1. NMAP
From the information above I got an information that the Name Server using Cloudflare. Its difficult to get the real information about the server. But, now I will try another way.
2. Brute_Ns.php
I made this tool to check subdomains associated with the services running on the server.
Hoorah! I got possible real IP from the server. Now, I'm trying to rescan the IP using Nmap.
Now, I got some possible services and OS running on the server.
20/tcp closed ftp-data
21/tcp open ftp Pure-FTPd
53/tcp open domain ISC BIND 9.3.6-20.P1.el5_8.6
80/tcp open http Apache httpd
110/tcp open pop3 Dovecot pop3d
143/tcp open imap Dovecot imapd
443/tcp open ssl/https?
587/tcp open smtp Exim smtpd 4.82
993/tcp open ssl/imap Dovecot imapd
995/tcp open ssl/pop3 Dovecot pop3d
5666/tcp open tcpwrapped
Service Info: Host: server28.web-hosting.com; OS: Red Hat Enterprise Linux; CPE: cpe:/o:redhat:enterprise_linux
3. Netcat
Now, i'm trying to grab information using netcat.
Now, i'm trying to grab information using netcat.
And the server didnt allow me to grab any information.
4. Reverse IP
Same with my last post, I'm using my tool to get another website which is hosted on teh same server.
I got 134 websites hosted on the server. Lets look in a deep scan.
5. Deep_Scan.php
I made this tool to grab possible folders from the lists which is captured by reverse_ip.php.
Got no information...
7. Checking DNS using dnsenum
All subdomains are considered as active subdomain and from this result, I do not allow to search for subdomains using tools that do not include unique results.
7. Whois spentera.com
8. Grabbing Email on spentera.com
I'm using my own tool. Here is the results :
I think we cannot use those informations.
4. Reverse IP
Same with my last post, I'm using my tool to get another website which is hosted on teh same server.
I got 134 websites hosted on the server. Lets look in a deep scan.
5. Deep_Scan.php
I made this tool to grab possible folders from the lists which is captured by reverse_ip.php.
The results cannot be shown here because of some Sensitive Information
6. Get Information From Robots.txtGot no information...
7. Checking DNS using dnsenum
DNSenum is a pentesting tool that enumerates as much DNS information about domains as possible. -- Aldeid
All subdomains are considered as active subdomain and from this result, I do not allow to search for subdomains using tools that do not include unique results.
7. Whois spentera.com
I tried to get information about the owner of domain spentera.com using whois. here is the results :
I can get information about this domain. The domain hosted in : enom.com but all the information has been set in private.
I'm using my own tool. Here is the results :
=================== EOF ===================
Tidak ada komentar:
Posting Komentar