Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- turkhackteam
- turkhackteam.ga
- http://turkhackteam.org [S] Scan Type : Subdomain Scanner [i] Total Subdomains Found : 7
- [+] Subdomain: fr-node.turkhackteam.org
- [-] IP: 178.32.63.47
- [+] Subdomain: dergi.turkhackteam.org [-] IP: 178.32.63.47
- [+] Subdomain: egitim.turkhackteam.org
- [-] IP: 94.177.213.85
- [+] Subdomain: be-loadbalancer.turkhackteam.org
- [-] IP: 79.137.8.254
- [+] Subdomain: uk-loadbalancer.turkhackteam.org
- [-] IP: 92.222.231.175
- [+] Subdomain: fr-loadbalancer.turkhackteam.org
- [-] IP: 137.74.85.93
- [+] Subdomain: www.turkhackteam.org
- [-] IP: 92.222.231.175
- http://maintenance.nic.tr
- [S] Scan Type : BASIC SCAN
- [iNFO] Site Title: |||| nic.tr ||||
- [iNFO] IP address: 144.122.219.8
- [iNFO] Web Server: Apache/2.4.25 (Debian)
- [iNFO] CMS: Could Not Detect
- [iNFO] Cloudflare: Not Detected
- [iNFO] Robots File: Could NOT Find robots.txt!
- 144.122.219.8
- "vary": "Accept-Encoding",
- "server": "Apache/2.4.25 (Debian)",
- "last_modified": "Mon, 24 Sep 2012 11:23:57 GMT",
- "content_type": "text/html",
- "accept_ranges": "bytes"
- },
- "body_sha256": "04aa5aa34444bc72c589103e60a5e0dc137f1db37e43061b154576cace1f390d",
- "metadata": {
- "product": "httpd",
- "version": "2.4.25",
- "description": "Apache httpd 2.4.25",
- "manufacturer": "Apache"
- }
- }
- }
- },
- "ports": [
- 80,
- 8008
- ],
- "protocols": [
- "80/http",
- "8008/banner"
- ],
- "metadata": {
- "os": "Debian",
- "os_description": "Debian"
- 144.122.219.8:80
- Working Exploits
- Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
- DescriptionIn Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
- In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).
- Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.
- Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory’ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
- #DumbLittleBitches
Add Comment
Please, Sign In to add comment