Advertisement
Guest User

Anonymous JTSEC #OpSudan Full Recon #13

a guest
Feb 15th, 2019
1,189
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Hostname aldabba.gov.sd ISP NICDC
  4. Continent Africa Flag
  5. SD
  6. Country Sudan Country Code SD
  7. Region Unknown Local time 16 Feb 2019 02:06 CAT
  8. City Unknown Postal Code Unknown
  9. IP Address 62.12.105.4 Latitude 15
  10. Longitude 30
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > aldabba.gov.sd
  14. Server: 38.132.106.139
  15. Address: 38.132.106.139#53
  16.  
  17. Non-authoritative answer:
  18. Name: aldabba.gov.sd
  19. Address: 62.12.105.4
  20. >
  21. #######################################################################################################################################
  22. HostIP:62.12.105.4
  23. HostName:aldabba.gov.sd
  24.  
  25. Gathered Inet-whois information for 62.12.105.4
  26. ---------------------------------------------------------------------------------------------------------------------------------------
  27.  
  28.  
  29. inetnum: 62.12.96.0 - 62.12.127.255
  30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  31. descr: IPv4 address block not managed by the RIPE NCC
  32. remarks: ------------------------------------------------------
  33. remarks:
  34. remarks: For registration information,
  35. remarks: you can consult the following sources:
  36. remarks:
  37. remarks: IANA
  38. remarks: http://www.iana.org/assignments/ipv4-address-space
  39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
  40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
  41. remarks:
  42. remarks: AFRINIC (Africa)
  43. remarks: http://www.afrinic.net/ whois.afrinic.net
  44. remarks:
  45. remarks: APNIC (Asia Pacific)
  46. remarks: http://www.apnic.net/ whois.apnic.net
  47. remarks:
  48. remarks: ARIN (Northern America)
  49. remarks: http://www.arin.net/ whois.arin.net
  50. remarks:
  51. remarks: LACNIC (Latin America and the Carribean)
  52. remarks: http://www.lacnic.net/ whois.lacnic.net
  53. remarks:
  54. remarks: ------------------------------------------------------
  55. country: EU # Country is really world wide
  56. admin-c: IANA1-RIPE
  57. tech-c: IANA1-RIPE
  58. status: ALLOCATED UNSPECIFIED
  59. mnt-by: RIPE-NCC-HM-MNT
  60. created: 2019-01-07T10:46:54Z
  61. last-modified: 2019-01-07T10:46:54Z
  62. source: RIPE
  63.  
  64. role: Internet Assigned Numbers Authority
  65. address: see http://www.iana.org.
  66. admin-c: IANA1-RIPE
  67. tech-c: IANA1-RIPE
  68. nic-hdl: IANA1-RIPE
  69. remarks: For more information on IANA services
  70. remarks: go to IANA web site at http://www.iana.org.
  71. mnt-by: RIPE-NCC-MNT
  72. created: 1970-01-01T00:00:00Z
  73. last-modified: 2001-09-22T09:31:27Z
  74. source: RIPE # Filtered
  75.  
  76. % This query was served by the RIPE Database Query Service version 1.92.6 (WAGYU)
  77.  
  78.  
  79.  
  80. Gathered Inic-whois information for aldabba.gov.sd
  81. ---------------------------------
  82. Error: Unable to connect - Invalid Host
  83. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  84. close error
  85.  
  86. Gathered Netcraft information for aldabba.gov.sd
  87. ---------------------------------
  88.  
  89. Retrieving Netcraft.com information for aldabba.gov.sd
  90. Netcraft.com Information gathered
  91.  
  92. Gathered Subdomain information for aldabba.gov.sd
  93. ---------------------------------
  94. Searching Google.com:80...
  95. HostName:www.aldabba.gov.sd
  96. HostIP:62.12.105.4
  97. Searching Altavista.com:80...
  98. Found 1 possible subdomain(s) for host aldabba.gov.sd, Searched 0 pages containing 0 results
  99.  
  100. Gathered E-Mail information for aldabba.gov.sd
  101. ---------------------------------
  102. Searching Google.com:80...
  103. Searching Altavista.com:80...
  104. Found 0 E-Mail(s) for host aldabba.gov.sd, Searched 0 pages containing 0 results
  105.  
  106. Gathered TCP Port information for 62.12.105.4
  107. ---------------------------------------------------------------------------------------------------------------------------------------
  108.  
  109. Port State
  110.  
  111. 21/tcp open
  112. 80/tcp open
  113. 110/tcp open
  114. 143/tcp open
  115.  
  116. Portscan Finished: Scanned 150 ports, 5 ports were in state closed
  117. #######################################################################################################################################
  118. [i] Scanning Site: http://aldabba.gov.sd
  119.  
  120.  
  121.  
  122. B A S I C I N F O
  123. =======================================================================================================================================
  124.  
  125.  
  126. [+] Site Title: محلية الدبة
  127. [+] IP address: 62.12.105.4
  128. [+] Web Server: Could Not Detect
  129. [+] CMS: Joomla
  130. [+] Cloudflare: Not Detected
  131. [+] Robots File: Found
  132.  
  133. -------------[ contents ]----------------
  134. User-agent: *
  135. Disallow: /administrator/
  136. Disallow: /cache/
  137. Disallow: /components/
  138. Disallow: /images/
  139. Disallow: /includes/
  140. Disallow: /installation/
  141. Disallow: /language/
  142. Disallow: /libraries/
  143. Disallow: /media/
  144. Disallow: /modules/
  145. Disallow: /plugins/
  146. Disallow: /templates/
  147. Disallow: /tmp/
  148. Disallow: /xmlrpc/
  149.  
  150. -----------[end of contents]-------------
  151.  
  152.  
  153.  
  154. G E O I P L O O K U P
  155. =======================================================================================================================================
  156.  
  157. [i] IP Address: 62.12.105.4
  158. [i] Country: Sudan
  159. [i] State:
  160. [i] City:
  161. [i] Latitude: 15.0
  162. [i] Longitude: 30.0
  163.  
  164.  
  165.  
  166.  
  167. H T T P H E A D E R S
  168. =======================================================================================================================================
  169.  
  170.  
  171. [i] HTTP/1.1 200 OK
  172. [i] Date: Fri, 15 Feb 2019 23:26:51 GMT
  173. [i] Content-Type: text/html; charset=utf-8
  174. [i] Content-Length: 45294
  175. [i] X-Powered-By: PHP/5.4.16
  176. [i] P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  177. [i] Expires: Mon, 1 Jan 2001 00:00:00 GMT
  178. [i] Cache-Control: post-check=0, pre-check=0
  179. [i] Pragma: no-cache
  180. [i] Set-Cookie: dba52603cb1126534e3b339094dcfc62=047g62k8bovf3heuf3qgo8pgc2; path=/
  181. [i] Last-Modified: Fri, 15 Feb 2019 23:26:51 GMT
  182. [i] X-Powered-By: PleskLin
  183. [i] Connection: close
  184.  
  185.  
  186.  
  187.  
  188. D N S L O O K U P
  189. =======================================================================================================================================
  190.  
  191. aldabba.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
  192. aldabba.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  193. aldabba.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
  194. aldabba.gov.sd. 21599 IN A 62.12.105.4
  195. aldabba.gov.sd. 21599 IN MX 10 mail.aldabba.gov.sd.
  196. aldabba.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  197.  
  198.  
  199.  
  200.  
  201. S U B N E T C A L C U L A T I O N
  202. =======================================================================================================================================
  203.  
  204. Address = 62.12.105.4
  205. Network = 62.12.105.4 / 32
  206. Netmask = 255.255.255.255
  207. Broadcast = not needed on Point-to-Point links
  208. Wildcard Mask = 0.0.0.0
  209. Hosts Bits = 0
  210. Max. Hosts = 1 (2^0 - 0)
  211. Host Range = { 62.12.105.4 - 62.12.105.4 }
  212.  
  213.  
  214.  
  215. N M A P P O R T S C A N
  216. =======================================================================================================================================
  217.  
  218.  
  219. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-16 00:34 UTC
  220. Nmap scan report for aldabba.gov.sd (62.12.105.4)
  221. Host is up (0.22s latency).
  222. rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
  223. PORT STATE SERVICE
  224. 21/tcp filtered ftp
  225. 22/tcp filtered ssh
  226. 23/tcp filtered telnet
  227. 80/tcp filtered http
  228. 110/tcp filtered pop3
  229. 143/tcp filtered imap
  230. 443/tcp filtered https
  231. 3389/tcp filtered ms-wbt-server
  232.  
  233. Nmap done: 1 IP address (1 host up) scanned in 11.32 seconds
  234. #######################################################################################################################################
  235. [?] Enter the target: example( http://domain.com )
  236. http://aldabba.gov.sd/
  237. [!] IP Address : 62.12.105.4
  238. [!] aldabba.gov.sd doesn't seem to use a CMS
  239. [+] Honeypot Probabilty: 30%
  240. ---------------------------------------------------------------------------------------------------------------------------------------
  241. [~] Trying to gather whois information for aldabba.gov.sd
  242. [+] Whois information found
  243. [-] Unable to build response, visit https://who.is/whois/aldabba.gov.sd
  244. ---------------------------------------------------------------------------------------------------------------------------------------
  245. PORT STATE SERVICE
  246. 21/tcp filtered ftp
  247. 22/tcp filtered ssh
  248. 23/tcp filtered telnet
  249. 80/tcp filtered http
  250. 110/tcp filtered pop3
  251. 143/tcp filtered imap
  252. 443/tcp filtered https
  253. 3389/tcp filtered ms-wbt-server
  254. Nmap done: 1 IP address (1 host up) scanned in 14.61 seconds
  255. ---------------------------------------------------------------------------------------------------------------------------------------
  256.  
  257. [+] DNS Records
  258. ns0.ndc.gov.sd. (62.12.109.2) Egypt Egypt
  259. ns1.ndc.gov.sd. (62.12.109.3) Egypt Egypt
  260.  
  261. [+] MX Records
  262. 10 (197.254.200.161) AS33788 KANARTEL Sudan
  263.  
  264. [+] Host Records (A)
  265. aldabba.gov.sd (62.12.105.4) Egypt Egypt
  266.  
  267. [+] TXT Records
  268. "v=spf1 mx -all"
  269.  
  270. [+] DNS Map: https://dnsdumpster.com/static/map/aldabba.gov.sd.png
  271.  
  272. [>] Initiating 3 intel modules
  273. [>] Loading Alpha module (1/3)
  274. [>] Beta module deployed (2/3)
  275. [>] Gamma module initiated (3/3)
  276.  
  277.  
  278. [+] Emails found:
  279. ---------------------------------------------------------------------------------------------------------------------------------------
  280. pixel-1550277305550818-web-@aldabba.gov.sd
  281. pixel-155027730720683-web-@aldabba.gov.sd
  282.  
  283. [+] Hosts found in search engines:
  284. ---------------------------------------------------------------------------------------------------------------------------------------
  285. [-] Resolving hostnames IPs...
  286. 62.12.105.4:www.aldabba.gov.sd
  287. [+] Virtual hosts:
  288. ---------------------------------------------------------------------------------------------------------------------------------------
  289. #######################################################################################################################################
  290. Enter Address Website = aldabba.gov.sd
  291.  
  292.  
  293. Reverse IP With YouGetSignal 'aldabba.gov.sd'
  294. ---------------------------------------------------------------------------------------------------------------------------------------
  295.  
  296. [*] IP: 62.12.105.4
  297. [*] Domain: aldabba.gov.sd
  298. [*] Total Domains: 3
  299.  
  300. [+] aldabba.gov.sd
  301. [+] ffamc.gov.sd
  302. [+] sudanradio.gov.sd
  303. #######################################################################################################################################
  304. Geo IP Lookup 'aldabba.gov.sd'
  305. ---------------------------------------------------------------------------------------------------------------------------------------
  306.  
  307. [+] IP Address: 62.12.105.4
  308. [+] Country: Sudan
  309. [+] State:
  310. [+] City:
  311. [+] Latitude: 15.0
  312. [+] Longitude: 30.0
  313. #######################################################################################################################################
  314. DNS Lookup 'aldabba.gov.sd'
  315. ---------------------------------------------------------------------------------------------------------------------------------------
  316.  
  317. [+] aldabba.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
  318. [+] aldabba.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
  319. [+] aldabba.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
  320. [+] aldabba.gov.sd. 21599 IN A 62.12.105.4
  321. [+] aldabba.gov.sd. 21599 IN MX 10 mail.aldabba.gov.sd.
  322. [+] aldabba.gov.sd. 21599 IN TXT "v=spf1 mx -all"
  323. #######################################################################################################################################
  324. Show HTTP Header 'aldabba.gov.sd'
  325. ---------------------------------------------------------------------------------------------------------------------------------------
  326.  
  327. [+] HTTP/1.1 200 OK
  328. [+] Server: nginx
  329. [+] Date: Fri, 15 Feb 2019 23:26:37 GMT
  330. [+] Content-Type: text/html; charset=utf-8
  331. [+] Connection: keep-alive
  332. [+] X-Powered-By: PHP/5.4.16
  333. [+] P3P: CP=NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM
  334. [+] Expires: Mon, 1 Jan 2001 00:00:00 GMT
  335. [+] Cache-Control: post-check=0, pre-check=0
  336. [+] Pragma: no-cache
  337. [+] Set-Cookie: dba52603cb1126534e3b339094dcfc62=t2qt9kostn76eeachgs8np2vk5; path=/
  338. [+] Last-Modified: Fri, 15 Feb 2019 23:26:37 GMT
  339. [+] X-Powered-By: PleskLin
  340. #######################################################################################################################################
  341. Port Scan 'aldabba.gov.sd'
  342. ---------------------------------------------------------------------------------------------------------------------------------------
  343.  
  344.  
  345. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-16 00:34 UTC
  346. Nmap scan report for aldabba.gov.sd (62.12.105.4)
  347. Host is up (0.22s latency).
  348. rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
  349. PORT STATE SERVICE
  350. 21/tcp filtered ftp
  351. 22/tcp filtered ssh
  352. 23/tcp filtered telnet
  353. 80/tcp filtered http
  354. 110/tcp filtered pop3
  355. 143/tcp filtered imap
  356. 443/tcp filtered https
  357. 3389/tcp filtered ms-wbt-server
  358.  
  359. Nmap done: 1 IP address (1 host up) scanned in 15.41 seconds
  360. #######################################################################################################################################
  361. Robot.txt 'aldabba.gov.sd'
  362. ---------------------------------------------------------------------------------------------------------------------------------------
  363.  
  364. User-agent: *
  365. Disallow: /administrator/
  366. Disallow: /cache/
  367. Disallow: /components/
  368. Disallow: /images/
  369. Disallow: /includes/
  370. Disallow: /installation/
  371. Disallow: /language/
  372. Disallow: /libraries/
  373. Disallow: /media/
  374. Disallow: /modules/
  375. Disallow: /plugins/
  376. Disallow: /templates/
  377. Disallow: /tmp/
  378. Disallow: /xmlrpc/
  379. #######################################################################################################################################
  380. Traceroute 'aldabba.gov.sd'
  381. ---------------------------------------------------------------------------------------------------------------------------------------
  382.  
  383. Start: 2019-02-16T00:34:41+0000
  384. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  385. 1.|-- 45.79.12.201 0.0% 3 0.7 0.8 0.6 1.0 0.2
  386. 2.|-- 45.79.12.0 0.0% 3 1.1 0.7 0.4 1.1 0.3
  387. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.7 1.5 1.1 1.7 0.3
  388. 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 1.4 1.7 1.4 2.2 0.4
  389. 5.|-- be2433.ccr22.mci01.atlas.cogentco.com 0.0% 3 11.5 11.6 11.4 11.7 0.2
  390. 6.|-- be2832.ccr42.ord01.atlas.cogentco.com 0.0% 3 23.9 23.8 23.7 23.9 0.1
  391. 7.|-- be2718.ccr22.cle04.atlas.cogentco.com 0.0% 3 30.9 30.5 30.2 30.9 0.3
  392. 8.|-- be2879.ccr22.alb02.atlas.cogentco.com 0.0% 3 41.5 41.7 41.5 41.9 0.2
  393. 9.|-- be3600.ccr32.bos01.atlas.cogentco.com 0.0% 3 46.0 45.9 45.7 46.0 0.1
  394. 10.|-- be2983.ccr42.lon13.atlas.cogentco.com 0.0% 3 107.6 108.2 107.6 108.5 0.5
  395. 11.|-- be2871.ccr21.lon01.atlas.cogentco.com 0.0% 3 107.6 108.0 107.6 108.2 0.3
  396. 12.|-- expressotelecom.demarc.cogentco.com 0.0% 3 107.4 107.5 107.4 107.5 0.1
  397. 13.|-- 185.153.20.70 0.0% 3 185.6 185.9 185.6 186.0 0.2
  398. 14.|-- 185.153.20.82 0.0% 3 185.7 194.1 185.7 210.9 14.5
  399. 15.|-- 185.153.20.94 0.0% 3 185.5 185.7 185.5 186.0 0.3
  400. 16.|-- 185.153.20.153 0.0% 3 216.3 218.7 216.3 221.9 2.9
  401. 17.|-- 212.0.131.109 0.0% 3 226.6 230.7 226.6 238.7 6.9
  402. 18.|-- 196.202.137.249 0.0% 3 219.1 219.1 218.8 219.5 0.4
  403. 19.|-- 196.202.145.94 0.0% 3 219.2 219.1 219.0 219.2 0.1
  404. 20.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  405. #######################################################################################################################################
  406. Ping 'aldabba.gov.sd'
  407. ---------------------------------------------------------------------------------------------------------------------------------------
  408.  
  409. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-16 00:35 UTC
  410. SENT (0.4250s) ICMP [104.237.144.6 > 62.12.105.4 Echo request (type=8/code=0) id=58045 seq=1] IP [ttl=64 id=43580 iplen=28 ]
  411. SENT (1.4252s) ICMP [104.237.144.6 > 62.12.105.4 Echo request (type=8/code=0) id=58045 seq=2] IP [ttl=64 id=43580 iplen=28 ]
  412. SENT (2.4265s) ICMP [104.237.144.6 > 62.12.105.4 Echo request (type=8/code=0) id=58045 seq=3] IP [ttl=64 id=43580 iplen=28 ]
  413. SENT (3.4281s) ICMP [104.237.144.6 > 62.12.105.4 Echo request (type=8/code=0) id=58045 seq=4] IP [ttl=64 id=43580 iplen=28 ]
  414.  
  415. Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
  416. Raw packets sent: 4 (112B) | Rcvd: 0 (0B) | Lost: 4 (100.00%)
  417. Nping done: 1 IP address pinged in 4.43 seconds
  418. #######################################################################################################################################
  419. Page Admin Finder 'aldabba.gov.sd'
  420. ---------------------------------------------------------------------------------------------------------------------------------------
  421.  
  422. Avilable Links :
  423.  
  424. Find Page >> http://aldabba.gov.sd/admin/
  425.  
  426. Find Page >> http://aldabba.gov.sd/admin1/
  427.  
  428. Find Page >> http://aldabba.gov.sd/admin2/
  429.  
  430. Find Page >> http://aldabba.gov.sd/admin3/
  431.  
  432. Find Page >> http://aldabba.gov.sd/admin4/
  433.  
  434. Find Page >> http://aldabba.gov.sd/admin5/
  435.  
  436. Find Page >> http://aldabba.gov.sd/usuarios/
  437.  
  438. Find Page >> http://aldabba.gov.sd/usuario/
  439.  
  440. Find Page >> http://aldabba.gov.sd/moderator/
  441.  
  442. Find Page >> http://aldabba.gov.sd/webadmin/
  443.  
  444. Find Page >> http://aldabba.gov.sd/adminarea/
  445.  
  446. Find Page >> http://aldabba.gov.sd/bb-admin/
  447.  
  448. Find Page >> http://aldabba.gov.sd/adminLogin/
  449.  
  450. Find Page >> http://aldabba.gov.sd/admin_area/
  451.  
  452. Find Page >> http://aldabba.gov.sd/panel-administracion/
  453.  
  454. Find Page >> http://aldabba.gov.sd/instadmin/
  455.  
  456. Find Page >> http://aldabba.gov.sd/memberadmin/
  457.  
  458. Find Page >> http://aldabba.gov.sd/administratorlogin/
  459.  
  460. Find Page >> http://aldabba.gov.sd/adm/
  461.  
  462. Find Page >> http://aldabba.gov.sd/admin/account.php
  463.  
  464. Find Page >> http://aldabba.gov.sd/admin/index.php
  465.  
  466. Find Page >> http://aldabba.gov.sd/admin/login.php
  467.  
  468. Find Page >> http://aldabba.gov.sd/admin/admin.php
  469.  
  470. Find Page >> http://aldabba.gov.sd/admin_area/admin.php
  471.  
  472. Find Page >> http://aldabba.gov.sd/admin_area/login.php
  473.  
  474. Find Page >> http://aldabba.gov.sd/siteadmin/login.php
  475.  
  476. Find Page >> http://aldabba.gov.sd/siteadmin/index.php
  477.  
  478. Find Page >> http://aldabba.gov.sd/siteadmin/login.html
  479.  
  480. Find Page >> http://aldabba.gov.sd/admin/account.html
  481.  
  482. Find Page >> http://aldabba.gov.sd/admin/index.html
  483.  
  484. Find Page >> http://aldabba.gov.sd/admin/login.html
  485.  
  486. Find Page >> http://aldabba.gov.sd/admin/admin.html
  487.  
  488. Find Page >> http://aldabba.gov.sd/admin_area/index.php
  489.  
  490. Find Page >> http://aldabba.gov.sd/bb-admin/index.php
  491.  
  492. Find Page >> http://aldabba.gov.sd/bb-admin/login.php
  493.  
  494. Find Page >> http://aldabba.gov.sd/bb-admin/admin.php
  495.  
  496. Find Page >> http://aldabba.gov.sd/admin/home.php
  497.  
  498. Find Page >> http://aldabba.gov.sd/admin_area/login.html
  499.  
  500. Find Page >> http://aldabba.gov.sd/admin_area/index.html
  501.  
  502. Find Page >> http://aldabba.gov.sd/admin/controlpanel.php
  503.  
  504. Find Page >> http://aldabba.gov.sd/admin.php
  505.  
  506. Find Page >> http://aldabba.gov.sd/admincp/index.html
  507.  
  508. Find Page >> http://aldabba.gov.sd/adminpanel.html
  509.  
  510. Find Page >> http://aldabba.gov.sd/webadmin.html
  511.  
  512. Find Page >> http://aldabba.gov.sd/webadmin/index.html
  513.  
  514. Find Page >> http://aldabba.gov.sd/webadmin/admin.html
  515.  
  516. Find Page >> http://aldabba.gov.sd/webadmin/login.html
  517.  
  518. Find Page >> http://aldabba.gov.sd/admin/admin_login.html
  519.  
  520. Find Page >> http://aldabba.gov.sd/admin_login.html
  521.  
  522. Find Page >> http://aldabba.gov.sd/panel-administracion/login.html
  523.  
  524. Find Page >> http://aldabba.gov.sd/admin/cp.php
  525.  
  526. Find Page >> http://aldabba.gov.sd/cp.php
  527.  
  528. Find Page >> http://aldabba.gov.sd/nsw/admin/login.php
  529.  
  530. Find Page >> http://aldabba.gov.sd/webadmin/login.php
  531.  
  532. Find Page >> http://aldabba.gov.sd/admin/admin_login.php
  533.  
  534. Find Page >> http://aldabba.gov.sd/admin_login.php
  535.  
  536. Find Page >> http://aldabba.gov.sd/administrator.php
  537.  
  538. Find Page >> http://aldabba.gov.sd/admin_area/admin.html
  539.  
  540. Find Page >> http://aldabba.gov.sd/pages/admin/admin-login.php
  541.  
  542. Find Page >> http://aldabba.gov.sd/admin/admin-login.php
  543.  
  544. Find Page >> http://aldabba.gov.sd/admin-login.php
  545.  
  546. Find Page >> http://aldabba.gov.sd/bb-admin/index.html
  547.  
  548. Find Page >> http://aldabba.gov.sd/bb-admin/login.html
  549.  
  550. Find Page >> http://aldabba.gov.sd/acceso.php
  551.  
  552. Find Page >> http://aldabba.gov.sd/bb-admin/admin.html
  553.  
  554. Find Page >> http://aldabba.gov.sd/admin/home.html
  555.  
  556. Find Page >> http://aldabba.gov.sd/login.php
  557.  
  558. Find Page >> http://aldabba.gov.sd/modelsearch/login.php
  559.  
  560. Find Page >> http://aldabba.gov.sd/moderator.php
  561.  
  562. Find Page >> http://aldabba.gov.sd/moderator/login.php
  563.  
  564. Find Page >> http://aldabba.gov.sd/moderator/admin.php
  565.  
  566. Find Page >> http://aldabba.gov.sd/account.php
  567.  
  568. Find Page >> http://aldabba.gov.sd/pages/admin/admin-login.html
  569.  
  570. Find Page >> http://aldabba.gov.sd/admin/admin-login.html
  571.  
  572. Find Page >> http://aldabba.gov.sd/admin-login.html
  573.  
  574. Find Page >> http://aldabba.gov.sd/controlpanel.php
  575.  
  576. Find Page >> http://aldabba.gov.sd/admincontrol.php
  577.  
  578. Find Page >> http://aldabba.gov.sd/admin/adminLogin.html
  579.  
  580. Find Page >> http://aldabba.gov.sd/adminLogin.html
  581.  
  582. Find Page >> http://aldabba.gov.sd/home.html
  583.  
  584. Find Page >> http://aldabba.gov.sd/rcjakar/admin/login.php
  585.  
  586. Find Page >> http://aldabba.gov.sd/adminarea/index.html
  587.  
  588. Find Page >> http://aldabba.gov.sd/adminarea/admin.html
  589.  
  590. Find Page >> http://aldabba.gov.sd/webadmin.php
  591.  
  592. Find Page >> http://aldabba.gov.sd/webadmin/index.php
  593.  
  594. Find Page >> http://aldabba.gov.sd/webadmin/admin.php
  595.  
  596. Find Page >> http://aldabba.gov.sd/admin/controlpanel.html
  597.  
  598. Find Page >> http://aldabba.gov.sd/admin.html
  599.  
  600. Find Page >> http://aldabba.gov.sd/admin/cp.html
  601.  
  602. Find Page >> http://aldabba.gov.sd/cp.html
  603.  
  604. Find Page >> http://aldabba.gov.sd/adminpanel.php
  605.  
  606. Find Page >> http://aldabba.gov.sd/moderator.html
  607.  
  608. Find Page >> http://aldabba.gov.sd/user.html
  609.  
  610. Find Page >> http://aldabba.gov.sd/administrator.html
  611.  
  612. Find Page >> http://aldabba.gov.sd/login.html
  613.  
  614. Find Page >> http://aldabba.gov.sd/modelsearch/login.html
  615.  
  616. Find Page >> http://aldabba.gov.sd/moderator/login.html
  617.  
  618. Find Page >> http://aldabba.gov.sd/adminarea/login.html
  619.  
  620. Find Page >> http://aldabba.gov.sd/panel-administracion/index.html
  621.  
  622. Find Page >> http://aldabba.gov.sd/panel-administracion/admin.html
  623.  
  624. Find Page >> http://aldabba.gov.sd/modelsearch/index.html
  625.  
  626. Find Page >> http://aldabba.gov.sd/modelsearch/admin.html
  627.  
  628. Find Page >> http://aldabba.gov.sd/admincontrol/login.html
  629.  
  630. Find Page >> http://aldabba.gov.sd/adm/index.html
  631.  
  632. Find Page >> http://aldabba.gov.sd/adm.html
  633.  
  634. Find Page >> http://aldabba.gov.sd/moderator/admin.html
  635.  
  636. Find Page >> http://aldabba.gov.sd/user.php
  637.  
  638. Find Page >> http://aldabba.gov.sd/account.html
  639.  
  640. Find Page >> http://aldabba.gov.sd/controlpanel.html
  641.  
  642. Find Page >> http://aldabba.gov.sd/admincontrol.html
  643.  
  644. Find Page >> http://aldabba.gov.sd/panel-administracion/login.php
  645.  
  646. Find Page >> http://aldabba.gov.sd/wp-login.php
  647.  
  648. Find Page >> http://aldabba.gov.sd/adminLogin.php
  649.  
  650. Find Page >> http://aldabba.gov.sd/admin/adminLogin.php
  651.  
  652. Find Page >> http://aldabba.gov.sd/home.php
  653.  
  654. Find Page >> http://aldabba.gov.sd/adminarea/index.php
  655.  
  656. Find Page >> http://aldabba.gov.sd/adminarea/admin.php
  657.  
  658. Find Page >> http://aldabba.gov.sd/adminarea/login.php
  659.  
  660. Find Page >> http://aldabba.gov.sd/panel-administracion/index.php
  661.  
  662. Find Page >> http://aldabba.gov.sd/panel-administracion/admin.php
  663.  
  664. Find Page >> http://aldabba.gov.sd/modelsearch/index.php
  665.  
  666. Find Page >> http://aldabba.gov.sd/modelsearch/admin.php
  667.  
  668. Find Page >> http://aldabba.gov.sd/admincontrol/login.php
  669.  
  670. Find Page >> http://aldabba.gov.sd/adm/admloginuser.php
  671.  
  672. Find Page >> http://aldabba.gov.sd/admloginuser.php
  673.  
  674. Find Page >> http://aldabba.gov.sd/admin2.php
  675.  
  676. Find Page >> http://aldabba.gov.sd/admin2/login.php
  677.  
  678. Find Page >> http://aldabba.gov.sd/admin2/index.php
  679.  
  680. Find Page >> http://aldabba.gov.sd/usuarios/login.php
  681.  
  682. Find Page >> http://aldabba.gov.sd/adm/index.php
  683.  
  684. Find Page >> http://aldabba.gov.sd/adm.php
  685.  
  686. Find Page >> http://aldabba.gov.sd/affiliate.php
  687.  
  688. Find Page >> http://aldabba.gov.sd/adm_auth.php
  689.  
  690. Find Page >> http://aldabba.gov.sd/memberadmin.php
  691.  
  692. Find Page >> http://aldabba.gov.sd/administratorlogin.php
  693.  
  694. Find Page >> http://aldabba.gov.sd/admin_panel/
  695.  
  696. Find Page >> http://aldabba.gov.sd/admin_panel.html
  697.  
  698. Find Page >> http://aldabba.gov.sd/adm_cp/
  699. ######################################################################################################################################
  700. ; <<>> DiG 9.11.5-P1-1-Debian <<>> aldabba.gov.sd
  701. ;; global options: +cmd
  702. ;; Got answer:
  703. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8304
  704. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  705.  
  706. ;; OPT PSEUDOSECTION:
  707. ; EDNS: version: 0, flags:; udp: 4096
  708. ;; QUESTION SECTION:
  709. ;aldabba.gov.sd. IN A
  710.  
  711. ;; ANSWER SECTION:
  712. aldabba.gov.sd. 83838 IN A 62.12.105.4
  713.  
  714. ;; Query time: 216 msec
  715. ;; SERVER: 38.132.106.139#53(38.132.106.139)
  716. ;; WHEN: ven fév 15 19:48:31 EST 2019
  717. ;; MSG SIZE rcvd: 59
  718. ######################################################################################################################################
  719. ; <<>> DiG 9.11.5-P1-1-Debian <<>> +trace aldabba.gov.sd
  720. ;; global options: +cmd
  721. . 81241 IN NS l.root-servers.net.
  722. . 81241 IN NS a.root-servers.net.
  723. . 81241 IN NS d.root-servers.net.
  724. . 81241 IN NS c.root-servers.net.
  725. . 81241 IN NS m.root-servers.net.
  726. . 81241 IN NS i.root-servers.net.
  727. . 81241 IN NS j.root-servers.net.
  728. . 81241 IN NS h.root-servers.net.
  729. . 81241 IN NS e.root-servers.net.
  730. . 81241 IN NS b.root-servers.net.
  731. . 81241 IN NS g.root-servers.net.
  732. . 81241 IN NS f.root-servers.net.
  733. . 81241 IN NS k.root-servers.net.
  734. . 81241 IN RRSIG NS 8 0 518400 20190228170000 20190215160000 16749 . O0XEuM7e/SR8/zBP+t1ulOCHkRUmAfQMtM2qjCjNlPbTePjkgg152D8E tpSYeLlO+yuB49vjAFC+49JIBeCgJWe/bVFkMtwNpZohu1WIalQe3LSf VR3IAZC43a3wRRd7Y0z1M5CGE00xVKQAUKVMAzzdKLf8XepRHEm6db+Z gQn5UYyMmAef3EhwdGTYWNGZrgmxmPPLcppr1NdSiK/NNe2utSevAWTS CokI/cpAITUuKRtk/T8lUvs4HUOp8WKLKH04ZqjOo5xFouw5/UV+7r2T GdRhUugOdY4bRgScz2ThENsvK6PFr1e+GQI+3MCbSk3lGxud2GZziy/3 Dc8EEQ==
  735. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 216 ms
  736.  
  737. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  738. sd. 172800 IN NS ns1.uaenic.ae.
  739. sd. 172800 IN NS ns2.uaenic.ae.
  740. sd. 172800 IN NS ans1.sis.sd.
  741. sd. 172800 IN NS ans1.canar.sd.
  742. sd. 172800 IN NS ans2.canar.sd.
  743. sd. 172800 IN NS ns-sd.afrinic.net.
  744. sd. 86400 IN NSEC se. NS RRSIG NSEC
  745. sd. 86400 IN RRSIG NSEC 8 1 86400 20190228170000 20190215160000 16749 . GHfXxR4mlyuj+asn3iQo/1rlROc/LEqf5vnrpSNFs4CBBbp1UpLXDhig fOX6QVng9CkgZ+tKBQqzbzl6vQVEN0AN85/dKnD5R18HJCSRujy7KIdh K5/PgMBZbKwli/ldtTqFZl6n5WMmc/MCY+GxaXlUt+5VlFmGwva3oSA0 32Zro18HvLNNFltd/z7GqAjKO6i8DQFX2ImlwthVCjWCj24W+EiGnnCi oJjfyHcjCKpGej0+Sxkd1MWKhLZOhbNSi+sEiPI+aF92mHqJHu1zbdvQ 009zNQ7QUXK2MpHA10bz7qhBjXCsuzOjIj8ChiOY9SlBYh5/NU8afqTl XVSBNw==
  746. ;; Received 701 bytes from 2001:500:2d::d#53(d.root-servers.net) in 25 ms
  747.  
  748. gov.sd. 14400 IN NS sd.cctld.authdns.ripe.net.
  749. gov.sd. 14400 IN NS ns1.uaenic.ae.
  750. gov.sd. 14400 IN NS ns2.uaenic.ae.
  751. gov.sd. 14400 IN NS ans1.sis.sd.
  752. gov.sd. 14400 IN NS ans1.canar.sd.
  753. gov.sd. 14400 IN NS ans2.canar.sd.
  754. gov.sd. 14400 IN NS ns-sd.afrinic.net.
  755. ;; Received 270 bytes from 2001:43f8:120::26#53(ns-sd.afrinic.net) in 259 ms
  756.  
  757. ;; Received 71 bytes from 195.229.0.186#53(ns2.uaenic.ae) in 405 ms
  758. #######################################################################################################################################
  759. [*] Performing General Enumeration of Domain: aldabba.gov.sd
  760. [-] DNSSEC is not configured for aldabba.gov.sd
  761. [*] SOA ns0.ndc.gov.sd 62.12.109.2
  762. [*] NS ns1.ndc.gov.sd 62.12.109.3
  763. [*] Bind Version for 62.12.109.3 you guess!
  764. [*] NS ns0.ndc.gov.sd 62.12.109.2
  765. [*] Bind Version for 62.12.109.2 you guess!
  766. [*] MX mail.aldabba.gov.sd 197.254.200.161
  767. [*] A aldabba.gov.sd 62.12.105.4
  768. [*] TXT aldabba.gov.sd v=spf1 mx -all
  769. [*] Enumerating SRV Records
  770. [-] No SRV Records Found for aldabba.gov.sd
  771. [+] 0 Records Found
  772. #######################################################################################################################################
  773. [*] Processing domain aldabba.gov.sd
  774. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  775. [+] Getting nameservers
  776. 62.12.109.3 - ns1.ndc.gov.sd
  777. [+] Zone transfer sucessful using nameserver ns1.ndc.gov.sd
  778. aldabba.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2016011408 10800 900 604800 86400
  779. aldabba.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  780. aldabba.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  781. aldabba.gov.sd. 86400 IN A 62.12.105.4
  782. aldabba.gov.sd. 86400 IN MX 10 mail.aldabba.gov.sd.
  783. aldabba.gov.sd. 86400 IN TXT "v=spf1 mx -all"
  784. mail.aldabba.gov.sd. 86400 IN A 197.254.200.161
  785. mail.aldabba.gov.sd. 86400 IN MX 10 mail.aldabba.gov.sd.
  786. webmail.aldabba.gov.sd. 86400 IN CNAME mail.aldabba.gov.sd.
  787. www.aldabba.gov.sd. 86400 IN A 62.12.105.4
  788. #######################################################################################################################################
  789. Ip Address Status Type Domain Name Server
  790. ---------- ------ ---- ----------- ------
  791. 197.254.200.161 host mail.aldabba.gov.sd
  792. 197.254.200.161 alias webmail.aldabba.gov.sd
  793. 197.254.200.161 host mail.aldabba.gov.sd
  794. 62.12.105.4 200 host www.aldabba.gov.sd
  795. ######################################################################################################################################
  796. [+] Testing domain
  797. www.aldabba.gov.sd 62.12.105.4
  798. [+] Dns resolving
  799. Domain name Ip address Name server
  800. aldabba.gov.sd 62.12.105.4 f05-web03.nic.gov.sd
  801. Found 1 host(s) for aldabba.gov.sd
  802. [+] Testing wildcard
  803. Ok, no wildcard found.
  804.  
  805. [+] Scanning for subdomain on aldabba.gov.sd
  806. [!] Wordlist not specified. I scannig with my internal wordlist...
  807. Estimated time about 219.4 seconds
  808.  
  809. Subdomain Ip address Name server
  810.  
  811. www.aldabba.gov.sd 62.12.105.4 f05-web03.nic.gov.sd
  812. #######################################################################################################################################
  813. dnsenum VERSION:1.2.4
  814.  
  815. ----- aldabba.gov.sd -----
  816.  
  817.  
  818. Host's addresses:
  819. __________________
  820.  
  821. aldabba.gov.sd. 84006 IN A 62.12.105.4
  822.  
  823.  
  824. Name Servers:
  825. ______________
  826.  
  827. ns1.ndc.gov.sd. 83973 IN A 62.12.109.3
  828. ns0.ndc.gov.sd. 83973 IN A 62.12.109.2
  829.  
  830.  
  831. Mail (MX) Servers:
  832. ___________________
  833.  
  834. mail.aldabba.gov.sd. 85688 IN A 197.254.200.161
  835.  
  836.  
  837. Trying Zone Transfers and getting Bind Versions:
  838. _________________________________________________
  839.  
  840.  
  841. Trying Zone Transfer for aldabba.gov.sd on ns1.ndc.gov.sd ...
  842. aldabba.gov.sd. 86400 IN SOA (
  843. aldabba.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  844. aldabba.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  845. aldabba.gov.sd. 86400 IN A 62.12.105.4
  846. aldabba.gov.sd. 86400 IN MX 10
  847. aldabba.gov.sd. 86400 IN TXT "v=spf1
  848. mail.aldabba.gov.sd. 86400 IN A 197.254.200.161
  849. mail.aldabba.gov.sd. 86400 IN MX 10
  850. webmail.aldabba.gov.sd. 86400 IN CNAME mail.aldabba.gov.sd.
  851. www.aldabba.gov.sd. 86400 IN A 62.12.105.4
  852.  
  853. Trying Zone Transfer for aldabba.gov.sd on ns0.ndc.gov.sd ...
  854. aldabba.gov.sd. 86400 IN SOA (
  855. aldabba.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
  856. aldabba.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
  857. aldabba.gov.sd. 86400 IN A 62.12.105.4
  858. aldabba.gov.sd. 86400 IN MX 10
  859. aldabba.gov.sd. 86400 IN TXT "v=spf1
  860. mail.aldabba.gov.sd. 86400 IN A 197.254.200.161
  861. mail.aldabba.gov.sd. 86400 IN MX 10
  862. webmail.aldabba.gov.sd. 86400 IN CNAME mail.aldabba.gov.sd.
  863. www.aldabba.gov.sd. 86400 IN A 62.12.105.4
  864. #######################################################################################################################################
  865.  
  866. ____ _ _ _ _ _____
  867. / ___| _ _| |__ | (_)___| |_|___ / _ __
  868. \___ \| | | | '_ \| | / __| __| |_ \| '__|
  869. ___) | |_| | |_) | | \__ \ |_ ___) | |
  870. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  871.  
  872. # Coded By Ahmed Aboul-Ela - @aboul3la
  873.  
  874. [-] Enumerating subdomains now for aldabba.gov.sd
  875. [-] verbosity is enabled, will show the subdomains results in realtime
  876. [-] Searching now in Baidu..
  877. [-] Searching now in Yahoo..
  878. [-] Searching now in Google..
  879. [-] Searching now in Bing..
  880. [-] Searching now in Ask..
  881. [-] Searching now in Netcraft..
  882. [-] Searching now in DNSdumpster..
  883. [-] Searching now in Virustotal..
  884. [-] Searching now in ThreatCrowd..
  885. [-] Searching now in SSL Certificates..
  886. [-] Searching now in PassiveDNS..
  887. Virustotal: www.aldabba.gov.sd
  888. Virustotal: mail.aldabba.gov.sd
  889. Yahoo: www.aldabba.gov.sd
  890. Bing: www.aldabba.gov.sd
  891. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-aldabba.gov.sd.txt
  892. [-] Total Unique Subdomains Found: 2
  893. www.aldabba.gov.sd
  894. mail.aldabba.gov.sd
  895. #######################################################################################################################################
  896. mail.aldabba.gov.sd,197.254.200.161
  897. webmail.aldabba.gov.sd,197.254.200.161
  898. #######################################################################################################################################
  899. ===============================================
  900. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  901. ===============================================
  902.  
  903.  
  904. Running Source: Ask
  905. Running Source: Archive.is
  906. Running Source: Baidu
  907. Running Source: Bing
  908. Running Source: CertDB
  909. Running Source: CertificateTransparency
  910. Running Source: Certspotter
  911. Running Source: Commoncrawl
  912. Running Source: Crt.sh
  913. Running Source: Dnsdb
  914. Running Source: DNSDumpster
  915. Running Source: DNSTable
  916. Running Source: Dogpile
  917. Running Source: Exalead
  918. Running Source: Findsubdomains
  919. Running Source: Googleter
  920. Running Source: Hackertarget
  921. Running Source: Ipv4Info
  922. Running Source: PTRArchive
  923. Running Source: Sitedossier
  924. Running Source: Threatcrowd
  925. Running Source: ThreatMiner
  926. Running Source: WaybackArchive
  927. Running Source: Yahoo
  928.  
  929. Running enumeration on aldabba.gov.sd
  930.  
  931. dnsdb: Unexpected return status 503
  932.  
  933. waybackarchive: Get https://web.archive.org/cdx/search/cdx?url=*.aldabba.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/http: invalid header field value "http://web.archive.org/cdx/search/cdx?url=*.aldabba.gov.sd/*&output=json&fl=original&collapse=urlkey&page=\x00" for key Referer
  934.  
  935. archiveis: Get https://archive.fo/*.aldabba.gov.sd: dial tcp 213.183.51.24:443: connect: connection timed out
  936.  
  937.  
  938. Starting Bruteforcing of aldabba.gov.sd with 9985 words
  939.  
  940. Total 6 Unique subdomains found for aldabba.gov.sd
  941.  
  942. .aldabba.gov.sd
  943. mail.aldabba.gov.sd
  944. mail.aldabba.gov.sd
  945. webmail.aldabba.gov.sd
  946. www.aldabba.gov.sd
  947. www.aldabba.gov.sd
  948. #######################################################################################################################################
  949. [*] Found SPF record:
  950. [*] v=spf1 mx -all
  951. [*] SPF record contains an All item: -all
  952. [*] No DMARC record found. Looking for organizational record
  953. [+] No organizational DMARC record
  954. [+] Spoofing possible for aldabba.gov.sd!
  955. #######################################################################################################################################
  956. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:57 EST
  957. Warning: 62.12.105.4 giving up on port because retransmission cap hit (2).
  958. Nmap scan report for aldabba.gov.sd (62.12.105.4)
  959. Host is up (0.40s latency).
  960. rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
  961. Not shown: 464 filtered ports, 4 closed ports
  962. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  963. PORT STATE SERVICE
  964. 21/tcp open ftp
  965. 80/tcp open http
  966. 110/tcp open pop3
  967. 143/tcp open imap
  968. 443/tcp open https
  969. 993/tcp open imaps
  970. 995/tcp open pop3s
  971. 8443/tcp open https-alt
  972. #######################################################################################################################################
  973. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:00 EST
  974. Nmap scan report for aldabba.gov.sd (62.12.105.4)
  975. Host is up (0.12s latency).
  976. rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
  977. Not shown: 2 filtered ports
  978. PORT STATE SERVICE
  979. 53/udp open|filtered domain
  980. 67/udp open|filtered dhcps
  981. 68/udp open|filtered dhcpc
  982. 69/udp open|filtered tftp
  983. 88/udp open|filtered kerberos-sec
  984. 123/udp open|filtered ntp
  985. 139/udp open|filtered netbios-ssn
  986. 161/udp open|filtered snmp
  987. 162/udp open|filtered snmptrap
  988. 389/udp open|filtered ldap
  989. 520/udp open|filtered route
  990. 2049/udp open|filtered nfs
  991. #######################################################################################################################################
  992. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:00 EST
  993. Nmap scan report for aldabba.gov.sd (62.12.105.4)
  994. Host is up (0.37s latency).
  995. rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
  996.  
  997. PORT STATE SERVICE VERSION
  998. 21/tcp open ftp ProFTPD 1.3.5d
  999. | ftp-brute:
  1000. | Accounts: No valid accounts found
  1001. |_ Statistics: Performed 1813 guesses in 181 seconds, average tps: 9.6
  1002. Too many fingerprints match this host to give specific OS details
  1003. Network Distance: 24 hops
  1004. Service Info: OS: Unix
  1005.  
  1006. TRACEROUTE (using port 21/tcp)
  1007. HOP RTT ADDRESS
  1008. 1 125.40 ms 10.251.200.1
  1009. 2 125.42 ms 190.124.251.129
  1010. 3 125.43 ms 172.16.21.1
  1011. 4 185.26 ms 91.205.233.128
  1012. 5 185.27 ms 192.168.7.2
  1013. 6 187.25 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
  1014. 7 187.24 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
  1015. 8 187.25 ms te0-3-0-14.ccr21.mia03.atlas.cogentco.com (38.88.164.137)
  1016. 9 187.25 ms 154.54.47.29
  1017. 10 199.82 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
  1018. 11 209.76 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
  1019. 12 214.27 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
  1020. 13 283.32 ms be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)
  1021. 14 289.47 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1022. 15 289.39 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1023. 16 363.40 ms 185.153.20.70
  1024. 17 361.43 ms 185.153.20.82
  1025. 18 362.71 ms 185.153.20.94
  1026. 19 378.98 ms 185.153.20.153
  1027. 20 ... 21
  1028. 22 398.46 ms 196.202.145.94
  1029. 23 ...
  1030. 24 397.94 ms f05-web03.nic.gov.sd (62.12.105.4)
  1031. #######################################################################################################################################
  1032. http://aldabba.gov.sd [200 OK] Cookies[dba52603cb1126534e3b339094dcfc62], IP[62.12.105.4], Joomla[1.5,1.5.23,1.5.24,1.5.25,1.5.26][com_content,com_mailto], probably Mambo[com_content,com_mailto], MetaGenerator[Joomla! 1.5 - Open Source Content Management], PHP[5.4.16,], Plesk[Lin], Script[text/javascript], Title[محلية الدبة], X-Powered-By[PHP/5.4.16, PleskLin]
  1033. #######################################################################################################################################
  1034. wig - WebApp Information Gatherer
  1035.  
  1036.  
  1037. Scanning http://aldabba.gov.sd...
  1038. _________________________________________________ SITE INFO _________________________________________________
  1039. IP Title
  1040. 62.12.105.4 محلية الدبة
  1041.  
  1042. __________________________________________________ VERSION __________________________________________________
  1043. Name Versions Type
  1044. Joomla! 1.5 CMS
  1045. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 Platform
  1046. 2.4.8 | 2.4.9
  1047.  
  1048. ________________________________________________ INTERESTING ________________________________________________
  1049. URL Note Type
  1050. /robots.txt robots.txt index Interesting
  1051.  
  1052. ___________________________________________________ TOOLS ___________________________________________________
  1053. Name Link Software
  1054. CMSmap https://github.com/Dionach/CMSmap Joomla!
  1055. joomscan http://sourceforge.net/projects/joomscan/ Joomla!
  1056.  
  1057. ______________________________________________ VULNERABILITIES ______________________________________________
  1058. Affected #Vulns Link
  1059. Joomla! 1.5 14 http://cvedetails.com/version/53796
  1060.  
  1061. _____________________________________________________________________________________________________________
  1062. Time: 83.6 sec Urls: 437 Fingerprints: 40401
  1063. #######################################################################################################################################
  1064. HTTP/1.1 200 OK
  1065. Date: Sat, 16 Feb 2019 00:00:16 GMT
  1066. Content-Type: text/html; charset=utf-8
  1067. X-Powered-By: PHP/5.4.16
  1068. P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  1069. Expires: Mon, 1 Jan 2001 00:00:00 GMT
  1070. Cache-Control: post-check=0, pre-check=0
  1071. Pragma: no-cache
  1072. Set-Cookie: dba52603cb1126534e3b339094dcfc62=spl9s16mn10quukgq0oue8h8l0; path=/
  1073. Last-Modified: Sat, 16 Feb 2019 00:00:16 GMT
  1074. X-Powered-By: PleskLin
  1075. Connection: keep-alive
  1076.  
  1077. HTTP/1.1 200 OK
  1078. Date: Sat, 16 Feb 2019 00:00:17 GMT
  1079. Content-Type: text/html; charset=utf-8
  1080. X-Powered-By: PHP/5.4.16
  1081. P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
  1082. Expires: Mon, 1 Jan 2001 00:00:00 GMT
  1083. Cache-Control: post-check=0, pre-check=0
  1084. Pragma: no-cache
  1085. Set-Cookie: dba52603cb1126534e3b339094dcfc62=sl8drdjrggfhvj9ee01flpif30; path=/
  1086. Last-Modified: Sat, 16 Feb 2019 00:00:17 GMT
  1087. X-Powered-By: PleskLin
  1088. Connection: keep-alive
  1089. #######################################################################################################################################
  1090. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:08 EST
  1091. Nmap scan report for aldabba.gov.sd (62.12.105.4)
  1092. Host is up (0.13s latency).
  1093. rDNS record for 62.12.105.4: f05-web03.nic.gov.sd
  1094.  
  1095. PORT STATE SERVICE VERSION
  1096. 110/tcp open pop3 Dovecot pop3d
  1097. | pop3-brute:
  1098. | Accounts: No valid accounts found
  1099. |_ Statistics: Performed 211 guesses in 187 seconds, average tps: 1.1
  1100. |_pop3-capabilities: STLS RESP-CODES USER AUTH-RESP-CODE SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) PIPELINING TOP APOP UIDL CAPA
  1101. Too many fingerprints match this host to give specific OS details
  1102. Network Distance: 1 hop
  1103.  
  1104. TRACEROUTE (using port 80/tcp)
  1105. HOP RTT ADDRESS
  1106. 1 124.41 ms f05-web03.nic.gov.sd (62.12.105.4)
  1107. #######################################################################################################################################
  1108. Version: 1.11.12-static
  1109. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1110.  
  1111. Connected to 62.12.105.4
  1112.  
  1113. Testing SSL server aldabba.gov.sd on port 443 using SNI name aldabba.gov.sd
  1114.  
  1115. TLS Fallback SCSV:
  1116. Server supports TLS Fallback SCSV
  1117.  
  1118. TLS renegotiation:
  1119. Secure session renegotiation supported
  1120.  
  1121. TLS Compression:
  1122. Compression disabled
  1123.  
  1124. Heartbleed:
  1125. TLS 1.2 not vulnerable to heartbleed
  1126. TLS 1.1 not vulnerable to heartbleed
  1127. TLS 1.0 not vulnerable to heartbleed
  1128.  
  1129. Supported Server Cipher(s):
  1130. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  1131. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  1132. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1133. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  1134. Accepted TLSv1.2 256 bits AES256-SHA256
  1135. Accepted TLSv1.2 256 bits AES256-SHA
  1136. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  1137. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  1138. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  1139. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1140. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  1141. Accepted TLSv1.2 128 bits AES128-SHA256
  1142. Accepted TLSv1.2 128 bits AES128-SHA
  1143. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  1144. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1145. Accepted TLSv1.1 256 bits AES256-SHA
  1146. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  1147. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1148. Accepted TLSv1.1 128 bits AES128-SHA
  1149. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  1150. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1151. Accepted TLSv1.0 256 bits AES256-SHA
  1152. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  1153. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1154. Accepted TLSv1.0 128 bits AES128-SHA
  1155. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  1156.  
  1157. SSL Certificate:
  1158. Signature Algorithm: sha256WithRSAEncryption
  1159. RSA Key Strength: 2048
  1160.  
  1161. Subject: Plesk
  1162. Issuer: Plesk
  1163.  
  1164. Not valid before: Jul 20 00:21:23 2015 GMT
  1165. Not valid after: Jul 19 00:21:23 2016 GMT
  1166. ######################################################################################################################################
  1167. --------------------------------------------------------
  1168. <<<Yasuo discovered following vulnerable applications>>>
  1169. --------------------------------------------------------
  1170. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1171. | App Name | URL to Application | Potential Exploit | Username | Password |
  1172. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1173. | phpMyAdmin | https://62.12.105.4:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
  1174. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1175. #######################################################################################################################################
  1176. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:46 EST
  1177. Warning: 62.12.105.4 giving up on port because retransmission cap hit (2).
  1178. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
  1179. Host is up (0.40s latency).
  1180. Not shown: 464 filtered ports, 4 closed ports
  1181. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  1182. PORT STATE SERVICE
  1183. 21/tcp open ftp
  1184. 80/tcp open http
  1185. 110/tcp open pop3
  1186. 143/tcp open imap
  1187. 443/tcp open https
  1188. 993/tcp open imaps
  1189. 995/tcp open pop3s
  1190. 8443/tcp open https-alt
  1191. #######################################################################################################################################
  1192. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:48 EST
  1193. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
  1194. Host is up (0.12s latency).
  1195. Not shown: 2 filtered ports
  1196. PORT STATE SERVICE
  1197. 53/udp open|filtered domain
  1198. 67/udp open|filtered dhcps
  1199. 68/udp open|filtered dhcpc
  1200. 69/udp open|filtered tftp
  1201. 88/udp open|filtered kerberos-sec
  1202. 123/udp open|filtered ntp
  1203. 139/udp open|filtered netbios-ssn
  1204. 161/udp open|filtered snmp
  1205. 162/udp open|filtered snmptrap
  1206. 389/udp open|filtered ldap
  1207. 520/udp open|filtered route
  1208. 2049/udp open|filtered nfs
  1209. ######################################################################################################################################
  1210. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:48 EST
  1211. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
  1212. Host is up (0.36s latency).
  1213.  
  1214. PORT STATE SERVICE VERSION
  1215. 21/tcp open ftp ProFTPD 1.3.5d
  1216. | ftp-brute:
  1217. | Accounts: No valid accounts found
  1218. |_ Statistics: Performed 1943 guesses in 188 seconds, average tps: 10.0
  1219. Too many fingerprints match this host to give specific OS details
  1220. Network Distance: 24 hops
  1221. Service Info: OS: Unix
  1222.  
  1223. TRACEROUTE (using port 21/tcp)
  1224. HOP RTT ADDRESS
  1225. 1 124.75 ms 10.251.200.1
  1226. 2 124.79 ms 190.124.251.129
  1227. 3 124.82 ms 172.16.21.1
  1228. 4 184.43 ms 91.205.233.128
  1229. 5 185.05 ms 192.168.7.2
  1230. 6 185.12 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
  1231. 7 185.10 ms core3.t6-2.bbnet2.mia003.pnap.net (69.25.0.67)
  1232. 8 185.12 ms te0-3-0-14.ccr21.mia03.atlas.cogentco.com (38.88.164.137)
  1233. 9 185.11 ms 154.54.47.29
  1234. 10 199.59 ms be3483.ccr42.atl01.atlas.cogentco.com (154.54.28.49)
  1235. 11 208.19 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
  1236. 12 214.15 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
  1237. 13 289.82 ms be2490.ccr42.lon13.atlas.cogentco.com (154.54.42.86)
  1238. 14 288.51 ms be2871.ccr21.lon01.atlas.cogentco.com (154.54.58.186)
  1239. 15 285.91 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1240. 16 365.90 ms 185.153.20.70
  1241. 17 363.89 ms 185.153.20.82
  1242. 18 365.87 ms 185.153.20.94
  1243. 19 380.70 ms 185.153.20.153
  1244. 20 ... 21
  1245. 22 417.90 ms 196.202.145.94
  1246. 23 ...
  1247. 24 394.11 ms f05-web03.nic.gov.sd (62.12.105.4)
  1248. #######################################################################################################################################
  1249. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:53 EST
  1250. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
  1251. Host is up.
  1252.  
  1253. PORT STATE SERVICE VERSION
  1254. 67/udp open|filtered dhcps
  1255. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  1256. Too many fingerprints match this host to give specific OS details
  1257.  
  1258. TRACEROUTE (using proto 1/icmp)
  1259. HOP RTT ADDRESS
  1260. 1 125.49 ms 10.251.200.1
  1261. 2 125.53 ms 190.124.251.129
  1262. 3 125.89 ms 172.16.21.1
  1263. 4 185.73 ms 91.205.233.128
  1264. 5 187.50 ms 192.168.7.2
  1265. 6 187.94 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
  1266. 7 188.27 ms 69.25.0.3
  1267. 8 189.34 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
  1268. 9 187.94 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
  1269. 10 202.20 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
  1270. 11 207.79 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
  1271. 12 214.34 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
  1272. 13 286.35 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
  1273. 14 283.37 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  1274. 15 284.16 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1275. 16 362.76 ms 185.153.20.70
  1276. 17 361.97 ms 185.153.20.82
  1277. 18 362.77 ms 185.153.20.94
  1278. 19 386.33 ms 185.153.20.153
  1279. 20 395.62 ms 212.0.131.109
  1280. 21 390.02 ms 196.202.137.249
  1281. 22 399.11 ms 196.202.145.94
  1282. 23 ... 30
  1283. #######################################################################################################################################
  1284. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:56 EST
  1285. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
  1286. Host is up.
  1287.  
  1288. PORT STATE SERVICE VERSION
  1289. 68/udp open|filtered dhcpc
  1290. Too many fingerprints match this host to give specific OS details
  1291.  
  1292. TRACEROUTE (using proto 1/icmp)
  1293. HOP RTT ADDRESS
  1294. 1 124.45 ms 10.251.200.1
  1295. 2 124.50 ms 190.124.251.129
  1296. 3 124.53 ms 172.16.21.1
  1297. 4 185.18 ms 91.205.233.128
  1298. 5 185.12 ms 192.168.7.2
  1299. 6 185.17 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
  1300. 7 185.26 ms 69.25.0.3
  1301. 8 185.28 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
  1302. 9 185.25 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
  1303. 10 198.65 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
  1304. 11 209.52 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
  1305. 12 215.67 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
  1306. 13 287.05 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
  1307. 14 284.50 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  1308. 15 285.21 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1309. 16 363.48 ms 185.153.20.70
  1310. 17 362.84 ms 185.153.20.82
  1311. 18 363.48 ms 185.153.20.94
  1312. 19 379.60 ms 185.153.20.153
  1313. 20 392.82 ms 212.0.131.109
  1314. 21 390.28 ms 196.202.137.249
  1315. 22 400.80 ms 196.202.145.94
  1316. 23 ... 30
  1317. ######################################################################################################################################
  1318. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 19:58 EST
  1319. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
  1320. Host is up.
  1321.  
  1322. PORT STATE SERVICE VERSION
  1323. 69/udp open|filtered tftp
  1324. Too many fingerprints match this host to give specific OS details
  1325.  
  1326. TRACEROUTE (using proto 1/icmp)
  1327. HOP RTT ADDRESS
  1328. 1 124.37 ms 10.251.200.1
  1329. 2 124.30 ms 190.124.251.129
  1330. 3 124.35 ms 172.16.21.1
  1331. 4 185.02 ms 91.205.233.128
  1332. 5 185.06 ms 192.168.7.2
  1333. 6 185.05 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
  1334. 7 185.26 ms 69.25.0.3
  1335. 8 185.08 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
  1336. 9 185.10 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
  1337. 10 198.80 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
  1338. 11 209.85 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
  1339. 12 216.19 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
  1340. 13 287.79 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
  1341. 14 285.39 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  1342. 15 285.70 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1343. 16 365.48 ms 185.153.20.70
  1344. 17 365.44 ms 185.153.20.82
  1345. 18 365.45 ms 185.153.20.94
  1346. 19 381.33 ms 185.153.20.153
  1347. 20 394.20 ms 212.0.131.109
  1348. 21 388.89 ms 196.202.137.249
  1349. 22 399.53 ms 196.202.145.94
  1350. 23 ... 30
  1351. #######################################################################################################################################
  1352.  
  1353. wig - WebApp Information Gatherer
  1354.  
  1355.  
  1356. Scanning http://62.12.105.4...
  1357. _________________________________________ SITE INFO _________________________________________
  1358. IP Title
  1359. 62.12.105.4 Domain Default page
  1360.  
  1361. __________________________________________ VERSION __________________________________________
  1362. Name Versions Type
  1363. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 Platform
  1364. 2.4.8 | 2.4.9
  1365.  
  1366. _____________________________________________________________________________________________
  1367. Time: 79.2 sec Urls: 810 Fingerprints: 40401
  1368. #######################################################################################################################################
  1369. HTTP/1.1 200 OK
  1370. Date: Fri, 15 Feb 2019 23:54:34 GMT
  1371. Content-Type: text/html
  1372. Content-Length: 3750
  1373. Last-Modified: Wed, 31 Jan 2018 01:28:47 GMT
  1374. ETag: "ea6-5640866950aeb"
  1375. Accept-Ranges: bytes
  1376. Connection: keep-alive
  1377.  
  1378. HTTP/1.1 200 OK
  1379. Date: Fri, 15 Feb 2019 23:54:35 GMT
  1380. Content-Type: text/html
  1381. Content-Length: 3750
  1382. Last-Modified: Wed, 31 Jan 2018 01:28:47 GMT
  1383. ETag: "ea6-5640866950aeb"
  1384. Accept-Ranges: bytes
  1385. Connection: keep-alive
  1386. #######################################################################################################################################
  1387. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:02 EST
  1388. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
  1389. Host is up (0.13s latency).
  1390.  
  1391. PORT STATE SERVICE VERSION
  1392. 110/tcp open pop3 Dovecot pop3d
  1393. | pop3-brute:
  1394. | Accounts: No valid accounts found
  1395. |_ Statistics: Performed 212 guesses in 187 seconds, average tps: 1.1
  1396. |_pop3-capabilities: UIDL TOP SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) APOP PIPELINING STLS USER CAPA AUTH-RESP-CODE RESP-CODES
  1397. Too many fingerprints match this host to give specific OS details
  1398. Network Distance: 1 hop
  1399.  
  1400. TRACEROUTE (using port 80/tcp)
  1401. HOP RTT ADDRESS
  1402. 1 124.41 ms f05-web03.nic.gov.sd (62.12.105.4)
  1403. #######################################################################################################################################
  1404. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:05 EST
  1405. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
  1406. Host is up.
  1407.  
  1408. PORT STATE SERVICE VERSION
  1409. 123/udp open|filtered ntp
  1410. Too many fingerprints match this host to give specific OS details
  1411.  
  1412. TRACEROUTE (using proto 1/icmp)
  1413. HOP RTT ADDRESS
  1414. 1 123.82 ms 10.251.200.1
  1415. 2 123.85 ms 190.124.251.129
  1416. 3 123.87 ms 172.16.21.1
  1417. 4 184.58 ms 91.205.233.128
  1418. 5 184.60 ms 192.168.7.2
  1419. 6 184.62 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
  1420. 7 184.66 ms 69.25.0.3
  1421. 8 184.66 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
  1422. 9 184.66 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
  1423. 10 198.32 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
  1424. 11 208.70 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
  1425. 12 215.28 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
  1426. 13 287.02 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
  1427. 14 284.70 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  1428. 15 285.44 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1429. 16 374.27 ms 185.153.20.70
  1430. 17 373.77 ms 185.153.20.82
  1431. 18 374.22 ms 185.153.20.94
  1432. 19 391.49 ms 185.153.20.153
  1433. 20 403.85 ms 212.0.131.109
  1434. 21 390.92 ms 196.202.137.249
  1435. 22 401.79 ms 196.202.145.94
  1436. 23 ... 30
  1437. ######################################################################################################################################
  1438. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:08 EST
  1439. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
  1440. Host is up (0.12s latency).
  1441.  
  1442. PORT STATE SERVICE VERSION
  1443. 161/tcp filtered snmp
  1444. 161/udp open|filtered snmp
  1445. Too many fingerprints match this host to give specific OS details
  1446.  
  1447. TRACEROUTE (using proto 1/icmp)
  1448. HOP RTT ADDRESS
  1449. 1 124.57 ms 10.251.200.1
  1450. 2 124.51 ms 190.124.251.129
  1451. 3 124.57 ms 172.16.21.1
  1452. 4 184.53 ms 91.205.233.128
  1453. 5 184.59 ms 192.168.7.2
  1454. 6 184.94 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
  1455. 7 185.62 ms 69.25.0.3
  1456. 8 185.59 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
  1457. 9 188.03 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
  1458. 10 199.49 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
  1459. 11 208.45 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
  1460. 12 215.02 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
  1461. 13 287.31 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
  1462. 14 289.72 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  1463. 15 289.70 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1464. 16 368.52 ms 185.153.20.70
  1465. 17 367.70 ms 185.153.20.82
  1466. 18 368.53 ms 185.153.20.94
  1467. 19 385.24 ms 185.153.20.153
  1468. 20 394.74 ms 212.0.131.109
  1469. 21 390.24 ms 196.202.137.249
  1470. 22 403.24 ms 196.202.145.94
  1471. 23 ... 30
  1472. #######################################################################################################################################
  1473. Version: 1.11.12-static
  1474. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1475.  
  1476. Connected to 62.12.105.4
  1477.  
  1478. Testing SSL server 62.12.105.4 on port 443 using SNI name 62.12.105.4
  1479.  
  1480. TLS Fallback SCSV:
  1481. Server supports TLS Fallback SCSV
  1482.  
  1483. TLS renegotiation:
  1484. Secure session renegotiation supported
  1485.  
  1486. TLS Compression:
  1487. Compression disabled
  1488.  
  1489. Heartbleed:
  1490. TLS 1.2 not vulnerable to heartbleed
  1491. TLS 1.1 not vulnerable to heartbleed
  1492. TLS 1.0 not vulnerable to heartbleed
  1493.  
  1494. Supported Server Cipher(s):
  1495. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  1496. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  1497. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1498. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  1499. Accepted TLSv1.2 256 bits AES256-SHA256
  1500. Accepted TLSv1.2 256 bits AES256-SHA
  1501. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  1502. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  1503. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  1504. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1505. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  1506. Accepted TLSv1.2 128 bits AES128-SHA256
  1507. Accepted TLSv1.2 128 bits AES128-SHA
  1508. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  1509. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1510. Accepted TLSv1.1 256 bits AES256-SHA
  1511. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  1512. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1513. Accepted TLSv1.1 128 bits AES128-SHA
  1514. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  1515. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  1516. Accepted TLSv1.0 256 bits AES256-SHA
  1517. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  1518. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  1519. Accepted TLSv1.0 128 bits AES128-SHA
  1520. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  1521.  
  1522. SSL Certificate:
  1523. Signature Algorithm: sha256WithRSAEncryption
  1524. RSA Key Strength: 2048
  1525.  
  1526. Subject: Plesk
  1527. Issuer: Plesk
  1528.  
  1529. Not valid before: Jul 20 00:21:23 2015 GMT
  1530. Not valid after: Jul 19 00:21:23 2016 GMT
  1531. #######################################################################################################################################
  1532. --------------------------------------------------------
  1533. <<<Yasuo discovered following vulnerable applications>>>
  1534. --------------------------------------------------------
  1535. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1536. | App Name | URL to Application | Potential Exploit | Username | Password |
  1537. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1538. | phpMyAdmin | https://62.12.105.4:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
  1539. +------------+--------------------------------------+--------------------------------------------------+----------+----------+
  1540. #######################################################################################################################################
  1541. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:19 EST
  1542. NSE: Loaded 148 scripts for scanning.
  1543. NSE: Script Pre-scanning.
  1544. NSE: Starting runlevel 1 (of 2) scan.
  1545. Initiating NSE at 20:19
  1546. Completed NSE at 20:19, 0.00s elapsed
  1547. NSE: Starting runlevel 2 (of 2) scan.
  1548. Initiating NSE at 20:19
  1549. Completed NSE at 20:19, 0.00s elapsed
  1550. Initiating Ping Scan at 20:19
  1551. Scanning 62.12.105.4 [4 ports]
  1552. Completed Ping Scan at 20:19, 0.16s elapsed (1 total hosts)
  1553. Initiating Parallel DNS resolution of 1 host. at 20:19
  1554. Completed Parallel DNS resolution of 1 host. at 20:19, 0.02s elapsed
  1555. Initiating Connect Scan at 20:19
  1556. Scanning f05-web03.nic.gov.sd (62.12.105.4) [1000 ports]
  1557. Discovered open port 80/tcp on 62.12.105.4
  1558. Discovered open port 110/tcp on 62.12.105.4
  1559. Discovered open port 995/tcp on 62.12.105.4
  1560. Discovered open port 443/tcp on 62.12.105.4
  1561. Discovered open port 993/tcp on 62.12.105.4
  1562. Discovered open port 21/tcp on 62.12.105.4
  1563. Discovered open port 143/tcp on 62.12.105.4
  1564. Discovered open port 8443/tcp on 62.12.105.4
  1565. Completed Connect Scan at 20:20, 20.69s elapsed (1000 total ports)
  1566. Initiating Service scan at 20:20
  1567. Scanning 8 services on f05-web03.nic.gov.sd (62.12.105.4)
  1568. Completed Service scan at 20:20, 35.61s elapsed (8 services on 1 host)
  1569. Initiating OS detection (try #1) against f05-web03.nic.gov.sd (62.12.105.4)
  1570. Retrying OS detection (try #2) against f05-web03.nic.gov.sd (62.12.105.4)
  1571. Initiating Traceroute at 20:20
  1572. Completed Traceroute at 20:21, 3.62s elapsed
  1573. Initiating Parallel DNS resolution of 22 hosts. at 20:21
  1574. Completed Parallel DNS resolution of 22 hosts. at 20:21, 16.50s elapsed
  1575. NSE: Script scanning 62.12.105.4.
  1576. NSE: Starting runlevel 1 (of 2) scan.
  1577. Initiating NSE at 20:21
  1578. NSE Timing: About 99.08% done; ETC: 20:21 (0:00:00 remaining)
  1579. NSE Timing: About 99.17% done; ETC: 20:22 (0:00:01 remaining)
  1580. NSE Timing: About 99.27% done; ETC: 20:22 (0:00:01 remaining)
  1581. NSE Timing: About 99.63% done; ETC: 20:23 (0:00:00 remaining)
  1582. Completed NSE at 20:23, 142.26s elapsed
  1583. NSE: Starting runlevel 2 (of 2) scan.
  1584. Initiating NSE at 20:23
  1585. Completed NSE at 20:23, 0.81s elapsed
  1586. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
  1587. Host is up, received reset ttl 64 (0.37s latency).
  1588. Scanned at 2019-02-15 20:19:50 EST for 229s
  1589. Not shown: 987 filtered ports
  1590. Reason: 986 no-responses and 1 host-unreach
  1591. PORT STATE SERVICE REASON VERSION
  1592. 20/tcp closed ftp-data conn-refused
  1593. 21/tcp open ftp syn-ack ProFTPD 1.3.5d
  1594. | ssl-cert: Subject: commonName=f05-web03.nic.gov.sd
  1595. | Subject Alternative Name: DNS:f05-web03.nic.gov.sd
  1596. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
  1597. | Public Key type: rsa
  1598. | Public Key bits: 2048
  1599. | Signature Algorithm: sha256WithRSAEncryption
  1600. | Not valid before: 2017-11-26T15:16:33
  1601. | Not valid after: 2018-02-24T15:16:33
  1602. | MD5: 3f63 49c9 d709 5130 4b48 50d5 32c1 abb5
  1603. | SHA-1: 5b15 5a3e d920 1f11 81ff 444b 5712 f23a 8b68 b5af
  1604. | -----BEGIN CERTIFICATE-----
  1605. | MIIFCzCCA/OgAwIBAgISA8ZuVjBzi24EU0kWvASakIcgMA0GCSqGSIb3DQEBCwUA
  1606. | MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
  1607. | ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzExMjYxNTE2MzNaFw0x
  1608. | ODAyMjQxNTE2MzNaMB8xHTAbBgNVBAMTFGYwNS13ZWIwMy5uaWMuZ292LnNkMIIB
  1609. | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweoZBgm5eWY8rANaRF54HDHO
  1610. | uSbolGAdJxgvFvvo/2cjxfAtlRY1Q/9GZWnSK5q9WMVxY19DvzG9tGui50Rh4iUe
  1611. | pbTt5AoCaxDCmVSSzXSnvV26L0FVJaFr80EvbfcY+Y3fPaUST6ju5SqhhGDmrKmJ
  1612. | RsP8WS03/nrwY9rUCRLSCJDByxW9LrWLzAIiSp5z570xCUQXrDcoxHU9F3+zIYgL
  1613. | v8L6fea76VyQWxhggbogR4qU1Ixo3ezBuaL0eZ/b0t8CYJ9XLH6DqWrDc55LWIGI
  1614. | 2ZKv3Ib5l2hpZ3l65HzBJNJnGPa4X9EhJM0Akla+9C0alnzb/8X5EWujmTFRSQID
  1615. | AQABo4ICFDCCAhAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
  1616. | BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTa9bmnWLF1iaNLyfRi
  1617. | I3TeSbYtpTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEF
  1618. | BQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
  1619. | cnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5j
  1620. | cnlwdC5vcmcvMB8GA1UdEQQYMBaCFGYwNS13ZWIwMy5uaWMuZ292LnNkMIH+BgNV
  1621. | HSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcC
  1622. | ARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGb
  1623. | VGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5
  1624. | aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0
  1625. | aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcv
  1626. | cmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAdZAbiKPfbg5rdICOdfKevK
  1627. | M8emQgL8dtOnRuZiP39Z7X05t/c+vVv7RFrT4aiT84r7qYVmFZ/qiHQ/IxInm18U
  1628. | tvbuSEvM2AaXdsfc8x8L5Hf1kHflt956MfC70J6x4JyU3Fxtz34yiXPDR2E8FHBi
  1629. | vjs2nVqbrl4VePh5usaRwWfogYUDysuxK4kEqsNVYJKy3c3a5iB7eGrF6tV/gMtF
  1630. | kfYFGULdFU2CcB7TItSOUUi6oClNJgrEtfG4/2u/bZi6ypt0Dd9xqAOFRjaoViR8
  1631. | WUDFhDbmPsfLnx8ID73fflxYm2+SLd+zuKPxgDqUiTwMKEk5fMgiK+DnPc0OXJA=
  1632. |_-----END CERTIFICATE-----
  1633. |_ssl-date: TLS randomness does not represent time
  1634. 25/tcp closed smtp conn-refused
  1635. 80/tcp open http-proxy syn-ack Squid http proxy
  1636. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
  1637. | http-methods:
  1638. |_ Supported Methods: GET HEAD POST OPTIONS
  1639. |_http-open-proxy: Proxy might be redirecting requests
  1640. |_http-title: Domain Default page
  1641. 110/tcp open pop3 syn-ack Dovecot pop3d
  1642. |_pop3-capabilities: STLS UIDL USER CAPA SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) TOP APOP RESP-CODES PIPELINING AUTH-RESP-CODE
  1643. |_ssl-date: TLS randomness does not represent time
  1644. 113/tcp closed ident conn-refused
  1645. 139/tcp closed netbios-ssn conn-refused
  1646. 143/tcp open imap syn-ack Dovecot imapd
  1647. |_imap-capabilities: OK SASL-IR ENABLE AUTH=LOGIN IDLE IMAP4rev1 STARTTLS more AUTH=PLAIN ID listed capabilities LOGIN-REFERRALS have AUTH=DIGEST-MD5 post-login Pre-login LITERAL+ AUTH=CRAM-MD5A0001
  1648. |_ssl-date: TLS randomness does not represent time
  1649. 443/tcp open ssl/http syn-ack nginx
  1650. | http-methods:
  1651. |_ Supported Methods: GET
  1652. |_http-server-header: nginx
  1653. |_http-title: 400 The plain HTTP request was sent to HTTPS port
  1654. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/organizationalUnitName=Plesk/localityName=Seattle
  1655. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/organizationalUnitName=Plesk/localityName=Seattle
  1656. | Public Key type: rsa
  1657. | Public Key bits: 2048
  1658. | Signature Algorithm: sha256WithRSAEncryption
  1659. | Not valid before: 2015-07-20T00:21:23
  1660. | Not valid after: 2016-07-19T00:21:23
  1661. | MD5: 081e a803 762a f7a0 8cff 7a71 192c 7cfb
  1662. | SHA-1: 0cdb 447d b0e9 070c 8a69 b2fe 1b86 9aa0 7697 10fb
  1663. | -----BEGIN CERTIFICATE-----
  1664. | MIIDfTCCAmUCBFWsPwMwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
  1665. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
  1666. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
  1667. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE1MDcyMDAwMjEyM1oXDTE2MDcxOTAwMjEy
  1668. | M1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
  1669. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
  1670. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
  1671. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAd1dWnJxCatqhs1eGGmK3DkvHNP9ZOO
  1672. | ub2jqqdVsE5OBnhEcRVjF9sErfabSo2m1fDfaNv4CcxfzD1a59ADubR5wcq0orf0
  1673. | qIEiACfV6lqQP2Lv4BhqNNlo0d1wj9xCzTcv1GZq0VO+q9Bl0iB1GgXQGrKCZVNh
  1674. | YM1njL7AG9s0yVPfhLIPdmqmB0KhahyqaLCgQJMLFmhVsP+H9h6BaAbxFyklxUnF
  1675. | Vpryi28oscOOYDaSLwb+ZWFNlkKKk1BWc/3y2KniwSDnsXSueCIZQ4iKbapuHHk7
  1676. | dLC6v+L+hbW6JyB+fDp3nK1eVgC8aP4D/CYi3IPjHNri8c957SCWEQIDAQABMA0G
  1677. | CSqGSIb3DQEBCwUAA4IBAQCtUeqEmmV5PGWiIAaJv1TVqisoQiE+iPF5RJXKKN2w
  1678. | btOW6h03jxU1KV8yzPfcjgseRNzYB8/+4Zm7HllusV2O27NnQ0lVlQDVGfsqx0gX
  1679. | W0TOSt1MjMW7lSWTnAEUC+k/AbARjbihXfsxKQfI7w8e1ai9/Pe3aa+eZwihkV0e
  1680. | 85vdXd3W6GjntKcEycQwLVWxPK8awVnAXOhF7a3b04fLCy16TTwWLK2NnstIOEdb
  1681. | KQUhBFkld2VvYNDfRLaO7v++PdkDB2cXQFExMwhlu5S0bhKW6Kv0+Mg0gMU1CDQS
  1682. | kcTfsoE+yhqkrExc9N/qn1Aa0mf9P3Lm4y5tPJkXTD33
  1683. |_-----END CERTIFICATE-----
  1684. |_ssl-date: TLS randomness does not represent time
  1685. | tls-alpn:
  1686. | h2
  1687. |_ http/1.1
  1688. | tls-nextprotoneg:
  1689. | h2
  1690. |_ http/1.1
  1691. 445/tcp closed microsoft-ds conn-refused
  1692. 993/tcp open ssl/imaps? syn-ack
  1693. |_ssl-date: TLS randomness does not represent time
  1694. 995/tcp open ssl/pop3s? syn-ack
  1695. |_ssl-date: TLS randomness does not represent time
  1696. 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.5.3)
  1697. | http-methods:
  1698. |_ Supported Methods: GET HEAD POST OPTIONS
  1699. |_http-server-header: sw-cp-server
  1700. | http-title: Plesk Onyx 17.5.3
  1701. |_Requested resource was https://f05-web03.nic.gov.sd:8443/
  1702. | ssl-cert: Subject: commonName=f05-web03.nic.gov.sd
  1703. | Subject Alternative Name: DNS:f05-web03.nic.gov.sd
  1704. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
  1705. | Public Key type: rsa
  1706. | Public Key bits: 2048
  1707. | Signature Algorithm: sha256WithRSAEncryption
  1708. | Not valid before: 2017-11-26T15:16:33
  1709. | Not valid after: 2018-02-24T15:16:33
  1710. | MD5: 3f63 49c9 d709 5130 4b48 50d5 32c1 abb5
  1711. | SHA-1: 5b15 5a3e d920 1f11 81ff 444b 5712 f23a 8b68 b5af
  1712. | -----BEGIN CERTIFICATE-----
  1713. | MIIFCzCCA/OgAwIBAgISA8ZuVjBzi24EU0kWvASakIcgMA0GCSqGSIb3DQEBCwUA
  1714. | MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
  1715. | ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzExMjYxNTE2MzNaFw0x
  1716. | ODAyMjQxNTE2MzNaMB8xHTAbBgNVBAMTFGYwNS13ZWIwMy5uaWMuZ292LnNkMIIB
  1717. | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweoZBgm5eWY8rANaRF54HDHO
  1718. | uSbolGAdJxgvFvvo/2cjxfAtlRY1Q/9GZWnSK5q9WMVxY19DvzG9tGui50Rh4iUe
  1719. | pbTt5AoCaxDCmVSSzXSnvV26L0FVJaFr80EvbfcY+Y3fPaUST6ju5SqhhGDmrKmJ
  1720. | RsP8WS03/nrwY9rUCRLSCJDByxW9LrWLzAIiSp5z570xCUQXrDcoxHU9F3+zIYgL
  1721. | v8L6fea76VyQWxhggbogR4qU1Ixo3ezBuaL0eZ/b0t8CYJ9XLH6DqWrDc55LWIGI
  1722. | 2ZKv3Ib5l2hpZ3l65HzBJNJnGPa4X9EhJM0Akla+9C0alnzb/8X5EWujmTFRSQID
  1723. | AQABo4ICFDCCAhAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
  1724. | BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTa9bmnWLF1iaNLyfRi
  1725. | I3TeSbYtpTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEF
  1726. | BQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
  1727. | cnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5j
  1728. | cnlwdC5vcmcvMB8GA1UdEQQYMBaCFGYwNS13ZWIwMy5uaWMuZ292LnNkMIH+BgNV
  1729. | HSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcC
  1730. | ARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGb
  1731. | VGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5
  1732. | aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0
  1733. | aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcv
  1734. | cmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAdZAbiKPfbg5rdICOdfKevK
  1735. | M8emQgL8dtOnRuZiP39Z7X05t/c+vVv7RFrT4aiT84r7qYVmFZ/qiHQ/IxInm18U
  1736. | tvbuSEvM2AaXdsfc8x8L5Hf1kHflt956MfC70J6x4JyU3Fxtz34yiXPDR2E8FHBi
  1737. | vjs2nVqbrl4VePh5usaRwWfogYUDysuxK4kEqsNVYJKy3c3a5iB7eGrF6tV/gMtF
  1738. | kfYFGULdFU2CcB7TItSOUUi6oClNJgrEtfG4/2u/bZi6ypt0Dd9xqAOFRjaoViR8
  1739. | WUDFhDbmPsfLnx8ID73fflxYm2+SLd+zuKPxgDqUiTwMKEk5fMgiK+DnPc0OXJA=
  1740. |_-----END CERTIFICATE-----
  1741. |_ssl-date: TLS randomness does not represent time
  1742. | tls-nextprotoneg:
  1743. |_ http/1.1
  1744. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
  1745. Aggressive OS guesses: AVtech Room Alert 26W environmental monitor (98%), HP ProCurve Secure Router 7102dl (93%), Ricoh Aficio SP C240SF printer (93%), Linksys BEFSR41 EtherFast router (91%), OpenBSD 4.0 (91%), FreeBSD 6.2-RELEASE (90%), Linux 2.6.18 - 2.6.22 (90%), OpenBSD 4.3 (90%), Android 7.1.2 (Linux 3.10) (90%), Apple AirPort Extreme WAP (88%)
  1746. No exact OS matches for host (test conditions non-ideal).
  1747. TCP/IP fingerprint:
  1748. SCAN(V=7.70%E=4%D=2/15%OT=21%CT=20%CU=%PV=N%G=N%TM=5C67661B%P=x86_64-pc-linux-gnu)
  1749. SEQ(SP=105%GCD=1%ISR=104%TI=Z%TS=U)
  1750. OPS(O1=M4B3W7N%O2=M4B3W7N%O3=M4B3W7N%O4=M4B3W7N%O5=M4B3W7N%O6=M4B3)
  1751. WIN(W1=7210%W2=7210%W3=7210%W4=7210%W5=7210%W6=7210)
  1752. ECN(R=Y%DF=Y%TG=40%W=7210%O=M4B3W7N%CC=Y%Q=)
  1753. ECN(R=N)
  1754. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
  1755. T2(R=N)
  1756. T3(R=N)
  1757. T4(R=N)
  1758. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
  1759. T6(R=N)
  1760. T7(R=N)
  1761. U1(R=N)
  1762. IE(R=N)
  1763.  
  1764. Service Info: OS: Unix
  1765.  
  1766. TRACEROUTE (using proto 1/icmp)
  1767. HOP RTT ADDRESS
  1768. 1 124.12 ms 10.251.200.1
  1769. 2 124.29 ms 190.124.251.129
  1770. 3 124.32 ms 172.16.21.1
  1771. 4 184.42 ms 91.205.233.128
  1772. 5 184.44 ms 192.168.7.2
  1773. 6 184.46 ms edge2.xe0-0-14.globalmarket-4.mia007.pnap.net (63.251.152.229)
  1774. 7 184.84 ms 69.25.0.3
  1775. 8 184.84 ms te0-0-0-12.ccr21.mia03.atlas.cogentco.com (38.104.94.97)
  1776. 9 184.85 ms be3400.ccr21.mia01.atlas.cogentco.com (154.54.47.17)
  1777. 10 198.67 ms be3482.ccr41.atl01.atlas.cogentco.com (154.54.24.145)
  1778. 11 209.29 ms be2112.ccr41.dca01.atlas.cogentco.com (154.54.7.157)
  1779. 12 216.07 ms be2806.ccr41.jfk02.atlas.cogentco.com (154.54.40.105)
  1780. 13 287.60 ms be2317.ccr41.lon13.atlas.cogentco.com (154.54.30.186)
  1781. 14 284.68 ms be2868.ccr21.lon01.atlas.cogentco.com (154.54.57.154)
  1782. 15 285.23 ms expressotelecom.demarc.cogentco.com (149.14.248.202)
  1783. 16 363.75 ms 185.153.20.70
  1784. 17 363.36 ms 185.153.20.82
  1785. 18 363.79 ms 185.153.20.94
  1786. 19 379.79 ms 185.153.20.153
  1787. 20 392.62 ms 212.0.131.109
  1788. 21 390.77 ms 196.202.137.249
  1789. 22 399.43 ms 196.202.145.94
  1790. 23 ... 30
  1791.  
  1792. NSE: Script Post-scanning.
  1793. NSE: Starting runlevel 1 (of 2) scan.
  1794. Initiating NSE at 20:23
  1795. Completed NSE at 20:23, 0.00s elapsed
  1796. NSE: Starting runlevel 2 (of 2) scan.
  1797. Initiating NSE at 20:23
  1798. Completed NSE at 20:23, 0.00s elapsed
  1799. Read data files from: /usr/bin/../share/nmap
  1800. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1801. Nmap done: 1 IP address (1 host up) scanned in 229.76 seconds
  1802. Raw packets sent: 140 (10.568KB) | Rcvd: 128 (18.431KB)
  1803. #######################################################################################################################################
  1804. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-15 20:23 EST
  1805. NSE: Loaded 148 scripts for scanning.
  1806. NSE: Script Pre-scanning.
  1807. Initiating NSE at 20:23
  1808. Completed NSE at 20:23, 0.00s elapsed
  1809. Initiating NSE at 20:23
  1810. Completed NSE at 20:23, 0.00s elapsed
  1811. Initiating Parallel DNS resolution of 1 host. at 20:23
  1812. Completed Parallel DNS resolution of 1 host. at 20:23, 0.02s elapsed
  1813. Initiating UDP Scan at 20:23
  1814. Scanning f05-web03.nic.gov.sd (62.12.105.4) [14 ports]
  1815. Completed UDP Scan at 20:23, 2.15s elapsed (14 total ports)
  1816. Initiating Service scan at 20:23
  1817. Scanning 12 services on f05-web03.nic.gov.sd (62.12.105.4)
  1818. Service scan Timing: About 8.33% done; ETC: 20:43 (0:17:58 remaining)
  1819. Completed Service scan at 20:25, 102.58s elapsed (12 services on 1 host)
  1820. Initiating OS detection (try #1) against f05-web03.nic.gov.sd (62.12.105.4)
  1821. Retrying OS detection (try #2) against f05-web03.nic.gov.sd (62.12.105.4)
  1822. Initiating Traceroute at 20:25
  1823. Completed Traceroute at 20:25, 7.31s elapsed
  1824. Initiating Parallel DNS resolution of 1 host. at 20:25
  1825. Completed Parallel DNS resolution of 1 host. at 20:25, 0.02s elapsed
  1826. NSE: Script scanning 62.12.105.4.
  1827. Initiating NSE at 20:25
  1828. Completed NSE at 20:25, 20.30s elapsed
  1829. Initiating NSE at 20:25
  1830. Completed NSE at 20:25, 1.03s elapsed
  1831. Nmap scan report for f05-web03.nic.gov.sd (62.12.105.4)
  1832. Host is up (0.12s latency).
  1833.  
  1834. PORT STATE SERVICE VERSION
  1835. 53/udp open|filtered domain
  1836. 67/udp open|filtered dhcps
  1837. 68/udp open|filtered dhcpc
  1838. 69/udp open|filtered tftp
  1839. 88/udp open|filtered kerberos-sec
  1840. 123/udp open|filtered ntp
  1841. 137/udp filtered netbios-ns
  1842. 138/udp filtered netbios-dgm
  1843. 139/udp open|filtered netbios-ssn
  1844. 161/udp open|filtered snmp
  1845. 162/udp open|filtered snmptrap
  1846. 389/udp open|filtered ldap
  1847. 520/udp open|filtered route
  1848. 2049/udp open|filtered nfs
  1849. Too many fingerprints match this host to give specific OS details
  1850.  
  1851. TRACEROUTE (using port 137/udp)
  1852. HOP RTT ADDRESS
  1853. 1 124.11 ms 10.251.200.1
  1854. 2 ... 3
  1855. 4 123.00 ms 10.251.200.1
  1856. 5 124.39 ms 10.251.200.1
  1857. 6 124.41 ms 10.251.200.1
  1858. 7 124.41 ms 10.251.200.1
  1859. 8 124.41 ms 10.251.200.1
  1860. 9 124.43 ms 10.251.200.1
  1861. 10 124.55 ms 10.251.200.1
  1862. 11 ... 18
  1863. 19 123.21 ms 10.251.200.1
  1864. 20 123.23 ms 10.251.200.1
  1865. 21 ... 27
  1866. 28 124.30 ms 10.251.200.1
  1867. 29 124.61 ms 10.251.200.1
  1868. 30 123.31 ms 10.251.200.1
  1869.  
  1870. NSE: Script Post-scanning.
  1871. Initiating NSE at 20:25
  1872. Completed NSE at 20:25, 0.00s elapsed
  1873. Initiating NSE at 20:25
  1874. Completed NSE at 20:25, 0.00s elapsed
  1875. Read data files from: /usr/bin/../share/nmap
  1876. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1877. Nmap done: 1 IP address (1 host up) scanned in 138.73 seconds
  1878. Raw packets sent: 148 (13.692KB) | Rcvd: 30 (3.265KB)
  1879. #######################################################################################################################################
  1880. [+] FireWall Detector
  1881. [++] Firewall not detected
  1882.  
  1883. [+] Detecting Joomla Version
  1884. [++] Joomla 1.5
  1885.  
  1886. [+] Core Joomla Vulnerability
  1887. [++] Joomla! 1.5 Beta 2 - 'Search' Remote Code Execution
  1888. EDB : https://www.exploit-db.com/exploits/4212/
  1889.  
  1890. Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection
  1891. CVE : CVE-2007-4781
  1892. EDB : https://www.exploit-db.com/exploits/4350/
  1893.  
  1894. Joomla! 1.5.x - (Token) Remote Admin Change Password
  1895. CVE : CVE-2008-3681
  1896. EDB : https://www.exploit-db.com/exploits/6234/
  1897.  
  1898. Joomla! 1.5.x - Cross-Site Scripting / Information Disclosure
  1899. CVE: CVE-2011-4909
  1900. EDB : https://www.exploit-db.com/exploits/33061/
  1901.  
  1902. Joomla! 1.5.x - 404 Error Page Cross-Site Scripting
  1903. EDB : https://www.exploit-db.com/exploits/33378/
  1904.  
  1905. Joomla! 1.5.12 - read/exec Remote files
  1906. EDB : https://www.exploit-db.com/exploits/11263/
  1907.  
  1908. Joomla! 1.5.12 - connect back Exploit
  1909. EDB : https://www.exploit-db.com/exploits/11262/
  1910.  
  1911. Joomla! Plugin 'tinybrowser' 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)
  1912. CVE : CVE-2011-4908
  1913. EDB : https://www.exploit-db.com/exploits/9926/
  1914.  
  1915. Joomla! 1.5 - URL Redirecting
  1916. EDB : https://www.exploit-db.com/exploits/14722/
  1917.  
  1918. Joomla! 1.5.x - SQL Error Information Disclosure
  1919. EDB : https://www.exploit-db.com/exploits/34955/
  1920.  
  1921. Joomla! - Spam Mail Relay
  1922. EDB : https://www.exploit-db.com/exploits/15979/
  1923.  
  1924. Joomla! 1.5/1.6 - JFilterInput Cross-Site Scripting Bypass
  1925. EDB : https://www.exploit-db.com/exploits/16091/
  1926.  
  1927. Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities
  1928. EDB : https://www.exploit-db.com/exploits/36176/
  1929.  
  1930. Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution
  1931. CVE : CVE-2015-8562
  1932. EDB : https://www.exploit-db.com/exploits/38977/
  1933.  
  1934. Joomla! 1.0 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution
  1935. CVE : CVE-2015-8562 , CVE-2015-8566
  1936. EDB : https://www.exploit-db.com/exploits/39033/
  1937.  
  1938. Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion
  1939. CVE : CVE-2007-2199
  1940. EDB : https://www.exploit-db.com/exploits/3781/
  1941.  
  1942. Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal
  1943. CVE : CVE-2009-0113
  1944. EDB : https://www.exploit-db.com/exploits/7691/
  1945.  
  1946.  
  1947.  
  1948. [+] Checking apache info/status files
  1949. [++] Readable info/status files are not found
  1950.  
  1951. [+] admin finder
  1952. [++] Admin page : http://aldabba.gov.sd/admin/
  1953.  
  1954. [+] Checking robots.txt existing
  1955. [++] robots.txt is found
  1956. path : http://aldabba.gov.sd/robots.txt
  1957.  
  1958. Interesting path found from robots.txt
  1959. http://aldabba.gov.sd/administrator/
  1960. http://aldabba.gov.sd/cache/
  1961. http://aldabba.gov.sd/components/
  1962. http://aldabba.gov.sd/images/
  1963. http://aldabba.gov.sd/includes/
  1964. http://aldabba.gov.sd/installation/
  1965. http://aldabba.gov.sd/language/
  1966. http://aldabba.gov.sd/libraries/
  1967. http://aldabba.gov.sd/media/
  1968. http://aldabba.gov.sd/modules/
  1969. http://aldabba.gov.sd/plugins/
  1970. http://aldabba.gov.sd/templates/
  1971. http://aldabba.gov.sd/tmp/
  1972. http://aldabba.gov.sd/xmlrpc/
  1973.  
  1974.  
  1975. [+] Finding common backup files name
  1976. [++] Backup files are not found
  1977.  
  1978. [+] Finding common log files name
  1979. [++] error log is not found
  1980.  
  1981. [+] Checking sensitive config.php.x file
  1982. [++] Readable config files are not found
  1983.  
  1984.  
  1985. Your Report : reports/aldabba.gov.sd/
  1986. #######################################################################################################################################
  1987. [-] Date & Time: 15/02/2019 19:09:44
  1988. [I] Threads: 5
  1989. [-] Target: http://aldabba.gov.sd (62.12.105.4)
  1990. [M] Website Not in HTTPS: http://aldabba.gov.sd
  1991. [I] X-Powered-By: PHP/5.4.16
  1992. [L] X-Frame-Options: Not Enforced
  1993. [I] Strict-Transport-Security: Not Enforced
  1994. [I] X-Content-Security-Policy: Not Enforced
  1995. [I] X-Content-Type-Options: Not Enforced
  1996. [L] Robots.txt Found: http://aldabba.gov.sd/robots.txt
  1997. [I] CMS Detection: Joomla
  1998. [I] Joomla Website Template: rhuk_milkyway
  1999. [I] Joomla Website Template: system
  2000. [H] Configuration File Found: http://aldabba.gov.sd/configuration
  2001. [-] Enumerating Joomla Usernames via "Feed" ...
  2002. [I] Administrator: moh9982@yahoo.com
  2003. [I] Autocomplete Off Not Found: http://aldabba.gov.sd/administrator/index.php
  2004. [-] Joomla Default Files:
  2005. [-] Joomla is likely to have a large number of default files
  2006. [-] Would you like to list them all?
  2007. [y/N]: y
  2008. [I] http://aldabba.gov.sd/bin/index.html
  2009. [I] http://aldabba.gov.sd/cache/index.html
  2010. [I] http://aldabba.gov.sd/cli/index.html
  2011. [I] http://aldabba.gov.sd/components/index.html
  2012. [I] http://aldabba.gov.sd/htaccess.txt
  2013. [I] http://aldabba.gov.sd/images/index.html
  2014. [I] http://aldabba.gov.sd/includes/index.html
  2015. [I] http://aldabba.gov.sd/installation/cache/index.html
  2016. [I] http://aldabba.gov.sd/language/index.html
  2017. [I] http://aldabba.gov.sd/language/overrides/index.html
  2018. [I] http://aldabba.gov.sd/layouts/index.html
  2019. [I] http://aldabba.gov.sd/layouts/joomla/error/index.html
  2020. [I] http://aldabba.gov.sd/libraries/index.html
  2021. [I] http://aldabba.gov.sd/media/editors/codemirror/mode/rpm/changes/index.html
  2022. [I] http://aldabba.gov.sd/media/editors/tinymce/plugins/example/dialog.html
  2023. [I] http://aldabba.gov.sd/media/editors/tinymce/templates/layout1.html
  2024. [I] http://aldabba.gov.sd/media/editors/tinymce/templates/snippet1.html
  2025. [I] http://aldabba.gov.sd/media/index.html
  2026. [I] http://aldabba.gov.sd/modules/index.html
  2027. [I] http://aldabba.gov.sd/plugins/index.html
  2028. [I] http://aldabba.gov.sd/templates/index.html
  2029. [I] http://aldabba.gov.sd/tests/javascript/calendar/fixtures/fixture.html
  2030. [I] http://aldabba.gov.sd/tests/javascript/caption/fixtures/fixture.html
  2031. [I] http://aldabba.gov.sd/tests/javascript/combobox/fixtures/fixture.html
  2032. [I] http://aldabba.gov.sd/tests/javascript/core/fixtures/fixture.html
  2033. [I] http://aldabba.gov.sd/tests/javascript/highlighter/fixtures/fixture.html
  2034. [I] http://aldabba.gov.sd/tests/javascript/permissions/fixtures/fixture.html
  2035. [I] http://aldabba.gov.sd/tests/javascript/repeatable/fixtures/fixture.html
  2036. [I] http://aldabba.gov.sd/tests/javascript/sendtestmail/fixtures/fixture.html
  2037. [I] http://aldabba.gov.sd/tests/javascript/subform-repeatable/fixtures/fixture.html
  2038. [I] http://aldabba.gov.sd/tests/javascript/switcher/fixtures/fixture.html
  2039. [I] http://aldabba.gov.sd/tests/javascript/validate/fixtures/fixture.html
  2040. [I] http://aldabba.gov.sd/tmp/index.html
  2041. [-] Searching Joomla Components ...
  2042. [I] Checking for Directory Listing Enabled ...
  2043. [-] Date & Time: 15/02/2019 19:31:35
  2044. [-] Completed in: 0:21:50
  2045. #######################################################################################################################################
  2046. Anonymous JTSEC #OpSudan Full Recon #13
Advertisement
RAW Paste Data Copied
Advertisement