Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- tcpwn:
- ================
- KRATOS SECURITY
- ================
- I did a security test on these retards and thought that as fucking Military Contractors for the DoJ ( Department of Justice ) that they would be atleast some what fucking secure but over scanning their domain AND subdomains I found the exact fucking opposite. So i tried to contact them on twitter ( twitter.com/kratospss ) and that didnt work so I gave them a time limit and even extended it, and still no comment now heres their consequence.
- =====================================
- #1. KRATOSDEFENSE.COM
- =====================================•CMS ( Content Management System )
- http://www.kratosdefense.com [200 OK] Cookies[ASP.NET_SessionId],
- Country[UNITED STATES][US],
- Google-Analytics[Universal][UA-32557754-5], HTTPServer[Microsoft-IIS/7.5], HttpOnly[ASP.NET_SessionId], IP[54.234.96.134],
- JQuery, Microsoft-IIS[7.5],
- Script[text/javascript],
- Title[Home | Kratos Defense & Security Solutions],
- X-Frame-Options[SAMEORIGIN],
- X-UA-Compatible[IE=edge],
- X-XSS-Protection[1; mode=block]
- ====================================
- Heres a little bit of info on the IP, just for the fuck of it.
- IP:54.234.96.134
- Decimal:921329798
- Hostname:ec2-54-234-96-134.compute-1.amazonaws.com
- ASN:14618ISP:Amazon.com
- Organization:Amazon.com
- Services:None detected
- Type: Corporate
- Assignment:Static
- Continent:North America
- Country:United States
- State/Region:Virginia
- City:Ashburn
- Latitude:39.0481 (39° 2′ 53.16″ N)
- Longitude:-77.4728 (77° 28′ 22.08″ W)
- Postal Code:20149
- ====================================
- Now before we begin heres where i found the saddest shit ever....
- ====================================
- Scanning http://www.kratosdefense.com... Loaded cache from: http..www.kratosdefense.com__1492395519.cache
- Getting title ...
- Error page detection ...
- Determining CMS type ...
- Determining CMS version ...
- Detecting platform ...
- Detecting interesting files ...
- Detecting links ...
- Detecting Javascript ...
- Matching urlless fingerprints...
- Checking for cookies ...
- Detecting OS ...
- Searching for sub domains ...
- Searching for tools ...
- Searching for vulnerabilities ...
- Saved cache to: /root/.wig_cache/http..www.kratosdefense.com_-_1492395519.cache ________________________________________ SITE INFO ________________________________________
- IP Title 54.234.96.134
- Home | Kratos Defense & Security Solutions _________________________________________ VERSION _________________________________________
- CMS:
- Sitecore 7.2 (rev. 140526)
- Platform
- ASP.NET
- IIS 7.5
- Platform
- microsoft-httpapi
- 2.0
- Platform
- jQuery 1.5.1
- JavaScript
- OS
- Microsoft Windows Server 2008 R2 _______________________________________ INTERESTING _______________________________________
- /sitecore/admin/unlock_admin.aspx
- Sitecore Unlock Administrator
- Account Interesting
- /sitecore/login/passwordrecovery.aspx Sitecore Password Recovery
- Interesting
- /sitecore/shell/webservice/service.asmx Sitecore Web Service Page Interesting _______________________________________________________________________________________________
- Time: 39.9 sec
- Urls: 259
- Fingerprints: 40401
- ====================================
- So after this I proceeded to do a Google Dorking on the site. After an hour of doing just about every damn dork I could think of I found one.....the Configuration File
- which not only will I link ill even fucking post it here [1]
- ====================================
- tcpwn:
- This XML file does not appear to have any style information associated with it. The document tree is shown below.
- <urlsetxmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/
- </loc>
- <lastmod>2016-10-11T19:04:43-04:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/divisions
- </loc>
- <lastmod>2015-08-24T09:00:41-04:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/solutions
- </loc>
- <lastmod>2014-07-30T14:23:46-04:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos
- </loc>
- <lastmod>2016-05-27T08:33:38-04:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/careers
- </loc>
- <lastmod>2016-01-26T17:09:24-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/leadership
- </loc>
- <lastmod>2013-11-29T12:49:05-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles
- </loc>
- <lastmod>2013-11-27T11:32:30-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/small-business
- </loc>
- <lastmod>2016-02-10T11:31:47-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/ethics-and-compliance
- </loc>
- <lastmod>2013-11-29T13:37:12-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/governance
- </loc>
- <lastmod>2015-12-24T17:05:20-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contacts-and-locations
- </loc>
- <lastmod>2015-07-21T12:48:21-04:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/leadership/eric-demarco
- </loc>
- <lastmod>2013-11-29T12:57:23-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/leadership/deanna-lund
- </loc>
- <lastmod>2013-11-29T12:58:52-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/leadership/other-senior-management
- </loc>
- <lastmod>2015-01-08T14:32:01-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/leadership/board-of-directors
- </loc>
- <lastmod>2016-05-27T08:51:43-04:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/alliant
- </loc>
- <lastmod>2016-11-03T18:21:26-04:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/dhs-cdm
- </loc>
- <lastmod>2014-12-19T14:03:47-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/seaport-e
- </loc>
- <lastmod>2014-01-30T15:16:01-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/gsa
- </loc>
- <lastmod>2015-09-17T15:38:42-04:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/dhs-cdm/overview
- </loc>
- <lastmod>2014-12-19T14:04:03-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/dhs-cdm/products-and-services
- </loc>
- <lastmod>2014-12-19T14:04:13-05:00</lastmod>
- </url>
- <url>
- <loc>
- http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/dhs-cdm/ordering
- </loc>
- <lastmod>2014-12-19T14:04:25-05:00</lastmod>
- tcpwn:
- ====================================
- As Im sure you can see theres a link thats repeated multiple times so I decided to run the same tests on it.
- ====================================
- •CMS (Content Management System)
- ====================================
- http://kd.staging.kratosnetworks.com
- [301 Moved Permanently]
- Country[UNITED STATES][US], HTTPServer[Microsoft-IIS/7.5], IP[184.72.80.167],
- Microsoft-IIS[7.5], RedirectLocation
- [http://kd.staging.kratoscomms.com/], Title[Document Moved],
- X-Frame-Options[SAMEORIGIN],
- X-UA-Compatible[IE=edge],
- X-XSS-Protection[1; mode=block] http://kd.staging.kratoscomms.com/
- [200 OK]
- Cookies[ASP.NET_SessionId],
- Country[UNITED STATES][US], HTTPServer[Microsoft-IIS/7.5], HttpOnly[ASP.NET_SessionId], IP[184.72.80.167],
- JQuery, Microsoft-IIS[7.5],
- Script[text/javascript],
- Title[Home | Kratos Defense & Security Solutions],
- X-Frame-Options[SAMEORIGIN],
- X-UA-Compatible[IE=edge],
- X-XSS-Protection[1; mode=block]
- ====================================
- Now it led me to the comms site due to the server saying it was moved and I got the same thing as the first site while doing a WebApplication Information scan
- ====================================
- Scanning http://kd.staging.kratoscomms.com/...
- Getting title ...
- Error page detection ...
- Determining CMS type ...
- Determining CMS version ...
- Detecting platform ...
- Detecting interesting files ...
- Detecting links ...
- Detecting Javascript ...
- Matching urlless fingerprints...
- Checking for cookies ...
- Detecting OS ...
- Searching for sub domains ...
- Searching for tools ...
- Searching for vulnerabilities ...
- Saved cache to: /root/.wig_cache/http..kd.staging.kratoscomms.com_-_1492396756.cache _______________________________________ SITE INFO _______________________________________
- IP Title 184.72.80.167
- Home | Kratos Defense & Security Solutions ________________________________________ VERSION ________________________________________
- CMS
- Sitecore
- 7.2 (rev. 140526)
- Platform
- ASP.NET
- IIS 7.5
- Platform
- jQuery 1.5.1
- JavaScript
- OS
- Microsoft Windows Server
- 2008 R2
- ______________________________________ INTERESTING ______________________________________
- /sitecore/admin/unlock_admin.aspx
- Sitecore Unlock Administrator Account
- Interesting
- /sitecore/login/passwordrecovery.aspx Sitecore Password Recovery
- Interesting
- /robots.txt robots.txt index
- _________________________________________________________________________________________________
- Time: 100.0
- sec Urls: 255
- Fingerprints: 40401
- ====================================
- So then i decided id look for a subdomain using the Kratosdefense.com site and got the following....
- ====================================
- •search.kratosdefense.com - 207.140.16.151
- •ir.kratosdefense.com - 206.200.251.19
- •www.kratosdefense.com - 54.234.96.134
- •support.kratosdefense.com - 207.140.16.162
- •autodiscover.kratosdefense.com - 207.140.16.52
- •mail.kratosdefense.com - 207.140.16.52
- •portal.kratosdefense.com - 207.140.16.151
- •access.kratosdefense.com - 207.140.17.81
- •intranet.kratosdefense.com - 207.140.16.150
- •webmail.kratosdefense.com - 207.140.16.52
- tax.kratosdefense.com - 207.140.16.151
- ====================================
- I got curious and wondered what was actually hosted on the same kratosdefense.com Server and found KratosPss ( twitter.com/kratospss ; kratospss.com )
- ====================================
- tcpwn:
- Resource #1: www.verisat.no www.secureinfo.com
- www.sat.com
- www.rtlogic.com
- www.kratosuss.com
- www.kratosusd.com
- www.kratostts.com www.kratossecureinfo.com www.kratospss.com www.kratosnetworks.com www.kratosmsd.com
- www.kratosmed.com
- www.kratosepd.com
- www.kratosdrss.com
- www.kratosdefense.com www.kratoscomms.com www.kratosarabia.com
- www.kratos-isi.com
- www.kratos-hbe.com
- www.integ.com
- www.herley.com
- www.hbe-inc.com www.gichnersystemsgroup.com www.dhscdm.com
- www.deicorp.net
- www.compositeeng.com
- www.cmci.com www.cei.to
- www.avtec.com
- verisat.no
- southsidecontainer.com
- secureinfo.com
- sat.com
- rtlogicappsdev.com
- rtlogicapps.com
- rtlogic.com
- quantumgnd.com
- quantumcmd.com
- madisonresearch.com
- kratosuss.com
- kratosusd.com
- kratostts.com
- kratostraining.com
- kratossecureinfo.com
- kratossatcom.com
- kratospss.com
- kratosmsd.com
- kratosmed.com
- kratosepd.com
- kratosdrss.com
- kratosdefense.com
- kratoscybersecurity.com
- kratoscoms.com
- kratoscomms.com
- kratoscomm.com
- kratoscom.com
- kratos-isi.com
- kratos-hbe.com
- kratos-comms.com
- integ.com
- hgmi.biz
- herley.com
- herley-cti.com hbe-inc.com
- gichnersystemsgroup.com generalmicrowave.com digitalfusionsolutons.com digitalfusionsolutions.com
- dhscdm.com
- deicorp.net
- compositeeng.com
- cmci.com
- charlestonmarinecontainers.com
- cei.to buy-cmci.com
- bscpartnersllc.com avtec.com
- ====================================
- Now As you can see Kratos practically OWNS the damn server i mean hell how much fucking shit do you need dude.ill release a shorter list of links that actuallu work. But ANYFUCKINGWAY I did a SSL scan on http://kd.staging.kratosnetworks.com and found these vulnerable ill link the full test below [2] but the 2 below were either Weak or Vulnerable.
- ====================================
- POODLE (SSLv3) : Vulnerable
- INSECURE
- SSL 3: 0xa
- RC4 : Yes
- INSECURE (more info)
- Forward Secrecy : Weak key exchange WEAK
- Uses common DH primes :Yes
- Replace with custom DH parameters if possible
- DH public server param (Ys) reuse : Yes
- ECDH public server param reuse : Yes
- HTTP Forwarding : http://kd.staging.kratoscomms.com PLAINTEXT
- =================
- Cipher Suites
- ================= •FS128TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)
- DH 1024 bits
- FS
- WEAK
- •256TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)
- DH 1024 bits
- FS
- WEAK
- •(0x2f)128TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)
- WEAK
- •112TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE
- •128TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE128
- # SSL 3 (suites in server-preferred order)
- •TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK
- •112TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE
- •128TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE128
- # SSL 2 (client selects suite)
- •SSL_CK_RC4_128_WITH_MD5 (0x10080) INSECURE
- •128SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0x700c0)
- INSECURE
- 112
- tcpwn:
- ====================================
- Heres the weak or vulnerable Handshake Simulation Browsers
- ====================================
- •Android 2.3.7
- •IE 6/XP
- •IE 8/XP
- •Java6u45
- •Apple ATS 9/ iOS 9
- ==================================== ====================================
- END CREDITS....
- ==================================== ==================================== ====================================
- Thanks for reading all this BS
- Links :
- [1]https://www.google.com/search?q=site:www.kratosdefense.com+ext:xml+|+ext:conf+|+ext:cnf+|+ext:reg+|+ext:inf+|+ext:rdp+|+ext:cfg+|+ext:txt+|+ext:ora+|+ext:ini
- [2] https://www.ssllabs.com/ssltest/analyze.html?d=kd.staging.kratosnetworks.com
Add Comment
Please, Sign In to add comment