1
Server.War2.ru / archerrrrr
« on: July 17, 2015, 01:06:29 AM »
Your actions will not be accepted in this community.
It's very difficult to be great. Losers prove this point continuously.
It's very difficult to be great. Losers prove this point continuously.
Spoiler
| mail.war2.co - 192.185.168.31
| war2.co - 104.18.32.80
| server.war2.co - 50.141.155.219 "USA-Archer" PVPGN Hosted from his house in Valparaiso, Indiana
| ftp.war2.co - 192.185.168.31
| war2bne.com - found his 2nd failed server.....
DOS here LOL 50.141.155.219/xmlrpc.php
Website is vulnerable!
+ Target IP: 50.141.155.219
+ Target Hostname: c-50-141-155-219.hsd1.in.comcast.net
+ Target Port: 80
+ Start Time: 2015-07-17 03:38:30 (GMT0)
---------------------------------------------------------------------------
+ Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16
+ Retrieved x-powered-by header: PHP/5.4.16
+ The anti-clickjacking X-Frame-Options header is not present.
+ Server leaks inodes via ETags, header found with file /favicon.ico, fields: 0x47e 0x5185fb4924d80
+ PHP/5.4.16 appears to be outdated (current is at least 5.4.26)
+ Apache/2.4.6 appears to be outdated (current is at least Apache/2.4.7). Apache 2.0.65 (final release) and 2.2.26 are also current.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ /config.php: PHP Config file may contain database IDs and passwords.
+ OSVDB-3268: /config/: Directory indexing found.
+ /config/: Configuration information may be available remotely.
+ OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ /error_log: PHP include error may indicate local or remote file inclusion is possible.
+ OSVDB-3268: /img/: Directory indexing found.
+ OSVDB-3092: /img/: This might be interesting...
+ OSVDB-3268: /tools/: Directory indexing found.
+ OSVDB-3092: /tools/: This might be interesting...
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3268: /style/: Directory indexing found.
+ OSVDB-6694: /.DS_Store: Apache on Mac OSX will serve the .DS_Store file, which contains sensitive information. Configure Apache to ignore this file or upgrade to a newer version.
+ Cookie PHPSESSID created without the httponly flag
+ OSVDB-3092: /xmlrpc.php: xmlrpc.php was found.
+ OSVDB-3233: /icons/README: Apache default file found.
50.141.155.219/error_log
Step up you're game bro. I haven't tried yet!
| war2.co - 104.18.32.80
| server.war2.co - 50.141.155.219 "USA-Archer" PVPGN Hosted from his house in Valparaiso, Indiana
| ftp.war2.co - 192.185.168.31
| war2bne.com - found his 2nd failed server.....
DOS here LOL 50.141.155.219/xmlrpc.php
Website is vulnerable!
+ Target IP: 50.141.155.219
+ Target Hostname: c-50-141-155-219.hsd1.in.comcast.net
+ Target Port: 80
+ Start Time: 2015-07-17 03:38:30 (GMT0)
---------------------------------------------------------------------------
+ Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16
+ Retrieved x-powered-by header: PHP/5.4.16
+ The anti-clickjacking X-Frame-Options header is not present.
+ Server leaks inodes via ETags, header found with file /favicon.ico, fields: 0x47e 0x5185fb4924d80
+ PHP/5.4.16 appears to be outdated (current is at least 5.4.26)
+ Apache/2.4.6 appears to be outdated (current is at least Apache/2.4.7). Apache 2.0.65 (final release) and 2.2.26 are also current.
+ Web Server returns a valid response with junk HTTP methods, this may cause false positives.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ /config.php: PHP Config file may contain database IDs and passwords.
+ OSVDB-3268: /config/: Directory indexing found.
+ /config/: Configuration information may be available remotely.
+ OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ /error_log: PHP include error may indicate local or remote file inclusion is possible.
+ OSVDB-3268: /img/: Directory indexing found.
+ OSVDB-3092: /img/: This might be interesting...
+ OSVDB-3268: /tools/: Directory indexing found.
+ OSVDB-3092: /tools/: This might be interesting...
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3268: /style/: Directory indexing found.
+ OSVDB-6694: /.DS_Store: Apache on Mac OSX will serve the .DS_Store file, which contains sensitive information. Configure Apache to ignore this file or upgrade to a newer version.
+ Cookie PHPSESSID created without the httponly flag
+ OSVDB-3092: /xmlrpc.php: xmlrpc.php was found.
+ OSVDB-3233: /icons/README: Apache default file found.
50.141.155.219/error_log
Step up you're game bro. I haven't tried yet!