API tools faq
paste
Advertisement
Guest User

Anonymous #OpNicaragua JTSEC Full Recon #2

a guest
Jun 15th, 2018
1,449
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 32.66 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. Hostname www.bdfnet.com ISP Banco de Finanzas
  3. Continent North America Flag
  4. NI
  5. Country Nicaragua Country Code NI
  6. Region Unknown Local time 15 Jun 2018 09:56 CST
  7. City Unknown Postal Code Unknown
  8. IP Address 200.6.55.90 Latitude 13
  9. Longitude -85
  10. #######################################################################################################################################
  11. HostIP:200.6.55.90
  12. HostName:web.bdfnet.com
  13.  
  14. Gathered Inet-whois information for 200.6.55.90
  15. ---------------------------------------------------------------------------------------------------------------------------------------
  16.  
  17. inetnum: 200.6.55/24
  18. status: assigned
  19. aut-num: N/A
  20. owner: Banco de Finanzas
  21. ownerid: NI-BAFI-LACNIC
  22. responsible: Harold Flores
  23. address: Esquina opuesta al Hotel Crowne Plaza., n/a,
  24. address: 6020 - Managua -
  25. country: NI
  26. phone: +50 5 2403000 [72304]
  27. owner-c: LUC9
  28. tech-c: LUC9
  29. abuse-c: LUC9
  30. inetrev: 200.6.55/24
  31. nserver: NS1.BDFNET.COM
  32. nsstat: 20180615 AA
  33. nslastaa: 20180615
  34. created: 20070515
  35. changed: 20070515
  36.  
  37. nic-hdl: LUC9
  38. person: Harold Flores
  39. e-mail: harold.flores@BDFNET.COM
  40. address: Edificio Centro II, Tercer piso, oficina de tecnologia, 1111,
  41. address: 6020 - Managua -
  42. country: NI
  43. phone: +505 2403000 [72303]
  44. created: 20070228
  45. changed: 20140502
  46.  
  47. % whois.lacnic.net accepts only direct match queries.
  48. % Types of queries are: POCs, ownerid, CIDR blocks, IP
  49. % and AS numbers.
  50.  
  51.  
  52. Gathered Inic-whois information for web.bdfnet.com
  53. ---------------------------------------------------------------------------------------------------------------------------------------
  54. ERROR: Unable to locate Name Whois data on web.bdfnet.com
  55.  
  56. Gathered Netcraft information for web.bdfnet.com
  57. ---------------------------------------------------------------------------------------------------------------------------------------
  58.  
  59. Retrieving Netcraft.com information for web.bdfnet.com
  60. Netcraft.com Information gathered
  61.  
  62. Gathered Subdomain information for web.bdfnet.com
  63. ---------------------------------------------------------------------------------------------------------------------------------------
  64. Searching Google.com:80...
  65. Searching Altavista.com:80...
  66. Found 0 possible subdomain(s) for host web.bdfnet.com, Searched 0 pages containing 0 results
  67.  
  68. Gathered E-Mail information for web.bdfnet.com
  69. ---------------------------------------------------------------------------------------------------------------------------------------
  70. Searching Google.com:80...
  71. Searching Altavista.com:80...
  72. Found 0 E-Mail(s) for host web.bdfnet.com, Searched 0 pages containing 0 results
  73.  
  74. Gathered TCP Port information for 200.6.55.90
  75. ---------------------------------------------------------------------------------------------------------------------------------------
  76.  
  77. Port State
  78.  
  79. 80/tcp open
  80.  
  81. Portscan Finished: Scanned 150 ports, 0 ports were in state closed
  82. #######################################################################################################################################
  83. [i] Scanning Site: https://200.6.55.90
  84.  
  85.  
  86.  
  87. B A S I C I N F O
  88. =======================================================================================================================================
  89.  
  90.  
  91. [+] Site Title: BDF - Banco de Finanzas
  92. [+] IP address: 200.6.55.90
  93. [+] Web Server: Microsoft-IIS/8.5
  94. [+] CMS: Could Not Detect
  95. [+] Cloudflare: Not Detected
  96. [+] Robots File: Could NOT Find robots.txt!
  97.  
  98.  
  99.  
  100.  
  101. W H O I S L O O K U P
  102. =======================================================================================================================================
  103.  
  104.  
  105. % Joint Whois - whois.lacnic.net
  106. % This server accepts single ASN, IPv4 or IPv6 queries
  107.  
  108. % LACNIC resource: whois.lacnic.net
  109.  
  110.  
  111. % Copyright LACNIC lacnic.net
  112. % The data below is provided for information purposes
  113. % and to assist persons in obtaining information about or
  114. % related to AS and IP numbers registrations
  115. % By submitting a whois query, you agree to use this data
  116. % only for lawful purposes.
  117. % 2018-06-15 13:01:38 (BRT -03:00)
  118.  
  119. inetnum: 200.6.55/24
  120. status: assigned
  121. aut-num: N/A
  122. owner: Banco de Finanzas
  123. ownerid: NI-BAFI-LACNIC
  124. responsible: Harold Flores
  125. address: Esquina opuesta al Hotel Crowne Plaza., n/a,
  126. address: 6020 - Managua -
  127. country: NI
  128. phone: +50 5 2403000 [72304]
  129. owner-c: LUC9
  130. tech-c: LUC9
  131. abuse-c: LUC9
  132. inetrev: 200.6.55/24
  133. nserver: NS1.BDFNET.COM
  134. nsstat: 20180615 AA
  135. nslastaa: 20180615
  136. created: 20070515
  137. changed: 20070515
  138.  
  139. nic-hdl: LUC9
  140. person: Harold Flores
  141. e-mail: harold.flores@BDFNET.COM
  142. address: Edificio Centro II, Tercer piso, oficina de tecnologia, 1111,
  143. address: 6020 - Managua -
  144. country: NI
  145. phone: +505 2403000 [72303]
  146. created: 20070228
  147. changed: 20140502
  148.  
  149. % whois.lacnic.net accepts only direct match queries.
  150. % Types of queries are: POCs, ownerid, CIDR blocks, IP
  151. % and AS numbers.
  152.  
  153.  
  154.  
  155.  
  156.  
  157. G E O I P L O O K U P
  158. =======================================================================================================================================
  159.  
  160. [i] IP Address: 200.6.55.90
  161. [i] Country: NI
  162. [i] State: N/A
  163. [i] City: N/A
  164. [i] Latitude: 13.000000
  165. [i] Longitude: -85.000000
  166.  
  167.  
  168.  
  169.  
  170. H T T P H E A D E R S
  171. =======================================================================================================================================
  172.  
  173.  
  174. [i] HTTP/1.1 302 Found
  175. [i] Cache-Control: private
  176. [i] Content-Type: text/html; charset=utf-8
  177. [i] Location: /error.html?aspxerrorpath=/default.aspx
  178. [i] Server: Microsoft-IIS/8.5
  179. [i] X-AspNet-Version: 4.0.30319
  180. [i] X-Powered-By: ASP.NET
  181. [i] X-Frame-Options: SAMEORIGIN
  182. [i] Date: Fri, 15 Jun 2018 16:01:42 GMT
  183. [i] Connection: close
  184. [i] Content-Length: 156
  185. [i] HTTP/1.1 200 OK
  186. [i] Content-Type: text/html
  187. [i] Last-Modified: Wed, 04 Apr 2018 00:08:29 GMT
  188. [i] Accept-Ranges: bytes
  189. [i] ETag: "87786afa9cbd31:0"
  190. [i] Server: Microsoft-IIS/8.5
  191. [i] X-Powered-By: ASP.NET
  192. [i] X-Frame-Options: SAMEORIGIN
  193. [i] Date: Fri, 15 Jun 2018 16:01:47 GMT
  194. [i] Connection: close
  195. [i] Content-Length: 3371
  196.  
  197.  
  198.  
  199. S U B N E T C A L C U L A T I O N
  200. =======================================================================================================================================
  201.  
  202. Address = 200.6.55.90
  203. Network = 200.6.55.90 / 32
  204. Netmask = 255.255.255.255
  205. Broadcast = not needed on Point-to-Point links
  206. Wildcard Mask = 0.0.0.0
  207. Hosts Bits = 0
  208. Max. Hosts = 1 (2^0 - 0)
  209. Host Range = { 200.6.55.90 - 200.6.55.90 }
  210.  
  211.  
  212.  
  213. N M A P P O R T S C A N
  214. =======================================================================================================================================
  215.  
  216.  
  217. Starting Nmap 7.01 ( https://nmap.org ) at 2018-06-15 16:01 UTC
  218. Nmap scan report for web.bdfnet.com (200.6.55.90)
  219. Host is up (0.066s latency).
  220. PORT STATE SERVICE VERSION
  221. 21/tcp filtered ftp
  222. 22/tcp filtered ssh
  223. 23/tcp filtered telnet
  224. 80/tcp open http?
  225. 110/tcp filtered pop3
  226. 143/tcp filtered imap
  227. 443/tcp open ssl/http Microsoft IIS httpd 8.5
  228. 3389/tcp filtered ms-wbt-server
  229. #######################################################################################################################################
  230. \/ \/ \/
  231. [?] Enter the target: 200.6.55.90
  232. [!] IP Address : 200.6.55.90
  233. [+] Operating System : Windows
  234. [!] 200.6.55.90 doesn't seem to use a CMS
  235. [+] Honeypot Probabilty: 0%
  236. ----------------------------------------
  237. [~] Trying to gather whois information for 200.6.55.90
  238. [+] Whois information found
  239. [-] Unable to build response, visit https://who.is/whois/200.6.55.90
  240. ----------------------------------------
  241. PORT STATE SERVICE VERSION
  242. 21/tcp filtered ftp
  243. 22/tcp filtered ssh
  244. 23/tcp filtered telnet
  245. 80/tcp open http?
  246. 110/tcp filtered pop3
  247. 143/tcp filtered imap
  248. 443/tcp open ssl/http Microsoft IIS httpd 8.5
  249. 3389/tcp filtered ms-wbt-server
  250. #######################################################################################################################################
  251. PORT STATE SERVICE VERSION
  252. 21/tcp filtered ftp
  253. 22/tcp filtered ssh
  254. 23/tcp filtered telnet
  255. 80/tcp open http?
  256. 110/tcp filtered pop3
  257. 143/tcp filtered imap
  258. 443/tcp open ssl/http Microsoft IIS httpd 8.5
  259. 3389/tcp filtered ms-wbt-server
  260. #######################################################################################################################################
  261. Not shown: 993 closed ports
  262. PORT STATE SERVICE VERSION
  263. 25/tcp filtered smtp
  264. 80/tcp open http
  265. 135/tcp filtered msrpc
  266. 139/tcp filtered netbios-ssn
  267. 443/tcp open ssl/http Microsoft IIS httpd 8.5
  268. 445/tcp filtered microsoft-ds
  269. 8093/tcp open http Microsoft IIS httpd 8.5
  270. #######################################################################################################################################
  271. Server: 10.211.254.254
  272. Address: 10.211.254.254#53
  273.  
  274. Non-authoritative answer:
  275. *** Can't find bdfnet.com: No answer
  276.  
  277. bdfnet.com mail is handled by 1 bdfmail1.bdfnet.com.
  278. ######################################################################################################################################
  279. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  280. Domain Name: BDFNET.COM
  281. Registry Domain ID: 7876923_DOMAIN_COM-VRSN
  282. Registrar WHOIS Server: whois.networksolutions.com
  283. Registrar URL: http://networksolutions.com
  284. Updated Date: 2017-11-02T15:44:39Z
  285. Creation Date: 1999-07-09T21:17:40Z
  286. Registry Expiry Date: 2023-07-09T21:17:40Z
  287. Registrar: Network Solutions, LLC.
  288. Registrar IANA ID: 2
  289. Registrar Abuse Contact Email: abuse@web.com
  290. Registrar Abuse Contact Phone: +1.8003337680
  291. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  292. Name Server: NS.IDEAY.COM.NI
  293. Name Server: NS.IDEAY.NET.NI
  294. Name Server: NS1.BDFNET.COM
  295. DNSSEC: unsigned
  296. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  297. >>> Last update of whois database: 2018-06-15T17:15:30Z <<<
  298.  
  299. For more information on Whois status codes, please visit https://icann.org/epp
  300.  
  301. NOTICE: The expiration date displayed in this record is the date the
  302. registrar's sponsorship of the domain name registration in the registry is
  303. currently set to expire. This date does not necessarily reflect the expiration
  304. date of the domain name registrant's agreement with the sponsoring
  305. registrar. Users may consult the sponsoring registrar's Whois database to
  306. view the registrar's reported date of expiration for this registration.
  307.  
  308. TERMS OF USE: You are not authorized to access or query our Whois
  309. database through the use of electronic processes that are high-volume and
  310. automated except as reasonably necessary to register domain names or
  311. modify existing registrations; the Data in VeriSign Global Registry
  312. Services' ("VeriSign") Whois database is provided by VeriSign for
  313. information purposes only, and to assist persons in obtaining information
  314. about or related to a domain name registration record. VeriSign does not
  315. guarantee its accuracy. By submitting a Whois query, you agree to abide
  316. by the following terms of use: You agree that you may use this Data only
  317. for lawful purposes and that under no circumstances will you use this Data
  318. to: (1) allow, enable, or otherwise support the transmission of mass
  319. unsolicited, commercial advertising or solicitations via e-mail, telephone,
  320. or facsimile; or (2) enable high volume, automated, electronic processes
  321. that apply to VeriSign (or its computer systems). The compilation,
  322. repackaging, dissemination or other use of this Data is expressly
  323. prohibited without the prior written consent of VeriSign. You agree not to
  324. use electronic processes that are automated and high-volume to access or
  325. query the Whois database except as reasonably necessary to register
  326. domain names or modify existing registrations. VeriSign reserves the right
  327. to restrict your access to the Whois database in its sole discretion to ensure
  328. operational stability. VeriSign may restrict or terminate your access to the
  329. Whois database for failure to abide by these terms of use. VeriSign
  330. reserves the right to modify these terms at any time.
  331.  
  332. The Registry database contains ONLY .COM, .NET, .EDU domains and
  333. Registrars.
  334. IP Address Has Reached Rate Limit
  335. #######################################################################################################################################
  336.  
  337. ; <<>> DiG 9.11.3-1-Debian <<>> -x bdfnet.com
  338. ;; global options: +cmd
  339. ;; Got answer:
  340. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46796
  341. ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  342.  
  343. ;; OPT PSEUDOSECTION:
  344. ; EDNS: version: 0, flags:; udp: 512
  345. ;; QUESTION SECTION:
  346. ;com.bdfnet.in-addr.arpa. IN PTR
  347.  
  348. ;; AUTHORITY SECTION:
  349. in-addr.arpa. 3599 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2018013405 1800 900 604800 3600
  350.  
  351. ;; Query time: 358 msec
  352. ;; SERVER: 10.211.254.254#53(10.211.254.254)
  353. ;; WHEN: Fri Jun 15 13:15:45 EDT 2018
  354. ;; MSG SIZE rcvd: 120
  355.  
  356. dnsenum VERSION:1.2.4
  357.  
  358. ----- bdfnet.com -----
  359.  
  360.  
  361. Host's addresses:
  362. __________________
  363.  
  364.  
  365.  
  366. Name Servers:
  367. ______________
  368.  
  369. ns1.bdfnet.com. 21599 IN A 200.6.55.12
  370.  
  371.  
  372. Mail (MX) Servers:
  373. ___________________
  374.  
  375. bdfmail1.bdfnet.com. 3599 IN A 200.6.55.96
  376.  
  377.  
  378. Trying Zone Transfers and getting Bind Versions:
  379. _________________________________________________
  380.  
  381.  
  382. Trying Zone Transfer for bdfnet.com on ns1.bdfnet.com ...
  383. #######################################################################################################################################
  384. [-] Enumerating subdomains now for bdfnet.com
  385. [-] verbosity is enabled, will show the subdomains results in realtime
  386. [-] Searching now in Baidu..
  387. [-] Searching now in Yahoo..
  388. [-] Searching now in Google..
  389. [-] Searching now in Bing..
  390. [-] Searching now in Ask..
  391. [-] Searching now in Netcraft..
  392. [-] Searching now in DNSdumpster..
  393. [-] Searching now in Virustotal..
  394. [-] Searching now in ThreatCrowd..
  395. [-] Searching now in SSL Certificates..
  396. [-] Searching now in PassiveDNS..
  397. ThreatCrowd: rds.bdfnet.com
  398. SSL Certificates: www.bdfnet.com
  399. SSL Certificates: fatca.bdfnet.com
  400. SSL Certificates: apps.bdfnet.com
  401. SSL Certificates: sslvpn.bdfnet.com
  402. SSL Certificates: emm.bdfnet.com
  403. SSL Certificates: www.emm.bdfnet.com
  404. SSL Certificates: bdfmail1.bdfnet.com
  405. SSL Certificates: bdfvisa.bdfnet.com
  406. SSL Certificates: sac.bdfnet.com
  407. SSL Certificates: mdm.bdfnet.com
  408. SSL Certificates: ibdf.bdfnet.com
  409. SSL Certificates: secure.bdfnet.com
  410. Virustotal: ibdf.bdfnet.com
  411. Virustotal: apps.bdfnet.com
  412. Virustotal: bdfmail1.bdfnet.com
  413. Virustotal: www.bdfnet.com
  414. Virustotal: bdfchat.bdfnet.com
  415. Virustotal: ns1.bdfnet.com
  416. Virustotal: secure.bdfnet.com
  417. Virustotal: web.bdfnet.com
  418. Netcraft: www.bdfnet.com
  419. Yahoo: www.bdfnet.com
  420. Yahoo: ibdf.bdfnet.com
  421. Yahoo: bdfchat.bdfnet.com
  422. Yahoo: bdfmail1.bdfnet.com
  423. Google: ibdf.bdfnet.com
  424. Google: bdfchat.bdfnet.com
  425. DNSdumpster: mdm.bdfnet.com
  426. DNSdumpster: sslvpn.bdfnet.com
  427. DNSdumpster: ns1.bdfnet.com
  428. DNSdumpster: da.bdfnet.com
  429. DNSdumpster: bdfmail1.bdfnet.com
  430. DNSdumpster: secure.bdfnet.com
  431. DNSdumpster: apps.bdfnet.com
  432. DNSdumpster: autodiscover.bdfnet.com
  433. DNSdumpster: rds.bdfnet.com
  434. DNSdumpster: ibdf.bdfnet.com
  435. DNSdumpster: bdfvisa.bdfnet.com
  436. DNSdumpster: web.bdfnet.com
  437. DNSdumpster: crl.bdfnet.com
  438. DNSdumpster: vpn.bdfnet.com
  439. DNSdumpster: mail.bdfnet.com
  440. DNSdumpster: sac.bdfnet.com
  441. [-] Saving results to file: /usr/share/sniper/loot/bdfnet.com/domains/domains-bdfnet.com.txt
  442. [-] Total Unique Subdomains Found: 21
  443. www.bdfnet.com
  444. apps.bdfnet.com
  445. autodiscover.bdfnet.com
  446. bdfchat.bdfnet.com
  447. bdfmail1.bdfnet.com
  448. bdfvisa.bdfnet.com
  449. crl.bdfnet.com
  450. da.bdfnet.com
  451. emm.bdfnet.com
  452. www.emm.bdfnet.com
  453. fatca.bdfnet.com
  454. ibdf.bdfnet.com
  455. mail.bdfnet.com
  456. mdm.bdfnet.com
  457. ns1.bdfnet.com
  458. rds.bdfnet.com
  459. sac.bdfnet.com
  460. secure.bdfnet.com
  461. sslvpn.bdfnet.com
  462. vpn.bdfnet.com
  463. web.bdfnet.com
  464. #######################################################################################################################################
  465. apps.bdfnet.com
  466. bdfmail1.bdfnet.com
  467. *.bdfnet.com
  468. bdfvisa.bdfnet.com
  469. emm.bdfnet.com
  470. fatca.bdfnet.com
  471. ibdf.bdfnet.com
  472. mdm.bdfnet.com
  473. sac.bdfnet.com
  474. secure.bdfnet.com
  475. sslvpn.bdfnet.com
  476. www.bdfnet.com
  477. www.emm.bdfnet.com
  478. #######################################################################################################################################
  479. __
  480. ____ _____ ___ ______ _/ /_____ ____ ___
  481. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  482. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  483. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  484. /_/ discover v0.5.0 - by @michenriksen
  485.  
  486. Identifying nameservers for bdfnet.com... Done
  487. Using nameservers:
  488.  
  489. - 200.6.55.12
  490.  
  491. Checking for wildcard DNS... Done
  492.  
  493. Running collector: Dictionary... Done (26 hosts)
  494. Running collector: VirusTotal... Skipped
  495. -> Key 'virustotal' has not been set
  496. Running collector: PassiveTotal... Skipped
  497. -> Key 'passivetotal_key' has not been set
  498. Running collector: Netcraft... Done (1 host)
  499. Running collector: PublicWWW... Done (0 hosts)
  500. Running collector: Threat Crowd... Done (1 host)
  501. Running collector: DNSDB... Done (21 hosts)
  502. Running collector: Wayback Machine... Timed out
  503. Running collector: Certificate Search... Done (13 hosts)
  504. Running collector: PTRArchive... Error
  505. -> PTRArchive returned unexpected response code: 502
  506. Running collector: Google Transparency Report... Done (10 hosts)
  507. Running collector: Censys... Skipped
  508. -> Key 'censys_secret' has not been set
  509. Running collector: Riddler... Skipped
  510. -> Key 'riddler_username' has not been set
  511. Running collector: HackerTarget... Done (15 hosts)
  512. Running collector: Shodan... Skipped
  513. -> Key 'shodan' has not been set
  514.  
  515. Resolving 55 unique hosts...
  516. 200.6.55.68 apps.bdfnet.com
  517. 200.6.55.27 autodiscover.bdfnet.com
  518. 200.6.55.96 bdfmail1.bdfnet.com
  519. 200.6.55.70 bdfvisa.bdfnet.com
  520. 200.6.55.14 crl.bdfnet.com
  521. 200.6.55.25 da.bdfnet.com
  522. 200.6.55.101 ibdf.bdfnet.com
  523. 200.6.55.98 mail.bdfnet.com
  524. 200.6.55.103 mdm.bdfnet.com
  525. 200.6.55.12 ns1.bdfnet.com
  526. 200.6.55.19 rds.bdfnet.com
  527. 200.6.55.110 sac.bdfnet.com
  528. 200.6.55.15 secure.bdfnet.com
  529. 200.6.55.91 sslvpn.bdfnet.com
  530. 200.6.55.104 vpn.bdfnet.com
  531. 200.6.55.90 web.bdfnet.com
  532. 200.6.55.90 www.bdfnet.com
  533.  
  534. Found subnets:
  535.  
  536. - 200.6.55.0-255 : 17 hosts
  537.  
  538. Wrote 17 hosts to:
  539.  
  540. - file:///root/aquatone/bdfnet.com/hosts.txt
  541. - file:///root/aquatone/bdfnet.com/hosts.json
  542. __
  543. ____ _____ ___ ______ _/ /_____ ____ ___
  544. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  545. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  546. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  547. /_/ takeover v0.5.0 - by @michenriksen
  548.  
  549. Loaded 17 hosts from /root/aquatone/bdfnet.com/hosts.json
  550. Loaded 25 domain takeover detectors
  551.  
  552. Identifying nameservers for bdfnet.com... Done
  553. Using nameservers:
  554.  
  555. - 200.6.55.12
  556.  
  557. Checking hosts for domain takeover vulnerabilities...
  558.  
  559. Finished checking hosts:
  560.  
  561. - Vulnerable : 0
  562. - Not Vulnerable : 17
  563.  
  564. Wrote 0 potential subdomain takeovers to:
  565.  
  566. - file:///root/aquatone/bdfnet.com/takeovers.json
  567.  
  568. __
  569. ____ _____ ___ ______ _/ /_____ ____ ___
  570. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  571. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  572. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  573. /_/ scan v0.5.0 - by @michenriksen
  574.  
  575. Loaded 17 hosts from /root/aquatone/bdfnet.com/hosts.json
  576.  
  577. Probing 32 ports...
  578. 443/tcp 200.6.55.91 sslvpn.bdfnet.com
  579. 80/tcp 200.6.55.96 bdfmail1.bdfnet.com
  580. 80/tcp 200.6.55.91 sslvpn.bdfnet.com
  581. 443/tcp 200.6.55.110 sac.bdfnet.com
  582. 80/tcp 200.6.55.90 web.bdfnet.com, www.bdfnet.com
  583. 443/tcp 200.6.55.96 bdfmail1.bdfnet.com
  584. 443/tcp 200.6.55.68 apps.bdfnet.com
  585. 443/tcp 200.6.55.19 rds.bdfnet.com
  586. 443/tcp 200.6.55.103 mdm.bdfnet.com
  587. 443/tcp 200.6.55.90 web.bdfnet.com, www.bdfnet.com
  588. 443/tcp 200.6.55.101 ibdf.bdfnet.com
  589.  
  590. Wrote open ports to file:///root/aquatone/bdfnet.com/open_ports.txt
  591. Wrote URLs to file:///root/aquatone/bdfnet.com/urls.txt
  592. __
  593. ____ _____ ___ ______ _/ /_____ ____ ___
  594. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  595. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  596. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  597. /_/ gather v0.5.0 - by @michenriksen
  598. #######################################################################################################################################
  599. ------------------------------------
  600.  
  601. Total hosts: 35
  602.  
  603. [-] Resolving hostnames IPs...
  604.  
  605. .bdfnet.com : empty
  606. apps.bdfnet.com : 200.6.55.68
  607. bdfchat.bdfnet.com : 200.6.55.71
  608. bdfmail1.bdfnet.com : 200.6.55.96
  609. bdfvisa.bdfnet.com : 200.6.55.70
  610. crl.bdfnet.com : 200.6.55.14
  611. emm.bdfnet.com : empty
  612. fatca.bdfnet.com : empty
  613. ibdf.bdfnet.com : 200.6.55.101
  614. mdm.bdfnet.com : 200.6.55.103
  615. ns1.bdfnet.com : 200.6.55.12
  616. rds.bdfnet.com : 200.6.55.19
  617. sac.bdfnet.com : 200.6.55.110
  618. secure.bdfnet.com : 200.6.55.15
  619. sslvpn.bdfnet.com : 200.6.55.91
  620. web.bdfnet.com : 200.6.55.90
  621. www.bdfnet.com : 200.6.55.90
  622. www.emm.bdfnet.com : empty
  623. www.www.bdfnet.com : empty
  624.  
  625. #######################################################################################################################################
  626. --------------------------------------------------------------------------------------------------------------------------------------
  627.  
  628. [1/25] /webhp?hl=en-CA
  629. [x] Error downloading /webhp?hl=en-CA
  630. [2/25] https://www.bdfnet.com/documentos/efdiciembrecomb2010.pdf
  631. [x] Error in the parsing process
  632. [3/25] https://www.bdfnet.com/documentos/EstadosFinancieros/InformeFinancieros_al31Diciembre_2011.pdf
  633. [x] Error in the parsing process
  634. [4/25] https://www.bdfnet.com/documentos/EstadosFinancieros/InformeFinancierosAuditadosConsolidados_al31Diciembre2012.pdf
  635. [x] Error in the parsing process
  636. [5/25] https://www.bdfnet.com/documentos/EstadosFinancieros/InformeFinancierosAuditadosCombinados_31Diciembre2014.pdf
  637. [x] Error in the parsing process
  638. [6/25] https://www.bdfnet.com/documentos/EstadosFinancieros/InformeFinancierosAuditadosCombinados_31Diciembre2012.pdf
  639. [x] Error in the parsing process
  640. [7/25] https://www.bdfnet.com/documentos/EstadosFinancieros/InformeFinancierosAuditadosConsolidados_al31Diciembre2015.pdf
  641. [x] Error in the parsing process
  642. [8/25] https://www.bdfnet.com/documentos/EstadosFinancieros/InformeFinancierosAuditadosConsolidados_al31Diciembre2014.pdf
  643. [x] Error in the parsing process
  644. [9/25] https://www.bdfnet.com/documentos/EstadosFinancieros/InformeFinancierosAuditadosCombinados_31Diciembre2015.pdf
  645. [x] Error in the parsing process
  646. [10/25] https://www.bdfnet.com/documentos/EstadosFinancieros/InformeFinancierosAuditadosSeparados_al31Diciembre2014.pdf
  647. [x] Error in the parsing process
  648. [11/25] https://www.bdfnet.com/documentos/EstadosFinancieros/InformeFinancierosAuditadosSeparados_al31Diciembre2015.pdf
  649. [x] Error in the parsing process
  650. [12/25] https://www.bdfnet.com/documentos/BDFInformeCombinado2008.pdf
  651. [13/25] https://www.bdfnet.com/documentos/ContratoCheckingPremiumPJ.PDF
  652. [14/25] https://www.bdfnet.com/documentos/ResumencondicionesBDF.pdf
  653. [15/25] https://www.bdfnet.com/documentos/ContratoCheckingPremium.pdf
  654. [16/25] https://www.bdfnet.com/documentos/ContratoCheckingValuePJ.PDF
  655. [17/25] https://www.bdfnet.com/documentos/Circular_Cheque.pdf
  656. [18/25] https://www.bdfnet.com/documentos/coberturasolucionesBDF.pdf
  657. [19/25] https://www.bdfnet.com/documentos/EEFF_Sept_2010.pdf
  658. [20/25] https://www.bdfnet.com/documentos/ContratoCuentaPremium.PDF
  659. [21/25] https://www.bdfnet.com/documentos/EEFFSeptiembre2011.pdf
  660. [22/25] https://www.bdfnet.com/documentos/FormularioW8.pdf
  661. [23/25] https://www.bdfnet.com/documentos/Calificacion_Fitch_Diciembre2013.pdf
  662. [24/25] https://www.bdfnet.com/documentos/ServiciosAsistenciaBDF.pdf
  663. [25/25] https://www.bdfnet.com/documentos/EEFF_BDF_Dic2010.pdf
  664.  
  665. [+] List of users found:
  666. --------------------------
  667. marthamorales
  668. Ing. Reynaldo Omar Herrera
  669. ��
  670. eduardo.gutierrez
  671. BK07476
  672. Bob Doughty
  673.  
  674. [+] List of software found:
  675. -----------------------------
  676. Acrobat Distiller 6.0 (Windows)
  677. PScript5.dll Version 5.2.2
  678. Adobe PDF library 15.00
  679. Adobe Illustrator CC 2015 (Macintosh)
  680. ��Microsoft� Office Word 2007
  681. Adobe PDF library 10.01
  682. Adobe Illustrator CC (Macintosh)
  683. Adobe Acrobat Pro 11.0.0 Paper Capture Plug-in
  684. EPSON NX200/SX200/TX200
  685. ��OpenOffice.org 3.1
  686. ��Writer
  687. PScript5.dll Version 5.2
  688. Microsoft� Word 2010
  689. Adobe Illustrator CC 22.0 (Macintosh)
  690.  
  691. [+] List of paths and servers found:
  692. ---------------------------------------
  693.  
  694. [+] List of e-mails found:
  695. ----------------------------
  696. fmpeatnic@kpmg.com
  697. mario.hernandez@fitchratings.com
  698. marcela.galicia@fitchratings.com
  699.  
  700. ######################################################################################################################################
  701. I, [2018-06-15T13:32:03.918866 #20807] INFO -- : Initiating port scan
  702. I, [2018-06-15T13:32:06.180604 #20807] INFO -- : Using nmap scan output file logs/nmap_output_2018-06-15_13-32-03.xml
  703. ######################################################################################################################################
  704. Start: Fri Jun 15 16:12:21 2018
  705. HOST: whatweb Loss% Snt Last Avg Best Wrst StDev
  706. 1.|-- 45.55.64.253 0.0% 3 0.3 3.3 0.3 9.3 5.1
  707. 2.|-- 138.197.248.32 0.0% 3 0.3 0.3 0.3 0.3 0.0
  708. 3.|-- 138.197.244.32 0.0% 3 0.9 1.0 0.9 1.3 0.0
  709. 4.|-- ix-ae-3-0.tcore1.n75-new-york.as6453.net 0.0% 3 1.0 0.9 0.9 1.0 0.0
  710. 5.|-- if-ae-9-2.tcore1.nto-new-york.as6453.net 0.0% 3 7.5 8.1 7.5 9.3 0.7
  711. 6.|-- if-ae-7-2.tcore1.n0v-new-york.as6453.net 0.0% 3 7.3 8.5 7.3 10.9 2.0
  712. 7.|-- if-ae-0-2.tcore3.njy-newark.as6453.net 0.0% 3 7.2 8.0 7.2 8.8 0.0
  713. 8.|-- if-ae-1-3.tcore4.njy-newark.as6453.net 0.0% 3 7.3 7.4 7.3 7.4 0.0
  714. 9.|-- if-ae-12-2.tcore2.aeq-ashburn.as6453.net 0.0% 3 7.2 7.4 7.2 7.8 0.0
  715. 10.|-- 216.6.87.171 0.0% 3 7.2 8.4 7.0 10.9 2.0
  716. 11.|-- 94.142.119.121 0.0% 3 32.6 32.3 31.8 32.6 0.0
  717. 12.|-- 176.52.255.217 0.0% 3 31.5 32.2 31.5 33.6 1.0
  718. 13.|-- tm-nicaragua-0-0-0-6-gramiabr4.net.telefonicaglobalsolutions.com 0.0% 3 63.5 63.8 63.5 64.2 0.0
  719. 14.|-- host44-53-98-165.movistar.com.ni 0.0% 3 66.0 69.9 66.0 74.9 4.5
  720. 15.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  721. #######################################################################################################################################
  722. [*] Performing General Enumeration of Domain: bdfnet.com
  723. [-] DNSSEC is not configured for bdfnet.com
  724. [*] SOA ns1.bdfnet.com 200.6.55.12
  725. [*] NS ns1.bdfnet.com 200.6.55.12
  726. [*] MX bdfmail1.bdfnet.com 200.6.55.96
  727. [*] TXT bdfnet.com v=spf1 a mx ip4:200.6.55.0/24 ~all
  728. [*] Enumerating SRV Records
  729. [-] No SRV Records Found for bdfnet.com
  730. [+] 0 Records Found
  731. ####################################################################################################################################
  732. [*] Processing domain bdfnet.com
  733. [+] Getting nameservers
  734. 200.6.55.12 - ns1.bdfnet.com
  735. [-] Zone transfer failed
  736.  
  737. [+] TXT records found
  738. "v=spf1 a mx ip4:200.6.55.0/24 ~all"
  739.  
  740. [+] MX records found, added to target list
  741. 1 bdfmail1.bdfnet.com.
  742.  
  743. [*] Scanning bdfnet.com for A records
  744. 200.6.55.96 - bdfmail1.bdfnet.com
  745. 200.6.55.68 - apps.bdfnet.com
  746. 200.6.55.27 - autodiscover.bdfnet.com
  747. 200.6.55.25 - da.bdfnet.com
  748. 200.6.55.14 - da.bdfnet.com
  749. 200.6.55.98 - mail.bdfnet.com
  750. 200.6.55.103 - mdm.bdfnet.com
  751. 165.98.132.2 - ns.bdfnet.com
  752. 200.6.55.12 - ns1.bdfnet.com
  753. 200.6.55.15 - secure.bdfnet.com
  754. 200.6.55.91 - sslvpn.bdfnet.com
  755. 200.6.55.104 - vpn.bdfnet.com
  756. 200.6.55.90 - web.bdfnet.com
  757. 200.6.55.90 - www.bdfnet.com
  758. #######################################################################################################################################
  759. Original* bdfnet.com NS:ns1.bdfnet.com MX:bdfmail1.bdfnet.com
  760. Bitsquatting cdfnet.com 31.11.33.188 NS:dns.technorail.com MX:mx.cdfnet.com
  761. Bitsquatting fdfnet.com 185.53.178.6 NS:ns1.parkingcrew.net MX:mail.h-email.net
  762. Bitsquatting jdfnet.com 192.232.223.49 NS:ns569.hostgator.com MX:alt1.aspmx.l.google.com
  763. Bitsquatting rdfnet.com -
  764. Bitsquatting befnet.com 116.126.87.83 NS:ns1.whoisdomain.kr
  765. Bitsquatting bffnet.com -
  766. Bitsquatting blfnet.com 47.91.139.207 NS:dns7.hichina.com
  767. Bitsquatting btfnet.com 207.148.248.143
  768. Bitsquatting bdgnet.com 209.251.53.129 NS:ns53.worldnic.com MX:bdgnet.com.1.arsmtp.com
  769. Bitsquatting bddnet.com 192.0.78.24 NS:ns1.wordpress.com
  770. Bitsquatting bdbnet.com 52.5.103.164 NS:ns1.namebrightdns.com
  771. Homoglyph dbfnet.com 107.180.51.239 NS:ns65.domaincontrol.com MX:mail.dbfnet.com
  772. Homoglyph ɓdƒnet.com -
  773. Homoglyph ddfnet.com 174.142.90.200 NS:ns.ddf.com.br MX:ddfnet.com
  774. Homoglyph bbfnet.com 52.5.103.164 NS:ns1.namebrightdns.com
  775. Hyphenation bdf-net.com 176.9.106.72 NS:ns1.bdf-net.com MX:ALT1.ASPMX.L.GOOGLE.com
  776. Omission bdnet.com 178.32.107.55 NS:a.dns.gandi.net MX:mx1.riastudio.fr
  777. Omission bdfne.com 69.172.201.153 NS:ns1.uniregistrymarket.link
  778. Omission dfnet.com NS:ns1dns.name.com MX:ALT1.ASPMX.L.GOOGLE.com
  779. Omission bdfnt.com -
  780. Omission bfnet.com 74.208.236.45 NS:ns1074.ui-dns.biz
  781. Replacement bdtnet.com 104.151.250.147 NS:a.dnspod.com
  782. Replacement bdrnet.com NS:ns1.myhostadmin.net
  783. Replacement bsfnet.com 150.95.52.101 NS:ns1.mixhost.jp MX:bsfnet.com
  784. Replacement gdfnet.com -
  785. Replacement bxfnet.com NS:ns1.myhostadmin.net
  786. Replacement bdfnst.com -
  787. Replacement bcfnet.com 52.5.103.164 NS:ns1.namebrightdns.com
  788. Replacement brfnet.com 52.5.103.164 NS:ns1.namebrightdns.com
  789. Replacement bdcnet.com 52.5.103.164 NS:ns1.namebrightdns.com MX:mx60.m1bp.com
  790. Replacement hdfnet.com 107.151.109.203 NS:ns2.dnsdun.com
  791. Replacement bdfner.com -
  792. Replacement ndfnet.com -
  793. Replacement vdfnet.com 209.68.29.46 NS:ns0000.ns0.com MX:mailwash14.pair.com
  794. Subdomain bdf.net.com 199.59.242.150
  795. Subdomain bdfn.et.com 69.172.201.153 NS:ns1.uniregistrymarket.link
  796. Subdomain bdfne.t.com -
  797. Transposition bfdnet.com 206.188.192.14 NS:ns49.worldnic.com MX:p.webcom.ctmail.com
  798. #######################################################################################################################################
  799. Ip Address Status Type Domain Name Server
  800. ---------- ------ ---- ----------- ------
  801. 200.6.55.68 host apps.bdfnet.com
  802. 200.6.55.98 host mail.bdfnet.com
  803. 165.98.132.2 host ns.bdfnet.com
  804. 200.6.55.12 host ns1.bdfnet.com
  805. 200.6.55.110 host sac.bdfnet.com
  806. 200.6.55.15 host secure.bdfnet.com
  807. 200.6.55.104 host vpn.bdfnet.com
  808. 200.6.55.90 302 host web.bdfnet.com
  809. 200.6.55.90 302 alias www.bdfnet.com
  810. 200.6.55.90 302 host web.bdfnet.com
  811. ######################################################################################################################################
  812. Anonymous #OpNicaragua JTSEC Full Recon #2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!