· 6 years ago · Nov 19, 2019, 05:46 PM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname en.hmb.gov.tr ISP Turk Telekom
4Continent Asia Flag
5TR
6Country Turkey Country Code TR
7Region Adana Local time 19 Nov 2019 19:30 +03
8City Adana Postal Code 01010
9IP Address 212.174.188.50 Latitude 37.002
10 Longitude 35.329
11=======================================================================================================================================
12#######################################################################################################################################
13> en.hmb.gov.tr
14Server: 194.187.251.67
15Address: 194.187.251.67#53
16
17Non-authoritative answer:
18Name: en.hmb.gov.tr
19Address: 212.174.188.50
20>
21######################################################################################################################################
22[+] Target : en.hmb.gov.tr
23
24[+] IP Address : 212.174.188.50
25
26[+] Headers :
27
28[+] Server : nginx
29[+] Date : Tue, 19 Nov 2019 16:34:55 GMT
30[+] Content-Type : text/html
31[+] Last-Modified : Tue, 19 Nov 2019 10:59:34 GMT
32[+] Transfer-Encoding : chunked
33[+] Connection : keep-alive
34[+] ETag : W/"5dd3cb16-1837"
35[+] Content-Encoding : gzip
36
37[+] SSL Certificate Information :
38
39[+] countryName : TR
40[+] stateOrProvinceName : Ankara
41[+] localityName : Cankaya
42[+] organizationalUnitName : Bilgi Islem Dairesi
43[+] organizationName : Hazine ve Maliye Bakanligi
44[+] commonName : *.hmb.gov.tr
45[+] countryName : BE
46[+] organizationName : GlobalSign nv-sa
47[+] commonName : GlobalSign Organization Validation CA - SHA256 - G2
48[+] Version : 3
49[+] Serial Number : 7CA3923562E521E1BEDD787C
50[+] Not Before : Oct 5 16:39:41 2018 GMT
51[+] Not After : Oct 5 16:39:41 2020 GMT
52[+] OCSP : ('http://ocsp2.globalsign.com/gsorganizationvalsha2g2',)
53[+] subject Alt Name : (('DNS', '*.hmb.gov.tr'), ('DNS', 'hmb.gov.tr'))
54[+] CA Issuers : ('http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt',)
55[+] CRL Distribution Points : ('http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl',)
56
57[+] Whois Lookup :
58
59[+] NIR : None
60[+] ASN Registry : ripencc
61[+] ASN : 9121
62[+] ASN CIDR : 212.174.128.0/17
63[+] ASN Country Code : TR
64[+] ASN Date : 1999-04-07
65[+] ASN Description : TTNET, TR
66[+] cidr : 212.174.188.0/24
67[+] name : MALIYE
68[+] handle : ED4533-RIPE
69[+] range : 212.174.188.0 - 212.174.188.255
70[+] description : MALIYE BAKANLIGI BILGI ISLEM DAIRESI BASKANLIGI
71[+] country : TR
72[+] state : None
73[+] city : None
74[+] address : Bilgi Islem Merkezi Kat:1 Dikmen/ANKARA
75[+] postal_code : None
76[+] emails : None
77[+] created : 1970-01-01T00:00:00Z
78[+] updated : 2017-10-02T09:00:57Z
79
80[+] Crawling Target...
81
82[+] Looking for robots.txt........[ Found ]
83[+] Extracting robots Links.......[ 1 ]
84[+] Looking for sitemap.xml.......[ Found ]
85[+] Extracting sitemap Links......[ 0 ]
86[+] Extracting CSS Links..........[ 2 ]
87[+] Extracting Javascript Links...[ 2 ]
88[+] Extracting Internal Links.....[ 0 ]
89[+] Extracting External Links.....[ 0 ]
90[+] Extracting Images.............[ 0 ]
91
92[+] Total Links Extracted : 5
93
94[+] Dumping Links in /opt/FinalRecon/dumps/en.hmb.gov.tr.dump
95[+] Completed!
96######################################################################################################################################
97[i] Scanning Site: https://en.hmb.gov.tr
98
99
100
101B A S I C I N F O
102====================
103
104
105[+] Site Title: T.C. Hazine ve Maliye Bakanlığı
106[+] IP address: 212.174.188.50
107[+] Web Server: nginx
108[+] CMS: Could Not Detect
109[+] Cloudflare: Not Detected
110[+] Robots File: Found
111
112-------------[ contents ]----------------
113# http://www.robotstxt.org
114User-agent: *
115Disallow:
116
117-----------[end of contents]-------------
118
119
120
121W H O I S L O O K U P
122========================
123
124 error check your api query
125
126
127
128G E O I P L O O K U P
129=========================
130
131[i] IP Address: 212.174.188.50
132[i] Country: Turkey
133[i] State: Istanbul
134[i] City: Bueyuekcekmece
135[i] Latitude: 41.0156
136[i] Longitude: 28.56
137
138
139
140
141H T T P H E A D E R S
142=======================
143
144
145[i] HTTP/1.1 200 OK
146[i] Server: nginx
147[i] Date: Tue, 19 Nov 2019 16:35:32 GMT
148[i] Content-Type: text/html
149[i] Content-Length: 6199
150[i] Last-Modified: Tue, 19 Nov 2019 10:59:34 GMT
151[i] Connection: close
152[i] ETag: "5dd3cb16-1837"
153[i] Accept-Ranges: bytes
154
155
156
157
158D N S L O O K U P
159===================
160
161en.hmb.gov.tr. 3599 IN A 212.174.188.50
162
163
164
165
166S U B N E T C A L C U L A T I O N
167====================================
168
169Address = 212.174.188.50
170Network = 212.174.188.50 / 32
171Netmask = 255.255.255.255
172Broadcast = not needed on Point-to-Point links
173Wildcard Mask = 0.0.0.0
174Hosts Bits = 0
175Max. Hosts = 1 (2^0 - 0)
176Host Range = { 212.174.188.50 - 212.174.188.50 }
177
178
179
180N M A P P O R T S C A N
181============================
182
183Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-19 16:36 UTC
184Nmap scan report for en.hmb.gov.tr (212.174.188.50)
185Host is up (0.13s latency).
186
187PORT STATE SERVICE
18821/tcp filtered ftp
18922/tcp filtered ssh
19023/tcp filtered telnet
19180/tcp open http
192110/tcp filtered pop3
193143/tcp filtered imap
194443/tcp open https
1953389/tcp filtered ms-wbt-server
196
197Nmap done: 1 IP address (1 host up) scanned in 19.19 seconds
198#######################################################################################################################################
199[+] Starting At 2019-11-19 11:37:00.379638
200[+] Collecting Information On: https://en.hmb.gov.tr/
201[#] Status: 200
202--------------------------------------------------
203[#] Web Server Detected: nginx
204[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
205- Server: nginx
206- Date: Tue, 19 Nov 2019 16:36:21 GMT
207- Content-Type: text/html
208- Last-Modified: Tue, 19 Nov 2019 10:59:34 GMT
209- Transfer-Encoding: chunked
210- Connection: keep-alive
211- ETag: W/"5dd3cb16-1837"
212- Content-Encoding: gzip
213--------------------------------------------------
214[#] Finding Location..!
215[#] status: success
216[#] country: Turkey
217[#] countryCode: TR
218[#] region: 06
219[#] regionName: Ankara
220[#] city: Ankara
221[#] zip:
222[#] lat: 39.9104
223[#] lon: 32.847
224[#] timezone: Europe/Istanbul
225[#] isp: TurkTelecom
226[#] org:
227[#] as: AS9121 Turk Telekomunikasyon Anonim Sirketi
228[#] query: 212.174.188.50
229--------------------------------------------------
230[x] Didn't Detect WAF Presence on: https://en.hmb.gov.tr/
231--------------------------------------------------
232[#] Starting Reverse DNS
233[!] Found 4 any Domain
234- en.hmb.gov.tr
235- hmb.gov.tr
236- muhasebat.gov.tr
237- muhasebat.hmb.gov.tr
238--------------------------------------------------
239[!] Scanning Open Port
240[#] 80/tcp open http
241[#] 443/tcp open https
242--------------------------------------------------
243[+] Collecting Information Disclosure!
244[#] Detecting sitemap.xml file
245[-] sitemap.xml file not Found!?
246[#] Detecting robots.txt file
247[!] robots.txt File Found: https://en.hmb.gov.tr//robots.txt
248[#] Detecting GNU Mailman
249[-] GNU Mailman App Not Detected!?
250--------------------------------------------------
251[+] Crawling Url Parameter On: https://en.hmb.gov.tr/
252--------------------------------------------------
253[#] Searching Html Form !
254[-] No Html Form Found!?
255--------------------------------------------------
256[-] No DOM Paramter Found!?
257--------------------------------------------------
258[-] No internal Dynamic Parameter Found!?
259--------------------------------------------------
260[!] 1 External Dynamic Parameter Discovered
261[#] https://fonts.googleapis.com/css?family=Open+Sans:300,400,500,700
262--------------------------------------------------
263[!] 29 Internal links Discovered
264[+] https://en.hmb.gov.tr///assets/vendor-2874a984551b4c780366c120d51dd084.css
265[+] https://en.hmb.gov.tr///assets/hmb-frontend-ef09e05d94f874c05048e18aade1ac3b.css
266[+] https://en.hmb.gov.tr///favicon.ico
267[+] https://en.hmb.gov.tr///favicon-16x16.png
268[+] https://en.hmb.gov.tr///favicon-32x32.png
269[+] https://en.hmb.gov.tr///manifest.json
270[+] https://en.hmb.gov.tr///apple-touch-icon-57x57.png
271[+] https://en.hmb.gov.tr///apple-touch-icon-60x60.png
272[+] https://en.hmb.gov.tr///apple-touch-icon-72x72.png
273[+] https://en.hmb.gov.tr///apple-touch-icon-76x76.png
274[+] https://en.hmb.gov.tr///apple-touch-icon-114x114.png
275[+] https://en.hmb.gov.tr///apple-touch-icon-120x120.png
276[+] https://en.hmb.gov.tr///apple-touch-icon-144x144.png
277[+] https://en.hmb.gov.tr///apple-touch-icon-152x152.png
278[+] https://en.hmb.gov.tr///apple-touch-icon-167x167.png
279[+] https://en.hmb.gov.tr///apple-touch-icon-180x180.png
280[+] https://en.hmb.gov.tr///apple-touch-icon-1024x1024.png
281[+] https://en.hmb.gov.tr///apple-touch-startup-image-320x460.png
282[+] https://en.hmb.gov.tr///apple-touch-startup-image-640x920.png
283[+] https://en.hmb.gov.tr///apple-touch-startup-image-640x1096.png
284[+] https://en.hmb.gov.tr///apple-touch-startup-image-750x1294.png
285[+] https://en.hmb.gov.tr///apple-touch-startup-image-1182x2208.png
286[+] https://en.hmb.gov.tr///apple-touch-startup-image-1242x2148.png
287[+] https://en.hmb.gov.tr///apple-touch-startup-image-748x1024.png
288[+] https://en.hmb.gov.tr///apple-touch-startup-image-768x1004.png
289[+] https://en.hmb.gov.tr///apple-touch-startup-image-1496x2048.png
290[+] https://en.hmb.gov.tr///apple-touch-startup-image-1536x2008.png
291[+] https://en.hmb.gov.tr///coast-228x228.png
292[+] https://en.hmb.gov.tr///yandex-browser-manifest.json
293--------------------------------------------------
294[-] No External Link Found!?
295--------------------------------------------------
296[#] Mapping Subdomain..
297[!] Found 10 Subdomain
298- mailgw01.hmb.gov.tr
299- mailgw02.hmb.gov.tr
300- mailgw03.hmb.gov.tr
301- mailgw04.hmb.gov.tr
302- webmail.hmb.gov.tr
303- en.hmb.gov.tr
304- bkmybs.hmb.gov.tr
305- ms.hmb.gov.tr
306- muhasebat.hmb.gov.tr
307- www.hmb.gov.tr
308--------------------------------------------------
309[!] Done At 2019-11-19 11:37:42.485226
310#######################################################################################################################################
311[INFO] ------TARGET info------
312[*] TARGET: https://en.hmb.gov.tr/
313[*] TARGET IP: 212.174.188.50
314[INFO] NO load balancer detected for en.hmb.gov.tr...
315[*] DNS servers: ns1.muhasebat.gov.tr.
316[*] TARGET server: nginx
317[*] CC: TR
318[*] Country: Turkey
319[*] RegionCode: 06
320[*] RegionName: Ankara
321[*] City: Ankara
322[*] ASN: AS9121
323[*] BGP_PREFIX: 212.174.0.0/15
324[*] ISP: TTNet Turk Telekomunikasyon Anonim Sirketi, TR
325[INFO] SSL/HTTPS certificate detected
326[*] Issuer: issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
327[*] Subject: subject=C = TR, ST = Ankara, L = Cankaya, OU = Bilgi Islem Dairesi, O = Hazine ve Maliye Bakanligi, CN = *.hmb.gov.tr
328[INFO] DNS enumeration:
329[*] mail.hmb.gov.tr 212.174.188.10
330[*] ns1.hmb.gov.tr 212.174.189.24
331[*] ns2.hmb.gov.tr 212.174.189.29
332[*] vpn.hmb.gov.tr 212.174.189.60
333[*] webmail.hmb.gov.tr 212.174.188.9
334[INFO] Possible abuse mails are:
335[*] abuse@en.hmb.gov.tr
336[*] abuse@hmb.gov.tr
337[*] abuse@ttnet.com.tr
338[INFO] NO PAC (Proxy Auto Configuration) file FOUND
339[ALERT] robots.txt file FOUND in http://en.hmb.gov.tr/robots.txt
340[INFO] Checking for HTTP status codes recursively from http://en.hmb.gov.tr/robots.txt
341[INFO] Status code Folders
342[INFO] Starting FUZZing in http://en.hmb.gov.tr/FUzZzZzZzZz...
343[INFO] Status code Folders
344[*] 200 http://en.hmb.gov.tr/index
345[*] 200 http://en.hmb.gov.tr/download
346[*] 200 http://en.hmb.gov.tr/2006
347[*] 200 http://en.hmb.gov.tr/news
348[*] 200 http://en.hmb.gov.tr/crack
349[*] 200 http://en.hmb.gov.tr/serial
350[*] 200 http://en.hmb.gov.tr/warez
351[*] 200 http://en.hmb.gov.tr/full
352[*] 200 http://en.hmb.gov.tr/12
353[ALERT] Look in the source code. It may contain passwords
354[ALERT] Content in http://en.hmb.gov.tr/ AND http://www.en.hmb.gov.tr/ is different
355[INFO] MD5 for http://en.hmb.gov.tr/ is: 5a5ce3ca8fd6b411e6c1bbd378737bff
356[INFO] MD5 for http://www.en.hmb.gov.tr/ is: d41d8cd98f00b204e9800998ecf8427e
357[INFO] http://en.hmb.gov.tr/ redirects to https://en.hmb.gov.tr/
358[INFO] http://www.en.hmb.gov.tr/ redirects to http://www.en.hmb.gov.tr/
359[INFO] SAME content in http://en.hmb.gov.tr/ AND http://212.174.188.50/
360[INFO] Links found from https://en.hmb.gov.tr/:
361cut: intervalle de champ incorrecte
362Saisissez « cut --help » pour plus d'informations.
363[INFO] BING shows 212.174.188.50 is shared with 29 hosts/vhosts
364[INFO] Shodan detected the following opened ports on 212.174.188.50:
365[*] 443
366[*] 80
367[INFO] ------VirusTotal SECTION------
368[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
369[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
370[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
371[INFO] ------Alexa Rank SECTION------
372[INFO] Percent of Visitors Rank in Country:
373[INFO] Percent of Search Traffic:
374[INFO] Percent of Unique Visits:
375[INFO] Total Sites Linking In:
376[*] Total Sites
377[INFO] Useful links related to en.hmb.gov.tr - 212.174.188.50:
378[*] https://www.virustotal.com/pt/ip-address/212.174.188.50/information/
379[*] https://www.hybrid-analysis.com/search?host=212.174.188.50
380[*] https://www.shodan.io/host/212.174.188.50
381[*] https://www.senderbase.org/lookup/?search_string=212.174.188.50
382[*] https://www.alienvault.com/open-threat-exchange/ip/212.174.188.50
383[*] http://pastebin.com/search?q=212.174.188.50
384[*] http://urlquery.net/search.php?q=212.174.188.50
385[*] http://www.alexa.com/siteinfo/en.hmb.gov.tr
386[*] http://www.google.com/safebrowsing/diagnostic?site=en.hmb.gov.tr
387[*] https://censys.io/ipv4/212.174.188.50
388[*] https://www.abuseipdb.com/check/212.174.188.50
389[*] https://urlscan.io/search/#212.174.188.50
390[*] https://github.com/search?q=212.174.188.50&type=Code
391[INFO] Useful links related to AS9121 - 212.174.0.0/15:
392[*] http://www.google.com/safebrowsing/diagnostic?site=AS:9121
393[*] https://www.senderbase.org/lookup/?search_string=212.174.0.0/15
394[*] http://bgp.he.net/AS9121
395[*] https://stat.ripe.net/AS9121
396[INFO] Date: 19/11/19 | Time: 11:40:40
397[INFO] Total time: 2 minute(s) and 50 second(s)
398#######################################################################################################################################
399Trying "hmb.gov.tr"
400;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2540
401;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 2, ADDITIONAL: 2
402
403;; QUESTION SECTION:
404;hmb.gov.tr. IN ANY
405
406;; ANSWER SECTION:
407hmb.gov.tr. 3600 IN TXT "v=spf1 a:mailgw01.hmb.gov.tr a:mailgw02.hmb.gov.tr a:mailgw03.hmb.gov.tr a:mailgw04.hmb.gov.tr -all"
408hmb.gov.tr. 3600 IN TXT "o29HIxyAOTdkKpaQqijdur8WlK2EwBw2bOCsF3kmyCs="
409hmb.gov.tr. 3600 IN MX 10 mailgw02.hmb.gov.tr.
410hmb.gov.tr. 3600 IN MX 10 mailgw01.hmb.gov.tr.
411hmb.gov.tr. 3600 IN MX 10 mailgw03.hmb.gov.tr.
412hmb.gov.tr. 3600 IN SOA ns1.muhasebat.gov.tr. sisyon.muhasebat.gov.tr. 134 900 600 3600 3600
413hmb.gov.tr. 3600 IN A 212.174.188.50
414hmb.gov.tr. 3600 IN NS ns3.muhasebat.gov.tr.
415hmb.gov.tr. 3600 IN NS ns1.muhasebat.gov.tr.
416
417;; AUTHORITY SECTION:
418hmb.gov.tr. 3600 IN NS ns3.muhasebat.gov.tr.
419hmb.gov.tr. 3600 IN NS ns1.muhasebat.gov.tr.
420
421;; ADDITIONAL SECTION:
422ns3.muhasebat.gov.tr. 42839 IN A 212.174.189.24
423ns1.muhasebat.gov.tr. 42839 IN A 212.174.189.29
424
425Received 437 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 1225 ms
426#######################################################################################################################################
427; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace hmb.gov.tr
428;; global options: +cmd
429. 85056 IN NS d.root-servers.net.
430. 85056 IN NS f.root-servers.net.
431. 85056 IN NS b.root-servers.net.
432. 85056 IN NS h.root-servers.net.
433. 85056 IN NS e.root-servers.net.
434. 85056 IN NS l.root-servers.net.
435. 85056 IN NS a.root-servers.net.
436. 85056 IN NS m.root-servers.net.
437. 85056 IN NS c.root-servers.net.
438. 85056 IN NS g.root-servers.net.
439. 85056 IN NS k.root-servers.net.
440. 85056 IN NS j.root-servers.net.
441. 85056 IN NS i.root-servers.net.
442. 85056 IN RRSIG NS 8 0 518400 20191202050000 20191119040000 22545 . doxX3m0dpMZaN1Z0AWT1dCee3/gKpmS8Jeksj2leEXy+otnQ9HKZpBvE M8dLPSSZqgCAK8js/MxMN88U6ZFDzWaEwkvUiHYurp0Tadg1H60dt7wA G414ERjdDgGoi+RoyGxiSWl/1YkAWPjMKm1XsxiwTBXb0Adx9PyB39uV kO5QcBpYMsgKeeM51IdvTaUHcDKbXpWjnd3Fh1QOmKUF0qVkdiN0DkZl 3QsY5OOqz3HwcJxkBoVV6bvizDfvdTKhruG9oyWn+KOakQHsLKGEYgNh aSiwjMhRrzFNRpfO3XMPYyRuZbkISeivJsuOy0MHadZ+FgIGMebts/X8 81ykJA==
443;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 184 ms
444
445tr. 172800 IN NS ns91.nic.tr.
446tr. 172800 IN NS ns22.nic.tr.
447tr. 172800 IN NS ns21.nic.tr.
448tr. 172800 IN NS ns42.nic.tr.
449tr. 172800 IN NS ns31.nic.tr.
450tr. 172800 IN NS ns41.nic.tr.
451tr. 172800 IN NS ns92.nic.tr.
452tr. 86400 IN NSEC trade. NS RRSIG NSEC
453tr. 86400 IN RRSIG NSEC 8 1 86400 20191202050000 20191119040000 22545 . DiJEN37h4vL8ud5BbrqWLuRcDiH3V+E5zxnA7XEVcrGQxN7u7YjMUglu msbU0pMwOobnrD9gQAOktR/yRzPjwt5UHMLJF1yocth0XyGOmAInktoU pLHlu0DbOwPCZRx5BY5h3JWoBvoDORBvdJ0FMTs1BiAbuHWxxNEeC5Qv qyxUyTt8RWGkoThePAZYS8bBu7V0321s1oeq2wIGtf31R9VcmrOR0pvY IXSsqxcfs+fEuP1toSn4cA+AC96uXkSL8v/YwJzBQmZK2Nlm5ZMNErTw tviW27asdbLa5oojRTLvmXOcVL3+k9gwp+UT5WhUQnmK+K7hyhviDiJ2 EEMoZw==
454;; Received 714 bytes from 202.12.27.33#53(m.root-servers.net) in 183 ms
455
456hmb.gov.tr. 43200 IN NS ns1.muhasebat.gov.tr.
457hmb.gov.tr. 43200 IN NS ns3.muhasebat.gov.tr.
458;; Received 117 bytes from 2001:a98:10:eeee::42#53(ns42.nic.tr) in 160 ms
459
460;; Received 51 bytes from 212.174.189.24#53(ns3.muhasebat.gov.tr) in 208 ms
461
462######################################################################################################################################
463[*] Processing domain hmb.gov.tr
464[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
465[+] Getting nameservers
466212.174.189.29 - ns1.muhasebat.gov.tr
467[-] Getting nameservers failed
468[-] Zone transfer failed
469
470[+] TXT records found
471"o29HIxyAOTdkKpaQqijdur8WlK2EwBw2bOCsF3kmyCs="
472"v=spf1 a:mailgw01.hmb.gov.tr a:mailgw02.hmb.gov.tr a:mailgw03.hmb.gov.tr a:mailgw04.hmb.gov.tr -all"
473
474[+] MX records found, added to target list
47510 mailgw03.hmb.gov.tr.
47610 mailgw01.hmb.gov.tr.
47710 mailgw02.hmb.gov.tr.
478
479[*] Scanning hmb.gov.tr for A records
480212.174.188.50 - hmb.gov.tr
481212.174.188.11 - mailgw01.hmb.gov.tr
482212.174.188.13 - mailgw03.hmb.gov.tr
483212.174.188.12 - mailgw02.hmb.gov.tr
484212.174.188.10 - autodiscover.hmb.gov.tr
485212.174.188.50 - en.hmb.gov.tr.tr
486212.174.188.10 - mail.hmb.gov.tr
487212.174.188.50 - ms.hmb.gov.tr
488212.174.189.24 - ns1.hmb.gov.tr
489212.174.189.29 - ns2.hmb.gov.tr
490193.25.125.60 - portal.hmb.gov.tr
491212.174.189.60 - vpn.hmb.gov.tr
492212.174.188.9 - webmail.hmb.gov.tr
493212.174.188.50 - www.hmb.gov.tr
494#######################################################################################################################################
495
496 AVAILABLE PLUGINS
497 -----------------
498
499 SessionRenegotiationPlugin
500 SessionResumptionPlugin
501 FallbackScsvPlugin
502 HttpHeadersPlugin
503 OpenSslCipherSuitesPlugin
504 EarlyDataPlugin
505 CertificateInfoPlugin
506 HeartbleedPlugin
507 RobotPlugin
508 OpenSslCcsInjectionPlugin
509 CompressionPlugin
510
511
512
513 CHECKING HOST(S) AVAILABILITY
514 -----------------------------
515
516 212.174.188.50:443 => 212.174.188.50
517
518
519
520
521 SCAN RESULTS FOR 212.174.188.50:443 - 212.174.188.50
522 ----------------------------------------------------
523
524 * OpenSSL CCS Injection:
525 OK - Not vulnerable to OpenSSL CCS injection
526
527 * SSLV2 Cipher Suites:
528 Server rejected all cipher suites.
529
530 * Deflate Compression:
531 OK - Compression disabled
532
533 * Session Renegotiation:
534 Client-initiated Renegotiation: OK - Rejected
535 Secure Renegotiation: OK - Supported
536
537 * TLS 1.2 Session Resumption Support:
538 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
539 With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
540
541 * Downgrade Attacks:
542 TLS_FALLBACK_SCSV: OK - Supported
543
544 * TLSV1_3 Cipher Suites:
545 Forward Secrecy OK - Supported
546 RC4 OK - Not Supported
547
548 Preferred:
549 TLS_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - https://www.hmb.gov.tr
550 Accepted:
551 TLS_CHACHA20_POLY1305_SHA256 256 bits HTTP 301 Moved Permanently - https://www.hmb.gov.tr
552 TLS_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - https://www.hmb.gov.tr
553 TLS_AES_128_GCM_SHA256 128 bits HTTP 301 Moved Permanently - https://www.hmb.gov.tr
554
555 * ROBOT Attack:
556 OK - Not vulnerable
557
558 * Certificate Information:
559 Content
560 SHA1 Fingerprint: 97a7ad852f9fe53dbae797aabdeef469cbd38cef
561 Common Name: *.hmb.gov.tr
562 Issuer: GlobalSign Organization Validation CA - SHA256 - G2
563 Serial Number: 38573886576754047190994614396
564 Not Before: 2018-10-05 16:39:41
565 Not After: 2020-10-05 16:39:41
566 Signature Algorithm: sha256
567 Public Key Algorithm: RSA
568 Key Size: 2048
569 Exponent: 65537 (0x10001)
570 DNS Subject Alternative Names: ['*.hmb.gov.tr', 'hmb.gov.tr']
571
572 Trust
573 Hostname Validation: FAILED - Certificate does NOT match 212.174.188.50
574 Android CA Store (9.0.0_r9): OK - Certificate is trusted
575 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
576 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
577 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
578 Windows CA Store (2019-05-27): OK - Certificate is trusted
579 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
580 Received Chain: *.hmb.gov.tr --> GlobalSign Organization Validation CA - SHA256 - G2
581 Verified Chain: *.hmb.gov.tr --> GlobalSign Organization Validation CA - SHA256 - G2 --> GlobalSign
582 Received Chain Contains Anchor: OK - Anchor certificate not sent
583 Received Chain Order: OK - Order is valid
584 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
585
586 Extensions
587 OCSP Must-Staple: NOT SUPPORTED - Extension not found
588 Certificate Transparency: OK - 3 SCTs included
589
590 OCSP Stapling
591 NOT SUPPORTED - Server did not send back an OCSP response
592
593 * OpenSSL Heartbleed:
594 OK - Not vulnerable to Heartbleed
595
596 * TLSV1_1 Cipher Suites:
597 Server rejected all cipher suites.
598 Undefined - An unexpected error happened:
599 TLS_DH_anon_WITH_AES_256_CBC_SHA timeout - timed out
600
601 * TLSV1 Cipher Suites:
602 Server rejected all cipher suites.
603
604 * TLSV1_2 Cipher Suites:
605 Forward Secrecy OK - Supported
606 RC4 OK - Not Supported
607
608 Preferred:
609 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - https://www.hmb.gov.tr
610 Accepted:
611 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 301 Moved Permanently - https://www.hmb.gov.tr
612 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 301 Moved Permanently - https://www.hmb.gov.tr
613 Undefined - An unexpected error happened:
614 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 timeout - timed out
615
616 * SSLV3 Cipher Suites:
617 Server rejected all cipher suites.
618
619
620 SCAN COMPLETED IN 21.22 S
621 -------------------------
622######################################################################################################################################
623 1 10.243.200.1 (10.243.200.1) 134.392 ms 134.347 ms 134.330 ms
624 2 * * *
625 3 te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49) 139.663 ms 141.793 ms 141.789 ms
626 4 be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249) 139.608 ms 139.613 ms 139.515 ms
627 5 be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194) 144.590 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190) 144.586 ms 144.721 ms
628 6 be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105) 159.729 ms be2281.ccr41.ham01.atlas.cogentco.com (154.54.63.1) 158.068 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105) 162.606 ms
629 7 be2815.ccr41.ams03.atlas.cogentco.com (154.54.38.205) 171.369 ms 171.266 ms be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209) 167.319 ms
630 8 be2440.agr21.ams03.atlas.cogentco.com (130.117.50.6) 175.122 ms be2434.agr21.ams03.atlas.cogentco.com (130.117.2.241) 171.233 ms 171.173 ms
631 9 ntt.ams03.atlas.cogentco.com (130.117.15.130) 174.791 ms 171.340 ms 171.340 ms
63210 ae-10.r24.amstnl02.nl.bb.gin.ntt.net (129.250.3.44) 167.889 ms ae-5.r25.amstnl02.nl.bb.gin.ntt.net (129.250.3.104) 172.036 ms 166.860 ms
63311 ae-3.r02.amstnl02.nl.bb.gin.ntt.net (129.250.2.127) 171.617 ms 167.037 ms 174.050 ms
63412 ae-0.turk-telekom.amstnl02.nl.bb.gin.ntt.net (81.20.64.102) 164.233 ms 164.355 ms 164.499 ms
63513 06-ebgp-ulus1-k---302-ams-col-3.statik.turktelekom.com.tr (212.156.102.118) 227.227 ms 227.098 ms 34-acibadem-xrs-t2-2---302-ams-col-3.statik.turktelekom.com.tr (212.156.102.169) 206.432 ms
63614 212.156.117.186.29-gumushane-t3-1.25-erzurum-t2-1.statik.turktelekom.com.tr (212.156.117.186) 229.970 ms 06-ulus-xrs-t2-2---06-incesu-xrs-t2-2.statik.turktelekom.com.tr (212.156.120.135) 229.396 ms 212.156.117.186.29-gumushane-t3-1.25-erzurum-t2-1.statik.turktelekom.com.tr (212.156.117.186) 227.355 ms
63715 212.156.109.137.21-egil-sasx-t4-1.21-fuaralani-t4-1.statik.turktelekom.com.tr (212.156.109.137) 216.349 ms 214.957 ms 81.212.216.128.static.turktelekom.com.tr (81.212.216.128) 216.643 ms
63816 81.212.215.188.static.turktelekom.com.tr (81.212.215.188) 238.606 ms 231.694 ms 231.383 ms
63917 81.212.215.188.static.turktelekom.com.tr (81.212.215.188) 229.788 ms 223.884 ms 225.821 ms
640#######################################################################################################################################
641----- hmb.gov.tr -----
642
643
644Host's addresses:
645__________________
646
647hmb.gov.tr. 378 IN A 212.174.188.50
648
649
650Name Servers:
651______________
652
653ns3.muhasebat.gov.tr. 43172 IN A 212.174.189.24
654ns1.muhasebat.gov.tr. 43172 IN A 212.174.189.29
655
656
657Mail (MX) Servers:
658___________________
659
660mailgw03.hmb.gov.tr. 2371 IN A 212.174.188.13
661mailgw02.hmb.gov.tr. 2371 IN A 212.174.188.12
662mailgw01.hmb.gov.tr. 2371 IN A 212.174.188.11
663
664
665Trying Zone Transfers and getting Bind Versions:
666_________________________________________________
667
668
669Trying Zone Transfer for hmb.gov.tr on ns3.muhasebat.gov.tr ...
670AXFR record query failed: NXDOMAIN
671
672Trying Zone Transfer for hmb.gov.tr on ns1.muhasebat.gov.tr ...
673AXFR record query failed: REFUSED
674
675
676Scraping hmb.gov.tr subdomains from Google:
677____________________________________________
678
679
680 ---- Google search page: 1 ----
681
682
683 ---- Google search page: 2 ----
684
685
686 ---- Google search page: 3 ----
687
688
689 ---- Google search page: 4 ----
690
691
692 ---- Google search page: 5 ----
693
694
695
696Google Results:
697________________
698
699 perhaps Google is blocking our queries.
700 Check manually.
701
702
703Brute forcing with /usr/share/dnsenum/dns.txt:
704_______________________________________________
705
706mail.hmb.gov.tr. 2330 IN A 212.174.188.10
707ns1.hmb.gov.tr. 1969 IN A 212.174.189.24
708ns2.hmb.gov.tr. 1969 IN A 212.174.189.29
709portal.hmb.gov.tr. 2353 IN A 193.25.125.60
710vpn.hmb.gov.tr. 1959 IN A 212.174.189.60
711webmail.hmb.gov.tr. 1958 IN A 212.174.188.9
712www.hmb.gov.tr. 1523 IN A 212.174.188.50
713
714
715Launching Whois Queries:
716_________________________
717
718 whois ip result: 212.174.188.0 -> 212.174.188.0/24
719 whois ip result: 212.174.189.0 -> 212.174.189.0/26
720 whois ip result: 193.25.125.0 -> 193.25.124.0/23
721
722
723hmb.gov.tr__________
724
725 193.25.124.0/23
726 212.174.189.0/26
727 212.174.188.0/24
728
729
730Performing reverse lookup on 832 ip addresses:
731_______________________________________________
732
7337.189.174.212.in-addr.arpa. 3600 IN PTR apigw.hmb.gov.tr.
73424.189.174.212.in-addr.arpa. 3600 IN PTR ns1.hmb.gov.tr.
73529.189.174.212.in-addr.arpa. 3600 IN PTR ns2.hmb.gov.tr.
73660.189.174.212.in-addr.arpa. 3600 IN PTR vpn.hmb.gov.tr.
737
7384 results out of 832 IP addresses.
739
740
741hmb.gov.tr ip blocks:
742______________________
743
744 212.174.189.7/32
745 212.174.189.24/32
746 212.174.189.29/32
747 212.174.189.60/32
748
749#######################################################################################################################################
750
751Domains still to check: 1
752 Checking if the hostname hmb.gov.tr. given is in fact a domain...
753
754Analyzing domain: hmb.gov.tr.
755 Checking NameServers using system default resolver...
756 IP: 212.174.189.29 (Turkey)
757 HostName: ns1.muhasebat.gov.tr Type: NS
758 HostName: 212.174.189.29.static.ttnet.com.tr Type: PTR
759 IP: 212.174.189.24 (Turkey)
760 HostName: ns3.muhasebat.gov.tr Type: NS
761 HostName: 212.174.189.24.static.ttnet.com.tr Type: PTR
762
763 Checking MailServers using system default resolver...
764 IP: 212.174.188.13 (Turkey)
765 HostName: mailgw03.hmb.gov.tr Type: MX
766 HostName: mailgw03.hmb.gov.tr Type: PTR
767 IP: 212.174.188.12 (Turkey)
768 HostName: mailgw02.hmb.gov.tr Type: MX
769 HostName: mailgw02.maliye.gov.tr Type: PTR
770 IP: 212.174.188.11 (Turkey)
771 HostName: mailgw01.hmb.gov.tr Type: MX
772 HostName: mailgw01.maliye.gov.tr Type: PTR
773
774 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
775 No zone transfer found on nameserver 212.174.189.24
776 No zone transfer found on nameserver 212.174.189.29
777
778 Checking SPF record...
779 New hostname found: mailgw01
780 New hostname found: mailgw02
781 New hostname found: mailgw03
782 New hostname found: mailgw04
783
784 Checking 196 most common hostnames using system default resolver...
785 IP: 212.174.188.50 (Turkey)
786 HostName: www.hmb.gov.tr. Type: A
787 IP: 212.174.188.10 (Turkey)
788 HostName: mail.hmb.gov.tr. Type: A
789 IP: 212.174.189.24 (Turkey)
790 HostName: ns3.muhasebat.gov.tr Type: NS
791 HostName: 212.174.189.24.static.ttnet.com.tr Type: PTR
792 HostName: ns1.hmb.gov.tr. Type: A
793 IP: 212.174.189.29 (Turkey)
794 HostName: ns1.muhasebat.gov.tr Type: NS
795 HostName: 212.174.189.29.static.ttnet.com.tr Type: PTR
796 HostName: ns2.hmb.gov.tr. Type: A
797 IP: 212.174.188.9 (Turkey)
798 HostName: webmail.hmb.gov.tr. Type: A
799 IP: 212.174.188.11 (Turkey)
800 HostName: mailgw01.hmb.gov.tr Type: MX
801 HostName: mailgw01.maliye.gov.tr Type: PTR
802 HostName: mailgw01.hmb.gov.tr. Type: A
803 IP: 212.174.188.12 (Turkey)
804 HostName: mailgw02.hmb.gov.tr Type: MX
805 HostName: mailgw02.maliye.gov.tr Type: PTR
806 HostName: mailgw02.hmb.gov.tr. Type: A
807 IP: 212.174.188.13 (Turkey)
808 HostName: mailgw03.hmb.gov.tr Type: MX
809 HostName: mailgw03.hmb.gov.tr Type: PTR
810 HostName: mailgw03.hmb.gov.tr. Type: A
811 IP: 212.174.188.15 (Turkey)
812 HostName: mailgw04.hmb.gov.tr. Type: A
813
814 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
815 Checking netblock 212.174.188.0
816 Checking netblock 212.174.189.0
817
818 Searching for hmb.gov.tr. emails in Google
819 dhdb_sostes@hmb.gov.tr.
820 istanbuldef@hmb.gov.tr.
821 sancaktepemm@hmb.gov.tr.
822
823 Checking 9 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
824 Host 212.174.188.9 is up (reset ttl 64)
825 Host 212.174.188.12 is up (reset ttl 64)
826 Host 212.174.188.11 is up (reset ttl 64)
827 Host 212.174.188.10 is up (reset ttl 64)
828 Host 212.174.188.13 is up (reset ttl 64)
829 Host 212.174.189.24 is up (reset ttl 64)
830 Host 212.174.188.15 is up (reset ttl 64)
831 Host 212.174.188.50 is up (reset ttl 64)
832 Host 212.174.189.29 is up (reset ttl 64)
833
834 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
835 Scanning ip 212.174.188.9 (webmail.hmb.gov.tr.):
836 80/tcp open http-proxy syn-ack ttl 236 F5 BIG-IP load balancer http proxy
837 | http-methods:
838 |_ Supported Methods: GET HEAD POST OPTIONS
839 |_http-server-header: BigIP
840 |_http-title: Did not follow redirect to https://212.174.188.9/
841 |_https-redirect: ERROR: Script execution failed (use -d to debug)
842 443/tcp open ssl/https? syn-ack ttl 236
843 |_http-favicon: Unknown favicon MD5: 486373B021971D0A95AF04C811799E21
844 | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
845 | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
846 | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
847 | Public Key type: rsa
848 | Public Key bits: 2048
849 | Signature Algorithm: sha256WithRSAEncryption
850 | Not valid before: 2018-10-05T16:39:41
851 | Not valid after: 2020-10-05T16:39:41
852 | MD5: d9a6 828e 3cb7 f9b5 8a71 1d50 fb89 5033
853 |_SHA-1: 97a7 ad85 2f9f e53d bae7 97aa bdee f469 cbd3 8cef
854 |_ssl-date: TLS randomness does not represent time
855 Device type: general purpose|WAP
856 OS Info: Service Info: Device: load balancer
857 Scanning ip 212.174.188.12 (mailgw02.hmb.gov.tr.):
858 Scanning ip 212.174.188.11 (mailgw01.hmb.gov.tr.):
859 80/tcp open http syn-ack ttl 109 Microsoft IIS httpd 7.5
860 | http-methods:
861 |_ Supported Methods: GET HEAD POST OPTIONS
862 |_http-server-header: Microsoft-IIS/7.5
863 |_http-title: Did not follow redirect to https://mail.muhasebat.gov.tr/owa
864 443/tcp open ssl/https? syn-ack ttl 112
865 |_ssl-date: 2019-11-19T17:14:46+00:00; -44s from scanner time.
866 Device type: general purpose|WAP
867 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista (85%)
868 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
869 |_clock-skew: -44s
870 Scanning ip 212.174.188.10 (mail.hmb.gov.tr.):
871 80/tcp open http-proxy syn-ack ttl 239 F5 BIG-IP load balancer http proxy
872 | http-methods:
873 |_ Supported Methods: GET HEAD POST OPTIONS
874 |_http-server-header: BigIP
875 |_http-title: Did not follow redirect to https://212.174.188.10/
876 |_https-redirect: ERROR: Script execution failed (use -d to debug)
877 443/tcp open ssl/http-proxy syn-ack ttl 236 F5 BIG-IP load balancer http proxy
878 | http-methods:
879 |_ Supported Methods: GET HEAD POST OPTIONS
880 |_http-server-header: BigIP
881 | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
882 | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
883 | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
884 | Public Key type: rsa
885 | Public Key bits: 2048
886 | Signature Algorithm: sha256WithRSAEncryption
887 | Not valid before: 2018-10-05T16:39:41
888 | Not valid after: 2020-10-05T16:39:41
889 | MD5: d9a6 828e 3cb7 f9b5 8a71 1d50 fb89 5033
890 |_SHA-1: 97a7 ad85 2f9f e53d bae7 97aa bdee f469 cbd3 8cef
891 |_ssl-date: TLS randomness does not represent time
892 Device type: general purpose|WAP
893 OS Info: Service Info: Device: load balancer
894 Scanning ip 212.174.188.13 (mailgw03.hmb.gov.tr.):
895 Scanning ip 212.174.189.24 (ns1.hmb.gov.tr.):
896 53/tcp open domain syn-ack ttl 110 Microsoft DNS 6.1.7601 (1DB15EC5) (Windows Server 2008 R2 SP1)
897 | dns-nsid:
898 |_ bind.version: Microsoft DNS 6.1.7601 (1DB15EC5)
899 Device type: general purpose|WAP
900 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista (86%)
901 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1
902 Scanning ip 212.174.188.15 (mailgw04.hmb.gov.tr.):
903 Scanning ip 212.174.188.50 (www.hmb.gov.tr.):
904 80/tcp open http syn-ack ttl 43 nginx
905 | http-methods:
906 |_ Supported Methods: GET HEAD POST OPTIONS
907 |_http-title: Did not follow redirect to https://www.hmb.gov.tr
908 443/tcp open ssl/http syn-ack ttl 43 nginx
909 | http-methods:
910 |_ Supported Methods: GET HEAD POST OPTIONS
911 |_http-title: Did not follow redirect to https://www.hmb.gov.tr
912 | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
913 | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
914 | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
915 | Public Key type: rsa
916 | Public Key bits: 2048
917 | Signature Algorithm: sha256WithRSAEncryption
918 | Not valid before: 2018-10-05T16:39:41
919 | Not valid after: 2020-10-05T16:39:41
920 | MD5: d9a6 828e 3cb7 f9b5 8a71 1d50 fb89 5033
921 |_SHA-1: 97a7 ad85 2f9f e53d bae7 97aa bdee f469 cbd3 8cef
922 Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (91%)
923 Scanning ip 212.174.189.29 (ns2.hmb.gov.tr.):
924 53/tcp open domain syn-ack ttl 110 Microsoft DNS 6.1.7601 (1DB15F75) (Windows Server 2008 R2 SP1)
925 | dns-nsid:
926 |_ bind.version: Microsoft DNS 6.1.7601 (1DB15F75)
927 Device type: general purpose|WAP
928 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista|8.1 (86%)
929 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1
930 WebCrawling domain's web servers... up to 50 max links.
931
932 + URL to crawl: http://webmail.hmb.gov.tr.
933 + Date: 2019-11-19
934
935 + Crawling URL: http://webmail.hmb.gov.tr.:
936 + Links:
937 + Crawling http://webmail.hmb.gov.tr.
938 + Searching for directories...
939 + Searching open folders...
940
941
942 + URL to crawl: http://mailgw01.hmb.gov.tr.
943 + Date: 2019-11-19
944
945 + Crawling URL: http://mailgw01.hmb.gov.tr.:
946 + Links:
947 + Crawling http://mailgw01.hmb.gov.tr. (400 Bad Request)
948 + Searching for directories...
949 + Searching open folders...
950
951
952 + URL to crawl: http://mailgw01.hmb.gov.tr
953 + Date: 2019-11-19
954
955 + Crawling URL: http://mailgw01.hmb.gov.tr:
956 + Links:
957 + Crawling http://mailgw01.hmb.gov.tr ([SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:727))
958 + Searching for directories...
959 + Searching open folders...
960
961
962 + URL to crawl: http://mail.hmb.gov.tr.
963 + Date: 2019-11-19
964
965 + Crawling URL: http://mail.hmb.gov.tr.:
966 + Links:
967 + Crawling http://mail.hmb.gov.tr.
968 + Searching for directories...
969 + Searching open folders...
970
971
972 + URL to crawl: http://mail.hmb.gov.tr.:443
973 + Date: 2019-11-19
974
975 + Crawling URL: http://mail.hmb.gov.tr.:443:
976 + Links:
977 + Crawling http://mail.hmb.gov.tr.:443
978 + Searching for directories...
979 + Searching open folders...
980
981
982 + URL to crawl: http://www.hmb.gov.tr.
983 + Date: 2019-11-19
984
985 + Crawling URL: http://www.hmb.gov.tr.:
986 + Links:
987 + Crawling http://www.hmb.gov.tr.
988 + Crawling http://www.hmb.gov.tr./manifest.json (File! Not crawling it.)
989 + Crawling http://www.hmb.gov.tr./yandex-browser-manifest.json (File! Not crawling it.)
990 + Searching for directories...
991 - Found: http://www.hmb.gov.tr./assets/
992 + Searching open folders...
993 - http://www.hmb.gov.tr./assets/ (403 Forbidden)
994
995
996 + URL to crawl: https://www.hmb.gov.tr.
997 + Date: 2019-11-19
998
999 + Crawling URL: https://www.hmb.gov.tr.:
1000 + Links:
1001 + Crawling https://www.hmb.gov.tr.
1002 + Searching for directories...
1003 + Searching open folders...
1004
1005--Finished--
1006Summary information for domain hmb.gov.tr.
1007-----------------------------------------
1008 Domain Specific Information:
1009 Email: dhdb_sostes@hmb.gov.tr.
1010 Email: istanbuldef@hmb.gov.tr.
1011 Email: sancaktepemm@hmb.gov.tr.
1012
1013 Domain Ips Information:
1014 IP: 212.174.188.9
1015 HostName: webmail.hmb.gov.tr. Type: A
1016 Country: Turkey
1017 Is Active: True (reset ttl 64)
1018 Port: 80/tcp open http-proxy syn-ack ttl 236 F5 BIG-IP load balancer http proxy
1019 Script Info: | http-methods:
1020 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1021 Script Info: |_http-server-header: BigIP
1022 Script Info: |_http-title: Did not follow redirect to https://212.174.188.9/
1023 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
1024 Port: 443/tcp open ssl/https? syn-ack ttl 236
1025 Script Info: |_http-favicon: Unknown favicon MD5: 486373B021971D0A95AF04C811799E21
1026 Script Info: | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
1027 Script Info: | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
1028 Script Info: | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
1029 Script Info: | Public Key type: rsa
1030 Script Info: | Public Key bits: 2048
1031 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1032 Script Info: | Not valid before: 2018-10-05T16:39:41
1033 Script Info: | Not valid after: 2020-10-05T16:39:41
1034 Script Info: | MD5: d9a6 828e 3cb7 f9b5 8a71 1d50 fb89 5033
1035 Script Info: |_SHA-1: 97a7 ad85 2f9f e53d bae7 97aa bdee f469 cbd3 8cef
1036 Script Info: |_ssl-date: TLS randomness does not represent time
1037 Script Info: Device type: general purpose|WAP
1038 Os Info: Device: load balancer
1039 IP: 212.174.188.12
1040 HostName: mailgw02.hmb.gov.tr Type: MX
1041 HostName: mailgw02.maliye.gov.tr Type: PTR
1042 HostName: mailgw02.hmb.gov.tr. Type: A
1043 Country: Turkey
1044 Is Active: True (reset ttl 64)
1045 IP: 212.174.188.11
1046 HostName: mailgw01.hmb.gov.tr Type: MX
1047 HostName: mailgw01.maliye.gov.tr Type: PTR
1048 HostName: mailgw01.hmb.gov.tr. Type: A
1049 Country: Turkey
1050 Is Active: True (reset ttl 64)
1051 Port: 80/tcp open http syn-ack ttl 109 Microsoft IIS httpd 7.5
1052 Script Info: | http-methods:
1053 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1054 Script Info: |_http-server-header: Microsoft-IIS/7.5
1055 Script Info: |_http-title: Did not follow redirect to https://mail.muhasebat.gov.tr/owa
1056 Port: 443/tcp open ssl/https? syn-ack ttl 112
1057 Script Info: |_ssl-date: 2019-11-19T17:14:46+00:00; -44s from scanner time.
1058 Script Info: Device type: general purpose|WAP
1059 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista (85%)
1060 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1061 Script Info: |_clock-skew: -44s
1062 IP: 212.174.188.10
1063 HostName: mail.hmb.gov.tr. Type: A
1064 Country: Turkey
1065 Is Active: True (reset ttl 64)
1066 Port: 80/tcp open http-proxy syn-ack ttl 239 F5 BIG-IP load balancer http proxy
1067 Script Info: | http-methods:
1068 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1069 Script Info: |_http-server-header: BigIP
1070 Script Info: |_http-title: Did not follow redirect to https://212.174.188.10/
1071 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
1072 Port: 443/tcp open ssl/http-proxy syn-ack ttl 236 F5 BIG-IP load balancer http proxy
1073 Script Info: | http-methods:
1074 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1075 Script Info: |_http-server-header: BigIP
1076 Script Info: | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
1077 Script Info: | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
1078 Script Info: | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
1079 Script Info: | Public Key type: rsa
1080 Script Info: | Public Key bits: 2048
1081 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1082 Script Info: | Not valid before: 2018-10-05T16:39:41
1083 Script Info: | Not valid after: 2020-10-05T16:39:41
1084 Script Info: | MD5: d9a6 828e 3cb7 f9b5 8a71 1d50 fb89 5033
1085 Script Info: |_SHA-1: 97a7 ad85 2f9f e53d bae7 97aa bdee f469 cbd3 8cef
1086 Script Info: |_ssl-date: TLS randomness does not represent time
1087 Script Info: Device type: general purpose|WAP
1088 Os Info: Device: load balancer
1089 IP: 212.174.188.13
1090 HostName: mailgw03.hmb.gov.tr Type: MX
1091 HostName: mailgw03.hmb.gov.tr Type: PTR
1092 HostName: mailgw03.hmb.gov.tr. Type: A
1093 Country: Turkey
1094 Is Active: True (reset ttl 64)
1095 IP: 212.174.189.24
1096 HostName: ns3.muhasebat.gov.tr Type: NS
1097 HostName: 212.174.189.24.static.ttnet.com.tr Type: PTR
1098 HostName: ns1.hmb.gov.tr. Type: A
1099 Country: Turkey
1100 Is Active: True (reset ttl 64)
1101 Port: 53/tcp open domain syn-ack ttl 110 Microsoft DNS 6.1.7601 (1DB15EC5) (Windows Server 2008 R2 SP1)
1102 Script Info: | dns-nsid:
1103 Script Info: |_ bind.version: Microsoft DNS 6.1.7601 (1DB15EC5)
1104 Script Info: Device type: general purpose|WAP
1105 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista (86%)
1106 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1
1107 IP: 212.174.188.15
1108 HostName: mailgw04.hmb.gov.tr. Type: A
1109 Country: Turkey
1110 Is Active: True (reset ttl 64)
1111 IP: 212.174.188.50
1112 HostName: www.hmb.gov.tr. Type: A
1113 Country: Turkey
1114 Is Active: True (reset ttl 64)
1115 Port: 80/tcp open http syn-ack ttl 43 nginx
1116 Script Info: | http-methods:
1117 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1118 Script Info: |_http-title: Did not follow redirect to https://www.hmb.gov.tr
1119 Port: 443/tcp open ssl/http syn-ack ttl 43 nginx
1120 Script Info: | http-methods:
1121 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1122 Script Info: |_http-title: Did not follow redirect to https://www.hmb.gov.tr
1123 Script Info: | ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
1124 Script Info: | Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
1125 Script Info: | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
1126 Script Info: | Public Key type: rsa
1127 Script Info: | Public Key bits: 2048
1128 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1129 Script Info: | Not valid before: 2018-10-05T16:39:41
1130 Script Info: | Not valid after: 2020-10-05T16:39:41
1131 Script Info: | MD5: d9a6 828e 3cb7 f9b5 8a71 1d50 fb89 5033
1132 Script Info: |_SHA-1: 97a7 ad85 2f9f e53d bae7 97aa bdee f469 cbd3 8cef
1133 Script Info: Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (91%)
1134 IP: 212.174.189.29
1135 HostName: ns1.muhasebat.gov.tr Type: NS
1136 HostName: 212.174.189.29.static.ttnet.com.tr Type: PTR
1137 HostName: ns2.hmb.gov.tr. Type: A
1138 Country: Turkey
1139 Is Active: True (reset ttl 64)
1140 Port: 53/tcp open domain syn-ack ttl 110 Microsoft DNS 6.1.7601 (1DB15F75) (Windows Server 2008 R2 SP1)
1141 Script Info: | dns-nsid:
1142 Script Info: |_ bind.version: Microsoft DNS 6.1.7601 (1DB15F75)
1143 Script Info: Device type: general purpose|WAP
1144 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2008|7|Vista|8.1 (86%)
1145 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1
1146
1147--------------End Summary --------------
1148-----------------------------------------
1149################################################################################################################################
1150Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-19 12:31 EST
1151Nmap scan report for 212.174.188.50
1152Host is up (0.17s latency).
1153Not shown: 998 filtered ports
1154PORT STATE SERVICE
115580/tcp open http
1156443/tcp open https
1157#######################################################################################################################################
1158Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-19 12:34 EST
1159Nmap scan report for 212.174.188.50
1160Host is up (0.16s latency).
1161Not shown: 995 filtered ports
1162PORT STATE SERVICE
116325/tcp closed smtp
116480/tcp open http
1165139/tcp closed netbios-ssn
1166443/tcp open https
1167445/tcp closed microsoft-ds
1168######################################################################################################################################
1169Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-19 12:25 EST
1170Nmap scan report for 212.174.188.50
1171Host is up (0.20s latency).
1172Not shown: 995 filtered ports
1173PORT STATE SERVICE VERSION
117425/tcp closed smtp
117580/tcp open http nginx
1176|_http-title: Did not follow redirect to https://www.hmb.gov.tr
1177139/tcp closed netbios-ssn
1178443/tcp open ssl/http nginx
1179|_http-title: Did not follow redirect to https://www.hmb.gov.tr
1180| ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
1181| Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
1182| Not valid before: 2018-10-05T16:39:41
1183|_Not valid after: 2020-10-05T16:39:41
1184445/tcp closed microsoft-ds
1185Device type: general purpose
1186Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (91%)
1187OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4.0 cpe:/o:linux:linux_kernel:3.10
1188Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), Linux 4.0 (87%), Linux 4.4 (86%), Linux 3.10 (86%), Linux 3.10 - 3.16 (86%), Linux 3.10 - 4.11 (85%), Linux 4.9 (85%), Linux 3.10 - 3.12 (85%)
1189No exact OS matches for host (test conditions non-ideal).
1190######################################################################################################################################
1191root@kali:~# nmap -A 212.174.188.50
1192Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-19 12:28 EST
1193Nmap scan report for 212.174.188.50
1194Host is up (0.15s latency).
1195Not shown: 995 filtered ports
1196PORT STATE SERVICE VERSION
119725/tcp closed smtp
119880/tcp open http nginx
1199|_http-title: Did not follow redirect to https://www.hmb.gov.tr
1200139/tcp closed netbios-ssn
1201443/tcp open ssl/http nginx
1202|_http-title: Did not follow redirect to https://www.hmb.gov.tr
1203| ssl-cert: Subject: commonName=*.hmb.gov.tr/organizationName=Hazine ve Maliye Bakanligi/stateOrProvinceName=Ankara/countryName=TR
1204| Subject Alternative Name: DNS:*.hmb.gov.tr, DNS:hmb.gov.tr
1205| Not valid before: 2018-10-05T16:39:41
1206|_Not valid after: 2020-10-05T16:39:41
1207445/tcp closed microsoft-ds
1208Device type: general purpose
1209Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (91%)
1210OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
1211Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), Linux 3.10 - 4.11 (85%), Linux 4.0 (85%), Linux 4.4 (85%)
1212No exact OS matches for host (test conditions non-ideal).
1213Network Distance: 2 hops
1214
1215TRACEROUTE (using port 445/tcp)
1216HOP RTT ADDRESS
12171 137.86 ms 10.243.200.1
12182 137.85 ms 212.174.188.50
1219#######################################################################################################################################
1220Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-19 12:35 EST
1221Nmap scan report for 212.174.188.50
1222Host is up (0.16s latency).
1223Not shown: 995 filtered ports
1224PORT STATE SERVICE VERSION
122525/tcp closed smtp
122680/tcp open http nginx
1227| vulscan: VulDB - https://vuldb.com:
1228| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1229| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1230| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1231| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1232| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1233| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1234| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1235| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1236| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1237| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1238| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1239| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1240| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1241| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1242| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1243| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1244| [67677] nginx up to 1.7.3 SSL weak authentication
1245| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1246| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1247| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1248| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1249| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1250| [8671] nginx up to 1.4 proxy_pass denial of service
1251| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1252| [7247] nginx 1.2.6 Proxy Function spoofing
1253| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1254| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1255| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1256| [59645] nginx up to 0.8.9 Heap-based memory corruption
1257| [53592] nginx 0.8.36 memory corruption
1258| [53590] nginx up to 0.8.9 unknown vulnerability
1259| [51533] nginx 0.7.64 Terminal privilege escalation
1260| [50905] nginx up to 0.8.9 directory traversal
1261| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1262| [50043] nginx up to 0.8.10 memory corruption
1263|
1264| MITRE CVE - https://cve.mitre.org:
1265| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1266| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1267| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1268| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1269| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1270| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1271| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1272| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1273| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1274| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1275| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1276| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1277| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1278|
1279| SecurityFocus - https://www.securityfocus.com/bid/:
1280| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1281| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1282| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1283| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1284| [82230] nginx Multiple Denial of Service Vulnerabilities
1285| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1286| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1287| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1288| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1289| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1290| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1291| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1292| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1293| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1294| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1295| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1296| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1297| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1298| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1299| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1300| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1301| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1302| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1303| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1304| [40420] nginx Directory Traversal Vulnerability
1305| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1306| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1307| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1308| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1309| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1310|
1311| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1312| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1313| [84172] nginx denial of service
1314| [84048] nginx buffer overflow
1315| [83923] nginx ngx_http_close_connection() integer overflow
1316| [83688] nginx null byte code execution
1317| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1318| [82319] nginx access.log information disclosure
1319| [80952] nginx SSL spoofing
1320| [77244] nginx and Microsoft Windows request security bypass
1321| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1322| [74831] nginx ngx_http_mp4_module.c buffer overflow
1323| [74191] nginx ngx_cpystrn() information disclosure
1324| [74045] nginx header response information disclosure
1325| [71355] nginx ngx_resolver_copy() buffer overflow
1326| [59370] nginx characters denial of service
1327| [59369] nginx DATA source code disclosure
1328| [59047] nginx space source code disclosure
1329| [58966] nginx unspecified directory traversal
1330| [54025] nginx ngx_http_parse.c denial of service
1331| [53431] nginx WebDAV component directory traversal
1332| [53328] Nginx CRC-32 cached domain name spoofing
1333| [53250] Nginx ngx_http_parse_complex_uri() function code execution
1334|
1335| Exploit-DB - https://www.exploit-db.com:
1336| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
1337| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
1338| [25499] nginx 1.3.9-1.4.0 DoS PoC
1339| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
1340| [14830] nginx 0.6.38 - Heap Corruption Exploit
1341| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
1342| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
1343| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
1344| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
1345| [9829] nginx 0.7.61 WebDAV directory traversal
1346|
1347| OpenVAS (Nessus) - http://www.openvas.org:
1348| [864418] Fedora Update for nginx FEDORA-2012-3846
1349| [864310] Fedora Update for nginx FEDORA-2012-6238
1350| [864209] Fedora Update for nginx FEDORA-2012-6411
1351| [864204] Fedora Update for nginx FEDORA-2012-6371
1352| [864121] Fedora Update for nginx FEDORA-2012-4006
1353| [864115] Fedora Update for nginx FEDORA-2012-3991
1354| [864065] Fedora Update for nginx FEDORA-2011-16075
1355| [863654] Fedora Update for nginx FEDORA-2011-16110
1356| [861232] Fedora Update for nginx FEDORA-2007-1158
1357| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
1358| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
1359| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
1360| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
1361| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1362| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1363| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1364| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1365| [100659] nginx Directory Traversal Vulnerability
1366| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
1367| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1368| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1369| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1370| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
1371| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1372| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
1373| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
1374| [71297] FreeBSD Ports: nginx
1375| [71276] FreeBSD Ports: nginx
1376| [71239] Debian Security Advisory DSA 2434-1 (nginx)
1377| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
1378| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
1379| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
1380| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
1381| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
1382| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
1383| [64894] FreeBSD Ports: nginx
1384| [64869] Debian Security Advisory DSA 1884-1 (nginx)
1385|
1386| SecurityTracker - https://www.securitytracker.com:
1387| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
1388| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
1389| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
1390| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
1391|
1392| OSVDB - http://www.osvdb.org:
1393| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
1394| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
1395| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
1396| [92796] nginx ngx_http_close_connection Function Crafted r->
1397| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
1398| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
1399| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
1400| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
1401| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
1402| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
1403| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
1404| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
1405| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
1406| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
1407| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
1408| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
1409| [62617] nginx Internal DNS Cache Poisoning Weakness
1410| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
1411| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
1412| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
1413| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
1414| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
1415| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
1416| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
1417| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
1418| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
1419| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
1420|_
1421139/tcp closed netbios-ssn
1422443/tcp open ssl/http nginx
1423| vulscan: VulDB - https://vuldb.com:
1424| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
1425| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
1426| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
1427| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
1428| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
1429| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
1430| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
1431| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
1432| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
1433| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
1434| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
1435| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
1436| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
1437| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
1438| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
1439| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
1440| [67677] nginx up to 1.7.3 SSL weak authentication
1441| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
1442| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
1443| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
1444| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
1445| [65364] nginx up to 1.1.13 Default Configuration information disclosure
1446| [8671] nginx up to 1.4 proxy_pass denial of service
1447| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
1448| [7247] nginx 1.2.6 Proxy Function spoofing
1449| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
1450| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
1451| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
1452| [59645] nginx up to 0.8.9 Heap-based memory corruption
1453| [53592] nginx 0.8.36 memory corruption
1454| [53590] nginx up to 0.8.9 unknown vulnerability
1455| [51533] nginx 0.7.64 Terminal privilege escalation
1456| [50905] nginx up to 0.8.9 directory traversal
1457| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
1458| [50043] nginx up to 0.8.10 memory corruption
1459|
1460| MITRE CVE - https://cve.mitre.org:
1461| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
1462| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
1463| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
1464| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
1465| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
1466| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
1467| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
1468| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
1469| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
1470| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
1471| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
1472| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
1473| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
1474|
1475| SecurityFocus - https://www.securityfocus.com/bid/:
1476| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
1477| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
1478| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
1479| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
1480| [82230] nginx Multiple Denial of Service Vulnerabilities
1481| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
1482| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
1483| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
1484| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
1485| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
1486| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
1487| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
1488| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
1489| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
1490| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
1491| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
1492| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
1493| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
1494| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
1495| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1496| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1497| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1498| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1499| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
1500| [40420] nginx Directory Traversal Vulnerability
1501| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1502| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1503| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1504| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1505| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
1506|
1507| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1508| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
1509| [84172] nginx denial of service
1510| [84048] nginx buffer overflow
1511| [83923] nginx ngx_http_close_connection() integer overflow
1512| [83688] nginx null byte code execution
1513| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
1514| [82319] nginx access.log information disclosure
1515| [80952] nginx SSL spoofing
1516| [77244] nginx and Microsoft Windows request security bypass
1517| [76778] Naxsi module for Nginx nx_extract.py directory traversal
1518| [74831] nginx ngx_http_mp4_module.c buffer overflow
1519| [74191] nginx ngx_cpystrn() information disclosure
1520| [74045] nginx header response information disclosure
1521| [71355] nginx ngx_resolver_copy() buffer overflow
1522| [59370] nginx characters denial of service
1523| [59369] nginx DATA source code disclosure
1524| [59047] nginx space source code disclosure
1525| [58966] nginx unspecified directory traversal
1526| [54025] nginx ngx_http_parse.c denial of service
1527| [53431] nginx WebDAV component directory traversal
1528| [53328] Nginx CRC-32 cached domain name spoofing
1529| [53250] Nginx ngx_http_parse_complex_uri() function code execution
1530|
1531| Exploit-DB - https://www.exploit-db.com:
1532| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
1533| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
1534| [25499] nginx 1.3.9-1.4.0 DoS PoC
1535| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
1536| [14830] nginx 0.6.38 - Heap Corruption Exploit
1537| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
1538| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
1539| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
1540| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
1541| [9829] nginx 0.7.61 WebDAV directory traversal
1542|
1543| OpenVAS (Nessus) - http://www.openvas.org:
1544| [864418] Fedora Update for nginx FEDORA-2012-3846
1545| [864310] Fedora Update for nginx FEDORA-2012-6238
1546| [864209] Fedora Update for nginx FEDORA-2012-6411
1547| [864204] Fedora Update for nginx FEDORA-2012-6371
1548| [864121] Fedora Update for nginx FEDORA-2012-4006
1549| [864115] Fedora Update for nginx FEDORA-2012-3991
1550| [864065] Fedora Update for nginx FEDORA-2011-16075
1551| [863654] Fedora Update for nginx FEDORA-2011-16110
1552| [861232] Fedora Update for nginx FEDORA-2007-1158
1553| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
1554| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
1555| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
1556| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
1557| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
1558| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
1559| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
1560| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
1561| [100659] nginx Directory Traversal Vulnerability
1562| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
1563| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
1564| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
1565| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
1566| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
1567| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
1568| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
1569| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
1570| [71297] FreeBSD Ports: nginx
1571| [71276] FreeBSD Ports: nginx
1572| [71239] Debian Security Advisory DSA 2434-1 (nginx)
1573| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
1574| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
1575| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
1576| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
1577| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
1578| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
1579| [64894] FreeBSD Ports: nginx
1580| [64869] Debian Security Advisory DSA 1884-1 (nginx)
1581|
1582| SecurityTracker - https://www.securitytracker.com:
1583| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
1584| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
1585| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
1586| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
1587|
1588| OSVDB - http://www.osvdb.org:
1589| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
1590| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
1591| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
1592| [92796] nginx ngx_http_close_connection Function Crafted r->
1593| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
1594| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
1595| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
1596| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
1597| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
1598| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
1599| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
1600| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
1601| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
1602| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
1603| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
1604| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
1605| [62617] nginx Internal DNS Cache Poisoning Weakness
1606| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
1607| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
1608| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
1609| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
1610| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
1611| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
1612| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
1613| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
1614| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
1615| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
1616#######################################################################################################################################
1617 Anonymous JTSEC #OpTurkey Full Recon #10