daily pastebin goal
91%
SHARE
TWEET

Anonymous #OpNicaragua JTSEC Full Recon #9

a guest Jun 30th, 2018 863 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. Hostname    conicyt.gob.ni      ISP     EQUIPOS Y SISTEMAS S.A.
  3. Continent   North America       Flag    
  4. NI
  5. Country     Nicaragua       Country Code    NI
  6. Region  Departamento de Managua         Local time  30 Jun 2018 09:20 CST
  7. City    Managua         Postal Code     Unknown
  8. IP Address  186.1.31.40         Latitude    12.151
  9.             Longitude   -86.268
  10. #######################################################################################################################################
  11. HostIP:186.1.31.40
  12. HostName:conicyt.gob.ni
  13.  
  14. Gathered Inet-whois information for 186.1.31.40
  15. ---------------------------------------------------------------------------------------------------------------------------------------
  16.  
  17.  
  18. inetnum:        186.0.0.0 - 186.255.255.255
  19. netname:        NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  20. descr:          IPv4 address block not managed by the RIPE NCC
  21. remarks:        ------------------------------------------------------
  22. remarks:
  23. remarks:        You can find the whois server to query, or the
  24. remarks:        IANA registry to query on this web page:
  25. remarks:        http://www.iana.org/assignments/ipv4-address-space
  26. remarks:
  27. remarks:        You can access databases of other RIRs at:
  28. remarks:
  29. remarks:        AFRINIC (Africa)
  30. remarks:        http://www.afrinic.net/ whois.afrinic.net
  31. remarks:
  32. remarks:        APNIC (Asia Pacific)
  33. remarks:        http://www.apnic.net/ whois.apnic.net
  34. remarks:
  35. remarks:        ARIN (Northern America)
  36. remarks:        http://www.arin.net/  whois.arin.net
  37. remarks:
  38. remarks:        LACNIC (Latin America and the Carribean)
  39. remarks:        http://www.lacnic.net/ whois.lacnic.net
  40. remarks:
  41. remarks:        IANA IPV4 Recovered Address Space
  42. remarks:        http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
  43. remarks:
  44. remarks:        ------------------------------------------------------
  45. country:        EU # Country is really world wide
  46. admin-c:        IANA1-RIPE
  47. tech-c:         IANA1-RIPE
  48. status:         ALLOCATED UNSPECIFIED
  49. mnt-by:         RIPE-NCC-HM-MNT
  50. mnt-lower:      RIPE-NCC-HM-MNT
  51. mnt-routes:     RIPE-NCC-RPSL-MNT
  52. created:        2014-11-07T14:15:06Z
  53. last-modified:  2015-10-29T15:14:39Z
  54. source:         RIPE
  55.  
  56. role:           Internet Assigned Numbers Authority
  57. address:        see http://www.iana.org.
  58. admin-c:        IANA1-RIPE
  59. tech-c:         IANA1-RIPE
  60. nic-hdl:        IANA1-RIPE
  61. remarks:        For more information on IANA services
  62. remarks:        go to IANA web site at http://www.iana.org.
  63. mnt-by:         RIPE-NCC-MNT
  64. created:        1970-01-01T00:00:00Z
  65. last-modified:  2001-09-22T09:31:27Z
  66. source:         RIPE # Filtered
  67.  
  68. % This query was served by the RIPE Database Query Service version 1.91.2 (WAGYU)
  69.  
  70.  
  71.  
  72. Gathered Inic-whois information for conicyt.gob.ni
  73. ---------------------------------------------------------------------------------------------------------------------------------------
  74. Error: Unable to connect - Invalid Host
  75. ERROR: Connection to InicWhois Server ni.whois-servers.net failed
  76. close error
  77.  
  78. Gathered Netcraft information for conicyt.gob.ni
  79. ---------------------------------------------------------------------------------------------------------------------------------------
  80.  
  81. Retrieving Netcraft.com information for conicyt.gob.ni
  82. Netcraft.com Information gathered
  83.  
  84. Gathered Subdomain information for conicyt.gob.ni
  85. ---------------------------------------------------------------------------------------------------------------------------------------
  86. Searching Google.com:80...
  87. Searching Altavista.com:80...
  88. Found 0 possible subdomain(s) for host conicyt.gob.ni, Searched 0 pages containing 0 results
  89.  
  90. Gathered E-Mail information for conicyt.gob.ni
  91. ---------------------------------------------------------------------------------------------------------------------------------------
  92. Searching Google.com:80...
  93. Searching Altavista.com:80...
  94. Found 0 E-Mail(s) for host conicyt.gob.ni, Searched 0 pages containing 0 results
  95.  
  96. Gathered TCP Port information for 186.1.31.40
  97. ---------------------------------------------------------------------------------------------------------------------------------------
  98.  
  99.  Port       State
  100.  
  101.  
  102. Portscan Finished: Scanned 150 ports, 3 ports were in state closed
  103.  
  104.  
  105. #######################################################################################################################################
  106. [i] Scanning Site: http://conicyt.gob.ni
  107.  
  108.  
  109.  
  110. B A S I C   I N F O
  111. =======================================================================================================================================
  112.  
  113.  
  114. [+] Site Title:
  115. [+] IP address: 186.1.31.40
  116. [+] Web Server: nginx
  117. [+] CMS: WordPress
  118. [+] Cloudflare: Not Detected
  119. [+] Robots File: Could NOT Find robots.txt!
  120.  
  121.  
  122.  
  123.  
  124.  
  125.  
  126. G E O  I P  L O O K  U P
  127. =======================================================================================================================================
  128.  
  129. [i] IP Address: 186.1.31.40
  130. [i] Country: NI
  131. [i] State: Managua
  132. [i] City: Managua
  133. [i] Latitude: 12.150800
  134. [i] Longitude: -86.268303
  135.  
  136.  
  137.  
  138.  
  139.  
  140.  
  141.  
  142. D N S   L O O K U P
  143. =======================================================================================================================================
  144.  
  145. ;; Truncated, retrying in TCP mode.
  146. conicyt.gob.ni.     86400   IN  MX  10 corporativo.ideay.net.ni.
  147. conicyt.gob.ni.     86400   IN  MX  0 mail1.ideay.net.ni.
  148. conicyt.gob.ni.     86400   IN  TXT "v=spf1 mx a ip4:186.1.31.37/32 ip4:186.1.31.34/32 a:corporativo.ideay.net.ni -all"
  149. conicyt.gob.ni.     86400   IN  NS  ns.ideay.com.ni.
  150. conicyt.gob.ni.     86400   IN  NS  ns.ideay.net.ni.
  151. conicyt.gob.ni.     86400   IN  A   186.1.31.40
  152. conicyt.gob.ni.     86400   IN  SOA ns.ideay.net.ni. soporte.conicyt.gob.ni. 2018010901 3600 1200 604800 7200
  153.  
  154.  
  155.  
  156.  
  157. S U B N E T   C A L C U L A T I O N
  158. =======================================================================================================================================
  159.  
  160. Address       = 186.1.31.40
  161. Network       = 186.1.31.40 / 32
  162. Netmask       = 255.255.255.255
  163. Broadcast     = not needed on Point-to-Point links
  164. Wildcard Mask = 0.0.0.0
  165. Hosts Bits    = 0
  166. Max. Hosts    = 1   (2^0 - 0)
  167. Host Range    = { 186.1.31.40 - 186.1.31.40 }
  168.  
  169.  
  170.  
  171. N M A P   P O R T   S C A N
  172. =======================================================================================================================================
  173.  
  174.  
  175. Starting Nmap 7.01 ( https://nmap.org ) at 2018-06-30 15:26 UTC
  176. Nmap scan report for conicyt.gob.ni (186.1.31.40)
  177. Host is up (0.065s latency).
  178. rDNS record for 186.1.31.40: webplesk.ideay.net.ni
  179. PORT     STATE    SERVICE       VERSION
  180. 21/tcp   open     ftp           ProFTPD
  181. 22/tcp   filtered ssh
  182. 23/tcp   filtered telnet
  183. 80/tcp   open     http          nginx
  184. 110/tcp  filtered pop3
  185. 143/tcp  filtered imap
  186. 443/tcp  open     ssl/http      nginx
  187. 3389/tcp filtered ms-wbt-server
  188.  
  189. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  190. Nmap done: 1 IP address (1 host up) scanned in 16.95 seconds
  191.  
  192. #######################################################################################################################################
  193. [?] Enter the target: http://conicyt.gob.ni/
  194. [!] IP Address : 186.1.31.40
  195. [!] Server: nginx
  196. [!] Powered By: PleskLin
  197. [!] conicyt.gob.ni doesn't seem to use a CMS
  198. [+] Honeypot Probabilty: 30%
  199. ---------------------------------------------------------------------------------------------------------------------------------------
  200. [~] Trying to gather whois information for conicyt.gob.ni
  201. [+] Whois information found
  202. [-] Unable to build response, visit https://who.is/whois/conicyt.gob.ni
  203. ---------------------------------------------------------------------------------------------------------------------------------------
  204. PORT     STATE    SERVICE       VERSION
  205. 21/tcp   open     ftp           ProFTPD
  206. 22/tcp   filtered ssh
  207. 23/tcp   filtered telnet
  208. 80/tcp   open     http          nginx
  209. 110/tcp  filtered pop3
  210. 143/tcp  filtered imap
  211. 443/tcp  open     ssl/http      nginx
  212. 3389/tcp filtered ms-wbt-server
  213. ---------------------------------------------------------------------------------------------------------------------------------------
  214.  
  215. [+] DNS Records
  216. ns.ideay.net.ni. (186.1.31.8) AS18840 EQUIPOS Y SISTEMAS S.A. Nicaragua
  217. ns.ideay.com.ni. (186.1.31.2) AS18840 EQUIPOS Y SISTEMAS S.A. Nicaragua
  218.  
  219. [+] MX Records
  220. 0 (186.1.31.37) AS18840 EQUIPOS Y SISTEMAS S.A. Nicaragua
  221.  
  222. [+] MX Records
  223. 10 (186.1.31.34) AS18840 EQUIPOS Y SISTEMAS S.A. Nicaragua
  224.  
  225. [+] Host Records (A)
  226. www.conicyt.gob.niHTTP: (186.1.31.40) AS18840 EQUIPOS Y SISTEMAS S.A. Nicaragua
  227.  
  228. [+] TXT Records
  229. "v=spf1 mx a ip4:186.1.31.37/32 ip4:186.1.31.34/32 a:corporativo.ideay.net.ni -all"
  230.  
  231. [+] DNS Map: https://dnsdumpster.com/static/map/conicyt.gob.ni.png
  232.  
  233. [>] Initiating 3 intel modules
  234. [>] Loading Alpha module (1/3)
  235. [>] Beta module deployed (2/3)
  236. [>] Gamma module initiated (3/3)
  237.  
  238.  
  239. [+] Emails found:
  240. ---------------------------------------------------------------------------------------------------------------------------------------
  241. Barberena@conicyt.gob.ni
  242. Guadalupe.Martinez@conicyt.gob.ni
  243. Guadalupe.martinez@conicyt.gob.ni
  244. Martinez@conicyt.gob.ni
  245. Pineda@conicyt.gob.ni
  246. Rene.lucio@conicyt.gob.ni
  247. ciencia.educacion@conicyt.gob.ni
  248. conicyt@conicyt.gob.ni
  249. elsa.lopez@conicyt.gob.ni
  250. empresarial@conicyt.gob.ni
  251. guadalupe.martinez@conicyt.gob.ni
  252. helen.sobalvarro@conicyt.gob.ni
  253. n@conicyt.gob.ni
  254. nez@conicyt.gob.ni
  255. nicolas.osorno@conicyt.gob.ni
  256. pamela.perez@conicyt.gob.ni
  257. pixel-1530372407802233-web-@conicyt.gob.ni
  258. premioinnovacion@conicyt.gob.ni
  259. rene.lucio@conicyt.gob.ni
  260. rro@conicyt.gob.ni
  261. trayectoriacientifica@conicyt.gob.ni
  262.  
  263. [+] Hosts found in search engines:
  264. ---------------------------------------------------------------------------------------------------------------------------------------
  265. [-] Resolving hostnames IPs...
  266. 186.1.31.40:www.conicyt.gob.ni
  267. [+] Virtual hosts:
  268. ---------------------------------------------------------------------------------------------------------------------------------------
  269. 186.1.31.40 www.ideay.com
  270. 186.1.31.40 lasmercedes.com.ni
  271. 186.1.31.40 holidayinn.com.ni
  272. 186.1.31.40 gruponayi.com
  273. 186.1.31.40 bluelogistics.com.ni
  274. 186.1.31.40 www.comasa.com.ni
  275. 186.1.31.40 agrenic.com
  276. 186.1.31.40 rentacarnicaragua.com
  277. 186.1.31.40 optima.com.ni
  278. 186.1.31.40 bfa2017nicaragua.com
  279. 186.1.31.40 delmor.com.ni
  280. 186.1.31.40 www.clubterraza.com
  281. 186.1.31.40 ind.gob.ni
  282. 186.1.31.40 www.ind.gob.ni
  283. 186.1.31.40 www.ucn.edu.ni
  284. 186.1.31.40 www.foton.com.ni
  285. 186.1.31.40 coficsa.com
  286. 186.1.31.40 sumin-nic.com
  287. 186.1.31.40 www.cnu.edu.ni
  288. 186.1.31.40 www.autonica.com
  289. 186.1.31.40 www.csa.edu.ni
  290. 186.1.31.40 www.lacayofiallos.com
  291. 186.1.31.40 www.holidayinn.com.ni
  292. 186.1.31.40 www.sinter.com.ni
  293. 186.1.31.40 mayorgaasociados.com
  294. 186.1.31.40 www.agricorp.com.ni
  295. 186.1.31.40 www.nicadrive.com
  296. 186.1.31.40 www.mayorgaasociados.com
  297. 186.1.31.40 www.drycleanusa.com.ni
  298. 186.1.31.40 www.sierrasdepaz.com.ni
  299. 186.1.31.40 www.provalores.com.ni
  300. 186.1.31.40 www.hotelhex.com.ni
  301. 186.1.31.40 prefanicsa.com.ni
  302. #######################################################################################################################################
  303. Server:     10.211.254.254
  304. Address:    10.211.254.254#53
  305.  
  306. Non-authoritative answer:
  307. Name:   conicyt.gob.ni
  308. Address: 186.1.31.40
  309.  
  310. conicyt.gob.ni has address 186.1.31.40
  311. conicyt.gob.ni mail is handled by 0 mail1.ideay.net.ni.
  312. conicyt.gob.ni mail is handled by 10 corporativo.ideay.net.ni.
  313. #######################################################################################################################################
  314. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  315.  
  316. [+] Target is conicyt.gob.ni
  317. [+] Loading modules.
  318. [+] Following modules are loaded:
  319. [x] [1] ping:icmp_ping  -  ICMP echo discovery module
  320. [x] [2] ping:tcp_ping  -  TCP-based ping discovery module
  321. [x] [3] ping:udp_ping  -  UDP-based ping discovery module
  322. [x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
  323. [x] [5] infogather:portscan  -  TCP and UDP PortScanner
  324. [x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
  325. [x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
  326. [x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
  327. [x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
  328. [x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
  329. [x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
  330. [x] [12] fingerprint:smb  -  SMB fingerprinting module
  331. [x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
  332. [+] 13 modules registered
  333. [+] Initializing scan engine
  334. [+] Running scan engine
  335. [-] ping:tcp_ping module: no closed/open TCP ports known on 186.1.31.40. Module test failed
  336. [-] ping:udp_ping module: no closed/open UDP ports known on 186.1.31.40. Module test failed
  337. [-] No distance calculation. 186.1.31.40 appears to be dead or no ports known
  338. [+] Host: 186.1.31.40 is down (Guess probability: 0%)
  339. [+] Cleaning up scan engine
  340. [+] Modules deinitialized
  341. [+] Execution completed.
  342. #######################################################################################################################################
  343. ; <<>> DiG 9.11.3-2-Debian <<>> -x conicyt.gob.ni
  344. ;; global options: +cmd
  345. ;; Got answer:
  346. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20530
  347. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  348.  
  349. ;; OPT PSEUDOSECTION:
  350. ; EDNS: version: 0, flags:; udp: 4096
  351. ;; QUESTION SECTION:
  352. ;ni.gob.conicyt.in-addr.arpa.   IN  PTR
  353.  
  354. ;; AUTHORITY SECTION:
  355. in-addr.arpa.       3600    IN  SOA b.in-addr-servers.arpa. nstld.iana.org. 2018013437 1800 900 604800 3600
  356.  
  357. ;; Query time: 240 msec
  358. ;; SERVER: 10.211.254.254#53(10.211.254.254)
  359. ;; WHEN: Sat Jun 30 11:23:22 EDT 2018
  360. ;; MSG SIZE  rcvd: 124
  361.  
  362. dnsenum VERSION:1.2.4
  363.  
  364. -----   conicyt.gob.ni   -----
  365.  
  366.  
  367. Host's addresses:
  368. __________________
  369.  
  370. conicyt.gob.ni.                          86383    IN    A        186.1.31.40
  371.  
  372.  
  373. Name Servers:
  374. ______________
  375.  
  376. ns.ideay.com.ni.                         86181    IN    A        186.1.31.2
  377. ns.ideay.net.ni.                         86181    IN    A        186.1.31.8
  378.  
  379.  
  380. Mail (MX) Servers:
  381. ___________________
  382.  
  383. corporativo.ideay.net.ni.                900      IN    A        186.1.31.34
  384. mail1.ideay.net.ni.                      900      IN    A        186.1.31.37
  385.  
  386.  
  387. Trying Zone Transfers and getting Bind Versions:
  388. _________________________________________________
  389.  
  390.  
  391. Trying Zone Transfer for conicyt.gob.ni on ns.ideay.net.ni ...
  392.  
  393. Trying Zone Transfer for conicyt.gob.ni on ns.ideay.com.ni ...
  394.  
  395. brute force file not specified, bay.
  396. ######################################################################################################################################    
  397. [-] Enumerating subdomains now for conicyt.gob.ni
  398. [-] verbosity is enabled, will show the subdomains results in realtime
  399. [-] Searching now in Baidu..
  400. [-] Searching now in Yahoo..
  401. [-] Searching now in Google..
  402. [-] Searching now in Bing..
  403. [-] Searching now in Ask..
  404. [-] Searching now in Netcraft..
  405. [-] Searching now in DNSdumpster..
  406. [-] Searching now in Virustotal..
  407. [-] Searching now in ThreatCrowd..
  408. [-] Searching now in SSL Certificates..
  409. [-] Searching now in PassiveDNS..
  410. Virustotal: www.conicyt.gob.ni
  411. DNSdumpster: www.conicyt.gob.ni
  412. [-] Saving results to file: /usr/share/sniper/loot/conicyt.gob.ni/domains/domains-conicyt.gob.ni.txt
  413. [-] Total Unique Subdomains Found: 1
  414. www.conicyt.gob.ni
  415. #######################################################################################################################################
  416.                            __
  417.   ____ _____ ___  ______ _/ /_____  ____  ___
  418.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  419. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  420. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  421.         /_/  discover v0.5.0 - by @michenriksen
  422.  
  423. Identifying nameservers for conicyt.gob.ni... Done
  424. Using nameservers:
  425.  
  426.  - 186.1.31.2
  427.  - 186.1.31.8
  428.  
  429. Checking for wildcard DNS... Done
  430.  
  431. Running collector: PassiveTotal... Skipped
  432.  -> Key 'passivetotal_key' has not been set
  433. Running collector: Certificate Search... Done (0 hosts)
  434. Running collector: DNSDB... Done (2 hosts)
  435. Running collector: Riddler... Skipped
  436.  -> Key 'riddler_username' has not been set
  437. Running collector: Threat Crowd... Done (0 hosts)
  438. Running collector: Dictionary... Done (27 hosts)
  439. Running collector: PTRArchive... Error
  440.  -> PTRArchive returned unexpected response code: 404
  441. Running collector: Censys... Skipped
  442.  -> Key 'censys_secret' has not been set
  443. Running collector: Wayback Machine... Done (2 hosts)
  444. Running collector: PublicWWW... Done (0 hosts)
  445. Running collector: HackerTarget... Done (1 host)
  446. Running collector: Google Transparency Report... Done (0 hosts)
  447. Running collector: VirusTotal... Skipped
  448.  -> Key 'virustotal' has not been set
  449. Running collector: Shodan... Skipped
  450.  -> Key 'shodan' has not been set
  451. Running collector: Netcraft... Done (0 hosts)
  452.  
  453. Resolving 30 unique hosts...
  454. 186.1.31.40     .conicyt.gob.ni
  455. 186.1.31.40     conicyt.gob.ni
  456. 186.1.31.37     mail.conicyt.gob.ni
  457. 186.1.31.40     www.conicyt.gob.ni
  458.  
  459. Found subnets:
  460.  
  461.  - 186.1.31.0-255    : 4 hosts
  462.  
  463. Wrote 4 hosts to:
  464.  
  465.  - file:///root/aquatone/conicyt.gob.ni/hosts.txt
  466.  - file:///root/aquatone/conicyt.gob.ni/hosts.json
  467.                            __
  468.   ____ _____ ___  ______ _/ /_____  ____  ___
  469.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  470. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  471. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  472.         /_/  takeover v0.5.0 - by @michenriksen
  473.  
  474. Loaded 4 hosts from /root/aquatone/conicyt.gob.ni/hosts.json
  475. Loaded 25 domain takeover detectors
  476.  
  477. Identifying nameservers for conicyt.gob.ni... Done
  478. Using nameservers:
  479.  
  480.  - 186.1.31.2
  481.  - 186.1.31.8
  482.  
  483. Checking hosts for domain takeover vulnerabilities...
  484.  
  485. Finished checking hosts:
  486.  
  487.  - Vulnerable     : 0
  488.  - Not Vulnerable : 4
  489.  
  490. Wrote 0 potential subdomain takeovers to:
  491.  
  492.  - file:///root/aquatone/conicyt.gob.ni/takeovers.json
  493.  
  494.                            __
  495.   ____ _____ ___  ______ _/ /_____  ____  ___
  496.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  497. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  498. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  499.         /_/  scan v0.5.0 - by @michenriksen
  500.  
  501. Loaded 4 hosts from /root/aquatone/conicyt.gob.ni/hosts.json
  502.  
  503. Probing 4 ports...
  504.  
  505. Wrote open ports to file:///root/aquatone/conicyt.gob.ni/open_ports.txt
  506. Wrote URLs to file:///root/aquatone/conicyt.gob.ni/urls.txt
  507.                            __
  508.   ____ _____ ___  ______ _/ /_____  ____  ___
  509.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  510. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  511. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  512.         /_/  gather v0.5.0 - by @michenriksen
  513. #######################################################################################################################################
  514. Starting Nmap 7.70 ( https://nmap.org ) at 2018-06-30 11:31 EDT
  515. Nmap scan report for conicyt.gob.ni (186.1.31.40)
  516. Host is up.
  517. rDNS record for 186.1.31.40: webplesk.ideay.net.ni
  518.  
  519. PORT     STATE         SERVICE
  520. 53/udp   open|filtered domain
  521. 67/udp   open|filtered dhcps
  522. 68/udp   open|filtered dhcpc
  523. 69/udp   open|filtered tftp
  524. 88/udp   open|filtered kerberos-sec
  525. 123/udp  open|filtered ntp
  526. 137/udp  open|filtered netbios-ns
  527. 138/udp  open|filtered netbios-dgm
  528. 139/udp  open|filtered netbios-ssn
  529. 161/udp  open|filtered snmp
  530. 162/udp  open|filtered snmptrap
  531. 389/udp  open|filtered ldap
  532. 520/udp  open|filtered route
  533. 2049/udp open|filtered nfs
  534. #######################################################################################################################################
  535.  
  536. I, [2018-06-30T11:32:02.993289 #19649]  INFO -- : Initiating port scan
  537. I, [2018-06-30T11:32:07.531162 #19649]  INFO -- : Using nmap scan output file logs/nmap_output_2018-06-30_11-32-02.xml
  538. #######################################################################################################################################
  539. Starting Nmap 7.01 ( https://nmap.org ) at 2018-06-30 15:24 UTC
  540. Nmap scan report for conicyt.gob.ni (186.1.31.40)
  541. Host is up (0.065s latency).
  542. rDNS record for 186.1.31.40: webplesk.ideay.net.ni
  543. PORT     STATE    SERVICE       VERSION
  544. 21/tcp   open     ftp           ProFTPD
  545. 22/tcp   filtered ssh
  546. 23/tcp   filtered telnet
  547. 80/tcp   open     http          nginx
  548. 110/tcp  filtered pop3
  549. 143/tcp  filtered imap
  550. 443/tcp  open     ssl/http      nginx
  551. 3389/tcp filtered ms-wbt-server
  552.  
  553. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  554. Nmap done: 1 IP address (1 host up) scanned in 14.94 seconds
  555. #######################################################################################################################################
  556. Start: Sat Jun 30 15:25:24 2018
  557. HOST: whatweb                              Loss%   Snt   Last   Avg  Best  Wrst StDev
  558.   1.|-- 45.55.64.254                          0.0%     3    6.9   2.6   0.4   6.9   3.7
  559.   2.|-- 138.197.251.22                        0.0%     3    0.3   0.4   0.3   0.6   0.0
  560.   3.|-- nyk-b3-link.telia.net                 0.0%     3    3.3   3.4   1.0   5.8   2.3
  561.   4.|-- nyk-bb3-link.telia.net                0.0%     3   33.5  35.1  33.3  38.6   3.0
  562.   5.|-- ash-bb3-link.telia.net                0.0%     3    8.1   8.0   8.0   8.1   0.0
  563.   6.|-- mai-b3-link.telia.net                 0.0%     3   33.1  33.1  33.1  33.1   0.0
  564.   7.|-- asurnet-ic-323721-mai-b2.c.telia.net  0.0%     3   35.7  35.7  35.7  35.7   0.0
  565.   8.|-- 63.245.107.49                         0.0%     3   38.1  38.1  38.1  38.1   0.0
  566.   9.|-- 63.245.74.33                          0.0%     3   37.8  37.8  37.8  37.8   0.0
  567.  10.|-- ???                                  100.0     3    0.0   0.0   0.0   0.0   0.0
  568.  
  569. ######################################################################################################################################
  570. [*] Performing General Enumeration of Domain: conicyt.gob.ni
  571. [-] DNSSEC is not configured for conicyt.gob.ni
  572. [-] Could not Resolve SOA Record for conicyt.gob.ni
  573. [*]      NS ns.ideay.com.ni 186.1.31.2
  574. [*]      Bind Version for 186.1.31.2 Equipos y Sistemas - ns.ideay.com.ni
  575. [*]      NS ns.ideay.net.ni 186.1.31.8
  576. [*]      Bind Version for 186.1.31.8 Equipos y Sistemas - ns.ideay.net.ni
  577. [*]      MX mail1.ideay.net.ni 186.1.31.37
  578. [*]      MX corporativo.ideay.net.ni 186.1.31.34
  579. [*]      A conicyt.gob.ni 186.1.31.40
  580. [*]      TXT conicyt.gob.ni v=spf1 mx a ip4:186.1.31.37/32 ip4:186.1.31.34/32 a:corporativo.ideay.net.ni -all
  581. [*] Enumerating SRV Records
  582. [-] No SRV Records Found for conicyt.gob.ni
  583. #######################################################################################################################################
  584. [*] Processing domain conicyt.gob.ni
  585. [+] Getting nameservers
  586. 186.1.31.8 - ns.ideay.net.ni
  587. 186.1.31.2 - ns.ideay.com.ni
  588. [-] Zone transfer failed
  589.  
  590. [+] TXT records found
  591. "v=spf1 mx a ip4:186.1.31.37/32 ip4:186.1.31.34/32 a:corporativo.ideay.net.ni -all"
  592.  
  593. [+] MX records found, added to target list
  594. 0 mail1.ideay.net.ni.
  595. 10 corporativo.ideay.net.ni.
  596.  
  597. [*] Scanning conicyt.gob.ni for A records
  598. 186.1.31.40 - conicyt.gob.ni                          
  599. 186.1.31.37 - mail.conicyt.gob.ni                                  
  600. 186.1.31.36 - pop3.conicyt.gob.ni                      
  601. 186.1.31.40 - www.conicyt.gob.ni          
  602. #######################################################################################################################################
  603. Ip Address  Status  Type    Domain Name         Server
  604. ----------  ------  ----    -----------         ------
  605. 186.1.31.37             host    mail.conicyt.gob.ni    
  606. 186.1.31.36     302     host    pop3.conicyt.gob.ni    
  607. 186.1.31.40             host    www.conicyt.gob.ni     
  608. #######################################################################################################################################
  609.                                              Anonymous  #OpNicaragua JTSEC Full Recon #9
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top