turkhackteam.org

1. turkhackteam
2. turkhackteam.ga
3. http://turkhackteam.org [S] Scan Type : Subdomain Scanner [i] Total Subdomains Found : 7
4.  
5. [+] Subdomain: fr-node.turkhackteam.org
6. [-] IP: 178.32.63.47
7.  
8. [+] Subdomain: dergi.turkhackteam.org [-] IP: 178.32.63.47
9.  
10. [+] Subdomain: egitim.turkhackteam.org
11. [-] IP: 94.177.213.85
12.  
13. [+] Subdomain: be-loadbalancer.turkhackteam.org
14. [-] IP: 79.137.8.254
15.  
16. [+] Subdomain: uk-loadbalancer.turkhackteam.org
17. [-] IP: 92.222.231.175
18.  
19. [+] Subdomain: fr-loadbalancer.turkhackteam.org
20. [-] IP: 137.74.85.93
21.  
22. [+] Subdomain: www.turkhackteam.org
23. [-] IP: 92.222.231.175
24.  
25. http://maintenance.nic.tr
26. [S] Scan Type : BASIC SCAN
27. [iNFO] Site Title: |||| nic.tr ||||
28. [iNFO] IP address: 144.122.219.8
29. [iNFO] Web Server: Apache/2.4.25 (Debian)
30. [iNFO] CMS: Could Not Detect
31. [iNFO] Cloudflare: Not Detected
32. [iNFO] Robots File: Could NOT Find robots.txt!
33. 144.122.219.8
34. "vary": "Accept-Encoding",
35. "server": "Apache/2.4.25 (Debian)",
36. "last_modified": "Mon, 24 Sep 2012 11:23:57 GMT",
37. "content_type": "text/html",
38. "accept_ranges": "bytes"
39. },
40. "body_sha256": "04aa5aa34444bc72c589103e60a5e0dc137f1db37e43061b154576cace1f390d",
41. "metadata": {
42. "product": "httpd",
43. "version": "2.4.25",
44. "description": "Apache httpd 2.4.25",
45. "manufacturer": "Apache"
46. }
47. }
48. }
49. },
50. "ports": [
51. 80,
52. 8008
53. ],
54. "protocols": [
55. "80/http",
56. "8008/banner"
57. ],
58. "metadata": {
59. "os": "Debian",
60. "os_description": "Debian"
61.  
62. 144.122.219.8:80
63. Working Exploits
64.  
65. Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
66.  
67. DescriptionIn Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
68.  
69.  
70. In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).
71.  
72. Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.
73.  
74. Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory’ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
75.  
76. #DumbLittleBitches