SELLING Access to internal network, domain admin
by exp0day - October 22, 2020 at 07:53 PM
#1
I'm saling the remote access of largest company in EU. 
The price is 9 BTC. 
I coudl provide any proofs and screenshots - starts from Web shell and end to domain controller panel.

The internal network available over 3K user machine and around 100 Servers (mail server, sql server, backups, emails, file server).

jabber [email protected]

I have found 0day vulnerability in one of the most popular product and can provide access to other companies too.
#2
(October 22, 2020 at 07:53 PM)exp0day Wrote: I'm saling the remote access of largest company in EU. 
The price is 9 BTC. 
I coudl provide any proofs and screenshots - starts from Web shell and end to domain controller panel.

The internal network available over 3K user machine and around 100 Servers (mail server, sql server, backups, emails, file server).

jabber [email protected]

I have found 0day vulnerability in one of the most popular product and can provide access to other companies too.

Sorry guys, there was mistaken -  3 BTC

https://postimg.cc/gallery/v81HB7Z
#3
Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
#4
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]
#5
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please
#6
(October 30, 2020 at 07:56 PM)exp0day Wrote:
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please

i did bro
#7
(October 30, 2020 at 08:03 PM)breachbase Wrote:
(October 30, 2020 at 07:56 PM)exp0day Wrote:
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please

i did bro

Don't get scammed!!!! Middleman!!!!!!!!!!!
This forum account is currently banned. Ban Length: 4 Months (1m, 1w remaining).
Ban Reason: > Spamming, Constantly harassing, stalking and flaming a member(s), Disrespecting RaidForums or its Staff members, Reporting posts without a good reason, repeatedly accusing users of scamming without any actual evidence.
#8
(October 30, 2020 at 08:05 PM)thekilob Wrote:
(October 30, 2020 at 08:03 PM)breachbase Wrote:
(October 30, 2020 at 07:56 PM)exp0day Wrote:
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please

i did bro

Don't get scammed!!!! Middleman!!!!!!!!!!!

sorry?
#9
sold............................

Possibly Related Threads…
Thread Author Replies Views Last Post
SELLING Initial Access To Internal Network "enpro.com" Cipher_Striker 0 26 17 minutes ago
Last Post: Cipher_Striker
SELLING Domino's India Data Breach - 13TB internal files BRBbrbt 28 4,550 Yesterday at 08:28 PM
Last Post: kiruvrechokim
SELLING Mobile Minecraft Mods App Admin Panel Access| +150K Active User 0x99 1 480 April 12, 2021 at 09:33 AM
Last Post: 0x99

 Users browsing this thread: 1 Guest(s)