API tools faq
paste
Advertisement
marys

EXPLOITS/GA.COM

marys
Dec 15th, 2014
423
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.80 KB | None | 0 0
raw download clone embed print report
  1. EXPLOITATION & VULNERABILITY TEST BY ANON-NINJA-CAT ,CONTACT CONE-CAT FOR CLEARANCE'WHO WILL CONTACT INFOSEC-CAT TO ACCESS THE CYBER-HIVE .
  2.  
  3.  
  4. * I AM AVAILABLE FOR FREELANCE WORK -WORLD-WIDE .
  5.  
  6. WE ARE ANONYMOUS.
  7. WE ARE LEGION.
  8. WE ARE GHOSTS OF THE CYBER-HIVE.
  9. WE OWN THE MATRIX-WORLD-WIDE.
  10.  
  11. www.ga.com/ .GRADE F SYSTEM. MILD/50%
  12.  
  13. Founded originally in 1955 as a division of General Dynamics, General Atomics (“GA”) and its affiliated companies now constitute one of the world's leading resources for high-technology systems ranging from the nuclear fuel cycle to electromagnetic systems, remotely operated surveillance aircraft, airborne sensors, and advanced electronic, wireless and laser technologies.
  14.  
  15. IP Address 64.89.44.97
  16.  
  17. Server Type Microsoft-IIS/8.5
  18.  
  19. Server:Microsoft-IIS/8.5
  20. IP Address:64.89.44.97
  21. Port:443
  22. Hostname:www.ga.com
  23.  
  24. Cache-Control: private
  25. Content-Type: text/html; charset=utf-8
  26. Server: Microsoft-IIS/8.5
  27. X-Aspnet-Version: 4.0.30319
  28. X-Powered-By: ASP.NET
  29.  
  30. Subnets found
  31. 64.89.44.0-255 : 2 hostnames found. <<< publishpath.com, publishpath.com
  32.  
  33. [ .NET Configuration Analysis ]
  34.  
  35. Server -> Microsoft-IIS/8.5
  36. ViewState -> 1
  37. ADNVersion -> 4.0.30319
  38.  
  39. 64.89.44.97
  40.  
  41. 420 site(s) hosted on ip 64.89.44.97
  42. Location: Chesterfield,United States
  43.  
  44. report for 64.89.44.97
  45. Host is up (0.0054s latency).
  46. PORT STATE SERVICE
  47. 80/tcp open http
  48.  
  49. domain:*.publishpath.com, publishpath.com
  50. -------------------------------------------------------------------------------------------------------------------------------
  51. LOGIN:
  52.  
  53. General Atomics & Affilated Companies
  54. https://www.ga.com/login
  55.  
  56. www.ga.com/Login?ReturnUrl=http%3A%2F%2Fwww.ga.com..
  57.  
  58. ---------------------------------------------------------------------------------------------------------------------------------
  59. Recommended certificate chain:
  60.  
  61. Serial Number:048FD93CAF9310
  62. Fingerprint (SHA-1):2E3ED24932F3A814299180A1DF3E1B5F6016E76A
  63.  
  64. Serial Number:07
  65. Fingerprint (SHA-1):27AC9369FAF25207BB2627CEFACCBE4EF9C319B8
  66.  
  67. Serial Number:00
  68. Fingerprint (SHA-1):47BEABC922EAE80E78783462A79F45C254FDE68B
  69.  
  70. ----------------------------------------------------------------------------------------------------------------------------------
  71. Cross-domain JavaScript source file inclusion / x 76.
  72.  
  73. URL: http://www.ga.com/general-business-inquiries
  74. Parameter: http://www.formbldr.com/Scripts/fb-core.js
  75.  
  76. URL: http://www.ga.com/general-business-inquiries
  77. Parameter: http://www.formbldr.com/Scripts/fb-render.js
  78. ------------------------------------------------------------------------------------------------------------------------------------
  79. Cross Site Request Forgery / x 300.
  80.  
  81. URL: http://www.ga.com/general-business-inquiries
  82.  
  83. URL: http://www.ga.com/?Key=Search&q=Search...
  84.  
  85. URL: http://www.ga.com/products-technology
  86.  
  87. URL: http://www.ga.com/defense
  88. -----------------------------------------------------------------------------------------------------------------------------------
  89. X-Frame-Options header not set / x 600.
  90.  
  91. URL: http://www.ga.com/Scripts/prototype-mod.js
  92.  
  93. URL: http://www.ga.com/?Key=Search&q=Search...
  94.  
  95. URL: http://www.ga.com/defense
  96. -----------------------------------------------------------------------------------------------------------------------------------
  97.  
  98. pykto plugin is using "Microsoft-HTTPAPI/2.0" as the remote server type
  99.  
  100. X-AspNet-Version" header for this HTTP server is: "4.0.30319"
  101.  
  102. "X-Powered-By" header for this HTTP server is: "ASP.NET".
  103.  
  104. The server header for the remote web server is: "Microsoft-IIS/8.5"
  105.  
  106. The URL "https://www.ga.com/" has the following allowed methods: GET, HEAD, OPTIONS, TRACE.
  107.  
  108. Sitemap: http://www.ga.com/sitemap.aspx
  109.  
  110. The remote network has an active filter
  111.  
  112. http://www.cryotech.com/styles/css/lcms-public.css
  113.  
  114. http://www.cryotech.com/Websites/cryotech/templates/GA/css/default.css
  115.  
  116. http://www.cryotech.com/Scripts/lcms.keys.js
  117.  
  118. http://www.formbldr.com/Scripts/fb-lightbox.js
  119.  
  120. http://www.ga-asi.com/css/main.css
  121.  
  122. A robots.txt file was found at: "https://www.ga.com/robots.txt
  123.  
  124. The target site *has* a DNS wildcard configuration
  125.  
  126. The contents of https://64.89.44.97 differ from the contents of https://www.ga.com
  127.  
  128. The remote web server sent the HTTP header: "ntCoent-Length" with value: "17915"
  129.  
  130. The server header for the remote web server is: "Microsoft-HTTPAPI/2.0".
  131. POST https://www.ga.com/%uFF0e%5C%uFF41%uFF16%uFF4d%uFF45%uFF47%uFF2e%uFF29%uFF46%uFF22%uFF34%uFF42%uFF2a%5C%uFF0e%5C%uFF0e%%uFF10%uFF25%%uFF10%uFF26%uFF0e%5C%uFF0e%5C%uFF41%uFF24%uFF2d%uFF29%uFF4e%uFF0e%uFF50%uFF28%uFF50?kHhpvjmnpBQmgLbN=msnOJGCjArIuFobHZzYCKE HTTP/1.1
  132. Host: www.ga.com
  133.  
  134. A potentially interesting file was found at: "https://www.ga.com/admin.php.tar.gz"
  135. A potentially interesting file was found at: "https://www.ga.com/admin.php~"
  136. A potentially interesting file was found at: "https://www.ga.com/admin.php.gz".
  137. A potentially interesting file was found at: "https://www.ga.com/admin.php.class"
  138. A potentially interesting file was found at: "https://www.ga.com/admin.php.tgz"
  139. A potentially interesting file was found at: "https://www.ga.com/admin.php.7z
  140. A potentially interesting file was found at: "https://www.ga.com/admin.php.rar"
  141. A potentially interesting file was found at: "https://www.ga.com/admin.php.gzip"
  142. A potentially interesting file was found at: "https://www.ga.com/admin.php.cab"
  143. A potentially interesting file was found at: "https://www.ga.com/admin.php.java"
  144. A potentially interesting file was found at: "https://www.ga.com/admin.php.inc"
  145. A potentially interesting file was found at: "https://www.ga.com/admin.php.bak1".
  146. A potentially interesting file was found at: "https://www.ga.com/admin.php.back".
  147. A potentially interesting file was found at: "https://www.ga.com/admin.php.bkp"
  148. A potentially interesting file was found at: "https://www.ga.com/admin.php.backup"
  149. A potentially interesting file was found at: "https://www.ga.com/admin.php.properties"
  150. A potentially interesting file was found at: "https://www.ga.com/admin.php.old"
  151. A potentially interesting file was found at: "https://www.ga.com/admin.php.backup1"
  152. A potentially interesting file was found at: "https://www.ga.com/admin.cab"
  153. A potentially interesting file was found at: "https://www.ga.com/admin.php.$$$".
  154. A potentially interesting file was found at: "https://www.ga.com/admin.7z"
  155. A potentially interesting file was found at: "https://www.ga.com/admin.php.old1".
  156. A potentially interesting file was found at: "https://www.ga.com/admin.fla"
  157. A potentially interesting file was found at: "https://www.ga.com/admin.class"
  158. A potentially interesting file was found at: "https://www.ga.com/admin.properties"
  159. A potentially interesting file was found at: "https://www.ga.com/admin.inc"
  160. A potentially interesting file was found at: "https://www.ga.com/admin.java"
  161. A potentially interesting file was found at: "https://www.ga.com/admin.war"
  162. A potentially interesting file was found at: "https://www.ga.com/admin.bak"
  163. A potentially interesting file was found at: "https://www.ga.com/admin.bak1"
  164. A potentially interesting file was found at: "https://www.ga.com/admin.backup1"
  165. A potentially interesting file was found at: "https://www.ga.com/admin.old"
  166. A potentially interesting file was found at: "https://www.ga.com/admin.c".
  167. A potentially interesting file was found at: "https://www.ga.com/robots.txt.tgz"
  168. A potentially interesting file was found at: "https://www.ga.com/robots.txt.bzip2"
  169. -----------------------------------------------------------------------------------------------------------------------------------------
  170.  
  171. [Manual verification required] The response body for a request with a trailing dot in the domain, and the response body without a trailing dot in the domain differ. This could indicate a misconfiguration in the virtual host settings. In some cases, this misconfiguration permits the attacker to read the source code of the web application
  172. GET https://www.ga.com/ HTTP/1.1
  173. Host: www.ga.com
  174.  
  175. GET https://www.ga.com/admin.php HTTP/1.1
  176. Host: www.ga.com
  177.  
  178. GET https://www.ga.com/robots.txt HTTP/1.1
  179. Host: www.ga.com
  180. -----------------------------------------------------------------------------------------------------------------------------------------------
  181.  
  182.  
  183.  
  184. EXPLOITS:
  185.  
  186. Hostname in certificate and DNS name do not match
  187. Users will receive strong browser warnings
  188.  
  189. Server does not use secure renegotiation settings
  190. Site is more vulnerable to Denial of Service (DOS) attacks
  191.  
  192. TLS v1.1 and TLS v1.2 should be enabled
  193. Server should enable more recent versions of TLS protocol
  194.  
  195. Server uses RC4 cipher with modern browsers
  196. More secure ciphers are available for TLS 1.1 and newer
  197.  
  198. Server doesn’t prefer ciphers that enable forward secrecy.
  199. Encrypted communications captured today are at risk of being decrypted by an attacker in the future.
  200.  
  201. Server has not enabled HTTP Strict-Transport-Security
  202. Users may be exposed to man-in-the-middle attacks
  203.  
  204. Server configuration does not meet PCI/DSS guidelines
  205. This is a problem if you process credit card information
  206.  
  207. Server is using RC4-based ciphersuites which have known vulnerabilities
  208. Evaluate your client compatibility requirements to determine if you can disable RC4-based ciphersuites
  209.  
  210. SSL 2.0 Disabled:Pass
  211. SSL 3.0 Disabled:Pass
  212. TLS 1.0 Enabled:Pass
  213. TLS 1.1 Enabled:Fail <<<<<
  214. TLS 1.2 Enabled:Fail <<<<<
  215. Weak ciphersuites disabled:Pass
  216. Certificates configured correctly:Fail <<<<<
  217. Secure renegotiation configured:Fail <<<<<
  218. Session resumption configured:Pass
  219. BEAST Vulnerability:Pass
  220. OCSP Stapling:Fail <<<<
  221. PCI Compliant:Fail <<<<
  222. FIPS Compliant:Fail <<<<
  223. Forward Secrecy Supported:Fail <<<<
  224. Heartbleed Vulnerability:Pass
  225.  
  226. Strict Transport Security:Fail <<<<
  227. Mixed Content (HTTP and HTTPS):Timed Out <<<<
  228. Domain name resolves to IPv4 address:Pass
  229. Domain name resolves to IPv6 address:Fail <<<<<
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!