SHARE
TWEET

HunterUnit JTSEC pedo link for save child full recon #42

a guest Apr 27th, 2018 1,402 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. Hostname    nicklurapage.space      ISP     Quasi Networks LTD. (AS29073)
  3. Continent   Africa      Flag    
  4. SC
  5. Country     Seychelles      Country Code    SC (SYC)
  6. Region  Unknown         Local time  27 Apr 2018 19:28 +04
  7. City    Unknown         Latitude    -4.583
  8. IP Address  89.248.168.69       Longitude   55.667
  9. #######################################################################################################################################
  10.  
  11. HostIP:89.248.168.69
  12. HostName:nicklurapage.space
  13.  
  14. Gathered Inet-whois information for 89.248.168.69
  15. ---------------------------------------------------------------------------------------------------------------------------------------
  16.  
  17.  
  18. inetnum:        89.248.168.0 - 89.248.168.255
  19. netname:        SC-QUASI33
  20. descr:          QUASI
  21. country:        SC
  22. org:            ORG-QNL3-RIPE
  23. admin-c:        QNL1-RIPE
  24. tech-c:         QNL1-RIPE
  25. status:         ASSIGNED PA
  26. mnt-by:         QUASINETWORKS-MNT
  27. mnt-lower:      QUASINETWORKS-MNT
  28. mnt-routes:     QUASINETWORKS-MNT
  29. created:        2008-06-20T13:08:44Z
  30. last-modified:  2016-01-23T22:09:38Z
  31. source:         RIPE
  32.  
  33. organisation:   ORG-QNL3-RIPE
  34. org-name:       Quasi Networks LTD.
  35. org-type:       OTHER
  36. address:        Suite 1, Second Floor
  37. address:        Sound & Vision House, Francis Rachel Street
  38. address:        Victoria, Mahe, SEYCHELLES
  39. remarks:        *****************************************************************************
  40. remarks:        IMPORTANT INFORMATION
  41. remarks:        *****************************************************************************
  42. remarks:        We are a high bandwidth network provider offering bandwidth solutions.
  43. remarks:        Government agencies can sent their requests to gov.request@quasinetworks.com
  44. remarks:        Please only use abuse@quasinetworks.com for abuse reports.
  45. remarks:        For all other requests, please see the details on our website.
  46. remarks:        *****************************************************************************
  47. abuse-c:        AR34302-RIPE
  48. mnt-ref:        QUASINETWORKS-MNT
  49. mnt-by:         QUASINETWORKS-MNT
  50. created:        2015-11-08T22:25:26Z
  51. last-modified:  2017-10-30T14:35:39Z
  52. source:         RIPE # Filtered
  53.  
  54. role:           Acasia Networks Limited
  55. address:        VICTORIA
  56. address:        MAHE
  57. address:        SEYCHELLES
  58. remarks:        *****************************************************************************
  59. remarks:        IMPORTANT INFORMATION
  60. remarks:        *****************************************************************************
  61. remarks:        We are a high bandwidth network provider offering bandwidth solutions.
  62. remarks:        Government agencies can sent their requests to gov.request@quasinetworks.com
  63. remarks:        Please only use abuse@quasinetworks.com for abuse reports.
  64. remarks:        For all other requests, please see the details on our website.
  65. remarks:        *****************************************************************************
  66. abuse-mailbox:  abuse@quasinetworks.com
  67. nic-hdl:        QNL1-RIPE
  68. mnt-by:         QUASINETWORKS-MNT
  69. created:        2015-11-07T22:43:04Z
  70. last-modified:  2017-12-26T21:03:04Z
  71. source:         RIPE # Filtered
  72.  
  73. % Information related to '89.248.168.0/24as29073'
  74.  
  75. route:          89.248.168.0/24
  76. descr:          Quasi Networks LTD (IBC)
  77. origin:         as29073
  78. mnt-by:         QUASINETWORKS-MNT
  79. created:        2007-01-23T11:51:50Z
  80. last-modified:  2015-11-09T13:21:41Z
  81. source:         RIPE
  82.  
  83. % This query was served by the RIPE Database Query Service version 1.91.2 (HEREFORD)
  84.  
  85.  
  86.  
  87. Gathered Inic-whois information for nicklurapage.space
  88. ---------------------------------------------------------------------------------------------------------------------------------------
  89. Error: Unable to connect - Invalid Host
  90. ERROR: Connection to InicWhois Server space.whois-servers.net failed
  91. close error
  92.  
  93. Gathered Netcraft information for nicklurapage.space
  94. ---------------------------------------------------------------------------------------------------------------------------------------
  95.  
  96. Retrieving Netcraft.com information for nicklurapage.space
  97. Netcraft.com Information gathered
  98.  
  99. Gathered Subdomain information for nicklurapage.space
  100. --------------------------------------------------------------------------------------------------------------------------------------
  101. Searching Google.com:80...
  102. HostName:www.nicklurapage.space
  103. HostIP:89.248.168.69
  104. Searching Altavista.com:80...
  105. Found 1 possible subdomain(s) for host nicklurapage.space, Searched 0 pages containing 0 results
  106.  
  107. Gathered E-Mail information for nicklurapage.space
  108. --------------------------------------------------------------------------------------------------------------------------------------
  109. Searching Google.com:80...
  110. Searching Altavista.com:80...
  111. Found 0 E-Mail(s) for host nicklurapage.space, Searched 0 pages containing 0 results
  112.  
  113. Gathered TCP Port information for 89.248.168.69
  114. ---------------------------------------------------------------------------------------------------------------------------------------
  115.  
  116.  Port       State
  117.  
  118. 22/tcp      open
  119. 80/tcp      open
  120.  
  121. Portscan Finished: Scanned 150 ports, 141 ports were in state closed
  122. ######################################################################################################################################
  123. [i] Scanning Site: http://nicklurapage.space
  124.  
  125.  
  126.  
  127. B A S I C   I N F O
  128. =======================================================================================================================================
  129.  
  130.  
  131. [+] Site Title: Best NON NUDE SITE and MANY BIG ARCHIVE for your.
  132. [+] IP address: 89.248.168.69
  133. [+] Web Server: Apache/2.2.15 (CentOS)
  134. [+] CMS: Could Not Detect
  135. [+] Cloudflare: Not Detected
  136. [+] Robots File: Could NOT Find robots.txt!
  137.  
  138.  
  139.  
  140.  
  141. W H O I S   L O O K U P
  142. =======================================================================================================================================
  143.  
  144.     Domain Name: NICKLURAPAGE.SPACE
  145. Registry Domain ID: D57267668-CNIC
  146. Registrar WHOIS Server: whois.gandi.net
  147. Registrar URL: http://www.gandi.net/
  148. Updated Date: 2017-12-11T11:21:05.0Z
  149. Creation Date: 2017-12-06T11:15:02.0Z
  150. Registry Expiry Date: 2018-12-06T23:59:59.0Z
  151. Registrar: Gandi SAS
  152. Registrar IANA ID: 81
  153. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  154. Registry Registrant ID: C164637413-CNIC
  155. Registrant Name: Daren Wayes
  156. Registrant Organization:
  157. Registrant Street: Obfuscated whois Gandi-63-65 boulevard Massena
  158. Registrant City: Obfuscated whois Gandi-Paris
  159. Registrant State/Province: Paris
  160. Registrant Postal Code: 75013
  161. Registrant Country: FR
  162. Registrant Phone: +33.170377666
  163. Registrant Fax: +33.143730576
  164. Registrant Email: 06c41d749d2849f1a4659ff3128a1e32-7199903@contact.gandi.net
  165. Registry Admin ID: C164637413-CNIC
  166. Admin Name: Daren Wayes
  167. Admin Organization:
  168. Admin Street: Obfuscated whois Gandi-63-65 boulevard Massena
  169. Admin City: Obfuscated whois Gandi-Paris
  170. Admin State/Province: Paris
  171. Admin Postal Code: 75013
  172. Admin Country: FR
  173. Admin Phone: +33.170377666
  174. Admin Fax: +33.143730576
  175. Admin Email: 06c41d749d2849f1a4659ff3128a1e32-7199903@contact.gandi.net
  176. Registry Tech ID: C164637413-CNIC
  177. Tech Name: Daren Wayes
  178. Tech Organization:
  179. Tech Street: Obfuscated whois Gandi-63-65 boulevard Massena
  180. Tech City: Obfuscated whois Gandi-Paris
  181. Tech State/Province: Paris
  182. Tech Postal Code: 75013
  183. Tech Country: FR
  184. Tech Phone: +33.170377666
  185. Tech Fax: +33.143730576
  186. Tech Email: 06c41d749d2849f1a4659ff3128a1e32-7199903@contact.gandi.net
  187. Name Server: NS-44-A.GANDI.NET
  188. Name Server: NS-230-B.GANDI.NET
  189. Name Server: NS-7-C.GANDI.NET
  190. DNSSEC: unsigned
  191. Registry Billing ID: C164637413-CNIC
  192. Billing Name: Daren Wayes
  193. Billing Organization:
  194. Billing Street: Obfuscated whois Gandi-63-65 boulevard Massena
  195. Billing City: Obfuscated whois Gandi-Paris
  196. Billing State/Province: Paris
  197. Billing Postal Code: 75013
  198. Billing Country: FR
  199. Billing Phone: +33.170377666
  200. Billing Fax: +33.143730576
  201. Billing Email: 06c41d749d2849f1a4659ff3128a1e32-7199903@contact.gandi.net
  202. Registrar Abuse Contact Email: reg.ctlnic-tech@gandi.net
  203. Registrar Abuse Contact Phone: +33.170393740
  204. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  205. >>> Last update of WHOIS database: 2018-04-27T16:02:23.0Z <<<
  206.  
  207. For more information on Whois status codes, please visit https://icann.org/epp
  208.  
  209.  
  210. Access to the whois service is rate limited. For more information, please
  211. see https://registrar-console.centralnic.com/pub/whois_guidance.
  212.  
  213.  
  214.  
  215.  
  216.  
  217. G E O  I P  L O O K  U P
  218. =======================================================================================================================================
  219.  
  220. [i] IP Address: 89.248.168.69
  221. [i] Country: SC
  222. [i] State: N/A
  223. [i] City: N/A
  224. [i] Latitude: -4.583300
  225. [i] Longitude: 55.666698
  226.  
  227.  
  228.  
  229.  
  230. H T T P   H E A D E R S
  231. =======================================================================================================================================
  232.  
  233.  
  234. [i]  HTTP/1.1 200 OK
  235. [i]  Date: Fri, 27 Apr 2018 16:00:42 GMT
  236. [i]  Server: Apache/2.2.15 (CentOS)
  237. [i]  X-Powered-By: PHP/5.4.45
  238. [i]  Connection: close
  239. [i]  Content-Type: text/html; charset=UTF-8
  240.  
  241.  
  242.  
  243.  
  244. D N S   L O O K U P
  245. =======================================================================================================================================
  246.  
  247. ;; Truncated, retrying in TCP mode.
  248. nicklurapage.space. 10800   IN  A   89.248.168.69
  249. nicklurapage.space. 10800   IN  NS  ns-44-a.gandi.net.
  250. nicklurapage.space. 10800   IN  NS  ns-230-b.gandi.net.
  251. nicklurapage.space. 10800   IN  NS  ns-7-c.gandi.net.
  252. nicklurapage.space. 10800   IN  SOA ns1.gandi.net. hostmaster.gandi.net. 1524700800 10800 3600 604800 10800
  253. nicklurapage.space. 10800   IN  MX  50 fb.mail.gandi.net.
  254. nicklurapage.space. 10800   IN  MX  10 spool.mail.gandi.net.
  255. nicklurapage.space. 10800   IN  TXT "v=spf1 include:_mailcust.gandi.net ?all"
  256.  
  257.  
  258.  
  259.  
  260. S U B N E T   C A L C U L A T I O N
  261. ======================================================================================================================================
  262.  
  263. Address       = 89.248.168.69
  264. Network       = 89.248.168.69 / 32
  265. Netmask       = 255.255.255.255
  266. Broadcast     = not needed on Point-to-Point links
  267. Wildcard Mask = 0.0.0.0
  268. Hosts Bits    = 0
  269. Max. Hosts    = 1   (2^0 - 0)
  270. Host Range    = { 89.248.168.69 - 89.248.168.69 }
  271.  
  272.  
  273.  
  274. N M A P   P O R T   S C A N
  275. =======================================================================================================================================
  276.  
  277.  
  278. Starting Nmap 7.01 ( https://nmap.org ) at 2018-04-27 16:02 UTC
  279. Nmap scan report for nicklurapage.space (89.248.168.69)
  280. Host is up (0.082s latency).
  281. rDNS record for 89.248.168.69: no-reverse-dns-configured.com
  282. PORT     STATE  SERVICE       VERSION
  283. 21/tcp   closed ftp
  284. 22/tcp   open   ssh           OpenSSH 5.3 (protocol 2.0)
  285. 23/tcp   closed telnet
  286. 25/tcp   closed smtp
  287. 80/tcp   open   http          Apache httpd 2.2.15 ((CentOS))
  288. 110/tcp  closed pop3
  289. 143/tcp  closed imap
  290. 443/tcp  open   ssl/http      Apache httpd 2.2.15 ((CentOS))
  291. 445/tcp  closed microsoft-ds
  292. 3389/tcp closed ms-wbt-server
  293.  
  294. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  295. Nmap done: 1 IP address (1 host up) scanned in 13.50 seconds
  296. #######################################################################################################################################
  297. [!] IP Address : 89.248.168.69
  298. [!] Server: Apache/2.2.15 (CentOS)
  299. [!] Powered By: PHP/5.4.45
  300. [+] Clickjacking protection is not in place.
  301. [+] Operating System : CentOS
  302. [!] nicklurapage.space doesn't seem to use a CMS
  303. [+] Honeypot Probabilty: 0%
  304. -------------------------------------------------------------------------------------------------------------------------------------
  305. [~] Trying to gather whois information for nicklurapage.space
  306. [+] Whois information found
  307. [-] Unable to build response, visit https://who.is/whois/nicklurapage.space
  308. --------------------------------------------------------------------------------------------------------------------------------------
  309. PORT     STATE  SERVICE       VERSION
  310. 21/tcp   closed ftp
  311. 22/tcp   open   ssh           OpenSSH 5.3 (protocol 2.0)
  312. 23/tcp   closed telnet
  313. 25/tcp   closed smtp
  314. 80/tcp   open   http          Apache httpd 2.2.15 ((CentOS))
  315. 110/tcp  closed pop3
  316. 143/tcp  closed imap
  317. 443/tcp  open   ssl/http      Apache httpd 2.2.15 ((CentOS))
  318. 445/tcp  closed microsoft-ds
  319. 3389/tcp closed ms-wbt-server
  320. --------------------------------------------------------------------------------------------------------------------------------------
  321.  
  322. [+] DNS Records
  323. ns-44-a.gandi.net. (173.246.98.2) AS29169 GANDI SAS United States
  324. ns-230-b.gandi.net. (213.167.229.2) AS29169 GANDI SAS France
  325. ns-7-c.gandi.net. (217.70.179.2) AS29169 GANDI SAS France
  326.  
  327. [+] MX Records
  328. 50 (217.70.178.215) AS29169 GANDI SAS France
  329.  
  330. [+] MX Records
  331. 10 (217.70.178.1) AS29169 GANDI SAS France
  332.  
  333. [+] Host Records (A)
  334. nicklurapage.space (no-reverse-dns-configured.com) (89.248.168.69) AS29073 Quasi Networks LTD. Netherlands
  335.  
  336. [+] TXT Records
  337. "v=spf1 include:_mailcust.gandi.net ?all"
  338.  
  339. [+] DNS Map: https://dnsdumpster.com/static/map/nicklurapage.space.png
  340.  
  341. [>] Initiating 3 intel modules
  342. [>] Loading Alpha module (1/3)
  343. [>] Beta module deployed (2/3)
  344. [>] Gamma module initiated (3/3)
  345. No emails found
  346.  
  347. [+] Hosts found in search engines:
  348. --------------------------------------------------------------------------------------------------------------------------------------
  349. [-] Resolving hostnames IPs...
  350. 89.248.168.69:www.nicklurapage.space
  351. [+] Virtual hosts:
  352. ---------------------------------------------------------------------------------------------------------------------------------------
  353. 89.248.168.69   sugargallery.xyz
  354. [~] Crawling the target for fuzzable URLs
  355. ######################################################################################################################################
  356. Original*      nicklurapage.space       89.248.168.69 NS:ns-230-b.gandi.net MX:fb.mail.gandi.net
  357.  
  358. ######################################################################################################################################
  359. 173.246.98.2 - ns-44-a.gandi.net
  360. 217.70.179.2 - ns-7-c.gandi.net
  361. 213.167.229.2 - ns-230-b.gandi.net
  362. [-] Zone transfer failed
  363.  
  364. [+] TXT records found
  365. "v=spf1 include:_mailcust.gandi.net ?all"
  366.  
  367. [+] MX records found, added to target list
  368. 10 spool.mail.gandi.net.
  369. 50 fb.mail.gandi.net.
  370.  
  371. [*] Scanning nicklurapage.space for A records
  372. 89.248.168.69 - nicklurapage.space                        
  373. 217.70.185.74 - blog.nicklurapage.space                      
  374. 217.70.178.6 - webmail.nicklurapage.space                              
  375. 89.248.168.69 - www.nicklurapage.space                  
  376. #######################################################################################################################################
  377. Ip Address  Status  Type    Domain Name         Server
  378. ----------  ------  ----    -----------         ------
  379. 217.70.185.74   200     alias   blog.nicklurapage.space    
  380. 217.70.185.74   200 alias   blogs.vip.gandi.net    
  381. 217.70.185.74   200 host    blogs-users.vip.gandi.net  
  382. 217.70.178.6    301     alias   webmail.nicklurapage.space  Varnish
  383. 217.70.178.6    301 host    webmail.gandi.net       Varnish
  384. 89.248.168.69   200     host    www.nicklurapage.space      Apache/2.2.15 (C
  385. #######################################################################################################################################
  386. + Target IP:          89.248.168.69
  387. + Target Hostname:    nicklurapage.space
  388. + Target Port:        80
  389. + Start Time:         2018-04-27 13:10:16 (GMT-4)
  390. --------------------------------------------------------------------------------------------------------------------------------------
  391. + Server: Apache/2.2.15 (CentOS)
  392. + Retrieved x-powered-by header: PHP/5.4.45
  393. + The anti-clickjacking X-Frame-Options header is not present.
  394. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  395. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  396. + Apache/2.2.15 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.
  397. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  398. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
  399. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
  400. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  401. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  402. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
  403. + OSVDB-3268: /icons/: Directory indexing found.
  404. + Server leaks inodes via ETags, header found with file /icons/README, inode: 1714684, size: 5108, mtime: Tue Aug 28 06:48:10 2007
  405. + OSVDB-3233: /icons/README: Apache default file found.
  406.  
  407.  
  408. #######################################################################################################################################
  409. Scan date: 27-4-2018 13:10:44
  410. =====================================================================================================================================
  411. | Domain: http://nicklurapage.space/
  412. | Server: Apache/2.2.15 (CentOS)
  413. | IP: 89.248.168.69
  414. =======================================================================================================================================
  415. |
  416. | Directory check:
  417. | [+] CODE: 200 URL: http://nicklurapage.space/icons/
  418. ======================================================================================================================================
  419. |                                                                                                  
  420. | File check:
  421. | [+] CODE: 200 URL: http://nicklurapage.space/error/HTTP_NOT_FOUND.html.var
  422. | [+] CODE: 200 URL: http://nicklurapage.space/index.php
  423. ======================================================================================================================================
  424. |
  425. | Check robots.txt:
  426. |
  427. | Check sitemap.xml:
  428. ======================================================================================================================================
  429. |
  430. | Crawler Started:
  431. | Plugin name: E-mail Detection v.1.1 Loaded.
  432. | Plugin name: phpinfo() Disclosure v.1 Loaded.
  433. | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
  434. | Plugin name: FCKeditor upload test v.1 Loaded.
  435. | Plugin name: Upload Form Detect v.1.1 Loaded.
  436. | Plugin name: External Host Detect v.1.2 Loaded.
  437. | Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
  438. | Plugin name: Code Disclosure v.1.1 Loaded.
  439. | [+] Crawling finished, 15 URL's found!
  440. |
  441. | E-mails:
  442. | [+] E-mail Found: mike@hyperreal.org
  443. | [+] E-mail Found: kevinh@kevcom.com
  444. |
  445. | PHPinfo() Disclosure:
  446. |
  447. | Timthumb:
  448. |
  449. | FCKeditor File Upload:
  450. |
  451. | File Upload Forms:
  452. |
  453. | External hosts:
  454. | [+] External Host Found: http://httpd.apache.org
  455. | [+] External Host Found: http://code.jquery.com
  456. |
  457. | Web Backdoors:
  458. |
  459. | Source Code Disclosure:
  460. |
  461. | Ignored Files:
  462. =======================================================================================================================================
  463. | Dynamic tests:
  464. | Plugin name: Learning New Directories v.1.2 Loaded.
  465. | Plugin name: FCKedior tests v.1.1 Loaded.
  466. | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
  467. | Plugin name: Find Backup Files v.1.2 Loaded.
  468. | Plugin name: Blind SQL-injection tests v.1.3 Loaded.
  469. | Plugin name: Local File Include tests v.1.1 Loaded.
  470. | Plugin name: PHP CGI Argument Injection v.1.1 Loaded.
  471. | Plugin name: Remote Command Execution tests v.1.1 Loaded.
  472. | Plugin name: Remote File Include tests v.1.2 Loaded.
  473. | Plugin name: SQL-injection tests v.1.2 Loaded.
  474. | Plugin name: Cross-Site Scripting tests v.1.2 Loaded.
  475. | Plugin name: Web Shell Finder v.1.3 Loaded.
  476. | [+] 0 New directories added
  477. |                                                                                                  
  478. |                                                                                                  
  479. | FCKeditor tests:
  480. |                                                                                                  
  481. |                                                                                                  
  482. | Timthumb < 1.33 vulnerability:
  483. |                                                                                                  
  484. |                                                                                                  
  485. | Backup Files:
  486. |                                                                                                  
  487. |                                                                                                  
  488. | Blind SQL Injection:
  489. | [+] Vul [Blind SQL-i]: http://nicklurapage.space/ftt2/o.php?link=top&perm=200+AND+1=1    
  490. | [+] Keyword: NoNude
  491. #######################################################################################################################################
  492. Server:     10.211.254.254
  493. Address:    10.211.254.254#53
  494.  
  495. Non-authoritative answer:
  496. Name:   nicklurapage.space
  497. Address: 89.248.168.69
  498.  
  499. nicklurapage.space has address 89.248.168.69
  500. nicklurapage.space mail is handled by 10 spool.mail.gandi.net.
  501. nicklurapage.space mail is handled by 50 fb.mail.gandi.net.
  502. #######################################################################################################################################
  503.  
  504. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  505.  
  506. [+] Target is nicklurapage.space
  507. [+] Loading modules.
  508. [+] Following modules are loaded:
  509. [x] [1] ping:icmp_ping  -  ICMP echo discovery module
  510. [x] [2] ping:tcp_ping  -  TCP-based ping discovery module
  511. [x] [3] ping:udp_ping  -  UDP-based ping discovery module
  512. [x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
  513. [x] [5] infogather:portscan  -  TCP and UDP PortScanner
  514. [x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
  515. [x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
  516. [x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
  517. [x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
  518. [x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
  519. [x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
  520. [x] [12] fingerprint:smb  -  SMB fingerprinting module
  521. [x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
  522. [+] 13 modules registered
  523. [+] Initializing scan engine
  524. [+] Running scan engine
  525. [-] ping:tcp_ping module: no closed/open TCP ports known on 89.248.168.69. Module test failed
  526. [-] ping:udp_ping module: no closed/open UDP ports known on 89.248.168.69. Module test failed
  527. [-] No distance calculation. 89.248.168.69 appears to be dead or no ports known
  528. [+] Host: 89.248.168.69 is up (Guess probability: 50%)
  529. [+] Target: 89.248.168.69 is alive. Round-Trip Time: 0.49177 sec
  530. [+] Selected safe Round-Trip Time value is: 0.98355 sec
  531. [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
  532. [-] fingerprint:smb need either TCP port 139 or 445 to run
  533. [+] Primary guess:
  534. [+] Host 89.248.168.69 Running OS:  (Guess probability: 91%)
  535. [+] Other guesses:
  536. [+] Host 89.248.168.69 Running OS:  (Guess probability: 91%)
  537. [+] Host 89.248.168.69 Running OS:  (Guess probability: 91%)
  538. [+] Host 89.248.168.69 Running OS:  (Guess probability: 91%)
  539. [+] Host 89.248.168.69 Running OS:  (Guess probability: 91%)
  540. [+] Host 89.248.168.69 Running OS:  (Guess probability: 91%)
  541. [+] Host 89.248.168.69 Running OS:  (Guess probability: 91%)
  542. [+] Host 89.248.168.69 Running OS:  (Guess probability: 91%)
  543. [+] Host 89.248.168.69 Running OS:  (Guess probability: 91%)
  544. [+] Host 89.248.168.69 Running OS:  (Guess probability: 91%)
  545. [+] Cleaning up scan engine
  546. [+] Modules deinitialized
  547. [+] Execution completed.
  548. #######################################################################################################################################
  549. Domain Name: NICKLURAPAGE.SPACE
  550. Registry Domain ID: D57267668-CNIC
  551. Registrar WHOIS Server: whois.gandi.net
  552. Registrar URL: http://www.gandi.net/
  553. Updated Date: 2017-12-11T11:21:05.0Z
  554. Creation Date: 2017-12-06T11:15:02.0Z
  555. Registry Expiry Date: 2018-12-06T23:59:59.0Z
  556. Registrar: Gandi SAS
  557. Registrar IANA ID: 81
  558. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  559. Registry Registrant ID: C164637413-CNIC
  560. Registrant Name: Daren Wayes
  561. Registrant Organization:
  562. Registrant Street: Obfuscated whois Gandi-63-65 boulevard Massena
  563. Registrant City: Obfuscated whois Gandi-Paris
  564. Registrant State/Province: Paris
  565. Registrant Postal Code: 75013
  566. Registrant Country: FR
  567. Registrant Phone: +33.170377666
  568. Registrant Fax: +33.143730576
  569. Registrant Email: 06c41d749d2849f1a4659ff3128a1e32-7199903@contact.gandi.net
  570. Registry Admin ID: C164637413-CNIC
  571. Admin Name: Daren Wayes
  572. Admin Organization:
  573. Admin Street: Obfuscated whois Gandi-63-65 boulevard Massena
  574. Admin City: Obfuscated whois Gandi-Paris
  575. Admin State/Province: Paris
  576. Admin Postal Code: 75013
  577. Admin Country: FR
  578. Admin Phone: +33.170377666
  579. Admin Fax: +33.143730576
  580. Admin Email: 06c41d749d2849f1a4659ff3128a1e32-7199903@contact.gandi.net
  581. Registry Tech ID: C164637413-CNIC
  582. Tech Name: Daren Wayes
  583. Tech Organization:
  584. Tech Street: Obfuscated whois Gandi-63-65 boulevard Massena
  585. Tech City: Obfuscated whois Gandi-Paris
  586. Tech State/Province: Paris
  587. Tech Postal Code: 75013
  588. Tech Country: FR
  589. Tech Phone: +33.170377666
  590. Tech Fax: +33.143730576
  591. Tech Email: 06c41d749d2849f1a4659ff3128a1e32-7199903@contact.gandi.net
  592. Name Server: NS-44-A.GANDI.NET
  593. Name Server: NS-230-B.GANDI.NET
  594. Name Server: NS-7-C.GANDI.NET
  595. DNSSEC: unsigned
  596. Registry Billing ID: C164637413-CNIC
  597. Billing Name: Daren Wayes
  598. Billing Organization:
  599. Billing Street: Obfuscated whois Gandi-63-65 boulevard Massena
  600. Billing City: Obfuscated whois Gandi-Paris
  601. Billing State/Province: Paris
  602. Billing Postal Code: 75013
  603. Billing Country: FR
  604. Billing Phone: +33.170377666
  605. Billing Fax: +33.143730576
  606. Billing Email: 06c41d749d2849f1a4659ff3128a1e32-7199903@contact.gandi.net
  607. Registrar Abuse Contact Email: reg.ctlnic-tech@gandi.net
  608. Registrar Abuse Contact Phone: +33.170393740
  609. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  610. >>> Last update of WHOIS database: 2018-04-27T17:11:20.0Z <<<
  611.  
  612. For more information on Whois status codes, please visit https://icann.org/epp
  613.  
  614. This whois service is provided by CentralNic Ltd and only contains
  615. information pertaining to Internet domain names registered by our
  616. our customers. By using this service you are agreeing (1) not to use any
  617. information presented here for any purpose other than determining
  618. ownership of domain names, (2) not to store or reproduce this data in
  619. any way, (3) not to use any high-volume, automated, electronic processes
  620. to obtain data from this service. Abuse of this service is monitored and
  621. actions in contravention of these terms will result in being permanently
  622. blacklisted. All data is (c) CentralNic Ltd https://www.centralnic.com/
  623.  
  624. Access to the whois service is rate limited. For more information, please
  625. see https://registrar-console.centralnic.com/pub/whois_guidance.
  626. #######################################################################################################################################
  627.  
  628. ; <<>> DiG 9.11.3-1-Debian <<>> -x nicklurapage.space
  629. ;; global options: +cmd
  630. ;; Got answer:
  631. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7836
  632. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  633.  
  634. ;; OPT PSEUDOSECTION:
  635. ; EDNS: version: 0, flags:; udp: 4096
  636. ;; QUESTION SECTION:
  637. ;space.nicklurapage.in-addr.arpa. IN    PTR
  638.  
  639. ;; AUTHORITY SECTION:
  640. in-addr.arpa.       300 IN  SOA b.in-addr-servers.arpa. nstld.iana.org. 2018013359 1800 900 604800 3600
  641.  
  642. ;; Query time: 198 msec
  643. ;; SERVER: 10.211.254.254#53(10.211.254.254)
  644. ;; WHEN: Fri Apr 27 13:11:20 EDT 2018
  645. ;; MSG SIZE  rcvd: 128
  646.  
  647. dnsenum VERSION:1.2.4
  648.  
  649. -----   nicklurapage.space   -----
  650.  
  651.  
  652. Host's addresses:
  653. __________________
  654.  
  655. nicklurapage.space.                      4601     IN    A        89.248.168.69
  656.  
  657.  
  658. Name Servers:
  659. ______________
  660.  
  661. ns-230-b.gandi.net.                      2065     IN    A        213.167.229.2
  662. ns-44-a.gandi.net.                       22691    IN    A        173.246.98.2
  663. ns-7-c.gandi.net.                        43163    IN    A        217.70.179.2
  664.  
  665.  
  666. Mail (MX) Servers:
  667. ___________________
  668.  
  669. fb.mail.gandi.net.                       60       IN    A        217.70.178.217
  670. fb.mail.gandi.net.                       60       IN    A        217.70.178.216
  671. fb.mail.gandi.net.                       60       IN    A        217.70.178.215
  672. spool.mail.gandi.net.                    60       IN    A        217.70.178.1
  673.  
  674.  
  675. Trying Zone Transfers and getting Bind Versions:
  676. _________________________________________________
  677.  
  678.  
  679. Trying Zone Transfer for nicklurapage.space on ns-44-a.gandi.net ...
  680.  
  681. Trying Zone Transfer for nicklurapage.space on ns-230-b.gandi.net ...
  682.  
  683. Trying Zone Transfer for nicklurapage.space on ns-7-c.gandi.net ...
  684.  
  685. brute force file not specified, bay.
  686. #######################################################################################################################################
  687.                  ____        _     _ _     _   _____
  688.                 / ___| _   _| |__ | (_)___| |_|___ / _ __
  689.                 \___ \| | | | '_ \| | / __| __| |_ \| '__|
  690.                  ___) | |_| | |_) | | \__ \ |_ ___) | |
  691.                 |____/ \__,_|_.__/|_|_|___/\__|____/|_|
  692.  
  693.                 # Coded By Ahmed Aboul-Ela - @aboul3la
  694.    
  695. [-] Enumerating subdomains now for nicklurapage.space
  696. [-] verbosity is enabled, will show the subdomains results in realtime
  697. [-] Searching now in Baidu..
  698. [-] Searching now in Yahoo..
  699. [-] Searching now in Google..
  700. [-] Searching now in Bing..
  701. [-] Searching now in Ask..
  702. [-] Searching now in Netcraft..
  703. [-] Searching now in DNSdumpster..
  704. [-] Searching now in Virustotal..
  705. [-] Searching now in ThreatCrowd..
  706. [-] Searching now in SSL Certificates..
  707. [-] Searching now in PassiveDNS..
  708. Virustotal: www.nicklurapage.space
  709. [-] Saving results to file: /usr/share/sniper/loot/nicklurapage.space/domains/domains-nicklurapage.space.txt
  710. [-] Total Unique Subdomains Found: 1
  711. www.nicklurapage.space
  712.  
  713. #######################################################################################################################################
  714.                            __
  715.   ____ _____ ___  ______ _/ /_____  ____  ___
  716.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  717. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  718. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  719.         /_/  discover v0.5.0 - by @michenriksen
  720.  
  721. Identifying nameservers for nicklurapage.space... Done
  722. Using nameservers:
  723.  
  724.  - 173.246.98.2
  725.  - 213.167.229.2
  726.  - 217.70.179.2
  727.  
  728. Checking for wildcard DNS... Done
  729.  
  730. Running collector: HackerTarget... Done (1 host)
  731. Running collector: Shodan... Skipped
  732.  -> Key 'shodan' has not been set
  733. Running collector: Wayback Machine... Done (1 host)
  734. Running collector: Riddler... Skipped
  735.  -> Key 'riddler_username' has not been set
  736. Running collector: Google Transparency Report... Done (0 hosts)
  737. Running collector: Certificate Search... Done (0 hosts)
  738. Running collector: PTRArchive... Error
  739.  -> PTRArchive returned unexpected response code: 502
  740. Running collector: Censys... Skipped
  741.  -> Key 'censys_secret' has not been set
  742. Running collector: PassiveTotal... Skipped
  743.  -> Key 'passivetotal_key' has not been set
  744. Running collector: VirusTotal... Skipped
  745.  -> Key 'virustotal' has not been set
  746. Running collector: Netcraft... Done (0 hosts)
  747. Running collector: Threat Crowd... Done (0 hosts)
  748. Running collector: Dictionary... Done (26 hosts)
  749. Running collector: PublicWWW... Done (0 hosts)
  750. Running collector: DNSDB... Done (1 host)
  751.  
  752. Resolving 28 unique hosts...
  753. 89.248.168.69   .nicklurapage.space
  754. 89.248.168.69   nicklurapage.space
  755. 89.248.168.69   www.nicklurapage.space
  756.  
  757. Found subnets:
  758.  
  759.  - 89.248.168.0-255  : 3 hosts
  760.  
  761. Wrote 3 hosts to:
  762.  
  763.  - file:///root/aquatone/nicklurapage.space/hosts.txt
  764.  - file:///root/aquatone/nicklurapage.space/hosts.json
  765.                            __
  766.   ____ _____ ___  ______ _/ /_____  ____  ___
  767.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  768. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  769. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  770.         /_/  takeover v0.5.0 - by @michenriksen
  771.  
  772. Loaded 3 hosts from /root/aquatone/nicklurapage.space/hosts.json
  773. Loaded 25 domain takeover detectors
  774.  
  775. Identifying nameservers for nicklurapage.space... Done
  776. Using nameservers:
  777.  
  778.  - 173.246.98.2
  779.  - 213.167.229.2
  780.  - 217.70.179.2
  781.  
  782. Checking hosts for domain takeover vulnerabilities...
  783.  
  784. Finished checking hosts:
  785.  
  786.  - Vulnerable     : 0
  787.  - Not Vulnerable : 3
  788.  
  789. Wrote 0 potential subdomain takeovers to:
  790.  
  791.  - file:///root/aquatone/nicklurapage.space/takeovers.json
  792.  
  793.                            __
  794.   ____ _____ ___  ______ _/ /_____  ____  ___
  795.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  796. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  797. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  798.         /_/  scan v0.5.0 - by @michenriksen
  799.  
  800. Loaded 3 hosts from /root/aquatone/nicklurapage.space/hosts.json
  801.  
  802. Probing 2 ports...
  803. 80/tcp    89.248.168.69   .nicklurapage.space, nicklurapage.space, www.nicklurapage.space
  804. 443/tcp   89.248.168.69   .nicklurapage.space, nicklurapage.space, www.nicklurapage.space
  805.  
  806. Wrote open ports to file:///root/aquatone/nicklurapage.space/open_ports.txt
  807. Wrote URLs to file:///root/aquatone/nicklurapage.space/urls.txt
  808.                            __
  809.   ____ _____ ___  ______ _/ /_____  ____  ___
  810.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  811. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  812. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  813.         /_/  gather v0.5.0 - by @michenriksen
  814.  
  815. Processing 6 pages...
  816. Processed: http://89.248.168.69/ (.nicklurapage.space) - 403 Forbidden
  817. Processed: https://89.248.168.69/ (.nicklurapage.space) - 403 Forbidden
  818. Processed: https://89.248.168.69/ (nicklurapage.space) - 403 Forbidden
  819. Processed: https://89.248.168.69/ (www.nicklurapage.space) - 403 Forbidden
  820.    Failed: http://89.248.168.69/ (nicklurapage.space) - Timeout
  821.    Failed: http://89.248.168.69/ (www.nicklurapage.space) - Timeout
  822.  
  823. Finished processing pages:
  824.  
  825.  - Successful : 4
  826.  - Failed     : 2
  827. #######################################################################################################################################
  828. Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-27 13:14 EDT
  829. Nmap scan report for nicklurapage.space (89.248.168.69)
  830. Host is up (0.24s latency).
  831. rDNS record for 89.248.168.69: no-reverse-dns-configured.com
  832. Not shown: 465 closed ports, 6 filtered ports
  833. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  834. PORT     STATE SERVICE
  835. 22/tcp   open  ssh
  836. 80/tcp   open  http
  837. 443/tcp  open  https
  838. 2222/tcp open  EtherNetIP-1
  839. 3306/tcp open  mysql
  840.  
  841. Nmap done: 1 IP address (1 host up) scanned in 3.67 seconds
  842. #######################################################################################################################################
  843. Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-27 13:14 EDT
  844. Nmap scan report for nicklurapage.space (89.248.168.69)
  845. Host is up.
  846. rDNS record for 89.248.168.69: no-reverse-dns-configured.com
  847.  
  848. PORT     STATE         SERVICE
  849. 53/udp   open|filtered domain
  850. 67/udp   open|filtered dhcps
  851. 68/udp   open|filtered dhcpc
  852. 69/udp   open|filtered tftp
  853. 88/udp   open|filtered kerberos-sec
  854. 123/udp  open|filtered ntp
  855. 137/udp  open|filtered netbios-ns
  856. 138/udp  open|filtered netbios-dgm
  857. 139/udp  open|filtered netbios-ssn
  858. 161/udp  open|filtered snmp
  859. 162/udp  open|filtered snmptrap
  860. 389/udp  open|filtered ldap
  861. 520/udp  open|filtered route
  862. 2049/udp open|filtered nfs
  863.  
  864. Nmap done: 1 IP address (1 host up) scanned in 3.25 seconds
  865. #######################################################################################################################################
  866.  + -- --=[Port 21 closed... skipping.
  867.  + -- --=[Port 22 opened... running tests...
  868. # general
  869. (gen) banner: SSH-2.0-OpenSSH_5.3
  870. (gen) software: OpenSSH 5.3
  871. (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
  872. (gen) compression: enabled (zlib@openssh.com)
  873.  
  874. # key exchange algorithms
  875. (kex) diffie-hellman-group-exchange-sha256  -- [warn] using custom size modulus (possibly weak)
  876.                                             `- [info] available since OpenSSH 4.4
  877. (kex) diffie-hellman-group-exchange-sha1    -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  878.                                             `- [warn] using weak hashing algorithm
  879.                                             `- [info] available since OpenSSH 2.3.0
  880. (kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm
  881.                                             `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  882. (kex) diffie-hellman-group1-sha1            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  883.                                             `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
  884.                                             `- [warn] using small 1024-bit modulus
  885.                                             `- [warn] using weak hashing algorithm
  886.                                             `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  887.  
  888. # host-key algorithms
  889. (key) ssh-rsa                               -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  890. (key) ssh-dss                               -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
  891.                                             `- [warn] using small 1024-bit modulus
  892.                                             `- [warn] using weak random number generator could reveal the key
  893.                                             `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  894.  
  895. # encryption algorithms (ciphers)
  896. (enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  897. (enc) aes192-ctr                            -- [info] available since OpenSSH 3.7
  898. (enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  899. (enc) arcfour256                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  900.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  901.                                             `- [warn] using weak cipher
  902.                                             `- [info] available since OpenSSH 4.2
  903. (enc) arcfour128                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  904.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  905.                                             `- [warn] using weak cipher
  906.                                             `- [info] available since OpenSSH 4.2
  907. (enc) aes128-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  908.                                             `- [warn] using weak cipher mode
  909.                                             `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  910. (enc) 3des-cbc                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  911.                                             `- [warn] using weak cipher
  912.                                             `- [warn] using weak cipher mode
  913.                                             `- [warn] using small 64-bit block size
  914.                                             `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  915. (enc) blowfish-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  916.                                             `- [fail] disabled since Dropbear SSH 0.53
  917.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  918.                                             `- [warn] using weak cipher mode
  919.                                             `- [warn] using small 64-bit block size
  920.                                             `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  921. (enc) cast128-cbc                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  922.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  923.                                             `- [warn] using weak cipher mode
  924.                                             `- [warn] using small 64-bit block size
  925.                                             `- [info] available since OpenSSH 2.1.0
  926. (enc) aes192-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  927.                                             `- [warn] using weak cipher mode
  928.                                             `- [info] available since OpenSSH 2.3.0
  929. (enc) aes256-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  930.                                             `- [warn] using weak cipher mode
  931.                                             `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
  932. (enc) arcfour                               -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  933.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  934.                                             `- [warn] using weak cipher
  935.                                             `- [info] available since OpenSSH 2.1.0
  936. (enc) rijndael-cbc@lysator.liu.se           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  937.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  938.                                             `- [warn] using weak cipher mode
  939.                                             `- [info] available since OpenSSH 2.3.0
  940.  
  941. # message authentication code algorithms
  942. (mac) hmac-md5                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  943.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  944.                                             `- [warn] using encrypt-and-MAC mode
  945.                                             `- [warn] using weak hashing algorithm
  946.                                             `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  947. (mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode
  948.                                             `- [warn] using weak hashing algorithm
  949.                                             `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  950. (mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode
  951.                                             `- [warn] using small 64-bit tag size
  952.                                             `- [info] available since OpenSSH 4.7
  953. (mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode
  954.                                             `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  955. (mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode
  956.                                             `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  957. (mac) hmac-ripemd160                        -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  958.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  959.                                             `- [warn] using encrypt-and-MAC mode
  960.                                             `- [info] available since OpenSSH 2.5.0
  961. (mac) hmac-ripemd160@openssh.com            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  962.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  963.                                             `- [warn] using encrypt-and-MAC mode
  964.                                             `- [info] available since OpenSSH 2.1.0
  965. (mac) hmac-sha1-96                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  966.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  967.                                             `- [warn] using encrypt-and-MAC mode
  968.                                             `- [warn] using weak hashing algorithm
  969.                                             `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
  970. (mac) hmac-md5-96                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  971.                                             `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  972.                                             `- [warn] using encrypt-and-MAC mode
  973.                                             `- [warn] using weak hashing algorithm
  974.                                             `- [info] available since OpenSSH 2.5.0
  975.  
  976. # algorithm recommendations (for OpenSSH 5.3)
  977. (rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove
  978. (rec) -diffie-hellman-group1-sha1           -- kex algorithm to remove
  979. (rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove
  980. (rec) -ssh-dss                              -- key algorithm to remove
  981. (rec) -arcfour                              -- enc algorithm to remove
  982. (rec) -rijndael-cbc@lysator.liu.se          -- enc algorithm to remove
  983. (rec) -blowfish-cbc                         -- enc algorithm to remove
  984. (rec) -3des-cbc                             -- enc algorithm to remove
  985. (rec) -aes256-cbc                           -- enc algorithm to remove
  986. (rec) -arcfour256                           -- enc algorithm to remove
  987. (rec) -cast128-cbc                          -- enc algorithm to remove
  988. (rec) -aes192-cbc                           -- enc algorithm to remove
  989. (rec) -arcfour128                           -- enc algorithm to remove
  990. (rec) -aes128-cbc                           -- enc algorithm to remove
  991. (rec) -hmac-md5-96                          -- mac algorithm to remove
  992. (rec) -hmac-ripemd160                       -- mac algorithm to remove
  993. (rec) -hmac-sha1-96                         -- mac algorithm to remove
  994. (rec) -umac-64@openssh.com                  -- mac algorithm to remove
  995. (rec) -hmac-md5                             -- mac algorithm to remove
  996. (rec) -hmac-ripemd160@openssh.com           -- mac algorithm to remove
  997. (rec) -hmac-sha1                            -- mac algorithm to remove
  998.  
  999. Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-27 13:14 EDT
  1000. NSE: [ssh-run] Failed to specify credentials and command to run.
  1001. NSE: [ssh-brute] Trying username/password pair: root:root
  1002. NSE: [ssh-brute] Trying username/password pair: admin:admin
  1003. NSE: [ssh-brute] Trying username/password pair: administrator:administrator
  1004. NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
  1005. NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
  1006. NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
  1007. NSE: [ssh-brute] Trying username/password pair: guest:guest
  1008. NSE: [ssh-brute] Trying username/password pair: user:user
  1009. NSE: [ssh-brute] Trying username/password pair: web:web
  1010. NSE: [ssh-brute] Trying username/password pair: test:test
  1011. NSE: [ssh-brute] Trying username/password pair: root:
  1012. NSE: [ssh-brute] Trying username/password pair: admin:
  1013. NSE: [ssh-brute] Trying username/password pair: administrator:
  1014. NSE: [ssh-brute] Trying username/password pair: webadmin:
  1015. NSE: [ssh-brute] Trying username/password pair: sysadmin:
  1016. NSE: [ssh-brute] Trying username/password pair: netadmin:
  1017. NSE: [ssh-brute] Trying username/password pair: guest:
  1018. NSE: [ssh-brute] Trying username/password pair: user:
  1019. NSE: [ssh-brute] Trying username/password pair: web:
  1020. NSE: [ssh-brute] Trying username/password pair: test:
  1021. NSE: [ssh-brute] Trying username/password pair: root:123456
  1022. NSE: [ssh-brute] Trying username/password pair: admin:123456
  1023. NSE: [ssh-brute] Trying username/password pair: administrator:123456
  1024. NSE: [ssh-brute] Trying username/password pair: webadmin:123456
  1025. NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
  1026. NSE: [ssh-brute] Trying username/password pair: netadmin:123456
  1027. NSE: [ssh-brute] Trying username/password pair: guest:123456
  1028. NSE: [ssh-brute] Trying username/password pair: user:123456
  1029. NSE: [ssh-brute] Trying username/password pair: web:123456
  1030. NSE: [ssh-brute] Trying username/password pair: test:123456
  1031. NSE: [ssh-brute] Trying username/password pair: root:12345
  1032. NSE: [ssh-brute] Trying username/password pair: admin:12345
  1033. NSE: [ssh-brute] Trying username/password pair: administrator:12345
  1034. NSE: [ssh-brute] Trying username/password pair: webadmin:12345
  1035. NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
  1036. NSE: [ssh-brute] Trying username/password pair: netadmin:12345
  1037. NSE: [ssh-brute] Trying username/password pair: guest:12345
  1038. NSE: [ssh-brute] Trying username/password pair: user:12345
  1039. NSE: [ssh-brute] Trying username/password pair: web:12345
  1040. NSE: [ssh-brute] Trying username/password pair: test:12345
  1041. NSE: [ssh-brute] Trying username/password pair: root:123456789
  1042. NSE: [ssh-brute] Trying username/password pair: admin:123456789
  1043. NSE: [ssh-brute] Trying username/password pair: administrator:123456789
  1044. NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
  1045. NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
  1046. NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
  1047. NSE: [ssh-brute] Trying username/password pair: guest:123456789
  1048. NSE: [ssh-brute] Trying username/password pair: user:123456789
  1049. NSE: [ssh-brute] Trying username/password pair: web:123456789
  1050. NSE: [ssh-brute] Trying username/password pair: test:123456789
  1051. NSE: [ssh-brute] Trying username/password pair: root:password
  1052. NSE: [ssh-brute] Trying username/password pair: admin:password
  1053. NSE: [ssh-brute] Trying username/password pair: administrator:password
  1054. NSE: [ssh-brute] Trying username/password pair: webadmin:password
  1055. NSE: [ssh-brute] Trying username/password pair: sysadmin:password
  1056. NSE: [ssh-brute] Trying username/password pair: netadmin:password
  1057. NSE: [ssh-brute] Trying username/password pair: guest:password
  1058. NSE: [ssh-brute] Trying username/password pair: user:password
  1059. NSE: [ssh-brute] Trying username/password pair: web:password
  1060. NSE: [ssh-brute] Trying username/password pair: test:password
  1061. NSE: [ssh-brute] Trying username/password pair: root:iloveyou
  1062. NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
  1063. NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
  1064. NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
  1065. NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
  1066. NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
  1067. NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
  1068. NSE: [ssh-brute] Trying username/password pair: user:iloveyou
  1069. NSE: [ssh-brute] Trying username/password pair: web:iloveyou
  1070. NSE: [ssh-brute] Trying username/password pair: test:iloveyou
  1071. NSE: [ssh-brute] Trying username/password pair: root:princess
  1072. NSE: [ssh-brute] Trying username/password pair: admin:princess
  1073. NSE: [ssh-brute] Trying username/password pair: administrator:princess
  1074. NSE: [ssh-brute] Trying username/password pair: webadmin:princess
  1075. NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
  1076. NSE: [ssh-brute] Trying username/password pair: netadmin:princess
  1077. NSE: [ssh-brute] Trying username/password pair: guest:princess
  1078. NSE: [ssh-brute] Trying username/password pair: user:princess
  1079. NSE: [ssh-brute] Trying username/password pair: web:princess
  1080. NSE: [ssh-brute] Trying username/password pair: test:princess
  1081. NSE: [ssh-brute] Trying username/password pair: root:12345678
  1082. NSE: [ssh-brute] Trying username/password pair: admin:12345678
  1083. NSE: [ssh-brute] Trying username/password pair: administrator:12345678
  1084. NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
  1085. NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
  1086. NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
  1087. NSE: [ssh-brute] Trying username/password pair: guest:12345678
  1088. NSE: [ssh-brute] Trying username/password pair: user:12345678
  1089. NSE: [ssh-brute] Trying username/password pair: web:12345678
  1090. NSE: [ssh-brute] Trying username/password pair: test:12345678
  1091. NSE: [ssh-brute] Trying username/password pair: root:1234567
  1092. NSE: [ssh-brute] Trying username/password pair: admin:1234567
  1093. NSE: [ssh-brute] Trying username/password pair: administrator:1234567
  1094. NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
  1095. NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
  1096. NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
  1097. NSE: [ssh-brute] Trying username/password pair: guest:1234567
  1098. NSE: [ssh-brute] Trying username/password pair: user:1234567
  1099. NSE: [ssh-brute] Trying username/password pair: web:1234567
  1100. NSE: [ssh-brute] Trying username/password pair: test:1234567
  1101. Nmap scan report for nicklurapage.space (89.248.168.69)
  1102. Host is up (0.22s latency).
  1103. rDNS record for 89.248.168.69: no-reverse-dns-configured.com
  1104.  
  1105. PORT   STATE SERVICE VERSION
  1106. 22/tcp open  ssh     OpenSSH 5.3 (protocol 2.0)
  1107. | ssh-auth-methods:
  1108. |   Supported authentication methods:
  1109. |     publickey
  1110. |     gssapi-keyex
  1111. |     gssapi-with-mic
  1112. |_    password
  1113. | ssh-brute:
  1114. |   Accounts: No valid accounts found
  1115. |_  Statistics: Performed 100 guesses in 182 seconds, average tps: 0.4
  1116. | ssh-hostkey:
  1117. |   1024 6d:b4:ee:a3:eb:d7:b2:5f:40:30:6e:5e:8f:22:14:59 (DSA)
  1118. |_  2048 e8:30:71:de:ef:61:6d:13:59:c2:22:1e:52:52:5e:78 (RSA)
  1119. | ssh-publickey-acceptance:
  1120. |_  Accepted Public Keys: No public keys accepted
  1121. |_ssh-run: Failed to specify credentials and command to run.
  1122. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1123. Device type: WAP|general purpose|printer
  1124. Running (JUST GUESSING): D-Link embedded (98%), TRENDnet embedded (98%), Linux 2.6.X (93%), HP embedded (88%)
  1125. OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp cpe:/o:linux:linux_kernel:2.6
  1126. Aggressive OS guesses: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP (98%), Linux 2.6.18 - 2.6.22 (93%), Linux 2.6.18 (89%), HP PSC 2400-series Photosmart printer (88%)
  1127. No exact OS matches for host (test conditions non-ideal).
  1128. Network Distance: 1 hop
  1129.  
  1130. TRACEROUTE (using port 22/tcp)
  1131. HOP RTT       ADDRESS
  1132. 1   223.22 ms no-reverse-dns-configured.com (89.248.168.69)
  1133.  
  1134. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1135. Nmap done: 1 IP address (1 host up) scanned in 192.03 seconds
  1136.  
  1137.          .                                         .
  1138.  .
  1139.  
  1140.       dBBBBBBb  dBBBP dBBBBBBP dBBBBBb  .                       o
  1141.        '   dB'                     BBP
  1142.     dB'dB'dB' dBBP     dBP     dBP BB
  1143.    dB'dB'dB' dBP      dBP     dBP  BB
  1144.   dB'dB'dB' dBBBBP   dBP     dBBBBBBB
  1145.  
  1146.                                    dBBBBBP  dBBBBBb  dBP    dBBBBP dBP dBBBBBBP
  1147.           .                  .                  dB' dBP    dB'.BP
  1148.                              |       dBP    dBBBB' dBP    dB'.BP dBP    dBP
  1149.                            --o--    dBP    dBP    dBP    dB'.BP dBP    dBP
  1150.                              |     dBBBBP dBP    dBBBBP dBBBBP dBP    dBP
  1151.  
  1152.                                                                     .
  1153.                 .
  1154.         o                  To boldly go where no
  1155.                             shell has gone before
  1156.  
  1157.  
  1158.        =[ metasploit v4.16.51-dev                         ]
  1159. + -- --=[ 1751 exploits - 1005 auxiliary - 305 post       ]
  1160. + -- --=[ 536 payloads - 40 encoders - 10 nops            ]
  1161. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  1162.  
  1163. USER_FILE => /BruteX/wordlists/simple-users.txt
  1164. RHOSTS => nicklurapage.space
  1165. [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
  1166. RHOST => nicklurapage.space
  1167. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
  1168. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
  1169. [*] nicklurapage.space:22 - Scanned 1 of 1 hosts (100% complete)
  1170. [*] Auxiliary module execution completed
  1171.  + -- --=[Port 23 closed... skipping.
  1172.  + -- --=[Port 25 closed... skipping.
  1173.  + -- --=[Port 53 closed... skipping.
  1174.  + -- --=[Port 67 closed... skipping.
  1175.  + -- --=[Port 68 closed... skipping.
  1176.  + -- --=[Port 69 closed... skipping.
  1177.  + -- --=[Port 79 closed... skipping.
  1178.  + -- --=[Port 80 opened... running tests...
  1179. #######################################################################################################################################
  1180.  
  1181.     __  ______ _____
  1182.     \ \/ / ___|_   _|
  1183.      \  /\___ \ | |  
  1184.      /  \ ___) || |  
  1185.     /_/\_|____/ |_|  
  1186.  
  1187. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  1188. + -- --=[Target: nicklurapage.space:80
  1189. + -- --=[Site not vulnerable to Cross-Site Tracing!
  1190. + -- --=[Site not vulnerable to Host Header Injection!
  1191. + -- --=[Site vulnerable to Cross-Frame Scripting!
  1192. + -- --=[Site vulnerable to Clickjacking!
  1193.  
  1194. HTTP/1.1 400 Bad Request
  1195. Date: Fri, 27 Apr 2018 17:16:20 GMT
  1196. Server: Apache/2.2.15 (CentOS)
  1197. Content-Length: 310
  1198. Connection: close
  1199. Content-Type: text/html; charset=iso-8859-1
  1200.  
  1201. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1202. <html><head>
  1203. <title>400 Bad Request</title>
  1204. </head><body>
  1205. <h1>Bad Request</h1>
  1206. <p>Your browser sent a request that this server could not understand.<br />
  1207. </p>
  1208. <hr>
  1209. <address>Apache/2.2.15 (CentOS) Server at nnparadiseworld.pw Port 80</address>
  1210. </body></html>
  1211.  
  1212. HTTP/1.1 400 Bad Request
  1213. Date: Fri, 27 Apr 2018 17:16:21 GMT
  1214. Server: Apache/2.2.15 (CentOS)
  1215. Content-Length: 310
  1216. Connection: close
  1217. Content-Type: text/html; charset=iso-8859-1
  1218.  
  1219. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1220. <html><head>
  1221. <title>400 Bad Request</title>
  1222. </head><body>
  1223. <h1>Bad Request</h1>
  1224. <p>Your browser sent a request that this server could not understand.<br />
  1225. </p>
  1226. <hr>
  1227. <address>Apache/2.2.15 (CentOS) Server at nnparadiseworld.pw Port 80</address>
  1228. </body></html>
  1229. #######################################################################################################################################
  1230. + -- --=[Checking if X-Content options are enabled on nicklurapage.space...
  1231.  
  1232. + -- --=[Checking if X-Frame options are enabled on nicklurapage.space...
  1233.  
  1234. + -- --=[Checking if X-XSS-Protection header is enabled on nicklurapage.space...
  1235.  
  1236. + -- --=[Checking HTTP methods on nicklurapage.space...
  1237.  
  1238. + -- --=[Checking if TRACE method is enabled on nicklurapage.space...
  1239.  
  1240. + -- --=[Checking for META tags on nicklurapage.space...
  1241.       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  1242.       <meta name="RATING" content="RTA">
  1243.       <meta name="DESCRIPTION" content="The best child collection young models">
  1244.  
  1245. + -- --=[Checking for open proxy on nicklurapage.space...
  1246.                 </div>
  1247.             </div>
  1248.                 </div>
  1249.                 <div class="content">
  1250. <div class="content-middle"><h2>About CentOS:</h2><b>The Community ENTerprise Operating System</b> (CentOS) Linux is a community-supported enterprise distribution derived from sources freely provided to the public by Red Hat. As such, CentOS Linux aims to be functionally compatible with Red Hat Enterprise Linux. The CentOS Project is the organization that builds CentOS. We mainly change packages to remove upstream vendor branding and artwork.</p> <p>For information on CentOS please visit the <a href="http://www.centos.org/">CentOS website</a>.</p>
  1251. <p><h2>Note:</h2><p>CentOS is an Operating System and it is used to power this website; however, the webserver is owned by the domain owner and not the CentOS Project.  <b>If you have issues with the content of this site, contact the owner of the domain, not the CentOS Project.</b> <p>Unless this server is on the <b>centos.org</b> domain, the CentOS Project doesn't have anything to do with the content on this webserver or any e-mails that directed you to this site.</p> <p>For example, if this website is www.example.com, you would find the owner of the example.com domain at the following WHOIS server:</p> <p><a href="http://www.internic.net/whois.html">http://www.internic.net/whois.html</a></p>
  1252.                         </div>
  1253.         </div>
  1254. </body>
  1255. </html>
  1256.  
  1257. + -- --=[Enumerating software on nicklurapage.space...
  1258. Server: Apache/2.2.15 (CentOS)
  1259. X-Powered-By: PHP/5.4.45
  1260.  
  1261. + -- --=[Checking if Strict-Transport-Security is enabled on nicklurapage.space...
  1262.  
  1263. + -- --=[Checking for Flash cross-domain policy on nicklurapage.space...
  1264. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1265. <html><head>
  1266. <title>404 Not Found</title>
  1267. </head><body>
  1268. <h1>Not Found</h1>
  1269. <p>The requested URL /crossdomain.xml was not found on this server.</p>
  1270. <hr>
  1271. <address>Apache/2.2.15 (CentOS) Server at nicklurapage.space Port 80</address>
  1272. </body></html>
  1273.  
  1274. + -- --=[Checking for Silverlight cross-domain policy on nicklurapage.space...
  1275. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1276. <html><head>
  1277. <title>404 Not Found</title>
  1278. </head><body>
  1279. <h1>Not Found</h1>
  1280. <p>The requested URL /clientaccesspolicy.xml was not found on this server.</p>
  1281. <hr>
  1282. <address>Apache/2.2.15 (CentOS) Server at nicklurapage.space Port 80</address>
  1283. </body></html>
  1284.  
  1285. + -- --=[Checking for HTML5 cross-origin resource sharing on nicklurapage.space...
  1286.  
  1287. + -- --=[Retrieving robots.txt on nicklurapage.space...
  1288. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1289. <html><head>
  1290. <title>404 Not Found</title>
  1291. </head><body>
  1292. <h1>Not Found</h1>
  1293. <p>The requested URL /robots.txt was not found on this server.</p>
  1294. <hr>
  1295. <address>Apache/2.2.15 (CentOS) Server at nicklurapage.space Port 80</address>
  1296. </body></html>
  1297.  
  1298. + -- --=[Retrieving sitemap.xml on nicklurapage.space...
  1299. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1300. <html><head>
  1301. <title>404 Not Found</title>
  1302. </head><body>
  1303. <h1>Not Found</h1>
  1304. <p>The requested URL /sitemap.xml was not found on this server.</p>
  1305. <hr>
  1306. <address>Apache/2.2.15 (CentOS) Server at nicklurapage.space Port 80</address>
  1307. </body></html>
  1308.  
  1309. + -- --=[Checking cookie attributes on nicklurapage.space...
  1310.  
  1311. + -- --=[Checking for ASP.NET Detailed Errors on nicklurapage.space...
  1312.  
  1313.  
  1314. ######################################################################################################################################
  1315. --------------------------------------------------------------------------------------------------------------------------------------
  1316.  
  1317. [ ! ] Starting SCANNER INURLBR 2.1 at [27-04-2018 13:19:12]
  1318. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
  1319. It is the end user's responsibility to obey all applicable local, state and federal laws.
  1320. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  1321.  
  1322. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-nicklurapage.space.txt  ]
  1323. [ INFO ][ DORK ]::[ site:nicklurapage.space ]
  1324. [ INFO ][ SEARCHING ]:: {
  1325. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.mk ]
  1326.  
  1327. [ INFO ][ SEARCHING ]::
  1328. -[:::]
  1329. [ INFO ][ ENGINE ]::[ GOOGLE API ]
  1330.  
  1331. [ INFO ][ SEARCHING ]::
  1332. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  1333. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.br ID: 010479943387663786936:wjwf2xkhfmq ]
  1334.  
  1335. [ INFO ][ SEARCHING ]::
  1336. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  1337.  
  1338. [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
  1339. [ INFO ] Not a satisfactory result was found!
  1340.  
  1341.  
  1342. [ INFO ] [ Shutting down ]
  1343. [ INFO ] [ End of process INURLBR at [27-04-2018 13:19:24]
  1344. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
  1345. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-nicklurapage.space.txt  ]
  1346. |_________________________________________________________________________________________
  1347.  
  1348. \_________________________________________________________________________________________/
  1349. #######################################################################################################################################
  1350.  
  1351. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  1352. + -- --=[Target: nicklurapage.space:443
  1353. + -- --=[Site not vulnerable to Cross-Site Tracing!
  1354. + -- --=[Site not vulnerable to Host Header Injection!
  1355. + -- --=[Site vulnerable to Cross-Frame Scripting!
  1356. + -- --=[Site vulnerable to Clickjacking!
  1357.  
  1358.  
  1359. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1360. <html><head>
  1361. <title>400 Bad Request</title>
  1362. </head><body>
  1363. <h1>Bad Request</h1>
  1364. <p>Your browser sent a request that this server could not understand.<br />
  1365. Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
  1366. Instead use the HTTPS scheme to access this URL, please.<br />
  1367. <blockquote>Hint: <a href="https://127.0.0.1/"><b>https://127.0.0.1/</b></a></blockquote></p>
  1368. <hr>
  1369. <address>Apache/2.2.15 (CentOS) Server at 127.0.0.1 Port 443</address>
  1370. </body></html>
  1371. #######################################################################################################################################
  1372. + -- --=[Checking if X-Content options are enabled on nicklurapage.space...
  1373.  
  1374. + -- --=[Checking if X-Frame options are enabled on nicklurapage.space...
  1375.  
  1376. + -- --=[Checking if X-XSS-Protection header is enabled on nicklurapage.space...
  1377.  
  1378. + -- --=[Checking HTTP methods on nicklurapage.space...
  1379. Allow: GET,HEAD,POST,OPTIONS,TRACE
  1380.  
  1381. + -- --=[Checking if TRACE method is enabled on nicklurapage.space...
  1382.  
  1383. + -- --=[Checking for META tags on nicklurapage.space...
  1384.         <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  1385.  
  1386. + -- --=[Checking for open proxy on nicklurapage.space...
  1387.  
  1388. + -- --=[Enumerating software on nicklurapage.space...
  1389. Server: Apache/2.2.15 (CentOS)
  1390.  
  1391. + -- --=[Checking if Strict-Transport-Security is enabled on nicklurapage.space...
  1392.  
  1393. + -- --=[Checking for Flash cross-domain policy on nicklurapage.space...
  1394. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1395. <html><head>
  1396. <title>404 Not Found</title>
  1397. </head><body>
  1398. <h1>Not Found</h1>
  1399. <p>The requested URL /crossdomain.xml was not found on this server.</p>
  1400. <hr>
  1401. <address>Apache/2.2.15 (CentOS) Server at nicklurapage.space Port 443</address>
  1402. </body></html>
  1403.  
  1404. + -- --=[Checking for Silverlight cross-domain policy on nicklurapage.space...
  1405. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1406. <html><head>
  1407. <title>404 Not Found</title>
  1408. </head><body>
  1409. <h1>Not Found</h1>
  1410. <p>The requested URL /clientaccesspolicy.xml was not found on this server.</p>
  1411. <hr>
  1412. <address>Apache/2.2.15 (CentOS) Server at nicklurapage.space Port 443</address>
  1413. </body></html>
  1414.  
  1415. + -- --=[Checking for HTML5 cross-origin resource sharing on nicklurapage.space...
  1416.  
  1417. + -- --=[Retrieving robots.txt on nicklurapage.space...
  1418. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1419. <html><head>
  1420. <title>404 Not Found</title>
  1421. </head><body>
  1422. <h1>Not Found</h1>
  1423. <p>The requested URL /robots.txt was not found on this server.</p>
  1424. <hr>
  1425. <address>Apache/2.2.15 (CentOS) Server at nicklurapage.space Port 443</address>
  1426. </body></html>
  1427.  
  1428. + -- --=[Retrieving sitemap.xml on nicklurapage.space...
  1429. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1430. <html><head>
  1431. <title>404 Not Found</title>
  1432. </head><body>
  1433. <h1>Not Found</h1>
  1434. <p>The requested URL /sitemap.xml was not found on this server.</p>
  1435. <hr>
  1436. <address>Apache/2.2.15 (CentOS) Server at nicklurapage.space Port 443</address>
  1437. </body></html>
  1438.  
  1439. + -- --=[Checking cookie attributes on nicklurapage.space...
  1440.  
  1441. + -- --=[Checking for ASP.NET Detailed Errors on nicklurapage.space...
  1442. #######################################################################################################################################
  1443.  
  1444.  
  1445.  
  1446.  AVAILABLE PLUGINS
  1447.  -----------------
  1448.  
  1449.   PluginChromeSha1Deprecation
  1450.   PluginCompression
  1451.   PluginSessionResumption
  1452.   PluginCertInfo
  1453.   PluginHSTS
  1454.   PluginHeartbleed
  1455.   PluginSessionRenegotiation
  1456.   PluginOpenSSLCipherSuites
  1457.  
  1458.  
  1459.  
  1460.  CHECKING HOST(S) AVAILABILITY
  1461.  -----------------------------
  1462.  
  1463.    nicklurapage.space:443              => 89.248.168.69:443
  1464.  
  1465.  
  1466.  
  1467.  SCAN RESULTS FOR NICKLURAPAGE.SPACE:443 - 89.248.168.69:443
  1468.  -----------------------------------------------------------
  1469.  
  1470.   * Deflate Compression:
  1471.       OK - Compression disabled          
  1472.  
  1473.   * Session Renegotiation:
  1474.       Client-initiated Renegotiations:   OK - Rejected
  1475.       Secure Renegotiation:              OK - Supported
  1476.  
  1477.   * Certificate - Content:
  1478.       SHA1 Fingerprint:                  f39ad94656ab7b6386b88cde0aa56bdfb742fc6b
  1479.       Common Name:                       a20s05
  1480.       Issuer:                            a20s05
  1481.       Serial Number:                     03C3
  1482.       Not Before:                        Mar  9 08:31:48 2018 GMT
  1483.       Not After:                         Mar  9 08:31:48 2019 GMT
  1484.       Signature Algorithm:               sha256WithRSAEncryption
  1485.       Public Key Algorithm:              rsaEncryption
  1486.       Key Size:                          2048 bit
  1487.       Exponent:                          65537 (0x10001)
  1488.  
  1489.   * Certificate - Trust:
  1490.       Hostname Validation:               FAILED - Certificate does NOT match nicklurapage.space
  1491.       Google CA Store (09/2015):         FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
  1492.       Java 6 CA Store (Update 65):       FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
  1493.       Microsoft CA Store (09/2015):      FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
  1494.       Apple CA Store (OS X 10.10.5):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
  1495.       Mozilla NSS CA Store (09/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
  1496.       Certificate Chain Received:        ['a20s05']
  1497.  
  1498.   * Certificate - OCSP Stapling:
  1499.       NOT SUPPORTED - Server did not send back an OCSP response.
  1500.  
  1501.   * Session Resumption:
  1502.       With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
  1503.       With TLS Session Tickets:          OK - Supported
  1504.  
  1505.   * SSLV2 Cipher Suites:
  1506.       Server rejected all cipher suites.
  1507.  
  1508.   * SSLV3 Cipher Suites:
  1509.       Preferred:                      
  1510.                  ECDHE-RSA-AES256-SHA          ECDH-256 bits  256 bits                                        
  1511.       Accepted:                        
  1512.                  ECDHE-RSA-AES256-SHA          ECDH-256 bits  256 bits                                        
  1513.                  DHE-RSA-CAMELLIA256-SHA       DH-2048 bits   256 bits                                        
  1514.                  DHE-RSA-AES256-SHA            DH-2048 bits   256 bits                                        
  1515.                  CAMELLIA256-SHA               -              256 bits                                        
  1516.                  AES256-SHA                    -              256 bits                                        
  1517.                  ECDHE-RSA-RC4-SHA             ECDH-256 bits  128 bits                                        
  1518.                  ECDHE-RSA-AES128-SHA          ECDH-256 bits  128 bits                                        
  1519.                  DHE-RSA-CAMELLIA128-SHA       DH-2048 bits   128 bits                                        
  1520.                  DHE-RSA-AES128-SHA            DH-2048 bits   128 bits                                        
  1521.                  RC4-SHA                       -              128 bits                                        
  1522.                  RC4-MD5                       -              128 bits                                        
  1523.                  CAMELLIA128-SHA               -              128 bits                                        
  1524.                  AES128-SHA                    -              128 bits                                        
  1525.                  ECDHE-RSA-DES-CBC3-SHA        ECDH-256 bits  112 bits                                        
  1526.                  EDH-RSA-DES-CBC3-SHA          DH-2048 bits   112 bits                                        
  1527.                  DES-CBC3-SHA                  -              112 bits                                        
  1528.  
  1529.  
  1530.  
  1531.  SCAN COMPLETED IN 5.53 S
  1532.  ------------------------
  1533. Version: 1.11.11-static
  1534. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1535.  
  1536. Connected to 89.248.168.69
  1537.  
  1538. Testing SSL server nicklurapage.space on port 443 using SNI name nicklurapage.space
  1539.  
  1540.   TLS Fallback SCSV:
  1541. Server supports TLS Fallback SCSV
  1542.  
  1543.   TLS renegotiation:
  1544. Secure session renegotiation supported
  1545.  
  1546.   TLS Compression:
  1547. Compression disabled
  1548.  
  1549.   Heartbleed:
  1550. TLS 1.2 not vulnerable to heartbleed
  1551. TLS 1.1 not vulnerable to heartbleed
  1552. TLS 1.0 not vulnerable to heartbleed
  1553.  
  1554.   Supported Server Cipher(s):
  1555. Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
  1556. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
  1557. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  1558. Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
  1559. Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA256         DHE 2048 bits
  1560. Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
  1561. Accepted  TLSv1.2  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
  1562. Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
  1563. Accepted  TLSv1.2  256 bits  AES256-SHA256                
  1564. Accepted  TLSv1.2  256 bits  AES256-SHA                  
  1565. Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA              
  1566. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
  1567. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
  1568. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  1569. Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits
  1570. Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA256         DHE 2048 bits
  1571. Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
  1572. Accepted  TLSv1.2  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
  1573. Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
  1574. Accepted  TLSv1.2  128 bits  AES128-SHA256                
  1575. Accepted  TLSv1.2  128 bits  AES128-SHA                  
  1576. Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA              
  1577. Accepted  TLSv1.2  128 bits  ECDHE-RSA-RC4-SHA             Curve P-256 DHE 256
  1578. Accepted  TLSv1.2  128 bits  RC4-SHA                      
  1579. Accepted  TLSv1.2  128 bits  RC4-MD5                      
  1580. Accepted  TLSv1.2  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
  1581. Accepted  TLSv1.2  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
  1582. Accepted  TLSv1.2  112 bits  DES-CBC3-SHA                
  1583. Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  1584. Accepted  TLSv1.1  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
  1585. Accepted  TLSv1.1  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
  1586. Accepted  TLSv1.1  256 bits  AES256-SHA                  
  1587. Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA              
  1588. Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  1589. Accepted  TLSv1.1  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
  1590. Accepted  TLSv1.1  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
  1591. Accepted  TLSv1.1  128 bits  AES128-SHA                  
  1592. Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA              
  1593. Accepted  TLSv1.1  128 bits  ECDHE-RSA-RC4-SHA             Curve P-256 DHE 256
  1594. Accepted  TLSv1.1  128 bits  RC4-SHA                      
  1595. Accepted  TLSv1.1  128 bits  RC4-MD5                      
  1596. Accepted  TLSv1.1  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
  1597. Accepted  TLSv1.1  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
  1598. Accepted  TLSv1.1  112 bits  DES-CBC3-SHA                
  1599. Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  1600. Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
  1601. Accepted  TLSv1.0  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
  1602. Accepted  TLSv1.0  256 bits  AES256-SHA                  
  1603. Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA              
  1604. Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  1605. Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
  1606. Accepted  TLSv1.0  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
  1607. Accepted  TLSv1.0  128 bits  AES128-SHA                  
  1608. Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA              
  1609. Accepted  TLSv1.0  128 bits  ECDHE-RSA-RC4-SHA             Curve P-256 DHE 256
  1610. Accepted  TLSv1.0  128 bits  RC4-SHA                      
  1611. Accepted  TLSv1.0  128 bits  RC4-MD5                      
  1612. Accepted  TLSv1.0  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
  1613. Accepted  TLSv1.0  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
  1614. Accepted  TLSv1.0  112 bits  DES-CBC3-SHA                
  1615. Preferred SSLv3    256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  1616. Accepted  SSLv3    256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
  1617. Accepted  SSLv3    256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
  1618. Accepted  SSLv3    256 bits  AES256-SHA                  
  1619. Accepted  SSLv3    256 bits  CAMELLIA256-SHA              
  1620. Accepted  SSLv3    128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  1621. Accepted  SSLv3    128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
  1622. Accepted  SSLv3    128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
  1623. Accepted  SSLv3    128 bits  AES128-SHA                  
  1624. Accepted  SSLv3    128 bits  CAMELLIA128-SHA              
  1625. Accepted  SSLv3    128 bits  ECDHE-RSA-RC4-SHA             Curve P-256 DHE 256
  1626. Accepted  SSLv3    128 bits  RC4-SHA                      
  1627. Accepted  SSLv3    128 bits  RC4-MD5                      
  1628. Accepted  SSLv3    112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
  1629. Accepted  SSLv3    112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
  1630. Accepted  SSLv3    112 bits  DES-CBC3-SHA                
  1631.  
  1632.   SSL Certificate:
  1633. Signature Algorithm: sha256WithRSAEncryption
  1634. RSA Key Strength:    2048
  1635.  
  1636. Subject:  a20s05
  1637. Issuer:   a20s05
  1638.  
  1639. Not valid before: Mar  9 08:31:48 2018 GMT
  1640. Not valid after:  Mar  9 08:31:48 2019 GMT
  1641.  
  1642. #######################################################################################################################################
  1643.  
  1644. I, [2018-04-27T13:23:14.612217 #21971]  INFO -- : Initiating port scan
  1645. I, [2018-04-27T13:23:39.318625 #21971]  INFO -- : Using nmap scan output file logs/nmap_output_2018-04-27_13-23-14.xml
  1646. I, [2018-04-27T13:23:39.320770 #21971]  INFO -- : Discovered open port: 89.248.168.69:80
  1647. I, [2018-04-27T13:23:40.228030 #21971]  INFO -- : Discovered open port: 89.248.168.69:443
  1648. I, [2018-04-27T13:23:42.041691 #21971]  INFO -- : <<<Enumerating vulnerable applications>>>
  1649. #######################################################################################################################################
  1650.                                             HunterUnit JTSEC pedo link for save child full recon #42
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top