jsDelivr: Using nmap revealing sensitive information

2014-06-29T10:13:24
ID H1:18382
Type hackerone
Reporter vineet
Modified 2014-08-28T15:25:45

Description

check this => http://prntscr.com/3xlww2

nmap scan result .

Starting Nmap 6.46 ( http://nmap.org ) at 2014-06-29 15:34 India Standard Time

NSE: Loaded 30 scripts for scanning.

NSE: Script Pre-scanning.

Initiating Parallel DNS resolution of 1 host. at 15:35

Completed Parallel DNS resolution of 1 host. at 15:35, 11.01s elapsed

Initiating SYN Stealth Scan at 15:35

Scanning staging.jsdelivr.net (107.170.64.215) [1000 ports]

Discovered open port 21/tcp on 107.170.64.215

Discovered open port 80/tcp on 107.170.64.215

Completed SYN Stealth Scan at 15:35, 15.91s elapsed (1000 total ports)

Initiating Service scan at 15:35

Scanning 2 services on staging.jsdelivr.net (107.170.64.215)

Completed Service scan at 15:35, 6.62s elapsed (2 services on 1 host)

Initiating OS detection (try #1) against staging.jsdelivr.net (107.170.64.215)

Initiating Traceroute at 15:35

Completed Traceroute at 15:35, 0.37s elapsed

Initiating Parallel DNS resolution of 16 hosts. at 15:35

Completed Parallel DNS resolution of 16 hosts. at 15:36, 15.40s elapsed

NSE: Script scanning 107.170.64.215.

Initiating NSE at 15:36

Completed NSE at 15:37, 61.89s elapsed

Nmap scan report for staging.jsdelivr.net (107.170.64.215)

Host is up (0.29s latency).

Not shown: 994 closed ports

PORT STATE SERVICE VERSION

21/tcp open ftp vsftpd 3.0.2+ (ext.1)

80/tcp open http nginx

| http-enum:

|_ /robots.txt: Robots file

135/tcp filtered msrpc

139/tcp filtered netbios-ssn

444/tcp filtered snpp

445/tcp filtered microsoft-ds

Device type: general purpose

Running: Linux 3.X

OS CPE: cpe:/o:linux:linux_kernel:3

OS details: Linux 3.0 - 3.9

Uptime guess: 1.872 days (since Fri Jun 27 18:42:06 2014)

Network Distance: 16 hops

TCP Sequence Prediction: Difficulty=265 (Good luck!)

IP ID Sequence Generation: All zeros

TRACEROUTE (using port 143/tcp)

HOP RTT ADDRESS

1 1.00 ms 192.168.0.1

2 1.00 ms 162.162.162.1

3 19.00 ms 110.172.171.17

4 25.00 ms 110.172.171.253

5 17.00 ms 125.19.8.241

6 98.00 ms 182.79.245.26

7 160.00 ms 116.51.27.225

8 147.00 ms ae-1.r20.sngpsi05.sg.bb.gin.ntt.net (129.250.3.146)

9 267.00 ms ae-3.r20.snjsca04.us.bb.gin.ntt.net (129.250.3.48)

10 345.00 ms ae-4.r21.asbnva02.us.bb.gin.ntt.net (129.250.4.102)

11 339.00 ms ae-0.r20.asbnva02.us.bb.gin.ntt.net (129.250.4.4)

12 331.00 ms ae-8.r23.nycmny01.us.bb.gin.ntt.net (129.250.2.148)

13 365.00 ms ae-13.r05.nycmny01.us.bb.gin.ntt.net (129.250.4.166)

14 352.00 ms xe-0-4-0-10.r06.nycmny01.us.ce.gin.ntt.net (129.250.204.106)

15 349.00 ms 192.241.164.238

16 289.00 ms staging.jsdelivr.net (107.170.64.215)

NSE: Script Post-scanning.

Read data files from: C:\Program Files (x86)\Nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 130.93 seconds

       Raw packets sent: 1080 (48.378KB) | Rcvd: 1062 (44.154KB)