· 6 years ago · Oct 11, 2019, 10:36 PM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname sam.gov.tr ISP Radore Veri Merkezi Hizmetleri A.S.
4Continent Asia Flag
5TR
6Country Turkey Country Code TR
7Region Unknown Local time 11 Oct 2019 22:55 +03
8City Unknown Postal Code Unknown
9IP Address 176.53.84.114 Latitude 41.021
10 Longitude 28.9
11=======================================================================================================================================
12#######################################################################################################################################
13> sam.gov.tr
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: sam.gov.tr
19Address: 176.53.84.114
20>
21#######################################################################################################################################
22** Domain Name: sam.gov.tr
23
24** Registrant:
25 T.C. DIŞİŞLERİ BAKANLIĞI, STRATEJİK ARAŞTIRMALAR MERKEZİ
26 Kırçiçeği Sokak 8/3
27 Gaziosmanpaşa
28 Ankara,
29 Türkiye
30 strategy@mfa.gov.tr
31 + 90-312-4460435-
32 + 90-312-4450584
33
34
35** Administrative Contact:
36NIC Handle : tdb14-metu
37Organization Name : T.C. Dışişleri Bakanlığı
38Address : T.C. Dışişleri Bakanlığı
39 BALGAT
40 Ankara,06100
41 Türkiye
42Phone : + 90-312-2921218-
43Fax : +
44
45
46** Technical Contact:
47NIC Handle : tdb14-metu
48Organization Name : T.C. Dışişleri Bakanlığı
49Address : T.C. Dışişleri Bakanlığı
50 BALGAT
51 Ankara,06100
52 Türkiye
53Phone : + 90-312-2921218-
54Fax : +
55
56
57** Billing Contact:
58NIC Handle : tdb14-metu
59Organization Name : T.C. Dışişleri Bakanlığı
60Address : T.C. Dışişleri Bakanlığı
61 BALGAT
62 Ankara,06100
63 Türkiye
64Phone : + 90-312-2921218-
65Fax : +
66
67
68** Domain Servers:
69ns1.creamediacloud.com
70ns2.creamediacloud.com
71
72** Additional Info:
73Created on..............: 2005-Mar-21.
74Expires on..............: 2021-Mar-20.
75#######################################################################################################################################
76[+] Target : sam.gov.tr
77
78[+] IP Address : 176.53.84.114
79
80[+] Headers :
81
82[+] Date : Fri, 11 Oct 2019 21:15:17 GMT
83[+] Server : Apache
84[+] Vary : Accept-Encoding,User-Agent
85[+] Last-Modified : Fri, 11 Oct 2019 20:23:09 GMT
86[+] Accept-Ranges : bytes
87[+] Content-Length : 4001
88[+] Referrer-Policy :
89[+] Keep-Alive : timeout=5, max=100
90[+] Connection : Keep-Alive
91[+] Content-Type : text/html; charset=UTF-8
92[+] Content-Encoding : gzip
93
94[+] SSL Certificate Information :
95
96[+] commonName : sam.gov.tr
97[+] countryName : US
98[+] stateOrProvinceName : TX
99[+] localityName : Houston
100[+] organizationName : cPanel, Inc.
101[+] commonName : cPanel, Inc. Certification Authority
102[+] Version : 3
103[+] Serial Number : 7CAC61F94A1E5FE5027B116CC93961A8
104[+] Not Before : Sep 3 00:00:00 2019 GMT
105[+] Not After : Dec 2 23:59:59 2019 GMT
106[+] OCSP : ('http://ocsp.comodoca.com',)
107[+] subject Alt Name : (('DNS', 'sam.gov.tr'), ('DNS', 'mail.sam.gov.tr'), ('DNS', 'www.sam.gov.tr'))
108[+] CA Issuers : ('http://crt.comodoca.com/cPanelIncCertificationAuthority.crt',)
109[+] CRL Distribution Points : ('http://crl.comodoca.com/cPanelIncCertificationAuthority.crl',)
110
111[+] Whois Lookup :
112
113[+] NIR : None
114[+] ASN Registry : ripencc
115[+] ASN : 42926
116[+] ASN CIDR : 176.53.84.0/24
117[+] ASN Country Code : TR
118[+] ASN Date : 2011-05-26
119[+] ASN Description : RADORE, TR
120[+] cidr : 176.53.84.0/24
121[+] name : GuzelHosting
122[+] handle : WTL8-RIPE
123[+] range : 176.53.84.0 - 176.53.84.255
124[+] description : None
125[+] country : TR
126[+] state : None
127[+] city : None
128[+] address : Webhost Technologies Ltd. Serbest Liman Ve Blge P.K. 486
129[+] postal_code : None
130[+] emails : None
131[+] created : 2016-08-16T07:13:16Z
132[+] updated : 2016-08-16T21:22:28Z
133
134[+] Crawling Target...
135
136[+] Looking for robots.txt........[ Found ]
137[+] Extracting robots Links.......[ 2 ]
138[+] Looking for sitemap.xml.......[ Not Found ]
139[+] Extracting CSS Links..........[ 5 ]
140[+] Extracting Javascript Links...[ 12 ]
141[+] Extracting Internal Links.....[ 31 ]
142[+] Extracting External Links.....[ 2 ]
143[+] Extracting Images.............[ 14 ]
144
145[+] Total Links Extracted : 66
146
147[+] Dumping Links in /opt/FinalRecon/dumps/sam.gov.tr.dump
148[+] Completed!
149#######################################################################################################################################
150[+] Starting At 2019-10-11 17:16:51.976358
151[+] Collecting Information On: http://sam.gov.tr/
152[#] Status: 200
153--------------------------------------------------
154[#] Web Server Detected: Apache
155[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
156- Date: Fri, 11 Oct 2019 21:16:50 GMT
157- Server: Apache
158- Vary: Accept-Encoding,User-Agent
159- Last-Modified: Fri, 11 Oct 2019 20:23:09 GMT
160- Accept-Ranges: bytes
161- Content-Length: 4001
162- Referrer-Policy:
163- Keep-Alive: timeout=5, max=100
164- Connection: Keep-Alive
165- Content-Type: text/html; charset=UTF-8
166- Content-Encoding: gzip
167--------------------------------------------------
168[#] Finding Location..!
169[#] as: AS42926 Radore Veri Merkezi Hizmetleri A.S.
170[#] city: Ankara
171[#] country: Turkey
172[#] countryCode: TR
173[#] isp: Radore Veri Merkezi Hizmetleri A.S.
174[#] lat: 39.9334
175[#] lon: 32.8597
176[#] org: Webhost Technologies Ltd.
177[#] query: 176.53.84.114
178[#] region: 06
179[#] regionName: Ankara
180[#] status: success
181[#] timezone: Europe/Istanbul
182[#] zip:
183--------------------------------------------------
184[x] Didn't Detect WAF Presence on: http://sam.gov.tr/
185--------------------------------------------------
186[#] Starting Reverse DNS
187[!] Found 1 any Domain
188- sam.gov.tr
189--------------------------------------------------
190[!] Scanning Open Port
191[#] 21/tcp open ftp
192[#] 26/tcp open rsftp
193[#] 53/tcp open domain
194[#] 80/tcp open http
195[#] 110/tcp open pop3
196[#] 143/tcp open imap
197[#] 443/tcp open https
198[#] 465/tcp open smtps
199[#] 587/tcp open submission
200[#] 993/tcp open imaps
201[#] 995/tcp open pop3s
202[#] 2222/tcp open EtherNetIP-1
203--------------------------------------------------
204[+] Collecting Information Disclosure!
205[#] Detecting sitemap.xml file
206[-] sitemap.xml file not Found!?
207[#] Detecting robots.txt file
208[!] robots.txt File Found: http://sam.gov.tr//robots.txt
209[#] Detecting GNU Mailman
210[!] GNU Mailman App Detected: http://sam.gov.tr//mailman/admin
211[!] version: 2.1.27
212--------------------------------------------------
213[+] Crawling Url Parameter On: http://sam.gov.tr/
214--------------------------------------------------
215[#] Searching Html Form !
216[+] Html Form Discovered
217[#] action: http://sam.gov.tr/
218[#] class: None
219[#] id: searchform
220[#] method: get
221--------------------------------------------------
222[!] Found 7 dom parameter
223[#] http://sam.gov.tr//#
224[#] http://sam.gov.tr//#
225[#] http://sam.gov.tr//#
226[#] http://sam.gov.tr//#
227[#] http://sam.gov.tr//#
228[#] http://sam.gov.tr//#
229[#] http://sam.gov.tr//#
230--------------------------------------------------
231[!] 1 Internal Dynamic Parameter Discovered
232[+] http://sam.gov.tr/?cat=6
233--------------------------------------------------
234[-] No external Dynamic Paramter Found!?
235--------------------------------------------------
236[!] 67 Internal links Discovered
237[+] http://sam.gov.tr/wp-content/themes/sam/style.css
238[+] http://sam.gov.tr/wp-content/themes/sam/assets/styles/general.css
239[+] http://sam.gov.tr/xmlrpc.php
240[+] http://sam.gov.tr/wp-includes/wlwmanifest.xml
241[+] http://sam.gov.tr
242[+] http://www.sam.gov.tr/tr/
243[+] http://sam.gov.tr
244[+] http://sam.gov.tr/about-sam/
245[+] http://sam.gov.tr/about-minister/
246[+] http://sam.gov.tr/deputy-minister/
247[+] http://sam.gov.tr/chairmans-message/
248[+] http://sam.gov.tr/staff/
249[+] http://sam.gov.tr/category/publications/perceptions/
250[+] http://sam.gov.tr/category/publications/vision-papers/
251[+] http://sam.gov.tr/category/publications/sam-papers/
252[+] http://sam.gov.tr/category/publications/sam_reports/
253[+] http://sam.gov.tr/summer-winter-school/
254[+] http://sam.gov.tr/internships-at-sam/
255[+] http://sam.gov.tr/alumni/
256[+] http://sam.gov.tr/category/events/
257[+] http://sam.gov.tr/category/announcements/
258[+] http://sam.gov.tr/contact/
259[+] http://sam.gov.tr/turkic-council-the-10th-anniversary-of-the-nakhichevan-agreement-conference/
260[+] http://sam.gov.tr/sam-talks-xi-prof-ersel-aydinli/
261[+] http://sam.gov.tr/perceptions-spring-summer-2019/
262[+] http://sam.gov.tr/meeting-with-the-drc-of-china/
263[+] http://sam.gov.tr/presentation-to-ytb-interns/
264[+] http://sam.gov.tr/presentation-to-peking-university-delegation/
265[+] http://sam.gov.tr/youth-bridges-meeting/
266[+] http://sam.gov.tr/sam-talks-x-prof-sukru-hanioglu/
267[+] http://sam.gov.tr/presentation-to-russian-journalists/
268[+] http://sam.gov.tr/sam-papers-no-17-new-balance-of-power-in-the-eastern-mediterranean-and-turkey/
269[+] http://sam.gov.tr/about-minister/
270[+] http://sam.gov.tr/about-minister/
271[+] http://sam.gov.tr/about-minister/
272[+] http://sam.gov.tr/category/publications/perceptions/
273[+] http://sam.gov.tr/category/publications/perceptions/
274[+] http://sam.gov.tr/category/publications/perceptions/
275[+] http://sam.gov.tr/sam-papers-no-17-new-balance-of-power-in-the-eastern-mediterranean-and-turkey/
276[+] http://sam.gov.tr/category/publications/sam-papers/
277[+] http://sam.gov.tr/sam-papers-no-17-new-balance-of-power-in-the-eastern-mediterranean-and-turkey/
278[+] http://sam.gov.tr/perceptions-spring-summer-2019/
279[+] http://sam.gov.tr/sam-papers-no-17-new-balance-of-power-in-the-eastern-mediterranean-and-turkey/
280[+] http://sam.gov.tr/sam-paper-no-16-on-turkeys-missile-defense-strategy-the-four-faces-of-the-s-400-deal-between-turkey-and-russia/
281[+] http://sam.gov.tr/annual-report-2017/
282[+] http://sam.gov.tr/perceptions-summer-2018/
283[+] http://sam.gov.tr/turkic-council-the-10th-anniversary-of-the-nakhichevan-agreement-conference/
284[+] http://sam.gov.tr/sam-talks-xi-prof-ersel-aydinli/
285[+] http://sam.gov.tr/meeting-with-the-drc-of-china/
286[+] http://sam.gov.tr/presentation-to-ytb-interns/
287[+] http://sam.gov.tr/presentation-to-peking-university-delegation/
288[+] http://sam.gov.tr
289[+] http://sam.gov.tr/about-sam/
290[+] http://sam.gov.tr/about-minister/
291[+] http://sam.gov.tr/deputy-minister/
292[+] http://sam.gov.tr/chairmans-message/
293[+] http://sam.gov.tr/staff/
294[+] http://sam.gov.tr/category/publications/perceptions/
295[+] http://sam.gov.tr/category/publications/vision-papers/
296[+] http://sam.gov.tr/category/publications/sam-papers/
297[+] http://sam.gov.tr/category/publications/sam_reports/
298[+] http://sam.gov.tr/summer-winter-school/
299[+] http://sam.gov.tr/internships-at-sam/
300[+] http://sam.gov.tr/alumni/
301[+] http://sam.gov.tr/category/events/
302[+] http://sam.gov.tr/category/announcements/
303[+] http://sam.gov.tr/contact/
304--------------------------------------------------
305[!] 3 External links Discovered
306[#] http://gmpg.org/xfn/11
307[#] http://twitter.com/SAM_MFA
308[#] http://www.creamediadesign.com
309--------------------------------------------------
310[#] Mapping Subdomain..
311[!] Found 1 Subdomain
312- sam.gov.tr
313--------------------------------------------------
314[!] Done At 2019-10-11 17:17:18.579119
315######################################################################################################################################
316[i] Scanning Site: http://sam.gov.tr
317
318
319
320B A S I C I N F O
321====================
322
323
324[+] Site Title: SAM | Center for Strategic Research
325[+] IP address: 176.53.84.114
326[+] Web Server: Apache
327[+] CMS: WordPress
328[+] Cloudflare: Not Detected
329[+] Robots File: Found
330
331-------------[ contents ]----------------
332User-agent: *
333Disallow: /wp-admin/
334Allow: /wp-admin/admin-ajax.php
335
336-----------[end of contents]-------------
337
338
339
340W H O I S L O O K U P
341========================
342
343 ** Domain Name: sam.gov.tr
344
345** Registrant:
346 T.C. DIŞİŞLERİ BAKANLIĞI, STRATEJİK ARAŞTIRMALAR MERKEZİ
347 Kırçiçeği Sokak 8/3
348 Gaziosmanpaşa
349 Ankara,
350 Türkiye
351 strategy@mfa.gov.tr
352 + 90-312-4460435-
353 + 90-312-4450584
354
355
356** Administrative Contact:
357NIC Handle : tdb14-metu
358Organization Name : T.C. Dışişleri Bakanlığı
359Address : T.C. Dışişleri Bakanlığı
360 BALGAT
361 Ankara,06100
362 Türkiye
363Phone : + 90-312-2921218-
364Fax : +
365
366
367** Technical Contact:
368NIC Handle : tdb14-metu
369Organization Name : T.C. Dışişleri Bakanlığı
370Address : T.C. Dışişleri Bakanlığı
371 BALGAT
372 Ankara,06100
373 Türkiye
374Phone : + 90-312-2921218-
375Fax : +
376
377
378** Billing Contact:
379NIC Handle : tdb14-metu
380Organization Name : T.C. Dışişleri Bakanlığı
381Address : T.C. Dışişleri Bakanlığı
382 BALGAT
383 Ankara,06100
384 Türkiye
385Phone : + 90-312-2921218-
386Fax : +
387
388
389** Domain Servers:
390ns1.creamediacloud.com
391ns2.creamediacloud.com
392
393** Additional Info:
394Created on..............: 2005-Mar-21.
395Expires on..............: 2021-Mar-20.
396
397
398
399
400G E O I P L O O K U P
401=========================
402
403[i] IP Address: 176.53.84.114
404[i] Country: Turkey
405[i] State:
406[i] City:
407[i] Latitude: 41.0214
408[i] Longitude: 28.9948
409
410
411
412
413H T T P H E A D E R S
414=======================
415
416
417[i] HTTP/1.1 200 OK
418[i] Date: Fri, 11 Oct 2019 21:15:43 GMT
419[i] Server: Apache
420[i] Last-Modified: Fri, 11 Oct 2019 20:23:09 GMT
421[i] Accept-Ranges: bytes
422[i] Content-Length: 22640
423[i] Vary: Accept-Encoding,User-Agent
424[i] Referrer-Policy:
425[i] Connection: close
426[i] Content-Type: text/html; charset=UTF-8
427
428
429
430
431D N S L O O K U P
432===================
433
434sam.gov.tr. 14399 IN TXT "v=spf1 ip4:176.53.84.114 ip4:5.2.75.169 +a +mx +ip4:88.202.188.27 ~all"
435sam.gov.tr. 14399 IN MX 0 sam.gov.tr.
436sam.gov.tr. 21599 IN SOA ns1.creamediacloud.com. tyalcin.hotmail.com. 2019061900 3600 1800 1209600 86400
437sam.gov.tr. 21599 IN NS ns1.creamediacloud.com.
438sam.gov.tr. 21599 IN NS ns2.creamediacloud.com.
439sam.gov.tr. 14399 IN A 176.53.84.114
440
441
442
443
444S U B N E T C A L C U L A T I O N
445====================================
446
447Address = 176.53.84.114
448Network = 176.53.84.114 / 32
449Netmask = 255.255.255.255
450Broadcast = not needed on Point-to-Point links
451Wildcard Mask = 0.0.0.0
452Hosts Bits = 0
453Max. Hosts = 1 (2^0 - 0)
454Host Range = { 176.53.84.114 - 176.53.84.114 }
455
456
457
458N M A P P O R T S C A N
459============================
460
461Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-11 21:15 UTC
462Nmap scan report for sam.gov.tr (176.53.84.114)
463Host is up (0.13s latency).
464rDNS record for 176.53.84.114: 114ro2gwn.guzel.net.tr
465
466PORT STATE SERVICE
46721/tcp open ftp
46822/tcp closed ssh
46923/tcp filtered telnet
47080/tcp open http
471110/tcp open pop3
472143/tcp open imap
473443/tcp open https
4743389/tcp filtered ms-wbt-server
475
476Nmap done: 1 IP address (1 host up) scanned in 3.00 seconds
477
478#######################################################################################################################################
479Enter Address Website = sam.gov.tr
480
481
482
483Reversing IP With HackTarget 'sam.gov.tr'
484--------------------------------------------
485
486[+] apider.org
487[+] apitherapy.institute
488[+] clinic-up.com
489[+] creamediacloud.com
490[+] creamediadesign.com
491[+] drmujgancaliskan.com
492[+] drozcanyildiz.com
493[+] educanova.education
494[+] fangzhu.academy
495[+] gagaku.org
496[+] geleceginegitimi.org
497[+] ges.world
498[+] globera.org
499[+] holistiktip.org
500[+] interaktifmedya.vip
501[+] konakmimarlik.net
502[+] kursunkalemajans.com
503[+] mail.apitherapy.institute
504[+] mail.creamediadesign.com
505[+] mail.drmujgancaliskan.com
506[+] mail.drozcanyildiz.com
507[+] mail.fangzhu.academy
508[+] mail.globera.org
509[+] mail.interaktifmedya.vip
510[+] mail.kursunkalemajans.com
511[+] mail.medicon.vip
512[+] mail.nbhukuk.com
513[+] mail.persana.co.uk
514[+] mail.refugeedatabase.org
515[+] mail.sanatterapi.org
516[+] mail.sosyalmedya.vip
517[+] medicon.vip
518[+] mikadecor.com
519[+] nbhukuk.com
520[+] ns1.creamediacloud.com
521[+] ns2.creamediacloud.com
522[+] persana.co.uk
523[+] personalogia.com
524[+] refugeedatabase.org
525[+] sam.gov.tr
526[+] sanatterapi.org
527[+] savaskaya.net
528[+] sbhukuk.com.tr
529[+] serdarozkan.com
530[+] serdarozkan.info
531[+] serdarozkan.org
532[+] server-176.53.84.114.as42926.net
533[+] sibelyalcin.com.tr
534[+] sosyalmedya.vip
535[+] srv.creamediacloud.com
536[+] timuryalcin.com
537[+] www.apitherapy.institute
538[+] www.clinic-up.com
539[+] www.creamediadesign.com
540[+] www.drmujgancaliskan.com
541[+] www.drozcanyildiz.com
542[+] www.geleceginegitimi.org
543[+] www.globera.org
544[+] www.interaktifmedya.vip
545[+] www.kursunkalemajans.com
546[+] www.medicon.vip
547[+] www.mikadecor.com
548[+] www.nbhukuk.com
549[+] www.persana.co.uk
550[+] www.refugeedatabase.org
551[+] www.sosyalmedya.vip
552[+] www.zkzeynepkaya.com
553[+] zkzeynepkaya.com
554
555
556
557Reverse IP With YouGetSignal 'sam.gov.tr'
558--------------------------------------------
559
560[*] IP: 176.53.84.114
561[*] Domain: sam.gov.tr
562[*] Total Domains: 1
563
564[+] sam.gov.tr
565
566
567
568Geo IP Lookup 'sam.gov.tr'
569-----------------------------
570
571[+] IP Address: 176.53.84.114
572[+] Country: Turkey
573[+] State:
574[+] City:
575[+] Latitude: 41.0214
576[+] Longitude: 28.9948
577
578
579
580Whois 'sam.gov.tr'
581---------------------
582
583[+] ** Domain Name: sam.gov.tr
584[+] ** Registrant:
585[+] T.C. DIŞİŞLERİ BAKANLIĞI, STRATEJİK ARAŞTIRMALAR MERKEZİ
586[+] Kırçiçeği Sokak 8/3
587[+] Gaziosmanpaşa
588[+] Ankara,
589[+] Türkiye
590[+] strategy@mfa.gov.tr
591[+] + 90-312-4460435-
592[+] + 90-312-4450584
593[+] ** Administrative Contact:
594[+] NIC Handle : tdb14-metu
595[+] Organization Name : T.C. Dışişleri Bakanlığı
596[+] Address : T.C. Dışişleri Bakanlığı
597[+] BALGAT
598[+] Ankara,06100
599[+] Türkiye
600[+] Phone : + 90-312-2921218-
601[+] Fax : +
602[+] ** Technical Contact:
603[+] NIC Handle : tdb14-metu
604[+] Organization Name : T.C. Dışişleri Bakanlığı
605[+] Address : T.C. Dışişleri Bakanlığı
606[+] BALGAT
607[+] Ankara,06100
608[+] Türkiye
609[+] Phone : + 90-312-2921218-
610[+] Fax : +
611[+] ** Billing Contact:
612[+] NIC Handle : tdb14-metu
613[+] Organization Name : T.C. Dışişleri Bakanlığı
614[+] Address : T.C. Dışişleri Bakanlığı
615[+] BALGAT
616[+] Ankara,06100
617[+] Türkiye
618[+] Phone : + 90-312-2921218-
619[+] Fax : +
620[+] ** Domain Servers:
621[+] ns1.creamediacloud.com
622[+] ns2.creamediacloud.com
623[+] ** Additional Info:
624[+] Created on..............: 2005-Mar-21.
625[+] Expires on..............: 2021-Mar-20.
626
627
628
629Bypass Cloudflare 'sam.gov.tr'
630---------------------------------
631
632[!] CloudFlare Bypass 176.53.84.114 | ftp.sam.gov.tr
633[!] CloudFlare Bypass 127.0.0.1 | localhost.sam.gov.tr
634[!] CloudFlare Bypass 176.53.84.114 | mail.sam.gov.tr
635[!] CloudFlare Bypass 176.53.84.114 | www.sam.gov.tr
636
637
638
639
640DNS Lookup 'sam.gov.tr'
641--------------------------
642
643[+] sam.gov.tr. 14399 IN TXT "v=spf1 ip4:176.53.84.114 ip4:5.2.75.169 +a +mx +ip4:88.202.188.27 ~all"
644[+] sam.gov.tr. 14399 IN MX 0 sam.gov.tr.
645[+] sam.gov.tr. 21599 IN SOA ns1.creamediacloud.com. tyalcin.hotmail.com. 2019061900 3600 1800 1209600 86400
646[+] sam.gov.tr. 21599 IN NS ns2.creamediacloud.com.
647[+] sam.gov.tr. 21599 IN NS ns1.creamediacloud.com.
648[+] sam.gov.tr. 14399 IN A 176.53.84.114
649
650
651
652Find Shared DNS 'sam.gov.tr'
653-------------------------------
654
655[+] No DNS server records found for sam.gov.tr
656
657
658
659Show HTTP Header 'sam.gov.tr'
660--------------------------------
661
662[+] HTTP/1.1 200 OK
663[+] Date: Fri, 11 Oct 2019 21:16:22 GMT
664[+] Server: Apache
665[+] Last-Modified: Fri, 11 Oct 2019 20:23:09 GMT
666[+] Accept-Ranges: bytes
667[+] Content-Length: 22640
668[+] Vary: Accept-Encoding,User-Agent
669[+] Referrer-Policy:
670[+] Content-Type: text/html; charset=UTF-8
671[+]
672
673
674
675Port Scan 'sam.gov.tr'
676-------------------------
677
678Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-11 21:16 UTC
679Nmap scan report for sam.gov.tr (176.53.84.114)
680Host is up (0.13s latency).
681rDNS record for 176.53.84.114: 114ro2gwn.guzel.net.tr
682
683PORT STATE SERVICE
68421/tcp open ftp
68522/tcp closed ssh
68623/tcp filtered telnet
68780/tcp open http
688110/tcp open pop3
689143/tcp open imap
690443/tcp open https
6913389/tcp filtered ms-wbt-server
692
693Nmap done: 1 IP address (1 host up) scanned in 1.71 seconds
694
695
696
697
698Cms Scan 'sam.gov.tr'
699------------------------
700
701[+] Cms : WordPress
702[+] Web Servers : Apache
703[+] Programming Languages : PHP
704
705
706
707
708
709Robot.txt 'sam.gov.tr'
710-------------------------
711
712User-agent: *
713Disallow: /wp-admin/
714Allow: /wp-admin/admin-ajax.php
715
716
717
718
719Traceroute 'sam.gov.tr'
720--------------------------
721
722Start: 2019-10-11T21:16:32+0000
723HOST: web01 Loss% Snt Last Avg Best Wrst StDev
724 1.|-- 45.79.12.202 0.0% 3 0.9 0.7 0.6 0.9 0.2
725 2.|-- 45.79.12.6 0.0% 3 0.5 0.5 0.5 0.6 0.1
726 3.|-- dls-b22-link.telia.net 0.0% 3 0.9 1.0 0.9 1.3 0.2
727 4.|-- las-b24-link.telia.net 0.0% 3 31.3 31.3 31.3 31.4 0.1
728 5.|-- voxility-ic-325366-las-b24.c.telia.net 0.0% 3 33.5 33.0 32.0 33.5 0.8
729 6.|-- lax-cs1-01c.voxility.net 0.0% 3 32.3 32.3 32.2 32.3 0.0
730 7.|-- fra-eq5-01c.voxility.net 0.0% 3 152.4 152.5 152.4 152.7 0.2
731 8.|-- fra-eq5-02sw.voxility.net 0.0% 3 152.7 152.6 152.6 152.7 0.0
732 9.|-- 5.254.105.22 0.0% 3 145.5 145.5 145.5 145.5 0.0
733 10.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
734 11.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
735 12.|-- server-176.53.66.22.as42926.net 0.0% 3 184.4 184.4 184.2 184.5 0.1
736 13.|-- 114ro2gwn.guzel.net.tr 0.0% 3 188.1 188.0 188.0 188.1 0.0
737
738
739
740
741Ping 'sam.gov.tr'
742--------------------
743
744error check your api query
745
746
747
748Page Admin Finder 'sam.gov.tr'
749---------------------------------
750
751
752
753Avilable Links :
754
755Find Page >> http://sam.gov.tr/admin/
756
757Find Page >> http://sam.gov.tr/admin/index.php
758
759Find Page >> http://sam.gov.tr/wp-login.php
760#######################################################################################################################################
761Trying "sam.gov.tr"
762;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10566
763;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 0
764
765;; QUESTION SECTION:
766;sam.gov.tr. IN ANY
767
768;; ANSWER SECTION:
769sam.gov.tr. 14400 IN A 176.53.84.114
770sam.gov.tr. 43200 IN SOA ns1.creamediacloud.com. tyalcin.hotmail.com. 2019061900 3600 1800 1209600 86400
771sam.gov.tr. 14400 IN MX 0 sam.gov.tr.
772sam.gov.tr. 14400 IN TXT "v=spf1 ip4:176.53.84.114 ip4:5.2.75.169 +a +mx +ip4:88.202.188.27 ~all"
773sam.gov.tr. 43200 IN NS ns2.creamediacloud.com.
774sam.gov.tr. 43200 IN NS ns1.creamediacloud.com.
775
776;; AUTHORITY SECTION:
777sam.gov.tr. 43200 IN NS ns2.creamediacloud.com.
778sam.gov.tr. 43200 IN NS ns1.creamediacloud.com.
779
780Received 277 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 449 ms
781#######################################################################################################################################
782
783; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace sam.gov.tr
784;; global options: +cmd
785. 81954 IN NS d.root-servers.net.
786. 81954 IN NS k.root-servers.net.
787. 81954 IN NS g.root-servers.net.
788. 81954 IN NS f.root-servers.net.
789. 81954 IN NS l.root-servers.net.
790. 81954 IN NS j.root-servers.net.
791. 81954 IN NS h.root-servers.net.
792. 81954 IN NS a.root-servers.net.
793. 81954 IN NS e.root-servers.net.
794. 81954 IN NS b.root-servers.net.
795. 81954 IN NS m.root-servers.net.
796. 81954 IN NS i.root-servers.net.
797. 81954 IN NS c.root-servers.net.
798. 81954 IN RRSIG NS 8 0 518400 20191024170000 20191011160000 22545 . H3x2s+SvDITnRW6oA+xKZQtZo5I9BgTdImmO67rSOPN5KHNI+fOYfUTl /YhB489khlN0JmP/rrONAXshejO4xq8nHJTGBG3lnOWw4LQpHBsCFSDH Plwo8dRhxvEv+2R0MVtFo55P+BdugfD4q3iM3EmETRf9y1BOVapKG5EG CrwPWII7FRh55eTrQgjangPZW3PtUrsHn79+hc3ahz5QuECrVsunPab9 kZ0Q/0WNHmpHCqT50NO0ot4lVDIweGvERCfJ8ijZA9YR3J/SJl88szI8 0E/JkciIiBIIEUnm8oxhBOgV99eXk54euGKL9XU8wdqPSGrWUDVIIS0l wuWriA==
799;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 112 ms
800
801tr. 172800 IN NS ns21.nic.tr.
802tr. 172800 IN NS ns22.nic.tr.
803tr. 172800 IN NS ns31.nic.tr.
804tr. 172800 IN NS ns41.nic.tr.
805tr. 172800 IN NS ns42.nic.tr.
806tr. 172800 IN NS ns91.nic.tr.
807tr. 172800 IN NS ns92.nic.tr.
808tr. 86400 IN NSEC trade. NS RRSIG NSEC
809tr. 86400 IN RRSIG NSEC 8 1 86400 20191024170000 20191011160000 22545 . hfJNq5N9xhx7hkeLXcmhxz3RE1KvSECFQJjVFH4Hi8FzRPkH5II6sk9/ eS8jFTxgzysiOBMOCK0QQGqhJJWpFpYYxdksJdijJtxqa6M5901bdWoo BYYu+F2sCGkaMaYs8dhAT+pw2FQ+AbmDUVptMEVSaqs0Ka2ThzCqfxzY 5LXqGMALaFv51fFBpp7SzshKtlxRFkJ3yokRb7jUYPl39tZQkll8GO5m H8D4p5wMvtpfo7WcbB//Frk7IRHvZEYftVKEEK9ZXobe/p7IcPo8be3o 6d97vpuugimnGpPhLA618Hyv1lkpKnhTtHH0e7QJP36X2UkFXFnEVJDW vBgWog==
810;; Received 714 bytes from 2001:500:2f::f#53(f.root-servers.net) in 22 ms
811
812sam.gov.tr. 43200 IN NS ns1.creamediacloud.com.
813sam.gov.tr. 43200 IN NS ns2.creamediacloud.com.
814;; Received 93 bytes from 2600:2000:3002::1#53(ns91.nic.tr) in 274 ms
815
816;; connection timed out; no servers could be reached
817#######################################################################################################################################
818
819
820 AVAILABLE PLUGINS
821 -----------------
822
823 OpenSslCipherSuitesPlugin
824 CertificateInfoPlugin
825 HeartbleedPlugin
826 RobotPlugin
827 OpenSslCcsInjectionPlugin
828 CompressionPlugin
829 HttpHeadersPlugin
830 FallbackScsvPlugin
831 SessionRenegotiationPlugin
832 SessionResumptionPlugin
833 EarlyDataPlugin
834
835
836
837 CHECKING HOST(S) AVAILABILITY
838 -----------------------------
839
840 176.53.84.114:443 => 176.53.84.114
841
842
843
844
845 SCAN RESULTS FOR 176.53.84.114:443 - 176.53.84.114
846 --------------------------------------------------
847
848 * TLSV1_1 Cipher Suites:
849 Server rejected all cipher suites.
850
851 * OpenSSL Heartbleed:
852 OK - Not vulnerable to Heartbleed
853
854 * Certificate Information:
855 Content
856 SHA1 Fingerprint: 5773b8ca2f247af4c43c05f83520302f30642df1
857 Common Name: akliselim.tv
858 Issuer: cPanel, Inc. Certification Authority
859 Serial Number: 212391679002770937487022612842878797296
860 Not Before: 2019-09-30 00:00:00
861 Not After: 2019-12-29 23:59:59
862 Signature Algorithm: sha256
863 Public Key Algorithm: RSA
864 Key Size: 2048
865 Exponent: 65537 (0x10001)
866 DNS Subject Alternative Names: ['akliselim.tv', 'mail.akliselim.tv', 'www.akliselim.tv']
867
868 Trust
869 Hostname Validation: FAILED - Certificate does NOT match 176.53.84.114
870 Android CA Store (9.0.0_r9): OK - Certificate is trusted
871 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
872 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
873 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
874 Windows CA Store (2019-05-27): OK - Certificate is trusted
875 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
876 Received Chain: akliselim.tv --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
877 Verified Chain: akliselim.tv --> cPanel, Inc. Certification Authority --> COMODO RSA Certification Authority
878 Received Chain Contains Anchor: OK - Anchor certificate not sent
879 Received Chain Order: OK - Order is valid
880 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
881
882 Extensions
883 OCSP Must-Staple: NOT SUPPORTED - Extension not found
884 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
885
886 OCSP Stapling
887 OCSP Response Status: successful
888 Validation w/ Mozilla Store: OK - Response is trusted
889 Responder Id: 7E035A65416BA77E0AE1B89D08EA1D8E1D6AC765
890 Cert Status: good
891 Cert Serial Number: 9FC926428D76171533B3204FDC0305F0
892 This Update: Oct 10 12:11:29 2019 GMT
893 Next Update: Oct 17 12:11:29 2019 GMT
894
895 * TLSV1 Cipher Suites:
896 Server rejected all cipher suites.
897
898 * TLSV1_2 Cipher Suites:
899 Forward Secrecy OK - Supported
900 RC4 OK - Not Supported
901
902 Preferred:
903 None - Server followed client cipher suite preference.
904 Accepted:
905 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - https://akliselim.tv/
906 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 301 Moved Permanently - https://akliselim.tv/
907 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 301 Moved Permanently - https://akliselim.tv/
908 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 301 Moved Permanently - https://akliselim.tv/
909
910 * OpenSSL CCS Injection:
911 OK - Not vulnerable to OpenSSL CCS injection
912
913 * SSLV2 Cipher Suites:
914 Server rejected all cipher suites.
915
916 * Deflate Compression:
917 OK - Compression disabled
918
919 * Downgrade Attacks:
920 TLS_FALLBACK_SCSV: OK - Supported
921
922 * SSLV3 Cipher Suites:
923 Server rejected all cipher suites.
924
925 * TLS 1.2 Session Resumption Support:
926 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
927 With TLS Tickets: OK - Supported
928
929 * TLSV1_3 Cipher Suites:
930 Server rejected all cipher suites.
931
932 * ROBOT Attack:
933 OK - Not vulnerable, RSA cipher suites not supported
934
935 * Session Renegotiation:
936 Client-initiated Renegotiation: OK - Rejected
937 Secure Renegotiation: OK - Supported
938
939
940 SCAN COMPLETED IN 13.07 S
941 -------------------------
942######################################################################################################################################
943
944Domains still to check: 1
945 Checking if the hostname sam.gov.tr. given is in fact a domain...
946
947Analyzing domain: sam.gov.tr.
948 Checking NameServers using system default resolver...
949 IP: 176.53.84.114 (Turkey)
950 HostName: ns1.creamediacloud.com Type: NS
951 HostName: 114ro2gwn.guzel.net.tr Type: PTR
952 IP: 176.53.84.114 (Turkey)
953 HostName: ns1.creamediacloud.com Type: NS
954 HostName: 114ro2gwn.guzel.net.tr Type: PTR
955 HostName: ns2.creamediacloud.com Type: NS
956
957 Checking MailServers using system default resolver...
958 IP: 176.53.84.114 (Turkey)
959 HostName: ns1.creamediacloud.com Type: NS
960 HostName: 114ro2gwn.guzel.net.tr Type: PTR
961 HostName: ns2.creamediacloud.com Type: NS
962 HostName: sam.gov.tr Type: MX
963
964 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
965 No zone transfer found on nameserver 176.53.84.114
966 No zone transfer found on nameserver 176.53.84.114
967
968 Checking SPF record...
969 New IP found: 5.2.75.169
970 New IP found: 88.202.188.27
971
972 Checking 192 most common hostnames using system default resolver...
973 IP: 176.53.84.114 (Turkey)
974 HostName: ns1.creamediacloud.com Type: NS
975 HostName: 114ro2gwn.guzel.net.tr Type: PTR
976 HostName: ns2.creamediacloud.com Type: NS
977 HostName: sam.gov.tr Type: MX
978 Type: SPF
979 HostName: www.sam.gov.tr. Type: A
980 IP: 176.53.84.114 (Turkey)
981 HostName: ns1.creamediacloud.com Type: NS
982 HostName: 114ro2gwn.guzel.net.tr Type: PTR
983 HostName: ns2.creamediacloud.com Type: NS
984 HostName: sam.gov.tr Type: MX
985 Type: SPF
986 HostName: www.sam.gov.tr. Type: A
987 HostName: ftp.sam.gov.tr. Type: A
988 IP: 176.53.84.114 (Turkey)
989 HostName: ns1.creamediacloud.com Type: NS
990 HostName: 114ro2gwn.guzel.net.tr Type: PTR
991 HostName: ns2.creamediacloud.com Type: NS
992 HostName: sam.gov.tr Type: MX
993 Type: SPF
994 HostName: www.sam.gov.tr. Type: A
995 HostName: ftp.sam.gov.tr. Type: A
996 HostName: mail.sam.gov.tr. Type: A
997
998 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
999 Checking netblock 176.53.84.0
1000 Checking netblock 5.2.75.0
1001 Checking netblock 88.202.188.0
1002
1003 Searching for sam.gov.tr. emails in Google
1004
1005 Checking 3 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1006 Host 176.53.84.114 is up (reset ttl 64)
1007 Host 5.2.75.169 is up (reset ttl 64)
1008 Host 88.202.188.27 is up (reset ttl 64)
1009
1010 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1011 Scanning ip 176.53.84.114 (mail.sam.gov.tr.):
1012 21/tcp open ftp syn-ack ttl 43 Pure-FTPd
1013 26/tcp open smtp syn-ack ttl 44 Exim smtpd 4.92
1014 | smtp-commands: srv.creamediacloud.com Hello nmap.scanme.org [176.113.74.24], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1015 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1016 53/tcp open domain syn-ack ttl 43 ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
1017 | dns-nsid:
1018 |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
1019 80/tcp open http syn-ack ttl 44 Apache httpd
1020 |_http-title: 403 Forbidden
1021 110/tcp open pop3 syn-ack ttl 43 Dovecot pop3d
1022 |_pop3-capabilities: USER RESP-CODES TOP SASL(PLAIN LOGIN) STLS AUTH-RESP-CODE CAPA PIPELINING UIDL
1023 143/tcp open imap syn-ack ttl 43 Dovecot imapd
1024 |_imap-capabilities: post-login capabilities LOGIN-REFERRALS ID IMAP4rev1 AUTH=PLAIN listed NAMESPACE ENABLE LITERAL+ OK AUTH=LOGINA0001 more IDLE have SASL-IR STARTTLS Pre-login
1025 443/tcp open ssl/http syn-ack ttl 44 Apache httpd
1026 | http-methods:
1027 |_ Supported Methods: GET HEAD
1028 |_http-title: Did not follow redirect to https://akliselim.tv/
1029 | ssl-cert: Subject: commonName=akliselim.tv
1030 | Subject Alternative Name: DNS:akliselim.tv, DNS:mail.akliselim.tv, DNS:www.akliselim.tv
1031 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1032 | Public Key type: rsa
1033 | Public Key bits: 2048
1034 | Signature Algorithm: sha256WithRSAEncryption
1035 | Not valid before: 2019-09-30T00:00:00
1036 | Not valid after: 2019-12-29T23:59:59
1037 | MD5: 0ae4 b08d 8791 5dd0 b5d7 1806 888b a6af
1038 |_SHA-1: 5773 b8ca 2f24 7af4 c43c 05f8 3520 302f 3064 2df1
1039 465/tcp open ssl/smtp syn-ack ttl 44 Exim smtpd 4.92
1040 | smtp-commands: srv.creamediacloud.com Hello nmap.scanme.org [176.113.74.24], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
1041 |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1042 587/tcp open smtp syn-ack ttl 44 Exim smtpd 4.92
1043 | smtp-commands: srv.creamediacloud.com Hello nmap.scanme.org [176.113.74.24], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1044 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1045 993/tcp open imaps? syn-ack ttl 44
1046 |_imap-capabilities: post-login capabilities LOGIN-REFERRALS ID IMAP4rev1 AUTH=PLAIN listed NAMESPACE ENABLE LITERAL+ Pre-login AUTH=LOGINA0001 IDLE have SASL-IR more OK
1047 995/tcp open pop3s? syn-ack ttl 44
1048 |_pop3-capabilities: TOP SASL(PLAIN LOGIN) USER CAPA PIPELINING AUTH-RESP-CODE RESP-CODES UIDL
1049 OS Info: Service Info: Host: srv.creamediacloud.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
1050 Scanning ip 5.2.75.169 ():
1051 22/tcp open ssh syn-ack ttl 51 OpenSSH 7.4 (protocol 2.0)
1052 | ssh-hostkey:
1053 | 2048 cd:6b:88:b1:d4:87:9a:7c:29:ed:14:31:4b:aa:1f:bc (RSA)
1054 | 256 3f:39:0f:bd:36:c1:34:1a:15:59:09:dd:35:31:fd:fd (ECDSA)
1055 |_ 256 9d:1e:81:01:5a:b8:f2:1b:ef:81:f5:46:c8:b5:45:54 (ED25519)
1056 80/tcp open http syn-ack ttl 51 Apache httpd
1057 | http-methods:
1058 | Supported Methods: GET POST OPTIONS HEAD TRACE
1059 |_ Potentially risky methods: TRACE
1060 |_http-server-header: nginx
1061 |_http-title: 403 Forbidden
1062 OS Info: Service Info: Host: _
1063 Scanning ip 88.202.188.27 ():
1064 22/tcp open ssh syn-ack ttl 52 OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)
1065 | ssh-hostkey:
1066 | 2048 3b:c3:b3:81:89:c8:89:18:79:01:9b:36:6d:d6:0f:e7 (RSA)
1067 |_ 256 40:4b:7b:c7:31:72:43:fb:2b:71:66:31:21:a2:bb:a7 (ECDSA)
1068 OS Info: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1069 WebCrawling domain's web servers... up to 50 max links.
1070
1071 + URL to crawl: http://www.sam.gov.tr.
1072 + Date: 2019-10-11
1073
1074 + Crawling URL: http://www.sam.gov.tr.:
1075 + Links:
1076 + Crawling http://www.sam.gov.tr. (timed out)
1077 + Searching for directories...
1078 + Searching open folders...
1079
1080
1081 + URL to crawl: http://mail.sam.gov.tr.
1082 + Date: 2019-10-11
1083
1084 + Crawling URL: http://mail.sam.gov.tr.:
1085 + Links:
1086 + Crawling http://mail.sam.gov.tr. (timed out)
1087 + Searching for directories...
1088 + Searching open folders...
1089
1090
1091 + URL to crawl: http://ns2.creamediacloud.com
1092 + Date: 2019-10-11
1093
1094 + Crawling URL: http://ns2.creamediacloud.com:
1095 + Links:
1096 + Crawling http://ns2.creamediacloud.com (timed out)
1097 + Searching for directories...
1098 + Searching open folders...
1099
1100
1101 + URL to crawl: http://ftp.sam.gov.tr.
1102 + Date: 2019-10-11
1103
1104 + Crawling URL: http://ftp.sam.gov.tr.:
1105 + Links:
1106 + Crawling http://ftp.sam.gov.tr. (timed out)
1107 + Searching for directories...
1108 + Searching open folders...
1109
1110
1111 + URL to crawl: http://ns1.creamediacloud.com
1112 + Date: 2019-10-11
1113
1114 + Crawling URL: http://ns1.creamediacloud.com:
1115 + Links:
1116 + Crawling http://ns1.creamediacloud.com (timed out)
1117 + Searching for directories...
1118 + Searching open folders...
1119
1120
1121 + URL to crawl: http://sam.gov.tr
1122 + Date: 2019-10-11
1123
1124 + Crawling URL: http://sam.gov.tr:
1125 + Links:
1126 + Crawling http://sam.gov.tr (timed out)
1127 + Searching for directories...
1128 + Searching open folders...
1129
1130
1131 + URL to crawl: https://www.sam.gov.tr.
1132 + Date: 2019-10-11
1133
1134 + Crawling URL: https://www.sam.gov.tr.:
1135 + Links:
1136 + Crawling https://www.sam.gov.tr. (timed out)
1137 + Searching for directories...
1138 + Searching open folders...
1139
1140
1141 + URL to crawl: https://mail.sam.gov.tr.
1142 + Date: 2019-10-11
1143
1144 + Crawling URL: https://mail.sam.gov.tr.:
1145 + Links:
1146 + Crawling https://mail.sam.gov.tr. (timed out)
1147 + Searching for directories...
1148 + Searching open folders...
1149
1150
1151 + URL to crawl: https://ns2.creamediacloud.com
1152 + Date: 2019-10-11
1153
1154 + Crawling URL: https://ns2.creamediacloud.com:
1155 + Links:
1156 + Crawling https://ns2.creamediacloud.com (timed out)
1157 + Searching for directories...
1158 + Searching open folders...
1159
1160
1161 + URL to crawl: https://ftp.sam.gov.tr.
1162 + Date: 2019-10-11
1163
1164 + Crawling URL: https://ftp.sam.gov.tr.:
1165 + Links:
1166 + Crawling https://ftp.sam.gov.tr. (timed out)
1167 + Searching for directories...
1168 + Searching open folders...
1169
1170
1171 + URL to crawl: https://ns1.creamediacloud.com
1172 + Date: 2019-10-11
1173
1174 + Crawling URL: https://ns1.creamediacloud.com:
1175 + Links:
1176 + Crawling https://ns1.creamediacloud.com (timed out)
1177 + Searching for directories...
1178 + Searching open folders...
1179
1180
1181 + URL to crawl: https://sam.gov.tr
1182 + Date: 2019-10-11
1183
1184 + Crawling URL: https://sam.gov.tr:
1185 + Links:
1186 + Crawling https://sam.gov.tr (timed out)
1187 + Searching for directories...
1188 + Searching open folders...
1189
1190--Finished--
1191Summary information for domain sam.gov.tr.
1192-----------------------------------------
1193
1194 Domain Ips Information:
1195 IP: 176.53.84.114
1196 HostName: ns1.creamediacloud.com Type: NS
1197 HostName: 114ro2gwn.guzel.net.tr Type: PTR
1198 HostName: ns2.creamediacloud.com Type: NS
1199 HostName: sam.gov.tr Type: MX
1200 Type: SPF
1201 HostName: www.sam.gov.tr. Type: A
1202 HostName: ftp.sam.gov.tr. Type: A
1203 HostName: mail.sam.gov.tr. Type: A
1204 Country: Turkey
1205 Is Active: True (reset ttl 64)
1206 Port: 21/tcp open ftp syn-ack ttl 43 Pure-FTPd
1207 Port: 26/tcp open smtp syn-ack ttl 44 Exim smtpd 4.92
1208 Script Info: | smtp-commands: srv.creamediacloud.com Hello nmap.scanme.org [176.113.74.24], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1209 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1210 Port: 53/tcp open domain syn-ack ttl 43 ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
1211 Script Info: | dns-nsid:
1212 Script Info: |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
1213 Port: 80/tcp open http syn-ack ttl 44 Apache httpd
1214 Script Info: |_http-title: 403 Forbidden
1215 Port: 110/tcp open pop3 syn-ack ttl 43 Dovecot pop3d
1216 Script Info: |_pop3-capabilities: USER RESP-CODES TOP SASL(PLAIN LOGIN) STLS AUTH-RESP-CODE CAPA PIPELINING UIDL
1217 Port: 143/tcp open imap syn-ack ttl 43 Dovecot imapd
1218 Script Info: |_imap-capabilities: post-login capabilities LOGIN-REFERRALS ID IMAP4rev1 AUTH=PLAIN listed NAMESPACE ENABLE LITERAL+ OK AUTH=LOGINA0001 more IDLE have SASL-IR STARTTLS Pre-login
1219 Port: 443/tcp open ssl/http syn-ack ttl 44 Apache httpd
1220 Script Info: | http-methods:
1221 Script Info: |_ Supported Methods: GET HEAD
1222 Script Info: |_http-title: Did not follow redirect to https://akliselim.tv/
1223 Script Info: | ssl-cert: Subject: commonName=akliselim.tv
1224 Script Info: | Subject Alternative Name: DNS:akliselim.tv, DNS:mail.akliselim.tv, DNS:www.akliselim.tv
1225 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1226 Script Info: | Public Key type: rsa
1227 Script Info: | Public Key bits: 2048
1228 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1229 Script Info: | Not valid before: 2019-09-30T00:00:00
1230 Script Info: | Not valid after: 2019-12-29T23:59:59
1231 Script Info: | MD5: 0ae4 b08d 8791 5dd0 b5d7 1806 888b a6af
1232 Script Info: |_SHA-1: 5773 b8ca 2f24 7af4 c43c 05f8 3520 302f 3064 2df1
1233 Port: 465/tcp open ssl/smtp syn-ack ttl 44 Exim smtpd 4.92
1234 Script Info: | smtp-commands: srv.creamediacloud.com Hello nmap.scanme.org [176.113.74.24], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
1235 Script Info: |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1236 Port: 587/tcp open smtp syn-ack ttl 44 Exim smtpd 4.92
1237 Script Info: | smtp-commands: srv.creamediacloud.com Hello nmap.scanme.org [176.113.74.24], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1238 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1239 Port: 993/tcp open imaps? syn-ack ttl 44
1240 Script Info: |_imap-capabilities: post-login capabilities LOGIN-REFERRALS ID IMAP4rev1 AUTH=PLAIN listed NAMESPACE ENABLE LITERAL+ Pre-login AUTH=LOGINA0001 IDLE have SASL-IR more OK
1241 Port: 995/tcp open pop3s? syn-ack ttl 44
1242 Script Info: |_pop3-capabilities: TOP SASL(PLAIN LOGIN) USER CAPA PIPELINING AUTH-RESP-CODE RESP-CODES UIDL
1243 Os Info: Host: srv.creamediacloud.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
1244 IP: 5.2.75.169
1245 Type: SPF
1246 Is Active: True (reset ttl 64)
1247 Port: 22/tcp open ssh syn-ack ttl 51 OpenSSH 7.4 (protocol 2.0)
1248 Script Info: | ssh-hostkey:
1249 Script Info: | 2048 cd:6b:88:b1:d4:87:9a:7c:29:ed:14:31:4b:aa:1f:bc (RSA)
1250 Script Info: | 256 3f:39:0f:bd:36:c1:34:1a:15:59:09:dd:35:31:fd:fd (ECDSA)
1251 Script Info: |_ 256 9d:1e:81:01:5a:b8:f2:1b:ef:81:f5:46:c8:b5:45:54 (ED25519)
1252 Port: 80/tcp open http syn-ack ttl 51 Apache httpd
1253 Script Info: | http-methods:
1254 Script Info: | Supported Methods: GET POST OPTIONS HEAD TRACE
1255 Script Info: |_ Potentially risky methods: TRACE
1256 Script Info: |_http-server-header: nginx
1257 Script Info: |_http-title: 403 Forbidden
1258 Os Info: Host: _
1259 IP: 88.202.188.27
1260 Type: SPF
1261 Is Active: True (reset ttl 64)
1262 Port: 22/tcp open ssh syn-ack ttl 52 OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0)
1263 Script Info: | ssh-hostkey:
1264 Script Info: | 2048 3b:c3:b3:81:89:c8:89:18:79:01:9b:36:6d:d6:0f:e7 (RSA)
1265 Script Info: |_ 256 40:4b:7b:c7:31:72:43:fb:2b:71:66:31:21:a2:bb:a7 (ECDSA)
1266 Os Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1267#######################################################################################################################################
1268[+] URL: http://sam.gov.tr/
1269[+] Started: Fri Oct 11 16:17:36 2019
1270
1271Interesting Finding(s):
1272
1273[+] http://sam.gov.tr/
1274 | Interesting Entries:
1275 | - Server: Apache
1276 | - Referrer-Policy:
1277 | Found By: Headers (Passive Detection)
1278 | Confidence: 100%
1279
1280[+] http://sam.gov.tr/robots.txt
1281 | Interesting Entries:
1282 | - /wp-admin/
1283 | - /wp-admin/admin-ajax.php
1284 | Found By: Robots Txt (Aggressive Detection)
1285 | Confidence: 100%
1286
1287[+] http://sam.gov.tr/xmlrpc.php
1288 | Found By: Link Tag (Passive Detection)
1289 | Confidence: 30%
1290 | References:
1291 | - http://codex.wordpress.org/XML-RPC_Pingback_API
1292 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
1293 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
1294 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
1295 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
1296
1297[+] http://sam.gov.tr/wp-cron.php
1298 | Found By: Direct Access (Aggressive Detection)
1299 | Confidence: 60%
1300 | References:
1301 | - https://www.iplocation.net/defend-wordpress-from-ddos
1302 | - https://github.com/wpscanteam/wpscan/issues/1299
1303
1304[+] WordPress version 5.2.3 identified (Latest, released on 2019-09-05).
1305 | Detected By: Meta Generator (Passive Detection)
1306 | - http://sam.gov.tr/, Match: 'WordPress 5.2.3'
1307 | Confirmed By: Rss Generator (Aggressive Detection)
1308 | - http://sam.gov.tr/feed/, <generator>https://wordpress.org/?v=5.2.3</generator>
1309 | - http://sam.gov.tr/comments/feed/, <generator>https://wordpress.org/?v=5.2.3</generator>
1310
1311[+] WordPress theme in use: sam
1312 | Location: http://sam.gov.tr/wp-content/themes/sam/
1313 | Style URL: http://sam.gov.tr/wp-content/themes/sam/style.css
1314 | Style Name: SAM
1315 | Author: Crea Media Design
1316 | Author URI: http://www.creamediadesign.com/
1317 |
1318 | Detected By: Css Style (Passive Detection)
1319 | Confirmed By: Urls In Homepage (Passive Detection)
1320 |
1321 | Version: 1.0 (80% confidence)
1322 | Detected By: Style (Passive Detection)
1323 | - http://sam.gov.tr/wp-content/themes/sam/style.css, Match: 'Version: 1.0'
1324
1325[+] Enumerating All Plugins (via Passive Methods)
1326[+] Checking Plugin Versions (via Passive and Aggressive Methods)
1327
1328[i] Plugin(s) Identified:
1329
1330[+] nextcellent-gallery-nextgen-legacy
1331 | Location: http://sam.gov.tr/wp-content/plugins/nextcellent-gallery-nextgen-legacy/
1332 | Latest Version: 1.9.35 (up to date)
1333 | Last Updated: 2017-10-16T09:19:00.000Z
1334 |
1335 | Detected By: Comment (Passive Detection)
1336 |
1337 | Version: 3.2.18 (60% confidence)
1338 | Detected By: Comment (Passive Detection)
1339 | - http://sam.gov.tr/, Match: '<meta name="NextGEN" version="3.2.18"'
1340
1341[+] nextgen-gallery
1342 | Location: http://sam.gov.tr/wp-content/plugins/nextgen-gallery/
1343 | Latest Version: 3.2.18 (up to date)
1344 | Last Updated: 2019-09-18T16:02:00.000Z
1345 |
1346 | Detected By: Urls In Homepage (Passive Detection)
1347 | Confirmed By: Comment (Passive Detection)
1348 |
1349 | Version: 3.2.18 (60% confidence)
1350 | Detected By: Comment (Passive Detection)
1351 | - http://sam.gov.tr/, Match: '<meta name="NextGEN" version="3.2.18"'
1352
1353[+] w3-total-cache
1354 | Location: http://sam.gov.tr/wp-content/plugins/w3-total-cache/
1355 | Latest Version: 0.10.1
1356 | Last Updated: 2019-09-11T19:03:00.000Z
1357 |
1358 | Detected By: Comment Debug Info (Passive Detection)
1359 |
1360 | The version could not be determined.
1361
1362[+] wp-paginate
1363 | Location: http://sam.gov.tr/wp-content/plugins/wp-paginate/
1364 | Latest Version: 2.0.6
1365 | Last Updated: 2019-09-13T13:39:00.000Z
1366 |
1367 | Detected By: Urls In Homepage (Passive Detection)
1368 |
1369 | The version could not be determined.
1370
1371[+] Enumerating Config Backups (via Passive and Aggressive Methods)
1372 Checking Config Backups - Time: 00:02:30 <===> (21 / 21) 100.00% Time: 00:02:30
1373
1374[i] No Config Backups Found.
1375
1376[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
1377[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
1378
1379[+] Finished: Fri Oct 11 16:25:31 2019
1380[+] Requests Done: 69
1381[+] Cached Requests: 7
1382[+] Data Sent: 10.112 KB
1383[+] Data Received: 929.213 KB
1384[+] Memory used: 130.602 MB
1385[+] Elapsed time: 00:07:54
1386#######################################################################################################################################
1387[*] Load target domain: sam.gov.tr
1388 - starting scanning @ 2019-10-11 16:27:49
1389
1390[+] Running & Checking source to be used
1391---------------------------------------------
1392
1393 ⍥ Shodan [ ✕ ]
1394 ⍥ Webarchive [ ✔ ]
1395 ⍥ Dnsdumpster [ ✔ ]
1396 ⍥ Certspotter [ ✔ ]
1397 ⍥ Entrust [ ✔ ]
1398 ⍥ Binaryedge [ ✕ ]
1399 ⍥ Bufferover [ ✔ ]
1400 ⍥ Riddler [ ✔ ]
1401 ⍥ Threatcrowd [ ✔ ]
1402 ⍥ Threatminer [ ✔ ]
1403 ⍥ Certsh [ ✔ ]
1404 ⍥ Hackertarget [ ✔ ]
1405 ⍥ Censys [ ✕ ]
1406 ⍥ Securitytrails [ ✕ ]
1407 ⍥ Virustotal [ ✕ ]
1408 ⍥ Findsubdomain [ ✔ ]
1409
1410[+] Get & Count subdomain total From source
1411---------------------------------------------
1412
1413 ⍥ Hackertarget: Total Subdomain (1)
1414 ⍥ Findsubdomain: Total Subdomain (2)
1415 ⍥ Certspotter: Total Subdomain (3)
1416 ⍥ Threatminer: Total Subdomain (0)
1417 ⍥ Certsh: Total Subdomain (2)
1418 ⍥ BufferOver: Total Subdomain (2)
1419 ⍥ Entrust: Total Subdomain (0)
1420 ⍥ Threatcrowd: Total Subdomain (0)
1421 ⍥ Dnsdumpster: Total Subdomain (4)
1422 ⍥ Riddler: Total Subdomain (2)
1423 ⍥ Webarchive: Total Subdomain (3)
1424
1425[+] Parsing & Sorting list Domain
1426---------------------------------------------
1427
1428 ⍥ Total [5]
1429
1430 - 0 sam.gov.tr.
1431 - Fichier binaire (entrée standard) correspondant
1432 - mail.sam.gov.tr
1433 - sam.gov.tr
1434 - www.sam.gov.tr
1435
1436 ⍥ Total [5]
1437
1438[+] Probe subdomain for working on http/https
1439---------------------------------------------
1440
1441
1442 ⍥ Total [0]
1443
1444
1445[+] Check Live Host: Ping Sweep - ICMP PING
1446---------------------------------------------
1447
1448 ⍥ [LIVE] 0
1449 ⍥ [DEAD] sam.gov.tr.
1450 ⍥ [DEAD] Fichier
1451 ⍥ [DEAD] binaire
1452 ⍥ [DEAD] (entrée
1453 ⍥ [DEAD] standard)
1454 ⍥ [DEAD] correspondant
1455 ⍥ [DEAD] mail.sam.gov.tr
1456 ⍥ [DEAD] sam.gov.tr
1457 ⍥ [DEAD] www.sam.gov.tr
1458
1459[+] Check Resolving: Subdomains & Domains
1460---------------------------------------------
1461
1462 ⍥ Resolving domains to: RESOLVE ERROR
1463 ⍥ Resolving domains to: 176.53.84.114
1464 ⍥ Resolving domains to: RESOLVE ERROR
1465 ⍥ Resolving domains to: RESOLVE ERROR
1466 ⍥ Resolving domains to: RESOLVE ERROR
1467 ⍥ Resolving domains to: RESOLVE ERROR
1468 ⍥ Resolving domains to: RESOLVE ERROR
1469 ⍥ Resolving domains to: 176.53.84.114
1470 ⍥ Resolving domains to: 176.53.84.114
1471 ⍥ Resolving domains to: 176.53.84.114
1472
1473
1474 ⍥ Make template for reports
1475 - output/10-11-2019/sam.gov.tr/reports
1476
1477 ⍥ Successful Created ..
1478
1479[+] Sud⍥my has been sucessfully completed
1480---------------------------------------------
1481
1482 ⍥ Location output:
1483 - output/10-11-2019/sam.gov.tr
1484 - output/10-11-2019/sam.gov.tr/report
1485 - output/10-11-2019/sam.gov.tr/screenshots
1486
1487#######################################################################################################################################
1488[INFO] ------TARGET info------
1489[*] TARGET: http://sam.gov.tr/
1490[*] TARGET IP: 176.53.84.114
1491[INFO] NO load balancer detected for sam.gov.tr...
1492[*] DNS servers: ns1.creamediacloud.com.
1493[*] TARGET server:
1494[*] CC: TR
1495[*] Country: Turkey
1496[*] RegionCode: 06
1497[*] RegionName: Ankara
1498[*] City: Ankara
1499[*] ASN: AS42926
1500[*] BGP_PREFIX: 176.53.84.0/24
1501[*] ISP: RADORE Radore Veri Merkezi Hizmetleri A.S., TR
1502[INFO] DNS enumeration:
1503[*] ftp.sam.gov.tr 176.53.84.114
1504[*] mail.sam.gov.tr sam.gov.tr. 176.53.84.114
1505[INFO] Possible abuse mails are:
1506[*] abuse@as42926.net
1507[*] abuse@sam.gov.tr
1508[INFO] NO PAC (Proxy Auto Configuration) file FOUND
1509[INFO] Starting FUZZing in http://sam.gov.tr/FUzZzZzZzZz...
1510[INFO] Status code Folders
1511[INFO] NO passwords found in source code
1512[INFO] SAME content in http://sam.gov.tr/ AND http://176.53.84.114/
1513
1514Recherche sam.gov.tr
1515Connexion HTTP à sam.gov.tr
1516Alerte ! : Impossible d’établir une connexion à l’hôte distant.
1517
1518lynx : accès impossible au fichier de départ http://sam.gov.tr/
1519[INFO] Links found from http://sam.gov.tr/:
1520[INFO] GOOGLE has 107,000,000 results (0.61 seconds) about http://sam.gov.tr/
1521[INFO] Shodan detected the following opened ports on 176.53.84.114:
1522[*] 1
1523[*] 110
1524[*] 143
1525[*] 2082
1526[*] 2083
1527[*] 2086
1528[*] 2087
1529[*] 21
1530[*] 2222
1531[*] 26
1532[*] 4
1533[*] 443
1534[*] 465
1535[*] 53
1536[*] 587
1537[*] 80
1538[*] 993
1539[*] 995
1540[INFO] ------VirusTotal SECTION------
1541[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
1542[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
1543[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
1544[INFO] ------Alexa Rank SECTION------
1545[INFO] Percent of Visitors Rank in Country:
1546[INFO] Percent of Search Traffic:
1547[INFO] Percent of Unique Visits:
1548[INFO] Total Sites Linking In:
1549[*] Total Sites
1550[INFO] Useful links related to sam.gov.tr - 176.53.84.114:
1551[*] https://www.virustotal.com/pt/ip-address/176.53.84.114/information/
1552[*] https://www.hybrid-analysis.com/search?host=176.53.84.114
1553[*] https://www.shodan.io/host/176.53.84.114
1554[*] https://www.senderbase.org/lookup/?search_string=176.53.84.114
1555[*] https://www.alienvault.com/open-threat-exchange/ip/176.53.84.114
1556[*] http://pastebin.com/search?q=176.53.84.114
1557[*] http://urlquery.net/search.php?q=176.53.84.114
1558[*] http://www.alexa.com/siteinfo/sam.gov.tr
1559[*] http://www.google.com/safebrowsing/diagnostic?site=sam.gov.tr
1560[*] https://censys.io/ipv4/176.53.84.114
1561[*] https://www.abuseipdb.com/check/176.53.84.114
1562[*] https://urlscan.io/search/#176.53.84.114
1563[*] https://github.com/search?q=176.53.84.114&type=Code
1564[INFO] Useful links related to AS42926 - 176.53.84.0/24:
1565[*] http://www.google.com/safebrowsing/diagnostic?site=AS:42926
1566[*] https://www.senderbase.org/lookup/?search_string=176.53.84.0/24
1567[*] http://bgp.he.net/AS42926
1568[*] https://stat.ripe.net/AS42926
1569[INFO] Date: 11/10/19 | Time: 16:29:01
1570[INFO] Total time: 10 minute(s) and 29 second(s)
1571#######################################################################################################################################
1572 Anonymous JTSEC #OpTurkey Full Recon #4