Anonymous JTSEC #OpJamalKhashoggi Full Recon #6

1. #######################################################################################################################################
2. Nom de l'hôte www.boe.gov.sa FAI King Abdul Aziz City for Science and Technology
3. Continent Asie Drapeau
4. SA
5. Pays Arabie Séoudite Code du pays SA
6. Région Inconnu Heure locale 26 Oct 2018 14:39 +03
7. Ville Inconnu Code Postal Inconnu
8. Adresse IP 212.138.117.127 Latitude 25
9. Longitude 45
10.  
11. ######################################################################################################################################
12. > www.boe.gov.sa
13. Server: 38.132.106.139
14. Address: 38.132.106.139#53
15.  
16. Non-authoritative answer:
17. www.boe.gov.sa canonical name = boe.gov.sa.
18. Name: boe.gov.sa
19. Address: 212.138.117.127
20. ######################################################################################################################################
21. HostIP:212.138.117.127
22. HostName:www.boe.gov.sa
23.  
24. Gathered Inet-whois information for 212.138.117.127
25. ---------------------------------------------------------------------------------------------------------------------------------------
26.  
27.  
28. inetnum: 212.138.112.0 - 212.138.117.255
29. netname: ISU-8
30. descr: Internet Service Unit ISU
31. country: SA
32. admin-c: KR6046-RIPE
33. tech-c: KR6046-RIPE
34. status: ASSIGNED PA
35. mnt-by: KACST-ISU-MNT
36. mnt-routes: KACST-ISU-MNT
37. mnt-lower: KACST-ISU-MNT
38. remarks: ------------------------------------------------------
39. remarks: Part of this IP block has been used for proxy/cache
40. remarks: service at the National level in Saudi Arabia. All
41. remarks: Saudi Arabia web traffic will come from this IP block.
42. remarks:
43. remarks: If you experience high volume of traffic from
44. remarks: IP in this block it is because your site is very
45. remarks: popular/famous of Saudi Arabia community.
46. remarks:
47. remarks: For any abuse activities please contact us through
48. remarks: Email: abuse@isu.net.sa
49. remarks: Phone: +96614813933 (24x7)
50. remarks: Fax: +96614813221
51. remarks: ------------------------------------------------------
52. created: 2004-08-03T12:57:57Z
53. last-modified: 2005-04-13T10:18:31Z
54. source: RIPE
55.  
56. role: KACST ROLE
57. address: Saudi Network Information Center, ISU
58. address: King Abdulaziz City for Science and Technology,
59. address: P.O.Box 6086, Riyadh 11442, Saudi Arabia.
60. remarks: abuse-mailbox: abuse@isu.net.sa
61. phone: +9661 481 3933
62. fax-no: +9661 481 3254
63. remarks: trouble: abuse@isu.net.sa
64. admin-c: AA27098-RIPE
65. tech-c: QLTI1-RIPE
66. tech-c: AIA5-RIPE
67. nic-hdl: KR6046-RIPE
68. remarks: This Role object is for handling and maintaining all
69. remarks: IP Blocks registered by ISU-KACST(LIR) in Saudi Arabia.
70. mnt-by: KACST-ISU-MNT
71. remarks: abuse-mailbox: abuse@isu.net.sa
72. created: 1970-01-01T00:00:00Z
73. last-modified: 2018-03-26T11:50:33Z
74. source: RIPE # Filtered
75.  
76. % Information related to '212.138.64.0/18AS8895'
77.  
78. route: 212.138.64.0/18
79. descr: ISU SUMMERIZATIONS
80. origin: AS8895
81. mnt-by: ISU-NOC
82. created: 2011-03-27T10:01:52Z
83. last-modified: 2011-03-27T10:01:52Z
84. source: RIPE
85.  
86. % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
87.  
88.  
89.  
90. Gathered Inic-whois information for boe.gov.sa
91. ---------------------------------------------------------------------------------------------------------------------------------------
92.  
93. Domain Name: boe.gov.sa
94.  
95. Registrant:
96. Bureau of Experts هيئة الخبراء بمجلس الوزراء
97. Address: المعذر - قصر اليمامة
98. Riyadh الرياض
99. Saudi Arabia المملكة العربية السعودية
100.  
101. Administrative Contact:
102. رياض عبدالمحسن المانع
103. Address: الرياض - قصر اليمامة
104. 11452 الرياض
105. Saudi Arabia
106.  
107. Technical Contact:
108. خالد بن ابراهيم الحمدان
109. Address: الرياض - حي المعذر - قصر اليمامة
110. 11452 الرياض
111. المملكة العربية السعودية
112.  
113. Name Servers:
114. ns1.boe.gov.sa
115. ns2.boe.gov.sa
116.  
117. Created on: 2004-01-25
118. Last Updated on: 2017-11-19
119.  
120. Gathered Netcraft information for www.boe.gov.sa
121. ---------------------------------------------------------------------------------------------------------------------------------------
122.  
123. Retrieving Netcraft.com information for www.boe.gov.sa
124. Netcraft.com Information gathered
125.  
126. Gathered Subdomain information for boe.gov.sa
127. ---------------------------------------------------------------------------------------------------------------------------------------
128. Searching Google.com:80...
129. HostName:www.boe.gov.sa
130. HostIP:212.138.117.127
131. Searching Altavista.com:80...
132. Found 1 possible subdomain(s) for host boe.gov.sa, Searched 0 pages containing 0 results
133.  
134. Gathered E-Mail information for boe.gov.sa
135. ---------------------------------------------------------------------------------------------------------------------------------------
136. Searching Google.com:80...
137. Searching Altavista.com:80...
138. Found 0 E-Mail(s) for host boe.gov.sa, Searched 0 pages containing 0 results
139.  
140. Gathered TCP Port information for 212.138.117.127
141. ---------------------------------------------------------------------------------------------------------------------------------------
142.  
143. Port State
144.  
145. 80/tcp open
146.  
147. Portscan Finished: Scanned 150 ports, 3 ports were in state closed
148.  
149. #######################################################################################################################################
150. [i] Scanning Site: https://www.boe.gov.sa
151.  
152.  
153.  
154. B A S I C I N F O
155. =======================================================================================================================================
156.  
157.  
158. [+] Site Title:
159. موقع هيئة الخبراء بمجلس الوزراء
160.  
161. [+] IP address: 212.138.117.127
162. [+] Web Server: Microsoft-IIS/8.5
163. [+] CMS: Could Not Detect
164. [+] Cloudflare: Not Detected
165. [+] Robots File: Could NOT Find robots.txt!
166.  
167.  
168.  
169.  
170. W H O I S L O O K U P
171. =======================================================================================================================================
172.  
173. % SaudiNIC Whois server.
174. % Rights restricted by copyright.
175. % http://nic.sa/en/view/whois-cmd-copyright
176.  
177. Domain Name: boe.gov.sa
178.  
179. Registrant:
180. Bureau of Experts هيئة الخبراء بمجلس الوزراء
181. Address: المعذر - قصر اليمامة
182. Riyadh الرياض
183. Saudi Arabia المملكة العربية السعودية
184.  
185. Administrative Contact:
186. رياض عبدالمحسن المانع
187. Address: الرياض - قصر اليمامة
188. 11452 الرياض
189. Saudi Arabia
190.  
191. Technical Contact:
192. خالد بن ابراهيم الحمدان
193. Address: الرياض - حي المعذر - قصر اليمامة
194. 11452 الرياض
195. المملكة العربية السعودية
196.  
197. Name Servers:
198. ns1.boe.gov.sa
199. ns2.boe.gov.sa
200.  
201. Created on: 2004-01-25
202. Last Updated on: 2017-11-19
203.  
204.  
205.  
206.  
207.  
208. G E O I P L O O K U P
209. =======================================================================================================================================
210.  
211. [i] IP Address: 212.138.117.127
212. [i] Country: SA
213. [i] State: N/A
214. [i] City: N/A
215. [i] Latitude: 25.000000
216. [i] Longitude: 45.000000
217.  
218.  
219.  
220.  
221. H T T P H E A D E R S
222. =======================================================================================================================================
223.  
224.  
225. [i] HTTP/1.1 200 OK
226. [i] Cache-Control: private
227. [i] Content-Type: text/html; charset=utf-8
228. [i] Server: Microsoft-IIS/8.5
229. [i] Set-Cookie: ASP.NET_SessionId=pnjqa5s0qexptyl4xh3f5iho; path=/; HttpOnly
230. [i] X-AspNet-Version: 4.0.30319
231. [i] X-Powered-By: ASP.NET
232. [i] Date: Thu, 11 Jul 2019 21:18:21 GMT
233. [i] Connection: close
234. [i] Content-Length: 109252
235.  
236.  
237.  
238.  
239. D N S L O O K U P
240. =======================================================================================================================================
241.  
242. boe.gov.sa. 299 IN SOA ns1.boe.gov.sa. hostmaster.boe.gov.sa. 2015110541 900 600 86400 300
243. boe.gov.sa. 299 IN TXT "v=spf1 mx ptr ip4:212.26.56.10 ip4:212.26.56.11 a:mx2.boe.gov.sa a:mx1.boe.gov.sa mx:mx1.boe.gov.sa mx:mx2.boe.gov.sa ip4:212.26.56.1/25 ~all"
244. boe.gov.sa. 299 IN MX 20 email02.nic.gov.sa.
245. boe.gov.sa. 299 IN MX 20 email01.nic.gov.sa.
246. boe.gov.sa. 299 IN NS ns1.boe.gov.sa.
247. boe.gov.sa. 299 IN NS ns1.isu.net.sa.
248. boe.gov.sa. 299 IN NS ns2.boe.gov.sa.
249. boe.gov.sa. 299 IN A 212.138.117.127
250.  
251.  
252.  
253.  
254. S U B N E T C A L C U L A T I O N
255. =======================================================================================================================================
256.  
257. Address = 212.138.117.127
258. Network = 212.138.117.127 / 32
259. Netmask = 255.255.255.255
260. Broadcast = not needed on Point-to-Point links
261. Wildcard Mask = 0.0.0.0
262. Hosts Bits = 0
263. Max. Hosts = 1 (2^0 - 0)
264. Host Range = { 212.138.117.127 - 212.138.117.127 }
265.  
266.  
267.  
268. N M A P P O R T S C A N
269. =======================================================================================================================================
270.  
271.  
272. Starting Nmap 7.40 ( https://nmap.org ) at 2018-10-26 11:47 UTC
273. Nmap scan report for boe.gov.sa (212.138.117.127)
274. Host is up (0.17s latency).
275. PORT STATE SERVICE
276. 21/tcp filtered ftp
277. 22/tcp filtered ssh
278. 23/tcp filtered telnet
279. 80/tcp open http
280. 110/tcp filtered pop3
281. 143/tcp filtered imap
282. 443/tcp open https
283. 3389/tcp filtered ms-wbt-server
284.  
285. Nmap done: 1 IP address (1 host up) scanned in 4.96 seconds
286.  
287.  
288.  
289. S U B - D O M A I N F I N D E R
290. =======================================================================================================================================
291.  
292.  
293. [i] Total Subdomains Found : 5
294.  
295. [+] Subdomain: ns1.boe.gov.sa
296. [-] IP: 212.138.117.125
297.  
298. [+] Subdomain: mx1.boe.gov.sa
299. [-] IP: 212.26.56.10
300.  
301. [+] Subdomain: mx2.boe.gov.sa
302. [-] IP: 212.26.56.11
303.  
304. [+] Subdomain: mail.boe.gov.sa
305. [-] IP: 212.26.56.9
306.  
307. [+] Subdomain: autodiscover.boe.gov.sa
308. [-] IP: 212.26.56.9
309. #######################################################################################################################################
310. [?] Enter the target: https://www.boe.gov.sa/
311. [!] IP Address : 212.138.117.127
312. [!] Server: Microsoft-IIS/8.5
313. [!] Powered By: ASP.NET
314. [+] Clickjacking protection is not in place.
315. [!] www.boe.gov.sa doesn't seem to use a CMS
316. [+] Honeypot Probabilty: 0%
317. ---------------------------------------------------------------------------------------------------------------------------------------
318. [~] Trying to gather whois information for www.boe.gov.sa
319. [+] Whois information found
320. [-] Unable to build response, visit https://who.is/whois/www.boe.gov.sa
321. ---------------------------------------------------------------------------------------------------------------------------------------
322. PORT STATE SERVICE
323. 21/tcp filtered ftp
324. 22/tcp filtered ssh
325. 23/tcp filtered telnet
326. 80/tcp open http
327. 110/tcp filtered pop3
328. 143/tcp filtered imap
329. 443/tcp open https
330. 3389/tcp filtered ms-wbt-server
331. Nmap done: 1 IP address (1 host up) scanned in 2.76 seconds
332. ---------------------------------------------------------------------------------------------------------------------------------------
333.  
334. [+] DNS Records
335. ns2.boe.gov.sa. (212.138.117.126) AS8895 King Abdul Aziz City for Science and Technology Saudi Arabia
336. ns1.boe.gov.sa. (212.138.117.125) AS8895 King Abdul Aziz City for Science and Technology Saudi Arabia
337. ns1.isu.net.sa. (212.26.18.3) AS8895 King Abdul Aziz City for Science and Technology Saudi Arabia
338.  
339. [+] MX Records
340. 20 (78.93.109.82) AS25233 Arabian Internet & Communications Services Co.ltd Saudi Arabia
341.  
342. [+] MX Records
343. 20 (78.93.109.80) AS25233 Arabian Internet & Communications Services Co.ltd Saudi Arabia
344.  
345. [+] Host Records (A)
346. www.boe.gov.saHTTP: (212.138.117.127) AS8895 King Abdul Aziz City for Science and Technology Saudi Arabia
347.  
348. [+] TXT Records
349. "v=spf1 mx ptr ip4:212.26.56.10 ip4:212.26.56.11 a:mx2.boe.gov.sa a:mx1.boe.gov.sa mx:mx1.boe.gov.sa mx:mx2.boe.gov.sa ip4:212.26.56.1/25 ~all"
350.  
351. [+] DNS Map: https://dnsdumpster.com/static/map/boe.gov.sa.png
352.  
353. [>] Initiating 3 intel modules
354. [>] Loading Alpha module (1/3)
355. [>] Beta module deployed (2/3)
356. [>] Gamma module initiated (3/3)
357.  
358.  
359. [+] Emails found:
360. ---------------------------------------------------------------------------------------------------------------------------------------
361. pixel-154055447397404-web-@www.boe.gov.sa
362. pixel-1540554475590121-web-@www.boe.gov.sa
363. No hosts found
364. [+] Virtual hosts:
365. ---------------------------------------------------------------------------------------------------------------------------------------
366. [~] Crawling the target for fuzzable URLs
367. [+] Found 64 fuzzable URLs
368. https://www.boe.gov.sa///MainDefault.aspx?lang=ar
369. [~] Using SQLMap api to check for SQL injection vulnerabilities. Don't worry we are using an online service and it doesn't depend on your internet connection. This scan will take 2-3 minutes.
370. #######################################################################################################################################
371. ---------------------------------------------------------------------------------------------------------------------------------------
372. + Target IP: 212.138.117.127
373. + Target Hostname: www.boe.gov.sa
374. + Target Port: 443
375. ---------------------------------------------------------------------------------------------------------------------------------------
376. + SSL Info: Subject: /businessCategory=Government Entity/jurisdictionC=SA/serialNumber=Government Entity/C=SA/L=Riyadh/O=Bureau of Experts At The Council of Ministers/CN=boe.gov.sa
377. Ciphers: ECDHE-RSA-AES256-SHA384
378. Issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
379. + Start Time: 2018-10-26 07:46:11 (GMT-4)
380. ---------------------------------------------------------------------------------------------------------------------------------------
381. + Server: Microsoft-IIS/8.5
382. + Retrieved x-aspnet-version header: 4.0.30319
383. + Retrieved x-powered-by header: ASP.NET
384. + The anti-clickjacking X-Frame-Options header is not present.
385. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
386. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
387. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
388. + Cookie ASP.NET_SessionId created without the secure flag
389. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: : Invalid argument
390. + Scan terminated: 20 error(s) and 7 item(s) reported on remote host
391. + End Time: 2018-10-26 07:52:53 (GMT-4) (402 seconds)
392. --------------------------------------------------------------------------------------------------------------------------------------
393. + 1 host(s) tested
394. ######################################################################################################################################
395. ---------------------------------------------------------------------------------------------------------------------------------------
396. + Target IP: 212.138.117.127
397. + Target Hostname: 212.138.117.127
398. + Target Port: 80
399. + Start Time: 2018-10-26 07:46:32 (GMT-4)
400. ---------------------------------------------------------------------------------------------------------------------------------------
401. + Server: No banner retrieved
402. + Retrieved x-powered-by header: ASP.NET
403. + The anti-clickjacking X-Frame-Options header is not present.
404. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
405. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
406. + Root page / redirects to: https://www.boe.gov.sa/
407. + Retrieved x-aspnet-version header: 4.0.30319
408. + No CGI Directories found (use '-C all' to force check all possible dirs)
409. + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
410. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
411. + Scan terminated: 20 error(s) and 6 item(s) reported on remote host
412. + End Time: 2018-10-26 08:00:19 (GMT-4) (827 seconds)
413. ---------------------------------------------------------------------------------------------------------------------------------------
414. #######################################################################################################################################
415. ; <<>> DiG 9.11.4-P2-3-Debian <<>> www.boe.gov.sa
416. ;; global options: +cmd
417. ;; Got answer:
418. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24798
419. ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
420.  
421. ;; OPT PSEUDOSECTION:
422. ; EDNS: version: 0, flags:; udp: 4096
423. ;; QUESTION SECTION:
424. ;www.boe.gov.sa. IN A
425.  
426. ;; ANSWER SECTION:
427. www.boe.gov.sa. 31 IN CNAME boe.gov.sa.
428. boe.gov.sa. 31 IN A 212.138.117.127
429.  
430. ;; Query time: 300 msec
431. ;; SERVER: 38.132.106.139#53(38.132.106.139)
432. ;; WHEN: ven oct 26 08:03:50 EDT 2018
433. ;; MSG SIZE rcvd: 73
434. #######################################################################################################################################
435. [+] Hosting Info for Website: www.boe.gov.sa
436. [+] Visitors per day: 2,750
437. [+] IP Address: 212.138.117.127
438. [+] Hosting Company IP Owner: Internet Service Unit Isu
439. [+] Hosting IP Range: 212.138.112.0 - 212.138.117.255 (1,536 ip)
440. [+] Hosting Address: Saudi Network Information Center, ISU, King Abdulaziz City For Science And Technology, P.o.box 6086, Riyadh 11442, Saudi Arabia
441. [+] Owner Address: Saudi Network Information Center, ISU, King Abdulaziz City For Science And Technology, P.o.box 6086, Riyadh 11442, Saudi Arabia
442. [+] Hosting Country: SAU
443. [+] Owner Country: SAU
444. [+] Hosting Phone: +9661 481 3933, +966 1 481 3933, +966 11 481 4256
445. [+] Owner Phone: +9661 481 3933
446. [+] Hosting Website: www.isu.net.sa
447. [+] Owner Website: www.isu.net.sa
448. [+] Owner CIDR: 212.138.112.0/22, <a href="/view/ip_addresses/212.138.116.0">212.138.116.0</a>/23
449.  
450. [+] Hosting CIDR: 212.138.0.0/16
451.  
452. [+] NS: boe.gov.sa
453. [+] NS: ns2.boe.gov.sa
454. [+] NS: ns1.boe.gov.sa
455. [+] NS: ns1.isu.net.sa
456.  
457. #######################################################################################################################################
458. [*] Performing General Enumeration of Domain: boe.gov.sa
459. [-] DNSSEC is not configured for boe.gov.sa
460. [*] SOA ns1.boe.gov.sa 212.138.117.125
461. [*] NS ns1.boe.gov.sa 212.138.117.125
462. [*] NS ns2.boe.gov.sa 212.138.117.126
463. [*] MX email02.nic.gov.sa 78.93.109.80
464. [*] MX email01.nic.gov.sa 78.93.109.82
465. [*] A boe.gov.sa 212.138.117.127
466. [*] TXT boe.gov.sa v=spf1 mx ptr ip4:212.26.56.10 ip4:212.26.56.11 a:mx2.boe.gov.sa a:mx1.boe.gov.sa mx:mx1.boe.gov.sa mx:mx2.boe.gov.sa ip4:212.26.56.1/25 ~all
467. [*] Enumerating SRV Records
468. [-] No SRV Records Found for boe.gov.sa
469. [+] 0 Records Found
470. #######################################################################################################################################
471. [*] Processing domain boe.gov.sa
472. [+] Getting nameservers
473. 212.138.117.125 - ns1.boe.gov.sa
474. 212.138.117.126 - ns2.boe.gov.sa
475. [-] Zone transfer failed
476.  
477. [+] TXT records found
478. "v=spf1 mx ptr ip4:212.26.56.10 ip4:212.26.56.11 a:mx2.boe.gov.sa a:mx1.boe.gov.sa mx:mx1.boe.gov.sa mx:mx2.boe.gov.sa ip4:212.26.56.1/25 ~all"
479.  
480. [+] MX records found, added to target list
481. 20 email02.nic.gov.sa.
482. 20 email01.nic.gov.sa.
483.  
484. [*] Scanning boe.gov.sa for A records
485. 212.138.117.127 - boe.gov.sa
486. 212.26.56.9 - autodiscover.boe.gov.sa
487. 212.138.117.248 - beta.boe.gov.sa
488. 212.26.56.9 - mail.boe.gov.sa
489. 212.26.56.10 - mx1.boe.gov.sa
490. 212.26.56.11 - mx2.boe.gov.sa
491. 212.138.117.125 - ns1.boe.gov.sa
492. 212.138.117.126 - ns2.boe.gov.sa
493. 212.138.117.127 - www.boe.gov.sa
494. #######################################################################################################################################
495.  
496. Ip Address Status Type Domain Name Server
497. ---------- ------ ---- ----------- ------
498. 212.138.117.248 301 host beta.boe.gov.sa
499. 212.26.56.9 503 host mail.boe.gov.sa
500. 212.26.56.10 host mx1.boe.gov.sa
501. 212.138.117.125 host ns1.boe.gov.sa
502. 212.138.117.126 host ns2.boe.gov.sa
503. 212.138.117.127 307 alias www.boe.gov.sa
504. 212.138.117.127 307 host boe.gov.sa
505. #######################################################################################################################################
506. [+] Testing domain
507. www.boe.gov.sa 212.138.117.127
508. [+] Dns resolving
509. Domain name Ip address Name server
510. No address associated with hostname boe.gov.sa
511. [+] Testing wildcard
512. Ok, no wildcard found.
513.  
514. [+] Scanning for subdomain on boe.gov.sa
515. [!] Wordlist not specified. I scannig with my internal wordlist...
516. Estimated time about 937.36 seconds
517.  
518. Subdomain Ip address Name server
519.  
520. mail.boe.gov.sa 212.26.56.9 autodiscover.boe.gov.sa
521.  
522. Found 1 subdomain(s) in 1 host(s) in 1029.79 second(s) #######################################################################################################################################
523. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 07:48 EDT
524. Nmap scan report for 212.138.117.127
525. Host is up (0.45s latency).
526. Not shown: 470 filtered ports, 4 closed ports
527. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
528. PORT STATE SERVICE
529. 80/tcp open http
530. 443/tcp open https
531. #######################################################################################################################################
532. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 07:50 EDT
533. Nmap scan report for 212.138.117.127
534. Host is up (0.16s latency).
535. Not shown: 2 filtered ports
536. PORT STATE SERVICE
537. 53/udp open|filtered domain
538. 67/udp open|filtered dhcps
539. 68/udp open|filtered dhcpc
540. 69/udp open|filtered tftp
541. 88/udp open|filtered kerberos-sec
542. 123/udp open|filtered ntp
543. 139/udp open|filtered netbios-ssn
544. 161/udp open|filtered snmp
545. 162/udp open|filtered snmptrap
546. 389/udp open|filtered ldap
547. 520/udp open|filtered route
548. 2049/udp open|filtered nfs
549.  
550. Nmap done: 1 IP address (1 host up) scanned in 2.56 seconds
551. #######################################################################################################################################
552. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 07:50 EDT
553. Nmap scan report for 212.138.117.127
554. Host is up (0.45s latency).
555.  
556. PORT STATE SERVICE VERSION
557. 67/udp open|filtered dhcps
558. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
559. Too many fingerprints match this host to give specific OS details
560. Network Distance: 11 hops
561.  
562. TRACEROUTE (using proto 1/icmp)
563. HOP RTT ADDRESS
564. 1 155.55 ms 10.248.200.1
565. 2 155.58 ms 177.67.82.193
566. 3 156.59 ms 177.67.87.185
567. 4 156.62 ms 5-178-46-202.seabone.net (5.178.46.202)
568. 5 ...
569. 6 261.75 ms gtt.miami15.mia.seabone.net (89.221.41.197)
570. 7 358.00 ms xe-1-1-0.ar2-lon1.ip4.gtt.net (141.136.108.162)
571. 8 447.74 ms integrated-telecom-gw.ip4.gtt.net (46.33.91.218)
572. 9 ...
573. 10 447.83 ms 212.26.63.252
574. 11 449.12 ms 212.138.117.127
575.  
576. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
577. Nmap done: 1 IP address (1 host up) scanned in 122.81 seconds
578. + -- --=[Port 68 opened... running tests...
579. #######################################################################################################################################
580. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 07:52 EDT
581. Nmap scan report for 212.138.117.127
582. Host is up (0.45s latency).
583.  
584. PORT STATE SERVICE VERSION
585. 68/udp open|filtered dhcpc
586. Too many fingerprints match this host to give specific OS details
587. Network Distance: 11 hops
588.  
589. TRACEROUTE (using proto 1/icmp)
590. HOP RTT ADDRESS
591. 1 159.66 ms 10.248.200.1
592. 2 159.71 ms 177.67.82.193
593. 3 161.44 ms 177.67.87.185
594. 4 160.70 ms 5-178-46-202.seabone.net (5.178.46.202)
595. 5 ...
596. 6 266.49 ms gtt.miami15.mia.seabone.net (89.221.41.197)
597. 7 361.93 ms xe-1-1-0.ar2-lon1.ip4.gtt.net (141.136.108.162)
598. 8 452.38 ms integrated-telecom-gw.ip4.gtt.net (46.33.91.218)
599. 9 ...
600. 10 452.43 ms 212.26.63.252
601. 11 448.67 ms 212.138.117.127
602.  
603. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
604. Nmap done: 1 IP address (1 host up) scanned in 122.66 seconds
605. + -- --=[Port 69 opened... running tests...
606. #######################################################################################################################################
607. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 07:54 EDT
608. Nmap scan report for 212.138.117.127
609. Host is up (0.45s latency).
610.  
611. PORT STATE SERVICE VERSION
612. 69/udp open|filtered tftp
613. Too many fingerprints match this host to give specific OS details
614. Network Distance: 11 hops
615.  
616. TRACEROUTE (using proto 1/icmp)
617. HOP RTT ADDRESS
618. 1 156.75 ms 10.248.200.1
619. 2 157.14 ms 177.67.82.193
620. 3 158.36 ms 177.67.87.185
621. 4 158.36 ms 5-178-46-202.seabone.net (5.178.46.202)
622. 5 ...
623. 6 263.93 ms gtt.miami15.mia.seabone.net (89.221.41.197)
624. 7 358.89 ms xe-1-1-0.ar2-lon1.ip4.gtt.net (141.136.108.162)
625. 8 448.94 ms integrated-telecom-gw.ip4.gtt.net (46.33.91.218)
626. 9 ...
627. 10 449.22 ms 212.26.63.252
628. 11 452.50 ms 212.138.117.127
629.  
630. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
631. Nmap done: 1 IP address (1 host up) scanned in 152.67 seconds
632. + -- --=[Port 79 closed... skipping.
633. + -- --=[Port 80 opened... running tests...
634. #######################################################################################################################################
635.  
636. ^ ^
637. _ __ _ ____ _ __ _ _ ____
638. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
639. | V V // o // _/ | V V // 0 // 0 // _/
640. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
641. <
642. ...'
643.  
644. WAFW00F - Web Application Firewall Detection Tool
645.  
646. By Sandro Gauci && Wendel G. Henrique
647.  
648. Checking http://212.138.117.127
649. Generic Detection results:
650. The site http://212.138.117.127 seems to be behind a WAF or some sort of security solution
651. Reason: Blocking is being done at connection/packet level.
652. Number of requests: 13
653. #######################################################################################################################################
654. http://212.138.117.127 [307 Temporary Redirect] Country[SAUDI ARABIA][SA], IP[212.138.117.127], RedirectLocation[https://www.boe.gov.sa/], Title[Document Moved], X-Powered-By[ASP.NET]
655. https://www.boe.gov.sa/ [200 OK] ASP_NET[4.0.30319], ActiveX[Flash-ActiveX][d27cdb6e-ae6d-11cf-96b8-444553540000], Adobe-Flash, Cookies[ASP.NET_SessionId], Country[SAUDI ARABIA][SA], Google-Analytics[Universal][UA-23667465-1,UA-54121487-1], HTTPServer[Microsoft-IIS/8.5], HttpOnly[ASP.NET_SessionId], IP[212.138.117.127], JQuery[1.4.4], Microsoft-IIS[8.5], Object[<a rel=][clsid:d27cdb6e-ae6d-11cf-96b8-444553540000], Script[javascript,text/javascript], Title[موقع هيئة الخبراء بمجلس الوزراء][Title element contains newline(s)!], X-Powered-By[ASP.NET]
656. #######################################################################################################################################
657. wig - WebApp Information Gatherer
658.  
659.  
660. Scanning https://www.boe.gov.sa...
661. _______________________ SITE INFO _______________________
662. IP Title
663. 212.138.117.127 موقع هيئة الخبراء بمجلس الوزر
664.  
665. ________________________ VERSION ________________________
666. Name Versions Type
667. ASP.NET 4.0.30319 Platform
668. IIS 8.5 Platform
669. Microsoft Windows Server 2012 R2 OS
670.  
671. ______________________ INTERESTING ______________________
672. URL Note Type
673. /login.aspx Login Page Interesting
674.  
675. _________________________________________________________
676. Time: 248.3 sec Urls: 453 Fingerprints: 40401
677. #######################################################################################################################################
678. HTTP/1.1 307 Temporary Redirect
679. Content-Length: 146
680. Content-Type: text/html; charset=UTF-8
681. Location: https://www.boe.gov.sa/
682. X-Powered-By: ASP.NET
683. Date: Thu, 11 Jul 2019 21:30:41 GMT
684. Connection: keep-alive
685. #######################################################################################################################################
686. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 08:01 EDT
687. Nmap scan report for 212.138.117.127
688. Host is up (0.45s latency).
689.  
690. PORT STATE SERVICE VERSION
691. 123/udp open|filtered ntp
692. Too many fingerprints match this host to give specific OS details
693. Network Distance: 11 hops
694.  
695. TRACEROUTE (using proto 1/icmp)
696. HOP RTT ADDRESS
697. 1 154.66 ms 10.248.200.1
698. 2 154.70 ms 177.67.82.193
699. 3 162.71 ms 177.67.87.185
700. 4 155.67 ms 5-178-46-202.seabone.net (5.178.46.202)
701. 5 ...
702. 6 261.72 ms gtt.miami15.mia.seabone.net (89.221.41.197)
703. 7 347.28 ms xe-1-0-0.ar2-lon1.ip4.gtt.net (141.136.108.158)
704. 8 446.90 ms integrated-telecom-gw.ip4.gtt.net (46.33.91.218)
705. 9 ...
706. 10 446.97 ms 212.26.63.252
707. 11 450.14 ms 212.138.117.127
708. #######################################################################################################################################
709. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 08:03 EDT
710. Nmap scan report for 212.138.117.127
711. Host is up (0.22s latency).
712.  
713. PORT STATE SERVICE VERSION
714. 161/tcp filtered snmp
715. 161/udp filtered snmp
716. Too many fingerprints match this host to give specific OS details
717. Network Distance: 11 hops
718.  
719. TRACEROUTE (using proto 1/icmp)
720. HOP RTT ADDRESS
721. 1 158.85 ms 10.248.200.1
722. 2 158.88 ms 177.67.82.193
723. 3 159.42 ms 177.67.87.185
724. 4 160.28 ms 5-178-46-202.seabone.net (5.178.46.202)
725. 5 ...
726. 6 266.14 ms gtt.miami15.mia.seabone.net (89.221.41.197)
727. 7 351.68 ms xe-1-0-0.ar2-lon1.ip4.gtt.net (141.136.108.158)
728. 8 451.08 ms integrated-telecom-gw.ip4.gtt.net (46.33.91.218)
729. 9 ...
730. 10 451.15 ms 212.26.63.252
731. 11 449.47 ms 212.138.117.127
732. #######################################################################################################################################
733.  
734. ^ ^
735. _ __ _ ____ _ __ _ _ ____
736. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
737. | V V // o // _/ | V V // 0 // 0 // _/
738. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
739. <
740. ...'
741.  
742. WAFW00F - Web Application Firewall Detection Tool
743.  
744. By Sandro Gauci && Wendel G. Henrique
745.  
746. Checking https://212.138.117.127
747. The site https://212.138.117.127 is behind a ModSecurity (OWASP CRS)
748. Number of requests: 11
749. #######################################################################################################################################
750.  
751. AVAILABLE PLUGINS
752. -----------------
753.  
754. PluginHeartbleed
755. PluginCompression
756. PluginOpenSSLCipherSuites
757. PluginChromeSha1Deprecation
758. PluginCertInfo
759. PluginSessionResumption
760. PluginSessionRenegotiation
761. PluginHSTS
762.  
763.  
764.  
765. CHECKING HOST(S) AVAILABILITY
766. -----------------------------
767.  
768. 212.138.117.127:443 => 212.138.117.127:443
769.  
770.  
771.  
772. SCAN RESULTS FOR 212.138.117.127:443 - 212.138.117.127:443
773. ----------------------------------------------------------
774.  
775. * Deflate Compression:
776. OK - Compression disabled
777.  
778. * Session Renegotiation:
779. Client-initiated Renegotiations: OK - Rejected
780. Secure Renegotiation: OK - Supported
781.  
782. * Certificate - Content:
783. SHA1 Fingerprint: 133b4c190f9f08e394722b5916a7edff46149153
784. Common Name: boe.gov.sa
785. Issuer: DigiCert SHA2 Extended Validation Server CA
786. Serial Number: 04D05D5A5C9ACE58753FC99C75B221C6
787. Not Before: Jun 11 00:00:00 2018 GMT
788. Not After: Jun 11 12:00:00 2020 GMT
789. Signature Algorithm: sha256WithRSAEncryption
790. Public Key Algorithm: rsaEncryption
791. Key Size: 2048 bit
792. Exponent: 65537 (0x10001)
793. X509v3 Subject Alternative Name: {'DNS': ['boe.gov.sa', 'www.boe.gov.sa']}
794.  
795. * Certificate - Trust:
796. Hostname Validation: FAILED - Certificate does NOT match 212.138.117.127
797. Google CA Store (09/2015): OK - Certificate is trusted
798. Java 6 CA Store (Update 65): OK - Certificate is trusted
799. Microsoft CA Store (09/2015): OK - Certificate is trusted
800. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
801. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
802. Certificate Chain Received: ['boe.gov.sa', 'DigiCert SHA2 Extended Validation Server CA']
803.  
804. * Certificate - OCSP Stapling:
805. NOT SUPPORTED - Server did not send back an OCSP response.
806.  
807. * Session Resumption:
808. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
809. With TLS Session Tickets: NOT SUPPORTED - TLS ticket not assigned.
810.  
811. * SSLV2 Cipher Suites:
812. Server rejected all cipher suites.
813.  
814. * SSLV3 Cipher Suites:
815. Server rejected all cipher suites.
816.  
817.  
818.  
819. SCAN COMPLETED IN 8.62 S
820. ------------------------
821. Version: 1.11.12-static
822. OpenSSL 1.0.2-chacha (1.0.2g-dev)
823.  
824. Connected to 212.138.117.127
825.  
826. Testing SSL server 212.138.117.127 on port 443 using SNI name 212.138.117.127
827.  
828. TLS Fallback SCSV:
829. Server does not support TLS Fallback SCSV
830.  
831. TLS renegotiation:
832. Secure session renegotiation supported
833.  
834. TLS Compression:
835. Compression disabled
836.  
837. Heartbleed:
838. TLS 1.2 not vulnerable to heartbleed
839. TLS 1.1 not vulnerable to heartbleed
840. TLS 1.0 not vulnerable to heartbleed
841.  
842. Supported Server Cipher(s):
843. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-521 DHE 521
844. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-521 DHE 521
845. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-521 DHE 521
846. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-521 DHE 521
847. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
848. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
849. Accepted TLSv1.2 256 bits AES256-SHA256
850. Accepted TLSv1.2 128 bits AES128-SHA256
851. Accepted TLSv1.2 256 bits AES256-SHA
852. Accepted TLSv1.2 128 bits AES128-SHA
853. Accepted TLSv1.2 112 bits DES-CBC3-SHA
854. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-521 DHE 521
855. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-521 DHE 521
856. Accepted TLSv1.1 256 bits AES256-SHA
857. Accepted TLSv1.1 128 bits AES128-SHA
858. Accepted TLSv1.1 112 bits DES-CBC3-SHA
859. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-521 DHE 521
860. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-521 DHE 521
861. Accepted TLSv1.0 256 bits AES256-SHA
862. Accepted TLSv1.0 128 bits AES128-SHA
863. Accepted TLSv1.0 112 bits DES-CBC3-SHA
864.  
865. SSL Certificate:
866. Signature Algorithm: sha256WithRSAEncryption
867. RSA Key Strength: 2048
868.  
869. Subject: boe.gov.sa
870. Altnames: DNS:boe.gov.sa, DNS:www.boe.gov.sa
871. Issuer: DigiCert SHA2 Extended Validation Server CA
872.  
873. Not valid before: Jun 11 00:00:00 2018 GMT
874. Not valid after: Jun 11 12:00:00 2020 GMT
875.  
876. #######################################################################################################################################
877.  
878. I, [2018-10-26T08:06:18.589295 #15161] INFO -- : Initiating port scan
879. I, [2018-10-26T08:07:36.063088 #15161] INFO -- : Using nmap scan output file logs/nmap_output_2018-10-26_08-06-18.xml
880. I, [2018-10-26T08:07:36.194932 #15161] INFO -- : Discovered open port: 212.138.117.127:80
881. I, [2018-10-26T08:07:38.075079 #15161] INFO -- : Discovered open port: 212.138.117.127:443
882. I, [2018-10-26T08:07:41.702568 #15161] INFO -- : <<<Enumerating vulnerable applications>>>
883. --------------------------------------------------------
884. <<<Yasuo discovered following vulnerable applications>>>
885. --------------------------------------------------------
886. +----------+--------------------+-------------------+----------+----------+
887. | App Name | URL to Application | Potential Exploit | Username | Password |
888. +----------+--------------------+-------------------+----------+----------+
889. +----------+--------------------+-------------------+----------+----------+
890. #######################################################################################################################################
891. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 08:13 EDT
892. NSE: Loaded 148 scripts for scanning.
893. NSE: Script Pre-scanning.
894. Initiating NSE at 08:13
895. Completed NSE at 08:13, 0.00s elapsed
896. Initiating NSE at 08:13
897. Completed NSE at 08:13, 0.00s elapsed
898. Initiating Parallel DNS resolution of 1 host. at 08:13
899. Completed Parallel DNS resolution of 1 host. at 08:13, 0.02s elapsed
900. Initiating SYN Stealth Scan at 08:13
901. Scanning 212.138.117.127 [474 ports]
902. Discovered open port 443/tcp on 212.138.117.127
903. Discovered open port 80/tcp on 212.138.117.127
904. Completed SYN Stealth Scan at 08:13, 15.96s elapsed (474 total ports)
905. Initiating Service scan at 08:13
906. Scanning 2 services on 212.138.117.127
907. Completed Service scan at 08:14, 37.24s elapsed (2 services on 1 host)
908. Initiating OS detection (try #1) against 212.138.117.127
909. Retrying OS detection (try #2) against 212.138.117.127
910. Initiating Traceroute at 08:14
911. Completed Traceroute at 08:14, 3.03s elapsed
912. Initiating Parallel DNS resolution of 8 hosts. at 08:14
913. Completed Parallel DNS resolution of 8 hosts. at 08:14, 16.50s elapsed
914. NSE: Script scanning 212.138.117.127.
915. Initiating NSE at 08:14
916. Completed NSE at 08:16, 79.37s elapsed
917. Initiating NSE at 08:16
918. Completed NSE at 08:16, 0.00s elapsed
919. Nmap scan report for 212.138.117.127
920. Host is up (0.21s latency).
921. Not shown: 468 filtered ports
922. PORT STATE SERVICE VERSION
923. 25/tcp closed smtp
924. 80/tcp open http-proxy Squid http proxy
925. | http-methods:
926. |_ Supported Methods: GET HEAD POST OPTIONS
927. |_http-open-proxy: Proxy might be redirecting requests
928. |_http-title: Did not follow redirect to https://www.boe.gov.sa/
929. 113/tcp closed ident
930. 139/tcp closed netbios-ssn
931. 443/tcp open ssl/http Microsoft IIS httpd 8.5
932. | ssl-cert: Subject: commonName=boe.gov.sa/organizationName=Bureau of Experts At The Council of Ministers/countryName=SA
933. | Subject Alternative Name: DNS:boe.gov.sa, DNS:www.boe.gov.sa
934. | Issuer: commonName=DigiCert SHA2 Extended Validation Server CA/organizationName=DigiCert Inc/countryName=US
935. | Public Key type: rsa
936. | Public Key bits: 2048
937. | Signature Algorithm: sha256WithRSAEncryption
938. | Not valid before: 2018-06-11T00:00:00
939. | Not valid after: 2020-06-11T12:00:00
940. | MD5: f2cf dae0 6755 fb4b 9baf c1a7 c35c f60b
941. |_SHA-1: 133b 4c19 0f9f 08e3 9472 2b59 16a7 edff 4614 9153
942. 445/tcp closed microsoft-ds
943. Device type: general purpose|storage-misc|broadband router|WAP
944. Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (93%), HP embedded (90%), Asus embedded (87%)
945. OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:4 cpe:/h:hp:p2000_g3 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel cpe:/h:asus:rt-ac66u
946. Aggressive OS guesses: Linux 3.18 (93%), Linux 3.16 - 4.6 (93%), Linux 3.10 - 4.11 (91%), Linux 3.13 (91%), Linux 3.13 or 4.2 (91%), Linux 4.2 (91%), Linux 4.4 (91%), HP P2000 G3 NAS device (90%), Linux 3.2 - 4.9 (90%), Linux 3.16 (89%)
947. No exact OS matches for host (test conditions non-ideal).
948. Uptime guess: 52.132 days (since Tue Sep 4 05:05:38 2018)
949. Network Distance: 10 hops
950. TCP Sequence Prediction: Difficulty=263 (Good luck!)
951. IP ID Sequence Generation: All zeros
952. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
953.  
954. TRACEROUTE (using port 113/tcp)
955. HOP RTT ADDRESS
956. 1 155.63 ms 10.248.200.1
957. 2 155.96 ms 177.67.82.193
958. 3 ...
959. 4 156.94 ms 5-178-46-202.seabone.net (5.178.46.202)
960. 5 261.63 ms 195.22.199.179
961. 6 269.98 ms gtt.miami15.mia.seabone.net (89.221.41.197)
962. 7 348.85 ms xe-0-1-0.ar2-lon1.ip4.gtt.net (89.149.187.22)
963. 8 453.12 ms integrated-telecom-gw.ip4.gtt.net (46.33.91.218)
964. 9 ...
965. 10 439.08 ms 212.138.117.127
966.  
967. NSE: Script Post-scanning.
968. Initiating NSE at 08:16
969. Completed NSE at 08:16, 0.00s elapsed
970. Initiating NSE at 08:16
971. Completed NSE at 08:16, 0.00s elapsed
972. Read data files from: /usr/bin/../share/nmap
973. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
974. Nmap done: 1 IP address (1 host up) scanned in 159.80 seconds
975. Raw packets sent: 1037 (50.476KB) | Rcvd: 1476 (282.176KB)
976. ######################################################################################################################################
977. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 08:16 EDT
978. NSE: Loaded 148 scripts for scanning.
979. NSE: Script Pre-scanning.
980. Initiating NSE at 08:16
981. Completed NSE at 08:16, 0.00s elapsed
982. Initiating NSE at 08:16
983. Completed NSE at 08:16, 0.00s elapsed
984. Initiating Parallel DNS resolution of 1 host. at 08:16
985. Completed Parallel DNS resolution of 1 host. at 08:16, 0.02s elapsed
986. Initiating UDP Scan at 08:16
987. Scanning 212.138.117.127 [14 ports]
988. Completed UDP Scan at 08:16, 2.46s elapsed (14 total ports)
989. Initiating Service scan at 08:16
990. Scanning 12 services on 212.138.117.127
991. Service scan Timing: About 8.33% done; ETC: 08:35 (0:17:58 remaining)
992. Completed Service scan at 08:18, 102.58s elapsed (12 services on 1 host)
993. Initiating OS detection (try #1) against 212.138.117.127
994. Retrying OS detection (try #2) against 212.138.117.127
995. Initiating Traceroute at 08:18
996. Completed Traceroute at 08:18, 7.22s elapsed
997. Initiating Parallel DNS resolution of 1 host. at 08:18
998. Completed Parallel DNS resolution of 1 host. at 08:18, 0.03s elapsed
999. NSE: Script scanning 212.138.117.127.
1000. Initiating NSE at 08:18
1001. Completed NSE at 08:18, 20.37s elapsed
1002. Initiating NSE at 08:18
1003. Completed NSE at 08:18, 1.21s elapsed
1004. Nmap scan report for 212.138.117.127
1005. Host is up (0.16s latency).
1006.  
1007. PORT STATE SERVICE VERSION
1008. 53/udp open|filtered domain
1009. 67/udp open|filtered dhcps
1010. 68/udp open|filtered dhcpc
1011. 69/udp open|filtered tftp
1012. 88/udp open|filtered kerberos-sec
1013. 123/udp open|filtered ntp
1014. 137/udp filtered netbios-ns
1015. 138/udp filtered netbios-dgm
1016. 139/udp open|filtered netbios-ssn
1017. 161/udp open|filtered snmp
1018. 162/udp open|filtered snmptrap
1019. 389/udp open|filtered ldap
1020. 520/udp open|filtered route
1021. 2049/udp open|filtered nfs
1022. Too many fingerprints match this host to give specific OS details
1023.  
1024. TRACEROUTE (using port 138/udp)
1025. HOP RTT ADDRESS
1026. 1 154.90 ms 10.248.200.1
1027. 2 ... 3
1028. 4 156.71 ms 10.248.200.1
1029. 5 156.69 ms 10.248.200.1
1030. 6 156.67 ms 10.248.200.1
1031. 7 156.66 ms 10.248.200.1
1032. 8 156.64 ms 10.248.200.1
1033. 9 156.62 ms 10.248.200.1
1034. 10 156.60 ms 10.248.200.1
1035. 11 ... 18
1036. 19 155.37 ms 10.248.200.1
1037. 20 156.63 ms 10.248.200.1
1038. 21 ... 28
1039. 29 154.61 ms 10.248.200.1
1040. 30 155.64 ms 10.248.200.1
1041.  
1042. NSE: Script Post-scanning.
1043. Initiating NSE at 08:18
1044. Completed NSE at 08:18, 0.00s elapsed
1045. Initiating NSE at 08:18
1046. Completed NSE at 08:18, 0.00s elapsed
1047. Read data files from: /usr/bin/../share/nmap
1048. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1049. Nmap done: 1 IP address (1 host up) scanned in 140.05 seconds
1050. Raw packets sent: 147 (9.964KB) | Rcvd: 1101 (185.246KB)
1051. #######################################################################################################################################
1052. dnsenum VERSION:1.2.4
1053.  
1054. ----- www.boe.gov.sa -----
1055.  
1056.  
1057. Host's addresses:
1058. __________________
1059.  
1060. boe.gov.sa. 177 IN A 212.138.117.127
1061.  
1062.  
1063. Name Servers:
1064. ______________
1065.  
1066. ns1.boe.gov.sa. 3269 IN A 212.138.117.125
1067. ns2.boe.gov.sa. 3004 IN A 212.138.117.126
1068.  
1069.  
1070. Mail (MX) Servers:
1071. ___________________
1072.  
1073. email01.nic.gov.sa. 3600 IN A 78.93.109.82
1074. email02.nic.gov.sa. 3600 IN A 78.93.109.80
1075.  
1076.  
1077. Trying Zone Transfers and getting Bind Versions:
1078. _________________________________________________
1079.  
1080.  
1081. Trying Zone Transfer for www.boe.gov.sa on ns1.boe.gov.sa ...
1082.  
1083. Trying Zone Transfer for www.boe.gov.sa on ns2.boe.gov.sa ...
1084.  
1085. brute force file not specified, bay.
1086. #######################################################################################################################################
1087. % SaudiNIC Whois server.
1088. % Rights restricted by copyright.
1089. % http://nic.sa/en/view/whois-cmd-copyright
1090. #######################################################################################################################################
1091.  
1092. ____ _ _ _ _ _____
1093. / ___| _ _| |__ | (_)___| |_|___ / _ __
1094. \___ \| | | | '_ \| | / __| __| |_ \| '__|
1095. ___) | |_| | |_) | | \__ \ |_ ___) | |
1096. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
1097.  
1098. # Coded By Ahmed Aboul-Ela - @aboul3la
1099.  
1100. [-] Enumerating subdomains now for www.boe.gov.sa
1101. [-] verbosity is enabled, will show the subdomains results in realtime
1102. [-] Searching now in Baidu..
1103. [-] Searching now in Yahoo..
1104. [-] Searching now in Google..
1105. [-] Searching now in Bing..
1106. [-] Searching now in Ask..
1107. [-] Searching now in Netcraft..
1108. [-] Searching now in DNSdumpster..
1109. [-] Searching now in Virustotal..
1110. [-] Searching now in ThreatCrowd..
1111. [-] Searching now in SSL Certificates..
1112. [-] Searching now in PassiveDNS..
1113. #######################################################################################################################################
1114. [*] Processing domain www.boe.gov.sa
1115. [+] Getting nameservers
1116. 212.138.117.125 - ns1.boe.gov.sa
1117. 212.138.117.126 - ns2.boe.gov.sa
1118. [-] Zone transfer failed
1119.  
1120. [+] TXT records found
1121. "v=spf1 mx ptr ip4:212.26.56.10 ip4:212.26.56.11 a:mx2.boe.gov.sa a:mx1.boe.gov.sa mx:mx1.boe.gov.sa mx:mx2.boe.gov.sa ip4:212.26.56.1/25 ~all"
1122.  
1123. [+] MX records found, added to target list
1124. 20 email02.nic.gov.sa.
1125. 20 email01.nic.gov.sa.
1126.  
1127. [*] Scanning www.boe.gov.sa for A records
1128. 212.138.117.127 - www.boe.gov.sa
1129. ######################################################################################################################################
1130. [*] Found SPF record:
1131. [*] v=spf1 mx ptr ip4:212.26.56.10 ip4:212.26.56.11 a:mx2.boe.gov.sa a:mx1.boe.gov.sa mx:mx1.boe.gov.sa mx:mx2.boe.gov.sa ip4:212.26.56.1/25 ~all
1132. [*] SPF record contains an All item: ~all
1133. [*] No DMARC record found. Looking for organizational record
1134. [+] No organizational DMARC record
1135. [+] Spoofing possible for www.boe.gov.sa!
1136. ######################################################################################################################################
1137. ____ _____ ___ ______ _/ /_____ ____ ___
1138. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
1139. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
1140. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
1141. /_/ discover v0.5.0 - by @michenriksen
1142.  
1143. Identifying nameservers for www.boe.gov.sa... Done
1144. Using nameservers:
1145.  
1146. - 212.138.117.125
1147. - 212.138.117.126
1148.  
1149. Checking for wildcard DNS... Done
1150.  
1151. Running collector: Censys... Skipped
1152. -> Key 'censys_secret' has not been set
1153. Running collector: Netcraft... Done (0 hosts)
1154. Running collector: VirusTotal... Skipped
1155. -> Key 'virustotal' has not been set
1156. Running collector: PublicWWW... Done (0 hosts)
1157. Running collector: Google Transparency Report... Done (0 hosts)
1158. Running collector: PTRArchive... Error
1159. -> PTRArchive returned unexpected response code: 502
1160. Running collector: HackerTarget... Done (1 host)
1161. Running collector: Certificate Search... Done (0 hosts)
1162. Running collector: PassiveTotal... Skipped
1163. -> Key 'passivetotal_key' has not been set
1164. Running collector: Wayback Machine... Done (5 hosts)
1165. Running collector: Riddler... Skipped
1166. -> Key 'riddler_username' has not been set
1167. Running collector: Dictionary... Done (27 hosts)
1168. Running collector: DNSDB... Error
1169. -> DNSDB returned unexpected response code: 503
1170. Running collector: Threat Crowd... Done (0 hosts)
1171. Running collector: Shodan... Skipped
1172. -> Key 'shodan' has not been set
1173.  
1174. Resolving 32 unique hosts...
1175. 212.138.117.127 .www.boe.gov.sa
1176. 212.138.117.127 boe.gov.sa
1177. 212.26.56.9 mail.boe.gov.sa
1178. 212.138.117.127 www.boe.gov.sa
1179.  
1180. Found subnets:
1181.  
1182. - 212.138.117.0-255 : 3 hosts
1183.  
1184. Wrote 4 hosts to:
1185.  
1186. - file:///root/aquatone/www.boe.gov.sa/hosts.txt
1187. - file:///root/aquatone/www.boe.gov.sa/hosts.json
1188. __
1189. ____ _____ ___ ______ _/ /_____ ____ ___
1190. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
1191. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
1192. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
1193. /_/ takeover v0.5.0 - by @michenriksen
1194.  
1195. Loaded 4 hosts from /root/aquatone/www.boe.gov.sa/hosts.json
1196. Loaded 25 domain takeover detectors
1197.  
1198. Identifying nameservers for www.boe.gov.sa... Done
1199. Using nameservers:
1200.  
1201. - 212.138.117.126
1202. - 212.138.117.125
1203.  
1204. Checking hosts for domain takeover vulnerabilities...
1205.  
1206. Finished checking hosts:
1207.  
1208. - Vulnerable : 0
1209. - Not Vulnerable : 4
1210.  
1211. Wrote 0 potential subdomain takeovers to:
1212.  
1213. - file:///root/aquatone/www.boe.gov.sa/takeovers.json
1214.  
1215. __
1216. ____ _____ ___ ______ _/ /_____ ____ ___
1217. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
1218. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
1219. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
1220. /_/ scan v0.5.0 - by @michenriksen
1221.  
1222. Loaded 4 hosts from /root/aquatone/www.boe.gov.sa/hosts.json
1223.  
1224. Probing 4 ports...
1225. 80/tcp 212.138.117.127 .www.boe.gov.sa, boe.gov.sa, www.boe.gov.sa
1226. 80/tcp 212.26.56.9 mail.boe.gov.sa
1227. 443/tcp 212.138.117.127 .www.boe.gov.sa, boe.gov.sa, www.boe.gov.sa
1228.  
1229. Wrote open ports to file:///root/aquatone/www.boe.gov.sa/open_ports.txt
1230. Wrote URLs to file:///root/aquatone/www.boe.gov.sa/urls.txt
1231. __
1232. ____ _____ ___ ______ _/ /_____ ____ ___
1233. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
1234. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
1235. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
1236. /_/ gather v0.5.0 - by @michenriksen
1237.  
1238. Processing 7 pages...
1239.  
1240. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
1241. #######################################################################################################################################
1242. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 08:30 EDT
1243. Nmap scan report for www.boe.gov.sa (212.138.117.127)
1244. Host is up (0.22s latency).
1245. Not shown: 470 filtered ports, 4 closed ports
1246. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1247. PORT STATE SERVICE
1248. 80/tcp open http
1249. 443/tcp open https
1250. #######################################################################################################################################
1251. Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-26 08:30 EDT
1252. Nmap scan report for www.boe.gov.sa (212.138.117.127)
1253. Host is up (0.16s latency).
1254. Not shown: 2 filtered ports
1255. PORT STATE SERVICE
1256. 53/udp open|filtered domain
1257. 67/udp open|filtered dhcps
1258. 68/udp open|filtered dhcpc
1259. 69/udp open|filtered tftp
1260. 88/udp open|filtered kerberos-sec
1261. 123/udp open|filtered ntp
1262. 139/udp open|filtered netbios-ssn
1263. 161/udp open|filtered snmp
1264. 162/udp open|filtered snmptrap
1265. 389/udp open|filtered ldap
1266. 520/udp open|filtered route
1267. 2049/udp open|filtered nfs
1268. #######################################################################################################################################
1269.  
1270. ^ ^
1271. _ __ _ ____ _ __ _ _ ____
1272. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1273. | V V // o // _/ | V V // 0 // 0 // _/
1274. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1275. <
1276. ...'
1277.  
1278. WAFW00F - Web Application Firewall Detection Tool
1279.  
1280. By Sandro Gauci && Wendel G. Henrique
1281.  
1282. Checking http://www.boe.gov.sa
1283. Generic Detection results:
1284. The site http://www.boe.gov.sa seems to be behind a WAF or some sort of security solution
1285. Reason: Blocking is being done at connection/packet level.
1286. Number of requests: 14
1287. #######################################################################################################################################
1288.  
1289. wig - WebApp Information Gatherer
1290.  
1291.  
1292. Scanning https://www.boe.gov.sa...
1293. _______________________ SITE INFO _______________________
1294. IP Title
1295. 212.138.117.127 موقع هيئة الخبراء بمجلس الوزر
1296.  
1297. ________________________ VERSION ________________________
1298. Name Versions Type
1299. ASP.NET 4.0.30319 Platform
1300. IIS 8.5 Platform
1301. microsoft-httpapi 2.0 Platform
1302. Microsoft Windows Server 2012 R2 OS
1303.  
1304. ______________________ INTERESTING ______________________
1305. URL Note Type
1306. /login.aspx Login Page Interesting
1307.  
1308. _________________________________________________________
1309. Time: 78.4 sec Urls: 693 Fingerprints: 40401
1310. #######################################################################################################################################
1311. HTTP/1.1 307 Temporary Redirect
1312. Content-Length: 146
1313. Content-Type: text/html; charset=UTF-8
1314. Location: https://www.boe.gov.sa/
1315. X-Powered-By: ASP.NET
1316. Date: Thu, 11 Jul 2019 21:58:53 GMT
1317. Connection: keep-alive
1318. ######################################################################################################################################
1319. --------------------------------------------------------------------------------------------------------------------------------------
1320.  
1321. [ ! ] Starting SCANNER INURLBR 2.1 at [26-10-2018 08:33:29]
1322. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
1323. It is the end user's responsibility to obey all applicable local, state and federal laws.
1324. Developers assume no liability and are not responsible for any misuse or damage caused by this program
1325.  
1326. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/plugins/slurp/output/inurlbr-www.boe.gov.sa.txt ]
1327. [ INFO ][ DORK ]::[ site:www.boe.gov.sa ]
1328. [ INFO ][ SEARCHING ]:: {
1329. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.sg ]
1330.  
1331. [ INFO ][ SEARCHING ]::
1332. -[:::]
1333. [ INFO ][ ENGINE ]::[ GOOGLE API ]
1334.  
1335. [ INFO ][ SEARCHING ]::
1336. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
1337. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.gt ID: 007843865286850066037:3ajwn2jlweq ]
1338.  
1339. [ INFO ][ SEARCHING ]::
1340. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
1341.  
1342. [ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
1343.  
1344.  
1345. _[ - ]::--------------------------------------------------------------------------------------------------------------
1346. |_[ + ] [ 0 / 100 ]-[08:33:45] [ - ]
1347. |_[ + ] Target:: [ https://www.boe.gov.sa/ ]
1348. |_[ + ] Exploit::
1349. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1350. |_[ + ] More details:: / - / , ISP:
1351. |_[ + ] Found:: UNIDENTIFIED
1352.  
1353. _[ - ]::--------------------------------------------------------------------------------------------------------------
1354. |_[ + ] [ 1 / 100 ]-[08:33:49] [ - ]
1355. |_[ + ] Target:: [ https://www.boe.gov.sa/RuleProjects.aspx ]
1356. |_[ + ] Exploit::
1357. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1358. |_[ + ] More details:: / - / , ISP:
1359. |_[ + ] Found:: UNIDENTIFIED
1360.  
1361. _[ - ]::--------------------------------------------------------------------------------------------------------------
1362. |_[ + ] [ 2 / 100 ]-[08:33:53] [ - ]
1363. |_[ + ] Target:: [ https://www.boe.gov.sa/Register.aspx ]
1364. |_[ + ] Exploit::
1365. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1366. |_[ + ] More details:: / - / , ISP:
1367. |_[ + ] Found:: UNIDENTIFIED
1368.  
1369. _[ - ]::--------------------------------------------------------------------------------------------------------------
1370. |_[ + ] [ 3 / 100 ]-[08:33:55] [ - ]
1371. |_[ + ] Target:: [ https://www.boe.gov.sa/MainLaws.aspx?lang=ar ]
1372. |_[ + ] Exploit::
1373. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1374. |_[ + ] More details:: / - / , ISP:
1375. |_[ + ] Found:: UNIDENTIFIED
1376.  
1377. _[ - ]::--------------------------------------------------------------------------------------------------------------
1378. |_[ + ] [ 4 / 100 ]-[08:33:59] [ - ]
1379. |_[ + ] Target:: [ https://www.boe.gov.sa/MainLaws.aspx?lang=yxrrsffrykmyk ]
1380. |_[ + ] Exploit::
1381. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1382. |_[ + ] More details:: / - / , ISP:
1383. |_[ + ] Found:: UNIDENTIFIED
1384.  
1385. _[ - ]::--------------------------------------------------------------------------------------------------------------
1386. |_[ + ] [ 5 / 100 ]-[08:34:02] [ - ]
1387. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?SystemID=275 ]
1388. |_[ + ] Exploit::
1389. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1390. |_[ + ] More details:: / - / , ISP:
1391. |_[ + ] Found:: UNIDENTIFIED
1392.  
1393. _[ - ]::--------------------------------------------------------------------------------------------------------------
1394. |_[ + ] [ 6 / 100 ]-[08:34:04] [ - ]
1395. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?SystemID=188 ]
1396. |_[ + ] Exploit::
1397. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1398. |_[ + ] More details:: / - / , ISP:
1399. |_[ + ] Found:: UNIDENTIFIED
1400.  
1401. _[ - ]::--------------------------------------------------------------------------------------------------------------
1402. |_[ + ] [ 7 / 100 ]-[08:34:07] [ - ]
1403. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?SystemID=50 ]
1404. |_[ + ] Exploit::
1405. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1406. |_[ + ] More details:: / - / , ISP:
1407. |_[ + ] Found:: UNIDENTIFIED
1408.  
1409. _[ - ]::--------------------------------------------------------------------------------------------------------------
1410. |_[ + ] [ 8 / 100 ]-[08:34:09] [ - ]
1411. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?SystemID=196 ]
1412. |_[ + ] Exploit::
1413. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1414. |_[ + ] More details:: / - / , ISP:
1415. |_[ + ] Found:: UNIDENTIFIED
1416.  
1417. _[ - ]::--------------------------------------------------------------------------------------------------------------
1418. |_[ + ] [ 9 / 100 ]-[08:34:12] [ - ]
1419. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?SystemID=203 ]
1420. |_[ + ] Exploit::
1421. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1422. |_[ + ] More details:: / - / , ISP:
1423. |_[ + ] Found:: UNIDENTIFIED
1424.  
1425. _[ - ]::--------------------------------------------------------------------------------------------------------------
1426. |_[ + ] [ 10 / 100 ]-[08:34:16] [ - ]
1427. |_[ + ] Target:: [ https://www.boe.gov.sa/MainLaws.aspx?lang=hyjafdkyh ]
1428. |_[ + ] Exploit::
1429. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1430. |_[ + ] More details:: / - / , ISP:
1431. |_[ + ] Found:: UNIDENTIFIED
1432.  
1433. _[ - ]::--------------------------------------------------------------------------------------------------------------
1434. |_[ + ] [ 11 / 100 ]-[08:34:18] [ - ]
1435. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?SystemID=213 ]
1436. |_[ + ] Exploit::
1437. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1438. |_[ + ] More details:: / - / , ISP:
1439. |_[ + ] Found:: UNIDENTIFIED
1440.  
1441. _[ - ]::--------------------------------------------------------------------------------------------------------------
1442. |_[ + ] [ 12 / 100 ]-[08:34:23] [ - ]
1443. |_[ + ] Target:: [ https://www.boe.gov.sa/MainLaws.aspx?lang=en186 ]
1444. |_[ + ] Exploit::
1445. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1446. |_[ + ] More details:: / - / , ISP:
1447. |_[ + ] Found:: UNIDENTIFIED
1448.  
1449. _[ - ]::--------------------------------------------------------------------------------------------------------------
1450. |_[ + ] [ 13 / 100 ]-[08:34:25] [ - ]
1451. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?SystemID=94 ]
1452. |_[ + ] Exploit::
1453. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1454. |_[ + ] More details:: / - / , ISP:
1455. |_[ + ] Found:: UNIDENTIFIED
1456.  
1457. _[ - ]::--------------------------------------------------------------------------------------------------------------
1458. |_[ + ] [ 14 / 100 ]-[08:34:29] [ - ]
1459. |_[ + ] Target:: [ https://www.boe.gov.sa/BOEsitemap.aspx?lang=en ]
1460. |_[ + ] Exploit::
1461. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1462. |_[ + ] More details:: / - / , ISP:
1463. |_[ + ] Found:: UNIDENTIFIED
1464.  
1465. _[ - ]::--------------------------------------------------------------------------------------------------------------
1466. |_[ + ] [ 15 / 100 ]-[08:34:32] [ - ]
1467. |_[ + ] Target:: [ https://www.boe.gov.sa/mainlaws.aspx?lang=ar) ]
1468. |_[ + ] Exploit::
1469. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1470. |_[ + ] More details:: / - / , ISP:
1471. |_[ + ] Found:: UNIDENTIFIED
1472.  
1473. _[ - ]::--------------------------------------------------------------------------------------------------------------
1474. |_[ + ] [ 16 / 100 ]-[08:34:36] [ - ]
1475. |_[ + ] Target:: [ https://www.boe.gov.sa/search.aspx?lang=en ]
1476. |_[ + ] Exploit::
1477. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1478. |_[ + ] More details:: / - / , ISP:
1479. |_[ + ] Found:: UNIDENTIFIED
1480.  
1481. _[ - ]::--------------------------------------------------------------------------------------------------------------
1482. |_[ + ] [ 17 / 100 ]-[08:34:39] [ - ]
1483. |_[ + ] Target:: [ https://www.boe.gov.sa/TemplatePage.aspx?lang=pcgbxsghk ]
1484. |_[ + ] Exploit::
1485. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1486. |_[ + ] More details:: / - / , ISP:
1487. |_[ + ] Found:: UNIDENTIFIED
1488.  
1489. _[ - ]::--------------------------------------------------------------------------------------------------------------
1490. |_[ + ] [ 18 / 100 ]-[08:34:43] [ - ]
1491. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewKhobraNews.aspx?NewsID=40 ]
1492. |_[ + ] Exploit::
1493. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1494. |_[ + ] More details:: / - / , ISP:
1495. |_[ + ] Found:: UNIDENTIFIED
1496.  
1497. _[ - ]::--------------------------------------------------------------------------------------------------------------
1498. |_[ + ] [ 19 / 100 ]-[08:34:47] [ - ]
1499. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewAllNews.aspx?lang=ar ]
1500. |_[ + ] Exploit::
1501. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1502. |_[ + ] More details:: / - / , ISP:
1503. |_[ + ] Found:: UNIDENTIFIED
1504.  
1505. _[ - ]::--------------------------------------------------------------------------------------------------------------
1506. |_[ + ] [ 20 / 100 ]-[08:34:51] [ - ]
1507. |_[ + ] Target:: [ https://www.boe.gov.sa/RelatedLinksPage.aspx?lang=2 ]
1508. |_[ + ] Exploit::
1509. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1510. |_[ + ] More details:: / - / , ISP:
1511. |_[ + ] Found:: UNIDENTIFIED
1512.  
1513. _[ - ]::--------------------------------------------------------------------------------------------------------------
1514. |_[ + ] [ 21 / 100 ]-[08:34:55] [ - ]
1515. |_[ + ] Target:: [ https://www.boe.gov.sa/SystemProjects.aspx?lang=yxrrsffrykmyk ]
1516. |_[ + ] Exploit::
1517. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1518. |_[ + ] More details:: / - / , ISP:
1519. |_[ + ] Found:: UNIDENTIFIED
1520.  
1521. _[ - ]::--------------------------------------------------------------------------------------------------------------
1522. |_[ + ] [ 22 / 100 ]-[08:34:58] [ - ]
1523. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewAllNews.aspx?lang=2 ]
1524. |_[ + ] Exploit::
1525. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1526. |_[ + ] More details:: / - / , ISP:
1527. |_[ + ] Found:: UNIDENTIFIED
1528.  
1529. _[ - ]::--------------------------------------------------------------------------------------------------------------
1530. |_[ + ] [ 23 / 100 ]-[08:35:02] [ - ]
1531. |_[ + ] Target:: [ https://www.boe.gov.sa/TargamaTerms.aspx?lang=en ]
1532. |_[ + ] Exploit::
1533. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1534. |_[ + ] More details:: / - / , ISP:
1535. |_[ + ] Found:: UNIDENTIFIED
1536.  
1537. _[ - ]::--------------------------------------------------------------------------------------------------------------
1538. |_[ + ] [ 24 / 100 ]-[08:35:05] [ - ]
1539. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewManswbCard.aspx?empID=52 ]
1540. |_[ + ] Exploit::
1541. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1542. |_[ + ] More details:: / - / , ISP:
1543. |_[ + ] Found:: UNIDENTIFIED
1544.  
1545. _[ - ]::--------------------------------------------------------------------------------------------------------------
1546. |_[ + ] [ 25 / 100 ]-[08:35:08] [ - ]
1547. |_[ + ] Target:: [ https://www.boe.gov.sa/LawsTargma.aspx?lang=en ]
1548. |_[ + ] Exploit::
1549. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1550. |_[ + ] More details:: / - / , ISP:
1551. |_[ + ] Found:: UNIDENTIFIED
1552.  
1553. _[ - ]::--------------------------------------------------------------------------------------------------------------
1554. |_[ + ] [ 26 / 100 ]-[08:35:11] [ - ]
1555. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewManswbCard.aspx?empID=231 ]
1556. |_[ + ] Exploit::
1557. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1558. |_[ + ] More details:: / - / , ISP:
1559. |_[ + ] Found:: UNIDENTIFIED
1560.  
1561. _[ - ]::--------------------------------------------------------------------------------------------------------------
1562. |_[ + ] [ 27 / 100 ]-[08:35:14] [ - ]
1563. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewManswbCard.aspx?empID=373 ]
1564. |_[ + ] Exploit::
1565. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1566. |_[ + ] More details:: / - / , ISP:
1567. |_[ + ] Found:: UNIDENTIFIED
1568.  
1569. _[ - ]::--------------------------------------------------------------------------------------------------------------
1570. |_[ + ] [ 28 / 100 ]-[08:35:17] [ - ]
1571. |_[ + ] Target:: [ https://www.boe.gov.sa/EmployeeTargama.aspx?empID=83 ]
1572. |_[ + ] Exploit::
1573. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1574. |_[ + ] More details:: / - / , ISP:
1575. |_[ + ] Found:: UNIDENTIFIED
1576.  
1577. _[ - ]::--------------------------------------------------------------------------------------------------------------
1578. |_[ + ] [ 29 / 100 ]-[08:35:20] [ - ]
1579. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewManswbCard.aspx?empID=332 ]
1580. |_[ + ] Exploit::
1581. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1582. |_[ + ] More details:: / - / , ISP:
1583. |_[ + ] Found:: UNIDENTIFIED
1584.  
1585. _[ - ]::--------------------------------------------------------------------------------------------------------------
1586. |_[ + ] [ 30 / 100 ]-[08:35:23] [ - ]
1587. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewManswbCard.aspx?empID=206 ]
1588. |_[ + ] Exploit::
1589. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1590. |_[ + ] More details:: / - / , ISP:
1591. |_[ + ] Found:: UNIDENTIFIED
1592.  
1593. _[ - ]::--------------------------------------------------------------------------------------------------------------
1594. |_[ + ] [ 31 / 100 ]-[08:35:26] [ - ]
1595. |_[ + ] Target:: [ https://www.boe.gov.sa/EmployeeTargama.aspx?empID=84 ]
1596. |_[ + ] Exploit::
1597. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1598. |_[ + ] More details:: / - / , ISP:
1599. |_[ + ] Found:: UNIDENTIFIED
1600.  
1601. _[ - ]::--------------------------------------------------------------------------------------------------------------
1602. |_[ + ] [ 32 / 100 ]-[08:35:31] [ - ]
1603. |_[ + ] Target:: [ https://www.boe.gov.sa/m/viewsubsystemdetails.aspx?systemid=332 ]
1604. |_[ + ] Exploit::
1605. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1606. |_[ + ] More details:: / - / , ISP:
1607. |_[ + ] Found:: UNIDENTIFIED
1608.  
1609. _[ - ]::--------------------------------------------------------------------------------------------------------------
1610. |_[ + ] [ 33 / 100 ]-[08:35:36] [ - ]
1611. |_[ + ] Target:: [ https://www.boe.gov.sa/m/viewsubsystemdetails.aspx?systemid=174 ]
1612. |_[ + ] Exploit::
1613. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1614. |_[ + ] More details:: / - / , ISP:
1615. |_[ + ] Found:: UNIDENTIFIED
1616.  
1617. _[ - ]::--------------------------------------------------------------------------------------------------------------
1618. |_[ + ] [ 34 / 100 ]-[08:35:40] [ - ]
1619. |_[ + ] Target:: [ https://www.boe.gov.sa/m/viewsubsystemdetails.aspx?systemid=122 ]
1620. |_[ + ] Exploit::
1621. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1622. |_[ + ] More details:: / - / , ISP:
1623. |_[ + ] Found:: UNIDENTIFIED
1624.  
1625. _[ - ]::--------------------------------------------------------------------------------------------------------------
1626. |_[ + ] [ 35 / 100 ]-[08:35:45] [ - ]
1627. |_[ + ] Target:: [ https://www.boe.gov.sa/m/viewsubsystemdetails.aspx?systemid=100 ]
1628. |_[ + ] Exploit::
1629. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1630. |_[ + ] More details:: / - / , ISP:
1631. |_[ + ] Found:: UNIDENTIFIED
1632.  
1633. _[ - ]::--------------------------------------------------------------------------------------------------------------
1634. |_[ + ] [ 36 / 100 ]-[08:35:48] [ - ]
1635. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewManswbCard.aspx?empID=352 ]
1636. |_[ + ] Exploit::
1637. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1638. |_[ + ] More details:: / - / , ISP:
1639. |_[ + ] Found:: UNIDENTIFIED
1640.  
1641. _[ - ]::--------------------------------------------------------------------------------------------------------------
1642. |_[ + ] [ 37 / 100 ]-[08:35:53] [ - ]
1643. |_[ + ] Target:: [ https://www.boe.gov.sa/M/ViewSubSystemDetails.aspx?SystemID=6 ]
1644. |_[ + ] Exploit::
1645. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1646. |_[ + ] More details:: / - / , ISP:
1647. |_[ + ] Found:: UNIDENTIFIED
1648.  
1649. _[ - ]::--------------------------------------------------------------------------------------------------------------
1650. |_[ + ] [ 38 / 100 ]-[08:35:58] [ - ]
1651. |_[ + ] Target:: [ https://www.boe.gov.sa/M/ViewSubSystemDetails.aspx?SystemID=7 ]
1652. |_[ + ] Exploit::
1653. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1654. |_[ + ] More details:: / - / , ISP:
1655. |_[ + ] Found:: UNIDENTIFIED
1656. |_[ + ] ERROR CONECTION:: Operation timed out after 5000 milliseconds with 196279 out of 259396 bytes received
1657.  
1658. _[ - ]::--------------------------------------------------------------------------------------------------------------
1659. |_[ + ] [ 39 / 100 ]-[08:36:01] [ - ]
1660. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewManswbCard.aspx?empID=62 ]
1661. |_[ + ] Exploit::
1662. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1663. |_[ + ] More details:: / - / , ISP:
1664. |_[ + ] Found:: UNIDENTIFIED
1665.  
1666. _[ - ]::--------------------------------------------------------------------------------------------------------------
1667. |_[ + ] [ 40 / 100 ]-[08:36:05] [ - ]
1668. |_[ + ] Target:: [ https://www.boe.gov.sa/m/viewsubsystemdetails.aspx?systemid=207 ]
1669. |_[ + ] Exploit::
1670. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1671. |_[ + ] More details:: / - / , ISP:
1672. |_[ + ] Found:: UNIDENTIFIED
1673.  
1674. _[ - ]::--------------------------------------------------------------------------------------------------------------
1675. |_[ + ] [ 41 / 100 ]-[08:36:09] [ - ]
1676. |_[ + ] Target:: [ https://www.boe.gov.sa/EmployeeTargama.aspx?empID=85 ]
1677. |_[ + ] Exploit::
1678. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1679. |_[ + ] More details:: / - / , ISP:
1680. |_[ + ] Found:: UNIDENTIFIED
1681.  
1682. _[ - ]::--------------------------------------------------------------------------------------------------------------
1683. |_[ + ] [ 42 / 100 ]-[08:36:13] [ - ]
1684. |_[ + ] Target:: [ https://www.boe.gov.sa/M/ViewSubSystemDetails.aspx?SystemID=5 ]
1685. |_[ + ] Exploit::
1686. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1687. |_[ + ] More details:: / - / , ISP:
1688. |_[ + ] Found:: UNIDENTIFIED
1689.  
1690. _[ - ]::--------------------------------------------------------------------------------------------------------------
1691. |_[ + ] [ 43 / 100 ]-[08:36:17] [ - ]
1692. |_[ + ] Target:: [ https://www.boe.gov.sa/m/viewsubsystemdetails.aspx?systemid=115 ]
1693. |_[ + ] Exploit::
1694. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1695. |_[ + ] More details:: / - / , ISP:
1696. |_[ + ] Found:: UNIDENTIFIED
1697.  
1698. _[ - ]::--------------------------------------------------------------------------------------------------------------
1699. |_[ + ] [ 44 / 100 ]-[08:36:20] [ - ]
1700. |_[ + ] Target:: [ https://www.boe.gov.sa/EmployeeTargama.aspx?lang=arundefined ]
1701. |_[ + ] Exploit::
1702. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1703. |_[ + ] More details:: / - / , ISP:
1704. |_[ + ] Found:: UNIDENTIFIED
1705.  
1706. _[ - ]::--------------------------------------------------------------------------------------------------------------
1707. |_[ + ] [ 45 / 100 ]-[08:36:25] [ - ]
1708. |_[ + ] Target:: [ https://www.boe.gov.sa/M/ViewSubSystemDetails.aspx?SystemID=8 ]
1709. |_[ + ] Exploit::
1710. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1711. |_[ + ] More details:: / - / , ISP:
1712. |_[ + ] Found:: UNIDENTIFIED
1713.  
1714. _[ - ]::--------------------------------------------------------------------------------------------------------------
1715. |_[ + ] [ 46 / 100 ]-[08:36:28] [ - ]
1716. |_[ + ] Target:: [ https://www.boe.gov.sa/EmployeeTargama.aspx?empID=81 ]
1717. |_[ + ] Exploit::
1718. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1719. |_[ + ] More details:: / - / , ISP:
1720. |_[ + ] Found:: UNIDENTIFIED
1721.  
1722. _[ - ]::--------------------------------------------------------------------------------------------------------------
1723. |_[ + ] [ 47 / 100 ]-[08:36:33] [ - ]
1724. |_[ + ] Target:: [ https://www.boe.gov.sa/m/viewsubsystemdetails.aspx?systemid=13 ]
1725. |_[ + ] Exploit::
1726. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1727. |_[ + ] More details:: / - / , ISP:
1728. |_[ + ] Found:: UNIDENTIFIED
1729.  
1730. _[ - ]::--------------------------------------------------------------------------------------------------------------
1731. |_[ + ] [ 48 / 100 ]-[08:36:38] [ - ]
1732. |_[ + ] Target:: [ https://www.boe.gov.sa/M/ViewSubSystemDetails.aspx?SystemID=4 ]
1733. |_[ + ] Exploit::
1734. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1735. |_[ + ] More details:: / - / , ISP:
1736. |_[ + ] Found:: UNIDENTIFIED
1737.  
1738. _[ - ]::--------------------------------------------------------------------------------------------------------------
1739. |_[ + ] [ 49 / 100 ]-[08:36:42] [ - ]
1740. |_[ + ] Target:: [ https://www.boe.gov.sa/m/viewsubsystemdetails.aspx?systemid=292 ]
1741. |_[ + ] Exploit::
1742. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1743. |_[ + ] More details:: / - / , ISP:
1744. |_[ + ] Found:: UNIDENTIFIED
1745.  
1746. _[ - ]::--------------------------------------------------------------------------------------------------------------
1747. |_[ + ] [ 50 / 100 ]-[08:36:45] [ - ]
1748. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=127 ]
1749. |_[ + ] Exploit::
1750. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1751. |_[ + ] More details:: / - / , ISP:
1752. |_[ + ] Found:: UNIDENTIFIED
1753.  
1754. _[ - ]::--------------------------------------------------------------------------------------------------------------
1755. |_[ + ] [ 51 / 100 ]-[08:36:47] [ - ]
1756. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=384 ]
1757. |_[ + ] Exploit::
1758. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1759. |_[ + ] More details:: / - / , ISP:
1760. |_[ + ] Found:: UNIDENTIFIED
1761.  
1762. _[ - ]::--------------------------------------------------------------------------------------------------------------
1763. |_[ + ] [ 52 / 100 ]-[08:36:52] [ - ]
1764. |_[ + ] Target:: [ https://www.boe.gov.sa/MainLaws.aspx?lang=arandSystemID=144andVersionID=147 ]
1765. |_[ + ] Exploit::
1766. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1767. |_[ + ] More details:: / - / , ISP:
1768. |_[ + ] Found:: UNIDENTIFIED
1769.  
1770. _[ - ]::--------------------------------------------------------------------------------------------------------------
1771. |_[ + ] [ 53 / 100 ]-[08:36:54] [ - ]
1772. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=378 ]
1773. |_[ + ] Exploit::
1774. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1775. |_[ + ] More details:: / - / , ISP:
1776. |_[ + ] Found:: UNIDENTIFIED
1777.  
1778. _[ - ]::--------------------------------------------------------------------------------------------------------------
1779. |_[ + ] [ 54 / 100 ]-[08:36:57] [ - ]
1780. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=266 ]
1781. |_[ + ] Exploit::
1782. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1783. |_[ + ] More details:: / - / , ISP:
1784. |_[ + ] Found:: UNIDENTIFIED
1785.  
1786. _[ - ]::--------------------------------------------------------------------------------------------------------------
1787. |_[ + ] [ 55 / 100 ]-[08:36:59] [ - ]
1788. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=en&SystemID=159 ]
1789. |_[ + ] Exploit::
1790. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1791. |_[ + ] More details:: / - / , ISP:
1792. |_[ + ] Found:: UNIDENTIFIED
1793.  
1794. _[ - ]::--------------------------------------------------------------------------------------------------------------
1795. |_[ + ] [ 56 / 100 ]-[08:37:02] [ - ]
1796. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=230 ]
1797. |_[ + ] Exploit::
1798. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1799. |_[ + ] More details:: / - / , ISP:
1800. |_[ + ] Found:: UNIDENTIFIED
1801.  
1802. _[ - ]::--------------------------------------------------------------------------------------------------------------
1803. |_[ + ] [ 57 / 100 ]-[08:37:05] [ - ]
1804. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewRule.aspx?lang=ar&RuleID=7 ]
1805. |_[ + ] Exploit::
1806. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1807. |_[ + ] More details:: / - / , ISP:
1808. |_[ + ] Found:: UNIDENTIFIED
1809.  
1810. _[ - ]::--------------------------------------------------------------------------------------------------------------
1811. |_[ + ] [ 58 / 100 ]-[08:37:08] [ - ]
1812. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=376 ]
1813. |_[ + ] Exploit::
1814. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1815. |_[ + ] More details:: / - / , ISP:
1816. |_[ + ] Found:: UNIDENTIFIED
1817.  
1818. _[ - ]::--------------------------------------------------------------------------------------------------------------
1819. |_[ + ] [ 59 / 100 ]-[08:37:10] [ - ]
1820. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=192 ]
1821. |_[ + ] Exploit::
1822. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1823. |_[ + ] More details:: / - / , ISP:
1824. |_[ + ] Found:: UNIDENTIFIED
1825.  
1826. _[ - ]::--------------------------------------------------------------------------------------------------------------
1827. |_[ + ] [ 60 / 100 ]-[08:37:13] [ - ]
1828. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=348 ]
1829. |_[ + ] Exploit::
1830. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1831. |_[ + ] More details:: / - / , ISP:
1832. |_[ + ] Found:: UNIDENTIFIED
1833.  
1834. _[ - ]::--------------------------------------------------------------------------------------------------------------
1835. |_[ + ] [ 61 / 100 ]-[08:37:15] [ - ]
1836. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=egunhekpjsb&SystemID=217 ]
1837. |_[ + ] Exploit::
1838. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1839. |_[ + ] More details:: / - / , ISP:
1840. |_[ + ] Found:: UNIDENTIFIED
1841.  
1842. _[ - ]::--------------------------------------------------------------------------------------------------------------
1843. |_[ + ] [ 62 / 100 ]-[08:37:18] [ - ]
1844. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=en&SystemID=5 ]
1845. |_[ + ] Exploit::
1846. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1847. |_[ + ] More details:: / - / , ISP:
1848. |_[ + ] Found:: UNIDENTIFIED
1849.  
1850. _[ - ]::--------------------------------------------------------------------------------------------------------------
1851. |_[ + ] [ 63 / 100 ]-[08:37:20] [ - ]
1852. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=egunhekpjsb&SystemID=186 ]
1853. |_[ + ] Exploit::
1854. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1855. |_[ + ] More details:: / - / , ISP:
1856. |_[ + ] Found:: UNIDENTIFIED
1857.  
1858. _[ - ]::--------------------------------------------------------------------------------------------------------------
1859. |_[ + ] [ 64 / 100 ]-[08:37:23] [ - ]
1860. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=en&SystemID=60 ]
1861. |_[ + ] Exploit::
1862. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1863. |_[ + ] More details:: / - / , ISP:
1864. |_[ + ] Found:: UNIDENTIFIED
1865.  
1866. _[ - ]::--------------------------------------------------------------------------------------------------------------
1867. |_[ + ] [ 65 / 100 ]-[08:37:25] [ - ]
1868. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=3388 ]
1869. |_[ + ] Exploit::
1870. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1871. |_[ + ] More details:: / - / , ISP:
1872. |_[ + ] Found:: UNIDENTIFIED
1873.  
1874. _[ - ]::--------------------------------------------------------------------------------------------------------------
1875. |_[ + ] [ 66 / 100 ]-[08:37:28] [ - ]
1876. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=en&SystemID=181 ]
1877. |_[ + ] Exploit::
1878. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1879. |_[ + ] More details:: / - / , ISP:
1880. |_[ + ] Found:: UNIDENTIFIED
1881.  
1882. _[ - ]::--------------------------------------------------------------------------------------------------------------
1883. |_[ + ] [ 67 / 100 ]-[08:37:30] [ - ]
1884. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=382 ]
1885. |_[ + ] Exploit::
1886. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1887. |_[ + ] More details:: / - / , ISP:
1888. |_[ + ] Found:: UNIDENTIFIED
1889.  
1890. _[ - ]::--------------------------------------------------------------------------------------------------------------
1891. |_[ + ] [ 68 / 100 ]-[08:37:32] [ - ]
1892. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=en&SystemID=201 ]
1893. |_[ + ] Exploit::
1894. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1895. |_[ + ] More details:: / - / , ISP:
1896. |_[ + ] Found:: UNIDENTIFIED
1897.  
1898. _[ - ]::--------------------------------------------------------------------------------------------------------------
1899. |_[ + ] [ 69 / 100 ]-[08:37:35] [ - ]
1900. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ezbuzjklxdscxjpn&SystemID=186 ]
1901. |_[ + ] Exploit::
1902. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1903. |_[ + ] More details:: / - / , ISP:
1904. |_[ + ] Found:: UNIDENTIFIED
1905.  
1906. _[ - ]::--------------------------------------------------------------------------------------------------------------
1907. |_[ + ] [ 70 / 100 ]-[08:37:37] [ - ]
1908. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ztkfhogvcpxlr&SystemID=99 ]
1909. |_[ + ] Exploit::
1910. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1911. |_[ + ] More details:: / - / , ISP:
1912. |_[ + ] Found:: UNIDENTIFIED
1913.  
1914. _[ - ]::--------------------------------------------------------------------------------------------------------------
1915. |_[ + ] [ 71 / 100 ]-[08:37:40] [ - ]
1916. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=en&SystemID=126 ]
1917. |_[ + ] Exploit::
1918. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1919. |_[ + ] More details:: / - / , ISP:
1920. |_[ + ] Found:: UNIDENTIFIED
1921.  
1922. _[ - ]::--------------------------------------------------------------------------------------------------------------
1923. |_[ + ] [ 72 / 100 ]-[08:37:42] [ - ]
1924. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=en&SystemID=174 ]
1925. |_[ + ] Exploit::
1926. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1927. |_[ + ] More details:: / - / , ISP:
1928. |_[ + ] Found:: UNIDENTIFIED
1929.  
1930. _[ - ]::--------------------------------------------------------------------------------------------------------------
1931. |_[ + ] [ 73 / 100 ]-[08:37:45] [ - ]
1932. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=en&SystemID=158 ]
1933. |_[ + ] Exploit::
1934. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1935. |_[ + ] More details:: / - / , ISP:
1936. |_[ + ] Found:: UNIDENTIFIED
1937.  
1938. _[ - ]::--------------------------------------------------------------------------------------------------------------
1939. |_[ + ] [ 74 / 100 ]-[08:37:47] [ - ]
1940. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=5 ]
1941. |_[ + ] Exploit::
1942. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1943. |_[ + ] More details:: / - / , ISP:
1944. |_[ + ] Found:: UNIDENTIFIED
1945.  
1946. _[ - ]::--------------------------------------------------------------------------------------------------------------
1947. |_[ + ] [ 75 / 100 ]-[08:37:50] [ - ]
1948. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=234 ]
1949. |_[ + ] Exploit::
1950. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1951. |_[ + ] More details:: / - / , ISP:
1952. |_[ + ] Found:: UNIDENTIFIED
1953.  
1954. _[ - ]::--------------------------------------------------------------------------------------------------------------
1955. |_[ + ] [ 76 / 100 ]-[08:37:53] [ - ]
1956. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=60 ]
1957. |_[ + ] Exploit::
1958. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1959. |_[ + ] More details:: / - / , ISP:
1960. |_[ + ] Found:: UNIDENTIFIED
1961.  
1962. _[ - ]::--------------------------------------------------------------------------------------------------------------
1963. |_[ + ] [ 77 / 100 ]-[08:37:55] [ - ]
1964. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=356 ]
1965. |_[ + ] Exploit::
1966. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1967. |_[ + ] More details:: / - / , ISP:
1968. |_[ + ] Found:: UNIDENTIFIED
1969.  
1970. _[ - ]::--------------------------------------------------------------------------------------------------------------
1971. |_[ + ] [ 78 / 100 ]-[08:37:57] [ - ]
1972. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=en&SystemID=164 ]
1973. |_[ + ] Exploit::
1974. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1975. |_[ + ] More details:: / - / , ISP:
1976. |_[ + ] Found:: UNIDENTIFIED
1977.  
1978. _[ - ]::--------------------------------------------------------------------------------------------------------------
1979. |_[ + ] [ 79 / 100 ]-[08:38:00] [ - ]
1980. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=2384 ]
1981. |_[ + ] Exploit::
1982. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1983. |_[ + ] More details:: / - / , ISP:
1984. |_[ + ] Found:: UNIDENTIFIED
1985.  
1986. _[ - ]::--------------------------------------------------------------------------------------------------------------
1987. |_[ + ] [ 80 / 100 ]-[08:38:02] [ - ]
1988. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=112 ]
1989. |_[ + ] Exploit::
1990. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1991. |_[ + ] More details:: / - / , ISP:
1992. |_[ + ] Found:: UNIDENTIFIED
1993.  
1994. _[ - ]::--------------------------------------------------------------------------------------------------------------
1995. |_[ + ] [ 81 / 100 ]-[08:38:07] [ - ]
1996. |_[ + ] Target:: [ https://www.boe.gov.sa/M/NewsView.aspx?NewsID=39 ]
1997. |_[ + ] Exploit::
1998. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
1999. |_[ + ] More details:: / - / , ISP:
2000. |_[ + ] Found:: UNIDENTIFIED
2001.  
2002. _[ - ]::--------------------------------------------------------------------------------------------------------------
2003. |_[ + ] [ 82 / 100 ]-[08:38:09] [ - ]
2004. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=en&SystemID=4 ]
2005. |_[ + ] Exploit::
2006. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2007. |_[ + ] More details:: / - / , ISP:
2008. |_[ + ] Found:: UNIDENTIFIED
2009.  
2010. _[ - ]::--------------------------------------------------------------------------------------------------------------
2011. |_[ + ] [ 83 / 100 ]-[08:38:12] [ - ]
2012. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=en&SystemID=31 ]
2013. |_[ + ] Exploit::
2014. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2015. |_[ + ] More details:: / - / , ISP:
2016. |_[ + ] Found:: UNIDENTIFIED
2017.  
2018. _[ - ]::--------------------------------------------------------------------------------------------------------------
2019. |_[ + ] [ 84 / 100 ]-[08:38:14] [ - ]
2020. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=383 ]
2021. |_[ + ] Exploit::
2022. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2023. |_[ + ] More details:: / - / , ISP:
2024. |_[ + ] Found:: UNIDENTIFIED
2025.  
2026. _[ - ]::--------------------------------------------------------------------------------------------------------------
2027. |_[ + ] [ 85 / 100 ]-[08:38:19] [ - ]
2028. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemProject.aspx?lang=ztkfhogvcpxlr&spid=9 ]
2029. |_[ + ] Exploit::
2030. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2031. |_[ + ] More details:: / - / , ISP:
2032. |_[ + ] Found:: UNIDENTIFIED
2033.  
2034. _[ - ]::--------------------------------------------------------------------------------------------------------------
2035. |_[ + ] [ 86 / 100 ]-[08:38:23] [ - ]
2036. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewStaticPage.aspx?lang=2&PageID=25 ]
2037. |_[ + ] Exploit::
2038. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2039. |_[ + ] More details:: / - / , ISP:
2040. |_[ + ] Found:: UNIDENTIFIED
2041.  
2042. _[ - ]::--------------------------------------------------------------------------------------------------------------
2043. |_[ + ] [ 87 / 100 ]-[08:38:27] [ - ]
2044. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewRule.aspx?lang=en&RuleID=30 ]
2045. |_[ + ] Exploit::
2046. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2047. |_[ + ] More details:: / - / , ISP:
2048. |_[ + ] Found:: UNIDENTIFIED
2049.  
2050. _[ - ]::--------------------------------------------------------------------------------------------------------------
2051. |_[ + ] [ 88 / 100 ]-[08:38:30] [ - ]
2052. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewRule.aspx?lang=ar&RuleID=23 ]
2053. |_[ + ] Exploit::
2054. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2055. |_[ + ] More details:: / - / , ISP:
2056. |_[ + ] Found:: UNIDENTIFIED
2057.  
2058. _[ - ]::--------------------------------------------------------------------------------------------------------------
2059. |_[ + ] [ 89 / 100 ]-[08:38:33] [ - ]
2060. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=ar&SystemID=88 ]
2061. |_[ + ] Exploit::
2062. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2063. |_[ + ] More details:: / - / , ISP:
2064. |_[ + ] Found:: UNIDENTIFIED
2065.  
2066. _[ - ]::--------------------------------------------------------------------------------------------------------------
2067. |_[ + ] [ 90 / 100 ]-[08:38:35] [ - ]
2068. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewSystemDetails.aspx?lang=en&SystemID=15 ]
2069. |_[ + ] Exploit::
2070. |_[ + ] Information Server:: HTTP/1.1 302 Found, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2071. |_[ + ] More details:: / - / , ISP:
2072. |_[ + ] Found:: UNIDENTIFIED
2073.  
2074. _[ - ]::--------------------------------------------------------------------------------------------------------------
2075. |_[ + ] [ 91 / 100 ]-[08:38:38] [ - ]
2076. |_[ + ] Target:: [ https://www.boe.gov.sa/ShowPDF.aspx?FileName=A44.pdf ]
2077. |_[ + ] Exploit::
2078. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2079. |_[ + ] More details:: / - / , ISP:
2080. |_[ + ] Found:: UNIDENTIFIED
2081.  
2082. _[ - ]::--------------------------------------------------------------------------------------------------------------
2083. |_[ + ] [ 92 / 100 ]-[08:38:42] [ - ]
2084. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewKhobraNews.aspx?lang=fbsxpqsz&NewsID=1057 ]
2085. |_[ + ] Exploit::
2086. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2087. |_[ + ] More details:: / - / , ISP:
2088. |_[ + ] Found:: UNIDENTIFIED
2089.  
2090. _[ - ]::--------------------------------------------------------------------------------------------------------------
2091. |_[ + ] [ 93 / 100 ]-[08:38:46] [ - ]
2092. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewKhobraNews.aspx?NewsID=52&lang=en ]
2093. |_[ + ] Exploit::
2094. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2095. |_[ + ] More details:: / - / , ISP:
2096. |_[ + ] Found:: UNIDENTIFIED
2097.  
2098. _[ - ]::--------------------------------------------------------------------------------------------------------------
2099. |_[ + ] [ 94 / 100 ]-[08:38:50] [ - ]
2100. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewKhobraNews.aspx?lang=yxrrsffrykmyk&NewsID=1057 ]
2101. |_[ + ] Exploit::
2102. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2103. |_[ + ] More details:: / - / , ISP:
2104. |_[ + ] Found:: UNIDENTIFIED
2105.  
2106. _[ - ]::--------------------------------------------------------------------------------------------------------------
2107. |_[ + ] [ 95 / 100 ]-[08:38:54] [ - ]
2108. |_[ + ] Target:: [ https://www.boe.gov.sa/ViewKhobraNews.aspx?lang=ar&NewsID=14 ]
2109. |_[ + ] Exploit::
2110. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2111. |_[ + ] More details:: / - / , ISP:
2112. |_[ + ] Found:: UNIDENTIFIED
2113.  
2114. _[ - ]::--------------------------------------------------------------------------------------------------------------
2115. |_[ + ] [ 96 / 100 ]-[08:38:58] [ - ]
2116. |_[ + ] Target:: [ https://www.boe.gov.sa/m/viewsubsystemdetails.aspx?systemid=27&languageid=2 ]
2117. |_[ + ] Exploit::
2118. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2119. |_[ + ] More details:: / - / , ISP:
2120. |_[ + ] Found:: UNIDENTIFIED
2121.  
2122. _[ - ]::--------------------------------------------------------------------------------------------------------------
2123. |_[ + ] [ 97 / 100 ]-[08:39:01] [ - ]
2124. |_[ + ] Target:: [ https://www.boe.gov.sa/m/viewsubsystemdetails.aspx?systemid=16&languageid=2 ]
2125. |_[ + ] Exploit::
2126. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2127. |_[ + ] More details:: / - / , ISP:
2128. |_[ + ] Found:: UNIDENTIFIED
2129.  
2130. _[ - ]::--------------------------------------------------------------------------------------------------------------
2131. |_[ + ] [ 98 / 100 ]-[08:39:07] [ - ]
2132. |_[ + ] Target:: [ https://www.boe.gov.sa/m/viewsubsystemdetails.aspx?systemid=262&languageid=1 ]
2133. |_[ + ] Exploit::
2134. |_[ + ] Information Server:: , , IP:212.138.117.127:443
2135. |_[ + ] More details:: / - / , ISP:
2136. |_[ + ] Found:: UNIDENTIFIED
2137. |_[ + ] ERROR CONECTION:: Operation timed out after 5000 milliseconds with 0 bytes received
2138.  
2139. _[ - ]::--------------------------------------------------------------------------------------------------------------
2140. |_[ + ] [ 99 / 100 ]-[08:39:12] [ - ]
2141. |_[ + ] Target:: [ https://www.boe.gov.sa/m/viewsubsystemdetails.aspx?lang=ar&systemid=359 ]
2142. |_[ + ] Exploit::
2143. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET, IP:212.138.117.127:443
2144. |_[ + ] More details:: / - / , ISP:
2145. |_[ + ] Found:: UNIDENTIFIED
2146.  
2147. [ INFO ] [ Shutting down ]
2148. [ INFO ] [ End of process INURLBR at [26-10-2018 08:39:12]
2149. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
2150. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/plugins/slurp/output/inurlbr-www.boe.gov.sa.txt ]
2151. |_________________________________________________________________________________________
2152.  
2153. \_________________________________________________________________________________________/
2154. #######################################################################################################################################
2155.  
2156. ^ ^
2157. _ __ _ ____ _ __ _ _ ____
2158. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
2159. | V V // o // _/ | V V // 0 // 0 // _/
2160. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
2161. <
2162. ...'
2163.  
2164. WAFW00F - Web Application Firewall Detection Tool
2165.  
2166. By Sandro Gauci && Wendel G. Henrique
2167.  
2168. Checking https://www.boe.gov.sa
2169. The site https://www.boe.gov.sa is behind a ModSecurity (OWASP CRS)
2170. Number of requests: 11
2171. #######################################################################################################################################
2172. wig - WebApp Information Gatherer
2173.  
2174.  
2175. Scanning https://www.boe.gov.sa...
2176. _______________________ SITE INFO _______________________
2177. IP Title
2178. 212.138.117.127 موقع هيئة الخبراء بمجلس الوزر
2179.  
2180. ________________________ VERSION ________________________
2181. Name Versions Type
2182. ASP.NET 4.0.30319 Platform
2183. IIS 8.5 Platform
2184. microsoft-httpapi 2.0 Platform
2185. Microsoft Windows Server 2012 R2 OS
2186.  
2187. ______________________ INTERESTING ______________________
2188. URL Note Type
2189. /login.aspx Login Page Interesting
2190.  
2191. _________________________________________________________
2192. Time: 3.5 sec Urls: 693 Fingerprints: 40401
2193. ######################################################################################################################################
2194. HTTP/1.1 200 OK
2195. Cache-Control: private
2196. Content-Length: 109251
2197. Content-Type: text/html; charset=utf-8
2198. Server: Microsoft-IIS/8.5
2199. Set-Cookie: ASP.NET_SessionId=zeu1jzfadht3obrz0ilpojp3; path=/; HttpOnly
2200. X-AspNet-Version: 4.0.30319
2201. X-Powered-By: ASP.NET
2202. Date: Thu, 11 Jul 2019 22:05:17 GMT
2203. #######################################################################################################################################
2204.  
2205.  
2206.  
2207. AVAILABLE PLUGINS
2208. -----------------
2209.  
2210. PluginCompression
2211. PluginHSTS
2212. PluginChromeSha1Deprecation
2213. PluginSessionResumption
2214. PluginSessionRenegotiation
2215. PluginHeartbleed
2216. PluginCertInfo
2217. PluginOpenSSLCipherSuites
2218.  
2219.  
2220.  
2221. CHECKING HOST(S) AVAILABILITY
2222. -----------------------------
2223.  
2224. www.boe.gov.sa:443 => 212.138.117.127:443
2225.  
2226.  
2227.  
2228. SCAN RESULTS FOR WWW.BOE.GOV.SA:443 - 212.138.117.127:443
2229. ---------------------------------------------------------
2230.  
2231. * Deflate Compression:
2232. OK - Compression disabled
2233.  
2234. * Session Renegotiation:
2235. Client-initiated Renegotiations: OK - Rejected
2236. Secure Renegotiation: OK - Supported
2237.  
2238. * Certificate - Content:
2239. SHA1 Fingerprint: 133b4c190f9f08e394722b5916a7edff46149153
2240. Common Name: boe.gov.sa
2241. Issuer: DigiCert SHA2 Extended Validation Server CA
2242. Serial Number: 04D05D5A5C9ACE58753FC99C75B221C6
2243. Not Before: Jun 11 00:00:00 2018 GMT
2244. Not After: Jun 11 12:00:00 2020 GMT
2245. Signature Algorithm: sha256WithRSAEncryption
2246. Public Key Algorithm: rsaEncryption
2247. Key Size: 2048 bit
2248. Exponent: 65537 (0x10001)
2249. X509v3 Subject Alternative Name: {'DNS': ['boe.gov.sa', 'www.boe.gov.sa']}
2250.  
2251. * Certificate - Trust:
2252. Hostname Validation: OK - Subject Alternative Name matches
2253. Google CA Store (09/2015): OK - Certificate is trusted
2254. Java 6 CA Store (Update 65): OK - Certificate is trusted
2255. Microsoft CA Store (09/2015): OK - Certificate is trusted
2256. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
2257. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
2258. Certificate Chain Received: ['boe.gov.sa', 'DigiCert SHA2 Extended Validation Server CA']
2259.  
2260. * Certificate - OCSP Stapling:
2261. NOT SUPPORTED - Server did not send back an OCSP response.
2262.  
2263. * Session Resumption:
2264. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
2265. With TLS Session Tickets: NOT SUPPORTED - TLS ticket not assigned.
2266.  
2267. * SSLV2 Cipher Suites:
2268. Server rejected all cipher suites.
2269.  
2270. * SSLV3 Cipher Suites:
2271. Server rejected all cipher suites.
2272.  
2273.  
2274.  
2275. SCAN COMPLETED IN 8.92 S
2276. ------------------------
2277. Version: 1.11.12-static
2278. OpenSSL 1.0.2-chacha (1.0.2g-dev)
2279.  
2280. Connected to 212.138.117.127
2281.  
2282. Testing SSL server www.boe.gov.sa on port 443 using SNI name www.boe.gov.sa
2283.  
2284. TLS Fallback SCSV:
2285. Server does not support TLS Fallback SCSV
2286.  
2287. TLS renegotiation:
2288. Secure session renegotiation supported
2289.  
2290. TLS Compression:
2291. Compression disabled
2292.  
2293. Heartbleed:
2294. TLS 1.2 not vulnerable to heartbleed
2295. TLS 1.1 not vulnerable to heartbleed
2296. TLS 1.0 not vulnerable to heartbleed
2297.  
2298. Supported Server Cipher(s):
2299. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-521 DHE 521
2300. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-521 DHE 521
2301. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-521 DHE 521
2302. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-521 DHE 521
2303. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
2304. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
2305. Accepted TLSv1.2 256 bits AES256-SHA256
2306. Accepted TLSv1.2 128 bits AES128-SHA256
2307. Accepted TLSv1.2 256 bits AES256-SHA
2308. Accepted TLSv1.2 128 bits AES128-SHA
2309. Accepted TLSv1.2 112 bits DES-CBC3-SHA
2310. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-521 DHE 521
2311. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-521 DHE 521
2312. Accepted TLSv1.1 256 bits AES256-SHA
2313. Accepted TLSv1.1 128 bits AES128-SHA
2314. Accepted TLSv1.1 112 bits DES-CBC3-SHA
2315. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-521 DHE 521
2316. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-521 DHE 521
2317. Accepted TLSv1.0 256 bits AES256-SHA
2318. Accepted TLSv1.0 128 bits AES128-SHA
2319. Accepted TLSv1.0 112 bits DES-CBC3-SHA
2320.  
2321. SSL Certificate:
2322. Signature Algorithm: sha256WithRSAEncryption
2323. RSA Key Strength: 2048
2324.  
2325. Subject: boe.gov.sa
2326. Altnames: DNS:boe.gov.sa, DNS:www.boe.gov.sa
2327. Issuer: DigiCert SHA2 Extended Validation Server CA
2328.  
2329. Not valid before: Jun 11 00:00:00 2018 GMT
2330. Not valid after: Jun 11 12:00:00 2020 GMT
2331.  
2332. #######################################################################################################################################
2333.  
2334. I, [2018-10-26T08:40:58.826564 #21524] INFO -- : Initiating port scan
2335. I, [2018-10-26T08:42:17.148868 #21524] INFO -- : Using nmap scan output file logs/nmap_output_2018-10-26_08-40-58.xml
2336. I, [2018-10-26T08:42:17.149982 #21524] INFO -- : Discovered open port: 212.138.117.127:80
2337. I, [2018-10-26T08:42:19.057171 #21524] INFO -- : Discovered open port: 212.138.117.127:443
2338. I, [2018-10-26T08:42:22.728431 #21524] INFO -- : <<<Enumerating vulnerable applications>>>
2339. --------------------------------------------------------
2340. <<<Yasuo discovered following vulnerable applications>>>
2341. --------------------------------------------------------
2342. +----------+--------------------+-------------------+----------+----------+
2343. | App Name | URL to Application | Potential Exploit | Username | Password |
2344. +----------+--------------------+-------------------+----------+----------+
2345. +----------+--------------------+-------------------+----------+----------+
2346. ######################################################################################################################################
2347. Anonymous JTSEC #OpJamalKhashoggi Full Recon #6