Domain: coworkforce.com
Stories and comments across the archive that link to coworkforce.com.
Comments · 13
-
Server Headers
% wget -S -O
/dev/null http://www.coworkforce.com/
--10:24:49-- http://www.coworkforce.com/
Resolving www.coworkforce.com... 165.127.91.10
Connecting to www.coworkforce.com|165.127.91.10|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Connection: keep-alive
Date: Fri, 06 Mar 2009 17:24:49 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 26447
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASBTDDQQ=NIFBMIKAFMPHFLDLIKBAMPBD; path=/
Cache-control: private -
Server Headers
% wget -S -O
/dev/null http://www.coworkforce.com/
--10:24:49-- http://www.coworkforce.com/
Resolving www.coworkforce.com... 165.127.91.10
Connecting to www.coworkforce.com|165.127.91.10|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Connection: keep-alive
Date: Fri, 06 Mar 2009 17:24:49 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 26447
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASBTDDQQ=NIFBMIKAFMPHFLDLIKBAMPBD; path=/
Cache-control: private -
Re:Add ins
FTP Server password for them: http://www.coworkforce.com/uit/ftp/ftp.asp
And Firefox is supposed to be the real security risk, right?
Also posted to 4chan.
Wow, I wouldn't give them a day more of uptime, provided that the 4chaners know how to use that to their advantage. Filling up their disk may or may not crash the server, depending on how Windows Server (or, XP in this case) handles a full hard drive when it comes time to page. Who am I kidding, a bluescreen most likely awaits them.
and route yourself via Tor before doing this
You don't think the feds won't go through the entire chain of Tor proxies if the hack costs them serious money, especially after the recent stimulus bill being passed and our national debt? You must be stupid to risk federal pound-me-in-the-ass prison just to crash a Windows XP web server. I'd rather just give it time and let nature take it's course
;) -
Re:Add ins
FTP Server password for them: http://www.coworkforce.com/uit/ftp/ftp.asp
Its right there, in plain text on the web page. Show them what "real" security is, and be sure to change your FF User-agent to something humorous via an addon, and route yourself via Tor before doing this. Enjoy. Also posted to 4chan. -
Oh this is rich.
$ nikto --host http://www.coworkforce.com/
- Nikto 2.02/2.03 - cirt.net
+ Target IP: 165.127.91.10
+ Target Hostname: www.coworkforce.com
+ Target Port: 80
+ Start Time: 2009-03-06 19:37:46+ Server: Microsoft-IIS/6.0
- Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
+ OSVDB-877: HTTP method ('Allow' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
- Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST
+ OSVDB-877: HTTP method ('Public' Header): 'TRACE' is typically only used for debugging and should be disabled. This message does not mean it is vulnerable to XST.
+ OSVDB-0: Retrieved X-Powered-By header: ASP.NET
+ OSVDB-630: IIS may reveal its internal IP in the Location header via a request to the /images directory. The value is "http://10.25.30.30/images/".
- /robots.txt - contains 3 'disallow' entries which should be manually viewed. (GET)
+ OSVDB-396: GET //_vti_bin/shtml.exe : Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.
+ OSVDB-0: GET //?Open : This displays a list of all databases on the server. Disable this capability via server options.
+ OSVDB-3233: GET //postinfo.html : Microsoft FrontPage default file found.
+ OSVDB-3233: GET //_vti_inf.html : FrontPage is installed and reveals its version number (check HTML source for more information).
+ OSVDB-3500: GET //_vti_bin/fpcount.exe : Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbitrary system commands, though a vulnerability in this version could not be confirmed. CAN-1999-1376. BID-2252.It's still running, but I've been at work long enough for one day. Someone else can finish this.
-
Re:Attention all personnel
I wanted to know more about doing the send, so I tried searching for "doTheSend()", but unfortunately this results in nothing but an "Unspecified error".
-
Down for the Count
Now the site is down and says:
"The Colorado Departent of Labor and Employment regrets that this service is unavailable at this time.
(We like Firefox too...and safari.....and chrome...) " -
We like Firefox too...and safari.....and chrome...
The Colorado Departent of Labor and Employment regrets that this service is unavailable at this time.
(We like Firefox too...and safari.....and chrome...) -
Other things that I could snoop from Google
Email template http://www.coworkforce.com/skills/emails/email1.htm Some kind of a translation look-up table: http://www.coworkforce.com/skills/data/wipxls.txt Set of skills: http://www.coworkforce.com/skills/data/skills.txt
-
Other things that I could snoop from Google
Email template http://www.coworkforce.com/skills/emails/email1.htm Some kind of a translation look-up table: http://www.coworkforce.com/skills/data/wipxls.txt Set of skills: http://www.coworkforce.com/skills/data/skills.txt
-
Other things that I could snoop from Google
Email template http://www.coworkforce.com/skills/emails/email1.htm Some kind of a translation look-up table: http://www.coworkforce.com/skills/data/wipxls.txt Set of skills: http://www.coworkforce.com/skills/data/skills.txt
-
Figures
This does kinda seem obvious since they have "Why is the Sky Blue" listed as a FAQ question of all things.
-
Re:stupid.
If you don't want to be disturbed at nigth, pull out the phone. How hard is that ? Employer doesn't accept it ? In that case he should be *paying* you for being "always accessible".
Actually, he may not have the right to request those hours off nor extra pay except when he is actively helping out. In my state, CO, the Colorado Minimum Wage Law reads as follows:
b) Sleep Time: where an employee's tour of duty is 24 hours or longer, up to 8 hours of sleeping time can be excluded from overtime compensation, if: (1) an express agreement excluding sleeping time exists; and (2) adequate sleeping facilities for an uninterrupted night's sleep are provided; and (3) at least five hours of sleep are possible during the scheduled sleeping periods; and (4) interruptions to perform duties are considered time worked. When said employee's tour of duty is less than 24 hours, periods during which the employee is permitted to sleep are compensable work time, as long as the employee is on duty and must work when required. Only actual sleep time may be excluded up to a maximum of eight (8) hours per work day. When work related interruptions prevent five (5) hours of sleep, the employee shall be compensated for the entire work day.