Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- EXPLOITATION & VULNERABILITY TEST BY ANON-NINJA-CAT ,CONTACT CONE-CAT FOR CLEARANCE'WHO WILL CONTACT INFOSEC-CAT TO ACCESS THE CYBER-HIVE .
- * I AM AVAILABLE FOR FREELANCE WORK -WORLD-WIDE .
- WE ARE ANONYMOUS.
- WE ARE LEGION.
- WE ARE GHOSTS OF THE CYBER-HIVE.
- WE OWN THE MATRIX-WORLD-WIDE.
- www.ga.com/ .GRADE F SYSTEM. MILD/50%
- Founded originally in 1955 as a division of General Dynamics, General Atomics (“GA”) and its affiliated companies now constitute one of the world's leading resources for high-technology systems ranging from the nuclear fuel cycle to electromagnetic systems, remotely operated surveillance aircraft, airborne sensors, and advanced electronic, wireless and laser technologies.
- IP Address 64.89.44.97
- Server Type Microsoft-IIS/8.5
- Server:Microsoft-IIS/8.5
- IP Address:64.89.44.97
- Port:443
- Hostname:www.ga.com
- Cache-Control: private
- Content-Type: text/html; charset=utf-8
- Server: Microsoft-IIS/8.5
- X-Aspnet-Version: 4.0.30319
- X-Powered-By: ASP.NET
- Subnets found
- 64.89.44.0-255 : 2 hostnames found. <<< publishpath.com, publishpath.com
- [ .NET Configuration Analysis ]
- Server -> Microsoft-IIS/8.5
- ViewState -> 1
- ADNVersion -> 4.0.30319
- 64.89.44.97
- 420 site(s) hosted on ip 64.89.44.97
- Location: Chesterfield,United States
- report for 64.89.44.97
- Host is up (0.0054s latency).
- PORT STATE SERVICE
- 80/tcp open http
- domain:*.publishpath.com, publishpath.com
- -------------------------------------------------------------------------------------------------------------------------------
- LOGIN:
- General Atomics & Affilated Companies
- https://www.ga.com/login
- www.ga.com/Login?ReturnUrl=http%3A%2F%2Fwww.ga.com..
- ---------------------------------------------------------------------------------------------------------------------------------
- Recommended certificate chain:
- Serial Number:048FD93CAF9310
- Fingerprint (SHA-1):2E3ED24932F3A814299180A1DF3E1B5F6016E76A
- Serial Number:07
- Fingerprint (SHA-1):27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
- Serial Number:00
- Fingerprint (SHA-1):47BEABC922EAE80E78783462A79F45C254FDE68B
- ----------------------------------------------------------------------------------------------------------------------------------
- Cross-domain JavaScript source file inclusion / x 76.
- URL: http://www.ga.com/general-business-inquiries
- Parameter: http://www.formbldr.com/Scripts/fb-core.js
- URL: http://www.ga.com/general-business-inquiries
- Parameter: http://www.formbldr.com/Scripts/fb-render.js
- ------------------------------------------------------------------------------------------------------------------------------------
- Cross Site Request Forgery / x 300.
- URL: http://www.ga.com/general-business-inquiries
- URL: http://www.ga.com/?Key=Search&q=Search...
- URL: http://www.ga.com/products-technology
- URL: http://www.ga.com/defense
- -----------------------------------------------------------------------------------------------------------------------------------
- X-Frame-Options header not set / x 600.
- URL: http://www.ga.com/Scripts/prototype-mod.js
- URL: http://www.ga.com/?Key=Search&q=Search...
- URL: http://www.ga.com/defense
- -----------------------------------------------------------------------------------------------------------------------------------
- pykto plugin is using "Microsoft-HTTPAPI/2.0" as the remote server type
- X-AspNet-Version" header for this HTTP server is: "4.0.30319"
- "X-Powered-By" header for this HTTP server is: "ASP.NET".
- The server header for the remote web server is: "Microsoft-IIS/8.5"
- The URL "https://www.ga.com/" has the following allowed methods: GET, HEAD, OPTIONS, TRACE.
- Sitemap: http://www.ga.com/sitemap.aspx
- The remote network has an active filter
- http://www.cryotech.com/styles/css/lcms-public.css
- http://www.cryotech.com/Websites/cryotech/templates/GA/css/default.css
- http://www.cryotech.com/Scripts/lcms.keys.js
- http://www.formbldr.com/Scripts/fb-lightbox.js
- http://www.ga-asi.com/css/main.css
- A robots.txt file was found at: "https://www.ga.com/robots.txt
- The target site *has* a DNS wildcard configuration
- The contents of https://64.89.44.97 differ from the contents of https://www.ga.com
- The remote web server sent the HTTP header: "ntCoent-Length" with value: "17915"
- The server header for the remote web server is: "Microsoft-HTTPAPI/2.0".
- POST https://www.ga.com/%uFF0e%5C%uFF41%uFF16%uFF4d%uFF45%uFF47%uFF2e%uFF29%uFF46%uFF22%uFF34%uFF42%uFF2a%5C%uFF0e%5C%uFF0e%%uFF10%uFF25%%uFF10%uFF26%uFF0e%5C%uFF0e%5C%uFF41%uFF24%uFF2d%uFF29%uFF4e%uFF0e%uFF50%uFF28%uFF50?kHhpvjmnpBQmgLbN=msnOJGCjArIuFobHZzYCKE HTTP/1.1
- Host: www.ga.com
- A potentially interesting file was found at: "https://www.ga.com/admin.php.tar.gz"
- A potentially interesting file was found at: "https://www.ga.com/admin.php~"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.gz".
- A potentially interesting file was found at: "https://www.ga.com/admin.php.class"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.tgz"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.7z
- A potentially interesting file was found at: "https://www.ga.com/admin.php.rar"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.gzip"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.cab"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.java"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.inc"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.bak1".
- A potentially interesting file was found at: "https://www.ga.com/admin.php.back".
- A potentially interesting file was found at: "https://www.ga.com/admin.php.bkp"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.backup"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.properties"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.old"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.backup1"
- A potentially interesting file was found at: "https://www.ga.com/admin.cab"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.$$$".
- A potentially interesting file was found at: "https://www.ga.com/admin.7z"
- A potentially interesting file was found at: "https://www.ga.com/admin.php.old1".
- A potentially interesting file was found at: "https://www.ga.com/admin.fla"
- A potentially interesting file was found at: "https://www.ga.com/admin.class"
- A potentially interesting file was found at: "https://www.ga.com/admin.properties"
- A potentially interesting file was found at: "https://www.ga.com/admin.inc"
- A potentially interesting file was found at: "https://www.ga.com/admin.java"
- A potentially interesting file was found at: "https://www.ga.com/admin.war"
- A potentially interesting file was found at: "https://www.ga.com/admin.bak"
- A potentially interesting file was found at: "https://www.ga.com/admin.bak1"
- A potentially interesting file was found at: "https://www.ga.com/admin.backup1"
- A potentially interesting file was found at: "https://www.ga.com/admin.old"
- A potentially interesting file was found at: "https://www.ga.com/admin.c".
- A potentially interesting file was found at: "https://www.ga.com/robots.txt.tgz"
- A potentially interesting file was found at: "https://www.ga.com/robots.txt.bzip2"
- -----------------------------------------------------------------------------------------------------------------------------------------
- [Manual verification required] The response body for a request with a trailing dot in the domain, and the response body without a trailing dot in the domain differ. This could indicate a misconfiguration in the virtual host settings. In some cases, this misconfiguration permits the attacker to read the source code of the web application
- GET https://www.ga.com/ HTTP/1.1
- Host: www.ga.com
- GET https://www.ga.com/admin.php HTTP/1.1
- Host: www.ga.com
- GET https://www.ga.com/robots.txt HTTP/1.1
- Host: www.ga.com
- -----------------------------------------------------------------------------------------------------------------------------------------------
- EXPLOITS:
- Hostname in certificate and DNS name do not match
- Users will receive strong browser warnings
- Server does not use secure renegotiation settings
- Site is more vulnerable to Denial of Service (DOS) attacks
- TLS v1.1 and TLS v1.2 should be enabled
- Server should enable more recent versions of TLS protocol
- Server uses RC4 cipher with modern browsers
- More secure ciphers are available for TLS 1.1 and newer
- Server doesn’t prefer ciphers that enable forward secrecy.
- Encrypted communications captured today are at risk of being decrypted by an attacker in the future.
- Server has not enabled HTTP Strict-Transport-Security
- Users may be exposed to man-in-the-middle attacks
- Server configuration does not meet PCI/DSS guidelines
- This is a problem if you process credit card information
- Server is using RC4-based ciphersuites which have known vulnerabilities
- Evaluate your client compatibility requirements to determine if you can disable RC4-based ciphersuites
- SSL 2.0 Disabled:Pass
- SSL 3.0 Disabled:Pass
- TLS 1.0 Enabled:Pass
- TLS 1.1 Enabled:Fail <<<<<
- TLS 1.2 Enabled:Fail <<<<<
- Weak ciphersuites disabled:Pass
- Certificates configured correctly:Fail <<<<<
- Secure renegotiation configured:Fail <<<<<
- Session resumption configured:Pass
- BEAST Vulnerability:Pass
- OCSP Stapling:Fail <<<<
- PCI Compliant:Fail <<<<
- FIPS Compliant:Fail <<<<
- Forward Secrecy Supported:Fail <<<<
- Heartbleed Vulnerability:Pass
- Strict Transport Security:Fail <<<<
- Mixed Content (HTTP and HTTPS):Timed Out <<<<
- Domain name resolves to IPv4 address:Pass
- Domain name resolves to IPv6 address:Fail <<<<<
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement