API tools faq
paste
Advertisement
Guest User

mohpaste

a guest
Dec 15th, 2017
732
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.49 KB | None | 0 0
raw download clone embed print report
  1. login page: http://www.moh.gov.gr/admin/login.php?
  2.  
  3.  
  4. root@kali:~# nmap -v 93.174.122.202
  5.  
  6. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-15 21:41 EET
  7. Initiating Ping Scan at 21:41
  8. Scanning 93.174.122.202 [4 ports]
  9. Completed Ping Scan at 21:41, 0.23s elapsed (1 total hosts)
  10. Initiating Parallel DNS resolution of 1 host. at 21:41
  11. Completed Parallel DNS resolution of 1 host. at 21:41, 0.04s elapsed
  12. Initiating SYN Stealth Scan at 21:41
  13. Scanning moh.gov.gr (93.174.122.202) [1000 ports]
  14. Discovered open port 25/tcp on 93.174.122.202
  15. Discovered open port 80/tcp on 93.174.122.202
  16. Discovered open port 21/tcp on 93.174.122.202
  17. Completed SYN Stealth Scan at 21:41, 12.85s elapsed (1000 total ports)
  18. Nmap scan report for moh.gov.gr (93.174.122.202)
  19. Host is up (0.060s latency).
  20. Not shown: 997 filtered ports
  21. PORT STATE SERVICE
  22. 21/tcp open ftp
  23. 25/tcp open smtp
  24. 80/tcp open http
  25.  
  26. Read data files from: /usr/bin/../share/nmap
  27. Nmap done: 1 IP address (1 host up) scanned in 13.27 seconds
  28. Raw packets sent: 2009 (88.372KB) | Rcvd: 12 (512B)
  29. root@kali:~# nikto -h 93.174.122.202
  30. - Nikto v2.1.6
  31. ---------------------------------------------------------------------------
  32. + Target IP: 93.174.122.202
  33. + Target Hostname: 93.174.122.202
  34. + Target Port: 80
  35. + Start Time: 2017-12-15 21:43:05 (GMT2)
  36. ---------------------------------------------------------------------------
  37. + Server: Apache
  38. + Cookie PHPSESSID created without the httponly flag
  39. + Cookie smartshop_visitor created without the httponly flag
  40. + The anti-clickjacking X-Frame-Options header is not present.
  41. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  42. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  43. + Server leaks inodes via ETags, header found with file /style/favicon.ico, inode: 4333780, size: 1150, mtime: Mon Feb 14 15:36:43 2011
  44. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  45. + OSVDB-637: /~root/: Allowed to browse root's home directory.
  46. + /..\..\..\..\..\..\temp\temp.class: Cisco ACS 2.6.x and 3.0.1 (build 40) allows authenticated remote users to retrieve any file from the system. Upgrade to the latest version.
  47. + OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
  48. + OSVDB-3092: /new: This may be interesting...
  49. + OSVDB-3092: /new/: This might be interesting...
  50. + OSVDB-3092: /manual/: Web server manual found.
  51. + OSVDB-3268: /manual/images/: Directory indexing found.
  52. + OSVDB-721: /..%255c..%255c..%255c..%255c..%255c../windows/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  53. + OSVDB-721: /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  54. + OSVDB-721: /..%255c..%255c..%255c..%255c..%255c../winnt/repair/sam._: BadBlue server is vulnerable to multiple remote exploits. See http://www.securiteam.com/exploits/5HP0M2A60G.html for more information.
  55. + OSVDB-3233: /icons/README: Apache default file found.
  56. + OSVDB-3092: /gr/: This might be interesting... potential country code (Greece)
  57. + /admin/login.php: Admin login page/section found.
  58. + /administraçao.php: Admin login page/section found.
  59. + /administraçao/: Admin login page/section found.
  60. + /adminisztrátora.php: Admin login page/section found.
  61. + /adminisztrátora/: Admin login page/section found.
  62. + OSVDB-637: /~ftp/: Allowed to browse ftp user's home directory.
  63. + 8667 requests: 5 error(s) and 25 item(s) reported on remote host
  64. + End Time: 2017-12-15 22:02:27 (GMT2) (1162 seconds)
  65. ---------------------------------------------------------------------------
  66. + 1 host(s) tested
  67.  
  68. Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-15 21:59 EET
  69. NSE: Loaded 146 scripts for scanning.
  70. NSE: Script Pre-scanning.
  71. Initiating NSE at 21:59
  72. Completed NSE at 21:59, 0.00s elapsed
  73. Initiating NSE at 21:59
  74. Completed NSE at 21:59, 0.00s elapsed
  75. Initiating Ping Scan at 21:59
  76. Scanning 93.174.122.202 [4 ports]
  77. Completed Ping Scan at 21:59, 0.22s elapsed (1 total hosts)
  78. Initiating Parallel DNS resolution of 1 host. at 21:59
  79. Completed Parallel DNS resolution of 1 host. at 21:59, 0.05s elapsed
  80. Initiating SYN Stealth Scan at 21:59
  81. Scanning moh.gov.gr (93.174.122.202) [1000 ports]
  82. Discovered open port 25/tcp on 93.174.122.202
  83. Discovered open port 80/tcp on 93.174.122.202
  84. Discovered open port 21/tcp on 93.174.122.202
  85. Completed SYN Stealth Scan at 21:59, 11.36s elapsed (1000 total ports)
  86. Initiating Service scan at 21:59
  87. Scanning 3 services on moh.gov.gr (93.174.122.202)
  88. Completed Service scan at 22:00, 6.30s elapsed (3 services on 1 host)
  89. Initiating OS detection (try #1) against moh.gov.gr (93.174.122.202)
  90. adjust_timeouts2: packet supposedly had rtt of -226186 microseconds. Ignoring time.
  91. adjust_timeouts2: packet supposedly had rtt of -226186 microseconds. Ignoring time.
  92. adjust_timeouts2: packet supposedly had rtt of -205358 microseconds. Ignoring time.
  93. adjust_timeouts2: packet supposedly had rtt of -205358 microseconds. Ignoring time.
  94. Retrying OS detection (try #2) against moh.gov.gr (93.174.122.202)
  95. Initiating Traceroute at 22:00
  96. Completed Traceroute at 22:00, 0.28s elapsed
  97. Initiating Parallel DNS resolution of 12 hosts. at 22:00
  98. Completed Parallel DNS resolution of 12 hosts. at 22:00, 0.28s elapsed
  99. NSE: Script scanning 93.174.122.202.
  100. Initiating NSE at 22:00
  101. Completed NSE at 22:00, 8.54s elapsed
  102. Initiating NSE at 22:00
  103. Completed NSE at 22:00, 0.00s elapsed
  104. Nmap scan report for moh.gov.gr (93.174.122.202)
  105. Host is up (0.047s latency).
  106. Not shown: 997 filtered ports
  107. PORT STATE SERVICE VERSION
  108. 21/tcp open ftp ProFTPD 1.3.4a
  109. 25/tcp open smtp Postfix smtpd
  110. |_smtp-commands: moh.gov.gr, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, AUTH PLAIN LOGIN, AUTH=PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
  111. | ssl-cert: Subject: commonName=moh.gov.gr
  112. | Issuer: commonName=moh.gov.gr
  113. | Public Key type: rsa
  114. | Public Key bits: 2048
  115. | Signature Algorithm: sha1WithRSAEncryption
  116. | Not valid before: 2015-07-09T19:36:00
  117. | Not valid after: 2025-07-06T19:36:00
  118. | MD5: ae48 e1c0 922a ab04 cb89 e584 1b7c 9a52
  119. |_SHA-1: 067f b581 ce38 c864 8b39 2f96 6ed1 2728 0ea6 70a7
  120. |_ssl-date: 2017-12-15T20:00:00+00:00; -9s from scanner time.
  121. 80/tcp open http Apache httpd
  122. | http-cookie-flags:
  123. | /:
  124. | PHPSESSID:
  125. |_ httponly flag not set
  126. |_http-favicon: Unknown favicon MD5: 8368E8120D2FEC1DD502DA152199D04D
  127. |_http-generator: Datahost CMS
  128. | http-methods:
  129. |_ Supported Methods: GET HEAD POST OPTIONS
  130. |_http-server-header: Apache
  131. |_http-title: \xCE\xA5\xCF\x80\xCE\xBF\xCF\x85\xCF\x81\xCE\xB3\xCE\xB5\xCE\xAF\xCE\xBF \xCE\xA5\xCE\xB3\xCE\xB5\xCE\xAF\xCE\xB1\xCF\x82
  132. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  133. Device type: general purpose
  134. Running (JUST GUESSING): Linux 3.X (86%)
  135. OS CPE: cpe:/o:linux:linux_kernel:3
  136. Aggressive OS guesses: Linux 3.2 - 3.8 (86%), Linux 3.8 (86%), Linux 3.1 - 3.2 (86%), Linux 3.2.0 (85%)
  137. No exact OS matches for host (test conditions non-ideal).
  138. Uptime guess: 74.457 days (since Mon Oct 2 12:02:20 2017)
  139. Network Distance: 12 hops
  140. TCP Sequence Prediction: Difficulty=264 (Good luck!)
  141. IP ID Sequence Generation: All zeros
  142. Service Info: Host: moh.gov.gr; OS: Unix
  143.  
  144. Host script results:
  145. |_clock-skew: mean: -9s, deviation: 0s, median: -9s
  146.  
  147. TRACEROUTE (using port 25/tcp)
  148. HOP RTT ADDRESS
  149. 1 263.68 ms dsldevice.lan (192.168.1.254)
  150. 2 84.25 ms loopback2004.med01.dsl.hol.gr (62.38.0.170)
  151. 3 84.58 ms 62.38.40.221
  152. 4 80.78 ms 62.38.97.158
  153. 5 84.56 ms 62.38.37.89
  154. 6 84.38 ms 62.38.36.182
  155. 7 84.27 ms tengigaeth00-07-00-00.med00.csr.hol.gr (62.38.94.98)
  156. 8 261.45 ms 195.97.13.20
  157. 9 26.05 ms 31.177.56.100
  158. 10 24.30 ms nohost.iphost.gr (93.174.120.134)
  159. 11 55.60 ms 122-116.eport.gr (93.174.122.116)
  160. 12 75.36 ms moh.gov.gr (93.174.122.202)
  161.  
  162. NSE: Script Post-scanning.
  163. Initiating NSE at 22:00
  164. Completed NSE at 22:00, 0.00s elapsed
  165. Initiating NSE at 22:00
  166. Completed NSE at 22:00, 0.00s elapsed
  167. Read data files from: /usr/bin/../share/nmap
  168. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  169. Nmap done: 1 IP address (1 host up) scanned in 33.55 seconds
  170. Raw packets sent: 2114 (97.514KB) | Rcvd: 2422 (1.349MB)
  171.  
  172. HostIP:93.174.122.202
  173. HostName:moh.gov.gr
  174.  
  175. Gathered Inet-whois information for 93.174.122.202
  176. ---------------------------------
  177.  
  178.  
  179. inetnum: 93.174.122.192 - 93.174.122.223
  180. netname: Datahost-IPs
  181. country: GR
  182. admin-c: TC1881-RIPE
  183. tech-c: TC1881-RIPE
  184. status: ASSIGNED PA
  185. mnt-by: IPHOST-MNT
  186. mnt-by: MNT-XT
  187. created: 2016-08-29T15:50:23Z
  188. last-modified: 2016-08-29T15:50:23Z
  189. source: RIPE
  190.  
  191. person: Toulkaridis Charalampos
  192. address: Terpsitheas 18
  193. mnt-by: MNT-XT
  194. phone: +302105445900
  195. nic-hdl: TC1881-RIPE
  196. created: 2008-05-17T14:02:52Z
  197. last-modified: 2008-06-23T11:37:16Z
  198. source: RIPE
  199.  
  200. % Information related to '93.174.120.0/21AS47521'
  201.  
  202. route: 93.174.120.0/21
  203. descr: .GR IpDomain DataCenter
  204. origin: AS47521
  205. mnt-by: MNT-XT
  206. created: 2008-07-02T08:14:29Z
  207. last-modified: 2008-07-02T08:14:29Z
  208. source: RIPE
  209.  
  210. % This query was served by the RIPE Database Query Service version 1.90 (BLAARKOP)
  211.  
  212.  
  213.  
  214. Gathered Inic-whois information for moh.gov.gr
  215. ---------------------------------
  216. ERROR: Unable to locate Name Whois data on moh.gov.gr
  217.  
  218. Gathered Netcraft information for moh.gov.gr
  219. ---------------------------------
  220.  
  221. Retrieving Netcraft.com information for moh.gov.gr
  222. Netcraft.com Information gathered
  223.  
  224. Gathered Subdomain information for moh.gov.gr
  225. ---------------------------------
  226. Searching Google.com:80...
  227. Searching Altavista.com:80...
  228. Found 0 possible subdomain(s) for host moh.gov.gr, Searched 0 pages containing 0 results
  229.  
  230. Gathered E-Mail information for moh.gov.gr
  231. ---------------------------------
  232. Searching Google.com:80...
  233. Searching Altavista.com:80...
  234. Found 0 E-Mail(s) for host moh.gov.gr, Searched 0 pages containing 0 results
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!