Information Gathering IS2C-DOJO.COM

Friday, 7 September 2012

Information Gathering IS2C-DOJO.COM

Posted by shinigami at 23:09 Read our previous post

Information Gathering

[+] Target : http://is2c-dojo.com
[+] Result
[-] IP Address : 108.162.199.80
[-] CMS : Wordpress
[-] Themes : Coffee Break 2.4.2
[-] Server : Linux 2.6.18
[-] Webserver : Nginx
[-] Open Port : 80 and 8080
[-] Cloudflare :

ivan.ns.cloudflare.com
rita.ns.cloudflare.com

[-] Mail : aspmx.l.google.com

Active Scanning

Scanning using NMAP
root@bt # nmap -sS -A 108.162.199.80
nmap is network scanner
-sS is options for stealth mode
-A is options for Advanced mode
108.162.199.80 is ip address of IS2C-dojo.com

Nmap scan report for 108.162.199.80
Host is up (0.21s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http cloudflare-nginx
443/tcp closed https
8080/tcp open http cloudflare-nginx
8443/tcp closed https-alt
Device type: storage-misc
Running: Linksys Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6.18
OS details: Linux 2.6.18
Network Distance: 10 hops

TRACEROUTE (using port 443/tcp)
HOP RTT ADDRESS
1 112.32 ms 192.168.1.1
2 86.35 ms 10.20.30.85
3 ...
4 277.67 ms 10.20.161.37
5 278.70 ms 202.70.56.49
6 76.32 ms 202.70.56.17
7 117.10 ms ip-179-125.moratelindo.co.id (202.43.179.125)
8 130.09 ms supernet-08.1-1-19.edge2-eqx-sin.moratelindo.co.id (202.43.176.114)
9 280.93 ms 202.79.197.132
10 280.07 ms 108.162.199.80

Scanning using Netifera

Add your target into target form, for example is2c-dojo.com and then press the "+" button
Right Click on your target in the left column and select all options what you want.
See in the right column for progress and left column for result

Scanning using WhatWeb, by run this command:

./whatweb -v is2c-dojo.com

Result :

URL    : http://is2c-dojo.com                                                                                                                  
Status : 200                                                                                                                                   
   Cookies --------------------------------------------------------------------                                                                
        Description: Display the names of cookies in the HTTP headers. The                                                                     
                     values are not returned to save on space.                                                                                 
        String     : wfvt_1801216213                                                                                                           
        String     : __cfduid                                                                                                                  
                                                                                                                                               
   Country --------------------------------------------------------------------                                                                
        Description: Shows the country the IPv4 address belongs to. This uses                                                                  
                     the GeoIP IP2Country database from 
                     http://software77.net/geo-ip/. Instructions on updating the 
                     database are in the plugin comments. 
        String     : UNITED STATES
        Module     : US

   Frame ----------------------------------------------------------------------
        Description: This plugin detects instances of frame and iframe HTML 
                     elements. 

   HTTPServer -----------------------------------------------------------------
        Description: HTTP server header string. This plugin also attempts to 
                     identify the operating system from the server header. 
        String     : cloudflare-nginx (from server string)

   IP -------------------------------------------------------------------------
        Description: IP address of the target, if available. 
        String     : 108.162.199.180

   JQuery ---------------------------------------------------------------------
        Description: Javascript library 
        Version    : 1.7.2,2866

   MetaGenerator --------------------------------------------------------------
        Description: This plugin identifies meta generator tags and extracts its 
                     value. 
        String     : Coffee Break 2.4.2,WooFramework 5.3.12

   Title ----------------------------------------------------------------------
        Description: The HTML page title 
        String     : IS2C | Information Security Shinobi Camp (from page title)

   UncommonHeaders ------------------------------------------------------------
        Description: Uncommon HTTP server headers. The blacklist includes all 
                     the standard headers and many non standard but common ones. 
                     Interesting but fairly common headers should have their own 
                     plugins, eg. x-powered-by, server and x-aspnet-version. 
                     Info about headers can be found at www.http-stats.com 
        String     : x-pingback,link (from headers)

   WooFramework ---------------------------------------------------------------
        Description: WooFramework - theme framework - 
                     http://www.woothemes.com/wooframework/ 
        Version    : 5.3.12

   WordPress ------------------------------------------------------------------
        Description: WordPress is an opensource blogging system commonly used as 
                     a CMS. Homepage: http://www.wordpress.org/ 

   X-Cache --------------------------------------------------------------------
        Description: This plugin identifies the X-Cache HTTP header and extracts 
                     the value. 
        String     : proxy.xxxx.xx.xx

   cloudflare -----------------------------------------------------------------
        Description: ClouldFlare - https://www.cloudflare.com/ 

   x-pingback -----------------------------------------------------------------
        Description: A pingback is one of three types of linkbacks, methods for 
                     Web authors to request notification when somebody links to 
                     one of their documents. This enables authors to keep track 
                     of who is linking to, or referring to their articles. Some 
                     weblog software, such as Movable Type, Serendipity, 
                     WordPress and Telligent Community, support automatic 
                     pingbacks 
        String     : http://is2c-dojo.com/xmlrpc.php

Scanning using Dmitry

root@bt# dmitry -w is2c-dojo.com

result,

Deepmagic Information Gathering Tool
"There be some deep magic going on"

HostIP:108.162.199.180
HostName:is2c-dojo.com

Gathered Inic-whois information for is2c-dojo.com
---------------------------------
^[[B^[[B^[[B   Domain Name: IS2C-DOJO.COM
   Registrar: CV. JOGJACAMP
   Whois Server: whois.resellercamp.com
   Referral URL: http://www.resellercamp.com
   Name Server: IVAN.NS.CLOUDFLARE.COM
   Name Server: RITA.NS.CLOUDFLARE.COM
   Status: clientTransferProhibited
   Updated Date: 01-jun-2012
   Creation Date: 14-jan-2012
   Expiration Date: 14-jan-2013

>>> Last update of whois database: Mon, 10 Sep 2012 06:33:46 UTC <<<

Passive Scanning 1. Visual Tracert http://www.yougetsignal.com/tools/visual-tracert/

2. Reverse Email Lookup http://www.spokeo.com/email-search/search?e=pendaftaran@is2c-dojo.com&g=email_A6417972546

3. Reverse IP Domain Check http://www.yougetsignal.com/tools/web-sites-on-web-server/

4. Whois Lookup http://www.yougetsignal.com/tools/whois-lookup/

Creation Date: 14-Jan-2012

Expiration Date: 14-Jan-2013

Domain servers in listed order:

ivan.ns.cloudflare.com

rita.ns.cloudflare.com 5. Scan using Robtex.com http://www.robtex.com/dns/is2c-dojo.com.html

6. Info from IS2C-DOJO.com Jl. Raya Janti Ex-BRI Janti Seberang Pasar Angkasa Ring Road Timur Bantul, Yogyakarta 55198 Phone:+6287890364555, Email:pendaftaran[at]is2c-dojo.com