· 4 years ago · Mar 18, 2021, 04:38 PM
1UNITED NATIONS (UN) - Primary Citrix Application Firewall Leaked
2(Robots/TLS-SSL Keys/AdminFolders and etc...)
3This Firewall Behind the Checkpoint Firewall..!!!
4GrenXPaRTa Was Here
5
6 http://www.un.org
7
8 THIS ATTACK AGAINST THE BADMINTON ALL ENGLAND UNPAIR
9 EXCLUSIVE FROM - GrenXPaRTa
10
11 WWW.UN.ORG ----->
12
13 Primary 157.150.34.32 Server Hacked and with Transferring (Data Leak)....!!
14
15#OperationEngland
16#AttackGoverment
17#IndonesiaWasHere
18
1921/tcp open ftp syn-ack Check Point Firewall-1 ftpd
20| ftp-anon: Anonymous FTP login allowed (FTP code 200)
21| Can't get directory listing: Can't parse PASV response: "Access denied - wrong user name or password \
22|_aborted"
23| banner: 220 Check Point FireWall-1 Secure FTP server running on secper0
24|_1
25| ftp-brute:
26|_ ERROR: Login didn't return a proper response
2722/tcp closed ssh reset
2823/tcp filtered telnet no-response
2925/tcp closed smtp reset
3080/tcp open http-proxy syn-ack Citrix Application Firewall
31|_unusual-port: http-proxy unexpected on port tcp/80
32|_citrix-brute-xml: FAILED: No domain specified (use ntdomain argument)
33| http-grep:
34|_ ERROR: Argument http-grep.match was not set
35|_http-google-malware: [ERROR] No API key found. Update the variable APIKEY in http-google-malware or set it in the argument http-google-malware.api
36| http-brute:
37|_ ERROR: No path was specified (see http-brute.path)
38| http-affiliate-id:
39|_ Google Analytics ID: UA-4803886-1
40| http-form-brute:
41|_ ERROR: No passvar was specified (see http-form-brute.passvar)
42|_http-wordpress-enum: [Error] Wordpress installation was not found. We couldn't find wp-login.php
43|_http-malware-host: Host appears to be clean
44|_http-apache-negotiation: mod_negotiation enabled.
45| http-methods: GET HEAD OPTIONS TRACE
46| Potentially risky methods: TRACE
47|_See http://nmap.org/nsedoc/scripts/http-methods.html
48| http-php-version: Logo query returned unknown hash 4e6c537e157efab6c6f2a1ef0bd2f41e
49|_Credits query returned unknown hash 4e6c537e157efab6c6f2a1ef0bd2f41e
50| http-robots.txt: 10 disallowed entries
51| /womenwatch/daw/conf/seforms/l123/d123
52| /wcm/administration/ /wcm/administrator/ /wcm/ajaxaction/
53|_/russian/news/mobile/ /common/ /temp/ /temp1/ /temp2/ /test/
54| http-headers:
55| Content-Type: text/html
56| Content-Length: -1
57| Date: Wed, 29 Feb 2012 09:20:24 GMT
58| Server: Apache/Not telling (Unix) AuthTDS/1.1
59|
60|_ (Request type: HEAD)
61|_http-date: Wed, 29 Feb 2012 09:20:34 GMT; +56s from local time.
62|_http-iis-webdav-vuln: ERROR: This web server is not supported.
63|_http-favicon: Unknown favicon MD5: 7ECBB71944F5F183EEB12F80D55D861D
64|_http-userdir-enum: Didn't find any users!
65| http-domino-enum-passwords:
66|_ ERROR: No valid credentials were found (see domino-enum-passwords.username and domino-enum-passwords.password)
67110/tcp closed pop3 reset
68139/tcp filtered netbios-ssn no-response
69443/tcp open ssl/http-proxy syn-ack Citrix Application Firewall
70|_citrix-brute-xml: FAILED: No domain specified (use ntdomain argument)
71| http-grep:
72|_ ERROR: Argument http-grep.match was not set
73| http-brute:
74|_ ERROR: No path was specified (see http-brute.path)
75|_http-google-malware: [ERROR] No API key found. Update the variable APIKEY in http-google-malware or set it in the argument http-google-malware.api
76|_unusual-port: http-proxy unexpected on port tcp/443
77| http-methods: GET HEAD OPTIONS TRACE
78| Potentially risky methods: TRACE
79|_See http://nmap.org/nsedoc/scripts/http-methods.html
80|_http-default-accounts: [ERROR] HTTP request table is empty. This should not happen since we at least made one request.
81| http-form-brute:
82|_ ERROR: No passvar was specified (see http-form-brute.passvar)
83|_http-apache-negotiation: mod_negotiation enabled.
84|_http-malware-host: Host appears to be clean
85| http-headers:
86| Date: Wed, 29 Feb 2012 09:19:55 GMT
87| Server: Apache/Not telling (Unix) AuthTDS/1.1
88| Content-Type: text/html
89| Keep-Alive: timeout=5, max=96
90| Connection: Keep-Alive
91|
92|_ (Request type: HEAD)
93|_http-wordpress-enum: [Error] Wordpress installation was not found. We couldn't find wp-login.php
94| ssl-cert: Subject: commonName=*.un.org/organizationName=United Nations/stateOrProvinceName=New York/countryName=US/streetAddress=24-01 44th Road, 9th Floor/localityName=Long Island City/postalCode=11101-4605/organizationalUnitName=Comodo PremiumSSL Wildcard
95| Issuer: commonName=UTN-USERFirst-Hardware/organizationName=The USERTRUST Network/stateOrProvinceName=UT/countryName=US/localityName=Salt Lake City/organizationalUnitName=http://www.usertrust.com
96| Public Key type: rsa
97| Public Key bits: 2048
98| Not valid before: 2011-02-02 00:00:00
99| Not valid after: 2013-04-13 23:59:59
100| MD5: 7920 a56a 7a80 873f 2303 98fd 5711 4c72
101| SHA-1: 3829 64d1 30e8 d182 52e7 65b8 5c41 5de1 0470 a249
102| -----BEGIN CERTIFICATE-----
103| MIIGBzCCBO+gAwIBAgIQGSM5lIzygwVgvQZH7nphlDANBgkqhkiG9w0BAQUFADCB
104| lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
105| Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
106| dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
107| SGFyZHdhcmUwHhcNMTEwMjAyMDAwMDAwWhcNMTMwNDEzMjM1OTU5WjCCAQsxCzAJ
108| BgNVBAYTAlVTMRMwEQYDVQQREwoxMTEwMS00NjA1MREwDwYDVQQIEwhOZXcgWW9y
109| azEZMBcGA1UEBxMQTG9uZyBJc2xhbmQgQ2l0eTEjMCEGA1UECRMaMjQtMDEgNDR0
110| aCBSb2FkLCA5dGggRmxvb3IxFzAVBgNVBAoTDlVuaXRlZCBOYXRpb25zMQ0wCwYD
111| VQQLEwRPSUNUMTQwMgYDVQQLEytJc3N1ZWQgdGhyb3VnaCBVbml0ZWQgTmF0aW9u
112| cyBFLVBLSSBNYW5hZ2VyMSMwIQYDVQQLExpDb21vZG8gUHJlbWl1bVNTTCBXaWxk
113| Y2FyZDERMA8GA1UEAxQIKi51bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
114| ggEKAoIBAQCs1eE0bZ1LBeAYBybTC5K4D7p7jpOvfMqH8uWU5XUz5mD2t8ZuZ/gk
115| AL3Te23ev32e8bKPkSYym9VgLNZ5CQbh+DG4y6lQNY0kaokMRSYGMhQG8mdUEkcg
116| u4lvd3V1VZ6HeppcO7ufgn3RbpTSLcgKRlm9UABQmYxZ0nmwW6z9IeGgKPoHn+18
117| G8HgFuMx4N0+vAbPvuhrurzb3OfWFsj2qE0R3PHtbZ/4lUCB54SG7LtNfsDeqzhp
118| rlHoD6OB25V1/t5Mt4K38PRa1i52G6J+KcuexxslfS3Kv67eNFik6t3lR3MPDSGw
119| Vtw1ATyTNW5aHrkq84AbZAKzMi9O7HzxAgMBAAGjggHWMIIB0jAfBgNVHSMEGDAW
120| gBShcl8mGyiYQ5VdBzfVhZadS9LDRTAdBgNVHQ4EFgQUHdeek2FzeALWh9EDbE8s
121| xfGb4uQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYI
122| KwYBBQUHAwEGCCsGAQUFBwMCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQMEMCsw
123| KQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMHsGA1Ud
124| HwR0MHIwOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL1VUTi1VU0VSRmly
125| c3QtSGFyZHdhcmUuY3JsMDagNKAyhjBodHRwOi8vY3JsLmNvbW9kby5uZXQvVVRO
126| LVVTRVJGaXJzdC1IYXJkd2FyZS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUF
127| BzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9VVE5BZGRUcnVzdFNlcnZlckNB
128| LmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMBsGA1Ud
129| EQQUMBKCCCoudW4ub3JnggZ1bi5vcmcwDQYJKoZIhvcNAQEFBQADggEBAG9ajQJE
130| fC4XCmsdUD0HQ+5PNO1YtusPQD9I7zOgf6c25TMeu7PCblYH7nZq5NiiglchRX6a
131| VowALfIqjXyEWTDlq94y7JKtv/B62GU1dX7lvNoPS80/e1MzZCzkGa1hHZjiQL7r
132| kFoSmHeRr8A+fIjJZ85o7x2Y6qZJcjQTtASRAMV4kZEqST+cnRF3Pz8WnGKlFwFn
133| aUXH/t/MDgQbpa0+tKIg8dAP3Tb43r4051Rius6zOhS5PYOmo4MsBiKOVXHZnT15
134| vHiNtnSrtsKkxE3xGI7d9x5CC/BLnp8edK5cneCK39+MZFmJmvMFxXwiaIDCiWGx
135| vhwke7E0HzImDls=
136|_-----END CERTIFICATE-----
137|_http-favicon: Unknown favicon MD5: 7ECBB71944F5F183EEB12F80D55D861D
138| http-robots.txt: 10 disallowed entries
139| /womenwatch/daw/conf/seforms/l123/d123
140| /wcm/administration/ /wcm/administrator/ /wcm/ajaxaction/
141|_/russian/news/mobile/ /common/ /temp/ /temp1/ /temp2/ /test/
142|_http-iis-webdav-vuln: ERROR: This web server is not supported.
143| http-trace: TRACE is enabled
144| Headers:
145| Date: Wed, 29 Feb 2012 09:21:01 GMT
146| Server: Apache/Not telling (Unix) AuthTDS/1.1
147| Content-Type: message/http
148| Keep-Alive: timeout=5, max=38
149| Connection: Keep-Alive
150|_Transfer-Encoding: chunked
151| http-affiliate-id:
152|_ Google Analytics ID: UA-4803886-1
153|_http-date: Wed, 29 Feb 2012 09:21:05 GMT; +1m27s from local time.
154|_http-userdir-enum: Didn't find any users!
155| http-php-version: Logo query returned unknown hash 4e6c537e157efab6c6f2a1ef0bd2f41e
156|_Credits query returned unknown hash 4e6c537e157efab6c6f2a1ef0bd2f41e
157| ssl-enum-ciphers:
158| SSLv3
159| Ciphers (3)
160| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
161| TLS_RSA_WITH_RC4_128_MD5 - unknown strength
162| TLS_RSA_WITH_RC4_128_SHA - strong
163| Compressors (1)
164| NULL
165| TLSv1.0
166| Ciphers (5)
167| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
168| TLS_RSA_WITH_AES_128_CBC_SHA - strong
169| TLS_RSA_WITH_AES_256_CBC_SHA - unknown strength
170| TLS_RSA_WITH_RC4_128_MD5 - unknown strength
171| TLS_RSA_WITH_RC4_128_SHA - strong
172| Compressors (1)
173| NULL
174|_ Least strength = unknown strength
175| ssl-google-cert-catalog:
176|_ No DB entry
177| http-domino-enum-passwords:
178|_ ERROR: No valid credentials were found (see domino-enum-passwords.username and domino-enum-passwords.password)
179445/tcp filtered microsoft-ds no-response
1803389/tcp filtered ms-term-serv no-response
181
182Network Distance: 2 hops
183TCP Sequence Prediction: Difficulty=261
184IP ID Sequence Generation: Incremental
185Service Info: Device: firewall
186
187Host script results:
188| dns-blacklist:
189| PROXY
190| dnsbl.ahbl.org - FAIL
191| socks.dnsbl.sorbs.net - FAIL
192| http.dnsbl.sorbs.net - FAIL
193| misc.dnsbl.sorbs.net - FAIL
194| dnsbl.tornevall.org - FAIL
195| SPAM
196| dnsbl.ahbl.org - FAIL
197| dnsbl.inps.de - FAIL
198| bl.nszones.com - FAIL
199| l2.apews.org - FAIL
200| list.quorum.to - FAIL
201| all.spamrats.com - FAIL
202| bl.spamcop.net - FAIL
203| spam.dnsbl.sorbs.net - FAIL
204|_ sbl.spamhaus.org - FAIL
205|_dns-brute: Can't guess domain of "157.150.34.32"; use dns-brute.domain script argument.
206| dns-zeustracker:
207|_ ERROR: DNS Query failed
208|_asn-query: No Servers
209|_path-mtu: PMTU == 1500
210| firewalk:
211| HOP HOST PROTOCOL BLOCKED PORTS
212|_1 127.0.0.1 tcp 23,139,445,3389
213|_whois: See the result for 157.150.185.0.
214|_ipidseq: Unknown [used port 21]
215| ip-geolocation-geoplugin:
216| 157.150.34.32
217| coordinates (lat,lon): 40.752799987793,-73.972503662109
218|_ state: New York, United States
219| ip-geolocation-geobytes:
220| 157.150.34.32
221| coordinates (lat,lon): 40.7488,-73.9846
222|_ city: New York, New York, United States
223|_hostmap: Error: found no hostnames but not the marker for "no hostnames found" (pattern error?)
224| qscan:
225| PORT FAMILY MEAN (us) STDDEV LOSS (%)
226| 21 0 370251.10 16504.59 0.0%
227| 22 1 2194909.70 76813.97 0.0%
228| 80 0 391551.70 74399.35 0.0%
229|_443 0 397059.20 90980.39 0.0%
230
231New targets in the scanned cache: 0, pending ones: 0.
232Post-scan script results:
233| http-affiliate-id: Possible related sites
234| Google Analytics ID: UA-4803886-1 used by:
235| 157.150.34.32:80/
236| 157.150.34.32:443/
237| 157.150.185.49:443/
238|_ 157.150.185.49:80/
239| reverse-index:
240| 21/tcp: 157.150.185.49, 157.150.34.32
241| 80/tcp: 157.150.185.49, 157.150.34.32
242|_ 443/tcp: 157.150.185.49, 157.150.34.32