· 6 years ago · Jun 15, 2019, 05:46 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname whitenilestate.gov.sd ISP NICDC
4Continent Africa Flag
5SD
6Country Sudan Country Code SD
7Region Unknown Local time 15 Jun 2019 06:26 CAT
8City Unknown Postal Code Unknown
9IP Address 62.12.105.3 Latitude 15
10 Longitude 30
11=======================================================================================================================================
12#######################################################################################################################################
13> whitenilestate.gov.sd
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: whitenilestate.gov.sd
19Address: 62.12.105.3
20>
21#######################################################################################################################################
22[+] Target : whitenilestate.gov.sd
23
24[+] IP Address : 62.12.105.3
25
26[+] Headers :
27
28[+] Cache-Control : private
29[+] Content-Type : text/html; charset=utf-8
30[+] Content-Encoding : gzip
31[+] Vary : Accept-Encoding
32[+] Server : Microsoft-IIS/8.5
33[+] X-AspNet-Version : 4.0.30319
34[+] X-Powered-By : ASP.NET
35[+] X-Powered-By-Plesk : PleskWin
36[+] Date : Sat, 15 Jun 2019 04:31:40 GMT
37[+] Content-Length : 6805
38
39[+] SSL Certificate Information :
40
41[-] SSL is not Present on Target URL...Skipping...
42
43[+] Whois Lookup :
44
45[+] NIR : None
46[+] ASN Registry : afrinic
47[+] ASN : 327881
48[+] ASN CIDR : 62.12.105.0/24
49[+] ASN Country Code : SD
50[+] ASN Date : 2015-05-11
51[+] ASN Description : NICDC, SD
52[+] cidr : 62.12.105.0/24
53[+] name : ORG-MoTa1-AFRINIC
54[+] handle : IAEI1-AFRINIC
55[+] range : 62.12.105.0 - 62.12.105.255
56[+] description : National Information Center (NIC)
57[+] country : SD
58[+] state : None
59[+] city : None
60[+] address : National Information Center (NIC)
61[+] postal_code : None
62[+] emails : None
63[+] created : None
64[+] updated : None
65
66[+] Crawling Target...
67
68[+] Looking for robots.txt........[ Not Found ]
69[+] Looking for sitemap.xml.......[ Not Found ]
70[+] Extracting CSS Links..........[ 6 ]
71[+] Extracting Javascript Links...[ 17 ]
72[+] Extracting Internal Links.....[ 0 ]
73[+] Extracting External Links.....[ 10 ]
74[+] Extracting Images.............[ 16 ]
75
76[+] Total Links Extracted : 49
77
78[+] Dumping Links in /opt/FinalRecon/dumps/whitenilestate.gov.sd.dump
79[+] Completed!
80#######################################################################################################################################
81[+] Starting At 2019-06-15 00:31:40.588942
82[+] Collecting Information On: whitenilestate.gov.sd
83[#] Status: 200
84---------------------------------------------------------------------------------------------------------------------------------------
85[#] Web Server Detected: Microsoft-IIS/8.5
86[#] X-Powered-By: ASP.NET
87[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
88- Cache-Control: private
89- Content-Type: text/html; charset=utf-8
90- Content-Encoding: gzip
91- Vary: Accept-Encoding
92- Server: Microsoft-IIS/8.5
93- X-AspNet-Version: 4.0.30319
94- X-Powered-By: ASP.NET
95- X-Powered-By-Plesk: PleskWin
96- Date: Sat, 15 Jun 2019 04:31:35 GMT
97- Content-Length: 6805
98---------------------------------------------------------------------------------------------------------------------------------------
99[#] Finding Location..!
100[#] as: AS327881 National Information Center (NIC)
101[#] city: Khartoum
102[#] country: Sudan
103[#] countryCode: SD
104[#] isp: National Information Center
105[#] lat: 15.5007
106[#] lon: 32.5599
107[#] org: ORG MoTa1 AFRINIC
108[#] query: 62.12.105.3
109[#] region: KH
110[#] regionName: Khartoum
111[#] status: success
112[#] timezone: Africa/Khartoum
113[#] zip:
114---------------------------------------------------------------------------------------------------------------------------------------
115[+] Detected WAF Presence in web application: ASP.NET Generic Web Application Protection
116---------------------------------------------------------------------------------------------------------------------------------------
117[#] Starting Reverse DNS
118[!] Found 4 any Domain
119- moiat.gov.sd
120- ombudsman.gov.sd
121- trafficpolice.gov.sd
122- whitenilestate.gov.sd
123---------------------------------------------------------------------------------------------------------------------------------------
124[!] Scanning Open Port
125[#] 21/tcp open ftp
126[#] 80/tcp open http
127[#] 110/tcp open pop3
128[#] 143/tcp open imap
129[#] 443/tcp open https
130[#] 8443/tcp open https-alt
131---------------------------------------------------------------------------------------------------------------------------------------
132[+] Collecting Information Disclosure!
133#######################################################################################################################################
134[i] Scanning Site: http://whitenilestate.gov.sd
135
136
137
138B A S I C I N F O
139====================
140
141
142[+] Site Title: ولاية النيل الابيض
143[+] IP address: 62.12.105.3
144[+] Web Server: Microsoft-IIS/8.5
145[+] CMS: Could Not Detect
146[+] Cloudflare: Not Detected
147[+] Robots File: Could NOT Find robots.txt!
148#######################################################################################################################################
149
150
151
152
153
154G E O I P L O O K U P
155=========================
156
157[i] IP Address: 62.12.105.3
158[i] Country: Sudan
159[i] State:
160[i] City:
161[i] Latitude: 15.0
162[i] Longitude: 30.0
163#######################################################################################################################################
164
165
166
167H T T P H E A D E R S
168=======================
169
170
171[i] HTTP/1.1 200 OK
172[i] Cache-Control: private
173[i] Content-Type: text/html; charset=utf-8
174[i] Server: Microsoft-IIS/8.5
175[i] X-AspNet-Version: 4.0.30319
176[i] X-Powered-By: ASP.NET
177[i] X-Powered-By-Plesk: PleskWin
178[i] Date: Sat, 15 Jun 2019 04:31:58 GMT
179[i] Connection: close
180[i] Content-Length: 31905
181#######################################################################################################################################
182
183
184
185D N S L O O K U P
186===================
187
188whitenilestate.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017092500 10800 900 604800 86400
189whitenilestate.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
190whitenilestate.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
191whitenilestate.gov.sd. 21599 IN A 62.12.105.3
192whitenilestate.gov.sd. 21599 IN MX 10 mail.whitenilestate.gov.sd.
193whitenilestate.gov.sd. 21599 IN TXT "v=spf1 mx -all"
194#######################################################################################################################################
195
196
197
198S U B N E T C A L C U L A T I O N
199====================================
200
201Address = 62.12.105.3
202Network = 62.12.105.3 / 32
203Netmask = 255.255.255.255
204Broadcast = not needed on Point-to-Point links
205Wildcard Mask = 0.0.0.0
206Hosts Bits = 0
207Max. Hosts = 1 (2^0 - 0)
208Host Range = { 62.12.105.3 - 62.12.105.3 }
209#######################################################################################################################################
210
211
212N M A P P O R T S C A N
213============================
214
215Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 04:32 UTC
216Nmap scan report for whitenilestate.gov.sd (62.12.105.3)
217Host is up (0.20s latency).
218rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
219
220PORT STATE SERVICE
22121/tcp open ftp
22222/tcp filtered ssh
22323/tcp filtered telnet
22480/tcp open http
225110/tcp open pop3
226143/tcp open imap
227443/tcp open https
2283389/tcp filtered ms-wbt-server
229
230Nmap done: 1 IP address (1 host up) scanned in 3.21 seconds
231#######################################################################################################################################
232Enter Address Website = whitenilestate.gov.sd
233
234Reversing IP With HackTarget 'whitenilestate.gov.sd'
235-------------------------------------------------------
236
237[+] eservices.motrb.gov.sd
238[+] mail.nashattolabi.sd
239[+] mail.saec.gov.sd
240[+] mail.test.net.sd
241[+] moiat.gov.sd
242[+] ncsp.gov.sd
243[+] penfund.gov.sd
244[+] saec.gov.sd
245[+] sudanpolice.gov.sd
246[+] test.net.sd
247[+] whitenilestate.gov.sd
248[+] www.sudanpolice.gov.sd
249#######################################################################################################################################
250
251
252Reverse IP With YouGetSignal 'whitenilestate.gov.sd'
253-------------------------------------------------------
254
255[*] IP: 62.12.105.3
256[*] Domain: whitenilestate.gov.sd
257[*] Total Domains: 4
258
259[+] moiat.gov.sd
260[+] ombudsman.gov.sd
261[+] trafficpolice.gov.sd
262[+] whitenilestate.gov.sd
263#######################################################################################################################################
264
265
266Geo IP Lookup 'whitenilestate.gov.sd'
267----------------------------------------
268
269[+] IP Address: 62.12.105.3
270[+] Country: Sudan
271[+] State:
272[+] City:
273[+] Latitude: 15.0
274[+] Longitude: 30.0
275#######################################################################################################################################
276
277Bypass Cloudflare 'whitenilestate.gov.sd'
278--------------------------------------------
279
280
281[!] CloudFlare Bypass 62.12.105.3 | webmail.whitenilestate.gov.sd
282[!] CloudFlare Bypass 62.12.105.3 | mail.whitenilestate.gov.sd
283[!] CloudFlare Bypass 62.12.105.3 | www.whitenilestate.gov.sd
284#######################################################################################################################################
285
286
287DNS Lookup 'whitenilestate.gov.sd'
288-------------------------------------
289
290[+] whitenilestate.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017092500 10800 900 604800 86400
291[+] whitenilestate.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
292[+] whitenilestate.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
293[+] whitenilestate.gov.sd. 21599 IN A 62.12.105.3
294[+] whitenilestate.gov.sd. 21599 IN MX 10 mail.whitenilestate.gov.sd.
295[+] whitenilestate.gov.sd. 21599 IN TXT "v=spf1 mx -all"
296#######################################################################################################################################
297
298
299Show HTTP Header 'whitenilestate.gov.sd'
300-------------------------------------------
301
302[+] HTTP/1.1 200 OK
303[+] Cache-Control: private
304[+] Content-Length: 31905
305[+] Content-Type: text/html; charset=utf-8
306[+] Server: Microsoft-IIS/8.5
307[+] X-AspNet-Version: 4.0.30319
308[+] X-Powered-By: ASP.NET
309[+] X-Powered-By-Plesk: PleskWin
310[+] Date: Sat, 15 Jun 2019 04:32:08 GMT
311#######################################################################################################################################
312
313Port Scan 'whitenilestate.gov.sd'
314------------------------------------
315
316Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 04:32 UTC
317Nmap scan report for whitenilestate.gov.sd (62.12.105.3)
318Host is up (0.20s latency).
319rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
320
321PORT STATE SERVICE
32221/tcp open ftp
32322/tcp filtered ssh
32423/tcp filtered telnet
32580/tcp open http
326110/tcp open pop3
327143/tcp open imap
328443/tcp open https
3293389/tcp filtered ms-wbt-server
330
331Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds
332#######################################################################################################################################
333
334Traceroute 'whitenilestate.gov.sd'
335-------------------------------------
336
337Start: 2019-06-15T04:32:23+0000
338HOST: web01 Loss% Snt Last Avg Best Wrst StDev
339 1.|-- 45.79.12.202 0.0% 3 0.9 0.8 0.7 0.9 0.1
340 2.|-- 45.79.12.6 0.0% 3 0.4 0.5 0.4 0.8 0.2
341 3.|-- 199.245.16.65 0.0% 3 1.8 2.2 1.5 3.1 0.9
342 4.|-- ae-14.r22.dllstx09.us.bb.gin.ntt.net 0.0% 3 1.3 1.3 1.2 1.3 0.0
343 5.|-- ae-1.r22.asbnva02.us.bb.gin.ntt.net 0.0% 3 38.9 39.0 38.9 39.0 0.1
344 6.|-- ae-0.r23.asbnva02.us.bb.gin.ntt.net 0.0% 3 39.5 39.2 39.0 39.5 0.3
345 7.|-- ae-2.r25.amstnl02.nl.bb.gin.ntt.net 0.0% 3 126.0 126.0 126.0 126.0 0.0
346 8.|-- ae-3.r24.amstnl02.nl.bb.gin.ntt.net 0.0% 3 126.6 128.0 126.0 131.4 2.9
347 9.|-- ae-1.r04.parsfr01.fr.bb.gin.ntt.net 0.0% 3 136.0 136.2 136.0 136.5 0.3
348 10.|-- ae-3.r03.parsfr02.fr.bb.gin.ntt.net 0.0% 3 138.3 138.2 138.1 138.3 0.1
349 11.|-- ae-8.r02.parsfr02.fr.bb.gin.ntt.net 0.0% 3 129.1 129.8 129.1 130.8 0.9
350 12.|-- 82.112.96.166 0.0% 3 132.0 132.1 131.7 132.6 0.5
351 13.|-- ae5.0.cjr04.prs001.flagtel.com 0.0% 3 131.2 131.3 131.2 131.3 0.1
352 14.|-- xe-0-0-1.0.pjr04.dxb001.flagtel.com 0.0% 3 258.6 258.6 258.5 258.6 0.1
353 15.|-- 80.77.2.42 0.0% 3 234.1 234.1 234.0 234.1 0.1
354 16.|-- 196.29.177.113 0.0% 3 237.6 237.6 237.6 237.6 0.0
355 17.|-- 197.254.196.62 0.0% 3 242.6 241.7 241.2 242.6 0.8
356 18.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
357#######################################################################################################################################
358Trying "whitenilestate.gov.sd"
359;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56516
360;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 2
361
362;; QUESTION SECTION:
363;whitenilestate.gov.sd. IN ANY
364
365;; ANSWER SECTION:
366whitenilestate.gov.sd. 86400 IN TXT "v=spf1 mx -all"
367whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
368whitenilestate.gov.sd. 86400 IN A 62.12.105.3
369whitenilestate.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017092500 10800 900 604800 86400
370whitenilestate.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
371whitenilestate.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
372
373;; AUTHORITY SECTION:
374whitenilestate.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
375whitenilestate.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
376
377;; ADDITIONAL SECTION:
378ns0.ndc.gov.sd. 14400 IN A 62.12.109.2
379ns1.ndc.gov.sd. 14400 IN A 62.12.109.3
380
381Received 247 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 341 ms
382#######################################################################################################################################
383
384----- whitenilestate.gov.sd -----
385
386
387Host's addresses:
388__________________
389
390whitenilestate.gov.sd. 84744 IN A 62.12.105.3
391
392----------------
393Wildcards test:
394----------------
395 good
396
397
398Name Servers:
399______________
400
401ns1.ndc.gov.sd. 12766 IN A 62.12.109.3
402ns0.ndc.gov.sd. 13071 IN A 62.12.109.2
403
404
405Mail (MX) Servers:
406___________________
407
408mail.whitenilestate.gov.sd. 85077 IN A 62.12.105.3
409
410
411Trying Zone Transfers and getting Bind Versions:
412_________________________________________________
413
414
415Trying Zone Transfer for whitenilestate.gov.sd on ns0.ndc.gov.sd ...
416whitenilestate.gov.sd. 86400 IN SOA (
417whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
418whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
419whitenilestate.gov.sd. 86400 IN A 62.12.105.3
420whitenilestate.gov.sd. 86400 IN MX 10
421whitenilestate.gov.sd. 86400 IN TXT "v=spf1
422mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
423mail.whitenilestate.gov.sd. 86400 IN MX 10
424mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
425webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
426www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
427
428Trying Zone Transfer for whitenilestate.gov.sd on ns1.ndc.gov.sd ...
429whitenilestate.gov.sd. 86400 IN SOA (
430whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
431whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
432whitenilestate.gov.sd. 86400 IN A 62.12.105.3
433whitenilestate.gov.sd. 86400 IN MX 10
434whitenilestate.gov.sd. 86400 IN TXT "v=spf1
435mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
436mail.whitenilestate.gov.sd. 86400 IN MX 10
437mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
438webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
439www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
440
441brute force file not specified, bay.
442#######################################################################################################################################
443
444; <<>> DiG 9.11.5-P4-5-Debian <<>> whitenilestate.gov.sd +dnssec
445;; global options: +cmd
446;; Got answer:
447;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57939
448;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
449
450;; OPT PSEUDOSECTION:
451; EDNS: version: 0, flags: do; udp: 4096
452;; QUESTION SECTION:
453;whitenilestate.gov.sd. IN A
454
455;; ANSWER SECTION:
456whitenilestate.gov.sd. 84667 IN A 62.12.105.3
457
458;; Query time: 112 msec
459;; SERVER: 185.93.180.131#53(185.93.180.131)
460;; WHEN: sam jun 15 00:54:57 EDT 2019
461;; MSG SIZE rcvd: 66
462#######################################################################################################################################
463; <<>> DiG 9.11.5-P4-5-Debian <<>> +trace whitenilestate.gov.sd
464;; global options: +cmd
465. 82451 IN NS l.root-servers.net.
466. 82451 IN NS f.root-servers.net.
467. 82451 IN NS d.root-servers.net.
468. 82451 IN NS a.root-servers.net.
469. 82451 IN NS j.root-servers.net.
470. 82451 IN NS c.root-servers.net.
471. 82451 IN NS g.root-servers.net.
472. 82451 IN NS e.root-servers.net.
473. 82451 IN NS h.root-servers.net.
474. 82451 IN NS m.root-servers.net.
475. 82451 IN NS k.root-servers.net.
476. 82451 IN NS b.root-servers.net.
477. 82451 IN NS i.root-servers.net.
478. 82451 IN RRSIG NS 8 0 518400 20190627170000 20190614160000 25266 . 21CJJEpZ30ZdfNAfEpN6Y8fJ2PN6Y+xtLSWLqeZVbiS8faVrKFmC3zsL EPgetyceuwXArZtOZb8POQU9VOxf3Sr3E0O6X2zPykBd/QnD2mn9u8vh 03tfCQi9ir8M8cHrLEhCyoLCXYmlWHpYZFuxwBLSYk3lNGn6Cn+DAVWa 6JeoLUSX/AJvOIcfq3NfIbh7jrqB8HU1Go+EkmQXe/iMLx1i2C8p+Cgi xpa7LYwEL3x9N22nKpwyWhUAAFFOmIRhkw5b5ijOzVd2u3BBaAbbrnQ0 belHPmKsx+x9b1zjmdOSW8RjI7/GQv+QuobcDELc6D0iEjYeFXozuXiH ys1Qrg==
479;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 117 ms
480
481sd. 172800 IN NS ans2.canar.sd.
482sd. 172800 IN NS sd.cctld.authdns.ripe.net.
483sd. 172800 IN NS ans1.sis.sd.
484sd. 172800 IN NS ns-sd.afrinic.net.
485sd. 172800 IN NS ans1.canar.sd.
486sd. 172800 IN NS ns2.uaenic.ae.
487sd. 172800 IN NS ns1.uaenic.ae.
488sd. 86400 IN NSEC se. NS RRSIG NSEC
489sd. 86400 IN RRSIG NSEC 8 1 86400 20190627170000 20190614160000 25266 . MjKCNtsNQnEJVz5cPYtkXVbByrRTMlQ1myLs8Pi2+FkFic00RpnZnk5w Pg1lbNn4MQZdx9L090dGjNO3WyleHv1t7HznzWMJ8qCENSIcE1uoRe6r Ak9F/wMKEKvQjra906vPpUlLMG3QcnbyhkP/eoRm2qeN7Ig5/Zsx0J6M gE154HbBf0Lehuk+gd6T/pMkxDs4Idb7z0btkGbQtXo2rrj4jSfRpg1R U7xPKgKJfjqp9ns1z+7dxCE9GWRg9El3ssDyi2Nw4YbRs/qPDh/upUFN /4IY0aeTOsumRH/3FBZ7xs0BaVcNU9RG0YcmEXuNyCnvaPQOkdw315my dR7WMQ==
490;; Received 708 bytes from 202.12.27.33#53(m.root-servers.net) in 131 ms
491
492gov.sd. 14400 IN NS sd.cctld.authdns.ripe.net.
493gov.sd. 14400 IN NS ns1.uaenic.ae.
494gov.sd. 14400 IN NS ns2.uaenic.ae.
495gov.sd. 14400 IN NS ans1.sis.sd.
496gov.sd. 14400 IN NS ans1.canar.sd.
497gov.sd. 14400 IN NS ans2.canar.sd.
498gov.sd. 14400 IN NS ns-sd.afrinic.net.
499;; Received 277 bytes from 196.216.168.26#53(ns-sd.afrinic.net) in 296 ms
500
501whitenilestate.gov.sd. 14400 IN NS ns0.ndc.gov.sd.
502whitenilestate.gov.sd. 14400 IN NS ns1.ndc.gov.sd.
503;; Received 122 bytes from 2001:67c:e0::109#53(sd.cctld.authdns.ripe.net) in 105 ms
504
505whitenilestate.gov.sd. 86400 IN A 62.12.105.3
506whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
507whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
508;; Received 138 bytes from 62.12.109.3#53(ns1.ndc.gov.sd) in 248 ms
509#######################################################################################################################################
510[*] Performing General Enumeration of Domain: whitenilestate.gov.sd
511[-] DNSSEC is not configured for whitenilestate.gov.sd
512[*] SOA ns0.ndc.gov.sd 62.12.109.2
513[*] NS ns0.ndc.gov.sd 62.12.109.2
514[*] Bind Version for 62.12.109.2 you guess!
515[*] NS ns1.ndc.gov.sd 62.12.109.3
516[*] Bind Version for 62.12.109.3 you guess!
517[*] MX mail.whitenilestate.gov.sd 62.12.105.3
518[*] A whitenilestate.gov.sd 62.12.105.3
519[*] TXT whitenilestate.gov.sd v=spf1 mx -all
520[*] Enumerating SRV Records
521[-] No SRV Records Found for whitenilestate.gov.sd
522[+] 0 Records Found
523#######################################################################################################################################
524[*] Processing domain whitenilestate.gov.sd
525[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
526[+] Getting nameservers
52762.12.109.2 - ns0.ndc.gov.sd
528[+] Zone transfer sucessful using nameserver ns0.ndc.gov.sd
529whitenilestate.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017092500 10800 900 604800 86400
530whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
531whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
532whitenilestate.gov.sd. 86400 IN A 62.12.105.3
533whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
534whitenilestate.gov.sd. 86400 IN TXT "v=spf1 mx -all"
535mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
536mail.whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
537mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
538webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
539www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
540#######################################################################################################################################
541WhatWeb report for http://whitenilestate.gov.sd
542Status : 200 OK
543Title : ولاية النيل الابيض
544IP : <Unknown>
545Country : <Unknown>
546
547Summary : Script[text/javascript], ASP_NET[4.0.30319], Email[hamdinto@gmail.com], Microsoft-IIS[8.5], JQuery[1.10.2], HTML5, UncommonHeaders[x-powered-by-plesk], Meta-Author[The Red Team], X-UA-Compatible[IE=edge], X-Powered-By[ASP.NET], HTTPServer[Microsoft-IIS/8.5]
548
549Detected Plugins:
550[ ASP_NET ]
551 ASP.NET is a free web framework that enables great Web
552 applications. Used by millions of developers, it runs some
553 of the biggest sites in the world.
554
555 Version : 4.0.30319 (from X-AspNet-Version HTTP header)
556 Google Dorks: (2)
557 Website : http://www.asp.net/
558
559[ Email ]
560 Extract email addresses. Find valid email address and
561 syntactically invalid email addresses from mailto: link
562 tags. We match syntactically invalid links containing
563 mailto: to catch anti-spam email addresses, eg. bob at
564 gmail.com. This uses the simplified email regular
565 expression from
566 http://www.regular-expressions.info/email.html for valid
567 email address matching.
568
569 String : hamdinto@gmail.com
570
571[ HTML5 ]
572 HTML version 5, detected by the doctype declaration
573
574
575[ HTTPServer ]
576 HTTP server header string. This plugin also attempts to
577 identify the operating system from the server header.
578
579 String : Microsoft-IIS/8.5 (from server string)
580
581[ JQuery ]
582 A fast, concise, JavaScript that simplifies how to traverse
583 HTML documents, handle events, perform animations, and add
584 AJAX.
585
586 Version : 1.10.2
587 Website : http://jquery.com/
588
589[ Meta-Author ]
590 This plugin retrieves the author name from the meta name
591 tag - info:
592 http://www.webmarketingnow.com/tips/meta-tags-uncovered.html
593 #author
594
595 String : The Red Team
596
597[ Microsoft-IIS ]
598 Microsoft Internet Information Services (IIS) for Windows
599 Server is a flexible, secure and easy-to-manage Web server
600 for hosting anything on the Web. From media streaming to
601 web application hosting, IIS's scalable and open
602 architecture is ready to handle the most demanding tasks.
603
604 Version : 8.5
605 Website : http://www.iis.net/
606
607[ Script ]
608 This plugin detects instances of script HTML elements and
609 returns the script language/type.
610
611 String : text/javascript
612
613[ UncommonHeaders ]
614 Uncommon HTTP server headers. The blacklist includes all
615 the standard headers and many non standard but common ones.
616 Interesting but fairly common headers should have their own
617 plugins, eg. x-powered-by, server and x-aspnet-version.
618 Info about headers can be found at www.http-stats.com
619
620 String : x-powered-by-plesk (from headers)
621
622[ X-Powered-By ]
623 X-Powered-By HTTP header
624
625 String : ASP.NET (from x-powered-by string)
626
627[ X-UA-Compatible ]
628 This plugin retrieves the X-UA-Compatible value from the
629 HTTP header and meta http-equiv tag. - More Info:
630 http://msdn.microsoft.com/en-us/library/cc817574.aspx
631
632 String : IE=edge
633
634HTTP Headers:
635 HTTP/1.1 200 OK
636 Cache-Control: private
637 Content-Type: text/html; charset=utf-8
638 Content-Encoding: gzip
639 Vary: Accept-Encoding
640 Server: Microsoft-IIS/8.5
641 X-AspNet-Version: 4.0.30319
642 X-Powered-By: ASP.NET
643 X-Powered-By-Plesk: PleskWin
644 Date: Sat, 15 Jun 2019 05:00:38 GMT
645 Connection: close
646 Content-Length: 6805
647#######################################################################################################################################
648DNS Servers for whitenilestate.gov.sd:
649 ns0.ndc.gov.sd
650 ns1.ndc.gov.sd
651
652Trying zone transfer first...
653 Testing ns0.ndc.gov.sd
654
655Whoah, it worked - misconfigured DNS server found:
656whitenilestate.gov.sd. 86400 IN SOA ( ns0.ndc.gov.sd. root.ndc.gov.sd.
657 2017092500 ;serial
658 10800 ;refresh
659 900 ;retry
660 604800 ;expire
661 86400 ;minimum
662 )
663whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
664whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
665whitenilestate.gov.sd. 86400 IN A 62.12.105.3
666whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
667whitenilestate.gov.sd. 86400 IN TXT "v=spf1 mx -all"
668mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
669mail.whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
670mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
671webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
672www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
673
674There isn't much point continuing, you have everything.
675Have a nice day.
676Exiting...
677#######################################################################################################################################
678Domains still to check: 1
679 Checking if the hostname whitenilestate.gov.sd. given is in fact a domain...
680
681Analyzing domain: whitenilestate.gov.sd.
682 Checking NameServers using system default resolver...
683 IP: 62.12.109.2 (Sudan)
684 HostName: ns0.ndc.gov.sd Type: NS
685 IP: 62.12.109.3 (Sudan)
686 HostName: ns1.ndc.gov.sd Type: NS
687
688 Checking MailServers using system default resolver...
689 IP: 62.12.105.3 (Sudan)
690 HostName: mail.whitenilestate.gov.sd Type: MX
691 HostName: f03-web01.nic.gov.sd Type: PTR
692
693 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
694 Zone transfer successful on name server 62.12.109.2 (5 hosts)
695 Zone transfer successful on name server 62.12.109.3 (5 hosts)
696
697 Checking SPF record...
698
699 Checking 5 most common hostnames using system default resolver...
700 IP: 62.12.105.3 (Sudan)
701 HostName: mail.whitenilestate.gov.sd Type: MX
702 HostName: f03-web01.nic.gov.sd Type: PTR
703 HostName: mssql.whitenilestate.gov.sd. Type: A
704 IP: 62.12.105.3 (Sudan)
705 HostName: mail.whitenilestate.gov.sd Type: MX
706 HostName: f03-web01.nic.gov.sd Type: PTR
707 HostName: mssql.whitenilestate.gov.sd. Type: A
708 HostName: mail.whitenilestate.gov.sd. Type: A
709 IP: 62.12.105.3 (Sudan)
710 HostName: mail.whitenilestate.gov.sd Type: MX
711 HostName: f03-web01.nic.gov.sd Type: PTR
712 HostName: mssql.whitenilestate.gov.sd. Type: A
713 HostName: mail.whitenilestate.gov.sd. Type: A
714 HostName: www.whitenilestate.gov.sd. Type: A
715 IP: 62.12.105.3 (Sudan)
716 HostName: mail.whitenilestate.gov.sd Type: MX
717 HostName: f03-web01.nic.gov.sd Type: PTR
718 HostName: mssql.whitenilestate.gov.sd. Type: A
719 HostName: mail.whitenilestate.gov.sd. Type: A
720 HostName: www.whitenilestate.gov.sd. Type: A
721 HostName: webmail.whitenilestate.gov.sd. Type: A
722
723 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
724 Checking netblock 62.12.109.0
725 Checking netblock 62.12.105.0
726
727 Searching for whitenilestate.gov.sd. emails in Google
728
729 Checking 3 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
730 Host 62.12.109.2 is up (reset ttl 64)
731 Host 62.12.109.3 is up (reset ttl 64)
732 Host 62.12.105.3 is up (reset ttl 64)
733
734 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
735 Scanning ip 62.12.109.2 (ns0.ndc.gov.sd):
736 53/tcp open domain syn-ack ttl 45 (unknown banner: you guess!)
737 | dns-nsid:
738 |_ bind.version: you guess!
739 | fingerprint-strings:
740 | DNSVersionBindReqTCP:
741 | version
742 | bind
743 |_ guess!
744 Scanning ip 62.12.109.3 (ns1.ndc.gov.sd):
745 53/tcp open domain syn-ack ttl 46 (unknown banner: you guess!)
746 | dns-nsid:
747 |_ bind.version: you guess!
748 | fingerprint-strings:
749 | DNSVersionBindReqTCP:
750 | version
751 | bind
752 |_ guess!
753 Scanning ip 62.12.105.3 (webmail.whitenilestate.gov.sd.):
754 21/tcp open ftp syn-ack ttl 110 Microsoft ftpd
755 | ftp-syst:
756 |_ SYST: Windows_NT
757 | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
758 | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
759 | Public Key type: rsa
760 | Public Key bits: 2048
761 | Signature Algorithm: sha256WithRSAEncryption
762 | Not valid before: 2016-04-19T09:30:36
763 | Not valid after: 2017-04-19T09:30:36
764 | MD5: 8d45 138f 8b9f f882 90d9 90be 195a f4d0
765 |_SHA-1: 69d9 baa7 b23e 96ac 6090 cc93 d352 5c78 acba 9790
766 80/tcp open http syn-ack ttl 110 Microsoft IIS httpd 8.5
767 |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
768 | http-methods:
769 | Supported Methods: OPTIONS TRACE GET HEAD POST
770 |_ Potentially risky methods: TRACE
771 |_http-server-header: Microsoft-IIS/8.5
772 |_http-title: Domain Default page
773 110/tcp open pop3 syn-ack ttl 110 MailEnable POP3 Server
774 |_pop3-capabilities: USER UIDL TOP
775 143/tcp open imap syn-ack ttl 109 MailEnable imapd
776 |_imap-capabilities: IMAP4 AUTH=LOGIN CAPABILITY IMAP4rev1 CHILDREN IDLE UIDPLUSA0001 completed AUTH=CRAM-MD5 OK
777 443/tcp open https? syn-ack ttl 110
778 8443/tcp open ssl/http syn-ack ttl 110 Microsoft IIS httpd 8.5
779 |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
780 | http-methods:
781 |_ Supported Methods: GET HEAD POST OPTIONS
782 | http-robots.txt: 1 disallowed entry
783 |_/
784 |_http-server-header: Microsoft-IIS/8.5
785 |_http-title: Plesk Onyx 17.8.11
786 | ssl-cert: Subject: commonName=f03-web01.nic.gov.sd
787 | Subject Alternative Name: DNS:f03-web01.nic.gov.sd
788 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
789 | Public Key type: rsa
790 | Public Key bits: 2048
791 | Signature Algorithm: sha256WithRSAEncryption
792 | Not valid before: 2019-05-16T00:30:46
793 | Not valid after: 2019-08-14T00:30:46
794 | MD5: 8a76 d806 383f 0437 1e28 3297 e8bc 357a
795 |_SHA-1: 2d8f b6fa 2b1d d78f 9c4f 7916 a2b0 d7c3 e5c9 5305
796 Device type: general purpose|WAP|router
797 Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (98%), MikroTik RouterOS 6.X (92%)
798 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
799 WebCrawling domain's web servers... up to 50 max links.
800
801 + URL to crawl: http://mail.whitenilestate.gov.sd
802 + Date: 2019-06-15
803
804 + Crawling URL: http://mail.whitenilestate.gov.sd:
805 + Links:
806 + Crawling http://mail.whitenilestate.gov.sd
807 + Searching for directories...
808 - Found: http://mail.whitenilestate.gov.sd/css/
809 - Found: http://mail.whitenilestate.gov.sd/img/
810 + Searching open folders...
811 - http://mail.whitenilestate.gov.sd/css/ (403 Forbidden)
812 - http://mail.whitenilestate.gov.sd/img/ (403 Forbidden)
813
814
815 + URL to crawl: http://webmail.whitenilestate.gov.sd.
816 + Date: 2019-06-15
817
818 + Crawling URL: http://webmail.whitenilestate.gov.sd.:
819 + Links:
820 + Crawling http://webmail.whitenilestate.gov.sd. (400 Bad Request)
821 + Searching for directories...
822 + Searching open folders...
823
824
825 + URL to crawl: http://mssql.whitenilestate.gov.sd.
826 + Date: 2019-06-15
827
828 + Crawling URL: http://mssql.whitenilestate.gov.sd.:
829 + Links:
830 + Crawling http://mssql.whitenilestate.gov.sd. (400 Bad Request)
831 + Searching for directories...
832 + Searching open folders...
833
834
835 + URL to crawl: http://mail.whitenilestate.gov.sd.
836 + Date: 2019-06-15
837
838 + Crawling URL: http://mail.whitenilestate.gov.sd.:
839 + Links:
840 + Crawling http://mail.whitenilestate.gov.sd. (400 Bad Request)
841 + Searching for directories...
842 + Searching open folders...
843
844
845 + URL to crawl: http://www.whitenilestate.gov.sd.
846 + Date: 2019-06-15
847
848 + Crawling URL: http://www.whitenilestate.gov.sd.:
849 + Links:
850 + Crawling http://www.whitenilestate.gov.sd. (400 Bad Request)
851 + Searching for directories...
852 + Searching open folders...
853
854
855 + URL to crawl: https://mail.whitenilestate.gov.sd:8443
856 + Date: 2019-06-15
857
858 + Crawling URL: https://mail.whitenilestate.gov.sd:8443:
859 + Links:
860 + Crawling https://mail.whitenilestate.gov.sd:8443
861 + Searching for directories...
862 + Searching open folders...
863
864
865 + URL to crawl: https://webmail.whitenilestate.gov.sd.:8443
866 + Date: 2019-06-15
867
868 + Crawling URL: https://webmail.whitenilestate.gov.sd.:8443:
869 + Links:
870 + Crawling https://webmail.whitenilestate.gov.sd.:8443 ([Errno 104] Connection reset by peer)
871 + Searching for directories...
872 + Searching open folders...
873
874
875 + URL to crawl: https://mssql.whitenilestate.gov.sd.:8443
876 + Date: 2019-06-15
877
878 + Crawling URL: https://mssql.whitenilestate.gov.sd.:8443:
879 + Links:
880 + Crawling https://mssql.whitenilestate.gov.sd.:8443 ([Errno 104] Connection reset by peer)
881 + Searching for directories...
882 + Searching open folders...
883
884
885 + URL to crawl: https://mail.whitenilestate.gov.sd.:8443
886 + Date: 2019-06-15
887
888 + Crawling URL: https://mail.whitenilestate.gov.sd.:8443:
889 + Links:
890 + Crawling https://mail.whitenilestate.gov.sd.:8443 ([Errno 104] Connection reset by peer)
891 + Searching for directories...
892 + Searching open folders...
893
894
895 + URL to crawl: https://www.whitenilestate.gov.sd.:8443
896 + Date: 2019-06-15
897
898 + Crawling URL: https://www.whitenilestate.gov.sd.:8443:
899 + Links:
900 + Crawling https://www.whitenilestate.gov.sd.:8443 ([Errno 104] Connection reset by peer)
901 + Searching for directories...
902 + Searching open folders...
903
904--Finished--
905Summary information for domain whitenilestate.gov.sd.
906---------------------------------------------------------------------------------------------------------------------------------------
907
908 Domain Ips Information:
909 IP: 62.12.109.2
910 HostName: ns0.ndc.gov.sd Type: NS
911 Country: Sudan
912 Zone Transfer: 5
913 Is Active: True (reset ttl 64)
914 Port: 53/tcp open domain syn-ack ttl 45 (unknown banner: you guess!)
915 Script Info: | dns-nsid:
916 Script Info: |_ bind.version: you guess!
917 Script Info: | fingerprint-strings:
918 Script Info: | DNSVersionBindReqTCP:
919 Script Info: | version
920 Script Info: | bind
921 Script Info: |_ guess!
922 IP: 62.12.109.3
923 HostName: ns1.ndc.gov.sd Type: NS
924 Country: Sudan
925 Zone Transfer: 5
926 Is Active: True (reset ttl 64)
927 Port: 53/tcp open domain syn-ack ttl 46 (unknown banner: you guess!)
928 Script Info: | dns-nsid:
929 Script Info: |_ bind.version: you guess!
930 Script Info: | fingerprint-strings:
931 Script Info: | DNSVersionBindReqTCP:
932 Script Info: | version
933 Script Info: | bind
934 Script Info: |_ guess!
935 IP: 62.12.105.3
936 HostName: mail.whitenilestate.gov.sd Type: MX
937 HostName: f03-web01.nic.gov.sd Type: PTR
938 HostName: mssql.whitenilestate.gov.sd. Type: A
939 HostName: mail.whitenilestate.gov.sd. Type: A
940 HostName: www.whitenilestate.gov.sd. Type: A
941 HostName: webmail.whitenilestate.gov.sd. Type: A
942 Country: Sudan
943 Is Active: True (reset ttl 64)
944 Port: 21/tcp open ftp syn-ack ttl 110 Microsoft ftpd
945 Script Info: | ftp-syst:
946 Script Info: |_ SYST: Windows_NT
947 Script Info: | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
948 Script Info: | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
949 Script Info: | Public Key type: rsa
950 Script Info: | Public Key bits: 2048
951 Script Info: | Signature Algorithm: sha256WithRSAEncryption
952 Script Info: | Not valid before: 2016-04-19T09:30:36
953 Script Info: | Not valid after: 2017-04-19T09:30:36
954 Script Info: | MD5: 8d45 138f 8b9f f882 90d9 90be 195a f4d0
955 Script Info: |_SHA-1: 69d9 baa7 b23e 96ac 6090 cc93 d352 5c78 acba 9790
956 Port: 80/tcp open http syn-ack ttl 110 Microsoft IIS httpd 8.5
957 Script Info: |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
958 Script Info: | http-methods:
959 Script Info: | Supported Methods: OPTIONS TRACE GET HEAD POST
960 Script Info: |_ Potentially risky methods: TRACE
961 Script Info: |_http-server-header: Microsoft-IIS/8.5
962 Script Info: |_http-title: Domain Default page
963 Port: 110/tcp open pop3 syn-ack ttl 110 MailEnable POP3 Server
964 Script Info: |_pop3-capabilities: USER UIDL TOP
965 Port: 143/tcp open imap syn-ack ttl 109 MailEnable imapd
966 Script Info: |_imap-capabilities: IMAP4 AUTH=LOGIN CAPABILITY IMAP4rev1 CHILDREN IDLE UIDPLUSA0001 completed AUTH=CRAM-MD5 OK
967 Port: 443/tcp open https? syn-ack ttl 110
968 Port: 8443/tcp open ssl/http syn-ack ttl 110 Microsoft IIS httpd 8.5
969 Script Info: |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
970 Script Info: | http-methods:
971 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
972 Script Info: | http-robots.txt: 1 disallowed entry
973 Script Info: |_/
974 Script Info: |_http-server-header: Microsoft-IIS/8.5
975 Script Info: |_http-title: Plesk Onyx 17.8.11
976 Script Info: | ssl-cert: Subject: commonName=f03-web01.nic.gov.sd
977 Script Info: | Subject Alternative Name: DNS:f03-web01.nic.gov.sd
978 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
979 Script Info: | Public Key type: rsa
980 Script Info: | Public Key bits: 2048
981 Script Info: | Signature Algorithm: sha256WithRSAEncryption
982 Script Info: | Not valid before: 2019-05-16T00:30:46
983 Script Info: | Not valid after: 2019-08-14T00:30:46
984 Script Info: | MD5: 8a76 d806 383f 0437 1e28 3297 e8bc 357a
985 Script Info: |_SHA-1: 2d8f b6fa 2b1d d78f 9c4f 7916 a2b0 d7c3 e5c9 5305
986 Script Info: Device type: general purpose|WAP|router
987 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (98%), MikroTik RouterOS 6.X (92%)
988 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
989#######################################################################################################################################
990adding 62.12.105.3/32 mode `TCPscan' ports `7,9,11,13,18,19,21-23,25,37,39,42,49,50,53,65,67-70,79-81,88,98,100,105-107,109-111,113,118,119,123,129,135,137-139,143,150,161-164,174,177-179,191,199-202,204,206,209,210,213,220,345,346,347,369-372,389,406,407,422,443-445,487,500,512-514,517,518,520,525,533,538,548,554,563,587,610-612,631-634,636,642,653,655,657,666,706,750-752,765,779,808,873,901,923,941,946,992-995,1001,1023-1030,1080,1210,1214,1234,1241,1334,1349,1352,1423-1425,1433,1434,1524,1525,1645,1646,1649,1701,1718,1719,1720,1723,1755,1812,1813,2048-2050,2101-2104,2140,2150,2233,2323,2345,2401,2430,2431,2432,2433,2583,2628,2776,2777,2988,2989,3050,3130,3150,3232,3306,3389,3456,3493,3542-3545,3632,3690,3801,4000,4400,4321,4567,4899,5002,5136-5139,5150,5151,5222,5269,5308,5354,5355,5422-5425,5432,5503,5555,5556,5678,6000-6007,6346,6347,6543,6544,6789,6838,6666-6670,7000-7009,7028,7100,7983,8079-8082,8088,8787,8879,9090,9101-9103,9325,9359,10000,10026,10027,10067,10080,10081,10167,10498,11201,15345,17001-17003,18753,20011,20012,21554,22273,26274,27374,27444,27573,31335-31338,31787,31789,31790,31791,32668,32767-32780,33390,47262,49301,54320,54321,57341,58008,58009,58666,59211,60000,60006,61000,61348,61466,61603,63485,63808,63809,64429,65000,65506,65530-65535' pps 300
991using interface(s) eth0
992added module payload for port 80 proto 6
993added module payload for port 518 proto 17
994added module payload for port 1900 proto 17
995added module payload for port 5060 proto 17
996added module payload for port 80 proto 6
997added module payload for port 53 proto 17
998scaning 1.00e+00 total hosts with 3.38e+02 total packets, should take a little longer than 8 Seconds
999drone type Unknown on fd 4 is version 1.1
1000drone type Unknown on fd 3 is version 1.1
1001added module payload for port 80 proto 6
1002added module payload for port 518 proto 17
1003added module payload for port 1900 proto 17
1004added module payload for port 5060 proto 17
1005added module payload for port 80 proto 6
1006added module payload for port 53 proto 17
1007scan iteration 1 out of 1
1008using pcap filter: `dst 192.168.0.52 and ! src 192.168.0.52 and (tcp)'
1009using TSC delay
1010sender statistics 300.5 pps with 338 packets sent total
1011listener statistics 0 packets recieved 0 packets droped and 0 interface drops
1012#######################################################################################################################################
1013dnsenum VERSION:1.2.4
1014
1015----- whitenilestate.gov.sd -----
1016
1017
1018Host's addresses:
1019__________________
1020
1021whitenilestate.gov.sd. 83652 IN A 62.12.105.3
1022
1023
1024Name Servers:
1025______________
1026
1027ns0.ndc.gov.sd. 11978 IN A 62.12.109.2
1028ns1.ndc.gov.sd. 11673 IN A 62.12.109.3
1029
1030
1031Mail (MX) Servers:
1032___________________
1033
1034mail.whitenilestate.gov.sd. 83984 IN A 62.12.105.3
1035
1036
1037Trying Zone Transfers and getting Bind Versions:
1038_________________________________________________
1039
1040
1041Trying Zone Transfer for whitenilestate.gov.sd on ns0.ndc.gov.sd ...
1042whitenilestate.gov.sd. 86400 IN SOA (
1043whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
1044whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
1045whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1046whitenilestate.gov.sd. 86400 IN MX 10
1047whitenilestate.gov.sd. 86400 IN TXT "v=spf1
1048mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1049mail.whitenilestate.gov.sd. 86400 IN MX 10
1050mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1051webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
1052www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1053
1054Trying Zone Transfer for whitenilestate.gov.sd on ns1.ndc.gov.sd ...
1055whitenilestate.gov.sd. 86400 IN SOA (
1056whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
1057whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
1058whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1059whitenilestate.gov.sd. 86400 IN MX 10
1060whitenilestate.gov.sd. 86400 IN TXT "v=spf1
1061mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1062mail.whitenilestate.gov.sd. 86400 IN MX 10
1063mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1064webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
1065www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1066
1067brute force file not specified, bay.
1068#######################################################################################################################################
1069===============================================
1070-=Subfinder v1.1.3 github.com/subfinder/subfinder
1071===============================================
1072
1073
1074Running Source: Ask
1075Running Source: Archive.is
1076Running Source: Baidu
1077Running Source: Bing
1078Running Source: CertDB
1079Running Source: CertificateTransparency
1080Running Source: Certspotter
1081Running Source: Commoncrawl
1082Running Source: Crt.sh
1083Running Source: Dnsdb
1084Running Source: DNSDumpster
1085Running Source: DNSTable
1086Running Source: Dogpile
1087Running Source: Exalead
1088Running Source: Findsubdomains
1089Running Source: Googleter
1090Running Source: Hackertarget
1091Running Source: Ipv4Info
1092Running Source: PTRArchive
1093Running Source: Sitedossier
1094Running Source: Threatcrowd
1095Running Source: ThreatMiner
1096Running Source: WaybackArchive
1097Running Source: Yahoo
1098
1099Running enumeration on whitenilestate.gov.sd
1100
1101dnsdb: Unexpected return status 503
1102
1103waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.whitenilestate.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
1104
1105dogpile: Get https://www.dogpile.com/search/web?q=whitenilestate.gov.sd&qsi=1: EOF
1106
1107
1108Starting Bruteforcing of whitenilestate.gov.sd with 9985 words
1109
1110Total 8 Unique subdomains found for whitenilestate.gov.sd
1111
1112.whitenilestate.gov.sd
1113mail.whitenilestate.gov.sd
1114mail.whitenilestate.gov.sd
1115mssql.whitenilestate.gov.sd
1116webmail.whitenilestate.gov.sd
1117webmail.whitenilestate.gov.sd
1118www.whitenilestate.gov.sd
1119www.whitenilestate.gov.sd
1120#######################################################################################################################################
1121[*] Processing domain whitenilestate.gov.sd
1122[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
1123[+] Getting nameservers
112462.12.109.2 - ns0.ndc.gov.sd
1125[+] Zone transfer sucessful using nameserver ns0.ndc.gov.sd
1126whitenilestate.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2017092500 10800 900 604800 86400
1127whitenilestate.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
1128whitenilestate.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
1129whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1130whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
1131whitenilestate.gov.sd. 86400 IN TXT "v=spf1 mx -all"
1132mail.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1133mail.whitenilestate.gov.sd. 86400 IN MX 10 mail.whitenilestate.gov.sd.
1134mssql.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1135webmail.whitenilestate.gov.sd. 86400 IN CNAME mail.whitenilestate.gov.sd.
1136www.whitenilestate.gov.sd. 86400 IN A 62.12.105.3
1137#######################################################################################################################################
1138[*] Found SPF record:
1139[*] v=spf1 mx -all
1140[*] SPF record contains an All item: -all
1141[*] No DMARC record found. Looking for organizational record
1142[+] No organizational DMARC record
1143[+] Spoofing possible for whitenilestate.gov.sd!
1144#######################################################################################################################################
1145dig: '.whitenilestate.gov.sd' is not a legal name (empty label)
1146
1147SubOver v.1.2 Nizamul Rana (@Ice3man)
1148==================================================
1149
1150
1151[~] Enjoy your hunt !
1152[Not Vulnerable] 77.72.0.146
1153[Not Vulnerable] 147.237.77.18
1154[Not Vulnerable] domain
1155[Not Vulnerable] IN
1156[Not Vulnerable] 62.12.105.4
1157[Not Vulnerable] 62.12.105.3
1158[Not Vulnerable] .whitenilestate.gov.sd
1159[Not Vulnerable] mail.whitenilestate.gov.sd
1160[Not Vulnerable] 52.64.99.208
1161[Not Vulnerable] www.sviva.gov.il
1162[Not Vulnerable] www.whitenilestate.gov.sd
1163[Not Vulnerable] sennarstate.gov.sd
1164[Not Vulnerable] www.cbs.gov.ws
1165[Not Vulnerable] webmail.whitenilestate.gov.sd
1166[Not Vulnerable] mssql.whitenilestate.gov.sd
1167[Not Vulnerable] whitenilestate.gov.sd
1168[Not Vulnerable] ombudsman.gov.sd
1169#######################################################################################################################################
117062.12.96.0/20
117162.12.96.0/24
117262.12.97.0/24
117362.12.98.0/24
117462.12.99.0/24
117562.12.100.0/24
117662.12.101.0/24
117762.12.102.0/23
117862.12.104.0/24
117962.12.105.0/24
118062.12.106.0/24
118162.12.107.0/24
118262.12.108.0/24
118362.12.109.0/24
118462.12.110.0/24
118562.12.111.0/24
1186#######################################################################################################################################
1187Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:14 EDT
1188Nmap scan report for whitenilestate.gov.sd (62.12.105.3)
1189Host is up (0.22s latency).
1190rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
1191Not shown: 464 filtered ports, 6 closed ports
1192Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1193PORT STATE SERVICE
119421/tcp open ftp
119580/tcp open http
1196110/tcp open pop3
1197143/tcp open imap
1198443/tcp open https
11998443/tcp open https-alt
1200
1201Nmap done: 1 IP address (1 host up) scanned in 7.14 seconds
1202#######################################################################################################################################
1203Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:14 EDT
1204Nmap scan report for whitenilestate.gov.sd (62.12.105.3)
1205Host is up (0.11s latency).
1206rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
1207Not shown: 2 filtered ports
1208PORT STATE SERVICE
120953/udp open|filtered domain
121067/udp open|filtered dhcps
121168/udp open|filtered dhcpc
121269/udp open|filtered tftp
121388/udp open|filtered kerberos-sec
1214123/udp open|filtered ntp
1215139/udp open|filtered netbios-ssn
1216161/udp open|filtered snmp
1217162/udp open|filtered snmptrap
1218389/udp open|filtered ldap
1219520/udp open|filtered route
12202049/udp open|filtered nfs
1221
1222Nmap done: 1 IP address (1 host up) scanned in 2.27 seconds
1223#######################################################################################################################################
1224Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:14 EDT
1225Nmap scan report for whitenilestate.gov.sd (62.12.105.3)
1226Host is up (0.25s latency).
1227rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
1228
1229PORT STATE SERVICE VERSION
123021/tcp open ftp Microsoft ftpd
1231| ftp-brute:
1232| Accounts: No valid accounts found
1233|_ Statistics: Performed 3030 guesses in 180 seconds, average tps: 16.5
1234| ftp-syst:
1235|_ SYST: Windows_NT
1236Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1237Device type: phone
1238Running: Nokia Symbian OS
1239OS CPE: cpe:/o:nokia:symbian_os
1240OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1241Network Distance: 14 hops
1242Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1243
1244TRACEROUTE (using port 21/tcp)
1245HOP RTT ADDRESS
12461 111.89 ms 10.242.200.1
12472 112.18 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
12483 106.98 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
12494 107.56 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
12505 112.84 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
12516 114.41 ms 80.77.2.193
12527 283.52 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
12538 126.50 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
12549 283.00 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
125510 221.83 ms 80.77.2.42
125611 234.18 ms 196.29.177.113
125712 244.37 ms 197.254.196.62
125813 ...
125914 247.86 ms f03-web01.nic.gov.sd (62.12.105.3)
1260#######################################################################################################################################
1261wig - WebApp Information Gatherer
1262
1263
1264Scanning http://whitenilestate.gov.sd...
1265______________________ SITE INFO _______________________
1266IP Title
126762.12.105.3 ولاية النيل الابيض
1268
1269_______________________ VERSION ________________________
1270Name Versions Type
1271ASP.NET 4.0.30319 Platform
1272IIS 8.5 Platform
1273Microsoft Windows Server 2012 R2 OS
1274
1275________________________________________________________
1276Time: 59.6 sec Urls: 639 Fingerprints: 40401
1277#######################################################################################################################################
1278HTTP/1.1 200 OK
1279Cache-Control: private
1280Content-Length: 31905
1281Content-Type: text/html; charset=utf-8
1282Server: Microsoft-IIS/8.5
1283X-AspNet-Version: 4.0.30319
1284X-Powered-By: ASP.NET
1285X-Powered-By-Plesk: PleskWin
1286Date: Sat, 15 Jun 2019 05:20:21 GMT
1287
1288HTTP/1.1 200 OK
1289Cache-Control: private
1290Content-Length: 31905
1291Content-Type: text/html; charset=utf-8
1292Server: Microsoft-IIS/8.5
1293X-AspNet-Version: 4.0.30319
1294X-Powered-By: ASP.NET
1295X-Powered-By-Plesk: PleskWin
1296Date: Sat, 15 Jun 2019 05:20:22 GMT
1297
1298Allow: OPTIONS, TRACE, GET, HEAD, POST
1299#######################################################################################################################################
1300 Bootstrap
1301 Microsoft ASP.NET 4.0.30319
1302 jQuery 1.10.2
1303 Google Font API
1304 jQuery Sparklines
1305 IIS 8.5
1306 Plesk
1307#######################################################################################################################################
1308tee: /usr/share/sniper/loot//output/nmap-whitenilestate.gov.sd-port110.txt: Aucun fichier ou dossier de ce type
1309Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:20 EDT
1310Nmap scan report for whitenilestate.gov.sd (62.12.105.3)
1311Host is up (0.22s latency).
1312rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
1313
1314PORT STATE SERVICE VERSION
1315110/tcp open pop3 MailEnable POP3 Server
1316| pop3-brute:
1317| Accounts: No valid accounts found
1318| Statistics: Performed 25 guesses in 2 seconds, average tps: 12.5
1319|_ ERROR: Failed to make a pop-connection.
1320|_pop3-capabilities: UIDL USER TOP
1321Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1322Device type: phone
1323Running: Nokia Symbian OS
1324OS CPE: cpe:/o:nokia:symbian_os
1325OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1326Network Distance: 14 hops
1327Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1328
1329TRACEROUTE (using port 443/tcp)
1330HOP RTT ADDRESS
13311 113.58 ms 10.242.200.1
13322 113.87 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
13333 113.66 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
13344 113.65 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
13355 119.78 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
13366 121.15 ms 80.77.2.193
13377 290.24 ms xe-9-1-0.0.pjr04.ldn004.flagtel.com (85.95.27.197)
13388 132.97 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
13399 289.73 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
134010 228.68 ms 80.77.2.42
134111 240.56 ms 196.29.177.113
134212 250.68 ms 197.254.196.62
134313 ...
134414 254.07 ms f03-web01.nic.gov.sd (62.12.105.3)
1345#######################################################################################################################################
1346Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 00:53 EDT
1347Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1348Host is up (0.22s latency).
1349Not shown: 464 filtered ports, 6 closed ports
1350Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1351PORT STATE SERVICE
135221/tcp open ftp
135380/tcp open http
1354110/tcp open pop3
1355143/tcp open imap
1356443/tcp open https
13578443/tcp open https-alt
1358
1359Nmap done: 1 IP address (1 host up) scanned in 6.83 seconds
1360#######################################################################################################################################
1361Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 00:53 EDT
1362Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1363Host is up (0.11s latency).
1364Not shown: 2 filtered ports
1365PORT STATE SERVICE
136653/udp open|filtered domain
136767/udp open|filtered dhcps
136868/udp open|filtered dhcpc
136969/udp open|filtered tftp
137088/udp open|filtered kerberos-sec
1371123/udp open|filtered ntp
1372139/udp open|filtered netbios-ssn
1373161/udp open|filtered snmp
1374162/udp open|filtered snmptrap
1375389/udp open|filtered ldap
1376520/udp open|filtered route
13772049/udp open|filtered nfs
1378
1379Nmap done: 1 IP address (1 host up) scanned in 3.00 seconds
1380#######################################################################################################################################
1381Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 00:53 EDT
1382Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1383Host is up (0.25s latency).
1384
1385PORT STATE SERVICE VERSION
138621/tcp open ftp Microsoft ftpd
1387| ftp-brute:
1388| Accounts: No valid accounts found
1389|_ Statistics: Performed 3029 guesses in 180 seconds, average tps: 16.4
1390| ftp-syst:
1391|_ SYST: Windows_NT
1392Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1393Device type: phone
1394Running: Nokia Symbian OS
1395OS CPE: cpe:/o:nokia:symbian_os
1396OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1397Network Distance: 14 hops
1398Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1399
1400TRACEROUTE (using port 21/tcp)
1401HOP RTT ADDRESS
14021 108.01 ms 10.242.200.1
14032 108.26 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
14043 108.08 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
14054 108.08 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
14065 114.07 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
14076 115.67 ms 80.77.2.193
14087 285.51 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
14098 127.43 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
14109 284.61 ms xe-11-1-1.0.pjr04.dxb001.flagtel.com (85.95.25.162)
141110 223.01 ms 80.77.2.42
141211 235.68 ms 196.29.177.113
141312 245.64 ms 197.254.196.62
141413 ...
141514 249.41 ms f03-web01.nic.gov.sd (62.12.105.3)
1416#######################################################################################################################################
1417Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 00:57 EDT
1418Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1419Host is up.
1420
1421PORT STATE SERVICE VERSION
142267/udp open|filtered dhcps
1423|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
1424Too many fingerprints match this host to give specific OS details
1425
1426TRACEROUTE (using proto 1/icmp)
1427HOP RTT ADDRESS
14281 113.61 ms 10.242.200.1
14292 114.22 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
14303 113.85 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
14314 114.29 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
14325 119.67 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
14336 121.25 ms 80.77.2.193
14347 283.57 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
14358 126.93 ms xe-8-0-0.0.cjr04.prs001.flagtel.com (85.95.25.182)
14369 283.44 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
143710 222.38 ms 80.77.2.42
143811 237.63 ms 196.29.177.113
143912 247.53 ms 197.254.196.62
144013 ... 30
1441#######################################################################################################################################
1442Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 00:59 EDT
1443Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1444Host is up.
1445
1446PORT STATE SERVICE VERSION
144768/udp open|filtered dhcpc
1448Too many fingerprints match this host to give specific OS details
1449
1450TRACEROUTE (using proto 1/icmp)
1451HOP RTT ADDRESS
14521 113.28 ms 10.242.200.1
14532 113.48 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
14543 113.48 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
14554 113.47 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
14565 119.11 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
14576 120.72 ms 80.77.2.193
14587 289.17 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
14598 126.85 ms xe-8-0-0.0.cjr04.prs001.flagtel.com (85.95.25.182)
14609 282.98 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
146110 221.99 ms 80.77.2.42
146211 237.56 ms 196.29.177.113
146312 247.59 ms 197.254.196.62
146413 ... 30
1465#######################################################################################################################################
1466Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:01 EDT
1467Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1468Host is up.
1469
1470PORT STATE SERVICE VERSION
147169/udp open|filtered tftp
1472Too many fingerprints match this host to give specific OS details
1473
1474TRACEROUTE (using proto 1/icmp)
1475HOP RTT ADDRESS
14761 113.00 ms 10.242.200.1
14772 113.78 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
14783 113.39 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
14794 197.62 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
14805 119.18 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
14816 120.62 ms 80.77.2.193
14827 289.47 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
14838 132.54 ms xe-8-0-0.0.cjr04.prs001.flagtel.com (85.95.25.182)
14849 282.59 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
148510 221.54 ms 80.77.2.42
148611 234.04 ms 196.29.177.113
148712 250.41 ms 197.254.196.62
148813 ... 30
1489#######################################################################################################################################
1490wig - WebApp Information Gatherer
1491
1492
1493Scanning http://62.12.105.3...
1494______________________ SITE INFO _______________________
1495IP Title
149662.12.105.3 Domain Default page
1497
1498_______________________ VERSION ________________________
1499Name Versions Type
1500ASP.NET 4.0.30319 Platform
1501IIS 8.5 Platform
1502Microsoft Windows Server 2012 R2 OS
1503
1504________________________________________________________
1505Time: 1.1 sec Urls: 601 Fingerprints: 40401
1506#######################################################################################################################################
1507HTTP/1.1 200 OK
1508Content-Length: 3815
1509Content-Type: text/html
1510Last-Modified: Sun, 24 Apr 2016 21:37:41 GMT
1511Accept-Ranges: bytes
1512ETag: "f1eb6487719ed11:0"
1513Server: Microsoft-IIS/8.5
1514X-Powered-By: ASP.NET
1515Date: Sat, 15 Jun 2019 05:03:49 GMT
1516
1517HTTP/1.1 200 OK
1518Content-Length: 3815
1519Content-Type: text/html
1520Last-Modified: Sun, 24 Apr 2016 21:37:41 GMT
1521Accept-Ranges: bytes
1522ETag: "f1eb6487719ed11:0"
1523Server: Microsoft-IIS/8.5
1524X-Powered-By: ASP.NET
1525Date: Sat, 15 Jun 2019 05:03:50 GMT
1526
1527Allow: OPTIONS, TRACE, GET, HEAD, POST
1528#######################################################################################################################################
1529Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:03 EDT
1530Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1531Host is up (0.25s latency).
1532
1533PORT STATE SERVICE VERSION
1534110/tcp open pop3 MailEnable POP3 Server
1535| pop3-brute:
1536| Accounts: No valid accounts found
1537| Statistics: Performed 45 guesses in 3 seconds, average tps: 15.0
1538|_ ERROR: Failed to make a pop-connection.
1539|_pop3-capabilities: TOP USER UIDL
1540Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1541Device type: phone
1542Running: Nokia Symbian OS
1543OS CPE: cpe:/o:nokia:symbian_os
1544OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1545Network Distance: 14 hops
1546Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1547
1548TRACEROUTE (using port 443/tcp)
1549HOP RTT ADDRESS
15501 111.59 ms 10.242.200.1
15512 106.82 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
15523 106.66 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
15534 135.98 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
15545 112.67 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
15556 114.47 ms 80.77.2.193
15567 282.84 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
15578 125.75 ms xe-8-2-2.0.cjr04.prs001.flagtel.com (85.95.27.69)
15589 282.90 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
155910 221.60 ms 80.77.2.42
156011 234.25 ms 196.29.177.113
156112 245.03 ms 197.254.196.62
156213 ...
156314 250.06 ms f03-web01.nic.gov.sd (62.12.105.3)
1564#######################################################################################################################################
1565Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:04 EDT
1566Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1567Host is up.
1568
1569PORT STATE SERVICE VERSION
1570123/udp open|filtered ntp
1571Too many fingerprints match this host to give specific OS details
1572
1573TRACEROUTE (using proto 1/icmp)
1574HOP RTT ADDRESS
15751 113.97 ms 10.242.200.1
15762 116.35 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
15773 114.38 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
15784 114.99 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
15795 120.17 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
15806 121.63 ms 80.77.2.193
15817 290.41 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
15828 134.39 ms xe-8-0-0.0.cjr04.prs001.flagtel.com (85.95.25.182)
15839 283.67 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
158410 222.65 ms 80.77.2.42
158511 233.64 ms 196.29.177.113
158612 243.60 ms 197.254.196.62
158713 ... 30
1588#######################################################################################################################################
1589Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:08 EDT
1590NSE: Loaded 148 scripts for scanning.
1591NSE: Script Pre-scanning.
1592NSE: Starting runlevel 1 (of 2) scan.
1593Initiating NSE at 01:08
1594Completed NSE at 01:08, 0.00s elapsed
1595NSE: Starting runlevel 2 (of 2) scan.
1596Initiating NSE at 01:08
1597Completed NSE at 01:08, 0.00s elapsed
1598Initiating Ping Scan at 01:08
1599Scanning 62.12.105.3 [4 ports]
1600Completed Ping Scan at 01:08, 0.30s elapsed (1 total hosts)
1601Initiating Parallel DNS resolution of 1 host. at 01:08
1602Completed Parallel DNS resolution of 1 host. at 01:08, 0.02s elapsed
1603Initiating Connect Scan at 01:08
1604Scanning f03-web01.nic.gov.sd (62.12.105.3) [65535 ports]
1605Discovered open port 443/tcp on 62.12.105.3
1606Discovered open port 143/tcp on 62.12.105.3
1607Discovered open port 80/tcp on 62.12.105.3
1608Discovered open port 21/tcp on 62.12.105.3
1609Discovered open port 110/tcp on 62.12.105.3
1610Connect Scan Timing: About 2.43% done; ETC: 01:29 (0:20:43 remaining)
1611Connect Scan Timing: About 9.14% done; ETC: 01:19 (0:10:07 remaining)
1612Connect Scan Timing: About 18.61% done; ETC: 01:16 (0:06:38 remaining)
1613Connect Scan Timing: About 30.08% done; ETC: 01:15 (0:04:41 remaining)
1614Connect Scan Timing: About 42.66% done; ETC: 01:14 (0:03:23 remaining)
1615Connect Scan Timing: About 56.80% done; ETC: 01:13 (0:02:18 remaining)
1616Discovered open port 8443/tcp on 62.12.105.3
1617Connect Scan Timing: About 72.63% done; ETC: 01:13 (0:01:20 remaining)
1618Completed Connect Scan at 01:12, 266.98s elapsed (65535 total ports)
1619Initiating Service scan at 01:13
1620Scanning 6 services on f03-web01.nic.gov.sd (62.12.105.3)
1621Completed Service scan at 01:13, 25.64s elapsed (6 services on 1 host)
1622Initiating OS detection (try #1) against f03-web01.nic.gov.sd (62.12.105.3)
1623Retrying OS detection (try #2) against f03-web01.nic.gov.sd (62.12.105.3)
1624Initiating Traceroute at 01:13
1625Completed Traceroute at 01:13, 6.34s elapsed
1626Initiating Parallel DNS resolution of 12 hosts. at 01:13
1627Completed Parallel DNS resolution of 12 hosts. at 01:13, 0.19s elapsed
1628NSE: Script scanning 62.12.105.3.
1629NSE: Starting runlevel 1 (of 2) scan.
1630Initiating NSE at 01:13
1631NSE Timing: About 99.15% done; ETC: 01:14 (0:00:00 remaining)
1632NSE Timing: About 99.51% done; ETC: 01:14 (0:00:00 remaining)
1633NSE Timing: About 99.88% done; ETC: 01:15 (0:00:00 remaining)
1634Completed NSE at 01:15, 94.10s elapsed
1635NSE: Starting runlevel 2 (of 2) scan.
1636Initiating NSE at 01:15
1637Completed NSE at 01:15, 0.50s elapsed
1638Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1639Host is up, received syn-ack ttl 110 (0.25s latency).
1640Scanned at 2019-06-15 01:08:32 EDT for 401s
1641Not shown: 65520 filtered ports
1642Reason: 65519 no-responses and 1 host-unreach
1643PORT STATE SERVICE REASON VERSION
164420/tcp closed ftp-data conn-refused
164521/tcp open ftp syn-ack Microsoft ftpd
1646| ftp-syst:
1647|_ SYST: Windows_NT
1648| ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
1649| Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/emailAddress=info@plesk.com/localityName=Seattle/organizationalUnitName=Plesk
1650| Public Key type: rsa
1651| Public Key bits: 2048
1652| Signature Algorithm: sha256WithRSAEncryption
1653| Not valid before: 2016-04-19T09:30:36
1654| Not valid after: 2017-04-19T09:30:36
1655| MD5: 8d45 138f 8b9f f882 90d9 90be 195a f4d0
1656| SHA-1: 69d9 baa7 b23e 96ac 6090 cc93 d352 5c78 acba 9790
1657| -----BEGIN CERTIFICATE-----
1658| MIIEajCCA1KgAwIBAgIEBNin+DANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMC
1659| VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxDTALBgNV
1660| BAoTBE9kaW4xDjAMBgNVBAsTBVBsZXNrMQ4wDAYDVQQDEwVQbGVzazEdMBsGCSqG
1661| SIb3DQEJARYOaW5mb0BwbGVzay5jb20wHhcNMTYwNDE5MDkzMDM2WhcNMTcwNDE5
1662| MDkzMDM2WjCBgjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO
1663| BgNVBAcTB1NlYXR0bGUxDTALBgNVBAoTBE9kaW4xDjAMBgNVBAsTBVBsZXNrMQ4w
1664| DAYDVQQDEwVQbGVzazEdMBsGCSqGSIb3DQEJARYOaW5mb0BwbGVzay5jb20wggEi
1665| MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSBgk7uIcz0ea9fN1QDp3Pl19b
1666| rjqqnl3b7UIxbZaPhoraBvBknLJ0hEzOitQmKsxIsGKPLjxSb6WMmiE+YRH0kvOU
1667| oXWa/yjRx3rG6Z+Wd6U7r7IIbWdBMGgbTQ2OdzmrKXVqoaXM2crH9cPDhWJgkVu9
1668| Q6zuUiMjo7cwFR1X/vAVPW1C4l5HQcW3oGC14ll5jC15IbB04YusglQVfD/8u246
1669| nMRgToyj+gxMvsifYG9h53OT0qJz/MFk4PvtG2MAy8ipR10VMtOUrMqzaZ1ntjex
1670| sqog2cNgT6LLRMi870OCRaT/cVYCjNlhcQIE2Tpyf9MYKK0myMokTBXs+WNHAgMB
1671| AAGjgeUwgeIwHQYDVR0OBBYEFKXkfR1gs1JC6WRjoLsdij8g/DVYMIGyBgNVHSME
1672| gaowgaeAFKXkfR1gs1JC6WRjoLsdij8g/DVYoYGIpIGFMIGCMQswCQYDVQQGEwJV
1673| UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTENMAsGA1UE
1674| ChMET2RpbjEOMAwGA1UECxMFUGxlc2sxDjAMBgNVBAMTBVBsZXNrMR0wGwYJKoZI
1675| hvcNAQkBFg5pbmZvQHBsZXNrLmNvbYIEBNin+DAMBgNVHRMEBTADAQH/MA0GCSqG
1676| SIb3DQEBCwUAA4IBAQARU5/ZcbkEx+CNZjqAY2r5h5m2Bq5kt0CY+j6uH05oreL9
1677| 5gKbBctsDTehfCw5+VpFpv4lCogQ9QJlQ8A3VQXV4kjueRIMvrShPbh7vZ1LcQNR
1678| PXDUyNZpbItE29/rJe4qvgFWMd73yw18H871kwLtddx0XfOv2tgO5fzLr9BT5hzq
1679| E9upUN40ATHb/bDcAVLsUTOmYM9idZ4AS/oj0oCeBR9eqcw3IHNneIO3Qk2EA2UO
1680| U93iDngn3tuYqUFlLZSjcVfWIWvY7cDMfqGEdanpz42V5nFqUQ76sWvYb8iF73uy
1681| uxIFo3Edw+sf2D1fyEpbDQZNsNiNSyUUHUq3qagk
1682|_-----END CERTIFICATE-----
168325/tcp closed smtp conn-refused
168480/tcp open http syn-ack Microsoft IIS httpd 8.5
1685|_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1686| http-methods:
1687| Supported Methods: OPTIONS TRACE GET HEAD POST
1688|_ Potentially risky methods: TRACE
1689|_http-server-header: Microsoft-IIS/8.5
1690|_http-title: Domain Default page
1691110/tcp open pop3 syn-ack MailEnable POP3 Server
1692|_pop3-capabilities: TOP USER UIDL
1693113/tcp closed ident conn-refused
1694139/tcp closed netbios-ssn conn-refused
1695143/tcp open imap syn-ack MailEnable imapd
1696|_imap-capabilities: CAPABILITY AUTH=CRAM-MD5 IMAP4rev1 IDLE OK completed IMAP4 AUTH=LOGIN CHILDREN UIDPLUSA0001
1697443/tcp open https? syn-ack
1698445/tcp closed microsoft-ds conn-refused
1699993/tcp closed imaps conn-refused
1700995/tcp closed pop3s conn-refused
17011025/tcp closed NFS-or-IIS conn-refused
17025224/tcp closed hpvirtctrl conn-refused
17038443/tcp open ssl/http syn-ack Microsoft IIS httpd 8.5
1704|_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1705| http-methods:
1706|_ Supported Methods: GET HEAD POST OPTIONS
1707| http-robots.txt: 1 disallowed entry
1708|_/
1709|_http-title: Plesk Onyx 17.8.11
1710| ssl-cert: Subject: commonName=f03-web01.nic.gov.sd
1711| Subject Alternative Name: DNS:f03-web01.nic.gov.sd
1712| Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1713| Public Key type: rsa
1714| Public Key bits: 2048
1715| Signature Algorithm: sha256WithRSAEncryption
1716| Not valid before: 2019-05-16T00:30:46
1717| Not valid after: 2019-08-14T00:30:46
1718| MD5: 8a76 d806 383f 0437 1e28 3297 e8bc 357a
1719| SHA-1: 2d8f b6fa 2b1d d78f 9c4f 7916 a2b0 d7c3 e5c9 5305
1720| -----BEGIN CERTIFICATE-----
1721| MIIFYDCCBEigAwIBAgISBFNVeQHogggr933o4G6lR9GSMA0GCSqGSIb3DQEBCwUA
1722| MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
1723| ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA1MTYwMDMwNDZaFw0x
1724| OTA4MTQwMDMwNDZaMB8xHTAbBgNVBAMTFGYwMy13ZWIwMS5uaWMuZ292LnNkMIIB
1725| IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7FghMuMoTafAsdsb7xWducGu
1726| Xmy/lWqrDMQfF+DnpO/tpKVUN/UL0O7OAP2qUnX//dMFpeTk0yP9UzM4a7sh/pcr
1727| m7iYtUTVYf0o4fNKFqlShIf3jTWbhwekYOEq8DjiPnixWUXqt4f7l+ubnriECKkt
1728| UzhUxKJ5cV4ZayK/GmDVI/UucGE9gw5T9KGjQMICLm+2yQ5iApnOTJzhRAHRGXCI
1729| cVS9yDR68pL08mrU/wgOCpPUjzXEBUAlNl8DSxA/7W3uEdnijkxjtSEXuNxaJbVh
1730| xwBdIwp3CjFOUYr53yR+5kPT2xMYNr0MW4Nkurj5ds1Lm8/5MdGkm3LYuX4bKwID
1731| AQABo4ICaTCCAmUwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
1732| BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSJd386usPcwukt0lCN
1733| k8OwN+ZGCTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEF
1734| BQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5j
1735| cnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5j
1736| cnlwdC5vcmcvMB8GA1UdEQQYMBaCFGYwMy13ZWIwMS5uaWMuZ292LnNkMEwGA1Ud
1737| IARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0
1738| dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDw
1739| AHcAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFqvkNdXAAABAMA
1740| SDBGAiEA+Iiz8LgD/f95XsMuRWD/whq2zQvgb6xd0Zb8jgcJ9DwCIQDtKck8GHC/
1741| X1nX2U3nEFQFAFpzQLTa+D8SnMaNYlw1WAB1ACk8UZZUyDlluqpQ/FgH1Ldvv1h6
1742| KXLcpMMM9OVFR/R4AAABar5DXZMAAAQDAEYwRAIgRLadkchNrmPpfIxm0VPB0wmE
1743| sCY9mUfX+AopiIt6v6MCIG/Cd3HylFu+69F2p7OF3jz7L6wx46vbDJMdaFQIOwET
1744| MA0GCSqGSIb3DQEBCwUAA4IBAQAv5QdsPGoq14dzMbDA9Ap6YLPicpr2FE+PMO4g
1745| z4hZnOAlx7gamaIxJo0mJQV+qQgAC0q5aCuCyqMjGTh1nqCxGDNUg223LiHQHH02
1746| llGFzNGB4r+oMbiMN7rpYYDn/pos89iV0/8qCZ65dQ4P7jQ7vnzxPpPbKpzHo5fL
1747| ar8FNFXz49fMQDVQFLS+WvmCYtbDaRipp9DPAMeErDkY4SF/6UHEXPTuRpQhVdt3
1748| ZlsFJQdCzGW+H9cHPPKzACT8muKd7kzEQY03pqLQf9oVptZi/5XDv5D/2KFKdJwE
1749| eCKEDcxYY3LzzXhy6tDjEOXWvx1NR4l+goHtqAcslJYTEWrA
1750|_-----END CERTIFICATE-----
1751OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
1752Aggressive OS guesses: AVtech Room Alert 26W environmental monitor (95%), HP ProCurve Secure Router 7102dl (93%), Ricoh Aficio SP C240SF printer (93%), Linksys BEFSR41 EtherFast router (91%), Microsoft Windows Vista Home Premium SP1 (90%), OpenBSD 4.0 (88%), FreeBSD 6.2-RELEASE (87%), Linux 2.6.18 - 2.6.22 (87%), OpenBSD 4.3 (87%), Polycom SoundPoint IP 331 VoIP phone (87%)
1753No exact OS matches for host (test conditions non-ideal).
1754TCP/IP fingerprint:
1755SCAN(V=7.70%E=4%D=6/15%OT=21%CT=20%CU=%PV=N%G=N%TM=5D047EE1%P=x86_64-pc-linux-gnu)
1756SEQ(SP=107%GCD=1%ISR=10A%TI=I%TS=U)
1757OPS(O1=M44FW8N%O2=M44FW8N%O3=M44FW8N%O4=M44FW8N%O5=M44FW8N%O6=M44F)
1758WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
1759ECN(R=Y%DF=Y%TG=80%W=2000%O=M44FW8N%CC=Y%Q=)
1760ECN(R=N)
1761T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
1762T2(R=N)
1763T3(R=N)
1764T4(R=N)
1765T5(R=Y%DF=Y%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
1766T6(R=N)
1767T7(R=N)
1768U1(R=N)
1769IE(R=N)
1770
1771Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1772
1773TRACEROUTE (using proto 1/icmp)
1774HOP RTT ADDRESS
17751 112.89 ms 10.242.200.1
17762 113.08 ms vlan25.as05.bru1.be.m247.com (5.253.205.17)
17773 112.93 ms vlan2903.agg1.bru1.be.m247.com (37.120.128.156)
17784 177.61 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
17795 113.87 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
17806 114.71 ms 80.77.2.193
17817 283.59 ms xe-9-0-0.0.pjr04.ldn001.flagtel.com (85.95.25.9)
17828 126.56 ms xe-8-0-0.0.cjr04.prs001.flagtel.com (85.95.25.182)
17839 283.21 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
178410 222.53 ms 80.77.2.42
178511 233.66 ms 196.29.177.113
178612 243.77 ms 197.254.196.62
178713 ... 30
1788
1789NSE: Script Post-scanning.
1790NSE: Starting runlevel 1 (of 2) scan.
1791Initiating NSE at 01:15
1792Completed NSE at 01:15, 0.00s elapsed
1793NSE: Starting runlevel 2 (of 2) scan.
1794Initiating NSE at 01:15
1795Completed NSE at 01:15, 0.00s elapsed
1796Read data files from: /usr/bin/../share/nmap
1797OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1798Nmap done: 1 IP address (1 host up) scanned in 401.40 seconds
1799 Raw packets sent: 161 (11.188KB) | Rcvd: 39 (2.728KB)
1800#######################################################################################################################################
1801Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-15 01:15 EDT
1802NSE: Loaded 148 scripts for scanning.
1803NSE: Script Pre-scanning.
1804Initiating NSE at 01:15
1805Completed NSE at 01:15, 0.00s elapsed
1806Initiating NSE at 01:15
1807Completed NSE at 01:15, 0.00s elapsed
1808Initiating Parallel DNS resolution of 1 host. at 01:15
1809Completed Parallel DNS resolution of 1 host. at 01:15, 0.03s elapsed
1810Initiating UDP Scan at 01:15
1811Scanning f03-web01.nic.gov.sd (62.12.105.3) [14 ports]
1812Completed UDP Scan at 01:15, 2.02s elapsed (14 total ports)
1813Initiating Service scan at 01:15
1814Scanning 12 services on f03-web01.nic.gov.sd (62.12.105.3)
1815Service scan Timing: About 8.33% done; ETC: 01:34 (0:17:47 remaining)
1816Completed Service scan at 01:16, 102.57s elapsed (12 services on 1 host)
1817Initiating OS detection (try #1) against f03-web01.nic.gov.sd (62.12.105.3)
1818Retrying OS detection (try #2) against f03-web01.nic.gov.sd (62.12.105.3)
1819Initiating Traceroute at 01:17
1820Completed Traceroute at 01:17, 7.30s elapsed
1821Initiating Parallel DNS resolution of 1 host. at 01:17
1822Completed Parallel DNS resolution of 1 host. at 01:17, 0.00s elapsed
1823NSE: Script scanning 62.12.105.3.
1824Initiating NSE at 01:17
1825Completed NSE at 01:17, 20.32s elapsed
1826Initiating NSE at 01:17
1827Completed NSE at 01:17, 1.03s elapsed
1828Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1829Host is up (0.11s latency).
1830
1831PORT STATE SERVICE VERSION
183253/udp open|filtered domain
183367/udp open|filtered dhcps
183468/udp open|filtered dhcpc
183569/udp open|filtered tftp
183688/udp open|filtered kerberos-sec
1837123/udp open|filtered ntp
1838137/udp filtered netbios-ns
1839138/udp filtered netbios-dgm
1840139/udp open|filtered netbios-ssn
1841161/udp open|filtered snmp
1842162/udp open|filtered snmptrap
1843389/udp open|filtered ldap
1844520/udp open|filtered route
18452049/udp open|filtered nfs
1846Too many fingerprints match this host to give specific OS details
1847
1848TRACEROUTE (using port 138/udp)
1849HOP RTT ADDRESS
18501 108.20 ms 10.242.200.1
18512 ... 3
18524 112.28 ms 10.242.200.1
18535 107.59 ms 10.242.200.1
18546 107.58 ms 10.242.200.1
18557 107.57 ms 10.242.200.1
18568 107.55 ms 10.242.200.1
18579 107.53 ms 10.242.200.1
185810 107.53 ms 10.242.200.1
185911 ... 18
186019 105.60 ms 10.242.200.1
186120 107.26 ms 10.242.200.1
186221 108.07 ms 10.242.200.1
186322 ... 27
186428 109.48 ms 10.242.200.1
186529 ...
186630 107.10 ms 10.242.200.1
1867
1868NSE: Script Post-scanning.
1869Initiating NSE at 01:17
1870Completed NSE at 01:17, 0.00s elapsed
1871Initiating NSE at 01:17
1872Completed NSE at 01:17, 0.00s elapsed
1873Read data files from: /usr/bin/../share/nmap
1874OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1875Nmap done: 1 IP address (1 host up) scanned in 138.13 seconds
1876 Raw packets sent: 149 (10.020KB) | Rcvd: 1622 (88.314KB)
1877#######################################################################################################################################
1878Hosts
1879=====
1880
1881address mac name os_name os_flavor os_sp purpose info comments
1882------- --- ---- ------- --------- ----- ------- ---- --------
188352.64.99.208 cbs.gov.ws Linux 3.X server
188462.12.105.3 f03-web01.nic.gov.sd embedded 2.6.X device
188562.12.105.4 f05-web03.nic.gov.sd Linux 2.6.X server
188677.72.0.146 argon.cloudhosting.co.uk Unknown device
1887147.237.77.18 Unknown device
1888
1889Services
1890========
1891
1892host port proto name state info
1893---- ---- ----- ---- ----- ----
189452.64.99.208 20 tcp ftp-data closed
189552.64.99.208 21 tcp ftp open vsftpd 3.0.2
189652.64.99.208 25 tcp smtp closed
189752.64.99.208 53 udp domain unknown
189852.64.99.208 67 udp dhcps unknown
189952.64.99.208 68 udp dhcpc unknown
190052.64.99.208 69 udp tftp unknown
190152.64.99.208 80 tcp http open Apache httpd
190252.64.99.208 88 udp kerberos-sec unknown
190352.64.99.208 123 udp ntp unknown
190452.64.99.208 137 udp netbios-ns filtered
190552.64.99.208 138 udp netbios-dgm filtered
190652.64.99.208 139 tcp netbios-ssn closed
190752.64.99.208 139 udp netbios-ssn unknown
190852.64.99.208 161 udp snmp unknown
190952.64.99.208 162 udp snmptrap unknown
191052.64.99.208 389 udp ldap unknown
191152.64.99.208 443 tcp ssl/http open Apache httpd
191252.64.99.208 445 tcp microsoft-ds closed
191352.64.99.208 520 udp route unknown
191452.64.99.208 1024 tcp kdm closed
191552.64.99.208 1025 tcp nfs-or-iis closed
191652.64.99.208 1026 tcp lsa-or-nterm closed
191752.64.99.208 1027 tcp iis closed
191852.64.99.208 1028 tcp unknown closed
191952.64.99.208 1029 tcp ms-lsa closed
192052.64.99.208 1030 tcp iad1 closed
192152.64.99.208 1031 tcp iad2 closed
192252.64.99.208 1032 tcp iad3 closed
192352.64.99.208 1033 tcp netinfo closed
192452.64.99.208 1034 tcp zincite-a closed
192552.64.99.208 1035 tcp multidropper closed
192652.64.99.208 1036 tcp nsstp closed
192752.64.99.208 1037 tcp ams closed
192852.64.99.208 1038 tcp mtqp closed
192952.64.99.208 1039 tcp sbl closed
193052.64.99.208 1040 tcp netsaint closed
193152.64.99.208 1041 tcp danf-ak2 closed
193252.64.99.208 1042 tcp afrog closed
193352.64.99.208 1043 tcp boinc closed
193452.64.99.208 1044 tcp dcutility closed
193552.64.99.208 1045 tcp fpitp closed
193652.64.99.208 1046 tcp wfremotertm closed
193752.64.99.208 1047 tcp neod1 closed
193852.64.99.208 1048 tcp neod2 closed
193952.64.99.208 2049 udp nfs unknown
194062.12.105.3 20 tcp ftp-data closed
194162.12.105.3 21 tcp ftp open Microsoft ftpd
194262.12.105.3 25 tcp smtp closed
194362.12.105.3 53 udp domain unknown
194462.12.105.3 67 udp dhcps unknown
194562.12.105.3 68 udp dhcpc unknown
194662.12.105.3 69 udp tftp unknown
194762.12.105.3 80 tcp http open Microsoft IIS httpd 8.5
194862.12.105.3 88 udp kerberos-sec unknown
194962.12.105.3 110 tcp pop3 open MailEnable POP3 Server
195062.12.105.3 113 tcp ident closed
195162.12.105.3 123 udp ntp unknown
195262.12.105.3 137 udp netbios-ns filtered
195362.12.105.3 138 udp netbios-dgm filtered
195462.12.105.3 139 tcp netbios-ssn closed
195562.12.105.3 139 udp netbios-ssn unknown
195662.12.105.3 143 tcp imap open MailEnable imapd
195762.12.105.3 161 udp snmp unknown
195862.12.105.3 162 udp snmptrap unknown
195962.12.105.3 389 udp ldap unknown
196062.12.105.3 443 tcp https open
196162.12.105.3 445 tcp microsoft-ds closed
196262.12.105.3 520 udp route unknown
196362.12.105.3 993 tcp imaps closed
196462.12.105.3 995 tcp pop3s closed
196562.12.105.3 1025 tcp nfs-or-iis closed
196662.12.105.3 2049 udp nfs unknown
196762.12.105.3 5224 tcp hpvirtctrl closed
196862.12.105.3 8443 tcp ssl/http open Microsoft IIS httpd 8.5
196962.12.105.4 21 tcp ftp open ProFTPD 1.3.5d
197062.12.105.4 25 tcp smtp closed
197162.12.105.4 53 udp domain unknown
197262.12.105.4 67 udp dhcps unknown
197362.12.105.4 68 udp dhcpc unknown
197462.12.105.4 69 udp tftp unknown
197562.12.105.4 80 tcp http open nginx
197662.12.105.4 88 udp kerberos-sec unknown
197762.12.105.4 110 tcp pop3 open Dovecot pop3d
197862.12.105.4 113 tcp ident closed
197962.12.105.4 123 udp ntp unknown
198062.12.105.4 137 udp netbios-ns filtered
198162.12.105.4 138 udp netbios-dgm filtered
198262.12.105.4 139 tcp netbios-ssn closed
198362.12.105.4 139 udp netbios-ssn unknown
198462.12.105.4 143 tcp imap open Dovecot imapd
198562.12.105.4 161 udp snmp unknown
198662.12.105.4 162 udp snmptrap unknown
198762.12.105.4 389 udp ldap unknown
198862.12.105.4 443 tcp ssl/http open nginx
198962.12.105.4 445 tcp microsoft-ds closed
199062.12.105.4 520 udp route unknown
199162.12.105.4 993 tcp ssl/imaps open
199262.12.105.4 995 tcp ssl/pop3s open
199362.12.105.4 2049 udp nfs unknown
199462.12.105.4 8443 tcp https-alt open
199577.72.0.146 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 50 allowed.\x0d\x0a220-Local time is now 23:05. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
199677.72.0.146 67 udp dhcps unknown
199777.72.0.146 68 udp dhcpc unknown
199877.72.0.146 69 udp tftp unknown
199977.72.0.146 80 tcp http open
200077.72.0.146 88 udp kerberos-sec unknown
200177.72.0.146 110 tcp pop3 open
200277.72.0.146 123 udp ntp unknown
200377.72.0.146 139 udp netbios-ssn unknown
200477.72.0.146 143 tcp imap open
200577.72.0.146 389 udp ldap unknown
200677.72.0.146 443 tcp https open
200777.72.0.146 465 tcp smtps open
200877.72.0.146 520 udp route unknown
200977.72.0.146 587 tcp submission open
201077.72.0.146 993 tcp imaps open
201177.72.0.146 995 tcp pop3s open
201277.72.0.146 2049 udp nfs unknown
2013147.237.77.18 53 udp domain unknown
2014147.237.77.18 67 udp dhcps unknown
2015147.237.77.18 68 udp dhcpc unknown
2016147.237.77.18 69 udp tftp unknown
2017147.237.77.18 80 tcp http open
2018147.237.77.18 88 udp kerberos-sec unknown
2019147.237.77.18 123 udp ntp unknown
2020147.237.77.18 139 udp netbios-ssn unknown
2021147.237.77.18 161 udp snmp unknown
2022147.237.77.18 162 udp snmptrap unknown
2023147.237.77.18 389 udp ldap unknown
2024147.237.77.18 520 udp route unknown
2025147.237.77.18 2049 udp nfs unknown
2026#######################################################################################################################################
2027 Anonymous JTSEC #OpSudan Full Recon #92