Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- =======================================================================================================================================
- Hostname www.priestnall.stockport.sch.uk ISP Jisc Services Limited
- Continent Europe Flag
- GB
- Country United Kingdom Country Code GB
- Region Stockport Local time 26 Apr 2019 15:00 BST
- City Stockport Postal Code SK2
- IP Address 212.121.220.45 Latitude 53.395
- Longitude -2.133
- =======================================================================================================================================
- #######################################################################################################################################
- > www.priestnall.stockport.sch.uk
- Server: 38.132.106.139
- Address: 38.132.106.139#53
- Non-authoritative answer:
- Name: www.priestnall.stockport.sch.uk
- Address: 212.121.220.45
- >
- #######################################################################################################################################
- HostIP:212.121.220.45
- HostName:www.priestnall.stockport.sch.uk
- Gathered Inet-whois information for 212.121.220.45
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 212.121.220.0 - 212.121.220.255
- netname: STOCKPORT-MBC
- descr: Stockport Metropolitan Borough Council
- country: GB
- admin-c: JN359-RIPE
- tech-c: JN359-RIPE
- status: ASSIGNED PA
- mnt-by: JANET-HOSTMASTER
- created: 2008-02-07T13:26:53Z
- last-modified: 2016-07-29T14:26:58Z
- source: RIPE
- role: JANET NOSC
- address: JANET(UK) Network Operations Centre
- address: Third floor
- address: 15 Fetter Lane
- address: London
- address: EC4A1BW
- address: United Kingdom
- phone: +44 (0)1235 822 212
- remarks: trouble: For operational queries please
- remarks: trouble: contact operations@ja.net or
- remarks: trouble: phone +44 (0)1235 822 212
- remarks: trouble: Mon-Fri, 07:00 - 23:59 UK local
- remarks: trouble: or +44 (0) 300 300 3312 all other
- remarks: trouble: times.
- admin-c: RS2585
- admin-c: RHE1-RIPE
- admin-c: JOEL-RIPE
- tech-c: RS2585
- tech-c: RHE1-RIPE
- tech-c: JOEL-RIPE
- nic-hdl: JN359-RIPE
- mnt-by: JIPS-NOSC
- created: 1970-01-01T00:00:00Z
- last-modified: 2019-04-25T12:12:17Z
- source: RIPE # Filtered
- % Information related to '212.121.192.0/19AS786'
- route: 212.121.192.0/19
- descr: Aggregate route for NWLG
- origin: AS786
- mnt-by: JIPS-NOSC
- created: 2009-05-18T19:26:23Z
- last-modified: 2016-09-13T11:20:57Z
- source: RIPE
- % This query was served by the RIPE Database Query Service version 1.93.2 (ANGUS)
- Gathered Inic-whois information for priestnall.stockport.sch.uk
- ---------------------------------------------------------------------------------------------------------------------------------------
- Gathered Netcraft information for www.priestnall.stockport.sch.uk
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for www.priestnall.stockport.sch.uk
- Netcraft.com Information gathered
- Gathered Subdomain information for priestnall.stockport.sch.uk
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 possible subdomain(s) for host priestnall.stockport.sch.uk, Searched 0 pages containing 0 results
- Gathered E-Mail information for priestnall.stockport.sch.uk
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host priestnall.stockport.sch.uk, Searched 0 pages containing 0 results
- Gathered TCP Port information for 212.121.220.45
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 80/tcp open
- Portscan Finished: Scanned 150 ports, 2 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: https://www.priestnall.stockport.sch.uk
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: Priestnall School
- [+] IP address: 212.121.220.45
- [+] Web Server: Microsoft-IIS/8.5
- [+] CMS: WordPress
- [+] Cloudflare: Not Detected
- [+] Robots File: Found
- -------------[ contents ]----------------
- User-agent: *
- Disallow: /
- -----------[end of contents]-------------
- W H O I S L O O K U P
- =======================================================================================================================================
- Domain name:
- priestnall.stockport.sch.uk
- Data validation:
- Nominet was able to match the registrant's name and address against a 3rd party data source on 10-Dec-2012
- Registrar:
- Stockport Metropolitan Borough Council [Tag = STOCKPORTMBC]
- URL: https://www.sseln.org.uk
- Relevant dates:
- Registered on: 19-Nov-1999
- Last updated: 01-Oct-2013
- Registration status:
- No registration status listed.
- Name servers:
- ns0.sseln.org.uk 212.121.220.246
- ns1.sseln.org.uk 212.121.220.247
- WHOIS lookup made at 15:43:47 26-Apr-2019
- --
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Connection: close
- [i] Content-Length: 49820
- [i] Date: Fri, 26 Apr 2019 14:43:50 GMT
- [i] Content-Type: text/html; charset=UTF-8
- [i] Server: Microsoft-IIS/8.5
- [i] X-Powered-By: PHP/5.6.31
- [i] Link: <https://www.priestnall.stockport.sch.uk/wp-json/>; rel="https://api.w.org/"
- [i] Link: <https://www.priestnall.stockport.sch.uk/>; rel=shortlink
- D N S L O O K U P
- =======================================================================================================================================
- priestnall.stockport.sch.uk. 299 IN SOA ns1.sseln.org.uk. hostmaster\@sseln.org.uk. 2009112741 10800 3600 604800 38400
- priestnall.stockport.sch.uk. 299 IN MX 20 cluster8a.eu.messagelabs.com.
- priestnall.stockport.sch.uk. 299 IN MX 10 cluster8.eu.messagelabs.com.
- priestnall.stockport.sch.uk. 299 IN NS ns0.sseln.org.uk.
- priestnall.stockport.sch.uk. 299 IN NS ns1.sseln.org.uk.
- priestnall.stockport.sch.uk. 299 IN TXT "MS=ms70385867"
- priestnall.stockport.sch.uk. 299 IN TXT "google-site-verification=ltvC58SDT1bMXNamG2le07v7AI7qDRRrqBqJaVLmETU"
- #######################################################################################################################################
- [?] Enter the target: example( http://domain.com )
- https://www.priestnall.stockport.sch.uk/
- [!] IP Address : 212.121.220.45
- [!] www.priestnall.stockport.sch.uk doesn't seem to use a CMS
- [+] Honeypot Probabilty: 0%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for www.priestnall.stockport.sch.uk
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/www.priestnall.stockport.sch.uk
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 1.98 seconds
- ---------------------------------------------------------------------------------------------------------------------------------------
- There was an error getting results
- [-] DNS Records
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- No emails found
- No hosts found
- [+] Virtual hosts:
- -----------------
- #######################################################################################################################################
- =======================================================================================================================================
- | E-mails:
- | [+] E-mail Found: m@tidakada.com
- | [+] E-mail Found: istory@priestnall.stockport.sch.uk
- | [+] E-mail Found: ociology@priestnall.stockport.sch.uk
- | [+] E-mail Found: eliefs@priestnall.stockport.sch.uk
- | [+] E-mail Found: usic@priestnall.stockport.sch.uk
- | [+] E-mail Found: cience@priestnall.stockport.sch.uk
- | [+] E-mail Found: edia@priestnall.stockport.sch.uk
- | [+] E-mail Found: exams@priestnall.stockport.sch.uk
- | [+] E-mail Found: rama@priestnall.stockport.sch.uk
- | [+] E-mail Found: echnology@priestnall.stockport.sch.uk
- | [+] E-mail Found: attendance@priestnall.stockport.sch.uk
- | [+] E-mail Found: headteacher@priestnall.stockport.sch.uk
- | [+] E-mail Found: omputing@priestnall.stockport.sch.uk
- | [+] E-mail Found: ffice@priestnall.stockport.sch.uk
- | [+] E-mail Found: eography@priestnall.stockport.sch.uk
- | [+] E-mail Found: upport@priestnall.stockport.sch.uk
- | [+] E-mail Found: office@priestnall.stockport.sch.uk
- | [+] E-mail Found: gareth.morewood@priestnall.stockport.sch.uk
- | [+] E-mail Found: rt@priestnall.stockport.sch.uk
- | [+] E-mail Found: aths@priestnall.stockport.sch.uk
- | [+] E-mail Found: nglish@priestnall.stockport.sch.uk
- =======================================================================================================================================
- | External hosts:
- | [+] External Host Found: https://www.gov.uk
- | [+] External Host Found: http://careerpoint-gm.co.uk
- | [+] External Host Found: https://developer.wordpress.org
- | [+] External Host Found: https://wordpress.org
- | [+] External Host Found: https://reports.beta.ofsted.gov.uk
- | [+] External Host Found: https://www.iassnetwork.org.uk
- | [+] External Host Found: https://www.icould.com
- | [+] External Host Found: https://www.showmyhomework.co.uk
- | [+] External Host Found: https://codex.wordpress.org
- | [+] External Host Found: https://secure.php.net
- | [+] External Host Found: https://www.careersbox.co.uk
- | [+] External Host Found: http://www.tacklemeningitis.org
- | [+] External Host Found: https://www.parentalguidance.org.uk
- | [+] External Host Found: http://www.sensupportstockport.uk
- | [+] External Host Found: http://www.readforgood.org
- | [+] External Host Found: https://nationalcareersservice.direct.gov.uk
- | [+] External Host Found: https://httpd.apache.org
- | [+] External Host Found: http://theapprenticeacademy.co.uk
- | [+] External Host Found: https://planet.wordpress.org
- | [+] External Host Found: https://www.ucas.ac.uk
- | [+] External Host Found: https://www.ucasprogress.com
- | [+] External Host Found: https://twitter.com
- | [+] External Host Found: http://www.careers-gateway.co.uk
- | [+] External Host Found: https://vle.priestnall.stockport.sch.uk
- | [+] External Host Found: https://www.prospects.ac.uk
- | [+] External Host Found: https://www.mysql.com
- | [+] External Host Found: https://www.parentpay.com
- | [+] External Host Found: https://www.saferinternet.org.uk
- | [+] External Host Found: http://gmpg.org
- | [+] External Host Found: https://www.compare-school-performance.service.gov.uk
- | [+] External Host Found: https://www.notgoingtouni.co.uk
- =======================================================================================================================================
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P4-3-Debian <<>> priestnall.stockport.sch.uk
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20396
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;priestnall.stockport.sch.uk. IN A
- ;; AUTHORITY SECTION:
- priestnall.stockport.sch.uk. 300 IN SOA ns1.sseln.org.uk. hostmaster\@sseln.org.uk. 2009112741 10800 3600 604800 38400
- ;; Query time: 240 msec
- ;; SERVER: 185.93.180.131#53(185.93.180.131)
- ;; WHEN: ven avr 26 12:08:05 EDT 2019
- ;; MSG SIZE rcvd: 123
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-P4-3-Debian <<>> +trace priestnall.stockport.sch.uk
- ;; global options: +cmd
- . 84647 IN NS m.root-servers.net.
- . 84647 IN NS k.root-servers.net.
- . 84647 IN NS d.root-servers.net.
- . 84647 IN NS g.root-servers.net.
- . 84647 IN NS i.root-servers.net.
- . 84647 IN NS c.root-servers.net.
- . 84647 IN NS j.root-servers.net.
- . 84647 IN NS b.root-servers.net.
- . 84647 IN NS e.root-servers.net.
- . 84647 IN NS f.root-servers.net.
- . 84647 IN NS h.root-servers.net.
- . 84647 IN NS a.root-servers.net.
- . 84647 IN NS l.root-servers.net.
- . 84647 IN RRSIG NS 8 0 518400 20190509050000 20190426040000 25266 . eFpb+bFjhQ6eCBbLG7VqpTg4XVf0nUJeIKyAEwcA1CzX/SwZiSrQWwI6 +hRNtyxmjOMR5RB2DX6HB/rUMqlptaz6zCzHtwo5bBXfcnkOlSqrR68F nj9Dy97rtrVvu6jvxIuuwecRNkLcPF9CR5bgR3MDbQrH73cSd+2GD/6E EAsaiq2FvxOza9ic7Tbdc4ofAGfcNWd9mOEgWvQWlAjBqe+QoccbIcQV hrEmS/01ZJZWFT7txaDybwy+bjGqZlXkzoRxP9fWbSp6SeL1VwUK2vT9 VJO03p+Zxz/BAa15GGr9El+q8E98rJH23D3JPWyYB1hYxsJDwvPV+NkM N+yF9Q==
- ;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 230 ms
- uk. 172800 IN NS nsc.nic.uk.
- uk. 172800 IN NS dns3.nic.uk.
- uk. 172800 IN NS nsd.nic.uk.
- uk. 172800 IN NS dns1.nic.uk.
- uk. 172800 IN NS nsb.nic.uk.
- uk. 172800 IN NS dns4.nic.uk.
- uk. 172800 IN NS nsa.nic.uk.
- uk. 172800 IN NS dns2.nic.uk.
- uk. 86400 IN DS 43876 8 2 A107ED2AC1BD14D924173BC7E827A1153582072394F9272BA37E2353 BC659603
- uk. 86400 IN RRSIG DS 8 1 86400 20190509050000 20190426040000 25266 . BZYP4N58TaEL58lCr3xXxG7CcMloeuLy1t3AKgh+VHd/U67XK589PId3 8QCtJUJiuPxU7h1jbMw7hX19W+DHIhYt5dQXe6pRZYfJj0kDEAAB25l1 RfaocLu74WfXcOPIDAJBMc5OmZ5cQVZzzJNFxv2u76Cq1TfZdd3zBKsJ bIaf6Sito30WBTBr7GjjoiG/sZoG7ZkqjNiPIKvkmtXGxRMlt9FMVbg6 KoQ3P8LzdZ/IEoOrq0ODK9V2+xFUBz9ZfERv6xz9FSZWS54Bc7KCBViR rVZPsUDiTWvNnQH3oeQFPS8M3aa9risZAyrDgNk5bWnn3v38U0n8SIhH nIS4gA==
- ;; Received 811 bytes from 2001:7fd::1#53(k.root-servers.net) in 69 ms
- priestnall.stockport.sch.uk. 172800 IN NS ns0.sseln.org.uk.
- priestnall.stockport.sch.uk. 172800 IN NS ns1.sseln.org.uk.
- fubp2bvtsi1mrvmsv9angv1t1m5qbnk4.sch.uk. 10800 IN NSEC3 1 1 0 - G6ARBN6BN35BH93UCIQT7O2SMTNQ421K
- fubp2bvtsi1mrvmsv9angv1t1m5qbnk4.sch.uk. 10800 IN RRSIG NSEC3 8 3 10800 20190525103708 20190420102139 10434 sch.uk. MZGxJyZvz6g6xyLLalppHoJSntPiUpVKMhcLV75YZamLAq1b3Y8ux/dV Q511eHbqha1x6ZXcH7NkuTqZ5+RsgSf14m69TOcNP30HB4z96Qu3dUtf NmcBUXtTMCMiZlZm+30oODRz8SWxZ+fhZeIhC1AhkzhkvKjCrDfJE5xN Q2E=
- sk631j3cbp52d6p5ddn2fha95gl3gl4g.sch.uk. 10800 IN NSEC3 1 1 0 - SKRFJDJN1IMK6CGCN9OHEQRJAI06NBJ8
- sk631j3cbp52d6p5ddn2fha95gl3gl4g.sch.uk. 10800 IN RRSIG NSEC3 8 3 10800 20190525183250 20190420182939 10434 sch.uk. FW1t3GncH2hPMtI5xVlgxGUhMK581xHyl+0xO/O7lhMpBBUg23HIwCGj afJB97pgHhSU5qyqNvDqYN8RpCJpfnvPB9Jz04U+iDLB8ckNInHHhlUF 309IK8NhjEf665bmgqFJqh80azkr9O3gh+Wg+l8R0+mXDBMsKnKCyxG1 /Yg=
- ;; Received 576 bytes from 2a01:618:404::1#53(dns3.nic.uk) in 115 ms
- priestnall.stockport.sch.uk. 300 IN SOA ns1.sseln.org.uk. hostmaster\@sseln.org.uk. 2009112741 10800 3600 604800 38400
- ;; Received 123 bytes from 212.121.220.246#53(ns0.sseln.org.uk) in 235 ms
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: priestnall.stockport.sch.uk
- [-] DNSSEC is not configured for priestnall.stockport.sch.uk
- [*] SOA ns1.sseln.org.uk 212.121.220.247
- [*] NS ns1.sseln.org.uk 212.121.220.247
- [*] Bind Version for 212.121.220.247 -
- [*] NS ns0.sseln.org.uk 212.121.220.246
- [*] Bind Version for 212.121.220.246 -
- [*] MX cluster8a.eu.messagelabs.com 52.59.133.150
- [*] MX cluster8a.eu.messagelabs.com 52.28.91.133
- [*] MX cluster8a.eu.messagelabs.com 18.194.106.207
- [*] MX cluster8.eu.messagelabs.com 46.226.52.98
- [*] MX cluster8.eu.messagelabs.com 85.158.142.194
- [*] MX cluster8.eu.messagelabs.com 46.226.52.200
- [*] MX cluster8.eu.messagelabs.com 46.226.53.50
- [*] MX cluster8.eu.messagelabs.com 85.158.142.201
- [*] MX cluster8.eu.messagelabs.com 46.226.53.56
- [*] MX cluster8.eu.messagelabs.com 46.226.52.194
- [*] MX cluster8.eu.messagelabs.com 85.158.142.104
- [*] MX cluster8.eu.messagelabs.com 46.226.52.104
- [*] MX cluster8.eu.messagelabs.com 85.158.142.98
- [*] TXT priestnall.stockport.sch.uk MS=ms70385867
- [*] TXT priestnall.stockport.sch.uk google-site-verification=ltvC58SDT1bMXNamG2le07v7AI7qDRRrqBqJaVLmETU
- [*] Enumerating SRV Records
- [-] No SRV Records Found for priestnall.stockport.sch.uk
- [+] 0 Records Found
- #######################################################################################################################################
- ocessing domain priestnall.stockport.sch.uk
- [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
- [+] Getting nameservers
- 212.121.220.247 - ns1.sseln.org.uk
- 212.121.220.246 - ns0.sseln.org.uk
- [-] Zone transfer failed
- [+] TXT records found
- "MS=ms70385867"
- "google-site-verification=ltvC58SDT1bMXNamG2le07v7AI7qDRRrqBqJaVLmETU"
- [+] MX records found, added to target list
- 20 cluster8a.eu.messagelabs.com.
- 10 cluster8.eu.messagelabs.com.
- [*] Scanning priestnall.stockport.sch.uk for A records
- 212.121.220.45 - beta.priestnall.stockport.sch.uk
- 212.121.220.45 - mail.priestnall.stockport.sch.uk
- 212.121.220.45 - remote.priestnall.stockport.sch.uk
- 212.121.220.45 - vle.priestnall.stockport.sch.uk
- 212.121.220.45 - www.priestnall.stockport.sch.uk
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------- ------ ---- ----------- ------
- 212.121.220.45 302 host beta.priestnall.stockport.sch.uk
- 212.121.220.45 302 host mail.priestnall.stockport.sch.uk
- 212.121.220.45 302 host remote.priestnall.stockport.sch.uk
- 212.121.220.45 302 host www.priestnall.stockport.sch.uk
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- www.priestnall.stockport.sch.uk -----
- Host's addresses:
- __________________
- www.priestnall.stockport.sch.uk. 299 IN A 212.121.220.45
- Name Servers:
- ______________
- #######################################################################################################################################
- ===============================================
- -=Subfinder v1.1.3 github.com/subfinder/subfinder
- ===============================================
- Running Source: Ask
- Running Source: Archive.is
- Running Source: Baidu
- Running Source: Bing
- Running Source: CertDB
- Running Source: CertificateTransparency
- Running Source: Certspotter
- Running Source: Commoncrawl
- Running Source: Crt.sh
- Running Source: Dnsdb
- Running Source: DNSDumpster
- Running Source: DNSTable
- Running Source: Dogpile
- Running Source: Exalead
- Running Source: Findsubdomains
- Running Source: Googleter
- Running Source: Hackertarget
- Running Source: Ipv4Info
- Running Source: PTRArchive
- Running Source: Sitedossier
- Running Source: Threatcrowd
- Running Source: ThreatMiner
- Running Source: WaybackArchive
- Running Source: Yahoo
- Running enumeration on www.priestnall.stockport.sch.uk
- dnsdb: Unexpected return status 503
- waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.www.priestnall.stockport.sch.uk/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
- dogpile: Get https://www.dogpile.com/search/web?q=www.priestnall.stockport.sch.uk&qsi=1: EOF
- Starting Bruteforcing of www.priestnall.stockport.sch.uk with 9985 words
- Total 1 Unique subdomains found for www.priestnall.stockport.sch.uk
- .www.priestnall.stockport.sch.uk
- #######################################################################################################################################
- [*] Processing domain www.priestnall.stockport.sch.uk
- [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
- [+] Getting nameservers
- [-] Getting nameservers failed
- [-] Zone transfer failed
- [*] Scanning www.priestnall.stockport.sch.uk for A records
- 212.121.220.45 - www.priestnall.stockport.sch.uk
- #######################################################################################################################################
- [+] www.priestnall.stockport.sch.uk has no SPF record!
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for www.priestnall.stockport.sch.uk!
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:13 EDT
- Nmap scan report for www.priestnall.stockport.sch.uk (212.121.220.45)
- Host is up (0.30s latency).
- Not shown: 471 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- 443/tcp open https
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:14 EDT
- Nmap scan report for www.priestnall.stockport.sch.uk (212.121.220.45)
- Host is up (0.20s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- http://www.priestnall.stockport.sch.uk [302 Found] Country[UNITED KINGDOM][GB], IP[212.121.220.45], RedirectLocation[https://www.priestnall.stockport.sch.uk/]
- https://www.priestnall.stockport.sch.uk/ [200 OK] Country[UNITED KINGDOM][GB], HTML5, HTTPServer[Microsoft-IIS/8.5], IP[212.121.220.45], JQuery[1.12.4], MetaGenerator[WordPress 4.9.4], Microsoft-IIS[8.5], PHP[5.6.31], Script[text/javascript], Title[Priestnall School], UncommonHeaders[link], WordPress[4.9.4], X-Powered-By[PHP/5.6.31]
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning https://www.priestnall.stockport.sch.uk...
- ____________________________________ SITE INFO ____________________________________
- IP Title
- 212.121.220.45 Priestnall School
- _____________________________________ VERSION _____________________________________
- Name Versions Type
- WordPress 4.9.4 CMS
- IIS 8.5 Platform
- PHP 5.6.31 Platform
- Microsoft Windows Server 2012 R2 OS
- ___________________________________ INTERESTING ___________________________________
- URL Note Type
- /wp-login.php Wordpress login page Interesting
- /readme.html Readme file Interesting
- /robots.txt robots.txt index Interesting
- /login/ Login Page Interesting
- ______________________________________ TOOLS ______________________________________
- Name Link Software
- wpscan https://github.com/wpscanteam/wpscan WordPress
- CMSmap https://github.com/Dionach/CMSmap WordPress
- ___________________________________________________________________________________
- Time: 249.3 sec Urls: 265 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 302 Object Moved
- Date: Fri, 26 Apr 2019 15:20:58 GMT
- Connection: Keep-Alive
- Content-Length: 0
- Location: https://www.priestnall.stockport.sch.uk/
- HTTP/1.1 302 Object Moved
- Date: Fri, 26 Apr 2019 15:20:59 GMT
- Connection: Keep-Alive
- Content-Length: 0
- Location: https://www.priestnall.stockport.sch.uk/
- HTTP/1.1 200 OK
- Connection: Keep-Alive
- Content-Length: 0
- Date: Fri, 26 Apr 2019 15:21:04 GMT
- Content-Type: text/html; charset=UTF-8
- Server: Microsoft-IIS/8.5
- X-Powered-By: PHP/5.6.31
- Link: <https://www.priestnall.stockport.sch.uk/wp-json/>; rel="https://api.w.org/"
- Link: <https://www.priestnall.stockport.sch.uk/>; rel=shortlink
- #######################################################################################################################################
- IIS 8.5
- jQuery Migrate
- WordPress 4.9.4
- jQuery 1.12.4
- PHP 5.6.31
- Google Font API
- WordPress
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning https://www.priestnall.stockport.sch.uk...
- ____________________________________ SITE INFO ____________________________________
- IP Title
- 212.121.220.45 Priestnall School
- _____________________________________ VERSION _____________________________________
- Name Versions Type
- WordPress 4.9.4 CMS
- IIS 8.5 Platform
- PHP 5.6.31 Platform
- Microsoft Windows Server 2012 R2 OS
- ___________________________________ INTERESTING ___________________________________
- URL Note Type
- /wp-login.php Wordpress login page Interesting
- /robots.txt robots.txt index Interesting
- /readme.html Readme file Interesting
- /login/ Login Page Interesting
- ______________________________________ TOOLS ______________________________________
- Name Link Software
- wpscan https://github.com/wpscanteam/wpscan WordPress
- CMSmap https://github.com/Dionach/CMSmap WordPress
- ___________________________________________________________________________________
- Time: 1.3 sec Urls: 265 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Connection: Keep-Alive
- Content-Length: 0
- Date: Fri, 26 Apr 2019 15:24:29 GMT
- Content-Type: text/html; charset=UTF-8
- Server: Microsoft-IIS/8.5
- X-Powered-By: PHP/5.6.31
- Link: <https://www.priestnall.stockport.sch.uk/wp-json/>; rel="https://api.w.org/"
- Link: <https://www.priestnall.stockport.sch.uk/>; rel=shortlink
- HTTP/1.1 200 OK
- Connection: Keep-Alive
- Content-Length: 0
- Date: Fri, 26 Apr 2019 15:24:34 GMT
- Content-Type: text/html; charset=UTF-8
- Server: Microsoft-IIS/8.5
- X-Powered-By: PHP/5.6.31
- Link: <https://www.priestnall.stockport.sch.uk/wp-json/>; rel="https://api.w.org/"
- Link: <https://www.priestnall.stockport.sch.uk/>; rel=shortlink
- #######################################################################################################################################
- IIS 8.5
- jQuery Migrate
- WordPress 4.9.4
- jQuery 1.12.4
- Google Font API
- PHP 5.6.31
- WordPress
- #######################################################################################################################################
- Version: 1.11.13-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 212.121.220.45
- Testing SSL server www.priestnall.stockport.sch.uk on port 443 using SNI name www.priestnall.stockport.sch.uk
- TLS Fallback SCSV:
- Server does not support TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 112 bits DES-CBC3-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 112 bits DES-CBC3-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 112 bits DES-CBC3-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: *.priestnall.stockport.sch.uk
- Altnames: DNS:*.priestnall.stockport.sch.uk, DNS:priestnall.stockport.sch.uk
- Issuer: Go Daddy Secure Certificate Authority - G2
- Not valid before: Jun 21 08:34:17 2018 GMT
- Not valid after: Jun 21 07:27:38 2020 GMT
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:34 EDT
- Nmap scan report for 212.121.220.45
- Host is up (0.30s latency).
- Not shown: 471 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- 443/tcp open https
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:34 EDT
- Nmap scan report for 212.121.220.45
- Host is up (0.23s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:34 EDT
- Nmap scan report for 212.121.220.45
- Host is up.
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 233.11 ms 10.245.200.1
- 2 234.49 ms 213.184.122.97
- 3 288.19 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
- 4 322.13 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
- 5 288.40 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
- 6 288.82 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
- 7 325.00 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
- 8 326.20 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
- 9 336.23 ms et-0-0-59.cr10-lon2.ip4.gtt.net (89.149.141.237)
- 10 336.28 ms ip4.gtt.net (46.33.78.86)
- 11 315.03 ms ae24.londhx-sbr1.ja.net (146.97.35.197)
- 12 315.19 ms ae29.londpg-sbr2.ja.net (146.97.33.2)
- 13 319.67 ms ae31.erdiss-sbr2.ja.net (146.97.33.22)
- 14 324.20 ms ae29.manckh-sbr2.ja.net (146.97.33.42)
- 15 324.17 ms ae23.mancrh-rbr1.ja.net (146.97.38.42)
- 16 327.83 ms stockport-mbc-stpfd2.ja.net (146.97.169.66)
- 17 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:36 EDT
- Nmap scan report for 212.121.220.45
- Host is up.
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 184.36 ms 10.245.200.1
- 2 185.53 ms 213.184.122.97
- 3 203.17 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
- 4 258.23 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
- 5 203.62 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
- 6 203.66 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
- 7 260.05 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
- 8 261.48 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
- 9 273.02 ms et-0-0-59.cr10-lon2.ip4.gtt.net (89.149.141.237)
- 10 273.11 ms ip4.gtt.net (46.33.78.86)
- 11 318.82 ms ae24.londhx-sbr1.ja.net (146.97.35.197)
- 12 319.64 ms ae29.londpg-sbr2.ja.net (146.97.33.2)
- 13 322.53 ms ae31.erdiss-sbr2.ja.net (146.97.33.22)
- 14 324.50 ms ae29.manckh-sbr2.ja.net (146.97.33.42)
- 15 324.53 ms ae23.mancrh-rbr1.ja.net (146.97.38.42)
- 16 317.50 ms stockport-mbc-stpfd2.ja.net (146.97.169.66)
- 17 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:38 EDT
- Nmap scan report for 212.121.220.45
- Host is up.
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 211.48 ms 10.245.200.1
- 2 212.82 ms 213.184.122.97
- 3 262.60 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
- 4 296.51 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
- 5 262.59 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
- 6 262.57 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
- 7 299.31 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
- 8 301.17 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
- 9 308.43 ms et-0-0-59.cr10-lon2.ip4.gtt.net (89.149.141.237)
- 10 308.43 ms ip4.gtt.net (46.33.78.86)
- 11 296.00 ms ae24.londhx-sbr1.ja.net (146.97.35.197)
- 12 296.06 ms ae29.londpg-sbr2.ja.net (146.97.33.2)
- 13 300.85 ms ae31.erdiss-sbr2.ja.net (146.97.33.22)
- 14 300.46 ms ae29.manckh-sbr2.ja.net (146.97.33.42)
- 15 300.43 ms ae23.mancrh-rbr1.ja.net (146.97.38.42)
- 16 296.15 ms stockport-mbc-stpfd2.ja.net (146.97.169.66)
- 17 ... 30
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://212.121.220.45...
- _____________________ SITE INFO ______________________
- IP Title
- 212.121.220.45
- ______________________ VERSION _______________________
- Name Versions Type
- ____________________ INTERESTING _____________________
- URL Note Type
- /readme.html Readme file Interesting
- /install.php Installation file Interesting
- /test.php Test file Interesting
- ______________________________________________________
- Time: 98.8 sec Urls: 599 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 403 Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. )
- Connection: close
- Pragma: no-cache
- Cache-Control: no-cache
- Content-Type: text/html
- Content-Length: 2040
- HTTP/1.1 403 Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. )
- Connection: close
- Pragma: no-cache
- Cache-Control: no-cache
- Content-Type: text/html
- Content-Length: 2040
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:42 EDT
- Nmap scan report for 212.121.220.45
- Host is up.
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 221.90 ms 10.245.200.1
- 2 223.70 ms 213.184.122.97
- 3 274.16 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
- 4 328.35 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
- 5 274.53 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
- 6 274.55 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
- 7 330.75 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
- 8 331.57 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
- 9 336.36 ms et-0-0-59.cr10-lon2.ip4.gtt.net (89.149.141.237)
- 10 336.39 ms ip4.gtt.net (46.33.78.86)
- 11 317.67 ms ae24.londhx-sbr1.ja.net (146.97.35.197)
- 12 321.56 ms ae29.londpg-sbr2.ja.net (146.97.33.2)
- 13 326.21 ms ae31.erdiss-sbr2.ja.net (146.97.33.22)
- 14 328.77 ms ae29.manckh-sbr2.ja.net (146.97.33.42)
- 15 328.79 ms ae23.mancrh-rbr1.ja.net (146.97.38.42)
- 16 337.84 ms stockport-mbc-stpfd2.ja.net (146.97.169.66)
- 17 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:45 EDT
- Nmap scan report for 212.121.220.45
- Host is up (0.34s latency).
- PORT STATE SERVICE VERSION
- 161/tcp filtered snmp
- 161/udp open|filtered snmp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 168.62 ms 10.245.200.1
- 2 169.74 ms 213.184.122.97
- 3 168.67 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
- 4 219.79 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
- 5 182.22 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
- 6 169.41 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
- 7 223.35 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
- 8 226.43 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
- 9 236.28 ms et-0-0-59.cr10-lon2.ip4.gtt.net (89.149.141.237)
- 10 236.28 ms ip4.gtt.net (46.33.78.86)
- 11 235.04 ms ae24.londhx-sbr1.ja.net (146.97.35.197)
- 12 235.39 ms ae29.londpg-sbr2.ja.net (146.97.33.2)
- 13 239.16 ms ae31.erdiss-sbr2.ja.net (146.97.33.22)
- 14 241.54 ms ae29.manckh-sbr2.ja.net (146.97.33.42)
- 15 241.11 ms ae23.mancrh-rbr1.ja.net (146.97.38.42)
- 16 241.09 ms stockport-mbc-stpfd2.ja.net (146.97.169.66)
- 17 ... 30
- #######################################################################################################################################
- Version: 1.11.13-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 212.121.220.45
- Testing SSL server 212.121.220.45 on port 443 using SNI name 212.121.220.45
- TLS Fallback SCSV:
- Server does not support TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 112 bits DES-CBC3-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 112 bits DES-CBC3-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 112 bits DES-CBC3-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: *.priestnall.stockport.sch.uk
- Altnames: DNS:*.priestnall.stockport.sch.uk, DNS:priestnall.stockport.sch.uk
- Issuer: Go Daddy Secure Certificate Authority - G2
- Not valid before: Jun 21 08:34:17 2018 GMT
- Not valid after: Jun 21 07:27:38 2020 GMT
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:50 EDT
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 11:50
- Completed NSE at 11:50, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 11:50
- Completed NSE at 11:50, 0.00s elapsed
- Initiating Ping Scan at 11:50
- Scanning 212.121.220.45 [4 ports]
- Completed Ping Scan at 11:50, 0.33s elapsed (1 total hosts)
- Initiating Parallel DNS resolution of 1 host. at 11:50
- Completed Parallel DNS resolution of 1 host. at 11:50, 0.03s elapsed
- Initiating Connect Scan at 11:50
- Scanning 212.121.220.45 [65535 ports]
- Discovered open port 443/tcp on 212.121.220.45
- Discovered open port 80/tcp on 212.121.220.45
- Connect Scan Timing: About 5.46% done; ETC: 12:00 (0:08:57 remaining)
- Connect Scan Timing: About 17.86% done; ETC: 11:56 (0:04:41 remaining)
- Connect Scan Timing: About 33.93% done; ETC: 11:55 (0:02:57 remaining)
- Connect Scan Timing: About 53.39% done; ETC: 11:54 (0:01:46 remaining)
- Connect Scan Timing: About 75.47% done; ETC: 11:54 (0:00:49 remaining)
- Completed Connect Scan at 11:53, 181.67s elapsed (65535 total ports)
- Initiating Service scan at 11:53
- Scanning 2 services on 212.121.220.45
- Completed Service scan at 11:54, 5.00s elapsed (2 services on 1 host)
- Initiating OS detection (try #1) against 212.121.220.45
- Initiating Traceroute at 11:54
- Completed Traceroute at 11:54, 6.29s elapsed
- Initiating Parallel DNS resolution of 16 hosts. at 11:54
- Completed Parallel DNS resolution of 16 hosts. at 11:54, 11.51s elapsed
- NSE: Script scanning 212.121.220.45.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 11:54
- NSE Timing: About 97.13% done; ETC: 11:54 (0:00:01 remaining)
- NSE Timing: About 99.28% done; ETC: 11:55 (0:00:00 remaining)
- Completed NSE at 11:55, 78.54s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 11:55
- Completed NSE at 11:55, 0.00s elapsed
- Nmap scan report for 212.121.220.45
- Host is up, received syn-ack ttl 116 (0.19s latency).
- Scanned at 2019-04-26 11:50:57 EDT for 286s
- Not shown: 65530 filtered ports
- Reason: 65530 no-responses
- PORT STATE SERVICE REASON VERSION
- 25/tcp closed smtp conn-refused
- 80/tcp open tcpwrapped syn-ack
- |_http-title: The page cannot be displayed
- 139/tcp closed netbios-ssn conn-refused
- 443/tcp open tcpwrapped syn-ack
- | ssl-cert: Subject: commonName=*.priestnall.stockport.sch.uk/organizationalUnitName=Domain Control Validated
- | Subject Alternative Name: DNS:*.priestnall.stockport.sch.uk, DNS:priestnall.stockport.sch.uk
- | Issuer: commonName=Go Daddy Secure Certificate Authority - G2/organizationName=GoDaddy.com, Inc./stateOrProvinceName=Arizona/countryName=US/organizationalUnitName=http://certs.godaddy.com/repository//localityName=Scottsdale
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2018-06-21T08:34:17
- | Not valid after: 2020-06-21T07:27:38
- | MD5: 0fac e613 1c64 fe39 5e6f 0bdd 84e9 8259
- | SHA-1: 0475 a948 b5a4 4af0 9054 5664 765c ccef 5950 8955
- | -----BEGIN CERTIFICATE-----
- | MIIG4DCCBcigAwIBAgIJAIYL0KwDWlrLMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
- | VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
- | MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
- | cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
- | dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTE4MDYyMTA4MzQxN1oX
- | DTIwMDYyMTA3MjczOFowSzEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRh
- | dGVkMSYwJAYDVQQDDB0qLnByaWVzdG5hbGwuc3RvY2twb3J0LnNjaC51azCCASIw
- | DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOaYlYLVZaAO3KLXF4ot09RPEAoq
- | tM/mGTAzT2ZKsLaycSR1oSZJK3D7WKDmhzgNQ9g3e/zDFVGLCbyyRzPp1H+Tm6qV
- | gdRD01/w/YgxCQxMBsRnMxgAOEC8ZVuIc14Z3cEaRzdM4ZAfAAAJLuaFOsCJWCqK
- | yfuj7diRBaQZ5+DXdXhZpVZ6M654/N3A35D/qI66V7opTAl7X0eEojwm+Uodbbtf
- | Se1/zqmgMw1OawGDU3nP4d328arCOZGPGmXBUNvYoPRxZ2eFakwTcd2rqUygtlLA
- | xGT5TfY2YXO/Ou68PbyJw71qVW5e6PbtOlZBfZMNF+dL7aDzxQjfRwFUSxUCAwEA
- | AaOCA1swggNXMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
- | AQUFBwMCMA4GA1UdDwEB/wQEAwIFoDA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8v
- | Y3JsLmdvZGFkZHkuY29tL2dkaWcyczEtODQwLmNybDBdBgNVHSAEVjBUMEgGC2CG
- | SAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29k
- | YWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAk
- | BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAC
- | hjRodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2Rp
- | ZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMEUGA1UdEQQ+
- | MDyCHSoucHJpZXN0bmFsbC5zdG9ja3BvcnQuc2NoLnVrghtwcmllc3RuYWxsLnN0
- | b2NrcG9ydC5zY2gudWswHQYDVR0OBBYEFLXnKZ6cqRyMPIZj+6NP3SG/K1YbMIIB
- | fwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb
- | 37jjd80OyA3cEAAAAWQhe5rZAAAEAwBHMEUCIEack7Jg+60EJbu5bTHt5byFCv80
- | kxOzV2Y+F5aYkHOXAiEAnimDssK2keGGrZ/GPx4QdJdsZsd01WlLGnzJNLs0yP8A
- | dgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWQhe59FAAAEAwBH
- | MEUCIHtLiKxw+eSR5eOpkSINoXl4J8YUKl3vIZFsjowihRenAiEAlxzttD2vgtvV
- | u3chtIuHoYW/k666Kw5Fo2bSMB2T1NMAdwBep3P531bA57U2SH3QSeAyepGaDISh
- | EhKEGHWWgXFFWAAAAWQhe6CSAAAEAwBIMEYCIQC2rLk+7F8rjorbcyQ1wWNpMKYW
- | UYxNc314YliehI27YQIhAL1/n0K5CGKzdLuHprZN+vuQol6pU88/mFSFPewFd9w3
- | MA0GCSqGSIb3DQEBCwUAA4IBAQASAdmd4GSg5UITgS8sdkgbMIKsE5c0f3f7BPo5
- | bTpCQQHcia9bz2dz0Xt1kirc4xvTQNeHCrugDvaMLd8HSswvoI6+FRdec6HHjnLe
- | 1exKzhfJR92Y2NLr0he1JyGnFqVE+ITFMUcX701ZnvV3pyYn8RlvcaxQDaBKVauu
- | IMTQI7XUR0zUYqjdsKQOtfGNkXJM09fEteYXOPuo5vnEDY40F9d72Imeivrt0RX9
- | wDjJgVsUGwODy8NivXvQMq61xHf7Cp9HwVw9JkzRQ7dbN+X4is72Yw+xI6Pc9+kM
- | vs0WyzlKNYGRzdmsLzaLdXqOrKX3aY5+NVZR5pBNDVnwsCV0
- |_-----END CERTIFICATE-----
- 445/tcp closed microsoft-ds conn-refused
- Device type: WAP
- Running: Linux 2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.6.22
- OS details: Tomato firmware (Linux 2.6.22)
- TCP/IP fingerprint:
- OS:SCAN(V=7.70%E=4%D=4/26%OT=443%CT=25%CU=%PV=N%G=N%TM=5CC329FF%P=x86_64-pc
- OS:-linux-gnu)SEQ(CI=Z)ECN(R=N)T1(R=N)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%TG=4
- OS:0%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0
- OS:%Q=)T7(R=N)U1(R=N)IE(R=N)
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 199.90 ms 10.245.200.1
- 2 201.09 ms 213.184.122.97
- 3 212.50 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
- 4 265.20 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
- 5 212.53 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
- 6 212.53 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
- 7 266.24 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
- 8 267.00 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
- 9 276.42 ms et-0-0-59.cr10-lon2.ip4.gtt.net (89.149.141.237)
- 10 275.17 ms ip4.gtt.net (46.33.78.86)
- 11 252.66 ms ae24.londhx-sbr1.ja.net (146.97.35.197)
- 12 253.19 ms ae29.londpg-sbr2.ja.net (146.97.33.2)
- 13 256.27 ms ae31.erdiss-sbr2.ja.net (146.97.33.22)
- 14 259.86 ms ae29.manckh-sbr2.ja.net (146.97.33.42)
- 15 259.81 ms ae23.mancrh-rbr1.ja.net (146.97.38.42)
- 16 252.30 ms stockport-mbc-stpfd2.ja.net (146.97.169.66)
- 17 ... 30
- NSE: Script Post-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 11:55
- Completed NSE at 11:55, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 11:55
- Completed NSE at 11:55, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 286.84 seconds
- Raw packets sent: 130 (7.680KB) | Rcvd: 38 (3.774KB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-26 11:55 EDT
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 11:55
- Completed NSE at 11:55, 0.00s elapsed
- Initiating NSE at 11:55
- Completed NSE at 11:55, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 11:55
- Completed Parallel DNS resolution of 1 host. at 11:55, 0.12s elapsed
- Initiating UDP Scan at 11:55
- Scanning 212.121.220.45 [14 ports]
- Completed UDP Scan at 11:55, 2.85s elapsed (14 total ports)
- Initiating Service scan at 11:55
- Scanning 12 services on 212.121.220.45
- Service scan Timing: About 8.33% done; ETC: 12:15 (0:17:47 remaining)
- Completed Service scan at 11:57, 102.58s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against 212.121.220.45
- Retrying OS detection (try #2) against 212.121.220.45
- Initiating Traceroute at 11:57
- Completed Traceroute at 11:57, 7.23s elapsed
- Initiating Parallel DNS resolution of 1 host. at 11:57
- Completed Parallel DNS resolution of 1 host. at 11:57, 0.00s elapsed
- NSE: Script scanning 212.121.220.45.
- Initiating NSE at 11:57
- Completed NSE at 11:58, 20.32s elapsed
- Initiating NSE at 11:58
- Completed NSE at 11:58, 1.56s elapsed
- Nmap scan report for 212.121.220.45
- Host is up (0.20s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 137/udp)
- HOP RTT ADDRESS
- 1 ...
- 2 168.32 ms 10.245.200.1
- 3 ...
- 4 168.65 ms 10.245.200.1
- 5 170.14 ms 10.245.200.1
- 6 170.13 ms 10.245.200.1
- 7 170.12 ms 10.245.200.1
- 8 170.11 ms 10.245.200.1
- 9 170.10 ms 10.245.200.1
- 10 170.11 ms 10.245.200.1
- 11 ... 18
- 19 168.43 ms 10.245.200.1
- 20 186.92 ms 10.245.200.1
- 21 ... 27
- 28 170.08 ms 10.245.200.1
- 29 ...
- 30 169.43 ms 10.245.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 11:58
- Completed NSE at 11:58, 0.00s elapsed
- Initiating NSE at 11:58
- Completed NSE at 11:58, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 142.04 seconds
- Raw packets sent: 147 (13.614KB) | Rcvd: 443 (187.266KB)
- #######################################################################################################################################
- [+] URL: https://www.priestnall.stockport.sch.uk/
- [+] Started: Fri Apr 26 10:03:57 2019
- Interesting Finding(s):
- [+] https://www.priestnall.stockport.sch.uk/
- | Interesting Entries:
- | - Server: Microsoft-IIS/8.5
- | - X-Powered-By: PHP/5.6.31
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [+] https://www.priestnall.stockport.sch.uk/robots.txt
- | Found By: Robots Txt (Aggressive Detection)
- | Confidence: 100%
- [+] https://www.priestnall.stockport.sch.uk/xmlrpc.php
- | Found By: Link Tag (Passive Detection)
- | Confidence: 100%
- | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] https://www.priestnall.stockport.sch.uk/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] This site has 'Must Use Plugins': https://www.priestnall.stockport.sch.uk/wp-content/mu-plugins/
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 80%
- | Reference: http://codex.wordpress.org/Must_Use_Plugins
- [+] https://www.priestnall.stockport.sch.uk/wp-cron.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 60%
- | References:
- | - https://www.iplocation.net/defend-wordpress-from-ddos
- | - https://github.com/wpscanteam/wpscan/issues/1299
- [+] WordPress version 4.9.4 identified (Insecure, released on 2018-02-06).
- | Detected By: Rss Generator (Passive Detection)
- | - https://www.priestnall.stockport.sch.uk/feed/, <generator>https://wordpress.org/?v=4.9.4</generator>
- | - https://www.priestnall.stockport.sch.uk/comments/feed/, <generator>https://wordpress.org/?v=4.9.4</generator>
- |
- | [!] 14 vulnerabilities identified:
- |
- | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
- | References:
- | - https://wpvulndb.com/vulnerabilities/9021
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
- | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
- | - https://github.com/quitten/doser.py
- | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- |
- | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
- | Fixed in: 4.9.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/9053
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
- |
- | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
- | Fixed in: 4.9.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/9054
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
- |
- | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
- | Fixed in: 4.9.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/9055
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
- |
- | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
- | Fixed in: 4.9.7
- | References:
- | - https://wpvulndb.com/vulnerabilities/9100
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
- | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
- | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
- | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
- | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated File Delete
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9169
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9170
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
- |
- | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9171
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9172
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9173
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
- |
- | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9174
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9175
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
- |
- | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9222
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
- | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
- |
- | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
- | Fixed in: 4.9.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/9230
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
- | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
- | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
- | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
- [+] WordPress theme in use: siteorigin-north
- | Location: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/
- | Last Updated: 2019-03-14T00:00:00.000Z
- | Readme: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/readme.txt
- | [!] The version is out of date, the latest version is 1.6.8
- | Style URL: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/style.css
- | Style Name: SiteOrigin North
- | Style URI: https://siteorigin.com/theme/north/
- | Description: Inspired by the elegant majesty and purity of the Swiss Alps and built with business owners in mind,...
- | Author: SiteOrigin
- | Author URI: https://siteorigin.com/
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.4.3 (80% confidence)
- | Detected By: Style (Passive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/style.css, Match: 'Version: 1.4.3'
- [+] Enumerating All Plugins (via Passive Methods)
- [+] Checking Plugin Versions (via Passive and Aggressive Methods)
- [i] Plugin(s) Identified:
- [+] content-views-query-and-display-post-page
- | Location: https://www.priestnall.stockport.sch.uk/wp-content/plugins/content-views-query-and-display-post-page/
- | Last Updated: 2019-03-18T04:29:00.000Z
- | [!] The version is out of date, the latest version is 2.1.3.2
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.9.9.6 (100% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=1.9.9.6
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=1.9.9.6
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/content-views-query-and-display-post-page/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/content-views-query-and-display-post-page/readme.txt
- [+] cookie-notice
- | Location: https://www.priestnall.stockport.sch.uk/wp-content/plugins/cookie-notice/
- | Last Updated: 2019-01-24T10:47:00.000Z
- | [!] The version is out of date, the latest version is 1.2.46
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.2.41 (100% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/cookie-notice/js/front.min.js?ver=1.2.41
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/cookie-notice/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/cookie-notice/readme.txt
- [+] popup-builder
- | Location: https://www.priestnall.stockport.sch.uk/wp-content/plugins/popup-builder/
- | Last Updated: 2019-04-03T15:34:00.000Z
- | [!] The version is out of date, the latest version is 3.1.9
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 2.6.7.3 (50% confidence)
- | Detected By: Readme - ChangeLog Section (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/popup-builder/readme.txt
- [+] siteorigin-panels
- | Location: https://www.priestnall.stockport.sch.uk/wp-content/plugins/siteorigin-panels/
- | Last Updated: 2019-04-06T00:55:00.000Z
- | [!] The version is out of date, the latest version is 2.10.5
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 2.6.2 (100% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/siteorigin-panels/readme.txt
- | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/siteorigin-panels/readme.txt
- [+] so-widgets-bundle
- | Location: https://www.priestnall.stockport.sch.uk/wp-content/plugins/so-widgets-bundle/
- | Last Updated: 2019-03-27T20:27:00.000Z
- | [!] The version is out of date, the latest version is 1.15.4
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.11.4 (100% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/so-widgets-bundle/readme.txt
- | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/so-widgets-bundle/readme.txt
- [+] tablepress
- | Location: https://www.priestnall.stockport.sch.uk/wp-content/plugins/tablepress/
- | Latest Version: 1.9.2 (up to date)
- | Last Updated: 2019-02-22T15:10:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.9.2 (90% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/tablepress/css/default.min.css?ver=1.9.2
- | Confirmed By: Readme - Stable Tag (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/plugins/tablepress/readme.txt
- [+] Enumerating Config Backups (via Passive and Aggressive Methods)
- Checking Config Backups - Time: 00:00:08 <=============> (21 / 21) 100.00% Time: 00:00:08
- [i] No Config Backups Found.
- [+] Finished: Fri Apr 26 10:04:25 2019
- [+] Requests Done: 63
- [+] Cached Requests: 6
- [+] Data Sent: 13.147 KB
- [+] Data Received: 432.598 KB
- [+] Memory used: 175.703 MB
- [+] Elapsed time: 00:00:27
- #######################################################################################################################################
- [+] URL: https://www.priestnall.stockport.sch.uk/
- [+] Started: Fri Apr 26 10:04:02 2019
- Interesting Finding(s):
- [+] https://www.priestnall.stockport.sch.uk/
- | Interesting Entries:
- | - Server: Microsoft-IIS/8.5
- | - X-Powered-By: PHP/5.6.31
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [+] https://www.priestnall.stockport.sch.uk/robots.txt
- | Found By: Robots Txt (Aggressive Detection)
- | Confidence: 100%
- [+] https://www.priestnall.stockport.sch.uk/xmlrpc.php
- | Found By: Link Tag (Passive Detection)
- | Confidence: 100%
- | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] https://www.priestnall.stockport.sch.uk/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] This site has 'Must Use Plugins': https://www.priestnall.stockport.sch.uk/wp-content/mu-plugins/
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 80%
- | Reference: http://codex.wordpress.org/Must_Use_Plugins
- [+] https://www.priestnall.stockport.sch.uk/wp-cron.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 60%
- | References:
- | - https://www.iplocation.net/defend-wordpress-from-ddos
- | - https://github.com/wpscanteam/wpscan/issues/1299
- [+] WordPress version 4.9.4 identified (Insecure, released on 2018-02-06).
- | Detected By: Rss Generator (Passive Detection)
- | - https://www.priestnall.stockport.sch.uk/feed/, <generator>https://wordpress.org/?v=4.9.4</generator>
- | - https://www.priestnall.stockport.sch.uk/comments/feed/, <generator>https://wordpress.org/?v=4.9.4</generator>
- |
- | [!] 14 vulnerabilities identified:
- |
- | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
- | References:
- | - https://wpvulndb.com/vulnerabilities/9021
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
- | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
- | - https://github.com/quitten/doser.py
- | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- |
- | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
- | Fixed in: 4.9.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/9053
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
- |
- | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
- | Fixed in: 4.9.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/9054
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
- |
- | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
- | Fixed in: 4.9.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/9055
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
- |
- | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
- | Fixed in: 4.9.7
- | References:
- | - https://wpvulndb.com/vulnerabilities/9100
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
- | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
- | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
- | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
- | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated File Delete
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9169
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9170
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
- |
- | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9171
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9172
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9173
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
- |
- | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9174
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9175
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
- |
- | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9222
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
- | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
- |
- | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
- | Fixed in: 4.9.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/9230
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
- | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
- | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
- | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
- [+] WordPress theme in use: siteorigin-north
- | Location: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/
- | Last Updated: 2019-03-14T00:00:00.000Z
- | Readme: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/readme.txt
- | [!] The version is out of date, the latest version is 1.6.8
- | Style URL: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/style.css
- | Style Name: SiteOrigin North
- | Style URI: https://siteorigin.com/theme/north/
- | Description: Inspired by the elegant majesty and purity of the Swiss Alps and built with business owners in mind,...
- | Author: SiteOrigin
- | Author URI: https://siteorigin.com/
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.4.3 (80% confidence)
- | Detected By: Style (Passive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/style.css, Match: 'Version: 1.4.3'
- [+] Enumerating Users (via Passive and Aggressive Methods)
- Brute Forcing Author IDs - Time: 00:00:08 <==> (10 / 10) 100.00% Time: 00:00:08
- [i] User(s) Identified:
- [+] Webmaster
- | Detected By: Rss Generator (Passive Detection)
- | Confirmed By: Rss Generator (Aggressive Detection)
- [+] mmarkendale
- | Detected By: Wp Json Api (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-json/wp/v2/users/?per_page=100&page=1
- | Confirmed By:
- | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- | Login Error Messages (Aggressive Detection)
- [+] mmason
- | Detected By: Wp Json Api (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-json/wp/v2/users/?per_page=100&page=1
- | Confirmed By:
- | Oembed API - Author URL (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-json/oembed/1.0/embed?url=https://www.priestnall.stockport.sch.uk/&format=json
- | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- | Login Error Messages (Aggressive Detection)
- [+] gpearson
- | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- | Confirmed By: Login Error Messages (Aggressive Detection)
- [+] Finished: Fri Apr 26 10:04:26 2019
- [+] Requests Done: 35
- [+] Cached Requests: 24
- [+] Data Sent: 8.57 KB
- [+] Data Received: 341.602 KB
- [+] Memory used: 99.762 MB
- [+] Elapsed time: 00:00:24
- #######################################################################################################################################
- [+] URL: https://www.priestnall.stockport.sch.uk/
- [+] Started: Fri Apr 26 10:10:20 2019
- Interesting Finding(s):
- [+] https://www.priestnall.stockport.sch.uk/
- | Interesting Entries:
- | - Server: Microsoft-IIS/8.5
- | - X-Powered-By: PHP/5.6.31
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [+] https://www.priestnall.stockport.sch.uk/robots.txt
- | Found By: Robots Txt (Aggressive Detection)
- | Confidence: 100%
- [+] https://www.priestnall.stockport.sch.uk/xmlrpc.php
- | Found By: Link Tag (Passive Detection)
- | Confidence: 100%
- | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] https://www.priestnall.stockport.sch.uk/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] This site has 'Must Use Plugins': https://www.priestnall.stockport.sch.uk/wp-content/mu-plugins/
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 80%
- | Reference: http://codex.wordpress.org/Must_Use_Plugins
- [+] https://www.priestnall.stockport.sch.uk/wp-cron.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 60%
- | References:
- | - https://www.iplocation.net/defend-wordpress-from-ddos
- | - https://github.com/wpscanteam/wpscan/issues/1299
- [+] WordPress version 4.9.4 identified (Insecure, released on 2018-02-06).
- | Detected By: Rss Generator (Passive Detection)
- | - https://www.priestnall.stockport.sch.uk/feed/, <generator>https://wordpress.org/?v=4.9.4</generator>
- | - https://www.priestnall.stockport.sch.uk/comments/feed/, <generator>https://wordpress.org/?v=4.9.4</generator>
- |
- | [!] 14 vulnerabilities identified:
- |
- | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
- | References:
- | - https://wpvulndb.com/vulnerabilities/9021
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
- | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
- | - https://github.com/quitten/doser.py
- | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- |
- | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
- | Fixed in: 4.9.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/9053
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
- |
- | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
- | Fixed in: 4.9.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/9054
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
- |
- | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
- | Fixed in: 4.9.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/9055
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
- |
- | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
- | Fixed in: 4.9.7
- | References:
- | - https://wpvulndb.com/vulnerabilities/9100
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
- | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
- | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
- | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
- | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated File Delete
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9169
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9170
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
- |
- | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9171
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9172
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9173
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
- |
- | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9174
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- |
- | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9175
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
- | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
- |
- | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
- | Fixed in: 4.9.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/9222
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
- | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
- |
- | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
- | Fixed in: 4.9.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/9230
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
- | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
- | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
- | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
- [+] WordPress theme in use: siteorigin-north
- | Location: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/
- | Last Updated: 2019-03-14T00:00:00.000Z
- | Readme: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/readme.txt
- | [!] The version is out of date, the latest version is 1.6.8
- | Style URL: https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/style.css
- | Style Name: SiteOrigin North
- | Style URI: https://siteorigin.com/theme/north/
- | Description: Inspired by the elegant majesty and purity of the Swiss Alps and built with business owners in mind,...
- | Author: SiteOrigin
- | Author URI: https://siteorigin.com/
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.4.3 (80% confidence)
- | Detected By: Style (Passive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-content/themes/siteorigin-north/style.css, Match: 'Version: 1.4.3'
- [+] Enumerating Users (via Passive and Aggressive Methods)
- Brute Forcing Author IDs - Time: 00:00:03 <============> (10 / 10) 100.00% Time: 00:00:03
- [i] User(s) Identified:
- [+] Webmaster
- | Detected By: Rss Generator (Passive Detection)
- | Confirmed By: Rss Generator (Aggressive Detection)
- [+] mmarkendale
- | Detected By: Wp Json Api (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-json/wp/v2/users/?per_page=100&page=1
- | Confirmed By:
- | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- | Login Error Messages (Aggressive Detection)
- [+] mmason
- | Detected By: Wp Json Api (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-json/wp/v2/users/?per_page=100&page=1
- | Confirmed By:
- | Oembed API - Author URL (Aggressive Detection)
- | - https://www.priestnall.stockport.sch.uk/wp-json/oembed/1.0/embed?url=https://www.priestnall.stockport.sch.uk/&format=json
- | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- | Login Error Messages (Aggressive Detection)
- [+] gpearson
- | Detected By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- | Confirmed By: Login Error Messages (Aggressive Detection)
- [+] Finished: Fri Apr 26 10:10:29 2019
- [+] Requests Done: 17
- [+] Cached Requests: 42
- [+] Data Sent: 3.925 KB
- [+] Data Received: 57.877 KB
- [+] Memory used: 99.422 MB
- [+] Elapsed time: 00:00:08
- #######################################################################################################################################
- [-] Date & Time: 26/04/2019 10:04:03
- [I] Threads: 5
- [-] Target: https://www.priestnall.stockport.sch.uk (212.121.220.45)
- [I] Server: Microsoft-IIS/8.5
- [I] X-Powered-By: PHP/5.6.31
- [L] X-Frame-Options: Not Enforced
- [I] Strict-Transport-Security: Not Enforced
- [I] X-Content-Security-Policy: Not Enforced
- [I] X-Content-Type-Options: Not Enforced
- [L] Robots.txt Found: https://www.priestnall.stockport.sch.uk/robots.txt
- [I] CMS Detection: WordPress
- [I] Wordpress Version: 4.9.4
- [M] EDB-ID: 46511 "WordPress Core 5.0 - Remote Code Execution"
- [M] EDB-ID: 46662 "WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)"
- [M] EDB-ID: 44949 "WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion"
- [I] Wordpress Theme: siteorigin-north
- [-] WordPress usernames identified:
- [M] Garry Pearson
- [M] Matt Markendale
- [M] Webmaster
- [M] gpearson
- [M] mmarkendale
- [M] mmason
- [M] XML-RPC services are enabled
- [M] Website vulnerable to XML-RPC Brute Force Vulnerability
- [I] Forgotten Password Allows Username Enumeration: https://www.priestnall.stockport.sch.uk/wp-login.php?action=lostpassword
- [I] Autocomplete Off Not Found: https://www.priestnall.stockport.sch.uk/wp-login.php
- [-] Default WordPress Files:
- [I] https://www.priestnall.stockport.sch.uk/license.txt
- [I] https://www.priestnall.stockport.sch.uk/readme.html
- [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentyfifteen/genericons/COPYING.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentyfifteen/genericons/LICENSE.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentyfifteen/readme.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentyseventeen/README.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentysixteen/genericons/COPYING.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentysixteen/genericons/LICENSE.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-content/themes/twentysixteen/readme.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-includes/ID3/license.commercial.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-includes/ID3/license.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-includes/ID3/readme.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-includes/images/crystal/license.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-includes/js/plupload/license.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-includes/js/swfupload/license.txt
- [I] https://www.priestnall.stockport.sch.uk/wp-includes/js/tinymce/license.txt
- [-] Searching Wordpress Plugins ...
- [I] "+plugin+"
- [I] akismet v4.0.2
- [M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
- [M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
- [I] backwpup v3.4.4
- [M] EDB-ID: 35400 "WordPress Plugin BackWPup 1.4 - Multiple Information Disclosure Vulnerabilities"
- [I] content-views-query-and-display-post-page v1.9.9.6
- [I] cookie-notice v1.2.41
- [I] feed
- [M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
- [I] siteorigin-panels v2.6.2
- [I] so-widgets-bundle v1.11.4
- [I] tablepress v1.9.2
- [I] Checking for Directory Listing Enabled ...
- [-] Date & Time: 26/04/2019 10:11:26
- [-] Completed in: 0:07:23
- #######################################################################################################################################
- Anonymous JTSEC #OpAssange Full Recon #15
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement