Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- =======================================================================================================================================
- Hostname aldabba.gov.sd ISP NICDC
- Continent Africa Flag
- SD
- Country Sudan Country Code SD
- Region Unknown Local time 16 Feb 2019 02:06 CAT
- City Unknown Postal Code Unknown
- IP Address 62.12.105.4 Latitude 15
- Longitude 30
- =======================================================================================================================================
- #######################################################################################################################################
- > aldabba.gov.sd
- Server: 38.132.106.139
- Address: 38.132.106.139#53
- Non-authoritative answer:
- Name: aldabba.gov.sd
- Address: 62.12.105.4
- >
- #######################################################################################################################################
- HostIP:62.12.105.4
- HostName:aldabba.gov.sd
- Gathered Inet-whois information for 62.12.105.4
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 62.12.96.0 - 62.12.127.255
- netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
- descr: IPv4 address block not managed by the RIPE NCC
- remarks: ------------------------------------------------------
- remarks:
- remarks: For registration information,
- remarks: you can consult the following sources:
- remarks:
- remarks: IANA
- remarks: http://www.iana.org/assignments/ipv4-address-space
- remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
- remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
- remarks:
- remarks: AFRINIC (Africa)
- remarks: http://www.afrinic.net/ whois.afrinic.net
- remarks:
- remarks: APNIC (Asia Pacific)
- remarks: http://www.apnic.net/ whois.apnic.net
- remarks:
- remarks: ARIN (Northern America)
- remarks: http://www.arin.net/ whois.arin.net
- remarks:
- remarks: LACNIC (Latin America and the Carribean)
- remarks: http://www.lacnic.net/ whois.lacnic.net
- remarks:
- remarks: ------------------------------------------------------
- country: EU # Country is really world wide
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- status: ALLOCATED UNSPECIFIED
- mnt-by: RIPE-NCC-HM-MNT
- created: 2019-01-07T10:46:54Z
- last-modified: 2019-01-07T10:46:54Z
- source: RIPE
- role: Internet Assigned Numbers Authority
- address: see http://www.iana.org.
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- nic-hdl: IANA1-RIPE
- remarks: For more information on IANA services
- remarks: go to IANA web site at http://www.iana.org.
- mnt-by: RIPE-NCC-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2001-09-22T09:31:27Z
- source: RIPE # Filtered
- % This query was served by the RIPE Database Query Service version 1.92.6 (WAGYU)
- Gathered Inic-whois information for aldabba.gov.sd
- ---------------------------------
- Error: Unable to connect - Invalid Host
- ERROR: Connection to InicWhois Server sd.whois-servers.net failed
- close error
- Gathered Netcraft information for aldabba.gov.sd
- ---------------------------------
- Retrieving Netcraft.com information for aldabba.gov.sd
- Netcraft.com Information gathered
- Gathered Subdomain information for aldabba.gov.sd
- ---------------------------------
- Searching Google.com:80...
- HostName:www.aldabba.gov.sd
- HostIP:62.12.105.4
- Searching Altavista.com:80...
- Found 1 possible subdomain(s) for host aldabba.gov.sd, Searched 0 pages containing 0 results
- Gathered E-Mail information for aldabba.gov.sd
- ---------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host aldabba.gov.sd, Searched 0 pages containing 0 results
- Gathered TCP Port information for 62.12.105.4
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 21/tcp open
- 80/tcp open
- 110/tcp open
- 143/tcp open
- Portscan Finished: Scanned 150 ports, 5 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: http://aldabba.gov.sd
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: محلية الدبة
- [+] IP address: 62.12.105.4
- [+] Web Server: Could Not Detect
- [+] CMS: Joomla
- [+] Cloudflare: Not Detected
- [+] Robots File: Found
- -------------[ contents ]----------------
- User-agent: *
- Disallow: /administrator/
- Disallow: /cache/
- Disallow: /components/
- Disallow: /images/
- Disallow: /includes/
- Disallow: /installation/
- Disallow: /language/
- Disallow: /libraries/
- Disallow: /media/
- Disallow: /modules/
- Disallow: /plugins/
- Disallow: /templates/
- Disallow: /tmp/
- Disallow: /xmlrpc/
- -----------[end of contents]-------------
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 62.12.105.4
- [i] Country: Sudan
- [i] State:
- [i] City:
- [i] Latitude: 15.0
- [i] Longitude: 30.0
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Date: Fri, 15 Feb 2019 23:26:51 GMT
- [i] Content-Type: text/html; charset=utf-8
- [i] Content-Length: 45294
- [i] X-Powered-By: PHP/5.4.16
- [i] P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
- [i] Expires: Mon, 1 Jan 2001 00:00:00 GMT
- [i] Cache-Control: post-check=0, pre-check=0
- [i] Pragma: no-cache
- [i] Set-Cookie: dba52603cb1126534e3b339094dcfc62=047g62k8bovf3heuf3qgo8pgc2; path=/
- [i] Last-Modified: Fri, 15 Feb 2019 23:26:51 GMT
- [i] X-Powered-By: PleskLin
- [i] Connection: close
- D N S L O O K U P
- =======================================================================================================================================
- aldabba.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
- aldabba.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
- aldabba.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
- aldabba.gov.sd. 21599 IN A 62.12.105.4
- aldabba.gov.sd. 21599 IN MX 10 mail.aldabba.gov.sd.
- aldabba.gov.sd. 21599 IN TXT "v=spf1 mx -all"
- S U B N E T C A L C U L A T I O N
- =======================================================================================================================================
- Address = 62.12.105.4
- Network = 62.12.105.4 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 62.12.105.4 - 62.12.105.4 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-16 00:34 UTC
- Nmap scan report for aldabba.gov.sd (62.12.105.4)
- Host is up (0.22s latency).
- rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 11.32 seconds
- #######################################################################################################################################
- [?] Enter the target: example( http://domain.com )
- http://aldabba.gov.sd/
- [!] IP Address : 62.12.105.4
- [!] aldabba.gov.sd doesn't seem to use a CMS
- [+] Honeypot Probabilty: 30%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for aldabba.gov.sd
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/aldabba.gov.sd
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 14.61 seconds
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] DNS Records
- ns0.ndc.gov.sd. (62.12.109.2) Egypt Egypt
- ns1.ndc.gov.sd. (62.12.109.3) Egypt Egypt
- [+] MX Records
- 10 (197.254.200.161) AS33788 KANARTEL Sudan
- [+] Host Records (A)
- aldabba.gov.sd (62.12.105.4) Egypt Egypt
- [+] TXT Records
- "v=spf1 mx -all"
- [+] DNS Map: https://dnsdumpster.com/static/map/aldabba.gov.sd.png
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- pixel-1550277305550818-web-@aldabba.gov.sd
- pixel-155027730720683-web-@aldabba.gov.sd
- [+] Hosts found in search engines:
- ---------------------------------------------------------------------------------------------------------------------------------------
- [-] Resolving hostnames IPs...
- 62.12.105.4:www.aldabba.gov.sd
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- Enter Address Website = aldabba.gov.sd
- Reverse IP With YouGetSignal 'aldabba.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [*] IP: 62.12.105.4
- [*] Domain: aldabba.gov.sd
- [*] Total Domains: 3
- [+] aldabba.gov.sd
- [+] ffamc.gov.sd
- [+] sudanradio.gov.sd
- #######################################################################################################################################
- Geo IP Lookup 'aldabba.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] IP Address: 62.12.105.4
- [+] Country: Sudan
- [+] State:
- [+] City:
- [+] Latitude: 15.0
- [+] Longitude: 30.0
- #######################################################################################################################################
- DNS Lookup 'aldabba.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] aldabba.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
- [+] aldabba.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
- [+] aldabba.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
- [+] aldabba.gov.sd. 21599 IN A 62.12.105.4
- [+] aldabba.gov.sd. 21599 IN MX 10 mail.aldabba.gov.sd.
- [+] aldabba.gov.sd. 21599 IN TXT "v=spf1 mx -all"
- #######################################################################################################################################
- Show HTTP Header 'aldabba.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] HTTP/1.1 200 OK
- [+] Server: nginx
- [+] Date: Fri, 15 Feb 2019 23:26:37 GMT
- [+] Content-Type: text/html; charset=utf-8
- [+] Connection: keep-alive
- [+] X-Powered-By: PHP/5.4.16
- [+] P3P: CP=NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM
- [+] Expires: Mon, 1 Jan 2001 00:00:00 GMT
- [+] Cache-Control: post-check=0, pre-check=0
- [+] Pragma: no-cache
- [+] Set-Cookie: dba52603cb1126534e3b339094dcfc62=t2qt9kostn76eeachgs8np2vk5; path=/
- [+] Last-Modified: Fri, 15 Feb 2019 23:26:37 GMT
- [+] X-Powered-By: PleskLin
- #######################################################################################################################################
- Port Scan 'aldabba.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-16 00:34 UTC
- Nmap scan report for aldabba.gov.sd (62.12.105.4)
- Host is up (0.22s latency).
- rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp filtered http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp filtered https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 15.41 seconds
- #######################################################################################################################################
- Robot.txt 'aldabba.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- User-agent: *
- Disallow: /administrator/
- Disallow: /cache/
- Disallow: /components/
- Disallow: /images/
- Disallow: /includes/
- Disallow: /installation/
- Disallow: /language/
- Disallow: /libraries/
- Disallow: /media/
- Disallow: /modules/
- Disallow: /plugins/
- Disallow: /templates/
- Disallow: /tmp/
- Disallow: /xmlrpc/
- #######################################################################################################################################
- Traceroute 'aldabba.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Start: 2019-02-16T00:34:41+0000
- HOST: web01 Loss% Snt Last Avg Best Wrst StDev
- 1.|-- 45.79.12.201 0.0% 3 0.7 0.8 0.6 1.0 0.2
- 2.|-- 45.79.12.0 0.0% 3 1.1 0.7 0.4 1.1 0.3
- 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.7 1.5 1.1 1.7 0.3
- 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 1.4 1.7 1.4 2.2 0.4
- 5.|-- be2433.ccr22.mci01.atlas.cogentco.com 0.0% 3 11.5 11.6 11.4 11.7 0.2
- 6.|-- be2832.ccr42.ord01.atlas.cogentco.com 0.0% 3 23.9 23.8 23.7 23.9 0.1
- 7.|-- be2718.ccr22.cle04.atlas.cogentco.com 0.0% 3 30.9 30.5 30.2 30.9 0.3
- 8.|-- be2879.ccr22.alb02.atlas.cogentco.com 0.0% 3 41.5 41.7 41.5 41.9 0.2
- 9.|-- be3600.ccr32.bos01.atlas.cogentco.com 0.0% 3 46.0 45.9 45.7 46.0 0.1
- 10.|-- be2983.ccr42.lon13.atlas.cogentco.com 0.0% 3 107.6 108.2 107.6 108.5 0.5
- 11.|-- be2871.ccr21.lon01.atlas.cogentco.com 0.0% 3 107.6 108.0 107.6 108.2 0.3
- 12.|-- expressotelecom.demarc.cogentco.com 0.0% 3 107.4 107.5 107.4 107.5 0.1
- 13.|-- 185.153.20.70 0.0% 3 185.6 185.9 185.6 186.0 0.2
- 14.|-- 185.153.20.82 0.0% 3 185.7 194.1 185.7 210.9 14.5
- 15.|-- 185.153.20.94 0.0% 3 185.5 185.7 185.5 186.0 0.3
- 16.|-- 185.153.20.153 0.0% 3 216.3 218.7 216.3 221.9 2.9
- 17.|-- 212.0.131.109 0.0% 3 226.6 230.7 226.6 238.7 6.9
- 18.|-- 196.202.137.249 0.0% 3 219.1 219.1 218.8 219.5 0.4
- 19.|-- 196.202.145.94 0.0% 3 219.2 219.1 219.0 219.2 0.1
- 20.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- #######################################################################################################################################
- Ping 'aldabba.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-16 00:35 UTC
- SENT (0.4250s) ICMP [104.237.144.6 > 62.12.105.4 Echo request (type=8/code=0) id=58045 seq=1] IP [ttl=64 id=43580 iplen=28 ]
- SENT (1.4252s) ICMP [104.237.144.6 > 62.12.105.4 Echo request (type=8/code=0) id=58045 seq=2] IP [ttl=64 id=43580 iplen=28 ]
- SENT (2.4265s) ICMP [104.237.144.6 > 62.12.105.4 Echo request (type=8/code=0) id=58045 seq=3] IP [ttl=64 id=43580 iplen=28 ]
- SENT (3.4281s) ICMP [104.237.144.6 > 62.12.105.4 Echo request (type=8/code=0) id=58045 seq=4] IP [ttl=64 id=43580 iplen=28 ]
- Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
- Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
- Nping done: 1 IP address pinged in 4.43 seconds
- #######################################################################################################################################
- Page Admin Finder 'aldabba.gov.sd'
- ---------------------------------------------------------------------------------------------------------------------------------------
- Avilable Links :
- Find Page >> http://aldabba.gov.sd/admin/
- Find Page >> http://aldabba.gov.sd/admin1/
- Find Page >> http://aldabba.gov.sd/admin2/
- Find Page >> http://aldabba.gov.sd/admin3/
- Find Page >> http://aldabba.gov.sd/admin4/
- Find Page >> http://aldabba.gov.sd/admin5/
- Find Page >> http://aldabba.gov.sd/usuarios/
- Find Page >> http://aldabba.gov.sd/usuario/
- Find Page >> http://aldabba.gov.sd/moderator/
- Find Page >> http://aldabba.gov.sd/webadmin/
- Find Page >> http://aldabba.gov.sd/adminarea/
- Find Page >> http://aldabba.gov.sd/bb-admin/
- Find Page >> http://aldabba.gov.sd/adminLogin/
- Find Page >> http://aldabba.gov.sd/admin_area/
- Find Page >> http://aldabba.gov.sd/panel-administracion/
- Find Page >> http://aldabba.gov.sd/instadmin/
- Find Page >> http://aldabba.gov.sd/memberadmin/
- Find Page >> http://aldabba.gov.sd/administratorlogin/
- Find Page >> http://aldabba.gov.sd/adm/
- Find Page >> http://aldabba.gov.sd/admin/account.php
- Find Page >> http://aldabba.gov.sd/admin/index.php
- Find Page >> http://aldabba.gov.sd/admin/login.php
- Find Page >> http://aldabba.gov.sd/admin/admin.php
- Find Page >> http://aldabba.gov.sd/admin_area/admin.php
- Find Page >> http://aldabba.gov.sd/admin_area/login.php
- Find Page >> http://aldabba.gov.sd/siteadmin/login.php
- Find Page >> http://aldabba.gov.sd/siteadmin/index.php
- Find Page >> http://aldabba.gov.sd/siteadmin/login.html
- Find Page >> http://aldabba.gov.sd/admin/account.html
- Find Page >> http://aldabba.gov.sd/admin/index.html
- Find Page >> http://aldabba.gov.sd/admin/login.html
- Find Page >> http://aldabba.gov.sd/admin/admin.html
- Find Page >> http://aldabba.gov.sd/admin_area/index.php
- Find Page >> http://aldabba.gov.sd/bb-admin/index.php
- Find Page >> http://aldabba.gov.sd/bb-admin/login.php
- Find Page >> http://aldabba.gov.sd/bb-admin/admin.php
- Find Page >> http://aldabba.gov.sd/admin/home.php
- Find Page >> http://aldabba.gov.sd/admin_area/login.html
- Find Page >> http://aldabba.gov.sd/admin_area/index.html
- Find Page >> http://aldabba.gov.sd/admin/controlpanel.php
- Find Page >> http://aldabba.gov.sd/admin.php
- Find Page >> http://aldabba.gov.sd/admincp/index.html
- Find Page >> http://aldabba.gov.sd/adminpanel.html
- Find Page >> http://aldabba.gov.sd/webadmin.html
- Find Page >> http://aldabba.gov.sd/webadmin/index.html
- Find Page >> http://aldabba.gov.sd/webadmin/admin.html
- Find Page >> http://aldabba.gov.sd/webadmin/login.html
- Find Page >> http://aldabba.gov.sd/admin/admin_login.html
- Find Page >> http://aldabba.gov.sd/admin_login.html
- Find Page >> http://aldabba.gov.sd/panel-administracion/login.html
- Find Page >> http://aldabba.gov.sd/admin/cp.php
- Find Page >> http://aldabba.gov.sd/cp.php
- Find Page >> http://aldabba.gov.sd/nsw/admin/login.php
- Find Page >> http://aldabba.gov.sd/webadmin/login.php
- Find Page >> http://aldabba.gov.sd/admin/admin_login.php
- Find Page >> http://aldabba.gov.sd/admin_login.php
- Find Page >> http://aldabba.gov.sd/administrator.php
- Find Page >> http://aldabba.gov.sd/admin_area/admin.html
- Find Page >> http://aldabba.gov.sd/pages/admin/admin-login.php
- Find Page >> http://aldabba.gov.sd/admin/admin-login.php
- Find Page >> http://aldabba.gov.sd/admin-login.php
- Find Page >> http://aldabba.gov.sd/bb-admin/index.html
- Find Page >> http://aldabba.gov.sd/bb-admin/login.html
- Find Page >> http://aldabba.gov.sd/acceso.php
- Find Page >> http://aldabba.gov.sd/bb-admin/admin.html
- Find Page >> http://aldabba.gov.sd/admin/home.html
- Find Page >> http://aldabba.gov.sd/login.php
- Find Page >> http://aldabba.gov.sd/modelsearch/login.php
- Find Page >> http://aldabba.gov.sd/moderator.php
- Find Page >> http://aldabba.gov.sd/moderator/login.php
- Find Page >> http://aldabba.gov.sd/moderator/admin.php
- Find Page >> http://aldabba.gov.sd/account.php
- Find Page >> http://aldabba.gov.sd/pages/admin/admin-login.html
- Find Page >> http://aldabba.gov.sd/admin/admin-login.html
- Find Page >> http://aldabba.gov.sd/admin-login.html
- Find Page >> http://aldabba.gov.sd/controlpanel.php
- Find Page >> http://aldabba.gov.sd/admincontrol.php
- Find Page >> http://aldabba.gov.sd/admin/adminLogin.html
- Find Page >> http://aldabba.gov.sd/adminLogin.html
- Find Page >> http://aldabba.gov.sd/home.html
- Find Page >> http://aldabba.gov.sd/rcjakar/admin/login.php
- Find Page >> http://aldabba.gov.sd/adminarea/index.html
- Find Page >> http://aldabba.gov.sd/adminarea/admin.html
- Find Page >> http://aldabba.gov.sd/webadmin.php
- Find Page >> http://aldabba.gov.sd/webadmin/index.php
- Find Page >> http://aldabba.gov.sd/webadmin/admin.php
- Find Page >> http://aldabba.gov.sd/admin/controlpanel.html
- Find Page >> http://aldabba.gov.sd/admin.html
- Find Page >> http://aldabba.gov.sd/admin/cp.html
- Find Page >> http://aldabba.gov.sd/cp.html
- Find Page >> http://aldabba.gov.sd/adminpanel.php
- Find Page >> http://aldabba.gov.sd/moderator.html
- Find Page >> http://aldabba.gov.sd/user.html
- Find Page >> http://aldabba.gov.sd/administrator.html
- Find Page >> http://aldabba.gov.sd/login.html
- Find Page >> http://aldabba.gov.sd/modelsearch/login.html
- Find Page >> http://aldabba.gov.sd/moderator/login.html
- Find Page >> http://aldabba.gov.sd/adminarea/login.html
- Find Page >> http://aldabba.gov.sd/panel-administracion/index.html
- Find Page >> http://aldabba.gov.sd/panel-administracion/admin.html
- Find Page >> http://aldabba.gov.sd/modelsearch/index.html
- Find Page >> http://aldabba.gov.sd/modelsearch/admin.html
- Find Page >> http://aldabba.gov.sd/admincontrol/login.html
- Find Page >> http://aldabba.gov.sd/adm/index.html
- Find Page >> http://aldabba.gov.sd/adm.html
- Find Page >> http://aldabba.gov.sd/moderator/admin.html
- Find Page >> http://aldabba.gov.sd/user.php
- Find Page >> http://aldabba.gov.sd/account.html
- Find Page >> http://aldabba.gov.sd/controlpanel.html
- Find Page >> http://aldabba.gov.sd/admincontrol.html
- Find Page >> http://aldabba.gov.sd/panel-administracion/login.php
- Find Page >> http://aldabba.gov.sd/wp-login.php
- Find Page >> http://aldabba.gov.sd/adminLogin.php
- Find Page >> http://aldabba.gov.sd/admin/adminLogin.php
- Find Page >> http://aldabba.gov.sd/home.php
- Find Page >> http://aldabba.gov.sd/adminarea/index.php
- Find Page >> http://aldabba.gov.sd/adminarea/admin.php
- Find Page >> http://aldabba.gov.sd/adminarea/login.php
- Find Page >> http://aldabba.gov.sd/panel-administracion/index.php
- Find Page >> http://aldabba.gov.sd/panel-administracion/admin.php
- Find Page >> http://aldabba.gov.sd/modelsearch/index.php
- Find Page >> http://aldabba.gov.sd/modelsearch/admin.php
- Find Page >> http://aldabba.gov.sd/admincontrol/login.php
- Find Page >> http://aldabba.gov.sd/adm/admloginuser.php
- Find Page >> http://aldabba.gov.sd/admloginuser.php
- Find Page >> http://aldabba.gov.sd/admin2.php
- Find Page >> http://aldabba.gov.sd/admin2/login.php
- Find Page >> http://aldabba.gov.sd/admin2/index.php
- Find Page >> http://aldabba.gov.sd/usuarios/login.php
- Find Page >> http://aldabba.gov.sd/adm/index.php
- Find Page >> http://aldabba.gov.sd/adm.php
- Find Page >> http://aldabba.gov.sd/affiliate.php
- Find Page >> http://aldabba.gov.sd/adm_auth.php
- Find Page >> http://aldabba.gov.sd/memberadmin.php
- Find Page >> http://aldabba.gov.sd/administratorlogin.php
- Find Page >> http://aldabba.gov.sd/admin_panel/
- Find Page >> http://aldabba.gov.sd/admin_panel.html
- Find Page >> http://aldabba.gov.sd/adm_cp/
- ######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-1-Debian <<>> aldabba.gov.sd
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8304
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;aldabba.gov.sd. IN A
- ;; ANSWER SECTION:
- aldabba.gov.sd. 83838 IN A 62.12.105.4
- ;; Query time: 216 msec
- ;; SERVER: 38.132.106.139#53(38.132.106.139)
- ;; WHEN: ven fév 15 19:48:31 EST 2019
- ;; MSG SIZE rcvd: 59
- ######################################################################################################################################
- ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace aldabba.gov.sd
- ;; global options: +cmd
- . 81241 IN NS l.root-servers.net.
- . 81241 IN NS a.root-servers.net.
- . 81241 IN NS d.root-servers.net.
- . 81241 IN NS c.root-servers.net.
- . 81241 IN NS m.root-servers.net.
- . 81241 IN NS i.root-servers.net.
- . 81241 IN NS j.root-servers.net.
- . 81241 IN NS h.root-servers.net.
- . 81241 IN NS e.root-servers.net.
- . 81241 IN NS b.root-servers.net.
- . 81241 IN NS g.root-servers.net.
- . 81241 IN NS f.root-servers.net.
- . 81241 IN NS k.root-servers.net.
- . 81241 IN RRSIG NS 8 0 518400 20190228170000 20190215160000 16749 . O0XEuM7e/SR8/zBP+t1ulOCHkRUmAfQMtM2qjCjNlPbTePjkgg152D8E tpSYeLlO+yuB49vjAFC+49JIBeCgJWe/bVFkMtwNpZohu1WIalQe3LSf VR3IAZC43a3wRRd7Y0z1M5CGE00xVKQAUKVMAzzdKLf8XepRHEm6db+Z gQn5UYyMmAef3EhwdGTYWNGZrgmxmPPLcppr1NdSiK/NNe2utSevAWTS CokI/cpAITUuKRtk/T8lUvs4HUOp8WKLKH04ZqjOo5xFouw5/UV+7r2T GdRhUugOdY4bRgScz2ThENsvK6PFr1e+GQI+3MCbSk3lGxud2GZziy/3 Dc8EEQ==
- ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 216 ms
- sd. 172800 IN NS sd.cctld.authdns.ripe.net.
- sd. 172800 IN NS ns1.uaenic.ae.
- sd. 172800 IN NS ns2.uaenic.ae.
- sd. 172800 IN NS ans1.sis.sd.
- sd. 172800 IN NS ans1.canar.sd.
- sd. 172800 IN NS ans2.canar.sd.
- sd. 172800 IN NS ns-sd.afrinic.net.
- sd. 86400 IN NSEC se. NS RRSIG NSEC
- sd. 86400 IN RRSIG NSEC 8 1 86400 20190228170000 20190215160000 16749 . GHfXxR4mlyuj+asn3iQo/1rlROc/LEqf5vnrpSNFs4CBBbp1UpLXDhig fOX6QVng9CkgZ+tKBQqzbzl6vQVEN0AN85/dKnD5R18HJCSRujy7KIdh K5/PgMBZbKwli/ldtTqFZl6n5WMmc/MCY+GxaXlUt+5VlFmGwva3oSA0 32Zro18HvLNNFltd/z7GqAjKO6i8DQFX2ImlwthVCjWCj24W+EiGnnCi oJjfyHcjCKpGej0+Sxkd1MWKhLZOhbNSi+sEiPI+aF92mHqJHu1zbdvQ 009zNQ7QUXK2MpHA10bz7qhBjXCsuzOjIj8ChiOY9SlBYh5/NU8afqTl XVSBNw==
- ;; Received 701 bytes from 2001:500:2d::d#53(d.root-servers.net) in 25 ms
- gov.sd. 14400 IN NS sd.cctld.authdns.ripe.net.
- gov.sd. 14400 IN NS ns1.uaenic.ae.
- gov.sd. 14400 IN NS ns2.uaenic.ae.
- gov.sd. 14400 IN NS ans1.sis.sd.
- gov.sd. 14400 IN NS ans1.canar.sd.
- gov.sd. 14400 IN NS ans2.canar.sd.
- gov.sd. 14400 IN NS ns-sd.afrinic.net.
- ;; Received 270 bytes from 2001:43f8:120::26#53(ns-sd.afrinic.net) in 259 ms
- ;; Received 71 bytes from 195.229.0.186#53(ns2.uaenic.ae) in 405 ms
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: aldabba.gov.sd
- [-] DNSSEC is not configured for aldabba.gov.sd
- [*] SOA ns0.ndc.gov.sd 62.12.109.2
- [*] NS ns1.ndc.gov.sd 62.12.109.3
- [*] Bind Version for 62.12.109.3 you guess!
- [*] NS ns0.ndc.gov.sd 62.12.109.2
- [*] Bind Version for 62.12.109.2 you guess!
- [*] MX mail.aldabba.gov.sd 197.254.200.161
- [*] A aldabba.gov.sd 62.12.105.4
- [*] TXT aldabba.gov.sd v=spf1 mx -all
- [*] Enumerating SRV Records
- [-] No SRV Records Found for aldabba.gov.sd
- [+] 0 Records Found
- #######################################################################################################################################
- [*] Processing domain aldabba.gov.sd
- [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
- [+] Getting nameservers
- 62.12.109.3 - ns1.ndc.gov.sd
- [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
- aldabba.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
- aldabba.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- aldabba.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
- aldabba.gov.sd. 86400 IN A 62.12.105.4
- aldabba.gov.sd. 86400 IN MX 10 mail.aldabba.gov.sd.
- aldabba.gov.sd. 86400 IN TXT "v=spf1 mx -all"
- mail.aldabba.gov.sd. 86400 IN A 197.254.200.161
- mail.aldabba.gov.sd. 86400 IN MX 10 mail.aldabba.gov.sd.
- webmail.aldabba.gov.sd. 86400 IN CNAME mail.aldabba.gov.sd.
- www.aldabba.gov.sd. 86400 IN A 62.12.105.4
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------- ------ ---- ----------- ------
- 197.254.200.161 host mail.aldabba.gov.sd
- 197.254.200.161 alias webmail.aldabba.gov.sd
- 197.254.200.161 host mail.aldabba.gov.sd
- 62.12.105.4 200 host www.aldabba.gov.sd
- ######################################################################################################################################
- [+] Testing domain
- www.aldabba.gov.sd 62.12.105.4
- [+] Dns resolving
- Domain name Ip address Name server
- aldabba.gov.sd 62.12.105.4 f05-web03.nic.gov.sd
- Found 1 host(s) for aldabba.gov.sd
- [+] Testing wildcard
- Ok, no wildcard found.
- [+] Scanning for subdomain on aldabba.gov.sd
- [!] Wordlist not specified. I scannig with my internal wordlist...
- Estimated time about 219.4 seconds
- Subdomain Ip address Name server
- www.aldabba.gov.sd 62.12.105.4 f05-web03.nic.gov.sd
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- aldabba.gov.sd -----
- Host's addresses:
- __________________
- aldabba.gov.sd. 84006 IN A 62.12.105.4
- Name Servers:
- ______________
- ns1.ndc.gov.sd. 83973 IN A 62.12.109.3
- ns0.ndc.gov.sd. 83973 IN A 62.12.109.2
- Mail (MX) Servers:
- ___________________
- mail.aldabba.gov.sd. 85688 IN A 197.254.200.161
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for aldabba.gov.sd on ns1.ndc.gov.sd ...
- aldabba.gov.sd. 86400 IN SOA (
- aldabba.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- aldabba.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
- aldabba.gov.sd. 86400 IN A 62.12.105.4
- aldabba.gov.sd. 86400 IN MX 10
- aldabba.gov.sd. 86400 IN TXT "v=spf1
- mail.aldabba.gov.sd. 86400 IN A 197.254.200.161
- mail.aldabba.gov.sd. 86400 IN MX 10
- webmail.aldabba.gov.sd. 86400 IN CNAME mail.aldabba.gov.sd.
- www.aldabba.gov.sd. 86400 IN A 62.12.105.4
- Trying Zone Transfer for aldabba.gov.sd on ns0.ndc.gov.sd ...
- aldabba.gov.sd. 86400 IN SOA (
- aldabba.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
- aldabba.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
- aldabba.gov.sd. 86400 IN A 62.12.105.4
- aldabba.gov.sd. 86400 IN MX 10
- aldabba.gov.sd. 86400 IN TXT "v=spf1
- mail.aldabba.gov.sd. 86400 IN A 197.254.200.161
- mail.aldabba.gov.sd. 86400 IN MX 10
- webmail.aldabba.gov.sd. 86400 IN CNAME mail.aldabba.gov.sd.
- www.aldabba.gov.sd. 86400 IN A 62.12.105.4
- #######################################################################################################################################
- ____ _ _ _ _ _____
- / ___| _ _| |__ | (_)___| |_|___ / _ __
- \___ \| | | | '_ \| | / __| __| |_ \| '__|
- ___) | |_| | |_) | | \__ \ |_ ___) | |
- |____/ \__,_|_.__/|_|_|___/\__|____/|_|
- # Coded By Ahmed Aboul-Ela - @aboul3la
- [-] Enumerating subdomains now for aldabba.gov.sd
- [-] verbosity is enabled, will show the subdomains results in realtime
- [-] Searching now in Baidu..
- [-] Searching now in Yahoo..
- [-] Searching now in Google..
- [-] Searching now in Bing..
- [-] Searching now in Ask..
- [-] Searching now in Netcraft..
- [-] Searching now in DNSdumpster..
- [-] Searching now in Virustotal..
- [-] Searching now in ThreatCrowd..
- [-] Searching now in SSL Certificates..
- [-] Searching now in PassiveDNS..
- Virustotal: www.aldabba.gov.sd
- Virustotal: mail.aldabba.gov.sd
- Yahoo: www.aldabba.gov.sd
- Bing: www.aldabba.gov.sd
- [-] Saving results to file: /usr/share/sniper/loot//domains/domains-aldabba.gov.sd.txt
- [-] Total Unique Subdomains Found: 2
- www.aldabba.gov.sd
- mail.aldabba.gov.sd
- #######################################################################################################################################
- mail.aldabba.gov.sd,197.254.200.161
- webmail.aldabba.gov.sd,197.254.200.161
- #######################################################################################################################################
- ===============================================
- -=Subfinder v1.1.3 github.com/subfinder/subfinder
- ===============================================
- Running Source: Ask
- Running Source: Archive.is
- Running Source: Baidu
- Running Source: Bing
- Running Source: CertDB
- Running Source: CertificateTransparency
- Running Source: Certspotter
- Running Source: Commoncrawl
- Running Source: Crt.sh
- Running Source: Dnsdb
- Running Source: DNSDumpster
- Running Source: DNSTable
- Running Source: Dogpile
- Running Source: Exalead
- Running Source: Findsubdomains
- Running Source: Googleter
- Running Source: Hackertarget
- Running Source: Ipv4Info
- Running Source: PTRArchive
- Running Source: Sitedossier
- Running Source: Threatcrowd
- Running Source: ThreatMiner
- Running Source: WaybackArchive
- Running Source: Yahoo
- Running enumeration on aldabba.gov.sd
- dnsdb: Unexpected return status 503
- waybackarchive: Get https://web.archive.org/cdx/search/cdx?url=*.aldabba.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/http: invalid header field value "http://web.archive.org/cdx/search/cdx?url=*.aldabba.gov.sd/*&output=json&fl=original&collapse=urlkey&page=\x00" for key Referer
- archiveis: Get https://archive.fo/*.aldabba.gov.sd: dial tcp 213.183.51.24:443: connect: connection timed out
- Starting Bruteforcing of aldabba.gov.sd with 9985 words
- Total 6 Unique subdomains found for aldabba.gov.sd
- .aldabba.gov.sd
- mail.aldabba.gov.sd
- mail.aldabba.gov.sd
- webmail.aldabba.gov.sd
- www.aldabba.gov.sd
- www.aldabba.gov.sd
- #######################################################################################################################################
- [*] Found SPF record:
- [*] v=spf1 mx -all
- [*] SPF record contains an All item: -all
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for aldabba.gov.sd!
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:57 EST
- Warning: 62.12.105.4 giving up on port because retransmission cap hit (2).
- Nmap scan report for aldabba.gov.sd (62.12.105.4)
- Host is up (0.40s latency).
- rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
- Not shown: 464 filtered ports, 4 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 993/tcp open imaps
- 995/tcp open pop3s
- 8443/tcp open https-alt
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:00 EST
- Nmap scan report for aldabba.gov.sd (62.12.105.4)
- Host is up (0.12s latency).
- rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:00 EST
- Nmap scan report for aldabba.gov.sd (62.12.105.4)
- Host is up (0.37s latency).
- rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
- PORT STATE SERVICE VERSION
- 21/tcp open ftp ProFTPD 1.3.5d
- | ftp-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 1813 guesses in 181 seconds, average tps: 9.6
- Too many fingerprints match this host to give specific OS details
- Network Distance: 24 hops
- Service Info: OS: Unix
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 125.40 ms 10.251.200.1
- 2 125.42 ms 190.124.251.129
- 3 125.43 ms 172.16.21.1
- 4 185.26 ms 91.205.233.128
- 5 185.27 ms 192.168.7.2
- 6 187.25 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 187.24 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
- 8 187.25 ms te0-3-0-14.ccr21.mia03.atlas.cogentco.com (38.88.164.137)
- 9 187.25 ms 154.54.47.29
- 10 199.82 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
- 11 209.76 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 214.27 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 283.32 ms be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)
- 14 289.47 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 15 289.39 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 363.40 ms 185.153.20.70
- 17 361.43 ms 185.153.20.82
- 18 362.71 ms 185.153.20.94
- 19 378.98 ms 185.153.20.153
- 20 ... 21
- 22 398.46 ms 196.202.145.94
- 23 ...
- 24 397.94 ms f05-web03.nic.gov.sd (62.12.105.4)
- #######################################################################################################################################
- http://aldabba.gov.sd [200 OK] Cookies[dba52603cb1126534e3b339094dcfc62], IP[62.12.105.4], Joomla[1.5,1.5.23,1.5.24,1.5.25,1.5.26][com_content,com_mailto], probably Mambo[com_content,com_mailto], MetaGenerator[Joomla! 1.5 - Open Source Content Management], PHP[5.4.16,], Plesk[Lin], Script[text/javascript], Title[محلية الدبة], X-Powered-By[PHP/5.4.16, PleskLin]
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://aldabba.gov.sd...
- _________________________________________________ SITE INFO _________________________________________________
- IP Title
- 62.12.105.4 محلية الدبة
- __________________________________________________ VERSION __________________________________________________
- Name Versions Type
- Joomla! 1.5 CMS
- Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 Platform
- 2.4.8 | 2.4.9
- ________________________________________________ INTERESTING ________________________________________________
- URL Note Type
- /robots.txt robots.txt index Interesting
- ___________________________________________________ TOOLS ___________________________________________________
- Name Link Software
- CMSmap https://github.com/Dionach/CMSmap Joomla!
- joomscan http://sourceforge.net/projects/joomscan/ Joomla!
- ______________________________________________ VULNERABILITIES ______________________________________________
- Affected #Vulns Link
- Joomla! 1.5 14 http://cvedetails.com/version/53796
- _____________________________________________________________________________________________________________
- Time: 83.6 sec Urls: 437 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Date: Sat, 16 Feb 2019 00:00:16 GMT
- Content-Type: text/html; charset=utf-8
- X-Powered-By: PHP/5.4.16
- P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
- Expires: Mon, 1 Jan 2001 00:00:00 GMT
- Cache-Control: post-check=0, pre-check=0
- Pragma: no-cache
- Set-Cookie: dba52603cb1126534e3b339094dcfc62=spl9s16mn10quukgq0oue8h8l0; path=/
- Last-Modified: Sat, 16 Feb 2019 00:00:16 GMT
- X-Powered-By: PleskLin
- Connection: keep-alive
- HTTP/1.1 200 OK
- Date: Sat, 16 Feb 2019 00:00:17 GMT
- Content-Type: text/html; charset=utf-8
- X-Powered-By: PHP/5.4.16
- P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
- Expires: Mon, 1 Jan 2001 00:00:00 GMT
- Cache-Control: post-check=0, pre-check=0
- Pragma: no-cache
- Set-Cookie: dba52603cb1126534e3b339094dcfc62=sl8drdjrggfhvj9ee01flpif30; path=/
- Last-Modified: Sat, 16 Feb 2019 00:00:17 GMT
- X-Powered-By: PleskLin
- Connection: keep-alive
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:08 EST
- Nmap scan report for aldabba.gov.sd (62.12.105.4)
- Host is up (0.13s latency).
- rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 211 guesses in 187 seconds, average tps: 1.1
- |_pop3-capabilities: STLS RESP-CODES USER AUTH-RESP-CODE SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) PIPELINING TOP APOP UIDL CAPA
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE (using port 80/tcp)
- HOP RTT ADDRESS
- 1 124.41 ms f05-web03.nic.gov.sd (62.12.105.4)
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 62.12.105.4
- Testing SSL server aldabba.gov.sd on port 443 using SNI name aldabba.gov.sd
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: Plesk
- Issuer: Plesk
- Not valid before: Jul 20 00:21:23 2015 GMT
- Not valid after: Jul 19 00:21:23 2016 GMT
- ######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | phpMyAdmin | https://62.12.105.4:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:46 EST
- Warning: 62.12.105.4 giving up on port because retransmission cap hit (2).
- Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
- Host is up (0.40s latency).
- Not shown: 464 filtered ports, 4 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 993/tcp open imaps
- 995/tcp open pop3s
- 8443/tcp open https-alt
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:48 EST
- Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
- Host is up (0.12s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- ######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:48 EST
- Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
- Host is up (0.36s latency).
- PORT STATE SERVICE VERSION
- 21/tcp open ftp ProFTPD 1.3.5d
- | ftp-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 1943 guesses in 188 seconds, average tps: 10.0
- Too many fingerprints match this host to give specific OS details
- Network Distance: 24 hops
- Service Info: OS: Unix
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 124.75 ms 10.251.200.1
- 2 124.79 ms 190.124.251.129
- 3 124.82 ms 172.16.21.1
- 4 184.43 ms 91.205.233.128
- 5 185.05 ms 192.168.7.2
- 6 185.12 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 185.10 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
- 8 185.12 ms te0-3-0-14.ccr21.mia03.atlas.cogentco.com (38.88.164.137)
- 9 185.11 ms 154.54.47.29
- 10 199.59 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
- 11 208.19 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 214.15 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 289.82 ms be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)
- 14 288.51 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
- 15 285.91 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 365.90 ms 185.153.20.70
- 17 363.89 ms 185.153.20.82
- 18 365.87 ms 185.153.20.94
- 19 380.70 ms 185.153.20.153
- 20 ... 21
- 22 417.90 ms 196.202.145.94
- 23 ...
- 24 394.11 ms f05-web03.nic.gov.sd (62.12.105.4)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:53 EST
- Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
- Host is up.
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 125.49 ms 10.251.200.1
- 2 125.53 ms 190.124.251.129
- 3 125.89 ms 172.16.21.1
- 4 185.73 ms 91.205.233.128
- 5 187.50 ms 192.168.7.2
- 6 187.94 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 188.27 ms 69.25.0.3
- 8 189.34 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 187.94 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
- 10 202.20 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 207.79 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 214.34 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 286.35 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 283.37 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 284.16 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 362.76 ms 185.153.20.70
- 17 361.97 ms 185.153.20.82
- 18 362.77 ms 185.153.20.94
- 19 386.33 ms 185.153.20.153
- 20 395.62 ms 212.0.131.109
- 21 390.02 ms 196.202.137.249
- 22 399.11 ms 196.202.145.94
- 23 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:56 EST
- Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
- Host is up.
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 124.45 ms 10.251.200.1
- 2 124.50 ms 190.124.251.129
- 3 124.53 ms 172.16.21.1
- 4 185.18 ms 91.205.233.128
- 5 185.12 ms 192.168.7.2
- 6 185.17 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 185.26 ms 69.25.0.3
- 8 185.28 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 185.25 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
- 10 198.65 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 209.52 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 215.67 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 287.05 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 284.50 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 285.21 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 363.48 ms 185.153.20.70
- 17 362.84 ms 185.153.20.82
- 18 363.48 ms 185.153.20.94
- 19 379.60 ms 185.153.20.153
- 20 392.82 ms 212.0.131.109
- 21 390.28 ms 196.202.137.249
- 22 400.80 ms 196.202.145.94
- 23 ... 30
- ######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:58 EST
- Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
- Host is up.
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 124.37 ms 10.251.200.1
- 2 124.30 ms 190.124.251.129
- 3 124.35 ms 172.16.21.1
- 4 185.02 ms 91.205.233.128
- 5 185.06 ms 192.168.7.2
- 6 185.05 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 185.26 ms 69.25.0.3
- 8 185.08 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 185.10 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
- 10 198.80 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 209.85 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 216.19 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 287.79 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 285.39 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 285.70 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 365.48 ms 185.153.20.70
- 17 365.44 ms 185.153.20.82
- 18 365.45 ms 185.153.20.94
- 19 381.33 ms 185.153.20.153
- 20 394.20 ms 212.0.131.109
- 21 388.89 ms 196.202.137.249
- 22 399.53 ms 196.202.145.94
- 23 ... 30
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://62.12.105.4...
- _________________________________________ SITE INFO _________________________________________
- IP Title
- 62.12.105.4 Domain Default page
- __________________________________________ VERSION __________________________________________
- Name Versions Type
- Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 Platform
- 2.4.8 | 2.4.9
- _____________________________________________________________________________________________
- Time: 79.2 sec Urls: 810 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Date: Fri, 15 Feb 2019 23:54:34 GMT
- Content-Type: text/html
- Content-Length: 3750
- Last-Modified: Wed, 31 Jan 2018 01:28:47 GMT
- ETag: "ea6-5640866950aeb"
- Accept-Ranges: bytes
- Connection: keep-alive
- HTTP/1.1 200 OK
- Date: Fri, 15 Feb 2019 23:54:35 GMT
- Content-Type: text/html
- Content-Length: 3750
- Last-Modified: Wed, 31 Jan 2018 01:28:47 GMT
- ETag: "ea6-5640866950aeb"
- Accept-Ranges: bytes
- Connection: keep-alive
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:02 EST
- Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
- Host is up (0.13s latency).
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 212 guesses in 187 seconds, average tps: 1.1
- |_pop3-capabilities: UIDL TOP SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) APOP PIPELINING STLS USER CAPA AUTH-RESP-CODE RESP-CODES
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE (using port 80/tcp)
- HOP RTT ADDRESS
- 1 124.41 ms f05-web03.nic.gov.sd (62.12.105.4)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:05 EST
- Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
- Host is up.
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 123.82 ms 10.251.200.1
- 2 123.85 ms 190.124.251.129
- 3 123.87 ms 172.16.21.1
- 4 184.58 ms 91.205.233.128
- 5 184.60 ms 192.168.7.2
- 6 184.62 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 184.66 ms 69.25.0.3
- 8 184.66 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 184.66 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
- 10 198.32 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 208.70 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 215.28 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 287.02 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 284.70 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 285.44 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 374.27 ms 185.153.20.70
- 17 373.77 ms 185.153.20.82
- 18 374.22 ms 185.153.20.94
- 19 391.49 ms 185.153.20.153
- 20 403.85 ms 212.0.131.109
- 21 390.92 ms 196.202.137.249
- 22 401.79 ms 196.202.145.94
- 23 ... 30
- ######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:08 EST
- Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
- Host is up (0.12s latency).
- PORT STATE SERVICE VERSION
- 161/tcp filtered snmp
- 161/udp open|filtered snmp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 124.57 ms 10.251.200.1
- 2 124.51 ms 190.124.251.129
- 3 124.57 ms 172.16.21.1
- 4 184.53 ms 91.205.233.128
- 5 184.59 ms 192.168.7.2
- 6 184.94 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 185.62 ms 69.25.0.3
- 8 185.59 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 188.03 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
- 10 199.49 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 208.45 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 215.02 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 287.31 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 289.72 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 289.70 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 368.52 ms 185.153.20.70
- 17 367.70 ms 185.153.20.82
- 18 368.53 ms 185.153.20.94
- 19 385.24 ms 185.153.20.153
- 20 394.74 ms 212.0.131.109
- 21 390.24 ms 196.202.137.249
- 22 403.24 ms 196.202.145.94
- 23 ... 30
- #######################################################################################################################################
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 62.12.105.4
- Testing SSL server 62.12.105.4 on port 443 using SNI name 62.12.105.4
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: Plesk
- Issuer: Plesk
- Not valid before: Jul 20 00:21:23 2015 GMT
- Not valid after: Jul 19 00:21:23 2016 GMT
- #######################################################################################################################################
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- | phpMyAdmin | https://62.12.105.4:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
- +------------+--------------------------------------+--------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:19 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 20:19
- Completed NSE at 20:19, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 20:19
- Completed NSE at 20:19, 0.00s elapsed
- Initiating Ping Scan at 20:19
- Scanning 62.12.105.4 [4 ports]
- Completed Ping Scan at 20:19, 0.16s elapsed (1 total hosts)
- Initiating Parallel DNS resolution of 1 host. at 20:19
- Completed Parallel DNS resolution of 1 host. at 20:19, 0.02s elapsed
- Initiating Connect Scan at 20:19
- Scanning f05-web03.nic.gov.sd (62.12.105.4) [1000 ports]
- Discovered open port 80/tcp on 62.12.105.4
- Discovered open port 110/tcp on 62.12.105.4
- Discovered open port 995/tcp on 62.12.105.4
- Discovered open port 443/tcp on 62.12.105.4
- Discovered open port 993/tcp on 62.12.105.4
- Discovered open port 21/tcp on 62.12.105.4
- Discovered open port 143/tcp on 62.12.105.4
- Discovered open port 8443/tcp on 62.12.105.4
- Completed Connect Scan at 20:20, 20.69s elapsed (1000 total ports)
- Initiating Service scan at 20:20
- Scanning 8 services on f05-web03.nic.gov.sd (62.12.105.4)
- Completed Service scan at 20:20, 35.61s elapsed (8 services on 1 host)
- Initiating OS detection (try #1) against f05-web03.nic.gov.sd (62.12.105.4)
- Retrying OS detection (try #2) against f05-web03.nic.gov.sd (62.12.105.4)
- Initiating Traceroute at 20:20
- Completed Traceroute at 20:21, 3.62s elapsed
- Initiating Parallel DNS resolution of 22 hosts. at 20:21
- Completed Parallel DNS resolution of 22 hosts. at 20:21, 16.50s elapsed
- NSE: Script scanning 62.12.105.4.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 20:21
- NSE Timing: About 99.08% done; ETC: 20:21 (0:00:00 remaining)
- NSE Timing: About 99.17% done; ETC: 20:22 (0:00:01 remaining)
- NSE Timing: About 99.27% done; ETC: 20:22 (0:00:01 remaining)
- NSE Timing: About 99.63% done; ETC: 20:23 (0:00:00 remaining)
- Completed NSE at 20:23, 142.26s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 20:23
- Completed NSE at 20:23, 0.81s elapsed
- Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
- Host is up, received reset ttl 64 (0.37s latency).
- Scanned at 2019-02-15 20:19:50 EST for 229s
- Not shown: 987 filtered ports
- Reason: 986 no-responses and 1 host-unreach
- PORT STATE SERVICE REASON VERSION
- 20/tcp closed ftp-data conn-refused
- 21/tcp open ftp syn-ack ProFTPD 1.3.5d
- | ssl-cert: Subject: commonName=f05-web03.nic.gov.sd
- | Subject Alternative Name: DNS:f05-web03.nic.gov.sd
- | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2017-11-26T15:16:33
- | Not valid after: 2018-02-24T15:16:33
- | MD5: 3f63 49c9 d709 5130 4b48 50d5 32c1 abb5
- | SHA-1: 5b15 5a3e d920 1f11 81ff 444b 5712 f23a 8b68 b5af
- | -----BEGIN CERTIFICATE-----
- | MIIFCzCCA/OgAwIBAgISA8ZuVjBzi24EU0kWvASakIcgMA0GCSqGSIb3DQEBCwUA
- | MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
- | ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzExMjYxNTE2MzNaFw0x
- | ODAyMjQxNTE2MzNaMB8xHTAbBgNVBAMTFGYwNS13ZWIwMy5uaWMuZ292LnNkMIIB
- | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweoZBgm5eWY8rANaRF54HDHO
- | uSbolGAdJxgvFvvo/2cjxfAtlRY1Q/9GZWnSK5q9WMVxY19DvzG9tGui50Rh4iUe
- | pbTt5AoCaxDCmVSSzXSnvV26L0FVJaFr80EvbfcY+Y3fPaUST6ju5SqhhGDmrKmJ
- | RsP8WS03/nrwY9rUCRLSCJDByxW9LrWLzAIiSp5z570xCUQXrDcoxHU9F3+zIYgL
- | v8L6fea76VyQWxhggbogR4qU1Ixo3ezBuaL0eZ/b0t8CYJ9XLH6DqWrDc55LWIGI
- | 2ZKv3Ib5l2hpZ3l65HzBJNJnGPa4X9EhJM0Akla+9C0alnzb/8X5EWujmTFRSQID
- | AQABo4ICFDCCAhAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
- | BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTa9bmnWLF1iaNLyfRi
- | I3TeSbYtpTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEF
- | BQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
- | cnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5j
- | cnlwdC5vcmcvMB8GA1UdEQQYMBaCFGYwNS13ZWIwMy5uaWMuZ292LnNkMIH+BgNV
- | HSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcC
- | ARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGb
- | VGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5
- | aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0
- | aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcv
- | cmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAdZAbiKPfbg5rdICOdfKevK
- | M8emQgL8dtOnRuZiP39Z7X05t/c+vVv7RFrT4aiT84r7qYVmFZ/qiHQ/IxInm18U
- | tvbuSEvM2AaXdsfc8x8L5Hf1kHflt956MfC70J6x4JyU3Fxtz34yiXPDR2E8FHBi
- | vjs2nVqbrl4VePh5usaRwWfogYUDysuxK4kEqsNVYJKy3c3a5iB7eGrF6tV/gMtF
- | kfYFGULdFU2CcB7TItSOUUi6oClNJgrEtfG4/2u/bZi6ypt0Dd9xqAOFRjaoViR8
- | WUDFhDbmPsfLnx8ID73fflxYm2+SLd+zuKPxgDqUiTwMKEk5fMgiK+DnPc0OXJA=
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- 25/tcp closed smtp conn-refused
- 80/tcp open http-proxy syn-ack Squid http proxy
- |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-open-proxy: Proxy might be redirecting requests
- |_http-title: Domain Default page
- 110/tcp open pop3 syn-ack Dovecot pop3d
- |_pop3-capabilities: STLS UIDL USER CAPA SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) TOP APOP RESP-CODES PIPELINING AUTH-RESP-CODE
- |_ssl-date: TLS randomness does not represent time
- 113/tcp closed ident conn-refused
- 139/tcp closed netbios-ssn conn-refused
- 143/tcp open imap syn-ack Dovecot imapd
- |_imap-capabilities: OK SASL-IR ENABLE AUTH=LOGIN IDLE IMAP4rev1 STARTTLS more AUTH=PLAIN ID listed capabilities LOGIN-REFERRALS have AUTH=DIGEST-MD5 post-login Pre-login LITERAL+ AUTH=CRAM-MD5A0001
- |_ssl-date: TLS randomness does not represent time
- 443/tcp open ssl/http syn-ack nginx
- | http-methods:
- |_ Supported Methods: GET
- |_http-server-header: nginx
- |_http-title: 400 The plain HTTP request was sent to HTTPS port
- | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/organizationalUnitName=Plesk/localityName=Seattle
- | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/organizationalUnitName=Plesk/localityName=Seattle
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2015-07-20T00:21:23
- | Not valid after: 2016-07-19T00:21:23
- | MD5: 081e a803 762a f7a0 8cff 7a71 192c 7cfb
- | SHA-1: 0cdb 447d b0e9 070c 8a69 b2fe 1b86 9aa0 7697 10fb
- | -----BEGIN CERTIFICATE-----
- | MIIDfTCCAmUCBFWsPwMwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
- | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
- | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
- | CQEWDmluZm9AcGxlc2suY29tMB4XDTE1MDcyMDAwMjEyM1oXDTE2MDcxOTAwMjEy
- | M1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
- | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
- | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
- | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAd1dWnJxCatqhs1eGGmK3DkvHNP9ZOO
- | ub2jqqdVsE5OBnhEcRVjF9sErfabSo2m1fDfaNv4CcxfzD1a59ADubR5wcq0orf0
- | qIEiACfV6lqQP2Lv4BhqNNlo0d1wj9xCzTcv1GZq0VO+q9Bl0iB1GgXQGrKCZVNh
- | YM1njL7AG9s0yVPfhLIPdmqmB0KhahyqaLCgQJMLFmhVsP+H9h6BaAbxFyklxUnF
- | Vpryi28oscOOYDaSLwb+ZWFNlkKKk1BWc/3y2KniwSDnsXSueCIZQ4iKbapuHHk7
- | dLC6v+L+hbW6JyB+fDp3nK1eVgC8aP4D/CYi3IPjHNri8c957SCWEQIDAQABMA0G
- | CSqGSIb3DQEBCwUAA4IBAQCtUeqEmmV5PGWiIAaJv1TVqisoQiE+iPF5RJXKKN2w
- | btOW6h03jxU1KV8yzPfcjgseRNzYB8/+4Zm7HllusV2O27NnQ0lVlQDVGfsqx0gX
- | W0TOSt1MjMW7lSWTnAEUC+k/AbARjbihXfsxKQfI7w8e1ai9/Pe3aa+eZwihkV0e
- | 85vdXd3W6GjntKcEycQwLVWxPK8awVnAXOhF7a3b04fLCy16TTwWLK2NnstIOEdb
- | KQUhBFkld2VvYNDfRLaO7v++PdkDB2cXQFExMwhlu5S0bhKW6Kv0+Mg0gMU1CDQS
- | kcTfsoE+yhqkrExc9N/qn1Aa0mf9P3Lm4y5tPJkXTD33
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- | tls-alpn:
- | h2
- |_ http/1.1
- | tls-nextprotoneg:
- | h2
- |_ http/1.1
- 445/tcp closed microsoft-ds conn-refused
- 993/tcp open ssl/imaps? syn-ack
- |_ssl-date: TLS randomness does not represent time
- 995/tcp open ssl/pop3s? syn-ack
- |_ssl-date: TLS randomness does not represent time
- 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.5.3)
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: sw-cp-server
- | http-title: Plesk Onyx 17.5.3
- |_Requested resource was https://f05-web03.nic.gov.sd:8443/
- | ssl-cert: Subject: commonName=f05-web03.nic.gov.sd
- | Subject Alternative Name: DNS:f05-web03.nic.gov.sd
- | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2017-11-26T15:16:33
- | Not valid after: 2018-02-24T15:16:33
- | MD5: 3f63 49c9 d709 5130 4b48 50d5 32c1 abb5
- | SHA-1: 5b15 5a3e d920 1f11 81ff 444b 5712 f23a 8b68 b5af
- | -----BEGIN CERTIFICATE-----
- | MIIFCzCCA/OgAwIBAgISA8ZuVjBzi24EU0kWvASakIcgMA0GCSqGSIb3DQEBCwUA
- | MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
- | ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzExMjYxNTE2MzNaFw0x
- | ODAyMjQxNTE2MzNaMB8xHTAbBgNVBAMTFGYwNS13ZWIwMy5uaWMuZ292LnNkMIIB
- | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweoZBgm5eWY8rANaRF54HDHO
- | uSbolGAdJxgvFvvo/2cjxfAtlRY1Q/9GZWnSK5q9WMVxY19DvzG9tGui50Rh4iUe
- | pbTt5AoCaxDCmVSSzXSnvV26L0FVJaFr80EvbfcY+Y3fPaUST6ju5SqhhGDmrKmJ
- | RsP8WS03/nrwY9rUCRLSCJDByxW9LrWLzAIiSp5z570xCUQXrDcoxHU9F3+zIYgL
- | v8L6fea76VyQWxhggbogR4qU1Ixo3ezBuaL0eZ/b0t8CYJ9XLH6DqWrDc55LWIGI
- | 2ZKv3Ib5l2hpZ3l65HzBJNJnGPa4X9EhJM0Akla+9C0alnzb/8X5EWujmTFRSQID
- | AQABo4ICFDCCAhAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
- | BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTa9bmnWLF1iaNLyfRi
- | I3TeSbYtpTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEF
- | BQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
- | cnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5j
- | cnlwdC5vcmcvMB8GA1UdEQQYMBaCFGYwNS13ZWIwMy5uaWMuZ292LnNkMIH+BgNV
- | HSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcC
- | ARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGb
- | VGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5
- | aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0
- | aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcv
- | cmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAdZAbiKPfbg5rdICOdfKevK
- | M8emQgL8dtOnRuZiP39Z7X05t/c+vVv7RFrT4aiT84r7qYVmFZ/qiHQ/IxInm18U
- | tvbuSEvM2AaXdsfc8x8L5Hf1kHflt956MfC70J6x4JyU3Fxtz34yiXPDR2E8FHBi
- | vjs2nVqbrl4VePh5usaRwWfogYUDysuxK4kEqsNVYJKy3c3a5iB7eGrF6tV/gMtF
- | kfYFGULdFU2CcB7TItSOUUi6oClNJgrEtfG4/2u/bZi6ypt0Dd9xqAOFRjaoViR8
- | WUDFhDbmPsfLnx8ID73fflxYm2+SLd+zuKPxgDqUiTwMKEk5fMgiK+DnPc0OXJA=
- |_-----END CERTIFICATE-----
- |_ssl-date: TLS randomness does not represent time
- | tls-nextprotoneg:
- |_ http/1.1
- OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
- Aggressive OS guesses: AVtech Room Alert 26W environmental monitor (98%), HP ProCurve Secure Router 7102dl (93%), Ricoh Aficio SP C240SF printer (93%), Linksys BEFSR41 EtherFast router (91%), OpenBSD 4.0 (91%), FreeBSD 6.2-RELEASE (90%), Linux 2.6.18 - 2.6.22 (90%), OpenBSD 4.3 (90%), Android 7.1.2 (Linux 3.10) (90%), Apple AirPort Extreme WAP (88%)
- No exact OS matches for host (test conditions non-ideal).
- TCP/IP fingerprint:
- SCAN(V=7.70%E=4%D=2/15%OT=21%CT=20%CU=%PV=N%G=N%TM=5C67661B%P=x86_64-pc-linux-gnu)
- SEQ(SP=105%GCD=1%ISR=104%TI=Z%TS=U)
- OPS(O1=M4B3W7N%O2=M4B3W7N%O3=M4B3W7N%O4=M4B3W7N%O5=M4B3W7N%O6=M4B3)
- WIN(W1=7210%W2=7210%W3=7210%W4=7210%W5=7210%W6=7210)
- ECN(R=Y%DF=Y%TG=40%W=7210%O=M4B3W7N%CC=Y%Q=)
- ECN(R=N)
- T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
- T2(R=N)
- T3(R=N)
- T4(R=N)
- T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
- T6(R=N)
- T7(R=N)
- U1(R=N)
- IE(R=N)
- Service Info: OS: Unix
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 124.12 ms 10.251.200.1
- 2 124.29 ms 190.124.251.129
- 3 124.32 ms 172.16.21.1
- 4 184.42 ms 91.205.233.128
- 5 184.44 ms 192.168.7.2
- 6 184.46 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
- 7 184.84 ms 69.25.0.3
- 8 184.84 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
- 9 184.85 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
- 10 198.67 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
- 11 209.29 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
- 12 216.07 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
- 13 287.60 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
- 14 284.68 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
- 15 285.23 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
- 16 363.75 ms 185.153.20.70
- 17 363.36 ms 185.153.20.82
- 18 363.79 ms 185.153.20.94
- 19 379.79 ms 185.153.20.153
- 20 392.62 ms 212.0.131.109
- 21 390.77 ms 196.202.137.249
- 22 399.43 ms 196.202.145.94
- 23 ... 30
- NSE: Script Post-scanning.
- NSE: Starting runlevel 1 (of 2) scan.
- Initiating NSE at 20:23
- Completed NSE at 20:23, 0.00s elapsed
- NSE: Starting runlevel 2 (of 2) scan.
- Initiating NSE at 20:23
- Completed NSE at 20:23, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 229.76 seconds
- Raw packets sent: 140 (10.568KB) | Rcvd: 128 (18.431KB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:23 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 20:23
- Completed NSE at 20:23, 0.00s elapsed
- Initiating NSE at 20:23
- Completed NSE at 20:23, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 20:23
- Completed Parallel DNS resolution of 1 host. at 20:23, 0.02s elapsed
- Initiating UDP Scan at 20:23
- Scanning f05-web03.nic.gov.sd (62.12.105.4) [14 ports]
- Completed UDP Scan at 20:23, 2.15s elapsed (14 total ports)
- Initiating Service scan at 20:23
- Scanning 12 services on f05-web03.nic.gov.sd (62.12.105.4)
- Service scan Timing: About 8.33% done; ETC: 20:43 (0:17:58 remaining)
- Completed Service scan at 20:25, 102.58s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against f05-web03.nic.gov.sd (62.12.105.4)
- Retrying OS detection (try #2) against f05-web03.nic.gov.sd (62.12.105.4)
- Initiating Traceroute at 20:25
- Completed Traceroute at 20:25, 7.31s elapsed
- Initiating Parallel DNS resolution of 1 host. at 20:25
- Completed Parallel DNS resolution of 1 host. at 20:25, 0.02s elapsed
- NSE: Script scanning 62.12.105.4.
- Initiating NSE at 20:25
- Completed NSE at 20:25, 20.30s elapsed
- Initiating NSE at 20:25
- Completed NSE at 20:25, 1.03s elapsed
- Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
- Host is up (0.12s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 137/udp)
- HOP RTT ADDRESS
- 1 124.11 ms 10.251.200.1
- 2 ... 3
- 4 123.00 ms 10.251.200.1
- 5 124.39 ms 10.251.200.1
- 6 124.41 ms 10.251.200.1
- 7 124.41 ms 10.251.200.1
- 8 124.41 ms 10.251.200.1
- 9 124.43 ms 10.251.200.1
- 10 124.55 ms 10.251.200.1
- 11 ... 18
- 19 123.21 ms 10.251.200.1
- 20 123.23 ms 10.251.200.1
- 21 ... 27
- 28 124.30 ms 10.251.200.1
- 29 124.61 ms 10.251.200.1
- 30 123.31 ms 10.251.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 20:25
- Completed NSE at 20:25, 0.00s elapsed
- Initiating NSE at 20:25
- Completed NSE at 20:25, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 138.73 seconds
- Raw packets sent: 148 (13.692KB) | Rcvd: 30 (3.265KB)
- #######################################################################################################################################
- [+] FireWall Detector
- [++] Firewall not detected
- [+] Detecting Joomla Version
- [++] Joomla 1.5
- [+] Core Joomla Vulnerability
- [++] Joomla! 1.5 Beta 2 - 'Search' Remote Code Execution
- EDB : https://www.exploit-db.com/exploits/4212/
- Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection
- CVE : CVE-2007-4781
- EDB : https://www.exploit-db.com/exploits/4350/
- Joomla! 1.5.x - (Token) Remote Admin Change Password
- CVE : CVE-2008-3681
- EDB : https://www.exploit-db.com/exploits/6234/
- Joomla! 1.5.x - Cross-Site Scripting / Information Disclosure
- CVE: CVE-2011-4909
- EDB : https://www.exploit-db.com/exploits/33061/
- Joomla! 1.5.x - 404 Error Page Cross-Site Scripting
- EDB : https://www.exploit-db.com/exploits/33378/
- Joomla! 1.5.12 - read/exec Remote files
- EDB : https://www.exploit-db.com/exploits/11263/
- Joomla! 1.5.12 - connect back Exploit
- EDB : https://www.exploit-db.com/exploits/11262/
- Joomla! Plugin 'tinybrowser' 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)
- CVE : CVE-2011-4908
- EDB : https://www.exploit-db.com/exploits/9926/
- Joomla! 1.5 - URL Redirecting
- EDB : https://www.exploit-db.com/exploits/14722/
- Joomla! 1.5.x - SQL Error Information Disclosure
- EDB : https://www.exploit-db.com/exploits/34955/
- Joomla! - Spam Mail Relay
- EDB : https://www.exploit-db.com/exploits/15979/
- Joomla! 1.5/1.6 - JFilterInput Cross-Site Scripting Bypass
- EDB : https://www.exploit-db.com/exploits/16091/
- Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities
- EDB : https://www.exploit-db.com/exploits/36176/
- Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution
- CVE : CVE-2015-8562
- EDB : https://www.exploit-db.com/exploits/38977/
- Joomla! 1.0 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution
- CVE : CVE-2015-8562 , CVE-2015-8566
- EDB : https://www.exploit-db.com/exploits/39033/
- Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion
- CVE : CVE-2007-2199
- EDB : https://www.exploit-db.com/exploits/3781/
- Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
- CVE : CVE-2009-0113
- EDB : https://www.exploit-db.com/exploits/7691/
- [+] Checking apache info/status files
- [++] Readable info/status files are not found
- [+] admin finder
- [++] Admin page : http://aldabba.gov.sd/admin/
- [+] Checking robots.txt existing
- [++] robots.txt is found
- path : http://aldabba.gov.sd/robots.txt
- Interesting path found from robots.txt
- http://aldabba.gov.sd/administrator/
- http://aldabba.gov.sd/cache/
- http://aldabba.gov.sd/components/
- http://aldabba.gov.sd/images/
- http://aldabba.gov.sd/includes/
- http://aldabba.gov.sd/installation/
- http://aldabba.gov.sd/language/
- http://aldabba.gov.sd/libraries/
- http://aldabba.gov.sd/media/
- http://aldabba.gov.sd/modules/
- http://aldabba.gov.sd/plugins/
- http://aldabba.gov.sd/templates/
- http://aldabba.gov.sd/tmp/
- http://aldabba.gov.sd/xmlrpc/
- [+] Finding common backup files name
- [++] Backup files are not found
- [+] Finding common log files name
- [++] error log is not found
- [+] Checking sensitive config.php.x file
- [++] Readable config files are not found
- Your Report : reports/aldabba.gov.sd/
- #######################################################################################################################################
- [-] Date & Time: 15/02/2019 19:09:44
- [I] Threads: 5
- [-] Target: http://aldabba.gov.sd (62.12.105.4)
- [M] Website Not in HTTPS: http://aldabba.gov.sd
- [I] X-Powered-By: PHP/5.4.16
- [L] X-Frame-Options: Not Enforced
- [I] Strict-Transport-Security: Not Enforced
- [I] X-Content-Security-Policy: Not Enforced
- [I] X-Content-Type-Options: Not Enforced
- [L] Robots.txt Found: http://aldabba.gov.sd/robots.txt
- [I] CMS Detection: Joomla
- [I] Joomla Website Template: rhuk_milkyway
- [I] Joomla Website Template: system
- [H] Configuration File Found: http://aldabba.gov.sd/configuration
- [-] Enumerating Joomla Usernames via "Feed" ...
- [I] Administrator: moh9982@yahoo.com
- [I] Autocomplete Off Not Found: http://aldabba.gov.sd/administrator/index.php
- [-] Joomla Default Files:
- [-] Joomla is likely to have a large number of default files
- [-] Would you like to list them all?
- [y/N]: y
- [I] http://aldabba.gov.sd/bin/index.html
- [I] http://aldabba.gov.sd/cache/index.html
- [I] http://aldabba.gov.sd/cli/index.html
- [I] http://aldabba.gov.sd/components/index.html
- [I] http://aldabba.gov.sd/htaccess.txt
- [I] http://aldabba.gov.sd/images/index.html
- [I] http://aldabba.gov.sd/includes/index.html
- [I] http://aldabba.gov.sd/installation/cache/index.html
- [I] http://aldabba.gov.sd/language/index.html
- [I] http://aldabba.gov.sd/language/overrides/index.html
- [I] http://aldabba.gov.sd/layouts/index.html
- [I] http://aldabba.gov.sd/layouts/joomla/error/index.html
- [I] http://aldabba.gov.sd/libraries/index.html
- [I] http://aldabba.gov.sd/media/editors/codemirror/mode/rpm/changes/index.html
- [I] http://aldabba.gov.sd/media/editors/tinymce/plugins/example/dialog.html
- [I] http://aldabba.gov.sd/media/editors/tinymce/templates/layout1.html
- [I] http://aldabba.gov.sd/media/editors/tinymce/templates/snippet1.html
- [I] http://aldabba.gov.sd/media/index.html
- [I] http://aldabba.gov.sd/modules/index.html
- [I] http://aldabba.gov.sd/plugins/index.html
- [I] http://aldabba.gov.sd/templates/index.html
- [I] http://aldabba.gov.sd/tests/javascript/calendar/fixtures/fixture.html
- [I] http://aldabba.gov.sd/tests/javascript/caption/fixtures/fixture.html
- [I] http://aldabba.gov.sd/tests/javascript/combobox/fixtures/fixture.html
- [I] http://aldabba.gov.sd/tests/javascript/core/fixtures/fixture.html
- [I] http://aldabba.gov.sd/tests/javascript/highlighter/fixtures/fixture.html
- [I] http://aldabba.gov.sd/tests/javascript/permissions/fixtures/fixture.html
- [I] http://aldabba.gov.sd/tests/javascript/repeatable/fixtures/fixture.html
- [I] http://aldabba.gov.sd/tests/javascript/sendtestmail/fixtures/fixture.html
- [I] http://aldabba.gov.sd/tests/javascript/subform-repeatable/fixtures/fixture.html
- [I] http://aldabba.gov.sd/tests/javascript/switcher/fixtures/fixture.html
- [I] http://aldabba.gov.sd/tests/javascript/validate/fixtures/fixture.html
- [I] http://aldabba.gov.sd/tmp/index.html
- [-] Searching Joomla Components ...
- [I] Checking for Directory Listing Enabled ...
- [-] Date & Time: 15/02/2019 19:31:35
- [-] Completed in: 0:21:50
- #######################################################################################################################################
- Anonymous JTSEC #OpSudan Full Recon #13
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement