API tools faq
paste
Guest User

KratosDefense Is a Shit Contractor with Shit fucking Securit

a guest
Apr 16th, 2017
349
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.79 KB | None | 0 0
raw download clone embed print report
  1. tcpwn:
  2. ================
  3. KRATOS SECURITY
  4. ================
  5. I did a security test on these retards and thought that as fucking Military Contractors for the DoJ ( Department of Justice ) that they would be atleast some what fucking secure but over scanning their domain AND subdomains I found the exact fucking opposite. So i tried to contact them on twitter ( twitter.com/kratospss ) and that didnt work so I gave them a time limit and even extended it, and still no comment now heres their consequence.
  6. =====================================
  7. #1. KRATOSDEFENSE.COM
  8. =====================================•CMS ( Content Management System )
  9.  
  10. http://www.kratosdefense.com [200 OK] Cookies[ASP.NET_SessionId],
  11. Country[UNITED STATES][US],
  12. Google-Analytics[Universal][UA-32557754-5], HTTPServer[Microsoft-IIS/7.5], HttpOnly[ASP.NET_SessionId], IP[54.234.96.134],
  13.  JQuery, Microsoft-IIS[7.5],
  14.  Script[text/javascript],
  15.  Title[Home | Kratos Defense & Security Solutions],
  16.  X-Frame-Options[SAMEORIGIN],
  17. X-UA-Compatible[IE=edge],
  18.  X-XSS-Protection[1; mode=block]
  19. ====================================
  20. Heres a little bit of info on the IP, just for the fuck of it.
  21. IP:54.234.96.134
  22. Decimal:921329798
  23. Hostname:ec2-54-234-96-134.compute-1.amazonaws.com
  24. ASN:14618ISP:Amazon.com
  25. Organization:Amazon.com
  26. Services:None detected
  27. Type: Corporate
  28. Assignment:Static
  29. Continent:North America
  30. Country:United States
  31. State/Region:Virginia
  32. City:Ashburn
  33. Latitude:39.0481  (39° 2′ 53.16″ N)
  34. Longitude:-77.4728  (77° 28′ 22.08″ W)
  35. Postal Code:20149
  36. ====================================
  37. Now before we begin heres where i found the saddest shit ever....
  38. ====================================
  39. Scanning http://www.kratosdefense.com... Loaded cache from: http..www.kratosdefense.com__1492395519.cache
  40.  Getting title ...
  41. Error page detection ...
  42. Determining CMS type ...
  43. Determining CMS version ...
  44. Detecting platform ...
  45. Detecting interesting files ...
  46. Detecting links ...
  47. Detecting Javascript ...
  48. Matching urlless fingerprints...
  49. Checking for cookies ...
  50. Detecting OS ...
  51. Searching for sub domains ...
  52. Searching for tools ...
  53. Searching for vulnerabilities ...
  54. Saved cache to: /root/.wig_cache/http..www.kratosdefense.com_-_1492395519.cache ________________________________________ SITE INFO ________________________________________
  55.  IP Title 54.234.96.134
  56.  Home | Kratos Defense & Security Solutions _________________________________________ VERSION _________________________________________
  57. CMS:
  58. Sitecore 7.2 (rev. 140526)
  59.  
  60. Platform
  61. ASP.NET
  62. IIS 7.5
  63.  
  64. Platform
  65. microsoft-httpapi
  66. 2.0
  67.  
  68. Platform
  69.  jQuery 1.5.1
  70.  JavaScript
  71.  
  72. OS
  73. Microsoft Windows Server 2008 R2 _______________________________________ INTERESTING _______________________________________
  74.  /sitecore/admin/unlock_admin.aspx
  75. Sitecore Unlock Administrator
  76.  
  77. Account Interesting
  78.  /sitecore/login/passwordrecovery.aspx Sitecore Password Recovery
  79.  
  80.  Interesting
  81.  
  82.  /sitecore/shell/webservice/service.asmx Sitecore Web Service Page Interesting _______________________________________________________________________________________________
  83.  Time: 39.9 sec
  84.  Urls: 259
  85. Fingerprints: 40401
  86. ====================================
  87. So after this I proceeded to do a Google Dorking on the site. After an hour of doing just about every damn dork I could think of I found one.....the Configuration File
  88. which not only will I link ill even fucking post it here [1]
  89. ====================================
  90. tcpwn:
  91. This XML file does not appear to have any style information associated with it. The document tree is shown below.
  92.  
  93. <urlsetxmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
  94.  
  95. <url>
  96.  
  97. <loc>
  98.  
  99. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/
  100.  
  101. </loc>
  102.  
  103. <lastmod>2016-10-11T19:04:43-04:00</lastmod>
  104.  
  105. </url>
  106.  
  107. <url>
  108.  
  109. <loc>
  110.  
  111. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/divisions
  112.  
  113. </loc>
  114.  
  115. <lastmod>2015-08-24T09:00:41-04:00</lastmod>
  116.  
  117. </url>
  118.  
  119. <url>
  120.  
  121. <loc>
  122.  
  123. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/solutions
  124.  
  125. </loc>
  126.  
  127. <lastmod>2014-07-30T14:23:46-04:00</lastmod>
  128.  
  129. </url>
  130.  
  131. <url>
  132.  
  133. <loc>
  134.  
  135. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos
  136.  
  137. </loc>
  138.  
  139. <lastmod>2016-05-27T08:33:38-04:00</lastmod>
  140.  
  141. </url>
  142.  
  143. <url>
  144.  
  145. <loc>
  146.  
  147. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/careers
  148.  
  149. </loc>
  150.  
  151. <lastmod>2016-01-26T17:09:24-05:00</lastmod>
  152.  
  153. </url>
  154.  
  155. <url>
  156.  
  157. <loc>
  158.  
  159. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/leadership
  160.  
  161. </loc>
  162.  
  163. <lastmod>2013-11-29T12:49:05-05:00</lastmod>
  164.  
  165. </url>
  166.  
  167. <url>
  168.  
  169. <loc>
  170.  
  171. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles
  172.  
  173. </loc>
  174.  
  175. <lastmod>2013-11-27T11:32:30-05:00</lastmod>
  176.  
  177. </url>
  178.  
  179. <url>
  180.  
  181. <loc>
  182.  
  183. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/small-business
  184.  
  185. </loc>
  186.  
  187. <lastmod>2016-02-10T11:31:47-05:00</lastmod>
  188.  
  189. </url>
  190.  
  191. <url>
  192.  
  193. <loc>
  194.  
  195. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/ethics-and-compliance
  196.  
  197. </loc>
  198.  
  199. <lastmod>2013-11-29T13:37:12-05:00</lastmod>
  200.  
  201. </url>
  202.  
  203. <url>
  204.  
  205. <loc>
  206.  
  207. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/governance
  208.  
  209. </loc>
  210.  
  211. <lastmod>2015-12-24T17:05:20-05:00</lastmod>
  212.  
  213. </url>
  214.  
  215. <url>
  216.  
  217. <loc>
  218.  
  219. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contacts-and-locations
  220.  
  221. </loc>
  222.  
  223. <lastmod>2015-07-21T12:48:21-04:00</lastmod>
  224.  
  225. </url>
  226.  
  227. <url>
  228.  
  229. <loc>
  230.  
  231. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/leadership/eric-demarco
  232.  
  233. </loc>
  234.  
  235. <lastmod>2013-11-29T12:57:23-05:00</lastmod>
  236.  
  237. </url>
  238.  
  239. <url>
  240.  
  241. <loc>
  242.  
  243. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/leadership/deanna-lund
  244.  
  245. </loc>
  246.  
  247. <lastmod>2013-11-29T12:58:52-05:00</lastmod>
  248.  
  249. </url>
  250.  
  251. <url>
  252.  
  253. <loc>
  254.  
  255. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/leadership/other-senior-management
  256.  
  257. </loc>
  258.  
  259. <lastmod>2015-01-08T14:32:01-05:00</lastmod>
  260.  
  261. </url>
  262.  
  263. <url>
  264.  
  265. <loc>
  266.  
  267. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/leadership/board-of-directors
  268.  
  269. </loc>
  270.  
  271. <lastmod>2016-05-27T08:51:43-04:00</lastmod>
  272.  
  273. </url>
  274.  
  275. <url>
  276.  
  277. <loc>
  278.  
  279. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/alliant
  280.  
  281. </loc>
  282.  
  283. <lastmod>2016-11-03T18:21:26-04:00</lastmod>
  284.  
  285. </url>
  286.  
  287. <url>
  288.  
  289. <loc>
  290.  
  291. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/dhs-cdm
  292.  
  293. </loc>
  294.  
  295. <lastmod>2014-12-19T14:03:47-05:00</lastmod>
  296.  
  297. </url>
  298.  
  299. <url>
  300.  
  301. <loc>
  302.  
  303. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/seaport-e
  304.  
  305. </loc>
  306.  
  307. <lastmod>2014-01-30T15:16:01-05:00</lastmod>
  308.  
  309. </url>
  310.  
  311. <url>
  312.  
  313. <loc>
  314.  
  315. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/gsa
  316.  
  317. </loc>
  318.  
  319. <lastmod>2015-09-17T15:38:42-04:00</lastmod>
  320.  
  321. </url>
  322.  
  323. <url>
  324.  
  325. <loc>
  326.  
  327. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/dhs-cdm/overview
  328.  
  329. </loc>
  330.  
  331. <lastmod>2014-12-19T14:04:03-05:00</lastmod>
  332.  
  333. </url>
  334.  
  335. <url>
  336.  
  337. <loc>
  338.  
  339. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/dhs-cdm/products-and-services
  340.  
  341. </loc>
  342.  
  343. <lastmod>2014-12-19T14:04:13-05:00</lastmod>
  344.  
  345. </url>
  346.  
  347. <url>
  348.  
  349. <loc>
  350.  
  351. http://www.kratosdefense.comhttps://kd.staging.kratosnetworks.com:443/about-kratos/contract-vehicles/dhs-cdm/ordering
  352.  
  353. </loc>
  354.  
  355. <lastmod>2014-12-19T14:04:25-05:00</lastmod>
  356. tcpwn:
  357. ====================================
  358. As Im sure you can see theres a link thats repeated multiple times so I decided to run the same tests on it.
  359. ====================================
  360. •CMS (Content Management System)
  361.  ====================================
  362. http://kd.staging.kratosnetworks.com
  363.  [301 Moved Permanently]
  364.  Country[UNITED STATES][US], HTTPServer[Microsoft-IIS/7.5], IP[184.72.80.167],
  365. Microsoft-IIS[7.5], RedirectLocation
  366. [http://kd.staging.kratoscomms.com/], Title[Document Moved],
  367. X-Frame-Options[SAMEORIGIN],
  368. X-UA-Compatible[IE=edge],
  369. X-XSS-Protection[1; mode=block] http://kd.staging.kratoscomms.com/
  370. [200 OK]
  371. Cookies[ASP.NET_SessionId],
  372.  Country[UNITED STATES][US], HTTPServer[Microsoft-IIS/7.5], HttpOnly[ASP.NET_SessionId], IP[184.72.80.167],
  373. JQuery, Microsoft-IIS[7.5],
  374. Script[text/javascript],
  375.  Title[Home | Kratos Defense & Security Solutions],
  376. X-Frame-Options[SAMEORIGIN],
  377. X-UA-Compatible[IE=edge],
  378. X-XSS-Protection[1; mode=block]
  379. ====================================
  380. Now it led me to the comms site due to the server saying it was moved and I got the same thing as the first site while doing a WebApplication Information scan
  381. ====================================
  382. Scanning http://kd.staging.kratoscomms.com/...
  383. Getting title ...
  384. Error page detection ...
  385. Determining CMS type ...
  386. Determining CMS version ...
  387. Detecting platform ...
  388. Detecting interesting files ...
  389. Detecting links ...
  390. Detecting Javascript ...
  391. Matching urlless fingerprints...
  392. Checking for cookies ...
  393. Detecting OS ...
  394. Searching for sub domains ...
  395. Searching for tools ...
  396. Searching for vulnerabilities ...
  397. Saved cache to: /root/.wig_cache/http..kd.staging.kratoscomms.com_-_1492396756.cache _______________________________________ SITE INFO _______________________________________
  398. IP Title 184.72.80.167
  399. Home | Kratos Defense & Security Solutions ________________________________________ VERSION ________________________________________
  400. CMS
  401. Sitecore
  402. 7.2 (rev. 140526)
  403.  
  404. Platform
  405. ASP.NET
  406.  IIS 7.5
  407.  
  408. Platform
  409. jQuery 1.5.1
  410. JavaScript
  411.  
  412. OS
  413. Microsoft Windows Server
  414. 2008 R2
  415. ______________________________________ INTERESTING ______________________________________
  416.  /sitecore/admin/unlock_admin.aspx
  417.  Sitecore Unlock Administrator Account
  418.  
  419.  Interesting
  420. /sitecore/login/passwordrecovery.aspx Sitecore Password Recovery
  421.  
  422. Interesting
  423.  
  424.  /robots.txt robots.txt index
  425.  _________________________________________________________________________________________________
  426. Time: 100.0
  427. sec Urls: 255
  428. Fingerprints: 40401
  429. ====================================
  430. So then i decided id look for a subdomain using the Kratosdefense.com site and got the following....
  431. ====================================
  432. •search.kratosdefense.com - 207.140.16.151
  433. •ir.kratosdefense.com - 206.200.251.19
  434. •www.kratosdefense.com - 54.234.96.134
  435. •support.kratosdefense.com - 207.140.16.162
  436. •autodiscover.kratosdefense.com - 207.140.16.52
  437. •mail.kratosdefense.com - 207.140.16.52
  438. •portal.kratosdefense.com - 207.140.16.151
  439. •access.kratosdefense.com - 207.140.17.81
  440. •intranet.kratosdefense.com - 207.140.16.150
  441. •webmail.kratosdefense.com - 207.140.16.52
  442. tax.kratosdefense.com - 207.140.16.151
  443. ====================================
  444. I got curious and wondered what was actually hosted on the same kratosdefense.com Server and found KratosPss ( twitter.com/kratospss ; kratospss.com )
  445. ====================================
  446. tcpwn:
  447. Resource #1: www.verisat.no www.secureinfo.com
  448. www.sat.com
  449. www.rtlogic.com
  450. www.kratosuss.com
  451. www.kratosusd.com
  452. www.kratostts.com www.kratossecureinfo.com www.kratospss.com www.kratosnetworks.com www.kratosmsd.com
  453. www.kratosmed.com
  454. www.kratosepd.com
  455. www.kratosdrss.com
  456. www.kratosdefense.com www.kratoscomms.com www.kratosarabia.com
  457. www.kratos-isi.com
  458. www.kratos-hbe.com
  459. www.integ.com
  460. www.herley.com
  461. www.hbe-inc.com www.gichnersystemsgroup.com www.dhscdm.com
  462. www.deicorp.net
  463. www.compositeeng.com
  464. www.cmci.com www.cei.to
  465. www.avtec.com
  466. verisat.no
  467. southsidecontainer.com
  468. secureinfo.com
  469. sat.com
  470. rtlogicappsdev.com
  471. rtlogicapps.com
  472. rtlogic.com
  473. quantumgnd.com
  474. quantumcmd.com
  475. madisonresearch.com
  476. kratosuss.com
  477. kratosusd.com
  478. kratostts.com
  479. kratostraining.com
  480. kratossecureinfo.com
  481. kratossatcom.com
  482. kratospss.com
  483. kratosmsd.com
  484. kratosmed.com
  485. kratosepd.com
  486. kratosdrss.com
  487. kratosdefense.com
  488. kratoscybersecurity.com
  489. kratoscoms.com
  490. kratoscomms.com
  491. kratoscomm.com
  492. kratoscom.com
  493. kratos-isi.com
  494. kratos-hbe.com
  495. kratos-comms.com
  496. integ.com
  497. hgmi.biz
  498. herley.com
  499. herley-cti.com hbe-inc.com
  500. gichnersystemsgroup.com generalmicrowave.com digitalfusionsolutons.com digitalfusionsolutions.com
  501. dhscdm.com
  502. deicorp.net
  503. compositeeng.com
  504. cmci.com
  505. charlestonmarinecontainers.com
  506. cei.to buy-cmci.com
  507.  bscpartnersllc.com avtec.com
  508. ====================================
  509. Now As you can see Kratos practically OWNS the damn server i mean hell how much fucking shit do you need dude.ill release a shorter list of links that actuallu work. But ANYFUCKINGWAY I did a SSL scan on http://kd.staging.kratosnetworks.com and found these vulnerable ill link the full test below [2] but the 2 below were either Weak or Vulnerable.
  510. ====================================
  511. POODLE (SSLv3) : Vulnerable  
  512. INSECURE
  513. SSL 3: 0xa
  514.  
  515. RC4 : Yes  
  516. INSECURE (more info)
  517.  
  518. Forward Secrecy : Weak key exchange   WEAK
  519.  
  520. Uses common DH primes :Yes  
  521. Replace with custom DH parameters if possible
  522.  
  523. DH public server param (Ys) reuse : Yes
  524.  
  525. ECDH public server param reuse : Yes
  526.  
  527. HTTP Forwarding : http://kd.staging.kratoscomms.com   PLAINTEXT
  528.  
  529. =================
  530. Cipher Suites
  531. ================= •FS128TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)  
  532. DH 1024 bits
  533. FS  
  534. WEAK
  535.  
  536. •256TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)  
  537. DH 1024 bits  
  538. FS  
  539. WEAK
  540.  •(0x2f)128TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)  
  541. WEAK
  542.  
  543. •112TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE
  544.  
  545. •128TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE128
  546.  
  547.  
  548. # SSL 3 (suites in server-preferred order)
  549.  
  550. •TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK
  551.  
  552. •112TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE
  553.  
  554. •128TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE128
  555.  
  556.  
  557. # SSL 2 (client selects suite)
  558.  
  559. •SSL_CK_RC4_128_WITH_MD5 (0x10080)   INSECURE
  560.  
  561. •128SSL_CK_DES_192_EDE3_CBC_WITH_MD5 (0x700c0)  
  562. INSECURE
  563. 112
  564. tcpwn:
  565. ====================================
  566. Heres the weak or vulnerable Handshake Simulation Browsers
  567. ====================================
  568. •Android 2.3.7
  569. •IE 6/XP
  570. •IE 8/XP
  571. •Java6u45
  572. •Apple ATS 9/ iOS 9
  573. ==================================== ====================================
  574. END CREDITS....
  575.  ==================================== ==================================== ====================================
  576. Thanks for reading all this BS
  577.  
  578. Links :
  579. [1]https://www.google.com/search?q=site:www.kratosdefense.com+ext:xml+|+ext:conf+|+ext:cnf+|+ext:reg+|+ext:inf+|+ext:rdp+|+ext:cfg+|+ext:txt+|+ext:ora+|+ext:ini
  580.  
  581. [2] https://www.ssllabs.com/ssltest/analyze.html?d=kd.staging.kratosnetworks.com
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!