Information Garthering :: is2c-dojo.com

Today, I got a task from my sensei to gather information related to the website http://is2c-dojo.com.

Here are some of my results last night until this morning:

1. NMAP

Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich)^[1] used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially craftedpackets to the target host and then analyzes the responses. -- Wikipedia

NMAP

From the results of nmap I get informations such as:

• Found 9 open port :

• 21/tcp  open  ftp      Pure-FTPd 

• 53/tcp  open  domain   ISC BIND 9.3.6-20.P1.el5_8.6

• 80/tcp  open  http     Apache httpd 2.2.26 ((Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4)

• 110/tcp open  pop3     Dovecot pop3d

• 143/tcp open  imap     Dovecot imapd

• 443/tcp open  http     Apache httpd 2.2.26 ((Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4)

• 587/tcp open  smtp     Exim smtpd 4.82

• 993/tcp open  ssl/imap Dovecot imapd

• 995/tcp open  pop3s?

•  Host Info :

• Nmap scan report for is2c-dojo.com (192.111.155.74) 

• Host: gudeg.partnerit.us 

• OS: Red Hat Enterprise Linux; CPE: cpe:/o:redhat:enterprise_linux

2. Netcat

I use netcat to find the date it was last updated by admin, look for a web service that is used by the admin and get another info from 404 responses (forced to access the data that does not exist) .

From the results of Netcat I get informations such as:

• Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
• Last-Modified: Tue, 21 Jan 2014 17:28:13 GMT
• Possible admin's email : mailto:adi88nugroho@gmail.com

From those informations above, I tried to find further information about the Admin from the Google :

I got lots of information related to the Admin's email and Admin's phone number ( +- 8,300 results ).

3. reverse_ip.php

I made this tool to search for some possibilities other websites hosted on the server with the target website. And, here is the results :

I found 81 possible website hosted on this ip : 192.111.155.74

4. deep_scan.php

I made this tool to grab possible folders from the lists which is captured by reverse_ip.php.

The results cannot be shown here because of some Sensitive Information

5. Checking robots.txt

The Robot Exclusion Standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to advising cooperating web crawlers and other web robots about accessing all or part of a website which is otherwise publicly viewable. Robots are often used by search engines to categorize and archive web sites, or by webmasters to proofread source code. The standard is different from, but can be used in conjunction with, Sitemaps, a robot inclusion standard for websites. -- Wikipedia

I got no information from robots.txt.

6. Checking DNS using dnsenum

DNSenum is a pentesting tool that enumerates as much DNS information about domains as possible. -- Aldeid

 

I got some information from dnsenum.
All subdomains are considered as active subdomain and from this result, I do not allow to search for subdomains using tools that do not include unique results.

7. Whois & Dig is2c-dojo.com

I tried to dig up the data domain owner is2c-dojo.com using whois and dig. here is the results :

I didnt get any information about this domain. But, this domain registered on JogjaCamp.com or resellercamp.com. All the information has been set in private.


8. Finding Emails
Again, I'm using my own tool. Here is the results :

Too bad, There is no email typed on the website.

=================== EOF ===================