JTSEC1333

Anonymous JTSEC #OpSudan Full Recon #24

Feb 28th, 2019
1,185
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #######################################################################################################################################
  2. =======================================================================================================================================
  3. Nom de l'hôte www.fashir.edu.sd FAI SUDREN
  4. Continent Afrique Drapeau
  5. SD
  6. Pays Soudan Code du pays SD
  7. Région Khartoum Heure locale 28 Feb 2019 10:07 CAT
  8. Ville Khartoum Code Postal Inconnu
  9. Adresse IP 41.67.16.100 Latitude 15.588
  10. Longitude 32.534
  11. =======================================================================================================================================
  12. #######################################################################################################################################
  13. > www.fashir.edu.sd
  14. Server: 185.93.180.131
  15. Address: 185.93.180.131#53
  16.  
  17. Non-authoritative answer:
  18. Name: www.fashir.edu.sd
  19. Address: 41.67.16.100
  20. >
  21. #######################################################################################################################################
  22. HostIP:41.67.16.100
  23. HostName:www.fashir.edu.sd
  24.  
  25. Gathered Inet-whois information for 41.67.16.100
  26. ---------------------------------------------------------------------------------------------------------------------------------------
  27.  
  28.  
  29. inetnum: 38.0.0.0 - 43.225.111.255
  30. netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
  31. descr: IPv4 address block not managed by the RIPE NCC
  32. remarks: ------------------------------------------------------
  33. remarks:
  34. remarks: For registration information,
  35. remarks: you can consult the following sources:
  36. remarks:
  37. remarks: IANA
  38. remarks: http://www.iana.org/assignments/ipv4-address-space
  39. remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
  40. remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
  41. remarks:
  42. remarks: AFRINIC (Africa)
  43. remarks: http://www.afrinic.net/ whois.afrinic.net
  44. remarks:
  45. remarks: APNIC (Asia Pacific)
  46. remarks: http://www.apnic.net/ whois.apnic.net
  47. remarks:
  48. remarks: ARIN (Northern America)
  49. remarks: http://www.arin.net/ whois.arin.net
  50. remarks:
  51. remarks: LACNIC (Latin America and the Carribean)
  52. remarks: http://www.lacnic.net/ whois.lacnic.net
  53. remarks:
  54. remarks: ------------------------------------------------------
  55. country: EU # Country is really world wide
  56. admin-c: IANA1-RIPE
  57. tech-c: IANA1-RIPE
  58. status: ALLOCATED UNSPECIFIED
  59. mnt-by: RIPE-NCC-HM-MNT
  60. created: 2019-01-07T10:45:04Z
  61. last-modified: 2019-01-07T10:45:04Z
  62. source: RIPE
  63.  
  64. role: Internet Assigned Numbers Authority
  65. address: see http://www.iana.org.
  66. admin-c: IANA1-RIPE
  67. tech-c: IANA1-RIPE
  68. nic-hdl: IANA1-RIPE
  69. remarks: For more information on IANA services
  70. remarks: go to IANA web site at http://www.iana.org.
  71. mnt-by: RIPE-NCC-MNT
  72. created: 1970-01-01T00:00:00Z
  73. last-modified: 2001-09-22T09:31:27Z
  74. source: RIPE # Filtered
  75.  
  76. % Information related to '41.67.0.0/18AS37179'
  77.  
  78. route: 41.67.0.0/18
  79. descr: SUIN Network IP range
  80. origin: AS37179
  81. mnt-by: TA56580-MNT
  82. created: 2010-12-19T19:48:25Z
  83. last-modified: 2018-09-04T16:25:57Z
  84. source: RIPE-NONAUTH
  85.  
  86. % Information related to '41.67.0.0/18AS37197'
  87.  
  88. route: 41.67.0.0/18
  89. descr: SUIN Network IP range
  90. origin: AS37197
  91. mnt-by: TA56580-MNT
  92. created: 2010-12-20T07:02:58Z
  93. last-modified: 2018-09-04T16:25:57Z
  94. source: RIPE-NONAUTH
  95.  
  96. % This query was served by the RIPE Database Query Service version 1.92.6 (WAGYU)
  97.  
  98.  
  99.  
  100. Gathered Inic-whois information for fashir.edu.sd
  101. ---------------------------------------------------------------------------------------------------------------------------------------
  102. Error: Unable to connect - Invalid Host
  103. ERROR: Connection to InicWhois Server sd.whois-servers.net failed
  104. close error
  105.  
  106. Gathered Netcraft information for www.fashir.edu.sd
  107. ---------------------------------------------------------------------------------------------------------------------------------------
  108.  
  109. Retrieving Netcraft.com information for www.fashir.edu.sd
  110. Netcraft.com Information gathered
  111.  
  112. Gathered Subdomain information for fashir.edu.sd
  113. ---------------------------------------------------------------------------------------------------------------------------------------
  114. Searching Google.com:80...
  115. HostName:www.fashir.edu.sd
  116. HostIP:41.67.16.100
  117. HostName:mail.fashir.edu.sd
  118. HostIP:41.67.16.100
  119. Searching Altavista.com:80...
  120. Found 2 possible subdomain(s) for host fashir.edu.sd, Searched 0 pages containing 0 results
  121.  
  122. Gathered E-Mail information for fashir.edu.sd
  123. ---------------------------------------------------------------------------------------------------------------------------------------
  124. Searching Google.com:80...
  125. Searching Altavista.com:80...
  126. Found 0 E-Mail(s) for host fashir.edu.sd, Searched 0 pages containing 0 results
  127.  
  128. Gathered TCP Port information for 41.67.16.100
  129. ---------------------------------------------------------------------------------------------------------------------------------------
  130.  
  131. Port State
  132.  
  133. 21/tcp open
  134. 22/tcp open
  135. 53/tcp open
  136. 80/tcp open
  137. 110/tcp open
  138. 143/tcp open
  139.  
  140. Portscan Finished: Scanned 150 ports, 143 ports were in state closed
  141. #######################################################################################################################################
  142. [i] Scanning Site: http://www.fashir.edu.sd
  143.  
  144.  
  145.  
  146. B A S I C I N F O
  147. =======================================================================================================================================
  148.  
  149.  
  150. [+] Site Title: جامعة الفاشر
  151. [+] IP address: 41.67.16.100
  152. [+] Web Server: Could Not Detect
  153. [+] CMS: Could Not Detect
  154. [+] Cloudflare: Not Detected
  155. [+] Robots File: Could NOT Find robots.txt!
  156.  
  157.  
  158.  
  159.  
  160.  
  161.  
  162. G E O I P L O O K U P
  163. =======================================================================================================================================
  164.  
  165. [i] IP Address: 41.67.16.100
  166. [i] Country: Sudan
  167. [i] State: Khartoum
  168. [i] City: Khartoum
  169. [i] Latitude: 15.5881
  170. [i] Longitude: 32.5342
  171.  
  172.  
  173.  
  174.  
  175. H T T P H E A D E R S
  176. =======================================================================================================================================
  177.  
  178.  
  179. [i] HTTP/1.1 200 OK
  180. [i] Date: Thu, 28 Feb 2019 08:12:42 GMT
  181. [i] Last-Modified: Thu, 14 Feb 2019 09:32:48 GMT
  182. [i] ETag: "1ef-581d7576fbf0c-gzip"
  183. [i] Accept-Ranges: bytes
  184. [i] Vary: Accept-Encoding
  185. [i] Content-Type: text/html
  186. [i] Connection: close
  187.  
  188.  
  189.  
  190.  
  191. D N S L O O K U P
  192. =======================================================================================================================================
  193.  
  194. fashir.edu.sd. 3599 IN NS ns1.fashir.edu.sd.
  195. fashir.edu.sd. 3599 IN NS ns2.fashir.edu.sd.
  196. fashir.edu.sd. 3599 IN SOA ns1.fashir.edu.sd. motasim.live.com. 2018121902 7200 540 604800 86400
  197. fashir.edu.sd. 3599 IN A 41.67.16.100
  198.  
  199.  
  200.  
  201.  
  202. S U B N E T C A L C U L A T I O N
  203. =======================================================================================================================================
  204.  
  205. Address = 41.67.16.100
  206. Network = 41.67.16.100 / 32
  207. Netmask = 255.255.255.255
  208. Broadcast = not needed on Point-to-Point links
  209. Wildcard Mask = 0.0.0.0
  210. Hosts Bits = 0
  211. Max. Hosts = 1 (2^0 - 0)
  212. Host Range = { 41.67.16.100 - 41.67.16.100 }
  213.  
  214.  
  215.  
  216. N M A P P O R T S C A N
  217. =======================================================================================================================================
  218.  
  219.  
  220. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-28 08:12 UTC
  221. Nmap scan report for fashir.edu.sd (41.67.16.100)
  222. Host is up (0.17s latency).
  223. PORT STATE SERVICE
  224. 21/tcp open ftp
  225. 22/tcp open ssh
  226. 23/tcp closed telnet
  227. 80/tcp open http
  228. 110/tcp open pop3
  229. 143/tcp open imap
  230. 443/tcp open https
  231. 3389/tcp closed ms-wbt-server
  232.  
  233. Nmap done: 1 IP address (1 host up) scanned in 2.75 seconds
  234.  
  235.  
  236.  
  237. S U B - D O M A I N F I N D E R
  238. =======================================================================================================================================
  239.  
  240.  
  241. [i] Total Subdomains Found : 2
  242.  
  243. [+] Subdomain: mail.fashir.edu.sd
  244. [-] IP: 41.67.16.100
  245.  
  246. [+] Subdomain: www.fashir.edu.sd
  247. [-] IP: 41.67.16.100
  248.  
  249. #######################################################################################################################################
  250. [?] Enter the target: example( http://domain.com )
  251. http://www.fashir.edu.sd/
  252. [!] IP Address : 41.67.16.100
  253. [!] www.fashir.edu.sd doesn't seem to use a CMS
  254. [+] Honeypot Probabilty: 30%
  255. ---------------------------------------------------------------------------------------------------------------------------------------
  256. [~] Trying to gather whois information for www.fashir.edu.sd
  257. [+] Whois information found
  258. [-] Unable to build response, visit https://who.is/whois/www.fashir.edu.sd
  259. ---------------------------------------------------------------------------------------------------------------------------------------
  260. PORT STATE SERVICE
  261. 21/tcp open ftp
  262. 22/tcp open ssh
  263. 23/tcp closed telnet
  264. 80/tcp open http
  265. 110/tcp open pop3
  266. 143/tcp open imap
  267. 443/tcp open https
  268. 3389/tcp closed ms-wbt-server
  269. Nmap done: 1 IP address (1 host up) scanned in 1.18 seconds
  270. ---------------------------------------------------------------------------------------------------------------------------------------
  271. There was an error getting results
  272.  
  273. [-] DNS Records
  274. [>] Initiating 3 intel modules
  275. [>] Loading Alpha module (1/3)
  276. [>] Beta module deployed (2/3)
  277. [>] Gamma module initiated (3/3)
  278.  
  279.  
  280. [+] Emails found:
  281. ---------------------------------------------------------------------------------------------------------------------------------------
  282. pixel-1551341571885750-web-@www.fashir.edu.sd
  283. pixel-1551341573368678-web-@www.fashir.edu.sd
  284. No hosts found
  285. [+] Virtual hosts:
  286. ---------------------------------------------------------------------------------------------------------------------------------------
  287. #######################################################################################################################################
  288. Enter Address Website = fashir.edu.sd
  289.  
  290. Reversing IP With HackTarget 'fashir.edu.sd'
  291. ---------------------------------------------------------------------------------------------------------------------------------------
  292.  
  293. [+] fashir.edu.sd
  294. [+] karary.edu.sd
  295. [+] mail.fashir.edu.sd
  296. [+] mail.karary.edu.sd
  297. [+] newpanel.sudren.edu.sd
  298. [+] ns2.fashir.edu.sd
  299. [+] uek.edu.sd
  300. [+] www.fashir.edu.sd
  301. [+] www.karary.edu.sd
  302. [+] www.uek.edu.sd
  303. #######################################################################################################################################
  304.  
  305. Reverse IP With YouGetSignal 'fashir.edu.sd'
  306. ---------------------------------------------------------------------------------------------------------------------------------------
  307.  
  308. [*] IP: 41.67.16.100
  309. [*] Domain: fashir.edu.sd
  310. [*] Total Domains: 4
  311.  
  312. [+] fashir.edu.sd
  313. [+] karary.edu.sd
  314. [+] www.karary.edu.sd
  315. [+] www.uek.edu.sd
  316. #######################################################################################################################################
  317.  
  318. Geo IP Lookup 'fashir.edu.sd'
  319. ---------------------------------------------------------------------------------------------------------------------------------------
  320.  
  321. [+] IP Address: 41.67.16.100
  322. [+] Country: Sudan
  323. [+] State: Khartoum
  324. [+] City: Khartoum
  325. [+] Latitude: 15.5881
  326. [+] Longitude: 32.5342
  327. #######################################################################################################################################
  328.  
  329. Bypass Cloudflare 'fashir.edu.sd'
  330. ---------------------------------------------------------------------------------------------------------------------------------------
  331.  
  332. [!] CloudFlare Bypass 41.67.16.100 | mail.fashir.edu.sd
  333. [!] CloudFlare Bypass 41.67.16.100 | www.fashir.edu.sd
  334. [!] CloudFlare Bypass 41.67.16.100 | ns1.fashir.edu.sd
  335. [!] CloudFlare Bypass 41.67.16.100 | ns2.fashir.edu.sd
  336. #######################################################################################################################################
  337.  
  338. DNS Lookup 'fashir.edu.sd'
  339. ---------------------------------------------------------------------------------------------------------------------------------------
  340.  
  341. [+] fashir.edu.sd. 3599 IN NS ns1.fashir.edu.sd.
  342. [+] fashir.edu.sd. 3599 IN NS ns2.fashir.edu.sd.
  343. [+] fashir.edu.sd. 3599 IN SOA ns1.fashir.edu.sd. motasim.live.com. 2018121902 7200 540 604800 86400
  344. [+] fashir.edu.sd. 3599 IN A 41.67.16.100
  345. #######################################################################################################################################
  346.  
  347. Show HTTP Header 'fashir.edu.sd'
  348. ---------------------------------------------------------------------------------------------------------------------------------------
  349.  
  350. [+] HTTP/1.1 200 OK
  351. [+] Date: Thu, 28 Feb 2019 08:12:50 GMT
  352. [+] Server: Apache/2.4.18 (Ubuntu)
  353. [+] Last-Modified: Thu, 14 Feb 2019 09:32:48 GMT
  354. [+] ETag: 1ef-581d7576fbf0c
  355. [+] Accept-Ranges: bytes
  356. [+] Content-Length: 495
  357. [+] Vary: Accept-Encoding
  358. [+] Content-Type: text/html
  359. #######################################################################################################################################
  360.  
  361. Port Scan 'fashir.edu.sd'
  362. ---------------------------------------------------------------------------------------------------------------------------------------
  363.  
  364.  
  365. Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-28 08:12 UTC
  366. Nmap scan report for fashir.edu.sd (41.67.16.100)
  367. Host is up (0.17s latency).
  368. PORT STATE SERVICE
  369. 21/tcp open ftp
  370. 22/tcp open ssh
  371. 23/tcp closed telnet
  372. 80/tcp open http
  373. 110/tcp open pop3
  374. 143/tcp open imap
  375. 443/tcp open https
  376. 3389/tcp closed ms-wbt-server
  377.  
  378. Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
  379. #######################################################################################################################################
  380.  
  381. Traceroute 'fashir.edu.sd'
  382. ---------------------------------------------------------------------------------------------------------------------------------------
  383.  
  384. Start: 2019-02-28T08:12:58+0000
  385. HOST: web01 Loss% Snt Last Avg Best Wrst StDev
  386. 1.|-- 45.79.12.202 0.0% 3 0.7 0.7 0.6 0.7 0.1
  387. 2.|-- 45.79.12.2 0.0% 3 0.6 0.8 0.6 1.1 0.3
  388. 3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 3 1.7 1.5 1.4 1.7 0.2
  389. 4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 3 1.6 1.7 1.4 2.0 0.3
  390. 5.|-- be2443.ccr42.iah01.atlas.cogentco.com 0.0% 3 6.9 7.0 6.6 7.6 0.5
  391. 6.|-- be2690.ccr42.atl01.atlas.cogentco.com 0.0% 3 21.6 21.3 21.1 21.6 0.2
  392. 7.|-- be2113.ccr42.dca01.atlas.cogentco.com 0.0% 3 32.0 32.0 31.8 32.1 0.1
  393. 8.|-- be2807.ccr42.jfk02.atlas.cogentco.com 0.0% 3 38.7 38.3 38.0 38.7 0.4
  394. 9.|-- be3628.ccr42.par01.atlas.cogentco.com 0.0% 3 110.5 110.1 109.8 110.5 0.3
  395. 10.|-- be3093.ccr22.mrs01.atlas.cogentco.com 0.0% 3 121.6 121.7 121.6 121.8 0.1
  396. 11.|-- stc.demarc.cogentco.com 0.0% 3 167.2 169.0 167.2 171.6 2.3
  397. 12.|-- 10.188.199.119 0.0% 3 169.5 171.3 169.5 173.9 2.3
  398. 13.|-- 84-235-111-161.igw.com.sa 0.0% 3 178.8 178.9 178.8 179.1 0.2
  399. 14.|-- 212.0.131.9 0.0% 3 214.8 214.7 214.6 214.8 0.1
  400. 15.|-- 196.1.197.233 0.0% 3 239.1 224.2 216.0 239.1 12.9
  401. 16.|-- 196.1.197.234 0.0% 3 215.0 214.8 214.2 215.0 0.4
  402. 17.|-- 41.67.16.100 0.0% 3 213.1 213.1 213.1 213.2 0.1
  403. #######################################################################################################################################
  404.  
  405. Ping 'fashir.edu.sd'
  406. ---------------------------------------------------------------------------------------------------------------------------------------
  407.  
  408.  
  409. Starting Nping 0.7.70 ( https://nmap.org/nping ) at 2019-02-28 08:13 UTC
  410. SENT (0.9196s) ICMP [104.237.144.6 > 41.67.16.100 Echo request (type=8/code=0) id=26964 seq=1] IP [ttl=64 id=9150 iplen=28 ]
  411. RCVD (1.1222s) ICMP [41.67.16.100 > 104.237.144.6 Echo reply (type=0/code=0) id=26964 seq=1] IP [ttl=50 id=12531 iplen=28 ]
  412. SENT (1.9202s) ICMP [104.237.144.6 > 41.67.16.100 Echo request (type=8/code=0) id=26964 seq=2] IP [ttl=64 id=9150 iplen=28 ]
  413. RCVD (2.1422s) ICMP [41.67.16.100 > 104.237.144.6 Echo reply (type=0/code=0) id=26964 seq=2] IP [ttl=50 id=12575 iplen=28 ]
  414. SENT (2.9221s) ICMP [104.237.144.6 > 41.67.16.100 Echo request (type=8/code=0) id=26964 seq=3] IP [ttl=64 id=9150 iplen=28 ]
  415. RCVD (3.1622s) ICMP [41.67.16.100 > 104.237.144.6 Echo reply (type=0/code=0) id=26964 seq=3] IP [ttl=50 id=12825 iplen=28 ]
  416. SENT (3.9242s) ICMP [104.237.144.6 > 41.67.16.100 Echo request (type=8/code=0) id=26964 seq=4] IP [ttl=64 id=9150 iplen=28 ]
  417. RCVD (4.1821s) ICMP [41.67.16.100 > 104.237.144.6 Echo reply (type=0/code=0) id=26964 seq=4] IP [ttl=50 id=12924 iplen=28 ]
  418.  
  419. Max rtt: 257.935ms | Min rtt: 202.531ms | Avg rtt: 230.557ms
  420. Raw packets sent: 4 (112B) | Rcvd: 4 (184B) | Lost: 0 (0.00%)
  421. Nping done: 1 IP address pinged in 4.18 seconds
  422. #######################################################################################################################################
  423.  
  424. Page Admin Finder 'fashir.edu.sd'
  425. ---------------------------------------------------------------------------------------------------------------------------------------
  426.  
  427. Avilable Links :
  428.  
  429. Find Page >> http://fashir.edu.sd/admin.php
  430.  
  431. #######################################################################################################################################
  432. ; <<>> DiG 9.11.5-P1-2-Debian <<>> fashir.edu.sd
  433. ;; global options: +cmd
  434. ;; Got answer:
  435. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52410
  436. ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  437.  
  438. ;; OPT PSEUDOSECTION:
  439. ; EDNS: version: 0, flags:; udp: 4096
  440. ;; QUESTION SECTION:
  441. ;fashir.edu.sd. IN A
  442.  
  443. ;; ANSWER SECTION:
  444. fashir.edu.sd. 1914 IN A 41.67.16.100
  445.  
  446. ;; Query time: 225 msec
  447. ;; SERVER: 185.93.180.131#53(185.93.180.131)
  448. ;; WHEN: jeu fév 28 03:35:20 EST 2019
  449. ;; MSG SIZE rcvd: 58
  450. #######################################################################################################################################
  451. ; <<>> DiG 9.11.5-P1-2-Debian <<>> +trace fashir.edu.sd
  452. ;; global options: +cmd
  453. . 82355 IN NS i.root-servers.net.
  454. . 82355 IN NS h.root-servers.net.
  455. . 82355 IN NS m.root-servers.net.
  456. . 82355 IN NS l.root-servers.net.
  457. . 82355 IN NS b.root-servers.net.
  458. . 82355 IN NS j.root-servers.net.
  459. . 82355 IN NS g.root-servers.net.
  460. . 82355 IN NS a.root-servers.net.
  461. . 82355 IN NS k.root-servers.net.
  462. . 82355 IN NS c.root-servers.net.
  463. . 82355 IN NS d.root-servers.net.
  464. . 82355 IN NS f.root-servers.net.
  465. . 82355 IN NS e.root-servers.net.
  466. . 82355 IN RRSIG NS 8 0 518400 20190313050000 20190228040000 16749 . TnFUuJCGxUU0+XDmmQykddVpz3n811eFlyxCbjSm1RczpGl9+nsQyk3G 6UZ/MTurzi/msn/cIp/+rfMVs30OrIrle8u3TucmzOl47iN6Jn8sw6UZ gA7oMp+AxNCUP/rZamYxtAzZRzspdaFOBXCaSk7VgxdPbHdu3WdpFIZT 9lj/R58G+lWPdMi/bndnnO1lXz3hcJsOLLJFiZw1J+G7LLZoBIe4MbwV FAdLWU0FZm0paJVNnbl8RPRTXrDSlEYs2qus5vFJWfePMdoaQJAQL+zz 6eBFbgZX6fAJUCeW4L2Qxe0m+9UjYyBk4DfN1jFh/I5/uuPTaSIgHuQc RiY6LQ==
  467. ;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 220 ms
  468.  
  469. sd. 172800 IN NS sd.cctld.authdns.ripe.net.
  470. sd. 172800 IN NS ns-sd.afrinic.net.
  471. sd. 172800 IN NS ns1.uaenic.ae.
  472. sd. 172800 IN NS ns2.uaenic.ae.
  473. sd. 172800 IN NS ans1.sis.sd.
  474. sd. 172800 IN NS ans1.canar.sd.
  475. sd. 172800 IN NS ans2.canar.sd.
  476. sd. 86400 IN NSEC se. NS RRSIG NSEC
  477. sd. 86400 IN RRSIG NSEC 8 1 86400 20190313050000 20190228040000 16749 . JL+8zRl/BPzFRwtV2X8AosQXmpU7RezsTxD0j62kH11iwTVwrQrj2OGc mGUUlK0Xsge0Bw4Q62b6VCI6b1F7Z5JwshZN35bfRMzXkzwEl+4kD14U 3POtyIkd50xZXr7npKAVcyEX97ijTzUfQQj/p620WuOIlUAnEmo9aetr W+FW61PNXpOdXkPM7pTvCTbBvMfWDkgnlv2tbVpGf/TTkkn0/IlrTz+j dLtnZvPF+XxQi80kw87S44lvi0g0B7WB39o1KFp0e3snemSPNyInPGc3 ePaQkVZBMLI5Mx2/WDXQZySBb/iILzi8qdrGRp0FOgRSbl2V1qrRGKuR uJ1epg==
  478. ;; Received 700 bytes from 193.0.14.129#53(k.root-servers.net) in 223 ms
  479.  
  480. fashir.edu.sd. 14400 IN NS ns1.fashir.edu.sd.
  481. fashir.edu.sd. 14400 IN NS ns2.fashir.edu.sd.
  482. ;; Received 110 bytes from 196.29.164.14#53(ans2.canar.sd) in 321 ms
  483.  
  484. fashir.edu.sd. 3600 IN A 41.67.16.100
  485. fashir.edu.sd. 3600 IN NS ns1.fashir.edu.sd.
  486. fashir.edu.sd. 3600 IN NS ns2.fashir.edu.sd.
  487. ;; Received 126 bytes from 41.67.16.100#53(ns2.fashir.edu.sd) in 277 ms
  488. #######################################################################################################################################
  489. [*] Performing General Enumeration of Domain: fashir.edu.sd
  490. [-] DNSSEC is not configured for fashir.edu.sd
  491. [*] SOA ns1.fashir.edu.sd 41.67.16.100
  492. [*] NS ns2.fashir.edu.sd 41.67.16.100
  493. [*] Bind Version for 41.67.16.100 9.10.3-P4-Ubuntu
  494. [*] NS ns1.fashir.edu.sd 41.67.16.100
  495. [*] Bind Version for 41.67.16.100 9.10.3-P4-Ubuntu
  496. [*] MX mail.fashir.edu.sd 41.67.16.100
  497. [*] A fashir.edu.sd 41.67.16.100
  498. [*] TXT fashir.edu.sd v=spf1 mx a ~all
  499. [*] Enumerating SRV Records
  500. [-] No SRV Records Found for fashir.edu.sd
  501. [+] 0 Records Found
  502. #######################################################################################################################################
  503. Processing domain fashir.edu.sd
  504. [*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '205.151.67.6', '205.151.67.34', '205.151.67.2', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
  505. [+] Getting nameservers
  506. 41.67.16.100 - ns2.fashir.edu.sd
  507. 41.67.16.100 - ns1.fashir.edu.sd
  508. [-] Zone transfer failed
  509.  
  510. [+] TXT records found
  511. "v=spf1 mx a ~all"
  512.  
  513. [+] MX records found, added to target list
  514. 10 mail.fashir.edu.sd.
  515.  
  516. [*] Scanning fashir.edu.sd for A records
  517. 41.67.16.100 - fashir.edu.sd
  518. 41.67.16.100 - mail.fashir.edu.sd
  519. 41.67.16.100 - ns1.fashir.edu.sd
  520. 41.67.16.100 - ns2.fashir.edu.sd
  521. 41.67.16.100 - staff.fashir.edu.sd
  522. 41.67.16.100 - www.fashir.edu.sd
  523. #######################################################################################################################################
  524. Ip Address Status Type Domain Name Server
  525. ---------- ------ ---- ----------- ------
  526. 41.67.16.100 200 host mail.fashir.edu.sd Apache/2.4.18 (Ubuntu)
  527. 41.67.16.100 200 host ns1.fashir.edu.sd Apache/2.4.18 (Ubuntu)
  528. 41.67.16.100 200 host ns2.fashir.edu.sd Apache/2.4.18 (Ubuntu)
  529. 41.67.16.100 200 host reg.fashir.edu.sd Apache/2.4.18 (Ubuntu)
  530. 41.67.16.100 200 host staff.fashir.edu.sd Apache/2.4.18 (Ubuntu)
  531. 41.67.16.100 200 host www.fashir.edu.sd Apache/2.4.18 (Ubuntu)
  532. #######################################################################################################################################
  533. =======================================================================================================================================
  534. | External hosts:
  535. | [+] External Host Found: http://www.ozerov.de
  536. | [+] External Host Found: http://demo.phpmyadmin.net
  537. | [+] External Host Found: http://software.opensuse.org
  538. | [+] External Host Found: http://httpd.apache.org
  539. | [+] External Host Found: https://www.phpmyadmin.net
  540. | [+] External Host Found: http://pear.php.net
  541. | [+] External Host Found: http://php.net
  542. | [+] External Host Found: http://fedoraproject.org
  543. | [+] External Host Found: https://cdn.rtlcss.com
  544. | [+] External Host Found: http://www.php.net
  545. | [+] External Host Found: http://fashir.edu.sd
  546. | [+] External Host Found: http://www.gnu.org
  547. | [+] External Host Found: http://dev.mysql.com
  548. | [+] External Host Found: https://hosted.weblate.org
  549. | [+] External Host Found: http://www.drizzle.org
  550. | [+] External Host Found: https://files.phpmyadmin.net
  551. | [+] External Host Found: http://wiki.phpmyadmin.net
  552. | [+] External Host Found: http://host
  553. | [+] External Host Found: http://www.tcpdf.org
  554. | [+] External Host Found: http://sphinx-doc.org
  555. | [+] External Host Found: https://tools.ietf.org
  556. | [+] External Host Found: http://www.google.com
  557. | [+] External Host Found: http://server
  558. | [+] External Host Found: https://www.gnupg.org
  559. | [+] External Host Found: http://pgp.cs.uu.nl
  560. | [+] External Host Found: http://bugs.mysql.com
  561. | [+] External Host Found: http://bugzilla.mozilla.org
  562. | [+] External Host Found: http://ajax.googleapis.com
  563. | [+] External Host Found: https://launchpad.net
  564. | [+] External Host Found: http://www.mysql.com
  565. | [+] External Host Found: http://bugs.php.net
  566. | [+] External Host Found: http://www.acko.net
  567. | [+] External Host Found: http://mariadb.org
  568. | [+] External Host Found: http://sf.net
  569. | [+] External Host Found: http://www.hardened-php.net
  570. | [+] External Host Found: https://sourceforge.net
  571. | [+] External Host Found: https://en.wikipedia.org
  572. | [+] External Host Found: http://www.apachefriends.org
  573. | [+] External Host Found: http://www.fpdf.org
  574. | [+] External Host Found: http://en.wikipedia.org
  575. | [+] External Host Found: http://pecl.php.net
  576. | [+] External Host Found: https://github.com
  577. | [+] External Host Found: http://www.wikipedia.org
  578. | [+] External Host Found: https://keybase.io
  579. | [+] External Host Found: http://www.phpmyadmin.net
  580. =======================================================================================================================================
  581. | E-mails:
  582. | [+] E-mail Found: info@fashir.edu.sd
  583. | [+] E-mail Found: crawleradmin.t-info@telekom.de
  584. | [+] E-mail Found: marc@infomarc.info
  585. | [+] E-mail Found: klaus.hartl@stilbuero.de
  586. | [+] E-mail Found: alpha@zforms.ru
  587. =======================================================================================================================================
  588. #######################################################################################################################################
  589. dnsenum VERSION:1.2.4
  590.  
  591. ----- www.fashir.edu.sd -----
  592.  
  593.  
  594. Host's addresses:
  595. __________________
  596.  
  597. www.fashir.edu.sd. 2386 IN A 41.67.16.100
  598.  
  599.  
  600. Name Servers:
  601. ______________
  602. #######################################################################################################################################
  603. ===============================================
  604. -=Subfinder v1.1.3 github.com/subfinder/subfinder
  605. ===============================================
  606.  
  607.  
  608. Running Source: Ask
  609. Running Source: Archive.is
  610. Running Source: Baidu
  611. Running Source: Bing
  612. Running Source: CertDB
  613. Running Source: CertificateTransparency
  614. Running Source: Certspotter
  615. Running Source: Commoncrawl
  616. Running Source: Crt.sh
  617. Running Source: Dnsdb
  618. Running Source: DNSDumpster
  619. Running Source: DNSTable
  620. Running Source: Dogpile
  621. Running Source: Exalead
  622. Running Source: Findsubdomains
  623. Running Source: Googleter
  624. Running Source: Hackertarget
  625. Running Source: Ipv4Info
  626. Running Source: PTRArchive
  627. Running Source: Sitedossier
  628. Running Source: Threatcrowd
  629. Running Source: ThreatMiner
  630. Running Source: WaybackArchive
  631. Running Source: Yahoo
  632.  
  633. Running enumeration on www.fashir.edu.sd
  634.  
  635. dnsdb: Unexpected return status 503
  636.  
  637. ipv4info: <nil>
  638.  
  639.  
  640. Starting Bruteforcing of www.fashir.edu.sd with 9985 words
  641.  
  642. Total 1 Unique subdomains found for www.fashir.edu.sd
  643.  
  644. .www.fashir.edu.sd
  645. #######################################################################################################################################
  646. [+] www.fashir.edu.sd has no SPF record!
  647. [*] No DMARC record found. Looking for organizational record
  648. [+] No organizational DMARC record
  649. [+] Spoofing possible for www.fashir.edu.sd!
  650. #######################################################################################################################################
  651. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:36 EST
  652. Nmap scan report for www.fashir.edu.sd (41.67.16.100)
  653. Host is up (0.30s latency).
  654. Not shown: 339 closed ports, 123 filtered ports
  655. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  656. PORT STATE SERVICE
  657. 21/tcp open ftp
  658. 22/tcp open ssh
  659. 53/tcp open domain
  660. 80/tcp open http
  661. 110/tcp open pop3
  662. 143/tcp open imap
  663. 443/tcp open https
  664. 465/tcp open smtps
  665. 587/tcp open submission
  666. 993/tcp open imaps
  667. 995/tcp open pop3s
  668. 3306/tcp open mysql
  669. 8080/tcp open http-proxy
  670. 8081/tcp open blackice-icecap
  671. #######################################################################################################################################
  672. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:36 EST
  673. Nmap scan report for www.fashir.edu.sd (41.67.16.100)
  674. Host is up (0.24s latency).
  675. Not shown: 9 closed ports, 2 filtered ports
  676. PORT STATE SERVICE
  677. 53/udp open|filtered domain
  678. 69/udp open|filtered tftp
  679. 123/udp open ntp
  680. #######################################################################################################################################
  681. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:36 EST
  682. Nmap scan report for www.fashir.edu.sd (41.67.16.100)
  683. Host is up (0.26s latency).
  684.  
  685. PORT STATE SERVICE VERSION
  686. 21/tcp open ftp Pure-FTPd
  687. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  688. Device type: general purpose
  689. Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (90%)
  690. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
  691. Aggressive OS guesses: Linux 3.10 - 3.12 (90%), Linux 4.4 (90%), Linux 4.9 (90%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 (85%), Linux 3.10 - 3.16 (85%), Linux 4.0 (85%)
  692. No exact OS matches for host (test conditions non-ideal).
  693. Network Distance: 19 hops
  694.  
  695. TRACEROUTE (using port 21/tcp)
  696. HOP RTT ADDRESS
  697. 1 168.52 ms 10.251.200.1
  698. 2 169.39 ms 213.184.122.97
  699. 3 168.57 ms 82.80.246.9
  700. 4 221.10 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
  701. 5 169.38 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
  702. 6 230.32 ms bzq-219-189-14.dsl.bezeqint.net (62.219.189.14)
  703. 7 220.89 ms et-0-0-17.cr11-fra2.ip4.gtt.net (89.149.136.130)
  704. 8 218.52 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
  705. 9 221.18 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  706. 10 230.04 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  707. 11 234.85 ms be3073.ccr52.zrh02.atlas.cogentco.com (130.117.0.61)
  708. 12 231.82 ms be3072.ccr51.zrh02.atlas.cogentco.com (130.117.0.17)
  709. 13 245.84 ms be3081.ccr22.mrs01.atlas.cogentco.com (130.117.49.113)
  710. 14 240.97 ms be3080.ccr21.mrs01.atlas.cogentco.com (130.117.49.1)
  711. 15 297.24 ms 84.235.111.161
  712. 16 ...
  713. 17 302.43 ms 84.235.111.161
  714. 18 281.64 ms 196.1.197.234
  715. 19 279.73 ms 41.67.16.100
  716. #######################################################################################################################################
  717. # general
  718. (gen) banner: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
  719. (gen) software: OpenSSH 7.2p2
  720. (gen) compatibility: OpenSSH 7.2+, Dropbear SSH 2013.62+
  721. (gen) compression: enabled (zlib@openssh.com)
  722.  
  723. # key exchange algorithms
  724. (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
  725. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
  726. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  727. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
  728. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  729. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
  730. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  731. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
  732. `- [info] available since OpenSSH 4.4
  733. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
  734. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  735.  
  736. # host-key algorithms
  737. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  738. (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
  739. (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
  740. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
  741. `- [warn] using weak random number generator could reveal the key
  742. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  743. (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
  744.  
  745. # encryption algorithms (ciphers)
  746. (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
  747. `- [info] default cipher since OpenSSH 6.9.
  748. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  749. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
  750. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  751. (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
  752. (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
  753.  
  754. # message authentication code algorithms
  755. (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
  756. `- [info] available since OpenSSH 6.2
  757. (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
  758. (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
  759. (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
  760. (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
  761. `- [info] available since OpenSSH 6.2
  762. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
  763. `- [warn] using small 64-bit tag size
  764. `- [info] available since OpenSSH 4.7
  765. (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
  766. `- [info] available since OpenSSH 6.2
  767. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
  768. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  769. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
  770. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  771. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
  772. `- [warn] using weak hashing algorithm
  773. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  774.  
  775. # algorithm recommendations (for OpenSSH 7.2)
  776. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
  777. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
  778. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
  779. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
  780. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
  781. (rec) -hmac-sha2-512 -- mac algorithm to remove
  782. (rec) -umac-128@openssh.com -- mac algorithm to remove
  783. (rec) -hmac-sha2-256 -- mac algorithm to remove
  784. (rec) -umac-64@openssh.com -- mac algorithm to remove
  785. (rec) -hmac-sha1 -- mac algorithm to remove
  786. (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
  787. (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
  788. #######################################################################################################################################
  789. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:48 EST
  790. NSE: [ssh-run] Failed to specify credentials and command to run.
  791. NSE: [ssh-brute] Trying username/password pair: root:root
  792. NSE: [ssh-brute] Trying username/password pair: admin:admin
  793. NSE: [ssh-brute] Trying username/password pair: administrator:administrator
  794. NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
  795. NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
  796. Nmap scan report for www.fashir.edu.sd (41.67.16.100)
  797. Host is up (0.28s latency).
  798.  
  799. PORT STATE SERVICE VERSION
  800. 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)
  801. | ssh-auth-methods:
  802. | Supported authentication methods:
  803. | publickey
  804. |_ password
  805. | ssh-hostkey:
  806. | 2048 32:f3:27:b1:b7:a6:c3:1c:73:ec:54:c8:8f:06:5c:50 (RSA)
  807. |_ 256 9d:d5:05:cb:53:4d:ff:4e:56:81:7f:66:da:17:48:96 (ECDSA)
  808. |_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
  809. |_ssh-run: Failed to specify credentials and command to run.
  810. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  811. Device type: firewall|general purpose|storage-misc|broadband router
  812. Running: Linux 2.6.X|3.X, Netgear RAIDiator 4.X, Zhone embedded
  813. OS CPE: cpe:/o:linux:linux_kernel:2.6.26 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:netgear:raidiator:4.1.4 cpe:/h:zhone:6211-i3
  814. OS details: Vyatta router (Linux 2.6.26), Linux 2.6.18, Linux 2.6.18 - 2.6.22, Linux 2.6.28, Linux 3.2.0, Netgear ReadyNAS Duo NAS device (RAIDiator 4.1.4), Zhone 6211-I3 series ADSL2+ modem
  815. Network Distance: 21 hops
  816. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  817.  
  818. TRACEROUTE (using port 22/tcp)
  819. HOP RTT ADDRESS
  820. 1 169.18 ms 10.251.200.1
  821. 2 170.39 ms 213.184.122.97
  822. 3 169.34 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
  823. 4 221.59 ms 62.219.189.185
  824. 5 221.58 ms bzq-219-189-230.cablep.bezeqint.net (62.219.189.230)
  825. 6 169.59 ms 212.179.124.82
  826. 7 219.05 ms bzq-161-218.pop.bezeqint.net (212.179.161.218)
  827. 8 230.68 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
  828. 9 219.27 ms et-0-0-53.cr11-fra2.ip4.gtt.net (89.149.180.45)
  829. 10 222.45 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  830. 11 228.69 ms be3187.ccr42.fra03.atlas.cogentco.com (130.117.1.118)
  831. 12 238.04 ms be3092.ccr21.mrs01.atlas.cogentco.com (130.117.49.154)
  832. 13 236.65 ms be3093.ccr22.mrs01.atlas.cogentco.com (130.117.50.166)
  833. 14 282.29 ms stc.demarc.cogentco.com (149.14.124.98)
  834. 15 ...
  835. 16 288.10 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  836. 17 ...
  837. 18 288.64 ms 196.1.197.233
  838. 19 280.90 ms 196.1.197.234
  839. 20 288.59 ms 196.1.197.234
  840. 21 281.69 ms 41.67.16.100
  841. #######################################################################################################################################
  842. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:59 EST
  843. Nmap scan report for www.fashir.edu.sd (41.67.16.100)
  844. Host is up (0.28s latency).
  845.  
  846. PORT STATE SERVICE VERSION
  847. 53/tcp open domain ISC BIND 9.10.3-P4 (Ubuntu Linux)
  848. |_dns-fuzz: Server didn't response to our probe, can't fuzz
  849. | dns-nsec-enum:
  850. |_ No NSEC records found
  851. | dns-nsec3-enum:
  852. |_ DNSSEC NSEC3 not supported
  853. | dns-nsid:
  854. |_ bind.version: 9.10.3-P4-Ubuntu
  855. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  856. Device type: general purpose
  857. Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (90%)
  858. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:2.6
  859. Aggressive OS guesses: Linux 3.11 - 4.1 (90%), Linux 4.4 (90%), Linux 3.2.0 (89%), Linux 3.16 (87%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 3.13 (86%)
  860. No exact OS matches for host (test conditions non-ideal).
  861. Network Distance: 18 hops
  862. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  863.  
  864. Host script results:
  865. | dns-brute:
  866. | DNS Brute-force hostnames:
  867. | ns1.fashir.edu.sd - 41.67.16.100
  868. | ns2.fashir.edu.sd - 41.67.16.100
  869. | mail.fashir.edu.sd - 41.67.16.100
  870. |_ www.fashir.edu.sd - 41.67.16.100
  871.  
  872. TRACEROUTE (using port 53/tcp)
  873. HOP RTT ADDRESS
  874. 1 169.71 ms 10.251.200.1
  875. 2 171.70 ms 213.184.122.97
  876. 3 171.37 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
  877. 4 222.55 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
  878. 5 221.09 ms bzq-179-124-190.cust.bezeqint.net (212.179.124.190)
  879. 6 223.10 ms bzq-179-161-218.pop.bezeqint.net (212.179.161.218)
  880. 7 223.10 ms bzq-179-161-218.pop.bezeqint.net (212.179.161.218)
  881. 8 221.09 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  882. 9 221.12 ms be3187.ccr42.fra03.atlas.cogentco.com (130.117.1.118)
  883. 10 226.57 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  884. 11 225.43 ms be3186.ccr41.fra03.atlas.cogentco.com (130.117.0.1)
  885. 12 233.16 ms 130.117.0.61
  886. 13 287.14 ms stc.demarc.cogentco.com (149.14.124.98)
  887. 14 ...
  888. 15 289.07 ms stc.demarc.cogentco.com (149.14.124.98)
  889. 16 ...
  890. 17 279.19 ms 196.1.197.233
  891. 18 279.87 ms 41.67.16.100
  892. #######################################################################################################################################
  893. wig - WebApp Information Gatherer
  894.  
  895.  
  896. Scanning http://www.fashir.edu.sd...
  897. _________________ SITE INFO __________________
  898. IP Title
  899. 41.67.16.100 جامعة الفاشر
  900.  
  901. __________________ VERSION ___________________
  902. Name Versions Type
  903. Roundcube CMS
  904. Apache 2.4.18 Platform
  905. PHP Platform
  906. Ubuntu 16.04 OS
  907.  
  908. ______________________________________________
  909. Time: 60.8 sec Urls: 458 Fingerprints: 40401
  910. #######################################################################################################################################
  911. HTTP/1.1 200 OK
  912. Date: Thu, 28 Feb 2019 09:01:19 GMT
  913. Server: Apache/2.4.18 (Ubuntu)
  914. Last-Modified: Thu, 14 Feb 2019 09:32:48 GMT
  915. ETag: "1ef-581d7576fbf0c"
  916. Accept-Ranges: bytes
  917. Content-Length: 495
  918. Vary: Accept-Encoding
  919. Content-Type: text/html
  920.  
  921. HTTP/1.1 200 OK
  922. Date: Thu, 28 Feb 2019 09:01:20 GMT
  923. Server: Apache/2.4.18 (Ubuntu)
  924. Last-Modified: Thu, 14 Feb 2019 09:32:48 GMT
  925. ETag: "1ef-581d7576fbf0c"
  926. Accept-Ranges: bytes
  927. Content-Length: 495
  928. Vary: Accept-Encoding
  929. Content-Type: text/html
  930. #######################################################################################################################################
  931. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 04:01 EST
  932. Nmap scan report for www.fashir.edu.sd (41.67.16.100)
  933. Host is up (0.28s latency).
  934.  
  935. PORT STATE SERVICE VERSION
  936. 110/tcp filtered pop3
  937. Too many fingerprints match this host to give specific OS details
  938. Network Distance: 18 hops
  939.  
  940. TRACEROUTE (using proto 1/icmp)
  941. HOP RTT ADDRESS
  942. 1 171.33 ms 10.251.200.1
  943. 2 172.37 ms 213.184.122.97
  944. 3 171.95 ms 82.80.246.9
  945. 4 224.07 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
  946. 5 220.81 ms bzq-219-189-78.dsl.bezeqint.net (62.219.189.78)
  947. 6 228.57 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
  948. 7 221.21 ms 89.149.180.226
  949. 8 221.21 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  950. 9 220.85 ms be3186.ccr41.fra03.atlas.cogentco.com (130.117.0.1)
  951. 10 237.10 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
  952. 11 234.44 ms be3092.ccr21.mrs01.atlas.cogentco.com (130.117.49.154)
  953. 12 298.66 ms stc.demarc.cogentco.com (149.14.124.98)
  954. 13 ...
  955. 14 290.84 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  956. 15 281.72 ms 212.0.131.9
  957. 16 277.40 ms 196.1.197.233
  958. 17 277.04 ms 196.1.197.234
  959. 18 279.70 ms 41.67.16.100
  960. #######################################################################################################################################
  961. Version: 1.11.12-static
  962. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  963.  
  964. Connected to 41.67.16.100
  965.  
  966. Testing SSL server www.fashir.edu.sd on port 443 using SNI name www.fashir.edu.sd
  967.  
  968. TLS Fallback SCSV:
  969. Server does not support TLS Fallback SCSV
  970.  
  971. TLS renegotiation:
  972. Session renegotiation not supported
  973.  
  974. TLS Compression:
  975. Compression disabled
  976.  
  977. Heartbleed:
  978. TLS 1.2 not vulnerable to heartbleed
  979. TLS 1.1 not vulnerable to heartbleed
  980. TLS 1.0 not vulnerable to heartbleed
  981.  
  982. Supported Server Cipher(s):
  983. #######################################################################################################################################
  984. --------------------------------------------------------
  985. <<<Yasuo discovered following vulnerable applications>>>
  986. --------------------------------------------------------
  987. +------------+--------------------------------------+--------------------------------------------------+-----------+-----------+
  988. | App Name | URL to Application | Potential Exploit | Username | Password |
  989. +------------+--------------------------------------+--------------------------------------------------+-----------+-----------+
  990. | phpMyAdmin | http://41.67.16.100:80/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | Not Found | Not Found |
  991. | phpMyAdmin | http://41.67.16.100:8081/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | Not Found | Not Found |
  992. +------------+--------------------------------------+--------------------------------------------------+-----------+-----------+
  993. #######################################################################################################################################
  994. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:37 EST
  995. Nmap scan report for 41.67.16.100
  996. Host is up (0.29s latency).
  997. Not shown: 339 closed ports, 124 filtered ports
  998. Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
  999. PORT STATE SERVICE
  1000. 22/tcp open ssh
  1001. 53/tcp open domain
  1002. 80/tcp open http
  1003. 110/tcp open pop3
  1004. 143/tcp open imap
  1005. 443/tcp open https
  1006. 465/tcp open smtps
  1007. 587/tcp open submission
  1008. 993/tcp open imaps
  1009. 995/tcp open pop3s
  1010. 3306/tcp open mysql
  1011. 8080/tcp open http-proxy
  1012. 8081/tcp open blackice-icecap
  1013. #######################################################################################################################################
  1014. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:37 EST
  1015. Nmap scan report for 41.67.16.100
  1016. Host is up (0.19s latency).
  1017. Not shown: 2 filtered ports, 1 closed port
  1018. PORT STATE SERVICE
  1019. 53/udp open|filtered domain
  1020. 67/udp open|filtered dhcps
  1021. 68/udp open|filtered dhcpc
  1022. 69/udp open|filtered tftp
  1023. 88/udp open|filtered kerberos-sec
  1024. 123/udp open ntp
  1025. 139/udp open|filtered netbios-ssn
  1026. 161/udp open|filtered snmp
  1027. 162/udp open|filtered snmptrap
  1028. 389/udp open|filtered ldap
  1029. 520/udp open|filtered route
  1030. #######################################################################################################################################
  1031. # general
  1032. (gen) banner: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
  1033. (gen) software: OpenSSH 7.2p2
  1034. (gen) compatibility: OpenSSH 7.2+, Dropbear SSH 2013.62+
  1035. (gen) compression: enabled (zlib@openssh.com)
  1036.  
  1037. # key exchange algorithms
  1038. (kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
  1039. (kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
  1040. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1041. (kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
  1042. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1043. (kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
  1044. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1045. (kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
  1046. `- [info] available since OpenSSH 4.4
  1047. (kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
  1048. `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
  1049.  
  1050. # host-key algorithms
  1051. (key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
  1052. (key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
  1053. (key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
  1054. (key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
  1055. `- [warn] using weak random number generator could reveal the key
  1056. `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
  1057. (key) ssh-ed25519 -- [info] available since OpenSSH 6.5
  1058.  
  1059. # encryption algorithms (ciphers)
  1060. (enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
  1061. `- [info] default cipher since OpenSSH 6.9.
  1062. (enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  1063. (enc) aes192-ctr -- [info] available since OpenSSH 3.7
  1064. (enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
  1065. (enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
  1066. (enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
  1067.  
  1068. # message authentication code algorithms
  1069. (mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
  1070. `- [info] available since OpenSSH 6.2
  1071. (mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
  1072. (mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
  1073. (mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
  1074. (mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
  1075. `- [info] available since OpenSSH 6.2
  1076. (mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
  1077. `- [warn] using small 64-bit tag size
  1078. `- [info] available since OpenSSH 4.7
  1079. (mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
  1080. `- [info] available since OpenSSH 6.2
  1081. (mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
  1082. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  1083. (mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
  1084. `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
  1085. (mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
  1086. `- [warn] using weak hashing algorithm
  1087. `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
  1088.  
  1089. # algorithm recommendations (for OpenSSH 7.2)
  1090. (rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
  1091. (rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
  1092. (rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
  1093. (rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
  1094. (rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
  1095. (rec) -hmac-sha2-512 -- mac algorithm to remove
  1096. (rec) -umac-128@openssh.com -- mac algorithm to remove
  1097. (rec) -hmac-sha2-256 -- mac algorithm to remove
  1098. (rec) -umac-64@openssh.com -- mac algorithm to remove
  1099. (rec) -hmac-sha1 -- mac algorithm to remove
  1100. (rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
  1101. (rec) -umac-64-etm@openssh.com -- mac algorithm to remove
  1102. #######################################################################################################################################
  1103. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:37 EST
  1104. NSE: [ssh-run] Failed to specify credentials and command to run.
  1105. NSE: [ssh-brute] Trying username/password pair: root:root
  1106. NSE: [ssh-brute] Trying username/password pair: admin:admin
  1107. NSE: [ssh-brute] Trying username/password pair: administrator:administrator
  1108. NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
  1109. Nmap scan report for 41.67.16.100
  1110. Host is up (0.28s latency).
  1111.  
  1112. PORT STATE SERVICE VERSION
  1113. 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)
  1114. | ssh-auth-methods:
  1115. | Supported authentication methods:
  1116. | publickey
  1117. |_ password
  1118. | ssh-hostkey:
  1119. |_ 2048 32:f3:27:b1:b7:a6:c3:1c:73:ec:54:c8:8f:06:5c:50 (RSA)
  1120. |_ssh-publickey-acceptance: ERROR: Script execution failed (use -d to debug)
  1121. |_ssh-run: Failed to specify credentials and command to run.
  1122. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1123. Device type: general purpose
  1124. Running (JUST GUESSING): Linux 3.X|4.X (90%)
  1125. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
  1126. Aggressive OS guesses: Linux 3.10 - 3.16 (90%), Linux 3.11 - 4.1 (89%), Linux 4.4 (89%), Linux 3.2.0 (87%), Linux 3.16 (86%)
  1127. No exact OS matches for host (test conditions non-ideal).
  1128. Network Distance: 20 hops
  1129. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1130.  
  1131. TRACEROUTE (using port 22/tcp)
  1132. HOP RTT ADDRESS
  1133. 1 170.57 ms 10.251.200.1
  1134. 2 171.51 ms 213.184.122.97
  1135. 3 170.60 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
  1136. 4 170.61 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
  1137. 5 220.34 ms 212.179.124.153
  1138. 6 170.63 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
  1139. 7 220.78 ms 89.149.180.45
  1140. 8 231.89 ms et-0-0-17.cr11-fra2.ip4.gtt.net (89.149.136.130)
  1141. 9 226.05 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  1142. 10 219.66 ms be3187.ccr42.fra03.atlas.cogentco.com (130.117.1.118)
  1143. 11 231.94 ms be3073.ccr52.zrh02.atlas.cogentco.com (130.117.0.61)
  1144. 12 231.91 ms be3072.ccr51.zrh02.atlas.cogentco.com (130.117.0.17)
  1145. 13 243.83 ms be3081.ccr22.mrs01.atlas.cogentco.com (130.117.49.113)
  1146. 14 ... 15
  1147. 16 297.08 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  1148. 17 ...
  1149. 18 280.67 ms 196.1.197.234
  1150. 19 284.15 ms 196.1.197.234
  1151. 20 276.30 ms 41.67.16.100
  1152. #######################################################################################################################################
  1153. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:48 EST
  1154. Nmap scan report for 41.67.16.100
  1155. Host is up (0.28s latency).
  1156.  
  1157. PORT STATE SERVICE VERSION
  1158. 53/tcp open domain ISC BIND 9.10.3-P4 (Ubuntu Linux)
  1159. |_dns-fuzz: Server didn't response to our probe, can't fuzz
  1160. |_dns-nsec-enum: Can't determine domain for host 41.67.16.100; use dns-nsec-enum.domains script arg.
  1161. |_dns-nsec3-enum: Can't determine domain for host 41.67.16.100; use dns-nsec3-enum.domains script arg.
  1162. | dns-nsid:
  1163. |_ bind.version: 9.10.3-P4-Ubuntu
  1164. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1165. Aggressive OS guesses: Linux 3.11 - 4.1 (98%), Linux 3.16 (98%), Linux 4.4 (98%), Linux 3.18 (98%), HP MSM410 WAP (97%), Linux 2.6.32 (97%), Linux 2.6.32 - 2.6.35 (97%), Linux 2.6.35 (97%), Linux 2.6.36 (97%), IGEL UD3 thin client (Linux 2.6) (97%)
  1166. No exact OS matches for host (test conditions non-ideal).
  1167. Network Distance: 20 hops
  1168. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1169.  
  1170. Host script results:
  1171. |_dns-brute: Can't guess domain of "41.67.16.100"; use dns-brute.domain script argument.
  1172.  
  1173. TRACEROUTE (using port 53/tcp)
  1174. HOP RTT ADDRESS
  1175. 1 171.62 ms 10.251.200.1
  1176. 2 173.01 ms 213.184.122.97
  1177. 3 172.21 ms 82.80.246.9
  1178. 4 172.27 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
  1179. 5 172.51 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
  1180. 6 225.42 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
  1181. 7 233.70 ms bzq-179-161-218.pop.bezeqint.net (212.179.161.218)
  1182. 8 222.68 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  1183. 9 223.87 ms 89.149.180.226
  1184. 10 224.35 ms be3187.ccr42.fra03.atlas.cogentco.com (130.117.1.118)
  1185. 11 220.37 ms be3187.ccr42.fra03.atlas.cogentco.com (130.117.1.118)
  1186. 12 230.85 ms be3072.ccr51.zrh02.atlas.cogentco.com (130.117.0.17)
  1187. 13 294.33 ms stc.demarc.cogentco.com (149.14.124.106)
  1188. 14 239.76 ms be3080.ccr21.mrs01.atlas.cogentco.com (130.117.49.1)
  1189. 15 ... 16
  1190. 17 281.31 ms 196.1.197.233
  1191. 18 292.13 ms 196.1.197.234
  1192. 19 283.69 ms 196.1.197.234
  1193. 20 278.54 ms 41.67.16.100
  1194. #######################################################################################################################################
  1195. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:49 EST
  1196. Nmap scan report for 41.67.16.100
  1197. Host is up (0.058s latency).
  1198.  
  1199. PORT STATE SERVICE VERSION
  1200. 67/udp open|filtered dhcps
  1201. |_dhcp-discover: ERROR: Script execution failed (use -d to debug)
  1202. Too many fingerprints match this host to give specific OS details
  1203. Network Distance: 18 hops
  1204.  
  1205. TRACEROUTE (using proto 1/icmp)
  1206. HOP RTT ADDRESS
  1207. 1 169.54 ms 10.251.200.1
  1208. 2 170.96 ms 213.184.122.97
  1209. 3 169.75 ms 82.80.246.9
  1210. 4 222.13 ms 62.219.189.185
  1211. 5 219.16 ms bzq-219-189-78.dsl.bezeqint.net (62.219.189.78)
  1212. 6 219.67 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
  1213. 7 219.66 ms et-0-0-53.cr11-fra2.ip4.gtt.net (89.149.180.45)
  1214. 8 219.18 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  1215. 9 218.96 ms be3186.ccr41.fra03.atlas.cogentco.com (130.117.0.1)
  1216. 10 234.94 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
  1217. 11 235.39 ms be3092.ccr21.mrs01.atlas.cogentco.com (130.117.49.154)
  1218. 12 283.24 ms stc.demarc.cogentco.com (149.14.124.98)
  1219. 13 ...
  1220. 14 289.79 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  1221. 15 277.26 ms 212.0.131.9
  1222. 16 278.25 ms 196.1.197.233
  1223. 17 279.69 ms 196.1.197.234
  1224. 18 277.25 ms 41.67.16.100
  1225. #######################################################################################################################################
  1226. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:51 EST
  1227. Nmap scan report for 41.67.16.100
  1228. Host is up (0.057s latency).
  1229.  
  1230. PORT STATE SERVICE VERSION
  1231. 68/udp open|filtered dhcpc
  1232. Too many fingerprints match this host to give specific OS details
  1233. Network Distance: 18 hops
  1234.  
  1235. TRACEROUTE (using proto 1/icmp)
  1236. HOP RTT ADDRESS
  1237. 1 168.72 ms 10.251.200.1
  1238. 2 169.88 ms 213.184.122.97
  1239. 3 168.74 ms 82.80.246.9
  1240. 4 221.34 ms 62.219.189.185
  1241. 5 218.42 ms bzq-219-189-78.dsl.bezeqint.net (62.219.189.78)
  1242. 6 218.99 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
  1243. 7 219.01 ms et-0-0-53.cr11-fra2.ip4.gtt.net (89.149.180.45)
  1244. 8 218.41 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  1245. 9 218.40 ms be3186.ccr41.fra03.atlas.cogentco.com (130.117.0.1)
  1246. 10 233.78 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
  1247. 11 234.25 ms be3092.ccr21.mrs01.atlas.cogentco.com (130.117.49.154)
  1248. 12 285.16 ms stc.demarc.cogentco.com (149.14.124.98)
  1249. 13 ...
  1250. 14 289.18 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  1251. 15 275.44 ms 212.0.131.9
  1252. 16 281.93 ms 196.1.197.233
  1253. 17 275.47 ms 196.1.197.234
  1254. 18 275.44 ms 41.67.16.100
  1255. #######################################################################################################################################
  1256. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:52 EST
  1257. Nmap scan report for 41.67.16.100
  1258. Host is up (0.058s latency).
  1259.  
  1260. PORT STATE SERVICE VERSION
  1261. 69/udp open|filtered tftp
  1262. Too many fingerprints match this host to give specific OS details
  1263. Network Distance: 18 hops
  1264.  
  1265. TRACEROUTE (using proto 1/icmp)
  1266. HOP RTT ADDRESS
  1267. 1 170.37 ms 10.251.200.1
  1268. 2 171.51 ms 213.184.122.97
  1269. 3 170.59 ms 82.80.246.9
  1270. 4 223.66 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
  1271. 5 220.04 ms bzq-219-189-78.dsl.bezeqint.net (62.219.189.78)
  1272. 6 226.32 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
  1273. 7 223.71 ms 89.149.180.226
  1274. 8 222.95 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  1275. 9 222.99 ms be3186.ccr41.fra03.atlas.cogentco.com (130.117.0.1)
  1276. 10 238.76 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
  1277. 11 239.44 ms be3092.ccr21.mrs01.atlas.cogentco.com (130.117.49.154)
  1278. 12 285.79 ms stc.demarc.cogentco.com (149.14.124.98)
  1279. 13 ...
  1280. 14 287.89 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  1281. 15 277.50 ms 212.0.131.9
  1282. 16 278.89 ms 196.1.197.233
  1283. 17 277.71 ms 196.1.197.234
  1284. 18 276.93 ms 41.67.16.100
  1285. #######################################################################################################################################
  1286.  
  1287. wig - WebApp Information Gatherer
  1288.  
  1289.  
  1290. Scanning http://41.67.16.100...
  1291. _________________ SITE INFO __________________
  1292. IP Title
  1293. 41.67.16.100 Index of /
  1294.  
  1295. __________________ VERSION ___________________
  1296. Name Versions Type
  1297. Roundcube CMS
  1298. Apache 2.4.18 Platform
  1299. Ubuntu 16.04 OS
  1300.  
  1301. ______________________________________________
  1302. Time: 34.1 sec Urls: 419 Fingerprints: 40401
  1303. #######################################################################################################################################
  1304. HTTP/1.1 200 OK
  1305. Date: Thu, 28 Feb 2019 08:55:38 GMT
  1306. Server: Apache/2.4.18 (Ubuntu)
  1307. Content-Type: text/html;charset=UTF-8
  1308.  
  1309. HTTP/1.1 200 OK
  1310. Date: Thu, 28 Feb 2019 08:55:38 GMT
  1311. Server: Apache/2.4.18 (Ubuntu)
  1312. Content-Type: text/html;charset=UTF-8
  1313. ######################################################################################################################################
  1314. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:55 EST
  1315. Nmap scan report for 41.67.16.100
  1316. Host is up (0.28s latency).
  1317.  
  1318. PORT STATE SERVICE VERSION
  1319. 110/tcp open pop3 Dovecot pop3d
  1320. | pop3-brute:
  1321. | Accounts: No valid accounts found
  1322. | Statistics: Performed 32 guesses in 30 seconds, average tps: 0.9
  1323. |_ ERROR: Failed to connect.
  1324. |_pop3-capabilities: UIDL STLS CAPA RESP-CODES AUTH-RESP-CODE SASL(PLAIN LOGIN) PIPELINING USER TOP
  1325. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1326. Device type: general purpose
  1327. Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (90%)
  1328. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
  1329. Aggressive OS guesses: Linux 3.10 - 3.12 (90%), Linux 4.4 (90%), Linux 4.9 (90%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 (86%), Linux 3.10 - 3.16 (86%), Linux 4.0 (86%)
  1330. No exact OS matches for host (test conditions non-ideal).
  1331. Network Distance: 19 hops
  1332.  
  1333. TRACEROUTE (using port 110/tcp)
  1334. HOP RTT ADDRESS
  1335. 1 169.27 ms 10.251.200.1
  1336. 2 170.82 ms 213.184.122.97
  1337. 3 169.34 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
  1338. 4 169.92 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
  1339. 5 170.35 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
  1340. 6 218.68 ms bzq-161-218.pop.bezeqint.net (212.179.161.218)
  1341. 7 218.39 ms bzq-161-218.pop.bezeqint.net (212.179.161.218)
  1342. 8 219.90 ms 89.149.180.45
  1343. 9 221.95 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  1344. 10 218.41 ms be3187.ccr42.fra03.atlas.cogentco.com (130.117.1.118)
  1345. 11 237.26 ms be2800.ccr42.par01.atlas.cogentco.com (154.54.58.238)
  1346. 12 241.79 ms be3092.ccr21.mrs01.atlas.cogentco.com (130.117.49.154)
  1347. 13 247.98 ms be3073.ccr52.zrh02.atlas.cogentco.com (130.117.0.61)
  1348. 14 293.34 ms stc.demarc.cogentco.com (149.14.124.98)
  1349. 15 298.29 ms stc.demarc.cogentco.com (149.14.124.106)
  1350. 16 294.71 ms 84.235.111.161
  1351. 17 283.32 ms 196.1.197.233
  1352. 18 281.84 ms 196.1.197.234
  1353. 19 283.31 ms 41.67.16.100
  1354. #######################################################################################################################################
  1355. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:56 EST
  1356. Nmap scan report for 41.67.16.100
  1357. Host is up (0.28s latency).
  1358.  
  1359. PORT STATE SERVICE VERSION
  1360. 123/udp open ntp?
  1361. | ntp-info:
  1362. |_ receive time stamp: 2019-02-28T08:58:54
  1363. Too many fingerprints match this host to give specific OS details
  1364. Network Distance: 21 hops
  1365.  
  1366. TRACEROUTE (using port 123/udp)
  1367. HOP RTT ADDRESS
  1368. 1 168.14 ms 10.251.200.1
  1369. 2 169.83 ms 213.184.122.97
  1370. 3 168.19 ms 82.80.246.9
  1371. 4 220.69 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
  1372. 5 218.31 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
  1373. 6 220.10 ms bzq-219-189-126.cablep.bezeqint.net (62.219.189.126)
  1374. 7 220.74 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
  1375. 8 220.72 ms et-0-0-17.cr11-fra2.ip4.gtt.net (89.149.136.130)
  1376. 9 220.17 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  1377. 10 225.37 ms be2960.ccr22.muc03.atlas.cogentco.com (154.54.36.254)
  1378. 11 220.58 ms be3187.ccr42.fra03.atlas.cogentco.com (130.117.1.118)
  1379. 12 238.86 ms be3092.ccr21.mrs01.atlas.cogentco.com (130.117.49.154)
  1380. 13 240.27 ms 130.117.50.166
  1381. 14 ...
  1382. 15 293.70 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  1383. 16 286.85 ms 212.0.131.9
  1384. 17 296.69 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  1385. 18 279.63 ms 212.0.131.9
  1386. 19 277.00 ms 196.1.197.234
  1387. 20 279.73 ms 196.1.197.234
  1388. 21 281.47 ms 41.67.16.100
  1389. #######################################################################################################################################
  1390. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 03:58 EST
  1391. Nmap scan report for 41.67.16.100
  1392. Host is up (0.28s latency).
  1393.  
  1394. PORT STATE SERVICE VERSION
  1395. 161/tcp closed snmp
  1396. 161/udp closed snmp
  1397. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1398. Aggressive OS guesses: AXIS 205 Network Camera, Buffalo TeraStation NAS device, Linksys WAP54G WAP, or Sony SNC-RZ50N network camera (96%), Barracuda Web Filter (96%), Dell Remote Access Controller (DRAC 6) (96%), Android 5.0.1 (96%), Linux 2.6.18 (96%), Linux 2.6.22 (96%), Linux 2.6.35 (96%), Linux 2.6.5 (96%), Linux 2.6.9 - 2.6.18 (96%), Linux 3.10 (96%)
  1399. No exact OS matches for host (test conditions non-ideal).
  1400. Network Distance: 18 hops
  1401.  
  1402. TRACEROUTE (using proto 1/icmp)
  1403. HOP RTT ADDRESS
  1404. 1 170.63 ms 10.251.200.1
  1405. 2 170.95 ms 213.184.122.97
  1406. 3 193.50 ms 82.80.246.9
  1407. 4 229.98 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
  1408. 5 225.41 ms bzq-219-189-78.dsl.bezeqint.net (62.219.189.78)
  1409. 6 226.53 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
  1410. 7 226.01 ms 89.149.180.226
  1411. 8 225.58 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  1412. 9 225.42 ms be3186.ccr41.fra03.atlas.cogentco.com (130.117.0.1)
  1413. 10 237.34 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
  1414. 11 237.52 ms be3092.ccr21.mrs01.atlas.cogentco.com (130.117.49.154)
  1415. 12 285.70 ms stc.demarc.cogentco.com (149.14.124.98)
  1416. 13 ...
  1417. 14 293.96 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  1418. 15 277.31 ms 212.0.131.9
  1419. 16 277.98 ms 196.1.197.233
  1420. 17 278.01 ms 196.1.197.234
  1421. 18 278.02 ms 41.67.16.100
  1422. #######################################################################################################################################
  1423. Version: 1.11.12-static
  1424. OpenSSL 1.0.2-chacha (1.0.2g-dev)
  1425.  
  1426. Connected to 41.67.16.100
  1427.  
  1428. Testing SSL server 41.67.16.100 on port 443 using SNI name 41.67.16.100
  1429.  
  1430. TLS Fallback SCSV:
  1431. Server does not support TLS Fallback SCSV
  1432.  
  1433. TLS renegotiation:
  1434. Session renegotiation not supported
  1435.  
  1436. TLS Compression:
  1437. Compression disabled
  1438.  
  1439. Heartbleed:
  1440. TLS 1.2 not vulnerable to heartbleed
  1441. TLS 1.1 not vulnerable to heartbleed
  1442. TLS 1.0 not vulnerable to heartbleed
  1443.  
  1444. Supported Server Cipher(s):
  1445. #######################################################################################################################################
  1446. [+] Yasuo found phpMyAdmin at https://41.67.16.100:8080/phpmyadmin/. May require form based auth
  1447. I, [2019-02-28T04:03:13.906963 #9542] INFO -- : Double-checking if the application implements a login page and initiating login bruteforce, hold on tight...
  1448. [+] Trying app-specific default creds first -> admin:admin
  1449.  
  1450. Could not find default login credentials, sucks
  1451. [+] Yasuo found phpMyAdmin at http://41.67.16.100:8081/phpmyadmin/. May require form based auth
  1452. I, [2019-02-28T04:04:10.370921 #9542] INFO -- : Double-checking if the application implements a login page and initiating login bruteforce, hold on tight...
  1453. [+] Trying app-specific default creds first -> admin:admin
  1454.  
  1455. Could not find default login credentials, sucks
  1456. --------------------------------------------------------
  1457. <<<Yasuo discovered following vulnerable applications>>>
  1458. --------------------------------------------------------
  1459. +------------+---------------------------------------+--------------------------------------------------+-----------+-----------+
  1460. | App Name | URL to Application | Potential Exploit | Username | Password |
  1461. +------------+---------------------------------------+--------------------------------------------------+-----------+-----------+
  1462. | phpMyAdmin | https://41.67.16.100:8080/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | Not Found | Not Found |
  1463. | phpMyAdmin | http://41.67.16.100:8081/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | Not Found | Not Found |
  1464. +------------+---------------------------------------+--------------------------------------------------+-----------+-----------+
  1465. #######################################################################################################################################
  1466. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 04:05 EST
  1467. NSE: Loaded 148 scripts for scanning.
  1468. NSE: Script Pre-scanning.
  1469. NSE: Starting runlevel 1 (of 2) scan.
  1470. Initiating NSE at 04:05
  1471. Completed NSE at 04:05, 0.00s elapsed
  1472. NSE: Starting runlevel 2 (of 2) scan.
  1473. Initiating NSE at 04:05
  1474. Completed NSE at 04:05, 0.00s elapsed
  1475. Initiating Ping Scan at 04:05
  1476. Scanning 41.67.16.100 [4 ports]
  1477. Completed Ping Scan at 04:05, 0.32s elapsed (1 total hosts)
  1478. Initiating Parallel DNS resolution of 1 host. at 04:05
  1479. Completed Parallel DNS resolution of 1 host. at 04:05, 0.03s elapsed
  1480. Initiating Connect Scan at 04:05
  1481. Scanning 41.67.16.100 [1000 ports]
  1482. Discovered open port 8080/tcp on 41.67.16.100
  1483. Discovered open port 443/tcp on 41.67.16.100
  1484. Discovered open port 80/tcp on 41.67.16.100
  1485. Discovered open port 3306/tcp on 41.67.16.100
  1486. Discovered open port 587/tcp on 41.67.16.100
  1487. Discovered open port 53/tcp on 41.67.16.100
  1488. Discovered open port 21/tcp on 41.67.16.100
  1489. Discovered open port 22/tcp on 41.67.16.100
  1490. Discovered open port 465/tcp on 41.67.16.100
  1491. Discovered open port 8081/tcp on 41.67.16.100
  1492. Completed Connect Scan at 04:06, 42.62s elapsed (1000 total ports)
  1493. Initiating Service scan at 04:06
  1494. Scanning 10 services on 41.67.16.100
  1495. Completed Service scan at 04:06, 19.64s elapsed (10 services on 1 host)
  1496. Initiating OS detection (try #1) against 41.67.16.100
  1497. adjust_timeouts2: packet supposedly had rtt of -1099576 microseconds. Ignoring time.
  1498. adjust_timeouts2: packet supposedly had rtt of -1099576 microseconds. Ignoring time.
  1499. adjust_timeouts2: packet supposedly had rtt of -1081895 microseconds. Ignoring time.
  1500. adjust_timeouts2: packet supposedly had rtt of -1081895 microseconds. Ignoring time.
  1501. adjust_timeouts2: packet supposedly had rtt of -1094926 microseconds. Ignoring time.
  1502. adjust_timeouts2: packet supposedly had rtt of -1094926 microseconds. Ignoring time.
  1503. adjust_timeouts2: packet supposedly had rtt of -646725 microseconds. Ignoring time.
  1504. adjust_timeouts2: packet supposedly had rtt of -646725 microseconds. Ignoring time.
  1505. adjust_timeouts2: packet supposedly had rtt of -149779 microseconds. Ignoring time.
  1506. adjust_timeouts2: packet supposedly had rtt of -149779 microseconds. Ignoring time.
  1507. Retrying OS detection (try #2) against 41.67.16.100
  1508. adjust_timeouts2: packet supposedly had rtt of -306272 microseconds. Ignoring time.
  1509. adjust_timeouts2: packet supposedly had rtt of -306272 microseconds. Ignoring time.
  1510. adjust_timeouts2: packet supposedly had rtt of -150711 microseconds. Ignoring time.
  1511. adjust_timeouts2: packet supposedly had rtt of -150711 microseconds. Ignoring time.
  1512. Initiating Traceroute at 04:07
  1513. Completed Traceroute at 04:07, 3.21s elapsed
  1514. Initiating Parallel DNS resolution of 17 hosts. at 04:07
  1515. Completed Parallel DNS resolution of 17 hosts. at 04:07, 16.50s elapsed
  1516. NSE: Script scanning 41.67.16.100.
  1517. NSE: Starting runlevel 1 (of 2) scan.
  1518. Initiating NSE at 04:07
  1519. NSE Timing: About 99.26% done; ETC: 04:07 (0:00:00 remaining)
  1520. NSE Timing: About 99.34% done; ETC: 04:08 (0:00:00 remaining)
  1521. NSE Timing: About 99.56% done; ETC: 04:08 (0:00:00 remaining)
  1522. NSE Timing: About 99.93% done; ETC: 04:09 (0:00:00 remaining)
  1523. NSE Timing: About 99.93% done; ETC: 04:09 (0:00:00 remaining)
  1524. NSE Timing: About 99.93% done; ETC: 04:10 (0:00:00 remaining)
  1525. NSE Timing: About 99.93% done; ETC: 04:10 (0:00:00 remaining)
  1526. NSE Timing: About 99.93% done; ETC: 04:11 (0:00:00 remaining)
  1527. NSE Timing: About 99.93% done; ETC: 04:11 (0:00:00 remaining)
  1528. NSE Timing: About 99.93% done; ETC: 04:12 (0:00:00 remaining)
  1529. NSE Timing: About 99.93% done; ETC: 04:12 (0:00:00 remaining)
  1530. NSE Timing: About 99.93% done; ETC: 04:13 (0:00:00 remaining)
  1531. NSE Timing: About 99.93% done; ETC: 04:13 (0:00:00 remaining)
  1532. NSE Timing: About 99.93% done; ETC: 04:14 (0:00:00 remaining)
  1533. NSE Timing: About 99.93% done; ETC: 04:14 (0:00:00 remaining)
  1534. NSE Timing: About 99.93% done; ETC: 04:15 (0:00:00 remaining)
  1535. NSE Timing: About 99.93% done; ETC: 04:15 (0:00:00 remaining)
  1536. NSE Timing: About 99.93% done; ETC: 04:16 (0:00:00 remaining)
  1537. NSE Timing: About 99.93% done; ETC: 04:16 (0:00:00 remaining)
  1538. NSE Timing: About 99.93% done; ETC: 04:17 (0:00:00 remaining)
  1539. NSE Timing: About 99.93% done; ETC: 04:17 (0:00:00 remaining)
  1540. NSE Timing: About 99.93% done; ETC: 04:18 (0:00:00 remaining)
  1541. NSE Timing: About 99.93% done; ETC: 04:19 (0:00:01 remaining)
  1542. NSE Timing: About 99.93% done; ETC: 04:19 (0:00:01 remaining)
  1543. NSE Timing: About 99.93% done; ETC: 04:20 (0:00:01 remaining)
  1544. NSE Timing: About 99.93% done; ETC: 04:20 (0:00:01 remaining)
  1545. NSE Timing: About 99.93% done; ETC: 04:21 (0:00:01 remaining)
  1546. NSE Timing: About 99.93% done; ETC: 04:21 (0:00:01 remaining)
  1547. NSE Timing: About 99.93% done; ETC: 04:22 (0:00:01 remaining)
  1548. NSE Timing: About 99.93% done; ETC: 04:22 (0:00:01 remaining)
  1549. NSE Timing: About 99.93% done; ETC: 04:23 (0:00:01 remaining)
  1550. NSE Timing: About 99.93% done; ETC: 04:23 (0:00:01 remaining)
  1551. NSE Timing: About 99.93% done; ETC: 04:24 (0:00:01 remaining)
  1552. NSE Timing: About 99.93% done; ETC: 04:24 (0:00:01 remaining)
  1553. NSE Timing: About 99.93% done; ETC: 04:25 (0:00:01 remaining)
  1554. NSE Timing: About 99.93% done; ETC: 04:25 (0:00:01 remaining)
  1555. NSE Timing: About 99.93% done; ETC: 04:26 (0:00:01 remaining)
  1556. NSE Timing: About 99.93% done; ETC: 04:26 (0:00:01 remaining)
  1557. NSE Timing: About 99.93% done; ETC: 04:27 (0:00:01 remaining)
  1558. NSE Timing: About 99.93% done; ETC: 04:27 (0:00:01 remaining)
  1559. NSE Timing: About 99.93% done; ETC: 04:28 (0:00:01 remaining)
  1560. NSE Timing: About 99.93% done; ETC: 04:28 (0:00:01 remaining)
  1561. NSE Timing: About 99.93% done; ETC: 04:29 (0:00:01 remaining)
  1562. NSE Timing: About 99.93% done; ETC: 04:29 (0:00:01 remaining)
  1563. NSE Timing: About 99.93% done; ETC: 04:30 (0:00:01 remaining)
  1564. NSE Timing: About 99.93% done; ETC: 04:30 (0:00:01 remaining)
  1565. NSE Timing: About 99.93% done; ETC: 04:31 (0:00:01 remaining)
  1566. NSE Timing: About 99.93% done; ETC: 04:31 (0:00:01 remaining)
  1567. NSE Timing: About 99.93% done; ETC: 04:32 (0:00:01 remaining)
  1568. NSE Timing: About 99.93% done; ETC: 04:32 (0:00:01 remaining)
  1569. NSE Timing: About 99.93% done; ETC: 04:33 (0:00:01 remaining)
  1570. NSE Timing: About 99.93% done; ETC: 04:33 (0:00:01 remaining)
  1571. NSE Timing: About 99.93% done; ETC: 04:34 (0:00:01 remaining)
  1572. NSE Timing: About 99.93% done; ETC: 04:34 (0:00:01 remaining)
  1573. NSE Timing: About 99.93% done; ETC: 04:35 (0:00:01 remaining)
  1574. NSE Timing: About 99.93% done; ETC: 04:35 (0:00:01 remaining)
  1575. NSE Timing: About 99.93% done; ETC: 04:36 (0:00:01 remaining)
  1576. NSE Timing: About 99.93% done; ETC: 04:36 (0:00:01 remaining)
  1577. NSE Timing: About 99.93% done; ETC: 04:37 (0:00:01 remaining)
  1578. NSE Timing: About 99.93% done; ETC: 04:37 (0:00:01 remaining)
  1579. NSE Timing: About 99.93% done; ETC: 04:38 (0:00:01 remaining)
  1580. NSE Timing: About 99.93% done; ETC: 04:38 (0:00:01 remaining)
  1581. NSE Timing: About 99.93% done; ETC: 04:39 (0:00:01 remaining)
  1582. NSE Timing: About 99.93% done; ETC: 04:39 (0:00:01 remaining)
  1583. NSE Timing: About 99.93% done; ETC: 04:40 (0:00:01 remaining)
  1584. NSE Timing: About 99.93% done; ETC: 04:40 (0:00:01 remaining)
  1585. NSE Timing: About 99.93% done; ETC: 04:41 (0:00:01 remaining)
  1586. NSE Timing: About 99.93% done; ETC: 04:41 (0:00:02 remaining)
  1587. NSE Timing: About 99.93% done; ETC: 04:42 (0:00:02 remaining)
  1588. NSE Timing: About 99.93% done; ETC: 04:42 (0:00:02 remaining)
  1589. NSE Timing: About 99.93% done; ETC: 04:43 (0:00:02 remaining)
  1590. NSE Timing: About 99.93% done; ETC: 04:43 (0:00:02 remaining)
  1591. NSE Timing: About 99.93% done; ETC: 04:44 (0:00:02 remaining)
  1592. NSE Timing: About 99.93% done; ETC: 04:44 (0:00:02 remaining)
  1593. NSE Timing: About 99.93% done; ETC: 04:45 (0:00:02 remaining)
  1594. NSE Timing: About 99.93% done; ETC: 04:45 (0:00:02 remaining)
  1595. NSE Timing: About 99.93% done; ETC: 04:46 (0:00:02 remaining)
  1596. NSE Timing: About 99.93% done; ETC: 04:46 (0:00:02 remaining)
  1597. NSE Timing: About 99.93% done; ETC: 04:47 (0:00:02 remaining)
  1598. NSE Timing: About 99.93% done; ETC: 04:47 (0:00:02 remaining)
  1599. NSE Timing: About 99.93% done; ETC: 04:48 (0:00:02 remaining)
  1600. NSE Timing: About 99.93% done; ETC: 04:48 (0:00:02 remaining)
  1601. NSE Timing: About 99.93% done; ETC: 04:49 (0:00:02 remaining)
  1602. NSE Timing: About 99.93% done; ETC: 04:49 (0:00:02 remaining)
  1603. NSE Timing: About 99.93% done; ETC: 04:50 (0:00:02 remaining)
  1604. NSE Timing: About 99.93% done; ETC: 04:50 (0:00:02 remaining)
  1605. NSE Timing: About 99.93% done; ETC: 04:51 (0:00:02 remaining)
  1606. NSE Timing: About 99.93% done; ETC: 04:51 (0:00:02 remaining)
  1607. NSE Timing: About 99.93% done; ETC: 04:52 (0:00:02 remaining)
  1608. NSE Timing: About 99.93% done; ETC: 04:52 (0:00:02 remaining)
  1609. NSE Timing: About 99.93% done; ETC: 04:53 (0:00:02 remaining)
  1610. NSE Timing: About 99.93% done; ETC: 04:53 (0:00:02 remaining)
  1611. NSE Timing: About 99.93% done; ETC: 04:54 (0:00:02 remaining)
  1612. NSE Timing: About 99.93% done; ETC: 04:54 (0:00:02 remaining)
  1613. NSE Timing: About 99.93% done; ETC: 04:55 (0:00:02 remaining)
  1614. NSE Timing: About 99.93% done; ETC: 04:55 (0:00:02 remaining)
  1615. Completed NSE at 04:55, 2897.82s elapsed
  1616. NSE: Starting runlevel 2 (of 2) scan.
  1617. Initiating NSE at 04:55
  1618. Completed NSE at 04:55, 0.00s elapsed
  1619. Nmap scan report for 41.67.16.100
  1620. Host is up, received echo-reply ttl 53 (0.27s latency).
  1621. Scanned at 2019-02-28 04:05:56 EST for 2990s
  1622. Not shown: 804 closed ports, 186 filtered ports
  1623. Reason: 804 conn-refused and 186 no-responses
  1624. PORT STATE SERVICE REASON VERSION
  1625. 21/tcp open ftp syn-ack Pure-FTPd
  1626. 22/tcp open ssh syn-ack OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)
  1627. | ssh-hostkey:
  1628. | 2048 32:f3:27:b1:b7:a6:c3:1c:73:ec:54:c8:8f:06:5c:50 (RSA)
  1629. | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNPXg6L0KwTWytsqTVF0wIfPiV/XJ/sdXA9qyaP2/JjsQLFaMVriwmXSWFYc4wpdLQRYIt9/bN2f/8Ser18jsVHG0/MSs+3eqpO3tIjE4JTlFoDWf+T2i8qE76u33HA7fQqlieuwQjeAhl8eh6+5jJqUY+mfG7g99IRgm3GkPSV+wwMCkPvcr9u5LTH+qv/AdRb3kyOmzcvbl7GW1mpTDcACyl8wEZCai1wETFPNnwJvdp2TtWGhNJtpDNfSYyXPc23agSmZBuML3ijIX+SNg9tjtCmxQDOkRH/HExAXZcN+hnHogoq+uU5Dx/wgqpQ7Zvy/TqOfPI2WcNL1Y14Tzh
  1630. | 256 9d:d5:05:cb:53:4d:ff:4e:56:81:7f:66:da:17:48:96 (ECDSA)
  1631. | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMC8HiJrUaV1XTLJysPxLdtX2SWRkqYWRZykOuEXXKVUtBOxAN4Ttwf7ZM6fg7Z0OB1fubUE4j6UHJC/615MF4g=
  1632. | 256 2a:ae:51:6c:d3:75:35:3e:65:64:d8:16:66:11:16:2c (ED25519)
  1633. |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNwDS2ozTOnIJUW2eZaW0pgjawA58ACNQkj4OmHVpkE
  1634. 53/tcp open domain syn-ack ISC BIND 9.10.3-P4 (Ubuntu Linux)
  1635. | dns-nsid:
  1636. |_ bind.version: 9.10.3-P4-Ubuntu
  1637. 80/tcp open http syn-ack Apache httpd 2.4.18
  1638. | http-ls: Volume /
  1639. | SIZE TIME FILENAME
  1640. | - 2018-08-16 18:53 apps/
  1641. | - 2018-08-16 15:05 html/
  1642. | - 2018-08-16 18:55 ispconfig/
  1643. | - 2019-02-28 06:25 webalizer/
  1644. |_
  1645. | http-methods:
  1646. |_ Supported Methods: GET HEAD POST OPTIONS
  1647. |_http-server-header: Apache/2.4.18 (Ubuntu)
  1648. |_http-title: Index of /
  1649. 443/tcp open ssl/https syn-ack Apache/2.4.18 (Ubuntu)
  1650. | http-methods:
  1651. |_ Supported Methods: GET HEAD POST OPTIONS
  1652. |_http-server-header: Apache/2.4.18 (Ubuntu)
  1653. |_http-title: Apache2 Ubuntu Default Page: It works
  1654. 465/tcp open ssl/smtp syn-ack Postfix smtpd
  1655. |_smtp-commands: Couldn't establish connection on port 465
  1656. | ssl-cert: Subject: commonName=newpanel.sudren.edu.sd/organizationName=MOHE/stateOrProvinceName=Khartoum/countryName=SD/emailAddress=samir.elfadil@sudren.edu.sd/localityName=Khartoum/organizationalUnitName=IT
  1657. | Issuer: commonName=newpanel.sudren.edu.sd/organizationName=MOHE/stateOrProvinceName=Khartoum/countryName=SD/emailAddress=samir.elfadil@sudren.edu.sd/localityName=Khartoum/organizationalUnitName=IT
  1658. | Public Key type: rsa
  1659. | Public Key bits: 4096
  1660. | Signature Algorithm: sha256WithRSAEncryption
  1661. | Not valid before: 2018-08-16T16:52:22
  1662. | Not valid after: 2028-08-13T16:52:22
  1663. | MD5: bb86 8249 b108 d0a2 fa96 d141 e351 2a2c
  1664. | SHA-1: 7401 7714 fb52 beb7 d3c2 e420 1dae 6ff9 6c3f 646f
  1665. | -----BEGIN CERTIFICATE-----
  1666. | MIIGDTCCA/WgAwIBAgIJAOfiBMKFFEveMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
  1667. | VQQGEwJTRDERMA8GA1UECAwIS2hhcnRvdW0xETAPBgNVBAcMCEtoYXJ0b3VtMQ0w
  1668. | CwYDVQQKDARNT0hFMQswCQYDVQQLDAJJVDEfMB0GA1UEAwwWbmV3cGFuZWwuc3Vk
  1669. | cmVuLmVkdS5zZDEqMCgGCSqGSIb3DQEJARYbc2FtaXIuZWxmYWRpbEBzdWRyZW4u
  1670. | ZWR1LnNkMB4XDTE4MDgxNjE2NTIyMloXDTI4MDgxMzE2NTIyMlowgZwxCzAJBgNV
  1671. | BAYTAlNEMREwDwYDVQQIDAhLaGFydG91bTERMA8GA1UEBwwIS2hhcnRvdW0xDTAL
  1672. | BgNVBAoMBE1PSEUxCzAJBgNVBAsMAklUMR8wHQYDVQQDDBZuZXdwYW5lbC5zdWRy
  1673. | ZW4uZWR1LnNkMSowKAYJKoZIhvcNAQkBFhtzYW1pci5lbGZhZGlsQHN1ZHJlbi5l
  1674. | ZHUuc2QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz5ba4bQpcMK+x
  1675. | r9zgOMCf3JBDnHgnrsrqBQWvM0PXnJ/D2HpqyL7Rp3d6YPuthy/RfE7+YxIp9gPR
  1676. | s2JS8CU16bGQ75GqUkyNd5mp8KGgd/GX0ISOzwXeMv6G8COrGomopoWyuFdOx/Ic
  1677. | y38RGz2H7kAYoq1SrOQcck8/618jBv18pMD/eXjnoUoP+tTUvjpPyDWlfsrTSpEc
  1678. | NLM5ZIn/CJx6gs31Mnk4qeSA3D3N1QdVarYhsk7Mm6JP1gizLvC5P/ACD2i40We2
  1679. | Uet0ZeGS6zVunA3Ejsau4aeYNz5EYvX3oQq8DFUfto8k/a5NNssGIuNL7RU0ffPB
  1680. | kp0tkTNtWtXC2n0uERnA4C6nxkT0EeZVHPk8Mg8BhfBl5gueE3QI7G78Q/K4HIYh
  1681. | Jd5H9C3GXhrJGLIoVejfIjMTuE0scD0m4P64zTLhjPqeqUEUrLZQkd2SQnBQul7v
  1682. | QLdE6vpFtB9ZdMECGXnf1zHDraae5fdTf4uJ0EBTcf10LsxuJrTCHa5KhDE34QNv
  1683. | X2aDylp6c7Z2qJ53ow1j+fOBufLo/+Oq3PcxeKy0DfhhCZwyt7cl5oxZzB/ogS5V
  1684. | 7tM8iMu2I5ALAufI41+yFs+HlCJPOd8bq3UQmuRO9dcQxk8ocKsKUej6qs3ReZKD
  1685. | 79mETu/C728Alxx0vD1lo0AMc9bUDwIDAQABo1AwTjAdBgNVHQ4EFgQUZkGKH7Kv
  1686. | iqtz5PkAPqk4voT629wwHwYDVR0jBBgwFoAUZkGKH7Kviqtz5PkAPqk4voT629ww
  1687. | DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAQfvYtz36nsucpqH3+CDZ
  1688. | D/maaug9wzGC0Ei78pBQ/XL3slQFk/joddJGhOGVviiu2BYeUKxh5uKlwpz5CCH8
  1689. | Jml2syllvrp0jMGiCAfmTxRdiBNGgjtbTxPQszvjBS2cVU4j70lrfbwo7+blif5D
  1690. | BidjCy1fKAePVSjQJBYeKt4js8yHGOqrjOwQFCis+8m0EME5V5ZDrHC8ppivLHk7
  1691. | lo0H+eAqkxbeGipUyBQXpTA8rlJ6+lNuQfVQ6x6okl8y3E1Ex1uv+jH2skReh/VW
  1692. | YFWH/1iCpX1sfJ5X0H2gfxH4KVGWVVnX+HWrvtksC4Pu9Oz4zoN0U4x9afbOFZOQ
  1693. | iscoE2GWgAoO0BPErLw1wSk7jcMm6CMIFOLG4Nn08RQlw4kNWMRXEmQxdpdp/vST
  1694. | mIhO2yRZhe+o9mUNpA/LW7Oplm930oRAGOorjsNlE77JYWNd1AaA9uhaQapP4P6g
  1695. | bsLHUJBfwWToLUodb0hYcy8Yr7K9cLDg/FIcQq6auHAzjz9GFHJ7S0aFzvgcZqbg
  1696. | 6qhxizz8ESPOWZnl6rBYVCWjx+XrcZNgH+lzk1m8t5e59CzKEzguxq3lMJKFUPoG
  1697. | edAjU+36N8GRyAlHDJ9DrmBfz/EaLVP4AmEVxw3Gd3SjT+pnfM+B6Zeveoj66tyh
  1698. | SGeI6BH1K3rHqGlnpa+O1O0=
  1699. |_-----END CERTIFICATE-----
  1700. |_ssl-date: TLS randomness does not represent time
  1701. 587/tcp open smtp syn-ack Postfix smtpd
  1702. |_smtp-commands: newpanel.sudren.edu.sd, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
  1703. | ssl-cert: Subject: commonName=newpanel.sudren.edu.sd/organizationName=MOHE/stateOrProvinceName=Khartoum/countryName=SD/emailAddress=samir.elfadil@sudren.edu.sd/localityName=Khartoum/organizationalUnitName=IT
  1704. | Issuer: commonName=newpanel.sudren.edu.sd/organizationName=MOHE/stateOrProvinceName=Khartoum/countryName=SD/emailAddress=samir.elfadil@sudren.edu.sd/localityName=Khartoum/organizationalUnitName=IT
  1705. | Public Key type: rsa
  1706. | Public Key bits: 4096
  1707. | Signature Algorithm: sha256WithRSAEncryption
  1708. | Not valid before: 2018-08-16T16:52:22
  1709. | Not valid after: 2028-08-13T16:52:22
  1710. | MD5: bb86 8249 b108 d0a2 fa96 d141 e351 2a2c
  1711. | SHA-1: 7401 7714 fb52 beb7 d3c2 e420 1dae 6ff9 6c3f 646f
  1712. | -----BEGIN CERTIFICATE-----
  1713. | MIIGDTCCA/WgAwIBAgIJAOfiBMKFFEveMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
  1714. | VQQGEwJTRDERMA8GA1UECAwIS2hhcnRvdW0xETAPBgNVBAcMCEtoYXJ0b3VtMQ0w
  1715. | CwYDVQQKDARNT0hFMQswCQYDVQQLDAJJVDEfMB0GA1UEAwwWbmV3cGFuZWwuc3Vk
  1716. | cmVuLmVkdS5zZDEqMCgGCSqGSIb3DQEJARYbc2FtaXIuZWxmYWRpbEBzdWRyZW4u
  1717. | ZWR1LnNkMB4XDTE4MDgxNjE2NTIyMloXDTI4MDgxMzE2NTIyMlowgZwxCzAJBgNV
  1718. | BAYTAlNEMREwDwYDVQQIDAhLaGFydG91bTERMA8GA1UEBwwIS2hhcnRvdW0xDTAL
  1719. | BgNVBAoMBE1PSEUxCzAJBgNVBAsMAklUMR8wHQYDVQQDDBZuZXdwYW5lbC5zdWRy
  1720. | ZW4uZWR1LnNkMSowKAYJKoZIhvcNAQkBFhtzYW1pci5lbGZhZGlsQHN1ZHJlbi5l
  1721. | ZHUuc2QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz5ba4bQpcMK+x
  1722. | r9zgOMCf3JBDnHgnrsrqBQWvM0PXnJ/D2HpqyL7Rp3d6YPuthy/RfE7+YxIp9gPR
  1723. | s2JS8CU16bGQ75GqUkyNd5mp8KGgd/GX0ISOzwXeMv6G8COrGomopoWyuFdOx/Ic
  1724. | y38RGz2H7kAYoq1SrOQcck8/618jBv18pMD/eXjnoUoP+tTUvjpPyDWlfsrTSpEc
  1725. | NLM5ZIn/CJx6gs31Mnk4qeSA3D3N1QdVarYhsk7Mm6JP1gizLvC5P/ACD2i40We2
  1726. | Uet0ZeGS6zVunA3Ejsau4aeYNz5EYvX3oQq8DFUfto8k/a5NNssGIuNL7RU0ffPB
  1727. | kp0tkTNtWtXC2n0uERnA4C6nxkT0EeZVHPk8Mg8BhfBl5gueE3QI7G78Q/K4HIYh
  1728. | Jd5H9C3GXhrJGLIoVejfIjMTuE0scD0m4P64zTLhjPqeqUEUrLZQkd2SQnBQul7v
  1729. | QLdE6vpFtB9ZdMECGXnf1zHDraae5fdTf4uJ0EBTcf10LsxuJrTCHa5KhDE34QNv
  1730. | X2aDylp6c7Z2qJ53ow1j+fOBufLo/+Oq3PcxeKy0DfhhCZwyt7cl5oxZzB/ogS5V
  1731. | 7tM8iMu2I5ALAufI41+yFs+HlCJPOd8bq3UQmuRO9dcQxk8ocKsKUej6qs3ReZKD
  1732. | 79mETu/C728Alxx0vD1lo0AMc9bUDwIDAQABo1AwTjAdBgNVHQ4EFgQUZkGKH7Kv
  1733. | iqtz5PkAPqk4voT629wwHwYDVR0jBBgwFoAUZkGKH7Kviqtz5PkAPqk4voT629ww
  1734. | DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAQfvYtz36nsucpqH3+CDZ
  1735. | D/maaug9wzGC0Ei78pBQ/XL3slQFk/joddJGhOGVviiu2BYeUKxh5uKlwpz5CCH8
  1736. | Jml2syllvrp0jMGiCAfmTxRdiBNGgjtbTxPQszvjBS2cVU4j70lrfbwo7+blif5D
  1737. | BidjCy1fKAePVSjQJBYeKt4js8yHGOqrjOwQFCis+8m0EME5V5ZDrHC8ppivLHk7
  1738. | lo0H+eAqkxbeGipUyBQXpTA8rlJ6+lNuQfVQ6x6okl8y3E1Ex1uv+jH2skReh/VW
  1739. | YFWH/1iCpX1sfJ5X0H2gfxH4KVGWVVnX+HWrvtksC4Pu9Oz4zoN0U4x9afbOFZOQ
  1740. | iscoE2GWgAoO0BPErLw1wSk7jcMm6CMIFOLG4Nn08RQlw4kNWMRXEmQxdpdp/vST
  1741. | mIhO2yRZhe+o9mUNpA/LW7Oplm930oRAGOorjsNlE77JYWNd1AaA9uhaQapP4P6g
  1742. | bsLHUJBfwWToLUodb0hYcy8Yr7K9cLDg/FIcQq6auHAzjz9GFHJ7S0aFzvgcZqbg
  1743. | 6qhxizz8ESPOWZnl6rBYVCWjx+XrcZNgH+lzk1m8t5e59CzKEzguxq3lMJKFUPoG
  1744. | edAjU+36N8GRyAlHDJ9DrmBfz/EaLVP4AmEVxw3Gd3SjT+pnfM+B6Zeveoj66tyh
  1745. | SGeI6BH1K3rHqGlnpa+O1O0=
  1746. |_-----END CERTIFICATE-----
  1747. 3306/tcp open mysql syn-ack MySQL 5.5.5-10.0.34-MariaDB-0ubuntu0.16.04.1
  1748. | mysql-info:
  1749. | Protocol: 10
  1750. | Version: 5.5.5-10.0.34-MariaDB-0ubuntu0.16.04.1
  1751. | Thread ID: 804926
  1752. | Capabilities flags: 63487
  1753. | Some Capabilities: SupportsLoadDataLocal, FoundRows, Speaks41ProtocolOld, SupportsTransactions, LongPassword, DontAllowDatabaseTableColumn, ODBCClient, LongColumnFlag, InteractiveClient, ConnectWithDatabase, IgnoreSpaceBeforeParenthesis, Speaks41ProtocolNew, SupportsCompression, Support41Auth, IgnoreSigpipes, SupportsMultipleResults, SupportsMultipleStatments, SupportsAuthPlugins
  1754. | Status: Autocommit
  1755. | Salt: Oay_QV<hxD)>>]7;`S]\
  1756. |_ Auth Plugin Name: 111
  1757. 8080/tcp open ssl/http syn-ack Apache httpd 2.4.18 ((Ubuntu))
  1758. |_http-favicon: Unknown favicon MD5: 7E61FFC63662F7EB3AD2E406856E059B
  1759. | http-methods:
  1760. |_ Supported Methods: GET HEAD POST OPTIONS
  1761. | http-robots.txt: 1 disallowed entry
  1762. |_/
  1763. |_http-server-header: Apache/2.4.18 (Ubuntu)
  1764. | http-title: 400 Bad Request
  1765. |_Requested resource was /login/
  1766. | ssl-cert: Subject: commonName=newpanel.sudren.edu.sd/organizationName=MOHE/stateOrProvinceName=Khartoum/countryName=SD/emailAddress=samir.elfadil@sudren.edu.sd/localityName=Khartoum/organizationalUnitName=IT
  1767. | Issuer: commonName=newpanel.sudren.edu.sd/organizationName=MOHE/stateOrProvinceName=Khartoum/countryName=SD/emailAddress=samir.elfadil@sudren.edu.sd/localityName=Khartoum/organizationalUnitName=IT
  1768. | Public Key type: rsa
  1769. | Public Key bits: 4096
  1770. | Signature Algorithm: sha256WithRSAEncryption
  1771. | Not valid before: 2018-08-16T16:55:17
  1772. | Not valid after: 2028-08-13T16:55:17
  1773. | MD5: 6e34 4dca 4d98 64db dd86 9fea be10 0f56
  1774. | SHA-1: 3680 3197 916d 8b2e e4ef 4d58 80de 877d 4b8b 99c0
  1775. | -----BEGIN CERTIFICATE-----
  1776. | MIIGDTCCA/WgAwIBAgIJAPz7yZP7OAfhMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
  1777. | VQQGEwJTRDERMA8GA1UECAwIS2hhcnRvdW0xETAPBgNVBAcMCEtoYXJ0b3VtMQ0w
  1778. | CwYDVQQKDARNT0hFMQswCQYDVQQLDAJJVDEfMB0GA1UEAwwWbmV3cGFuZWwuc3Vk
  1779. | cmVuLmVkdS5zZDEqMCgGCSqGSIb3DQEJARYbc2FtaXIuZWxmYWRpbEBzdWRyZW4u
  1780. | ZWR1LnNkMB4XDTE4MDgxNjE2NTUxN1oXDTI4MDgxMzE2NTUxN1owgZwxCzAJBgNV
  1781. | BAYTAlNEMREwDwYDVQQIDAhLaGFydG91bTERMA8GA1UEBwwIS2hhcnRvdW0xDTAL
  1782. | BgNVBAoMBE1PSEUxCzAJBgNVBAsMAklUMR8wHQYDVQQDDBZuZXdwYW5lbC5zdWRy
  1783. | ZW4uZWR1LnNkMSowKAYJKoZIhvcNAQkBFhtzYW1pci5lbGZhZGlsQHN1ZHJlbi5l
  1784. | ZHUuc2QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDOP/7izh1Vzixa
  1785. | fnqNzciDdAuV4mkDZ+3aQQGn4QOKNbORTc19HGySY/BcdynjxZ7Q8c5/5vzw+L5k
  1786. | agrfZWwVJ9FlW6g+XM3yDXkBLTOIYVM8l21Foa+d/Pp+efttAZujK4LLG08+hjMt
  1787. | W7X4dSpfsunpxTTC5XHqZ07btd4QanIgM1IeE/m2UWq5Q+g2wcWMvrOiY41HgiYJ
  1788. | EDWSFoaC846NQEbrQ3dYaqGOS/POo7bJsCPSf9uZsKxOvYrhTl7tfIEWLNXLXeSx
  1789. | ggWXQdy7IkqLxpWyp7UITT9/laLr/RlJo8OVzUSPKRZOPLkCN56orHe4NjNbJ60N
  1790. | dWowf6ANC0uO6kJgb++nXsX7zg/iM5zY1oZeQ0zV8j80V03JGEygMO47XIDEzKJN
  1791. | Giz5jLZM/AZ5QxIbfLVTnU/WcQ9FZtUybJ9G0IjkyzOTNMg9xibtvRVpEURbeEJ2
  1792. | 1u88e648pyGEWDfOCqEATXkKt/5iDxKL4lk1+VKYsPomPOObcpUJ0PLBNwIMPHxz
  1793. | nILNbqSYEFB+m2eUJT+Sjt/OqFotCbVDTZbtX0/YHF9S17RzLTpofV05eBNY5Zu7
  1794. | 4/X1vimbwPZpOUFT6KUeFKsTavoUgSuOae/nSHRWgJooixZTZyYL1ljJQj6Z+dB1
  1795. | Rh4HPnUwK0Zp2ad2jEEav1OwbKz0TwIDAQABo1AwTjAdBgNVHQ4EFgQU/gaUDDp9
  1796. | Za7ZLLAXk7ezdbtegb0wHwYDVR0jBBgwFoAU/gaUDDp9Za7ZLLAXk7ezdbtegb0w
  1797. | DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAt0h4EHi1t+dQknVdFBnZ
  1798. | yAX6+GKUXIyVL+SEGcwxz1WiDvL47W+VP2+Lgw9N+yt3jNbnWnFGF3rZ2u4MpoFr
  1799. | fe8Zsc4G85Z5ahuU46UpgeO/buCFD7UxLV9NsxQkgIHtWqSB7k5yWKLvn4H7WwDH
  1800. | jbu08yYd7yrKp0F+SZ4gRojnMuBAjMq62PFT/vSBK5ui2nHZ1a9ccAfyxtmafbsR
  1801. | 2mTBgJMInmjy/vTfDDakHGW/xbjH19cg5Ip4txS0Ke4h60ZX3ETeJbwSvIWKbBVa
  1802. | u+FI1k7jEW/X6rTDc2Sreixv942GtCaSun+n6gDSCLtMbW2g6oPP4QM9oDc/zLHu
  1803. | yaXbNzq8Y5QOiQdpc/VodFH+F8k9sxrBGa7/nSMt+lWGfp4UOf3pXhD8ZYRPMacS
  1804. | MmPV+QxMwXq2Z1qJqA4p3ROfGlBkHvrSkg9Vro1DOHaR6RkFtww1cbHxBNQkFdPY
  1805. | LkolpTh1q/lAoKx620DucRAr8YElqwlD6rGybqygrtzjKKBekEHySonkY3HAiQcU
  1806. | H7MxR4Kvw59NgXEAILMwoPzILSk3orQW64H+vNMAQ7dKrPNkHoqeBjFaztxecLHc
  1807. | gFi3ZtNVPGul5XLuypsFFV+CjTChMpRsHFSnA/ZbEe0lJ4ZgbtENnHW1rCAFWTiY
  1808. | lsBCzuW4lZQx6Xhv8CfJ/WE=
  1809. |_-----END CERTIFICATE-----
  1810. |_ssl-date: TLS randomness does not represent time
  1811. 8081/tcp open http syn-ack Apache httpd 2.4.18
  1812. | http-methods:
  1813. |_ Supported Methods: GET HEAD POST OPTIONS
  1814. |_http-server-header: Apache/2.4.18 (Ubuntu)
  1815. |_http-title: Index of /
  1816. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
  1817. Aggressive OS guesses: Linux 3.5 (98%), DD-WRT v24-sp1 (Linux 2.4) (97%), Linux 2.6.32 (97%), Linux 3.1 - 3.2 (97%), Linux 3.11 - 4.1 (97%), Linux 3.16 (97%), Linux 4.4 (97%), Linux 3.18 (97%), HP MSM410 WAP (96%), Linux 2.6.32 - 2.6.35 (96%)
  1818. No exact OS matches for host (test conditions non-ideal).
  1819. TCP/IP fingerprint:
  1820. SCAN(V=7.70%E=4%D=2/28%OT=21%CT=1%CU=%PV=N%DS=18%DC=T%G=N%TM=5C77B022%P=x86_64-pc-linux-gnu)
  1821. SEQ(TS=8)
  1822. SEQ(TI=Z%TS=8)
  1823. OPS(O1=M4B3ST11NW7%O2=M4B3ST11NW7%O3=M4B3NNT11NW7%O4=M4B3ST11NW7%O5=M4B3ST11NW7%O6=M4B3ST11)
  1824. WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
  1825. ECN(R=Y%DF=Y%TG=40%W=7210%O=M4B3NNSNW7%CC=Y%Q=)
  1826. T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
  1827. T2(R=N)
  1828. T3(R=N)
  1829. T4(R=N)
  1830. T5(R=Y%DF=Y%TG=40%W=0%S=O%A=S+%F=AR%O=%RD=0%Q=)
  1831. T6(R=N)
  1832. T7(R=N)
  1833. U1(R=N)
  1834. IE(R=Y%DFI=N%TG=40%CD=S)
  1835.  
  1836. Uptime guess: 30.856 days (since Mon Jan 28 08:23:43 2019)
  1837. Network Distance: 18 hops
  1838. IP ID Sequence Generation: All zeros
  1839. Service Info: Hosts: newweb.sudren.edu.sd, newpanel.sudren.edu.sd; OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1840.  
  1841. TRACEROUTE (using proto 1/icmp)
  1842. HOP RTT ADDRESS
  1843. 1 173.30 ms 10.251.200.1
  1844. 2 174.71 ms 213.184.122.97
  1845. 3 174.07 ms 82.80.246.9
  1846. 4 225.95 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
  1847. 5 223.22 ms bzq-219-189-78.dsl.bezeqint.net (62.219.189.78)
  1848. 6 223.54 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
  1849. 7 223.25 ms 89.149.180.226
  1850. 8 223.25 ms be3108.agr41.fra03.atlas.cogentco.com (130.117.15.149)
  1851. 9 223.24 ms be3186.ccr41.fra03.atlas.cogentco.com (130.117.0.1)
  1852. 10 237.61 ms be2799.ccr41.par01.atlas.cogentco.com (154.54.58.234)
  1853. 11 241.33 ms be3092.ccr21.mrs01.atlas.cogentco.com (130.117.49.154)
  1854. 12 288.25 ms stc.demarc.cogentco.com (149.14.124.98)
  1855. 13 ...
  1856. 14 288.50 ms 84-235-111-161.igw.com.sa (84.235.111.161)
  1857. 15 274.91 ms 212.0.131.9
  1858. 16 276.26 ms 196.1.197.233
  1859. 17 276.28 ms 196.1.197.234
  1860. 18 274.87 ms 41.67.16.100
  1861.  
  1862. NSE: Script Post-scanning.
  1863. NSE: Starting runlevel 1 (of 2) scan.
  1864. Initiating NSE at 04:55
  1865. Completed NSE at 04:55, 0.00s elapsed
  1866. NSE: Starting runlevel 2 (of 2) scan.
  1867. Initiating NSE at 04:55
  1868. Completed NSE at 04:55, 0.00s elapsed
  1869. Read data files from: /usr/bin/../share/nmap
  1870. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1871. Nmap done: 1 IP address (1 host up) scanned in 2990.16 seconds
  1872. Raw packets sent: 144 (11.362KB) | Rcvd: 13193 (7.460MB)
  1873. #######################################################################################################################################
  1874. Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-28 04:55 EST
  1875. NSE: Loaded 148 scripts for scanning.
  1876. NSE: Script Pre-scanning.
  1877. Initiating NSE at 04:55
  1878. Completed NSE at 04:55, 0.00s elapsed
  1879. Initiating NSE at 04:55
  1880. Completed NSE at 04:55, 0.00s elapsed
  1881. Initiating Parallel DNS resolution of 1 host. at 04:55
  1882. Completed Parallel DNS resolution of 1 host. at 04:56, 16.50s elapsed
  1883. Initiating UDP Scan at 04:56
  1884. Scanning 41.67.16.100 [14 ports]
  1885. Completed UDP Scan at 04:56, 2.55s elapsed (14 total ports)
  1886. Initiating Service scan at 04:56
  1887. Scanning 12 services on 41.67.16.100
  1888. Discovered open port 53/udp on 41.67.16.100
  1889. Discovered open|filtered port 53/udp on 41.67.16.100 is actually open
  1890. Service scan Timing: About 8.33% done; ETC: 05:07 (0:10:27 remaining)
  1891. Completed Service scan at 04:57, 97.56s elapsed (12 services on 1 host)
  1892. Initiating OS detection (try #1) against 41.67.16.100
  1893. Retrying OS detection (try #2) against 41.67.16.100
  1894. Initiating Traceroute at 04:57
  1895. Completed Traceroute at 04:57, 7.22s elapsed
  1896. Initiating Parallel DNS resolution of 1 host. at 04:57
  1897. Completed Parallel DNS resolution of 1 host. at 04:57, 0.02s elapsed
  1898. NSE: Script scanning 41.67.16.100.
  1899. Initiating NSE at 04:57
  1900. Discovered open port 123/udp on 41.67.16.100
  1901. Completed NSE at 04:58, 10.58s elapsed
  1902. Initiating NSE at 04:58
  1903. Completed NSE at 04:58, 1.34s elapsed
  1904. Nmap scan report for 41.67.16.100
  1905. Host is up (0.21s latency).
  1906.  
  1907. PORT STATE SERVICE VERSION
  1908. 53/udp open domain?
  1909. | dns-nsid:
  1910. |_ bind.version: 9.10.3-P4-Ubuntu
  1911. 67/udp open|filtered dhcps
  1912. 68/udp open|filtered dhcpc
  1913. 69/udp open|filtered tftp
  1914. 88/udp open|filtered kerberos-sec
  1915. 123/udp open ntp?
  1916. | ntp-info:
  1917. |_ receive time stamp: 2019-02-28T09:58:02
  1918. 137/udp filtered netbios-ns
  1919. 138/udp filtered netbios-dgm
  1920. 139/udp open|filtered netbios-ssn
  1921. 161/udp open|filtered snmp
  1922. 162/udp open|filtered snmptrap
  1923. 389/udp open|filtered ldap
  1924. 520/udp open|filtered route
  1925. 2049/udp open|filtered nfs
  1926. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  1927. SF-Port53-UDP:V=7.70%I=7%D=2/28%Time=5C77B060%P=x86_64-pc-linux-gnu%r(NTPR
  1928. SF:equest,11,"\xe3\0\x80\x11\0\x01\0\0\0\0\0\0\0\0\0\0\0");
  1929. Too many fingerprints match this host to give specific OS details
  1930.  
  1931. Host script results:
  1932. |_clock-skew: mean: 4s, deviation: 0s, median: 4s
  1933.  
  1934. TRACEROUTE (using port 137/udp)
  1935. HOP RTT ADDRESS
  1936. 1 168.47 ms 10.251.200.1
  1937. 2 ... 3
  1938. 4 167.21 ms 10.251.200.1
  1939. 5 168.86 ms 10.251.200.1
  1940. 6 168.86 ms 10.251.200.1
  1941. 7 168.85 ms 10.251.200.1
  1942. 8 168.85 ms 10.251.200.1
  1943. 9 168.85 ms 10.251.200.1
  1944. 10 168.88 ms 10.251.200.1
  1945. 11 ... 18
  1946. 19 170.62 ms 10.251.200.1
  1947. 20 166.97 ms 10.251.200.1
  1948. 21 ... 28
  1949. 29 167.40 ms 10.251.200.1
  1950. 30 168.32 ms 10.251.200.1
  1951.  
  1952. NSE: Script Post-scanning.
  1953. Initiating NSE at 04:58
  1954. Completed NSE at 04:58, 0.00s elapsed
  1955. Initiating NSE at 04:58
  1956. Completed NSE at 04:58, 0.00s elapsed
  1957. Read data files from: /usr/bin/../share/nmap
  1958. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  1959. Nmap done: 1 IP address (1 host up) scanned in 142.45 seconds
  1960. Raw packets sent: 135 (11.658KB) | Rcvd: 37 (4.045KB)
  1961. #######################################################################################################################################
  1962. ---------------------------------------------------------------------------------------------------------------------------------------
  1963. + Target IP: 41.67.16.100
  1964. + Target Hostname: 41.67.16.100
  1965. + Target Port: 80
  1966. + Start Time: 2019-02-28 03:36:50 (GMT-5)
  1967. ---------------------------------------------------------------------------------------------------------------------------------------
  1968. + Server: Apache/2.4.18 (Ubuntu)
  1969. + The anti-clickjacking X-Frame-Options header is not present.
  1970. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1971. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1972. + OSVDB-3268: /: Directory indexing found.
  1973. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
  1974. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
  1975. + Scan terminated: 20 error(s) and 5 item(s) reported on remote host
  1976. + End Time: 2019-02-28 03:39:49 (GMT-5) (179 seconds)
  1977. ---------------------------------------------------------------------------------------------------------------------------------------
  1978. #######################################################################################################################################
  1979. ---------------------------------------------------------------------------------------------------------------------------------------
  1980. + Target IP: 41.67.16.100
  1981. + Target Hostname: 41.67.16.100
  1982. + Target Port: 443
  1983. + Start Time: 2019-02-28 04:18:28 (GMT-5)
  1984. ---------------------------------------------------------------------------------------------------------------------------------------
  1985. + Server: Apache/2.4.18 (Ubuntu)
  1986. + Server leaks inodes via ETags, header found with file /, fields: 0x2c39 0x5738d18cac15d
  1987. + The anti-clickjacking X-Frame-Options header is not present.
  1988. + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
  1989. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
  1990. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
  1991. + ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
  1992. + Scan terminated: 20 error(s) and 5 item(s) reported on remote host
  1993. + End Time: 2019-02-28 04:21:28 (GMT-5) (180 seconds)
  1994. ---------------------------------------------------------------------------------------------------------------------------------------
  1995. #######################################################################################################################################
  1996. Anonymous JTSEC #OpSudan Full Recon #24
RAW Paste Data