Anonymous JTSEC #OpSudan Full Recon #90

1. #######################################################################################################################################
2. =======================================================================================================================================
3. Hostname ombudsman.gov.sd ISP NICDC
4. Continent Africa Flag
5. SD
6. Country Sudan Country Code SD
7. Region Unknown Local time 15 Jun 2019 01:28 CAT
8. City Unknown Postal Code Unknown
9. IP Address 62.12.105.3 Latitude 15
10. Longitude 30
11. =======================================================================================================================================
12. #######################################################################################################################################
13. > ombudsman.gov.sd
14. Server: 185.93.180.131
15. Address: 185.93.180.131#53
16.  
17. Non-authoritative answer:
18. Name: ombudsman.gov.sd
19. Address: 62.12.105.3
20. >
21. #######################################################################################################################################
22. [+] Target : ombudsman.gov.sd
23.  
24. [+] IP Address : 62.12.105.3
25.  
26. [+] Headers :
27.  
28. [+] Cache-Control : private
29. [+] Content-Type : text/html; charset=utf-8
30. [+] Content-Encoding : gzip
31. [+] Vary : Accept-Encoding
32. [+] Server : Microsoft-IIS/8.5
33. [+] Set-Cookie : ASP.NET_SessionId=m35c3mwldcx51illtkoz3a1z; path=/; HttpOnly, ASP.NET_SessionId=m35c3mwldcx51illtkoz3a1z; path=/; HttpOnly, __RequestVerificationToken=B6bQtxy8TuKscRN8AoBj9C2Mo8Dd09-97YW2vKjT21Jqs1JkyNJ4GaWSgd7mje4ni0xhHaCWpU_hXQHvd56RFnIPE6cZ1HXmAnKmhc4bwWU1; path=/; HttpOnly
34. [+] X-AspNetMvc-Version : 5.2
35. [+] X-Frame-Options : SAMEORIGIN
36. [+] X-AspNet-Version : 4.0.30319
37. [+] X-Powered-By : ASP.NET
38. [+] X-Powered-By-Plesk : PleskWin
39. [+] Date : Fri, 14 Jun 2019 23:32:49 GMT
40. [+] Content-Length : 15099
41.  
42. [+] SSL Certificate Information :
43.  
44. [-] SSL is not Present on Target URL...Skipping...
45.  
46. [+] Whois Lookup :
47.  
48. [+] NIR : None
49. [+] ASN Registry : afrinic
50. [+] ASN : 327881
51. [+] ASN CIDR : 62.12.105.0/24
52. [+] ASN Country Code : SD
53. [+] ASN Date : 2015-05-11
54. [+] ASN Description : NICDC, SD
55. [+] cidr : 62.12.105.0/24
56. [+] name : ORG-MoTa1-AFRINIC
57. [+] handle : IAEI1-AFRINIC
58. [+] range : 62.12.105.0 - 62.12.105.255
59. [+] description : National Information Center (NIC)
60. [+] country : SD
61. [+] state : None
62. [+] city : None
63. [+] address : National Information Center (NIC)
64. [+] postal_code : None
65. [+] emails : None
66. [+] created : None
67. [+] updated : None
68.  
69. [+] Crawling Target...
70.  
71. [+] Looking for robots.txt........[ Not Found ]
72. [+] Looking for sitemap.xml.......[ Not Found ]
73. [+] Extracting CSS Links..........[ 9 ]
74. [+] Extracting Javascript Links...[ 11 ]
75. [+] Extracting Internal Links.....[ 0 ]
76. [+] Extracting External Links.....[ 5 ]
77. [+] Extracting Images.............[ 11 ]
78.  
79. [+] Total Links Extracted : 36
80.  
81. [+] Dumping Links in /opt/FinalRecon/dumps/ombudsman.gov.sd.dump
82. [+] Completed!
83. #######################################################################################################################################
84. [+] Starting At 2019-06-14 19:32:49.293363
85. [+] Collecting Information On: ombudsman.gov.sd
86. [#] Status: 200
87. ---------------------------------------------------------------------------------------------------------------------------------------
88. [#] Web Server Detected: Microsoft-IIS/8.5
89. [#] X-Powered-By: ASP.NET
90. - Cache-Control: private
91. - Content-Type: text/html; charset=utf-8
92. - Content-Encoding: gzip
93. - Vary: Accept-Encoding
94. - Server: Microsoft-IIS/8.5
95. - Set-Cookie: ASP.NET_SessionId=mbqdsntfm2yalv3krsps4bfd; path=/; HttpOnly, ASP.NET_SessionId=mbqdsntfm2yalv3krsps4bfd; path=/; HttpOnly, __RequestVerificationToken=xXsHAGFBPMenM7f5KaF_y_uMHslurbG4K2_pwIwepkcRS-Hd1NhP1CXoN8qKUZgdcaDS2J4jRkw4WykI0e-JYhUHiTnTvkhL0KAIMXFOOOk1; path=/; HttpOnly
96. - X-AspNetMvc-Version: 5.2
97. - X-Frame-Options: SAMEORIGIN
98. - X-AspNet-Version: 4.0.30319
99. - X-Powered-By: ASP.NET
100. - X-Powered-By-Plesk: PleskWin
101. - Date: Fri, 14 Jun 2019 23:32:44 GMT
102. - Content-Length: 15103
103. ---------------------------------------------------------------------------------------------------------------------------------------
104. [#] Finding Location..!
105. [#] as: AS327881 National Information Center (NIC)
106. [#] city: Khartoum
107. [#] country: Sudan
108. [#] countryCode: SD
109. [#] isp: National Information Center
110. [#] lat: 15.5007
111. [#] lon: 32.5599
112. [#] org: ORG MoTa1 AFRINIC
113. [#] query: 62.12.105.3
114. [#] region: KH
115. [#] regionName: Khartoum
116. [#] status: success
117. [#] timezone: Africa/Khartoum
118. [#] zip:
119. ---------------------------------------------------------------------------------------------------------------------------------------
120. [+] Detected WAF Presence in web application: ASP.NET Generic Web Application Protection
121. ---------------------------------------------------------------------------------------------------------------------------------------
122. [#] Starting Reverse DNS-
123. [!] Found 4 any Domain
124. - moiat.gov.sd
125. - ombudsman.gov.sd
126. - trafficpolice.gov.sd
127. - whitenilestate.gov.sd
128. ---------------------------------------------------------------------------------------------------------------------------------------
129. [!] Scanning Open Port
130. [#] 21/tcp open ftp
131. [#] 80/tcp open http
132. [#] 110/tcp open pop3
133. [#] 143/tcp open imap
134. [#] 443/tcp open https
135. [#] 8443/tcp open https-alt
136. ---------------------------------------------------------------------------------------------------------------------------------------
137. [+] Collecting Information Disclosure!
138. ######################################################################################################################################
139. [i] Scanning Site: http://ombudsman.gov.sd
140.  
141.  
142.  
143. B A S I C I N F O
144. ====================
145.  
146.  
147. [+] Site Title: ديوان المظالم و الحسبة-الرئيسية
148. [+] IP address: 62.12.105.3
149. [+] Web Server: Microsoft-IIS/8.5
150. [+] CMS: Could Not Detect
151. [+] Cloudflare: Not Detected
152. [+] Robots File: Could NOT Find robots.txt!
153. #######################################################################################################################################
154.  
155.  
156.  
157.  
158.  
159. G E O I P L O O K U P
160. =========================
161.  
162. [i] IP Address: 62.12.105.3
163. [i] Country: Sudan
164. [i] State:
165. [i] City:
166. [i] Latitude: 15.0
167. [i] Longitude: 30.0
168. #######################################################################################################################################
169.  
170.  
171.  
172. H T T P H E A D E R S
173. =======================
174.  
175.  
176. [i] HTTP/1.1 200 OK
177. [i] Cache-Control: private
178. [i] Content-Type: text/html; charset=utf-8
179. [i] Server: Microsoft-IIS/8.5
180. [i] Set-Cookie: ASP.NET_SessionId=pxywivvzjgeks25aibykfyfz; path=/; HttpOnly
181. [i] X-AspNetMvc-Version: 5.2
182. [i] X-Frame-Options: SAMEORIGIN
183. [i] X-AspNet-Version: 4.0.30319
184. [i] Set-Cookie: ASP.NET_SessionId=pxywivvzjgeks25aibykfyfz; path=/; HttpOnly
185. [i] Set-Cookie: __RequestVerificationToken=iUe4A3LVzXh36CYebc4ZGJk6sxmPt34hjz7ct6shi2LmJbD9oWuISPHPSw5J0E0CZp84GxHefBYrOqtrT-izISkeyx9JWfIuMdH-2QnDHrQ1; path=/; HttpOnly
186. [i] X-Powered-By: ASP.NET
187. [i] X-Powered-By-Plesk: PleskWin
188. [i] Date: Fri, 14 Jun 2019 23:32:36 GMT
189. [i] Connection: close
190. [i] Content-Length: 56574
191. #######################################################################################################################################
192.  
193.  
194.  
195. D N S L O O K U P
196. ===================
197.  
198. ombudsman.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2018071900 10800 900 604800 86400
199. ombudsman.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
200. ombudsman.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
201. ombudsman.gov.sd. 21599 IN A 62.12.105.3
202. ombudsman.gov.sd. 21599 IN MX 10 mail.obudsman.gov.sd.
203. ombudsman.gov.sd. 21599 IN TXT "v=spf1 mx -all"
204. #######################################################################################################################################
205.  
206.  
207.  
208. S U B N E T C A L C U L A T I O N
209. ====================================
210.  
211. Address = 62.12.105.3
212. Network = 62.12.105.3 / 32
213. Netmask = 255.255.255.255
214. Broadcast = not needed on Point-to-Point links
215. Wildcard Mask = 0.0.0.0
216. Hosts Bits = 0
217. Max. Hosts = 1 (2^0 - 0)
218. Host Range = { 62.12.105.3 - 62.12.105.3 }
219. #######################################################################################################################################
220.  
221.  
222. N M A P P O R T S C A N
223. ============================
224.  
225. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 23:32 UTC
226. Nmap scan report for ombudsman.gov.sd (62.12.105.3)
227. Host is up (0.20s latency).
228. rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
229.  
230. PORT STATE SERVICE
231. 21/tcp open ftp
232. 22/tcp filtered ssh
233. 23/tcp filtered telnet
234. 80/tcp open http
235. 110/tcp open pop3
236. 143/tcp open imap
237. 443/tcp open https
238. 3389/tcp filtered ms-wbt-server
239.  
240. Nmap done: 1 IP address (1 host up) scanned in 3.37 seconds
241. #######################################################################################################################################
242. Enter Address Website = ombudsman.gov.sd
243.  
244.  
245.  
246. Reversing IP With HackTarget 'ombudsman.gov.sd'
247. --------------------------------------------------
248.  
249. [+] eservices.motrb.gov.sd
250. [+] mail.nashattolabi.sd
251. [+] mail.saec.gov.sd
252. [+] mail.test.net.sd
253. [+] moiat.gov.sd
254. [+] ncsp.gov.sd
255. [+] penfund.gov.sd
256. [+] saec.gov.sd
257. [+] sudanpolice.gov.sd
258. [+] test.net.sd
259. [+] whitenilestate.gov.sd
260. [+] www.sudanpolice.gov.sd
261. #######################################################################################################################################
262.  
263.  
264. Reverse IP With YouGetSignal 'ombudsman.gov.sd'
265. --------------------------------------------------
266.  
267. [*] IP: 62.12.105.3
268. [*] Domain: ombudsman.gov.sd
269. [*] Total Domains: 4
270.  
271. [+] moiat.gov.sd
272. [+] ombudsman.gov.sd
273. [+] trafficpolice.gov.sd
274. [+] whitenilestate.gov.sd
275. #######################################################################################################################################
276.  
277.  
278. Geo IP Lookup 'ombudsman.gov.sd'
279. -----------------------------------
280.  
281. [+] IP Address: 62.12.105.3
282. [+] Country: Sudan
283. [+] State:
284. [+] City:
285. [+] Latitude: 15.0
286. [+] Longitude: 30.0
287. #######################################################################################################################################
288.  
289.  
290.  
291. Bypass Cloudflare 'ombudsman.gov.sd'
292. ---------------------------------------
293.  
294. [!] CloudFlare Bypass 62.12.105.3 | webmail.ombudsman.gov.sd
295. [!] CloudFlare Bypass 62.12.105.3 | mail.ombudsman.gov.sd
296. [!] CloudFlare Bypass 62.12.105.3 | www.ombudsman.gov.sd
297. #######################################################################################################################################
298.  
299. DNS Lookup 'ombudsman.gov.sd'
300. --------------------------------
301.  
302. [+] ombudsman.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2018071900 10800 900 604800 86400
303. [+] ombudsman.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
304. [+] ombudsman.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
305. [+] ombudsman.gov.sd. 21599 IN A 62.12.105.3
306. [+] ombudsman.gov.sd. 21599 IN MX 10 mail.obudsman.gov.sd.
307. [+] ombudsman.gov.sd. 21599 IN TXT "v=spf1 mx -all"
308. #######################################################################################################################################
309.  
310. Show HTTP Header 'ombudsman.gov.sd'
311. --------------------------------------
312.  
313. [+] HTTP/1.1 302 Found
314. [+] Cache-Control: private
315. [+] Content-Length: 144
316. [+] Content-Type: text/html; charset=utf-8
317. [+] Location: /Home/Index?aspxerrorpath=/
318. [+] Server: Microsoft-IIS/8.5
319. [+] X-AspNetMvc-Version: 5.2
320. [+] X-AspNet-Version: 4.0.30319
321. [+] X-Powered-By: ASP.NET
322. [+] X-Powered-By-Plesk: PleskWin
323. [+] Date: Fri, 14 Jun 2019 23:32:43 GMT
324. #######################################################################################################################################
325.  
326. Port Scan 'ombudsman.gov.sd'
327. -------------------------------
328.  
329. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 23:32 UTC
330. Nmap scan report for ombudsman.gov.sd (62.12.105.3)
331. Host is up (0.20s latency).
332. rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
333.  
334. PORT STATE SERVICE
335. 21/tcp open ftp
336. 22/tcp filtered ssh
337. 23/tcp filtered telnet
338. 80/tcp open http
339. 110/tcp open pop3
340. 143/tcp open imap
341. 443/tcp open https
342. 3389/tcp filtered ms-wbt-server
343.  
344. Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds
345. #######################################################################################################################################
346.  
347. Traceroute 'ombudsman.gov.sd'
348. --------------------------------
349.  
350. Start: 2019-06-14T23:32:56+0000
351. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
352. 1.|-- 45.79.12.202 0.0% 3 1.0 0.9 0.8 1.0 0.1
353. 2.|-- 45.79.12.6 0.0% 3 1.9 3.2 0.8 6.9 3.3
354. 3.|-- dls-b22-link.telia.net 0.0% 3 0.9 1.5 0.9 2.8 1.1
355. 4.|-- atl-b22-link.telia.net 0.0% 3 21.9 19.9 18.8 21.9 1.7
356. 5.|-- ash-bb3-link.telia.net 0.0% 3 29.9 31.7 29.9 35.0 2.9
357. 6.|-- prs-bb4-link.telia.net 33.3% 3 106.7 106.8 106.7 106.8 0.1
358. 7.|-- mei-b2-link.telia.net 0.0% 3 117.3 117.2 117.2 117.3 0.1
359. 8.|-- flagtelecom-ic-324599-mei-b2.c.telia.net 0.0% 3 136.4 124.0 117.6 136.4 10.8
360. 9.|-- ae0.0.cjr01.mrs002.flagtel.com 0.0% 3 325.1 314.7 306.1 325.1 9.7
361. 10.|-- ae3.0.cjr04.prs001.flagtel.com 0.0% 3 128.8 128.7 128.5 128.8 0.2
362. 11.|-- xe-0-0-1.0.pjr04.dxb001.flagtel.com 0.0% 3 256.2 256.2 255.8 256.7 0.5
363. 12.|-- 80.77.2.42 0.0% 3 231.4 231.3 231.3 231.4 0.0
364. 13.|-- 196.29.177.113 0.0% 3 234.9 234.9 234.8 235.0 0.1
365. 14.|-- 197.254.196.62 0.0% 3 238.4 238.5 238.3 238.8 0.2
366. 15.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
367. #######################################################################################################################################
368.  
369.  
370. Page Admin Finder 'ombudsman.gov.sd'
371. ---------------------------------------
372.  
373.  
374.  
375. Avilable Links :
376.  
377. Find Page >> http://ombudsman.gov.sd/admin/
378.  
379. Find Page >> http://ombudsman.gov.sd/administrator/
380.  
381. Find Page >> http://ombudsman.gov.sd/admin1/
382.  
383. Find Page >> http://ombudsman.gov.sd/admin2/
384.  
385. Find Page >> http://ombudsman.gov.sd/admin3/
386.  
387. Find Page >> http://ombudsman.gov.sd/admin4/
388.  
389. Find Page >> http://ombudsman.gov.sd/admin5/
390.  
391. Find Page >> http://ombudsman.gov.sd/usuarios/
392.  
393. Find Page >> http://ombudsman.gov.sd/usuario/
394.  
395. Find Page >> http://ombudsman.gov.sd/moderator/
396.  
397. Find Page >> http://ombudsman.gov.sd/webadmin/
398.  
399. Find Page >> http://ombudsman.gov.sd/adminarea/
400.  
401. Find Page >> http://ombudsman.gov.sd/bb-admin/
402.  
403. Find Page >> http://ombudsman.gov.sd/adminLogin/
404.  
405. Find Page >> http://ombudsman.gov.sd/admin_area/
406.  
407. Find Page >> http://ombudsman.gov.sd/panel-administracion/
408.  
409. Find Page >> http://ombudsman.gov.sd/instadmin/
410.  
411. Find Page >> http://ombudsman.gov.sd/memberadmin/
412.  
413. Find Page >> http://ombudsman.gov.sd/administratorlogin/
414.  
415. Find Page >> http://ombudsman.gov.sd/adm/
416.  
417. Find Page >> http://ombudsman.gov.sd/admin_panel/
418.  
419. Find Page >> http://ombudsman.gov.sd/adm_cp/
420. #######################################################################################################################################
421.  
422. ----- ombudsman.gov.sd -----
423.  
424.  
425. Host's addresses:
426. __________________
427.  
428. ombudsman.gov.sd. 85483 IN A 62.12.105.3
429.  
430. ----------------
431. Wildcards test:
432. ----------------
433. good
434.  
435.  
436. Name Servers:
437. ______________
438.  
439. ns0.ndc.gov.sd. 13823 IN A 62.12.109.2
440. ns1.ndc.gov.sd. 13817 IN A 62.12.109.3
441.  
442.  
443. Mail (MX) Servers:
444. ___________________
445.  
446. mail.obudsman.gov.sd A record query failed: NXDOMAIN
447.  
448.  
449. Trying Zone Transfers and getting Bind Versions:
450. _________________________________________________
451.  
452.  
453. Trying Zone Transfer for ombudsman.gov.sd on ns0.ndc.gov.sd ...
454. ombudsman.gov.sd. 86400 IN SOA (
455. ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
456. ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
457. ombudsman.gov.sd. 86400 IN A 62.12.105.3
458. ombudsman.gov.sd. 86400 IN MX 10
459. ombudsman.gov.sd. 86400 IN TXT "v=spf1
460. mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
461. mail.ombudsman.gov.sd. 86400 IN MX 10
462. mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
463. webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
464. www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
465.  
466. Trying Zone Transfer for ombudsman.gov.sd on ns1.ndc.gov.sd ...
467. ombudsman.gov.sd. 86400 IN SOA (
468. ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
469. ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
470. ombudsman.gov.sd. 86400 IN A 62.12.105.3
471. ombudsman.gov.sd. 86400 IN MX 10
472. ombudsman.gov.sd. 86400 IN TXT "v=spf1
473. mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
474. mail.ombudsman.gov.sd. 86400 IN MX 10
475. mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
476. webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
477. www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
478. #######################################################################################################################################
479. Trying "ombudsman.gov.sd"
480. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53576
481. ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
482.  
483. ;; QUESTION SECTION:
484. ;ombudsman.gov.sd. IN ANY
485.  
486. ;; ANSWER SECTION:
487. ombudsman.gov.sd. 85363 IN NS ns0.ndc.gov.sd.
488. ombudsman.gov.sd. 86281 IN MX 10 mail.obudsman.gov.sd.
489. ombudsman.gov.sd. 85363 IN A 62.12.105.3
490. ombudsman.gov.sd. 85363 IN NS ns1.ndc.gov.sd.
491. ombudsman.gov.sd. 85720 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2018071900 10800 900 604800 86400
492.  
493. Received 161 bytes from 185.93.180.131#53 in 113 ms
494. #######################################################################################################################################
495. ; <<>> DiG 9.11.5-P4-5-Debian <<>> ombudsman.gov.sd +dnssec
496. ;; global options: +cmd
497. ;; Got answer:
498. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38088
499. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
500.  
501. ;; OPT PSEUDOSECTION:
502. ; EDNS: version: 0, flags: do; udp: 4096
503. ;; QUESTION SECTION:
504. ;ombudsman.gov.sd. IN A
505.  
506. ;; ANSWER SECTION:
507. ombudsman.gov.sd. 85296 IN A 62.12.105.3
508.  
509. ;; Query time: 112 msec
510. ;; SERVER: 185.93.180.131#53(185.93.180.131)
511. ;; WHEN: ven jun 14 19:45:11 EDT 2019
512. ;; MSG SIZE rcvd: 61
513. #######################################################################################################################################
514. ; <<>> DiG 9.11.5-P4-5-Debian <<>> +trace ombudsman.gov.sd
515. ;; global options: +cmd
516. . 79394 IN NS g.root-servers.net.
517. . 79394 IN NS d.root-servers.net.
518. . 79394 IN NS c.root-servers.net.
519. . 79394 IN NS j.root-servers.net.
520. . 79394 IN NS m.root-servers.net.
521. . 79394 IN NS l.root-servers.net.
522. . 79394 IN NS f.root-servers.net.
523. . 79394 IN NS b.root-servers.net.
524. . 79394 IN NS a.root-servers.net.
525. . 79394 IN NS e.root-servers.net.
526. . 79394 IN NS k.root-servers.net.
527. . 79394 IN NS i.root-servers.net.
528. . 79394 IN NS h.root-servers.net.
529. . 79394 IN RRSIG NS 8 0 518400 20190627170000 20190614160000 25266 . 21CJJEpZ30ZdfNAfEpN6Y8fJ2PN6Y+xtLSWLqeZVbiS8faVrKFmC3zsL EPgetyceuwXArZtOZb8POQU9VOxf3Sr3E0O6X2zPykBd/QnD2mn9u8vh 03tfCQi9ir8M8cHrLEhCyoLCXYmlWHpYZFuxwBLSYk3lNGn6Cn+DAVWa 6JeoLUSX/AJvOIcfq3NfIbh7jrqB8HU1Go+EkmQXe/iMLx1i2C8p+Cgi xpa7LYwEL3x9N22nKpwyWhUAAFFOmIRhkw5b5ijOzVd2u3BBaAbbrnQ0 belHPmKsx+x9b1zjmdOSW8RjI7/GQv+QuobcDELc6D0iEjYeFXozuXiH ys1Qrg==
530. ;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 112 ms
531.  
532. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
533. sd. 172800 IN NS ns1.uaenic.ae.
534. sd. 172800 IN NS ns2.uaenic.ae.
535. sd. 172800 IN NS ans1.sis.sd.
536. sd. 172800 IN NS ans1.canar.sd.
537. sd. 172800 IN NS ans2.canar.sd.
538. sd. 172800 IN NS ns-sd.afrinic.net.
539. sd. 86400 IN NSEC se. NS RRSIG NSEC
540. sd. 86400 IN RRSIG NSEC 8 1 86400 20190627170000 20190614160000 25266 . MjKCNtsNQnEJVz5cPYtkXVbByrRTMlQ1myLs8Pi2+FkFic00RpnZnk5w Pg1lbNn4MQZdx9L090dGjNO3WyleHv1t7HznzWMJ8qCENSIcE1uoRe6r Ak9F/wMKEKvQjra906vPpUlLMG3QcnbyhkP/eoRm2qeN7Ig5/Zsx0J6M gE154HbBf0Lehuk+gd6T/pMkxDs4Idb7z0btkGbQtXo2rrj4jSfRpg1R U7xPKgKJfjqp9ns1z+7dxCE9GWRg9El3ssDyi2Nw4YbRs/qPDh/upUFN /4IY0aeTOsumRH/3FBZ7xs0BaVcNU9RG0YcmEXuNyCnvaPQOkdw315my dR7WMQ==
541. ;; Received 703 bytes from 199.7.91.13#53(d.root-servers.net) in 190 ms
542.  
543. gov.sd. 14400 IN NS sd.cctld.authdns.ripe.net.
544. gov.sd. 14400 IN NS ns1.uaenic.ae.
545. gov.sd. 14400 IN NS ns2.uaenic.ae.
546. gov.sd. 14400 IN NS ans1.sis.sd.
547. gov.sd. 14400 IN NS ans1.canar.sd.
548. gov.sd. 14400 IN NS ans2.canar.sd.
549. gov.sd. 14400 IN NS ns-sd.afrinic.net.
550. ;; Received 272 bytes from 196.216.168.26#53(ns-sd.afrinic.net) in 289 ms
551.  
552. ;; Received 73 bytes from 213.42.0.226#53(ns1.uaenic.ae) in 229 ms
553. #######################################################################################################################################
554. [*] Performing General Enumeration of Domain: ombudsman.gov.sd
555. [-] DNSSEC is not configured for ombudsman.gov.sd
556. [*] SOA ns0.ndc.gov.sd 62.12.109.2
557. [*] NS ns0.ndc.gov.sd 62.12.109.2
558. [*] Bind Version for 62.12.109.2 you guess!
559. [*] NS ns1.ndc.gov.sd 62.12.109.3
560. [*] Bind Version for 62.12.109.3 you guess!
561. [*] A ombudsman.gov.sd 62.12.105.3
562. [*] TXT ombudsman.gov.sd v=spf1 mx -all
563. [*] Enumerating SRV Records
564. [-] No SRV Records Found for ombudsman.gov.sd
565. [+] 0 Records Found
566. #######################################################################################################################################
567. [*] Processing domain ombudsman.gov.sd
568. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
569. [+] Getting nameservers
570. 62.12.109.2 - ns0.ndc.gov.sd
571. [+] Zone transfer sucessful using nameserver ns0.ndc.gov.sd
572. ombudsman.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2018071900 10800 900 604800 86400
573. ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
574. ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
575. ombudsman.gov.sd. 86400 IN A 62.12.105.3
576. ombudsman.gov.sd. 86400 IN MX 10 mail.obudsman.gov.sd.
577. ombudsman.gov.sd. 86400 IN TXT "v=spf1 mx -all"
578. mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
579. mail.ombudsman.gov.sd. 86400 IN MX 10 mail.ombudsman.gov.sd.
580. mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
581. webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
582. www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
583. #######################################################################################################################################
584. Ip Address Status Type Domain Name Server
585. ---------- ------ ---- ----------- ------
586. 62.12.105.3 200 host mail.ombudsman.gov.sd Microsoft-IIS/8.5
587. 62.12.105.3 200 host mssql.ombudsman.gov.sd Microsoft-IIS/8.5
588. 62.12.105.3 302 alias webmail.ombudsman.gov.sd Microsoft-IIS/8.5
589. 62.12.105.3 302 host mail.ombudsman.gov.sd Microsoft-IIS/8.5
590. 62.12.105.3 302 host www.ombudsman.gov.sd Microsoft-IIS/8.5
591. #######################################################################################################################################
592.  
593. [+] Testing domain
594. www.ombudsman.gov.sd 62.12.105.3
595. [+] Dns resolving
596. Domain name Ip address Name server
597. ombudsman.gov.sd 62.12.105.3 f03-web01.nic.gov.sd
598. Found 1 host(s) for ombudsman.gov.sd
599. [+] Testing wildcard
600. Ok, no wildcard found.
601.  
602. [+] Scanning for subdomain on ombudsman.gov.sd
603. [!] Wordlist not specified. I scannig with my internal wordlist...
604. Estimated time about 223.69 seconds
605.  
606. Subdomain Ip address Name server
607.  
608. mail.ombudsman.gov.sd 62.12.105.3 f03-web01.nic.gov.sd
609. mssql.ombudsman.gov.sd 62.12.105.3 f03-web01.nic.gov.sd
610. webmail.ombudsman.gov.sd 62.12.105.3 f03-web01.nic.gov.sd
611. www.ombudsman.gov.sd 62.12.105.3 f03-web01.nic.gov.sd
612. #######################################################################################################################################
613. WhatWeb report for http://ombudsman.gov.sd
614. Status : 200 OK
615. Title : ديوان المظالم و الحسبة-الرئيسية
616. IP : <Unknown>
617. Country : <Unknown>
618.  
619. Summary : Script, ASP_NET[4.0.30319][MVC5.2], Email[[email protected]], Microsoft-IIS[8.5], Modernizr[2.6.2-respond-1.1.0.min], JQuery[1.10.2,1.9.1,3.3.1], HTML5, Frame, X-Frame-Options[SAMEORIGIN], UncommonHeaders[x-aspnetmvc-version,x-powered-by-plesk], HttpOnly[ASP.NET_SessionId,__RequestVerificationToken], Cookies[ASP.NET_SessionId,__RequestVerificationToken], X-Powered-By[ASP.NET], HTTPServer[Microsoft-IIS/8.5]
620.  
621. Detected Plugins:
622. [ ASP_NET ]
623. ASP.NET is a free web framework that enables great Web
624. applications. Used by millions of developers, it runs some
625. of the biggest sites in the world.
626.  
627. Version : 4.0.30319 (from X-AspNet-Version HTTP header)
628. String : MVC5.2
629. Google Dorks: (2)
630. Website : http://www.asp.net/
631.  
632. [ Cookies ]
633. Display the names of cookies in the HTTP headers. The
634. values are not returned to save on space.
635.  
636. String : __RequestVerificationToken
637. String : ASP.NET_SessionId
638.  
639. [ Email ]
640. Extract email addresses. Find valid email address and
641. syntactically invalid email addresses from mailto: link
642. tags. We match syntactically invalid links containing
643. mailto: to catch anti-spam email addresses, eg. bob at
644. gmail.com. This uses the simplified email regular
645. expression from
646. http://www.regular-expressions.info/email.html for valid
647. email address matching.
648.  
649. String : [email protected]
650. String : [email protected]
651.  
652. [ Frame ]
653. This plugin detects instances of frame and iframe HTML
654. elements.
655.  
656.  
657. [ HTML5 ]
658. HTML version 5, detected by the doctype declaration
659.  
660.  
661. [ HTTPServer ]
662. HTTP server header string. This plugin also attempts to
663. identify the operating system from the server header.
664.  
665. String : Microsoft-IIS/8.5 (from server string)
666.  
667. [ HttpOnly ]
668. If the HttpOnly flag is included in the HTTP set-cookie
669. response header and the browser supports it then the cookie
670. cannot be accessed through client side script - More Info:
671. http://en.wikipedia.org/wiki/HTTP_cookie
672.  
673. String : ASP.NET_SessionId,__RequestVerificationToken
674.  
675. [ JQuery ]
676. A fast, concise, JavaScript that simplifies how to traverse
677. HTML documents, handle events, perform animations, and add
678. AJAX.
679.  
680. Version : 1.10.2,1.9.1,3.3.1
681. Website : http://jquery.com/
682.  
683. [ Microsoft-IIS ]
684. Microsoft Internet Information Services (IIS) for Windows
685. Server is a flexible, secure and easy-to-manage Web server
686. for hosting anything on the Web. From media streaming to
687. web application hosting, IIS's scalable and open
688. architecture is ready to handle the most demanding tasks.
689.  
690. Version : 8.5
691. Website : http://www.iis.net/
692.  
693. [ Modernizr ]
694. Modernizr adds classes to the <html> element which allow
695. you to target specific browser functionality in your
696. stylesheet. You don't actually need to write any Javascript
697. to use it. [JavaScript]
698.  
699. Version : 2.6.2-respond-1.1.0.min
700. Website : http://www.modernizr.com/
701.  
702. [ Script ]
703. This plugin detects instances of script HTML elements and
704. returns the script language/type.
705.  
706.  
707. [ UncommonHeaders ]
708. Uncommon HTTP server headers. The blacklist includes all
709. the standard headers and many non standard but common ones.
710. Interesting but fairly common headers should have their own
711. plugins, eg. x-powered-by, server and x-aspnet-version.
712. Info about headers can be found at www.http-stats.com
713.  
714. String : x-aspnetmvc-version,x-powered-by-plesk (from headers)
715.  
716. [ X-Frame-Options ]
717. This plugin retrieves the X-Frame-Options value from the
718. HTTP header. - More Info:
719. http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29.
720. aspx
721.  
722. String : SAMEORIGIN
723.  
724. [ X-Powered-By ]
725. X-Powered-By HTTP header
726.  
727. String : ASP.NET (from x-powered-by string)
728.  
729. HTTP Headers:
730. HTTP/1.1 200 OK
731. Cache-Control: private
732. Content-Type: text/html; charset=utf-8
733. Content-Encoding: gzip
734. Vary: Accept-Encoding
735. Server: Microsoft-IIS/8.5
736. X-AspNetMvc-Version: 5.2
737. X-Frame-Options: SAMEORIGIN
738. X-AspNet-Version: 4.0.30319
739. Set-Cookie: __RequestVerificationToken=kusRRJtmx-BG465A1DEM_PDys7rab1VIWkuXKojpTYjnE9B4zp3FTxflYxEO_xBRhqnycMg3fTfe0tBnVxkfMoO3o6vGIacGPKacpUKsDsM1; path=/; HttpOnly
740. Set-Cookie: ASP.NET_SessionId=m415ntwpdyovqakg455nrsco; path=/; HttpOnly
741. X-Powered-By: ASP.NET
742. X-Powered-By-Plesk: PleskWin
743. Date: Fri, 14 Jun 2019 23:55:03 GMT
744. Connection: close
745. Content-Length: 15100
746. #######################################################################################################################################
747. DNS Servers for ombudsman.gov.sd:
748. ns0.ndc.gov.sd
749. ns1.ndc.gov.sd
750.  
751. Trying zone transfer first...
752. Testing ns0.ndc.gov.sd
753.  
754. Whoah, it worked - misconfigured DNS server found:
755. ombudsman.gov.sd. 86400 IN SOA ( ns0.ndc.gov.sd. root.ndc.gov.sd.
756. 2018071900 ;serial
757. 10800 ;refresh
758. 900 ;retry
759. 604800 ;expire
760. 86400 ;minimum
761. )
762. ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
763. ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
764. ombudsman.gov.sd. 86400 IN A 62.12.105.3
765. ombudsman.gov.sd. 86400 IN MX 10 mail.obudsman.gov.sd.
766. ombudsman.gov.sd. 86400 IN TXT "v=spf1 mx -all"
767. mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
768. mail.ombudsman.gov.sd. 86400 IN MX 10 mail.ombudsman.gov.sd.
769. mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
770. webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
771. www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
772.  
773. There isn't much point continuing, you have everything.
774. Have a nice day.
775. Exiting...
776. #######################################################################################################################################
777. dnsenum VERSION:1.2.4
778.  
779. ----- ombudsman.gov.sd -----
780.  
781.  
782. Host's addresses:
783. __________________
784.  
785. ombudsman.gov.sd. 84037 IN A 62.12.105.3
786.  
787.  
788. Name Servers:
789. ______________
790.  
791. ns0.ndc.gov.sd. 12377 IN A 62.12.109.2
792. ns1.ndc.gov.sd. 12371 IN A 62.12.109.3
793.  
794.  
795. Mail (MX) Servers:
796. ___________________
797.  
798.  
799.  
800. Trying Zone Transfers and getting Bind Versions:
801. _________________________________________________
802.  
803.  
804. Trying Zone Transfer for ombudsman.gov.sd on ns0.ndc.gov.sd ...
805. ombudsman.gov.sd. 86400 IN SOA (
806. ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
807. ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
808. ombudsman.gov.sd. 86400 IN A 62.12.105.3
809. ombudsman.gov.sd. 86400 IN MX 10
810. ombudsman.gov.sd. 86400 IN TXT "v=spf1
811. mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
812. mail.ombudsman.gov.sd. 86400 IN MX 10
813. mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
814. webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
815. www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
816.  
817. Trying Zone Transfer for ombudsman.gov.sd on ns1.ndc.gov.sd ...
818. ombudsman.gov.sd. 86400 IN SOA (
819. ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
820. ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
821. ombudsman.gov.sd. 86400 IN A 62.12.105.3
822. ombudsman.gov.sd. 86400 IN MX 10
823. ombudsman.gov.sd. 86400 IN TXT "v=spf1
824. mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
825. mail.ombudsman.gov.sd. 86400 IN MX 10
826. mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
827. webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
828. www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
829.  
830. brute force file not specified, bay.
831. #######################################################################################################################################
832. [-] Enumerating subdomains now for ombudsman.gov.sd
833. [-] verbosity is enabled, will show the subdomains results in realtime
834. [-] Searching now in Baidu..
835. [-] Searching now in Yahoo..
836. [-] Searching now in Google..
837. [-] Searching now in Bing..
838. [-] Searching now in Ask..
839. [-] Searching now in Netcraft..
840. [-] Searching now in DNSdumpster..
841. [-] Searching now in Virustotal..
842. [-] Searching now in ThreatCrowd..
843. [-] Searching now in SSL Certificates..
844. [-] Searching now in PassiveDNS..
845. Yahoo: www.ombudsman.gov.sd
846. [-] Saving results to file: /usr/share/sniper/loot//domains/domains-ombudsman.gov.sd.txt
847. [-] Total Unique Subdomains Found: 1
848. www.ombudsman.gov.sd
849. #######################################################################################################################################
850. ===============================================
851. -=Subfinder v1.1.3 github.com/subfinder/subfinder
852. ===============================================
853.  
854.  
855. Running Source: Ask
856. Running Source: Archive.is
857. Running Source: Baidu
858. Running Source: Bing
859. Running Source: CertDB
860. Running Source: CertificateTransparency
861. Running Source: Certspotter
862. Running Source: Commoncrawl
863. Running Source: Crt.sh
864. Running Source: Dnsdb
865. Running Source: DNSDumpster
866. Running Source: DNSTable
867. Running Source: Dogpile
868. Running Source: Exalead
869. Running Source: Findsubdomains
870. Running Source: Googleter
871. Running Source: Hackertarget
872. Running Source: Ipv4Info
873. Running Source: PTRArchive
874. Running Source: Sitedossier
875. Running Source: Threatcrowd
876. Running Source: ThreatMiner
877. Running Source: WaybackArchive
878. Running Source: Yahoo
879.  
880. Running enumeration on ombudsman.gov.sd
881.  
882. dnsdb: Unexpected return status 503
883.  
884. waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.ombudsman.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
885.  
886. dogpile: Get https://www.dogpile.com/search/web?q=ombudsman.gov.sd&qsi=1: EOF
887.  
888. ipv4info: <nil>
889.  
890.  
891. Starting Bruteforcing of ombudsman.gov.sd with 9985 words
892.  
893. Total 6 Unique subdomains found for ombudsman.gov.sd
894.  
895. .ombudsman.gov.sd
896. mail.ombudsman.gov.sd
897. mssql.ombudsman.gov.sd
898. webmail.ombudsman.gov.sd
899. www.ombudsman.gov.sd
900. www.ombudsman.gov.sd
901. #######################################################################################################################################
902. [*] Processing domain ombudsman.gov.sd
903. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
904. [+] Getting nameservers
905. 62.12.109.2 - ns0.ndc.gov.sd
906. [+] Zone transfer sucessful using nameserver ns0.ndc.gov.sd
907. ombudsman.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2018071900 10800 900 604800 86400
908. ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
909. ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
910. ombudsman.gov.sd. 86400 IN A 62.12.105.3
911. ombudsman.gov.sd. 86400 IN MX 10 mail.obudsman.gov.sd.
912. ombudsman.gov.sd. 86400 IN TXT "v=spf1 mx -all"
913. mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
914. mail.ombudsman.gov.sd. 86400 IN MX 10 mail.ombudsman.gov.sd.
915. mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
916. webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
917. www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
918. #######################################################################################################################################
919. [*] Found SPF record:
920. [*] v=spf1 mx -all
921. [*] SPF record contains an All item: -all
922. [*] No DMARC record found. Looking for organizational record
923. [+] No organizational DMARC record
924. [+] Spoofing possible for ombudsman.gov.sd!
925. #######################################################################################################################################
926. dig: '.ombudsman.gov.sd' is not a legal name (empty label)
927.  
928. SubOver v.1.2 Nizamul Rana (@Ice3man)
929. ==================================================
930.  
931.  
932. [~] Enjoy your hunt !
933. [Not Vulnerable] .ombudsman.gov.sd
934. [Not Vulnerable] 77.72.0.146
935. [Not Vulnerable] 147.237.77.18
936. [Not Vulnerable] 52.64.99.208
937. [Not Vulnerable] IN
938. [Not Vulnerable] domain
939. [Not Vulnerable] 62.12.105.3
940. [Not Vulnerable] mail.ombudsman.gov.sd
941. [Not Vulnerable] www.cbs.gov.ws
942. [Not Vulnerable] www.sviva.gov.il
943. [Not Vulnerable] ombudsman.gov.sd
944. [Not Vulnerable] www.ombudsman.gov.sd
945. [Not Vulnerable] webmail.ombudsman.gov.sd
946. [Not Vulnerable] mssql.ombudsman.gov.sd
947. #######################################################################################################################################
948. 62.12.96.0/20
949. 62.12.96.0/24
950. 62.12.97.0/24
951. 62.12.98.0/24
952. 62.12.99.0/24
953. 62.12.100.0/24
954. 62.12.101.0/24
955. 62.12.102.0/23
956. 62.12.104.0/24
957. 62.12.105.0/24
958. 62.12.106.0/24
959. 62.12.107.0/24
960. 62.12.108.0/24
961. 62.12.109.0/24
962. 62.12.110.0/24
963. 62.12.111.0/24
964. #######################################################################################################################################
965. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 20:09 EDT
966. Nmap scan report for ombudsman.gov.sd (62.12.105.3)
967. Host is up (0.23s latency).
968. rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
969. Not shown: 464 filtered ports, 6 closed ports
970. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
971. PORT STATE SERVICE
972. 21/tcp open ftp
973. 80/tcp open http
974. 110/tcp open pop3
975. 143/tcp open imap
976. 443/tcp open https
977. 8443/tcp open https-alt
978.  
979. Nmap done: 1 IP address (1 host up) scanned in 6.71 seconds
980. #######################################################################################################################################
981. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 20:09 EDT
982. Nmap scan report for ombudsman.gov.sd (62.12.105.3)
983. Host is up (0.11s latency).
984. rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
985. Not shown: 2 filtered ports
986. PORT STATE SERVICE
987. 53/udp open|filtered domain
988. 67/udp open|filtered dhcps
989. 68/udp open|filtered dhcpc
990. 69/udp open|filtered tftp
991. 88/udp open|filtered kerberos-sec
992. 123/udp open|filtered ntp
993. 139/udp open|filtered netbios-ssn
994. 161/udp open|filtered snmp
995. 162/udp open|filtered snmptrap
996. 389/udp open|filtered ldap
997. 520/udp open|filtered route
998. 2049/udp open|filtered nfs
999.  
1000. Nmap done: 1 IP address (1 host up) scanned in 3.13 seconds
1001. #######################################################################################################################################
1002. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 20:09 EDT
1003. Nmap scan report for ombudsman.gov.sd (62.12.105.3)
1004. Host is up (0.25s latency).
1005. rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
1006.  
1007. PORT STATE SERVICE VERSION
1008. 21/tcp open ftp Microsoft ftpd
1009. | ftp-brute:
1010. | Accounts: No valid accounts found
1011. |_ Statistics: Performed 3083 guesses in 180 seconds, average tps: 16.8
1012. | ftp-syst:
1013. |_ SYST: Windows_NT
1014. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1015. Device type: phone
1016. Running: Nokia Symbian OS
1017. OS CPE: cpe:/o:nokia:symbian_os
1018. OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1019. Network Distance: 14 hops
1020. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1021.  
1022. TRACEROUTE (using port 21/tcp)
1023. HOP RTT ADDRESS
1024. 1 114.81 ms 10.249.200.1
1025. 2 115.15 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
1026. 3 106.78 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
1027. 4 117.57 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1028. 5 120.43 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1029. 6 116.20 ms 80.77.2.193
1030. 7 307.59 ms xe-8-1-3.0.pjr03.ldn001.flagtel.com (85.95.26.242)
1031. 8 126.01 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
1032. 9 280.22 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1033. 10 326.88 ms 80.77.2.42
1034. 11 237.46 ms 196.29.177.113
1035. 12 250.42 ms 197.254.196.62
1036. 13 ...
1037. 14 251.79 ms f03-web01.nic.gov.sd (62.12.105.3)
1038. #######################################################################################################################################
1039.  
1040. wig - WebApp Information Gatherer
1041.  
1042.  
1043. Scanning http://ombudsman.gov.sd...
1044. _________________________ SITE INFO _________________________
1045. IP Title
1046. 62.12.105.3 ديوان المظالم و الحسبة-الرئيسية
1047.  
1048. __________________________ VERSION __________________________
1049. Name Versions Type
1050. ASP.NET 4.0.30319 Platform
1051. IIS 8.5 Platform
1052. jQuery 1.10.2 | 3.3.1 JavaScript
1053. Microsoft Windows Server 2012 R2 OS
1054.  
1055. _____________________________________________________________
1056. Time: 229.8 sec Urls: 629 Fingerprints: 40401
1057. #######################################################################################################################################
1058. HTTP/1.1 302 Found
1059. Cache-Control: private
1060. Content-Length: 144
1061. Content-Type: text/html; charset=utf-8
1062. Location: /Home/Index?aspxerrorpath=/
1063. Server: Microsoft-IIS/8.5
1064. X-AspNetMvc-Version: 5.2
1065. X-AspNet-Version: 4.0.30319
1066. X-Powered-By: ASP.NET
1067. X-Powered-By-Plesk: PleskWin
1068. Date: Sat, 15 Jun 2019 00:17:35 GMT
1069.  
1070. HTTP/1.1 302 Found
1071. Cache-Control: private
1072. Content-Length: 144
1073. Content-Type: text/html; charset=utf-8
1074. Location: /Home/Index?aspxerrorpath=/
1075. Server: Microsoft-IIS/8.5
1076. X-AspNetMvc-Version: 5.2
1077. X-AspNet-Version: 4.0.30319
1078. X-Powered-By: ASP.NET
1079. X-Powered-By-Plesk: PleskWin
1080. Date: Sat, 15 Jun 2019 00:17:35 GMT
1081.  
1082. HTTP/1.1 500 Internal Server Error
1083. Cache-Control: private
1084. Content-Length: 1763
1085. Content-Type: text/html; charset=utf-8
1086. Server: Microsoft-IIS/8.5
1087. X-AspNet-Version: 4.0.30319
1088. X-Powered-By: ASP.NET
1089. X-Powered-By-Plesk: PleskWin
1090. Date: Sat, 15 Jun 2019 00:17:35 GMT
1091.  
1092. Allow: OPTIONS, TRACE, GET, HEAD, POST
1093. #######################################################################################################################################
1094. Bootstrap
1095. Font Awesome
1096. jQuery 3.3.1
1097. Plesk
1098. IIS 8.5
1099. Modernizr
1100. Microsoft ASP.NET 4.0.30319
1101. Microsoft ASP.NET
1102. X-AspNetMvc-Version: 5.2
1103. #######################################################################################################################################
1104. tee: /usr/share/sniper/loot//output/nmap-ombudsman.gov.sd-port110.txt: Aucun fichier ou dossier de ce type
1105. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 20:18 EDT
1106. Nmap scan report for ombudsman.gov.sd (62.12.105.3)
1107. Host is up (0.25s latency).
1108. rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
1109.  
1110. PORT STATE SERVICE VERSION
1111. 110/tcp open pop3 MailEnable POP3 Server
1112. | pop3-brute:
1113. | Accounts: No valid accounts found
1114. | Statistics: Performed 95 guesses in 7 seconds, average tps: 13.6
1115. |_ ERROR: Failed to make a pop-connection.
1116. |_pop3-capabilities: USER UIDL TOP
1117. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1118. Device type: phone
1119. Running: Nokia Symbian OS
1120. OS CPE: cpe:/o:nokia:symbian_os
1121. OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1122. Network Distance: 14 hops
1123. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1124.  
1125. TRACEROUTE (using port 443/tcp)
1126. HOP RTT ADDRESS
1127. 1 108.18 ms 10.249.200.1
1128. 2 108.41 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
1129. 3 108.24 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
1130. 4 119.27 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1131. 5 114.07 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1132. 6 120.70 ms 80.77.2.193
1133. 7 286.18 ms xe-9-0-1.0.pjr04.ldn001.flagtel.com (85.95.27.193)
1134. 8 134.34 ms xe-8-2-1.0.cjr04.prs001.flagtel.com (85.95.25.170)
1135. 9 280.76 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1136. 10 328.52 ms 80.77.2.42
1137. 11 234.29 ms 196.29.177.113
1138. 12 244.41 ms 197.254.196.62
1139. 13 ...
1140. 14 245.35 ms f03-web01.nic.gov.sd (62.12.105.3)
1141. #######################################################################################################################################
1142. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:47 EDT
1143. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1144. Host is up (0.22s latency).
1145. Not shown: 464 filtered ports, 6 closed ports
1146. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1147. PORT STATE SERVICE
1148. 21/tcp open ftp
1149. 80/tcp open http
1150. 110/tcp open pop3
1151. 143/tcp open imap
1152. 443/tcp open https
1153. 8443/tcp open https-alt
1154.  
1155. Nmap done: 1 IP address (1 host up) scanned in 6.80 seconds
1156. #######################################################################################################################################
1157. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:47 EDT
1158. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1159. Host is up (0.11s latency).
1160. Not shown: 2 filtered ports
1161. PORT STATE SERVICE
1162. 53/udp open|filtered domain
1163. 67/udp open|filtered dhcps
1164. 68/udp open|filtered dhcpc
1165. 69/udp open|filtered tftp
1166. 88/udp open|filtered kerberos-sec
1167. 123/udp open|filtered ntp
1168. 139/udp open|filtered netbios-ssn
1169. 161/udp open|filtered snmp
1170. 162/udp open|filtered snmptrap
1171. 389/udp open|filtered ldap
1172. 520/udp open|filtered route
1173. 2049/udp open|filtered nfs
1174.  
1175. Nmap done: 1 IP address (1 host up) scanned in 2.15 seconds
1176. #######################################################################################################################################
1177. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:47 EDT
1178. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1179. Host is up (0.25s latency).
1180.  
1181. PORT STATE SERVICE VERSION
1182. 21/tcp open ftp Microsoft ftpd
1183. | ftp-brute:
1184. | Accounts: No valid accounts found
1185. |_ Statistics: Performed 3086 guesses in 180 seconds, average tps: 16.8
1186. | ftp-syst:
1187. |_ SYST: Windows_NT
1188. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1189. Device type: phone
1190. Running: Nokia Symbian OS
1191. OS CPE: cpe:/o:nokia:symbian_os
1192. OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1193. Network Distance: 14 hops
1194. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1195.  
1196. TRACEROUTE (using port 21/tcp)
1197. HOP RTT ADDRESS
1198. 1 108.27 ms 10.249.200.1
1199. 2 108.32 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
1200. 3 108.30 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
1201. 4 124.41 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1202. 5 114.62 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1203. 6 117.47 ms 80.77.2.193
1204. 7 303.91 ms xe-8-1-3.0.pjr03.ldn001.flagtel.com (85.95.26.242)
1205. 8 127.46 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
1206. 9 280.65 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1207. 10 328.06 ms 80.77.2.42
1208. 11 234.33 ms 196.29.177.113
1209. 12 244.30 ms 197.254.196.62
1210. 13 ...
1211. 14 245.07 ms f03-web01.nic.gov.sd (62.12.105.3)
1212. #######################################################################################################################################
1213. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:51 EDT
1214. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1215. Host is up.
1216.  
1217. PORT STATE SERVICE VERSION
1218. 67/udp open|filtered dhcps
1219. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
1220. Too many fingerprints match this host to give specific OS details
1221.  
1222. TRACEROUTE (using proto 1/icmp)
1223. HOP RTT ADDRESS
1224. 1 107.99 ms 10.249.200.1
1225. 2 108.92 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
1226. 3 108.04 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
1227. 4 115.01 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1228. 5 114.44 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1229. 6 117.22 ms 80.77.2.193
1230. 7 284.27 ms xe-9-0-1.0.pjr04.ldn001.flagtel.com (85.95.27.193)
1231. 8 127.63 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
1232. 9 281.29 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1233. 10 351.01 ms 80.77.2.42
1234. 11 235.72 ms 196.29.177.113
1235. 12 245.18 ms 197.254.196.62
1236. 13 ... 30
1237. #######################################################################################################################################
1238. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:53 EDT
1239. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1240. Host is up.
1241.  
1242. PORT STATE SERVICE VERSION
1243. 68/udp open|filtered dhcpc
1244. Too many fingerprints match this host to give specific OS details
1245.  
1246. TRACEROUTE (using proto 1/icmp)
1247. HOP RTT ADDRESS
1248. 1 113.23 ms 10.249.200.1
1249. 2 113.79 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
1250. 3 113.82 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
1251. 4 116.20 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1252. 5 119.44 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1253. 6 122.43 ms 80.77.2.193
1254. 7 291.09 ms xe-9-0-1.0.pjr04.ldn001.flagtel.com (85.95.27.193)
1255. 8 127.47 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
1256. 9 279.87 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1257. 10 327.09 ms 80.77.2.42
1258. 11 244.13 ms 196.29.177.113
1259. 12 253.82 ms 197.254.196.62
1260. 13 ... 30
1261. #######################################################################################################################################
1262. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:55 EDT
1263. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1264. Host is up.
1265.  
1266. PORT STATE SERVICE VERSION
1267. 69/udp open|filtered tftp
1268. Too many fingerprints match this host to give specific OS details
1269.  
1270. TRACEROUTE (using proto 1/icmp)
1271. HOP RTT ADDRESS
1272. 1 109.98 ms 10.249.200.1
1273. 2 110.54 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
1274. 3 110.06 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
1275. 4 110.09 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1276. 5 116.36 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1277. 6 119.03 ms 80.77.2.193
1278. 7 288.67 ms xe-9-0-1.0.pjr04.ldn001.flagtel.com (85.95.27.193)
1279. 8 129.43 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
1280. 9 282.66 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1281. 10 330.12 ms 80.77.2.42
1282. 11 235.57 ms 196.29.177.113
1283. 12 245.06 ms 197.254.196.62
1284. 13 ... 30
1285. #######################################################################################################################################
1286. wig - WebApp Information Gatherer
1287.  
1288.  
1289. Scanning http://62.12.105.3...
1290. ______________________ SITE INFO _______________________
1291. IP Title
1292. 62.12.105.3 Domain Default page
1293.  
1294. _______________________ VERSION ________________________
1295. Name Versions Type
1296. ASP.NET 4.0.30319 Platform
1297. IIS 8.5 Platform
1298. Microsoft Windows Server 2012 R2 OS
1299.  
1300. ________________________________________________________
1301. Time: 36.8 sec Urls: 601 Fingerprints: 40401
1302. #######################################################################################################################################
1303. HTTP/1.1 200 OK
1304. Content-Length: 3815
1305. Content-Type: text/html
1306. Last-Modified: Sun, 24 Apr 2016 21:37:41 GMT
1307. Accept-Ranges: bytes
1308. ETag: "f1eb6487719ed11:0"
1309. Server: Microsoft-IIS/8.5
1310. X-Powered-By: ASP.NET
1311. Date: Fri, 14 Jun 2019 23:58:38 GMT
1312.  
1313. HTTP/1.1 200 OK
1314. Content-Length: 3815
1315. Content-Type: text/html
1316. Last-Modified: Sun, 24 Apr 2016 21:37:41 GMT
1317. Accept-Ranges: bytes
1318. ETag: "f1eb6487719ed11:0"
1319. Server: Microsoft-IIS/8.5
1320. X-Powered-By: ASP.NET
1321. Date: Fri, 14 Jun 2019 23:58:39 GMT
1322.  
1323. Allow: OPTIONS, TRACE, GET, HEAD, POST
1324. #######################################################################################################################################
1325. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:58 EDT
1326. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1327. Host is up (0.25s latency).
1328.  
1329. PORT STATE SERVICE VERSION
1330. 110/tcp open pop3 MailEnable POP3 Server
1331. | pop3-brute:
1332. | Accounts: No valid accounts found
1333. | Statistics: Performed 85 guesses in 7 seconds, average tps: 12.1
1334. |_ ERROR: Failed to make a pop-connection.
1335. |_pop3-capabilities: TOP USER UIDL
1336. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1337. Device type: phone
1338. Running: Nokia Symbian OS
1339. OS CPE: cpe:/o:nokia:symbian_os
1340. OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1341. Network Distance: 14 hops
1342. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1343.  
1344. TRACEROUTE (using port 443/tcp)
1345. HOP RTT ADDRESS
1346. 1 107.51 ms 10.249.200.1
1347. 2 107.93 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
1348. 3 107.65 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
1349. 4 117.95 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1350. 5 150.84 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1351. 6 116.52 ms 80.77.2.193
1352. 7 306.04 ms xe-8-1-3.0.pjr03.ldn001.flagtel.com (85.95.26.242)
1353. 8 126.86 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
1354. 9 280.43 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1355. 10 327.66 ms 80.77.2.42
1356. 11 235.45 ms 196.29.177.113
1357. 12 244.96 ms 197.254.196.62
1358. 13 ...
1359. 14 262.43 ms f03-web01.nic.gov.sd (62.12.105.3)
1360. #######################################################################################################################################
1361. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:59 EDT
1362. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1363. Host is up.
1364.  
1365. PORT STATE SERVICE VERSION
1366. 123/udp open|filtered ntp
1367. Too many fingerprints match this host to give specific OS details
1368.  
1369. TRACEROUTE (using proto 1/icmp)
1370. HOP RTT ADDRESS
1371. 1 111.37 ms 10.249.200.1
1372. 2 111.94 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
1373. 3 111.73 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
1374. 4 111.59 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1375. 5 117.61 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1376. 6 120.42 ms 80.77.2.193
1377. 7 285.12 ms xe-9-0-1.0.pjr04.ldn001.flagtel.com (85.95.27.193)
1378. 8 132.51 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
1379. 9 284.28 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1380. 10 332.36 ms 80.77.2.42
1381. 11 235.19 ms 196.29.177.113
1382. 12 249.02 ms 197.254.196.62
1383. 13 ... 30
1384. #######################################################################################################################################
1385. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 20:03 EDT
1386. NSE: Loaded 148 scripts for scanning.
1387. NSE: Script Pre-scanning.
1388. NSE: Starting runlevel 1 (of 2) scan.
1389. Initiating NSE at 20:03
1390. Completed NSE at 20:03, 0.00s elapsed
1391. NSE: Starting runlevel 2 (of 2) scan.
1392. Initiating NSE at 20:03
1393. Completed NSE at 20:03, 0.00s elapsed
1394. Initiating Ping Scan at 20:03
1395. Scanning 62.12.105.3 [4 ports]
1396. Completed Ping Scan at 20:03, 0.28s elapsed (1 total hosts)
1397. Initiating Parallel DNS resolution of 1 host. at 20:03
1398. Completed Parallel DNS resolution of 1 host. at 20:03, 0.02s elapsed
1399. Initiating Connect Scan at 20:03
1400. Scanning f03-web01.nic.gov.sd (62.12.105.3) [65535 ports]
1401. Discovered open port 80/tcp on 62.12.105.3
1402. Discovered open port 110/tcp on 62.12.105.3
1403. Discovered open port 443/tcp on 62.12.105.3
1404. Discovered open port 21/tcp on 62.12.105.3
1405. Discovered open port 143/tcp on 62.12.105.3
1406. Connect Scan Timing: About 6.92% done; ETC: 20:10 (0:06:57 remaining)
1407. Connect Scan Timing: About 17.02% done; ETC: 20:09 (0:04:57 remaining)
1408. Connect Scan Timing: About 25.73% done; ETC: 20:09 (0:04:23 remaining)
1409. Connect Scan Timing: About 44.65% done; ETC: 20:10 (0:03:59 remaining)
1410. Connect Scan Timing: About 52.02% done; ETC: 20:11 (0:03:37 remaining)
1411. Connect Scan Timing: About 60.82% done; ETC: 20:11 (0:03:12 remaining)
1412. Connect Scan Timing: About 71.01% done; ETC: 20:11 (0:02:14 remaining)
1413. Connect Scan Timing: About 84.00% done; ETC: 20:10 (0:01:08 remaining)
1414. Connect Scan Timing: About 92.34% done; ETC: 20:10 (0:00:32 remaining)
1415. Completed Connect Scan at 20:10, 413.88s elapsed (65535 total ports)
1416. Initiating Service scan at 20:10
1417. Scanning 5 services on f03-web01.nic.gov.sd (62.12.105.3)
1418. Completed Service scan at 20:10, 25.60s elapsed (5 services on 1 host)
1419. Initiating OS detection (try #1) against f03-web01.nic.gov.sd (62.12.105.3)
1420. Retrying OS detection (try #2) against f03-web01.nic.gov.sd (62.12.105.3)
1421. adjust_timeouts2: packet supposedly had rtt of -226841 microseconds. Ignoring time.
1422. adjust_timeouts2: packet supposedly had rtt of -226841 microseconds. Ignoring time.
1423. Initiating Traceroute at 20:11
1424. Completed Traceroute at 20:11, 6.34s elapsed
1425. Initiating Parallel DNS resolution of 12 hosts. at 20:11
1426. Completed Parallel DNS resolution of 12 hosts. at 20:11, 0.20s elapsed
1427. NSE: Script scanning 62.12.105.3.
1428. NSE: Starting runlevel 1 (of 2) scan.
1429. Initiating NSE at 20:11
1430. NSE Timing: About 99.12% done; ETC: 20:11 (0:00:00 remaining)
1431. NSE Timing: About 99.27% done; ETC: 20:12 (0:00:00 remaining)
1432. NSE Timing: About 99.71% done; ETC: 20:12 (0:00:00 remaining)
1433. Completed NSE at 20:12, 92.84s elapsed
1434. NSE: Starting runlevel 2 (of 2) scan.
1435. Initiating NSE at 20:12
1436. Completed NSE at 20:12, 0.50s elapsed
1437. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1438. Host is up, received syn-ack ttl 112 (0.19s latency).
1439. Scanned at 2019-06-14 20:03:29 EDT for 551s
1440. Not shown: 65523 filtered ports
1441. Reason: 65522 no-responses and 1 host-unreach
1442. PORT STATE SERVICE REASON VERSION
1443. 21/tcp open ftp syn-ack Microsoft ftpd
1444. | ftp-syst:
1445. |_ SYST: Windows_NT
1446. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/localityName=Seattle/[email protected]
1447. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/localityName=Seattle/[email protected]
1448. | Public Key type: rsa
1449. | Public Key bits: 2048
1450. | Signature Algorithm: sha256WithRSAEncryption
1451. | Not valid before: 2016-04-19T09:30:36
1452. | Not valid after: 2017-04-19T09:30:36
1453. | MD5: 8d45 138f 8b9f f882 90d9 90be 195a f4d0
1454. | SHA-1: 69d9 baa7 b23e 96ac 6090 cc93 d352 5c78 acba 9790
1455. | -----BEGIN CERTIFICATE-----
1456. | MIIEajCCA1KgAwIBAgIEBNin+DANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMC
1457. | VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxDTALBgNV
1458. | BAoTBE9kaW4xDjAMBgNVBAsTBVBsZXNrMQ4wDAYDVQQDEwVQbGVzazEdMBsGCSqG
1459. | SIb3DQEJARYOaW5mb0BwbGVzay5jb20wHhcNMTYwNDE5MDkzMDM2WhcNMTcwNDE5
1460. | MDkzMDM2WjCBgjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO
1461. | BgNVBAcTB1NlYXR0bGUxDTALBgNVBAoTBE9kaW4xDjAMBgNVBAsTBVBsZXNrMQ4w
1462. | DAYDVQQDEwVQbGVzazEdMBsGCSqGSIb3DQEJARYOaW5mb0BwbGVzay5jb20wggEi
1463. | MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSBgk7uIcz0ea9fN1QDp3Pl19b
1464. | rjqqnl3b7UIxbZaPhoraBvBknLJ0hEzOitQmKsxIsGKPLjxSb6WMmiE+YRH0kvOU
1465. | oXWa/yjRx3rG6Z+Wd6U7r7IIbWdBMGgbTQ2OdzmrKXVqoaXM2crH9cPDhWJgkVu9
1466. | Q6zuUiMjo7cwFR1X/vAVPW1C4l5HQcW3oGC14ll5jC15IbB04YusglQVfD/8u246
1467. | nMRgToyj+gxMvsifYG9h53OT0qJz/MFk4PvtG2MAy8ipR10VMtOUrMqzaZ1ntjex
1468. | sqog2cNgT6LLRMi870OCRaT/cVYCjNlhcQIE2Tpyf9MYKK0myMokTBXs+WNHAgMB
1469. | AAGjgeUwgeIwHQYDVR0OBBYEFKXkfR1gs1JC6WRjoLsdij8g/DVYMIGyBgNVHSME
1470. | gaowgaeAFKXkfR1gs1JC6WRjoLsdij8g/DVYoYGIpIGFMIGCMQswCQYDVQQGEwJV
1471. | UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTENMAsGA1UE
1472. | ChMET2RpbjEOMAwGA1UECxMFUGxlc2sxDjAMBgNVBAMTBVBsZXNrMR0wGwYJKoZI
1473. | hvcNAQkBFg5pbmZvQHBsZXNrLmNvbYIEBNin+DAMBgNVHRMEBTADAQH/MA0GCSqG
1474. | SIb3DQEBCwUAA4IBAQARU5/ZcbkEx+CNZjqAY2r5h5m2Bq5kt0CY+j6uH05oreL9
1475. | 5gKbBctsDTehfCw5+VpFpv4lCogQ9QJlQ8A3VQXV4kjueRIMvrShPbh7vZ1LcQNR
1476. | PXDUyNZpbItE29/rJe4qvgFWMd73yw18H871kwLtddx0XfOv2tgO5fzLr9BT5hzq
1477. | E9upUN40ATHb/bDcAVLsUTOmYM9idZ4AS/oj0oCeBR9eqcw3IHNneIO3Qk2EA2UO
1478. | U93iDngn3tuYqUFlLZSjcVfWIWvY7cDMfqGEdanpz42V5nFqUQ76sWvYb8iF73uy
1479. | uxIFo3Edw+sf2D1fyEpbDQZNsNiNSyUUHUq3qagk
1480. |_-----END CERTIFICATE-----
1481. 25/tcp closed smtp conn-refused
1482. 80/tcp open http syn-ack Microsoft IIS httpd 8.5
1483. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1484. | http-methods:
1485. | Supported Methods: OPTIONS TRACE GET HEAD POST
1486. |_ Potentially risky methods: TRACE
1487. |_http-server-header: Microsoft-IIS/8.5
1488. |_http-title: Domain Default page
1489. 110/tcp open pop3 syn-ack MailEnable POP3 Server
1490. |_pop3-capabilities: USER UIDL TOP
1491. 113/tcp closed ident conn-refused
1492. 139/tcp closed netbios-ssn conn-refused
1493. 143/tcp open imap syn-ack MailEnable imapd
1494. |_imap-capabilities: IMAP4 IMAP4rev1 AUTH=LOGIN OK completed CHILDREN AUTH=CRAM-MD5 CAPABILITY IDLE UIDPLUSA0001
1495. 443/tcp open https? syn-ack
1496. 445/tcp closed microsoft-ds conn-refused
1497. 993/tcp closed imaps conn-refused
1498. 995/tcp closed pop3s conn-refused
1499. 1025/tcp closed NFS-or-IIS conn-refused
1500. Device type: general purpose|WAP|router
1501. Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (98%), MikroTik RouterOS 6.X (92%)
1502. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15 cpe:/o:linux:linux_kernel:2.6.22
1503. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
1504. Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (98%), Tomato 1.27 - 1.28 (Linux 2.4.20) (92%), Linux 3.2.0 (92%), MikroTik RouterOS 6.15 (Linux 3.3.5) (92%), Tomato firmware (Linux 2.6.22) (91%)
1505. No exact OS matches for host (test conditions non-ideal).
1506. TCP/IP fingerprint:
1507. SCAN(V=7.70%E=4%D=6/14%OT=21%CT=25%CU=%PV=N%G=N%TM=5D0437F8%P=x86_64-pc-linux-gnu)
1508. SEQ(SP=FF%GCD=1%ISR=103%CI=Z%TS=U)
1509. SEQ(CI=Z)
1510. OPS(O1=M44FW8N%O2=M44FW8N%O3=M44FW8N%O4=M44FW8N%O5=M44FW8N%O6=M44F)
1511. WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
1512. ECN(R=Y%DF=Y%TG=80%W=2000%O=M44FW8N%CC=Y%Q=)
1513. ECN(R=N)
1514. T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
1515. T2(R=N)
1516. T3(R=N)
1517. T4(R=N)
1518. T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
1519. T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
1520. T7(R=N)
1521. U1(R=N)
1522. IE(R=N)
1523.  
1524. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1525.  
1526. TRACEROUTE (using proto 1/icmp)
1527. HOP RTT ADDRESS
1528. 1 112.96 ms 10.249.200.1
1529. 2 113.16 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
1530. 3 113.00 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
1531. 4 122.99 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
1532. 5 151.61 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
1533. 6 148.57 ms 80.77.2.193
1534. 7 287.17 ms xe-9-0-1.0.pjr04.ldn001.flagtel.com (85.95.27.193)
1535. 8 132.28 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
1536. 9 285.74 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
1537. 10 333.26 ms 80.77.2.42
1538. 11 235.30 ms 196.29.177.113
1539. 12 245.09 ms 197.254.196.62
1540. 13 ... 30
1541.  
1542. NSE: Script Post-scanning.
1543. NSE: Starting runlevel 1 (of 2) scan.
1544. Initiating NSE at 20:12
1545. Completed NSE at 20:12, 0.00s elapsed
1546. NSE: Starting runlevel 2 (of 2) scan.
1547. Initiating NSE at 20:12
1548. Completed NSE at 20:12, 0.00s elapsed
1549. Read data files from: /usr/bin/../share/nmap
1550. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1551. Nmap done: 1 IP address (1 host up) scanned in 550.98 seconds
1552. Raw packets sent: 173 (11.884KB) | Rcvd: 2132 (119.118KB)
1553. #######################################################################################################################################
1554. Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 20:12 EDT
1555. NSE: Loaded 148 scripts for scanning.
1556. NSE: Script Pre-scanning.
1557. Initiating NSE at 20:12
1558. Completed NSE at 20:12, 0.00s elapsed
1559. Initiating NSE at 20:12
1560. Completed NSE at 20:12, 0.00s elapsed
1561. Initiating Parallel DNS resolution of 1 host. at 20:12
1562. Completed Parallel DNS resolution of 1 host. at 20:12, 0.03s elapsed
1563. Initiating UDP Scan at 20:12
1564. Scanning f03-web01.nic.gov.sd (62.12.105.3) [14 ports]
1565. Completed UDP Scan at 20:12, 2.00s elapsed (14 total ports)
1566. Initiating Service scan at 20:12
1567. Scanning 12 services on f03-web01.nic.gov.sd (62.12.105.3)
1568. Service scan Timing: About 8.33% done; ETC: 20:32 (0:17:58 remaining)
1569. Completed Service scan at 20:14, 102.58s elapsed (12 services on 1 host)
1570. Initiating OS detection (try #1) against f03-web01.nic.gov.sd (62.12.105.3)
1571. Retrying OS detection (try #2) against f03-web01.nic.gov.sd (62.12.105.3)
1572. Initiating Traceroute at 20:14
1573. Completed Traceroute at 20:14, 7.13s elapsed
1574. Initiating Parallel DNS resolution of 1 host. at 20:14
1575. Completed Parallel DNS resolution of 1 host. at 20:14, 0.00s elapsed
1576. NSE: Script scanning 62.12.105.3.
1577. Initiating NSE at 20:14
1578. Completed NSE at 20:14, 20.32s elapsed
1579. Initiating NSE at 20:14
1580. Completed NSE at 20:14, 1.02s elapsed
1581. Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1582. Host is up (0.11s latency).
1583.  
1584. PORT STATE SERVICE VERSION
1585. 53/udp open|filtered domain
1586. 67/udp open|filtered dhcps
1587. 68/udp open|filtered dhcpc
1588. 69/udp open|filtered tftp
1589. 88/udp open|filtered kerberos-sec
1590. 123/udp open|filtered ntp
1591. 137/udp filtered netbios-ns
1592. 138/udp filtered netbios-dgm
1593. 139/udp open|filtered netbios-ssn
1594. 161/udp open|filtered snmp
1595. 162/udp open|filtered snmptrap
1596. 389/udp open|filtered ldap
1597. 520/udp open|filtered route
1598. 2049/udp open|filtered nfs
1599. Too many fingerprints match this host to give specific OS details
1600.  
1601. TRACEROUTE (using port 137/udp)
1602. HOP RTT ADDRESS
1603. 1 109.29 ms 10.249.200.1
1604. 2 ... 3
1605. 4 106.89 ms 10.249.200.1
1606. 5 114.41 ms 10.249.200.1
1607. 6 108.04 ms 10.249.200.1
1608. 7 108.05 ms 10.249.200.1
1609. 8 108.06 ms 10.249.200.1
1610. 9 108.07 ms 10.249.200.1
1611. 10 108.11 ms 10.249.200.1
1612. 11 ... 18
1613. 19 106.49 ms 10.249.200.1
1614. 20 106.21 ms 10.249.200.1
1615. 21 ... 27
1616. 28 107.49 ms 10.249.200.1
1617. 29 ...
1618. 30 112.61 ms 10.249.200.1
1619.  
1620. NSE: Script Post-scanning.
1621. Initiating NSE at 20:14
1622. Completed NSE at 20:14, 0.00s elapsed
1623. Initiating NSE at 20:14
1624. Completed NSE at 20:14, 0.00s elapsed
1625. Read data files from: /usr/bin/../share/nmap
1626. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1627. Nmap done: 1 IP address (1 host up) scanned in 137.94 seconds
1628. Raw packets sent: 147 (13.614KB) | Rcvd: 981 (407.074KB)
1629. #######################################################################################################################################
1630.  
1631. Hosts
1632. =====
1633.  
1634. address mac name os_name os_flavor os_sp purpose info comments
1635. ------- --- ---- ------- --------- ----- ------- ---- --------
1636. 52.64.99.208 cbs.gov.ws Linux 3.X server
1637. 62.12.105.3 f03-web01.nic.gov.sd Linux 2.6.X server
1638. 77.72.0.146 argon.cloudhosting.co.uk Unknown device
1639. 147.237.77.18 Unknown device
1640.  
1641. Services
1642. ========
1643.  
1644. host port proto name state info
1645. ---- ---- ----- ---- ----- ----
1646. 52.64.99.208 20 tcp ftp-data closed
1647. 52.64.99.208 21 tcp ftp open vsftpd 3.0.2
1648. 52.64.99.208 25 tcp smtp closed
1649. 52.64.99.208 53 udp domain unknown
1650. 52.64.99.208 67 udp dhcps unknown
1651. 52.64.99.208 68 udp dhcpc unknown
1652. 52.64.99.208 69 udp tftp unknown
1653. 52.64.99.208 80 tcp http open Apache httpd
1654. 52.64.99.208 88 udp kerberos-sec unknown
1655. 52.64.99.208 123 udp ntp unknown
1656. 52.64.99.208 137 udp netbios-ns filtered
1657. 52.64.99.208 138 udp netbios-dgm filtered
1658. 52.64.99.208 139 tcp netbios-ssn closed
1659. 52.64.99.208 139 udp netbios-ssn unknown
1660. 52.64.99.208 161 udp snmp unknown
1661. 52.64.99.208 162 udp snmptrap unknown
1662. 52.64.99.208 389 udp ldap unknown
1663. 52.64.99.208 443 tcp ssl/http open Apache httpd
1664. 52.64.99.208 445 tcp microsoft-ds closed
1665. 52.64.99.208 520 udp route unknown
1666. 52.64.99.208 1024 tcp kdm closed
1667. 52.64.99.208 1025 tcp nfs-or-iis closed
1668. 52.64.99.208 1026 tcp lsa-or-nterm closed
1669. 52.64.99.208 1027 tcp iis closed
1670. 52.64.99.208 1028 tcp unknown closed
1671. 52.64.99.208 1029 tcp ms-lsa closed
1672. 52.64.99.208 1030 tcp iad1 closed
1673. 52.64.99.208 1031 tcp iad2 closed
1674. 52.64.99.208 1032 tcp iad3 closed
1675. 52.64.99.208 1033 tcp netinfo closed
1676. 52.64.99.208 1034 tcp zincite-a closed
1677. 52.64.99.208 1035 tcp multidropper closed
1678. 52.64.99.208 1036 tcp nsstp closed
1679. 52.64.99.208 1037 tcp ams closed
1680. 52.64.99.208 1038 tcp mtqp closed
1681. 52.64.99.208 1039 tcp sbl closed
1682. 52.64.99.208 1040 tcp netsaint closed
1683. 52.64.99.208 1041 tcp danf-ak2 closed
1684. 52.64.99.208 1042 tcp afrog closed
1685. 52.64.99.208 1043 tcp boinc closed
1686. 52.64.99.208 1044 tcp dcutility closed
1687. 52.64.99.208 1045 tcp fpitp closed
1688. 52.64.99.208 1046 tcp wfremotertm closed
1689. 52.64.99.208 1047 tcp neod1 closed
1690. 52.64.99.208 1048 tcp neod2 closed
1691. 52.64.99.208 2049 udp nfs unknown
1692. 62.12.105.3 21 tcp ftp open Microsoft ftpd
1693. 62.12.105.3 25 tcp smtp closed
1694. 62.12.105.3 53 udp domain unknown
1695. 62.12.105.3 67 udp dhcps unknown
1696. 62.12.105.3 68 udp dhcpc unknown
1697. 62.12.105.3 69 udp tftp unknown
1698. 62.12.105.3 80 tcp http open Microsoft IIS httpd 8.5
1699. 62.12.105.3 88 udp kerberos-sec unknown
1700. 62.12.105.3 110 tcp pop3 open MailEnable POP3 Server
1701. 62.12.105.3 113 tcp ident closed
1702. 62.12.105.3 123 udp ntp unknown
1703. 62.12.105.3 137 udp netbios-ns filtered
1704. 62.12.105.3 138 udp netbios-dgm filtered
1705. 62.12.105.3 139 tcp netbios-ssn closed
1706. 62.12.105.3 139 udp netbios-ssn unknown
1707. 62.12.105.3 143 tcp imap open MailEnable imapd
1708. 62.12.105.3 161 udp snmp unknown
1709. 62.12.105.3 162 udp snmptrap unknown
1710. 62.12.105.3 389 udp ldap unknown
1711. 62.12.105.3 443 tcp https open
1712. 62.12.105.3 445 tcp microsoft-ds closed
1713. 62.12.105.3 520 udp route unknown
1714. 62.12.105.3 993 tcp imaps closed
1715. 62.12.105.3 995 tcp pop3s closed
1716. 62.12.105.3 1025 tcp nfs-or-iis closed
1717. 62.12.105.3 2049 udp nfs unknown
1718. 62.12.105.3 8443 tcp https-alt open
1719. 77.72.0.146 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 50 allowed.\x0d\x0a220-Local time is now 23:05. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
1720. 77.72.0.146 67 udp dhcps unknown
1721. 77.72.0.146 68 udp dhcpc unknown
1722. 77.72.0.146 69 udp tftp unknown
1723. 77.72.0.146 80 tcp http open
1724. 77.72.0.146 88 udp kerberos-sec unknown
1725. 77.72.0.146 110 tcp pop3 open
1726. 77.72.0.146 123 udp ntp unknown
1727. 77.72.0.146 139 udp netbios-ssn unknown
1728. 77.72.0.146 143 tcp imap open
1729. 77.72.0.146 389 udp ldap unknown
1730. 77.72.0.146 443 tcp https open
1731. 77.72.0.146 465 tcp smtps open
1732. 77.72.0.146 520 udp route unknown
1733. 77.72.0.146 587 tcp submission open
1734. 77.72.0.146 993 tcp imaps open
1735. 77.72.0.146 995 tcp pop3s open
1736. 77.72.0.146 2049 udp nfs unknown
1737. 147.237.77.18 53 udp domain unknown
1738. 147.237.77.18 67 udp dhcps unknown
1739. 147.237.77.18 68 udp dhcpc unknown
1740. 147.237.77.18 69 udp tftp unknown
1741. 147.237.77.18 80 tcp http open
1742. 147.237.77.18 88 udp kerberos-sec unknown
1743. 147.237.77.18 123 udp ntp unknown
1744. 147.237.77.18 139 udp netbios-ssn unknown
1745. 147.237.77.18 161 udp snmp unknown
1746. 147.237.77.18 162 udp snmptrap unknown
1747. 147.237.77.18 389 udp ldap unknown
1748. 147.237.77.18 520 udp route unknown
1749. 147.237.77.18 2049 udp nfs unknown
1750. #######################################################################################################################################
1751. Domains still to check: 1
1752. Checking if the hostname ombudsman.gov.sd. given is in fact a domain...
1753.  
1754. Analyzing domain: ombudsman.gov.sd.
1755. Checking NameServers using system default resolver...
1756. IP: 62.12.109.2 (Sudan)
1757. HostName: ns0.ndc.gov.sd Type: NS
1758. IP: 62.12.109.3 (Sudan)
1759. HostName: ns1.ndc.gov.sd Type: NS
1760.  
1761. Checking MailServers using system default resolver...
1762. WARNING!! There are no MX records for this domain
1763.  
1764. Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1765. Zone transfer successful on name server 62.12.109.2 (5 hosts)
1766. Zone transfer successful on name server 62.12.109.3 (5 hosts)
1767.  
1768. Checking SPF record...
1769.  
1770. Checking 5 most common hostnames using system default resolver...
1771. IP: 62.12.105.3 (Sudan)
1772. HostName: mssql.ombudsman.gov.sd. Type: A
1773. IP: 62.12.105.3 (Sudan)
1774. HostName: mssql.ombudsman.gov.sd. Type: A
1775. HostName: mail.ombudsman.gov.sd. Type: A
1776. HostName: f03-web01.nic.gov.sd Type: PTR
1777. IP: 62.12.105.3 (Sudan)
1778. HostName: mssql.ombudsman.gov.sd. Type: A
1779. HostName: mail.ombudsman.gov.sd. Type: A
1780. HostName: f03-web01.nic.gov.sd Type: PTR
1781. HostName: www.ombudsman.gov.sd. Type: A
1782. IP: 62.12.105.3 (Sudan)
1783. HostName: mssql.ombudsman.gov.sd. Type: A
1784. HostName: mail.ombudsman.gov.sd. Type: A
1785. HostName: f03-web01.nic.gov.sd Type: PTR
1786. HostName: www.ombudsman.gov.sd. Type: A
1787. HostName: webmail.ombudsman.gov.sd. Type: A
1788.  
1789. Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1790. Checking netblock 62.12.109.0
1791. Checking netblock 62.12.105.0
1792.  
1793. Searching for ombudsman.gov.sd. emails in Google
1794.  
1795. Checking 3 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1796. Host 62.12.109.2 is up (reset ttl 64)
1797. Host 62.12.109.3 is up (reset ttl 64)
1798. Host 62.12.105.3 is up (reset ttl 64)
1799.  
1800. Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1801. Scanning ip 62.12.109.2 (ns0.ndc.gov.sd):
1802. 53/tcp open domain syn-ack ttl 48 (unknown banner: you guess!)
1803. | dns-nsid:
1804. |_ bind.version: you guess!
1805. | fingerprint-strings:
1806. | DNSVersionBindReqTCP:
1807. | version
1808. | bind
1809. |_ guess!
1810. Scanning ip 62.12.109.3 (ns1.ndc.gov.sd):
1811. 53/tcp open domain syn-ack ttl 48 (unknown banner: you guess!)
1812. | dns-nsid:
1813. |_ bind.version: you guess!
1814. | fingerprint-strings:
1815. | DNSVersionBindReqTCP:
1816. | version
1817. | bind
1818. |_ guess!
1819. Scanning ip 62.12.105.3 (webmail.ombudsman.gov.sd.):
1820. 21/tcp open ftp syn-ack ttl 112 Microsoft ftpd
1821. | ftp-syst:
1822. |_ SYST: Windows_NT
1823. | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
1824. | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
1825. | Public Key type: rsa
1826. | Public Key bits: 2048
1827. | Signature Algorithm: sha256WithRSAEncryption
1828. | Not valid before: 2016-04-19T09:30:36
1829. | Not valid after: 2017-04-19T09:30:36
1830. | MD5: 8d45 138f 8b9f f882 90d9 90be 195a f4d0
1831. |_SHA-1: 69d9 baa7 b23e 96ac 6090 cc93 d352 5c78 acba 9790
1832. 80/tcp open http syn-ack ttl 112 Microsoft IIS httpd 8.5
1833. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1834. | http-methods:
1835. | Supported Methods: OPTIONS TRACE GET HEAD POST
1836. |_ Potentially risky methods: TRACE
1837. |_http-server-header: Microsoft-IIS/8.5
1838. |_http-title: Domain Default page
1839. 110/tcp open pop3 syn-ack ttl 112 MailEnable POP3 Server
1840. |_pop3-capabilities: USER TOP UIDL
1841. 143/tcp open imap syn-ack ttl 112 MailEnable imapd
1842. |_imap-capabilities: IMAP4 OK completed AUTH=LOGIN IDLE UIDPLUSA0001 AUTH=CRAM-MD5 IMAP4rev1 CAPABILITY CHILDREN
1843. 443/tcp open https? syn-ack ttl 112
1844. 8443/tcp open ssl/http syn-ack ttl 112 Microsoft IIS httpd 8.5
1845. |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1846. | http-methods:
1847. |_ Supported Methods: GET HEAD POST OPTIONS
1848. | http-robots.txt: 1 disallowed entry
1849. |_/
1850. |_http-server-header: Microsoft-IIS/8.5
1851. |_http-title: Plesk Onyx 17.8.11
1852. | ssl-cert: Subject: commonName=f03-web01.nic.gov.sd
1853. | Subject Alternative Name: DNS:f03-web01.nic.gov.sd
1854. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1855. | Public Key type: rsa
1856. | Public Key bits: 2048
1857. | Signature Algorithm: sha256WithRSAEncryption
1858. | Not valid before: 2019-05-16T00:30:46
1859. | Not valid after: 2019-08-14T00:30:46
1860. | MD5: 8a76 d806 383f 0437 1e28 3297 e8bc 357a
1861. |_SHA-1: 2d8f b6fa 2b1d d78f 9c4f 7916 a2b0 d7c3 e5c9 5305
1862. Device type: general purpose|WAP|router
1863. Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (98%), MikroTik RouterOS 6.X (92%)
1864. OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1865. WebCrawling domain's web servers... up to 50 max links.
1866.  
1867. + URL to crawl: http://mail.ombudsman.gov.sd.
1868. + Date: 2019-06-14
1869.  
1870. + Crawling URL: http://mail.ombudsman.gov.sd.:
1871. + Links:
1872. + Crawling http://mail.ombudsman.gov.sd. (400 Bad Request)
1873. + Searching for directories...
1874. + Searching open folders...
1875.  
1876.  
1877. + URL to crawl: http://webmail.ombudsman.gov.sd.
1878. + Date: 2019-06-14
1879.  
1880. + Crawling URL: http://webmail.ombudsman.gov.sd.:
1881. + Links:
1882. + Crawling http://webmail.ombudsman.gov.sd. (400 Bad Request)
1883. + Searching for directories...
1884. + Searching open folders...
1885.  
1886.  
1887. + URL to crawl: http://mssql.ombudsman.gov.sd.
1888. + Date: 2019-06-14
1889.  
1890. + Crawling URL: http://mssql.ombudsman.gov.sd.:
1891. + Links:
1892. + Crawling http://mssql.ombudsman.gov.sd. (400 Bad Request)
1893. + Searching for directories...
1894. + Searching open folders...
1895.  
1896.  
1897. + URL to crawl: http://www.ombudsman.gov.sd.
1898. + Date: 2019-06-14
1899.  
1900. + Crawling URL: http://www.ombudsman.gov.sd.:
1901. + Links:
1902. + Crawling http://www.ombudsman.gov.sd. (400 Bad Request)
1903. + Searching for directories...
1904. + Searching open folders...
1905.  
1906.  
1907. + URL to crawl: https://mail.ombudsman.gov.sd.:8443
1908. + Date: 2019-06-14
1909.  
1910. + Crawling URL: https://mail.ombudsman.gov.sd.:8443:
1911. + Links:
1912. + Crawling https://mail.ombudsman.gov.sd.:8443 ([Errno 104] Connection reset by peer)
1913. + Searching for directories...
1914. + Searching open folders...
1915.  
1916.  
1917. + URL to crawl: https://webmail.ombudsman.gov.sd.:8443
1918. + Date: 2019-06-14
1919.  
1920. + Crawling URL: https://webmail.ombudsman.gov.sd.:8443:
1921. + Links:
1922. + Crawling https://webmail.ombudsman.gov.sd.:8443 ([Errno 104] Connection reset by peer)
1923. + Searching for directories...
1924. + Searching open folders...
1925.  
1926.  
1927. + URL to crawl: https://mssql.ombudsman.gov.sd.:8443
1928. + Date: 2019-06-14
1929.  
1930. + Crawling URL: https://mssql.ombudsman.gov.sd.:8443:
1931. + Links:
1932. + Crawling https://mssql.ombudsman.gov.sd.:8443 ([Errno 104] Connection reset by peer)
1933. + Searching for directories...
1934. + Searching open folders...
1935.  
1936.  
1937. + URL to crawl: https://www.ombudsman.gov.sd.:8443
1938. + Date: 2019-06-14
1939.  
1940. + Crawling URL: https://www.ombudsman.gov.sd.:8443:
1941. + Links:
1942. + Crawling https://www.ombudsman.gov.sd.:8443 ([Errno 104] Connection reset by peer)
1943. + Searching for directories...
1944. + Searching open folders...
1945.  
1946. --Finished--
1947. Summary information for domain ombudsman.gov.sd.
1948. ---------------------------------------------------------------------------------------------------------------------------------------
1949.  
1950. Domain Ips Information:
1951. IP: 62.12.109.2
1952. HostName: ns0.ndc.gov.sd Type: NS
1953. Country: Sudan
1954. Zone Transfer: 5
1955. Is Active: True (reset ttl 64)
1956. Port: 53/tcp open domain syn-ack ttl 48 (unknown banner: you guess!)
1957. Script Info: | dns-nsid:
1958. Script Info: |_ bind.version: you guess!
1959. Script Info: | fingerprint-strings:
1960. Script Info: | DNSVersionBindReqTCP:
1961. Script Info: | version
1962. Script Info: | bind
1963. Script Info: |_ guess!
1964. IP: 62.12.109.3
1965. HostName: ns1.ndc.gov.sd Type: NS
1966. Country: Sudan
1967. Zone Transfer: 5
1968. Is Active: True (reset ttl 64)
1969. Port: 53/tcp open domain syn-ack ttl 48 (unknown banner: you guess!)
1970. Script Info: | dns-nsid:
1971. Script Info: |_ bind.version: you guess!
1972. Script Info: | fingerprint-strings:
1973. Script Info: | DNSVersionBindReqTCP:
1974. Script Info: | version
1975. Script Info: | bind
1976. Script Info: |_ guess!
1977. IP: 62.12.105.3
1978. HostName: mssql.ombudsman.gov.sd. Type: A
1979. HostName: mail.ombudsman.gov.sd. Type: A
1980. HostName: f03-web01.nic.gov.sd Type: PTR
1981. HostName: www.ombudsman.gov.sd. Type: A
1982. HostName: webmail.ombudsman.gov.sd. Type: A
1983. Country: Sudan
1984. Is Active: True (reset ttl 64)
1985. Port: 21/tcp open ftp syn-ack ttl 112 Microsoft ftpd
1986. Script Info: | ftp-syst:
1987. Script Info: |_ SYST: Windows_NT
1988. Script Info: | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
1989. Script Info: | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
1990. Script Info: | Public Key type: rsa
1991. Script Info: | Public Key bits: 2048
1992. Script Info: | Signature Algorithm: sha256WithRSAEncryption
1993. Script Info: | Not valid before: 2016-04-19T09:30:36
1994. Script Info: | Not valid after: 2017-04-19T09:30:36
1995. Script Info: | MD5: 8d45 138f 8b9f f882 90d9 90be 195a f4d0
1996. Script Info: |_SHA-1: 69d9 baa7 b23e 96ac 6090 cc93 d352 5c78 acba 9790
1997. Port: 80/tcp open http syn-ack ttl 112 Microsoft IIS httpd 8.5
1998. Script Info: |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1999. Script Info: | http-methods:
2000. Script Info: | Supported Methods: OPTIONS TRACE GET HEAD POST
2001. Script Info: |_ Potentially risky methods: TRACE
2002. Script Info: |_http-server-header: Microsoft-IIS/8.5
2003. Script Info: |_http-title: Domain Default page
2004. Port: 110/tcp open pop3 syn-ack ttl 112 MailEnable POP3 Server
2005. Script Info: |_pop3-capabilities: USER TOP UIDL
2006. Port: 143/tcp open imap syn-ack ttl 112 MailEnable imapd
2007. Script Info: |_imap-capabilities: IMAP4 OK completed AUTH=LOGIN IDLE UIDPLUSA0001 AUTH=CRAM-MD5 IMAP4rev1 CAPABILITY CHILDREN
2008. Port: 443/tcp open https? syn-ack ttl 112
2009. Port: 8443/tcp open ssl/http syn-ack ttl 112 Microsoft IIS httpd 8.5
2010. Script Info: |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
2011. Script Info: | http-methods:
2012. Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
2013. Script Info: | http-robots.txt: 1 disallowed entry
2014. Script Info: |_/
2015. Script Info: |_http-server-header: Microsoft-IIS/8.5
2016. Script Info: |_http-title: Plesk Onyx 17.8.11
2017. Script Info: | ssl-cert: Subject: commonName=f03-web01.nic.gov.sd
2018. Script Info: | Subject Alternative Name: DNS:f03-web01.nic.gov.sd
2019. Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
2020. Script Info: | Public Key type: rsa
2021. Script Info: | Public Key bits: 2048
2022. Script Info: | Signature Algorithm: sha256WithRSAEncryption
2023. Script Info: | Not valid before: 2019-05-16T00:30:46
2024. Script Info: | Not valid after: 2019-08-14T00:30:46
2025. Script Info: | MD5: 8a76 d806 383f 0437 1e28 3297 e8bc 357a
2026. Script Info: |_SHA-1: 2d8f b6fa 2b1d d78f 9c4f 7916 a2b0 d7c3 e5c9 5305
2027. Script Info: Device type: general purpose|WAP|router
2028. Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (98%), MikroTik RouterOS 6.X (92%)
2029. Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2030. #######################################################################################################################################
2031. Anonymous JTSEC #OpSudan Full Recon #90