Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- Nom de l'hôte www.hammerskins.net FAI Amarutu Technology Ltd
- Continent Amérique du Nord Drapeau
- BZ
- Pays Belize Code du pays BZ
- Région Inconnu Heure locale 19 Oct 2018 21:13 CST
- Ville Inconnu Code Postal Inconnu
- Adresse IP 198.144.120.68 Latitude 17.25
- #######################################################################################################################################
- Server: 10.211.254.254
- Address: 10.211.254.254#53
- ** server can't find A: NXDOMAIN
- > www.hammerskins.net
- Server: 10.211.254.254
- Address: 10.211.254.254#53
- Non-authoritative answer:
- www.hammerskins.net canonical name = hammerskins.net.
- Name: hammerskins.net
- Address: 198.144.120.68
- #######################################################################################################################################
- HostIP:198.144.120.68
- HostName:www.hammerskins.net
- Gathered Inet-whois information for 198.144.120.68
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 198.135.168.0 - 198.147.159.255
- netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
- descr: IPv4 address block not managed by the RIPE NCC
- remarks: ------------------------------------------------------
- remarks:
- remarks: You can find the whois server to query, or the
- remarks: IANA registry to query on this web page:
- remarks: http://www.iana.org/assignments/ipv4-address-space
- remarks:
- remarks: You can access databases of other RIRs at:
- remarks:
- remarks: AFRINIC (Africa)
- remarks: http://www.afrinic.net/ whois.afrinic.net
- remarks:
- remarks: APNIC (Asia Pacific)
- remarks: http://www.apnic.net/ whois.apnic.net
- remarks:
- remarks: ARIN (Northern America)
- remarks: http://www.arin.net/ whois.arin.net
- remarks:
- remarks: LACNIC (Latin America and the Carribean)
- remarks: http://www.lacnic.net/ whois.lacnic.net
- remarks:
- remarks: IANA IPV4 Recovered Address Space
- remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
- remarks:
- remarks: ------------------------------------------------------
- country: EU # Country is really world wide
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- status: ALLOCATED UNSPECIFIED
- mnt-by: RIPE-NCC-HM-MNT
- mnt-lower: RIPE-NCC-HM-MNT
- created: 2011-07-11T12:36:58Z
- last-modified: 2018-09-04T13:04:38Z
- source: RIPE
- role: Internet Assigned Numbers Authority
- address: see http://www.iana.org.
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- nic-hdl: IANA1-RIPE
- remarks: For more information on IANA services
- remarks: go to IANA web site at http://www.iana.org.
- mnt-by: RIPE-NCC-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2001-09-22T09:31:27Z
- source: RIPE # Filtered
- % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
- Gathered Inic-whois information for hammerskins.net
- ---------------------------------------------------------------------------------------------------------------------------------------
- Domain Name: HAMMERSKINS.NET
- Registry Domain ID: 89696958_DOMAIN_NET-VRSN
- Registrar WHOIS Server: whois.godaddy.com
- Registrar URL: http://www.godaddy.com
- Updated Date: 2016-03-31T12:50:16Z
- Creation Date: 2002-08-27T00:54:47Z
- Registry Expiry Date: 2021-08-27T00:55:00Z
- Registrar: GoDaddy.com, LLC
- Registrar IANA ID: 146
- Registrar Abuse Contact Email: abuse@godaddy.com
- Registrar Abuse Contact Phone: 480-624-2505
- Domain Status: clientDeleteProhibited https:/�U@/ican��\��n.�org/ep���p#U@clien���tD�U@elete�������Prohibi�U@ted
- Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
- Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
- Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
- Name Server: NS11.KODDOS.COM
- Name Server: NS12.KODDOS.COM
- DNSSEC: unsigned
- URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
- <<<Last update of whois database: 2018-10-20T03jV@:18:1��\��4Z
- For more information on Whois status codes, please visit https://icann.org/epp
- NOTICE: The expiration date displayed in this reYV@
- registrar's sponsorship of the domain name registration in the registry is
- currently set to expire. This date does not necessarily reflect the expiration
- date of the domain name registrant's agreement with the sponsoring
- registrar. Users may consult the sponsoring registrar's Whois database to
- view the registrar's reported date of expiration for this registration.
- TERMS OF USE: You are not authorized to access or query our Whois
- database through the use of electronic processes�U@e hig��\��h-yvolume|��� aU@nd
- automated except as reasonably necessary to register domain names or
- modify existing registrations; the Data in VeriSign Global Registry
- Services' ("VeriSign") Whois database is provided by VeriSign for
- information purposes only, and to assist persons in obtaining information
- about or related to a domain name registration record. VeriSign does not
- guarantee its accuracy. By submitting a Whois query, you agree to abide
- by the following terms of use: You agree that yo�U@ use ��\��th�is Dat
- ���a U@only
- for lawful purposes and that under no circumstances will you use this Data
- to: (1) allow, enable, or otherwise support the transmission of mass
- unsolicited, commercial advertising or solicitations via e-mail, telephone,
- or facsimile; or (2) enable high volume, automated, electronic processes
- that apply to VeriSign (or its computer systems). The compilation,
- repackaging, dissemination or other use of this Data is expressly
- prohibited without the prior written consent of YV@VeriS��\��ig�n. Yo��� aXV@gree ���nogV@��������
- use electronic processes that are automated and high-volume to access or
- query the Whois database except as reasonably necessary to register
- domain names or modify existing registrations. VeriSign reserves the right
- to restrict your access to the Whois database in its sole discretion to ensure
- operational stability. VeriSign may restrict or terminate your access to the
- Whois database for failure to abide by these terms of use. VeriSign
- reserves the right to modify these terms at any �U@time.��\��
- The Registry database contains ONLY .COM, .NET, .EDU domains and
- Registrars.
- Gathered Netcraft information for www.hammerskins.net
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for www.hammerskins.net
- Netcraft.com Information gathered
- Gathered Subdomain information for hammerskins.net
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 possible subdomain(s) for host hammerskins.net, Searched 0 pages containing 0 results
- Gathered E-Mail information for hammerskins.net
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host hammerskins.net, Searched 0 pages containing 0 results
- Gathered TCP Port information for 198.144.120.68
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 21/tcp open
- 26/tcp open
- 53/tcp open
- 80/tcp open
- 110/tcp open
- 143/tcp open
- Portscan Finished: Scanned 150 ports, 1 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: https://www.hammerskins.net
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: The Official International Hammerskin Nation Website
- [+] IP address: 198.144.120.68
- [+] Web Server: LiteSpeed
- [+] CMS: Could Not Detect
- [+] Cloudflare: Not Detected
- [+] Robots File: Could NOT Find robots.txt!
- W H O I S L O O K U P
- =======================================================================================================================================
- Domain Name: HAMMERSKINS.NET
- Registry Domain ID: 89696958_DOMAIN_NET-VRSN
- Registrar WHOIS Server: whois.godaddy.com
- Registrar URL: http://www.godaddy.com
- Updated Date: 2016-03-31T12:50:16Z
- Creation Date: 2002-08-27T00:54:47Z
- Registry Expiry Date: 2021-08-27T00:55:00Z
- Registrar: GoDaddy.com, LLC
- Registrar IANA ID: 146
- Registrar Abuse Contact Email: abuse@godaddy.com
- Registrar Abuse Contact Phone: 480-624-2505
- Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
- Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
- Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
- Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
- Name Server: NS11.KODDOS.COM
- Name Server: NS12.KODDOS.COM
- DNSSEC: unsigned
- URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
- >>> Last update of whois database: 2018-10-20T03:18:43Z <<<
- For more information on Whois status codes, please visit https://icann.org/epp
- NOTICE: The expiration date displayed in this record is the date the
- registrar's sponsorship of the domain name registration in the registry is
- currently set to expire. This date does not necessarily reflect the expiration
- date of the domain name registrant's agreement with the sponsoring
- registrar. Users may consult the sponsoring registrar's Whois database to
- view the registrar's reported date of expiration for this registration.
- The Registry database contains ONLY .COM, .NET, .EDU domains and
- Registrars.
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 198.144.120.68
- [i] Country: BZ
- [i] State: Belize
- [i] City: Belize City
- [i] Latitude: 17.483299
- [i] Longitude: -88.183296
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.0 200 OK
- [i] ETag: "39c7-50a99432-2d4bc72b9705ca9c;;;"
- [i] Last-Modified: Mon, 19 Nov 2012 02:06:42 GMT
- [i] Content-Type: text/html
- [i] Content-Length: 14791
- [i] Date: Sat, 20 Oct 2018 03:19:02 GMT
- [i] Accept-Ranges: bytes
- [i] Server: LiteSpeed
- [i] Alt-Svc: quic=":443"; ma=2592000; v="35,39,43"
- [i] Connection: close
- D N S L O O K U P
- ======================================================================================================================================
- ;; Truncated, retrying in TCP mode.
- hammerskins.net. 14400 IN MX 0 hammerskins.net.
- hammerskins.net. 14400 IN A 198.144.120.68
- hammerskins.net. 43200 IN NS ns12.koddos.com.
- hammerskins.net. 43200 IN NS ns11.koddos.com.
- hammerskins.net. 14400 IN TXT "v=spf1 ip4:63.247.69.218 a mx ptr a:blizzard.securenet-server.net ?all"
- hammerskins.net. 43200 IN SOA ns11.koddos.com. koddos.com.gmail.com. 2018051300 7200 7200 1814400 10800
- S U B N E T C A L C U L A T I O N
- ======================================================================================================================================
- Address = 198.144.120.68
- Network = 198.144.120.68 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 198.144.120.68 - 198.144.120.68 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.40 ( https://nmap.org ) at 2018-10-20 03:19 UTC
- Nmap scan report for hammerskins.net (198.144.120.68)
- Host is up (0.079s latency).
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 1.71 seconds
- S U B - D O M A I N F I N D E R
- ======================================================================================================================================
- [i] Total Subdomains Found : 3
- [+] Subdomain: cpanel.hammerskins.net
- [-] IP: 198.144.120.68
- [+] Subdomain: webmail.hammerskins.net
- [-] IP: 198.144.120.68
- [+] Subdomain: autodiscover.hammerskins.net
- [-] IP: 198.144.120.68
- #######################################################################################################################################
- [?] Enter the target: https://www.hammerskins.net/
- [!] IP Address : 198.144.120.68
- [!] Server: LiteSpeed
- [+] Clickjacking protection is not in place.
- [!] www.hammerskins.net doesn't seem to use a CMS
- [+] Honeypot Probabilty: 30%
- --------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for www.hammerskins.net
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/www.hammerskins.net
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 1.65 seconds
- ---------------------------------------------------------------------------------------------------------------------------------------
- [verbose] Retrieved token: 2GdHlwdcXcIBiPGIzbqvJb0tYba4z4hX
- [+] DNS Records
- ns12.koddos.com. (198.144.120.80) AS206264 Amarutu Technology Ltd Belize
- ns11.koddos.com. (198.144.120.52) AS206264 Amarutu Technology Ltd Belize
- [+] MX Records
- 0 (198.144.120.68) AS206264 Amarutu Technology Ltd Belize
- [+] Host Records (A)
- www.hammerskins.net (198.144.120.68) AS206264 Amarutu Technology Ltd Belize
- [+] TXT Records
- "v=spf1 ip4:63.247.69.218 a mx ptr a:blizzard.securenet-server.net ?all"
- [+] DNS Map: https://dnsdumpster.com/static/map/hammerskins.net.png
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- pixel-1540005564243410-web-@www.hammerskins.net
- pixel-154000556759154-web-@www.hammerskins.net
- No hosts found
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Crawling the target for fuzzable URLs
- [-] No fuzzable URLs found
- #######################################################################################################################################
- [+] Hosting Info for Website: www.hammerskins.net
- [+] Visitors per day: < 200
- [+] IP Address: 198.144.120.68
- [+] IP Reverse DNS (Host): 198.144.120.68
- [+] Hosting Company IP Owner: Esecurity
- [+] Hosting IP Range: 198.144.120.0 - 198.144.121.255 (512 ip)
- [+] Hosting Address: Po Box 634, 7900 Tysons One Place, Suite 1450, Mclean, VA, 22102, US
- [+] Owner Address: 7900 Tysons One Place, Suite 1450, 35 New Road, Belize City, VA, 22102, BZ
- [+] Hosting Country: USA
- [+] Owner Country: BLZ
- [+] Hosting Phone: +49 6102 8235 389, +49 6102 8235 381
- [+] Owner Phone: +852 3750 7973
- [+] Hosting Website: rigidtech.net
- [+] Owner Website: www.koddos.com
- [+] CIDR: 198.144.96.0/19
- [+] Owner CIDR: 198.144.120.0/23
- [+] Hosting CIDR: 198.144.96.0/19
- [+] NS: hammerskins.net
- [+] NS: ns12.koddos.com
- [+] NS: ns11.koddos.com
- #######################################################################################################################################
- ; <<>> DiG 9.11.4-P2-3-Debian <<>> www.hammerskins.net
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4686
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;www.hammerskins.net. IN A
- ;; ANSWER SECTION:
- www.hammerskins.net. 12370 IN CNAME hammerskins.net.
- hammerskins.net. 12300 IN A 198.144.120.68
- ;; Query time: 269 msec
- ;; SERVER: 10.211.254.254#53(10.211.254.254)
- ;; WHEN: ven oct 19 23:53:36 EDT 2018
- ;; MSG SIZE rcvd: 93
- #######################################################################################################################################
- [+] Testing domain
- www.hammerskins.net 198.144.120.68
- [+] Dns resolving
- Domain name Ip address Name server
- No address associated with hostname hammerskins.net
- [+] Testing wildcard
- Ok, no wildcard found.
- [+] Scanning for subdomain on hammerskins.net
- [!] Wordlist not specified. I scannig with my internal wordlist...
- Estimated time about 228.35 seconds
- Subdomain Ip address Name server
- localhost.hammerskins.net 127.0.0.1 localhost
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------- ------ ---- ----------- ------
- 198.144.120.68 404 alias ftp.hammerskins.net LiteSpeed
- 198.144.120.68 404 host hammerskins.net LiteSpeed
- 127.0.0.1 host localhost.hammerskins.net
- 198.144.120.68 200 alias mail.hammerskins.net LiteSpeed
- 198.144.120.68 200 host hammerskins.net LiteSpeed
- 198.144.120.68 301 host webmail.hammerskins.net LiteSpeed
- 198.144.120.68 200 alias www.hammerskins.net LiteSpeed
- 198.144.120.68 200 host hammerskins.net LiteSpeed
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: hammerskins.net
- [-] DNSSEC is not configured for hammerskins.net
- [*] SOA ns11.koddos.com 198.144.120.52
- [*] NS ns12.koddos.com 198.144.120.80
- [*] Bind Version for 198.144.120.80 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
- [*] NS ns11.koddos.com 198.144.120.52
- [*] Bind Version for 198.144.120.52 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
- [*] MX hammerskins.net 198.144.120.68
- [*] A hammerskins.net 198.144.120.68
- [*] TXT hammerskins.net v=spf1 ip4:63.247.69.218 a mx ptr a:blizzard.securenet-server.net ?all
- [*] Enumerating SRV Records
- [*] SRV _caldav._tcp.hammerskins.net s1.koddos.com 198.144.120.14 2079 0
- [*] SRV _carddavs._tcp.hammerskins.net s1.koddos.com 198.144.120.14 2080 0
- [*] SRV _carddav._tcp.hammerskins.net s1.koddos.com 198.144.120.14 2079 0
- [*] SRV _caldavs._tcp.hammerskins.net s1.koddos.com 198.144.120.14 2080 0
- [+] 4 Records Found
- #######################################################################################################################################
- [*] Processing domain hammerskins.net
- [+] Getting nameservers
- 198.144.120.52 - ns11.koddos.com
- 198.144.120.80 - ns12.koddos.com
- [-] Zone transfer failed
- [+] TXT records found
- "v=spf1 ip4:63.247.69.218 a mx ptr a:blizzard.securenet-server.net ?all"
- [+] MX records found, added to target list
- 0 hammerskins.net.
- [*] Scanning hammerskins.net for A records
- 198.144.120.68 - hammerskins.net
- 198.144.120.68 - autoconfig.hammerskins.net
- 198.144.120.68 - autodiscover.hammerskins.net
- 198.144.120.68 - cpanel.hammerskins.net
- 198.144.120.68 - ftp.hammerskins.net
- 127.0.0.1 - localhost.hammerskins.net
- 198.144.120.68 - mail.hammerskins.net
- 198.144.120.68 - webdisk.hammerskins.net
- 198.144.120.68 - webmail.hammerskins.net
- 198.144.120.68 - whm.hammerskins.net
- 198.144.120.68 - www.hammerskins.net
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- www.hammerskins.net -----
- Host's addresses:
- __________________
- hammerskins.net. 14357 IN A 198.144.120.68
- Name Servers:
- ______________
- ns12.koddos.com. 161 IN A 198.144.120.80
- ns11.koddos.com. 161 IN A 198.144.120.52
- Mail (MX) Servers:
- ___________________
- hammerskins.net. 14355 IN A 198.144.120.68
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for www.hammerskins.net on ns12.koddos.com ...
- Trying Zone Transfer for www.hammerskins.net on ns11.koddos.com ...
- brute force file not specified, bay.
- #######################################################################################################################################
- No match for "WWW.HAMMERSKINS.NET".
- >>> Last update of whois database: 2018-10-20T03:58:16Z <<<
- NOTICE: The expiration date displayed in this record is the date the
- registrar's sponsorship of the domain name registration in the registry is
- currently set to expire. This date does not necessarily reflect the expiration
- date of the domain name registrant's agreement with the sponsoring
- registrar. Users may consult the sponsoring registrar's Whois database to
- view the registrar's reported date of expiration for this registration.
- TERMS OF USE: You are not authorized to access or query our Whois
- database through the use of electronic processes that are high-volume and
- automated except as reasonably necessary to register domain names or
- modify existing registrations; the Data in VeriSign Global Registry
- Services' ("VeriSign") Whois database is provided by VeriSign for
- information purposes only, and to assist persons in obtaining information
- about or related to a domain name registration record. VeriSign does not
- guarantee its accuracy. By submitting a Whois query, you agree to abide
- by the following terms of use: You agree that you may use this Data only
- for lawful purposes and that under no circumstances will you use this Data
- to: (1) allow, enable, or otherwise support the transmission of mass
- unsolicited, commercial advertising or solicitations via e-mail, telephone,
- or facsimile; or (2) enable high volume, automated, electronic processes
- that apply to VeriSign (or its computer systems). The compilation,
- repackaging, dissemination or other use of this Data is expressly
- prohibited without the prior written consent of VeriSign. You agree not to
- use electronic processes that are automated and high-volume to access or
- query the Whois database except as reasonably necessary to register
- domain names or modify existing registrations. VeriSign reserves the right
- to restrict your access to the Whois database in its sole discretion to ensure
- operational stability. VeriSign may restrict or terminate your access to the
- Whois database for failure to abide by these terms of use. VeriSign
- reserves the right to modify these terms at any time.
- The Registry database contains ONLY .COM, .NET, .EDU domains and
- Registrars.
- #######################################################################################################################################
- # Coded By Ahmed Aboul-Ela - @aboul3la
- [-] Enumerating subdomains now for www.hammerskins.net
- [-] verbosity is enabled, will show the subdomains results in realtime
- [-] Searching now in Baidu..
- [-] Searching now in Yahoo..
- [-] Searching now in Google..
- [-] Searching now in Bing..
- [-] Searching now in Ask..
- [-] Searching now in Netcraft..
- [-] Searching now in DNSdumpster..
- [-] Searching now in Virustotal..
- [-] Searching now in ThreatCrowd..
- [-] Searching now in SSL Certificates..
- [-] Searching now in PassiveDNS..
- #######################################################################################################################################
- [*] Found SPF record:
- [*] v=spf1 ip4:63.247.69.218 a mx ptr a:blizzard.securenet-server.net ?all
- [+] SPF record has no All string
- [*] Checking SPF include mechanisms
- [*] Include mechanisms are not strong
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for www.hammerskins.net!
- #######################################################################################################################################
- ____ _____ ___ ______ _/ /_____ ____ ___
- / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
- / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
- \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
- /_/ discover v0.5.0 - by @michenriksen
- Identifying nameservers for www.hammerskins.net... Done
- Using nameservers:
- - 198.144.120.80
- - 198.144.120.52
- Checking for wildcard DNS... Done
- Running collector: Certificate Search... Done (0 hosts)
- Running collector: Netcraft... Done (0 hosts)
- Running collector: Shodan... Skipped
- -> Key 'shodan' has not been set
- Running collector: Censys... Skipped
- -> Key 'censys_secret' has not been set
- Running collector: Threat Crowd... Done (0 hosts)
- Running collector: DNSDB... Error
- -> DNSDB returned unexpected response code: 503
- Running collector: Wayback Machine... Done (5 hosts)
- Running collector: Dictionary... Done (27 hosts)
- Running collector: Google Transparency Report... Done (0 hosts)
- Running collector: PTRArchive... Error
- -> PTRArchive returned unexpected response code: 502
- Running collector: PassiveTotal... Skipped
- -> Key 'passivetotal_key' has not been set
- Running collector: VirusTotal... Skipped
- -> Key 'virustotal' has not been set
- Running collector: HackerTarget... Done (1 host)
- Running collector: PublicWWW... Done (0 hosts)
- Running collector: Riddler... Skipped
- -> Key 'riddler_username' has not been set
- Resolving 32 unique hosts...
- 198.144.120.68 .www.hammerskins.net
- 198.144.120.68 hammerskins.net
- 198.144.120.68 www.hammerskins.net
- Found subnets:
- - 198.144.120.0-255 : 3 hosts
- Wrote 3 hosts to:
- - file:///root/aquatone/www.hammerskins.net/hosts.txt
- - file:///root/aquatone/www.hammerskins.net/hosts.json
- __
- ____ _____ ___ ______ _/ /_____ ____ ___
- / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
- / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
- \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
- /_/ takeover v0.5.0 - by @michenriksen
- Loaded 3 hosts from /root/aquatone/www.hammerskins.net/hosts.json
- Loaded 25 domain takeover detectors
- Identifying nameservers for www.hammerskins.net... Done
- Using nameservers:
- - 198.144.120.52
- - 198.144.120.80
- Checking hosts for domain takeover vulnerabilities...
- Finished checking hosts:
- - Vulnerable : 0
- - Not Vulnerable : 3
- Wrote 0 potential subdomain takeovers to:
- - file:///root/aquatone/www.hammerskins.net/takeovers.json
- __
- ____ _____ ___ ______ _/ /_____ ____ ___
- / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
- / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
- \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
- /_/ scan v0.5.0 - by @michenriksen
- Loaded 3 hosts from /root/aquatone/www.hammerskins.net/hosts.json
- Probing 2 ports...
- 80/tcp 198.144.120.68 .www.hammerskins.net, hammerskins.net, www.hammerskins.net
- 443/tcp 198.144.120.68 .www.hammerskins.net, hammerskins.net, www.hammerskins.net
- Wrote open ports to file:///root/aquatone/www.hammerskins.net/open_ports.txt
- Wrote URLs to file:///root/aquatone/www.hammerskins.net/urls.txt
- __
- ____ _____ ___ ______ _/ /_____ ____ ___
- / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
- / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
- \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
- /_/ gather v0.5.0 - by @michenriksen
- Processing 6 pages...
- Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
- #######################################################################################################################################
- PING hammerskins.net (198.144.120.68) 56(84) bytes of data.
- 64 bytes from 198.144.120.68 (198.144.120.68): icmp_seq=1 ttl=54 time=398 ms
- --- hammerskins.net ping statistics ---
- 1 packets transmitted, 1 received, 0% packet loss, time 0ms
- rtt min/avg/max/mdev = 398.255/398.255/398.255/0.000 ms
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:07 EDT
- Nmap scan report for www.hammerskins.net (198.144.120.68)
- Host is up (0.67s latency).
- Not shown: 432 closed ports, 34 filtered ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 53/tcp open domain
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 465/tcp open smtps
- 587/tcp open submission
- 993/tcp open imaps
- 995/tcp open pop3s
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:07 EDT
- Nmap scan report for www.hammerskins.net (198.144.120.68)
- Host is up (0.33s latency).
- PORT STATE SERVICE
- 53/udp open domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp open|filtered netbios-ns
- 138/udp open|filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- + -- --=[Port 21 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:07 EDT
- NSE: [ftp-bounce] PORT response: 500 I won't open a connection to 45.33.32.156 (only to 178.173.22.66)
- Nmap scan report for www.hammerskins.net (198.144.120.68)
- Host is up (0.31s latency).
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Pure-FTPd
- |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP (98%), Linux 2.6.18 - 2.6.22 (93%), Blue Coat PacketShaper appliance (93%), Polycom MGC-25 videoconferencing system (pSOS 1.0.4) (93%), Wyse ThinOS 5.2 (93%), AVtech Room Alert 26W environmental monitor (90%), OneAccess 1641 router (89%), HP PSC 2400-series Photosmart printer (88%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 366.47 ms 198.144.120.68
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 611.15 seconds
- ######## #
- ################# #
- ###################### #
- ######################### #
- ############################
- ##############################
- ###############################
- ###############################
- ##############################
- # ######## #
- ## ### #### ##
- ### ###
- #### ###
- #### ########## ####
- ####################### ####
- #################### ####
- ################## ####
- ############ ##
- ######## ###
- ######### #####
- ############ ######
- ######## #########
- ##### ########
- ### #########
- ###### ############
- #######################
- # # ### # # ##
- ########################
- ## ## ## ##
- https://metasploit.com
- =[ metasploit v4.17.18-dev ]
- + -- --=[ 1818 exploits - 1031 auxiliary - 315 post ]
- + -- --=[ 539 payloads - 42 encoders - 10 nops ]
- + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
- RHOST => www.hammerskins.net
- RHOSTS => www.hammerskins.net
- [*] www.hammerskins.net:21 - Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [*] www.hammerskins.net:21 - Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- [-] www.hammerskins.net:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (www.hammerskins.net:21).
- [*] Exploit completed, but no session was created.
- [*] Started reverse TCP double handler on 10.211.1.1:4444
- [-] www.hammerskins.net:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (www.hammerskins.net:21).
- [*] Exploit completed, but no session was created.
- + -- --=[Port 22 closed... skipping.
- + -- --=[Port 23 closed... skipping.
- + -- --=[Port 25 closed... skipping.
- + -- --=[Port 53 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:19 EDT
- Nmap scan report for www.hammerskins.net (198.144.120.68)
- Host is up.
- PORT STATE SERVICE VERSION
- 53/tcp filtered domain
- Too many fingerprints match this host to give specific OS details
- Host script results:
- | dns-brute:
- | DNS Brute-force hostnames:
- | mail.hammerskins.net - 198.144.120.68
- | www.hammerskins.net - 198.144.120.68
- |_ ftp.hammerskins.net - 198.144.120.68
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 ... 30
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 19.81 seconds
- + -- --=[Port 67 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:19 EDT
- Nmap scan report for www.hammerskins.net (198.144.120.68)
- Host is up.
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 ... 30
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 111.43 seconds
- + -- --=[Port 68 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:21 EDT
- Nmap scan report for www.hammerskins.net (198.144.120.68)
- Host is up.
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 ... 30
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 111.54 seconds
- + -- --=[Port 69 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:23 EDT
- + -- --=[Port 79 closed... skipping.
- + -- --=[Port 80 opened... running tests...
- ######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- [ ! ] Starting SCANNER INURLBR 2.1 at [20-10-2018 00:24:46]
- [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
- It is the end user's responsibility to obey all applicable local, state and federal laws.
- Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.hammerskins.net.txt ]
- [ INFO ][ DORK ]::[ site:www.hammerskins.net ]
- [ INFO ][ SEARCHING ]:: {
- [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.bh ]
- [ INFO ][ SEARCHING ]::
- -[:::]
- [ INFO ][ ENGINE ]::[ GOOGLE API ]
- [ INFO ][ SEARCHING ]::
- -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
- [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.ec ID: 007843865286850066037:3ajwn2jlweq ]
- [ INFO ][ SEARCHING ]::
- -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
- [ INFO ][ TOTAL FOUND VALUES ]:: [ 20 ]
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 0 / 20 ]-[00:25:08] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 1 / 20 ]-[00:25:13] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/memoriam.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 2 / 20 ]-[00:25:18] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/chapters.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 3 / 20 ]-[00:25:23] [ - ]
- |_[ + ] Target:: [ http://www.hammerskins.net/mhs/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 4 / 20 ]-[00:25:28] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/joerowan/index.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 5 / 20 ]-[00:25:33] [ - ]
- |_[ + ] Target:: [ http://www.hammerskins.net/fhs/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 6 / 20 ]-[00:25:38] [ - ]
- |_[ + ] Target:: [ http://www.hammerskins.net/bhs/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 7 / 20 ]-[00:25:43] [ - ]
- |_[ + ] Target:: [ http://www.hammerskins.net/nhs/ ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 8 / 20 ]-[00:25:48] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/history.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 9 / 20 ]-[00:25:53] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/dehs/index.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 10 / 20 ]-[00:25:58] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/vhs/index.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 11 / 20 ]-[00:26:03] [ - ]
- |_[ + ] Target:: [ http://www.hammerskins.net/svhs/index.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 12 / 20 ]-[00:26:08] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/phs/index.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 13 / 20 ]-[00:26:13] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/chs/index.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 14 / 20 ]-[00:26:18] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/nwhs/index.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 15 / 20 ]-[00:26:23] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/whs/index.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 16 / 20 ]-[00:26:28] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/nzhs/index.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 17 / 20 ]-[00:26:33] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/ihs/index.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 18 / 20 ]-[00:26:38] [ - ]
- |_[ + ] Target:: [ https://www.hammerskins.net/hse/index.html ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- _[ - ]::--------------------------------------------------------------------------------------------------------------
- |_[ + ] [ 19 / 20 ]-[00:26:43] [ - ]
- |_[ + ] Target:: [ http://www.hammerskins.net/mhs/index.html?COLLCC=719262969& ]
- |_[ + ] Exploit::
- |_[ + ] Information Server:: , , IP::0
- |_[ + ] More details::
- |_[ + ] Found:: UNIDENTIFIED
- |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
- [ INFO ] [ Shutting down ]
- [ INFO ] [ End of process INURLBR at [20-10-2018 00:26:43]
- [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
- [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.hammerskins.net.txt ]
- |_________________________________________________________________________________________
- \_________________________________________________________________________________________/
- + -- --=[Port 110 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:26 EDT
- + -- --=[Port 111 closed... skipping.
- + -- --=[Port 123 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:26 EDT
- + -- --=[Port 135 closed... skipping.
- + -- --=[Port 137 closed... skipping.
- + -- --=[Port 139 closed... skipping.
- + -- --=[Port 161 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:26 EDT
- Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
- Nmap done: 1 IP address (0 hosts up) scanned in 3.69 seconds
- _ _
- / \ /\ __ _ __ /_/ __
- | |\ / | _____ \ \ ___ _____ | | / \ _ \ \
- | | \/| | | ___\ |- -| /\ / __\ | -__/ | || | || | |- -|
- |_| | | | _|__ | |_ / -\ __\ \ | | | | \__/| | | |_
- |/ |____/ \___\/ /\ \\___/ \/ \__| |_\ \___\
- =[ metasploit v4.17.18-dev ]
- + -- --=[ 1818 exploits - 1031 auxiliary - 315 post ]
- + -- --=[ 539 payloads - 42 encoders - 10 nops ]
- + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
- RHOSTS => www.hammerskins.net
- [-] 198.144.120.68 SNMP request timeout.
- [*] Scanned 1 of 1 hosts (100% complete)
- [*] Auxiliary module execution completed
- + -- --=[Port 162 closed... skipping.
- + -- --=[Port 389 closed... skipping.
- + -- --=[Port 443 opened... running tests...
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:28 EDT
- NSE: Loaded 129 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 00:28
- Completed NSE at 00:28, 10.39s elapsed
- Initiating NSE at 00:28
- Completed NSE at 00:28, 0.00s elapsed
- Pre-scan script results:
- | broadcast-igmp-discovery:
- | 192.168.0.1
- | Interface: eth0
- | Version: 2
- | Group: 224.0.0.2
- | Description: All Routers on this Subnet
- | 192.168.0.1
- | Interface: eth0
- | Version: 2
- | Group: 224.0.0.22
- | Description: IGMP
- | 192.168.0.3
- | Interface: eth0
- | Version: 2
- | Group: 224.0.0.251
- | Description: mDNS (rfc6762)
- | 192.168.0.3
- | Interface: eth0
- | Version: 2
- | Group: 224.0.0.252
- | Description: Link-local Multicast Name Resolution (rfc4795)
- | 192.168.0.2
- | Interface: eth0
- | Version: 2
- | Group: 239.255.255.246
- | Description: Organization-Local Scope (rfc2365)
- | 192.168.0.3
- | Interface: eth0
- | Version: 2
- | Group: 239.255.255.250
- | Description: Organization-Local Scope (rfc2365)
- |_ Use the newtargets script-arg to add the results as targets
- |_broadcast-pim-discovery: ERROR: Script execution failed (use -d to debug)
- | broadcast-ping:
- | IP: 192.168.0.1 MAC: 38:70:0c:d7:c1:0a
- |_ Use --script-args=newtargets to add the results as targets
- Initiating Ping Scan at 00:28
- Scanning www.hammerskins.net (198.144.120.68) [7 ports]
- Completed Ping Scan at 00:28, 2.04s elapsed (1 total hosts)
- Nmap scan report for www.hammerskins.net (198.144.120.68) [host down]
- NSE: Script Post-scanning.
- Initiating NSE at 00:28
- Completed NSE at 00:28, 0.00s elapsed
- Initiating NSE at 00:28
- Completed NSE at 00:28, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
- Nmap done: 1 IP address (0 hosts up) scanned in 13.17 seconds
- Raw packets sent: 14 (552B) | Rcvd: 0 (0B)
- ######################################################################################################################################
- [*] Opening loot directory /usr/share/sniper/loot/www.hammerskins.net [OK]
- + -- --=[Starting Metasploit service...
- [i] Database already started
- + -- --=[Importing NMap XML files into Metasploit...
- # cowsay++
- ____________
- < metasploit >
- ------------
- \ ,__,
- \ (oo)____
- (__) )\
- ||--|| *
- =[ metasploit v4.17.18-dev ]
- + -- --=[ 1818 exploits - 1031 auxiliary - 315 post ]
- + -- --=[ 539 payloads - 42 encoders - 10 nops ]
- + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
- * default
- * default
- [*] Importing 'Nmap XML' data
- [*] Import: Parsing with 'Nokogiri v1.8.5'
- [*] Importing host 198.144.120.68
- [*] Successfully imported /usr/share/sniper/loot/www.hammerskins.net/nmap/nmap-udp-www.hammerskins.net.xml
- [*] Importing 'Nmap XML' data
- [*] Import: Parsing with 'Nokogiri v1.8.5'
- [*] Successfully imported /usr/share/sniper/loot/www.hammerskins.net/nmap/nmap-www.hammerskins.net.xml
- Hosts
- =====
- address mac name os_name os_flavor os_sp purpose info comments
- ------- --- ---- ------- --------- ----- ------- ---- --------
- 62.90.225.20 Unknown device
- 91.121.133.224 irc.nullsecurity.net embedded device
- 107.152.98.18 tss.centralprocessingunit.com Unknown device
- 107.154.130.27 107.154.130.27 Unknown device
- 107.154.248.27 107.154.248.27 Unknown device
- 185.230.61.161 Unknown device
- 198.144.120.68 Unknown device
- 212.28.242.131 Unknown device
- Services
- ========
- host port proto name state info
- ---- ---- ----- ---- ----- ----
- 62.90.225.20 21 tcp ftp open 220 Microsoft FTP Service\x0d\x0a
- 91.121.133.224 21 tcp tcpwrapped open
- 91.121.133.224 25 tcp smtp filtered
- 91.121.133.224 53 udp domain unknown
- 91.121.133.224 67 udp dhcps unknown
- 91.121.133.224 68 udp dhcpc unknown
- 91.121.133.224 69 udp tftp unknown
- 91.121.133.224 80 tcp http open blackarch/1.33.7
- 91.121.133.224 88 udp kerberos-sec unknown
- 91.121.133.224 119 tcp nntp filtered
- 91.121.133.224 123 udp ntp unknown
- 91.121.133.224 135 tcp msrpc filtered
- 91.121.133.224 137 udp netbios-ns unknown
- 91.121.133.224 138 udp netbios-dgm unknown
- 91.121.133.224 139 tcp netbios-ssn filtered
- 91.121.133.224 139 udp netbios-ssn unknown
- 91.121.133.224 161 udp snmp unknown
- 91.121.133.224 162 udp snmptrap unknown
- 91.121.133.224 389 udp ldap unknown
- 91.121.133.224 443 tcp ssl/https open blackarch/1.33.7
- 91.121.133.224 445 tcp microsoft-ds filtered
- 91.121.133.224 520 udp route unknown
- 91.121.133.224 554 tcp tcpwrapped open
- 91.121.133.224 873 tcp rsync open protocol version 31
- 91.121.133.224 880 tcp unknown filtered
- 91.121.133.224 2022 tcp ssh open protocol 2.0
- 91.121.133.224 2049 udp nfs unknown
- 91.121.133.224 7070 tcp tcpwrapped open
- 107.152.98.18 21 tcp ftp open 220 ProFTPD 1.3.5b Server (ProFTPD) [107.152.98.18]\x0d\x0a
- 107.152.98.18 53 udp domain unknown
- 107.152.98.18 67 udp dhcps unknown
- 107.152.98.18 68 udp dhcpc unknown
- 107.152.98.18 69 udp tftp unknown
- 107.152.98.18 88 udp kerberos-sec unknown
- 107.152.98.18 123 udp ntp unknown
- 107.152.98.18 137 udp netbios-ns unknown
- 107.152.98.18 138 udp netbios-dgm unknown
- 107.152.98.18 139 udp netbios-ssn unknown
- 107.152.98.18 161 udp snmp unknown
- 107.152.98.18 162 udp snmptrap unknown
- 107.152.98.18 389 udp ldap unknown
- 107.152.98.18 520 udp route unknown
- 107.152.98.18 2049 udp nfs unknown
- 107.154.130.27 80 tcp http open ( 503-Service Unavailable )
- 107.154.130.27 8080 tcp http open ( 503-Service Unavailable )
- 107.154.248.27 8080 tcp http open ( 503-Service Unavailable )
- 185.230.61.161 53 udp domain unknown
- 185.230.61.161 67 udp dhcps unknown
- 185.230.61.161 68 udp dhcpc unknown
- 185.230.61.161 69 udp tftp unknown
- 185.230.61.161 88 udp kerberos-sec unknown
- 185.230.61.161 123 udp ntp unknown
- 185.230.61.161 137 udp netbios-ns unknown
- 185.230.61.161 138 udp netbios-dgm unknown
- 185.230.61.161 139 udp netbios-ssn unknown
- 185.230.61.161 161 udp snmp unknown
- 185.230.61.161 162 udp snmptrap unknown
- 185.230.61.161 389 udp ldap unknown
- 185.230.61.161 520 udp route unknown
- 185.230.61.161 2049 udp nfs unknown
- 198.144.120.68 53 udp domain open
- 198.144.120.68 67 udp dhcps unknown
- 198.144.120.68 68 udp dhcpc unknown
- 198.144.120.68 69 udp tftp unknown
- 198.144.120.68 88 udp kerberos-sec unknown
- 198.144.120.68 123 udp ntp unknown
- 198.144.120.68 137 udp netbios-ns unknown
- 198.144.120.68 138 udp netbios-dgm unknown
- 198.144.120.68 139 udp netbios-ssn unknown
- 198.144.120.68 161 udp snmp unknown
- 198.144.120.68 162 udp snmptrap unknown
- 198.144.120.68 389 udp ldap unknown
- 198.144.120.68 520 udp route unknown
- 198.144.120.68 2049 udp nfs unknown
- 212.28.242.131 22 tcp ssh open SSH-2.0-OpenSSH_5.3
- + -- --=[Current reports...
- + -- --=[Generating reports...
- ######################################################################################################################################
- --------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 198.144.120.68
- + Target Hostname: www.hammerskins.net
- + Target Port: 443
- ---------------------------------------------------------------------------------------------------------------------------------------
- + SSL Info: Subject: /CN=hammerskins.net
- Ciphers: ECDHE-RSA-AES128-GCM-SHA256
- Issuer: /C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
- + Start Time: 2018-10-19 23:19:17 (GMT-4)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: LiteSpeed
- Illegal hexadecimal digit ';' ignored at /var/lib/nikto/plugins/nikto_headers.plugin line 106.
- + Server leaks inodes via ETags, header found with file /, inode: 0x39c7, size: 0x50a99432, mtime: 0x2d4bc72b9705ca9c;;;
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + Uncommon header 'alt-svc' found, with contents: quic=":443"; ma=2592000; v="35,39,43"
- + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Retrieved x-powered-by header: PHP/5.6.38
- + Cookie zenid created without the secure flag
- + The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
- + Hostname 'www.hammerskins.net' does not match certificate's names: hammerskins.net
- + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection refused at /var/lib/nikto/plugins/LW2.pm line 5157.
- : Connection refused
- + Scan terminated: 20 error(s) and 10 item(s) reported on remote host
- + End Time: 2018-10-20 00:11:12 (GMT-4) (3115 seconds)
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 198.144.120.68
- + Target Hostname: 198.144.120.68
- + Target Port: 80
- + Start Time: 2018-10-19 23:19:59 (GMT-4)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: LiteSpeed
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- Illegal hexadecimal digit ';' ignored at /var/lib/nikto/plugins/nikto_headers.plugin line 106.
- + Server leaks inodes via ETags, header found with file /favicon.ico, inode: 0x37e, size: 0x510e8e95, mtime: 0xb36b6ee0dd564ff5;;;
- + /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
- + /securecontrolpanel/: Web Server Control Panel
- + /webmail/: Web based mail package installed.
- + /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
- + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
- + OSVDB-2117: /cpanel/: Web-based control panel
- + Retrieved x-powered-by header: PHP/5.6.38
- + OSVDB-3092: /store/: This might be interesting...
- + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
- + OSVDB-3093: /webmail/lib/emailreader_execute_on_each_page.inc.php: This might be interesting... has been seen in web logs from an unknown scanner.
- + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect (timeout): Transport endpoint is not connected
- + Scan terminated: 20 error(s) and 14 item(s) reported on remote host
- + End Time: 2018-10-20 00:11:13 (GMT-4) (3074 seconds)
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- Anonymous JTSEC #OpDomesticTerrorism Full Recon #9
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement