SELLING Access to internal network, domain admin
by exp0day - October 22, 2020 at 07:53 PM
#1
I'm saling the remote access of largest company in EU. 
The price is 9 BTC. 
I coudl provide any proofs and screenshots - starts from Web shell and end to domain controller panel.

The internal network available over 3K user machine and around 100 Servers (mail server, sql server, backups, emails, file server).

jabber [email protected]

I have found 0day vulnerability in one of the most popular product and can provide access to other companies too.
Reply
#2
(October 22, 2020 at 07:53 PM)exp0day Wrote: I'm saling the remote access of largest company in EU. 
The price is 9 BTC. 
I coudl provide any proofs and screenshots - starts from Web shell and end to domain controller panel.

The internal network available over 3K user machine and around 100 Servers (mail server, sql server, backups, emails, file server).

jabber [email protected]

I have found 0day vulnerability in one of the most popular product and can provide access to other companies too.

Sorry guys, there was mistaken -  3 BTC

https://postimg.cc/gallery/v81HB7Z
Reply
#3
Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
Reply
#4
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]
Reply
#5
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please
Reply
#6
(October 30, 2020 at 07:56 PM)exp0day Wrote:
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please

i did bro
Reply
#7
(October 30, 2020 at 08:03 PM)breachbase Wrote:
(October 30, 2020 at 07:56 PM)exp0day Wrote:
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please

i did bro

Don't get scammed!!!! Middleman!!!!!!!!!!!
Reply
#8
(October 30, 2020 at 08:05 PM)thekilob Wrote:
(October 30, 2020 at 08:03 PM)breachbase Wrote:
(October 30, 2020 at 07:56 PM)exp0day Wrote:
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please

i did bro

Don't get scammed!!!! Middleman!!!!!!!!!!!

sorry?
Reply
#9
sold............................
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
SELLING Selling internal network access+VPN access in Saudi Telecom companies(iTC,Mobily,STC Medusa23 1 393 Yesterday at 07:19 PM
Last Post: Medusa23
SELLING Selling Access to internal Bank Networks + Bank Accounts high level informations Medusa23 9 2,594 November 30, 2020 at 06:29 PM
Last Post: Diacka
SELLING Some Network Access artur11 6 1,083 November 29, 2020 at 08:34 PM
Last Post: monak0

 Users browsing this thread: 1 Guest(s)