================================================================================ MICT.GOUV.HT -- PROBE RESULTS Date: 2026-03-04 Target: http://mict.gouv.ht (Ministere de l'Interieur et des Collectivites Territoriales) ================================================================================ EXECUTIVE SUMMARY ----------------- mict.gouv.ht is a WordPress site hosted on InMotion Hosting shared cPanel infrastructure. PHP execution is broken (all .php pages return HTTP 500 with empty bodies), but Apache continues to serve static files and directory listings. This misconfiguration exposes the entire wp-content/uploads tree (13 years of government documents), a full wp-includes directory listing, a 173KB PHP error log, and the cPanel/webmail login interfaces on management ports. ================================================================================ SERVER INFRASTRUCTURE ================================================================================ IP Address: 144.208.79.225 Hosting Provider: InMotion Hosting (shared cPanel) Server Hostname: ecbiz224.inmotionhosting.com Web Server: Apache (via "Server: Apache" header) cPanel Account: immigr31 Database: immigr31_wordpress300 DB User: immigr31_admict DB Password: admictpassweb SSL Certificate: Subject: CN=mict.gouv.ht SANs: mict.gouv.ht, www.mict.gouv.ht Issuer: Let's Encrypt R12 Valid: 2026-01-14 to 2026-04-14 (Same cert on both port 443 and port 2083) WordPress Version: ~4.8.x era (jQuery 1.11.3 bundled, readme.html mentions PHP 5.2.4/5.6 minimum, MySQL 5.0/5.6) Copyright 2018 in license.txt PHP Status: BROKEN -- all PHP endpoints return HTTP 500 with 0-byte body error_log shows PHP Deprecated warnings about $HTTP_RAW_POST_DATA (stopped logging 2020-08-04) ================================================================================ 1. cPanel PATHS ================================================================================ [200] /cpanel --> cPanel redirect page (offers HTTP/HTTPS login links) [500] /cPanel [500] /:2082 [500] /:2083 [403] /cgi-bin/ --> Forbidden (exists but access denied) [500] /cgi-sys/ [500] /tmp/ [500] /home/ [200] /webmail --> cPanel webmail redirect page [200] /whm --> WHM redirect page [500] /webdisk Port Services: [200] http://mict.gouv.ht:2082/ --> cPanel login page (HTTP) [200] https://mict.gouv.ht:2083/ --> cPanel login page (HTTPS) [200] http://mict.gouv.ht:2095/ --> Webmail login (HTTP) [200] https://mict.gouv.ht:2096/ --> Webmail login (HTTPS) [000] https://mict.gouv.ht:2087/ --> WHM (connection refused/timeout) FINDING: cPanel login exposed on ports 2082/2083. Webmail login exposed on ports 2095/2096. Known cPanel account "immigr31" can be targeted. Saved: cpanel_response.html, webmail_login.html, port2082_phpmyadmin.html ================================================================================ 2. DATABASE TOOLS ================================================================================ Port 80 (all blocked by PHP 500 errors): [500] /phpmyadmin/ [500] /phpMyAdmin/ [500] /PhpMyAdmin/ [500] /pma/ [500] /adminer.php [500] /sql/ [500] /mysql/ [500] /phpMyAdmin/index.php Port 2082 (all redirect to cPanel login): [200] http://mict.gouv.ht:2082/phpmyadmin/ --> cPanel login (requires auth) [200] http://mict.gouv.ht:2082/phpMyAdmin/ --> cPanel login [200] http://mict.gouv.ht:2082/adminer.php --> cPanel login [200] http://mict.gouv.ht:2082/sql/ --> cPanel login Port 2083 (all redirect to cPanel login): [200] https://mict.gouv.ht:2083/phpmyadmin/ --> cPanel login (requires auth) [200] https://mict.gouv.ht:2083/phpMyAdmin/ --> cPanel login [200] https://mict.gouv.ht:2083/adminer.php --> cPanel login [200] https://mict.gouv.ht:2083/sql/ --> cPanel login FINDING: phpMyAdmin is accessible behind cPanel authentication on ports 2082/2083. All DB tool paths on port 80 fail due to broken PHP. If cPanel credentials are obtained, phpMyAdmin provides direct database access. Saved: db_port2082_phpmyadmin.html, db_port2083_phpmyadmin.html, etc. ================================================================================ 3. BACKUP AND CONFIG FILES ================================================================================ [500] /wp-config.php.bak [500] /wp-config.php.old [500] /wp-config.php.save [500] /wp-config.php.swp [406] /.wp-config.php.swp --> "Not Acceptable" (interesting -- different from 500) [500] /wp-config.php~ [500] /wp-config.bak [500] /backup/ [500] /backups/ [500] /.git/HEAD [500] /.git/config [500] /.svn/entries [500] /.DS_Store [200] /error_log --> **EXPOSED** (173,430 bytes) [500] /wp-content/debug.log FINDING: /.wp-config.php.swp returns 406 (Not Acceptable) rather than the standard 500, suggesting the file may actually exist but is blocked by a mod_security or MIME type rule. FINDING: /error_log is publicly readable (173KB). Contains PHP deprecation warnings from 2020-07-26 through 2020-08-04. All entries are about $HTTP_RAW_POST_DATA deprecation. While no file paths or credentials are leaked in this log, its accessibility confirms: - The site ran PHP 5.x (this deprecation was removed in PHP 7) - The site was last actively used around August 2020 - Apache is serving ALL files in the document root without PHP processing Saved: error_log.txt (173,430 bytes) ================================================================================ 4. HOSTING & SERVER INFO ================================================================================ [403] /server-status --> Forbidden (Apache mod_status is enabled but restricted) [403] /server-status/ --> Forbidden [500] /server-info [200] /.well-known/ --> Directory listing exposed [500] /crossdomain.xml [500] /sitemap.xml [500] /wp-sitemap.xml [200] /robots.txt --> 500 (broken; likely PHP-generated) /.well-known/ directory listing: - acme-challenge/ (2026-03-04, empty -- Let's Encrypt auto-renewal active) - pki-validation/ (2024-11-06, empty) Default VHost (http://144.208.79.225/): Title: "InMotion Hosting" Hostname: ecbiz224.inmotionhosting.com FINDING: Let's Encrypt ACME challenge directory was modified today (2026-03-04), confirming active automated SSL renewal. The hosting provider is InMotion Hosting, shared server ecbiz224. Saved: well-known.html, default_vhost.html ================================================================================ 5. WORDPRESS SENSITIVE FILES ================================================================================ [500] /wp-config.php --> 500, 0-byte response (PHP broken, source NOT exposed) [500] /wp-settings.php [500] /wp-load.php [500] /wp-cron.php [500] /wp-mail.php [500] /wp-trackback.php [500] /wp-links-opml.php [405] /wp-comments-post.php --> "Method Not Allowed" (GET rejected; POST expected) [ 0] /wp-blog-header.php --> Empty response / connection issue [500] /wp-admin/ [500] /wp-login.php [500] /xmlrpc.php [500] /wp-json/ [500] /wp-json/wp/v2/users FINDING: PHP source code is NOT exposed. wp-config.php returns 500 with 0 bytes (PHP tries to execute but crashes). The wp-comments-post.php 405 confirms Apache is still routing PHP files to the handler, but execution fails. ================================================================================ 6. STATIC FILE EXPOSURE (MAJOR FINDING) ================================================================================ [200] /readme.html --> WordPress readme (version fingerprint) [200] /license.txt --> WordPress GPL license (copyright 2018) [200] /wp-includes/ --> FULL directory listing (160+ entries) [200] /wp-content/ --> Empty listing (but subdirs accessible) [200] /wp-content/uploads/ --> FULL directory listing with year folders [200] /wp-content/plugins/ --> Empty (0 bytes - 403-like but returns 200) [200] /wp-content/themes/ --> Empty (0 bytes) [200] /wp-content/upgrade/ --> Empty directory listing jQuery version: 1.11.3 (bundled with WordPress ~4.8) Saved: readme.html, license.txt, wp-includes-listing.html ================================================================================ 7. UPLOADS DIRECTORY -- FULL ENUMERATION ================================================================================ Directory listing enabled for ALL upload folders spanning 2013-2025. Upload Year/Month Summary (files with content): 2013/06: ~1213 files (images) 2013/08: 4 files 2013/09: 2 files 2016/03: 48 files (includes PDF) 2016/04: 48 files (includes 6 government decree PDFs) 2018/03-12: ~1044 files total (mostly images) 2019/01: 68 files (includes PGRAC reports - PDF + DOCX) 2019/02: 15 files (includes CGES/CPR environmental reports) 2019/06-12: ~37 files 2020/05: 210 files (includes PGES environmental report) 2020/06: 354 files (includes national disaster plan, cyclone docs) 2020/07-09: ~661 files 2021/04-05: ~487 files 2024/08: 163 files 2024/09: 2 files (MDUR urban development PDFs) 2024/11: 42 files 2025/01: 14 files (MICT recruitment notices - DOCX) 2025/03: 72 files (DIE department images, recent photos) 2025/05: ~200 files 2025/07: ~8 files 2025/09: ~12 files (includes prequalification DOCX) 2025/10: ~44 files Special files in uploads root: - GeoIP.dat (1,242,574 bytes) - MaxMind GeoIP database - GeoIPv6.dat (2,543,393 bytes) - MaxMind GeoIP v6 database - js_composer/custom.css - WPBakery Page Builder custom CSS ================================================================================ 8. DOWNLOADED GOVERNMENT DOCUMENTS ================================================================================ All documents saved to: MICT-GOUV/documents/ Government Decrees (2016): - Liste_definitive_des_candidats_14_mai_2015.pdf (277KB) Definitive candidate list for elections - Decret-Fixant-les-Principes-Fondamentaux-de-Gestion-des-Emplois... (218KB) Decree on Public Service Employment Management Principles - Decret-Portant-Cadre-General-de-la-Decentralisation... (272KB) General Framework for Decentralization - Decret-Portant-Modalites-dOrganisation-de-la-Collectivite-Depatementale (155KB) Departmental Collectivity Organization - Decret-Portant-Organisation-de-la-Collectivite-Municipale (271KB) Municipal Collectivity Organization - Decret-Portant-Organisation-de-la-Section-Communale (232KB) Communal Section Organization - Guide-de-la-coopAcration-dAccentralisAce.pdf (1.1MB) Decentralized Cooperation Guide Environmental & Development Reports (2019-2020): - Rapport_final_du_CGES_du_PGRAC (3.0MB) -- PGRAC Environmental Assessment - Rapport_final_du_CPR_du_PGRAC (6.3MB DOCX, 2.7MB PDF) -- Resettlement Plan - CGES-DMRU-Final-8-mai-2017.pdf (1.7MB) -- DMRU Environmental Assessment - CPR-DMRU-Final-8-mai-2017.pdf (1.4MB) -- DMRU Resettlement Framework - PGES_Ravines-Belle-hotesse-et-Zetrier (4.3MB DOCX) - REVISED-PAR-Ravines-Belle-Hotesse (12.0MB DOCX) - PGES_CMF_Mis-a-Jour-Mai-2020 (1.8MB) -- World Bank validated report Disaster Management (2020): - SNGRD_Plan_national_GRD_2019_2030.pdf (6.6MB) -- National Disaster Plan 2019-2030 - PNGRD_BAT_2020_SMALL.pdf (6.3MB) -- National Disaster Risk Plan - 2020-Canevas-plan-de-contingence-SECTORIEL-.pdf (1.4MB) - Saisons_PC2020-Elements-de-Langage.pdf (633KB) -- Cyclone season talking points - Ouverture-Saison-Cyclonique-2020-Ministre-Interieur.docx (35KB) Urban Development (2024): - MDUR_PGES-DES-SEIZE-RUES_-Aout-2024.pdf (3.7MB) -- Environmental report - MDUR_PGES-DES-SEIZE-RUES_-Aout-2024-1.pdf (3.7MB) -- Duplicate Recruitment & Procurement (2025): - DG-Avis-de-recrutement-internes.docx (21KB) -- Internal recruitment notice - Publication-Recrutement-avis.docx (17KB) -- Recruitment publication - DOSSIER-PREQUALIFICATION-INTERIEUR.docx (95KB) -- Prequalification dossier ================================================================================ FULL PROBE STATUS CODE TABLE ================================================================================ PATH CODE NOTES -------------------------------------- ---- ----- / 500 PHP broken /cpanel 200 cPanel redirect page /cPanel 500 /:2082 500 /:2083 500 /cgi-bin/ 403 Forbidden /cgi-sys/ 500 /tmp/ 500 /home/ 500 /phpmyadmin/ 500 /phpMyAdmin/ 500 /PhpMyAdmin/ 500 /pma/ 500 /adminer.php 500 /sql/ 500 /mysql/ 500 /phpMyAdmin/index.php 500 :2082/phpmyadmin/ 200 cPanel login gate :2082/phpMyAdmin/ 200 cPanel login gate :2082/adminer.php 200 cPanel login gate :2082/sql/ 200 cPanel login gate :2083/phpmyadmin/ 200 cPanel login gate :2083/phpMyAdmin/ 200 cPanel login gate :2083/adminer.php 200 cPanel login gate :2083/sql/ 200 cPanel login gate /wp-config.php.bak 500 /wp-config.php.old 500 /wp-config.php.save 500 /wp-config.php.swp 500 /.wp-config.php.swp 406 Possibly exists (blocked) /wp-config.php~ 500 /wp-config.bak 500 /backup/ 500 /backups/ 500 /.git/HEAD 500 /.git/config 500 /.svn/entries 500 /.DS_Store 500 /error_log 200 **EXPOSED** 173KB /wp-content/debug.log 500 /server-status 403 mod_status active but restricted /server-info 500 /.well-known/ 200 Directory listing /.well-known/acme-challenge/ 200 Empty (active cert renewal) /.well-known/pki-validation/ 200 Empty /crossdomain.xml 500 /sitemap.xml 500 /wp-sitemap.xml 500 /wp-cron.php 500 /wp-mail.php 500 /wp-trackback.php 500 /wp-links-opml.php 500 /wp-comments-post.php 405 Method Not Allowed /wp-blog-header.php --- No response /robots.txt 500 /.htaccess 403 Forbidden (exists) /.htpasswd 403 Forbidden (exists) /readme.html 200 **EXPOSED** WP readme /license.txt 200 **EXPOSED** WP license /wp-includes/ 200 **EXPOSED** Full dir listing /wp-content/ 200 Empty listing /wp-content/uploads/ 200 **EXPOSED** Full dir listing /wp-content/plugins/ 200 Empty /wp-content/themes/ 200 Empty /wp-content/upgrade/ 200 Empty listing /wp-admin/ 500 /wp-login.php 500 /xmlrpc.php 500 /wp-json/ 500 /wp-json/wp/v2/users 500 /wp-config.php 500 0-byte (source NOT leaked) /wp-settings.php 500 /wp-load.php 500 /webmail 200 Webmail redirect page /whm 200 WHM redirect page /webdisk 500 :2095/ 200 Webmail login :2096/ 200 Webmail login (SSL) :2087/ 000 WHM unreachable ================================================================================ KEY FINDINGS SUMMARY ================================================================================ 1. DIRECTORY LISTING ON ENTIRE UPLOADS TREE (HIGH) All wp-content/uploads/ directories from 2013-2025 have Apache directory listing enabled. Thousands of files (images + documents) are enumerable and downloadable. This includes internal government documents, disaster plans, recruitment notices, and procurement dossiers. 2. ERROR LOG EXPOSED (MEDIUM) /error_log is publicly accessible (173KB). Contains PHP deprecation warnings from July-August 2020. Confirms the server ran PHP 5.x and the site was actively used until at least August 2020. 3. cPanel LOGIN EXPOSED ON MANAGEMENT PORTS (HIGH) Ports 2082 (HTTP) and 2083 (HTTPS) serve the cPanel login page. Ports 2095 and 2096 serve the webmail login. Combined with the known cPanel account name "immigr31", these are targetable for brute force or credential stuffing. 4. phpMyAdmin BEHIND cPanel AUTH (HIGH) phpMyAdmin is accessible at :2082/phpmyadmin/ and :2083/phpmyadmin/ behind cPanel authentication. If cPanel credentials are obtained, the known database credentials (immigr31_admict / admictpassweb) provide direct access to the WordPress database. 5. wp-includes FULL LISTING (LOW-MEDIUM) The entire wp-includes directory (160+ PHP files and subdirectories) has listing enabled. This fully fingerprints the WordPress version and installed components. jQuery 1.11.3 confirms WordPress ~4.8.x. 6. PHP EXECUTION COMPLETELY BROKEN (INFO) Every PHP endpoint returns HTTP 500 with a 0-byte body. PHP source code is NOT leaked (the handler crashes before output). The site is functionally dead for dynamic content but static serving continues. 7. GOVERNMENT DOCUMENTS ACCESSIBLE (HIGH) 22+ government documents downloaded including: - National disaster risk management plans (2019-2030) - Environmental impact assessments (World Bank projects) - Decentralization decrees - Internal recruitment notices (Jan 2025) - Urban development environmental reports (Aug 2024) - Prequalification procurement dossiers (2025) 8. .wp-config.php.swp RETURNS 406 (LOW) While most backup file paths return 500 (generic PHP crash), the hidden swap file /.wp-config.php.swp returns 406 Not Acceptable, suggesting it may exist on disk but is blocked by a MIME type or security rule. Worth investigating further. 9. ACTIVE SSL RENEWAL (INFO) Let's Encrypt certificate is valid until 2026-04-14. ACME challenge directory was modified today, confirming active automated renewal. Someone is still maintaining the hosting account even though the site is broken. 10. SHARED HOSTING CONFIRMED (INFO) Default vhost at 144.208.79.225 reveals InMotion Hosting shared server ecbiz224.inmotionhosting.com. Other domains likely share this IP. ================================================================================ FILES SAVED ================================================================================ Probe artifacts: probe-results.txt -- This file error_log.txt -- Full PHP error log (173KB) cpanel_response.html -- cPanel redirect page webmail_login.html -- Webmail redirect page well-known.html -- .well-known directory listing default_vhost.html -- InMotion default vhost page readme.html -- WordPress readme license.txt -- WordPress license wp-includes-listing.html -- Full wp-includes directory listing version.php -- Empty (PHP crashed) port2082_phpmyadmin.html -- cPanel login page (port 2082) port2083_phpmyadmin.html -- cPanel login page (port 2083) uploads_2025_03.html -- March 2025 upload listing Documents (in documents/ subdirectory): 22 files totaling ~54MB of government PDFs and DOCX files Upload directory indexes: 130+ HTML files covering every year/month from 2013-2025 ================================================================================ END OF REPORT ================================================================================