Author Topic: DROWn vulnerable website (Read 1846 times)

polonus · « **on:** March 10, 2016, 07:29:51 PM »

No malware: https://www.virustotal.com/nl/url/fdec0556cb922d3608070caf1e07e468b8c1d84517618a7e2cdf1bdd3f9d0c62/analysis/1457633353/
Unable to properly scan your site. HTTP Errors Returned.
Scanner output:
Scanning http://sandbag.uk.com ...
{"date":"2016-03-10T18:10:58.512Z","timeout":"http://sandbag.uk.com/"}
Status: fail
Load time: 61671ms error
http://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fsandbag.uk.com
Re: https://www.eff.org/https-everywhere/atlas/domains/sandbag.uk.com.html

DROWn attack vulnerable: https://test.drownattack.com/?site=sandbag.uk.com
http://toolbar.netcraft.com/site_report?url=http://vm51.virtek.com

pol

polonus · « **Reply #1 on:** March 10, 2016, 11:02:44 PM »

Seems IP has been blacklisted for spamming, see: http://www.ip-finder.me/193.105.104.51/
Re: -http://www.ip-finder.me/193.105.104.51/#collapseOne (do not open has names of spammer links!).
Hackers, Spyware, Botnets etc. listed: http://www.tcpiputils.com/browse/ip-address/193.105.104.51
Comical observation - hackers that are vulnerable to the DROWn attack.
The real world is weirder than your weirdest imagination, folks.

polonus

polonus · « **Reply #2 on:** March 10, 2016, 11:25:22 PM »

Another one that is also vulnerable to eavesdropping: https://test.drownattack.com/?site=+idmanagedsolutions.com
Where we found this one up: https://www.eff.org/https-everywhere/atlas/domains/idmanagedsolutions.com.html
See: http://toolbar.netcraft.com/site_report?url=https://idmanagedsolutions.com
Re: https://certificatedetails.com/96de61f1bd1c1629531cc0cc7d3b830040e61a7c/1121afcc27363e8fb61029157d4daa28493f/www.moa.idmanagedsolutions.com
and https://certificatedetails.com/96de61f1bd1c1629531cc0cc7d3b830040e61a7c/1121afcc27363e8fb61029157d4daa28493f/www.moa.idmanagedsolutions.com?

polonus

polonus · « **Reply #3 on:** March 10, 2016, 11:45:06 PM »

Just another one that bites the dust: https://test.drownattack.com/?site=ipo.gov.uk
IP Address Port Export Special Status
212.100.1.70 443 Yes Yes DROWn Vulnerable (same hostname with SSL v2)
https://www.eff.org/https-everywhere/atlas/domains/ipo.gov.uk.html
http://toolbar.netcraft.com/site_report?url=https://www.gov.uk
This website is insecure.
100% of the trackers on this site could be protecting you from NSA snooping. Tell ipo.gov.uk to fix it.

All trackers
At least 2 third parties know you are on this webpage.

-assets.digital.cabinet--office.gov.uk
-shaaaaaaaaaaaaa.com -shaaaaaaaaaaaaa.com (not vulnerable SHA2)

polonus (volunteer website security analyst and website error-hunter)

P.S. -assets.digital.cabinet-office.gov.uk on there does not seem vulnerable.

polonus · « **Reply #4 on:** March 11, 2016, 12:05:14 AM »

Aargh mozilla dot org is vulnerable: - https://test.drownattack.com/?site=mozilla.org
Re: https://www.eff.org/https-everywhere/atlas/domains/mozilla.org.html
Moreover it is SSL3 insecure.
Another SSL test gives it as not DROWn insecure, but vulnerable to POODLE.
OpenSSL CCS vuln. (CVE-2014-0224) Probably, but not exploitable
Weak key exchange detected.
100% of the trackers on this site could be protecting you from NSA snooping. Tell mozilla.org to fix it.
But cannot get anything else as the Apache test page. Apache HTTP Server Test Page powered by CentOS.
And a series of 404 Not Found

polonus

Author Topic: DROWn vulnerable website (Read 1846 times)

polonus

DROWn vulnerable website

polonus

Re: DROWn vulnerable website

polonus

Re: DROWn vulnerable website

polonus

Re: DROWn vulnerable website

polonus

Re: DROWn vulnerable website