OSINT - HackMD

# OSINT Собираем информацию о Федеральном государственном бюджетном учреждении «Федеральное бюро медико-социальной экспертизы» Министерства труда и социальной защиты Российской Федерации. Находим сайт fbmse.ru. На сайте есть информация о расположении организации, а также почта и контактные телефоны. ![](https://i.imgur.com/L6tmbmy.png) Затем на сайте 2ip.ru получаем ip адрес и другую информацию об ip. ![](https://i.imgur.com/SKbhbPw.png) Затем получаем информацию о домене fbmse.ru на сайте https://whois.ru/ ![](https://i.imgur.com/yoF0blZ.png) ``` route: 82.138.32.0/19 origin: AS8732 range: 82.138.32.0-82.138.63.255 % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to 'AS8525 - AS8769' as-block: AS8525 - AS8769 descr: RIPE NCC ASN block remarks: These AS Numbers are assigned to network operators in the RIPE NCC service region. mnt-by: RIPE-NCC-HM-MNT created: 2018-11-22T15:27:23Z last-modified: 2018-11-22T15:27:23Z source: RIPE % Information related to 'AS8732' % Abuse contact for 'AS8732' is 'netadm@comcor.ru' aut-num: AS8732 as-name: COMCOR-AS descr: Moscow org: ORG-CA35-RIPE remarks: Inbound prefixes longer than /24 not accepted remarks: ---------------------------------------------------------- remarks: ---------------------------------------------------------- remarks: Default Local Preference remarks: ---------------------------------------------------------- remarks: IPTransit customers and own network 400 remarks: National Peers from M9-IX and Privat Peers 300 remarks: International Peers from DEC-IX and Private Peers 200 remarks: Uplinks 100 remarks: --------------------------------------------------------- remarks: Community Meaning remarks: ---------------------------------------------------------- remarks: ---------------------------------------------------------- remarks: Communities for route origin information remarks: ---------------------------------------------------------- remarks: 8732:8732 AS8732 orinated routes remarks: 8732:1000 AS-COMCOR routes remarks: 8732:1010 all uplink remarks: 8732:1011 GlobalCrossing remarks: 8732:1012 Level3 remarks: 8732:1013 Telia Sonera remarks: 8732:1200 international private peers remarks: 8732:1250 DEC-IX peers remarks: 8732:1260 AMS-IX peers remarks: 8732:1270 LINX peers remarks: 8732:1280 NETNOD peers remarks: 8732:1500 all national peers remarks: 8732:1501 MSK-IX peers remarks: 8732:1511 MTU peer remarks: 8732:1512 GoldenTelecom peer remarks: 8732:1513 Megafon peer remarks: 8732:1514 Corbina peer remarks: 8732:1515 TTK peer remarks: 8732:1516 NetByNet peer remarks: 8732:1517 Rostelecom peer remarks: ---------------------------------------------------------- remarks: Communities accepted from customers for advertising control remarks: ---------------------------------------------------------- remarks: UpLinks remarks: 8732:310x advertise to uplink remarks: 8732:311x advertise to GlobalCrossing remarks: 8732:312x advertise to Level3 remarks: 8732:313x advertise to Telia Sonera remarks: ---------------------------------------------------------- remarks: International peers remarks: 8732:340x advertise to International peers remarks: 8732:341x advertise to DEC-IX peers remarks: 8732:342x advertise to AMS-IX peers remarks: 8732:343x advertise to LINX peers remarks: 8732:344x advertise to NETNOD peers remarks: ---------------------------------------------------------- remarks: National Peers remarks: 8732:350x advertise to all National peers remarks: 8732:351x advertise to MSK-IX peers remarks: 8732:352x advertise to MTU peer remarks: 8732:353x advertise to GoldenTelecom peer remarks: 8732:354x advertise to Megafon peer remarks: 8732:355x advertise to Corbina peer remarks: 8732:356x advertise to TTK peer remarks: 8732:357x advertise to NetByNet peer remarks: 8732:358x advertise to Rostelecom peers remarks: ---------------------------------------------------------- remarks: 8732:399x advertise to all above remarks: (national and international peers and UpLinks(:3[10-98]x)) remarks: ----------------------------------------------------------- remarks: where x=0 - do not announce remarks: x=1,2,4 or 6 - add "8732"prepend 1,2,4 or 6 times remarks: ----------------------------------------------------------- remarks: 8732:50 - Set local pref 50 within AS8732 (use for backup) remarks: ----------------------------------------------------------- admin-c: RAY39-RIPE tech-c: VGF2-RIPE tech-c: VAT6-RIPE status: ASSIGNED mnt-by: RIPE-NCC-END-MNT mnt-by: AS8732-MNT created: 2002-08-01T12:18:18Z last-modified: 2022-03-11T08:08:22Z source: RIPE organisation: ORG-CA35-RIPE org-name: OJSC Comcor country: RU org-type: LIR address: 133, Varshavskoe sh. address: 117519 address: Moscow address: RUSSIAN FEDERATION phone: +74954117171 fax-no: +74954117151 fax-no: +74952767455 admin-c: VAT6-RIPE admin-c: RAY39-RIPE admin-c: VGF2-RIPE abuse-c: AC23903-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: AS8732-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: AS8732-MNT created: 2004-04-17T11:51:14Z last-modified: 2021-02-12T14:26:02Z source: RIPE # Filtered person: Rumyantsev Alexey Yurjevich address: Moscow Telecommunication Corporation address: 133, Varshavskoe sh. address: 117535, Moscow address: Russia phone: +7 495 2767474 nic-hdl: RAY39-RIPE mnt-by: AS8732-MNT created: 2015-06-11T11:46:45Z last-modified: 2015-06-11T11:47:54Z source: RIPE # Filtered person: Vladimir A. Trudonoshin address: 133, Varshavskoe sh. address: 117535, Moscow address: Russia phone: +7 495 2767454 fax-no: +7 495 2767455 nic-hdl: VAT6-RIPE mnt-by: AS8732-MNT created: 2002-03-29T08:03:29Z last-modified: 2010-10-26T05:36:55Z source: RIPE # Filtered person: Vladimir G. Fedoruk address: 133, Varshavskoe sh. address: 117535, Moscow address: Russia phone: +7 495 2767454 fax-no: +7 495 2767455 nic-hdl: VGF2-RIPE mnt-by: AS8732-MNT created: 2002-03-29T08:03:09Z last-modified: 2010-10-26T05:36:35Z source: RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.102.2 (HEREFORD) ``` ### Поиск доменов Скачиваем программу Findomain для Windows. ![](https://i.imgur.com/3veqqlr.png) ![](https://i.imgur.com/RvblHXr.png) Запускаем программу Findomain. ![](https://i.imgur.com/4EqAdJy.png) Некоторые из найденных субдоменов уже давно не существуют, поэтому если вас интересуют только те поддомены, которые возможно открыть (то есть поддомены с IP адресом), то используйте опцию -r: ![](https://i.imgur.com/SL8U3oz.png) SSL Информация о сайте (2ip.ru) ![](https://i.imgur.com/hiEwoC3.png) DNS Информация о сайте (2ip.ru) ![](https://i.imgur.com/rOO2lYL.png) На вкладке экспертные составы можно найти персонал: ![](https://i.imgur.com/3vRFTjC.png) Сведения о ИНН и организации: ![](https://i.imgur.com/PTGGHaU.png) # SCAN ### NMAP nmap -sn 82.138.54.86 ![](https://i.imgur.com/3BhUYz5.png) nmap -sV 82.138.54.86 ![](https://i.imgur.com/moM0BM5.png) nmap -sV --script vulscan 82.138.54.86 ![](https://i.imgur.com/U33V3Qk.png) ### Nessus ![](https://i.imgur.com/4eaOnmn.png) ![](https://i.imgur.com/Cs0Pfk5.png) ![](https://i.imgur.com/fEKpArF.png) ![](https://i.imgur.com/ufnyVs2.png) ![](https://i.imgur.com/uyunDKD.png) ![](https://i.imgur.com/gqqVRAy.png) ![](https://i.imgur.com/1gbtq2G.png) ![](https://i.imgur.com/YMqiAZK.png) ![](https://i.imgur.com/gVPCxWo.png)