AnonymousSriLanka

UNITED NATIONS (UN) - Primary Check Point FireWall-1 Leaked

Feb 29th, 2012
4,026
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. UNITED NATIONS (UN) - Primary Check Point FireWall-1 Software Server Data Leaked
  2. (ROBOTS/ADMIN FOLDERS/SSL-TLS KEYS etc...)
  3.  
  4. The United Nations (UN) is an international organization whose stated aims are facilitating cooperation in international law, international security, economic development, social progress, human rights, and achievement of world peace. The UN was founded in 1945 after World War II to replace the League of Nations, to stop wars between countries, and to provide a platform for dialogue. It contains multiple subsidiary organizations to carry out its missions.
  5.  
  6. http://www.un.org
  7.  
  8. THIS ATTACK AGAINST THE DIRTIEST THINGS AGAINST THE SRI LANKA BY UN .........!!!!!
  9.  
  10. EXCLUSIVE FROM - Anonymous Sri Lanka
  11.  
  12. WWW.UN.ORG -----> Fuck3D and Bust3D
  13.  
  14. Primary 157.150.185.49 Server Hacked and
  15. with Transferring (Data Leak)....!!
  16.  
  17. Hail to Anonymous, Lulzsec and Operation Anti-Sec...
  18.  
  19. 21/tcp open ftp syn-ack Check Point Firewall-1 ftpd
  20. | banner: 220 Check Point FireWall-1 Secure FTP server running on secper0
  21. |_1
  22. | ftp-anon: Anonymous FTP login allowed (FTP code 200)
  23. | Can't get directory listing: Can't parse PASV response: "Access denied - wrong user name or password \
  24. |_aborted"
  25. | ftp-brute:
  26. |_ ERROR: Login didn't return a proper response
  27. 22/tcp closed ssh reset
  28. 23/tcp filtered telnet no-response
  29. 25/tcp closed smtp reset
  30. 80/tcp open http-proxy syn-ack Citrix Application Firewall
  31. | http-grep:
  32. |_ ERROR: Argument http-grep.match was not set
  33. |_citrix-brute-xml: FAILED: No domain specified (use ntdomain argument)
  34. |_unusual-port: http-proxy unexpected on port tcp/80
  35. |_http-google-malware: [ERROR] No API key found. Update the variable APIKEY in http-google-malware or set it in the argument http-google-malware.api
  36. | http-brute:
  37. |_ ERROR: No path was specified (see http-brute.path)
  38. |_http-apache-negotiation: mod_negotiation enabled.
  39. |_http-wordpress-enum: [Error] Wordpress installation was not found. We couldn't find wp-login.php
  40. |_http-iis-webdav-vuln: ERROR: This web server is not supported.
  41. |_http-malware-host: Host appears to be clean
  42. | http-headers:
  43. | Content-Type: text/html
  44. | Content-Length: -1
  45. | Date: Wed, 29 Feb 2012 10:08:21 GMT
  46. | Server: Apache/Not telling (Unix) AuthTDS/1.1
  47. |
  48. |_ (Request type: HEAD)
  49. |_http-date: Wed, 29 Feb 2012 10:08:26 GMT; +19s from local time.
  50. | http-affiliate-id:
  51. |_ Google Analytics ID: UA-4803886-1
  52. | http-form-brute:
  53. |_ ERROR: No passvar was specified (see http-form-brute.passvar)
  54. |_http-favicon: Unknown favicon MD5: 7ECBB71944F5F183EEB12F80D55D861D
  55. | http-php-version: Logo query returned unknown hash 4e6c537e157efab6c6f2a1ef0bd2f41e
  56. |_Credits query returned unknown hash 4e6c537e157efab6c6f2a1ef0bd2f41e
  57. | http-robots.txt: 10 disallowed entries
  58. | /womenwatch/daw/conf/seforms/l123/d123
  59. | /wcm/administration/ /wcm/administrator/ /wcm/ajaxaction/
  60. |_/russian/news/mobile/ /common/ /temp/ /temp1/ /temp2/ /test/
  61. | http-methods: GET HEAD OPTIONS TRACE
  62. | Potentially risky methods: TRACE
  63. |_http-userdir-enum: Didn't find any users!
  64. | http-domino-enum-passwords:
  65. |_ ERROR: No valid credentials were found (see domino-enum-passwords.username and domino-enum-passwords.password)
  66. 110/tcp closed pop3 reset
  67. 139/tcp filtered netbios-ssn no-response
  68. 443/tcp open ssl/http-proxy syn-ack Citrix Application Firewall
  69. |_citrix-brute-xml: FAILED: No domain specified (use ntdomain argument)
  70. |_unusual-port: http-proxy unexpected on port tcp/443
  71. |_http-google-malware: [ERROR] No API key found. Update the variable APIKEY in http-google-malware or set it in the argument http-google-malware.api
  72. | http-brute:
  73. |_ ERROR: No path was specified (see http-brute.path)
  74. | http-grep:
  75. |_ ERROR: Argument http-grep.match was not set
  76. | http-affiliate-id:
  77. |_ Google Analytics ID: UA-4803886-1
  78. | ssl-cert: Subject: commonName=*.un.org/organizationName=United Nations/stateOrProvinceName=New York/countryName=US/streetAddress=24-01 44th Road, 9th Floor/localityName=Long Island City/postalCode=11101-4605/organizationalUnitName=Comodo PremiumSSL Wildcard
  79. | Issuer: commonName=UTN-USERFirst-Hardware/organizationName=The USERTRUST Network/stateOrProvinceName=UT/countryName=US/localityName=Salt Lake City/organizationalUnitName=http://www.usertrust.com
  80. | Public Key type: rsa
  81. | Public Key bits: 2048
  82. | Not valid before: 2011-02-02 00:00:00
  83. | Not valid after: 2013-04-13 23:59:59
  84. | MD5: 7920 a56a 7a80 873f 2303 98fd 5711 4c72
  85. | SHA-1: 3829 64d1 30e8 d182 52e7 65b8 5c41 5de1 0470 a249
  86. | -----BEGIN CERTIFICATE-----
  87. | MIIGBzCCBO+gAwIBAgIQGSM5lIzygwVgvQZH7nphlDANBgkqhkiG9w0BAQUFADCB
  88. | lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
  89. | Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
  90. | dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
  91. | SGFyZHdhcmUwHhcNMTEwMjAyMDAwMDAwWhcNMTMwNDEzMjM1OTU5WjCCAQsxCzAJ
  92. | BgNVBAYTAlVTMRMwEQYDVQQREwoxMTEwMS00NjA1MREwDwYDVQQIEwhOZXcgWW9y
  93. | azEZMBcGA1UEBxMQTG9uZyBJc2xhbmQgQ2l0eTEjMCEGA1UECRMaMjQtMDEgNDR0
  94. | aCBSb2FkLCA5dGggRmxvb3IxFzAVBgNVBAoTDlVuaXRlZCBOYXRpb25zMQ0wCwYD
  95. | VQQLEwRPSUNUMTQwMgYDVQQLEytJc3N1ZWQgdGhyb3VnaCBVbml0ZWQgTmF0aW9u
  96. | cyBFLVBLSSBNYW5hZ2VyMSMwIQYDVQQLExpDb21vZG8gUHJlbWl1bVNTTCBXaWxk
  97. | Y2FyZDERMA8GA1UEAxQIKi51bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
  98. | ggEKAoIBAQCs1eE0bZ1LBeAYBybTC5K4D7p7jpOvfMqH8uWU5XUz5mD2t8ZuZ/gk
  99. | AL3Te23ev32e8bKPkSYym9VgLNZ5CQbh+DG4y6lQNY0kaokMRSYGMhQG8mdUEkcg
  100. | u4lvd3V1VZ6HeppcO7ufgn3RbpTSLcgKRlm9UABQmYxZ0nmwW6z9IeGgKPoHn+18
  101. | G8HgFuMx4N0+vAbPvuhrurzb3OfWFsj2qE0R3PHtbZ/4lUCB54SG7LtNfsDeqzhp
  102. | rlHoD6OB25V1/t5Mt4K38PRa1i52G6J+KcuexxslfS3Kv67eNFik6t3lR3MPDSGw
  103. | Vtw1ATyTNW5aHrkq84AbZAKzMi9O7HzxAgMBAAGjggHWMIIB0jAfBgNVHSMEGDAW
  104. | gBShcl8mGyiYQ5VdBzfVhZadS9LDRTAdBgNVHQ4EFgQUHdeek2FzeALWh9EDbE8s
  105. | xfGb4uQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
  106. | KwYBBQUHAwEGCCsGAQUFBwMCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQMEMCsw
  107. | KQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMHsGA1Ud
  108. | HwR0MHIwOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL1VUTi1VU0VSRmly
  109. | c3QtSGFyZHdhcmUuY3JsMDagNKAyhjBodHRwOi8vY3JsLmNvbW9kby5uZXQvVVRO
  110. | LVVTRVJGaXJzdC1IYXJkd2FyZS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUF
  111. | BzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9VVE5BZGRUcnVzdFNlcnZlckNB
  112. | LmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMBsGA1Ud
  113. | EQQUMBKCCCoudW4ub3JnggZ1bi5vcmcwDQYJKoZIhvcNAQEFBQADggEBAG9ajQJE
  114. | fC4XCmsdUD0HQ+5PNO1YtusPQD9I7zOgf6c25TMeu7PCblYH7nZq5NiiglchRX6a
  115. | VowALfIqjXyEWTDlq94y7JKtv/B62GU1dX7lvNoPS80/e1MzZCzkGa1hHZjiQL7r
  116. | kFoSmHeRr8A+fIjJZ85o7x2Y6qZJcjQTtASRAMV4kZEqST+cnRF3Pz8WnGKlFwFn
  117. | aUXH/t/MDgQbpa0+tKIg8dAP3Tb43r4051Rius6zOhS5PYOmo4MsBiKOVXHZnT15
  118. | vHiNtnSrtsKkxE3xGI7d9x5CC/BLnp8edK5cneCK39+MZFmJmvMFxXwiaIDCiWGx
  119. | vhwke7E0HzImDls=
  120. |_-----END CERTIFICATE-----
  121. |_http-date: Wed, 29 Feb 2012 10:08:10 GMT; +2s from local time.
  122. | http-robots.txt: 10 disallowed entries
  123. | /womenwatch/daw/conf/seforms/l123/d123
  124. | /wcm/administration/ /wcm/administrator/ /wcm/ajaxaction/
  125. |_/russian/news/mobile/ /common/ /temp/ /temp1/ /temp2/ /test/
  126. |_http-iis-webdav-vuln: ERROR: This web server is not supported.
  127. |_http-apache-negotiation: mod_negotiation enabled.
  128. |_http-wordpress-enum: [Error] Wordpress installation was not found. We couldn't find wp-login.php
  129. | http-methods: GET HEAD OPTIONS TRACE
  130. | Potentially risky methods: TRACE
  131. | http-trace: TRACE is enabled
  132. | Headers:
  133. | Date: Wed, 29 Feb 2012 10:08:22 GMT
  134. | Server: Apache/Not telling (Unix) AuthTDS/1.1
  135. | Content-Type: message/http
  136. | Keep-Alive: timeout=5, max=67
  137. | Connection: Keep-Alive
  138. |_Transfer-Encoding: chunked
  139. |_http-favicon: Unknown favicon MD5: 7ECBB71944F5F183EEB12F80D55D861D
  140. | http-headers:
  141. | Date: Wed, 29 Feb 2012 10:08:28 GMT
  142. | Server: Apache/Not telling (Unix) AuthTDS/1.1
  143. | Content-Type: text/html
  144. | nnCoection: close
  145. |
  146. |_ (Request type: HEAD)
  147. |_http-malware-host: Host appears to be clean
  148. | http-php-version: Logo query returned unknown hash 4e6c537e157efab6c6f2a1ef0bd2f41e
  149. |_Credits query returned unknown hash 4e6c537e157efab6c6f2a1ef0bd2f41e
  150. | http-form-brute:
  151. |_ ERROR: No passvar was specified (see http-form-brute.passvar)
  152. |_http-userdir-enum: Didn't find any users!
  153. | http-enum:
  154. | /maintenance/: Possible admin folder
  155. | /robots.txt: Robots file
  156. |_ /crossdomain.xml: Adobe Flash crossdomain policy
  157. | ssl-enum-ciphers:
  158. | SSLv3
  159. | Ciphers (3)
  160. | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
  161. | TLS_RSA_WITH_RC4_128_MD5 - unknown strength
  162. | TLS_RSA_WITH_RC4_128_SHA - strong
  163. | Compressors (1)
  164. | NULL
  165. | TLSv1.0
  166. | Ciphers (5)
  167. | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
  168. | TLS_RSA_WITH_AES_128_CBC_SHA - strong
  169. | TLS_RSA_WITH_AES_256_CBC_SHA - unknown strength
  170. | TLS_RSA_WITH_RC4_128_MD5 - unknown strength
  171. | TLS_RSA_WITH_RC4_128_SHA - strong
  172. | Compressors (1)
  173. | NULL
  174. |_ Least strength = unknown strength
  175. | ssl-google-cert-catalog:
  176. |_ No DB entry
  177. | http-domino-enum-passwords:
  178. |_ ERROR: No valid credentials were found (see domino-enum-passwords.username and domino-enum-passwords.password)
  179. 445/tcp filtered microsoft-ds no-response
  180. 3389/tcp filtered ms-term-serv no-response
  181.  
  182. TCP Sequence Prediction: Difficulty=257 (Good luck!)
  183. IP ID Sequence Generation: Incremental
  184. Service Info: Device: firewall
  185.  
  186. Host script results:
  187. | dns-blacklist:
  188. | PROXY
  189. | dnsbl.ahbl.org - FAIL
  190. | socks.dnsbl.sorbs.net - FAIL
  191. | http.dnsbl.sorbs.net - FAIL
  192. | misc.dnsbl.sorbs.net - FAIL
  193. | dnsbl.tornevall.org - FAIL
  194. | SPAM
  195. | dnsbl.ahbl.org - FAIL
  196. | dnsbl.inps.de - FAIL
  197. | bl.nszones.com - FAIL
  198. | l2.apews.org - FAIL
  199. | list.quorum.to - FAIL
  200. | all.spamrats.com - FAIL
  201. | bl.spamcop.net - FAIL
  202. | spam.dnsbl.sorbs.net - FAIL
  203. |_ sbl.spamhaus.org - FAIL
  204. |_dns-brute: Can't guess domain of "157.150.185.49"; use dns-brute.domain script argument.
  205. |_asn-query: No Servers
  206. | dns-zeustracker:
  207. |_ ERROR: DNS Query failed
  208. |_path-mtu: PMTU == 1500
  209. | firewalk:
  210. | HOP HOST PROTOCOL BLOCKED PORTS
  211. |_1 192.168.140.2 tcp 23,139,445,3389
  212. |_ipidseq: Unknown [used port 21]
  213. | ip-geolocation-geobytes:
  214. | 157.150.185.49
  215. | coordinates (lat,lon): 40.7488,-73.9846
  216. |_ city: New York, New York, United States
  217. |_hostmap: Error: found no hostnames but not the marker for "no hostnames found" (pattern error?)
  218. | whois: Record found at whois.arin.net
  219. | netrange: 157.150.0.0 - 157.150.255.255
  220. | netname: UN-NET
  221. | orgname: United Nations
  222. | orgid: UNITED-2
  223. | country: US stateprov: NY
  224. |
  225. | orgtechname: Debargue, Olivier
  226. |_orgtechemail: debargue@un.org
  227. | ip-geolocation-geoplugin:
  228. | 157.150.185.49
  229. | coordinates (lat,lon): 40.752799987793,-73.972503662109
  230. |_ state: New York, United States
  231. | qscan:
  232. | PORT FAMILY MEAN (us) STDDEV LOSS (%)
  233. | 21 0 401651.10 42709.10 0.0%
  234. | 22 1 2156255.30 98053.60 0.0%
  235. | 80 0 390357.60 38856.76 0.0%
  236. |_443 2 366864.30 18420.75 0.0%
  237.  
  238. New targets in the scanned cache: 0, pending ones: 0.
  239. NSE: Script Post-scanning.
  240. NSE: Starting runlevel 1 (of 4) scan.
  241. NSE: Starting 'http-affiliate-id' (thread: 0xb878360).
  242. NSE: Starting 'reverse-index' (thread: 0xb91a108).
  243. Initiating NSE at 05:47
  244. NSE: Finished 'http-affiliate-id' (thread: 0xb878360).
  245. NSE: Finished 'reverse-index' (thread: 0xb91a108).
  246. Completed NSE at 05:47, 0.00s elapsed
  247. NSE: Starting runlevel 2 (of 4) scan.
  248. NSE: Starting runlevel 3 (of 4) scan.
  249. NSE: Starting runlevel 4 (of 4) scan.
  250. Post-scan script results:
  251. | http-affiliate-id: Possible related sites
  252. | Google Analytics ID: UA-4803886-1 used by:
  253. | 157.150.185.49:443/
  254. |_ 157.150.185.49:80/
  255. | reverse-index:
  256. | 21/tcp: 157.150.185.49
  257. | 80/tcp: 157.150.185.49
  258. |_ 443/tcp: 157.150.185.49
RAW Paste Data