Anonymous JTSEC #OpAssange Full Recon #15

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname www.priestnall.stockport.sch.uk ISP Jisc Services Limited
4. Continent Europe Flag
5. GB
6. Country United Kingdom Country Code GB
7. Region Stockport Local time 26 Apr 2019 15:00 BST
8. City Stockport Postal Code SK2
9. IP Address 212.121.220.45 Latitude 53.395
10. Longitude -2.133
11.  
12. =======================================================================================================================================
13. #######################################################################################################################################
14. > www.priestnall.stockport.sch.uk
15. Server: 38.132.106.139
16. Address: 38.132.106.139#53
17.  
18. Non-authoritative answer:
19. Name: www.priestnall.stockport.sch.uk
20. Address: 212.121.220.45
21. >
22. #######################################################################################################################################
23. HostIP:212.121.220.45
24. HostName:www.priestnall.stockport.sch.uk
25.  
26. Gathered Inet-whois information for 212.121.220.45
27. ---------------------------------------------------------------------------------------------------------------------------------------
28.  
29.  
30. inetnum: 212.121.220.0 - 212.121.220.255
31. netname: STOCKPORT-MBC
32. descr: Stockport Metropolitan Borough Council
33. country: GB
34. admin-c: JN359-RIPE
35. tech-c: JN359-RIPE
36. status: ASSIGNED PA
37. mnt-by: JANET-HOSTMASTER
38. created: 2008-02-07T13:26:53Z
39. last-modified: 2016-07-29T14:26:58Z
40. source: RIPE
41.  
42. role: JANET NOSC
43. address: JANET(UK) Network Operations Centre
44. address: Third floor
45. address: 15 Fetter Lane
46. address: London
47. address: EC4A1BW
48. address: United Kingdom
49. phone: +44 (0)1235 822 212
50. remarks: trouble: For operational queries please
51. remarks: trouble: contact operations@ja.net or
52. remarks: trouble: phone +44 (0)1235 822 212
53. remarks: trouble: Mon-Fri, 07:00 - 23:59 UK local
54. remarks: trouble: or +44 (0) 300 300 3312 all other
55. remarks: trouble: times.
56. admin-c: RS2585
57. admin-c: RHE1-RIPE
58. admin-c: JOEL-RIPE
59. tech-c: RS2585
60. tech-c: RHE1-RIPE
61. tech-c: JOEL-RIPE
62. nic-hdl: JN359-RIPE
63. mnt-by: JIPS-NOSC
64. created: 1970-01-01T00:00:00Z
65. last-modified: 2019-04-25T12:12:17Z
66. source: RIPE # Filtered
67.  
68. % Information related to '212.121.192.0/19AS786'
69.  
70. route: 212.121.192.0/19
71. descr: Aggregate route for NWLG
72. origin: AS786
73. mnt-by: JIPS-NOSC
74. created: 2009-05-18T19:26:23Z
75. last-modified: 2016-09-13T11:20:57Z
76. source: RIPE
77.  
78. % This query was served by the RIPE Database Query Service version 1.93.2 (ANGUS)
79.  
80.  
81.  
82. Gathered Inic-whois information for priestnall.stockport.sch.uk
83. ---------------------------------------------------------------------------------------------------------------------------------------
84.  
85. Gathered Netcraft information for www.priestnall.stockport.sch.uk
86. ---------------------------------------------------------------------------------------------------------------------------------------
87.  
88. Retrieving Netcraft.com information for www.priestnall.stockport.sch.uk
89. Netcraft.com Information gathered
90.  
91. Gathered Subdomain information for priestnall.stockport.sch.uk
92. ---------------------------------------------------------------------------------------------------------------------------------------
93. Searching Google.com:80...
94. Searching Altavista.com:80...
95. Found 0 possible subdomain(s) for host priestnall.stockport.sch.uk, Searched 0 pages containing 0 results
96.  
97. Gathered E-Mail information for priestnall.stockport.sch.uk
98. ---------------------------------------------------------------------------------------------------------------------------------------
99. Searching Google.com:80...
100. Searching Altavista.com:80...
101. Found 0 E-Mail(s) for host priestnall.stockport.sch.uk, Searched 0 pages containing 0 results
102.  
103. Gathered TCP Port information for 212.121.220.45
104. ---------------------------------------------------------------------------------------------------------------------------------------
105.  
106. Port State
107.  
108. 80/tcp open
109.  
110. Portscan Finished: Scanned 150 ports, 2 ports were in state closed
111. #######################################################################################################################################
112. [i] Scanning Site: https://www.priestnall.stockport.sch.uk
113.  
114.  
115.  
116. B A S I C I N F O
117. =======================================================================================================================================
118.  
119.  
120. [+] Site Title: Priestnall School
121. [+] IP address: 212.121.220.45
122. [+] Web Server: Microsoft-IIS/8.5
123. [+] CMS: WordPress
124. [+] Cloudflare: Not Detected
125. [+] Robots File: Found
126.  
127. -------------[ contents ]----------------
128. User-agent: *
129. Disallow: /
130.  
131. -----------[end of contents]-------------
132.  
133.  
134.  
135. W H O I S L O O K U P
136. =======================================================================================================================================
137.  
138.  
139. Domain name:
140. priestnall.stockport.sch.uk
141.  
142. Data validation:
143. Nominet was able to match the registrant's name and address against a 3rd party data source on 10-Dec-2012
144.  
145. Registrar:
146. Stockport Metropolitan Borough Council [Tag = STOCKPORTMBC]
147. URL: https://www.sseln.org.uk
148.  
149. Relevant dates:
150. Registered on: 19-Nov-1999
151. Last updated: 01-Oct-2013
152.  
153. Registration status:
154. No registration status listed.
155.  
156. Name servers:
157. ns0.sseln.org.uk 212.121.220.246
158. ns1.sseln.org.uk 212.121.220.247
159.  
160. WHOIS lookup made at 15:43:47 26-Apr-2019
161.  
162. --
163.  
164.  
165.  
166.  
167.  
168. H T T P H E A D E R S
169. =======================================================================================================================================
170.  
171.  
172. [i] HTTP/1.1 200 OK
173. [i] Connection: close
174. [i] Content-Length: 49820
175. [i] Date: Fri, 26 Apr 2019 14:43:50 GMT
176. [i] Content-Type: text/html; charset=UTF-8
177. [i] Server: Microsoft-IIS/8.5
178. [i] X-Powered-By: PHP/5.6.31
179. [i] Link: <https://www.priestnall.stockport.sch.uk/wp-json/>; rel="https://api.w.org/"
180. [i] Link: <https://www.priestnall.stockport.sch.uk/>; rel=shortlink
181.  
182.  
183.  
184.  
185. D N S L O O K U P
186. =======================================================================================================================================
187.  
188. priestnall.stockport.sch.uk. 299 IN SOA ns1.sseln.org.uk. hostmaster\@sseln.org.uk. 2009112741 10800 3600 604800 38400
189. priestnall.stockport.sch.uk. 299 IN MX 20 cluster8a.eu.messagelabs.com.
190. priestnall.stockport.sch.uk. 299 IN MX 10 cluster8.eu.messagelabs.com.
191. priestnall.stockport.sch.uk. 299 IN NS ns0.sseln.org.uk.
192. priestnall.stockport.sch.uk. 299 IN NS ns1.sseln.org.uk.
193. priestnall.stockport.sch.uk. 299 IN TXT "MS=ms70385867"
194. priestnall.stockport.sch.uk. 299 IN TXT "google-site-verification=ltvC58SDT1bMXNamG2le07v7AI7qDRRrqBqJaVLmETU"
195. #######################################################################################################################################
196. [?] Enter the target: example( http://domain.com )
197. https://www.priestnall.stockport.sch.uk/
198. [!] IP Address : 212.121.220.45
199. [!] www.priestnall.stockport.sch.uk doesn't seem to use a CMS
200. [+] Honeypot Probabilty: 0%
201. ---------------------------------------------------------------------------------------------------------------------------------------
202. [~] Trying to gather whois information for www.priestnall.stockport.sch.uk
203. [+] Whois information found
204. [-] Unable to build response, visit https://who.is/whois/www.priestnall.stockport.sch.uk
205. ---------------------------------------------------------------------------------------------------------------------------------------
206. PORT STATE SERVICE
207. 21/tcp filtered ftp
208. 22/tcp filtered ssh
209. 23/tcp filtered telnet
210. 80/tcp open http
211. 110/tcp filtered pop3
212. 143/tcp filtered imap
213. 443/tcp open https
214. 3389/tcp filtered ms-wbt-server
215. Nmap done: 1 IP address (1 host up) scanned in 1.98 seconds
216. ---------------------------------------------------------------------------------------------------------------------------------------
217. There was an error getting results
218.  
219. [-] DNS Records
220. [>] Initiating 3 intel modules
221. [>] Loading Alpha module (1/3)
222. [>] Beta module deployed (2/3)
223. [>] Gamma module initiated (3/3)
224. No emails found
225. No hosts found
226. [+] Virtual hosts:
227. -----------------
228. #######################################################################################################################################
229. =======================================================================================================================================
230. | E-mails:
231. | [+] E-mail Found: m@tidakada.com
232. | [+] E-mail Found: istory@priestnall.stockport.sch.uk
233. | [+] E-mail Found: ociology@priestnall.stockport.sch.uk
234. | [+] E-mail Found: eliefs@priestnall.stockport.sch.uk
235. | [+] E-mail Found: usic@priestnall.stockport.sch.uk
236. | [+] E-mail Found: cience@priestnall.stockport.sch.uk
237. | [+] E-mail Found: edia@priestnall.stockport.sch.uk
238. | [+] E-mail Found: exams@priestnall.stockport.sch.uk
239. | [+] E-mail Found: rama@priestnall.stockport.sch.uk
240. | [+] E-mail Found: echnology@priestnall.stockport.sch.uk
241. | [+] E-mail Found: attendance@priestnall.stockport.sch.uk
242. | [+] E-mail Found: headteacher@priestnall.stockport.sch.uk
243. | [+] E-mail Found: omputing@priestnall.stockport.sch.uk
244. | [+] E-mail Found: ffice@priestnall.stockport.sch.uk
245. | [+] E-mail Found: eography@priestnall.stockport.sch.uk
246. | [+] E-mail Found: upport@priestnall.stockport.sch.uk
247. | [+] E-mail Found: office@priestnall.stockport.sch.uk
248. | [+] E-mail Found: gareth.morewood@priestnall.stockport.sch.uk
249. | [+] E-mail Found: rt@priestnall.stockport.sch.uk
250. | [+] E-mail Found: aths@priestnall.stockport.sch.uk
251. | [+] E-mail Found: nglish@priestnall.stockport.sch.uk
252. =======================================================================================================================================
253. | External hosts:
254. | [+] External Host Found: https://www.gov.uk
255. | [+] External Host Found: http://careerpoint-gm.co.uk
256. | [+] External Host Found: https://developer.wordpress.org
257. | [+] External Host Found: https://wordpress.org
258. | [+] External Host Found: https://reports.beta.ofsted.gov.uk
259. | [+] External Host Found: https://www.iassnetwork.org.uk
260. | [+] External Host Found: https://www.icould.com
261. | [+] External Host Found: https://www.showmyhomework.co.uk
262. | [+] External Host Found: https://codex.wordpress.org
263. | [+] External Host Found: https://secure.php.net
264. | [+] External Host Found: https://www.careersbox.co.uk
265. | [+] External Host Found: http://www.tacklemeningitis.org
266. | [+] External Host Found: https://www.parentalguidance.org.uk
267. | [+] External Host Found: http://www.sensupportstockport.uk
268. | [+] External Host Found: http://www.readforgood.org
269. | [+] External Host Found: https://nationalcareersservice.direct.gov.uk
270. | [+] External Host Found: https://httpd.apache.org
271. | [+] External Host Found: http://theapprenticeacademy.co.uk
272. | [+] External Host Found: https://planet.wordpress.org
273. | [+] External Host Found: https://www.ucas.ac.uk
274. | [+] External Host Found: https://www.ucasprogress.com
275. | [+] External Host Found: https://twitter.com
276. | [+] External Host Found: http://www.careers-gateway.co.uk
277. | [+] External Host Found: https://vle.priestnall.stockport.sch.uk
278. | [+] External Host Found: https://www.prospects.ac.uk
279. | [+] External Host Found: https://www.mysql.com
280. | [+] External Host Found: https://www.parentpay.com
281. | [+] External Host Found: https://www.saferinternet.org.uk
282. | [+] External Host Found: http://gmpg.org
283. | [+] External Host Found: https://www.compare-school-performance.service.gov.uk
284. | [+] External Host Found: https://www.notgoingtouni.co.uk
285. =======================================================================================================================================
286. #######################################################################################################################################
287. ; <<>> DiG 9.11.5-P4-3-Debian <<>> priestnall.stockport.sch.uk
288. ;; global options: +cmd
289. ;; Got answer:
290. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20396
291. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
292.  
293. ;; OPT PSEUDOSECTION:
294. ; EDNS: version: 0, flags:; udp: 4096
295. ;; QUESTION SECTION:
296. ;priestnall.stockport.sch.uk. IN A
297.  
298. ;; AUTHORITY SECTION:
299. priestnall.stockport.sch.uk. 300 IN SOA ns1.sseln.org.uk. hostmaster\@sseln.org.uk. 2009112741 10800 3600 604800 38400
300.  
301. ;; Query time: 240 msec
302. ;; SERVER: 185.93.180.131#53(185.93.180.131)
303. ;; WHEN: ven avr 26 12:08:05 EDT 2019
304. ;; MSG SIZE rcvd: 123
305. #######################################################################################################################################
306. ; <<>> DiG 9.11.5-P4-3-Debian <<>> +trace priestnall.stockport.sch.uk
307. ;; global options: +cmd
308. . 84647 IN NS m.root-servers.net.
309. . 84647 IN NS k.root-servers.net.
310. . 84647 IN NS d.root-servers.net.
311. . 84647 IN NS g.root-servers.net.
312. . 84647 IN NS i.root-servers.net.
313. . 84647 IN NS c.root-servers.net.
314. . 84647 IN NS j.root-servers.net.
315. . 84647 IN NS b.root-servers.net.
316. . 84647 IN NS e.root-servers.net.
317. . 84647 IN NS f.root-servers.net.
318. . 84647 IN NS h.root-servers.net.
319. . 84647 IN NS a.root-servers.net.
320. . 84647 IN NS l.root-servers.net.
321. . 84647 IN RRSIG NS 8 0 518400 20190509050000 20190426040000 25266 . eFpb+bFjhQ6eCBbLG7VqpTg4XVf0nUJeIKyAEwcA1CzX/SwZiSrQWwI6 +hRNtyxmjOMR5RB2DX6HB/rUMqlptaz6zCzHtwo5bBXfcnkOlSqrR68F nj9Dy97rtrVvu6jvxIuuwecRNkLcPF9CR5bgR3MDbQrH73cSd+2GD/6E EAsaiq2FvxOza9ic7Tbdc4ofAGfcNWd9mOEgWvQWlAjBqe+QoccbIcQV hrEmS/01ZJZWFT7txaDybwy+bjGqZlXkzoRxP9fWbSp6SeL1VwUK2vT9 VJO03p+Zxz/BAa15GGr9El+q8E98rJH23D3JPWyYB1hYxsJDwvPV+NkM N+yF9Q==
322. ;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 230 ms
323.  
324. uk. 172800 IN NS nsc.nic.uk.
325. uk. 172800 IN NS dns3.nic.uk.
326. uk. 172800 IN NS nsd.nic.uk.
327. uk. 172800 IN NS dns1.nic.uk.
328. uk. 172800 IN NS nsb.nic.uk.
329. uk. 172800 IN NS dns4.nic.uk.
330. uk. 172800 IN NS nsa.nic.uk.
331. uk. 172800 IN NS dns2.nic.uk.
332. uk. 86400 IN DS 43876 8 2 A107ED2AC1BD14D924173BC7E827A1153582072394F9272BA37E2353 BC659603
333. uk. 86400 IN RRSIG DS 8 1 86400 20190509050000 20190426040000 25266 . BZYP4N58TaEL58lCr3xXxG7CcMloeuLy1t3AKgh+VHd/U67XK589PId3 8QCtJUJiuPxU7h1jbMw7hX19W+DHIhYt5dQXe6pRZYfJj0kDEAAB25l1 RfaocLu74WfXcOPIDAJBMc5OmZ5cQVZzzJNFxv2u76Cq1TfZdd3zBKsJ bIaf6Sito30WBTBr7GjjoiG/sZoG7ZkqjNiPIKvkmtXGxRMlt9FMVbg6 KoQ3P8LzdZ/IEoOrq0ODK9V2+xFUBz9ZfERv6xz9FSZWS54Bc7KCBViR rVZPsUDiTWvNnQH3oeQFPS8M3aa9risZAyrDgNk5bWnn3v38U0n8SIhH nIS4gA==
334. ;; Received 811 bytes from 2001:7fd::1#53(k.root-servers.net) in 69 ms
335.  
336. priestnall.stockport.sch.uk. 172800 IN NS ns0.sseln.org.uk.
337. priestnall.stockport.sch.uk. 172800 IN NS ns1.sseln.org.uk.
338. fubp2bvtsi1mrvmsv9angv1t1m5qbnk4.sch.uk. 10800 IN NSEC3 1 1 0 - G6ARBN6BN35BH93UCIQT7O2SMTNQ421K
339. fubp2bvtsi1mrvmsv9angv1t1m5qbnk4.sch.uk. 10800 IN RRSIG NSEC3 8 3 10800 20190525103708 20190420102139 10434 sch.uk. MZGxJyZvz6g6xyLLalppHoJSntPiUpVKMhcLV75YZamLAq1b3Y8ux/dV Q511eHbqha1x6ZXcH7NkuTqZ5+RsgSf14m69TOcNP30HB4z96Qu3dUtf NmcBUXtTMCMiZlZm+30oODRz8SWxZ+fhZeIhC1AhkzhkvKjCrDfJE5xN Q2E=
340. sk631j3cbp52d6p5ddn2fha95gl3gl4g.sch.uk. 10800 IN NSEC3 1 1 0 - SKRFJDJN1IMK6CGCN9OHEQRJAI06NBJ8
341. sk631j3cbp52d6p5ddn2fha95gl3gl4g.sch.uk. 10800 IN RRSIG NSEC3 8 3 10800 20190525183250 20190420182939 10434 sch.uk. FW1t3GncH2hPMtI5xVlgxGUhMK581xHyl+0xO/O7lhMpBBUg23HIwCGj afJB97pgHhSU5qyqNvDqYN8RpCJpfnvPB9Jz04U+iDLB8ckNInHHhlUF 309IK8NhjEf665bmgqFJqh80azkr9O3gh+Wg+l8R0+mXDBMsKnKCyxG1 /Yg=
342. ;; Received 576 bytes from 2a01:618:404::1#53(dns3.nic.uk) in 115 ms
343.  
344. priestnall.stockport.sch.uk. 300 IN SOA ns1.sseln.org.uk. hostmaster\@sseln.org.uk. 2009112741 10800 3600 604800 38400
345. ;; Received 123 bytes from 212.121.220.246#53(ns0.sseln.org.uk) in 235 ms
346. #######################################################################################################################################
347. [*] Performing General Enumeration of Domain: priestnall.stockport.sch.uk
348. [-] DNSSEC is not configured for priestnall.stockport.sch.uk
349. [*] SOA ns1.sseln.org.uk 212.121.220.247
350. [*] NS ns1.sseln.org.uk 212.121.220.247
351. [*] Bind Version for 212.121.220.247 -
352. [*] NS ns0.sseln.org.uk 212.121.220.246
353. [*] Bind Version for 212.121.220.246 -
354. [*] MX cluster8a.eu.messagelabs.com 52.59.133.150
355. [*] MX cluster8a.eu.messagelabs.com 52.28.91.133
356. [*] MX cluster8a.eu.messagelabs.com 18.194.106.207
357. [*] MX cluster8.eu.messagelabs.com 46.226.52.98
358. [*] MX cluster8.eu.messagelabs.com 85.158.142.194
359. [*] MX cluster8.eu.messagelabs.com 46.226.52.200
360. [*] MX cluster8.eu.messagelabs.com 46.226.53.50
361. [*] MX cluster8.eu.messagelabs.com 85.158.142.201
362. [*] MX cluster8.eu.messagelabs.com 46.226.53.56
363. [*] MX cluster8.eu.messagelabs.com 46.226.52.194
364. [*] MX cluster8.eu.messagelabs.com 85.158.142.104
365. [*] MX cluster8.eu.messagelabs.com 46.226.52.104
366. [*] MX cluster8.eu.messagelabs.com 85.158.142.98
367. [*] TXT priestnall.stockport.sch.uk MS=ms70385867
368. [*] TXT priestnall.stockport.sch.uk google-site-verification=ltvC58SDT1bMXNamG2le07v7AI7qDRRrqBqJaVLmETU
369. [*] Enumerating SRV Records
370. [-] No SRV Records Found for priestnall.stockport.sch.uk
371. [+] 0 Records Found
372. #######################################################################################################################################
373. ocessing domain priestnall.stockport.sch.uk
374. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
375. [+] Getting nameservers
376. 212.121.220.247 - ns1.sseln.org.uk
377. 212.121.220.246 - ns0.sseln.org.uk
378. [-] Zone transfer failed
379.  
380. [+] TXT records found
381. "MS=ms70385867"
382. "google-site-verification=ltvC58SDT1bMXNamG2le07v7AI7qDRRrqBqJaVLmETU"
383.  
384. [+] MX records found, added to target list
385. 20 cluster8a.eu.messagelabs.com.
386. 10 cluster8.eu.messagelabs.com.
387.  
388. [*] Scanning priestnall.stockport.sch.uk for A records
389. 212.121.220.45 - beta.priestnall.stockport.sch.uk
390. 212.121.220.45 - mail.priestnall.stockport.sch.uk
391. 212.121.220.45 - remote.priestnall.stockport.sch.uk
392. 212.121.220.45 - vle.priestnall.stockport.sch.uk
393. 212.121.220.45 - www.priestnall.stockport.sch.uk
394. #######################################################################################################################################
395. Ip Address Status Type Domain Name Server
396. ---------- ------ ---- ----------- ------
397. 212.121.220.45 302 host beta.priestnall.stockport.sch.uk
398. 212.121.220.45 302 host mail.priestnall.stockport.sch.uk
399. 212.121.220.45 302 host remote.priestnall.stockport.sch.uk
400. 212.121.220.45 302 host www.priestnall.stockport.sch.uk
401. #######################################################################################################################################
402. dnsenum VERSION:1.2.4
403.  
404. ----- www.priestnall.stockport.sch.uk -----
405.  
406.  
407. Host's addresses:
408. __________________
409.  
410. www.priestnall.stockport.sch.uk. 299 IN A 212.121.220.45
411.  
412.  
413. Name Servers:
414. ______________
415. #######################################################################################################################################
416. ===============================================
417. -=Subfinder v1.1.3 github.com/subfinder/subfinder
418. ===============================================
419.  
420.  
421. Running Source: Ask
422. Running Source: Archive.is
423. Running Source: Baidu
424. Running Source: Bing
425. Running Source: CertDB
426. Running Source: CertificateTransparency
427. Running Source: Certspotter
428. Running Source: Commoncrawl
429. Running Source: Crt.sh
430. Running Source: Dnsdb
431. Running Source: DNSDumpster
432. Running Source: DNSTable
433. Running Source: Dogpile
434. Running Source: Exalead
435. Running Source: Findsubdomains
436. Running Source: Googleter
437. Running Source: Hackertarget
438. Running Source: Ipv4Info
439. Running Source: PTRArchive
440. Running Source: Sitedossier
441. Running Source: Threatcrowd
442. Running Source: ThreatMiner
443. Running Source: WaybackArchive
444. Running Source: Yahoo
445.  
446. Running enumeration on www.priestnall.stockport.sch.uk
447.  
448. dnsdb: Unexpected return status 503
449.  
450. waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.www.priestnall.stockport.sch.uk/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
451.  
452. dogpile: Get https://www.dogpile.com/search/web?q=www.priestnall.stockport.sch.uk&qsi=1: EOF
453.  
454.  
455. Starting Bruteforcing of www.priestnall.stockport.sch.uk with 9985 words
456.  
457. Total 1 Unique subdomains found for www.priestnall.stockport.sch.uk
458.  
459. .www.priestnall.stockport.sch.uk
460. #######################################################################################################################################
461. [*] Processing domain www.priestnall.stockport.sch.uk
462. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
463. [+] Getting nameservers
464. [-] Getting nameservers failed
465. [-] Zone transfer failed
466.  
467. [*] Scanning www.priestnall.stockport.sch.uk for A records
468. 212.121.220.45 - www.priestnall.stockport.sch.uk
469. #######################################################################################################################################
470. [+] www.priestnall.stockport.sch.uk has no SPF record!
471. [*] No DMARC record found. Looking for organizational record
472. [+] No organizational DMARC record
473. [+] Spoofing possible for www.priestnall.stockport.sch.uk!
474. #######################################################################################################################################
475. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:13 EDT
476. Nmap scan report for www.priestnall.stockport.sch.uk (212.121.220.45)
477. Host is up (0.30s latency).
478. Not shown: 471 filtered ports, 3 closed ports
479. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
480. PORT STATE SERVICE
481. 80/tcp open http
482. 443/tcp open https
483. #######################################################################################################################################
484. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:14 EDT
485. Nmap scan report for www.priestnall.stockport.sch.uk (212.121.220.45)
486. Host is up (0.20s latency).
487. Not shown: 2 filtered ports
488. PORT STATE SERVICE
489. 53/udp open|filtered domain
490. 67/udp open|filtered dhcps
491. 68/udp open|filtered dhcpc
492. 69/udp open|filtered tftp
493. 88/udp open|filtered kerberos-sec
494. 123/udp open|filtered ntp
495. 139/udp open|filtered netbios-ssn
496. 161/udp open|filtered snmp
497. 162/udp open|filtered snmptrap
498. 389/udp open|filtered ldap
499. 520/udp open|filtered route
500. 2049/udp open|filtered nfs
501. #######################################################################################################################################
502. http://www.priestnall.stockport.sch.uk [302 Found] Country[UNITED KINGDOM][GB], IP[212.121.220.45], RedirectLocation[https://www.priestnall.stockport.sch.uk/]
503. https://www.priestnall.stockport.sch.uk/ [200 OK] Country[UNITED KINGDOM][GB], HTML5, HTTPServer[Microsoft-IIS/8.5], IP[212.121.220.45], JQuery[1.12.4], MetaGenerator[WordPress 4.9.4], Microsoft-IIS[8.5], PHP[5.6.31], Script[text/javascript], Title[Priestnall School], UncommonHeaders[link], WordPress[4.9.4], X-Powered-By[PHP/5.6.31]
504. #######################################################################################################################################
505.  
506. wig - WebApp Information Gatherer
507.  
508.  
509. Scanning https://www.priestnall.stockport.sch.uk...
510. ____________________________________ SITE INFO ____________________________________
511. IP Title
512. 212.121.220.45 Priestnall School
513.  
514. _____________________________________ VERSION _____________________________________
515. Name Versions Type
516. WordPress 4.9.4 CMS
517. IIS 8.5 Platform
518. PHP 5.6.31 Platform
519. Microsoft Windows Server 2012 R2 OS
520.  
521. ___________________________________ INTERESTING ___________________________________
522. URL Note Type
523. /wp-login.php Wordpress login page Interesting
524. /readme.html Readme file Interesting
525. /robots.txt robots.txt index Interesting
526. /login/ Login Page Interesting
527.  
528. ______________________________________ TOOLS ______________________________________
529. Name Link Software
530. wpscan https://github.com/wpscanteam/wpscan WordPress
531. CMSmap https://github.com/Dionach/CMSmap WordPress
532.  
533. ___________________________________________________________________________________
534. Time: 249.3 sec Urls: 265 Fingerprints: 40401
535. #######################################################################################################################################
536. HTTP/1.1 302 Object Moved
537. Date: Fri, 26 Apr 2019 15:20:58 GMT
538. Connection: Keep-Alive
539. Content-Length: 0
540. Location: https://www.priestnall.stockport.sch.uk/
541.  
542. HTTP/1.1 302 Object Moved
543. Date: Fri, 26 Apr 2019 15:20:59 GMT
544. Connection: Keep-Alive
545. Content-Length: 0
546. Location: https://www.priestnall.stockport.sch.uk/
547.  
548. HTTP/1.1 200 OK
549. Connection: Keep-Alive
550. Content-Length: 0
551. Date: Fri, 26 Apr 2019 15:21:04 GMT
552. Content-Type: text/html; charset=UTF-8
553. Server: Microsoft-IIS/8.5
554. X-Powered-By: PHP/5.6.31
555. Link: <https://www.priestnall.stockport.sch.uk/wp-json/>; rel="https://api.w.org/"
556. Link: <https://www.priestnall.stockport.sch.uk/>; rel=shortlink
557. #######################################################################################################################################
558. IIS 8.5
559. jQuery Migrate
560. WordPress 4.9.4
561. jQuery 1.12.4
562. PHP 5.6.31
563. Google Font API
564. WordPress
565. #######################################################################################################################################
566. wig - WebApp Information Gatherer
567.  
568.  
569. Scanning https://www.priestnall.stockport.sch.uk...
570. ____________________________________ SITE INFO ____________________________________
571. IP Title
572. 212.121.220.45 Priestnall School
573.  
574. _____________________________________ VERSION _____________________________________
575. Name Versions Type
576. WordPress 4.9.4 CMS
577. IIS 8.5 Platform
578. PHP 5.6.31 Platform
579. Microsoft Windows Server 2012 R2 OS
580.  
581. ___________________________________ INTERESTING ___________________________________
582. URL Note Type
583. /wp-login.php Wordpress login page Interesting
584. /robots.txt robots.txt index Interesting
585. /readme.html Readme file Interesting
586. /login/ Login Page Interesting
587.  
588. ______________________________________ TOOLS ______________________________________
589. Name Link Software
590. wpscan https://github.com/wpscanteam/wpscan WordPress
591. CMSmap https://github.com/Dionach/CMSmap WordPress
592.  
593. ___________________________________________________________________________________
594. Time: 1.3 sec Urls: 265 Fingerprints: 40401
595. #######################################################################################################################################
596. HTTP/1.1 200 OK
597. Connection: Keep-Alive
598. Content-Length: 0
599. Date: Fri, 26 Apr 2019 15:24:29 GMT
600. Content-Type: text/html; charset=UTF-8
601. Server: Microsoft-IIS/8.5
602. X-Powered-By: PHP/5.6.31
603. Link: <https://www.priestnall.stockport.sch.uk/wp-json/>; rel="https://api.w.org/"
604. Link: <https://www.priestnall.stockport.sch.uk/>; rel=shortlink
605.  
606. HTTP/1.1 200 OK
607. Connection: Keep-Alive
608. Content-Length: 0
609. Date: Fri, 26 Apr 2019 15:24:34 GMT
610. Content-Type: text/html; charset=UTF-8
611. Server: Microsoft-IIS/8.5
612. X-Powered-By: PHP/5.6.31
613. Link: <https://www.priestnall.stockport.sch.uk/wp-json/>; rel="https://api.w.org/"
614. Link: <https://www.priestnall.stockport.sch.uk/>; rel=shortlink
615. #######################################################################################################################################
616. IIS 8.5
617. jQuery Migrate
618. WordPress 4.9.4
619. jQuery 1.12.4
620. Google Font API
621. PHP 5.6.31
622. WordPress
623. #######################################################################################################################################
624. Version: 1.11.13-static
625. OpenSSL 1.0.2-chacha (1.0.2g-dev)
626.  
627. Connected to 212.121.220.45
628.  
629. Testing SSL server www.priestnall.stockport.sch.uk on port 443 using SNI name www.priestnall.stockport.sch.uk
630.  
631. TLS Fallback SCSV:
632. Server does not support TLS Fallback SCSV
633.  
634. TLS renegotiation:
635. Secure session renegotiation supported
636.  
637. TLS Compression:
638. Compression disabled
639.  
640. Heartbleed:
641. TLS 1.2 not vulnerable to heartbleed
642. TLS 1.1 not vulnerable to heartbleed
643. TLS 1.0 not vulnerable to heartbleed
644.  
645. Supported Server Cipher(s):
646. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
647. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
648. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
649. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
650. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits
651. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits
652. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
653. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
654. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
655. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
656. Accepted TLSv1.2 256 bits AES256-SHA256
657. Accepted TLSv1.2 128 bits AES128-SHA256
658. Accepted TLSv1.2 256 bits AES256-SHA
659. Accepted TLSv1.2 128 bits AES128-SHA
660. Accepted TLSv1.2 112 bits DES-CBC3-SHA
661. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
662. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
663. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
664. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
665. Accepted TLSv1.1 256 bits AES256-SHA
666. Accepted TLSv1.1 128 bits AES128-SHA
667. Accepted TLSv1.1 112 bits DES-CBC3-SHA
668. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
669. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
670. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
671. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
672. Accepted TLSv1.0 256 bits AES256-SHA
673. Accepted TLSv1.0 128 bits AES128-SHA
674. Accepted TLSv1.0 112 bits DES-CBC3-SHA
675.  
676. SSL Certificate:
677. Signature Algorithm: sha256WithRSAEncryption
678. RSA Key Strength: 2048
679.  
680. Subject: *.priestnall.stockport.sch.uk
681. Altnames: DNS:*.priestnall.stockport.sch.uk, DNS:priestnall.stockport.sch.uk
682. Issuer: Go Daddy Secure Certificate Authority - G2
683.  
684. Not valid before: Jun 21 08:34:17 2018 GMT
685. Not valid after: Jun 21 07:27:38 2020 GMT
686. #######################################################################################################################################
687. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:34 EDT
688. Nmap scan report for 212.121.220.45
689. Host is up (0.30s latency).
690. Not shown: 471 filtered ports, 3 closed ports
691. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
692. PORT STATE SERVICE
693. 80/tcp open http
694. 443/tcp open https
695. #######################################################################################################################################
696. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:34 EDT
697. Nmap scan report for 212.121.220.45
698. Host is up (0.23s latency).
699. Not shown: 2 filtered ports
700. PORT STATE SERVICE
701. 53/udp open|filtered domain
702. 67/udp open|filtered dhcps
703. 68/udp open|filtered dhcpc
704. 69/udp open|filtered tftp
705. 88/udp open|filtered kerberos-sec
706. 123/udp open|filtered ntp
707. 139/udp open|filtered netbios-ssn
708. 161/udp open|filtered snmp
709. 162/udp open|filtered snmptrap
710. 389/udp open|filtered ldap
711. 520/udp open|filtered route
712. 2049/udp open|filtered nfs
713. #######################################################################################################################################
714. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:34 EDT
715. Nmap scan report for 212.121.220.45
716. Host is up.
717.  
718. PORT STATE SERVICE VERSION
719. 67/udp open|filtered dhcps
720. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
721. Too many fingerprints match this host to give specific OS details
722.  
723. TRACEROUTE (using proto 1/icmp)
724. HOP RTT ADDRESS
725. 1 233.11 ms 10.245.200.1
726. 2 234.49 ms 213.184.122.97
727. 3 288.19 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
728. 4 322.13 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
729. 5 288.40 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
730. 6 288.82 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
731. 7 325.00 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
732. 8 326.20 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
733. 9 336.23 ms et-0-0-59.cr10-lon2.ip4.gtt.net (89.149.141.237)
734. 10 336.28 ms ip4.gtt.net (46.33.78.86)
735. 11 315.03 ms ae24.londhx-sbr1.ja.net (146.97.35.197)
736. 12 315.19 ms ae29.londpg-sbr2.ja.net (146.97.33.2)
737. 13 319.67 ms ae31.erdiss-sbr2.ja.net (146.97.33.22)
738. 14 324.20 ms ae29.manckh-sbr2.ja.net (146.97.33.42)
739. 15 324.17 ms ae23.mancrh-rbr1.ja.net (146.97.38.42)
740. 16 327.83 ms stockport-mbc-stpfd2.ja.net (146.97.169.66)
741. 17 ... 30
742. #######################################################################################################################################
743. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:36 EDT
744. Nmap scan report for 212.121.220.45
745. Host is up.
746.  
747. PORT STATE SERVICE VERSION
748. 68/udp open|filtered dhcpc
749. Too many fingerprints match this host to give specific OS details
750.  
751. TRACEROUTE (using proto 1/icmp)
752. HOP RTT ADDRESS
753. 1 184.36 ms 10.245.200.1
754. 2 185.53 ms 213.184.122.97
755. 3 203.17 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
756. 4 258.23 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
757. 5 203.62 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
758. 6 203.66 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
759. 7 260.05 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
760. 8 261.48 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
761. 9 273.02 ms et-0-0-59.cr10-lon2.ip4.gtt.net (89.149.141.237)
762. 10 273.11 ms ip4.gtt.net (46.33.78.86)
763. 11 318.82 ms ae24.londhx-sbr1.ja.net (146.97.35.197)
764. 12 319.64 ms ae29.londpg-sbr2.ja.net (146.97.33.2)
765. 13 322.53 ms ae31.erdiss-sbr2.ja.net (146.97.33.22)
766. 14 324.50 ms ae29.manckh-sbr2.ja.net (146.97.33.42)
767. 15 324.53 ms ae23.mancrh-rbr1.ja.net (146.97.38.42)
768. 16 317.50 ms stockport-mbc-stpfd2.ja.net (146.97.169.66)
769. 17 ... 30
770. #######################################################################################################################################
771. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:38 EDT
772. Nmap scan report for 212.121.220.45
773. Host is up.
774.  
775. PORT STATE SERVICE VERSION
776. 69/udp open|filtered tftp
777. Too many fingerprints match this host to give specific OS details
778.  
779. TRACEROUTE (using proto 1/icmp)
780. HOP RTT ADDRESS
781. 1 211.48 ms 10.245.200.1
782. 2 212.82 ms 213.184.122.97
783. 3 262.60 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
784. 4 296.51 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
785. 5 262.59 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
786. 6 262.57 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
787. 7 299.31 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
788. 8 301.17 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
789. 9 308.43 ms et-0-0-59.cr10-lon2.ip4.gtt.net (89.149.141.237)
790. 10 308.43 ms ip4.gtt.net (46.33.78.86)
791. 11 296.00 ms ae24.londhx-sbr1.ja.net (146.97.35.197)
792. 12 296.06 ms ae29.londpg-sbr2.ja.net (146.97.33.2)
793. 13 300.85 ms ae31.erdiss-sbr2.ja.net (146.97.33.22)
794. 14 300.46 ms ae29.manckh-sbr2.ja.net (146.97.33.42)
795. 15 300.43 ms ae23.mancrh-rbr1.ja.net (146.97.38.42)
796. 16 296.15 ms stockport-mbc-stpfd2.ja.net (146.97.169.66)
797. 17 ... 30
798. #######################################################################################################################################
799. wig - WebApp Information Gatherer
800.  
801.  
802. Scanning http://212.121.220.45...
803. _____________________ SITE INFO ______________________
804. IP Title
805. 212.121.220.45
806.  
807. ______________________ VERSION _______________________
808. Name Versions Type
809.  
810. ____________________ INTERESTING _____________________
811. URL Note Type
812. /readme.html Readme file Interesting
813. /install.php Installation file Interesting
814. /test.php Test file Interesting
815.  
816. ______________________________________________________
817. Time: 98.8 sec Urls: 599 Fingerprints: 40401
818. #######################################################################################################################################
819. HTTP/1.1 403 Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. )
820. Connection: close
821. Pragma: no-cache
822. Cache-Control: no-cache
823. Content-Type: text/html
824. Content-Length: 2040
825.  
826. HTTP/1.1 403 Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. )
827. Connection: close
828. Pragma: no-cache
829. Cache-Control: no-cache
830. Content-Type: text/html
831. Content-Length: 2040
832. #######################################################################################################################################
833. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:42 EDT
834. Nmap scan report for 212.121.220.45
835. Host is up.
836.  
837. PORT STATE SERVICE VERSION
838. 123/udp open|filtered ntp
839. Too many fingerprints match this host to give specific OS details
840.  
841. TRACEROUTE (using proto 1/icmp)
842. HOP RTT ADDRESS
843. 1 221.90 ms 10.245.200.1
844. 2 223.70 ms 213.184.122.97
845. 3 274.16 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
846. 4 328.35 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
847. 5 274.53 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
848. 6 274.55 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
849. 7 330.75 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
850. 8 331.57 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
851. 9 336.36 ms et-0-0-59.cr10-lon2.ip4.gtt.net (89.149.141.237)
852. 10 336.39 ms ip4.gtt.net (46.33.78.86)
853. 11 317.67 ms ae24.londhx-sbr1.ja.net (146.97.35.197)
854. 12 321.56 ms ae29.londpg-sbr2.ja.net (146.97.33.2)
855. 13 326.21 ms ae31.erdiss-sbr2.ja.net (146.97.33.22)
856. 14 328.77 ms ae29.manckh-sbr2.ja.net (146.97.33.42)
857. 15 328.79 ms ae23.mancrh-rbr1.ja.net (146.97.38.42)
858. 16 337.84 ms stockport-mbc-stpfd2.ja.net (146.97.169.66)
859. 17 ... 30
860. #######################################################################################################################################
861. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:45 EDT
862. Nmap scan report for 212.121.220.45
863. Host is up (0.34s latency).
864.  
865. PORT STATE SERVICE VERSION
866. 161/tcp filtered snmp
867. 161/udp open|filtered snmp
868. Too many fingerprints match this host to give specific OS details
869.  
870. TRACEROUTE (using proto 1/icmp)
871. HOP RTT ADDRESS
872. 1 168.62 ms 10.245.200.1
873. 2 169.74 ms 213.184.122.97
874. 3 168.67 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
875. 4 219.79 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
876. 5 182.22 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
877. 6 169.41 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
878. 7 223.35 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
879. 8 226.43 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
880. 9 236.28 ms et-0-0-59.cr10-lon2.ip4.gtt.net (89.149.141.237)
881. 10 236.28 ms ip4.gtt.net (46.33.78.86)
882. 11 235.04 ms ae24.londhx-sbr1.ja.net (146.97.35.197)
883. 12 235.39 ms ae29.londpg-sbr2.ja.net (146.97.33.2)
884. 13 239.16 ms ae31.erdiss-sbr2.ja.net (146.97.33.22)
885. 14 241.54 ms ae29.manckh-sbr2.ja.net (146.97.33.42)
886. 15 241.11 ms ae23.mancrh-rbr1.ja.net (146.97.38.42)
887. 16 241.09 ms stockport-mbc-stpfd2.ja.net (146.97.169.66)
888. 17 ... 30
889. #######################################################################################################################################
890. Version: 1.11.13-static
891. OpenSSL 1.0.2-chacha (1.0.2g-dev)
892.  
893. Connected to 212.121.220.45
894.  
895. Testing SSL server 212.121.220.45 on port 443 using SNI name 212.121.220.45
896.  
897. TLS Fallback SCSV:
898. Server does not support TLS Fallback SCSV
899.  
900. TLS renegotiation:
901. Secure session renegotiation supported
902.  
903. TLS Compression:
904. Compression disabled
905.  
906. Heartbleed:
907. TLS 1.2 not vulnerable to heartbleed
908. TLS 1.1 not vulnerable to heartbleed
909. TLS 1.0 not vulnerable to heartbleed
910.  
911. Supported Server Cipher(s):
912. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
913. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
914. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
915. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
916. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits
917. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits
918. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
919. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
920. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
921. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
922. Accepted TLSv1.2 256 bits AES256-SHA256
923. Accepted TLSv1.2 128 bits AES128-SHA256
924. Accepted TLSv1.2 256 bits AES256-SHA
925. Accepted TLSv1.2 128 bits AES128-SHA
926. Accepted TLSv1.2 112 bits DES-CBC3-SHA
927. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
928. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
929. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
930. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
931. Accepted TLSv1.1 256 bits AES256-SHA
932. Accepted TLSv1.1 128 bits AES128-SHA
933. Accepted TLSv1.1 112 bits DES-CBC3-SHA
934. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
935. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
936. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
937. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
938. Accepted TLSv1.0 256 bits AES256-SHA
939. Accepted TLSv1.0 128 bits AES128-SHA
940. Accepted TLSv1.0 112 bits DES-CBC3-SHA
941.  
942. SSL Certificate:
943. Signature Algorithm: sha256WithRSAEncryption
944. RSA Key Strength: 2048
945.  
946. Subject: *.priestnall.stockport.sch.uk
947. Altnames: DNS:*.priestnall.stockport.sch.uk, DNS:priestnall.stockport.sch.uk
948. Issuer: Go Daddy Secure Certificate Authority - G2
949.  
950. Not valid before: Jun 21 08:34:17 2018 GMT
951. Not valid after: Jun 21 07:27:38 2020 GMT
952. #######################################################################################################################################
953. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:50 EDT
954. NSE: Loaded 148 scripts for scanning.
955. NSE: Script Pre-scanning.
956. NSE: Starting runlevel 1 (of 2) scan.
957. Initiating NSE at 11:50
958. Completed NSE at 11:50, 0.00s elapsed
959. NSE: Starting runlevel 2 (of 2) scan.
960. Initiating NSE at 11:50
961. Completed NSE at 11:50, 0.00s elapsed
962. Initiating Ping Scan at 11:50
963. Scanning 212.121.220.45 [4 ports]
964. Completed Ping Scan at 11:50, 0.33s elapsed (1 total hosts)
965. Initiating Parallel DNS resolution of 1 host. at 11:50
966. Completed Parallel DNS resolution of 1 host. at 11:50, 0.03s elapsed
967. Initiating Connect Scan at 11:50
968. Scanning 212.121.220.45 [65535 ports]
969. Discovered open port 443/tcp on 212.121.220.45
970. Discovered open port 80/tcp on 212.121.220.45
971. Connect Scan Timing: About 5.46% done; ETC: 12:00 (0:08:57 remaining)
972. Connect Scan Timing: About 17.86% done; ETC: 11:56 (0:04:41 remaining)
973. Connect Scan Timing: About 33.93% done; ETC: 11:55 (0:02:57 remaining)
974. Connect Scan Timing: About 53.39% done; ETC: 11:54 (0:01:46 remaining)
975. Connect Scan Timing: About 75.47% done; ETC: 11:54 (0:00:49 remaining)
976. Completed Connect Scan at 11:53, 181.67s elapsed (65535 total ports)
977. Initiating Service scan at 11:53
978. Scanning 2 services on 212.121.220.45
979. Completed Service scan at 11:54, 5.00s elapsed (2 services on 1 host)
980. Initiating OS detection (try #1) against 212.121.220.45
981. Initiating Traceroute at 11:54
982. Completed Traceroute at 11:54, 6.29s elapsed
983. Initiating Parallel DNS resolution of 16 hosts. at 11:54
984. Completed Parallel DNS resolution of 16 hosts. at 11:54, 11.51s elapsed
985. NSE: Script scanning 212.121.220.45.
986. NSE: Starting runlevel 1 (of 2) scan.
987. Initiating NSE at 11:54
988. NSE Timing: About 97.13% done; ETC: 11:54 (0:00:01 remaining)
989. NSE Timing: About 99.28% done; ETC: 11:55 (0:00:00 remaining)
990. Completed NSE at 11:55, 78.54s elapsed
991. NSE: Starting runlevel 2 (of 2) scan.
992. Initiating NSE at 11:55
993. Completed NSE at 11:55, 0.00s elapsed
994. Nmap scan report for 212.121.220.45
995. Host is up, received syn-ack ttl 116 (0.19s latency).
996. Scanned at 2019-04-26 11:50:57 EDT for 286s
997. Not shown: 65530 filtered ports
998. Reason: 65530 no-responses
999. PORT STATE SERVICE REASON VERSION
1000. 25/tcp closed smtp conn-refused
1001. 80/tcp open tcpwrapped syn-ack
1002. |_http-title: The page cannot be displayed
1003. 139/tcp closed netbios-ssn conn-refused
1004. 443/tcp open tcpwrapped syn-ack
1005. | ssl-cert: Subject: commonName=*.priestnall.stockport.sch.uk/organizationalUnitName=Domain Control Validated
1006. | Subject Alternative Name: DNS:*.priestnall.stockport.sch.uk, DNS:priestnall.stockport.sch.uk
1007. | Issuer: commonName=Go Daddy Secure Certificate Authority - G2/organizationName=GoDaddy.com, Inc./stateOrProvinceName=Arizona/countryName=US/organizationalUnitName=http://certs.godaddy.com/repository//localityName=Scottsdale
1008. | Public Key type: rsa
1009. | Public Key bits: 2048
1010. | Signature Algorithm: sha256WithRSAEncryption
1011. | Not valid before: 2018-06-21T08:34:17
1012. | Not valid after: 2020-06-21T07:27:38
1013. | MD5: 0fac e613 1c64 fe39 5e6f 0bdd 84e9 8259
1014. | SHA-1: 0475 a948 b5a4 4af0 9054 5664 765c ccef 5950 8955
1015. | -----BEGIN CERTIFICATE-----
1016. | MIIG4DCCBcigAwIBAgIJAIYL0KwDWlrLMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
1017. | VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
1018. | MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
1019. | cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
1020. | dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE4MDYyMTA4MzQxN1oX
1021. | DTIwMDYyMTA3MjczOFowSzEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
1022. | dGVkMSYwJAYDVQQDDB0qLnByaWVzdG5hbGwuc3RvY2twb3J0LnNjaC51azCCASIw
1023. | DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOaYlYLVZaAO3KLXF4ot09RPEAoq
1024. | tM/mGTAzT2ZKsLaycSR1oSZJK3D7WKDmhzgNQ9g3e/zDFVGLCbyyRzPp1H+Tm6qV
1025. | gdRD01/w/YgxCQxMBsRnMxgAOEC8ZVuIc14Z3cEaRzdM4ZAfAAAJLuaFOsCJWCqK
1026. | yfuj7diRBaQZ5+DXdXhZpVZ6M654/N3A35D/qI66V7opTAl7X0eEojwm+Uodbbtf
1027. | Se1/zqmgMw1OawGDU3nP4d328arCOZGPGmXBUNvYoPRxZ2eFakwTcd2rqUygtlLA
1028. | xGT5TfY2YXO/Ou68PbyJw71qVW5e6PbtOlZBfZMNF+dL7aDzxQjfRwFUSxUCAwEA
1029. | AaOCA1swggNXMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
1030. | AQUFBwMCMA4GA1UdDwEB/wQEAwIFoDA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v
1031. | Y3JsLmdvZGFkZHkuY29tL2dkaWcyczEtODQwLmNybDBdBgNVHSAEVjBUMEgGC2CG
1032. | SAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29k
1033. | YWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAk
1034. | BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAC
1035. | hjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2Rp
1036. | ZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMEUGA1UdEQQ+
1037. | MDyCHSoucHJpZXN0bmFsbC5zdG9ja3BvcnQuc2NoLnVrghtwcmllc3RuYWxsLnN0
1038. | b2NrcG9ydC5zY2gudWswHQYDVR0OBBYEFLXnKZ6cqRyMPIZj+6NP3SG/K1YbMIIB
1039. | fwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb
1040. | 37jjd80OyA3cEAAAAWQhe5rZAAAEAwBHMEUCIEack7Jg+60EJbu5bTHt5byFCv80
1041. | kxOzV2Y+F5aYkHOXAiEAnimDssK2keGGrZ/GPx4QdJdsZsd01WlLGnzJNLs0yP8A
1042. | dgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWQhe59FAAAEAwBH
1043. | MEUCIHtLiKxw+eSR5eOpkSINoXl4J8YUKl3vIZFsjowihRenAiEAlxzttD2vgtvV
1044. | u3chtIuHoYW/k666Kw5Fo2bSMB2T1NMAdwBep3P531bA57U2SH3QSeAyepGaDISh
1045. | EhKEGHWWgXFFWAAAAWQhe6CSAAAEAwBIMEYCIQC2rLk+7F8rjorbcyQ1wWNpMKYW
1046. | UYxNc314YliehI27YQIhAL1/n0K5CGKzdLuHprZN+vuQol6pU88/mFSFPewFd9w3
1047. | MA0GCSqGSIb3DQEBCwUAA4IBAQASAdmd4GSg5UITgS8sdkgbMIKsE5c0f3f7BPo5
1048. | bTpCQQHcia9bz2dz0Xt1kirc4xvTQNeHCrugDvaMLd8HSswvoI6+FRdec6HHjnLe
1049. | 1exKzhfJR92Y2NLr0he1JyGnFqVE+ITFMUcX701ZnvV3pyYn8RlvcaxQDaBKVauu
1050. | IMTQI7XUR0zUYqjdsKQOtfGNkXJM09fEteYXOPuo5vnEDY40F9d72Imeivrt0RX9
1051. | wDjJgVsUGwODy8NivXvQMq61xHf7Cp9HwVw9JkzRQ7dbN+X4is72Yw+xI6Pc9+kM
1052. | vs0WyzlKNYGRzdmsLzaLdXqOrKX3aY5+NVZR5pBNDVnwsCV0
1053. |_-----END CERTIFICATE-----
1054. 445/tcp closed microsoft-ds conn-refused
1055. Device type: WAP
1056. Running: Linux 2.6.X
1057. OS CPE: cpe:/o:linux:linux_kernel:2.6.22
1058. OS details: Tomato firmware (Linux 2.6.22)
1059. TCP/IP fingerprint:
1060. OS:SCAN(V=7.70%E=4%D=4/26%OT=443%CT=25%CU=%PV=N%G=N%TM=5CC329FF%P=x86_64-pc
1061. OS:-linux-gnu)SEQ(CI=Z)ECN(R=N)T1(R=N)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%TG=4
1062. OS:0%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0
1063. OS:%Q=)T7(R=N)U1(R=N)IE(R=N)
1064.  
1065.  
1066. TRACEROUTE (using proto 1/icmp)
1067. HOP RTT ADDRESS
1068. 1 199.90 ms 10.245.200.1
1069. 2 201.09 ms 213.184.122.97
1070. 3 212.50 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
1071. 4 265.20 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
1072. 5 212.53 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
1073. 6 212.53 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
1074. 7 266.24 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
1075. 8 267.00 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
1076. 9 276.42 ms et-0-0-59.cr10-lon2.ip4.gtt.net (89.149.141.237)
1077. 10 275.17 ms ip4.gtt.net (46.33.78.86)
1078. 11 252.66 ms ae24.londhx-sbr1.ja.net (146.97.35.197)
1079. 12 253.19 ms ae29.londpg-sbr2.ja.net (146.97.33.2)
1080. 13 256.27 ms ae31.erdiss-sbr2.ja.net (146.97.33.22)
1081. 14 259.86 ms ae29.manckh-sbr2.ja.net (146.97.33.42)
1082. 15 259.81 ms ae23.mancrh-rbr1.ja.net (146.97.38.42)
1083. 16 252.30 ms stockport-mbc-stpfd2.ja.net (146.97.169.66)
1084. 17 ... 30
1085.  
1086. NSE: Script Post-scanning.
1087. NSE: Starting runlevel 1 (of 2) scan.
1088. Initiating NSE at 11:55
1089. Completed NSE at 11:55, 0.00s elapsed
1090. NSE: Starting runlevel 2 (of 2) scan.
1091. Initiating NSE at 11:55
1092. Completed NSE at 11:55, 0.00s elapsed
1093. Read data files from: /usr/bin/../share/nmap
1094. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1095. Nmap done: 1 IP address (1 host up) scanned in 286.84 seconds
1096. Raw packets sent: 130 (7.680KB) | Rcvd: 38 (3.774KB)
1097. #######################################################################################################################################
1098. Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:55 EDT
1099. NSE: Loaded 148 scripts for scanning.
1100. NSE: Script Pre-scanning.
1101. Initiating NSE at 11:55
1102. Completed NSE at 11:55, 0.00s elapsed
1103. Initiating NSE at 11:55
1104. Completed NSE at 11:55, 0.00s elapsed
1105. Initiating Parallel DNS resolution of 1 host. at 11:55
1106. Completed Parallel DNS resolution of 1 host. at 11:55, 0.12s elapsed
1107. Initiating UDP Scan at 11:55
1108. Scanning 212.121.220.45 [14 ports]
1109. Completed UDP Scan at 11:55, 2.85s elapsed (14 total ports)
1110. Initiating Service scan at 11:55
1111. Scanning 12 services on 212.121.220.45
1112. Service scan Timing: About 8.33% done; ETC: 12:15 (0:17:47 remaining)
1113. Completed Service scan at 11:57, 102.58s elapsed (12 services on 1 host)
1114. Initiating OS detection (try #1) against 212.121.220.45
1115. Retrying OS detection (try #2) against 212.121.220.45
1116. Initiating Traceroute at 11:57
1117. Completed Traceroute at 11:57, 7.23s elapsed
1118. Initiating Parallel DNS resolution of 1 host. at 11:57
1119. Completed Parallel DNS resolution of 1 host. at 11:57, 0.00s elapsed
1120. NSE: Script scanning 212.121.220.45.
1121. Initiating NSE at 11:57
1122. Completed NSE at 11:58, 20.32s elapsed
1123. Initiating NSE at 11:58
1124. Completed NSE at 11:58, 1.56s elapsed
1125. Nmap scan report for 212.121.220.45
1126. Host is up (0.20s latency).
1127.  
1128. PORT STATE SERVICE VERSION
1129. 53/udp open|filtered domain
1130. 67/udp open|filtered dhcps
1131. 68/udp open|filtered dhcpc
1132. 69/udp open|filtered tftp
1133. 88/udp open|filtered kerberos-sec
1134. 123/udp open|filtered ntp
1135. 137/udp filtered netbios-ns
1136. 138/udp filtered netbios-dgm
1137. 139/udp open|filtered netbios-ssn
1138. 161/udp open|filtered snmp
1139. 162/udp open|filtered snmptrap
1140. 389/udp open|filtered ldap
1141. 520/udp open|filtered route
1142. 2049/udp open|filtered nfs
1143. Too many fingerprints match this host to give specific OS details
1144.  
1145. TRACEROUTE (using port 137/udp)
1146. HOP RTT ADDRESS
1147. 1 ...
1148. 2 168.32 ms 10.245.200.1
1149. 3 ...
1150. 4 168.65 ms 10.245.200.1
1151. 5 170.14 ms 10.245.200.1
1152. 6 170.13 ms 10.245.200.1
1153. 7 170.12 ms 10.245.200.1
1154. 8 170.11 ms 10.245.200.1
1155. 9 170.10 ms 10.245.200.1
1156. 10 170.11 ms 10.245.200.1
1157. 11 ... 18
1158. 19 168.43 ms 10.245.200.1
1159. 20 186.92 ms 10.245.200.1
1160. 21 ... 27
1161. 28 170.08 ms 10.245.200.1
1162. 29 ...
1163. 30 169.43 ms 10.245.200.1
1164.  
1165. NSE: Script Post-scanning.
1166. Initiating NSE at 11:58
1167. Completed NSE at 11:58, 0.00s elapsed
1168. Initiating NSE at 11:58
1169. Completed NSE at 11:58, 0.00s elapsed
1170. Read data files from: /usr/bin/../share/nmap
1171. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1172. Nmap done: 1 IP address (1 host up) scanned in 142.04 seconds
1173. Raw packets sent: 147 (13.614KB) | Rcvd: 443 (187.266KB)
1174. #######################################################################################################################################
1175. [+] URL: https://www.priestnall.stockport.sch.uk/
1176. [+] Started: Fri Apr 26 10:03:57 2019
1177.  
1178. Interesting Finding(s):
1179.  
1180. [+] https://www.priestnall.stockport.sch.uk/
1181. | Interesting Entries:
1182. | - Server: Microsoft-IIS/8.5
1183. | - X-Powered-By: PHP/5.6.31
1184. | Found By: Headers (Passive Detection)
1185. | Confidence: 100%
1186.  
1187. [+] https://www.priestnall.stockport.sch.uk/robots.txt
1188. | Found By: Robots Txt (Aggressive Detection)
1189. | Confidence: 100%
1190.  
1191. [+] https://www.priestnall.stockport.sch.uk/xmlrpc.php
1192. | Found By: Link Tag (Passive Detection)
1193. | Confidence: 100%
1194. | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
1195. | References:
1196. | - http://codex.wordpress.org/XML-RPC_Pingback_API
1197. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
1198. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
1199. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
1200. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
1201.  
1202. [+] https://www.priestnall.stockport.sch.uk/readme.html
1203. | Found By: Direct Access (Aggressive Detection)
1204. | Confidence: 100%
1205.  
1206. [+] This site has 'Must Use Plugins': https://www.priestnall.stockport.sch.uk/wp-content/mu-plugins/
1207. | Found By: Direct Access (Aggressive Detection)
1208. | Confidence: 80%
1209. | Reference: http://codex.wordpress.org/Must_Use_Plugins
1210.  
1211. [+] https://www.priestnall.stockport.sch.uk/wp-cron.php
1212. | Found By: Direct Access (Aggressive Detection)
1213. | Confidence: 60%
1214. | References:
1215. | - https://www.iplocation.net/defend-wordpress-from-ddos
1216. | - https://github.com/wpscanteam/wpscan/issues/1299
1217.  
1218. [+] WordPress version 4.9.4 identified (Insecure, released on 2018-02-06).
1219. | Detected By: Rss Generator (Passive Detection)
1220. | - https://www.priestnall.stockport.sch.uk/feed/, <generator>https://wordpress.org/?v=4.9.4</generator>
1221. | - https://www.priestnall.stockport.sch.uk/comments/feed/, <generator>https://wordpress.org/?v=4.9.4</generator>
1222. |
1223. | [!] 14 vulnerabilities identified:
1224. |
1225. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
1226. | References:
1227. | - https://wpvulndb.com/vulnerabilities/9021
1228. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
1229. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
1230. | - https://github.com/quitten/doser.py
1231. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
1232. |
1233. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
1234. | Fixed in: 4.9.5
1235. | References:
1236. | - https://wpvulndb.com/vulnerabilities/9053
1237. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
1238. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1239. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
1240. |
1241. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
1242. | Fixed in: 4.9.5
1243. | References:
1244. | - https://wpvulndb.com/vulnerabilities/9054
1245. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
1246. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1247. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
1248. |
1249. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
1250. | Fixed in: 4.9.5
1251. | References:
1252. | - https://wpvulndb.com/vulnerabilities/9055
1253. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
1254. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1255. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
1256. |
1257. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
1258. | Fixed in: 4.9.7
1259. | References:
1260. | - https://wpvulndb.com/vulnerabilities/9100
1261. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
1262. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
1263. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
1264. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
1265. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
1266. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
1267. |
1268. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
1269. | Fixed in: 4.9.9
1270. | References:
1271. | - https://wpvulndb.com/vulnerabilities/9169
1272. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
1273. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1274. |
1275. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
1276. | Fixed in: 4.9.9
1277. | References:
1278. | - https://wpvulndb.com/vulnerabilities/9170
1279. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
1280. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1281. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
1282. |
1283. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
1284. | Fixed in: 4.9.9
1285. | References:
1286. | - https://wpvulndb.com/vulnerabilities/9171
1287. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
1288. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1289. |
1290. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
1291. | Fixed in: 4.9.9
1292. | References:
1293. | - https://wpvulndb.com/vulnerabilities/9172
1294. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
1295. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1296. |
1297. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
1298. | Fixed in: 4.9.9
1299. | References:
1300. | - https://wpvulndb.com/vulnerabilities/9173
1301. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
1302. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1303. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
1304. |
1305. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
1306. | Fixed in: 4.9.9
1307. | References:
1308. | - https://wpvulndb.com/vulnerabilities/9174
1309. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
1310. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1311. |
1312. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
1313. | Fixed in: 4.9.9
1314. | References:
1315. | - https://wpvulndb.com/vulnerabilities/9175
1316. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
1317. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1318. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
1319. |
1320. | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
1321. | Fixed in: 4.9.9
1322. | References:
1323. | - https://wpvulndb.com/vulnerabilities/9222
1324. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
1325. | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
1326. |
1327. | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
1328. | Fixed in: 4.9.10
1329. | References:
1330. | - https://wpvulndb.com/vulnerabilities/9230
1331. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
1332. | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
1333. | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
1334. | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
1335.  
1336. [+] WordPress theme in use: siteorigin-north
1337. | Location: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/
1338. | Last Updated: 2019-03-14T00:00:00.000Z
1339. | Readme: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/readme.txt
1340. | [!] The version is out of date, the latest version is 1.6.8
1341. | Style URL: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/style.css
1342. | Style Name: SiteOrigin North
1343. | Style URI: https://siteorigin.com/theme/north/
1344. | Description: Inspired by the elegant majesty and purity of the Swiss Alps and built with business owners in mind,...
1345. | Author: SiteOrigin
1346. | Author URI: https://siteorigin.com/
1347. |
1348. | Detected By: Urls In Homepage (Passive Detection)
1349. |
1350. | Version: 1.4.3 (80% confidence)
1351. | Detected By: Style (Passive Detection)
1352. | - https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/style.css, Match: 'Version: 1.4.3'
1353.  
1354. [+] Enumerating All Plugins (via Passive Methods)
1355. [+] Checking Plugin Versions (via Passive and Aggressive Methods)
1356.  
1357. [i] Plugin(s) Identified:
1358.  
1359. [+] content-views-query-and-display-post-page
1360. | Location: https://www.priestnall.stockport.sch.uk/wp-content/plugins/content-views-query-and-display-post-page/
1361. | Last Updated: 2019-03-18T04:29:00.000Z
1362. | [!] The version is out of date, the latest version is 2.1.3.2
1363. |
1364. | Detected By: Urls In Homepage (Passive Detection)
1365. |
1366. | Version: 1.9.9.6 (100% confidence)
1367. | Detected By: Query Parameter (Passive Detection)
1368. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=1.9.9.6
1369. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=1.9.9.6
1370. | Confirmed By:
1371. | Readme - Stable Tag (Aggressive Detection)
1372. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/content-views-query-and-display-post-page/readme.txt
1373. | Readme - ChangeLog Section (Aggressive Detection)
1374. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/content-views-query-and-display-post-page/readme.txt
1375.  
1376. [+] cookie-notice
1377. | Location: https://www.priestnall.stockport.sch.uk/wp-content/plugins/cookie-notice/
1378. | Last Updated: 2019-01-24T10:47:00.000Z
1379. | [!] The version is out of date, the latest version is 1.2.46
1380. |
1381. | Detected By: Urls In Homepage (Passive Detection)
1382. |
1383. | Version: 1.2.41 (100% confidence)
1384. | Detected By: Query Parameter (Passive Detection)
1385. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/cookie-notice/js/front.min.js?ver=1.2.41
1386. | Confirmed By:
1387. | Readme - Stable Tag (Aggressive Detection)
1388. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/cookie-notice/readme.txt
1389. | Readme - ChangeLog Section (Aggressive Detection)
1390. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/cookie-notice/readme.txt
1391.  
1392. [+] popup-builder
1393. | Location: https://www.priestnall.stockport.sch.uk/wp-content/plugins/popup-builder/
1394. | Last Updated: 2019-04-03T15:34:00.000Z
1395. | [!] The version is out of date, the latest version is 3.1.9
1396. |
1397. | Detected By: Urls In Homepage (Passive Detection)
1398. |
1399. | Version: 2.6.7.3 (50% confidence)
1400. | Detected By: Readme - ChangeLog Section (Aggressive Detection)
1401. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/popup-builder/readme.txt
1402.  
1403. [+] siteorigin-panels
1404. | Location: https://www.priestnall.stockport.sch.uk/wp-content/plugins/siteorigin-panels/
1405. | Last Updated: 2019-04-06T00:55:00.000Z
1406. | [!] The version is out of date, the latest version is 2.10.5
1407. |
1408. | Detected By: Urls In Homepage (Passive Detection)
1409. |
1410. | Version: 2.6.2 (100% confidence)
1411. | Detected By: Readme - Stable Tag (Aggressive Detection)
1412. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/siteorigin-panels/readme.txt
1413. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
1414. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/siteorigin-panels/readme.txt
1415.  
1416. [+] so-widgets-bundle
1417. | Location: https://www.priestnall.stockport.sch.uk/wp-content/plugins/so-widgets-bundle/
1418. | Last Updated: 2019-03-27T20:27:00.000Z
1419. | [!] The version is out of date, the latest version is 1.15.4
1420. |
1421. | Detected By: Urls In Homepage (Passive Detection)
1422. |
1423. | Version: 1.11.4 (100% confidence)
1424. | Detected By: Readme - Stable Tag (Aggressive Detection)
1425. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/so-widgets-bundle/readme.txt
1426. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
1427. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/so-widgets-bundle/readme.txt
1428.  
1429. [+] tablepress
1430. | Location: https://www.priestnall.stockport.sch.uk/wp-content/plugins/tablepress/
1431. | Latest Version: 1.9.2 (up to date)
1432. | Last Updated: 2019-02-22T15:10:00.000Z
1433. |
1434. | Detected By: Urls In Homepage (Passive Detection)
1435. |
1436. | Version: 1.9.2 (90% confidence)
1437. | Detected By: Query Parameter (Passive Detection)
1438. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/tablepress/css/default.min.css?ver=1.9.2
1439. | Confirmed By: Readme - Stable Tag (Aggressive Detection)
1440. | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/tablepress/readme.txt
1441.  
1442. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
1443. Checking Config Backups - Time: 00:00:08 <=============> (21 / 21) 100.00% Time: 00:00:08
1444.  
1445. [i] No Config Backups Found.
1446.  
1447.  
1448. [+] Finished: Fri Apr 26 10:04:25 2019
1449. [+] Requests Done: 63
1450. [+] Cached Requests: 6
1451. [+] Data Sent: 13.147 KB
1452. [+] Data Received: 432.598 KB
1453. [+] Memory used: 175.703 MB
1454. [+] Elapsed time: 00:00:27
1455. #######################################################################################################################################
1456. [+] URL: https://www.priestnall.stockport.sch.uk/
1457. [+] Started: Fri Apr 26 10:04:02 2019
1458.  
1459. Interesting Finding(s):
1460.  
1461. [+] https://www.priestnall.stockport.sch.uk/
1462. | Interesting Entries:
1463. | - Server: Microsoft-IIS/8.5
1464. | - X-Powered-By: PHP/5.6.31
1465. | Found By: Headers (Passive Detection)
1466. | Confidence: 100%
1467.  
1468. [+] https://www.priestnall.stockport.sch.uk/robots.txt
1469. | Found By: Robots Txt (Aggressive Detection)
1470. | Confidence: 100%
1471.  
1472. [+] https://www.priestnall.stockport.sch.uk/xmlrpc.php
1473. | Found By: Link Tag (Passive Detection)
1474. | Confidence: 100%
1475. | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
1476. | References:
1477. | - http://codex.wordpress.org/XML-RPC_Pingback_API
1478. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
1479. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
1480. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
1481. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
1482.  
1483. [+] https://www.priestnall.stockport.sch.uk/readme.html
1484. | Found By: Direct Access (Aggressive Detection)
1485. | Confidence: 100%
1486.  
1487. [+] This site has 'Must Use Plugins': https://www.priestnall.stockport.sch.uk/wp-content/mu-plugins/
1488. | Found By: Direct Access (Aggressive Detection)
1489. | Confidence: 80%
1490. | Reference: http://codex.wordpress.org/Must_Use_Plugins
1491.  
1492. [+] https://www.priestnall.stockport.sch.uk/wp-cron.php
1493. | Found By: Direct Access (Aggressive Detection)
1494. | Confidence: 60%
1495. | References:
1496. | - https://www.iplocation.net/defend-wordpress-from-ddos
1497. | - https://github.com/wpscanteam/wpscan/issues/1299
1498.  
1499. [+] WordPress version 4.9.4 identified (Insecure, released on 2018-02-06).
1500. | Detected By: Rss Generator (Passive Detection)
1501. | - https://www.priestnall.stockport.sch.uk/feed/, <generator>https://wordpress.org/?v=4.9.4</generator>
1502. | - https://www.priestnall.stockport.sch.uk/comments/feed/, <generator>https://wordpress.org/?v=4.9.4</generator>
1503. |
1504. | [!] 14 vulnerabilities identified:
1505. |
1506. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
1507. | References:
1508. | - https://wpvulndb.com/vulnerabilities/9021
1509. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
1510. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
1511. | - https://github.com/quitten/doser.py
1512. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
1513. |
1514. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
1515. | Fixed in: 4.9.5
1516. | References:
1517. | - https://wpvulndb.com/vulnerabilities/9053
1518. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
1519. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1520. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
1521. |
1522. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
1523. | Fixed in: 4.9.5
1524. | References:
1525. | - https://wpvulndb.com/vulnerabilities/9054
1526. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
1527. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1528. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
1529. |
1530. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
1531. | Fixed in: 4.9.5
1532. | References:
1533. | - https://wpvulndb.com/vulnerabilities/9055
1534. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
1535. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1536. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
1537. |
1538. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
1539. | Fixed in: 4.9.7
1540. | References:
1541. | - https://wpvulndb.com/vulnerabilities/9100
1542. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
1543. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
1544. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
1545. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
1546. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
1547. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
1548. |
1549. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
1550. | Fixed in: 4.9.9
1551. | References:
1552. | - https://wpvulndb.com/vulnerabilities/9169
1553. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
1554. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1555. |
1556. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
1557. | Fixed in: 4.9.9
1558. | References:
1559. | - https://wpvulndb.com/vulnerabilities/9170
1560. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
1561. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1562. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
1563. |
1564. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
1565. | Fixed in: 4.9.9
1566. | References:
1567. | - https://wpvulndb.com/vulnerabilities/9171
1568. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
1569. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1570. |
1571. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
1572. | Fixed in: 4.9.9
1573. | References:
1574. | - https://wpvulndb.com/vulnerabilities/9172
1575. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
1576. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1577. |
1578. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
1579. | Fixed in: 4.9.9
1580. | References:
1581. | - https://wpvulndb.com/vulnerabilities/9173
1582. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
1583. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1584. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
1585. |
1586. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
1587. | Fixed in: 4.9.9
1588. | References:
1589. | - https://wpvulndb.com/vulnerabilities/9174
1590. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
1591. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1592. |
1593. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
1594. | Fixed in: 4.9.9
1595. | References:
1596. | - https://wpvulndb.com/vulnerabilities/9175
1597. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
1598. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1599. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
1600. |
1601. | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
1602. | Fixed in: 4.9.9
1603. | References:
1604. | - https://wpvulndb.com/vulnerabilities/9222
1605. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
1606. | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
1607. |
1608. | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
1609. | Fixed in: 4.9.10
1610. | References:
1611. | - https://wpvulndb.com/vulnerabilities/9230
1612. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
1613. | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
1614. | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
1615. | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
1616.  
1617. [+] WordPress theme in use: siteorigin-north
1618. | Location: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/
1619. | Last Updated: 2019-03-14T00:00:00.000Z
1620. | Readme: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/readme.txt
1621. | [!] The version is out of date, the latest version is 1.6.8
1622. | Style URL: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/style.css
1623. | Style Name: SiteOrigin North
1624. | Style URI: https://siteorigin.com/theme/north/
1625. | Description: Inspired by the elegant majesty and purity of the Swiss Alps and built with business owners in mind,...
1626. | Author: SiteOrigin
1627. | Author URI: https://siteorigin.com/
1628. |
1629. | Detected By: Urls In Homepage (Passive Detection)
1630. |
1631. | Version: 1.4.3 (80% confidence)
1632. | Detected By: Style (Passive Detection)
1633. | - https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/style.css, Match: 'Version: 1.4.3'
1634.  
1635. [+] Enumerating Users (via Passive and Aggressive Methods)
1636. Brute Forcing Author IDs - Time: 00:00:08 <==> (10 / 10) 100.00% Time: 00:00:08
1637.  
1638. [i] User(s) Identified:
1639.  
1640. [+] Webmaster
1641. | Detected By: Rss Generator (Passive Detection)
1642. | Confirmed By: Rss Generator (Aggressive Detection)
1643.  
1644. [+] mmarkendale
1645. | Detected By: Wp Json Api (Aggressive Detection)
1646. | - https://www.priestnall.stockport.sch.uk/wp-json/wp/v2/users/?per_page=100&page=1
1647. | Confirmed By:
1648. | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1649. | Login Error Messages (Aggressive Detection)
1650.  
1651. [+] mmason
1652. | Detected By: Wp Json Api (Aggressive Detection)
1653. | - https://www.priestnall.stockport.sch.uk/wp-json/wp/v2/users/?per_page=100&page=1
1654. | Confirmed By:
1655. | Oembed API - Author URL (Aggressive Detection)
1656. | - https://www.priestnall.stockport.sch.uk/wp-json/oembed/1.0/embed?url=https://www.priestnall.stockport.sch.uk/&format=json
1657. | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1658. | Login Error Messages (Aggressive Detection)
1659.  
1660. [+] gpearson
1661. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1662. | Confirmed By: Login Error Messages (Aggressive Detection)
1663.  
1664.  
1665. [+] Finished: Fri Apr 26 10:04:26 2019
1666. [+] Requests Done: 35
1667. [+] Cached Requests: 24
1668. [+] Data Sent: 8.57 KB
1669. [+] Data Received: 341.602 KB
1670. [+] Memory used: 99.762 MB
1671. [+] Elapsed time: 00:00:24
1672. #######################################################################################################################################
1673. [+] URL: https://www.priestnall.stockport.sch.uk/
1674. [+] Started: Fri Apr 26 10:10:20 2019
1675.  
1676. Interesting Finding(s):
1677.  
1678. [+] https://www.priestnall.stockport.sch.uk/
1679. | Interesting Entries:
1680. | - Server: Microsoft-IIS/8.5
1681. | - X-Powered-By: PHP/5.6.31
1682. | Found By: Headers (Passive Detection)
1683. | Confidence: 100%
1684.  
1685. [+] https://www.priestnall.stockport.sch.uk/robots.txt
1686. | Found By: Robots Txt (Aggressive Detection)
1687. | Confidence: 100%
1688.  
1689. [+] https://www.priestnall.stockport.sch.uk/xmlrpc.php
1690. | Found By: Link Tag (Passive Detection)
1691. | Confidence: 100%
1692. | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
1693. | References:
1694. | - http://codex.wordpress.org/XML-RPC_Pingback_API
1695. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
1696. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
1697. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
1698. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
1699.  
1700. [+] https://www.priestnall.stockport.sch.uk/readme.html
1701. | Found By: Direct Access (Aggressive Detection)
1702. | Confidence: 100%
1703.  
1704. [+] This site has 'Must Use Plugins': https://www.priestnall.stockport.sch.uk/wp-content/mu-plugins/
1705. | Found By: Direct Access (Aggressive Detection)
1706. | Confidence: 80%
1707. | Reference: http://codex.wordpress.org/Must_Use_Plugins
1708.  
1709. [+] https://www.priestnall.stockport.sch.uk/wp-cron.php
1710. | Found By: Direct Access (Aggressive Detection)
1711. | Confidence: 60%
1712. | References:
1713. | - https://www.iplocation.net/defend-wordpress-from-ddos
1714. | - https://github.com/wpscanteam/wpscan/issues/1299
1715.  
1716. [+] WordPress version 4.9.4 identified (Insecure, released on 2018-02-06).
1717. | Detected By: Rss Generator (Passive Detection)
1718. | - https://www.priestnall.stockport.sch.uk/feed/, <generator>https://wordpress.org/?v=4.9.4</generator>
1719. | - https://www.priestnall.stockport.sch.uk/comments/feed/, <generator>https://wordpress.org/?v=4.9.4</generator>
1720. |
1721. | [!] 14 vulnerabilities identified:
1722. |
1723. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
1724. | References:
1725. | - https://wpvulndb.com/vulnerabilities/9021
1726. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
1727. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
1728. | - https://github.com/quitten/doser.py
1729. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
1730. |
1731. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
1732. | Fixed in: 4.9.5
1733. | References:
1734. | - https://wpvulndb.com/vulnerabilities/9053
1735. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
1736. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1737. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
1738. |
1739. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
1740. | Fixed in: 4.9.5
1741. | References:
1742. | - https://wpvulndb.com/vulnerabilities/9054
1743. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
1744. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1745. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
1746. |
1747. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
1748. | Fixed in: 4.9.5
1749. | References:
1750. | - https://wpvulndb.com/vulnerabilities/9055
1751. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
1752. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
1753. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
1754. |
1755. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
1756. | Fixed in: 4.9.7
1757. | References:
1758. | - https://wpvulndb.com/vulnerabilities/9100
1759. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
1760. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
1761. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
1762. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
1763. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
1764. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
1765. |
1766. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
1767. | Fixed in: 4.9.9
1768. | References:
1769. | - https://wpvulndb.com/vulnerabilities/9169
1770. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
1771. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1772. |
1773. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
1774. | Fixed in: 4.9.9
1775. | References:
1776. | - https://wpvulndb.com/vulnerabilities/9170
1777. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
1778. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1779. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
1780. |
1781. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
1782. | Fixed in: 4.9.9
1783. | References:
1784. | - https://wpvulndb.com/vulnerabilities/9171
1785. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
1786. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1787. |
1788. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
1789. | Fixed in: 4.9.9
1790. | References:
1791. | - https://wpvulndb.com/vulnerabilities/9172
1792. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
1793. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1794. |
1795. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
1796. | Fixed in: 4.9.9
1797. | References:
1798. | - https://wpvulndb.com/vulnerabilities/9173
1799. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
1800. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1801. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
1802. |
1803. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
1804. | Fixed in: 4.9.9
1805. | References:
1806. | - https://wpvulndb.com/vulnerabilities/9174
1807. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
1808. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1809. |
1810. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
1811. | Fixed in: 4.9.9
1812. | References:
1813. | - https://wpvulndb.com/vulnerabilities/9175
1814. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
1815. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
1816. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
1817. |
1818. | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
1819. | Fixed in: 4.9.9
1820. | References:
1821. | - https://wpvulndb.com/vulnerabilities/9222
1822. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
1823. | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
1824. |
1825. | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
1826. | Fixed in: 4.9.10
1827. | References:
1828. | - https://wpvulndb.com/vulnerabilities/9230
1829. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
1830. | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
1831. | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
1832. | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
1833.  
1834. [+] WordPress theme in use: siteorigin-north
1835. | Location: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/
1836. | Last Updated: 2019-03-14T00:00:00.000Z
1837. | Readme: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/readme.txt
1838. | [!] The version is out of date, the latest version is 1.6.8
1839. | Style URL: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/style.css
1840. | Style Name: SiteOrigin North
1841. | Style URI: https://siteorigin.com/theme/north/
1842. | Description: Inspired by the elegant majesty and purity of the Swiss Alps and built with business owners in mind,...
1843. | Author: SiteOrigin
1844. | Author URI: https://siteorigin.com/
1845. |
1846. | Detected By: Urls In Homepage (Passive Detection)
1847. |
1848. | Version: 1.4.3 (80% confidence)
1849. | Detected By: Style (Passive Detection)
1850. | - https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/style.css, Match: 'Version: 1.4.3'
1851.  
1852. [+] Enumerating Users (via Passive and Aggressive Methods)
1853. Brute Forcing Author IDs - Time: 00:00:03 <============> (10 / 10) 100.00% Time: 00:00:03
1854.  
1855. [i] User(s) Identified:
1856.  
1857. [+] Webmaster
1858. | Detected By: Rss Generator (Passive Detection)
1859. | Confirmed By: Rss Generator (Aggressive Detection)
1860.  
1861. [+] mmarkendale
1862. | Detected By: Wp Json Api (Aggressive Detection)
1863. | - https://www.priestnall.stockport.sch.uk/wp-json/wp/v2/users/?per_page=100&page=1
1864. | Confirmed By:
1865. | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1866. | Login Error Messages (Aggressive Detection)
1867.  
1868. [+] mmason
1869. | Detected By: Wp Json Api (Aggressive Detection)
1870. | - https://www.priestnall.stockport.sch.uk/wp-json/wp/v2/users/?per_page=100&page=1
1871. | Confirmed By:
1872. | Oembed API - Author URL (Aggressive Detection)
1873. | - https://www.priestnall.stockport.sch.uk/wp-json/oembed/1.0/embed?url=https://www.priestnall.stockport.sch.uk/&format=json
1874. | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1875. | Login Error Messages (Aggressive Detection)
1876.  
1877. [+] gpearson
1878. | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
1879. | Confirmed By: Login Error Messages (Aggressive Detection)
1880.  
1881.  
1882. [+] Finished: Fri Apr 26 10:10:29 2019
1883. [+] Requests Done: 17
1884. [+] Cached Requests: 42
1885. [+] Data Sent: 3.925 KB
1886. [+] Data Received: 57.877 KB
1887. [+] Memory used: 99.422 MB
1888. [+] Elapsed time: 00:00:08
1889. #######################################################################################################################################
1890. [-] Date & Time: 26/04/2019 10:04:03
1891. [I] Threads: 5
1892. [-] Target: https://www.priestnall.stockport.sch.uk (212.121.220.45)
1893. [I] Server: Microsoft-IIS/8.5
1894. [I] X-Powered-By: PHP/5.6.31
1895. [L] X-Frame-Options: Not Enforced
1896. [I] Strict-Transport-Security: Not Enforced
1897. [I] X-Content-Security-Policy: Not Enforced
1898. [I] X-Content-Type-Options: Not Enforced
1899. [L] Robots.txt Found: https://www.priestnall.stockport.sch.uk/robots.txt
1900. [I] CMS Detection: WordPress
1901. [I] Wordpress Version: 4.9.4
1902. [M] EDB-ID: 46511 "WordPress Core 5.0 - Remote Code Execution"
1903. [M] EDB-ID: 46662 "WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)"
1904. [M] EDB-ID: 44949 "WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion"
1905. [I] Wordpress Theme: siteorigin-north
1906. [-] WordPress usernames identified:
1907. [M] Garry Pearson
1908. [M] Matt Markendale
1909. [M] Webmaster
1910. [M] gpearson
1911. [M] mmarkendale
1912. [M] mmason
1913. [M] XML-RPC services are enabled
1914. [M] Website vulnerable to XML-RPC Brute Force Vulnerability
1915. [I] Forgotten Password Allows Username Enumeration: https://www.priestnall.stockport.sch.uk/wp-login.php?action=lostpassword
1916. [I] Autocomplete Off Not Found: https://www.priestnall.stockport.sch.uk/wp-login.php
1917. [-] Default WordPress Files:
1918. [I] https://www.priestnall.stockport.sch.uk/license.txt
1919. [I] https://www.priestnall.stockport.sch.uk/readme.html
1920. [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentyfifteen/genericons/COPYING.txt
1921. [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentyfifteen/genericons/LICENSE.txt
1922. [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentyfifteen/readme.txt
1923. [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentyseventeen/README.txt
1924. [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentysixteen/genericons/COPYING.txt
1925. [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentysixteen/genericons/LICENSE.txt
1926. [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentysixteen/readme.txt
1927. [I] https://www.priestnall.stockport.sch.uk/wp-includes/ID3/license.commercial.txt
1928. [I] https://www.priestnall.stockport.sch.uk/wp-includes/ID3/license.txt
1929. [I] https://www.priestnall.stockport.sch.uk/wp-includes/ID3/readme.txt
1930. [I] https://www.priestnall.stockport.sch.uk/wp-includes/images/crystal/license.txt
1931. [I] https://www.priestnall.stockport.sch.uk/wp-includes/js/plupload/license.txt
1932. [I] https://www.priestnall.stockport.sch.uk/wp-includes/js/swfupload/license.txt
1933. [I] https://www.priestnall.stockport.sch.uk/wp-includes/js/tinymce/license.txt
1934. [-] Searching Wordpress Plugins ...
1935. [I] "+plugin+"
1936. [I] akismet v4.0.2
1937. [M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
1938. [M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
1939. [I] backwpup v3.4.4
1940. [M] EDB-ID: 35400 "WordPress Plugin BackWPup 1.4 - Multiple Information Disclosure Vulnerabilities"
1941. [I] content-views-query-and-display-post-page v1.9.9.6
1942. [I] cookie-notice v1.2.41
1943. [I] feed
1944. [M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
1945. [I] siteorigin-panels v2.6.2
1946. [I] so-widgets-bundle v1.11.4
1947. [I] tablepress v1.9.2
1948. [I] Checking for Directory Listing Enabled ...
1949. [-] Date & Time: 26/04/2019 10:11:26
1950. [-] Completed in: 0:07:23
1951. #######################################################################################################################################
1952. Anonymous JTSEC #OpAssange Full Recon #15