Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- Hostname www.mppp.gob.ve ISP CANTV Servicios, Venezuela
- Continent South America Flag
- VE
- Country Venezuela Country Code VE
- Region Distrito Federal Local time 07 Nov 2018 02:37 -04
- City Caracas Postal Code Unknown
- IP Address 201.249.203.40 Latitude 10.5
- Longitude -66.917
- ######################################################################################################################################
- > www.mppp.gob.ve
- Server: 194.187.251.67
- Address: 194.187.251.67#53
- Non-authoritative answer:
- Name: www.mppp.gob.ve
- Address: 201.249.203.40
- ######################################################################################################################################
- HostIP:201.249.203.40
- HostName:www.mppp.gob.ve
- Gathered Inet-whois information for 201.249.203.40
- ---------------------------------------------------------------------------------------------------------------------------------------
- inetnum: 201.0.0.0 - 201.255.255.255
- netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
- descr: IPv4 address block not managed by the RIPE NCC
- remarks: ------------------------------------------------------
- remarks:
- remarks: You can find the whois server to query, or the
- remarks: IANA registry to query on this web page:
- remarks: http://www.iana.org/assignments/ipv4-address-space
- remarks:
- remarks: You can access databases of other RIRs at:
- remarks:
- remarks: AFRINIC (Africa)
- remarks: http://www.afrinic.net/ whois.afrinic.net
- remarks:
- remarks: APNIC (Asia Pacific)
- remarks: http://www.apnic.net/ whois.apnic.net
- remarks:
- remarks: ARIN (Northern America)
- remarks: http://www.arin.net/ whois.arin.net
- remarks:
- remarks: LACNIC (Latin America and the Carribean)
- remarks: http://www.lacnic.net/ whois.lacnic.net
- remarks:
- remarks: IANA IPV4 Recovered Address Space
- remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
- remarks:
- remarks: ------------------------------------------------------
- country: EU # Country is really world wide
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- status: ALLOCATED UNSPECIFIED
- mnt-by: RIPE-NCC-HM-MNT
- mnt-lower: RIPE-NCC-HM-MNT
- created: 2014-11-07T14:15:06Z
- last-modified: 2018-09-04T13:31:30Z
- source: RIPE
- role: Internet Assigned Numbers Authority
- address: see http://www.iana.org.
- admin-c: IANA1-RIPE
- tech-c: IANA1-RIPE
- nic-hdl: IANA1-RIPE
- remarks: For more information on IANA services
- remarks: go to IANA web site at http://www.iana.org.
- mnt-by: RIPE-NCC-MNT
- created: 1970-01-01T00:00:00Z
- last-modified: 2001-09-22T09:31:27Z
- source: RIPE # Filtered
- % Information related to '201.249.0.0/16AS8048'
- route: 201.249.0.0/16
- descr: CANTV-NET
- origin: AS8048
- mnt-by: CANTV-MNTR
- created: 2007-04-03T12:17:07Z
- last-modified: 2018-09-04T15:50:05Z
- source: RIPE-NONAUTH
- % This query was served by the RIPE Database Query Service version 1.92.6 (HEREFORD)
- Gathered Inic-whois information for mppp.gob.ve
- ---------------------------------------------------------------------------------------------------------------------------------------
- Gathered Netcraft information for www.mppp.gob.ve
- --------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for www.mppp.gob.ve
- Netcraft.com Information gathered
- Gathered Subdomain information for mppp.gob.ve
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- HostName:www.mppp.gob.ve
- HostIP:201.249.203.40
- HostName:sipes.mppp.gob.ve
- HostIP:200.109.67.89
- HostName:correo.mppp.gob.ve
- HostIP:201.249.203.33
- Searching Altavista.com:80...
- Found 3 possible subdomain(s) for host mppp.gob.ve, Searched 0 pages containing 0 results
- Gathered E-Mail information for mppp.gob.ve
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host mppp.gob.ve, Searched 0 pages containing 0 results
- Gathered TCP Port information for 201.249.203.40
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 80/tcp open
- Portscan Finished: Scanned 150 ports, 2 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: http://www.mppp.gob.ve
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: MPPP | Ministerio del Poder Popular de Planificación
- [+] IP address: 201.249.203.40
- [+] Web Server: Could Not Detect
- [+] CMS: WordPress
- [+] Cloudflare: Not Detected
- [+] Robots File: Found
- -------------[ contents ]----------------
- User-agent: *
- Disallow: /wp-admin/
- Allow: /wp-admin/admin-ajax.php
- -----------[end of contents]-------------
- W H O I S L O O K U P
- =======================================================================================================================================
- Servidor Whois del Centro de Información de Red de Venezuela (NIC.VE)
- Este servidor contiene información autoritativa exclusivamente de dominios .VE
- Cualquier consulta sobre este servicio, puede hacerla al correo electrónico whois@nic.ve
- Titular:
- Ministerio del Poder Popular de Planificacion despacho@mppp.gob.ve
- Ministerio del Poder Popular de Planificacion
- Av. Lecuna. Parque Central. Torre Oeste. Piso 20. Urb. El Conde. Municipio Libertador
- Caracas, Distrito Capital VE
- +58 (212) 507.05.14 / +58 (212) 507.09.38
- Nombre de Dominio: mppp.gob.ve
- Contacto Administrativo:
- Manuel Gilly mgilly@mppp.gob.ve
- Ministerio del Poder Popular de Planificacion
- Av. Lecuna. Parque Central. Torre Oeste. Piso 20. Urb. El Conde. Municipio Libertador
- Caracas, Distrito Capital VE
- 0212-5070939 (FAX) 8021643.
- Contacto Técnico:
- Mebil Rosales mrosales@mppp.gob.ve
- Ministerio del Poder Popular de Planificacion
- Av. Lecuna. Parque Central. Torre Oeste. Piso 20. Urb. El Conde. Municipio Libertador
- Caracas, Distrito Capital VE
- 0212-7570936
- Contacto de Cobranza:
- Ministerio del Poder Popular de Planificacion despacho@mppp.gob.ve
- Ministerio del Poder Popular de Planificacion
- Av. Lecuna. Parque Central. Torre Oeste. Piso 20. Urb. El Conde. Municipio Libertador
- Caracas, Distrito Capital VE
- +58 (212) 507.05.14 / +58 (212) 507.09.38
- Ultima Actualización: 2013-06-21 15:20:44
- Fecha de Creación: 2013-06-21 15:12:26
- Estatus del dominio: ACTIVO
- Servidor(es) de Nombres de Dominio:
- - ns1.mppp.gob.ve
- - ns2.mppp.gob.ve
- NIC-Venezuela - CONATEL
- http://www.nic.ve
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 201.249.203.40
- [i] Country: VE
- [i] State: N/A
- [i] City: N/A
- [i] Latitude: 8.000000
- [i] Longitude: -66.000000
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Date: Wed, 07 Nov 2018 09:14:58 GMT
- [i] Set-Cookie: PHPSESSID=k086cottgn8dhjs8msc13maad4; path=/
- [i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
- [i] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- [i] Pragma: no-cache
- [i] Set-Cookie: wphc_seen=1; expires=Thu, 08-Nov-2018 09:14:59 GMT
- [i] Link: <http://www.mppp.gob.ve/wp-json/>; rel="https://api.w.org/"
- [i] Link: <http://www.mppp.gob.ve/>; rel=shortlink
- [i] Vary: Accept-Encoding
- [i] Content-Type: text/html; charset=UTF-8
- [i] Connection: close
- D N S L O O K U P
- =======================================================================================================================================
- mppp.gob.ve. 0 IN SOA mppp.gob.ve. soporte.mppp.gob.ve. 2018102901 1200 300 2419200 60
- mppp.gob.ve. 0 IN A 201.249.203.40
- mppp.gob.ve. 0 IN MX 10 correo.mppp.gob.ve.
- mppp.gob.ve. 3599 IN TXT "v=spf1 a mx ~all"
- mppp.gob.ve. 3599 IN TXT "google-site-verification=RqIgI6dEU1c9m7AButstf2q-CMpQOFz1684MpWzDX2M"
- mppp.gob.ve. 0 IN NS ns2.mppp.gob.ve.
- mppp.gob.ve. 0 IN NS ns1.mppp.gob.ve.
- S U B N E T C A L C U L A T I O N
- ======================================================================================================================================
- Address = 201.249.203.40
- Network = 201.249.203.40 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 201.249.203.40 - 201.249.203.40 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.40 ( https://nmap.org ) at 2018-11-07 08:43 UTC
- Nmap scan report for mppp.gob.ve (201.249.203.40)
- Host is up (0.085s latency).
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 2.35 seconds
- S U B - D O M A I N F I N D E R
- =======================================================================================================================================
- [i] Total Subdomains Found : 22
- [+] Subdomain: ns2.mppp.gob.ve
- [-] IP: 201.249.201.70
- [+] Subdomain: indicadoresplanpatria.mppp.gob.ve
- [-] IP: 201.249.203.48
- [+] Subdomain: sala.mppp.gob.ve
- [-] IP: 201.249.203.45
- [+] Subdomain: siruma.mppp.gob.ve
- [-] IP: 201.249.203.50
- [+] Subdomain: collabora.mppp.gob.ve
- [-] IP: 201.249.203.38
- [+] Subdomain: gitlab.mppp.gob.ve
- [-] IP: 201.249.203.46
- [+] Subdomain: mautic.mppp.gob.ve
- [-] IP: 201.249.203.45
- [+] Subdomain: nube.mppp.gob.ve
- [-] IP: 201.249.203.43
- [+] Subdomain: openfire.mppp.gob.ve
- [-] IP: 201.249.203.37
- [+] Subdomain: www.sicecom.mppp.gob.ve
- [-] IP: 201.249.203.40
- [+] Subdomain: www.infoplan.mppp.gob.ve
- [-] IP: 201.249.203.44
- [+] Subdomain: correo.mppp.gob.ve
- [-] IP: 201.249.203.33
- [+] Subdomain: www.papelcero.mppp.gob.ve
- [-] IP: 201.249.203.40
- [+] Subdomain: sidepro.mppp.gob.ve
- [-] IP: 150.187.36.126
- [+] Subdomain: operativo.mppp.gob.ve
- [-] IP: 201.249.203.42
- [+] Subdomain: www.rernep.mppp.gob.ve
- [-] IP: 201.249.203.41
- [+] Subdomain: www.snip.mppp.gob.ve
- [-] IP: 201.249.203.57
- [+] Subdomain: siglas.mppp.gob.ve
- [-] IP: 201.249.203.42
- [+] Subdomain: zonaseconomicasespeciales.mppp.gob.ve
- [-] IP: 201.249.203.40
- [+] Subdomain: sipes.mppp.gob.ve
- [-] IP: 150.187.36.127
- [+] Subdomain: www.sipes.mppp.gob.ve
- [-] IP: 150.187.36.127
- [+] Subdomain: www.mppp.gob.ve
- [-] IP: 201.249.203.40
- ######################################################################################################################################
- [?] Enter the target: http://www.mppp.gob.ve
- [!] IP Address : 201.249.203.40
- [!] CMS Detected : WordPress
- [+] Honeypot Probabilty: 0%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for www.mppp.gob.ve
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/www.mppp.gob.ve
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] Robots.txt retrieved
- User-agent: *
- Disallow: /wp-admin/
- Allow: /wp-admin/admin-ajax.php
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open https
- 3389/tcp filtered ms-wbt-server
- Nmap done: 1 IP address (1 host up) scanned in 1.82 seconds
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-1-Debian <<>> mppp.gob.ve
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43928
- ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 4096
- ;; QUESTION SECTION:
- ;mppp.gob.ve. IN A
- ;; ANSWER SECTION:
- mppp.gob.ve. 0 IN A 201.249.203.40
- ;; Query time: 304 msec
- ;; SERVER: 194.187.251.67#53(194.187.251.67)
- ;; WHEN: mer nov 07 03:58:33 EST 2018
- ;; MSG SIZE rcvd: 56
- #######################################################################################################################################
- ; <<>> DiG 9.11.5-1-Debian <<>> +trace mppp.gob.ve
- ;; global options: +cmd
- . 80650 IN NS i.root-servers.net.
- . 80650 IN NS h.root-servers.net.
- . 80650 IN NS f.root-servers.net.
- . 80650 IN NS c.root-servers.net.
- . 80650 IN NS k.root-servers.net.
- . 80650 IN NS j.root-servers.net.
- . 80650 IN NS m.root-servers.net.
- . 80650 IN NS l.root-servers.net.
- . 80650 IN NS d.root-servers.net.
- . 80650 IN NS e.root-servers.net.
- . 80650 IN NS a.root-servers.net.
- . 80650 IN NS g.root-servers.net.
- . 80650 IN NS b.root-servers.net.
- . 80650 IN RRSIG NS 8 0 518400 20181120050000 20181107040000 2134 . Np3RvppFEuYVNCJJIPBVV0MEWJf5BYaWh3cW85bg2RmXkkgSgkRSQG+H xL228jJONP/kIn/HJfr8kjufCMatXUTxFz2OVw5GQvemO32pBoIiywCm B+PO4lBDv4kMnmjm/GZ+sREJQ9Pq5/1kY0CKEPxfA+LkPPHSmnL6uOfr jatf1G8adJT7jpImoIfFg5y9CRlnU2RIQD5Xb1117o9HLUXS74osaHln 3d7s6/bxhPUdEkJSLfLBD2KbUOmFFd1uHJt/cywJClviRKgxjEySvMTZ 8ydBPSARLRlVi3NxHnvjDKxNcRP3kExSg5RRMhHG1lOhL025R2QisuBM VJQBJw==
- ;; Received 525 bytes from 194.187.251.67#53(194.187.251.67) in 118 ms
- ve. 172800 IN NS ns4.nic.ve.
- ve. 172800 IN NS sns-pb.isc.org.
- ve. 172800 IN NS ns3.nic.ve.
- ve. 172800 IN NS ns1.nic.ve.
- ve. 172800 IN NS ns2.nic.ve.
- ve. 172800 IN NS azmodan.ula.ve.
- ve. 172800 IN NS ns-ext.nic.cl.
- ve. 86400 IN NSEC vegas. NS RRSIG NSEC
- ve. 86400 IN RRSIG NSEC 8 1 86400 20181120050000 20181107040000 2134 . RDmFLwTIfKeOFFTD1MvP8qvBugCPUs6w8s8RILzSRVwRczOWmO6nwZqK aecI5oHiUBvuNr9TbubR3ujtDW1bjpvLp3Vj6RD0dvWjPEySdYwTjvTB EYaiNDgAhI6xtrFPFz0vYAZxsClyq74T5sfzqK1+wGoiv2SwEq4BJslj 0Bd2mN9JSmS0bUo323hhLfsClanj5wrdWQq7HixJoCaBipXjQu9kJKy0 NhyGxMcmrxx7qFhD5r5T9kju1E2rvkbkJLdhqI2EryHGl55jCrT5FHpa fLhAsPtXN0oj0JXMzelte4Cpnuu4l1VSH8FxsKp8nJt+iFpBv6ZoSMHr 5xFWzQ==
- ;; Received 735 bytes from 202.12.27.33#53(m.root-servers.net) in 125 ms
- mppp.gob.ve. 600 IN NS ns2.mppp.gob.ve.
- mppp.gob.ve. 600 IN NS ns1.mppp.gob.ve.
- ;; Received 108 bytes from 150.188.228.5#53(ns2.nic.ve) in 313 ms
- mppp.gob.ve. 0 IN A 201.249.203.40
- mppp.gob.ve. 0 IN NS ns1.mppp.gob.ve.
- mppp.gob.ve. 0 IN NS ns2.mppp.gob.ve.
- ;; Received 124 bytes from 201.249.201.69#53(ns1.mppp.gob.ve) in 297 ms
- #######################################################################################################################################
- [+] Hosting Info for Website: www.mppp.gob.ve
- [+] Visitors per day: 1,740
- [+] IP Address: ...
- [+] IP Reverse DNS (Host): 201.249.203.40
- [+] Hosting Company IP Owner: Cantv Servicios, Venezuela
- [+] Hosting IP Range: 201.249.128.0 - 201.249.255.255 (32,768 ip)
- [+] Owner Address: Cantv Cor Los Palos Grandes- Chacao, Caracas Venezuela, 000, 1060 - Caracas - Mi, VE
- [+] Owner Country: VEN
- [+] Owner Phone: +58 2122095685
- [+] Owner Website: www.cantv.net
- [+] Owner CIDR: 201.249.128.0/17
- #######################################################################################################################################
- [+] Testing domain
- www.mppp.gob.ve 201.249.203.40
- [+] Dns resolving
- Domain name Ip address Name server
- No address associated with hostname mppp.gob.ve
- [+] Testing wildcard
- Ok, no wildcard found.
- [+] Scanning for subdomain on mppp.gob.ve
- [!] Wordlist not specified. I scannig with my internal wordlist...
- Estimated time about 229.82 seconds
- Subdomain Ip address Name server
- ns1.mppp.gob.ve 201.249.201.69 201-249-201-69.estatic.cantv.net
- ns2.mppp.gob.ve 201.249.201.70 201-249-201-70.estatic.cantv.n
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------------------------------------------------------------------------------------------------------------------------------------
- 201.249.203.37 503 alias conference.mppp.gob.ve
- 201.249.203.37 503 host openfire.mppp.gob.ve
- 201.249.203.33 302 host correo.mppp.gob.ve
- 201.249.201.69 host ns1.mppp.gob.ve
- 201.249.201.70 host ns2.mppp.gob.ve
- 201.249.203.40 200 host www.mppp.gob.ve
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: mppp.gob.ve
- [-] DNSSEC is not configured for mppp.gob.ve
- [*] SOA mppp.gob.ve 201.249.203.40
- [*] NS ns1.mppp.gob.ve 201.249.201.69
- [*] Bind Version for 201.249.201.69 9.10.3-P4-Debian
- [*] NS ns2.mppp.gob.ve 201.249.201.70
- [*] Bind Version for 201.249.201.70 9.10.3-P4-Debian
- [*] MX correo.mppp.gob.ve 201.249.203.33
- [*] A mppp.gob.ve 201.249.203.40
- [*] TXT mppp.gob.ve v=spf1 a mx ~all
- [*] TXT mppp.gob.ve google-site-verification=RqIgI6dEU1c9m7AButstf2q-CMpQOFz1684MpWzDX2M
- [*] Enumerating SRV Records
- [*] SRV _xmpp-client._tcp.mppp.gob.ve openfire.mppp.gob.ve 201.249.203.37 5222 5
- [*] SRV _xmpp-server._tcp.mppp.gob.ve openfire.mppp.gob.ve 201.249.203.37 5269 5
- [+] 2 Records Found
- #######################################################################################################################################
- [*] Processing domain mppp.gob.ve
- [+] Getting nameservers
- 201.249.201.69 - ns1.mppp.gob.ve
- 201.249.201.70 - ns2.mppp.gob.ve
- [-] Zone transfer failed
- [+] TXT records found
- "v=spf1 a mx ~all"
- "google-site-verification=RqIgI6dEU1c9m7AButstf2q-CMpQOFz1684MpWzDX2M"
- [+] MX records found, added to target list
- 10 correo.mppp.gob.ve.
- [*] Scanning mppp.gob.ve for A records
- 201.249.203.40 - mppp.gob.ve
- 201.249.203.37 - conference.mppp.gob.ve
- 201.249.203.33 - correo.mppp.gob.ve
- 201.249.201.69 - ns1.mppp.gob.ve
- 201.249.201.70 - ns2.mppp.gob.ve
- 201.249.203.44 - report.mppp.gob.ve
- 201.249.203.40 - www.mppp.gob.ve
- #######################################################################################################################################
- Total hosts: 57
- [-] Resolving hostnames IPs...
- 253Dinfoplan.mppp.gob.ve:empty
- 253Dmail.mppp.gob.ve:empty
- Infoplan.mppp.gob.ve:201.249.203.40
- bigbluebutton.mppp.gob.ve:empty
- collabora.mppp.gob.ve:201.249.203.38
- correo.mppp.gob.ve:201.249.203.33
- gitlab.mppp.gob.ve:201.249.203.46
- infoplan.mppp.gob.ve:201.249.203.40
- mail.mppp.gob.ve:empty
- mautic.mppp.gob.ve:201.249.203.45
- mtrreport-mail.mppp.gob.ve:empty
- nextcloud.mppp.gob.ve:empty
- ns1.mppp.gob.ve:201.249.201.69
- ns2.mppp.gob.ve:201.249.201.70
- nube.mppp.gob.ve:201.249.203.49
- openfire.mppp.gob.ve:201.249.203.37
- riot.mppp.gob.ve:empty
- sidepro.mppp.gob.ve:200.109.67.88
- siglas.mppp.gob.ve:201.249.203.42
- sipes.mppp.gob.ve:150.187.36.127
- sisov.mppp.gob.ve:empty
- snip.mppp.gob.ve:201.249.203.57
- specialzones.mppp.gob.ve:201.249.203.40
- www.infoplan.mppp.gob.ve:201.249.203.40
- www.mppp.gob.ve:201.249.203.40
- www.papelcero.mppp.gob.ve:201.249.203.40
- www.rernep.mppp.gob.ve:201.249.203.41
- www.sicecom.mppp.gob.ve:201.249.203.40
- www.specialzones.mppp.gob.ve:201.249.203.40
- www.zonaseconomicasespeciales.mppp.gob.ve:201.249.203.40
- zonaseconomicasespeciales.mppp.gob.ve:201.249.203.40
- ######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 201.249.203.40
- + Target Hostname: 201.249.203.40
- + Target Port: 443
- ---------------------------------------------------------------------------------------------------------------------------------------
- + SSL Info: Subject: /C=VE/ST=DistritoCapital/L=Caracas/O=MPPP/OU=DGI/CN=mppp/emailAddress=soporte@mppp.gob.ve
- Ciphers: ECDHE-RSA-AES256-GCM-SHA384
- Issuer: /C=VE/ST=DistritoCapital/L=Caracas/O=MPPP/OU=DGI/CN=mppp/emailAddress=soporte@mppp.gob.ve
- + Start Time: 2018-11-07 06:23:46 (GMT-5)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: MicrosoftIIS/8.0
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Cookie PHPSESSID created without the secure flag
- + Cookie PHPSESSID created without the httponly flag
- + Cookie wphc_seen created without the secure flag
- + Cookie wphc_seen created without the httponly flag
- + Root page / redirects to: https://www.mppp.gob.ve/
- + Uncommon header 'link' found, with contents: <https://www.mppp.gob.ve/>; rel=shortlink
- + The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
- + Hostname '201.249.203.40' does not match certificate's names: mppp
- + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
- + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
- + Server leaks inodes via ETags, header found with file /sitemap.xml, inode: 140176, size: 17622, mtime: Tue Aug 8 15:01:07 2017
- + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content.
- + OSVDB-3092: /libro/: This might be interesting...
- + Uncommon header 'tcn' found, with contents: choice
- + OSVDB-3092: /readme: This might be interesting...
- + OSVDB-3233: /icons/README: Apache default file found.
- + /wp-links-opml.php: This WordPress script reveals the installed version.
- + OSVDB-3092: /license.txt: License file found may identify site software.
- + Cookie wordpress_test_cookie created without the httponly flag
- + OSVDB-3092: /.git/index: Git Index file may contain directory listing information.
- + /.git/HEAD: Git HEAD file found. Full repo details may be present.
- + OSVDB-3268: /wp-content/uploads/: Directory indexing found.
- + /wp-content/uploads/: Wordpress uploads directory is browsable. This may reveal sensitive information
- + /.git/config: Git config file found. Infos about repo details may be present.
- + 8346 requests: 0 error(s) and 27 item(s) reported on remote host
- + End Time: 2018-11-07 09:40:18 (GMT-5) (11792 seconds)
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 201.249.203.40
- + Target Hostname: 201.249.203.40
- + Target Port: 80
- + Start Time: 2018-11-07 06:23:19 (GMT-5)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: No banner retrieved
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Cookie PHPSESSID created without the httponly flag
- + Cookie wphc_seen created without the httponly flag
- + Root page / redirects to: http://www.mppp.gob.ve/
- + Uncommon header 'link' found, with contents: <http://www.mppp.gob.ve/wp-json/>; rel="https://api.w.org/"
- + Entry '/wp-admin/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
- + Entry '/wp-admin/admin-ajax.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + "robots.txt" contains 2 entries which should be manually viewed.
- + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
- + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
- + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
- + /servlet/webacc?User.html=noexist: Netware web access may reveal full path of the web server. Apply vendor patch or upgrade.
- + Server leaks inodes via ETags, header found with file /sitemap.xml, inode: 140176, size: 17622, mtime: Tue Aug 8 15:01:07 2017
- + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content.
- + OSVDB-3092: /libro/: This might be interesting...
- + OSVDB-3092: /noticias/: This might be interesting...
- + OSVDB-3233: /icons/README: Apache default file found.
- + /wp-links-opml.php: This WordPress script reveals the installed version.
- + OSVDB-3092: /license.txt: License file found may identify site software.
- + /wp-app.log: Wordpress' wp-app.log may leak application/system details.
- + /login1/: Admin login page/section found.
- + /wordpress/: A Wordpress installation was found.
- + /.git/HEAD: Git HEAD file found. Full repo details may be present.
- + /portal/changelog: Vignette richtext HTML editor changelog found.
- + /.git/config: Git config file found. Infos about repo details may be present.
- #######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 201.249.203.40
- + Target Hostname: www.mppp.gob.ve
- + Target Port: 80
- + Start Time: 2018-11-07 06:23:31 (GMT-5)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: No banner retrieved
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + Uncommon header 'link' found, with contents: <http://www.mppp.gob.ve/>; rel=shortlink
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Cookie PHPSESSID created without the httponly flag
- + Cookie wphc_seen created without the httponly flag
- + Entry '/wp-admin/' in robots.txt returned a non-forbidden or redirect HTTP code (302)
- + Entry '/wp-admin/admin-ajax.php' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + "robots.txt" contains 2 entries which should be manually viewed.
- + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
- + Server leaks inodes via ETags, header found with file /wp-content/uploads/2013/11/favicon.ico, inode: 6613, size: 16958, mtime: Tue Aug 8 15:00:34 2017
- + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
- + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
- + /servlet/webacc?User.html=noexist: Netware web access may reveal full path of the web server. Apply vendor patch or upgrade.
- #######################################################################################################################################
- [+] URL: http://www.mppp.gob.ve/
- [+] Started: Wed Nov 7 01:46:05 2018
- Interesting Finding(s):
- [+] http://www.mppp.gob.ve/robots.txt
- | Interesting Entries:
- | - /wp-admin/
- | - /wp-admin/admin-ajax.php
- | Found By: Robots Txt (Aggressive Detection)
- | Confidence: 100%
- [+] http://www.mppp.gob.ve/xmlrpc.php
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] http://www.mppp.gob.ve/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] WordPress version 4.8.1 identified (Released on 2017-08-02).
- | Detected By: Rss Generator (Passive Detection)
- | - http://www.mppp.gob.ve/feed/, <generator>https://wordpress.org/?v=4.8.1</generator>
- | - http://www.mppp.gob.ve/comments/feed/, <generator>https://wordpress.org/?v=4.8.1</generator>
- |
- | [!] 18 vulnerabilities identified:
- |
- | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8905
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
- |
- | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8910
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41398
- |
- | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8911
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41457
- |
- | [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8912
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41397
- |
- | [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8913
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41448
- |
- | [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8914
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41395
- | - https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
- |
- | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
- | References:
- | - https://wpvulndb.com/vulnerabilities/8807
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
- | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
- | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
- | - https://core.trac.wordpress.org/ticket/25239
- |
- | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
- | Fixed in: 4.8.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/8941
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
- | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
- | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
- | - https://twitter.com/ircmaxell/status/923662170092638208
- | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
- |
- | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
- | Fixed in: 4.8.4
- | References:
- | - https://wpvulndb.com/vulnerabilities/8966
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
- |
- | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
- | Fixed in: 4.8.4
- | References:
- | - https://wpvulndb.com/vulnerabilities/8967
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
- |
- | [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
- | Fixed in: 4.8.4
- | References:
- | - https://wpvulndb.com/vulnerabilities/8968
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
- |
- | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
- | Fixed in: 4.8.4
- | References:
- | - https://wpvulndb.com/vulnerabilities/8969
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
- |
- | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
- | Fixed in: 4.8.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/9006
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
- | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
- | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/ticket/42720
- |
- | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
- | References:
- | - https://wpvulndb.com/vulnerabilities/9021
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
- | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
- | - https://github.com/quitten/doser.py
- | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- |
- | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
- | Fixed in: 4.8.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/9053
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
- |
- | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
- | Fixed in: 4.8.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/9054
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
- |
- | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
- | Fixed in: 4.8.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/9055
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
- | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
- |
- | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
- | Fixed in: 4.8.7
- | References:
- | - https://wpvulndb.com/vulnerabilities/9100
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
- | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
- | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
- | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
- | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
- [+] WordPress theme in use: planshet
- | Location: http://www.mppp.gob.ve/wp-content/themes/planshet/
- | Readme: http://www.mppp.gob.ve/wp-content/themes/planshet/readme.txt
- | Changelog: http://www.mppp.gob.ve/wp-content/themes/planshet/changelog.txt
- | [!] An error log file has been found: http://www.mppp.gob.ve/wp-content/themes/planshet/error_log
- | Style URL: http://www.mppp.gob.ve/wp-content/themes/planshet/style.css
- |
- | Detected By: Css Style (Passive Detection)
- | Confirmed By: Urls In Homepage (Passive Detection)
- |
- | The version could not be determined.
- [+] Enumerating Vulnerable Plugins
- [+] Checking Plugin Versions
- [i] Plugin(s) Identified:
- [+] contact-form-7
- | Location: http://www.mppp.gob.ve/wp-content/plugins/contact-form-7/
- | Last Updated: 2018-10-29T23:58:00.000Z
- | [!] The version is out of date, the latest version is 5.0.5
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | [!] 1 vulnerability identified:
- |
- | [!] Title: Contact Form 7 <= 5.0.3 - register_post_type() Privilege Escalation
- | Fixed in: 5.0.4
- | References:
- | - https://wpvulndb.com/vulnerabilities/9127
- | - https://contactform7.com/2018/09/04/contact-form-7-504/
- | - https://plugins.trac.wordpress.org/changeset/1935726/contact-form-7
- | - https://plugins.trac.wordpress.org/changeset/1934594/contact-form-7
- | - https://plugins.trac.wordpress.org/changeset/1934343/contact-form-7
- | - https://plugins.trac.wordpress.org/changeset/1934327/contact-form-7
- |
- | Version: 4.8.1 (100% confidence)
- | Detected By: Query Parameter (Passive Detection)
- | - http://www.mppp.gob.ve/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.8.1
- | - http://www.mppp.gob.ve/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.8.1
- | Confirmed By:
- | Readme - Stable Tag (Aggressive Detection)
- | - http://www.mppp.gob.ve/wp-content/plugins/contact-form-7/readme.txt
- | Readme - ChangeLog Section (Aggressive Detection)
- | - http://www.mppp.gob.ve/wp-content/plugins/contact-form-7/readme.txt
- [+] events-manager
- | Location: http://www.mppp.gob.ve/wp-content/plugins/events-manager/
- | Last Updated: 2018-08-07T19:10:00.000Z
- | [!] The version is out of date, the latest version is 5.9.5
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | [!] 1 vulnerability identified:
- |
- | [!] Title: Events Manager <= 5.8.1.1 - Unauthenticated Stored XSS
- | Fixed in: 5.8.1.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/9047
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9020
- | - https://www.gubello.me/blog/events-manager-authenticated-stored-xss/
- |
- | Version: 5.7.3 (100% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://www.mppp.gob.ve/wp-content/plugins/events-manager/readme.txt
- | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
- | - http://www.mppp.gob.ve/wp-content/plugins/events-manager/readme.txt
- [+] wp-custom-fields-search
- | Location: http://www.mppp.gob.ve/wp-content/plugins/wp-custom-fields-search/
- | Last Updated: 2018-10-10T18:47:00.000Z
- | [!] The version is out of date, the latest version is 1.2.12
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | [!] 1 vulnerability identified:
- |
- | [!] Title: WP Custom Fields Search - Unauthenticated Reflected Cross-Site Scripting (XSS)
- | References:
- | - https://wpvulndb.com/vulnerabilities/8848
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9419
- | - https://dtsa.eu/cve-2017-9419-wordpress-wp-custom-fields-search-v-0-3-28-reflected-cross-site-scripting-xss/
- |
- | Version: 0.3.23 (80% confidence)
- | Detected By: Readme - Stable Tag (Aggressive Detection)
- | - http://www.mppp.gob.ve/wp-content/plugins/wp-custom-fields-search/README.txt
- [+] Enumerating Vulnerable Themes
- Checking Known Locations - Time: 00:02:25 <> (287 / 287) 100.00% Time: 00:02:25
- [+] Checking Theme Versions
- [i] No themes Found.
- [+] Enumerating Timthumbs
- [i] No Timthumbs Found.
- [+] Enumerating Config Backups
- Checking Config Backups - Time: 00:00:11 <===> (21 / 21) 100.00% Time: 00:00:11
- [i] No Config Backups Found.
- [+] Enumerating DB Exports
- Checking DB Exports - Time: 00:00:17 <=======> (36 / 36) 100.00% Time: 00:00:17
- [i] No DB Exports Found.
- [i] No Medias Found.
- [+] Enumerating Users
- Brute Forcing Author IDs - Time: 00:00:07 <==> (10 / 10) 100.00% Time: 00:00:07
- [i] User(s) Identified:
- [+] Marian Marrero
- | Detected By: Rss Generator (Passive Detection)
- | Confirmed By: Rss Generator (Aggressive Detection)
- [+] editor
- | Detected By: Wp Json Api (Aggressive Detection)
- | - http://www.mppp.gob.ve/wp-json/wp/v2/users/
- | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- [+] mmarrero
- | Detected By: Wp Json Api (Aggressive Detection)
- | - http://www.mppp.gob.ve/wp-json/wp/v2/users/
- [+] oticmppp
- | Detected By: Wp Json Api (Aggressive Detection)
- | - http://www.mppp.gob.ve/wp-json/wp/v2/users/
- | Confirmed By: Oembed API - Author URL (Aggressive Detection)
- | - http://www.mppp.gob.ve/wp-json/oembed/1.0/embed?url=http://www.mppp.gob.ve/&format=json
- [+] sistema
- | Detected By: Wp Json Api (Aggressive Detection)
- | - http://www.mppp.gob.ve/wp-json/wp/v2/users/
- | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
- [+] Finished: Wed Nov 7 02:12:28 2018
- [+] Requests Done: 3074
- [+] Cached Requests: 7
- [+] Data Sent: 713.975 KB
- [+] Data Received: 193.655 MB
- [+] Memory used: 196.941 MB
- [+] Elapsed time: 00:26:23
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 03:43 EST
- Nmap scan report for 201.249.203.40
- Host is up (0.13s latency).
- Not shown: 471 filtered ports, 3 closed ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 80/tcp open http
- 443/tcp open https
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 03:43 EST
- Nmap scan report for 201.249.203.40
- Host is up (0.11s latency).
- Not shown: 2 filtered ports
- PORT STATE SERVICE
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 03:44 EST
- Nmap scan report for 201.249.203.40
- Host is up.
- PORT STATE SERVICE VERSION
- 67/udp open|filtered dhcps
- |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 106.02 ms 10.244.200.1
- 2 116.82 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
- 3 115.63 ms 82.102.29.40
- 4 115.67 ms 82.102.29.61
- 5 121.76 ms 77.243.180.166
- 6 ...
- 7 221.75 ms us-was03a-rd1-ae102-0.aorta.net (84.116.130.122)
- 8 221.70 ms us-was03a-ri1-ae11-0.aorta.net (84.116.130.165)
- 9 243.24 ms 213.46.182.18
- 10 232.68 ms 69.79.100.23
- 11 232.92 ms 63.245.5.183
- 12 300.04 ms 63.245.45.174
- 13 ... 16
- 17 303.59 ms 201-249-202-146.estatic.cantv.net (201.249.202.146)
- 18 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 03:46 EST
- Nmap scan report for 201.249.203.40
- Host is up.
- PORT STATE SERVICE VERSION
- 68/udp open|filtered dhcpc
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 106.34 ms 10.244.200.1
- 2 109.79 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
- 3 115.53 ms 82.102.29.40
- 4 115.96 ms 82.102.29.61
- 5 116.01 ms 77.243.180.166
- 6 117.60 ms 84.116.130.177
- 7 221.67 ms us-was03a-rd1-ae102-0.aorta.net (84.116.130.122)
- 8 221.63 ms us-was03a-ri1-ae11-0.aorta.net (84.116.130.165)
- 9 242.98 ms 213.46.182.18
- 10 232.63 ms 69.79.100.23
- 11 232.76 ms 63.245.5.183
- 12 301.95 ms 63.245.45.174
- 13 ... 16
- 17 306.12 ms 201-249-202-146.estatic.cantv.net (201.249.202.146)
- 18 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 03:48 EST
- Nmap scan report for 201.249.203.40
- Host is up.
- PORT STATE SERVICE VERSION
- 69/udp open|filtered tftp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 106.92 ms 10.244.200.1
- 2 108.47 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
- 3 128.35 ms 82.102.29.40
- 4 116.69 ms 82.102.29.61
- 5 116.74 ms 77.243.180.166
- 6 116.99 ms 84.116.130.177
- 7 222.64 ms us-was03a-rd1-ae102-0.aorta.net (84.116.130.122)
- 8 222.62 ms us-was03a-ri1-ae11-0.aorta.net (84.116.130.165)
- 9 243.93 ms 213.46.182.18
- 10 233.62 ms 69.79.100.23
- 11 235.50 ms 63.245.5.183
- 12 304.04 ms 63.245.45.174
- 13 ... 16
- 17 302.84 ms 201-249-202-146.estatic.cantv.net (201.249.202.146)
- 18 ... 30
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://201.249.203.40
- The site http://201.249.203.40 is behind a ModSecurity (OWASP CRS)
- Number of requests: 12
- #######################################################################################################################################
- http://201.249.203.40 [301 Moved Permanently] Cookies[PHPSESSID,wphc_seen], Country[VENEZUELA][VE], IP[201.249.203.40], RedirectLocation[http://www.mppp.gob.ve/]
- http://www.mppp.gob.ve/ [200 OK] Cookies[PHPSESSID,wphc_seen], Country[VENEZUELA][VE], Frame, HTML5, IP[201.249.203.40], JQuery[4.8.1], Lightbox, MetaGenerator[WordPress 4.8.1], Script[text/javascript], Title[MPPP | Ministerio del Poder Popular de Planificación], UncommonHeaders[link], WordPress[4.8,4.8.1], YouTube
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning http://www.mppp.gob.ve...
- ___________________________________________ SITE INFO ____________________________________________
- IP Title
- 201.249.203.40 MPPP | Ministerio del Poder Popular de Planificación
- ____________________________________________ VERSION _____________________________________________
- Name Versions Type
- WordPress 4.8 | 4.8.1 CMS
- Apache 2.2.11 | 2.2.12 | 2.2.13 | 2.2.14 | 2.2.15 | 2.2.16 | 2.2.17 Platform
- 2.2.18 | 2.2.19 | 2.2.20 | 2.2.21 | 2.2.22 | 2.2.23 | 2.2.24
- 2.2.25 | 2.2.26 | 2.2.27 | 2.2.28 | 2.2.29 | 2.3.0 | 2.3.1
- 2.3.10 | 2.3.11 | 2.3.12 | 2.3.13 | 2.3.14 | 2.3.15 | 2.3.16
- 2.3.2 | 2.3.3 | 2.3.4 | 2.3.5 | 2.3.6 | 2.3.7 | 2.3.8
- 2.3.9 | 2.4.0 | 2.4.1 | 2.4.2 | 2.4.3
- PHP Platform
- __________________________________________ INTERESTING ___________________________________________
- URL Note Type
- /readme.html Wordpress readme Interesting
- /readme.html Readme file Interesting
- /robots.txt robots.txt index Interesting
- _____________________________________________ TOOLS ______________________________________________
- Name Link Software
- wpscan https://github.com/wpscanteam/wpscan WordPress
- CMSmap https://github.com/Dionach/CMSmap WordPress
- __________________________________________________________________________________________________
- Time: 210.4 sec Urls: 556 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 301 Moved Permanently
- Date: Wed, 07 Nov 2018 09:28:11 GMT
- Set-Cookie: PHPSESSID=vjoitafde7n3eq6r7aar56sh82; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Set-Cookie: wphc_seen=1; expires=Thu, 08-Nov-2018 09:28:12 GMT
- Location: http://www.mppp.gob.ve/
- Vary: Accept-Encoding
- Content-Encoding: gzip
- Content-Length: 20
- Content-Type: text/html; charset=UTF-8
- Connection: keep-alive
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 03:57 EST
- Nmap scan report for 201.249.203.40
- Host is up.
- PORT STATE SERVICE VERSION
- 123/udp open|filtered ntp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 105.85 ms 10.244.200.1
- 2 117.67 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
- 3 126.86 ms 82.102.29.40
- 4 115.66 ms 82.102.29.61
- 5 115.70 ms 77.243.180.166
- 6 116.25 ms 84.116.130.177
- 7 221.67 ms us-was03a-rd1-ae102-0.aorta.net (84.116.130.122)
- 8 221.49 ms us-was03a-ri1-ae11-0.aorta.net (84.116.130.165)
- 9 243.01 ms 213.46.182.18
- 10 232.55 ms 69.79.100.23
- 11 232.67 ms 63.245.5.183
- 12 300.00 ms 63.245.45.174
- 13 ... 16
- 17 302.72 ms 201-249-202-146.estatic.cantv.net (201.249.202.146)
- 18 ... 30
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 03:59 EST
- Nmap scan report for 201.249.203.40
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 161/tcp filtered snmp
- 161/udp open|filtered snmp
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 106.58 ms 10.244.200.1
- 2 137.98 ms vlan200.bb1.par1.fr.m247.com (185.94.189.129)
- 3 119.21 ms 82.102.29.40
- 4 116.38 ms 82.102.29.61
- 5 116.40 ms 77.243.180.166
- 6 117.06 ms 84.116.130.177
- 7 222.57 ms us-was03a-rd1-ae102-0.aorta.net (84.116.130.122)
- 8 222.27 ms us-was03a-ri1-ae11-0.aorta.net (84.116.130.165)
- 9 243.77 ms 213.46.182.18
- 10 233.22 ms 69.79.100.23
- 11 233.63 ms 63.245.5.183
- 12 298.63 ms 63.245.45.174
- 13 ... 16
- 17 303.61 ms 201-249-202-146.estatic.cantv.net (201.249.202.146)
- 18 ... 30
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking https://201.249.203.40
- The site https://201.249.203.40 is behind a ModSecurity (OWASP CRS)
- Number of requests: 11
- #######################################################################################################################################
- AVAILABLE PLUGINS
- -----------------
- PluginCertInfo
- PluginChromeSha1Deprecation
- PluginSessionRenegotiation
- PluginHSTS
- PluginSessionResumption
- PluginOpenSSLCipherSuites
- PluginHeartbleed
- PluginCompression
- CHECKING HOST(S) AVAILABILITY
- -----------------------------
- 201.249.203.40:443 => 201.249.203.40:443
- SCAN RESULTS FOR 201.249.203.40:443 - 201.249.203.40:443
- --------------------------------------------------------
- * Deflate Compression:
- OK - Compression disabled
- * Session Renegotiation:
- Client-initiated Renegotiations: OK - Rejected
- Secure Renegotiation: OK - Supported
- * Certificate - Content:
- SHA1 Fingerprint: aeada941188f2dc870662075108e319ecf6f7520
- Common Name: mppp
- Issuer: mppp
- Serial Number: CD13B17446FFC19D
- Not Before: Mar 6 16:07:17 2014 GMT
- Not After: Mar 6 16:07:17 2015 GMT
- Signature Algorithm: sha1WithRSAEncryption
- Public Key Algorithm: rsaEncryption
- Key Size: 2048 bit
- Exponent: 65537 (0x10001)
- * Certificate - Trust:
- Hostname Validation: FAILED - Certificate does NOT match 201.249.203.40
- Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
- Java 6 CA Store (Update 65): FAILED - Certificate is NOT Trusted: self signed certificate
- Microsoft CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
- Mozilla NSS CA Store (09/2015): FAILED - Certificate is NOT Trusted: self signed certificate
- Apple CA Store (OS X 10.10.5): FAILED - Certificate is NOT Trusted: self signed certificate
- Certificate Chain Received: ['mppp']
- * Certificate - OCSP Stapling:
- NOT SUPPORTED - Server did not send back an OCSP response.
- * Session Resumption:
- With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
- With TLS Session Tickets: OK - Supported
- * SSLV2 Cipher Suites:
- Server rejected all cipher suites.
- * SSLV3 Cipher Suites:
- Preferred:
- ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits
- Accepted:
- ECDHE-RSA-AES256-SHA ECDH-256 bits 256 bits
- DHE-RSA-CAMELLIA256-SHA DH-2048 bits 256 bits
- DHE-RSA-AES256-SHA DH-2048 bits 256 bits
- CAMELLIA256-SHA - 256 bits
- AES256-SHA - 256 bits
- ECDHE-RSA-RC4-SHA ECDH-256 bits 128 bits
- ECDHE-RSA-AES128-SHA ECDH-256 bits 128 bits
- DHE-RSA-SEED-SHA DH-2048 bits 128 bits
- DHE-RSA-CAMELLIA128-SHA DH-2048 bits 128 bits
- DHE-RSA-AES128-SHA DH-2048 bits 128 bits
- SEED-SHA - 128 bits
- RC4-SHA - 128 bits
- CAMELLIA128-SHA - 128 bits
- AES128-SHA - 128 bits
- ECDHE-RSA-DES-CBC3-SHA ECDH-256 bits 112 bits
- EDH-RSA-DES-CBC3-SHA DH-2048 bits 112 bits
- DES-CBC3-SHA - 112 bits
- SCAN COMPLETED IN 6.80 S
- ------------------------
- Version: 1.11.12-static
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 201.249.203.40
- Testing SSL server 201.249.203.40 on port 443 using SNI name 201.249.203.40
- TLS Fallback SCSV:
- Server supports TLS Fallback SCSV
- TLS renegotiation:
- Secure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
- Accepted TLSv1.2 256 bits AES256-GCM-SHA384
- Accepted TLSv1.2 256 bits AES256-SHA256
- Accepted TLSv1.2 256 bits AES256-SHA
- Accepted TLSv1.2 256 bits CAMELLIA256-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
- Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
- Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
- Accepted TLSv1.2 128 bits AES128-GCM-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA256
- Accepted TLSv1.2 128 bits AES128-SHA
- Accepted TLSv1.2 128 bits SEED-SHA
- Accepted TLSv1.2 128 bits CAMELLIA128-SHA
- Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 128 bits RC4-SHA
- Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
- Accepted TLSv1.2 112 bits DES-CBC3-SHA
- Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
- Accepted TLSv1.1 256 bits AES256-SHA
- Accepted TLSv1.1 256 bits CAMELLIA256-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
- Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
- Accepted TLSv1.1 128 bits AES128-SHA
- Accepted TLSv1.1 128 bits SEED-SHA
- Accepted TLSv1.1 128 bits CAMELLIA128-SHA
- Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 128 bits RC4-SHA
- Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
- Accepted TLSv1.1 112 bits DES-CBC3-SHA
- Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
- Accepted TLSv1.0 256 bits AES256-SHA
- Accepted TLSv1.0 256 bits CAMELLIA256-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
- Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
- Accepted TLSv1.0 128 bits AES128-SHA
- Accepted TLSv1.0 128 bits SEED-SHA
- Accepted TLSv1.0 128 bits CAMELLIA128-SHA
- Accepted TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 128 bits RC4-SHA
- Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
- Accepted TLSv1.0 112 bits DES-CBC3-SHA
- Preferred SSLv3 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
- Accepted SSLv3 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
- Accepted SSLv3 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
- Accepted SSLv3 256 bits AES256-SHA
- Accepted SSLv3 256 bits CAMELLIA256-SHA
- Accepted SSLv3 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
- Accepted SSLv3 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
- Accepted SSLv3 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
- Accepted SSLv3 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
- Accepted SSLv3 128 bits AES128-SHA
- Accepted SSLv3 128 bits SEED-SHA
- Accepted SSLv3 128 bits CAMELLIA128-SHA
- Accepted SSLv3 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
- Accepted SSLv3 128 bits RC4-SHA
- Accepted SSLv3 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
- Accepted SSLv3 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
- Accepted SSLv3 112 bits DES-CBC3-SHA
- SSL Certificate:
- Signature Algorithm: sha1WithRSAEncryption
- RSA Key Strength: 2048
- Subject: mppp
- Issuer: mppp
- Not valid before: Mar 6 16:07:17 2014 GMT
- Not valid after: Mar 6 16:07:17 2015 GMT
- ######################################################################################################################################
- I, [2018-11-07T04:05:57.359627 #10640] INFO -- : Initiating port scan
- I, [2018-11-07T04:08:47.223919 #10640] INFO -- : Using nmap scan output file logs/nmap_output_2018-11-07_04-05-57.xml
- I, [2018-11-07T04:08:47.250943 #10640] INFO -- : Discovered open port: 201.249.203.40:80
- I, [2018-11-07T04:08:51.341409 #10640] INFO -- : Discovered open port: 201.249.203.40:443
- I, [2018-11-07T04:08:53.766629 #10640] INFO -- : <<<Enumerating vulnerable applications>>>
- --------------------------------------------------------
- <<<Yasuo discovered following vulnerable applications>>>
- --------------------------------------------------------
- +----------+--------------------+-------------------+----------+----------+
- | App Name | URL to Application | Potential Exploit | Username | Password |
- +----------+--------------------+-------------------+----------+----------+
- +----------+--------------------+-------------------+----------+----------+
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 04:16 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 04:16
- Completed NSE at 04:16, 0.00s elapsed
- Initiating NSE at 04:16
- Completed NSE at 04:16, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 04:16
- Completed Parallel DNS resolution of 1 host. at 04:16, 16.50s elapsed
- Initiating SYN Stealth Scan at 04:16
- Scanning 201.249.203.40 [474 ports]
- Discovered open port 80/tcp on 201.249.203.40
- Discovered open port 443/tcp on 201.249.203.40
- Completed SYN Stealth Scan at 04:16, 13.41s elapsed (474 total ports)
- Initiating Service scan at 04:16
- Scanning 2 services on 201.249.203.40
- Service scan Timing: About 50.00% done; ETC: 04:18 (0:00:40 remaining)
- Completed Service scan at 04:18, 129.29s elapsed (2 services on 1 host)
- Initiating OS detection (try #1) against 201.249.203.40
- Retrying OS detection (try #2) against 201.249.203.40
- Initiating Traceroute at 04:18
- Completed Traceroute at 04:18, 0.12s elapsed
- Initiating Parallel DNS resolution of 2 hosts. at 04:18
- Completed Parallel DNS resolution of 2 hosts. at 04:19, 16.50s elapsed
- NSE: Script scanning 201.249.203.40.
- Initiating NSE at 04:19
- Completed NSE at 04:19, 33.75s elapsed
- Initiating NSE at 04:19
- Completed NSE at 04:19, 0.00s elapsed
- Nmap scan report for 201.249.203.40
- Host is up (0.11s latency).
- Not shown: 469 filtered ports
- PORT STATE SERVICE VERSION
- 25/tcp closed smtp
- 80/tcp open http-proxy Squid http proxy
- | http-cookie-flags:
- | /:
- | PHPSESSID:
- |_ httponly flag not set
- |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
- | http-git:
- | 201.249.203.40:80/.git/
- | Git repository found!
- | Repository description: Unnamed repository; edit this file 'description' to name the...
- | Last commit message: PRIMERA SUBIDA PORTAL PRINCIPAL
- | Remotes:
- |_ ssh://git@gitlab.mppp.gob.ve:22000/sistemas/mppp.git
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-open-proxy: Proxy might be redirecting requests
- | http-robots.txt: 1 disallowed entry
- |_/wp-admin/
- |_http-title: Did not follow redirect to http://www.mppp.gob.ve/
- 139/tcp closed netbios-ssn
- 443/tcp open ssl/https MicrosoftIIS/8.0
- | fingerprint-strings:
- | GetRequest:
- | HTTP/1.0 301 Moved Permanently
- | Date: Wed, 07 Nov 2018 09:48:08 GMT
- | Server: MicrosoftIIS/8.0
- | Set-Cookie: PHPSESSID=m0iucr90p82cuoh93i4o36ru94; path=/
- | Expires: Thu, 19 Nov 1981 08:52:00 GMT
- | Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- | Pragma: no-cache
- | Set-Cookie: wphc_seen=1; expires=Thu, 08-Nov-2018 09:48:09 GMT
- | Location: https:///
- | Vary: Accept-Encoding
- | Content-Length: 0
- | Connection: close
- | Content-Type: text/html; charset=UTF-8
- | HTTPOptions:
- | HTTP/1.0 200 OK
- | Date: Wed, 07 Nov 2018 09:48:11 GMT
- | Server: MicrosoftIIS/8.0
- | Set-Cookie: PHPSESSID=ni1bgnvd8atc3bhhk4a71p1412; path=/
- | Expires: Thu, 19 Nov 1981 08:52:00 GMT
- | Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- | Pragma: no-cache
- | Set-Cookie: wphc_seen=1; expires=Thu, 08-Nov-2018 09:48:11 GMT
- | Link: <https://www.mppp.gob.ve/wp-json/>; rel="https://api.w.org/"
- | Link: <https://www.mppp.gob.ve/>; rel=shortlink
- | Vary: Accept-Encoding
- | Connection: close
- | Content-Type: text/html; charset=UTF-8
- | <!DOCTYPE html>
- | <html xmlns="http://www.w3.org/1999/xhtml" lang="es-ES">
- | <head>
- | <meta name="google-site-verification" content="xg3iAA0jWXTPSUbut-xZZNomD9kJgzu37TvmGXJe63A" />
- | <title>MPPP | Ministerio del Poder Popular de Planificaci
- | n</title>
- |_ <meta name="a
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: MicrosoftIIS/8.0
- | ssl-cert: Subject: commonName=mppp/organizationName=MPPP/stateOrProvinceName=DistritoCapital/countryName=VE
- | Issuer: commonName=mppp/organizationName=MPPP/stateOrProvinceName=DistritoCapital/countryName=VE
- | Public Key type: rsa
- | Public Key bits: 2048
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2014-03-06T16:07:17
- | Not valid after: 2015-03-06T16:07:17
- | MD5: e2f3 c645 3ae7 ad04 b833 3eeb b8b7 8f18
- |_SHA-1: aead a941 188f 2dc8 7066 2075 108e 319e cf6f 7520
- |_ssl-date: TLS randomness does not represent time
- 445/tcp closed microsoft-ds
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
- SF-Port443-TCP:V=7.70%T=SSL%I=7%D=11/7%Time=5BE2AD87%P=x86_64-pc-linux-gnu
- SF:%r(GetRequest,1DE,"HTTP/1\.0\x20301\x20Moved\x20Permanently\r\nDate:\x2
- SF:0Wed,\x2007\x20Nov\x202018\x2009:48:08\x20GMT\r\nServer:\x20MicrosoftII
- SF:S/8\.0\r\nSet-Cookie:\x20PHPSESSID=m0iucr90p82cuoh93i4o36ru94;\x20path=
- SF:/\r\nExpires:\x20Thu,\x2019\x20Nov\x201981\x2008:52:00\x20GMT\r\nCache-
- SF:Control:\x20no-store,\x20no-cache,\x20must-revalidate,\x20post-check=0,
- SF:\x20pre-check=0\r\nPragma:\x20no-cache\r\nSet-Cookie:\x20wphc_seen=1;\x
- SF:20expires=Thu,\x2008-Nov-2018\x2009:48:09\x20GMT\r\nLocation:\x20https:
- SF:///\r\nVary:\x20Accept-Encoding\r\nContent-Length:\x200\r\nConnection:\
- SF:x20close\r\nContent-Type:\x20text/html;\x20charset=UTF-8\r\n\r\n")%r(HT
- SF:TPOptions,2381,"HTTP/1\.0\x20200\x20OK\r\nDate:\x20Wed,\x2007\x20Nov\x2
- SF:02018\x2009:48:11\x20GMT\r\nServer:\x20MicrosoftIIS/8\.0\r\nSet-Cookie:
- SF:\x20PHPSESSID=ni1bgnvd8atc3bhhk4a71p1412;\x20path=/\r\nExpires:\x20Thu,
- SF:\x2019\x20Nov\x201981\x2008:52:00\x20GMT\r\nCache-Control:\x20no-store,
- SF:\x20no-cache,\x20must-revalidate,\x20post-check=0,\x20pre-check=0\r\nPr
- SF:agma:\x20no-cache\r\nSet-Cookie:\x20wphc_seen=1;\x20expires=Thu,\x2008-
- SF:Nov-2018\x2009:48:11\x20GMT\r\nLink:\x20<https://www\.mppp\.gob\.ve/wp-
- SF:json/>;\x20rel=\"https://api\.w\.org/\"\r\nLink:\x20<https://www\.mppp\
- SF:.gob\.ve/>;\x20rel=shortlink\r\nVary:\x20Accept-Encoding\r\nConnection:
- SF:\x20close\r\nContent-Type:\x20text/html;\x20charset=UTF-8\r\n\r\n<!DOCT
- SF:YPE\x20html>\r\n<html\x20xmlns=\"http://www\.w3\.org/1999/xhtml\"\x20la
- SF:ng=\"es-ES\">\r\n<head>\r\n\r\n<meta\x20name=\"google-site-verification
- SF:\"\x20content=\"xg3iAA0jWXTPSUbut-xZZNomD9kJgzu37TvmGXJe63A\"\x20/>\x20
- SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
- SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
- SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
- SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
- SF:\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\r\n\t<titl
- SF:e>MPPP\x20\|\x20Ministerio\x20del\x20Poder\x20Popular\x20de\x20Planific
- SF:aci\xc3\xb3n</title>\r\n\x20\x20\x20\x20\x20\x20\x20\x20<meta\x20name=\
- SF:"a");
- Device type: general purpose|storage-misc|broadband router|WAP
- Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (93%), HP embedded (90%), Asus embedded (87%)
- OS CPE: cpe:/o:linux:linux_kernel:3.18 cpe:/o:linux:linux_kernel:4 cpe:/h:hp:p2000_g3 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel cpe:/h:asus:rt-ac66u
- Aggressive OS guesses: Linux 3.18 (93%), Linux 3.16 - 4.6 (93%), Linux 3.10 - 4.11 (91%), Linux 3.13 (91%), Linux 3.13 or 4.2 (91%), Linux 4.2 (91%), Linux 4.4 (91%), HP P2000 G3 NAS device (90%), Linux 3.2 - 4.9 (90%), Linux 3.16 (89%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 85.089 days (since Tue Aug 14 03:11:13 2018)
- Network Distance: 2 hops
- TCP Sequence Prediction: Difficulty=263 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE (using port 139/tcp)
- HOP RTT ADDRESS
- 1 105.87 ms 10.244.200.1
- 2 105.88 ms 201.249.203.40
- NSE: Script Post-scanning.
- Initiating NSE at 04:19
- Completed NSE at 04:19, 0.00s elapsed
- Initiating NSE at 04:19
- Completed NSE at 04:19, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 214.58 seconds
- Raw packets sent: 1499 (70.804KB) | Rcvd: 1071 (509.358KB)
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 04:19 EST
- NSE: Loaded 148 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 04:19
- Completed NSE at 04:19, 0.00s elapsed
- Initiating NSE at 04:19
- Completed NSE at 04:19, 0.00s elapsed
- Initiating Parallel DNS resolution of 1 host. at 04:19
- Completed Parallel DNS resolution of 1 host. at 04:20, 16.50s elapsed
- Initiating UDP Scan at 04:20
- Scanning 201.249.203.40 [14 ports]
- Completed UDP Scan at 04:20, 2.01s elapsed (14 total ports)
- Initiating Service scan at 04:20
- Scanning 12 services on 201.249.203.40
- Service scan Timing: About 8.33% done; ETC: 04:39 (0:17:58 remaining)
- Completed Service scan at 04:21, 102.58s elapsed (12 services on 1 host)
- Initiating OS detection (try #1) against 201.249.203.40
- Retrying OS detection (try #2) against 201.249.203.40
- Initiating Traceroute at 04:21
- Completed Traceroute at 04:21, 7.18s elapsed
- Initiating Parallel DNS resolution of 1 host. at 04:21
- Completed Parallel DNS resolution of 1 host. at 04:22, 16.50s elapsed
- NSE: Script scanning 201.249.203.40.
- Initiating NSE at 04:22
- Completed NSE at 04:22, 20.33s elapsed
- Initiating NSE at 04:22
- Completed NSE at 04:22, 1.03s elapsed
- Nmap scan report for 201.249.203.40
- Host is up (0.11s latency).
- PORT STATE SERVICE VERSION
- 53/udp open|filtered domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp filtered netbios-ns
- 138/udp filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- Too many fingerprints match this host to give specific OS details
- TRACEROUTE (using port 138/udp)
- HOP RTT ADDRESS
- 1 105.56 ms 10.244.200.1
- 2 ... 3
- 4 106.54 ms 10.244.200.1
- 5 106.78 ms 10.244.200.1
- 6 106.78 ms 10.244.200.1
- 7 106.63 ms 10.244.200.1
- 8 106.63 ms 10.244.200.1
- 9 106.63 ms 10.244.200.1
- 10 106.66 ms 10.244.200.1
- 11 ... 18
- 19 104.97 ms 10.244.200.1
- 20 105.21 ms 10.244.200.1
- 21 ... 28
- 29 107.03 ms 10.244.200.1
- 30 106.45 ms 10.244.200.1
- NSE: Script Post-scanning.
- Initiating NSE at 04:22
- Completed NSE at 04:22, 0.00s elapsed
- Initiating NSE at 04:22
- Completed NSE at 04:22, 0.00s elapsed
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 171.06 seconds
- Raw packets sent: 147 (9.964KB) | Rcvd: 730 (335.937KB)
- #######################################################################################################################################
- Anonymous JTSEC #OpVenezuela full Recon #7
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement