Scan servidores gubernamentales y medios

Scan servidores gubernamentales y medios - Printable Version

+- Forums (https://foro.acosadores.net)
+-- Forum: Hacking, ataques contra dictaduras (https://foro.acosadores.net/forumdisplay.php?fid=4)
+--- Forum: Mapeo de Dictaduras (https://foro.acosadores.net/forumdisplay.php?fid=12)
+---- Forum: Turkmenistán (https://foro.acosadores.net/forumdisplay.php?fid=17)
+---- Thread: Scan servidores gubernamentales y medios (/showthread.php?tid=13)

Scan servidores gubernamentales y medios - anonimo - 12-06-2024

Puedes ver una versión wiki de éste post en https://wiki.acosadores.net/doku.php?id=turkmenistan:scan-servidores-gobierno-y-medios

1º Búsqueda en google mediante gov site.tm

2º Guardarlo en medios.txt sin https:// ni www ni ninguna /, tiene que quedar así:

cat medios.txt

mfa.gov.tm
migration.gov.tm
turkmenistan.gov.tm
turkmentv.gov.tm
docslibrary.gov.tm
mlsp.gov.tm
stat.gov.tm
tdh.gov.tm
customs.gov.tm
asuda.gov.tm
turkmenistaninfo.gov.tm
maslahat.gov.tm
education.gov.tm
mintradefer.gov.tm
milligosun.gov.tm
minjust.gov.tm
tca.gov.tm

3º nmap -oA nmap_medios_af -iL medios.txt -A -T4 (tarda unos 25 minutos)

# Nmap 7.80 scan initiated Fri Dec 6 20:06:27 2024 as: nmap -oA nmap_medios_tm -iL medios.txt -A -T4
Warning: 217.174.238.29 giving up on port because retransmission cap hit (6).
Warning: 217.174.238.29 giving up on port because retransmission cap hit (6).
Warning: 217.174.238.29 giving up on port because retransmission cap hit (6).
Warning: 216.250.10.199 giving up on port because retransmission cap hit (6).
Warning: 216.250.11.65 giving up on port because retransmission cap hit (6).
Warning: 216.250.11.231 giving up on port because retransmission cap hit (6).
Warning: 217.174.238.29 giving up on port because retransmission cap hit (6).
Nmap scan report for mfa.gov.tm (217.174.238.29)
Host is up (0.17s latency).
Not shown: 936 closed ports, 62 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx
443/tcp open tcpwrapped

Nmap scan report for migration.gov.tm (216.250.11.21)
Host is up (0.16s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open tcpwrapped
|_http-server-header: nginx
|_http-title: T\xC3\x9CRKMENISTANY\xC5\x87 D\xC3\x96WLET MIGRASI\xC3\x9DA GULLUGY
| ssl-cert: Subject: commonName=*.migration.gov.tm
| Subject Alternative Name: DNS:*.migration.gov.tm, DNS:migration.gov.tm
| Not valid before: 2024-04-04T00:00:00
|_Not valid after: 2025-04-04T23:59:59
| tls-alpn:
|_ http/1.1
| tls-nextprotoneg:
|_ http/1.1

Nmap scan report for turkmenistan.gov.tm (217.174.238.29)
Host is up (0.16s latency).
Not shown: 927 closed ports, 71 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
443/tcp open tcpwrapped

Nmap scan report for turkmentv.gov.tm (216.250.11.231)
Host is up (0.17s latency).
Not shown: 938 closed ports, 60 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
|_http-server-header: nginx
|_https-redirect: ERROR: Script execution failed (use -d to debug)
443/tcp open tcpwrapped
|_http-server-header: nginx
|_http-title: 403 Forbidden
| ssl-cert: Subject: commonName=*.turkmentv.gov.tm
| Subject Alternative Name: DNS:*.turkmentv.gov.tm, DNS:turkmentv.gov.tm
| Not valid before: 2024-09-06T00:00:00
|_Not valid after: 2025-09-06T23:59:59
| tls-alpn:
| h2
|_ http/1.1

Nmap scan report for docslibrary.gov.tm (216.250.10.110)
Host is up (0.17s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
|_http-server-header: nginx
443/tcp open tcpwrapped
|_http-server-header: nginx
|_http-title: Digital Library Of International Documents
| ssl-cert: Subject: commonName=docslibrary.gov.tm
| Subject Alternative Name: DNS:docslibrary.gov.tm, DNS:www.docslibrary.gov.tm
| Not valid before: 2024-07-04T00:00:00
|_Not valid after: 2025-07-04T23:59:59
| tls-alpn:
|_ http/1.1

Nmap scan report for mlsp.gov.tm (216.250.9.121)
Host is up (0.17s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
|_http-server-header: nginx
443/tcp open tcpwrapped
|_http-server-header: nginx
| ssl-cert: Subject: commonName=mlsp.gov.tm
| Subject Alternative Name: DNS:mlsp.gov.tm, DNS:www.mlsp.gov.tm
| Not valid before: 2024-05-21T00:00:00
|_Not valid after: 2025-05-21T23:59:59
| tls-alpn:
|_ http/1.1

Nmap scan report for stat.gov.tm (216.250.9.50)
Host is up (0.17s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
443/tcp open tcpwrapped
| ssl-cert: Subject: commonName=*.stat.gov.tm
| Subject Alternative Name: DNS:*.stat.gov.tm, DNS Confused

tat.gov.tm
| Not valid before: 2024-06-04T00:00:00
|_Not valid after: 2025-06-04T23:59:59
|_ssl-date: TLS randomness does not represent time
| tls-alpn:
|_ http/1.1
8081/tcp open tcpwrapped
8084/tcp open tcpwrapped

Nmap scan report for tdh.gov.tm (217.174.238.29)
Host is up (0.17s latency).
Not shown: 915 closed ports, 83 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
443/tcp open tcpwrapped

Nmap scan report for customs.gov.tm (217.174.238.29)
Host is up (0.16s latency).
Not shown: 919 closed ports, 79 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
|_http-server-header: nginx
|_http-server-header: nginx
|_http-server-header: nginx
443/tcp open tcpwrapped
| http-robots.txt: 3 disallowed entries
|_/storage/ /vendor/ /public/pages/
|_http-server-header: nginx
|_http-server-header: nginx
|_http-server-header: nginx
|_http-server-header: nginx
| ssl-cert: Subject: commonName=www.tdh.gov.tm
| Subject Alternative Name: DNS:www.tdh.gov.tm, DNS:tdh.gov.tm
| Not valid before: 2023-12-14T00:00:00
|_Not valid after: 2024-12-22T23:59:59
| ssl-cert: Subject: commonName=mfa.gov.tm
| Subject Alternative Name: DNS:mfa.gov.tm, DNS:www.mfa.gov.tm
| Not valid before: 2024-05-01T00:00:00
|_Not valid after: 2025-05-01T23:59:59
| ssl-cert: Subject: commonName=www.turkmenistan.gov.tm
| Subject Alternative Name: DNS:www.turkmenistan.gov.tm, DNS:turkmenistan.gov.tm
| Not valid before: 2023-12-14T00:00:00
|_Not valid after: 2024-12-22T23:59:59
| ssl-cert: Subject: commonName=customs.gov.tm
| Subject Alternative Name: DNS:customs.gov.tm, DNS:www.customs.gov.tm
| Not valid before: 2023-12-09T00:00:00
|_Not valid after: 2024-12-09T23:59:59

Nmap scan report for asuda.gov.tm (95.85.97.147)
Host is up (0.17s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-title: Did not follow redirect to https://asuda.gov.tm/
443/tcp open tcpwrapped
|_http-server-header: nginx
|_http-title: 400 The plain HTTP request was sent to HTTPS port
| ssl-cert: Subject: commonName=*.asuda.gov.tm
| Subject Alternative Name: DNS:*.asuda.gov.tm, DNS:asuda.gov.tm
| Not valid before: 2024-11-22T00:00:00
|_Not valid after: 2025-11-22T23:59:59
| tls-alpn:
|_ http/1.1
| tls-nextprotoneg:
|_ http/1.1
8080/tcp closed http-proxy
8443/tcp closed https-alt

Nmap scan report for turkmenistaninfo.gov.tm (95.85.126.122)
Host is up (0.15s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
|_http-server-header: nginx/1.26.2
443/tcp open tcpwrapped
|_http-server-header: nginx/1.26.2
|_http-title: __TITLE__
| ssl-cert: Subject: commonName=turkmenistaninfo.gov.tm
| Subject Alternative Name: DNS:turkmenistaninfo.gov.tm, DNS:www.turkmenistaninfo.gov.tm
| Not valid before: 2024-02-22T00:00:00
|_Not valid after: 2025-02-21T23:59:59
| tls-alpn:
|_ http/1.1

Nmap scan report for maslahat.gov.tm (216.250.11.65)
Host is up (0.16s latency).
Not shown: 902 closed ports, 95 filtered ports
PORT STATE SERVICE VERSION
443/tcp open tcpwrapped
|_http-server-header: nginx/1.24.0 (Ubuntu)
| ssl-cert: Subject: commonName=maslahat.gov.tm
| Subject Alternative Name: DNS:maslahat.gov.tm, DNS:www.maslahat.gov.tm
| Not valid before: 2024-11-25T07:31:15
|_Not valid after: 2025-02-23T07:31:14
3000/tcp open tcpwrapped
5003/tcp open tcpwrapped

Nmap scan report for education.gov.tm (216.250.12.92)
Host is up (0.16s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
|_http-server-header: nginx
443/tcp open tcpwrapped
|_http-server-header: nginx
|_http-title: 403 Forbidden
| ssl-cert: Subject: commonName=education.gov.tm
| Subject Alternative Name: DNS:education.gov.tm, DNS:www.education.gov.tm
| Not valid before: 2024-06-24T00:00:00
|_Not valid after: 2025-06-24T23:59:59

Nmap scan report for mintradefer.gov.tm (216.250.11.34)
Host is up (0.16s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
|_http-server-header: Apache/2.4.62 (Ubuntu)
443/tcp open tcpwrapped
|_http-cors: GET
|_http-server-header: Apache/2.4.62 (Ubuntu)
|_http-title: TS we DYAM
| ssl-cert: Subject: commonName=mintradefer.gov.tm
| Subject Alternative Name: DNS:mintradefer.gov.tm, DNS:www.mintradefer.gov.tm
| Not valid before: 2023-12-29T00:00:00
|_Not valid after: 2024-12-29T23:59:59
| tls-alpn:
|_ http/1.1

Nmap scan report for milligosun.gov.tm (216.250.9.51)
Host is up (0.17s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx (reverse proxy)
|_http-server-header: Milligosun Server
443/tcp open ssl/http nginx (reverse proxy)
|_http-server-header: Milligosun Server
| ssl-cert: Subject: commonName=milligosun.gov.tm
| Subject Alternative Name: DNS:milligosun.gov.tm, DNS:www.milligosun.gov.tm
| Not valid before: 2024-09-30T00:00:00
|_Not valid after: 2024-12-29T23:59:59
| tls-alpn:
| h2
|_ http/1.1
| tls-nextprotoneg:
| h2
|_ http/1.1
3000/tcp open ppp?
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.0 302 Found
| Cache-Control: no-store
| Content-Type: text/html; charset=utf-8
| Location: /login
| Set-Cookie: redirect_to=%2Fnice%2520ports%252C%2FTri%256Eity.txt%252ebak; Path=/; HttpOnly; SameSite=Lax
| X-Content-Type-Options: nosniff
| X-Frame-Options: deny
| X-Xss-Protection: 1; mode=block
| Date: Fri, 06 Dec 2024 19:30:37 GMT
| Content-Length: 29
| href="/login">Found</a>.
| GenericLines, Help, Kerberos, RTSPRequest, SSLSessionReq, TLSSessionReq, TerminalServerCookie:
| HTTP/1.1 400 Bad Request
| Content-Type: text/plain; charset=utf-8
| Connection: close
| Request
| GetRequest:
| HTTP/1.0 302 Found
| Cache-Control: no-store
| Content-Type: text/html; charset=utf-8
| Location: /login
| X-Content-Type-Options: nosniff
| X-Frame-Options: deny
| X-Xss-Protection: 1; mode=block
| Date: Fri, 06 Dec 2024 19:30:01 GMT
| Content-Length: 29
| href="/login">Found</a>.
| HTTPOptions:
| HTTP/1.0 302 Found
| Cache-Control: no-store
| Location: /login
| X-Content-Type-Options: nosniff
| X-Frame-Options: deny
| X-Xss-Protection: 1; mode=block
| Date: Fri, 06 Dec 2024 19:30:07 GMT
|_ Content-Length: 0
8000/tcp closed http-alt
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port3000-TCP:V=7.80%I=7%D=12/6%Time=675350B7%P=x86_64-pc-linux-gnu%r(Ge
SF:nericLines,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20t
SF:ext/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x
SF:20Request")%r(GetRequest,118,"HTTP/1\.0\x20302\x20Found\r\nCache-Contro
SF:l:\x20no-store\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nLocat
SF:ion:\x20/login\r\nX-Content-Type-Options:\x20nosniff\r\nX-Frame-Options
SF::\x20deny\r\nX-Xss-Protection:\x201;\x20mode=block\r\nDate:\x20Fri,\x20
SF:06\x20Dec\x202024\x2019:30:01\x20GMT\r\nContent-Length:\x2029\r\n\r\n<a
SF:\x20href=\"/login\">Found</a>\.\n\n")%r(Help,67,"HTTP/1\.1\x20400\x20Ba
SF:d\x20Request\r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\nConnec
SF:tion:\x20close\r\n\r\n400\x20Bad\x20Request")%r(HTTPOptions,D2,"HTTP/1\
SF:.0\x20302\x20Found\r\nCache-Control:\x20no-store\r\nLocation:\x20/login
SF:\r\nX-Content-Type-Options:\x20nosniff\r\nX-Frame-Options:\x20deny\r\nX
SF:-Xss-Protection:\x201;\x20mode=block\r\nDate:\x20Fri,\x2006\x20Dec\x202
SF:024\x2019:30:07\x20GMT\r\nContent-Length:\x200\r\n\r\n")%r(RTSPRequest,
SF:67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\
SF:x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")
SF:%r(SSLSessionReq,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type
SF::\x20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x2
SF:0Bad\x20Request")%r(TerminalServerCookie,67,"HTTP/1\.1\x20400\x20Bad\x2
SF:0Request\r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\nConnection
SF::\x20close\r\n\r\n400\x20Bad\x20Request")%r(TLSSessionReq,67,"HTTP/1\.1
SF:\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x20charset=ut
SF:f-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(Kerberos,6
SF:7,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/plain;\x
SF:20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%
SF:r(FourOhFourRequest,182,"HTTP/1\.0\x20302\x20Found\r\nCache-Control:\x2
SF:0no-store\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nLocation:\
SF:x20/login\r\nSet-Cookie:\x20redirect_to=%2Fnice%2520ports%252C%2FTri%25
SF:6Eity\.txt%252ebak;\x20Path=/;\x20HttpOnly;\x20SameSite=Lax\r\nX-Conten
SF:t-Type-Options:\x20nosniff\r\nX-Frame-Options:\x20deny\r\nX-Xss-Protect
SF:ion:\x201;\x20mode=block\r\nDate:\x20Fri,\x2006\x20Dec\x202024\x2019:30
SF::37\x20GMT\r\nContent-Length:\x2029\r\n\r\n<a\x20href=\"/login\">Found<
SF:/a>\.\n\n");

Nmap scan report for minjust.gov.tm (216.250.10.199)
Host is up (0.21s latency).
Not shown: 927 closed ports, 71 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.18.0 (Ubuntu)
|_http-server-header: nginx/1.18.0 (Ubuntu)
443/tcp open ssl/http nginx 1.18.0 (Ubuntu)
|_http-server-header: nginx/1.18.0 (Ubuntu)
|_http-title: Site doesn't have a title (text/html; charset=utf-8).
| ssl-cert: Subject: commonName=www.minjust.gov.tm
| Subject Alternative Name: DNS:minjust.gov.tm, DNS:www.minjust.gov.tm
| Not valid before: 2024-09-23T02:29:40
|_Not valid after: 2024-12-22T02:29:39
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Nmap scan report for tca.gov.tm (217.174.238.148)
Host is up (0.17s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.26.1
|_http-server-header: nginx/1.26.1
443/tcp open ssl/http nginx 1.26.1
|_http-server-header: nginx/1.26.1
| ssl-cert: Subject: commonName=tca.gov.tm
| Subject Alternative Name: DNS:tca.gov.tm, DNS:www.tca.gov.tm
| Not valid before: 2024-11-30T05:15:14
|_Not valid after: 2025-02-28T05:15:13

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Fri Dec 6 20:33:10 2024 -- 17 IP addresses (17 hosts up) scanned in 1602.39 seconds

No se obtienen datos de interés, sin embargo si hacemos un scan de vulnerabilidades con:

nmap --script=vuln $(cat medios.txt) -oA nmap_vuln_medios_tm (tarda 1 hora)

...... si que se obtiene alguna vulnerabilidad

el resultado de éste último escaner le dejo en el .tar.gz. Es necesario que te registres para descargarlo y verlo. Aunque no es un secreto es mejor que no se den a conocer públicamente vulnerabilidades pero que al mismo tiempo si se enseñe a un público con un interés en atacarles, el objetivo es debilitar totalitarios, no hacerles más fuertes