API tools faq
paste
Advertisement
Guest User

Anonymous JTSEC #OpDeathEathers full Recon #15

a guest
Sep 23rd, 2018
798
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 71.36 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. Nom de l'hôte candydollchan.net FAI Serverius Holding B.V.
  3. Continent Europe Drapeau
  4. NL
  5. Pays Pays-Bas Code du pays NL
  6. Région Flevoland Heure locale 22 Sep 2018 20:42 CEST
  7. Ville Dronten Code Postal 8254
  8. Adresse IP 185.20.184.50 Latitude 52.525
  9. Longitude 5.724
  10. #######################################################################################################################################
  11.  
  12. HostIP:185.20.184.50
  13. HostName:candydollchan.net
  14.  
  15. Gathered Inet-whois information for 185.20.184.50
  16. ---------------------------------------------------------------------------------------------------------------------------------------
  17.  
  18.  
  19. inetnum: 185.20.184.0 - 185.20.185.255
  20. netname: DELTAHOST-NET
  21. descr: DELTAHOST-NET
  22. remarks: ====================================
  23. remarks: DeltaHost - VPS, VDS, dedicated servers
  24. remarks: in Ukraine & Netherlands
  25. remarks: http://deltahost.com
  26. remarks: ====================================
  27. remarks: Complaints: abuse@deltahost.com.ua
  28. remarks: ====================================
  29. org: ORG-FZDL2-RIPE
  30. country: NL
  31. admin-c: ZDL2-RIPE
  32. admin-c: ARUD-RIPE
  33. tech-c: ZDL2-RIPE
  34. tech-c: ARUD-RIPE
  35. status: ASSIGNED PA
  36. mnt-by: DELTAHOST-MNT
  37. mnt-routes: SERVERIUS-MNT
  38. mnt-domains: DELTAHOST-MNT
  39. created: 2013-03-15T22:02:55Z
  40. last-modified: 2017-02-24T22:37:21Z
  41. source: RIPE
  42.  
  43. organisation: ORG-FZDL2-RIPE
  44. org-name: Zemlyaniy Dmitro Leonidovich
  45. org-type: LIR
  46. address: Schevchenko 22/30, 12
  47. address: 39600
  48. address: Kremenchug
  49. address: UKRAINE
  50. phone: +380935366459
  51. abuse-c: DLTH1111-RIPE
  52. mnt-ref: RIPE-NCC-HM-MNT
  53. mnt-ref: DELTAHOST-MNT
  54. mnt-by: RIPE-NCC-HM-MNT
  55. mnt-by: DELTAHOST-MNT
  56. created: 2013-03-04T13:19:53Z
  57. last-modified: 2017-10-18T08:57:29Z
  58. source: RIPE # Filtered
  59.  
  60. person: Oleksandr Serhiyovych Rudenko
  61. address: Ukraine, Kremenchuk
  62. phone: +380632096212
  63. nic-hdl: ARUD-RIPE
  64. mnt-by: DELTAHOST-MNT
  65. created: 2015-02-13T16:37:16Z
  66. last-modified: 2017-10-30T22:44:11Z
  67. source: RIPE
  68.  
  69. person: Zemlyaniy Dmitro Leonidovich
  70. address: Ukraine, Kremenchuk
  71. phone: +380935366459
  72. nic-hdl: ZDL2-RIPE
  73. mnt-by: DELTAHOST-MNT
  74. created: 2009-05-02T11:46:55Z
  75. last-modified: 2017-10-30T22:05:30Z
  76. source: RIPE # Filtered
  77.  
  78. % Information related to '185.20.184.0/23AS50673'
  79.  
  80. route: 185.20.184.0/23
  81. descr: DeltaHost Route Object
  82. origin: AS50673
  83. mnt-by: DELTAHOST-MNT
  84. created: 2013-03-18T11:33:06Z
  85. last-modified: 2015-02-13T19:39:58Z
  86. source: RIPE
  87.  
  88. % This query was served by the RIPE Database Query Service version 1.92.6 (BLAARKOP)
  89.  
  90.  
  91.  
  92. Gathered Inic-whois information for candydollchan.net
  93. ---------------------------------------------------------------------------------------------------------------------------------------
  94. Domain Name: CANDYDOLLCHAN.NET
  95. Registry Domain ID: 1987658926_DOMAIN_NET-VRSN
  96. Registrar WHOIS Server: whois.nic.ru
  97. Registrar URL: http://nic.ru
  98. Updated Date: 2018-02-16T18:08:25Z
  99. Creation Date: 2015-12-16T07:57:08Z
  100. Registry Expiry Date: 2018-12-16T07:57:08Z
  101. Registrar: Regional Network Information Center, JSC dba RU-CENTER
  102. Registrar IANA ID: 463
  103. Registrar Abuse Contact Email: tld-abuse@nic.ru
  104. Registrar Abuse Contact Phone: +7 (495) 994-46-01
  105. Domain Status: clientTransferProhibited https�U@://ic��h`an�n.org/t��R�epU@p#cliz��R�en�U@tTran�������sferPro�U@hibited
  106. Name Server: NS1.DYNU.COM
  107. Name Server: NS2.DYNU.COM
  108. Name Server: NS3.DYNU.COM
  109. DNSSEC: unsigned
  110. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  111. >>> Last update of whois database: 2018-09-22T19:05:56Z <<<
  112.  
  113. For more information on Whois status codes, please visit https://icann.org/epp
  114.  
  115. NOTICE: The expiration date displayed in this record is the date the
  116. registrar's sponsorship of the domain name regisYV@trati�
  117. �h`onC in the��R� rXV@egist ��R�rygV@ is
  118. currently set to expire. This date does not necessarily reflect the expiration
  119. date of the domain name registrant's agreement w�U@ith t��h`heP sponso���R�riU@ng
  120. registrar. Users may consult the sponsoring registrar's Whois database to
  121. view the registrar's reported date of expiration for this registration.
  122.  
  123. TERMS OF USE: You are not authorized to access or query our Whois
  124. database through the use of electronic processes that are high-volume and
  125. automated except as reasonably necessary to register domain names or
  126. modify existing registrations; the Data in VeriSign Global Registry
  127. Services' ("VeriSign") Whois database is provide�U@d by ��h`Ve�riSign D��R�foU@r
  128. information purposes only, and to assist persons in obtaining information
  129. about or related to a domain name registration record. VeriSign does not
  130. guarantee its accuracy. By submitting a Whois query, you agree to abide
  131. by the following terms of use: You agree that you may use this Data only
  132. for lawful purposes and that under no circumstances will you use this Data
  133. to: (1) allow, enable, or otherwise support the transmission of mass
  134. unsolicited, commercial advertising or solicitatYV@ions �
  135. ������� e-mai��R�l,XV@ tele,��R�phgV@one,
  136. or facsimile; or (2) enable high volume, automated, electronic processes
  137. that apply to VeriSign (or its computer systems). The compilation,
  138. repackaging, dissemination or other use of this �U@Data ��h`is� expre<��R�ssU@ly
  139. prohibited without the prior written consent of VeriSign. You agree not to
  140. use electronic processes that are automated and high-volume to access or
  141. query the Whois database except as reasonably necessary to register
  142. domain names or modify existing registrations. VeriSign reserves the right
  143. to restrict your access to the Whois database in its sole discretion to ensure
  144. U@erational stability. VeriSign may restrict or�U@r acc��h`ess to thѺ�R�e
  145. Whois database for failure to abide by these terms of use. VeriSign
  146. reserves the right to modify these terms at any time.
  147.  
  148. The Registry database contains ONLY .COM, .NET, .EDU domains and
  149. Registrars.
  150.  
  151. Gathered Netcraft information for candydollchan.net
  152. ---------------------------------------------------------------------------------------------------------------------------------------
  153.  
  154. Retrieving Netcraft.com information for candydollchan.net
  155. Netcraft.com Information gathered
  156.  
  157. Gathered Subdomain information for candydollchan.net
  158. ---------------------------------------------------------------------------------------------------------------------------------------
  159. Searching Google.com:80...
  160. HostName:mail.candydollchan.net
  161. HostIP:80.82.64.193
  162. HostName:scamanalyze.candydollchan.net
  163. HostIP:185.20.184.50
  164. HostName:www.simplywhois.candydollchan.net
  165. HostIP:185.20.184.50
  166. HostName:www.candydollchan.net
  167. HostIP:185.20.184.50
  168. Searching Altavista.com:80...
  169. Found 4 possible subdomain(s) for host candydollchan.net, Searched 0 pages containing 0 results
  170.  
  171. Gathered E-Mail information for candydollchan.net
  172. ---------------------------------------------------------------------------------------------------------------------------------------
  173. Searching Google.com:80...
  174. Searching Altavista.com:80...
  175. Found 0 E-Mail(s) for host candydollchan.net, Searched 0 pages containing 0 results
  176.  
  177. Gathered TCP Port information for 185.20.184.50
  178. ---------------------------------------------------------------------------------------------------------------------------------------
  179.  
  180. Port State
  181.  
  182. 22/tcp open
  183. 80/tcp open
  184. #######################################################################################################################################
  185. [i] Scanning Site: http://candydollchan.net
  186.  
  187.  
  188.  
  189. B A S I C I N F O
  190. =======================================================================================================================================
  191.  
  192.  
  193. [+] Site Title: Candydoll Downloads - Candydollchan
  194. [+] IP address: 185.20.184.50
  195. [+] Web Server: nginx/1.12.2
  196. [+] CMS: Could Not Detect
  197. [+] Cloudflare: Not Detected
  198. [+] Robots File: Found
  199.  
  200. -------------[ contents ]----------------
  201. User-agent: *
  202. Disallow:
  203. Host: candydollchan.net
  204. Sitemap: http://candydollchan.net/sitemap.xml
  205. -----------[end of contents]-------------
  206.  
  207.  
  208.  
  209. W H O I S L O O K U P
  210. =======================================================================================================================================
  211.  
  212. Domain Name: CANDYDOLLCHAN.NET
  213. Registry Domain ID: 1987658926_DOMAIN_NET-VRSN
  214. Registrar WHOIS Server: whois.nic.ru
  215. Registrar URL: http://nic.ru
  216. Updated Date: 2018-02-16T18:08:25Z
  217. Creation Date: 2015-12-16T07:57:08Z
  218. Registry Expiry Date: 2018-12-16T07:57:08Z
  219. Registrar: Regional Network Information Center, JSC dba RU-CENTER
  220. Registrar IANA ID: 463
  221. Registrar Abuse Contact Email: tld-abuse@nic.ru
  222. Registrar Abuse Contact Phone: +7 (495) 994-46-01
  223. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  224. Name Server: NS1.DYNU.COM
  225. Name Server: NS2.DYNU.COM
  226. Name Server: NS3.DYNU.COM
  227. DNSSEC: unsigned
  228. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  229. >>> Last update of whois database: 2018-09-22T19:06:25Z <<<
  230.  
  231. For more information on Whois status codes, please visit https://icann.org/epp
  232.  
  233. NOTICE: The expiration date displayed in this record is the date the
  234. registrar's sponsorship of the domain name registration in the registry is
  235. currently set to expire. This date does not necessarily reflect the expiration
  236. date of the domain name registrant's agreement with the sponsoring
  237. registrar. Users may consult the sponsoring registrar's Whois database to
  238. view the registrar's reported date of expiration for this registration.
  239.  
  240.  
  241. The Registry database contains ONLY .COM, .NET, .EDU domains and
  242. Registrars.
  243.  
  244.  
  245.  
  246.  
  247. G E O I P L O O K U P
  248. =======================================================================================================================================
  249.  
  250. [i] IP Address: 185.20.184.50
  251. [i] Country: NL
  252. [i] State: Flevoland
  253. [i] City: Dronten
  254. [i] Latitude: 52.524700
  255. [i] Longitude: 5.723700
  256.  
  257.  
  258.  
  259.  
  260. H T T P H E A D E R S
  261. =======================================================================================================================================
  262.  
  263.  
  264. [i] HTTP/1.1 200 OK
  265. [i] Server: nginx/1.12.2
  266. [i] Date: Sat, 22 Sep 2018 19:06:36 GMT
  267. [i] Content-Type: text/html
  268. [i] Connection: close
  269. [i] Upgrade: h2,h2c
  270. [i] Accept-Ranges: bytes
  271. [i] Vary: Accept-Encoding,User-Agent
  272.  
  273.  
  274.  
  275.  
  276. D N S L O O K U P
  277. =======================================================================================================================================
  278.  
  279. ;; Truncated, retrying in TCP mode.
  280. candydollchan.net. 90 IN MX 10 mail.candydollchan.net.
  281. candydollchan.net. 90 IN NS ns4.dynu.com.
  282. candydollchan.net. 90 IN NS ns6.dynu.com.
  283. candydollchan.net. 120 IN A 185.20.184.50
  284. candydollchan.net. 90 IN NS ns5.dynu.com.
  285. candydollchan.net. 90 IN NS ns3.dynu.com.
  286. candydollchan.net. 90 IN NS ns1.dynu.com.
  287. candydollchan.net. 90 IN TXT "v=spf1 a mx ip4:80.82.64.110 ~all"
  288. candydollchan.net. 90 IN NS ns2.dynu.com.
  289. candydollchan.net. 120 IN SOA ns1.dynu.com. administrator.dynu.com. 6 1800 300 86400 300
  290.  
  291.  
  292.  
  293.  
  294. S U B N E T C A L C U L A T I O N
  295. =======================================================================================================================================
  296.  
  297. Address = 185.20.184.50
  298. Network = 185.20.184.50 / 32
  299. Netmask = 255.255.255.255
  300. Broadcast = not needed on Point-to-Point links
  301. Wildcard Mask = 0.0.0.0
  302. Hosts Bits = 0
  303. Max. Hosts = 1 (2^0 - 0)
  304. Host Range = { 185.20.184.50 - 185.20.184.50 }
  305.  
  306.  
  307.  
  308. N M A P P O R T S C A N
  309. =======================================================================================================================================
  310.  
  311.  
  312. Starting Nmap 7.40 ( https://nmap.org ) at 2018-09-22 19:06 UTC
  313. Nmap scan report for candydollchan.net (185.20.184.50)
  314. Host is up (0.079s latency).
  315. rDNS record for 185.20.184.50: 185-20-184-50.rev.serverhub.ru
  316. PORT STATE SERVICE
  317. 21/tcp closed ftp
  318. 22/tcp open ssh
  319. 23/tcp closed telnet
  320. 80/tcp open http
  321. 110/tcp closed pop3
  322. 143/tcp closed imap
  323. 443/tcp closed https
  324. 3389/tcp closed ms-wbt-server
  325.  
  326. Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds
  327.  
  328.  
  329.  
  330. S U B - D O M A I N F I N D E R
  331. =======================================================================================================================================
  332.  
  333.  
  334. [i] Total Subdomains Found : 1
  335.  
  336. [+] Subdomain: mail.candydollchan.net
  337. [-] IP: 80.82.64.193
  338.  
  339. #######################################################################################################################################
  340. [?] Enter the target: http://candydollchan.net
  341. [!] IP Address : 185.20.184.50
  342. [!] Server: nginx/1.12.2
  343. [+] Clickjacking protection is not in place.
  344. [!] candydollchan.net doesn't seem to use a CMS
  345. [+] Honeypot Probabilty: 30%
  346. ---------------------------------------------------------------------------------------------------------------------------------------
  347. [~] Trying to gather whois information for candydollchan.net
  348. [+] Whois information found
  349. [-] Unable to build response, visit https://who.is/whois/candydollchan.net
  350. --------------------------------------------------------------------------------------------------------------------------------------
  351. [+] Robots.txt retrieved
  352. User-agent: *
  353. Disallow:
  354. Host: candydollchan.net
  355. Sitemap: http://candydollchan.net/sitemap.xml
  356. ---------------------------------------------------------------------------------------------------------------------------------------
  357. PORT STATE SERVICE
  358. 21/tcp closed ftp
  359. 22/tcp open ssh
  360. 23/tcp closed telnet
  361. 80/tcp open http
  362. 110/tcp closed pop3
  363. 143/tcp closed imap
  364. 443/tcp closed https
  365. 3389/tcp closed ms-wbt-server
  366. Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds
  367. ---------------------------------------------------------------------------------------------------------------------------------------
  368.  
  369. [+] DNS Records
  370. ns1.dynu.com. (207.38.70.2) AS63252 NextFort Ventures Chandler, LLC United States
  371. ns2.dynu.com. (199.233.237.18) AS46261 QuickPacket, LLC United States
  372. ns3.dynu.com. (45.79.219.7) AS63949 Linode, LLC United States
  373. ns4.dynu.com. (198.58.127.179) AS63949 Linode, LLC United States
  374. ns5.dynu.com. (107.191.107.47) AS3842 RamNode LLC United States
  375. ns6.dynu.com. (173.255.227.222) AS63949 Linode, LLC United States
  376.  
  377. [+] MX Records
  378. 10 (80.82.64.193) AS29073 Quasi Networks LTD. Netherlands
  379.  
  380. [+] Host Records (A)
  381. candydollchan.net (185-20-184-50.rev.serverhub.ru) (185.20.184.501) AS50673 Serverius Holding B.V. Ukraine
  382. mail.candydollchan.netHTTP: (no-reverse-dns-configured.com) (80.82.64.193) AS29073 Quasi Networks LTD. Netherlands
  383.  
  384. [+] TXT Records
  385. "v=spf1 a mx ip4:80.82.64.110 ~all"
  386.  
  387. [+] DNS Map: https://dnsdumpster.com/static/map/candydollchan.net.png
  388.  
  389. [>] Initiating 3 intel modules
  390. [>] Loading Alpha module (1/3)
  391. [>] Beta module deployed (2/3)
  392. [>] Gamma module initiated (3/3)
  393.  
  394.  
  395. [+] Emails found:
  396. ---------------------------------------------------------------------------------------------------------------------------------------
  397. pixel-1537643215355248-web-@candydollchan.net
  398. pixel-1537643219261913-web-@candydollchan.net
  399.  
  400. [+] Hosts found in search engines:
  401. ---------------------------------------------------------------------------------------------------------------------------------------
  402. [-] Resolving hostnames IPs...
  403. 80.82.64.193:mail.candydollchan.net
  404. 185.20.184.50:www.candydollchan.net
  405. [+] Virtual hosts:
  406. ---------------------------------------------------------------------------------------------------------------------------------------
  407. 80.82.64.193 www.stella.artmodeling-studios.org
  408. 80.82.64.193 trixie.artmodeling-studios.xyz
  409. 80.82.64.193 cutie.artmodeling-studios.xyz
  410. 80.82.64.193 nnbook.net
  411. 80.82.64.193 bianka.artmodeling-studios.xyz
  412. 80.82.64.193 sparkle.artmodeling-studios.xyz
  413. 80.82.64.193 forever.artmodeling-studios.org
  414. 80.82.64.193 www.trixie.artmodeling-studios.org
  415. 80.82.64.193 www.cherish.artmodeling-studios.org
  416. 80.82.64.193 www.liliana.artmodeling-studios.org
  417. 80.82.64.193 darling.artmodeling-studios.org
  418. 80.82.64.193 www.lolly.artmodeling-studios.org
  419. 80.82.64.193 www.artmodeling-studios
  420. 80.82.64.193 liliana.artmodeling-studios.xyz
  421. 80.82.64.193 www.artpicsgirls.xyz
  422. 185.20.184.50 candydollchan.net
  423. 185.20.184.50 candydollchan
  424. 185.20.184.50 sharechann.net
  425. 185.20.184.50 sharechann
  426. 185.20.184.50 1000models.net
  427. [~] Crawling the target for fuzzable URLs
  428. [-] No fuzzable URLs found
  429. #######################################################################################################################################
  430. [+] Hosting Info for Website: candydollchan.net
  431. [+] Visitors per day: 4,100
  432. [+] IP Address: ...
  433. [+] IP Reverse DNS (Host): 185-20-184-50.rev.serverhub.ru
  434. [+] Hosting IP Range: 185.20.184.0 - 185.20.185.255 (512 ip)
  435. [+] Hosting Address: Schevchenko 22/30, 12, 39600, Kremenchug, Ukraine
  436. [+] Hosting Country: UKR
  437. [+] Hosting Phone: +380935366459, +380632096212
  438. [+] Hosting Website: www.alligator.link
  439. [+] Hosting CIDR: 185.20.184.0/23
  440.  
  441. [+] NS: ns6.dynu.com
  442. [+] NS: ns1.dynu.com
  443. [+] NS: ns2.dynu.com
  444. [+] NS: ns3.dynu.com
  445. [+] NS: ns4.dynu.com
  446. [+] NS: ns5.dynu.com
  447. #######################################################################################################################################
  448. Start: 2018-09-23T14:40:24+0000
  449. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  450. 1.|-- 45.79.12.201 0.0% 3 1.4 1.0 0.7 1.4 0.3
  451. 2.|-- 45.79.12.4 0.0% 3 0.9 0.9 0.6 1.2 0.3
  452. 3.|-- 45.79.12.8 0.0% 3 0.7 0.8 0.5 1.3 0.4
  453. 4.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.6 1.6 1.6 1.7 0.1
  454. 5.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 1.8 1.8 1.6 2.0 0.2
  455. 6.|-- be2433.ccr22.mci01.atlas.cogentco.com 0.0% 3 11.9 11.9 11.7 12.0 0.2
  456. 7.|-- be2832.ccr42.ord01.atlas.cogentco.com 0.0% 3 23.8 23.8 23.4 24.1 0.4
  457. 8.|-- be2718.ccr22.cle04.atlas.cogentco.com 0.0% 3 30.4 30.4 30.2 30.4 0.1
  458. 9.|-- be2994.ccr32.yyz02.atlas.cogentco.com 0.0% 3 38.1 38.2 37.8 38.6 0.4
  459. 10.|-- be3260.ccr22.ymq01.atlas.cogentco.com 0.0% 3 45.3 45.4 45.3 45.7 0.2
  460. 11.|-- be3043.ccr22.lpl01.atlas.cogentco.com 0.0% 3 121.6 118.0 114.7 121.6 3.5
  461. 12.|-- be2183.ccr42.ams03.atlas.cogentco.com 0.0% 3 130.2 129.7 129.3 130.2 0.4
  462. 13.|-- be3458.ccr21.ams04.atlas.cogentco.com 0.0% 3 129.4 129.5 129.3 129.7 0.2
  463. 14.|-- 149.11.38.6 0.0% 3 129.6 129.9 129.4 130.6 0.6
  464. 15.|-- 178.21.17.21 0.0% 3 133.4 133.3 133.2 133.4 0.1
  465. 16.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  466. #######################################################################################################################################
  467. [*] Performing General Enumeration of Domain: candydollchan.net
  468. [!] Wildcard resolution is enabled on this domain
  469. [!] It is resolving to 185.20.184.50
  470. [!] All queries will resolve to this address!!
  471. [-] DNSSEC is not configured for candydollchan.net
  472. [*] SOA ns1.dynu.com 207.38.70.2
  473. [*] NS ns1.dynu.com 207.38.70.2
  474. [*] NS ns1.dynu.com 2602:ff23:0:8888::2
  475. [*] NS ns2.dynu.com 199.233.237.18
  476. [*] NS ns2.dynu.com 2607:3f00:11:18::18
  477. [*] NS ns3.dynu.com 45.79.219.7
  478. [*] NS ns3.dynu.com 2600:3c02::f03c:91ff:fe74:8f00
  479. [*] NS ns4.dynu.com 198.58.127.179
  480. [*] NS ns4.dynu.com 2600:3c00::f03c:91ff:fe95:bb9f
  481. [*] NS ns5.dynu.com 107.191.107.47
  482. [*] NS ns5.dynu.com 2604:180:1:858::8888
  483. [*] NS ns6.dynu.com 173.255.227.222
  484. [*] NS ns6.dynu.com 2600:3c03::f03c:91ff:fe1f:950e
  485. [*] MX mail.candydollchan.net 80.82.64.193
  486. [*] A candydollchan.net 185.20.184.50
  487. [*] TXT candydollchan.net v=spf1 a mx ip4:80.82.64.110 ~all
  488. [*] Enumerating SRV Records
  489. [-] No SRV Records Found for candydollchan.net
  490. [+] 0 Records Found
  491. #######################################################################################################################################
  492. [+] Getting nameservers
  493. 207.38.70.2 - ns1.dynu.com
  494. 199.233.237.18 - ns2.dynu.com
  495. 45.79.219.7 - ns3.dynu.com
  496. 198.58.127.179 - ns4.dynu.com
  497. 107.191.107.47 - ns5.dynu.com
  498. 173.255.227.222 - ns6.dynu.com
  499. [-] Zone transfer failed
  500.  
  501. [+] TXT records found
  502. "v=spf1 a mx ip4:80.82.64.110 ~all"
  503.  
  504. [+] MX records found, added to target list
  505. 10 mail.candydollchan.net.
  506.  
  507. [+] Wildcard domain found - 185.20.184.50
  508. [*] Scanning candydollchan.net for A records
  509. 80.82.64.193 - ftp.candydollchan.net
  510. 127.0.0.1 - localhost.candydollchan.net
  511. 80.82.64.193 - mail.candydollchan.net
  512. 80.82.64.193 - pop.candydollchan.net
  513. 80.82.64.193 - smtp.candydollchan.net
  514. #######################################################################################################################################
  515. ftp.candydollchan.net
  516. IP address #1: 80.82.64.193
  517.  
  518. localhost.candydollchan.net
  519. IPv6 address #1: ::1
  520.  
  521. localhost.candydollchan.net
  522. IP address #1: 127.0.0.1
  523. [+] warning: domain might be vulnerable to "same site" scripting (http://snipurl.com/etbcv)
  524.  
  525. mail.candydollchan.net
  526. IP address #1: 80.82.64.193
  527.  
  528. pop.candydollchan.net
  529. IP address #1: 80.82.64.193
  530.  
  531. smtp.candydollchan.net
  532. IP address #1: 80.82.64.193
  533. #######################################################################################################################################
  534. Original* candydollchan.net 185.20.184.50 NS:ns1.dynu.com MX:mail.candydollchan.net
  535. Subdomain candydol.lchan.net 118.69.80.42
  536. Subdomain candydoll.chan.net 64.99.80.121
  537. Subdomain candydollc.han.net 184.168.221.104 NS:ns1.afternic.com
  538. Subdomain candydollch.an.net 72.52.4.119 NS:ns1.sedoparking.com MX:localhost
  539. #######################################################################################################################################
  540. Ip Address Status Type Domain Name Server
  541. ---------- ------ ---- ----------- ------
  542. 185.20.184.50 host alterwind.candydollchan.net
  543. 185.20.184.50 host av.candydollchan.net
  544. 185.20.184.50 host b.auth-ns.candydollchan.net
  545. 185.20.184.50 host b1.candydollchan.net
  546. 185.20.184.50 host banking.candydollchan.net
  547. 185.20.184.50 host broker.candydollchan.net
  548. 185.20.184.50 host courses.candydollchan.net
  549. 185.20.184.50 host cust110.candydollchan.net
  550. 185.20.184.50 host developers.candydollchan.net
  551. 185.20.184.50 host dilbert.candydollchan.net
  552. 185.20.184.50 host eh.candydollchan.net
  553. 185.20.184.50 400 host ftp_.candydollchan.net nginx/1.12.2
  554. 127.0.0.1 host localhost.candydollchan.net
  555. 185.20.184.50 400 host ns_.candydollchan.net nginx/1.12.2
  556. 185.20.184.50 200 host www.candydollchan.net nginx/1.12.2
  557. 185.20.184.50 400 host www_.candydollchan.net nginx/1.12.2
  558. #######################################################################################################################################
  559. dnsenum VERSION:1.2.4
  560.  
  561. ----- candydollchan.net -----
  562.  
  563.  
  564. Host's addresses:
  565. __________________
  566.  
  567. candydollchan.net. 116 IN A 185.20.184.50
  568.  
  569.  
  570. Wildcard detection using: yqwciujuyoka
  571. _______________________________________
  572.  
  573. yqwciujuyoka.candydollchan.net. 119 IN A 185.20.184.50
  574.  
  575.  
  576. !!!!!!!!!!!!!!!!!!!!!!!!!!!!
  577.  
  578. Wildcards detected, all subdomains will point to the same IP address
  579. Omitting results containing 185.20.184.50.
  580. Maybe you are using OpenDNS servers.
  581.  
  582. !!!!!!!!!!!!!!!!!!!!!!!!!!!!
  583.  
  584.  
  585. Name Servers:
  586. ______________
  587.  
  588. ns6.dynu.com. 18897 IN A 173.255.227.222
  589. ns4.dynu.com. 18843 IN A 198.58.127.179
  590. ns2.dynu.com. 3136 IN A 199.233.237.18
  591. ns3.dynu.com. 21599 IN A 45.79.219.7
  592. ns5.dynu.com. 20756 IN A 107.191.107.47
  593. ns1.dynu.com. 13123 IN A 207.38.70.2
  594.  
  595.  
  596. Mail (MX) Servers:
  597. ___________________
  598.  
  599. mail.candydollchan.net. 89 IN A 80.82.64.193
  600.  
  601.  
  602. Trying Zone Transfers and getting Bind Versions:
  603. _________________________________________________
  604.  
  605.  
  606. Trying Zone Transfer for candydollchan.net on ns6.dynu.com ...
  607.  
  608. Trying Zone Transfer for candydollchan.net on ns4.dynu.com ...
  609.  
  610. Trying Zone Transfer for candydollchan.net on ns2.dynu.com ...
  611.  
  612. Trying Zone Transfer for candydollchan.net on ns3.dynu.com ...
  613.  
  614. Trying Zone Transfer for candydollchan.net on ns5.dynu.com ...
  615.  
  616. Trying Zone Transfer for candydollchan.net on ns1.dynu.com ...
  617.  
  618. brute force file not specified, bay.
  619. #######################################################################################################################################
  620. Domain Name: CANDYDOLLCHAN.NET
  621. Registry Domain ID: 1987658926_DOMAIN_NET-VRSN
  622. Registrar WHOIS Server: whois.nic.ru
  623. Registrar URL: http://nic.ru
  624. Updated Date: 2018-02-16T18:08:25Z
  625. Creation Date: 2015-12-16T07:57:08Z
  626. Registry Expiry Date: 2018-12-16T07:57:08Z
  627. Registrar: Regional Network Information Center, JSC dba RU-CENTER
  628. Registrar IANA ID: 463
  629. Registrar Abuse Contact Email: tld-abuse@nic.ru
  630. Registrar Abuse Contact Phone: +7 (495) 994-46-01
  631. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  632. Name Server: NS1.DYNU.COM
  633. Name Server: NS2.DYNU.COM
  634. Name Server: NS3.DYNU.COM
  635. DNSSEC: unsigned
  636. URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  637. >>> Last update of whois database: 2018-09-23T14:38:08Z <<<
  638.  
  639. For more information on Whois status codes, please visit https://icann.org/epp
  640.  
  641. NOTICE: The expiration date displayed in this record is the date the
  642. registrar's sponsorship of the domain name registration in the registry is
  643. currently set to expire. This date does not necessarily reflect the expiration
  644. date of the domain name registrant's agreement with the sponsoring
  645. registrar. Users may consult the sponsoring registrar's Whois database to
  646. view the registrar's reported date of expiration for this registration.
  647.  
  648. TERMS OF USE: You are not authorized to access or query our Whois
  649. database through the use of electronic processes that are high-volume and
  650. automated except as reasonably necessary to register domain names or
  651. modify existing registrations; the Data in VeriSign Global Registry
  652. Services' ("VeriSign") Whois database is provided by VeriSign for
  653. information purposes only, and to assist persons in obtaining information
  654. about or related to a domain name registration record. VeriSign does not
  655. guarantee its accuracy. By submitting a Whois query, you agree to abide
  656. by the following terms of use: You agree that you may use this Data only
  657. for lawful purposes and that under no circumstances will you use this Data
  658. to: (1) allow, enable, or otherwise support the transmission of mass
  659. unsolicited, commercial advertising or solicitations via e-mail, telephone,
  660. or facsimile; or (2) enable high volume, automated, electronic processes
  661. that apply to VeriSign (or its computer systems). The compilation,
  662. repackaging, dissemination or other use of this Data is expressly
  663. prohibited without the prior written consent of VeriSign. You agree not to
  664. use electronic processes that are automated and high-volume to access or
  665. query the Whois database except as reasonably necessary to register
  666. domain names or modify existing registrations. VeriSign reserves the right
  667. to restrict your access to the Whois database in its sole discretion to ensure
  668. operational stability. VeriSign may restrict or terminate your access to the
  669. Whois database for failure to abide by these terms of use. VeriSign
  670. reserves the right to modify these terms at any time.
  671.  
  672. The Registry database contains ONLY .COM, .NET, .EDU domains and
  673. Registrars.
  674. Domain Name: CANDYDOLLCHAN.NET
  675. Registry Domain ID: 1987658926_DOMAIN_NET-VRSN
  676. Registrar WHOIS Server: whois.nic.ru
  677. Registrar URL: http://www.nic.ru
  678. Updated Date: 2018-02-16T18:08:25Z
  679. Creation Date: 2015-12-16T07:57:08Z
  680. Registrar Registration Expiration Date: 2018-12-15T21:00:00Z
  681. Registrar: Regional Network Information Center, JSC dba RU-CENTER
  682. Registrar IANA ID: 463
  683. Registrar Abuse Contact Email: tld-abuse@nic.ru
  684. Registrar Abuse Contact Phone: +7.4959944601
  685. Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  686. Registry Registrant ID:
  687. Registrant Name: Chaplenko Yuri
  688. Registrant Organization: Chaplenko Yuri
  689. Registrant Street: Karadzhicha st. 13-35
  690. Registrant City: Lvov
  691. Registrant State/Province: Lvovskaya
  692. Registrant Postal Code: 79054
  693. Registrant Country: UA
  694. Registrant Phone: +380.672306256
  695. Registrant Phone Ext:
  696. Registrant Email: ychaplenko@inbox.ru
  697. Registry Admin ID:
  698. Admin Name: Chaplenko Yuri
  699. Admin Organization: Chaplenko Yuri
  700. Admin Street: Karadzhicha st. 13-35
  701. Admin City: Lvov
  702. Admin State/Province: Lvovskaya
  703. Admin Postal Code: 79054
  704. Admin Country: UA
  705. Admin Phone: +380.672306256
  706. Admin Phone Ext:
  707. Admin Email: ychaplenko@inbox.ru
  708. Registry Tech ID:
  709. Tech Name: Chaplenko Yuri
  710. Tech Organization: Chaplenko Yuri
  711. Tech Street: Karadzhicha st. 13-35
  712. Tech City: Lvov
  713. Tech State/Province: Lvovskaya
  714. Tech Postal Code: 79054
  715. Tech Country: UA
  716. Tech Phone: +380.672306256
  717. Tech Phone Ext:
  718. Tech Email: ychaplenko@inbox.ru
  719. Name Server: ns1.dynu.com
  720. Name Server: ns2.dynu.com
  721. Name Server: ns3.dynu.com
  722. DNSSEC: unsigned
  723. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
  724. For more information on Whois status codes, please visit: https://icann.org/epp
  725. >>> Last update of WHOIS database: 2018.09.23T14:38:16Z <<<
  726. ######################################################################################################################################
  727. [-] Enumerating subdomains now for candydollchan.net
  728. [-] verbosity is enabled, will show the subdomains results in realtime
  729. [-] Searching now in Baidu..
  730. [-] Searching now in Yahoo..
  731. [-] Searching now in Google..
  732. [-] Searching now in Bing..
  733. [-] Searching now in Ask..
  734. [-] Searching now in Netcraft..
  735. [-] Searching now in DNSdumpster..
  736. [-] Searching now in Virustotal..
  737. [-] Searching now in ThreatCrowd..
  738. [-] Searching now in SSL Certificates..
  739. [-] Searching now in PassiveDNS..
  740. Virustotal: www.candydollchan.net
  741. Virustotal: mail.candydollchan.net
  742. DNSdumpster: mail.candydollchan.net
  743. [-] Saving results to file: /usr/share/sniper/loot/candydollchan.net/domains/domains-candydollchan.net.txt
  744. [-] Total Unique Subdomains Found: 2
  745. www.candydollchan.net
  746. mail.candydollchan.net
  747. #######################################################################################################################################
  748. [*] Found SPF record:
  749. [*] v=spf1 a mx ip4:80.82.64.110 ~all
  750. [*] SPF record contains an All item: ~all
  751. [*] No DMARC record found. Looking for organizational record
  752. [+] No organizational DMARC record
  753. [+] Spoofing possible for candydollchan.net!
  754. #######################################################################################################################################
  755. __
  756. ____ _____ ___ ______ _/ /_____ ____ ___
  757. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  758. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  759. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  760. /_/ discover v0.5.0 - by @michenriksen
  761.  
  762. Identifying nameservers for candydollchan.net... Done
  763. Using nameservers:
  764.  
  765. - 207.38.70.2
  766. - 199.233.237.18
  767. - 45.79.219.7
  768. - 198.58.127.179
  769. - 107.191.107.47
  770. - 173.255.227.222
  771.  
  772. Checking for wildcard DNS... Wildcard detected!
  773. Identifying wildcard IPs... Done
  774. Filtering out hosts resolving to wildcard IPs
  775.  
  776. Running collector: PassiveTotal... Skipped
  777. -> Key 'passivetotal_key' has not been set
  778. Running collector: PTRArchive... Error
  779. -> PTRArchive returned unexpected response code: 404
  780. Running collector: Dictionary... Done (22 hosts)
  781. Running collector: Wayback Machine... Error
  782. -> 765: unexpected token at 'org.archive.util.io.RuntimeIOException: org.archive.wayback.exception.AdministrativeAccessControlException: Blocked Site Error
  783. '
  784. Running collector: Netcraft... Done (0 hosts)
  785. Running collector: Threat Crowd... Done (0 hosts)
  786. Running collector: Certificate Search... Done (0 hosts)
  787. Running collector: Google Transparency Report... Done (0 hosts)
  788. Running collector: VirusTotal... Skipped
  789. -> Key 'virustotal' has not been set
  790. Running collector: Riddler... Skipped
  791. -> Key 'riddler_username' has not been set
  792. Running collector: DNSDB... Error
  793. -> DNSDB returned unexpected response code: 503
  794. Running collector: Censys... Skipped
  795. -> Key 'censys_secret' has not been set
  796. Running collector: HackerTarget... Done (2 hosts)
  797. Running collector: PublicWWW... Done (0 hosts)
  798. Running collector: Shodan... Skipped
  799. -> Key 'shodan' has not been set
  800.  
  801. Resolving 24 unique hosts...
  802. 80.82.64.193 mail.candydollchan.net
  803.  
  804. Found subnets:
  805.  
  806.  
  807. Wrote 1 hosts to:
  808.  
  809. - file:///root/aquatone/candydollchan.net/hosts.txt
  810. - file:///root/aquatone/candydollchan.net/hosts.json
  811. __
  812. ____ _____ ___ ______ _/ /_____ ____ ___
  813. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  814. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  815. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  816. /_/ takeover v0.5.0 - by @michenriksen
  817.  
  818. Loaded 1 hosts from /root/aquatone/candydollchan.net/hosts.json
  819. Loaded 25 domain takeover detectors
  820.  
  821. Identifying nameservers for candydollchan.net... Done
  822. Using nameservers:
  823.  
  824. - 207.38.70.2
  825. - 199.233.237.18
  826. - 45.79.219.7
  827. - 198.58.127.179
  828. - 107.191.107.47
  829. - 173.255.227.222
  830.  
  831. Checking hosts for domain takeover vulnerabilities...
  832.  
  833. Finished checking hosts:
  834.  
  835. - Vulnerable : 0
  836. - Not Vulnerable : 1
  837.  
  838. Wrote 0 potential subdomain takeovers to:
  839.  
  840. - file:///root/aquatone/candydollchan.net/takeovers.json
  841.  
  842. __
  843. ____ _____ ___ ______ _/ /_____ ____ ___
  844. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  845. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  846. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  847. /_/ scan v0.5.0 - by @michenriksen
  848.  
  849. Loaded 1 hosts from /root/aquatone/candydollchan.net/hosts.json
  850.  
  851. Probing 2 ports...
  852. 80/tcp 80.82.64.193 mail.candydollchan.net
  853.  
  854. Wrote open ports to file:///root/aquatone/candydollchan.net/open_ports.txt
  855. Wrote URLs to file:///root/aquatone/candydollchan.net/urls.txt
  856. __
  857. ____ _____ ___ ______ _/ /_____ ____ ___
  858. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  859. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
  860. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  861. /_/ gather v0.5.0 - by @michenriksen
  862.  
  863. Installing Nightmare.js package, please wait... Done
  864.  
  865. Processing 1 pages...
  866. Processed: http://80.82.64.193/ (mail.candydollchan.net) - 200 OK
  867.  
  868. Finished processing pages:
  869.  
  870. - Successful : 1
  871. - Failed : 0
  872.  
  873. Generating report...done
  874. Report pages generated:
  875.  
  876. - file:///root/aquatone/candydollchan.net/report/report_page_0.html
  877. #######################################################################################################################################
  878. INFO[0003] Starting to process queue....
  879. INFO[0003] Starting to process permutations....
  880. ERRO[0003] Get http://s3-1-w.amazonaws.com: dial tcp 52.216.136.123:80: getsockopt: connection refused
  881. ERRO[0003] Get http://s3-1-w.amazonaws.com: dial tcp 52.216.136.123:80: getsockopt: connection refused
  882. ERRO[0003] Get http://s3-1-w.amazonaws.com: dial tcp 52.216.136.123:80: getsockopt: connection refused
  883. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41624->52.216.136.123:80: read: connection reset by peer
  884. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41670->52.216.136.123:80: read: connection reset by peer
  885. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41672->52.216.136.123:80: read: connection reset by peer
  886. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41668->52.216.136.123:80: read: connection reset by peer
  887. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41666->52.216.136.123:80: read: connection reset by peer
  888. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41664->52.216.136.123:80: read: connection reset by peer
  889. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41662->52.216.136.123:80: read: connection reset by peer
  890. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41740->52.216.136.123:80: read: connection reset by peer
  891. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41680->52.216.136.123:80: read: connection reset by peer
  892. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41684->52.216.136.123:80: read: connection reset by peer
  893. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41688->52.216.136.123:80: read: connection reset by peer
  894. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41738->52.216.136.123:80: read: connection reset by peer
  895. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41690->52.216.136.123:80: read: connection reset by peer
  896. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41732->52.216.136.123:80: read: connection reset by peer
  897. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41734->52.216.136.123:80: read: connection reset by peer
  898. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41736->52.216.136.123:80: read: connection reset by peer
  899. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41522->52.216.136.123:80: read: connection reset by peer
  900. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41516->52.216.136.123:80: read: connection reset by peer
  901. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41514->52.216.136.123:80: read: connection reset by peer
  902. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41510->52.216.136.123:80: read: connection reset by peer
  903. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41512->52.216.136.123:80: read: connection reset by peer
  904. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41508->52.216.136.123:80: read: connection reset by peer
  905. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41492->52.216.136.123:80: read: connection reset by peer
  906. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41498->52.216.136.123:80: read: connection reset by peer
  907. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41496->52.216.136.123:80: read: connection reset by peer
  908. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41494->52.216.136.123:80: read: connection reset by peer
  909. ERRO[0004] Get http://s3-1-w.amazonaws.com: read tcp 10.211.1.33:41490->52.216.136.123:80: read: connection reset by peer
  910. #######################################################################################################################################
  911. Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-23 10:45 EDT
  912. Nmap scan report for candydollchan.net (185.20.184.50)
  913. Host is up (0.45s latency).
  914. rDNS record for 185.20.184.50: 185-20-184-50.rev.serverhub.ru
  915. Not shown: 463 closed ports, 6 filtered ports
  916. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  917. PORT STATE SERVICE
  918. 21/tcp open ftp
  919. 22/tcp open ssh
  920. 80/tcp open http
  921. 110/tcp open pop3
  922. 143/tcp open imap
  923. 587/tcp open submission
  924. 8080/tcp open http-proxy
  925. #######################################################################################################################################
  926. Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-23 10:45 EDT
  927. Nmap scan report for candydollchan.net (185.20.184.50)
  928. Host is up.
  929. rDNS record for 185.20.184.50: 185-20-184-50.rev.serverhub.ru
  930.  
  931. PORT STATE SERVICE
  932. 53/udp open|filtered domain
  933. 67/udp open|filtered dhcps
  934. 68/udp open|filtered dhcpc
  935. 69/udp open|filtered tftp
  936. 88/udp open|filtered kerberos-sec
  937. 123/udp open|filtered ntp
  938. 137/udp open|filtered netbios-ns
  939. 138/udp open|filtered netbios-dgm
  940. 139/udp open|filtered netbios-ssn
  941. 161/udp open|filtered snmp
  942. 162/udp open|filtered snmptrap
  943. 389/udp open|filtered ldap
  944. 520/udp open|filtered route
  945. 2049/udp open|filtered nfs
  946. #######################################################################################################################################
  947. + -- --=[Port 21 opened... running tests...
  948. Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-23 10:45 EDT
  949. Nmap scan report for candydollchan.net (185.20.184.50)
  950. Host is up (0.25s latency).
  951. rDNS record for 185.20.184.50: 185-20-184-50.rev.serverhub.ru
  952.  
  953. PORT STATE SERVICE VERSION
  954. 21/tcp open tcpwrapped
  955. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  956. Device type: WAP
  957. Running: D-Link embedded, TRENDnet embedded
  958. OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp
  959. OS details: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP
  960. Network Distance: 1 hop
  961.  
  962. TRACEROUTE (using port 21/tcp)
  963. HOP RTT ADDRESS
  964. 1 231.87 ms 185-20-184-50.rev.serverhub.ru (185.20.184.50)
  965.  
  966. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  967. Nmap done: 1 IP address (1 host up) scanned in 608.11 seconds
  968.  
  969.  
  970. .~+P``````-o+:. -o+:.
  971. .+oooyysyyssyyssyddh++os-````` ``````````````` `
  972. +++++++++++++++++++++++sydhyoyso/:.````...`...-///::+ohhyosyyosyy/+om++:ooo///o
  973. ++++///////~~~~///////++++++++++++++++ooyysoyysosso+++++++++++++++++++///oossosy
  974. --.` .-.-...-////+++++++++++++++////////~~//////++++++++++++///
  975. `...............` `...-/////...`
  976.  
  977.  
  978. .::::::::::-. .::::::-
  979. .hmMMMMMMMMMMNddds\...//M\\.../hddddmMMMMMMNo
  980. :Nm-/NMMMMMMMMMMMMM$$NMMMMm&&MMMMMMMMMMMMMMy
  981. .sm/`-yMMMMMMMMMMMM$$MMMMMN&&MMMMMMMMMMMMMh`
  982. -Nd` :MMMMMMMMMMM$$MMMMMN&&MMMMMMMMMMMMh`
  983. -Nh` .yMMMMMMMMMM$$MMMMMN&&MMMMMMMMMMMm/
  984. `oo/``-hd: `` .sNd :MMMMMMMMMM$$MMMMMN&&MMMMMMMMMMm/
  985. .yNmMMh//+syysso-`````` -mh` :MMMMMMMMMM$$MMMMMN&&MMMMMMMMMMd
  986. .shMMMMN//dmNMMMMMMMMMMMMs` `:```-o++++oooo+:/ooooo+:+o+++oooo++/
  987. `///omh//dMMMMMMMMMMMMMMMN/:::::/+ooso--/ydh//+s+/ossssso:--syN///os:
  988. /MMMMMMMMMMMMMMMMMMd. `/++-.-yy/...osydh/-+oo:-`o//...oyodh+
  989. -hMMmssddd+:dMMmNMMh. `.-=mmk.//^^^\\.^^`:++:^^o://^^^\\`::
  990. .sMMmo. -dMd--:mN/` ||--X--|| ||--X--||
  991. ........../yddy/:...+hmo-...hdd:............\\=v=//............\\=v=//.........
  992. ================================================================================
  993. =====================+--------------------------------+=========================
  994. =====================| Session one died of dysentery. |=========================
  995. =====================+--------------------------------+=========================
  996. ================================================================================
  997.  
  998. Press ENTER to size up the situation
  999.  
  1000. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  1001. %%%%%%%%%%%%%%%%%%%%%%%%%%%%% Date: April 25, 1848 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  1002. %%%%%%%%%%%%%%%%%%%%%%%%%% Weather: It's always cool in the lab %%%%%%%%%%%%%%%%
  1003. %%%%%%%%%%%%%%%%%%%%%%%%%%% Health: Overweight %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  1004. %%%%%%%%%%%%%%%%%%%%%%%%% Caffeine: 12975 mg %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  1005. %%%%%%%%%%%%%%%%%%%%%%%%%%% Hacked: All the things %%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  1006. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
  1007.  
  1008. Press SPACE BAR to continue
  1009.  
  1010.  
  1011.  
  1012. =[ metasploit v4.17.14-dev ]
  1013. + -- --=[ 1809 exploits - 1030 auxiliary - 313 post ]
  1014. + -- --=[ 539 payloads - 42 encoders - 10 nops ]
  1015. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  1016.  
  1017. RHOST => candydollchan.net
  1018. RHOSTS => candydollchan.net
  1019. [*] candydollchan.net:21 - Scanned 1 of 1 hosts (100% complete)
  1020. [*] Auxiliary module execution completed
  1021. [*] candydollchan.net:21 - Scanned 1 of 1 hosts (100% complete)
  1022. [*] Auxiliary module execution completed
  1023. [-] candydollchan.net:21 - Exploit failed: EOFError EOFError
  1024. [*] Exploit completed, but no session was created.
  1025. [*] Started reverse TCP double handler on 10.211.1.33:4444
  1026. [-] candydollchan.net:21 - Exploit failed: EOFError EOFError
  1027. [*] Exploit completed, but no session was created.
  1028. + -- --=[Port 22 opened... running tests...
  1029. modes/normal.sh: ligne 258 : [: trop d'arguments
  1030. # general
  1031. (gen) banner: SSH-2.0-OpenSSH_7.4
  1032. (gen) software: OpenSSH 7.4
  1033. (gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 2016.73+ (some functionality from 0.52)
  1034. (gen) compression: enabled (zlib@openssh.com)
  1035.  
  1036. # key exchange algorithms
  1037. (kex) curve25519-sha256 -- [warn] unknown algorithm
  1038. (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
  1039. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
  1040. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1041. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
  1042. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1043. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
  1044. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1045. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
  1046. `- [info] available since OpenSSH 4.4
  1047. (kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
  1048. (kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
  1049. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1050. `- [warn] using weak hashing algorithm
  1051. `- [info] available since OpenSSH 2.3.0
  1052. (kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
  1053. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
  1054. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  1055. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1056. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
  1057. `- [warn] using small 1024-bit modulus
  1058. `- [warn] using weak hashing algorithm
  1059. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  1060.  
  1061. # host-key algorithms
  1062. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  1063. (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
  1064. (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
  1065. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
  1066. `- [warn] using weak random number generator could reveal the key
  1067. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1068. (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
  1069.  
  1070. # encryption algorithms (ciphers)
  1071. (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
  1072. `- [info] default cipher since OpenSSH 6.9.
  1073. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  1074. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
  1075. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  1076. (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
  1077. (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
  1078. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1079. `- [warn] using weak cipher mode
  1080. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
  1081. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1082. `- [warn] using weak cipher mode
  1083. `- [info] available since OpenSSH 2.3.0
  1084. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1085. `- [warn] using weak cipher mode
  1086. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
  1087. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1088. `- [fail] disabled since Dropbear SSH 0.53
  1089. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1090. `- [warn] using weak cipher mode
  1091. `- [warn] using small 64-bit block size
  1092. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  1093. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1094. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
  1095. `- [warn] using weak cipher mode
  1096. `- [warn] using small 64-bit block size
  1097. `- [info] available since OpenSSH 2.1.0
  1098. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
  1099. `- [warn] using weak cipher
  1100. `- [warn] using weak cipher mode
  1101. `- [warn] using small 64-bit block size
  1102. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
  1103.  
  1104. # message authentication code algorithms
  1105. (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
  1106. `- [info] available since OpenSSH 6.2
  1107. (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
  1108. (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
  1109. (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
  1110. (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
  1111. `- [info] available since OpenSSH 6.2
  1112. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
  1113. `- [warn] using small 64-bit tag size
  1114. `- [info] available since OpenSSH 4.7
  1115. (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
  1116. `- [info] available since OpenSSH 6.2
  1117. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
  1118. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  1119. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
  1120. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  1121. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
  1122. `- [warn] using weak hashing algorithm
  1123. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  1124.  
  1125. # algorithm recommendations (for OpenSSH 7.4)
  1126. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
  1127. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
  1128. (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
  1129. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
  1130. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
  1131. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
  1132. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
  1133. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
  1134. (rec) -blowfish-cbc -- enc algorithm to remove
  1135. (rec) -3des-cbc -- enc algorithm to remove
  1136. (rec) -aes256-cbc -- enc algorithm to remove
  1137. (rec) -cast128-cbc -- enc algorithm to remove
  1138. (rec) -aes192-cbc -- enc algorithm to remove
  1139. (rec) -aes128-cbc -- enc algorithm to remove
  1140. (rec) -hmac-sha2-512 -- mac algorithm to remove
  1141. (rec) -umac-128@openssh.com -- mac algorithm to remove
  1142. (rec) -hmac-sha2-256 -- mac algorithm to remove
  1143. (rec) -umac-64@openssh.com -- mac algorithm to remove
  1144. (rec) -hmac-sha1 -- mac algorithm to remove
  1145. (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
  1146. (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
  1147.  
  1148. ftp is a valid user!
  1149. mail is a valid user!
  1150. nobody is a valid user!
  1151. postfix is a valid user!
  1152. root is a valid user!
  1153. Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-23 10:57 EDT
  1154. Nmap scan report for candydollchan.net (185.20.184.50)
  1155. Host is up (0.080s latency).
  1156. rDNS record for 185.20.184.50: 185-20-184-50.rev.serverhub.ru
  1157.  
  1158. PORT STATE SERVICE VERSION
  1159. 22/tcp filtered ssh
  1160. Too many fingerprints match this host to give specific OS details
  1161.  
  1162. TRACEROUTE (using proto 1/icmp)
  1163. HOP RTT ADDRESS
  1164. 1 ... 30
  1165.  
  1166. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1167. Nmap done: 1 IP address (1 host up) scanned in 17.05 seconds
  1168.  
  1169.  
  1170. . .
  1171. .
  1172.  
  1173. dBBBBBBb dBBBP dBBBBBBP dBBBBBb . o
  1174. ' dB' BBP
  1175. dB'dB'dB' dBBP dBP dBP BB
  1176. dB'dB'dB' dBP dBP dBP BB
  1177. dB'dB'dB' dBBBBP dBP dBBBBBBB
  1178.  
  1179. dBBBBBP dBBBBBb dBP dBBBBP dBP dBBBBBBP
  1180. . . dB' dBP dB'.BP
  1181. | dBP dBBBB' dBP dB'.BP dBP dBP
  1182. --o-- dBP dBP dBP dB'.BP dBP dBP
  1183. | dBBBBP dBP dBBBBP dBBBBP dBP dBP
  1184.  
  1185. .
  1186. .
  1187. o To boldly go where no
  1188. shell has gone before
  1189.  
  1190.  
  1191. =[ metasploit v4.17.14-dev ]
  1192. + -- --=[ 1809 exploits - 1030 auxiliary - 313 post ]
  1193. + -- --=[ 539 payloads - 42 encoders - 10 nops ]
  1194. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  1195.  
  1196. USER_FILE => /brutex/wordlists/simple-users.txt
  1197. RHOSTS => candydollchan.net
  1198. RHOST => candydollchan.net
  1199. [+] 185.20.184.50:22 - SSH server version: SSH-2.0-OpenSSH_7.4 ( service.version=7.4 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:{service.version} service.protocol=ssh fingerprint_db=ssh.banner )
  1200. [*] candydollchan.net:22 - Scanned 1 of 1 hosts (100% complete)
  1201. [*] Auxiliary module execution completed
  1202. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
  1203. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
  1204. [+] 185.20.184.50:22 - SSH server version: SSH-2.0-OpenSSH_7.4 ( service.version=7.4 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:{service.version} service.protocol=ssh fingerprint_db=ssh.banner )
  1205. [*] candydollchan.net:22 - Scanned 1 of 1 hosts (100% complete)
  1206. [*] Auxiliary module execution completed
  1207. + -- --=[Port 23 closed... skipping.
  1208. + -- --=[Port 25 closed... skipping.
  1209. + -- --=[Port 53 closed... skipping.
  1210. + -- --=[Port 67 closed... skipping.
  1211. + -- --=[Port 68 closed... skipping.
  1212. + -- --=[Port 69 closed... skipping.
  1213. + -- --=[Port 79 closed... skipping.
  1214. + -- --=[Port 80 opened... running tests...
  1215. #######################################################################################################################################
  1216. ^ ^
  1217. _ __ _ ____ _ __ _ _ ____
  1218. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  1219. | V V // o // _/ | V V // 0 // 0 // _/
  1220. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  1221. <
  1222. ...'
  1223.  
  1224. WAFW00F - Web Application Firewall Detection Tool
  1225.  
  1226. By Sandro Gauci && Wendel G. Henrique
  1227.  
  1228. Checking http://candydollchan.net
  1229. Generic Detection results:
  1230. The site http://candydollchan.net seems to be behind a WAF or some sort of security solution
  1231. Reason: Blocking is being done at connection/packet level.
  1232. Number of requests: 13
  1233. #######################################################################################################################################
  1234.  
  1235. wig - WebApp Information Gatherer
  1236.  
  1237.  
  1238. Scanning http://candydollchan.net...
  1239. __________________ SITE INFO __________________
  1240. IP Title
  1241. 185.20.184.50 Website is forbidden!
  1242.  
  1243. ___________________ VERSION ___________________
  1244. Name Versions Type
  1245. phpMyAdmin CMS
  1246. PHP 5.3.29 Platform
  1247. nginx 1.12.2 Platform
  1248.  
  1249. _______________________________________________
  1250. Time: 144.6 sec Urls: 594 Fingerprints: 40401
  1251. ######################################################################################################################################
  1252. HTTP/1.1 200 OK
  1253. Server: nginx/1.12.2
  1254. Date: Sun, 23 Sep 2018 15:00:54 GMT
  1255. Content-Type: text/html
  1256. Connection: keep-alive
  1257. Upgrade: h2,h2c
  1258. Accept-Ranges: bytes
  1259. Vary: Accept-Encoding,User-Agent
  1260. ######################################################################################################################################
  1261. -------------------------------------------------------------------------------------------------------------------------------------
  1262.  
  1263. [ ! ] Starting SCANNER INURLBR 2.1 at [23-09-2018 11:01:36]
  1264. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
  1265. It is the end user's responsibility to obey all applicable local, state and federal laws.
  1266. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  1267.  
  1268. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-candydollchan.net.txt ]
  1269. [ INFO ][ DORK ]::[ site:candydollchan.net ]
  1270. [ INFO ][ SEARCHING ]:: {
  1271. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.gi ]
  1272.  
  1273. [ INFO ][ SEARCHING ]::
  1274. -[:::]
  1275. [ INFO ][ ENGINE ]::[ GOOGLE API ]
  1276.  
  1277. [ INFO ][ SEARCHING ]::
  1278. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  1279. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.ec ID: 007843865286850066037:b0heuatvay8 ]
  1280.  
  1281. [ INFO ][ SEARCHING ]::
  1282. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  1283.  
  1284. [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
  1285. [ INFO ] Not a satisfactory result was found!
  1286.  
  1287.  
  1288. [ INFO ] [ Shutting down ]
  1289. [ INFO ] [ End of process INURLBR at [23-09-2018 11:01:54]
  1290. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
  1291. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-candydollchan.net.txt ]
  1292. |_________________________________________________________________________________________
  1293.  
  1294. \_________________________________________________________________________________________/
  1295.  
  1296. + -- --=[Port 110 opened... running tests...
  1297. Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-23 11:01 EDT
  1298. Nmap scan report for candydollchan.net (185.20.184.50)
  1299. Host is up (0.46s latency).
  1300. rDNS record for 185.20.184.50: 185-20-184-50.rev.serverhub.ru
  1301.  
  1302. PORT STATE SERVICE VERSION
  1303. 110/tcp open tcpwrapped
  1304. | pop3-brute:
  1305. | Accounts: No valid accounts found
  1306. | Statistics: Performed 5 guesses in 11 seconds, average tps: 0.5
  1307. |_ ERROR: Failed to connect.
  1308. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1309. Device type: WAP
  1310. Running: D-Link embedded, TRENDnet embedded
  1311. OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp
  1312. OS details: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP
  1313. Network Distance: 1 hop
  1314.  
  1315. TRACEROUTE (using port 443/tcp)
  1316. HOP RTT ADDRESS
  1317. 1 552.49 ms 185-20-184-50.rev.serverhub.ru (185.20.184.50)
  1318.  
  1319. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1320. Nmap done: 1 IP address (1 host up) scanned in 17.90 seconds
  1321. + -- --=[Port 111 closed... skipping.
  1322. + -- --=[Port 123 closed... skipping.
  1323. + -- --=[Port 135 closed... skipping.
  1324. + -- --=[Port 137 closed... skipping.
  1325. + -- --=[Port 139 closed... skipping.
  1326. + -- --=[Port 161 closed... skipping.
  1327. + -- --=[Port 162 closed... skipping.
  1328. + -- --=[Port 389 closed... skipping.
  1329. + -- --=[Port 443 closed... skipping.
  1330. + -- --=[Port 445 closed... skipping.
  1331. + -- --=[Port 512 closed... skipping.
  1332. + -- --=[Port 513 closed... skipping.
  1333. + -- --=[Port 514 closed... skipping.
  1334. + -- --=[Port 623 closed... skipping.
  1335. + -- --=[Port 624 closed... skipping.
  1336. + -- --=[Port 1099 closed... skipping.
  1337. + -- --=[Port 1433 closed... skipping.
  1338. + -- --=[Port 2049 closed... skipping.
  1339. + -- --=[Port 2121 closed... skipping.
  1340. + -- --=[Port 3306 closed... skipping.
  1341. + -- --=[Port 3310 closed... skipping.
  1342. + -- --=[Port 3128 closed... skipping.
  1343. + -- --=[Port 3389 closed... skipping.
  1344. + -- --=[Port 3632 closed... skipping.
  1345. + -- --=[Port 4443 closed... skipping.
  1346. + -- --=[Port 5432 closed... skipping.
  1347. + -- --=[Port 5555 closed... skipping.
  1348. + -- --=[Port 5800 closed... skipping.
  1349. + -- --=[Port 5900 closed... skipping.
  1350. + -- --=[Port 5984 closed... skipping.
  1351. + -- --=[Port 6000 closed... skipping.
  1352. + -- --=[Port 6667 closed... skipping.
  1353. + -- --=[Port 7001 closed... skipping.
  1354. + -- --=[Port 8000 closed... skipping.
  1355. + -- --=[Port 8100 closed... skipping.
  1356. + -- --=[Port 8080 opened... running tests...
  1357. #####################################################################################################################################
  1358.  
  1359. # cowsay++
  1360. ____________
  1361. < metasploit >
  1362. ------------
  1363. \ ,__,
  1364. \ (oo)____
  1365. (__) )\
  1366. ||--|| *
  1367.  
  1368.  
  1369. =[ metasploit v4.17.14-dev ]
  1370. + -- --=[ 1809 exploits - 1030 auxiliary - 313 post ]
  1371. + -- --=[ 539 payloads - 42 encoders - 10 nops ]
  1372. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  1373.  
  1374. RHOSTS => candydollchan.net
  1375. RHOST => candydollchan.net
  1376. [-] WAR file not found
  1377. [*] Auxiliary module execution completed
  1378. [*] Scanned 1 of 1 hosts (100% complete)
  1379. [*] Auxiliary module execution completed
  1380. RPORT => 8080
  1381. [*] Scanned 1 of 1 hosts (100% complete)
  1382. [*] Auxiliary module execution completed
  1383. [*] Attempting to connect to 185.20.184.50:8080
  1384. [+] No File(s) found
  1385. [*] Scanned 1 of 1 hosts (100% complete)
  1386. [*] Auxiliary module execution completed
  1387. [*] http://185.20.184.50:8080/admin/j_security_check - Checking j_security_check...
  1388. [-] http://185.20.184.50:8080/admin/j_security_check - Unable to enumerate users with this URI
  1389. [*] Scanned 1 of 1 hosts (100% complete)
  1390. [*] Auxiliary module execution completed
  1391. [-] The connection was refused by the remote host (185.20.184.50:8080).
  1392. [-] The connection was refused by the remote host (185.20.184.50:8080).
  1393. [-] http://185.20.184.50:8080/manager/html - No response
  1394. [*] Scanned 1 of 1 hosts (100% complete)
  1395. [*] Auxiliary module execution completed
  1396. [-] Exploit aborted due to failure: not-found: The target server fingerprint "" does not match "(?-mix:Apache.*(Coyote|Tomcat))", use 'set FingerprintCheck false' to disable this check.
  1397. [*] Exploit completed, but no session was created.
  1398. USERNAME => tomcat
  1399. PASSWORD => tomcat
  1400. ######################################################################################################################################
  1401.  
  1402.  
  1403.  
  1404. * --- JexBoss: Jboss verify and EXploitation Tool --- *
  1405. | * And others Java Deserialization Vulnerabilities * |
  1406. | |
  1407. | @author: João Filho Matos Figueiredo |
  1408. | @contact: joaomatosf@gmail.com |
  1409. | |
  1410. | @update: https://github.com/joaomatosf/jexboss |
  1411. #______________________________________________________#
  1412.  
  1413. @version: 1.2.4
  1414.  
  1415. * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
  1416.  
  1417.  
  1418. ** Checking Host: http://candydollchan.net:8080 **
  1419.  
  1420. [*] Checking admin-console:
  1421. * An error occurred while connecting to the host http://candydollchan.net:8080 (HTTPConnectionPool(host='candydollchan.net', port=8080): Max retries exceeded with url: /admin-console/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fdb826a0210>: Failed to establish a new connection: [Errno 111] Connection refused',)))
  1422.  
  1423. [*] Checking Struts2:
  1424. * An error occurred while connecting to the host http://candydollchan.net:8080 (HTTPConnectionPool(host='candydollchan.net', port=8080): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fdb823e0650>: Failed to establish a new connection: [Errno 111] Connection refused',)))
  1425.  
  1426. [*] Checking Servlet Deserialization: [ OK ]
  1427. [*] Checking Application Deserialization: [ OK ]
  1428. [*] Checking Jenkins: [ OK ]
  1429. [*] Checking web-console:
  1430. * An error occurred while connecting to the host http://candydollchan.net:8080 (HTTPConnectionPool(host='candydollchan.net', port=8080): Max retries exceeded with url: /web-console/Invoker (Caused by ProtocolError('Connection aborted.', BadStatusLine("''",))))
  1431.  
  1432. [*] Checking jmx-console:
  1433. * An error occurred while connecting to the host http://candydollchan.net:8080 (HTTPConnectionPool(host='candydollchan.net', port=8080): Max retries exceeded with url: /jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo (Caused by ProtocolError('Connection aborted.', BadStatusLine("''",))))
  1434.  
  1435. [*] Checking JMXInvokerServlet:
  1436. * An error occurred while connecting to the host http://candydollchan.net:8080 (HTTPConnectionPool(host='candydollchan.net', port=8080): Max retries exceeded with url: /invoker/JMXInvokerServlet (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fdb82418550>: Failed to establish a new connection: [Errno 111] Connection refused',)))
  1437.  
  1438. #####################################################################################################################################
  1439.  
  1440. I, [2018-09-23T11:03:49.180191 #17425] INFO -- : Initiating port scan
  1441. I, [2018-09-23T11:04:44.368240 #17425] INFO -- : Using nmap scan output file logs/nmap_output_2018-09-23_11-03-49.xml
  1442. I, [2018-09-23T11:04:44.386067 #17425] INFO -- : Discovered tcpwrapped port: 185.20.184.50:21
  1443. I, [2018-09-23T11:04:46.218792 #17425] INFO -- : Discovered tcpwrapped port: 185.20.184.50:21
  1444. I, [2018-09-23T11:04:49.912000 #17425] INFO -- : Discovered tcpwrapped port: 185.20.184.50:110
  1445. I, [2018-09-23T11:04:51.555060 #17425] INFO -- : Discovered tcpwrapped port: 185.20.184.50:110
  1446. I, [2018-09-23T11:04:54.885384 #17425] INFO -- : Discovered tcpwrapped port: 185.20.184.50:143
  1447. I, [2018-09-23T11:04:56.517458 #17425] INFO -- : Discovered tcpwrapped port: 185.20.184.50:143
  1448. I, [2018-09-23T11:05:00.013149 #17425] INFO -- : Discovered tcpwrapped port: 185.20.184.50:587
  1449. I, [2018-09-23T11:05:01.627109 #17425] INFO -- : Discovered tcpwrapped port: 185.20.184.50:587
  1450. W, [2018-09-23T11:05:04.863525 #17425] WARN -- : Yasuo did not find any potential hosts to enumerate
  1451. #######################################################################################################################################
  1452. --------------------------------------------------------------------------------------------------------------------------------------
  1453. + Target IP: 185.20.184.50
  1454. + Target Hostname: candydollchan.net
  1455. + Target Port: 80
  1456. + Start Time: 2018-09-23 10:42:27 (GMT-4)
  1457. ---------------------------------------------------------------------------------------------------------------------------------------
  1458. + Server: No banner retrieved
  1459. + The anti-clickjacking X-Frame-Options header is not present.
  1460. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1461. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1462. + Server banner has changed from '' to 'nginx/1.12.2' which may suggest a WAF, load balancer or proxy is in place
  1463. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
  1464. + Scan terminated: 6 error(s) and 3 item(s) reported on remote host
  1465. + End Time: 2018-09-23 10:46:43 (GMT-4) (256 seconds)
  1466. --------------------------------------------------------------------------------------------------------------------------------------
  1467.  
  1468. ######################################################################################################################################
  1469. Anonymous JTSEC #OpDeathEathers full Recon #15
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!