AnonymousSriLanka

Channel4.COM - JOBS/WEB APPLICATION FIREWALL SERVER - Leaked

Mar 16th, 2012
333
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Channel4.COM - JOBS/WEB APPLICATION FIREWALL SERVER - Leaked..!!
  2. (ATTACK NON-INTRUSIVE) - WAF INFO/SSL-TLS/GOOGLE AND RESTRICTED INFO
  3.  
  4. PROJECT DEDICATION: PROJECT SARADIYEL (http://en.wikipedia.org/wiki/Uthuwankande_Soora_Saradiyel)
  5.  
  6. EXCLUSIVE FROM - Anonymous Sri Lanka
  7.  
  8. WWW.CHANNEL4.COM -----> Servers Fuck3D and Bust3D
  9.  
  10. Primary Server Data Leak with Transferring (Data Leak)....!!
  11.  
  12. Hail to Anonymous, Lulzsec and Operation Anti-Sec...
  13.  
  14.  
  15. THIS ATTACK AGAINST THE DIRTIEST THINGS AGAINST THE SRI LANKA BY CHANNEL-4 .........!!!!!
  16.  
  17.  
  18. SERVER: jobs.channel4.com (89.234.58.1)
  19.  
  20. 80/tcp open http syn-ack
  21. |
  22. |_http-title: Channel 4 : Current Vacancies - Current vacancies
  23. |_http-methods: No Allow or Public header in OPTIONS response (status code 404)
  24. | http-waf-detect: IDS/IPS/WAF detected:
  25. |_89.234.58.1:80/?p4yl04d3=<script>alert(document.cookie)</script>
  26. | http-headers:
  27. | Content-Type: text/html; charset=utf-8
  28. | Content-Length: 18654
  29. | Date: Fri, 16 Mar 2012 13:13:04 GMT
  30. | X-Powered-By: ASP.NET
  31. | Cache-Control: private
  32. |
  33. |_ (Request type: HEAD)
  34. |
  35. | http-affiliate-id:
  36. |_ Google Analytics ID: UA-3576948-15
  37. |
  38. | http-php-version: Logo query returned unknown hash 1e433f48854ee3ca587b7254c799d52f
  39. |_Credits query returned unknown hash 1e433f48854ee3ca587b7254c799d52f
  40. |
  41. | http-enum:
  42. | /robots.txt: Robots file
  43. |_ /Pages/Default.aspx: MS Sharepoint
  44.  
  45. 443/tcp open https syn-ack
  46. |
  47. | ssl-cert: Subject:
  48.  
  49. commonName=jobs.channel4.com/organizationName=jobs.channel4.com/countryName=GB/serialNumber=IfMGSkA28HJoRNYsKTX1zyYk80ekVsNr/organizational
  50.  
  51. UnitName=Domain Control Validated - RapidSSL(R)
  52. | Issuer: commonName=RapidSSL CA/organizationName=GeoTrust, Inc./countryName=US
  53. | Public Key type: rsa
  54. | Public Key bits: 1024
  55. | Not valid before: 2011-12-28 22:43:47
  56. | Not valid after: 2013-01-30 02:10:53
  57. | MD5: fac6 a8a5 ac1c 1a18 245d cc1f 8d94 29c5
  58. | SHA-1: ca62 14fd da90 68d1 4d85 6571 3b7a 8831 5338 3cea
  59. | -----BEGIN CERTIFICATE-----
  60. | MIIEUDCCAzigAwIBAgIDBI+HMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
  61. | MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
  62. | HhcNMTExMjI4MjI0MzQ3WhcNMTMwMTMwMDIxMDUzWjCB6TEpMCcGA1UEBRMgSWZN
  63. | R1NrQTI4SEpvUk5Zc0tUWDF6eVlrODBla1ZzTnIxCzAJBgNVBAYTAkdCMRowGAYD
  64. | VQQKExFqb2JzLmNoYW5uZWw0LmNvbTETMBEGA1UECxMKR1QyMDQ3MjAwODExMC8G
  65. | A1UECxMoU2VlIHd3dy5yYXBpZHNzbC5jb20vcmVzb3VyY2VzL2NwcyAoYykxMTEv
  66. | MC0GA1UECxMmRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkIC0gUmFwaWRTU0woUikx
  67. | GjAYBgNVBAMTEWpvYnMuY2hhbm5lbDQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
  68. | ADCBiQKBgQCv8gep1P8udICZVVPa/XWj1iuuUEyZPcgTkIkeRaxnrmAdSXtT9CEL
  69. | Djhco859SEzhU166KA290fmhRFZVJmKlzrQHFfzXzghx+/ZRC4hSdSe3Gt+dO3bt
  70. | 5eHPcMv6trFSSv6A08sYVPjJhPa21rDROZUbvfhfTONEvAFgnmddlQIDAQABo4IB
  71. | LzCCASswHwYDVR0jBBgwFoAUa2k9ahhCSt2PAmU5/TUkhniRFjAwDgYDVR0PAQH/
  72. | BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAcBgNVHREEFTAT
  73. | ghFqb2JzLmNoYW5uZWw0LmNvbTBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vcmFw
  74. | aWRzc2wtY3JsLmdlb3RydXN0LmNvbS9jcmxzL3JhcGlkc3NsLmNybDAdBgNVHQ4E
  75. | FgQUsOujljuC33BYvs/Bxa84UzpNjYowDAYDVR0TAQH/BAIwADBJBggrBgEFBQcB
  76. | AQQ9MDswOQYIKwYBBQUHMAKGLWh0dHA6Ly9yYXBpZHNzbC1haWEuZ2VvdHJ1c3Qu
  77. | Y29tL3JhcGlkc3NsLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAQzbr54qDiLaXJl3n
  78. | m70yNI2CDZEZJ154BUXWKPvcFtirKN2hjGvbGbJ2ix08UUAqIHA7AVVb4tZAQDtd
  79. | pHmVXlTSf3SB6k0UnQYJ/rIFsx+ov1uBuGG/sbIgrgygE9VEgF1ARIAn/YueT75C
  80. | iH2P+Dp+iZwE+oS0zPp0spjhI7PxLAVfqD6i4NOO0KgzcEscGFIqJ8rpWzQI6vfH
  81. | nvq5C6LlbI81BX53r6ZQIDIFl1FeUcb0phYdzMlT05DX//+dh/bz7cVMbzjdaLbW
  82. | b0ds2VnJZn0AODsx02D6olGkUCk0orzX+w6LepB6DJFUe2uUhgnyESbvYYcpn9wd
  83. | PhY4Pg==
  84. |_-----END CERTIFICATE-----
  85. |
  86. |_/
  87. | http-php-version: Logo query returned unknown hash 3864edfa2124069a3c041227ec03efb9
  88. |_Credits query returned unknown hash dee0feda8b227569785b8302208e646a
  89. |
  90. | http-title: Object moved
  91. |_Did not follow redirect to http://89.234.58.1/Default.aspx
  92. |
  93. | http-waf-detect: IDS/IPS/WAF detected:
  94. |_89.234.58.1:443/?p4yl04d3=<script>alert(document.cookie)</script>
  95. | http-headers:
  96. | Cache-Control: private
  97. | Content-Length: 148
  98. | Content-Type: text/html; charset=utf-8
  99. | Location: http://89.234.58.1/Default.aspx
  100. | X-Powered-By: ASP.NET
  101. | Date: Fri, 16 Mar 2012 13:13:28 GMT
  102. | Connection: close
  103. |
  104. |_ (Request type: GET)
  105. |
  106. | ssl-enum-ciphers:
  107. | SSLv3
  108. | Ciphers (3)
  109. | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
  110. | TLS_RSA_WITH_RC4_128_MD5 - unknown strength
  111. | TLS_RSA_WITH_RC4_128_SHA - strong
  112. | Compressors (1)
  113. | NULL
  114. | TLSv1.0
  115. | Ciphers (3)
  116. | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
  117. | TLS_RSA_WITH_RC4_128_MD5 - unknown strength
  118. | TLS_RSA_WITH_RC4_128_SHA - strong
  119. | Compressors (1)
  120. | NULL
  121. |_ Least strength = unknown strength
  122. | http-enum:
  123. | /admin/: Possible admin folder
  124. | /admin/login.aspx: Possible admin folder
  125. | /Admin/: Possible admin folder
  126. |_ /robots.txt: Robots file
  127.  
  128. Host script results:
  129. |
  130. |_path-mtu: PMTU == 1500
  131. | asn-query:
  132. | BGP: 89.234.0.0/18 | Country: GB
  133. | Origin AS: 15395 - UK Rackspace
  134. |_ Peer AS: 174 3257 3356 6461 6939 8928
  135. | whois: Record found at whois.ripe.net
  136. | inetnum: 89.234.0.0 - 89.234.63.255
  137. | netname: UK-RACKSPACE-20060517
  138. | descr: Rackspace.com
  139. | country: GB
  140. | orgname: Rackspace.com
  141. | organisation: ORG-RA33-RIPE
  142. | email: hostmaster@rackspace.com
  143. | role: Rackspace Managed Hosting Contact Role
  144. | email: hostmaster@rackspace.com
  145. | person: Dennis Boline
  146. |_email: db-ripe@rackspace.com
  147. | ip-geolocation-geobytes:
  148. | 89.234.58.1
  149. | coordinates (lat,lon): 41.865,-87.6718
  150. |_ city: Chicago, Illinois, United States
  151. |_ipidseq: Random Positive Increments [used port 80]
  152. | qscan:
  153. | PORT FAMILY MEAN (us) STDDEV LOSS (%)
  154. | 80 0 409138.10 67959.95 0.0%
  155. |_443 0 405567.20 35504.22 0.0%
RAW Paste Data