API tools faq
paste
Advertisement
Guest User

Anonymous JTSEC #OpDomesticTerrorism Full Recon #9

a guest
Oct 20th, 2018
643
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 61.50 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. Nom de l'hôte www.hammerskins.net FAI Amarutu Technology Ltd
  3. Continent Amérique du Nord Drapeau
  4. BZ
  5. Pays Belize Code du pays BZ
  6. Région Inconnu Heure locale 19 Oct 2018 21:13 CST
  7. Ville Inconnu Code Postal Inconnu
  8. Adresse IP 198.144.120.68 Latitude 17.25
  9. #######################################################################################################################################
  10. Server: 10.211.254.254
  11. Address: 10.211.254.254#53
  12.  
  13. ** server can't find A: NXDOMAIN
  14. > www.hammerskins.net
  15. Server: 10.211.254.254
  16. Address: 10.211.254.254#53
  17.  
  18. Non-authoritative answer:
  19. www.hammerskins.net canonical name = hammerskins.net.
  20. Name: hammerskins.net
  21. Address: 198.144.120.68
  22. #######################################################################################################################################
  23. HostIP:198.144.120.68
  24. HostName:www.hammerskins.net
  25.  
  26. Gathered Inet-whois information for 198.144.120.68
  27. ---------------------------------------------------------------------------------------------------------------------------------------
  28.  
  29.  
  30. inetnum: 198.135.168.0 - 198.147.159.255
  31. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  32. descr: IPv4 address block not managed by the RIPE NCC
  33. remarks: ------------------------------------------------------
  34. remarks:
  35. remarks: You can find the whois server to query, or the
  36. remarks: IANA registry to query on this web page:
  37. remarks: http://www.iana.org/assignments/ipv4-address-space
  38. remarks:
  39. remarks: You can access databases of other RIRs at:
  40. remarks:
  41. remarks: AFRINIC (Africa)
  42. remarks: http://www.afrinic.net/ whois.afrinic.net
  43. remarks:
  44. remarks: APNIC (Asia Pacific)
  45. remarks: http://www.apnic.net/ whois.apnic.net
  46. remarks:
  47. remarks: ARIN (Northern America)
  48. remarks: http://www.arin.net/ whois.arin.net
  49. remarks:
  50. remarks: LACNIC (Latin America and the Carribean)
  51. remarks: http://www.lacnic.net/ whois.lacnic.net
  52. remarks:
  53. remarks: IANA IPV4 Recovered Address Space
  54. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
  55. remarks:
  56. remarks: ------------------------------------------------------
  57. country: EU # Country is really world wide
  58. admin-c: IANA1-RIPE
  59. tech-c: IANA1-RIPE
  60. status: ALLOCATED UNSPECIFIED
  61. mnt-by: RIPE-NCC-HM-MNT
  62. mnt-lower: RIPE-NCC-HM-MNT
  63. created: 2011-07-11T12:36:58Z
  64. last-modified: 2018-09-04T13:04:38Z
  65. source: RIPE
  66.  
  67. role: Internet Assigned Numbers Authority
  68. address: see http://www.iana.org.
  69. admin-c: IANA1-RIPE
  70. tech-c: IANA1-RIPE
  71. nic-hdl: IANA1-RIPE
  72. remarks: For more information on IANA services
  73. remarks: go to IANA web site at http://www.iana.org.
  74. mnt-by: RIPE-NCC-MNT
  75. created: 1970-01-01T00:00:00Z
  76. last-modified: 2001-09-22T09:31:27Z
  77. source: RIPE # Filtered
  78.  
  79. % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
  80.  
  81.  
  82.  
  83. Gathered Inic-whois information for hammerskins.net
  84. ---------------------------------------------------------------------------------------------------------------------------------------
  85. Domain Name: HAMMERSKINS.NET
  86. Registry Domain ID: 89696958_DOMAIN_NET-VRSN
  87. Registrar WHOIS Server: whois.godaddy.com
  88. Registrar URL: http://www.godaddy.com
  89. Updated Date: 2016-03-31T12:50:16Z
  90. Creation Date: 2002-08-27T00:54:47Z
  91. Registry Expiry Date: 2021-08-27T00:55:00Z
  92. Registrar: GoDaddy.com, LLC
  93. Registrar IANA ID: 146
  94. Registrar Abuse Contact Email: abuse@godaddy.com
  95. Registrar Abuse Contact Phone: 480-624-2505
  96. Domain Status: clientDeleteProhibited https:/�U@/ican��\��n.�org/ep���p#U@clien���tD�U@elete�������Prohibi�U@ted
  97. Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
  98. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  99. Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
  100. Name Server: NS11.KODDOS.COM
  101. Name Server: NS12.KODDOS.COM
  102. DNSSEC: unsigned
  103. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  104. <<<Last update of whois database: 2018-10-20T03jV@:18:1��\��4Z
  105.  
  106. For more information on Whois status codes, please visit https://icann.org/epp
  107.  
  108. NOTICE: The expiration date displayed in this reYV@
  109. registrar's sponsorship of the domain name registration in the registry is
  110. currently set to expire. This date does not necessarily reflect the expiration
  111. date of the domain name registrant's agreement with the sponsoring
  112. registrar. Users may consult the sponsoring registrar's Whois database to
  113. view the registrar's reported date of expiration for this registration.
  114.  
  115. TERMS OF USE: You are not authorized to access or query our Whois
  116. database through the use of electronic processes�U@e hig��\��h-yvolume|��� aU@nd
  117. automated except as reasonably necessary to register domain names or
  118. modify existing registrations; the Data in VeriSign Global Registry
  119. Services' ("VeriSign") Whois database is provided by VeriSign for
  120. information purposes only, and to assist persons in obtaining information
  121. about or related to a domain name registration record. VeriSign does not
  122. guarantee its accuracy. By submitting a Whois query, you agree to abide
  123. by the following terms of use: You agree that yo�U@ use ��\��th�is Dat
  124. ���a U@only
  125. for lawful purposes and that under no circumstances will you use this Data
  126. to: (1) allow, enable, or otherwise support the transmission of mass
  127. unsolicited, commercial advertising or solicitations via e-mail, telephone,
  128. or facsimile; or (2) enable high volume, automated, electronic processes
  129. that apply to VeriSign (or its computer systems). The compilation,
  130. repackaging, dissemination or other use of this Data is expressly
  131. prohibited without the prior written consent of YV@VeriS��\��ig�n. Yo��� aXV@gree ���nogV@��������
  132. use electronic processes that are automated and high-volume to access or
  133. query the Whois database except as reasonably necessary to register
  134. domain names or modify existing registrations. VeriSign reserves the right
  135. to restrict your access to the Whois database in its sole discretion to ensure
  136. operational stability. VeriSign may restrict or terminate your access to the
  137. Whois database for failure to abide by these terms of use. VeriSign
  138. reserves the right to modify these terms at any �U@time.��\��
  139.  
  140. The Registry database contains ONLY .COM, .NET, .EDU domains and
  141. Registrars.
  142.  
  143. Gathered Netcraft information for www.hammerskins.net
  144. ---------------------------------------------------------------------------------------------------------------------------------------
  145.  
  146. Retrieving Netcraft.com information for www.hammerskins.net
  147. Netcraft.com Information gathered
  148.  
  149. Gathered Subdomain information for hammerskins.net
  150. ---------------------------------------------------------------------------------------------------------------------------------------
  151. Searching Google.com:80...
  152. Searching Altavista.com:80...
  153. Found 0 possible subdomain(s) for host hammerskins.net, Searched 0 pages containing 0 results
  154.  
  155. Gathered E-Mail information for hammerskins.net
  156. ---------------------------------------------------------------------------------------------------------------------------------------
  157. Searching Google.com:80...
  158. Searching Altavista.com:80...
  159. Found 0 E-Mail(s) for host hammerskins.net, Searched 0 pages containing 0 results
  160.  
  161. Gathered TCP Port information for 198.144.120.68
  162. ---------------------------------------------------------------------------------------------------------------------------------------
  163.  
  164. Port State
  165.  
  166. 21/tcp open
  167. 26/tcp open
  168. 53/tcp open
  169. 80/tcp open
  170. 110/tcp open
  171. 143/tcp open
  172.  
  173. Portscan Finished: Scanned 150 ports, 1 ports were in state closed
  174.  
  175. #######################################################################################################################################
  176. [i] Scanning Site: https://www.hammerskins.net
  177.  
  178.  
  179.  
  180. B A S I C I N F O
  181. =======================================================================================================================================
  182.  
  183.  
  184. [+] Site Title: The Official International Hammerskin Nation Website
  185. [+] IP address: 198.144.120.68
  186. [+] Web Server: LiteSpeed
  187. [+] CMS: Could Not Detect
  188. [+] Cloudflare: Not Detected
  189. [+] Robots File: Could NOT Find robots.txt!
  190.  
  191.  
  192.  
  193.  
  194. W H O I S L O O K U P
  195. =======================================================================================================================================
  196.  
  197. Domain Name: HAMMERSKINS.NET
  198. Registry Domain ID: 89696958_DOMAIN_NET-VRSN
  199. Registrar WHOIS Server: whois.godaddy.com
  200. Registrar URL: http://www.godaddy.com
  201. Updated Date: 2016-03-31T12:50:16Z
  202. Creation Date: 2002-08-27T00:54:47Z
  203. Registry Expiry Date: 2021-08-27T00:55:00Z
  204. Registrar: GoDaddy.com, LLC
  205. Registrar IANA ID: 146
  206. Registrar Abuse Contact Email: abuse@godaddy.com
  207. Registrar Abuse Contact Phone: 480-624-2505
  208. Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
  209. Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
  210. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  211. Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
  212. Name Server: NS11.KODDOS.COM
  213. Name Server: NS12.KODDOS.COM
  214. DNSSEC: unsigned
  215. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  216. >>> Last update of whois database: 2018-10-20T03:18:43Z <<<
  217.  
  218. For more information on Whois status codes, please visit https://icann.org/epp
  219.  
  220. NOTICE: The expiration date displayed in this record is the date the
  221. registrar's sponsorship of the domain name registration in the registry is
  222. currently set to expire. This date does not necessarily reflect the expiration
  223. date of the domain name registrant's agreement with the sponsoring
  224. registrar. Users may consult the sponsoring registrar's Whois database to
  225. view the registrar's reported date of expiration for this registration.
  226.  
  227.  
  228. The Registry database contains ONLY .COM, .NET, .EDU domains and
  229. Registrars.
  230.  
  231.  
  232.  
  233.  
  234. G E O I P L O O K U P
  235. =======================================================================================================================================
  236.  
  237. [i] IP Address: 198.144.120.68
  238. [i] Country: BZ
  239. [i] State: Belize
  240. [i] City: Belize City
  241. [i] Latitude: 17.483299
  242. [i] Longitude: -88.183296
  243.  
  244.  
  245.  
  246.  
  247. H T T P H E A D E R S
  248. =======================================================================================================================================
  249.  
  250.  
  251. [i] HTTP/1.0 200 OK
  252. [i] ETag: "39c7-50a99432-2d4bc72b9705ca9c;;;"
  253. [i] Last-Modified: Mon, 19 Nov 2012 02:06:42 GMT
  254. [i] Content-Type: text/html
  255. [i] Content-Length: 14791
  256. [i] Date: Sat, 20 Oct 2018 03:19:02 GMT
  257. [i] Accept-Ranges: bytes
  258. [i] Server: LiteSpeed
  259. [i] Alt-Svc: quic=":443"; ma=2592000; v="35,39,43"
  260. [i] Connection: close
  261.  
  262.  
  263.  
  264.  
  265. D N S L O O K U P
  266. ======================================================================================================================================
  267.  
  268. ;; Truncated, retrying in TCP mode.
  269. hammerskins.net. 14400 IN MX 0 hammerskins.net.
  270. hammerskins.net. 14400 IN A 198.144.120.68
  271. hammerskins.net. 43200 IN NS ns12.koddos.com.
  272. hammerskins.net. 43200 IN NS ns11.koddos.com.
  273. hammerskins.net. 14400 IN TXT "v=spf1 ip4:63.247.69.218 a mx ptr a:blizzard.securenet-server.net ?all"
  274. hammerskins.net. 43200 IN SOA ns11.koddos.com. koddos.com.gmail.com. 2018051300 7200 7200 1814400 10800
  275.  
  276.  
  277.  
  278.  
  279. S U B N E T C A L C U L A T I O N
  280. ======================================================================================================================================
  281.  
  282. Address = 198.144.120.68
  283. Network = 198.144.120.68 / 32
  284. Netmask = 255.255.255.255
  285. Broadcast = not needed on Point-to-Point links
  286. Wildcard Mask = 0.0.0.0
  287. Hosts Bits = 0
  288. Max. Hosts = 1 (2^0 - 0)
  289. Host Range = { 198.144.120.68 - 198.144.120.68 }
  290.  
  291.  
  292.  
  293. N M A P P O R T S C A N
  294. =======================================================================================================================================
  295.  
  296.  
  297. Starting Nmap 7.40 ( https://nmap.org ) at 2018-10-20 03:19 UTC
  298. Nmap scan report for hammerskins.net (198.144.120.68)
  299. Host is up (0.079s latency).
  300. PORT STATE SERVICE
  301. 21/tcp open ftp
  302. 22/tcp filtered ssh
  303. 23/tcp filtered telnet
  304. 80/tcp open http
  305. 110/tcp open pop3
  306. 143/tcp open imap
  307. 443/tcp open https
  308. 3389/tcp filtered ms-wbt-server
  309.  
  310. Nmap done: 1 IP address (1 host up) scanned in 1.71 seconds
  311.  
  312.  
  313.  
  314. S U B - D O M A I N F I N D E R
  315. ======================================================================================================================================
  316.  
  317.  
  318. [i] Total Subdomains Found : 3
  319.  
  320. [+] Subdomain: cpanel.hammerskins.net
  321. [-] IP: 198.144.120.68
  322.  
  323. [+] Subdomain: webmail.hammerskins.net
  324. [-] IP: 198.144.120.68
  325.  
  326. [+] Subdomain: autodiscover.hammerskins.net
  327. [-] IP: 198.144.120.68
  328.  
  329.  
  330. #######################################################################################################################################
  331. [?] Enter the target: https://www.hammerskins.net/
  332. [!] IP Address : 198.144.120.68
  333. [!] Server: LiteSpeed
  334. [+] Clickjacking protection is not in place.
  335. [!] www.hammerskins.net doesn't seem to use a CMS
  336. [+] Honeypot Probabilty: 30%
  337. --------------------------------------------------------------------------------------------------------------------------------------
  338. [~] Trying to gather whois information for www.hammerskins.net
  339. [+] Whois information found
  340. [-] Unable to build response, visit https://who.is/whois/www.hammerskins.net
  341. ---------------------------------------------------------------------------------------------------------------------------------------
  342. PORT STATE SERVICE
  343. 21/tcp open ftp
  344. 22/tcp filtered ssh
  345. 23/tcp filtered telnet
  346. 80/tcp open http
  347. 110/tcp open pop3
  348. 143/tcp open imap
  349. 443/tcp open https
  350. 3389/tcp filtered ms-wbt-server
  351. Nmap done: 1 IP address (1 host up) scanned in 1.65 seconds
  352. ---------------------------------------------------------------------------------------------------------------------------------------
  353. [verbose] Retrieved token: 2GdHlwdcXcIBiPGIzbqvJb0tYba4z4hX
  354.  
  355. [+] DNS Records
  356. ns12.koddos.com. (198.144.120.80) AS206264 Amarutu Technology Ltd Belize
  357. ns11.koddos.com. (198.144.120.52) AS206264 Amarutu Technology Ltd Belize
  358.  
  359. [+] MX Records
  360. 0 (198.144.120.68) AS206264 Amarutu Technology Ltd Belize
  361.  
  362. [+] Host Records (A)
  363. www.hammerskins.net (198.144.120.68) AS206264 Amarutu Technology Ltd Belize
  364.  
  365. [+] TXT Records
  366. "v=spf1 ip4:63.247.69.218 a mx ptr a:blizzard.securenet-server.net ?all"
  367.  
  368. [+] DNS Map: https://dnsdumpster.com/static/map/hammerskins.net.png
  369.  
  370. [>] Initiating 3 intel modules
  371. [>] Loading Alpha module (1/3)
  372. [>] Beta module deployed (2/3)
  373. [>] Gamma module initiated (3/3)
  374.  
  375.  
  376. [+] Emails found:
  377. ---------------------------------------------------------------------------------------------------------------------------------------
  378. pixel-1540005564243410-web-@www.hammerskins.net
  379. pixel-154000556759154-web-@www.hammerskins.net
  380. No hosts found
  381. [+] Virtual hosts:
  382. ---------------------------------------------------------------------------------------------------------------------------------------
  383. [~] Crawling the target for fuzzable URLs
  384. [-] No fuzzable URLs found
  385. #######################################################################################################################################
  386. [+] Hosting Info for Website: www.hammerskins.net
  387. [+] Visitors per day: < 200
  388. [+] IP Address: 198.144.120.68
  389. [+] IP Reverse DNS (Host): 198.144.120.68
  390. [+] Hosting Company IP Owner: Esecurity
  391. [+] Hosting IP Range: 198.144.120.0 - 198.144.121.255 (512 ip)
  392. [+] Hosting Address: Po Box 634, 7900 Tysons One Place, Suite 1450, Mclean, VA, 22102, US
  393. [+] Owner Address: 7900 Tysons One Place, Suite 1450, 35 New Road, Belize City, VA, 22102, BZ
  394. [+] Hosting Country: USA
  395. [+] Owner Country: BLZ
  396. [+] Hosting Phone: +49 6102 8235 389, +49 6102 8235 381
  397. [+] Owner Phone: +852 3750 7973
  398. [+] Hosting Website: rigidtech.net
  399. [+] Owner Website: www.koddos.com
  400. [+] CIDR: 198.144.96.0/19
  401. [+] Owner CIDR: 198.144.120.0/23
  402.  
  403. [+] Hosting CIDR: 198.144.96.0/19
  404.  
  405. [+] NS: hammerskins.net
  406. [+] NS: ns12.koddos.com
  407. [+] NS: ns11.koddos.com
  408. #######################################################################################################################################
  409. ; <<>> DiG 9.11.4-P2-3-Debian <<>> www.hammerskins.net
  410. ;; global options: +cmd
  411. ;; Got answer:
  412. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4686
  413. ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
  414.  
  415. ;; OPT PSEUDOSECTION:
  416. ; EDNS: version: 0, flags:; udp: 4096
  417. ;; QUESTION SECTION:
  418. ;www.hammerskins.net. IN A
  419.  
  420. ;; ANSWER SECTION:
  421. www.hammerskins.net. 12370 IN CNAME hammerskins.net.
  422. hammerskins.net. 12300 IN A 198.144.120.68
  423.  
  424. ;; Query time: 269 msec
  425. ;; SERVER: 10.211.254.254#53(10.211.254.254)
  426. ;; WHEN: ven oct 19 23:53:36 EDT 2018
  427. ;; MSG SIZE rcvd: 93
  428. #######################################################################################################################################
  429. [+] Testing domain
  430. www.hammerskins.net 198.144.120.68
  431. [+] Dns resolving
  432. Domain name Ip address Name server
  433. No address associated with hostname hammerskins.net
  434. [+] Testing wildcard
  435. Ok, no wildcard found.
  436.  
  437. [+] Scanning for subdomain on hammerskins.net
  438. [!] Wordlist not specified. I scannig with my internal wordlist...
  439. Estimated time about 228.35 seconds
  440.  
  441. Subdomain Ip address Name server
  442.  
  443. localhost.hammerskins.net 127.0.0.1 localhost
  444.  
  445. #######################################################################################################################################
  446. Ip Address Status Type Domain Name Server
  447. ---------- ------ ---- ----------- ------
  448. 198.144.120.68 404 alias ftp.hammerskins.net LiteSpeed
  449. 198.144.120.68 404 host hammerskins.net LiteSpeed
  450. 127.0.0.1 host localhost.hammerskins.net
  451. 198.144.120.68 200 alias mail.hammerskins.net LiteSpeed
  452. 198.144.120.68 200 host hammerskins.net LiteSpeed
  453. 198.144.120.68 301 host webmail.hammerskins.net LiteSpeed
  454. 198.144.120.68 200 alias www.hammerskins.net LiteSpeed
  455. 198.144.120.68 200 host hammerskins.net LiteSpeed
  456. #######################################################################################################################################
  457. [*] Performing General Enumeration of Domain: hammerskins.net
  458. [-] DNSSEC is not configured for hammerskins.net
  459. [*] SOA ns11.koddos.com 198.144.120.52
  460. [*] NS ns12.koddos.com 198.144.120.80
  461. [*] Bind Version for 198.144.120.80 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
  462. [*] NS ns11.koddos.com 198.144.120.52
  463. [*] Bind Version for 198.144.120.52 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1
  464. [*] MX hammerskins.net 198.144.120.68
  465. [*] A hammerskins.net 198.144.120.68
  466. [*] TXT hammerskins.net v=spf1 ip4:63.247.69.218 a mx ptr a:blizzard.securenet-server.net ?all
  467. [*] Enumerating SRV Records
  468. [*] SRV _caldav._tcp.hammerskins.net s1.koddos.com 198.144.120.14 2079 0
  469. [*] SRV _carddavs._tcp.hammerskins.net s1.koddos.com 198.144.120.14 2080 0
  470. [*] SRV _carddav._tcp.hammerskins.net s1.koddos.com 198.144.120.14 2079 0
  471. [*] SRV _caldavs._tcp.hammerskins.net s1.koddos.com 198.144.120.14 2080 0
  472. [+] 4 Records Found
  473. #######################################################################################################################################
  474. [*] Processing domain hammerskins.net
  475. [+] Getting nameservers
  476. 198.144.120.52 - ns11.koddos.com
  477. 198.144.120.80 - ns12.koddos.com
  478. [-] Zone transfer failed
  479.  
  480. [+] TXT records found
  481. "v=spf1 ip4:63.247.69.218 a mx ptr a:blizzard.securenet-server.net ?all"
  482.  
  483. [+] MX records found, added to target list
  484. 0 hammerskins.net.
  485.  
  486. [*] Scanning hammerskins.net for A records
  487. 198.144.120.68 - hammerskins.net
  488. 198.144.120.68 - autoconfig.hammerskins.net
  489. 198.144.120.68 - autodiscover.hammerskins.net
  490. 198.144.120.68 - cpanel.hammerskins.net
  491. 198.144.120.68 - ftp.hammerskins.net
  492. 127.0.0.1 - localhost.hammerskins.net
  493. 198.144.120.68 - mail.hammerskins.net
  494. 198.144.120.68 - webdisk.hammerskins.net
  495. 198.144.120.68 - webmail.hammerskins.net
  496. 198.144.120.68 - whm.hammerskins.net
  497. 198.144.120.68 - www.hammerskins.net
  498. #######################################################################################################################################
  499. dnsenum VERSION:1.2.4
  500.  
  501. ----- www.hammerskins.net -----
  502.  
  503.  
  504. Host's addresses:
  505. __________________
  506.  
  507. hammerskins.net. 14357 IN A 198.144.120.68
  508.  
  509.  
  510. Name Servers:
  511. ______________
  512.  
  513. ns12.koddos.com. 161 IN A 198.144.120.80
  514. ns11.koddos.com. 161 IN A 198.144.120.52
  515.  
  516.  
  517. Mail (MX) Servers:
  518. ___________________
  519.  
  520. hammerskins.net. 14355 IN A 198.144.120.68
  521.  
  522.  
  523. Trying Zone Transfers and getting Bind Versions:
  524. _________________________________________________
  525.  
  526.  
  527. Trying Zone Transfer for www.hammerskins.net on ns12.koddos.com ...
  528.  
  529. Trying Zone Transfer for www.hammerskins.net on ns11.koddos.com ...
  530.  
  531. brute force file not specified, bay.
  532. #######################################################################################################################################
  533. No match for "WWW.HAMMERSKINS.NET".
  534. >>> Last update of whois database: 2018-10-20T03:58:16Z <<<
  535.  
  536. NOTICE: The expiration date displayed in this record is the date the
  537. registrar's sponsorship of the domain name registration in the registry is
  538. currently set to expire. This date does not necessarily reflect the expiration
  539. date of the domain name registrant's agreement with the sponsoring
  540. registrar. Users may consult the sponsoring registrar's Whois database to
  541. view the registrar's reported date of expiration for this registration.
  542.  
  543. TERMS OF USE: You are not authorized to access or query our Whois
  544. database through the use of electronic processes that are high-volume and
  545. automated except as reasonably necessary to register domain names or
  546. modify existing registrations; the Data in VeriSign Global Registry
  547. Services' ("VeriSign") Whois database is provided by VeriSign for
  548. information purposes only, and to assist persons in obtaining information
  549. about or related to a domain name registration record. VeriSign does not
  550. guarantee its accuracy. By submitting a Whois query, you agree to abide
  551. by the following terms of use: You agree that you may use this Data only
  552. for lawful purposes and that under no circumstances will you use this Data
  553. to: (1) allow, enable, or otherwise support the transmission of mass
  554. unsolicited, commercial advertising or solicitations via e-mail, telephone,
  555. or facsimile; or (2) enable high volume, automated, electronic processes
  556. that apply to VeriSign (or its computer systems). The compilation,
  557. repackaging, dissemination or other use of this Data is expressly
  558. prohibited without the prior written consent of VeriSign. You agree not to
  559. use electronic processes that are automated and high-volume to access or
  560. query the Whois database except as reasonably necessary to register
  561. domain names or modify existing registrations. VeriSign reserves the right
  562. to restrict your access to the Whois database in its sole discretion to ensure
  563. operational stability. VeriSign may restrict or terminate your access to the
  564. Whois database for failure to abide by these terms of use. VeriSign
  565. reserves the right to modify these terms at any time.
  566.  
  567. The Registry database contains ONLY .COM, .NET, .EDU domains and
  568. Registrars.
  569. #######################################################################################################################################
  570.  
  571. # Coded By Ahmed Aboul-Ela - @aboul3la
  572.  
  573. [-] Enumerating subdomains now for www.hammerskins.net
  574. [-] verbosity is enabled, will show the subdomains results in realtime
  575. [-] Searching now in Baidu..
  576. [-] Searching now in Yahoo..
  577. [-] Searching now in Google..
  578. [-] Searching now in Bing..
  579. [-] Searching now in Ask..
  580. [-] Searching now in Netcraft..
  581. [-] Searching now in DNSdumpster..
  582. [-] Searching now in Virustotal..
  583. [-] Searching now in ThreatCrowd..
  584. [-] Searching now in SSL Certificates..
  585. [-] Searching now in PassiveDNS..
  586. #######################################################################################################################################
  587. [*] Found SPF record:
  588. [*] v=spf1 ip4:63.247.69.218 a mx ptr a:blizzard.securenet-server.net ?all
  589. [+] SPF record has no All string
  590. [*] Checking SPF include mechanisms
  591. [*] Include mechanisms are not strong
  592. [*] No DMARC record found. Looking for organizational record
  593. [+] No organizational DMARC record
  594. [+] Spoofing possible for www.hammerskins.net!
  595. #######################################################################################################################################
  596. ____ _____ ___ ______ _/ /_____ ____ ___
  597. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  598. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  599. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  600. /_/ discover v0.5.0 - by @michenriksen
  601.  
  602. Identifying nameservers for www.hammerskins.net... Done
  603. Using nameservers:
  604.  
  605. - 198.144.120.80
  606. - 198.144.120.52
  607.  
  608. Checking for wildcard DNS... Done
  609.  
  610. Running collector: Certificate Search... Done (0 hosts)
  611. Running collector: Netcraft... Done (0 hosts)
  612. Running collector: Shodan... Skipped
  613. -> Key 'shodan' has not been set
  614. Running collector: Censys... Skipped
  615. -> Key 'censys_secret' has not been set
  616. Running collector: Threat Crowd... Done (0 hosts)
  617. Running collector: DNSDB... Error
  618. -> DNSDB returned unexpected response code: 503
  619. Running collector: Wayback Machine... Done (5 hosts)
  620. Running collector: Dictionary... Done (27 hosts)
  621. Running collector: Google Transparency Report... Done (0 hosts)
  622. Running collector: PTRArchive... Error
  623. -> PTRArchive returned unexpected response code: 502
  624. Running collector: PassiveTotal... Skipped
  625. -> Key 'passivetotal_key' has not been set
  626. Running collector: VirusTotal... Skipped
  627. -> Key 'virustotal' has not been set
  628. Running collector: HackerTarget... Done (1 host)
  629. Running collector: PublicWWW... Done (0 hosts)
  630. Running collector: Riddler... Skipped
  631. -> Key 'riddler_username' has not been set
  632.  
  633. Resolving 32 unique hosts...
  634. 198.144.120.68 .www.hammerskins.net
  635. 198.144.120.68 hammerskins.net
  636. 198.144.120.68 www.hammerskins.net
  637.  
  638. Found subnets:
  639.  
  640. - 198.144.120.0-255 : 3 hosts
  641.  
  642. Wrote 3 hosts to:
  643.  
  644. - file:///root/aquatone/www.hammerskins.net/hosts.txt
  645. - file:///root/aquatone/www.hammerskins.net/hosts.json
  646. __
  647. ____ _____ ___ ______ _/ /_____ ____ ___
  648. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  649. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  650. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  651. /_/ takeover v0.5.0 - by @michenriksen
  652.  
  653. Loaded 3 hosts from /root/aquatone/www.hammerskins.net/hosts.json
  654. Loaded 25 domain takeover detectors
  655.  
  656. Identifying nameservers for www.hammerskins.net... Done
  657. Using nameservers:
  658.  
  659. - 198.144.120.52
  660. - 198.144.120.80
  661.  
  662. Checking hosts for domain takeover vulnerabilities...
  663.  
  664. Finished checking hosts:
  665.  
  666. - Vulnerable : 0
  667. - Not Vulnerable : 3
  668.  
  669. Wrote 0 potential subdomain takeovers to:
  670.  
  671. - file:///root/aquatone/www.hammerskins.net/takeovers.json
  672.  
  673. __
  674. ____ _____ ___ ______ _/ /_____ ____ ___
  675. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  676. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  677. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  678. /_/ scan v0.5.0 - by @michenriksen
  679.  
  680. Loaded 3 hosts from /root/aquatone/www.hammerskins.net/hosts.json
  681.  
  682. Probing 2 ports...
  683. 80/tcp 198.144.120.68 .www.hammerskins.net, hammerskins.net, www.hammerskins.net
  684. 443/tcp 198.144.120.68 .www.hammerskins.net, hammerskins.net, www.hammerskins.net
  685.  
  686. Wrote open ports to file:///root/aquatone/www.hammerskins.net/open_ports.txt
  687. Wrote URLs to file:///root/aquatone/www.hammerskins.net/urls.txt
  688. __
  689. ____ _____ ___ ______ _/ /_____ ____ ___
  690. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  691. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  692. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  693. /_/ gather v0.5.0 - by @michenriksen
  694.  
  695. Processing 6 pages...
  696.  
  697. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
  698. #######################################################################################################################################
  699. PING hammerskins.net (198.144.120.68) 56(84) bytes of data.
  700. 64 bytes from 198.144.120.68 (198.144.120.68): icmp_seq=1 ttl=54 time=398 ms
  701.  
  702. --- hammerskins.net ping statistics ---
  703. 1 packets transmitted, 1 received, 0% packet loss, time 0ms
  704. rtt min/avg/max/mdev = 398.255/398.255/398.255/0.000 ms
  705. #######################################################################################################################################
  706. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:07 EDT
  707. Nmap scan report for www.hammerskins.net (198.144.120.68)
  708. Host is up (0.67s latency).
  709. Not shown: 432 closed ports, 34 filtered ports
  710. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  711. PORT STATE SERVICE
  712. 21/tcp open ftp
  713. 53/tcp open domain
  714. 80/tcp open http
  715. 110/tcp open pop3
  716. 143/tcp open imap
  717. 443/tcp open https
  718. 465/tcp open smtps
  719. 587/tcp open submission
  720. 993/tcp open imaps
  721. 995/tcp open pop3s
  722. #######################################################################################################################################
  723. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:07 EDT
  724. Nmap scan report for www.hammerskins.net (198.144.120.68)
  725. Host is up (0.33s latency).
  726.  
  727. PORT STATE SERVICE
  728. 53/udp open domain
  729. 67/udp open|filtered dhcps
  730. 68/udp open|filtered dhcpc
  731. 69/udp open|filtered tftp
  732. 88/udp open|filtered kerberos-sec
  733. 123/udp open|filtered ntp
  734. 137/udp open|filtered netbios-ns
  735. 138/udp open|filtered netbios-dgm
  736. 139/udp open|filtered netbios-ssn
  737. 161/udp open|filtered snmp
  738. 162/udp open|filtered snmptrap
  739. 389/udp open|filtered ldap
  740. 520/udp open|filtered route
  741. 2049/udp open|filtered nfs
  742. #######################################################################################################################################
  743. + -- --=[Port 21 opened... running tests...
  744. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:07 EDT
  745. NSE: [ftp-bounce] PORT response: 500 I won't open a connection to 45.33.32.156 (only to 178.173.22.66)
  746. Nmap scan report for www.hammerskins.net (198.144.120.68)
  747. Host is up (0.31s latency).
  748.  
  749. PORT STATE SERVICE VERSION
  750. 21/tcp open ftp Pure-FTPd
  751. |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
  752. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  753. Aggressive OS guesses: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP (98%), Linux 2.6.18 - 2.6.22 (93%), Blue Coat PacketShaper appliance (93%), Polycom MGC-25 videoconferencing system (pSOS 1.0.4) (93%), Wyse ThinOS 5.2 (93%), AVtech Room Alert 26W environmental monitor (90%), OneAccess 1641 router (89%), HP PSC 2400-series Photosmart printer (88%)
  754. No exact OS matches for host (test conditions non-ideal).
  755. Network Distance: 1 hop
  756.  
  757. TRACEROUTE (using port 21/tcp)
  758. HOP RTT ADDRESS
  759. 1 366.47 ms 198.144.120.68
  760.  
  761. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  762. Nmap done: 1 IP address (1 host up) scanned in 611.15 seconds
  763. ######## #
  764. ################# #
  765. ###################### #
  766. ######################### #
  767. ############################
  768. ##############################
  769. ###############################
  770. ###############################
  771. ##############################
  772. # ######## #
  773. ## ### #### ##
  774. ### ###
  775. #### ###
  776. #### ########## ####
  777. ####################### ####
  778. #################### ####
  779. ################## ####
  780. ############ ##
  781. ######## ###
  782. ######### #####
  783. ############ ######
  784. ######## #########
  785. ##### ########
  786. ### #########
  787. ###### ############
  788. #######################
  789. # # ### # # ##
  790. ########################
  791. ## ## ## ##
  792. https://metasploit.com
  793.  
  794.  
  795. =[ metasploit v4.17.18-dev ]
  796. + -- --=[ 1818 exploits - 1031 auxiliary - 315 post ]
  797. + -- --=[ 539 payloads - 42 encoders - 10 nops ]
  798. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  799.  
  800. RHOST => www.hammerskins.net
  801. RHOSTS => www.hammerskins.net
  802. [*] www.hammerskins.net:21 - Scanned 1 of 1 hosts (100% complete)
  803. [*] Auxiliary module execution completed
  804. [*] www.hammerskins.net:21 - Scanned 1 of 1 hosts (100% complete)
  805. [*] Auxiliary module execution completed
  806. [-] www.hammerskins.net:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (www.hammerskins.net:21).
  807. [*] Exploit completed, but no session was created.
  808. [*] Started reverse TCP double handler on 10.211.1.1:4444
  809. [-] www.hammerskins.net:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (www.hammerskins.net:21).
  810. [*] Exploit completed, but no session was created.
  811. + -- --=[Port 22 closed... skipping.
  812. + -- --=[Port 23 closed... skipping.
  813. + -- --=[Port 25 closed... skipping.
  814. + -- --=[Port 53 opened... running tests...
  815. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:19 EDT
  816. Nmap scan report for www.hammerskins.net (198.144.120.68)
  817. Host is up.
  818.  
  819. PORT STATE SERVICE VERSION
  820. 53/tcp filtered domain
  821. Too many fingerprints match this host to give specific OS details
  822.  
  823. Host script results:
  824. | dns-brute:
  825. | DNS Brute-force hostnames:
  826. | mail.hammerskins.net - 198.144.120.68
  827. | www.hammerskins.net - 198.144.120.68
  828. |_ ftp.hammerskins.net - 198.144.120.68
  829.  
  830. TRACEROUTE (using proto 1/icmp)
  831. HOP RTT ADDRESS
  832. 1 ... 30
  833.  
  834. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  835. Nmap done: 1 IP address (1 host up) scanned in 19.81 seconds
  836. + -- --=[Port 67 opened... running tests...
  837. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:19 EDT
  838. Nmap scan report for www.hammerskins.net (198.144.120.68)
  839. Host is up.
  840.  
  841. PORT STATE SERVICE VERSION
  842. 67/udp open|filtered dhcps
  843. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  844. Too many fingerprints match this host to give specific OS details
  845.  
  846. TRACEROUTE (using proto 1/icmp)
  847. HOP RTT ADDRESS
  848. 1 ... 30
  849.  
  850. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  851. Nmap done: 1 IP address (1 host up) scanned in 111.43 seconds
  852. + -- --=[Port 68 opened... running tests...
  853. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:21 EDT
  854. Nmap scan report for www.hammerskins.net (198.144.120.68)
  855. Host is up.
  856.  
  857. PORT STATE SERVICE VERSION
  858. 68/udp open|filtered dhcpc
  859. Too many fingerprints match this host to give specific OS details
  860.  
  861. TRACEROUTE (using proto 1/icmp)
  862. HOP RTT ADDRESS
  863. 1 ... 30
  864.  
  865. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  866. Nmap done: 1 IP address (1 host up) scanned in 111.54 seconds
  867. + -- --=[Port 69 opened... running tests...
  868. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:23 EDT
  869. + -- --=[Port 79 closed... skipping.
  870. + -- --=[Port 80 opened... running tests...
  871. ######################################################################################################################################
  872. ---------------------------------------------------------------------------------------------------------------------------------------
  873.  
  874. [ ! ] Starting SCANNER INURLBR 2.1 at [20-10-2018 00:24:46]
  875. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
  876. It is the end user's responsibility to obey all applicable local, state and federal laws.
  877. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  878.  
  879. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.hammerskins.net.txt ]
  880. [ INFO ][ DORK ]::[ site:www.hammerskins.net ]
  881. [ INFO ][ SEARCHING ]:: {
  882. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.bh ]
  883.  
  884. [ INFO ][ SEARCHING ]::
  885. -[:::]
  886. [ INFO ][ ENGINE ]::[ GOOGLE API ]
  887.  
  888. [ INFO ][ SEARCHING ]::
  889. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  890. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.ec ID: 007843865286850066037:3ajwn2jlweq ]
  891.  
  892. [ INFO ][ SEARCHING ]::
  893. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  894.  
  895. [ INFO ][ TOTAL FOUND VALUES ]:: [ 20 ]
  896.  
  897.  
  898. _[ - ]::--------------------------------------------------------------------------------------------------------------
  899. |_[ + ] [ 0 / 20 ]-[00:25:08] [ - ]
  900. |_[ + ] Target:: [ https://www.hammerskins.net/ ]
  901. |_[ + ] Exploit::
  902. |_[ + ] Information Server:: , , IP::0
  903. |_[ + ] More details::
  904. |_[ + ] Found:: UNIDENTIFIED
  905. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  906.  
  907. _[ - ]::--------------------------------------------------------------------------------------------------------------
  908. |_[ + ] [ 1 / 20 ]-[00:25:13] [ - ]
  909. |_[ + ] Target:: [ https://www.hammerskins.net/memoriam.html ]
  910. |_[ + ] Exploit::
  911. |_[ + ] Information Server:: , , IP::0
  912. |_[ + ] More details::
  913. |_[ + ] Found:: UNIDENTIFIED
  914. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  915.  
  916. _[ - ]::--------------------------------------------------------------------------------------------------------------
  917. |_[ + ] [ 2 / 20 ]-[00:25:18] [ - ]
  918. |_[ + ] Target:: [ https://www.hammerskins.net/chapters.html ]
  919. |_[ + ] Exploit::
  920. |_[ + ] Information Server:: , , IP::0
  921. |_[ + ] More details::
  922. |_[ + ] Found:: UNIDENTIFIED
  923. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  924.  
  925. _[ - ]::--------------------------------------------------------------------------------------------------------------
  926. |_[ + ] [ 3 / 20 ]-[00:25:23] [ - ]
  927. |_[ + ] Target:: [ http://www.hammerskins.net/mhs/ ]
  928. |_[ + ] Exploit::
  929. |_[ + ] Information Server:: , , IP::0
  930. |_[ + ] More details::
  931. |_[ + ] Found:: UNIDENTIFIED
  932. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  933.  
  934. _[ - ]::--------------------------------------------------------------------------------------------------------------
  935. |_[ + ] [ 4 / 20 ]-[00:25:28] [ - ]
  936. |_[ + ] Target:: [ https://www.hammerskins.net/joerowan/index.html ]
  937. |_[ + ] Exploit::
  938. |_[ + ] Information Server:: , , IP::0
  939. |_[ + ] More details::
  940. |_[ + ] Found:: UNIDENTIFIED
  941. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  942.  
  943. _[ - ]::--------------------------------------------------------------------------------------------------------------
  944. |_[ + ] [ 5 / 20 ]-[00:25:33] [ - ]
  945. |_[ + ] Target:: [ http://www.hammerskins.net/fhs/ ]
  946. |_[ + ] Exploit::
  947. |_[ + ] Information Server:: , , IP::0
  948. |_[ + ] More details::
  949. |_[ + ] Found:: UNIDENTIFIED
  950. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  951.  
  952. _[ - ]::--------------------------------------------------------------------------------------------------------------
  953. |_[ + ] [ 6 / 20 ]-[00:25:38] [ - ]
  954. |_[ + ] Target:: [ http://www.hammerskins.net/bhs/ ]
  955. |_[ + ] Exploit::
  956. |_[ + ] Information Server:: , , IP::0
  957. |_[ + ] More details::
  958. |_[ + ] Found:: UNIDENTIFIED
  959. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  960.  
  961. _[ - ]::--------------------------------------------------------------------------------------------------------------
  962. |_[ + ] [ 7 / 20 ]-[00:25:43] [ - ]
  963. |_[ + ] Target:: [ http://www.hammerskins.net/nhs/ ]
  964. |_[ + ] Exploit::
  965. |_[ + ] Information Server:: , , IP::0
  966. |_[ + ] More details::
  967. |_[ + ] Found:: UNIDENTIFIED
  968. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  969.  
  970. _[ - ]::--------------------------------------------------------------------------------------------------------------
  971. |_[ + ] [ 8 / 20 ]-[00:25:48] [ - ]
  972. |_[ + ] Target:: [ https://www.hammerskins.net/history.html ]
  973. |_[ + ] Exploit::
  974. |_[ + ] Information Server:: , , IP::0
  975. |_[ + ] More details::
  976. |_[ + ] Found:: UNIDENTIFIED
  977. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  978.  
  979. _[ - ]::--------------------------------------------------------------------------------------------------------------
  980. |_[ + ] [ 9 / 20 ]-[00:25:53] [ - ]
  981. |_[ + ] Target:: [ https://www.hammerskins.net/dehs/index.html ]
  982. |_[ + ] Exploit::
  983. |_[ + ] Information Server:: , , IP::0
  984. |_[ + ] More details::
  985. |_[ + ] Found:: UNIDENTIFIED
  986. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  987.  
  988. _[ - ]::--------------------------------------------------------------------------------------------------------------
  989. |_[ + ] [ 10 / 20 ]-[00:25:58] [ - ]
  990. |_[ + ] Target:: [ https://www.hammerskins.net/vhs/index.html ]
  991. |_[ + ] Exploit::
  992. |_[ + ] Information Server:: , , IP::0
  993. |_[ + ] More details::
  994. |_[ + ] Found:: UNIDENTIFIED
  995. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  996.  
  997. _[ - ]::--------------------------------------------------------------------------------------------------------------
  998. |_[ + ] [ 11 / 20 ]-[00:26:03] [ - ]
  999. |_[ + ] Target:: [ http://www.hammerskins.net/svhs/index.html ]
  1000. |_[ + ] Exploit::
  1001. |_[ + ] Information Server:: , , IP::0
  1002. |_[ + ] More details::
  1003. |_[ + ] Found:: UNIDENTIFIED
  1004. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  1005.  
  1006. _[ - ]::--------------------------------------------------------------------------------------------------------------
  1007. |_[ + ] [ 12 / 20 ]-[00:26:08] [ - ]
  1008. |_[ + ] Target:: [ https://www.hammerskins.net/phs/index.html ]
  1009. |_[ + ] Exploit::
  1010. |_[ + ] Information Server:: , , IP::0
  1011. |_[ + ] More details::
  1012. |_[ + ] Found:: UNIDENTIFIED
  1013. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  1014.  
  1015. _[ - ]::--------------------------------------------------------------------------------------------------------------
  1016. |_[ + ] [ 13 / 20 ]-[00:26:13] [ - ]
  1017. |_[ + ] Target:: [ https://www.hammerskins.net/chs/index.html ]
  1018. |_[ + ] Exploit::
  1019. |_[ + ] Information Server:: , , IP::0
  1020. |_[ + ] More details::
  1021. |_[ + ] Found:: UNIDENTIFIED
  1022. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  1023.  
  1024. _[ - ]::--------------------------------------------------------------------------------------------------------------
  1025. |_[ + ] [ 14 / 20 ]-[00:26:18] [ - ]
  1026. |_[ + ] Target:: [ https://www.hammerskins.net/nwhs/index.html ]
  1027. |_[ + ] Exploit::
  1028. |_[ + ] Information Server:: , , IP::0
  1029. |_[ + ] More details::
  1030. |_[ + ] Found:: UNIDENTIFIED
  1031. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  1032.  
  1033. _[ - ]::--------------------------------------------------------------------------------------------------------------
  1034. |_[ + ] [ 15 / 20 ]-[00:26:23] [ - ]
  1035. |_[ + ] Target:: [ https://www.hammerskins.net/whs/index.html ]
  1036. |_[ + ] Exploit::
  1037. |_[ + ] Information Server:: , , IP::0
  1038. |_[ + ] More details::
  1039. |_[ + ] Found:: UNIDENTIFIED
  1040. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  1041.  
  1042. _[ - ]::--------------------------------------------------------------------------------------------------------------
  1043. |_[ + ] [ 16 / 20 ]-[00:26:28] [ - ]
  1044. |_[ + ] Target:: [ https://www.hammerskins.net/nzhs/index.html ]
  1045. |_[ + ] Exploit::
  1046. |_[ + ] Information Server:: , , IP::0
  1047. |_[ + ] More details::
  1048. |_[ + ] Found:: UNIDENTIFIED
  1049. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  1050.  
  1051. _[ - ]::--------------------------------------------------------------------------------------------------------------
  1052. |_[ + ] [ 17 / 20 ]-[00:26:33] [ - ]
  1053. |_[ + ] Target:: [ https://www.hammerskins.net/ihs/index.html ]
  1054. |_[ + ] Exploit::
  1055. |_[ + ] Information Server:: , , IP::0
  1056. |_[ + ] More details::
  1057. |_[ + ] Found:: UNIDENTIFIED
  1058. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  1059.  
  1060. _[ - ]::--------------------------------------------------------------------------------------------------------------
  1061. |_[ + ] [ 18 / 20 ]-[00:26:38] [ - ]
  1062. |_[ + ] Target:: [ https://www.hammerskins.net/hse/index.html ]
  1063. |_[ + ] Exploit::
  1064. |_[ + ] Information Server:: , , IP::0
  1065. |_[ + ] More details::
  1066. |_[ + ] Found:: UNIDENTIFIED
  1067. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  1068.  
  1069. _[ - ]::--------------------------------------------------------------------------------------------------------------
  1070. |_[ + ] [ 19 / 20 ]-[00:26:43] [ - ]
  1071. |_[ + ] Target:: [ http://www.hammerskins.net/mhs/index.html?COLLCC=719262969& ]
  1072. |_[ + ] Exploit::
  1073. |_[ + ] Information Server:: , , IP::0
  1074. |_[ + ] More details::
  1075. |_[ + ] Found:: UNIDENTIFIED
  1076. |_[ + ] ERROR CONECTION:: Connection timed out after 5000 milliseconds
  1077.  
  1078. [ INFO ] [ Shutting down ]
  1079. [ INFO ] [ End of process INURLBR at [20-10-2018 00:26:43]
  1080. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
  1081. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.hammerskins.net.txt ]
  1082. |_________________________________________________________________________________________
  1083.  
  1084. \_________________________________________________________________________________________/
  1085.  
  1086. + -- --=[Port 110 opened... running tests...
  1087. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:26 EDT
  1088. + -- --=[Port 111 closed... skipping.
  1089. + -- --=[Port 123 opened... running tests...
  1090. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:26 EDT
  1091. + -- --=[Port 135 closed... skipping.
  1092. + -- --=[Port 137 closed... skipping.
  1093. + -- --=[Port 139 closed... skipping.
  1094. + -- --=[Port 161 opened... running tests...
  1095. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:26 EDT
  1096. Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
  1097. Nmap done: 1 IP address (0 hosts up) scanned in 3.69 seconds
  1098. _ _
  1099. / \ /\ __ _ __ /_/ __
  1100. | |\ / | _____ \ \ ___ _____ | | / \ _ \ \
  1101. | | \/| | | ___\ |- -| /\ / __\ | -__/ | || | || | |- -|
  1102. |_| | | | _|__ | |_ / -\ __\ \ | | | | \__/| | | |_
  1103. |/ |____/ \___\/ /\ \\___/ \/ \__| |_\ \___\
  1104.  
  1105.  
  1106. =[ metasploit v4.17.18-dev ]
  1107. + -- --=[ 1818 exploits - 1031 auxiliary - 315 post ]
  1108. + -- --=[ 539 payloads - 42 encoders - 10 nops ]
  1109. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  1110.  
  1111. RHOSTS => www.hammerskins.net
  1112. [-] 198.144.120.68 SNMP request timeout.
  1113. [*] Scanned 1 of 1 hosts (100% complete)
  1114. [*] Auxiliary module execution completed
  1115. + -- --=[Port 162 closed... skipping.
  1116. + -- --=[Port 389 closed... skipping.
  1117. + -- --=[Port 443 opened... running tests...
  1118. #######################################################################################################################################
  1119. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-20 00:28 EDT
  1120. NSE: Loaded 129 scripts for scanning.
  1121. NSE: Script Pre-scanning.
  1122. Initiating NSE at 00:28
  1123. Completed NSE at 00:28, 10.39s elapsed
  1124. Initiating NSE at 00:28
  1125. Completed NSE at 00:28, 0.00s elapsed
  1126. Pre-scan script results:
  1127. | broadcast-igmp-discovery:
  1128. | 192.168.0.1
  1129. | Interface: eth0
  1130. | Version: 2
  1131. | Group: 224.0.0.2
  1132. | Description: All Routers on this Subnet
  1133. | 192.168.0.1
  1134. | Interface: eth0
  1135. | Version: 2
  1136. | Group: 224.0.0.22
  1137. | Description: IGMP
  1138. | 192.168.0.3
  1139. | Interface: eth0
  1140. | Version: 2
  1141. | Group: 224.0.0.251
  1142. | Description: mDNS (rfc6762)
  1143. | 192.168.0.3
  1144. | Interface: eth0
  1145. | Version: 2
  1146. | Group: 224.0.0.252
  1147. | Description: Link-local Multicast Name Resolution (rfc4795)
  1148. | 192.168.0.2
  1149. | Interface: eth0
  1150. | Version: 2
  1151. | Group: 239.255.255.246
  1152. | Description: Organization-Local Scope (rfc2365)
  1153. | 192.168.0.3
  1154. | Interface: eth0
  1155. | Version: 2
  1156. | Group: 239.255.255.250
  1157. | Description: Organization-Local Scope (rfc2365)
  1158. |_ Use the newtargets script-arg to add the results as targets
  1159. |_broadcast-pim-discovery: ERROR: Script execution failed (use -d to debug)
  1160. | broadcast-ping:
  1161. | IP: 192.168.0.1 MAC: 38:70:0c:d7:c1:0a
  1162. |_ Use --script-args=newtargets to add the results as targets
  1163. Initiating Ping Scan at 00:28
  1164. Scanning www.hammerskins.net (198.144.120.68) [7 ports]
  1165. Completed Ping Scan at 00:28, 2.04s elapsed (1 total hosts)
  1166. Nmap scan report for www.hammerskins.net (198.144.120.68) [host down]
  1167. NSE: Script Post-scanning.
  1168. Initiating NSE at 00:28
  1169. Completed NSE at 00:28, 0.00s elapsed
  1170. Initiating NSE at 00:28
  1171. Completed NSE at 00:28, 0.00s elapsed
  1172. Read data files from: /usr/bin/../share/nmap
  1173. Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
  1174. Nmap done: 1 IP address (0 hosts up) scanned in 13.17 seconds
  1175. Raw packets sent: 14 (552B) | Rcvd: 0 (0B)
  1176. ######################################################################################################################################
  1177.  
  1178. [*] Opening loot directory /usr/share/sniper/loot/www.hammerskins.net [OK]
  1179. + -- --=[Starting Metasploit service...
  1180. [i] Database already started
  1181. + -- --=[Importing NMap XML files into Metasploit...
  1182. # cowsay++
  1183. ____________
  1184. < metasploit >
  1185. ------------
  1186. \ ,__,
  1187. \ (oo)____
  1188. (__) )\
  1189. ||--|| *
  1190.  
  1191.  
  1192. =[ metasploit v4.17.18-dev ]
  1193. + -- --=[ 1818 exploits - 1031 auxiliary - 315 post ]
  1194. + -- --=[ 539 payloads - 42 encoders - 10 nops ]
  1195. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  1196.  
  1197. * default
  1198. * default
  1199. [*] Importing 'Nmap XML' data
  1200. [*] Import: Parsing with 'Nokogiri v1.8.5'
  1201. [*] Importing host 198.144.120.68
  1202. [*] Successfully imported /usr/share/sniper/loot/www.hammerskins.net/nmap/nmap-udp-www.hammerskins.net.xml
  1203. [*] Importing 'Nmap XML' data
  1204. [*] Import: Parsing with 'Nokogiri v1.8.5'
  1205. [*] Successfully imported /usr/share/sniper/loot/www.hammerskins.net/nmap/nmap-www.hammerskins.net.xml
  1206.  
  1207. Hosts
  1208. =====
  1209.  
  1210. address mac name os_name os_flavor os_sp purpose info comments
  1211. ------- --- ---- ------- --------- ----- ------- ---- --------
  1212. 62.90.225.20 Unknown device
  1213. 91.121.133.224 irc.nullsecurity.net embedded device
  1214. 107.152.98.18 tss.centralprocessingunit.com Unknown device
  1215. 107.154.130.27 107.154.130.27 Unknown device
  1216. 107.154.248.27 107.154.248.27 Unknown device
  1217. 185.230.61.161 Unknown device
  1218. 198.144.120.68 Unknown device
  1219. 212.28.242.131 Unknown device
  1220.  
  1221. Services
  1222. ========
  1223.  
  1224. host port proto name state info
  1225. ---- ---- ----- ---- ----- ----
  1226. 62.90.225.20 21 tcp ftp open 220 Microsoft FTP Service\x0d\x0a
  1227. 91.121.133.224 21 tcp tcpwrapped open
  1228. 91.121.133.224 25 tcp smtp filtered
  1229. 91.121.133.224 53 udp domain unknown
  1230. 91.121.133.224 67 udp dhcps unknown
  1231. 91.121.133.224 68 udp dhcpc unknown
  1232. 91.121.133.224 69 udp tftp unknown
  1233. 91.121.133.224 80 tcp http open blackarch/1.33.7
  1234. 91.121.133.224 88 udp kerberos-sec unknown
  1235. 91.121.133.224 119 tcp nntp filtered
  1236. 91.121.133.224 123 udp ntp unknown
  1237. 91.121.133.224 135 tcp msrpc filtered
  1238. 91.121.133.224 137 udp netbios-ns unknown
  1239. 91.121.133.224 138 udp netbios-dgm unknown
  1240. 91.121.133.224 139 tcp netbios-ssn filtered
  1241. 91.121.133.224 139 udp netbios-ssn unknown
  1242. 91.121.133.224 161 udp snmp unknown
  1243. 91.121.133.224 162 udp snmptrap unknown
  1244. 91.121.133.224 389 udp ldap unknown
  1245. 91.121.133.224 443 tcp ssl/https open blackarch/1.33.7
  1246. 91.121.133.224 445 tcp microsoft-ds filtered
  1247. 91.121.133.224 520 udp route unknown
  1248. 91.121.133.224 554 tcp tcpwrapped open
  1249. 91.121.133.224 873 tcp rsync open protocol version 31
  1250. 91.121.133.224 880 tcp unknown filtered
  1251. 91.121.133.224 2022 tcp ssh open protocol 2.0
  1252. 91.121.133.224 2049 udp nfs unknown
  1253. 91.121.133.224 7070 tcp tcpwrapped open
  1254. 107.152.98.18 21 tcp ftp open 220 ProFTPD 1.3.5b Server (ProFTPD) [107.152.98.18]\x0d\x0a
  1255. 107.152.98.18 53 udp domain unknown
  1256. 107.152.98.18 67 udp dhcps unknown
  1257. 107.152.98.18 68 udp dhcpc unknown
  1258. 107.152.98.18 69 udp tftp unknown
  1259. 107.152.98.18 88 udp kerberos-sec unknown
  1260. 107.152.98.18 123 udp ntp unknown
  1261. 107.152.98.18 137 udp netbios-ns unknown
  1262. 107.152.98.18 138 udp netbios-dgm unknown
  1263. 107.152.98.18 139 udp netbios-ssn unknown
  1264. 107.152.98.18 161 udp snmp unknown
  1265. 107.152.98.18 162 udp snmptrap unknown
  1266. 107.152.98.18 389 udp ldap unknown
  1267. 107.152.98.18 520 udp route unknown
  1268. 107.152.98.18 2049 udp nfs unknown
  1269. 107.154.130.27 80 tcp http open ( 503-Service Unavailable )
  1270. 107.154.130.27 8080 tcp http open ( 503-Service Unavailable )
  1271. 107.154.248.27 8080 tcp http open ( 503-Service Unavailable )
  1272. 185.230.61.161 53 udp domain unknown
  1273. 185.230.61.161 67 udp dhcps unknown
  1274. 185.230.61.161 68 udp dhcpc unknown
  1275. 185.230.61.161 69 udp tftp unknown
  1276. 185.230.61.161 88 udp kerberos-sec unknown
  1277. 185.230.61.161 123 udp ntp unknown
  1278. 185.230.61.161 137 udp netbios-ns unknown
  1279. 185.230.61.161 138 udp netbios-dgm unknown
  1280. 185.230.61.161 139 udp netbios-ssn unknown
  1281. 185.230.61.161 161 udp snmp unknown
  1282. 185.230.61.161 162 udp snmptrap unknown
  1283. 185.230.61.161 389 udp ldap unknown
  1284. 185.230.61.161 520 udp route unknown
  1285. 185.230.61.161 2049 udp nfs unknown
  1286. 198.144.120.68 53 udp domain open
  1287. 198.144.120.68 67 udp dhcps unknown
  1288. 198.144.120.68 68 udp dhcpc unknown
  1289. 198.144.120.68 69 udp tftp unknown
  1290. 198.144.120.68 88 udp kerberos-sec unknown
  1291. 198.144.120.68 123 udp ntp unknown
  1292. 198.144.120.68 137 udp netbios-ns unknown
  1293. 198.144.120.68 138 udp netbios-dgm unknown
  1294. 198.144.120.68 139 udp netbios-ssn unknown
  1295. 198.144.120.68 161 udp snmp unknown
  1296. 198.144.120.68 162 udp snmptrap unknown
  1297. 198.144.120.68 389 udp ldap unknown
  1298. 198.144.120.68 520 udp route unknown
  1299. 198.144.120.68 2049 udp nfs unknown
  1300. 212.28.242.131 22 tcp ssh open SSH-2.0-OpenSSH_5.3
  1301.  
  1302. + -- --=[Current reports...
  1303. + -- --=[Generating reports...
  1304. ######################################################################################################################################
  1305. --------------------------------------------------------------------------------------------------------------------------------------
  1306. + Target IP: 198.144.120.68
  1307. + Target Hostname: www.hammerskins.net
  1308. + Target Port: 443
  1309. ---------------------------------------------------------------------------------------------------------------------------------------
  1310. + SSL Info: Subject: /CN=hammerskins.net
  1311. Ciphers: ECDHE-RSA-AES128-GCM-SHA256
  1312. Issuer: /C=US/ST=TX/L=Houston/O=cPanel, Inc./CN=cPanel, Inc. Certification Authority
  1313. + Start Time: 2018-10-19 23:19:17 (GMT-4)
  1314. ---------------------------------------------------------------------------------------------------------------------------------------
  1315. + Server: LiteSpeed
  1316. Illegal hexadecimal digit ';' ignored at /var/lib/nikto/plugins/nikto_headers.plugin line 106.
  1317. + Server leaks inodes via ETags, header found with file /, inode: 0x39c7, size: 0x50a99432, mtime: 0x2d4bc72b9705ca9c;;;
  1318. + The anti-clickjacking X-Frame-Options header is not present.
  1319. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1320. + Uncommon header 'alt-svc' found, with contents: quic=":443"; ma=2592000; v="35,39,43"
  1321. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
  1322. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1323. + Retrieved x-powered-by header: PHP/5.6.38
  1324. + Cookie zenid created without the secure flag
  1325. + The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
  1326. + Hostname 'www.hammerskins.net' does not match certificate's names: hammerskins.net
  1327. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection refused at /var/lib/nikto/plugins/LW2.pm line 5157.
  1328. : Connection refused
  1329. + Scan terminated: 20 error(s) and 10 item(s) reported on remote host
  1330. + End Time: 2018-10-20 00:11:12 (GMT-4) (3115 seconds)
  1331. ---------------------------------------------------------------------------------------------------------------------------------------
  1332. #######################################################################################################################################
  1333. ---------------------------------------------------------------------------------------------------------------------------------------
  1334. + Target IP: 198.144.120.68
  1335. + Target Hostname: 198.144.120.68
  1336. + Target Port: 80
  1337. + Start Time: 2018-10-19 23:19:59 (GMT-4)
  1338. ---------------------------------------------------------------------------------------------------------------------------------------
  1339. + Server: LiteSpeed
  1340. + The anti-clickjacking X-Frame-Options header is not present.
  1341. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1342. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1343. Illegal hexadecimal digit ';' ignored at /var/lib/nikto/plugins/nikto_headers.plugin line 106.
  1344. + Server leaks inodes via ETags, header found with file /favicon.ico, inode: 0x37e, size: 0x510e8e95, mtime: 0xb36b6ee0dd564ff5;;;
  1345. + /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities.
  1346. + /securecontrolpanel/: Web Server Control Panel
  1347. + /webmail/: Web based mail package installed.
  1348. + /cgi-sys/Count.cgi: This may allow attackers to execute arbitrary commands on the server
  1349. + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
  1350. + OSVDB-2117: /cpanel/: Web-based control panel
  1351. + Retrieved x-powered-by header: PHP/5.6.38
  1352. + OSVDB-3092: /store/: This might be interesting...
  1353. + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
  1354. + OSVDB-3093: /webmail/lib/emailreader_execute_on_each_page.inc.php: This might be interesting... has been seen in web logs from an unknown scanner.
  1355. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect (timeout): Transport endpoint is not connected
  1356. + Scan terminated: 20 error(s) and 14 item(s) reported on remote host
  1357. + End Time: 2018-10-20 00:11:13 (GMT-4) (3074 seconds)
  1358. ---------------------------------------------------------------------------------------------------------------------------------------
  1359. #######################################################################################################################################
  1360. Anonymous JTSEC #OpDomesticTerrorism Full Recon #9
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!