· 6 years ago · Jun 15, 2019, 12:46 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname ombudsman.gov.sd ISP NICDC
4Continent Africa Flag
5SD
6Country Sudan Country Code SD
7Region Unknown Local time 15 Jun 2019 01:28 CAT
8City Unknown Postal Code Unknown
9IP Address 62.12.105.3 Latitude 15
10 Longitude 30
11=======================================================================================================================================
12#######################################################################################################################################
13> ombudsman.gov.sd
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: ombudsman.gov.sd
19Address: 62.12.105.3
20>
21#######################################################################################################################################
22[+] Target : ombudsman.gov.sd
23
24[+] IP Address : 62.12.105.3
25
26[+] Headers :
27
28[+] Cache-Control : private
29[+] Content-Type : text/html; charset=utf-8
30[+] Content-Encoding : gzip
31[+] Vary : Accept-Encoding
32[+] Server : Microsoft-IIS/8.5
33[+] Set-Cookie : ASP.NET_SessionId=m35c3mwldcx51illtkoz3a1z; path=/; HttpOnly, ASP.NET_SessionId=m35c3mwldcx51illtkoz3a1z; path=/; HttpOnly, __RequestVerificationToken=B6bQtxy8TuKscRN8AoBj9C2Mo8Dd09-97YW2vKjT21Jqs1JkyNJ4GaWSgd7mje4ni0xhHaCWpU_hXQHvd56RFnIPE6cZ1HXmAnKmhc4bwWU1; path=/; HttpOnly
34[+] X-AspNetMvc-Version : 5.2
35[+] X-Frame-Options : SAMEORIGIN
36[+] X-AspNet-Version : 4.0.30319
37[+] X-Powered-By : ASP.NET
38[+] X-Powered-By-Plesk : PleskWin
39[+] Date : Fri, 14 Jun 2019 23:32:49 GMT
40[+] Content-Length : 15099
41
42[+] SSL Certificate Information :
43
44[-] SSL is not Present on Target URL...Skipping...
45
46[+] Whois Lookup :
47
48[+] NIR : None
49[+] ASN Registry : afrinic
50[+] ASN : 327881
51[+] ASN CIDR : 62.12.105.0/24
52[+] ASN Country Code : SD
53[+] ASN Date : 2015-05-11
54[+] ASN Description : NICDC, SD
55[+] cidr : 62.12.105.0/24
56[+] name : ORG-MoTa1-AFRINIC
57[+] handle : IAEI1-AFRINIC
58[+] range : 62.12.105.0 - 62.12.105.255
59[+] description : National Information Center (NIC)
60[+] country : SD
61[+] state : None
62[+] city : None
63[+] address : National Information Center (NIC)
64[+] postal_code : None
65[+] emails : None
66[+] created : None
67[+] updated : None
68
69[+] Crawling Target...
70
71[+] Looking for robots.txt........[ Not Found ]
72[+] Looking for sitemap.xml.......[ Not Found ]
73[+] Extracting CSS Links..........[ 9 ]
74[+] Extracting Javascript Links...[ 11 ]
75[+] Extracting Internal Links.....[ 0 ]
76[+] Extracting External Links.....[ 5 ]
77[+] Extracting Images.............[ 11 ]
78
79[+] Total Links Extracted : 36
80
81[+] Dumping Links in /opt/FinalRecon/dumps/ombudsman.gov.sd.dump
82[+] Completed!
83#######################################################################################################################################
84[+] Starting At 2019-06-14 19:32:49.293363
85[+] Collecting Information On: ombudsman.gov.sd
86[#] Status: 200
87---------------------------------------------------------------------------------------------------------------------------------------
88[#] Web Server Detected: Microsoft-IIS/8.5
89[#] X-Powered-By: ASP.NET
90- Cache-Control: private
91- Content-Type: text/html; charset=utf-8
92- Content-Encoding: gzip
93- Vary: Accept-Encoding
94- Server: Microsoft-IIS/8.5
95- Set-Cookie: ASP.NET_SessionId=mbqdsntfm2yalv3krsps4bfd; path=/; HttpOnly, ASP.NET_SessionId=mbqdsntfm2yalv3krsps4bfd; path=/; HttpOnly, __RequestVerificationToken=xXsHAGFBPMenM7f5KaF_y_uMHslurbG4K2_pwIwepkcRS-Hd1NhP1CXoN8qKUZgdcaDS2J4jRkw4WykI0e-JYhUHiTnTvkhL0KAIMXFOOOk1; path=/; HttpOnly
96- X-AspNetMvc-Version: 5.2
97- X-Frame-Options: SAMEORIGIN
98- X-AspNet-Version: 4.0.30319
99- X-Powered-By: ASP.NET
100- X-Powered-By-Plesk: PleskWin
101- Date: Fri, 14 Jun 2019 23:32:44 GMT
102- Content-Length: 15103
103---------------------------------------------------------------------------------------------------------------------------------------
104[#] Finding Location..!
105[#] as: AS327881 National Information Center (NIC)
106[#] city: Khartoum
107[#] country: Sudan
108[#] countryCode: SD
109[#] isp: National Information Center
110[#] lat: 15.5007
111[#] lon: 32.5599
112[#] org: ORG MoTa1 AFRINIC
113[#] query: 62.12.105.3
114[#] region: KH
115[#] regionName: Khartoum
116[#] status: success
117[#] timezone: Africa/Khartoum
118[#] zip:
119---------------------------------------------------------------------------------------------------------------------------------------
120[+] Detected WAF Presence in web application: ASP.NET Generic Web Application Protection
121---------------------------------------------------------------------------------------------------------------------------------------
122[#] Starting Reverse DNS-
123[!] Found 4 any Domain
124- moiat.gov.sd
125- ombudsman.gov.sd
126- trafficpolice.gov.sd
127- whitenilestate.gov.sd
128---------------------------------------------------------------------------------------------------------------------------------------
129[!] Scanning Open Port
130[#] 21/tcp open ftp
131[#] 80/tcp open http
132[#] 110/tcp open pop3
133[#] 143/tcp open imap
134[#] 443/tcp open https
135[#] 8443/tcp open https-alt
136---------------------------------------------------------------------------------------------------------------------------------------
137[+] Collecting Information Disclosure!
138######################################################################################################################################
139[i] Scanning Site: http://ombudsman.gov.sd
140
141
142
143B A S I C I N F O
144====================
145
146
147[+] Site Title: ديوان المظالم و الحسبة-الرئيسية
148[+] IP address: 62.12.105.3
149[+] Web Server: Microsoft-IIS/8.5
150[+] CMS: Could Not Detect
151[+] Cloudflare: Not Detected
152[+] Robots File: Could NOT Find robots.txt!
153#######################################################################################################################################
154
155
156
157
158
159G E O I P L O O K U P
160=========================
161
162[i] IP Address: 62.12.105.3
163[i] Country: Sudan
164[i] State:
165[i] City:
166[i] Latitude: 15.0
167[i] Longitude: 30.0
168#######################################################################################################################################
169
170
171
172H T T P H E A D E R S
173=======================
174
175
176[i] HTTP/1.1 200 OK
177[i] Cache-Control: private
178[i] Content-Type: text/html; charset=utf-8
179[i] Server: Microsoft-IIS/8.5
180[i] Set-Cookie: ASP.NET_SessionId=pxywivvzjgeks25aibykfyfz; path=/; HttpOnly
181[i] X-AspNetMvc-Version: 5.2
182[i] X-Frame-Options: SAMEORIGIN
183[i] X-AspNet-Version: 4.0.30319
184[i] Set-Cookie: ASP.NET_SessionId=pxywivvzjgeks25aibykfyfz; path=/; HttpOnly
185[i] Set-Cookie: __RequestVerificationToken=iUe4A3LVzXh36CYebc4ZGJk6sxmPt34hjz7ct6shi2LmJbD9oWuISPHPSw5J0E0CZp84GxHefBYrOqtrT-izISkeyx9JWfIuMdH-2QnDHrQ1; path=/; HttpOnly
186[i] X-Powered-By: ASP.NET
187[i] X-Powered-By-Plesk: PleskWin
188[i] Date: Fri, 14 Jun 2019 23:32:36 GMT
189[i] Connection: close
190[i] Content-Length: 56574
191#######################################################################################################################################
192
193
194
195D N S L O O K U P
196===================
197
198ombudsman.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2018071900 10800 900 604800 86400
199ombudsman.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
200ombudsman.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
201ombudsman.gov.sd. 21599 IN A 62.12.105.3
202ombudsman.gov.sd. 21599 IN MX 10 mail.obudsman.gov.sd.
203ombudsman.gov.sd. 21599 IN TXT "v=spf1 mx -all"
204#######################################################################################################################################
205
206
207
208S U B N E T C A L C U L A T I O N
209====================================
210
211Address = 62.12.105.3
212Network = 62.12.105.3 / 32
213Netmask = 255.255.255.255
214Broadcast = not needed on Point-to-Point links
215Wildcard Mask = 0.0.0.0
216Hosts Bits = 0
217Max. Hosts = 1 (2^0 - 0)
218Host Range = { 62.12.105.3 - 62.12.105.3 }
219#######################################################################################################################################
220
221
222N M A P P O R T S C A N
223============================
224
225Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 23:32 UTC
226Nmap scan report for ombudsman.gov.sd (62.12.105.3)
227Host is up (0.20s latency).
228rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
229
230PORT STATE SERVICE
23121/tcp open ftp
23222/tcp filtered ssh
23323/tcp filtered telnet
23480/tcp open http
235110/tcp open pop3
236143/tcp open imap
237443/tcp open https
2383389/tcp filtered ms-wbt-server
239
240Nmap done: 1 IP address (1 host up) scanned in 3.37 seconds
241#######################################################################################################################################
242Enter Address Website = ombudsman.gov.sd
243
244
245
246Reversing IP With HackTarget 'ombudsman.gov.sd'
247--------------------------------------------------
248
249[+] eservices.motrb.gov.sd
250[+] mail.nashattolabi.sd
251[+] mail.saec.gov.sd
252[+] mail.test.net.sd
253[+] moiat.gov.sd
254[+] ncsp.gov.sd
255[+] penfund.gov.sd
256[+] saec.gov.sd
257[+] sudanpolice.gov.sd
258[+] test.net.sd
259[+] whitenilestate.gov.sd
260[+] www.sudanpolice.gov.sd
261#######################################################################################################################################
262
263
264Reverse IP With YouGetSignal 'ombudsman.gov.sd'
265--------------------------------------------------
266
267[*] IP: 62.12.105.3
268[*] Domain: ombudsman.gov.sd
269[*] Total Domains: 4
270
271[+] moiat.gov.sd
272[+] ombudsman.gov.sd
273[+] trafficpolice.gov.sd
274[+] whitenilestate.gov.sd
275#######################################################################################################################################
276
277
278Geo IP Lookup 'ombudsman.gov.sd'
279-----------------------------------
280
281[+] IP Address: 62.12.105.3
282[+] Country: Sudan
283[+] State:
284[+] City:
285[+] Latitude: 15.0
286[+] Longitude: 30.0
287#######################################################################################################################################
288
289
290
291Bypass Cloudflare 'ombudsman.gov.sd'
292---------------------------------------
293
294[!] CloudFlare Bypass 62.12.105.3 | webmail.ombudsman.gov.sd
295[!] CloudFlare Bypass 62.12.105.3 | mail.ombudsman.gov.sd
296[!] CloudFlare Bypass 62.12.105.3 | www.ombudsman.gov.sd
297#######################################################################################################################################
298
299DNS Lookup 'ombudsman.gov.sd'
300--------------------------------
301
302[+] ombudsman.gov.sd. 21599 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2018071900 10800 900 604800 86400
303[+] ombudsman.gov.sd. 21599 IN NS ns1.ndc.gov.sd.
304[+] ombudsman.gov.sd. 21599 IN NS ns0.ndc.gov.sd.
305[+] ombudsman.gov.sd. 21599 IN A 62.12.105.3
306[+] ombudsman.gov.sd. 21599 IN MX 10 mail.obudsman.gov.sd.
307[+] ombudsman.gov.sd. 21599 IN TXT "v=spf1 mx -all"
308#######################################################################################################################################
309
310Show HTTP Header 'ombudsman.gov.sd'
311--------------------------------------
312
313[+] HTTP/1.1 302 Found
314[+] Cache-Control: private
315[+] Content-Length: 144
316[+] Content-Type: text/html; charset=utf-8
317[+] Location: /Home/Index?aspxerrorpath=/
318[+] Server: Microsoft-IIS/8.5
319[+] X-AspNetMvc-Version: 5.2
320[+] X-AspNet-Version: 4.0.30319
321[+] X-Powered-By: ASP.NET
322[+] X-Powered-By-Plesk: PleskWin
323[+] Date: Fri, 14 Jun 2019 23:32:43 GMT
324#######################################################################################################################################
325
326Port Scan 'ombudsman.gov.sd'
327-------------------------------
328
329Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 23:32 UTC
330Nmap scan report for ombudsman.gov.sd (62.12.105.3)
331Host is up (0.20s latency).
332rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
333
334PORT STATE SERVICE
33521/tcp open ftp
33622/tcp filtered ssh
33723/tcp filtered telnet
33880/tcp open http
339110/tcp open pop3
340143/tcp open imap
341443/tcp open https
3423389/tcp filtered ms-wbt-server
343
344Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds
345#######################################################################################################################################
346
347Traceroute 'ombudsman.gov.sd'
348--------------------------------
349
350Start: 2019-06-14T23:32:56+0000
351HOST: web01 Loss% Snt Last Avg Best Wrst StDev
352 1.|-- 45.79.12.202 0.0% 3 1.0 0.9 0.8 1.0 0.1
353 2.|-- 45.79.12.6 0.0% 3 1.9 3.2 0.8 6.9 3.3
354 3.|-- dls-b22-link.telia.net 0.0% 3 0.9 1.5 0.9 2.8 1.1
355 4.|-- atl-b22-link.telia.net 0.0% 3 21.9 19.9 18.8 21.9 1.7
356 5.|-- ash-bb3-link.telia.net 0.0% 3 29.9 31.7 29.9 35.0 2.9
357 6.|-- prs-bb4-link.telia.net 33.3% 3 106.7 106.8 106.7 106.8 0.1
358 7.|-- mei-b2-link.telia.net 0.0% 3 117.3 117.2 117.2 117.3 0.1
359 8.|-- flagtelecom-ic-324599-mei-b2.c.telia.net 0.0% 3 136.4 124.0 117.6 136.4 10.8
360 9.|-- ae0.0.cjr01.mrs002.flagtel.com 0.0% 3 325.1 314.7 306.1 325.1 9.7
361 10.|-- ae3.0.cjr04.prs001.flagtel.com 0.0% 3 128.8 128.7 128.5 128.8 0.2
362 11.|-- xe-0-0-1.0.pjr04.dxb001.flagtel.com 0.0% 3 256.2 256.2 255.8 256.7 0.5
363 12.|-- 80.77.2.42 0.0% 3 231.4 231.3 231.3 231.4 0.0
364 13.|-- 196.29.177.113 0.0% 3 234.9 234.9 234.8 235.0 0.1
365 14.|-- 197.254.196.62 0.0% 3 238.4 238.5 238.3 238.8 0.2
366 15.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
367#######################################################################################################################################
368
369
370Page Admin Finder 'ombudsman.gov.sd'
371---------------------------------------
372
373
374
375Avilable Links :
376
377Find Page >> http://ombudsman.gov.sd/admin/
378
379Find Page >> http://ombudsman.gov.sd/administrator/
380
381Find Page >> http://ombudsman.gov.sd/admin1/
382
383Find Page >> http://ombudsman.gov.sd/admin2/
384
385Find Page >> http://ombudsman.gov.sd/admin3/
386
387Find Page >> http://ombudsman.gov.sd/admin4/
388
389Find Page >> http://ombudsman.gov.sd/admin5/
390
391Find Page >> http://ombudsman.gov.sd/usuarios/
392
393Find Page >> http://ombudsman.gov.sd/usuario/
394
395Find Page >> http://ombudsman.gov.sd/moderator/
396
397Find Page >> http://ombudsman.gov.sd/webadmin/
398
399Find Page >> http://ombudsman.gov.sd/adminarea/
400
401Find Page >> http://ombudsman.gov.sd/bb-admin/
402
403Find Page >> http://ombudsman.gov.sd/adminLogin/
404
405Find Page >> http://ombudsman.gov.sd/admin_area/
406
407Find Page >> http://ombudsman.gov.sd/panel-administracion/
408
409Find Page >> http://ombudsman.gov.sd/instadmin/
410
411Find Page >> http://ombudsman.gov.sd/memberadmin/
412
413Find Page >> http://ombudsman.gov.sd/administratorlogin/
414
415Find Page >> http://ombudsman.gov.sd/adm/
416
417Find Page >> http://ombudsman.gov.sd/admin_panel/
418
419Find Page >> http://ombudsman.gov.sd/adm_cp/
420#######################################################################################################################################
421
422----- ombudsman.gov.sd -----
423
424
425Host's addresses:
426__________________
427
428ombudsman.gov.sd. 85483 IN A 62.12.105.3
429
430----------------
431Wildcards test:
432----------------
433 good
434
435
436Name Servers:
437______________
438
439ns0.ndc.gov.sd. 13823 IN A 62.12.109.2
440ns1.ndc.gov.sd. 13817 IN A 62.12.109.3
441
442
443Mail (MX) Servers:
444___________________
445
446 mail.obudsman.gov.sd A record query failed: NXDOMAIN
447
448
449Trying Zone Transfers and getting Bind Versions:
450_________________________________________________
451
452
453Trying Zone Transfer for ombudsman.gov.sd on ns0.ndc.gov.sd ...
454ombudsman.gov.sd. 86400 IN SOA (
455ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
456ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
457ombudsman.gov.sd. 86400 IN A 62.12.105.3
458ombudsman.gov.sd. 86400 IN MX 10
459ombudsman.gov.sd. 86400 IN TXT "v=spf1
460mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
461mail.ombudsman.gov.sd. 86400 IN MX 10
462mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
463webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
464www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
465
466Trying Zone Transfer for ombudsman.gov.sd on ns1.ndc.gov.sd ...
467ombudsman.gov.sd. 86400 IN SOA (
468ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
469ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
470ombudsman.gov.sd. 86400 IN A 62.12.105.3
471ombudsman.gov.sd. 86400 IN MX 10
472ombudsman.gov.sd. 86400 IN TXT "v=spf1
473mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
474mail.ombudsman.gov.sd. 86400 IN MX 10
475mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
476webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
477www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
478#######################################################################################################################################
479Trying "ombudsman.gov.sd"
480;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53576
481;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
482
483;; QUESTION SECTION:
484;ombudsman.gov.sd. IN ANY
485
486;; ANSWER SECTION:
487ombudsman.gov.sd. 85363 IN NS ns0.ndc.gov.sd.
488ombudsman.gov.sd. 86281 IN MX 10 mail.obudsman.gov.sd.
489ombudsman.gov.sd. 85363 IN A 62.12.105.3
490ombudsman.gov.sd. 85363 IN NS ns1.ndc.gov.sd.
491ombudsman.gov.sd. 85720 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2018071900 10800 900 604800 86400
492
493Received 161 bytes from 185.93.180.131#53 in 113 ms
494#######################################################################################################################################
495; <<>> DiG 9.11.5-P4-5-Debian <<>> ombudsman.gov.sd +dnssec
496;; global options: +cmd
497;; Got answer:
498;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38088
499;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
500
501;; OPT PSEUDOSECTION:
502; EDNS: version: 0, flags: do; udp: 4096
503;; QUESTION SECTION:
504;ombudsman.gov.sd. IN A
505
506;; ANSWER SECTION:
507ombudsman.gov.sd. 85296 IN A 62.12.105.3
508
509;; Query time: 112 msec
510;; SERVER: 185.93.180.131#53(185.93.180.131)
511;; WHEN: ven jun 14 19:45:11 EDT 2019
512;; MSG SIZE rcvd: 61
513#######################################################################################################################################
514; <<>> DiG 9.11.5-P4-5-Debian <<>> +trace ombudsman.gov.sd
515;; global options: +cmd
516. 79394 IN NS g.root-servers.net.
517. 79394 IN NS d.root-servers.net.
518. 79394 IN NS c.root-servers.net.
519. 79394 IN NS j.root-servers.net.
520. 79394 IN NS m.root-servers.net.
521. 79394 IN NS l.root-servers.net.
522. 79394 IN NS f.root-servers.net.
523. 79394 IN NS b.root-servers.net.
524. 79394 IN NS a.root-servers.net.
525. 79394 IN NS e.root-servers.net.
526. 79394 IN NS k.root-servers.net.
527. 79394 IN NS i.root-servers.net.
528. 79394 IN NS h.root-servers.net.
529. 79394 IN RRSIG NS 8 0 518400 20190627170000 20190614160000 25266 . 21CJJEpZ30ZdfNAfEpN6Y8fJ2PN6Y+xtLSWLqeZVbiS8faVrKFmC3zsL EPgetyceuwXArZtOZb8POQU9VOxf3Sr3E0O6X2zPykBd/QnD2mn9u8vh 03tfCQi9ir8M8cHrLEhCyoLCXYmlWHpYZFuxwBLSYk3lNGn6Cn+DAVWa 6JeoLUSX/AJvOIcfq3NfIbh7jrqB8HU1Go+EkmQXe/iMLx1i2C8p+Cgi xpa7LYwEL3x9N22nKpwyWhUAAFFOmIRhkw5b5ijOzVd2u3BBaAbbrnQ0 belHPmKsx+x9b1zjmdOSW8RjI7/GQv+QuobcDELc6D0iEjYeFXozuXiH ys1Qrg==
530;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 112 ms
531
532sd. 172800 IN NS sd.cctld.authdns.ripe.net.
533sd. 172800 IN NS ns1.uaenic.ae.
534sd. 172800 IN NS ns2.uaenic.ae.
535sd. 172800 IN NS ans1.sis.sd.
536sd. 172800 IN NS ans1.canar.sd.
537sd. 172800 IN NS ans2.canar.sd.
538sd. 172800 IN NS ns-sd.afrinic.net.
539sd. 86400 IN NSEC se. NS RRSIG NSEC
540sd. 86400 IN RRSIG NSEC 8 1 86400 20190627170000 20190614160000 25266 . MjKCNtsNQnEJVz5cPYtkXVbByrRTMlQ1myLs8Pi2+FkFic00RpnZnk5w Pg1lbNn4MQZdx9L090dGjNO3WyleHv1t7HznzWMJ8qCENSIcE1uoRe6r Ak9F/wMKEKvQjra906vPpUlLMG3QcnbyhkP/eoRm2qeN7Ig5/Zsx0J6M gE154HbBf0Lehuk+gd6T/pMkxDs4Idb7z0btkGbQtXo2rrj4jSfRpg1R U7xPKgKJfjqp9ns1z+7dxCE9GWRg9El3ssDyi2Nw4YbRs/qPDh/upUFN /4IY0aeTOsumRH/3FBZ7xs0BaVcNU9RG0YcmEXuNyCnvaPQOkdw315my dR7WMQ==
541;; Received 703 bytes from 199.7.91.13#53(d.root-servers.net) in 190 ms
542
543gov.sd. 14400 IN NS sd.cctld.authdns.ripe.net.
544gov.sd. 14400 IN NS ns1.uaenic.ae.
545gov.sd. 14400 IN NS ns2.uaenic.ae.
546gov.sd. 14400 IN NS ans1.sis.sd.
547gov.sd. 14400 IN NS ans1.canar.sd.
548gov.sd. 14400 IN NS ans2.canar.sd.
549gov.sd. 14400 IN NS ns-sd.afrinic.net.
550;; Received 272 bytes from 196.216.168.26#53(ns-sd.afrinic.net) in 289 ms
551
552;; Received 73 bytes from 213.42.0.226#53(ns1.uaenic.ae) in 229 ms
553#######################################################################################################################################
554[*] Performing General Enumeration of Domain: ombudsman.gov.sd
555[-] DNSSEC is not configured for ombudsman.gov.sd
556[*] SOA ns0.ndc.gov.sd 62.12.109.2
557[*] NS ns0.ndc.gov.sd 62.12.109.2
558[*] Bind Version for 62.12.109.2 you guess!
559[*] NS ns1.ndc.gov.sd 62.12.109.3
560[*] Bind Version for 62.12.109.3 you guess!
561[*] A ombudsman.gov.sd 62.12.105.3
562[*] TXT ombudsman.gov.sd v=spf1 mx -all
563[*] Enumerating SRV Records
564[-] No SRV Records Found for ombudsman.gov.sd
565[+] 0 Records Found
566#######################################################################################################################################
567[*] Processing domain ombudsman.gov.sd
568[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
569[+] Getting nameservers
57062.12.109.2 - ns0.ndc.gov.sd
571[+] Zone transfer sucessful using nameserver ns0.ndc.gov.sd
572ombudsman.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2018071900 10800 900 604800 86400
573ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
574ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
575ombudsman.gov.sd. 86400 IN A 62.12.105.3
576ombudsman.gov.sd. 86400 IN MX 10 mail.obudsman.gov.sd.
577ombudsman.gov.sd. 86400 IN TXT "v=spf1 mx -all"
578mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
579mail.ombudsman.gov.sd. 86400 IN MX 10 mail.ombudsman.gov.sd.
580mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
581webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
582www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
583#######################################################################################################################################
584Ip Address Status Type Domain Name Server
585---------- ------ ---- ----------- ------
58662.12.105.3 200 host mail.ombudsman.gov.sd Microsoft-IIS/8.5
58762.12.105.3 200 host mssql.ombudsman.gov.sd Microsoft-IIS/8.5
58862.12.105.3 302 alias webmail.ombudsman.gov.sd Microsoft-IIS/8.5
58962.12.105.3 302 host mail.ombudsman.gov.sd Microsoft-IIS/8.5
59062.12.105.3 302 host www.ombudsman.gov.sd Microsoft-IIS/8.5
591#######################################################################################################################################
592
593[+] Testing domain
594 www.ombudsman.gov.sd 62.12.105.3
595[+] Dns resolving
596 Domain name Ip address Name server
597 ombudsman.gov.sd 62.12.105.3 f03-web01.nic.gov.sd
598Found 1 host(s) for ombudsman.gov.sd
599[+] Testing wildcard
600 Ok, no wildcard found.
601
602[+] Scanning for subdomain on ombudsman.gov.sd
603[!] Wordlist not specified. I scannig with my internal wordlist...
604 Estimated time about 223.69 seconds
605
606 Subdomain Ip address Name server
607
608 mail.ombudsman.gov.sd 62.12.105.3 f03-web01.nic.gov.sd
609 mssql.ombudsman.gov.sd 62.12.105.3 f03-web01.nic.gov.sd
610 webmail.ombudsman.gov.sd 62.12.105.3 f03-web01.nic.gov.sd
611 www.ombudsman.gov.sd 62.12.105.3 f03-web01.nic.gov.sd
612#######################################################################################################################################
613WhatWeb report for http://ombudsman.gov.sd
614Status : 200 OK
615Title : ديوان المظالم و الحسبة-الرئيسية
616IP : <Unknown>
617Country : <Unknown>
618
619Summary : Script, ASP_NET[4.0.30319][MVC5.2], Email[info@mazalem.com], Microsoft-IIS[8.5], Modernizr[2.6.2-respond-1.1.0.min], JQuery[1.10.2,1.9.1,3.3.1], HTML5, Frame, X-Frame-Options[SAMEORIGIN], UncommonHeaders[x-aspnetmvc-version,x-powered-by-plesk], HttpOnly[ASP.NET_SessionId,__RequestVerificationToken], Cookies[ASP.NET_SessionId,__RequestVerificationToken], X-Powered-By[ASP.NET], HTTPServer[Microsoft-IIS/8.5]
620
621Detected Plugins:
622[ ASP_NET ]
623 ASP.NET is a free web framework that enables great Web
624 applications. Used by millions of developers, it runs some
625 of the biggest sites in the world.
626
627 Version : 4.0.30319 (from X-AspNet-Version HTTP header)
628 String : MVC5.2
629 Google Dorks: (2)
630 Website : http://www.asp.net/
631
632[ Cookies ]
633 Display the names of cookies in the HTTP headers. The
634 values are not returned to save on space.
635
636 String : __RequestVerificationToken
637 String : ASP.NET_SessionId
638
639[ Email ]
640 Extract email addresses. Find valid email address and
641 syntactically invalid email addresses from mailto: link
642 tags. We match syntactically invalid links containing
643 mailto: to catch anti-spam email addresses, eg. bob at
644 gmail.com. This uses the simplified email regular
645 expression from
646 http://www.regular-expressions.info/email.html for valid
647 email address matching.
648
649 String : info@mazalem.com
650 String : info@mazalem.com
651
652[ Frame ]
653 This plugin detects instances of frame and iframe HTML
654 elements.
655
656
657[ HTML5 ]
658 HTML version 5, detected by the doctype declaration
659
660
661[ HTTPServer ]
662 HTTP server header string. This plugin also attempts to
663 identify the operating system from the server header.
664
665 String : Microsoft-IIS/8.5 (from server string)
666
667[ HttpOnly ]
668 If the HttpOnly flag is included in the HTTP set-cookie
669 response header and the browser supports it then the cookie
670 cannot be accessed through client side script - More Info:
671 http://en.wikipedia.org/wiki/HTTP_cookie
672
673 String : ASP.NET_SessionId,__RequestVerificationToken
674
675[ JQuery ]
676 A fast, concise, JavaScript that simplifies how to traverse
677 HTML documents, handle events, perform animations, and add
678 AJAX.
679
680 Version : 1.10.2,1.9.1,3.3.1
681 Website : http://jquery.com/
682
683[ Microsoft-IIS ]
684 Microsoft Internet Information Services (IIS) for Windows
685 Server is a flexible, secure and easy-to-manage Web server
686 for hosting anything on the Web. From media streaming to
687 web application hosting, IIS's scalable and open
688 architecture is ready to handle the most demanding tasks.
689
690 Version : 8.5
691 Website : http://www.iis.net/
692
693[ Modernizr ]
694 Modernizr adds classes to the <html> element which allow
695 you to target specific browser functionality in your
696 stylesheet. You don't actually need to write any Javascript
697 to use it. [JavaScript]
698
699 Version : 2.6.2-respond-1.1.0.min
700 Website : http://www.modernizr.com/
701
702[ Script ]
703 This plugin detects instances of script HTML elements and
704 returns the script language/type.
705
706
707[ UncommonHeaders ]
708 Uncommon HTTP server headers. The blacklist includes all
709 the standard headers and many non standard but common ones.
710 Interesting but fairly common headers should have their own
711 plugins, eg. x-powered-by, server and x-aspnet-version.
712 Info about headers can be found at www.http-stats.com
713
714 String : x-aspnetmvc-version,x-powered-by-plesk (from headers)
715
716[ X-Frame-Options ]
717 This plugin retrieves the X-Frame-Options value from the
718 HTTP header. - More Info:
719 http://msdn.microsoft.com/en-us/library/cc288472%28VS.85%29.
720 aspx
721
722 String : SAMEORIGIN
723
724[ X-Powered-By ]
725 X-Powered-By HTTP header
726
727 String : ASP.NET (from x-powered-by string)
728
729HTTP Headers:
730 HTTP/1.1 200 OK
731 Cache-Control: private
732 Content-Type: text/html; charset=utf-8
733 Content-Encoding: gzip
734 Vary: Accept-Encoding
735 Server: Microsoft-IIS/8.5
736 X-AspNetMvc-Version: 5.2
737 X-Frame-Options: SAMEORIGIN
738 X-AspNet-Version: 4.0.30319
739 Set-Cookie: __RequestVerificationToken=kusRRJtmx-BG465A1DEM_PDys7rab1VIWkuXKojpTYjnE9B4zp3FTxflYxEO_xBRhqnycMg3fTfe0tBnVxkfMoO3o6vGIacGPKacpUKsDsM1; path=/; HttpOnly
740 Set-Cookie: ASP.NET_SessionId=m415ntwpdyovqakg455nrsco; path=/; HttpOnly
741 X-Powered-By: ASP.NET
742 X-Powered-By-Plesk: PleskWin
743 Date: Fri, 14 Jun 2019 23:55:03 GMT
744 Connection: close
745 Content-Length: 15100
746#######################################################################################################################################
747DNS Servers for ombudsman.gov.sd:
748 ns0.ndc.gov.sd
749 ns1.ndc.gov.sd
750
751Trying zone transfer first...
752 Testing ns0.ndc.gov.sd
753
754Whoah, it worked - misconfigured DNS server found:
755ombudsman.gov.sd. 86400 IN SOA ( ns0.ndc.gov.sd. root.ndc.gov.sd.
756 2018071900 ;serial
757 10800 ;refresh
758 900 ;retry
759 604800 ;expire
760 86400 ;minimum
761 )
762ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
763ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
764ombudsman.gov.sd. 86400 IN A 62.12.105.3
765ombudsman.gov.sd. 86400 IN MX 10 mail.obudsman.gov.sd.
766ombudsman.gov.sd. 86400 IN TXT "v=spf1 mx -all"
767mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
768mail.ombudsman.gov.sd. 86400 IN MX 10 mail.ombudsman.gov.sd.
769mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
770webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
771www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
772
773There isn't much point continuing, you have everything.
774Have a nice day.
775Exiting...
776#######################################################################################################################################
777dnsenum VERSION:1.2.4
778
779----- ombudsman.gov.sd -----
780
781
782Host's addresses:
783__________________
784
785ombudsman.gov.sd. 84037 IN A 62.12.105.3
786
787
788Name Servers:
789______________
790
791ns0.ndc.gov.sd. 12377 IN A 62.12.109.2
792ns1.ndc.gov.sd. 12371 IN A 62.12.109.3
793
794
795Mail (MX) Servers:
796___________________
797
798
799
800Trying Zone Transfers and getting Bind Versions:
801_________________________________________________
802
803
804Trying Zone Transfer for ombudsman.gov.sd on ns0.ndc.gov.sd ...
805ombudsman.gov.sd. 86400 IN SOA (
806ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
807ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
808ombudsman.gov.sd. 86400 IN A 62.12.105.3
809ombudsman.gov.sd. 86400 IN MX 10
810ombudsman.gov.sd. 86400 IN TXT "v=spf1
811mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
812mail.ombudsman.gov.sd. 86400 IN MX 10
813mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
814webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
815www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
816
817Trying Zone Transfer for ombudsman.gov.sd on ns1.ndc.gov.sd ...
818ombudsman.gov.sd. 86400 IN SOA (
819ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
820ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
821ombudsman.gov.sd. 86400 IN A 62.12.105.3
822ombudsman.gov.sd. 86400 IN MX 10
823ombudsman.gov.sd. 86400 IN TXT "v=spf1
824mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
825mail.ombudsman.gov.sd. 86400 IN MX 10
826mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
827webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
828www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
829
830brute force file not specified, bay.
831 #######################################################################################################################################
832[-] Enumerating subdomains now for ombudsman.gov.sd
833[-] verbosity is enabled, will show the subdomains results in realtime
834[-] Searching now in Baidu..
835[-] Searching now in Yahoo..
836[-] Searching now in Google..
837[-] Searching now in Bing..
838[-] Searching now in Ask..
839[-] Searching now in Netcraft..
840[-] Searching now in DNSdumpster..
841[-] Searching now in Virustotal..
842[-] Searching now in ThreatCrowd..
843[-] Searching now in SSL Certificates..
844[-] Searching now in PassiveDNS..
845Yahoo: www.ombudsman.gov.sd
846[-] Saving results to file: /usr/share/sniper/loot//domains/domains-ombudsman.gov.sd.txt
847[-] Total Unique Subdomains Found: 1
848www.ombudsman.gov.sd
849#######################################################################################################################################
850===============================================
851-=Subfinder v1.1.3 github.com/subfinder/subfinder
852===============================================
853
854
855Running Source: Ask
856Running Source: Archive.is
857Running Source: Baidu
858Running Source: Bing
859Running Source: CertDB
860Running Source: CertificateTransparency
861Running Source: Certspotter
862Running Source: Commoncrawl
863Running Source: Crt.sh
864Running Source: Dnsdb
865Running Source: DNSDumpster
866Running Source: DNSTable
867Running Source: Dogpile
868Running Source: Exalead
869Running Source: Findsubdomains
870Running Source: Googleter
871Running Source: Hackertarget
872Running Source: Ipv4Info
873Running Source: PTRArchive
874Running Source: Sitedossier
875Running Source: Threatcrowd
876Running Source: ThreatMiner
877Running Source: WaybackArchive
878Running Source: Yahoo
879
880Running enumeration on ombudsman.gov.sd
881
882dnsdb: Unexpected return status 503
883
884waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.ombudsman.gov.sd/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
885
886dogpile: Get https://www.dogpile.com/search/web?q=ombudsman.gov.sd&qsi=1: EOF
887
888ipv4info: <nil>
889
890
891Starting Bruteforcing of ombudsman.gov.sd with 9985 words
892
893Total 6 Unique subdomains found for ombudsman.gov.sd
894
895.ombudsman.gov.sd
896mail.ombudsman.gov.sd
897mssql.ombudsman.gov.sd
898webmail.ombudsman.gov.sd
899www.ombudsman.gov.sd
900www.ombudsman.gov.sd
901#######################################################################################################################################
902[*] Processing domain ombudsman.gov.sd
903[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
904[+] Getting nameservers
90562.12.109.2 - ns0.ndc.gov.sd
906[+] Zone transfer sucessful using nameserver ns0.ndc.gov.sd
907ombudsman.gov.sd. 86400 IN SOA ns0.ndc.gov.sd. root.ndc.gov.sd. 2018071900 10800 900 604800 86400
908ombudsman.gov.sd. 86400 IN NS ns0.ndc.gov.sd.
909ombudsman.gov.sd. 86400 IN NS ns1.ndc.gov.sd.
910ombudsman.gov.sd. 86400 IN A 62.12.105.3
911ombudsman.gov.sd. 86400 IN MX 10 mail.obudsman.gov.sd.
912ombudsman.gov.sd. 86400 IN TXT "v=spf1 mx -all"
913mail.ombudsman.gov.sd. 86400 IN A 62.12.105.3
914mail.ombudsman.gov.sd. 86400 IN MX 10 mail.ombudsman.gov.sd.
915mssql.ombudsman.gov.sd. 86400 IN A 62.12.105.3
916webmail.ombudsman.gov.sd. 86400 IN CNAME mail.ombudsman.gov.sd.
917www.ombudsman.gov.sd. 86400 IN A 62.12.105.3
918#######################################################################################################################################
919[*] Found SPF record:
920[*] v=spf1 mx -all
921[*] SPF record contains an All item: -all
922[*] No DMARC record found. Looking for organizational record
923[+] No organizational DMARC record
924[+] Spoofing possible for ombudsman.gov.sd!
925#######################################################################################################################################
926dig: '.ombudsman.gov.sd' is not a legal name (empty label)
927
928SubOver v.1.2 Nizamul Rana (@Ice3man)
929==================================================
930
931
932[~] Enjoy your hunt !
933[Not Vulnerable] .ombudsman.gov.sd
934[Not Vulnerable] 77.72.0.146
935[Not Vulnerable] 147.237.77.18
936[Not Vulnerable] 52.64.99.208
937[Not Vulnerable] IN
938[Not Vulnerable] domain
939[Not Vulnerable] 62.12.105.3
940[Not Vulnerable] mail.ombudsman.gov.sd
941[Not Vulnerable] www.cbs.gov.ws
942[Not Vulnerable] www.sviva.gov.il
943[Not Vulnerable] ombudsman.gov.sd
944[Not Vulnerable] www.ombudsman.gov.sd
945[Not Vulnerable] webmail.ombudsman.gov.sd
946[Not Vulnerable] mssql.ombudsman.gov.sd
947#######################################################################################################################################
94862.12.96.0/20
94962.12.96.0/24
95062.12.97.0/24
95162.12.98.0/24
95262.12.99.0/24
95362.12.100.0/24
95462.12.101.0/24
95562.12.102.0/23
95662.12.104.0/24
95762.12.105.0/24
95862.12.106.0/24
95962.12.107.0/24
96062.12.108.0/24
96162.12.109.0/24
96262.12.110.0/24
96362.12.111.0/24
964#######################################################################################################################################
965Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 20:09 EDT
966Nmap scan report for ombudsman.gov.sd (62.12.105.3)
967Host is up (0.23s latency).
968rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
969Not shown: 464 filtered ports, 6 closed ports
970Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
971PORT STATE SERVICE
97221/tcp open ftp
97380/tcp open http
974110/tcp open pop3
975143/tcp open imap
976443/tcp open https
9778443/tcp open https-alt
978
979Nmap done: 1 IP address (1 host up) scanned in 6.71 seconds
980#######################################################################################################################################
981Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 20:09 EDT
982Nmap scan report for ombudsman.gov.sd (62.12.105.3)
983Host is up (0.11s latency).
984rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
985Not shown: 2 filtered ports
986PORT STATE SERVICE
98753/udp open|filtered domain
98867/udp open|filtered dhcps
98968/udp open|filtered dhcpc
99069/udp open|filtered tftp
99188/udp open|filtered kerberos-sec
992123/udp open|filtered ntp
993139/udp open|filtered netbios-ssn
994161/udp open|filtered snmp
995162/udp open|filtered snmptrap
996389/udp open|filtered ldap
997520/udp open|filtered route
9982049/udp open|filtered nfs
999
1000Nmap done: 1 IP address (1 host up) scanned in 3.13 seconds
1001#######################################################################################################################################
1002Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 20:09 EDT
1003Nmap scan report for ombudsman.gov.sd (62.12.105.3)
1004Host is up (0.25s latency).
1005rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
1006
1007PORT STATE SERVICE VERSION
100821/tcp open ftp Microsoft ftpd
1009| ftp-brute:
1010| Accounts: No valid accounts found
1011|_ Statistics: Performed 3083 guesses in 180 seconds, average tps: 16.8
1012| ftp-syst:
1013|_ SYST: Windows_NT
1014Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1015Device type: phone
1016Running: Nokia Symbian OS
1017OS CPE: cpe:/o:nokia:symbian_os
1018OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1019Network Distance: 14 hops
1020Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1021
1022TRACEROUTE (using port 21/tcp)
1023HOP RTT ADDRESS
10241 114.81 ms 10.249.200.1
10252 115.15 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
10263 106.78 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
10274 117.57 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
10285 120.43 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
10296 116.20 ms 80.77.2.193
10307 307.59 ms xe-8-1-3.0.pjr03.ldn001.flagtel.com (85.95.26.242)
10318 126.01 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
10329 280.22 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
103310 326.88 ms 80.77.2.42
103411 237.46 ms 196.29.177.113
103512 250.42 ms 197.254.196.62
103613 ...
103714 251.79 ms f03-web01.nic.gov.sd (62.12.105.3)
1038#######################################################################################################################################
1039
1040wig - WebApp Information Gatherer
1041
1042
1043Scanning http://ombudsman.gov.sd...
1044_________________________ SITE INFO _________________________
1045IP Title
104662.12.105.3 ديوان المظالم و الحسبة-الرئيسية
1047
1048__________________________ VERSION __________________________
1049Name Versions Type
1050ASP.NET 4.0.30319 Platform
1051IIS 8.5 Platform
1052jQuery 1.10.2 | 3.3.1 JavaScript
1053Microsoft Windows Server 2012 R2 OS
1054
1055_____________________________________________________________
1056Time: 229.8 sec Urls: 629 Fingerprints: 40401
1057#######################################################################################################################################
1058HTTP/1.1 302 Found
1059Cache-Control: private
1060Content-Length: 144
1061Content-Type: text/html; charset=utf-8
1062Location: /Home/Index?aspxerrorpath=/
1063Server: Microsoft-IIS/8.5
1064X-AspNetMvc-Version: 5.2
1065X-AspNet-Version: 4.0.30319
1066X-Powered-By: ASP.NET
1067X-Powered-By-Plesk: PleskWin
1068Date: Sat, 15 Jun 2019 00:17:35 GMT
1069
1070HTTP/1.1 302 Found
1071Cache-Control: private
1072Content-Length: 144
1073Content-Type: text/html; charset=utf-8
1074Location: /Home/Index?aspxerrorpath=/
1075Server: Microsoft-IIS/8.5
1076X-AspNetMvc-Version: 5.2
1077X-AspNet-Version: 4.0.30319
1078X-Powered-By: ASP.NET
1079X-Powered-By-Plesk: PleskWin
1080Date: Sat, 15 Jun 2019 00:17:35 GMT
1081
1082HTTP/1.1 500 Internal Server Error
1083Cache-Control: private
1084Content-Length: 1763
1085Content-Type: text/html; charset=utf-8
1086Server: Microsoft-IIS/8.5
1087X-AspNet-Version: 4.0.30319
1088X-Powered-By: ASP.NET
1089X-Powered-By-Plesk: PleskWin
1090Date: Sat, 15 Jun 2019 00:17:35 GMT
1091
1092Allow: OPTIONS, TRACE, GET, HEAD, POST
1093#######################################################################################################################################
1094 Bootstrap
1095 Font Awesome
1096 jQuery 3.3.1
1097 Plesk
1098 IIS 8.5
1099 Modernizr
1100 Microsoft ASP.NET 4.0.30319
1101 Microsoft ASP.NET
1102 X-AspNetMvc-Version: 5.2
1103#######################################################################################################################################
1104tee: /usr/share/sniper/loot//output/nmap-ombudsman.gov.sd-port110.txt: Aucun fichier ou dossier de ce type
1105Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 20:18 EDT
1106Nmap scan report for ombudsman.gov.sd (62.12.105.3)
1107Host is up (0.25s latency).
1108rDNS record for 62.12.105.3: f03-web01.nic.gov.sd
1109
1110PORT STATE SERVICE VERSION
1111110/tcp open pop3 MailEnable POP3 Server
1112| pop3-brute:
1113| Accounts: No valid accounts found
1114| Statistics: Performed 95 guesses in 7 seconds, average tps: 13.6
1115|_ ERROR: Failed to make a pop-connection.
1116|_pop3-capabilities: USER UIDL TOP
1117Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1118Device type: phone
1119Running: Nokia Symbian OS
1120OS CPE: cpe:/o:nokia:symbian_os
1121OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1122Network Distance: 14 hops
1123Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1124
1125TRACEROUTE (using port 443/tcp)
1126HOP RTT ADDRESS
11271 108.18 ms 10.249.200.1
11282 108.41 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
11293 108.24 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
11304 119.27 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
11315 114.07 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
11326 120.70 ms 80.77.2.193
11337 286.18 ms xe-9-0-1.0.pjr04.ldn001.flagtel.com (85.95.27.193)
11348 134.34 ms xe-8-2-1.0.cjr04.prs001.flagtel.com (85.95.25.170)
11359 280.76 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
113610 328.52 ms 80.77.2.42
113711 234.29 ms 196.29.177.113
113812 244.41 ms 197.254.196.62
113913 ...
114014 245.35 ms f03-web01.nic.gov.sd (62.12.105.3)
1141#######################################################################################################################################
1142Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:47 EDT
1143Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1144Host is up (0.22s latency).
1145Not shown: 464 filtered ports, 6 closed ports
1146Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1147PORT STATE SERVICE
114821/tcp open ftp
114980/tcp open http
1150110/tcp open pop3
1151143/tcp open imap
1152443/tcp open https
11538443/tcp open https-alt
1154
1155Nmap done: 1 IP address (1 host up) scanned in 6.80 seconds
1156#######################################################################################################################################
1157Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:47 EDT
1158Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1159Host is up (0.11s latency).
1160Not shown: 2 filtered ports
1161PORT STATE SERVICE
116253/udp open|filtered domain
116367/udp open|filtered dhcps
116468/udp open|filtered dhcpc
116569/udp open|filtered tftp
116688/udp open|filtered kerberos-sec
1167123/udp open|filtered ntp
1168139/udp open|filtered netbios-ssn
1169161/udp open|filtered snmp
1170162/udp open|filtered snmptrap
1171389/udp open|filtered ldap
1172520/udp open|filtered route
11732049/udp open|filtered nfs
1174
1175Nmap done: 1 IP address (1 host up) scanned in 2.15 seconds
1176#######################################################################################################################################
1177Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:47 EDT
1178Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1179Host is up (0.25s latency).
1180
1181PORT STATE SERVICE VERSION
118221/tcp open ftp Microsoft ftpd
1183| ftp-brute:
1184| Accounts: No valid accounts found
1185|_ Statistics: Performed 3086 guesses in 180 seconds, average tps: 16.8
1186| ftp-syst:
1187|_ SYST: Windows_NT
1188Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1189Device type: phone
1190Running: Nokia Symbian OS
1191OS CPE: cpe:/o:nokia:symbian_os
1192OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1193Network Distance: 14 hops
1194Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1195
1196TRACEROUTE (using port 21/tcp)
1197HOP RTT ADDRESS
11981 108.27 ms 10.249.200.1
11992 108.32 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
12003 108.30 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
12014 124.41 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
12025 114.62 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
12036 117.47 ms 80.77.2.193
12047 303.91 ms xe-8-1-3.0.pjr03.ldn001.flagtel.com (85.95.26.242)
12058 127.46 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
12069 280.65 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
120710 328.06 ms 80.77.2.42
120811 234.33 ms 196.29.177.113
120912 244.30 ms 197.254.196.62
121013 ...
121114 245.07 ms f03-web01.nic.gov.sd (62.12.105.3)
1212#######################################################################################################################################
1213Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:51 EDT
1214Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1215Host is up.
1216
1217PORT STATE SERVICE VERSION
121867/udp open|filtered dhcps
1219|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
1220Too many fingerprints match this host to give specific OS details
1221
1222TRACEROUTE (using proto 1/icmp)
1223HOP RTT ADDRESS
12241 107.99 ms 10.249.200.1
12252 108.92 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
12263 108.04 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
12274 115.01 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
12285 114.44 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
12296 117.22 ms 80.77.2.193
12307 284.27 ms xe-9-0-1.0.pjr04.ldn001.flagtel.com (85.95.27.193)
12318 127.63 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
12329 281.29 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
123310 351.01 ms 80.77.2.42
123411 235.72 ms 196.29.177.113
123512 245.18 ms 197.254.196.62
123613 ... 30
1237#######################################################################################################################################
1238Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:53 EDT
1239Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1240Host is up.
1241
1242PORT STATE SERVICE VERSION
124368/udp open|filtered dhcpc
1244Too many fingerprints match this host to give specific OS details
1245
1246TRACEROUTE (using proto 1/icmp)
1247HOP RTT ADDRESS
12481 113.23 ms 10.249.200.1
12492 113.79 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
12503 113.82 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
12514 116.20 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
12525 119.44 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
12536 122.43 ms 80.77.2.193
12547 291.09 ms xe-9-0-1.0.pjr04.ldn001.flagtel.com (85.95.27.193)
12558 127.47 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
12569 279.87 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
125710 327.09 ms 80.77.2.42
125811 244.13 ms 196.29.177.113
125912 253.82 ms 197.254.196.62
126013 ... 30
1261#######################################################################################################################################
1262Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:55 EDT
1263Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1264Host is up.
1265
1266PORT STATE SERVICE VERSION
126769/udp open|filtered tftp
1268Too many fingerprints match this host to give specific OS details
1269
1270TRACEROUTE (using proto 1/icmp)
1271HOP RTT ADDRESS
12721 109.98 ms 10.249.200.1
12732 110.54 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
12743 110.06 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
12754 110.09 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
12765 116.36 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
12776 119.03 ms 80.77.2.193
12787 288.67 ms xe-9-0-1.0.pjr04.ldn001.flagtel.com (85.95.27.193)
12798 129.43 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
12809 282.66 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
128110 330.12 ms 80.77.2.42
128211 235.57 ms 196.29.177.113
128312 245.06 ms 197.254.196.62
128413 ... 30
1285#######################################################################################################################################
1286wig - WebApp Information Gatherer
1287
1288
1289Scanning http://62.12.105.3...
1290______________________ SITE INFO _______________________
1291IP Title
129262.12.105.3 Domain Default page
1293
1294_______________________ VERSION ________________________
1295Name Versions Type
1296ASP.NET 4.0.30319 Platform
1297IIS 8.5 Platform
1298Microsoft Windows Server 2012 R2 OS
1299
1300________________________________________________________
1301Time: 36.8 sec Urls: 601 Fingerprints: 40401
1302#######################################################################################################################################
1303HTTP/1.1 200 OK
1304Content-Length: 3815
1305Content-Type: text/html
1306Last-Modified: Sun, 24 Apr 2016 21:37:41 GMT
1307Accept-Ranges: bytes
1308ETag: "f1eb6487719ed11:0"
1309Server: Microsoft-IIS/8.5
1310X-Powered-By: ASP.NET
1311Date: Fri, 14 Jun 2019 23:58:38 GMT
1312
1313HTTP/1.1 200 OK
1314Content-Length: 3815
1315Content-Type: text/html
1316Last-Modified: Sun, 24 Apr 2016 21:37:41 GMT
1317Accept-Ranges: bytes
1318ETag: "f1eb6487719ed11:0"
1319Server: Microsoft-IIS/8.5
1320X-Powered-By: ASP.NET
1321Date: Fri, 14 Jun 2019 23:58:39 GMT
1322
1323Allow: OPTIONS, TRACE, GET, HEAD, POST
1324#######################################################################################################################################
1325Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:58 EDT
1326Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1327Host is up (0.25s latency).
1328
1329PORT STATE SERVICE VERSION
1330110/tcp open pop3 MailEnable POP3 Server
1331| pop3-brute:
1332| Accounts: No valid accounts found
1333| Statistics: Performed 85 guesses in 7 seconds, average tps: 12.1
1334|_ ERROR: Failed to make a pop-connection.
1335|_pop3-capabilities: TOP USER UIDL
1336Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1337Device type: phone
1338Running: Nokia Symbian OS
1339OS CPE: cpe:/o:nokia:symbian_os
1340OS details: Nokia E70 or N86 mobile phone (Symbian OS)
1341Network Distance: 14 hops
1342Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1343
1344TRACEROUTE (using port 443/tcp)
1345HOP RTT ADDRESS
13461 107.51 ms 10.249.200.1
13472 107.93 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
13483 107.65 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
13494 117.95 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
13505 150.84 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
13516 116.52 ms 80.77.2.193
13527 306.04 ms xe-8-1-3.0.pjr03.ldn001.flagtel.com (85.95.26.242)
13538 126.86 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
13549 280.43 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
135510 327.66 ms 80.77.2.42
135611 235.45 ms 196.29.177.113
135712 244.96 ms 197.254.196.62
135813 ...
135914 262.43 ms f03-web01.nic.gov.sd (62.12.105.3)
1360#######################################################################################################################################
1361Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 19:59 EDT
1362Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1363Host is up.
1364
1365PORT STATE SERVICE VERSION
1366123/udp open|filtered ntp
1367Too many fingerprints match this host to give specific OS details
1368
1369TRACEROUTE (using proto 1/icmp)
1370HOP RTT ADDRESS
13711 111.37 ms 10.249.200.1
13722 111.94 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
13733 111.73 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
13744 111.59 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
13755 117.61 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
13766 120.42 ms 80.77.2.193
13777 285.12 ms xe-9-0-1.0.pjr04.ldn001.flagtel.com (85.95.27.193)
13788 132.51 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
13799 284.28 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
138010 332.36 ms 80.77.2.42
138111 235.19 ms 196.29.177.113
138212 249.02 ms 197.254.196.62
138313 ... 30
1384#######################################################################################################################################
1385Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 20:03 EDT
1386NSE: Loaded 148 scripts for scanning.
1387NSE: Script Pre-scanning.
1388NSE: Starting runlevel 1 (of 2) scan.
1389Initiating NSE at 20:03
1390Completed NSE at 20:03, 0.00s elapsed
1391NSE: Starting runlevel 2 (of 2) scan.
1392Initiating NSE at 20:03
1393Completed NSE at 20:03, 0.00s elapsed
1394Initiating Ping Scan at 20:03
1395Scanning 62.12.105.3 [4 ports]
1396Completed Ping Scan at 20:03, 0.28s elapsed (1 total hosts)
1397Initiating Parallel DNS resolution of 1 host. at 20:03
1398Completed Parallel DNS resolution of 1 host. at 20:03, 0.02s elapsed
1399Initiating Connect Scan at 20:03
1400Scanning f03-web01.nic.gov.sd (62.12.105.3) [65535 ports]
1401Discovered open port 80/tcp on 62.12.105.3
1402Discovered open port 110/tcp on 62.12.105.3
1403Discovered open port 443/tcp on 62.12.105.3
1404Discovered open port 21/tcp on 62.12.105.3
1405Discovered open port 143/tcp on 62.12.105.3
1406Connect Scan Timing: About 6.92% done; ETC: 20:10 (0:06:57 remaining)
1407Connect Scan Timing: About 17.02% done; ETC: 20:09 (0:04:57 remaining)
1408Connect Scan Timing: About 25.73% done; ETC: 20:09 (0:04:23 remaining)
1409Connect Scan Timing: About 44.65% done; ETC: 20:10 (0:03:59 remaining)
1410Connect Scan Timing: About 52.02% done; ETC: 20:11 (0:03:37 remaining)
1411Connect Scan Timing: About 60.82% done; ETC: 20:11 (0:03:12 remaining)
1412Connect Scan Timing: About 71.01% done; ETC: 20:11 (0:02:14 remaining)
1413Connect Scan Timing: About 84.00% done; ETC: 20:10 (0:01:08 remaining)
1414Connect Scan Timing: About 92.34% done; ETC: 20:10 (0:00:32 remaining)
1415Completed Connect Scan at 20:10, 413.88s elapsed (65535 total ports)
1416Initiating Service scan at 20:10
1417Scanning 5 services on f03-web01.nic.gov.sd (62.12.105.3)
1418Completed Service scan at 20:10, 25.60s elapsed (5 services on 1 host)
1419Initiating OS detection (try #1) against f03-web01.nic.gov.sd (62.12.105.3)
1420Retrying OS detection (try #2) against f03-web01.nic.gov.sd (62.12.105.3)
1421adjust_timeouts2: packet supposedly had rtt of -226841 microseconds. Ignoring time.
1422adjust_timeouts2: packet supposedly had rtt of -226841 microseconds. Ignoring time.
1423Initiating Traceroute at 20:11
1424Completed Traceroute at 20:11, 6.34s elapsed
1425Initiating Parallel DNS resolution of 12 hosts. at 20:11
1426Completed Parallel DNS resolution of 12 hosts. at 20:11, 0.20s elapsed
1427NSE: Script scanning 62.12.105.3.
1428NSE: Starting runlevel 1 (of 2) scan.
1429Initiating NSE at 20:11
1430NSE Timing: About 99.12% done; ETC: 20:11 (0:00:00 remaining)
1431NSE Timing: About 99.27% done; ETC: 20:12 (0:00:00 remaining)
1432NSE Timing: About 99.71% done; ETC: 20:12 (0:00:00 remaining)
1433Completed NSE at 20:12, 92.84s elapsed
1434NSE: Starting runlevel 2 (of 2) scan.
1435Initiating NSE at 20:12
1436Completed NSE at 20:12, 0.50s elapsed
1437Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1438Host is up, received syn-ack ttl 112 (0.19s latency).
1439Scanned at 2019-06-14 20:03:29 EDT for 551s
1440Not shown: 65523 filtered ports
1441Reason: 65522 no-responses and 1 host-unreach
1442PORT STATE SERVICE REASON VERSION
144321/tcp open ftp syn-ack Microsoft ftpd
1444| ftp-syst:
1445|_ SYST: Windows_NT
1446| ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/localityName=Seattle/emailAddress=info@plesk.com
1447| Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US/organizationalUnitName=Plesk/localityName=Seattle/emailAddress=info@plesk.com
1448| Public Key type: rsa
1449| Public Key bits: 2048
1450| Signature Algorithm: sha256WithRSAEncryption
1451| Not valid before: 2016-04-19T09:30:36
1452| Not valid after: 2017-04-19T09:30:36
1453| MD5: 8d45 138f 8b9f f882 90d9 90be 195a f4d0
1454| SHA-1: 69d9 baa7 b23e 96ac 6090 cc93 d352 5c78 acba 9790
1455| -----BEGIN CERTIFICATE-----
1456| MIIEajCCA1KgAwIBAgIEBNin+DANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMC
1457| VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxDTALBgNV
1458| BAoTBE9kaW4xDjAMBgNVBAsTBVBsZXNrMQ4wDAYDVQQDEwVQbGVzazEdMBsGCSqG
1459| SIb3DQEJARYOaW5mb0BwbGVzay5jb20wHhcNMTYwNDE5MDkzMDM2WhcNMTcwNDE5
1460| MDkzMDM2WjCBgjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO
1461| BgNVBAcTB1NlYXR0bGUxDTALBgNVBAoTBE9kaW4xDjAMBgNVBAsTBVBsZXNrMQ4w
1462| DAYDVQQDEwVQbGVzazEdMBsGCSqGSIb3DQEJARYOaW5mb0BwbGVzay5jb20wggEi
1463| MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSBgk7uIcz0ea9fN1QDp3Pl19b
1464| rjqqnl3b7UIxbZaPhoraBvBknLJ0hEzOitQmKsxIsGKPLjxSb6WMmiE+YRH0kvOU
1465| oXWa/yjRx3rG6Z+Wd6U7r7IIbWdBMGgbTQ2OdzmrKXVqoaXM2crH9cPDhWJgkVu9
1466| Q6zuUiMjo7cwFR1X/vAVPW1C4l5HQcW3oGC14ll5jC15IbB04YusglQVfD/8u246
1467| nMRgToyj+gxMvsifYG9h53OT0qJz/MFk4PvtG2MAy8ipR10VMtOUrMqzaZ1ntjex
1468| sqog2cNgT6LLRMi870OCRaT/cVYCjNlhcQIE2Tpyf9MYKK0myMokTBXs+WNHAgMB
1469| AAGjgeUwgeIwHQYDVR0OBBYEFKXkfR1gs1JC6WRjoLsdij8g/DVYMIGyBgNVHSME
1470| gaowgaeAFKXkfR1gs1JC6WRjoLsdij8g/DVYoYGIpIGFMIGCMQswCQYDVQQGEwJV
1471| UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2VhdHRsZTENMAsGA1UE
1472| ChMET2RpbjEOMAwGA1UECxMFUGxlc2sxDjAMBgNVBAMTBVBsZXNrMR0wGwYJKoZI
1473| hvcNAQkBFg5pbmZvQHBsZXNrLmNvbYIEBNin+DAMBgNVHRMEBTADAQH/MA0GCSqG
1474| SIb3DQEBCwUAA4IBAQARU5/ZcbkEx+CNZjqAY2r5h5m2Bq5kt0CY+j6uH05oreL9
1475| 5gKbBctsDTehfCw5+VpFpv4lCogQ9QJlQ8A3VQXV4kjueRIMvrShPbh7vZ1LcQNR
1476| PXDUyNZpbItE29/rJe4qvgFWMd73yw18H871kwLtddx0XfOv2tgO5fzLr9BT5hzq
1477| E9upUN40ATHb/bDcAVLsUTOmYM9idZ4AS/oj0oCeBR9eqcw3IHNneIO3Qk2EA2UO
1478| U93iDngn3tuYqUFlLZSjcVfWIWvY7cDMfqGEdanpz42V5nFqUQ76sWvYb8iF73uy
1479| uxIFo3Edw+sf2D1fyEpbDQZNsNiNSyUUHUq3qagk
1480|_-----END CERTIFICATE-----
148125/tcp closed smtp conn-refused
148280/tcp open http syn-ack Microsoft IIS httpd 8.5
1483|_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1484| http-methods:
1485| Supported Methods: OPTIONS TRACE GET HEAD POST
1486|_ Potentially risky methods: TRACE
1487|_http-server-header: Microsoft-IIS/8.5
1488|_http-title: Domain Default page
1489110/tcp open pop3 syn-ack MailEnable POP3 Server
1490|_pop3-capabilities: USER UIDL TOP
1491113/tcp closed ident conn-refused
1492139/tcp closed netbios-ssn conn-refused
1493143/tcp open imap syn-ack MailEnable imapd
1494|_imap-capabilities: IMAP4 IMAP4rev1 AUTH=LOGIN OK completed CHILDREN AUTH=CRAM-MD5 CAPABILITY IDLE UIDPLUSA0001
1495443/tcp open https? syn-ack
1496445/tcp closed microsoft-ds conn-refused
1497993/tcp closed imaps conn-refused
1498995/tcp closed pop3s conn-refused
14991025/tcp closed NFS-or-IIS conn-refused
1500Device type: general purpose|WAP|router
1501Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (98%), MikroTik RouterOS 6.X (92%)
1502OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15 cpe:/o:linux:linux_kernel:2.6.22
1503OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
1504Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (98%), Tomato 1.27 - 1.28 (Linux 2.4.20) (92%), Linux 3.2.0 (92%), MikroTik RouterOS 6.15 (Linux 3.3.5) (92%), Tomato firmware (Linux 2.6.22) (91%)
1505No exact OS matches for host (test conditions non-ideal).
1506TCP/IP fingerprint:
1507SCAN(V=7.70%E=4%D=6/14%OT=21%CT=25%CU=%PV=N%G=N%TM=5D0437F8%P=x86_64-pc-linux-gnu)
1508SEQ(SP=FF%GCD=1%ISR=103%CI=Z%TS=U)
1509SEQ(CI=Z)
1510OPS(O1=M44FW8N%O2=M44FW8N%O3=M44FW8N%O4=M44FW8N%O5=M44FW8N%O6=M44F)
1511WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
1512ECN(R=Y%DF=Y%TG=80%W=2000%O=M44FW8N%CC=Y%Q=)
1513ECN(R=N)
1514T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
1515T2(R=N)
1516T3(R=N)
1517T4(R=N)
1518T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
1519T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
1520T7(R=N)
1521U1(R=N)
1522IE(R=N)
1523
1524Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1525
1526TRACEROUTE (using proto 1/icmp)
1527HOP RTT ADDRESS
15281 112.96 ms 10.249.200.1
15292 113.16 ms vlan500.as03.bru1.be.m247.com (185.210.217.49)
15303 113.00 ms vlan299.agg1.bru1.be.m247.com (176.10.82.60)
15314 122.99 ms vlan2901.bb1.bru1.be.m247.com (176.10.82.30)
15325 151.61 ms te-7-7-0.bb1.lon1.uk.m247.com (176.10.83.147)
15336 148.57 ms 80.77.2.193
15347 287.17 ms xe-9-0-1.0.pjr04.ldn001.flagtel.com (85.95.27.193)
15358 132.28 ms xe-8-2-0.0.cjr04.prs001.flagtel.com (85.95.27.234)
15369 285.74 ms xe-0-0-1.0.pjr04.dxb001.flagtel.com (85.95.25.94)
153710 333.26 ms 80.77.2.42
153811 235.30 ms 196.29.177.113
153912 245.09 ms 197.254.196.62
154013 ... 30
1541
1542NSE: Script Post-scanning.
1543NSE: Starting runlevel 1 (of 2) scan.
1544Initiating NSE at 20:12
1545Completed NSE at 20:12, 0.00s elapsed
1546NSE: Starting runlevel 2 (of 2) scan.
1547Initiating NSE at 20:12
1548Completed NSE at 20:12, 0.00s elapsed
1549Read data files from: /usr/bin/../share/nmap
1550OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1551Nmap done: 1 IP address (1 host up) scanned in 550.98 seconds
1552 Raw packets sent: 173 (11.884KB) | Rcvd: 2132 (119.118KB)
1553#######################################################################################################################################
1554Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 20:12 EDT
1555NSE: Loaded 148 scripts for scanning.
1556NSE: Script Pre-scanning.
1557Initiating NSE at 20:12
1558Completed NSE at 20:12, 0.00s elapsed
1559Initiating NSE at 20:12
1560Completed NSE at 20:12, 0.00s elapsed
1561Initiating Parallel DNS resolution of 1 host. at 20:12
1562Completed Parallel DNS resolution of 1 host. at 20:12, 0.03s elapsed
1563Initiating UDP Scan at 20:12
1564Scanning f03-web01.nic.gov.sd (62.12.105.3) [14 ports]
1565Completed UDP Scan at 20:12, 2.00s elapsed (14 total ports)
1566Initiating Service scan at 20:12
1567Scanning 12 services on f03-web01.nic.gov.sd (62.12.105.3)
1568Service scan Timing: About 8.33% done; ETC: 20:32 (0:17:58 remaining)
1569Completed Service scan at 20:14, 102.58s elapsed (12 services on 1 host)
1570Initiating OS detection (try #1) against f03-web01.nic.gov.sd (62.12.105.3)
1571Retrying OS detection (try #2) against f03-web01.nic.gov.sd (62.12.105.3)
1572Initiating Traceroute at 20:14
1573Completed Traceroute at 20:14, 7.13s elapsed
1574Initiating Parallel DNS resolution of 1 host. at 20:14
1575Completed Parallel DNS resolution of 1 host. at 20:14, 0.00s elapsed
1576NSE: Script scanning 62.12.105.3.
1577Initiating NSE at 20:14
1578Completed NSE at 20:14, 20.32s elapsed
1579Initiating NSE at 20:14
1580Completed NSE at 20:14, 1.02s elapsed
1581Nmap scan report for f03-web01.nic.gov.sd (62.12.105.3)
1582Host is up (0.11s latency).
1583
1584PORT STATE SERVICE VERSION
158553/udp open|filtered domain
158667/udp open|filtered dhcps
158768/udp open|filtered dhcpc
158869/udp open|filtered tftp
158988/udp open|filtered kerberos-sec
1590123/udp open|filtered ntp
1591137/udp filtered netbios-ns
1592138/udp filtered netbios-dgm
1593139/udp open|filtered netbios-ssn
1594161/udp open|filtered snmp
1595162/udp open|filtered snmptrap
1596389/udp open|filtered ldap
1597520/udp open|filtered route
15982049/udp open|filtered nfs
1599Too many fingerprints match this host to give specific OS details
1600
1601TRACEROUTE (using port 137/udp)
1602HOP RTT ADDRESS
16031 109.29 ms 10.249.200.1
16042 ... 3
16054 106.89 ms 10.249.200.1
16065 114.41 ms 10.249.200.1
16076 108.04 ms 10.249.200.1
16087 108.05 ms 10.249.200.1
16098 108.06 ms 10.249.200.1
16109 108.07 ms 10.249.200.1
161110 108.11 ms 10.249.200.1
161211 ... 18
161319 106.49 ms 10.249.200.1
161420 106.21 ms 10.249.200.1
161521 ... 27
161628 107.49 ms 10.249.200.1
161729 ...
161830 112.61 ms 10.249.200.1
1619
1620NSE: Script Post-scanning.
1621Initiating NSE at 20:14
1622Completed NSE at 20:14, 0.00s elapsed
1623Initiating NSE at 20:14
1624Completed NSE at 20:14, 0.00s elapsed
1625Read data files from: /usr/bin/../share/nmap
1626OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1627Nmap done: 1 IP address (1 host up) scanned in 137.94 seconds
1628 Raw packets sent: 147 (13.614KB) | Rcvd: 981 (407.074KB)
1629#######################################################################################################################################
1630
1631Hosts
1632=====
1633
1634address mac name os_name os_flavor os_sp purpose info comments
1635------- --- ---- ------- --------- ----- ------- ---- --------
163652.64.99.208 cbs.gov.ws Linux 3.X server
163762.12.105.3 f03-web01.nic.gov.sd Linux 2.6.X server
163877.72.0.146 argon.cloudhosting.co.uk Unknown device
1639147.237.77.18 Unknown device
1640
1641Services
1642========
1643
1644host port proto name state info
1645---- ---- ----- ---- ----- ----
164652.64.99.208 20 tcp ftp-data closed
164752.64.99.208 21 tcp ftp open vsftpd 3.0.2
164852.64.99.208 25 tcp smtp closed
164952.64.99.208 53 udp domain unknown
165052.64.99.208 67 udp dhcps unknown
165152.64.99.208 68 udp dhcpc unknown
165252.64.99.208 69 udp tftp unknown
165352.64.99.208 80 tcp http open Apache httpd
165452.64.99.208 88 udp kerberos-sec unknown
165552.64.99.208 123 udp ntp unknown
165652.64.99.208 137 udp netbios-ns filtered
165752.64.99.208 138 udp netbios-dgm filtered
165852.64.99.208 139 tcp netbios-ssn closed
165952.64.99.208 139 udp netbios-ssn unknown
166052.64.99.208 161 udp snmp unknown
166152.64.99.208 162 udp snmptrap unknown
166252.64.99.208 389 udp ldap unknown
166352.64.99.208 443 tcp ssl/http open Apache httpd
166452.64.99.208 445 tcp microsoft-ds closed
166552.64.99.208 520 udp route unknown
166652.64.99.208 1024 tcp kdm closed
166752.64.99.208 1025 tcp nfs-or-iis closed
166852.64.99.208 1026 tcp lsa-or-nterm closed
166952.64.99.208 1027 tcp iis closed
167052.64.99.208 1028 tcp unknown closed
167152.64.99.208 1029 tcp ms-lsa closed
167252.64.99.208 1030 tcp iad1 closed
167352.64.99.208 1031 tcp iad2 closed
167452.64.99.208 1032 tcp iad3 closed
167552.64.99.208 1033 tcp netinfo closed
167652.64.99.208 1034 tcp zincite-a closed
167752.64.99.208 1035 tcp multidropper closed
167852.64.99.208 1036 tcp nsstp closed
167952.64.99.208 1037 tcp ams closed
168052.64.99.208 1038 tcp mtqp closed
168152.64.99.208 1039 tcp sbl closed
168252.64.99.208 1040 tcp netsaint closed
168352.64.99.208 1041 tcp danf-ak2 closed
168452.64.99.208 1042 tcp afrog closed
168552.64.99.208 1043 tcp boinc closed
168652.64.99.208 1044 tcp dcutility closed
168752.64.99.208 1045 tcp fpitp closed
168852.64.99.208 1046 tcp wfremotertm closed
168952.64.99.208 1047 tcp neod1 closed
169052.64.99.208 1048 tcp neod2 closed
169152.64.99.208 2049 udp nfs unknown
169262.12.105.3 21 tcp ftp open Microsoft ftpd
169362.12.105.3 25 tcp smtp closed
169462.12.105.3 53 udp domain unknown
169562.12.105.3 67 udp dhcps unknown
169662.12.105.3 68 udp dhcpc unknown
169762.12.105.3 69 udp tftp unknown
169862.12.105.3 80 tcp http open Microsoft IIS httpd 8.5
169962.12.105.3 88 udp kerberos-sec unknown
170062.12.105.3 110 tcp pop3 open MailEnable POP3 Server
170162.12.105.3 113 tcp ident closed
170262.12.105.3 123 udp ntp unknown
170362.12.105.3 137 udp netbios-ns filtered
170462.12.105.3 138 udp netbios-dgm filtered
170562.12.105.3 139 tcp netbios-ssn closed
170662.12.105.3 139 udp netbios-ssn unknown
170762.12.105.3 143 tcp imap open MailEnable imapd
170862.12.105.3 161 udp snmp unknown
170962.12.105.3 162 udp snmptrap unknown
171062.12.105.3 389 udp ldap unknown
171162.12.105.3 443 tcp https open
171262.12.105.3 445 tcp microsoft-ds closed
171362.12.105.3 520 udp route unknown
171462.12.105.3 993 tcp imaps closed
171562.12.105.3 995 tcp pop3s closed
171662.12.105.3 1025 tcp nfs-or-iis closed
171762.12.105.3 2049 udp nfs unknown
171862.12.105.3 8443 tcp https-alt open
171977.72.0.146 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 50 allowed.\x0d\x0a220-Local time is now 23:05. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
172077.72.0.146 67 udp dhcps unknown
172177.72.0.146 68 udp dhcpc unknown
172277.72.0.146 69 udp tftp unknown
172377.72.0.146 80 tcp http open
172477.72.0.146 88 udp kerberos-sec unknown
172577.72.0.146 110 tcp pop3 open
172677.72.0.146 123 udp ntp unknown
172777.72.0.146 139 udp netbios-ssn unknown
172877.72.0.146 143 tcp imap open
172977.72.0.146 389 udp ldap unknown
173077.72.0.146 443 tcp https open
173177.72.0.146 465 tcp smtps open
173277.72.0.146 520 udp route unknown
173377.72.0.146 587 tcp submission open
173477.72.0.146 993 tcp imaps open
173577.72.0.146 995 tcp pop3s open
173677.72.0.146 2049 udp nfs unknown
1737147.237.77.18 53 udp domain unknown
1738147.237.77.18 67 udp dhcps unknown
1739147.237.77.18 68 udp dhcpc unknown
1740147.237.77.18 69 udp tftp unknown
1741147.237.77.18 80 tcp http open
1742147.237.77.18 88 udp kerberos-sec unknown
1743147.237.77.18 123 udp ntp unknown
1744147.237.77.18 139 udp netbios-ssn unknown
1745147.237.77.18 161 udp snmp unknown
1746147.237.77.18 162 udp snmptrap unknown
1747147.237.77.18 389 udp ldap unknown
1748147.237.77.18 520 udp route unknown
1749147.237.77.18 2049 udp nfs unknown
1750#######################################################################################################################################
1751Domains still to check: 1
1752 Checking if the hostname ombudsman.gov.sd. given is in fact a domain...
1753
1754Analyzing domain: ombudsman.gov.sd.
1755 Checking NameServers using system default resolver...
1756 IP: 62.12.109.2 (Sudan)
1757 HostName: ns0.ndc.gov.sd Type: NS
1758 IP: 62.12.109.3 (Sudan)
1759 HostName: ns1.ndc.gov.sd Type: NS
1760
1761 Checking MailServers using system default resolver...
1762 WARNING!! There are no MX records for this domain
1763
1764 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1765 Zone transfer successful on name server 62.12.109.2 (5 hosts)
1766 Zone transfer successful on name server 62.12.109.3 (5 hosts)
1767
1768 Checking SPF record...
1769
1770 Checking 5 most common hostnames using system default resolver...
1771 IP: 62.12.105.3 (Sudan)
1772 HostName: mssql.ombudsman.gov.sd. Type: A
1773 IP: 62.12.105.3 (Sudan)
1774 HostName: mssql.ombudsman.gov.sd. Type: A
1775 HostName: mail.ombudsman.gov.sd. Type: A
1776 HostName: f03-web01.nic.gov.sd Type: PTR
1777 IP: 62.12.105.3 (Sudan)
1778 HostName: mssql.ombudsman.gov.sd. Type: A
1779 HostName: mail.ombudsman.gov.sd. Type: A
1780 HostName: f03-web01.nic.gov.sd Type: PTR
1781 HostName: www.ombudsman.gov.sd. Type: A
1782 IP: 62.12.105.3 (Sudan)
1783 HostName: mssql.ombudsman.gov.sd. Type: A
1784 HostName: mail.ombudsman.gov.sd. Type: A
1785 HostName: f03-web01.nic.gov.sd Type: PTR
1786 HostName: www.ombudsman.gov.sd. Type: A
1787 HostName: webmail.ombudsman.gov.sd. Type: A
1788
1789 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1790 Checking netblock 62.12.109.0
1791 Checking netblock 62.12.105.0
1792
1793 Searching for ombudsman.gov.sd. emails in Google
1794
1795 Checking 3 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1796 Host 62.12.109.2 is up (reset ttl 64)
1797 Host 62.12.109.3 is up (reset ttl 64)
1798 Host 62.12.105.3 is up (reset ttl 64)
1799
1800 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1801 Scanning ip 62.12.109.2 (ns0.ndc.gov.sd):
1802 53/tcp open domain syn-ack ttl 48 (unknown banner: you guess!)
1803 | dns-nsid:
1804 |_ bind.version: you guess!
1805 | fingerprint-strings:
1806 | DNSVersionBindReqTCP:
1807 | version
1808 | bind
1809 |_ guess!
1810 Scanning ip 62.12.109.3 (ns1.ndc.gov.sd):
1811 53/tcp open domain syn-ack ttl 48 (unknown banner: you guess!)
1812 | dns-nsid:
1813 |_ bind.version: you guess!
1814 | fingerprint-strings:
1815 | DNSVersionBindReqTCP:
1816 | version
1817 | bind
1818 |_ guess!
1819 Scanning ip 62.12.105.3 (webmail.ombudsman.gov.sd.):
1820 21/tcp open ftp syn-ack ttl 112 Microsoft ftpd
1821 | ftp-syst:
1822 |_ SYST: Windows_NT
1823 | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
1824 | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
1825 | Public Key type: rsa
1826 | Public Key bits: 2048
1827 | Signature Algorithm: sha256WithRSAEncryption
1828 | Not valid before: 2016-04-19T09:30:36
1829 | Not valid after: 2017-04-19T09:30:36
1830 | MD5: 8d45 138f 8b9f f882 90d9 90be 195a f4d0
1831 |_SHA-1: 69d9 baa7 b23e 96ac 6090 cc93 d352 5c78 acba 9790
1832 80/tcp open http syn-ack ttl 112 Microsoft IIS httpd 8.5
1833 |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1834 | http-methods:
1835 | Supported Methods: OPTIONS TRACE GET HEAD POST
1836 |_ Potentially risky methods: TRACE
1837 |_http-server-header: Microsoft-IIS/8.5
1838 |_http-title: Domain Default page
1839 110/tcp open pop3 syn-ack ttl 112 MailEnable POP3 Server
1840 |_pop3-capabilities: USER TOP UIDL
1841 143/tcp open imap syn-ack ttl 112 MailEnable imapd
1842 |_imap-capabilities: IMAP4 OK completed AUTH=LOGIN IDLE UIDPLUSA0001 AUTH=CRAM-MD5 IMAP4rev1 CAPABILITY CHILDREN
1843 443/tcp open https? syn-ack ttl 112
1844 8443/tcp open ssl/http syn-ack ttl 112 Microsoft IIS httpd 8.5
1845 |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1846 | http-methods:
1847 |_ Supported Methods: GET HEAD POST OPTIONS
1848 | http-robots.txt: 1 disallowed entry
1849 |_/
1850 |_http-server-header: Microsoft-IIS/8.5
1851 |_http-title: Plesk Onyx 17.8.11
1852 | ssl-cert: Subject: commonName=f03-web01.nic.gov.sd
1853 | Subject Alternative Name: DNS:f03-web01.nic.gov.sd
1854 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1855 | Public Key type: rsa
1856 | Public Key bits: 2048
1857 | Signature Algorithm: sha256WithRSAEncryption
1858 | Not valid before: 2019-05-16T00:30:46
1859 | Not valid after: 2019-08-14T00:30:46
1860 | MD5: 8a76 d806 383f 0437 1e28 3297 e8bc 357a
1861 |_SHA-1: 2d8f b6fa 2b1d d78f 9c4f 7916 a2b0 d7c3 e5c9 5305
1862 Device type: general purpose|WAP|router
1863 Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (98%), MikroTik RouterOS 6.X (92%)
1864 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1865 WebCrawling domain's web servers... up to 50 max links.
1866
1867 + URL to crawl: http://mail.ombudsman.gov.sd.
1868 + Date: 2019-06-14
1869
1870 + Crawling URL: http://mail.ombudsman.gov.sd.:
1871 + Links:
1872 + Crawling http://mail.ombudsman.gov.sd. (400 Bad Request)
1873 + Searching for directories...
1874 + Searching open folders...
1875
1876
1877 + URL to crawl: http://webmail.ombudsman.gov.sd.
1878 + Date: 2019-06-14
1879
1880 + Crawling URL: http://webmail.ombudsman.gov.sd.:
1881 + Links:
1882 + Crawling http://webmail.ombudsman.gov.sd. (400 Bad Request)
1883 + Searching for directories...
1884 + Searching open folders...
1885
1886
1887 + URL to crawl: http://mssql.ombudsman.gov.sd.
1888 + Date: 2019-06-14
1889
1890 + Crawling URL: http://mssql.ombudsman.gov.sd.:
1891 + Links:
1892 + Crawling http://mssql.ombudsman.gov.sd. (400 Bad Request)
1893 + Searching for directories...
1894 + Searching open folders...
1895
1896
1897 + URL to crawl: http://www.ombudsman.gov.sd.
1898 + Date: 2019-06-14
1899
1900 + Crawling URL: http://www.ombudsman.gov.sd.:
1901 + Links:
1902 + Crawling http://www.ombudsman.gov.sd. (400 Bad Request)
1903 + Searching for directories...
1904 + Searching open folders...
1905
1906
1907 + URL to crawl: https://mail.ombudsman.gov.sd.:8443
1908 + Date: 2019-06-14
1909
1910 + Crawling URL: https://mail.ombudsman.gov.sd.:8443:
1911 + Links:
1912 + Crawling https://mail.ombudsman.gov.sd.:8443 ([Errno 104] Connection reset by peer)
1913 + Searching for directories...
1914 + Searching open folders...
1915
1916
1917 + URL to crawl: https://webmail.ombudsman.gov.sd.:8443
1918 + Date: 2019-06-14
1919
1920 + Crawling URL: https://webmail.ombudsman.gov.sd.:8443:
1921 + Links:
1922 + Crawling https://webmail.ombudsman.gov.sd.:8443 ([Errno 104] Connection reset by peer)
1923 + Searching for directories...
1924 + Searching open folders...
1925
1926
1927 + URL to crawl: https://mssql.ombudsman.gov.sd.:8443
1928 + Date: 2019-06-14
1929
1930 + Crawling URL: https://mssql.ombudsman.gov.sd.:8443:
1931 + Links:
1932 + Crawling https://mssql.ombudsman.gov.sd.:8443 ([Errno 104] Connection reset by peer)
1933 + Searching for directories...
1934 + Searching open folders...
1935
1936
1937 + URL to crawl: https://www.ombudsman.gov.sd.:8443
1938 + Date: 2019-06-14
1939
1940 + Crawling URL: https://www.ombudsman.gov.sd.:8443:
1941 + Links:
1942 + Crawling https://www.ombudsman.gov.sd.:8443 ([Errno 104] Connection reset by peer)
1943 + Searching for directories...
1944 + Searching open folders...
1945
1946--Finished--
1947Summary information for domain ombudsman.gov.sd.
1948---------------------------------------------------------------------------------------------------------------------------------------
1949
1950 Domain Ips Information:
1951 IP: 62.12.109.2
1952 HostName: ns0.ndc.gov.sd Type: NS
1953 Country: Sudan
1954 Zone Transfer: 5
1955 Is Active: True (reset ttl 64)
1956 Port: 53/tcp open domain syn-ack ttl 48 (unknown banner: you guess!)
1957 Script Info: | dns-nsid:
1958 Script Info: |_ bind.version: you guess!
1959 Script Info: | fingerprint-strings:
1960 Script Info: | DNSVersionBindReqTCP:
1961 Script Info: | version
1962 Script Info: | bind
1963 Script Info: |_ guess!
1964 IP: 62.12.109.3
1965 HostName: ns1.ndc.gov.sd Type: NS
1966 Country: Sudan
1967 Zone Transfer: 5
1968 Is Active: True (reset ttl 64)
1969 Port: 53/tcp open domain syn-ack ttl 48 (unknown banner: you guess!)
1970 Script Info: | dns-nsid:
1971 Script Info: |_ bind.version: you guess!
1972 Script Info: | fingerprint-strings:
1973 Script Info: | DNSVersionBindReqTCP:
1974 Script Info: | version
1975 Script Info: | bind
1976 Script Info: |_ guess!
1977 IP: 62.12.105.3
1978 HostName: mssql.ombudsman.gov.sd. Type: A
1979 HostName: mail.ombudsman.gov.sd. Type: A
1980 HostName: f03-web01.nic.gov.sd Type: PTR
1981 HostName: www.ombudsman.gov.sd. Type: A
1982 HostName: webmail.ombudsman.gov.sd. Type: A
1983 Country: Sudan
1984 Is Active: True (reset ttl 64)
1985 Port: 21/tcp open ftp syn-ack ttl 112 Microsoft ftpd
1986 Script Info: | ftp-syst:
1987 Script Info: |_ SYST: Windows_NT
1988 Script Info: | ssl-cert: Subject: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
1989 Script Info: | Issuer: commonName=Plesk/organizationName=Odin/stateOrProvinceName=Washington/countryName=US
1990 Script Info: | Public Key type: rsa
1991 Script Info: | Public Key bits: 2048
1992 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1993 Script Info: | Not valid before: 2016-04-19T09:30:36
1994 Script Info: | Not valid after: 2017-04-19T09:30:36
1995 Script Info: | MD5: 8d45 138f 8b9f f882 90d9 90be 195a f4d0
1996 Script Info: |_SHA-1: 69d9 baa7 b23e 96ac 6090 cc93 d352 5c78 acba 9790
1997 Port: 80/tcp open http syn-ack ttl 112 Microsoft IIS httpd 8.5
1998 Script Info: |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
1999 Script Info: | http-methods:
2000 Script Info: | Supported Methods: OPTIONS TRACE GET HEAD POST
2001 Script Info: |_ Potentially risky methods: TRACE
2002 Script Info: |_http-server-header: Microsoft-IIS/8.5
2003 Script Info: |_http-title: Domain Default page
2004 Port: 110/tcp open pop3 syn-ack ttl 112 MailEnable POP3 Server
2005 Script Info: |_pop3-capabilities: USER TOP UIDL
2006 Port: 143/tcp open imap syn-ack ttl 112 MailEnable imapd
2007 Script Info: |_imap-capabilities: IMAP4 OK completed AUTH=LOGIN IDLE UIDPLUSA0001 AUTH=CRAM-MD5 IMAP4rev1 CAPABILITY CHILDREN
2008 Port: 443/tcp open https? syn-ack ttl 112
2009 Port: 8443/tcp open ssl/http syn-ack ttl 112 Microsoft IIS httpd 8.5
2010 Script Info: |_http-favicon: Unknown favicon MD5: 1DB747255C64A30F9236E9D929E986CA
2011 Script Info: | http-methods:
2012 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
2013 Script Info: | http-robots.txt: 1 disallowed entry
2014 Script Info: |_/
2015 Script Info: |_http-server-header: Microsoft-IIS/8.5
2016 Script Info: |_http-title: Plesk Onyx 17.8.11
2017 Script Info: | ssl-cert: Subject: commonName=f03-web01.nic.gov.sd
2018 Script Info: | Subject Alternative Name: DNS:f03-web01.nic.gov.sd
2019 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
2020 Script Info: | Public Key type: rsa
2021 Script Info: | Public Key bits: 2048
2022 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2023 Script Info: | Not valid before: 2019-05-16T00:30:46
2024 Script Info: | Not valid after: 2019-08-14T00:30:46
2025 Script Info: | MD5: 8a76 d806 383f 0437 1e28 3297 e8bc 357a
2026 Script Info: |_SHA-1: 2d8f b6fa 2b1d d78f 9c4f 7916 a2b0 d7c3 e5c9 5305
2027 Script Info: Device type: general purpose|WAP|router
2028 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X|3.X (98%), MikroTik RouterOS 6.X (92%)
2029 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2030#######################################################################################################################################
2031 Anonymous JTSEC #OpSudan Full Recon #90