AnonymousSriLanka

UNITED NATIONS (UN) - Careers Web Serv Data/Variable Disclos

Feb 29th, 2012
375
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. UNITED NATIONS (UN) - Careers Web Server Data/Variable Disclos
  2. (TSL-SSL Keys/AdminFolders/Server Variables)
  3.  
  4. The United Nations (UN) is an international organization whose stated aims are facilitating cooperation in international law, international security, economic development, social progress, human rights, and achievement of world peace. The UN was founded in 1945 after World War II to replace the League of Nations, to stop wars between countries, and to provide a platform for dialogue. It contains multiple subsidiary organizations to carry out its missions.
  5.  
  6. http://www.un.org
  7.  
  8. THIS ATTACK AGAINST THE DIRTIEST THINGS AGAINST THE SRI LANKA BY UN .........!!!!!
  9.  
  10. EXCLUSIVE FROM - Anonymous Sri Lanka
  11.  
  12. WWW.UN.ORG -----> Fuck3D and Bust3D
  13.  
  14. Primary careers.un.org (157.150.34.31) Server Hacked and
  15. with Transferring (Data Leak)....!!
  16.  
  17. Hail to Anonymous, Lulzsec and Operation Anti-Sec...
  18. 21/tcp filtered ftp no-response
  19. 22/tcp filtered ssh no-response
  20. 23/tcp filtered telnet no-response
  21. 25/tcp filtered smtp no-response
  22. 80/tcp open http? syn-ack
  23. | http-grep:
  24. |_ ERROR: Argument http-grep.match was not set
  25. |_citrix-brute-xml: FAILED: No domain specified (use ntdomain argument)
  26. | http-brute:
  27. |_ ERROR: No path was specified (see http-brute.path)
  28. |_http-google-malware: [ERROR] No API key found. Update the variable APIKEY in http-google-malware or set it in the argument http-google-malware.api
  29. | http-malware-host:
  30. |_ ERROR: Unknown pages return a 302 response; unable to check
  31. |_http-methods: No Allow or Public header in OPTIONS response (status code 307)
  32. |_http-wordpress-enum: [Error] Wordpress installation was not found. We couldn't find wp-login.php
  33. |_http-iis-webdav-vuln: ERROR: This web server is not supported.
  34. | http-form-brute:
  35. |_ ERROR: No passvar was specified (see http-form-brute.passvar)
  36. | http-title: Site doesn't have a title (text/html).
  37. |_Did not follow redirect to https://careers.un.org/
  38. | http-headers:
  39. | Content-Type: text/html
  40. | Content-Length: 88
  41. | Location: https://careers.un.org/
  42. | Cache-Control: private
  43. |
  44. |_ (Request type: GET)
  45. |_http-userdir-enum: Didn't find any users!
  46. |_http-wordpress-plugins: nothing found amongst the 100 most popular plugins, use --script-arg http-wordpress-plugins.search=<number|all> for deeper analysis)
  47. | http-vhosts:
  48. |_405 names had status 302
  49. | http-domino-enum-passwords:
  50. |_ ERROR: No valid credentials were found (see domino-enum-passwords.username and domino-enum-passwords.password)
  51. 110/tcp filtered pop3 no-response
  52. 139/tcp filtered netbios-ssn no-response
  53. 443/tcp open ssl/http syn-ack Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  54. |_http-google-malware: [ERROR] No API key found. Update the variable APIKEY in http-google-malware or set it in the argument http-google-malware.api
  55. | http-brute:
  56. |_ ERROR: No path was specified (see http-brute.path)
  57. |_citrix-brute-xml: FAILED: No domain specified (use ntdomain argument)
  58. | http-grep:
  59. |_ ERROR: Argument http-grep.match was not set
  60. |_http-date: Wed, 29 Feb 2012 08:51:18 GMT; +4s from local time.
  61. |_http-iis-webdav-vuln: ERROR: This web server is not supported.
  62. | ssl-cert: Subject: commonName=*.un.org/organizationName=United Nations/stateOrProvinceName=New York/countryName=US/streetAddress=24-01 44th Road, 9th Floor/localityName=Long Island City/postalCode=11101-4605/organizationalUnitName=Comodo PremiumSSL Wildcard
  63. | Issuer: commonName=UTN-USERFirst-Hardware/organizationName=The USERTRUST Network/stateOrProvinceName=UT/countryName=US/localityName=Salt Lake City/organizationalUnitName=http://www.usertrust.com
  64. | Public Key type: rsa
  65. | Public Key bits: 2048
  66. | Not valid before: 2011-02-02 00:00:00
  67. | Not valid after: 2013-04-13 23:59:59
  68. | MD5: 7920 a56a 7a80 873f 2303 98fd 5711 4c72
  69. | SHA-1: 3829 64d1 30e8 d182 52e7 65b8 5c41 5de1 0470 a249
  70. | -----BEGIN CERTIFICATE-----
  71. | MIIGBzCCBO+gAwIBAgIQGSM5lIzygwVgvQZH7nphlDANBgkqhkiG9w0BAQUFADCB
  72. | lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
  73. | Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
  74. | dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
  75. | SGFyZHdhcmUwHhcNMTEwMjAyMDAwMDAwWhcNMTMwNDEzMjM1OTU5WjCCAQsxCzAJ
  76. | BgNVBAYTAlVTMRMwEQYDVQQREwoxMTEwMS00NjA1MREwDwYDVQQIEwhOZXcgWW9y
  77. | azEZMBcGA1UEBxMQTG9uZyBJc2xhbmQgQ2l0eTEjMCEGA1UECRMaMjQtMDEgNDR0
  78. | aCBSb2FkLCA5dGggRmxvb3IxFzAVBgNVBAoTDlVuaXRlZCBOYXRpb25zMQ0wCwYD
  79. | VQQLEwRPSUNUMTQwMgYDVQQLEytJc3N1ZWQgdGhyb3VnaCBVbml0ZWQgTmF0aW9u
  80. | cyBFLVBLSSBNYW5hZ2VyMSMwIQYDVQQLExpDb21vZG8gUHJlbWl1bVNTTCBXaWxk
  81. | Y2FyZDERMA8GA1UEAxQIKi51bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
  82. | ggEKAoIBAQCs1eE0bZ1LBeAYBybTC5K4D7p7jpOvfMqH8uWU5XUz5mD2t8ZuZ/gk
  83. | AL3Te23ev32e8bKPkSYym9VgLNZ5CQbh+DG4y6lQNY0kaokMRSYGMhQG8mdUEkcg
  84. | u4lvd3V1VZ6HeppcO7ufgn3RbpTSLcgKRlm9UABQmYxZ0nmwW6z9IeGgKPoHn+18
  85. | G8HgFuMx4N0+vAbPvuhrurzb3OfWFsj2qE0R3PHtbZ/4lUCB54SG7LtNfsDeqzhp
  86. | rlHoD6OB25V1/t5Mt4K38PRa1i52G6J+KcuexxslfS3Kv67eNFik6t3lR3MPDSGw
  87. | Vtw1ATyTNW5aHrkq84AbZAKzMi9O7HzxAgMBAAGjggHWMIIB0jAfBgNVHSMEGDAW
  88. | gBShcl8mGyiYQ5VdBzfVhZadS9LDRTAdBgNVHQ4EFgQUHdeek2FzeALWh9EDbE8s
  89. | xfGb4uQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
  90. | KwYBBQUHAwEGCCsGAQUFBwMCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQMEMCsw
  91. | KQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMHsGA1Ud
  92. | HwR0MHIwOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL1VUTi1VU0VSRmly
  93. | c3QtSGFyZHdhcmUuY3JsMDagNKAyhjBodHRwOi8vY3JsLmNvbW9kby5uZXQvVVRO
  94. | LVVTRVJGaXJzdC1IYXJkd2FyZS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUF
  95. | BzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9VVE5BZGRUcnVzdFNlcnZlckNB
  96. | LmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMBsGA1Ud
  97. | EQQUMBKCCCoudW4ub3JnggZ1bi5vcmcwDQYJKoZIhvcNAQEFBQADggEBAG9ajQJE
  98. | fC4XCmsdUD0HQ+5PNO1YtusPQD9I7zOgf6c25TMeu7PCblYH7nZq5NiiglchRX6a
  99. | VowALfIqjXyEWTDlq94y7JKtv/B62GU1dX7lvNoPS80/e1MzZCzkGa1hHZjiQL7r
  100. | kFoSmHeRr8A+fIjJZ85o7x2Y6qZJcjQTtASRAMV4kZEqST+cnRF3Pz8WnGKlFwFn
  101. | aUXH/t/MDgQbpa0+tKIg8dAP3Tb43r4051Rius6zOhS5PYOmo4MsBiKOVXHZnT15
  102. | vHiNtnSrtsKkxE3xGI7d9x5CC/BLnp8edK5cneCK39+MZFmJmvMFxXwiaIDCiWGx
  103. | vhwke7E0HzImDls=
  104. |_-----END CERTIFICATE-----
  105. | http-headers:
  106. | Cache-Control: no-cache
  107. | Content-Length: 448
  108. | Content-Type: text/html
  109. | Last-Modified: Thu, 30 Dec 2010 14:01:13 GMT
  110. | Accept-Ranges: bytes
  111. | ETag: "ac451e52aa8cb1:0"
  112. | X-Powered-By: ASP.NET
  113. | Date: Wed, 29 Feb 2012 08:51:23 GMT
  114. | Set-Cookie: NSC_q_m_nzdbsffst.vo.psh_ttm_mc_wjq=ffffffff9e9eb5e245525d5f4f58455e445a4a423660;expires=Wed, 29-Feb-2012 08:53:24 GMT;path=/;secure;httponly
  115. |
  116. |_ (Request type: HEAD)
  117. |_http-malware-host: Host appears to be clean
  118. |_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable
  119. |_http-title: UN Careers
  120. | http-form-brute:
  121. |_ ERROR: No passvar was specified (see http-form-brute.passvar)
  122. |_http-wordpress-enum: [Error] Wordpress installation was not found. We couldn't find wp-login.php
  123. | http-methods: OPTIONS TRACE GET HEAD POST
  124. | Potentially risky methods: TRACE
  125. | http-php-version: Logo query returned unknown hash aa30c8e81047a294cb857ba77f7dbac0
  126. |_Credits query returned unknown hash aa30c8e81047a294cb857ba77f7dbac0
  127. |_http-userdir-enum: Didn't find any users!
  128. | http-vuln-cve2011-3192:
  129. | VULNERABLE:
  130. | Apache byterange filter DoS
  131. | State: VULNERABLE
  132. | IDs: CVE:CVE-2011-3192 OSVDB:74721
  133. | Description:
  134. | The Apache web server is vulnerable to a denial of service attack when numerous
  135. | overlapping byte ranges are requested.
  136. | Disclosure date: 2011-08-19
  137. | References:
  138. | http://seclists.org/fulldisclosure/2011/Aug/175
  139. | http://nessus.org/plugins/index.php?view=single&id=55976
  140. | http://osvdb.org/74721
  141. |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
  142. |_http-wordpress-plugins: nothing found amongst the 100 most popular plugins, use --script-arg http-wordpress-plugins.search=<number|all> for deeper analysis)
  143. | http-email-harvest:
  144. | Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=careers.un.org
  145. |_ thangpdtt@gmail.com
  146. | http-unsafe-output-escaping:
  147. | Characters ['] reflected in parameter viewtype at https://careers.un.org/lbw/home.aspx?viewtype=VP&amp;PID=205
  148. | Characters ['] reflected in parameter PID at https://careers.un.org/lbw/home.aspx?viewtype=VP&amp;PID=205
  149. | Characters ['] reflected in parameter viewtype at https://careers.un.org/lbw/home.aspx?viewtype=VP&amp;PID=188
  150. | Characters ['] reflected in parameter PID at https://careers.un.org/lbw/home.aspx?viewtype=VP&amp;PID=188
  151. | Characters ['] reflected in parameter viewtype at https://careers.un.org/lbw/home.aspx?viewtype=VP&amp;PID=181
  152. | Characters ['] reflected in parameter PID at https://careers.un.org/lbw/home.aspx?viewtype=VP&amp;PID=181
  153. | Characters ['] reflected in parameter viewtype at https://careers.un.org/lbw/home.aspx?viewtype=VP&amp;PID=136
  154. | Characters ['] reflected in parameter PID at https://careers.un.org/lbw/home.aspx?viewtype=VP&amp;PID=136
  155. | Characters ['] reflected in parameter viewtype at https://careers.un.org/lbw/home.aspx?viewtype=VP&amp;PID=201
  156. | Characters ['] reflected in parameter PID at https://careers.un.org/lbw/home.aspx?viewtype=VP&amp;PID=201
  157. | Characters ['] reflected in parameter viewtype at https://careers.un.org/lbw/home.aspx?viewtype=VP&amp;PID=165
  158. |_ Characters ['] reflected in parameter PID at https://careers.un.org/lbw/home.aspx?viewtype=VP&amp;PID=165
  159. | ssl-enum-ciphers:
  160. | SSLv3
  161. | Ciphers (3)
  162. | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
  163. | TLS_RSA_WITH_RC4_128_MD5 - unknown strength
  164. | TLS_RSA_WITH_RC4_128_SHA - strong
  165. | Compressors (1)
  166. | NULL
  167. | TLSv1.0
  168. | Ciphers (5)
  169. | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
  170. | TLS_RSA_WITH_AES_128_CBC_SHA - strong
  171. | TLS_RSA_WITH_AES_256_CBC_SHA - unknown strength
  172. | TLS_RSA_WITH_RC4_128_MD5 - unknown strength
  173. | TLS_RSA_WITH_RC4_128_SHA - strong
  174. | Compressors (1)
  175. | NULL
  176. |_ Least strength = unknown strength
  177. | http-enum:
  178. | /login.aspx: Possible admin folder
  179. | /home.aspx: Possible admin folder
  180. | /rss.aspx: RSS or Atom feed
  181. |_ /login/: Login page
  182. | http-vhosts:
  183. |_405 names had status 200
  184. | ssl-google-cert-catalog:
  185. |_ No DB entry
  186. | http-domino-enum-passwords:
  187. |_ ERROR: No valid credentials were found (see domino-enum-passwords.username and domino-enum-passwords.password)
  188. 445/tcp filtered microsoft-ds no-response
  189. 3389/tcp filtered ms-term-serv no-response
  190.  
  191. Host script results:
  192. | dns-blacklist:
  193. | PROXY
  194. | dnsbl.ahbl.org - FAIL
  195. | socks.dnsbl.sorbs.net - FAIL
  196. | http.dnsbl.sorbs.net - FAIL
  197. | misc.dnsbl.sorbs.net - FAIL
  198. | dnsbl.tornevall.org - FAIL
  199. | SPAM
  200. | dnsbl.ahbl.org - FAIL
  201. | dnsbl.inps.de - FAIL
  202. | bl.nszones.com - FAIL
  203. | l2.apews.org - FAIL
  204. | list.quorum.to - FAIL
  205. | all.spamrats.com - FAIL
  206. | bl.spamcop.net - FAIL
  207. | spam.dnsbl.sorbs.net - FAIL
  208. |_ sbl.spamhaus.org - FAIL
  209. |_asn-query: No Servers
  210. | dns-zeustracker:
  211. |_ ERROR: DNS Query failed
  212. |_path-mtu: PMTU == 1500
  213. | dns-brute:
  214. | DNS Brute-force hostnames
  215. |_ No results.
  216. |_hostmap: Error: found no hostnames but not the marker for "no hostnames found" (pattern error?)
  217. | ip-geolocation-geobytes:
  218. | 157.150.195.212 (careers.un.org)
  219. | coordinates (lat,lon): 40.7488,-73.9846
  220. |_ city: New York, New York, United States
  221. | firewalk:
  222. | HOP HOST PROTOCOL BLOCKED PORTS
  223. |_1 192.168.140.2 tcp 21-23,25,110,139,445,3389
  224. | ip-geolocation-geoplugin:
  225. | 157.150.195.212 (careers.un.org)
  226. | coordinates (lat,lon): 40.752799987793,-73.972503662109
  227. |_ state: New York, United States
  228. | whois: Record found at whois.arin.net
  229. | netrange: 157.150.0.0 - 157.150.255.255
  230. | netname: UN-NET
  231. | orgname: United Nations
  232. | orgid: UNITED-2
  233. | country: US stateprov: NY
  234. |
  235. | orgtechname: Linehan, Andrew John
  236. |_orgtechemail: linehan@un.org
  237. |_ipidseq: Random Positive Increments [used port 80]
  238. | qscan:
  239. | PORT FAMILY MEAN (us) STDDEV LOSS (%)
  240. | 80 0 389239.00 38695.70 0.0%
  241. |_443 0 385803.40 34701.11 0.0%
  242.  
  243. TRACEROUTE (using port 443/tcp)
  244. HOP RTT ADDRESS
  245. 1 0.57 ms 192.168.140.2
  246. 2 357.84 ms secnet158.un.org (157.150.195.212)
  247. Final times for host: srtt: 345936 rttvar: 50458 to: 547768
  248.  
  249. New targets in the scanned cache: 0, pending ones: 0.
  250. Post-scan script results:
  251. | reverse-index:
  252. | 80/tcp: 157.150.195.212
  253. |_ 443/tcp: 157.150.195.212
RAW Paste Data