 KB
- [+] Memory used: 112.148 MB
- [+] Elapsed time: 00:00:41
- #######################################################################################################################################
- [-] Date & Time: 29/04/2019 07:56:54
- [I] Threads: 5
- [-] Target: http://www.inae.gob.ec (190.214.11.74)
- [M] Website Not in HTTPS: http://www.inae.gob.ec
- [I] X-Powered-By: PHP/5.4.16
- [L] X-Frame-Options: Not Enforced
- [I] Strict-Transport-Security: Not Enforced
- [I] X-Content-Security-Policy: Not Enforced
- [I] X-Content-Type-Options: Not Enforced
- [L] No Robots.txt Found
- [I] CMS Detection: WordPress
- [I] Wordpress Version: 4.7
- [M] EDB-ID: 46511 "WordPress Core 5.0 - Remote Code Execution"
- [M] EDB-ID: 46662 "WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)"
- [M] EDB-ID: 44949 "WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion"
- [M] EDB-ID: 41963 "WordPress < 4.7.4 - Unauthorized Password Reset"
- [M] EDB-ID: 41497 "WordPress < 4.7.1 - Username Enumeration"
- [M] EDB-ID: 41223 "WordPress 4.7.0/4.7.1 - Content Injection (Python)"
- [M] EDB-ID: 41224 "WordPress 4.7.0/4.7.1 - Content Injection (Ruby)"
- [I] Wordpress Theme: vantage
- [M] EDB-ID: 8820 "amember 3.1.7 - Cross-Site Scripting / SQL Injection / HTML Injection"
- [-] WordPress usernames identified:
- [M] administrador
- [M] alejandro3438
- [M] archiedalyell4
- [M] augustbeaman3
- [M] bynfrancesca
- [M] claytonmackellar
- [M] conniea4166
- [M] dalearmijo5
- [M] deandregandy
- [M] denesemann962
- [M] derrickrae
- [M] doloreshays9
- [M] elbertforan39
- [M] gwendolynwarburt
- [M] haydenrickett0
- [M] heath876729327
- [M] henryi735389
- [M] inae_web
- [M] inae_web2
- [M] irvinbrooks
- [M] isabellamackey5
- [M] jamikajemison
- [M] juniors6224
- [M] katricevasey789
- [M] lakeisha89x
- [M] lanbraley6
- [M] lavondac58
- [M] lawerenceboudrea
- [M] ldtlynne656
- [M] maddisongoshorn
- [M] margaretteholtzm
- [M] maydrummond535
- [M] michelinecheyne
- [M] mohammadnorthern
- [M] moselemmone96
- [M] nadinemoultrie
- [M] nicholasstobie
- [M] noe88t3433
- [M] philip0620
- [M] rachelnorris8
- [M] remonakenney24
- [M] rheamincey7434
- [M] rickeydrayton24
- [M] robertomarconi6
- [M] roughmountpaddzuara
- [M] stephany9922
- [M] stormylaws5023
- [M] tahliaoram8
- [M] tonjahirschfeld
- [M] XML-RPC services are enabled
- [M] Website vulnerable to XML-RPC Brute Force Vulnerability
- [I] Autocomplete Off Not Found: http://www.inae.gob.ec/wp-login.php
- [-] Default WordPress Files:
- [I] http://www.inae.gob.ec/license.txt
- [I] http://www.inae.gob.ec/readme.html
- [I] http://www.inae.gob.ec/wp-content/themes/twentyfifteen/genericons/COPYING.txt
- [I] http://www.inae.gob.ec/wp-content/themes/twentyfifteen/genericons/LICENSE.txt
- [I] http://www.inae.gob.ec/wp-content/themes/twentyfifteen/readme.txt
- [I] http://www.inae.gob.ec/wp-content/themes/twentyseventeen/README.txt
- [I] http://www.inae.gob.ec/wp-content/themes/twentysixteen/genericons/COPYING.txt
- [I] http://www.inae.gob.ec/wp-content/themes/twentysixteen/genericons/LICENSE.txt
- [I] http://www.inae.gob.ec/wp-content/themes/twentysixteen/readme.txt
- [I] http://www.inae.gob.ec/wp-includes/ID3/license.commercial.txt
- [I] http://www.inae.gob.ec/wp-includes/ID3/license.txt
- [I] http://www.inae.gob.ec/wp-includes/ID3/readme.txt
- [I] http://www.inae.gob.ec/wp-includes/images/crystal/license.txt
- [I] http://www.inae.gob.ec/wp-includes/js/plupload/license.txt
- [I] http://www.inae.gob.ec/wp-includes/js/swfupload/license.txt
- [I] http://www.inae.gob.ec/wp-includes/js/tinymce/license.txt
- [-] Searching Wordpress Plugins ...
- [I] accordions-wp v2.4
- [I] adrotate
- [M] EDB-ID: 17888 "WordPress Plugin AdRotate 3.6.5 - SQL Injection"
- [M] EDB-ID: 18114 "WordPress Plugin AdRotate 3.6.6 - SQL Injection"
- [M] EDB-ID: 31834 "WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph?track' SQL Injection"
- [I] ads-box
- [M] EDB-ID: 38060 "WordPress Plugin Ads Box - 'count' SQL Injection"
- [I] advanced-wp-columns
- [I] akismet v4.0.8
- [M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
- [M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
- [I] arconix-shortcodes v2.0.4
- [I] firestats
- [M] EDB-ID: 14308 "WordPress Plugin Firestats - Remote Configuration File Download"
- [M] EDB-ID: 33367 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)"
- [M] EDB-ID: 33368 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)"
- [I] fuse-social-floating-sidebar v2.0
- [I] imagemapper v1.2.6
- [I] jetpack v6.3.3
- [M] EDB-ID: 18126 "WordPress Plugin jetpack - 'sharedaddy.php' ID SQL Injection"
- [I] jquery-mega-menu v1.3.10
- [M] EDB-ID: 16250 "WordPress Plugin jQuery Mega Menu 1.0 - Local File Inclusion"
- [I] ml-slider v3.10.0
- [I] simple-ads-manager
- [M] EDB-ID: 36613 "WordPress Plugin Simple Ads Manager - Multiple SQL Injections"
- [M] EDB-ID: 36614 "WordPress Plugin Simple Ads Manager 2.5.94 - Arbitrary File Upload"
- [M] EDB-ID: 36615 "WordPress Plugin Simple Ads Manager - Information Disclosure"
- [M] EDB-ID: 39133 "WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection"
- [I] siteorigin-panels v2.7.2
- [I] so-widgets-bundle v1.9.2
- [I] wp-bannerize
- [M] EDB-ID: 17764 "WordPress Plugin Bannerize 2.8.6 - SQL Injection"
- [M] EDB-ID: 17906 "WordPress Plugin Bannerize 2.8.7 - SQL Injection"
- [M] EDB-ID: 36193 "WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection"
- [I] wp-publication-archive v3.0.1
- [M] EDB-ID: 35263 "WordPress Plugin WP Publication Archive 2.0.1 - 'file' Information Disclosure"
- [I] Checking for Directory Listing Enabled ...
- [L] http://www.inae.gob.ec/wp-admin/css
- [L] http://www.inae.gob.ec/wp-admin/images
- [L] http://www.inae.gob.ec/wp-admin/includes
- [L] http://www.inae.gob.ec/wp-admin/js
- [L] http://www.inae.gob.ec/wp-admin/maint
- [L] http://www.inae.gob.ec/wp-includes
- [L] http://www.inae.gob.ec/wp-includes/ID3
- [L] http://www.inae.gob.ec/wp-includes/IXR
- [L] http://www.inae.gob.ec/wp-includes/Requests
- [L] http://www.inae.gob.ec/wp-includes/SimplePie
- [L] http://www.inae.gob.ec/wp-includes/Text
- [L] http://www.inae.gob.ec/wp-includes/certificates
- [L] http://www.inae.gob.ec/wp-includes/css
- [L] http://www.inae.gob.ec/wp-includes/customize
- [L] http://www.inae.gob.ec/wp-includes/fonts
- [L] http://www.inae.gob.ec/wp-includes/images
- [L] http://www.inae.gob.ec/wp-includes/js
- [L] http://www.inae.gob.ec/wp-includes/pomo
- [L] http://www.inae.gob.ec/wp-includes/random_compat
- [L] http://www.inae.gob.ec/wp-includes/rest-api
- [L] http://www.inae.gob.ec/wp-includes/theme-compat
- [L] http://www.inae.gob.ec/wp-includes/widgets
- [L] http://www.inae.gob.ec/wp-content/plugins/accordions-wp
- [L] http://www.inae.gob.ec/wp-content/plugins/advanced-wp-columns
- [L] http://www.inae.gob.ec/wp-content/plugins/arconix-shortcodes
- [L] http://www.inae.gob.ec/wp-content/plugins/fuse-social-floating-sidebar
- [L] http://www.inae.gob.ec/wp-content/plugins/imagemapper
- [L] http://www.inae.gob.ec/wp-content/plugins/jetpack
- [L] http://www.inae.gob.ec/wp-content/plugins/jquery-mega-menu
- [L] http://www.inae.gob.ec/wp-content/plugins/ml-slider
- [L] http://www.inae.gob.ec/wp-content/plugins/siteorigin-panels
- [L] http://www.inae.gob.ec/wp-content/plugins/so-widgets-bundle
- [L] http://www.inae.gob.ec/wp-content/plugins/wp-publication-archive
- [-] Date & Time: 29/04/2019 08:21:22
- [-] Completed in: 0:24:27
- #######################################################################################################################################
- Anonymous JTSEC #OpAssange Full Recon #19
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement