SELLING Access to internal network, domain admin
by exp0day - October 22, 2020 at 07:53 PM
New User
Member
Posts 30
Threads 5
Joined Oct 2020
Reputation 60
#1
October 22, 2020 at 07:53 PM
I'm saling the remote access of largest company in EU. 
The price is 9 BTC. 
I coudl provide any proofs and screenshots - starts from Web shell and end to domain controller panel.

The internal network available over 3K user machine and around 100 Servers (mail server, sql server, backups, emails, file server).

jabber [email protected]

I have found 0day vulnerability in one of the most popular product and can provide access to other companies too.
Reply
New User
Member
Posts 30
Threads 5
Joined Oct 2020
Reputation 60
#2
October 23, 2020 at 07:07 PM This post was last modified: October 23, 2020 at 07:15 PM by exp0day. Edited 2 times in total.
(October 22, 2020 at 07:53 PM)exp0day Wrote: I'm saling the remote access of largest company in EU. 
The price is 9 BTC. 
I coudl provide any proofs and screenshots - starts from Web shell and end to domain controller panel.

The internal network available over 3K user machine and around 100 Servers (mail server, sql server, backups, emails, file server).

jabber [email protected]

I have found 0day vulnerability in one of the most popular product and can provide access to other companies too.

Sorry guys, there was mistaken -  3 BTC

https://postimg.cc/gallery/v81HB7Z
Reply
New User
Member
Posts 30
Threads 5
Joined Oct 2020
Reputation 60
#3
October 30, 2020 at 06:44 PM This post was last modified: October 30, 2020 at 06:59 PM by exp0day. Edited 5 times in total.
Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
Reply
GOD User
GOD Upgraded Member
Posts 22
Threads 2
Joined Oct 2020
Reputation 142

#4
October 30, 2020 at 07:13 PM
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]
Reply
New User
Member
Posts 30
Threads 5
Joined Oct 2020
Reputation 60
#5
October 30, 2020 at 07:56 PM
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please
Reply
GOD User
GOD Upgraded Member
Posts 22
Threads 2
Joined Oct 2020
Reputation 142

#6
October 30, 2020 at 08:03 PM
(October 30, 2020 at 07:56 PM)exp0day Wrote:
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please

i did bro
Reply
Chamillionaire
thekilob
Posts 2,575
Threads 70
Joined Sep 2019
Reputation 1,884
1 Year of service

Promote RF using Twitter.Show use of excellent grammar on posts and threads.Has extended contribution to the Leaks subforum.Show evidence of multiple verified trades within RF. (Total of 5,000 USD Transacted)Reach 1000 valid posts.Achieve 1 month of online time.Show knowledge and understanding of hacking.Keep RF clean by reporting posts and threads, generally over 100 valid reports.Show knowledge and understanding of web development.Show extended watch time and knowledge of anime.Show playtime acquired in online video games.
#7
October 30, 2020 at 08:05 PM
(October 30, 2020 at 08:03 PM)breachbase Wrote:
(October 30, 2020 at 07:56 PM)exp0day Wrote:
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please

i did bro

Don't get scammed!!!! Middleman!!!!!!!!!!!
Reply
New User
Member
Posts 30
Threads 5
Joined Oct 2020
Reputation 60
#8
October 30, 2020 at 08:18 PM
(October 30, 2020 at 08:05 PM)thekilob Wrote:
(October 30, 2020 at 08:03 PM)breachbase Wrote:
(October 30, 2020 at 07:56 PM)exp0day Wrote:
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please

i did bro

Don't get scammed!!!! Middleman!!!!!!!!!!!

sorry?
Reply
New User
Member
Posts 30
Threads 5
Joined Oct 2020
Reputation 60
#9
November 05, 2020 at 06:42 AM
sold............................
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
SELLING Selling internal network access+VPN access in Saudi Telecom companies(iTC,Mobily,STC Medusa23 1 393 Yesterday at 07:19 PM
Last Post: Medusa23
SELLING Selling Access to internal Bank Networks + Bank Accounts high level informations Medusa23 9 2,594 November 30, 2020 at 06:29 PM
Last Post: Diacka
SELLING Some Network Access artur11 6 1,083 November 29, 2020 at 08:34 PM
Last Post: monak0

 Users browsing this thread: 1 Guest(s)