Thread: TrentaHost INC. | Longest Serving DDoS Protected VPS on RuneServer | $0.99/Mo

Page 337 of 419 FirstFirst ... 237287327335336337338339347387 ... LastLast
Results 3,361 to 3,370 of 4181
  1. #3361  
    Banned
    Join Date
    Jun 2017
    Posts
    36
    Thanks given
    5
    Thanks received
    17
    Rep Power
    0
    Greetings!

    I've did a basicly scan on trentahost website and I've found some vulnerabilities which is possible to be exploited, and possible gaining the root access, among others seriously threats. I would like to know if you allow me to do a deep scan, and if you want the list of what I already got in that 15 minutes of basicly scan. All I want to do is helping you to make the security of your company better, and in return I would accept a humble and fair contribution.

    @Leao

    As I haven't got any reply from the support or from Freezia after reporting some vulnerabilities on @TrentaHost
    I'll post some of the vulnerabilities I've found on their website so they'll pay attention, I'm not posting the most important vulnerabilities but I'll show a bit of their bad security.

    #XML-RPC
    https://trentahost.com/xmlrpc.php
    This one could be exploited to do remote command/code injection/execution, and more.
    https://www.exploit-db.com/exploits/1078/
    https://www.exploit-db.com/exploits/1083/

    XML-RPC is using for PHP XML parser. It is vulnerable to XML entity expansion attack and other XML Payload attacks. It causes CPU & memory exhaustion and Website’s database to reach maximum no.of.open connections. May be site becoming unavailable or unresponsive state (Denial of service Occurs.).

    There's also way to gain root access by exploiting this vulnerability.
    https://null-byte.wonderhowto.com/ho...l-rpc-0174864/

    Service Info: Host: main.trentahost.com; OS: Red Hat Enterprise Linux 6; CPE: cpe:/o:redhat:enterprise_linux:6

    Code:
    	PORT    STATE    SERVICE      VERSION
    	21/tcp  open     ftp          Pure-FTPd
    	25/tcp  filtered smtp
    	53/tcp  open     domain       ISC BIND 9.8.2rc1
    	80/tcp  open     http         LiteSpeed httpd
    	110/tcp open     pop3         Dovecot pop3d
    	135/tcp filtered msrpc
    	139/tcp filtered netbios-ssn
    	143/tcp open     imap         Dovecot imapd
    	443/tcp open     ssl/http     LiteSpeed httpd
    	445/tcp filtered microsoft-ds
    	465/tcp open     ssl/smtp     Exim smtpd 4.89
    	587/tcp open     smtp         Exim smtpd 4.89
    	993/tcp open     ssl/imap     Dovecot imapd
    	995/tcp open     ssl/pop3     Dovecot pop3d
    WordPress version 4.8.2
    [!] Upload directory has directory listing enabled: https://trentahost.com/wp-content/uploads/
    [!] Includes directory has directory listing enabled: https://trentahost.com/wp-includes/

    Code:
    [+] Interesting header: LINK: <https://trentahost.com/wp-json/>; rel="https://api.w.org/"
    [+] Interesting header: LINK: <https://trentahost.com/>; rel=shortlink
    [+] Interesting header: SERVER: LiteSpeed
    [+] Interesting header: SET-COOKIE: wfvt_4132048724=59e3afb77bd76; expires=Sun, 15-Oct-2017 19:27:59 GMT; Max-Age=1800; path=/; secure; httponly
    [+] Interesting header: X-POWERED-BY: PHP/5.6.28
    [+] XML-RPC Interface available under: https://trentahost.com/xmlrpc.php
    [!] Upload directory has directory listing enabled: https://trentahost.com/wp-content/uploads/
    [!] Includes directory has directory listing enabled: https://trentahost.com/wp-includes/
    
    [+] WordPress version 4.8.2 (Released on 2017-09-19) identified from advanced fingerprinting
    [!] 1 vulnerability identified from the version number
    
    [!] Title: WordPress 2.3-4.8.2 - Host Header Injection in Password Reset
        Reference: https://wpvulndb.com/vulnerabilities/8807
        Reference: https://exploitbox.io/vuln/WordPress...2017-8295.html
        Reference: http://blog.dewhurstsecurity.com/201...dvisories.html
        Reference: https://core.trac.wordpress.org/ticket/25239
        Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2017-8295
    
    [+] WordPress theme in use: infographer - v1.5
    
    [+] Name: infographer - v1.5
     |  Location: https://trentahost.com/wp-content/themes/infographer/
     |  Style URL: https://trentahost.com/wp-content/th...pher/style.css
     |  Theme Name: Infographer
     |  Theme URI: http://demo.qodeinteractive.com/infographer/
     |  Description: Infographer Theme
     |  Author: Qode Interactive
     |  Author URI: http://www.qodeinteractive.com/
    
    [+] Enumerating plugins from passive detection ...
     | 7 plugins found:
    
    [+] Name: advanced-iframe - v7.5
     |  Last updated: 2017-10-02T21:34:00.000Z
     |  Location: https://trentahost.com/wp-content/pl...vanced-iframe/
     |  Readme: https://trentahost.com/wp-content/pl...ame/readme.txt
    [!] The version is out of date, the latest version is 7.5.1
    
    [+] Name: css3_web_pricing_tables_grids
     |  Location: https://trentahost.com/wp-content/pl..._tables_grids/
     |  Readme: https://trentahost.com/wp-content/pl...ids/readme.txt
    [!] Directory listing is enabled: https://trentahost.com/wp-content/pl..._tables_grids/
    
    [+] Name: foobar
     |  Location: https://trentahost.com/wp-content/plugins/foobar/
     |  Readme: https://trentahost.com/wp-content/pl...bar/readme.txt
    [!] Directory listing is enabled: https://trentahost.com/wp-content/plugins/foobar/
    
    [+] Name: interactive-world-maps
     |  Location: https://trentahost.com/wp-content/pl...ve-world-maps/
    [!] Directory listing is enabled: https://trentahost.com/wp-content/pl...ve-world-maps/
    
    [+] Name: livicons-shortcodes
     |  Location: https://trentahost.com/wp-content/pl...ns-shortcodes/
    
    [+] Name: logos-showcase
     |  Location: https://trentahost.com/wp-content/pl...ogos-showcase/
    [!] Directory listing is enabled: https://trentahost.com/wp-content/pl...ogos-showcase/
    
    [+] Name: revslider
     |  Location: https://trentahost.com/wp-content/plugins/revslider/
    
    [!] We could not determine a version so all vulnerabilities are printed out
    
    [!] Title: WordPress Slider Revolution Local File Disclosure
        Reference: https://wpvulndb.com/vulnerabilities/7540
        Reference: http://blog.sucuri.net/2014/09/slide...exploited.html
        Reference: http://packetstormsecurity.com/files/129761/
        Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2015-1579
        Reference: https://www.exploit-db.com/exploits/34511/
        Reference: https://www.exploit-db.com/exploits/36039/
    [i] Fixed in: 4.1.5
    
    [!] Title: WordPress Slider Revolution Shell Upload
        Reference: https://wpvulndb.com/vulnerabilities/7954
        Reference: https://whatisgon.wordpress.com/2014...vulnerability/
        Reference: https://www.rapid7.com/db/modules/ex...upload_execute
        Reference: https://www.exploit-db.com/exploits/35385/
    [i] Fixed in: 3.0.96
    WordPress Login.: https://trentahost.com/wp-admin/

    MailMan: http://trentahost.com/mailman/listinfo - exploit: https://www.exploit-db.com/exploits/28570/ (there's lot more stuff could be done with mailman)





    Reply With Quote  
     

  2. #3362  
    Registered Member

    Join Date
    Nov 2013
    Posts
    746
    Thanks given
    187
    Thanks received
    459
    Rep Power
    5000
    Quote Originally Posted by Leao View Post
    Greetings!

    I've did a basicly scan on trentahost website and I've found some vulnerabilities which is possible to be exploited, and possible gaining the root access, among others seriously threats. I would like to know if you allow me to do a deep scan, and if you want the list of what I already got in that 15 minutes of basicly scan. All I want to do is helping you to make the security of your company better, and in return I would accept a humble and fair contribution.

    @Leao

    As I haven't got any reply from the support or from Freezia after reporting some vulnerabilities on @TrentaHost
    I'll post some of the vulnerabilities I've found on their website so they'll pay attention, I'm not posting the most important vulnerabilities but I'll show a bit of their bad security.

    #XML-RPC
    https://trentahost.com/xmlrpc.php
    This one could be exploited to do remote command/code injection/execution, and more.
    https://www.exploit-db.com/exploits/1078/
    https://www.exploit-db.com/exploits/1083/

    XML-RPC is using for PHP XML parser. It is vulnerable to XML entity expansion attack and other XML Payload attacks. It causes CPU & memory exhaustion and Website’s database to reach maximum no.of.open connections. May be site becoming unavailable or unresponsive state (Denial of service Occurs.).

    There's also way to gain root access by exploiting this vulnerability.
    https://null-byte.wonderhowto.com/ho...l-rpc-0174864/

    Service Info: Host: main.trentahost.com; OS: Red Hat Enterprise Linux 6; CPE: cpe:/o:redhat:enterprise_linux:6

    Code:
    	PORT    STATE    SERVICE      VERSION
    	21/tcp  open     ftp          Pure-FTPd
    	25/tcp  filtered smtp
    	53/tcp  open     domain       ISC BIND 9.8.2rc1
    	80/tcp  open     http         LiteSpeed httpd
    	110/tcp open     pop3         Dovecot pop3d
    	135/tcp filtered msrpc
    	139/tcp filtered netbios-ssn
    	143/tcp open     imap         Dovecot imapd
    	443/tcp open     ssl/http     LiteSpeed httpd
    	445/tcp filtered microsoft-ds
    	465/tcp open     ssl/smtp     Exim smtpd 4.89
    	587/tcp open     smtp         Exim smtpd 4.89
    	993/tcp open     ssl/imap     Dovecot imapd
    	995/tcp open     ssl/pop3     Dovecot pop3d
    WordPress version 4.8.2
    [!] Upload directory has directory listing enabled: https://trentahost.com/wp-content/uploads/
    [!] Includes directory has directory listing enabled: https://trentahost.com/wp-includes/

    Code:
    [+] Interesting header: LINK: <https://trentahost.com/wp-json/>; rel="https://api.w.org/"
    [+] Interesting header: LINK: <https://trentahost.com/>; rel=shortlink
    [+] Interesting header: SERVER: LiteSpeed
    [+] Interesting header: SET-COOKIE: wfvt_4132048724=59e3afb77bd76; expires=Sun, 15-Oct-2017 19:27:59 GMT; Max-Age=1800; path=/; secure; httponly
    [+] Interesting header: X-POWERED-BY: PHP/5.6.28
    [+] XML-RPC Interface available under: https://trentahost.com/xmlrpc.php
    [!] Upload directory has directory listing enabled: https://trentahost.com/wp-content/uploads/
    [!] Includes directory has directory listing enabled: https://trentahost.com/wp-includes/
    
    [+] WordPress version 4.8.2 (Released on 2017-09-19) identified from advanced fingerprinting
    [!] 1 vulnerability identified from the version number
    
    [!] Title: WordPress 2.3-4.8.2 - Host Header Injection in Password Reset
        Reference: https://wpvulndb.com/vulnerabilities/8807
        Reference: https://exploitbox.io/vuln/WordPress...2017-8295.html
        Reference: ExploitBox WordPress Security Advisories
        Reference: https://core.trac.wordpress.org/ticket/25239
        Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2017-8295
    
    [+] WordPress theme in use: infographer - v1.5
    
    [+] Name: infographer - v1.5
     |  Location: https://trentahost.com/wp-content/themes/infographer/
     |  Style URL: https://trentahost.com/wp-content/th...pher/style.css
     |  Theme Name: Infographer
     |  Theme URI: Infographer | A premium wordpress theme
     |  Description: Infographer Theme
     |  Author: Qode Interactive
     |  Author URI: Qode Themes | Premium Wordpress Themes
    
    [+] Enumerating plugins from passive detection ...
     | 7 plugins found:
    
    [+] Name: advanced-iframe - v7.5
     |  Last updated: 2017-10-02T21:34:00.000Z
     |  Location: https://trentahost.com/wp-content/pl...vanced-iframe/
     |  Readme: https://trentahost.com/wp-content/pl...ame/readme.txt
    [!] The version is out of date, the latest version is 7.5.1
    
    [+] Name: css3_web_pricing_tables_grids
     |  Location: https://trentahost.com/wp-content/pl..._tables_grids/
     |  Readme: https://trentahost.com/wp-content/pl...ids/readme.txt
    [!] Directory listing is enabled: https://trentahost.com/wp-content/pl..._tables_grids/
    
    [+] Name: foobar
     |  Location: https://trentahost.com/wp-content/plugins/foobar/
     |  Readme: https://trentahost.com/wp-content/pl...bar/readme.txt
    [!] Directory listing is enabled: https://trentahost.com/wp-content/plugins/foobar/
    
    [+] Name: interactive-world-maps
     |  Location: https://trentahost.com/wp-content/pl...ve-world-maps/
    [!] Directory listing is enabled: https://trentahost.com/wp-content/pl...ve-world-maps/
    
    [+] Name: livicons-shortcodes
     |  Location: https://trentahost.com/wp-content/pl...ns-shortcodes/
    
    [+] Name: logos-showcase
     |  Location: https://trentahost.com/wp-content/pl...ogos-showcase/
    [!] Directory listing is enabled: https://trentahost.com/wp-content/pl...ogos-showcase/
    
    [+] Name: revslider
     |  Location: https://trentahost.com/wp-content/plugins/revslider/
    
    [!] We could not determine a version so all vulnerabilities are printed out
    
    [!] Title: WordPress Slider Revolution Local File Disclosure
        Reference: https://wpvulndb.com/vulnerabilities/7540
        Reference: http://blog.sucuri.net/2014/09/slide...exploited.html
        Reference: http://packetstormsecurity.com/files/129761/
        Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2015-1579
        Reference: https://www.exploit-db.com/exploits/34511/
        Reference: https://www.exploit-db.com/exploits/36039/
    [i] Fixed in: 4.1.5
    
    [!] Title: WordPress Slider Revolution Shell Upload
        Reference: https://wpvulndb.com/vulnerabilities/7954
        Reference: https://whatisgon.wordpress.com/2014...vulnerability/
        Reference: https://www.rapid7.com/db/modules/ex...upload_execute
        Reference: https://www.exploit-db.com/exploits/35385/
    [i] Fixed in: 3.0.96
    WordPress Login.: https://trentahost.com/wp-admin/

    MailMan: trentahost.com Mailing Lists - exploit: https://www.exploit-db.com/exploits/28570/ (there's lot more stuff could be done with mailman)
    Tested some stuff.

    Xmlrpc vulns U showed up are old , from 2005 , i doubt that you could do anything with it , gonna test the rest. but Trenta doesn't seem in danger atm xD

    Attached image


    Attached image

    Reply With Quote  
     

  3. #3363  
    Banned
    Join Date
    Jun 2017
    Posts
    36
    Thanks given
    5
    Thanks received
    17
    Rep Power
    0
    Quote Originally Posted by GANG GANG View Post
    Tested some stuff.

    Xmlrpc vulns U showed up are old , from 2005 , i doubt that you could do anything with it , gonna test the rest. but Trenta doesn't seem in danger atm xD
    The exploits listed's old, but if you write a exploit by yourself will be able to get something.
    Most of the exploit guides's posted you must do some changes to make it work to your target, as no target is equal.
    But the best way is ever writing the exploit by yourself, with the information you've get of the target, so you can easily gain the root access.
    Edit: Exploiting a vulnerability's more complex than following step-by-step a exploit thread;
    Reply With Quote  
     

  4. #3364  
    Registered Member

    Join Date
    Nov 2013
    Posts
    746
    Thanks given
    187
    Thanks received
    459
    Rep Power
    5000
    Quote Originally Posted by Leao View Post
    The exploits listed's old, but if you write a exploit by yourself will be able to get something.
    Most of the exploit guides's posted you must do some changes to make it work to your target, as no target is equal.
    But the best way is ever writing the exploit by yourself, with the information you've get of the target, so you can easily gain the root access.
    Edit: Exploiting a vulnerability's more complex than following step-by-step a exploit thread;
    Did you tested the vulns , before posting it , I don't think so

    Attached image


    Attached image

    Reply With Quote  
     

  5. #3365  
    Registered Member XperiaX's Avatar
    Join Date
    Sep 2017
    Posts
    49
    Thanks given
    4
    Thanks received
    12
    Rep Power
    48
    Yeah I had stopped using this service a little ago I wasn't in good range. Still a great server.
    Reply With Quote  
     

  6. #3366  
    Registered Member

    Join Date
    Nov 2013
    Posts
    746
    Thanks given
    187
    Thanks received
    459
    Rep Power
    5000
    Quote Originally Posted by Leao View Post
    I just exploit vulnerabilities when I've permission to do, as I am a white-hat (ethical hacker), not a cracker. And these vulnerabilities I've posted is low-risk comparated to the others I haven't released, my goal is to help the company and not open doors for crackers.
    What's the point of sharing this to the public make no sense , + you're reporting vulns that you did not tested before huh.

    I hope that you did not ctrl+v , Data from scanner , it's 95% falsepositive

    Attached image


    Attached image

    Reply With Quote  
     

  7. #3367  
    Banned
    Join Date
    Jun 2017
    Posts
    36
    Thanks given
    5
    Thanks received
    17
    Rep Power
    0
    Quote Originally Posted by GANG GANG View Post
    What's the point of sharing this to the public make no sense , + you're reporting vulns that you did not tested before huh.

    I hope that you did not ctrl+v , Data from scanner , it's 95% falsepositive
    The only point's show a small piece of the vulnerabilities on the trentahost website, so the support team could pay attention.
    And these vulnerabilities which I have posted isn't even 30% of all I have found, I'm waiting the support team to give me permission so I'll exploit the higher-risk vulnerability I've found, so I'll gain the root access, and show to them how fail is the currently security on trentahost webserver. I'll record the whole action and post it.
    Reply With Quote  
     

  8. #3368  
    Registered Member
    Freezia's Avatar
    Join Date
    Feb 2011
    Posts
    6,013
    Thanks given
    1,147
    Thanks received
    758
    Rep Power
    1311
    Get LIFETIME 25% OFF all VPS's - Use promo code "25OFF" during checkout.

    DDOS Protected Dedicated Server ONLY $45/Mo
    [E3-1230 V2 - 32GB - 500GB SATA - $45/Mo Lifetime DDOS Protected]

    New locations Dallas, TX & Ashburn, VA! OWNED HARDWARE!

    Questions? Add us on Skype: TrentaHost


    Host your RUNESCAPE PRIVATE SERVER on the cheapest and flagship provider on Rune-Server! Now equipped with DDOS Protection!.


    Reply With Quote  
     

  9. #3369  
    Registered Member

    Join Date
    Nov 2013
    Posts
    746
    Thanks given
    187
    Thanks received
    459
    Rep Power
    5000
    Quote Originally Posted by Leao View Post
    The only point's show a small piece of the vulnerabilities on the trentahost website, so the support team could pay attention.
    And these vulnerabilities which I have posted isn't even 30% of all I have found, I'm waiting the support team to give me permission so I'll exploit the higher-risk vulnerability I've found, so I'll gain the root access, and show to them how fail is the currently security on trentahost webserver. I'll record the whole action and post it.
    How can you report vulns, that you did not Tested before. You just copy pasted the content of your Web Scanner.

    Attached image


    Attached image

    Reply With Quote  
     

  10. #3370  
    Registered Member

    Join Date
    Jul 2009
    Posts
    499
    Thanks given
    159
    Thanks received
    143
    Rep Power
    619
    It's honestly surprising that this has lasted as long as it has but you have less then stellar reviews. I don't think that a lot of your reviews which are negative on webhostingtalk is a good indicator, especially when you are "temporarily banned" on there, for reasons that I can't really think of unless the reviews are true to their word.
    Reply With Quote  
     

Page 337 of 419 FirstFirst ... 237287327335336337338339347387 ... LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Replies: 16
    Last Post: 08-06-2016, 09:22 PM
  2. Legit DDOS protected VPS?
    By Jinrake in forum Hosting
    Replies: 47
    Last Post: 10-30-2013, 09:21 AM
  3. Replies: 26
    Last Post: 07-30-2013, 03:46 PM
  4. ddos protected vps
    By Rangin Santa in forum Hosting
    Replies: 4
    Last Post: 04-24-2013, 04:54 PM
  5. Good Ddos protected Vps/Dedi
    By Harambe_ in forum Hosting
    Replies: 9
    Last Post: 12-01-2010, 11:16 PM
Tags for this Thread

View Tag Cloud

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •