API tools faq
paste
Advertisement
Guest User

Anonymous Operation Izsrael USA JTSEC full recon 2018 #2

a guest
Mar 10th, 2018
559
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 38.35 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. Hostname www.ishopy.co.il ISP Bezeq International (AS8551)
  3. Continent Asia Flag
  4. IL
  5. Country Israel Country Code IL (ISR)
  6. Region Unknown Local time 10 Mar 2018 05:32 IST
  7. City Unknown Latitude 31.5
  8. IP Address 81.218.229.174 Longitude 34.75
  9. ######################################################################################################################################
  10. HostIP:81.218.229.174
  11. HostName:ishopy.co.il
  12.  
  13. Gathered Inet-whois information for 81.218.229.174
  14. ---------------------------------
  15.  
  16.  
  17. inetnum: 81.218.229.0 - 81.218.229.255
  18. netname: SECUREST-LTD
  19. descr: Securest LTD
  20. country: IL
  21. admin-c: BNT1-RIPE
  22. tech-c: se3315-ripe
  23. status: ASSIGNED PA
  24. mnt-by: AS8551-MNT
  25. mnt-lower: AS8551-MNT
  26. remarks: please send ABUSE complains to abuse@securest.biz
  27. created: 2009-08-26T11:21:55Z
  28. last-modified: 2010-06-21T00:33:20Z
  29. source: RIPE
  30.  
  31. role: BEZEQINT NETWORKING TEAM
  32. address: Bezeq International
  33. address: 40 hashacham st.
  34. address: Petach Tikva 49170 Israel
  35. phone: +972 1 800014014
  36. fax-no: +972 3 9257674
  37. admin-c: MR916-RIPE
  38. tech-c: MR916-RIPE
  39. tech-c: RD1278-RIPE
  40. nic-hdl: BNT1-RIPE
  41. remarks: Please Send Spam and Abuse ONLY to abuse@bezeqint.net
  42. mnt-by: AS8551-MNT
  43. mnt-by: gp-44282
  44. created: 2005-09-27T12:31:29Z
  45. last-modified: 2017-11-30T13:25:20Z
  46. source: RIPE # Filtered
  47.  
  48. person: Shlomi Elimeleh
  49. address: P.O.B 10
  50. address: 60250, Or Yehuda
  51. address: Israel
  52. mnt-by: MNT-NFORCE
  53. phone: +972 545688015
  54. fax-no: +972 (3)6050206
  55. nic-hdl: se3315-ripe
  56. created: 2007-06-26T14:29:02Z
  57. last-modified: 2017-10-30T21:55:39Z
  58. source: RIPE
  59.  
  60. % Information related to '81.218.224.0/19AS8551'
  61.  
  62. route: 81.218.224.0/19
  63. descr: BEZEQINT-ADSL
  64. origin: AS8551
  65. mnt-by: AS8551-MNT
  66. created: 2003-03-11T08:12:20Z
  67. last-modified: 2003-03-11T08:12:20Z
  68. source: RIPE # Filtered
  69.  
  70. % This query was served by the RIPE Database Query Service version 1.90 (WAGYU)
  71.  
  72.  
  73.  
  74. Gathered Inic-whois information for ishopy.co.il
  75. ---------------------------------
  76. domain: ishopy.co.il
  77.  
  78. descr: acumana LTD
  79. descr: Hatichon 33
  80. descr: Haifa
  81. descr: 32296
  82. descr: Israel
  83. e-mail: chenganel AT gmail.com
  84. admin-c: GI-CG5194-IL
  85. tech-c: GI-CG5194-IL
  86. zone-c: GI-CG5194-IL
  87. nserver: ns1.qwais.com
  88. nserver: ns2.qwais.com
  89. validity: 12-12-2019
  90. DNSSEC: unsigned
  91. status: Transfer Locked
  92. changed: domain-registrar AT isoc.org.il 20YV@ (AssF
  93. �(iguned)
  94. changed: domain-registrar AT isoc.org.il 20131218 (Changed)
  95. changed: domain-registrar AT isoc.org.il 20140309 (Changed)
  96.  
  97. person: chen ganel
  98. address: Hatichon 33
  99. address: Haifa
  100. address: 32296
  101. address: Israel
  102. phone: +972 54 2333399
  103. e-mail: chenganel AT gmail.com
  104. nic-hdl: GI-CG5194-IL
  105. changed: Managing Registrar 20131117
  106.  
  107. registrar name: Gorni Interactive Ltd
  108. registrar info: http://www.box.co.il/
  109.  
  110. % Rights to the data above are restricted by coV@pyrigF
  111. �(ht.
  112.  
  113. Gathered Netcraft information for ishopy.co.il
  114. ---------------------------------
  115.  
  116. Retrieving Netcraft.com information for ishopy.co.il
  117. Netcraft.com Information gathered
  118.  
  119. Gathered Subdomain information for ishopy.co.il
  120. ---------------------------------
  121. Searching Google.com:80...
  122. Searching Altavista.com:80...
  123. Found 0 possible subdomain(s) for host ishopy.co.il, Searched 0 pages containing 0 results
  124.  
  125. Gathered E-Mail information for ishopy.co.il
  126. ---------------------------------
  127. Searching Google.com:80...
  128. Searching Altavista.com:80...
  129. Found 0 E-Mail(s) for host ishopy.co.il, Searched 0 pages containing 0 results
  130.  
  131. Gathered TCP Port information for 81.218.229.174
  132. ---------------------------------
  133.  
  134. Port State
  135.  
  136. 1/tcp open
  137. 2/tcp open
  138. 3/tcp open
  139. 4/tcp open
  140. 5/tcp open
  141. 6/tcp open
  142. 7/tcp open
  143. 8/tcp open
  144. 9/tcp open
  145. 10/tcp open
  146. 11/tcp open
  147. 12/tcp open
  148. 13/tcp open
  149. 14/tcp open
  150. 15/tcp open
  151. 16/tcp open
  152. 17/tcp open
  153. 18/tcp open
  154. 19/tcp open
  155. 20/tcp open
  156. 21/tcp open
  157. 22/tcp open
  158. 23/tcp open
  159. 24/tcp open
  160. 26/tcp open
  161. 27/tcp open
  162. 28/tcp open
  163. 29/tcp open
  164. 30/tcp open
  165. 31/tcp open
  166. 32/tcp open
  167. 33/tcp open
  168. 34/tcp open
  169. 35/tcp open
  170. 36/tcp open
  171. 37/tcp open
  172. 38/tcp open
  173. 39/tcp open
  174. 40/tcp open
  175. 41/tcp open
  176. 42/tcp open
  177. 43/tcp open
  178. 44/tcp open
  179. 45/tcp open
  180. 46/tcp open
  181. 47/tcp open
  182. 48/tcp open
  183. 49/tcp open
  184. 50/tcp open
  185. 51/tcp open
  186. 52/tcp open
  187. 53/tcp open
  188. 54/tcp open
  189. 55/tcp open
  190. 56/tcp open
  191. 57/tcp open
  192. 58/tcp open
  193. 59/tcp open
  194. 60/tcp open
  195. 61/tcp open
  196. 62/tcp open
  197. 63/tcp open
  198. 64/tcp open
  199. 65/tcp open
  200. 66/tcp open
  201. 67/tcp open
  202. 68/tcp open
  203. 69/tcp open
  204. 70/tcp open
  205. 71/tcp open
  206. 72/tcp open
  207. 73/tcp open
  208. 74/tcp open
  209. 75/tcp open
  210. 76/tcp open
  211. 77/tcp open
  212. 78/tcp open
  213. 79/tcp open
  214. 80/tcp open
  215. 81/tcp open
  216. 82/tcp open
  217. 83/tcp open
  218. 84/tcp open
  219. 85/tcp open
  220. 86/tcp open
  221. 87/tcp open
  222. 88/tcp open
  223. 89/tcp open
  224. 90/tcp open
  225. 91/tcp open
  226. 92/tcp open
  227. 93/tcp open
  228. 94/tcp open
  229. 95/tcp open
  230. 96/tcp open
  231. 97/tcp open
  232. 98/tcp open
  233. 99/tcp open
  234. 100/tcp open
  235. 101/tcp open
  236. 102/tcp open
  237. 103/tcp open
  238. 104/tcp open
  239. 105/tcp open
  240. 106/tcp open
  241. 107/tcp open
  242. 108/tcp open
  243. 109/tcp open
  244. 110/tcp open
  245. 111/tcp open
  246. 112/tcp open
  247. 113/tcp open
  248. 114/tcp open
  249. 115/tcp open
  250. 116/tcp open
  251. 117/tcp open
  252. 118/tcp open
  253. 119/tcp open
  254. 120/tcp open
  255. 121/tcp open
  256. 122/tcp open
  257. 123/tcp open
  258. 124/tcp open
  259. 125/tcp open
  260. 126/tcp open
  261. 127/tcp open
  262. 128/tcp open
  263. 129/tcp open
  264. 130/tcp open
  265. 131/tcp open
  266. 132/tcp open
  267. 133/tcp open
  268. 134/tcp open
  269. 140/tcp open
  270. 141/tcp open
  271. 142/tcp open
  272. 143/tcp open
  273. 144/tcp open
  274. 145/tcp open
  275. 146/tcp open
  276. 147/tcp open
  277. 148/tcp open
  278. 149/tcp open
  279.  
  280. Portscan Finished: Scanned 150 ports, 0 ports were in state closed
  281.  
  282. #######################################################################################################################################
  283. [i] Scanning Site: http://ishopy.co.il
  284.  
  285.  
  286.  
  287. B A S I C I N F O
  288. ====================
  289.  
  290.  
  291. [+] Site Title: הקניון של היזמים החדשים - ISHOPY
  292. [+] IP address: 81.218.229.174
  293. [+] Web Server: Apache/2
  294. [+] CMS: Could Not Detect
  295. [+] Cloudflare: Not Detected
  296. [+] Robots File: Found
  297.  
  298. -------------[ contents ]----------------
  299. User-agent: *
  300. Disallow: /wp-admin/
  301.  
  302. -----------[end of contents]-------------
  303.  
  304.  
  305.  
  306. W H O I S L O O K U P
  307. ========================
  308.  
  309.  
  310. % The data in the WHOIS database of the .il registry is provided
  311. % by ISOC-IL for information purposes, and to assist persons in
  312. % obtaining information about or related to a domain name
  313. % registration record. ISOC-IL does not guarantee its accuracy.
  314. % By submitting a WHOIS query, you agree that you will use this
  315. % Data only for lawful purposes and that, under no circumstances
  316. % will you use this Data to: (1) allow, enable, or otherwise
  317. % support the transmission of mass unsolicited, commercial
  318. % advertising or solicitations via e-mail (spam);
  319. % or (2) enable high volume, automated, electronic processes that
  320. % apply to ISOC-IL (or its systems).
  321. % ISOC-IL reserves the right to modify these terms at any time.
  322. % By submitting this query, you agree to abide by this policy.
  323.  
  324. query: ishopy.co.il
  325.  
  326. reg-name: ishopy
  327. domain: ishopy.co.il
  328.  
  329. descr: acumana LTD
  330. descr: Hatichon 33
  331. descr: Haifa
  332. descr: 32296
  333. descr: Israel
  334. e-mail: chenganel AT gmail.com
  335. admin-c: GI-CG5194-IL
  336. tech-c: GI-CG5194-IL
  337. zone-c: GI-CG5194-IL
  338. nserver: ns1.qwais.com
  339. nserver: ns2.qwais.com
  340. validity: 12-12-2019
  341. DNSSEC: unsigned
  342. status: Transfer Locked
  343. changed: domain-registrar AT isoc.org.il 20131212 (Assigned)
  344. changed: domain-registrar AT isoc.org.il 20131218 (Changed)
  345. changed: domain-registrar AT isoc.org.il 20140309 (Changed)
  346.  
  347. person: chen ganel
  348. address: Hatichon 33
  349. address: Haifa
  350. address: 32296
  351. address: Israel
  352. phone: +972 54 2333399
  353. e-mail: chenganel AT gmail.com
  354. nic-hdl: GI-CG5194-IL
  355. changed: Managing Registrar 20131117
  356.  
  357. registrar name: Gorni Interactive Ltd
  358. registrar info: http://www.box.co.il/
  359.  
  360. % Rights to the data above are restricted by copyright.
  361.  
  362.  
  363.  
  364.  
  365. G E O I P L O O K U P
  366. =========================
  367.  
  368. [i] IP Address: 81.218.229.174
  369. [i] Country: IL
  370. [i] State: N/A
  371. [i] City: N/A
  372. [i] Latitude: 31.500000
  373. [i] Longitude: 34.750000
  374.  
  375.  
  376.  
  377.  
  378. H T T P H E A D E R S
  379. =======================
  380.  
  381.  
  382. [i] HTTP/1.1 301 Moved Permanently
  383. [i] Date: Sat, 10 Mar 2018 06:22:30 GMT
  384. [i] Server: Apache/2
  385. [i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
  386. [i] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  387. [i] Pragma: no-cache
  388. [i] X-Pingback: http://www.ishopy.co.il/xmlrpc.php
  389. [i] Set-Cookie: PHPSESSID=1d15l1rn22be346397b0ge43m2; path=/
  390. [i] Location: http://www.ishopy.co.il/
  391. [i] Vary: Accept-Encoding,User-Agent
  392. [i] Content-Length: 0
  393. [i] Connection: close
  394. [i] Content-Type: text/html; charset=UTF-8
  395. [i] HTTP/1.1 200 OK
  396. [i] Date: Sat, 10 Mar 2018 06:22:32 GMT
  397. [i] Server: Apache/2
  398. [i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
  399. [i] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  400. [i] Pragma: no-cache
  401. [i] X-Pingback: http://www.ishopy.co.il/xmlrpc.php
  402. [i] Set-Cookie: PHPSESSID=20pr2v0r0qtdvs1nbomd0rb4n3; path=/
  403. [i] Vary: Accept-Encoding,User-Agent
  404. [i] Connection: close
  405. [i] Content-Type: text/html; charset=UTF-8
  406.  
  407.  
  408.  
  409.  
  410. D N S L O O K U P
  411. ===================
  412.  
  413. ;; Truncated, retrying in TCP mode.
  414. ishopy.co.il. 14400 IN MX 10 mail.ishopy.co.il.
  415. ishopy.co.il. 14400 IN TXT "v=spf1 a mx ip4:81.218.229.174 ~all"
  416. ishopy.co.il. 14400 IN A 81.218.229.174
  417. ishopy.co.il. 14400 IN SOA ns1.qwais.com. hostmaster.ishopy.co.il. 2015020101 14400 3600 1209600 86400
  418. ishopy.co.il. 14400 IN NS ns1.qwais.com.
  419. ishopy.co.il. 14400 IN NS ns2.qwais.com.
  420.  
  421.  
  422.  
  423.  
  424. S U B N E T C A L C U L A T I O N
  425. ====================================
  426.  
  427. Address = 81.218.229.174
  428. Network = 81.218.229.174 / 32
  429. Netmask = 255.255.255.255
  430. Broadcast = not needed on Point-to-Point links
  431. Wildcard Mask = 0.0.0.0
  432. Hosts Bits = 0
  433. Max. Hosts = 1 (2^0 - 0)
  434. Host Range = { 81.218.229.174 - 81.218.229.174 }
  435.  
  436.  
  437.  
  438. N M A P P O R T S C A N
  439. ============================
  440.  
  441.  
  442. Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-10 03:35 UTC
  443. Nmap scan report for ishopy.co.il (81.218.229.174)
  444. Host is up (0.14s latency).
  445. rDNS record for 81.218.229.174: mail.qwais.com
  446. PORT STATE SERVICE VERSION
  447. 21/tcp open ftp ProFTPD 1.3.4b
  448. 22/tcp filtered ssh
  449. 23/tcp filtered telnet
  450. 25/tcp open smtp Exim smtpd 4.80.1
  451. 80/tcp open http Apache httpd 2
  452. 110/tcp open pop3 Dovecot DirectAdmin pop3d
  453. 143/tcp open imap Dovecot imapd
  454. 443/tcp open ssl/http Apache httpd 2
  455. 445/tcp filtered microsoft-ds
  456. 3389/tcp filtered ms-wbt-server
  457. Service Info: Hosts: il1.qwais.com, localhost; OS: Unix
  458.  
  459. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  460. Nmap done: 1 IP address (1 host up) scanned in 15.80 seconds
  461.  
  462. #######################################################################################################################################
  463. [!] IP Address : 81.218.229.174
  464. [!] CMS Detected : WordPress
  465. [?] Would you like to use WPScan? [Y/n] Y
  466. _______________________________________________________________
  467. __ _______ _____
  468. \ \ / / __ \ / ____|
  469. \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
  470. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
  471. \ /\ / | | ____) | (__| (_| | | | |
  472. \/ \/ |_| |_____/ \___|\__,_|_| |_|
  473.  
  474. WordPress Security Scanner by the WPScan Team
  475. Version 2.9.3
  476. Sponsored by Sucuri - https://sucuri.net
  477. @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
  478. _______________________________________________________________
  479.  
  480. [i] It seems like you have not updated the database for some time.
  481. [?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]Y
  482. [i] Updating the Database ...
  483. [i] Update completed.
  484. [+] URL: http://www.ishopy.co.il/
  485. [+] Started: Fri Mar 9 22:42:43 2018
  486.  
  487.  
  488. [!] The target seems to be down
  489. [+] Honeypot Probabilty: 30%
  490. ----------------------------------------
  491. [~] Trying to gather whois information for www.ishopy.co.il
  492. [+] Whois information found
  493. Registrant Name : None
  494. Status : None
  495. Dnssec : None
  496. Expiration Date : None
  497. Domain Name : None
  498. Phone : None
  499. Registrar : None
  500. Referral Url : None
  501. Name Servers : None
  502. Emails : None
  503. ----------------------------------------
  504. [+] Robots.txt retrieved
  505. User-agent: *
  506. Disallow: /wp-admin/
  507.  
  508. ----------------------------------------
  509. PORT STATE SERVICE VERSION
  510. 21/tcp open ftp ProFTPD 1.3.4b
  511. 22/tcp filtered ssh
  512. 23/tcp filtered telnet
  513. 25/tcp open smtp Exim smtpd 4.80.1
  514. 80/tcp open http Apache httpd 2
  515. 110/tcp open pop3 Dovecot DirectAdmin pop3d
  516. 143/tcp open imap Dovecot imapd
  517. 443/tcp open ssl/http Apache httpd 2
  518. 445/tcp filtered microsoft-ds
  519. 3389/tcp filtered ms-wbt-server
  520. ----------------------------------------
  521.  
  522. [+] DNS Records
  523.  
  524. [+] Host Records (A)
  525. www.ishopy.co.ilHTTP: (mail.qwais.com) (81.218.229.174) AS8551 Bezeq International Israel
  526.  
  527. [+] TXT Records
  528.  
  529. [+] DNS Map: https://dnsdumpster.com/static/map/ishopy.co.il.png
  530.  
  531. [>] Initiating 3 intel modules
  532. [>] Loading Alpha module (1/3)
  533. [>] Beta module deployed (2/3)
  534. [>] Gamma module initiated (3/3)
  535. No emails found
  536. No hosts found
  537. [+] Virtual hosts:
  538. -----------------
  539. #######################################################################################################################################
  540. Original* ishopy.co.il 81.218.229.174 NS:ns1.qwais.com MX:mail.ishopy.co.il
  541. Omission shopy.co.il 82.166.0.156 NS:dns.adamnet.co.il MX:alt1.aspmx.l.google.com
  542. Omission ihopy.co.il NS:ns1.sitesdepot.com
  543. Subdomain i.shopy.co.il 82.166.0.156 NS:dns.adamnet.co.il MX:alt1.aspmx.l.google.com
  544. Various ishopy.co-il.com 209.15.13.134 NS:ns1.dnslink.com
  545. #####################################################################################################################################
  546. Ip Address Status Type Domain Name Server
  547. ---------- ------ ---- ----------- ------
  548. 81.218.229.174 200 host ftp.ishopy.co.il Apache/2
  549. 127.0.0.1 host localhost.ishopy.co.il
  550. 81.218.229.174 host mail.ishopy.co.il
  551. 81.218.229.174 500 host old.ishopy.co.il Apache/2
  552. 81.218.229.174 200 host pop.ishopy.co.il Apache/2
  553. 81.218.229.174 host smtp.ishopy.co.il
  554. 81.218.229.174 host www.ishopy.co.il
  555. 81.218.229.174 host www.old.ishopy.co.il
  556. ######################################################################################################################################
  557. Scan date: 9-3-2018 23:31:17
  558. =====================================================================================================================================
  559. | Domain: http://ishopy.co.il/
  560. | IP: 81.218.229.174
  561. ======================================================================================================================================
  562. |
  563. | Directory check:
  564. | Skipped because http://ishopy.co.il/uniscan834/ did not return the code 404
  565. =====================================================================================================================================
  566. |
  567. | File check:
  568. | Skipped because http://ishopy.co.il/uniscan697/ did not return the code 404
  569. ======================================================================================================================================
  570. |
  571. | Check robots.txt:
  572. |
  573. | Check sitemap.xml:
  574. ========================================================================================================================================
  575. |
  576. | Crawler Started:
  577. | Plugin name: FCKeditor upload test v.1 Loaded.
  578. | Plugin name: Code Disclosure v.1.1 Loaded.
  579. | Plugin name: External Host Detect v.1.2 Loaded.
  580. | Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
  581. | Plugin name: E-mail Detection v.1.1 Loaded.
  582. | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
  583. | Plugin name: phpinfo() Disclosure v.1 Loaded.
  584. | Plugin name: Upload Form Detect v.1.1 Loaded.
  585. | [+] Crawling finished, 1 URL's found!
  586. |
  587. | FCKeditor File Upload:
  588. |
  589. | Source Code Disclosure:
  590. |
  591. | External hosts:
  592. |
  593. | Web Backdoors:
  594. |
  595. | E-mails:
  596. |
  597. | Timthumb:
  598. |
  599. | PHPinfo() Disclosure:
  600. |
  601. | File Upload Forms:
  602. |
  603. | Ignored Files:
  604. =======================================================================================================================================
  605. | Dynamic tests:
  606. | Plugin name: Learning New Directories v.1.2 Loaded.
  607. | Plugin name: FCKedior tests v.1.1 Loaded.
  608. | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
  609. | Plugin name: Find Backup Files v.1.2 Loaded.
  610. | Plugin name: Blind SQL-injection tests v.1.3 Loaded.
  611. | Plugin name: Local File Include tests v.1.1 Loaded.
  612. | Plugin name: PHP CGI Argument Injection v.1.1 Loaded.
  613. | Plugin name: Remote Command Execution tests v.1.1 Loaded.
  614. | Plugin name: Remote File Include tests v.1.2 Loaded.
  615. | Plugin name: SQL-injection tests v.1.2 Loaded.
  616. | Plugin name: Cross-Site Scripting tests v.1.2 Loaded.
  617. | Plugin name: Web Shell Finder v.1.3 Loaded.
  618. | [+] 0 New directories added
  619. |
  620. |
  621. | FCKeditor tests:
  622. | Skipped because http://ishopy.co.il/testing123 did not return the code 404
  623. |
  624. |
  625. | Timthumb < 1.33 vulnerability:
  626. |
  627. |
  628. | Backup Files:
  629. | Skipped because http://ishopy.co.il/testing123 did not return the code 404
  630. |
  631. |
  632. | Blind SQL Injection:
  633. |
  634. |
  635. | Local File Include:
  636. |
  637. |
  638. | PHP CGI Argument Injection:
  639. |
  640. |
  641. | Remote Command Execution:
  642. |
  643. |
  644. | Remote File Include:
  645. |
  646. |
  647. | SQL Injection:
  648. |
  649. |
  650. | Cross-Site Scripting (XSS):
  651. |
  652. |
  653. | Web Shell Finder:
  654. =======================================================================================================================================
  655. | Static tests:
  656. | Plugin name: Local File Include tests v.1.1 Loaded.
  657. | Plugin name: Remote Command Execution tests v.1.1 Loaded.
  658. | Plugin name: Remote File Include tests v.1.1 Loaded.
  659. |
  660. |
  661. | Local File Include:
  662. |
  663. |
  664. | Remote Command Execution:
  665. |
  666. |
  667. | Remote File Include:
  668. =======================================================================================================================================
  669. #######################################################################################################################################
  670. ====================================================================================
  671.  RUNNING NSLOOKUP 
  672. ====================================================================================
  673. Server: 10.211.254.254
  674. Address: 10.211.254.254#53
  675.  
  676. Non-authoritative answer:
  677. Name: ishopy.co.il
  678. Address: 81.218.229.174
  679.  
  680. ishopy.co.il has address 81.218.229.174
  681. ishopy.co.il mail is handled by 10 mail.ishopy.co.il.
  682. ====================================================================================
  683.  CHECKING OS FINGERPRINT 
  684. ====================================================================================
  685.  
  686. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  687.  
  688. [+] Target is ishopy.co.il
  689. [+] Loading modules.
  690. [+] Following modules are loaded:
  691. [x] [1] ping:icmp_ping - ICMP echo discovery module
  692. [x] [2] ping:tcp_ping - TCP-based ping discovery module
  693. [x] [3] ping:udp_ping - UDP-based ping discovery module
  694. [x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
  695. [x] [5] infogather:portscan - TCP and UDP PortScanner
  696. [x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
  697. [x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
  698. [x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
  699. [x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
  700. [x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
  701. [x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
  702. [x] [12] fingerprint:smb - SMB fingerprinting module
  703. [x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
  704. [+] 13 modules registered
  705. [+] Initializing scan engine
  706. [+] Running scan engine
  707. [-] ping:tcp_ping module: no closed/open TCP ports known on 81.218.229.174. Module test failed
  708. [-] ping:udp_ping module: no closed/open UDP ports known on 81.218.229.174. Module test failed
  709. [-] No distance calculation. 81.218.229.174 appears to be dead or no ports known
  710. [+] Host: 81.218.229.174 is down (Guess probability: 0%)
  711. [+] Cleaning up scan engine
  712. [+] Modules deinitialized
  713. [+] Execution completed.
  714. ====================================================================================
  715.  GATHERING WHOIS INFO 
  716. ====================================================================================
  717.  
  718. % The data in the WHOIS database of the .il registry is provided
  719. % by ISOC-IL for information purposes, and to assist persons in
  720. % obtaining information about or related to a domain name
  721. % registration record. ISOC-IL does not guarantee its accuracy.
  722. % By submitting a WHOIS query, you agree that you will use this
  723. % Data only for lawful purposes and that, under no circumstances
  724. % will you use this Data to: (1) allow, enable, or otherwise
  725. % support the transmission of mass unsolicited, commercial
  726. % advertising or solicitations via e-mail (spam);
  727. % or (2) enable high volume, automated, electronic processes that
  728. % apply to ISOC-IL (or its systems).
  729. % ISOC-IL reserves the right to modify these terms at any time.
  730. % By submitting this query, you agree to abide by this policy.
  731.  
  732. query: ishopy.co.il
  733.  
  734. reg-name: ishopy
  735. domain: ishopy.co.il
  736.  
  737. descr: acumana LTD
  738. descr: Hatichon 33
  739. descr: Haifa
  740. descr: 32296
  741. descr: Israel
  742. e-mail: chenganel AT gmail.com
  743. admin-c: GI-CG5194-IL
  744. tech-c: GI-CG5194-IL
  745. zone-c: GI-CG5194-IL
  746. nserver: ns1.qwais.com
  747. nserver: ns2.qwais.com
  748. validity: 12-12-2019
  749. DNSSEC: unsigned
  750. status: Transfer Locked
  751. changed: domain-registrar AT isoc.org.il 20131212 (Assigned)
  752. changed: domain-registrar AT isoc.org.il 20131218 (Changed)
  753. changed: domain-registrar AT isoc.org.il 20140309 (Changed)
  754.  
  755. person: chen ganel
  756. address: Hatichon 33
  757. address: Haifa
  758. address: 32296
  759. address: Israel
  760. phone: +972 54 2333399
  761. e-mail: chenganel AT gmail.com
  762. nic-hdl: GI-CG5194-IL
  763. changed: Managing Registrar 20131117
  764.  
  765. registrar name: Gorni Interactive Ltd
  766. registrar info: http://www.box.co.il/
  767.  
  768. % Rights to the data above are restricted by copyright.
  769. ====================================================================================
  770.  GATHERING OSINT INFO 
  771. ====================================================================================
  772.  
  773. *******************************************************************
  774. * *
  775. * | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
  776. * | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
  777. * | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
  778. * \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
  779. * *
  780. * TheHarvester Ver. 2.7 *
  781. * Coded by Christian Martorella *
  782. * Edge-Security Research *
  783. * cmartorella@edge-security.com *
  784. *******************************************************************
  785.  
  786.  
  787. Full harvest..
  788. [-] Searching in Google..
  789. Searching 0 results...
  790. [-] Searching in PGP Key server..
  791. [-] Searching in Bing..
  792. Searching 50 results...
  793. [-] Searching in Exalead..
  794. Searching 50 results...
  795.  
  796.  
  797. [+] Emails found:
  798. ------------------
  799. pixel-152072724967286-web-@ishopy.co.il
  800.  
  801. [+] Hosts found in search engines:
  802. ------------------------------------
  803. [-] Resolving hostnames IPs...
  804. 81.218.229.174:www.ishopy.co.il
  805. [+] Virtual hosts:
  806. ==================
  807. 81.218.229.174 www.vipri.co.il
  808. 81.218.229.174 www.playmagnet.co.il
  809. 81.218.229.174 www.zohara-klein.co.il
  810. #######################################################################################################################################
  811.  
  812. ; <<>> DiG 9.11.2-P1-1-Debian <<>> -x ishopy.co.il
  813. ;; global options: +cmd
  814. ;; Got answer:
  815. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 764
  816. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  817.  
  818. ;; OPT PSEUDOSECTION:
  819. ; EDNS: version: 0, flags:; udp: 4096
  820. ;; QUESTION SECTION:
  821. ;il.co.ishopy.in-addr.arpa. IN PTR
  822.  
  823. ;; AUTHORITY SECTION:
  824. in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2018013208 1800 900 604800 3600
  825.  
  826. ;; Query time: 549 msec
  827. ;; SERVER: 10.211.254.254#53(10.211.254.254)
  828. ;; WHEN: Sat Mar 10 19:14:30 EST 2018
  829. ;; MSG SIZE rcvd: 122
  830.  
  831. dnsenum VERSION:1.2.4
  832. 
  833. ----- ishopy.co.il -----
  834. 
  835.  
  836. Host's addresses:
  837. __________________
  838.  
  839. ishopy.co.il. 7642 IN A 81.218.229.174
  840. 
  841.  
  842. Name Servers:
  843. ______________
  844.  
  845. ns2.qwais.com. 7640 IN A 81.218.229.192
  846. ns1.qwais.com. 7640 IN A 81.218.229.174
  847. 
  848.  
  849. Mail (MX) Servers:
  850. ___________________
  851.  
  852. mail.ishopy.co.il. 7643 IN A 81.218.229.174
  853. 
  854.  
  855. Trying Zone Transfers and getting Bind Versions:
  856. _________________________________________________
  857.  
  858. 
  859. Trying Zone Transfer for ishopy.co.il on ns1.qwais.com ...
  860. ishopy.co.il. 14400 IN SOA (
  861. ishopy.co.il. 14400 IN MX 10
  862. ishopy.co.il. 14400 IN TXT "v=spf1
  863. ishopy.co.il. 14400 IN A 81.218.229.174
  864. ishopy.co.il. 14400 IN NS ns1.qwais.com.
  865. ishopy.co.il. 14400 IN NS ns2.qwais.com.
  866. ftp.ishopy.co.il. 14400 IN A 81.218.229.174
  867. localhost.ishopy.co.il. 14400 IN AAAA ::1
  868. localhost.ishopy.co.il. 14400 IN A 127.0.0.1
  869. mail.ishopy.co.il. 14400 IN A 81.218.229.174
  870. old.ishopy.co.il. 14400 IN A 81.218.229.174
  871. www.old.ishopy.co.il. 14400 IN A 81.218.229.174
  872. pop.ishopy.co.il. 14400 IN A 81.218.229.174
  873. smtp.ishopy.co.il. 14400 IN A 81.218.229.174
  874. www.ishopy.co.il. 14400 IN A 81.218.229.174
  875.  
  876. Trying Zone Transfer for ishopy.co.il on ns2.qwais.com ...
  877. ishopy.co.il. 14400 IN SOA (
  878. ishopy.co.il. 14400 IN MX 10
  879. ishopy.co.il. 14400 IN TXT "v=spf1
  880. ishopy.co.il. 14400 IN A 81.218.229.174
  881. ishopy.co.il. 14400 IN NS ns1.qwais.com.
  882. ishopy.co.il. 14400 IN NS ns2.qwais.com.
  883. ftp.ishopy.co.il. 14400 IN A 81.218.229.174
  884. localhost.ishopy.co.il. 14400 IN AAAA ::1
  885. localhost.ishopy.co.il. 14400 IN A 127.0.0.1
  886. mail.ishopy.co.il. 14400 IN A 81.218.229.174
  887. old.ishopy.co.il. 14400 IN A 81.218.229.174
  888. www.old.ishopy.co.il. 14400 IN A 81.218.229.174
  889. pop.ishopy.co.il. 14400 IN A 81.218.229.174
  890. smtp.ishopy.co.il. 14400 IN A 81.218.229.174
  891. www.ishopy.co.il. 14400 IN A 81.218.229.174
  892.  
  893. brute force file not specified, bay.
  894. ====================================================================================
  895.  GATHERING DNS SUBDOMAINS 
  896. ====================================================================================
  897. 
  898. ____ _ _ _ _ _____
  899. / ___| _ _| |__ | (_)___| |_|___ / _ __
  900. \___ \| | | | '_ \| | / __| __| |_ \| '__|
  901. ___) | |_| | |_) | | \__ \ |_ ___) | |
  902. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  903.  
  904. # Coded By Ahmed Aboul-Ela - @aboul3la
  905.  
  906. [-] Enumerating subdomains now for ishopy.co.il
  907. [-] verbosity is enabled, will show the subdomains results in realtime
  908. [-] Searching now in Baidu..
  909. [-] Searching now in Yahoo..
  910. [-] Searching now in Google..
  911. [-] Searching now in Bing..
  912. [-] Searching now in Ask..
  913. [-] Searching now in Netcraft..
  914. [-] Searching now in DNSdumpster..
  915. [-] Searching now in Virustotal..
  916. [-] Searching now in ThreatCrowd..
  917. [-] Searching now in SSL Certificates..
  918. [-] Searching now in PassiveDNS..
  919. Yahoo: www.ishopy.co.il
  920. Virustotal: mail.ishopy.co.il
  921. [-] Saving results to file: /usr/share/sniper/loot/domains/domains-ishopy.co.il.txt
  922. [-] Total Unique Subdomains Found: 2
  923. www.ishopy.co.il
  924. mail.ishopy.co.il
  925.  
  926.  ╔═╗╦═╗╔╦╗╔═╗╦ ╦
  927.  ║ ╠╦╝ ║ ╚═╗╠═╣
  928.  ╚═╝╩╚═ ╩o╚═╝╩ ╩
  929. ====================================================================================
  930.  GATHERING CERTIFICATE SUBDOMAINS 
  931. ====================================================================================
  932. 
  933.  
  934. [+] Domains saved to: /usr/share/sniper/loot/domains/domains-ishopy.co.il-full.txt
  935. 
  936. ====================================================================================
  937.  CHECKING FOR SUBDOMAIN HIJACKING 
  938. ====================================================================================
  939. ====================================================================================
  940.  CHECKING EMAIL SECURITY 
  941. ====================================================================================
  942.  
  943. ====================================================================================
  944.  STARTING DOMAIN FLYOVER 
  945. ====================================================================================
  946. __
  947. ____ _____ ___ ______ _/ /_____ ____ ___
  948. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  949. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  950. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  951. /_/ discover v0.5.0 - by @michenriksen
  952.  
  953. Identifying nameservers for ishopy.co.il... Done
  954. Using nameservers:
  955.  
  956. - 81.218.229.174
  957. - 81.218.229.192
  958.  
  959. Checking for wildcard DNS... Done
  960.  
  961. Running collector: Certificate Search... Done (0 hosts)
  962. Running collector: VirusTotal... Skipped
  963.  -> Key 'virustotal' has not been set
  964. Running collector: Dictionary... Done (27 hosts)
  965. Running collector: Google Transparency Report... Done (0 hosts)
  966. Running collector: Censys... Skipped
  967.  -> Key 'censys_secret' has not been set
  968. Running collector: Wayback Machine... Done (2 hosts)
  969. Running collector: Riddler... Skipped
  970.  -> Key 'riddler_username' has not been set
  971. Running collector: PTRArchive... Error
  972.  -> PTRArchive returned unexpected response code: 502
  973. Running collector: Threat Crowd... Done (0 hosts)
  974. Running collector: HackerTarget... Done (1 host)
  975. Running collector: PassiveTotal... Skipped
  976.  -> Key 'passivetotal_key' has not been set
  977. Running collector: Netcraft... Done (0 hosts)
  978. Running collector: Shodan... Skipped
  979.  -> Key 'shodan' has not been set
  980. Running collector: DNSDB... Done (1 host)
  981. Running collector: PublicWWW... Done (1 host)
  982.  
  983. Resolving 31 unique hosts...
  984. 81.218.229.174 .ishopy.co.il
  985. 81.218.229.174 ishopy.co.il
  986. 81.218.229.174 mail.ishopy.co.il
  987. 81.218.229.174 www.ishopy.co.il
  988.  
  989. 
  990. Found subnets:
  991.  
  992. - 81.218.229.0-255 : 4 hosts
  993.  
  994. Wrote 4 hosts to:
  995.  
  996. - file:///root/aquatone/ishopy.co.il/hosts.txt
  997. - file:///root/aquatone/ishopy.co.il/hosts.json
  998. __
  999. ____ _____ ___ ______ _/ /_____ ____ ___
  1000. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  1001. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  1002. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  1003. /_/ takeover v0.5.0 - by @michenriksen
  1004.  
  1005. Loaded 4 hosts from /root/aquatone/ishopy.co.il/hosts.json
  1006. Loaded 25 domain takeover detectors
  1007.  
  1008. Identifying nameservers for ishopy.co.il... Done
  1009. Using nameservers:
  1010.  
  1011. - 81.218.229.192
  1012. - 81.218.229.174
  1013.  
  1014. Checking hosts for domain takeover vulnerabilities...
  1015.  
  1016. Finished checking hosts:
  1017.  
  1018. - Vulnerable : 0
  1019. - Not Vulnerable : 4
  1020.  
  1021. Wrote 0 potential subdomain takeovers to:
  1022.  
  1023. - file:///root/aquatone/ishopy.co.il/takeovers.json
  1024.  
  1025. __
  1026. ____ _____ ___ ______ _/ /_____ ____ ___
  1027. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  1028. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  1029. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  1030. /_/ scan v0.5.0 - by @michenriksen
  1031.  
  1032. Loaded 4 hosts from /root/aquatone/ishopy.co.il/hosts.json
  1033.  
  1034. Probing 2 ports...
  1035.  
  1036. Wrote open ports to file:///root/aquatone/ishopy.co.il/open_ports.txt
  1037. Wrote URLs to file:///root/aquatone/ishopy.co.il/urls.txt
  1038. __
  1039. ____ _____ ___ ______ _/ /_____ ____ ___
  1040. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  1041. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  1042. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  1043. /_/ gather v0.5.0 - by @michenriksen
  1044.  
  1045. Processing 0 pages...
  1046.  
  1047. Finished processing pages:
  1048.  
  1049. - Successful : 0
  1050. - Failed : 0
  1051.  
  1052. Generating report...done
  1053. Report pages generated:
  1054.  
  1055. #######################################################################################################################################
  1056. Anonymous Operation Izsrael USA JTSEC full recon 2018 #2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!