Anonymous JTSEC #OpAssange Full Recon #19

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname www.inae.gob.ec ISP CORPORACION NACIONAL DE TELECOMUNICACIONES - CNT EP
4. Continent South America Flag
5. EC
6. Country Ecuador Country Code EC
7. Region Unknown Local time 29 Apr 2019 06:53 -05
8. City Unknown Postal Code Unknown
9. IP Address 190.214.11.74 Latitude -2
10. Longitude -77.5
11. =======================================================================================================================================
12. #######################################################################################################################################
13. > www.inae.gob.ec
14. Server: 38.132.106.139
15. Address: 38.132.106.139#53
16.  
17. Non-authoritative answer:
18. Name: www.inae.gob.ec
19. Address: 190.214.11.74
20. >
21. #######################################################################################################################################
22. HostIP:190.214.11.74
23. HostName:www.inae.gob.ec
24.  
25. Gathered Inet-whois information for 190.214.11.74
26. ---------------------------------------------------------------------------------------------------------------------------------------
27.  
28.  
29. inetnum: 189.0.0.0 - 192.5.27.255
30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
31. descr: IPv4 address block not managed by the RIPE NCC
32. remarks: ------------------------------------------------------
33. remarks:
34. remarks: For registration information,
35. remarks: you can consult the following sources:
36. remarks:
37. remarks: IANA
38. remarks: http://www.iana.org/assignments/ipv4-address-space
39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
41. remarks:
42. remarks: AFRINIC (Africa)
43. remarks: http://www.afrinic.net/ whois.afrinic.net
44. remarks:
45. remarks: APNIC (Asia Pacific)
46. remarks: http://www.apnic.net/ whois.apnic.net
47. remarks:
48. remarks: ARIN (Northern America)
49. remarks: http://www.arin.net/ whois.arin.net
50. remarks:
51. remarks: LACNIC (Latin America and the Carribean)
52. remarks: http://www.lacnic.net/ whois.lacnic.net
53. remarks:
54. remarks: ------------------------------------------------------
55. country: EU # Country is really world wide
56. admin-c: IANA1-RIPE
57. tech-c: IANA1-RIPE
58. status: ALLOCATED UNSPECIFIED
59. mnt-by: RIPE-NCC-HM-MNT
60. created: 2019-01-07T10:49:25Z
61. last-modified: 2019-01-07T10:49:25Z
62. source: RIPE
63.  
64. role: Internet Assigned Numbers Authority
65. address: see http://www.iana.org.
66. admin-c: IANA1-RIPE
67. tech-c: IANA1-RIPE
68. nic-hdl: IANA1-RIPE
69. remarks: For more information on IANA services
70. remarks: go to IANA web site at http://www.iana.org.
71. mnt-by: RIPE-NCC-MNT
72. created: 1970-01-01T00:00:00Z
73. last-modified: 2001-09-22T09:31:27Z
74. source: RIPE # Filtered
75.  
76. % This query was served by the RIPE Database Query Service version 1.93.2 (HEREFORD)
77.  
78.  
79.  
80. Gathered Inic-whois information for inae.gob.ec
81. ---------------------------------------------------------------------------------------------------------------------------------------
82. Unable to connect: Socket Connect Error
83. ERROR: Connection to InicWhois Server ec.whois-servers.net failed
84.  
85. Gathered Netcraft information for www.inae.gob.ec
86. ---------------------------------------------------------------------------------------------------------------------------------------
87.  
88. Retrieving Netcraft.com information for www.inae.gob.ec
89. Netcraft.com Information gathered
90.  
91. Gathered Subdomain information for inae.gob.ec
92. ---------------------------------------------------------------------------------------------------------------------------------------
93. Searching Google.com:80...
94. HostName:www.inae.gob.ec
95. HostIP:190.214.11.74
96. Searching Altavista.com:80...
97. Found 1 possible subdomain(s) for host inae.gob.ec, Searched 0 pages containing 0 results
98.  
99. Gathered E-Mail information for inae.gob.ec
100. ---------------------------------------------------------------------------------------------------------------------------------------
101. Searching Google.com:80...
102. Searching Altavista.com:80...
103. Found 0 E-Mail(s) for host inae.gob.ec, Searched 0 pages containing 0 results
104.  
105. Gathered TCP Port information for 190.214.11.74
106. ---------------------------------------------------------------------------------------------------------------------------------------
107.  
108. Port State
109.  
110. 80/tcp open
111.  
112. Portscan Finished: Scanned 150 ports, 2 ports were in state closed
113. #######################################################################################################################################
114. [i] Scanning Site: http://www.inae.gob.ec
115.  
116.  
117.  
118. B A S I C I N F O
119. =======================================================================================================================================
120.  
121.  
122. [+] Site Title: Instituto Antártico Ecuatoriano – INAE
123. [+] IP address: 190.214.11.74
124. [+] Web Server: Could Not Detect
125. [+] CMS: WordPress
126. [+] Cloudflare: Not Detected
127. [+] Robots File: Could NOT Find robots.txt!
128.  
129.  
130. H T T P H E A D E R S
131. =======================================================================================================================================
132.  
133.  
134. [i] HTTP/1.1 200 OK
135. [i] Date: Mon, 29 Apr 2019 12:48:37 GMT
136. [i] X-Powered-By: PHP/5.4.16
137. [i] X-UA-Compatible: IE=edge
138. [i] Link: <http://www.inae.gob.ec/index.php/wp-json/>; rel="https://api.w.org/"
139. [i] Link: <https://wp.me/P7hq3p-6>; rel=shortlink
140. [i] Content-Type: text/html; charset=UTF-8
141. [i] Connection: close
142.  
143.  
144.  
145.  
146. D N S L O O K U P
147. =======================================================================================================================================
148.  
149. inae.gob.ec. 7199 IN SOA root.andinanet.net. hostmaster.andinanet.net. 2018092401 14400 3600 604800 3600
150. inae.gob.ec. 7199 IN NS pichincha.andinanet.net.
151. inae.gob.ec. 7199 IN NS tungurahua.andinanet.net.
152. inae.gob.ec. 7199 IN MX 10 mail.inae.gob.ec.
153.  
154.  
155.  
156.  
157. S U B - D O M A I N F I N D E R
158. =======================================================================================================================================
159.  
160.  
161. [i] Total Subdomains Found : 1
162.  
163. [+] Subdomain: www.inae.gob.ec
164. [-] IP: 190.214.11.74
165. #######################################################################################################################################
166. [?] Enter the target: example( http://domain.com )
167. http://www.inae.gob.ec/
168. [!] IP Address : 190.214.11.74
169. [+] Operating System : CentOS
170. [!] www.inae.gob.ec doesn't seem to use a CMS
171. ---------------------------------------------------------------------------------------------------------------------------------------
172. [~] Trying to gather whois information for www.inae.gob.ec
173. [+] Whois information found
174. [-] Unable to build response, visit https://who.is/whois/www.inae.gob.ec
175. ---------------------------------------------------------------------------------------------------------------------------------------
176. PORT STATE SERVICE
177. 21/tcp filtered ftp
178. 22/tcp filtered ssh
179. 23/tcp filtered telnet
180. 80/tcp open http
181. 110/tcp filtered pop3
182. 143/tcp filtered imap
183. 443/tcp filtered https
184. 3389/tcp filtered ms-wbt-server
185. Nmap done: 1 IP address (1 host up) scanned in 2.36 seconds
186. ---------------------------------------------------------------------------------------------------------------------------------------
187. There was an error getting results
188.  
189. [-] DNS Records
190. [>] Initiating 3 intel modules
191. [>] Loading Alpha module (1/3)
192. [>] Beta module deployed (2/3)
193. [>] Gamma module initiated (3/3)
194.  
195.  
196. [+] Emails found:
197. ---------------------------------------------------------------------------------------------------------------------------------------
198. pixel-1556542231560544-web-@www.inae.gob.ec
199. No hosts found
200. [+] Virtual hosts:
201. ---------------------------------------------------------------------------------------------------------------------------------------
202. #######################################################################################################################################
203. =======================================================================================================================================
204. | E-mails:
205. | [+] E-mail Found: hmartinez@inae.gob.ec
206. | [+] E-mail Found: pocket@2x.png
207. | [+] E-mail Found: enhanced-distribution@2x.png
208. | [+] E-mail Found: humbedooh@apache.org
209. | [+] E-mail Found: gdoming@espol.edu.ec
210. | [+] E-mail Found: bl44tkip@gmail.com
211. | [+] E-mail Found: omalvara@espol.edu.ec
212. | [+] E-mail Found: info@jumping-duck.com
213. | [+] E-mail Found: mgonzal@espol.edu.ec
214. | [+] E-mail Found: sharing-hidden@2x.png
215. | [+] E-mail Found: dialog-separator@2x.png
216. | [+] E-mail Found: linkedin-nocount@2x.png
217. | [+] E-mail Found: jproanio@inae.gob.ec
218. | [+] E-mail Found: smart-pocket@2x.png
219. | [+] E-mail Found: digg@2x.png
220. | [+] E-mail Found: info@huge-it.com,
221. | [+] E-mail Found: info@nao-net.com
222. | [+] E-mail Found: rss@2x.png
223. | [+] E-mail Found: dinal.shirts@gmail.com
224. | [+] E-mail Found: allen.macias@inocar.mil.ec
225. | [+] E-mail Found: arturocad@hotmail.com
226. | [+] E-mail Found: smart-skype@2x.png
227. | [+] E-mail Found: more@2x.png
228. | [+] E-mail Found: lmolina@inae.gob.ec
229. | [+] E-mail Found: caray@inae.gob.ec
230. | [+] E-mail Found: 181138991@qq.com
231. | [+] E-mail Found: ambranomzambrano@inae.gob.ec
232. | [+] E-mail Found: contact-form@2x.png
233. | [+] E-mail Found: after-the-deadline@2x.png
234. | [+] E-mail Found: info@1245.ru
235. | [+] E-mail Found: jsamaniego@inae.gob.ec
236. | [+] E-mail Found: smart-stumbleupon@2x.png
237. | [+] E-mail Found: averah@inae.gob.ec
238. | [+] E-mail Found: wordpress@2x.png
239. | [+] E-mail Found: maria.gamboa@inocar.mil.ec
240. | [+] E-mail Found: sulym.roman@gmail.com
241. | [+] E-mail Found: daniel.koskinen@gmail.com
242. | [+] E-mail Found: m@tidakada.com
243. | [+] E-mail Found: antillajcedeno@inae.gob.ec
244. | [+] E-mail Found: jriofrio@inae.gob.ec
245. | [+] E-mail Found: chosen-sprite@2x.png
246. | [+] E-mail Found: smart-facebook@2x.png
247. | [+] E-mail Found: teonia@utn.edu.ec
248. | [+] E-mail Found: jorellana@inae.gob.ec
249. | [+] E-mail Found: linkedin@2x.png
250. | [+] E-mail Found: inae@inae.gob.ec
251. | [+] E-mail Found: kevinh@kevcom.com
252. | [+] E-mail Found: smart-twitter@2x.png
253. | [+] E-mail Found: smart-like@2x.png
254. | [+] E-mail Found: nzamora@inae.gob.ec
255. | [+] E-mail Found: jcedeno@inae.gob.ec
256. | [+] E-mail Found: reddit@2x.png
257. | [+] E-mail Found: danicajiao@gmail.com
258. | [+] E-mail Found: support@siteorigin.com
259. | [+] E-mail Found: comments@2x.png
260. | [+] E-mail Found: info@getid3.org
261. | [+] E-mail Found: mauro.mascarenhas@nintersoft.ml
262. | [+] E-mail Found: mamsds@live.com
263. | [+] E-mail Found: print@2x.png
264. | [+] E-mail Found: cmb-icon-remove@2x.png
265. | [+] E-mail Found: susanmvillalta@gmail.com
266. | [+] E-mail Found: googleplus1@2x.png
267. | [+] E-mail Found: facebook@2x.png
268. | [+] E-mail Found: divider@2x.png
269. | [+] E-mail Found: smart-digg@2x.png
270. | [+] E-mail Found: jomedina@inae.gob.ec
271. | [+] E-mail Found: aespinar@inae.gob.ec
272. | [+] E-mail Found: email@2x.png
273. | [+] E-mail Found: referencement@fb-graphiklab.com
274. | [+] E-mail Found: kindle@2x.png
275. | [+] E-mail Found: smart-googleplus1@2x.png
276. | [+] E-mail Found: dani@dani.fi
277. | [+] E-mail Found: mathewhendry@hotmail.com
278. | [+] E-mail Found: marisol.pizarror@usach.cl
279. | [+] E-mail Found: ymacio@inae.gob.ec
280. | [+] E-mail Found: jose.reyes@inocar.mil.ec
281. | [+] E-mail Found: contact@atar4u.com
282. | [+] E-mail Found: rodrigo.cortes@usach.cl
283. | [+] E-mail Found: mail@ferdinand-malcher.de
284. | [+] E-mail Found: linkedin-horizontal@2x.png
285. | [+] E-mail Found: linkedin-vertical@2x.png
286. | [+] E-mail Found: contacto@eltipografico.com
287. | [+] E-mail Found: jorge.nath@inocar.mil.ec
288. | [+] E-mail Found: mdctitan@gmail.com
289. | [+] E-mail Found: luis.caiza@mailigmgob.ec
290. | [+] E-mail Found: pinterest@2x.png
291. | [+] E-mail Found: mzambrano@inae.gob.ec
292. | [+] E-mail Found: custom@2x.png
293. | [+] E-mail Found: twitter@2x.png
294. | [+] E-mail Found: mike@hyperreal.org
295. | [+] E-mail Found: support@dreamsoft.no
296. | [+] E-mail Found: smart-pinterest@2x.png
297. | [+] E-mail Found: linkedin-smart@2x.png
298. | [+] E-mail Found: smart-reddit@2x.png
299. | [+] E-mail Found: jzuniga@inae.gob.ec
300. | [+] E-mail Found: giovanny.vergara@geograficomilitar.gob.ec
301. | [+] E-mail Found: scoral@inae.gob.ec
302. | [+] E-mail Found: mriofrio@inae.gob.ec
303. | [+] E-mail Found: info@huge-it.com
304. | [+] E-mail Found: smart-tumblr@2x.png
305. | [+] E-mail Found: tumblr@2x.png
306. | [+] E-mail Found: jpacheco@inae.gob.ec
307. | [+] E-mail Found: pcastro@inae.gob.ec
308. | [+] E-mail Found: mail@example.com
309. | [+] E-mail Found: eric@eamann.com
310. | [+] E-mail Found: draggy@2x.png
311. | [+] E-mail Found: hmoreano@gye.satnet.net
312. | [+] E-mail Found: roger@dreamsoft.no
313. =======================================================================================================================================
314. | External hosts:
315. | [+] External Host Found: http://wordpress.org
316. | [+] External Host Found: https://www.ccamlr.org
317. | [+] External Host Found: http://www.eltelegrafo.com.ec
318. | [+] External Host Found: http://site.com
319. | [+] External Host Found: https://www.ats.aq
320. | [+] External Host Found: https://www.eluniverso.com
321. | [+] External Host Found: https://twitter.com
322. | [+] External Host Found: http://www.elcomercio.com
323. | [+] External Host Found: https://es.unesco.org
324. | [+] External Host Found: http://www.ilo.org
325. | [+] External Host Found: https://www.researchgate.net
326. | [+] External Host Found: https://www.facebook.com
327. | [+] External Host Found: http://www.mysql.com
328. | [+] External Host Found: https://i1.wp.com
329. | [+] External Host Found: https://www.metaslider.com
330. | [+] External Host Found: https://codex.wordpress.org
331. | [+] External Host Found: http://www.socioempleo.gob.ec)
332. | [+] External Host Found: https://www.publimetro.cl
333. | [+] External Host Found: https://i0.wp.com
334. | [+] External Host Found: http://planet.wordpress.org
335. | [+] External Host Found: https://roundme.com
336. | [+] External Host Found: http://www.subpesca.cl
337. | [+] External Host Found: http://inae.gob.ec
338. | [+] External Host Found: https://siteorigin.com
339. | [+] External Host Found: https://wp.me
340. | [+] External Host Found: https://wordpress.org
341. | [+] External Host Found: http://codex.wordpress.org
342. | [+] External Host Found: http://www.expreso.ec
343. | [+] External Host Found: http://gmpg.org
344. | [+] External Host Found: http://es.wikipedia.org
345. | [+] External Host Found: http://www.biodiversity.aq
346. | [+] External Host Found: http://www.wpcolumns.com
347. | [+] External Host Found: https://github.com
348. | [+] External Host Found: https://s0.wp.com
349. | [+] External Host Found: https://secure.gravatar.com
350. | [+] External Host Found: https://www.scar.org
351. | [+] External Host Found: https://www.comnap.aq
352. | [+] External Host Found: http://expreso.ec
353. | [+] External Host Found: http://192.168.0.12
354. | [+] External Host Found: https://themepoints.com
355. | [+] External Host Found: http://www.persistenciathemovie.com
356. | [+] External Host Found: http://www.scar.org
357. | [+] External Host Found: https://scontent-lga3-1.xx.fbcdn.net
358. | [+] External Host Found: http://httpd.apache.org
359. | [+] External Host Found: https://www.lahora.com.ec
360. | [+] External Host Found: http://es.forums.wordpress.org
361. | [+] External Host Found: http://php.net
362. | [+] External Host Found: https://lahora.com.ec
363. | [+] External Host Found: http://comunidadplanetaazul.com
364. =======================================================================================================================================
365. #######################################################################################################################################
366. ; <<>> DiG 9.11.5-P4-3-Debian <<>> inae.gob.ec
367. ;; global options: +cmd
368. ;; Got answer:
369. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59663
370. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
371.  
372. ;; OPT PSEUDOSECTION:
373. ; EDNS: version: 0, flags:; udp: 4096
374. ;; QUESTION SECTION:
375. ;inae.gob.ec. IN A
376.  
377. ;; AUTHORITY SECTION:
378. inae.gob.ec. 3600 IN SOA root.andinanet.net. hostmaster.andinanet.net. 2018092401 14400 3600 604800 3600
379.  
380. ;; Query time: 65 msec
381. ;; SERVER: 38.132.106.139#53(38.132.106.139)
382. ;; WHEN: lun avr 29 10:32:11 EDT 2019
383. ;; MSG SIZE rcvd: 105
384. #######################################################################################################################################
385. ; <<>> DiG 9.11.5-P4-3-Debian <<>> +trace inae.gob.ec
386. ;; global options: +cmd
387. . 83086 IN NS k.root-servers.net.
388. . 83086 IN NS h.root-servers.net.
389. . 83086 IN NS i.root-servers.net.
390. . 83086 IN NS a.root-servers.net.
391. . 83086 IN NS m.root-servers.net.
392. . 83086 IN NS d.root-servers.net.
393. . 83086 IN NS g.root-servers.net.
394. . 83086 IN NS c.root-servers.net.
395. . 83086 IN NS l.root-servers.net.
396. . 83086 IN NS j.root-servers.net.
397. . 83086 IN NS b.root-servers.net.
398. . 83086 IN NS e.root-servers.net.
399. . 83086 IN NS f.root-servers.net.
400. . 83086 IN RRSIG NS 8 0 518400 20190512050000 20190429040000 25266 . bQWAaqwMGyuKJ43sy8YDogYmQbm0CPjSlIxhdSa5QhQXjWArYKeHpS/F oaoDGBoDxxTkNKDqhFp5NWZikNXGfzDr6VdYnWoRzhscK7gMC0UFdiLf HelwaJ8agLehlq9Hp6mX2AVUdTd0UfZcRioI3OS6azSMGEocNI96T4+9 AJ633UU62cSMEzxE/t+5U6p2Vc/JDwg4Ji9n9mPNJSN3oeBlyB4MXfLz 0/GpNbEagyWJOhWzpRyo4/DOTFxG8tyrnZWYLe88f8Brkdxm0AFg7xAh E55hO+57oGciCR0xffYvtJMX/oPll1Qa6tlGBBIZXtKwSsiktKA115Mw w6mLWQ==
401. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 31 ms
402.  
403. ec. 172800 IN NS sns-pb.isc.org.
404. ec. 172800 IN NS a.lactld.org.
405. ec. 172800 IN NS n3.dns.ec.
406. ec. 172800 IN NS n2.nic.ec.
407. ec. 86400 IN NSEC eco. NS RRSIG NSEC
408. ec. 86400 IN RRSIG NSEC 8 1 86400 20190512050000 20190429040000 25266 . AAKUGZvhFeyG7SUGomscjoUOE5zx2Ho+5hKKtKKq3PGxYrBYYB6zh93H 7C1zZdGvz4sr4PDcUVw9XrGTYK/E5nAphwuwTZvQA46Q6XBObaRm8n7a uSucjLzbzdCEi1q2BQKi/cWej6gJ3dpQ8UGwFxbofckxXRm8uRAEUgG2 o2S5BMIMl2lUDpFua1aRw6h4cN2TlCs0kgxWwP+LKWqvsgEby35m/a/p sqJ6jq2Y3Krj+w7857+uKFm7p9yJ7M1Zif+U3SitFPpAB7zBLSP+YtwI PE4l11/1coj+pVQn/M1G1IK0vBZ6ItdAGr74iTx6s5bGHLWWz8Mi0Oo9 dwrNNQ==
409. ;; Received 649 bytes from 192.33.4.12#53(c.root-servers.net) in 29 ms
410.  
411. inae.gob.ec. 129600 IN NS pichincha.andinanet.net.
412. inae.gob.ec. 129600 IN NS tungurahua.andinanet.net.
413. ;; Received 130 bytes from 2001:500:2e::1#53(sns-pb.isc.org) in 98 ms
414.  
415. inae.gob.ec. 3600 IN SOA root.andinanet.net. hostmaster.andinanet.net. 2018092401 14400 3600 604800 3600
416. ;; Received 105 bytes from 200.107.10.110#53(pichincha.andinanet.net) in 74 ms
417. #######################################################################################################################################
418. [*] Performing General Enumeration of Domain: inae.gob.ec
419. [-] DNSSEC is not configured for inae.gob.ec
420. [-] Error while resolving SOA record.
421. [-] Error while resolving SOA record.
422. [*] NS tungurahua.andinanet.net 200.107.10.110
423. [*] Bind Version for 200.107.10.110 3.2.2
424. [*] NS tungurahua.andinanet.net 2800:370:10::110
425. [*] Bind Version for 2800:370:10::110 3.2.2
426. [*] NS pichincha.andinanet.net 200.107.10.110
427. [*] Bind Version for 200.107.10.110 3.2.2
428. [*] NS pichincha.andinanet.net 2800:370:10::110
429. [*] Bind Version for 2800:370:10::110 3.2.2
430. [*] MX mail.inae.gob.ec 190.214.11.76
431. [*] Enumerating SRV Records
432. [-] No SRV Records Found for inae.gob.ec
433. [+] 0 Records Found
434. #######################################################################################################################################
435. [*] Processing domain inae.gob.ec
436. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
437. [+] Getting nameservers
438. 200.107.10.110 - tungurahua.andinanet.net
439. 200.107.10.110 - pichincha.andinanet.net
440. [-] Zone transfer failed
441.  
442. [+] MX records found, added to target list
443. 10 mail.inae.gob.ec.
444.  
445. [*] Scanning inae.gob.ec for A records
446. 190.214.11.76 - mail.inae.gob.ec
447. 190.214.11.74 - www.inae.gob.ec
448. #######################################################################################################################################
449. Ip Address Status Type Domain Name Server
450. ---------- ------ ---- ----------- ------
451. 190.214.11.76 host mail.inae.gob.ec
452. 190.214.11.74 200 host www.inae.gob.ec Apache/2.4.6 (CentOS) PHP/5.4.16
453. #######################################################################################################################################
454. [+] Testing domain
455. www.inae.gob.ec 190.214.11.74
456. [+] Dns resolving
457. No address associated with hostname inae.gob.ec
458. [+] Testing wildcard
459. Ok, no wildcard found.
460.  
461. [+] Scanning for subdomain on inae.gob.ec
462. [!] Wordlist not specified. I scannig with my internal wordlist...
463. Estimated time about 57.68 seconds
464.  
465. Subdomain Ip address Name server
466.  
467. mail.inae.gob.ec 190.214.11.76 76.11.214.190.static.anycast.cnt-grms.ec
468. www.inae.gob.ec 190.214.11.74 74.11.214.190.static.anycast.cnt-grms.ec
469.  
470. #######################################################################################################################################
471. ---------------------------------------------------------------------------------------------------------------------------------------
472. + Target IP: 190.214.11.74
473. + Target Hostname: www.inae.gob.ec
474. + Target Port: 80
475. + Start Time: 2019-04-29 09:24:52 (GMT-4)
476. ---------------------------------------------------------------------------------------------------------------------------------------
477. + Server: No banner retrieved
478. + Retrieved x-powered-by header: PHP/5.4.16
479. + The anti-clickjacking X-Frame-Options header is not present.
480. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
481. + Uncommon header 'link' found, with multiple values: (<http://www.inae.gob.ec/index.php/wp-json/>; rel="https://api.w.org/",<https://wp.me/P7hq3p-6>; rel=shortlink,)
482. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
483. + Server banner has changed from '' to 'Apache/2.4.6 (CentOS) PHP/5.4.16' which may suggest a WAF, load balancer or proxy is in place
484. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
485. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
486. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
487. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
488. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
489. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
490. + OSVDB-3268: /icons/: Directory indexing found.
491. + OSVDB-3233: /icons/README: Apache default file found.
492. + /wp-content/plugins/akismet/readme.txt: The WordPress Akismet plugin 'Tested up to' version usually matches the WordPress version
493. + /wp-links-opml.php: This WordPress script reveals the installed version.
494. + OSVDB-3092: /license.txt: License file found may identify site software.
495. + /: A Wordpress installation was found.
496. + Cookie wordpress_test_cookie created without the httponly flag
497. + OSVDB-3268: /wp-content/uploads/: Directory indexing found.
498. + /wp-content/uploads/: Wordpress uploads directory is browsable. This may reveal sensitive information
499. + 26589 requests: 0 error(s) and 20 item(s) reported on remote host
500. + End Time: 2019-04-29 10:48:09 (GMT-4) (4997 seconds)
501. ---------------------------------------------------------------------------------------------------------------------------------------
502. #######################################################################################################################################
503. dnsenum VERSION:1.2.4
504.  
505. ----- www.inae.gob.ec -----
506.  
507.  
508. Host's addresses:
509. __________________
510.  
511. www.inae.gob.ec. 7200 IN A 190.214.11.74
512.  
513.  
514. Name Servers:
515. ______________
516. #######################################################################################################################################
517. ===============================================
518. -=Subfinder v1.1.3 github.com/subfinder/subfinder
519. ===============================================
520.  
521.  
522. Running Source: Ask
523. Running Source: Archive.is
524. Running Source: Baidu
525. Running Source: Bing
526. Running Source: CertDB
527. Running Source: CertificateTransparency
528. Running Source: Certspotter
529. Running Source: Commoncrawl
530. Running Source: Crt.sh
531. Running Source: Dnsdb
532. Running Source: DNSDumpster
533. Running Source: DNSTable
534. Running Source: Dogpile
535. Running Source: Exalead
536. Running Source: Findsubdomains
537. Running Source: Googleter
538. Running Source: Hackertarget
539. Running Source: Ipv4Info
540. Running Source: PTRArchive
541. Running Source: Sitedossier
542. Running Source: Threatcrowd
543. Running Source: ThreatMiner
544. Running Source: WaybackArchive
545. Running Source: Yahoo
546.  
547. Running enumeration on www.inae.gob.ec
548.  
549. dnsdb: Unexpected return status 503
550.  
551. waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.www.inae.gob.ec/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
552.  
553. dogpile: Get https://www.dogpile.com/search/web?q=www.inae.gob.ec&qsi=1: EOF
554.  
555.  
556. Starting Bruteforcing of www.inae.gob.ec with 9985 words
557.  
558. Total 1 Unique subdomains found for www.inae.gob.ec
559.  
560. .www.inae.gob.ec
561. #######################################################################################################################################
562. [*] Processing domain www.inae.gob.ec
563. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
564. [+] Getting nameservers
565. [-] Getting nameservers failed
566. [-] Zone transfer failed
567.  
568. [*] Scanning www.inae.gob.ec for A records
569. 190.214.11.74 - www.inae.gob.ec
570. #######################################################################################################################################
571. [+] www.inae.gob.ec has no SPF record!
572. [*] No DMARC record found. Looking for organizational record
573. [+] No organizational DMARC record
574. [+] Spoofing possible for www.inae.gob.ec!
575. #######################################################################################################################################
576. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 09:34 EDT
577. Nmap scan report for www.inae.gob.ec (190.214.11.74)
578. Host is up (0.068s latency).
579. rDNS record for 190.214.11.74: 74.11.214.190.static.anycast.cnt-grms.ec
580. Not shown: 472 filtered ports, 3 closed ports
581. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
582. PORT STATE SERVICE
583. 80/tcp open http
584. #######################################################################################################################################
585. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 09:34 EDT
586. Nmap scan report for www.inae.gob.ec (190.214.11.74)
587. Host is up (0.025s latency).
588. rDNS record for 190.214.11.74: 74.11.214.190.static.anycast.cnt-grms.ec
589. Not shown: 2 filtered ports
590. PORT STATE SERVICE
591. 53/udp open|filtered domain
592. 67/udp open|filtered dhcps
593. 68/udp open|filtered dhcpc
594. 69/udp open|filtered tftp
595. 88/udp open|filtered kerberos-sec
596. 123/udp open|filtered ntp
597. 139/udp open|filtered netbios-ssn
598. 161/udp open|filtered snmp
599. 162/udp open|filtered snmptrap
600. 389/udp open|filtered ldap
601. 520/udp open|filtered route
602. 2049/udp open|filtered nfs
603. #######################################################################################################################################
604. http://www.inae.gob.ec/wp-content/themes/twentyten/languages/twentyten.pot ERROR: Timed out execution expired
605. http://www.inae.gob.ec [200 OK] Apache[2.4.6], Country[ECUADOR][EC], Email[inae@inae.gob.ec], Frame, HTML5, HTTPServer[CentOS][Apache/2.4.6 (CentOS) PHP/5.4.16], IP[190.214.11.74], JQuery[1.12.4], MetaGenerator[WordPress 4.7.3], Open-Graph-Protocol[website], PHP[5.4.16], PoweredBy[Shareaholic], Script[text/javascript], Title[Instituto Antártico Ecuatoriano &#8211; INAE], UncommonHeaders[link], WordPress[4.7,4.7.3], X-Powered-By[PHP/5.4.16], X-UA-Compatible[IE=10,IE=edge], YouTube
606. #######################################################################################################################################
607.  
608. wig - WebApp Information Gatherer
609.  
610.  
611. Scanning http://www.inae.gob.ec...
612. _______________________________ SITE INFO ________________________________
613. IP Title
614. 190.214.11.74 Instituto Antártico Ecuatoriano &#8211; INAE
615.  
616. ________________________________ VERSION _________________________________
617. Name Versions Type
618. WordPress 4.7 CMS
619. Apache 2.4.6 Platform
620. PHP 5.4.16 Platform
621. CentOS 7-1511 | 7.0-1406 | 7.1-1503 OS
622.  
623. ______________________________ INTERESTING _______________________________
624. URL Note Type
625. /readme.html Wordpress readme Interesting
626. /readme.html Readme file Interesting
627.  
628. _________________________________ TOOLS __________________________________
629. Name Link Software
630. wpscan https://github.com/wpscanteam/wpscan WordPress
631. CMSmap https://github.com/Dionach/CMSmap WordPress
632.  
633. __________________________________________________________________________
634. Time: 420.1 sec Urls: 824 Fingerprints: 40401
635. #######################################################################################################################################
636. HTTP/1.1 200 OK
637. Date: Mon, 29 Apr 2019 13:42:47 GMT
638. Server: Apache/2.4.6 (CentOS) PHP/5.4.16
639. X-Powered-By: PHP/5.4.16
640. X-UA-Compatible: IE=edge
641. Link: <http://www.inae.gob.ec/index.php/wp-json/>; rel="https://api.w.org/"
642. Link: <https://wp.me/P7hq3p-6>; rel=shortlink
643. Content-Type: text/html; charset=UTF-8
644.  
645. HTTP/1.1 200 OK
646. Date: Mon, 29 Apr 2019 13:42:50 GMT
647. Server: Apache/2.4.6 (CentOS) PHP/5.4.16
648. X-Powered-By: PHP/5.4.16
649. X-UA-Compatible: IE=edge
650. Link: <http://www.inae.gob.ec/index.php/wp-json/>; rel="https://api.w.org/"
651. Link: <https://wp.me/P7hq3p-6>; rel=shortlink
652. Content-Type: text/html; charset=UTF-8
653. #######################################################################################################################################
654. jQuery Migrate
655. Apache 2.4.6
656. Twitter
657. WordPress 4.7.3
658. jQuery 1.12.4
659. PHP 5.4.16
660. YouTube
661. CentOS
662. WordPress
663. X-UA-Compatible: IE=edge
664. #######################################################################################################################################
665. --------------------------------------------------------
666. <<<Yasuo discovered following vulnerable applications>>>
667. --------------------------------------------------------
668. +------------+-------------------------------------+--------------------------------------------------+----------+----------+
669. | App Name | URL to Application | Potential Exploit | Username | Password |
670. +------------+-------------------------------------+--------------------------------------------------+----------+----------+
671. | phpMyAdmin | http://190.214.11.74:80/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | | |
672. +------------+-------------------------------------+--------------------------------------------------+----------+----------+
673. #######################################################################################################################################
674. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:07 EDT
675. Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
676. Host is up (0.11s latency).
677. Not shown: 472 filtered ports, 3 closed ports
678. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
679. PORT STATE SERVICE
680. 80/tcp open http
681. #######################################################################################################################################
682. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:07 EDT
683. Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
684. Host is up (0.021s latency).
685. Not shown: 2 filtered ports
686. PORT STATE SERVICE
687. 53/udp open|filtered domain
688. 67/udp open|filtered dhcps
689. 68/udp open|filtered dhcpc
690. 69/udp open|filtered tftp
691. 88/udp open|filtered kerberos-sec
692. 123/udp open|filtered ntp
693. 139/udp open|filtered netbios-ssn
694. 161/udp open|filtered snmp
695. 162/udp open|filtered snmptrap
696. 389/udp open|filtered ldap
697. 520/udp open|filtered route
698. 2049/udp open|filtered nfs
699. #######################################################################################################################################
700. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:07 EDT
701. Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
702. Host is up (0.14s latency).
703.  
704. PORT STATE SERVICE VERSION
705. 67/udp open|filtered dhcps
706. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
707. Too many fingerprints match this host to give specific OS details
708. Network Distance: 13 hops
709.  
710. TRACEROUTE (using proto 1/icmp)
711. HOP RTT ADDRESS
712. 1 24.82 ms 10.247.200.1
713. 2 25.17 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
714. 3 46.60 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
715. 4 24.85 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
716. 5 24.99 ms motl-b1-link.telia.net (62.115.162.41)
717. 6 ...
718. 7 35.28 ms nyk-b6-link.telia.net (62.115.125.63)
719. 8 37.28 ms corporacionnacional-ic-326985-nyk-b6.c.telia.net (213.248.91.41)
720. 9 ...
721. 10 142.48 ms 190.152.253.154
722. 11 ... 12
723. 13 137.84 ms 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
724. #######################################################################################################################################
725. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:09 EDT
726. Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
727. Host is up (0.14s latency).
728.  
729. PORT STATE SERVICE VERSION
730. 68/udp open|filtered dhcpc
731. Too many fingerprints match this host to give specific OS details
732. Network Distance: 13 hops
733.  
734. TRACEROUTE (using proto 1/icmp)
735. HOP RTT ADDRESS
736. 1 961.47 ms 10.247.200.1
737. 2 964.59 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
738. 3 969.26 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
739. 4 962.11 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
740. 5 965.02 ms motl-b1-link.telia.net (62.115.162.41)
741. 6 ...
742. 7 969.10 ms nyk-b6-link.telia.net (62.115.125.63)
743. 8 969.23 ms corporacionnacional-ic-326985-nyk-b6.c.telia.net (213.248.91.41)
744. 9 ...
745. 10 1073.80 ms 190.152.253.154
746. 11 ... 12
747. 13 140.98 ms 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
748. #######################################################################################################################################
749. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:11 EDT
750. Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
751. Host is up (0.14s latency).
752.  
753. PORT STATE SERVICE VERSION
754. 69/udp open|filtered tftp
755. Too many fingerprints match this host to give specific OS details
756. Network Distance: 13 hops
757.  
758. TRACEROUTE (using proto 1/icmp)
759. HOP RTT ADDRESS
760. 1 27.33 ms 10.247.200.1
761. 2 22.19 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
762. 3 43.33 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
763. 4 22.16 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
764. 5 22.19 ms motl-b1-link.telia.net (62.115.162.41)
765. 6 ...
766. 7 32.74 ms nyk-b6-link.telia.net (62.115.125.63)
767. 8 34.35 ms corporacionnacional-ic-326985-nyk-b6.c.telia.net (213.248.91.41)
768. 9 ...
769. 10 139.84 ms 190.152.253.154
770. 11 ... 12
771. 13 138.62 ms 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
772. #######################################################################################################################################
773. http://190.214.11.74 [301 Moved Permanently] Apache[2.4.6], Country[ECUADOR][EC], HTTPServer[CentOS][Apache/2.4.6 (CentOS) PHP/5.4.16], IP[190.214.11.74], PHP[5.4.16], RedirectLocation[http://www.inae.gob.ec/], X-Powered-By[PHP/5.4.16], X-UA-Compatible[IE=edge]
774. http://www.inae.gob.ec/ [200 OK] Apache[2.4.6], Country[ECUADOR][EC], Email[inae@inae.gob.ec], Frame, HTML5, HTTPServer[CentOS][Apache/2.4.6 (CentOS) PHP/5.4.16], IP[190.214.11.74], JQuery[1.12.4], MetaGenerator[WordPress 4.7.3], Open-Graph-Protocol[website], PHP[5.4.16], PoweredBy[Shareaholic], Script[text/javascript], Title[Instituto Antártico Ecuatoriano &#8211; INAE], UncommonHeaders[link], WordPress[4.7,4.7.3], X-Powered-By[PHP/5.4.16], X-UA-Compatible[IE=10,IE=edge], YouTube
775. #######################################################################################################################################
776.  
777. wig - WebApp Information Gatherer
778.  
779.  
780. Scanning http://www.inae.gob.ec...
781. ______________________________ SITE INFO _______________________________
782. IP Title
783. 190.214.11.74 Instituto Antártico Ecuatoriano &#8211; INAE
784.  
785. _______________________________ VERSION ________________________________
786. Name Versions Type
787. WordPress 4.7 CMS
788. Apache 2.4.6 Platform
789. PHP 5.4.16 Platform
790. CentOS 7-1511 | 7.0-1406 | 7.1-1503 OS
791.  
792. _____________________________ INTERESTING ______________________________
793. URL Note Type
794. /readme.html Wordpress readme Interesting
795. /readme.html Readme file Interesting
796.  
797. ________________________________ TOOLS _________________________________
798. Name Link Software
799. wpscan https://github.com/wpscanteam/wpscan WordPress
800. CMSmap https://github.com/Dionach/CMSmap WordPress
801.  
802. ________________________________________________________________________
803. Time: 3.3 sec Urls: 826 Fingerprints: 40401
804. #######################################################################################################################################
805. HTTP/1.1 301 Moved Permanently
806. Date: Mon, 29 Apr 2019 14:14:02 GMT
807. Server: Apache/2.4.6 (CentOS) PHP/5.4.16
808. X-Powered-By: PHP/5.4.16
809. X-UA-Compatible: IE=edge
810. Location: http://www.inae.gob.ec/
811. Content-Type: text/html; charset=UTF-8
812.  
813. HTTP/1.1 301 Moved Permanently
814. Date: Mon, 29 Apr 2019 14:14:03 GMT
815. Server: Apache/2.4.6 (CentOS) PHP/5.4.16
816. X-Powered-By: PHP/5.4.16
817. X-UA-Compatible: IE=edge
818. Location: http://www.inae.gob.ec/
819. Content-Type: text/html; charset=UTF-8
820.  
821. HTTP/1.1 200 OK
822. Date: Mon, 29 Apr 2019 14:14:03 GMT
823. Server: Apache/2.4.6 (CentOS) PHP/5.4.16
824. X-Powered-By: PHP/5.4.16
825. X-UA-Compatible: IE=edge
826. Link: <http://www.inae.gob.ec/index.php/wp-json/>; rel="https://api.w.org/"
827. Link: <https://wp.me/P7hq3p-6>; rel=shortlink
828. Content-Type: text/html; charset=UTF-8
829. #######################################################################################################################################
830. jQuery Migrate
831. Apache 2.4.6
832. Twitter
833. WordPress 4.7.3
834. jQuery 1.12.4
835. PHP 5.4.16
836. YouTube
837. CentOS
838. WordPress
839. X-UA-Compatible: IE=edge
840. #######################################################################################################################################
841. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:14 EDT
842. Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
843. Host is up (0.14s latency).
844.  
845. PORT STATE SERVICE VERSION
846. 123/udp open|filtered ntp
847. Too many fingerprints match this host to give specific OS details
848. Network Distance: 13 hops
849.  
850. TRACEROUTE (using proto 1/icmp)
851. HOP RTT ADDRESS
852. 1 27.79 ms 10.247.200.1
853. 2 51.58 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
854. 3 39.58 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
855. 4 27.87 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
856. 5 27.93 ms motl-b1-link.telia.net (62.115.162.41)
857. 6 ...
858. 7 38.19 ms nyk-b6-link.telia.net (62.115.125.63)
859. 8 40.06 ms corporacionnacional-ic-326985-nyk-b6.c.telia.net (213.248.91.41)
860. 9 ...
861. 10 138.97 ms 190.152.253.154
862. 11 ... 12
863. 13 138.09 ms 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
864. #######################################################################################################################################
865. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:16 EDT
866. Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
867. Host is up (0.14s latency).
868.  
869. PORT STATE SERVICE VERSION
870. 161/tcp filtered snmp
871. 161/udp open|filtered snmp
872. Too many fingerprints match this host to give specific OS details
873. Network Distance: 13 hops
874.  
875. TRACEROUTE (using proto 1/icmp)
876. HOP RTT ADDRESS
877. 1 21.32 ms 10.247.200.1
878. 2 21.71 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
879. 3 32.65 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
880. 4 21.46 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
881. 5 21.49 ms motl-b1-link.telia.net (62.115.162.41)
882. 6 ...
883. 7 31.79 ms nyk-b6-link.telia.net (62.115.125.63)
884. 8 33.59 ms corporacionnacional-ic-326985-nyk-b6.c.telia.net (213.248.91.41)
885. 9 ...
886. 10 139.11 ms 190.152.253.154
887. 11 ... 12
888. 13 139.92 ms 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
889. #######################################################################################################################################
890. --------------------------------------------------------
891. <<<Yasuo discovered following vulnerable applications>>>
892. --------------------------------------------------------
893. +------------+-------------------------------------+--------------------------------------------------+----------+----------+
894. | App Name | URL to Application | Potential Exploit | Username | Password |
895. +------------+-------------------------------------+--------------------------------------------------+----------+----------+
896. | phpMyAdmin | http://190.214.11.74:80/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | | |
897. +------------+-------------------------------------+--------------------------------------------------+----------+----------+
898. #######################################################################################################################################
899. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:19 EDT
900. NSE: Loaded 148 scripts for scanning.
901. NSE: Script Pre-scanning.
902. NSE: Starting runlevel 1 (of 2) scan.
903. Initiating NSE at 10:19
904. Completed NSE at 10:19, 0.00s elapsed
905. NSE: Starting runlevel 2 (of 2) scan.
906. Initiating NSE at 10:19
907. Completed NSE at 10:19, 0.00s elapsed
908. Initiating Ping Scan at 10:19
909. Scanning 190.214.11.74 [4 ports]
910. Completed Ping Scan at 10:19, 0.17s elapsed (1 total hosts)
911. Initiating Parallel DNS resolution of 1 host. at 10:19
912. Completed Parallel DNS resolution of 1 host. at 10:19, 0.03s elapsed
913. Initiating Connect Scan at 10:19
914. Scanning 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74) [65535 ports]
915. Discovered open port 80/tcp on 190.214.11.74
916. Connect Scan Timing: About 7.34% done; ETC: 10:26 (0:06:32 remaining)
917. Connect Scan Timing: About 34.38% done; ETC: 10:22 (0:01:56 remaining)
918. Completed Connect Scan at 10:20, 104.46s elapsed (65535 total ports)
919. Initiating Service scan at 10:20
920. Scanning 1 service on 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
921. Completed Service scan at 10:21, 7.14s elapsed (1 service on 1 host)
922. Initiating OS detection (try #1) against 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
923. Retrying OS detection (try #2) against 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
924. Initiating Traceroute at 10:21
925. Completed Traceroute at 10:21, 3.04s elapsed
926. Initiating Parallel DNS resolution of 10 hosts. at 10:21
927. Completed Parallel DNS resolution of 10 hosts. at 10:21, 0.38s elapsed
928. NSE: Script scanning 190.214.11.74.
929. NSE: Starting runlevel 1 (of 2) scan.
930. Initiating NSE at 10:21
931. Completed NSE at 10:21, 14.26s elapsed
932. NSE: Starting runlevel 2 (of 2) scan.
933. Initiating NSE at 10:21
934. Completed NSE at 10:21, 0.00s elapsed
935. Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
936. Host is up, received echo-reply ttl 52 (0.11s latency).
937. Scanned at 2019-04-29 10:19:08 EDT for 135s
938. Not shown: 65531 filtered ports
939. Reason: 65531 no-responses
940. PORT STATE SERVICE REASON VERSION
941. 25/tcp closed smtp conn-refused
942. 80/tcp open http syn-ack Apache httpd 2.4.6 ((CentOS) PHP/5.4.16)
943. | http-methods:
944. |_ Supported Methods: GET HEAD POST OPTIONS
945. |_http-server-header: Apache/2.4.6 (CentOS) PHP/5.4.16
946. |_http-title: Did not follow redirect to http://www.inae.gob.ec/
947. 139/tcp closed netbios-ssn conn-refused
948. 445/tcp closed microsoft-ds conn-refused
949. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
950. Aggressive OS guesses: Linux 3.10 - 4.11 (92%), HP P2000 G3 NAS device (91%), Linux 3.2 - 4.9 (91%), Linux 3.16 - 4.6 (90%), Linux 2.6.32 (90%), Linux 2.6.32 - 3.1 (90%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (90%), Linux 3.7 (90%), Ubiquiti AirOS 5.5.9 (90%), Linux 4.4 (90%)
951. No exact OS matches for host (test conditions non-ideal).
952. TCP/IP fingerprint:
953. SCAN(V=7.70%E=4%D=4/29%OT=80%CT=25%CU=%PV=N%DS=13%DC=T%G=N%TM=5CC70863%P=x86_64-pc-linux-gnu)
954. SEQ(SP=105%GCD=1%ISR=108%TI=Z%CI=Z%II=I%TS=A)
955. OPS(O1=M44FST11NW7%O2=M44FST11NW7%O3=M44FNNT11NW7%O4=M44FST11NW7%O5=M44FST11NW7%O6=M44FST11)
956. WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
957. ECN(R=Y%DF=Y%TG=40%W=7210%O=M44FNNSNW7%CC=Y%Q=)
958. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
959. T2(R=N)
960. T3(R=N)
961. T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
962. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
963. T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
964. T7(R=N)
965. U1(R=N)
966. IE(R=Y%DFI=N%TG=40%CD=S)
967.  
968. Uptime guess: 0.961 days (since Sun Apr 28 11:17:38 2019)
969. Network Distance: 13 hops
970. TCP Sequence Prediction: Difficulty=261 (Good luck!)
971. IP ID Sequence Generation: All zeros
972.  
973. TRACEROUTE (using proto 1/icmp)
974. HOP RTT ADDRESS
975. 1 27.13 ms 10.247.200.1
976. 2 27.38 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
977. 3 43.86 ms irb-0.agg1.qc1.ca.m247.com (37.120.128.168)
978. 4 27.37 ms te-1-5-2-0.bb1.fra2.de.m247.com (82.102.29.44)
979. 5 21.65 ms motl-b1-link.telia.net (62.115.162.41)
980. 6 33.66 ms nyk-bb3-link.telia.net (62.115.137.142)
981. 7 32.29 ms nyk-b6-link.telia.net (62.115.125.63)
982. 8 33.73 ms corporacionnacional-ic-326985-nyk-b6.c.telia.net (213.248.91.41)
983. 9 ...
984. 10 139.54 ms 190.152.253.154
985. 11 ... 12
986. 13 138.26 ms 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
987.  
988. NSE: Script Post-scanning.
989. NSE: Starting runlevel 1 (of 2) scan.
990. Initiating NSE at 10:21
991. Completed NSE at 10:21, 0.00s elapsed
992. NSE: Starting runlevel 2 (of 2) scan.
993. Initiating NSE at 10:21
994. Completed NSE at 10:21, 0.00s elapsed
995. Read data files from: /usr/bin/../share/nmap
996. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
997. Nmap done: 1 IP address (1 host up) scanned in 135.81 seconds
998. Raw packets sent: 85 (6.736KB) | Rcvd: 111 (24.961KB)
999. #######################################################################################################################################
1000. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 10:21 EDT
1001. NSE: Loaded 148 scripts for scanning.
1002. NSE: Script Pre-scanning.
1003. Initiating NSE at 10:21
1004. Completed NSE at 10:21, 0.00s elapsed
1005. Initiating NSE at 10:21
1006. Completed NSE at 10:21, 0.00s elapsed
1007. Initiating Parallel DNS resolution of 1 host. at 10:21
1008. Completed Parallel DNS resolution of 1 host. at 10:21, 0.03s elapsed
1009. Initiating UDP Scan at 10:21
1010. Scanning 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74) [14 ports]
1011. Completed UDP Scan at 10:21, 1.26s elapsed (14 total ports)
1012. Initiating Service scan at 10:21
1013. Scanning 12 services on 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
1014. Service scan Timing: About 8.33% done; ETC: 10:41 (0:17:58 remaining)
1015. Completed Service scan at 10:23, 102.59s elapsed (12 services on 1 host)
1016. Initiating OS detection (try #1) against 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
1017. Retrying OS detection (try #2) against 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
1018. Initiating Traceroute at 10:23
1019. Completed Traceroute at 10:23, 7.10s elapsed
1020. Initiating Parallel DNS resolution of 1 host. at 10:23
1021. Completed Parallel DNS resolution of 1 host. at 10:23, 0.01s elapsed
1022. NSE: Script scanning 190.214.11.74.
1023. Initiating NSE at 10:23
1024. Completed NSE at 10:23, 20.36s elapsed
1025. Initiating NSE at 10:23
1026. Completed NSE at 10:23, 1.02s elapsed
1027. Nmap scan report for 74.11.214.190.static.anycast.cnt-grms.ec (190.214.11.74)
1028. Host is up (0.025s latency).
1029.  
1030. PORT STATE SERVICE VERSION
1031. 53/udp open|filtered domain
1032. 67/udp open|filtered dhcps
1033. 68/udp open|filtered dhcpc
1034. 69/udp open|filtered tftp
1035. 88/udp open|filtered kerberos-sec
1036. 123/udp open|filtered ntp
1037. 137/udp filtered netbios-ns
1038. 138/udp filtered netbios-dgm
1039. 139/udp open|filtered netbios-ssn
1040. 161/udp open|filtered snmp
1041. 162/udp open|filtered snmptrap
1042. 389/udp open|filtered ldap
1043. 520/udp open|filtered route
1044. 2049/udp open|filtered nfs
1045. Too many fingerprints match this host to give specific OS details
1046.  
1047. TRACEROUTE (using port 137/udp)
1048. HOP RTT ADDRESS
1049. 1 ... 3
1050. 4 20.02 ms 10.247.200.1
1051. 5 26.21 ms 10.247.200.1
1052. 6 26.20 ms 10.247.200.1
1053. 7 26.19 ms 10.247.200.1
1054. 8 26.18 ms 10.247.200.1
1055. 9 26.19 ms 10.247.200.1
1056. 10 26.19 ms 10.247.200.1
1057. 11 ... 15
1058. 16 21.91 ms 10.247.200.1
1059. 17 ... 18
1060. 19 19.85 ms 10.247.200.1
1061. 20 20.82 ms 10.247.200.1
1062. 21 21.12 ms 10.247.200.1
1063. 22 ... 29
1064. 30 19.91 ms 10.247.200.1
1065.  
1066. NSE: Script Post-scanning.
1067. Initiating NSE at 10:23
1068. Completed NSE at 10:23, 0.00s elapsed
1069. Initiating NSE at 10:23
1070. Completed NSE at 10:23, 0.00s elapsed
1071. Read data files from: /usr/bin/../share/nmap
1072. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1073. Nmap done: 1 IP address (1 host up) scanned in 135.49 seconds
1074. Raw packets sent: 147 (13.614KB) | Rcvd: 117 (21.802KB)
1075. #######################################################################################################################################
1076. [+] URL: http://www.inae.gob.ec/
1077. [+] Started: Mon Apr 29 07:56:57 2019
1078.  
1079. Interesting Finding(s):
1080.  
1081. [+] http://www.inae.gob.ec/
1082. | Interesting Entries:
1083. | - X-Powered-By: PHP/5.4.16
1084. | - X-UA-Compatible: IE=edge
1085. | Found By: Headers (Passive Detection)
1086. | Confidence: 100%
1087.  
1088. [+] http://www.inae.gob.ec/xmlrpc.php
1089. | Found By: Link Tag (Passive Detection)
1090. | Confidence: 100%
1091. | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
1092. | References:
1093. | - http://codex.wordpress.org/XML-RPC_Pingback_API
1094. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
1095. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
1096. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
1097. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
1098.  
1099. [+] http://www.inae.gob.ec/readme.html
1100. | Found By: Direct Access (Aggressive Detection)
1101. | Confidence: 100%
1102.  
1103. [+] Registration is enabled: http://www.inae.gob.ec/wp-login.php?action=register
1104. | Found By: Direct Access (Aggressive Detection)
1105. | Confidence: 100%
1106.  
1107. [+] Upload directory has listing enabled: http://www.inae.gob.ec/wp-content/uploads/
1108. | Found By: Direct Access (Aggressive Detection)
1109. | Confidence: 100%
1110.  
1111. [+] http://www.inae.gob.ec/wp-cron.php
1112. | Found By: Direct Access (Aggressive Detection)
1113. | Confidence: 60%
1114. | References:
1115. | - https://www.iplocation.net/defend-wordpress-from-ddos
1116. | - https://github.com/wpscanteam/wpscan/issues/1299
1117.  
1118. [+] WordPress version 4.7.3 identified (Insecure, released on 2017-03-06).
1119. | Detected By: Rss Generator (Passive Detection)
1120. | - http://www.inae.gob.ec/index.php/feed/, <generator>https://wordpress.org/?v=4.7.3</generator>
1121. | - http://www.inae.gob.ec/index.php/comments/feed/, <generator>https://wordpress.org/?v=4.7.3</generator>
1122. |
1123. | [!] 34 vulnerabilities identified:
1124. |
1125. | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
1126. | References:
1127. | - https://wpvulndb.com/vulnerabilities/8807
1128. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
1129. | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
1130. | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
1131. | - https://core.trac.wordpress.org/ticket/25239
1132. |
1133. | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
1134. | Fixed in: 4.7.5
1135. | References:
1136. | - https://wpvulndb.com/vulnerabilities/8815
1137. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
1138. | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
1139. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
1140. |
1141. | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
1142. | Fixed in: 4.7.5
1143. | References:
1144. | - https://wpvulndb.com/vulnerabilities/8816
1145. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
1146. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
1147. | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
1148. |
1149. | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
1150. | Fixed in: 4.7.5
1151. | References:
1152. | - https://wpvulndb.com/vulnerabilities/8817
1153. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
1154. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
1155. | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
1156. |
1157. | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
1158. | Fixed in: 4.7.5
1159. | References:
1160. | - https://wpvulndb.com/vulnerabilities/8818
1161. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
1162. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
1163. | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
1164. | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
1165. |
1166. | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
1167. | Fixed in: 4.7.5
1168. | References:
1169. | - https://wpvulndb.com/vulnerabilities/8819
1170. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
1171. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
1172. | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
1173. | - https://hackerone.com/reports/203515
1174. | - https://hackerone.com/reports/203515
1175. |
1176. | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
1177. | Fixed in: 4.7.5
1178. | References:
1179. | - https://wpvulndb.com/vulnerabilities/8820
1180. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
1181. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
1182. | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
1183. |
1184. | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
1185. | Fixed in: 4.7.6
1186. | References:
1187. | - https://wpvulndb.com/vulnerabilities/8905
1188. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1189. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
1190. | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
1191. |
1192. | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
1193. | Fixed in: 4.7.5
1194. | References:
1195. | - https://wpvulndb.com/vulnerabilities/8906
1196. | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
1197. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1198. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
1199. | - https://wpvulndb.com/vulnerabilities/8905
1200. |
1201. | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
1202. | Fixed in: 4.7.6
1203. | References:
1204. | - https://wpvulndb.com/vulnerabilities/8910
1205. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
1206. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1207. | - https://core.trac.wordpress.org/changeset/41398
1208. |
1209. | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
1210. | Fixed in: 4.7.6
1211. | References:
1212. | - https://wpvulndb.com/vulnerabilities/8911
1213. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
1214. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1215. | - https://core.trac.wordpress.org/changeset/41457
1216. |
1217. | [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer
1218. | Fixed in: 4.7.6
1219. | References:
1220. | - https://wpvulndb.com/vulnerabilities/8912
1221. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
1222. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1223. | - https://core.trac.wordpress.org/changeset/41397
1224. |
1225. | [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
1226. | Fixed in: 4.7.6
1227. | References:
1228. | - https://wpvulndb.com/vulnerabilities/8913
1229. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
1230. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1231. | - https://core.trac.wordpress.org/changeset/41448
1232. |
1233. | [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
1234. | Fixed in: 4.7.6
1235. | References:
1236. | - https://wpvulndb.com/vulnerabilities/8914
1237. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
1238. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1239. | - https://core.trac.wordpress.org/changeset/41395
1240. | - https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
1241. |
1242. | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
1243. | Fixed in: 4.7.7
1244. | References:
1245. | - https://wpvulndb.com/vulnerabilities/8941
1246. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
1247. | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
1248. | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
1249. | - https://twitter.com/ircmaxell/status/923662170092638208
1250. | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
1251. |
1252. | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
1253. | Fixed in: 4.7.8
1254. | References:
1255. | - https://wpvulndb.com/vulnerabilities/8966
1256. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
1257. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
1258. | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
1259. |
1260. | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
1261. | Fixed in: 4.7.8
1262. | References:
1263. | - https://wpvulndb.com/vulnerabilities/8967
1264. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
1265. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
1266. | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
1267. |
1268. | [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
1269. | Fixed in: 4.7.8
1270. | References:
1271. | - https://wpvulndb.com/vulnerabilities/8968
1272. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
1273. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
1274. | - https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
1275. |
1276. | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
1277. | Fixed in: 4.7.8
1278. | References:
1279. | - https://wpvulndb.com/vulnerabilities/8969
1280. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
1281. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
1282. | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
1283. |
1284. | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
1285. | Fixed in: 4.7.9
1286. | References:
1287. | - https://wpvulndb.com/vulnerabilities/9006
1288. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
1289. | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
1290. | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
1291. | - https://core.trac.wordpress.org/ticket/42720
1292. |
1293. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
1294. | References:
1295. | - https://wpvulndb.com/vulnerabilities/9021
1296. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
1297. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
1298. | - https://github.com/quitten/doser.py
1299. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
1300. |
1301. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
1302. | Fixed in: 4.7.10
1303. | References:
1304. | - https://wpvulndb.com/vulnerabilities/9053
1305. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
1306. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1307. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
1308. |
1309. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
1310. | Fixed in: 4.7.10
1311. | References:
1312. | - https://wpvulndb.com/vulnerabilities/9054
1313. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
1314. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1315. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
1316. |
1317. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
1318. | Fixed in: 4.7.10
1319. | References:
1320. | - https://wpvulndb.com/vulnerabilities/9055
1321. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
1322. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1323. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
1324. |
1325. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
1326. | Fixed in: 4.7.11
1327. | References:
1328. | - https://wpvulndb.com/vulnerabilities/9100
1329. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
1330. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
1331. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
1332. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
1333. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
1334. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
1335. |
1336. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
1337. | Fixed in: 4.7.12
1338. | References:
1339. | - https://wpvulndb.com/vulnerabilities/9169
1340. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
1341. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1342. |
1343. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
1344. | Fixed in: 4.7.12
1345. | References:
1346. | - https://wpvulndb.com/vulnerabilities/9170
1347. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
1348. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1349. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
1350. |
1351. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
1352. | Fixed in: 4.7.12
1353. | References:
1354. | - https://wpvulndb.com/vulnerabilities/9171
1355. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
1356. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1357. |
1358. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
1359. | Fixed in: 4.7.12
1360. | References:
1361. | - https://wpvulndb.com/vulnerabilities/9172
1362. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
1363. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1364. |
1365. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
1366. | Fixed in: 4.7.12
1367. | References:
1368. | - https://wpvulndb.com/vulnerabilities/9173
1369. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
1370. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1371. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
1372. |
1373. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
1374. | Fixed in: 4.7.12
1375. | References:
1376. | - https://wpvulndb.com/vulnerabilities/9174
1377. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
1378. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1379. |
1380. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
1381. | Fixed in: 4.7.12
1382. | References:
1383. | - https://wpvulndb.com/vulnerabilities/9175
1384. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
1385. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1386. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
1387. |
1388. | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
1389. | Fixed in: 5.0.1
1390. | References:
1391. | - https://wpvulndb.com/vulnerabilities/9222
1392. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
1393. | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
1394. |
1395. | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
1396. | Fixed in: 4.7.13
1397. | References:
1398. | - https://wpvulndb.com/vulnerabilities/9230
1399. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
1400. | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
1401. | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
1402. | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
1403.  
1404. [+] WordPress theme in use: vantage
1405. | Location: http://www.inae.gob.ec/wp-content/themes/vantage/
1406. | Last Updated: 2019-04-22T00:00:00.000Z
1407. | Readme: http://www.inae.gob.ec/wp-content/themes/vantage/readme.txt
1408. | [!] The version is out of date, the latest version is 1.10.1
1409. | Style URL: http://www.inae.gob.ec/wp-content/themes/vantage/style.css?ver=1.7.8
1410. | Style Name: Vantage
1411. | Style URI: https://siteorigin.com/theme/vantage/
1412. | Description: Vantage is a flexible multipurpose theme. Its strength lies in its tight integration with some power...
1413. | Author: SiteOrigin
1414. | Author URI: https://siteorigin.com/
1415. |
1416. | Detected By: Css Style (Passive Detection)
1417. |
1418. | Version: 1.7.8 (80% confidence)
1419. | Detected By: Style (Passive Detection)
1420. | - http://www.inae.gob.ec/wp-content/themes/vantage/style.css?ver=1.7.8, Match: 'Version: 1.7.8'
1421.  
1422. [+] Enumerating All Plugins (via Passive Methods)
1423. [+] Checking Plugin Versions (via Passive and Aggressive Methods)
1424.  
1425. [i] Plugin(s) Identified:
1426.  
1427. [+] accordions-wp
1428. | Location: http://www.inae.gob.ec/wp-content/plugins/accordions-wp/
1429. | Latest Version: 2.4 (up to date)
1430. | Last Updated: 2018-08-13T12:06:00.000Z
1431. |
1432. | Detected By: Urls In Homepage (Passive Detection)
1433. |
1434. | Version: 2.4 (100% confidence)
1435. | Detected By: Readme - Stable Tag (Aggressive Detection)
1436. | - http://www.inae.gob.ec/wp-content/plugins/accordions-wp/readme.txt
1437. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
1438. | - http://www.inae.gob.ec/wp-content/plugins/accordions-wp/readme.txt
1439.  
1440. [+] advanced-wp-columns
1441. | Location: http://www.inae.gob.ec/wp-content/plugins/advanced-wp-columns/
1442. | Last Updated: 2015-12-28T03:37:00.000Z
1443. | [!] The version is out of date, the latest version is 2.0.6
1444. |
1445. | Detected By: Urls In Homepage (Passive Detection)
1446. |
1447. | Version: 2.0 (80% confidence)
1448. | Detected By: Readme - Stable Tag (Aggressive Detection)
1449. | - http://www.inae.gob.ec/wp-content/plugins/advanced-wp-columns/readme.txt
1450.  
1451. [+] arconix-shortcodes
1452. | Location: http://www.inae.gob.ec/wp-content/plugins/arconix-shortcodes/
1453. | Last Updated: 2018-12-14T06:30:00.000Z
1454. | [!] The version is out of date, the latest version is 2.1.6
1455. |
1456. | Detected By: Urls In Homepage (Passive Detection)
1457. |
1458. | Version: 2.0.4 (100% confidence)
1459. | Detected By: Query Parameter (Passive Detection)
1460. | - http://www.inae.gob.ec/wp-content/plugins/arconix-shortcodes/includes/css/arconix-shortcodes.min.css?ver=2.0.4
1461. | Confirmed By:
1462. | Readme - Stable Tag (Aggressive Detection)
1463. | - http://www.inae.gob.ec/wp-content/plugins/arconix-shortcodes/readme.txt
1464. | Readme - ChangeLog Section (Aggressive Detection)
1465. | - http://www.inae.gob.ec/wp-content/plugins/arconix-shortcodes/readme.txt
1466.  
1467. [+] fuse-social-floating-sidebar
1468. | Location: http://www.inae.gob.ec/wp-content/plugins/fuse-social-floating-sidebar/
1469. | Last Updated: 2019-03-09T11:43:00.000Z
1470. | [!] The version is out of date, the latest version is 4.0
1471. |
1472. | Detected By: Urls In Homepage (Passive Detection)
1473. |
1474. | Version: 2.0 (80% confidence)
1475. | Detected By: Readme - Stable Tag (Aggressive Detection)
1476. | - http://www.inae.gob.ec/wp-content/plugins/fuse-social-floating-sidebar/readme.txt
1477.  
1478. [+] imagemapper
1479. | Location: http://www.inae.gob.ec/wp-content/plugins/imagemapper/
1480. | Latest Version: 1.2.6 (up to date)
1481. | Last Updated: 2016-04-20T09:52:00.000Z
1482. |
1483. | Detected By: Urls In Homepage (Passive Detection)
1484. |
1485. | Version: 1.2.6 (100% confidence)
1486. | Detected By: Readme - Stable Tag (Aggressive Detection)
1487. | - http://www.inae.gob.ec/wp-content/plugins/imagemapper/readme.txt
1488. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
1489. | - http://www.inae.gob.ec/wp-content/plugins/imagemapper/readme.txt
1490.  
1491. [+] jetpack
1492. | Location: http://www.inae.gob.ec/wp-content/plugins/jetpack/
1493. | Last Updated: 2019-04-04T21:00:00.000Z
1494. | [!] The version is out of date, the latest version is 7.2.1
1495. |
1496. | Detected By: Urls In Homepage (Passive Detection)
1497. |
1498. | [!] 1 vulnerability identified:
1499. |
1500. | [!] Title: Jetpack <= 6.4.2 - Authenticated Stored Cross-Site Scripting (XSS)
1501. | Fixed in: 6.5
1502. | References:
1503. | - https://wpvulndb.com/vulnerabilities/9168
1504. | - https://www.ripstech.com/php-security-calendar-2018/#day-11
1505. |
1506. | Version: 6.3.3 (100% confidence)
1507. | Detected By: Query Parameter (Passive Detection)
1508. | - http://www.inae.gob.ec/wp-content/plugins/jetpack/css/jetpack.css?ver=6.3.3
1509. | Confirmed By:
1510. | Readme - Stable Tag (Aggressive Detection)
1511. | - http://www.inae.gob.ec/wp-content/plugins/jetpack/readme.txt
1512. | Readme - ChangeLog Section (Aggressive Detection)
1513. | - http://www.inae.gob.ec/wp-content/plugins/jetpack/readme.txt
1514.  
1515. [+] jquery-mega-menu
1516. | Location: http://www.inae.gob.ec/wp-content/plugins/jquery-mega-menu/
1517. | Latest Version: 1.3.10 (up to date)
1518. | Last Updated: 2012-11-02T16:20:00.000Z
1519. |
1520. | Detected By: Urls In Homepage (Passive Detection)
1521. |
1522. | [!] 1 vulnerability identified:
1523. |
1524. | [!] Title: jQuery Mega Menu 1.0 - Local File Inclusion
1525. | References:
1526. | - https://wpvulndb.com/vulnerabilities/6417
1527. | - https://www.exploit-db.com/exploits/16250/
1528. |
1529. | Version: 1.3.10 (100% confidence)
1530. | Detected By: Readme - Stable Tag (Aggressive Detection)
1531. | - http://www.inae.gob.ec/wp-content/plugins/jquery-mega-menu/readme.txt
1532. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
1533. | - http://www.inae.gob.ec/wp-content/plugins/jquery-mega-menu/readme.txt
1534.  
1535. [+] ml-slider
1536. | Location: http://www.inae.gob.ec/wp-content/plugins/ml-slider/
1537. | Last Updated: 2019-03-25T15:15:00.000Z
1538. | [!] The version is out of date, the latest version is 3.12.1
1539. |
1540. | Detected By: Urls In Homepage (Passive Detection)
1541. |
1542. | Version: 3.10.0 (80% confidence)
1543. | Detected By: Readme - Stable Tag (Aggressive Detection)
1544. | - http://www.inae.gob.ec/wp-content/plugins/ml-slider/readme.txt
1545.  
1546. [+] shareaholic
1547. | Location: http://www.inae.gob.ec/wp-content/plugins/shareaholic/
1548. | Last Updated: 2019-04-18T22:46:00.000Z
1549. | [!] The version is out of date, the latest version is 8.12.4
1550. |
1551. | Detected By: Meta Tag (Passive Detection)
1552. |
1553. | Version: 8.0.1 (100% confidence)
1554. | Detected By: Meta Tag (Passive Detection)
1555. | - http://www.inae.gob.ec/, Match: '8.0.1'
1556. | Confirmed By:
1557. | Readme - Stable Tag (Aggressive Detection)
1558. | - http://www.inae.gob.ec/wp-content/plugins/shareaholic/readme.txt
1559. | Readme - ChangeLog Section (Aggressive Detection)
1560. | - http://www.inae.gob.ec/wp-content/plugins/shareaholic/readme.txt
1561.  
1562. [+] siteorigin-panels
1563. | Location: http://www.inae.gob.ec/wp-content/plugins/siteorigin-panels/
1564. | Last Updated: 2019-04-06T00:55:00.000Z
1565. | [!] The version is out of date, the latest version is 2.10.5
1566. |
1567. | Detected By: Urls In Homepage (Passive Detection)
1568. |
1569. | Version: 2.7.2 (100% confidence)
1570. | Detected By: Readme - Stable Tag (Aggressive Detection)
1571. | - http://www.inae.gob.ec/wp-content/plugins/siteorigin-panels/readme.txt
1572. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
1573. | - http://www.inae.gob.ec/wp-content/plugins/siteorigin-panels/readme.txt
1574.  
1575. [+] so-widgets-bundle
1576. | Location: http://www.inae.gob.ec/wp-content/plugins/so-widgets-bundle/
1577. | Last Updated: 2019-03-27T20:27:00.000Z
1578. | [!] The version is out of date, the latest version is 1.15.4
1579. |
1580. | Detected By: Urls In Homepage (Passive Detection)
1581. |
1582. | Version: 1.9.2 (80% confidence)
1583. | Detected By: Readme - Stable Tag (Aggressive Detection)
1584. | - http://www.inae.gob.ec/wp-content/plugins/so-widgets-bundle/readme.txt
1585.  
1586. [+] wp-publication-archive
1587. | Location: http://www.inae.gob.ec/wp-content/plugins/wp-publication-archive/
1588. | Latest Version: 3.0.1 (up to date)
1589. | Last Updated: 2013-07-25T18:04:00.000Z
1590. |
1591. | Detected By: Urls In Homepage (Passive Detection)
1592. |
1593. | Version: 3.0.1 (80% confidence)
1594. | Detected By: Readme - Stable Tag (Aggressive Detection)
1595. | - http://www.inae.gob.ec/wp-content/plugins/wp-publication-archive/readme.txt
1596.  
1597. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
1598. Checking Config Backups - Time: 00:00:02 <=============> (21 / 21) 100.00% Time: 00:00:02
1599.  
1600. [i] No Config Backups Found.
1601.  
1602.  
1603. [+] Finished: Mon Apr 29 07:57:20 2019
1604. [+] Requests Done: 73
1605. [+] Cached Requests: 5
1606. [+] Data Sent: 14.342 KB
1607. [+] Data Received: 525.88 KB
1608. [+] Memory used: 170.77 MB
1609. [+] Elapsed time: 00:00:22
1610. #######################################################################################################################################
1611. [+] URL: http://www.inae.gob.ec/
1612. [+] Started: Mon Apr 29 07:56:59 2019
1613.  
1614. Interesting Finding(s):
1615.  
1616. [+] http://www.inae.gob.ec/
1617. | Interesting Entries:
1618. | - X-Powered-By: PHP/5.4.16
1619. | - X-UA-Compatible: IE=edge
1620. | Found By: Headers (Passive Detection)
1621. | Confidence: 100%
1622.  
1623. [+] http://www.inae.gob.ec/xmlrpc.php
1624. | Found By: Link Tag (Passive Detection)
1625. | Confidence: 100%
1626. | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
1627. | References:
1628. | - http://codex.wordpress.org/XML-RPC_Pingback_API
1629. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
1630. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
1631. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
1632. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
1633.  
1634. [+] http://www.inae.gob.ec/readme.html
1635. | Found By: Direct Access (Aggressive Detection)
1636. | Confidence: 100%
1637.  
1638. [+] Registration is enabled: http://www.inae.gob.ec/wp-login.php?action=register
1639. | Found By: Direct Access (Aggressive Detection)
1640. | Confidence: 100%
1641.  
1642. [+] Upload directory has listing enabled: http://www.inae.gob.ec/wp-content/uploads/
1643. | Found By: Direct Access (Aggressive Detection)
1644. | Confidence: 100%
1645.  
1646. [+] http://www.inae.gob.ec/wp-cron.php
1647. | Found By: Direct Access (Aggressive Detection)
1648. | Confidence: 60%
1649. | References:
1650. | - https://www.iplocation.net/defend-wordpress-from-ddos
1651. | - https://github.com/wpscanteam/wpscan/issues/1299
1652.  
1653. [+] WordPress version 4.7.3 identified (Insecure, released on 2017-03-06).
1654. | Detected By: Rss Generator (Passive Detection)
1655. | - http://www.inae.gob.ec/index.php/feed/, <generator>https://wordpress.org/?v=4.7.3</generator>
1656. | - http://www.inae.gob.ec/index.php/comments/feed/, <generator>https://wordpress.org/?v=4.7.3</generator>
1657. |
1658. | [!] 34 vulnerabilities identified:
1659. |
1660. | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
1661. | References:
1662. | - https://wpvulndb.com/vulnerabilities/8807
1663. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
1664. | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
1665. | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
1666. | - https://core.trac.wordpress.org/ticket/25239
1667. |
1668. | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
1669. | Fixed in: 4.7.5
1670. | References:
1671. | - https://wpvulndb.com/vulnerabilities/8815
1672. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
1673. | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
1674. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
1675. |
1676. | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
1677. | Fixed in: 4.7.5
1678. | References:
1679. | - https://wpvulndb.com/vulnerabilities/8816
1680. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
1681. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
1682. | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
1683. |
1684. | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
1685. | Fixed in: 4.7.5
1686. | References:
1687. | - https://wpvulndb.com/vulnerabilities/8817
1688. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
1689. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
1690. | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
1691. |
1692. | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
1693. | Fixed in: 4.7.5
1694. | References:
1695. | - https://wpvulndb.com/vulnerabilities/8818
1696. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
1697. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
1698. | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
1699. | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
1700. |
1701. | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
1702. | Fixed in: 4.7.5
1703. | References:
1704. | - https://wpvulndb.com/vulnerabilities/8819
1705. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
1706. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
1707. | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
1708. | - https://hackerone.com/reports/203515
1709. | - https://hackerone.com/reports/203515
1710. |
1711. | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
1712. | Fixed in: 4.7.5
1713. | References:
1714. | - https://wpvulndb.com/vulnerabilities/8820
1715. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
1716. | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
1717. | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
1718. |
1719. | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
1720. | Fixed in: 4.7.6
1721. | References:
1722. | - https://wpvulndb.com/vulnerabilities/8905
1723. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1724. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
1725. | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
1726. |
1727. | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
1728. | Fixed in: 4.7.5
1729. | References:
1730. | - https://wpvulndb.com/vulnerabilities/8906
1731. | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
1732. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1733. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
1734. | - https://wpvulndb.com/vulnerabilities/8905
1735. |
1736. | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
1737. | Fixed in: 4.7.6
1738. | References:
1739. | - https://wpvulndb.com/vulnerabilities/8910
1740. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
1741. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1742. | - https://core.trac.wordpress.org/changeset/41398
1743. |
1744. | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
1745. | Fixed in: 4.7.6
1746. | References:
1747. | - https://wpvulndb.com/vulnerabilities/8911
1748. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
1749. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1750. | - https://core.trac.wordpress.org/changeset/41457
1751. |
1752. | [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer
1753. | Fixed in: 4.7.6
1754. | References:
1755. | - https://wpvulndb.com/vulnerabilities/8912
1756. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
1757. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1758. | - https://core.trac.wordpress.org/changeset/41397
1759. |
1760. | [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
1761. | Fixed in: 4.7.6
1762. | References:
1763. | - https://wpvulndb.com/vulnerabilities/8913
1764. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
1765. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1766. | - https://core.trac.wordpress.org/changeset/41448
1767. |
1768. | [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
1769. | Fixed in: 4.7.6
1770. | References:
1771. | - https://wpvulndb.com/vulnerabilities/8914
1772. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
1773. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
1774. | - https://core.trac.wordpress.org/changeset/41395
1775. | - https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
1776. |
1777. | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
1778. | Fixed in: 4.7.7
1779. | References:
1780. | - https://wpvulndb.com/vulnerabilities/8941
1781. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
1782. | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
1783. | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
1784. | - https://twitter.com/ircmaxell/status/923662170092638208
1785. | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
1786. |
1787. | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
1788. | Fixed in: 4.7.8
1789. | References:
1790. | - https://wpvulndb.com/vulnerabilities/8966
1791. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
1792. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
1793. | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
1794. |
1795. | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
1796. | Fixed in: 4.7.8
1797. | References:
1798. | - https://wpvulndb.com/vulnerabilities/8967
1799. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
1800. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
1801. | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
1802. |
1803. | [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
1804. | Fixed in: 4.7.8
1805. | References:
1806. | - https://wpvulndb.com/vulnerabilities/8968
1807. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
1808. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
1809. | - https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
1810. |
1811. | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
1812. | Fixed in: 4.7.8
1813. | References:
1814. | - https://wpvulndb.com/vulnerabilities/8969
1815. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
1816. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
1817. | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
1818. |
1819. | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
1820. | Fixed in: 4.7.9
1821. | References:
1822. | - https://wpvulndb.com/vulnerabilities/9006
1823. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
1824. | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
1825. | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
1826. | - https://core.trac.wordpress.org/ticket/42720
1827. |
1828. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
1829. | References:
1830. | - https://wpvulndb.com/vulnerabilities/9021
1831. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
1832. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
1833. | - https://github.com/quitten/doser.py
1834. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
1835. |
1836. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
1837. | Fixed in: 4.7.10
1838. | References:
1839. | - https://wpvulndb.com/vulnerabilities/9053
1840. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
1841. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1842. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
1843. |
1844. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
1845. | Fixed in: 4.7.10
1846. | References:
1847. | - https://wpvulndb.com/vulnerabilities/9054
1848. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
1849. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1850. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
1851. |
1852. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
1853. | Fixed in: 4.7.10
1854. | References:
1855. | - https://wpvulndb.com/vulnerabilities/9055
1856. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
1857. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1858. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
1859. |
1860. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
1861. | Fixed in: 4.7.11
1862. | References:
1863. | - https://wpvulndb.com/vulnerabilities/9100
1864. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
1865. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
1866. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
1867. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
1868. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
1869. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
1870. |
1871. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
1872. | Fixed in: 4.7.12
1873. | References:
1874. | - https://wpvulndb.com/vulnerabilities/9169
1875. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
1876. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1877. |
1878. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
1879. | Fixed in: 4.7.12
1880. | References:
1881. | - https://wpvulndb.com/vulnerabilities/9170
1882. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
1883. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1884. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
1885. |
1886. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
1887. | Fixed in: 4.7.12
1888. | References:
1889. | - https://wpvulndb.com/vulnerabilities/9171
1890. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
1891. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1892. |
1893. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
1894. | Fixed in: 4.7.12
1895. | References:
1896. | - https://wpvulndb.com/vulnerabilities/9172
1897. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
1898. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1899. |
1900. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
1901. | Fixed in: 4.7.12
1902. | References:
1903. | - https://wpvulndb.com/vulnerabilities/9173
1904. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
1905. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1906. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
1907. |
1908. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
1909. | Fixed in: 4.7.12
1910. | References:
1911. | - https://wpvulndb.com/vulnerabilities/9174
1912. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
1913. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1914. |
1915. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
1916. | Fixed in: 4.7.12
1917. | References:
1918. | - https://wpvulndb.com/vulnerabilities/9175
1919. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
1920. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1921. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
1922. |
1923. | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
1924. | Fixed in: 5.0.1
1925. | References:
1926. | - https://wpvulndb.com/vulnerabilities/9222
1927. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
1928. | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
1929. |
1930. | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
1931. | Fixed in: 4.7.13
1932. | References:
1933. | - https://wpvulndb.com/vulnerabilities/9230
1934. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
1935. | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
1936. | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
1937. | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
1938.  
1939. [+] WordPress theme in use: vantage
1940. | Location: http://www.inae.gob.ec/wp-content/themes/vantage/
1941. | Last Updated: 2019-04-22T00:00:00.000Z
1942. | Readme: http://www.inae.gob.ec/wp-content/themes/vantage/readme.txt
1943. | [!] The version is out of date, the latest version is 1.10.1
1944. | Style URL: http://www.inae.gob.ec/wp-content/themes/vantage/style.css?ver=1.7.8
1945. | Style Name: Vantage
1946. | Style URI: https://siteorigin.com/theme/vantage/
1947. | Description: Vantage is a flexible multipurpose theme. Its strength lies in its tight integration with some power...
1948. | Author: SiteOrigin
1949. | Author URI: https://siteorigin.com/
1950. |
1951. | Detected By: Css Style (Passive Detection)
1952. |
1953. | Version: 1.7.8 (80% confidence)
1954. | Detected By: Style (Passive Detection)
1955. | - http://www.inae.gob.ec/wp-content/themes/vantage/style.css?ver=1.7.8, Match: 'Version: 1.7.8'
1956.  
1957. [+] Enumerating Users (via Passive and Aggressive Methods)
1958. Brute Forcing Author IDs - Time: 00:00:12 <==> (10 / 10) 100.00% Time: 00:00:12
1959.  
1960. [i] User(s) Identified:
1961.  
1962. [+] inae_web2
1963. | Detected By: Rss Generator (Passive Detection)
1964. | Confirmed By:
1965. | Wp Json Api (Aggressive Detection)
1966. | - http://www.inae.gob.ec/index.php/wp-json/wp/v2/users/?per_page=100&page=1
1967. | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1968.  
1969. [+] inae_web
1970. | Detected By: Wp Json Api (Aggressive Detection)
1971. | - http://www.inae.gob.ec/index.php/wp-json/wp/v2/users/?per_page=100&page=1
1972. | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1973.  
1974. [+] administrador
1975. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1976.  
1977. [+] alejandro3438
1978. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1979.  
1980. [+] roughmountpaddzuara
1981. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1982.  
1983. [+] stephany9922
1984. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1985.  
1986. [+] tahliaoram8
1987. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1988.  
1989. [+] robertomarconi6
1990. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1991.  
1992. [+] moselemmone96
1993. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1994.  
1995. [+] lanbraley6
1996. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1997.  
1998.  
1999. [+] Finished: Mon Apr 29 07:57:40 2019
2000. [+] Requests Done: 54
2001. [+] Cached Requests: 17
2002. [+] Data Sent: 11.645 KB
2003. [+] Data Received: 936.63 KB
2004. [+] Memory used: 112.148 MB
2005. [+] Elapsed time: 00:00:41
2006. #######################################################################################################################################
2007. [-] Date & Time: 29/04/2019 07:56:54
2008. [I] Threads: 5
2009. [-] Target: http://www.inae.gob.ec (190.214.11.74)
2010. [M] Website Not in HTTPS: http://www.inae.gob.ec
2011. [I] X-Powered-By: PHP/5.4.16
2012. [L] X-Frame-Options: Not Enforced
2013. [I] Strict-Transport-Security: Not Enforced
2014. [I] X-Content-Security-Policy: Not Enforced
2015. [I] X-Content-Type-Options: Not Enforced
2016. [L] No Robots.txt Found
2017. [I] CMS Detection: WordPress
2018. [I] Wordpress Version: 4.7
2019. [M] EDB-ID: 46511 "WordPress Core 5.0 - Remote Code Execution"
2020. [M] EDB-ID: 46662 "WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)"
2021. [M] EDB-ID: 44949 "WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion"
2022. [M] EDB-ID: 41963 "WordPress < 4.7.4 - Unauthorized Password Reset"
2023. [M] EDB-ID: 41497 "WordPress < 4.7.1 - Username Enumeration"
2024. [M] EDB-ID: 41223 "WordPress 4.7.0/4.7.1 - Content Injection (Python)"
2025. [M] EDB-ID: 41224 "WordPress 4.7.0/4.7.1 - Content Injection (Ruby)"
2026. [I] Wordpress Theme: vantage
2027. [M] EDB-ID: 8820 "amember 3.1.7 - Cross-Site Scripting / SQL Injection / HTML Injection"
2028. [-] WordPress usernames identified:
2029. [M] administrador
2030. [M] alejandro3438
2031. [M] archiedalyell4
2032. [M] augustbeaman3
2033. [M] bynfrancesca
2034. [M] claytonmackellar
2035. [M] conniea4166
2036. [M] dalearmijo5
2037. [M] deandregandy
2038. [M] denesemann962
2039. [M] derrickrae
2040. [M] doloreshays9
2041. [M] elbertforan39
2042. [M] gwendolynwarburt
2043. [M] haydenrickett0
2044. [M] heath876729327
2045. [M] henryi735389
2046. [M] inae_web
2047. [M] inae_web2
2048. [M] irvinbrooks
2049. [M] isabellamackey5
2050. [M] jamikajemison
2051. [M] juniors6224
2052. [M] katricevasey789
2053. [M] lakeisha89x
2054. [M] lanbraley6
2055. [M] lavondac58
2056. [M] lawerenceboudrea
2057. [M] ldtlynne656
2058. [M] maddisongoshorn
2059. [M] margaretteholtzm
2060. [M] maydrummond535
2061. [M] michelinecheyne
2062. [M] mohammadnorthern
2063. [M] moselemmone96
2064. [M] nadinemoultrie
2065. [M] nicholasstobie
2066. [M] noe88t3433
2067. [M] philip0620
2068. [M] rachelnorris8
2069. [M] remonakenney24
2070. [M] rheamincey7434
2071. [M] rickeydrayton24
2072. [M] robertomarconi6
2073. [M] roughmountpaddzuara
2074. [M] stephany9922
2075. [M] stormylaws5023
2076. [M] tahliaoram8
2077. [M] tonjahirschfeld
2078. [M] XML-RPC services are enabled
2079. [M] Website vulnerable to XML-RPC Brute Force Vulnerability
2080. [I] Autocomplete Off Not Found: http://www.inae.gob.ec/wp-login.php
2081. [-] Default WordPress Files:
2082. [I] http://www.inae.gob.ec/license.txt
2083. [I] http://www.inae.gob.ec/readme.html
2084. [I] http://www.inae.gob.ec/wp-content/themes/twentyfifteen/genericons/COPYING.txt
2085. [I] http://www.inae.gob.ec/wp-content/themes/twentyfifteen/genericons/LICENSE.txt
2086. [I] http://www.inae.gob.ec/wp-content/themes/twentyfifteen/readme.txt
2087. [I] http://www.inae.gob.ec/wp-content/themes/twentyseventeen/README.txt
2088. [I] http://www.inae.gob.ec/wp-content/themes/twentysixteen/genericons/COPYING.txt
2089. [I] http://www.inae.gob.ec/wp-content/themes/twentysixteen/genericons/LICENSE.txt
2090. [I] http://www.inae.gob.ec/wp-content/themes/twentysixteen/readme.txt
2091. [I] http://www.inae.gob.ec/wp-includes/ID3/license.commercial.txt
2092. [I] http://www.inae.gob.ec/wp-includes/ID3/license.txt
2093. [I] http://www.inae.gob.ec/wp-includes/ID3/readme.txt
2094. [I] http://www.inae.gob.ec/wp-includes/images/crystal/license.txt
2095. [I] http://www.inae.gob.ec/wp-includes/js/plupload/license.txt
2096. [I] http://www.inae.gob.ec/wp-includes/js/swfupload/license.txt
2097. [I] http://www.inae.gob.ec/wp-includes/js/tinymce/license.txt
2098. [-] Searching Wordpress Plugins ...
2099. [I] accordions-wp v2.4
2100. [I] adrotate
2101. [M] EDB-ID: 17888 "WordPress Plugin AdRotate 3.6.5 - SQL Injection"
2102. [M] EDB-ID: 18114 "WordPress Plugin AdRotate 3.6.6 - SQL Injection"
2103. [M] EDB-ID: 31834 "WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph?track' SQL Injection"
2104. [I] ads-box
2105. [M] EDB-ID: 38060 "WordPress Plugin Ads Box - 'count' SQL Injection"
2106. [I] advanced-wp-columns
2107. [I] akismet v4.0.8
2108. [M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
2109. [M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
2110. [I] arconix-shortcodes v2.0.4
2111. [I] firestats
2112. [M] EDB-ID: 14308 "WordPress Plugin Firestats - Remote Configuration File Download"
2113. [M] EDB-ID: 33367 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)"
2114. [M] EDB-ID: 33368 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)"
2115. [I] fuse-social-floating-sidebar v2.0
2116. [I] imagemapper v1.2.6
2117. [I] jetpack v6.3.3
2118. [M] EDB-ID: 18126 "WordPress Plugin jetpack - 'sharedaddy.php' ID SQL Injection"
2119. [I] jquery-mega-menu v1.3.10
2120. [M] EDB-ID: 16250 "WordPress Plugin jQuery Mega Menu 1.0 - Local File Inclusion"
2121. [I] ml-slider v3.10.0
2122. [I] simple-ads-manager
2123. [M] EDB-ID: 36613 "WordPress Plugin Simple Ads Manager - Multiple SQL Injections"
2124. [M] EDB-ID: 36614 "WordPress Plugin Simple Ads Manager 2.5.94 - Arbitrary File Upload"
2125. [M] EDB-ID: 36615 "WordPress Plugin Simple Ads Manager - Information Disclosure"
2126. [M] EDB-ID: 39133 "WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection"
2127. [I] siteorigin-panels v2.7.2
2128. [I] so-widgets-bundle v1.9.2
2129. [I] wp-bannerize
2130. [M] EDB-ID: 17764 "WordPress Plugin Bannerize 2.8.6 - SQL Injection"
2131. [M] EDB-ID: 17906 "WordPress Plugin Bannerize 2.8.7 - SQL Injection"
2132. [M] EDB-ID: 36193 "WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection"
2133. [I] wp-publication-archive v3.0.1
2134. [M] EDB-ID: 35263 "WordPress Plugin WP Publication Archive 2.0.1 - 'file' Information Disclosure"
2135. [I] Checking for Directory Listing Enabled ...
2136. [L] http://www.inae.gob.ec/wp-admin/css
2137. [L] http://www.inae.gob.ec/wp-admin/images
2138. [L] http://www.inae.gob.ec/wp-admin/includes
2139. [L] http://www.inae.gob.ec/wp-admin/js
2140. [L] http://www.inae.gob.ec/wp-admin/maint
2141. [L] http://www.inae.gob.ec/wp-includes
2142. [L] http://www.inae.gob.ec/wp-includes/ID3
2143. [L] http://www.inae.gob.ec/wp-includes/IXR
2144. [L] http://www.inae.gob.ec/wp-includes/Requests
2145. [L] http://www.inae.gob.ec/wp-includes/SimplePie
2146. [L] http://www.inae.gob.ec/wp-includes/Text
2147. [L] http://www.inae.gob.ec/wp-includes/certificates
2148. [L] http://www.inae.gob.ec/wp-includes/css
2149. [L] http://www.inae.gob.ec/wp-includes/customize
2150. [L] http://www.inae.gob.ec/wp-includes/fonts
2151. [L] http://www.inae.gob.ec/wp-includes/images
2152. [L] http://www.inae.gob.ec/wp-includes/js
2153. [L] http://www.inae.gob.ec/wp-includes/pomo
2154. [L] http://www.inae.gob.ec/wp-includes/random_compat
2155. [L] http://www.inae.gob.ec/wp-includes/rest-api
2156. [L] http://www.inae.gob.ec/wp-includes/theme-compat
2157. [L] http://www.inae.gob.ec/wp-includes/widgets
2158. [L] http://www.inae.gob.ec/wp-content/plugins/accordions-wp
2159. [L] http://www.inae.gob.ec/wp-content/plugins/advanced-wp-columns
2160. [L] http://www.inae.gob.ec/wp-content/plugins/arconix-shortcodes
2161. [L] http://www.inae.gob.ec/wp-content/plugins/fuse-social-floating-sidebar
2162. [L] http://www.inae.gob.ec/wp-content/plugins/imagemapper
2163. [L] http://www.inae.gob.ec/wp-content/plugins/jetpack
2164. [L] http://www.inae.gob.ec/wp-content/plugins/jquery-mega-menu
2165. [L] http://www.inae.gob.ec/wp-content/plugins/ml-slider
2166. [L] http://www.inae.gob.ec/wp-content/plugins/siteorigin-panels
2167. [L] http://www.inae.gob.ec/wp-content/plugins/so-widgets-bundle
2168. [L] http://www.inae.gob.ec/wp-content/plugins/wp-publication-archive
2169. [-] Date & Time: 29/04/2019 08:21:22
2170. [-] Completed in: 0:24:27
2171. #######################################################################################################################################
2172. Anonymous JTSEC #OpAssange Full Recon #19