SELLING Access to internal network, domain admin
by exp0day - October 22, 2020 at 07:53 PM
Thread Closed 
New User
Member
Posts 31
Threads 5
Joined Oct 2020
Reputation 60
#1
October 22, 2020 at 07:53 PM
I'm saling the remote access of largest company in EU. 
The price is 9 BTC. 
I coudl provide any proofs and screenshots - starts from Web shell and end to domain controller panel.

The internal network available over 3K user machine and around 100 Servers (mail server, sql server, backups, emails, file server).

jabber [email protected]

I have found 0day vulnerability in one of the most popular product and can provide access to other companies too.
New User
Member
Posts 31
Threads 5
Joined Oct 2020
Reputation 60
#2
October 23, 2020 at 07:07 PM This post was last modified: October 23, 2020 at 07:15 PM by exp0day.
(October 22, 2020 at 07:53 PM)exp0day Wrote: I'm saling the remote access of largest company in EU. 
The price is 9 BTC. 
I coudl provide any proofs and screenshots - starts from Web shell and end to domain controller panel.

The internal network available over 3K user machine and around 100 Servers (mail server, sql server, backups, emails, file server).

jabber [email protected]

I have found 0day vulnerability in one of the most popular product and can provide access to other companies too.

Sorry guys, there was mistaken -  3 BTC

https://postimg.cc/gallery/v81HB7Z
New User
Member
Posts 31
Threads 5
Joined Oct 2020
Reputation 60
#3
October 30, 2020 at 06:44 PM This post was last modified: October 30, 2020 at 06:59 PM by exp0day.
Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
GOD User
GOD Upgraded Member
Posts 55
Threads 6
Joined Oct 2020
Reputation 364

#4
October 30, 2020 at 07:13 PM
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]
New User
Member
Posts 31
Threads 5
Joined Oct 2020
Reputation 60
#5
October 30, 2020 at 07:56 PM
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please
GOD User
GOD Upgraded Member
Posts 55
Threads 6
Joined Oct 2020
Reputation 364

#6
October 30, 2020 at 08:03 PM
(October 30, 2020 at 07:56 PM)exp0day Wrote:
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please

i did bro
Chamillionaire
Posts 2,569
Threads 74
Joined Sep 2019
Reputation 1,936
1 Year of service

Is often seen conversing in the shoutbox.Promote RF using Twitter.Show use of excellent grammar on posts and threads.Has extended contribution to the Leaks subforum.Show evidence of multiple verified trades within RF. (Total of 5,000 USD Transacted)Reach 1000 valid posts.Achieve 1 month of online time.Show knowledge and understanding of hacking.Keep RF clean by reporting posts and threads, generally over 100 valid reports.Show knowledge and understanding of web development.Show extended watch time and knowledge of anime.
#7
October 30, 2020 at 08:05 PM
(October 30, 2020 at 08:03 PM)breachbase Wrote:
(October 30, 2020 at 07:56 PM)exp0day Wrote:
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please

i did bro

Don't get scammed!!!! Middleman!!!!!!!!!!!
This forum account is currently banned. Ban Length: 4 Months (1m, 1w remaining).
Ban Reason: > Spamming, Constantly harassing, stalking and flaming a member(s), Disrespecting RaidForums or its Staff members, Reporting posts without a good reason, repeatedly accusing users of scamming without any actual evidence.
New User
Member
Posts 31
Threads 5
Joined Oct 2020
Reputation 60
#8
October 30, 2020 at 08:18 PM
(October 30, 2020 at 08:05 PM)thekilob Wrote:
(October 30, 2020 at 08:03 PM)breachbase Wrote:
(October 30, 2020 at 07:56 PM)exp0day Wrote:
(October 30, 2020 at 07:13 PM)breachbase Wrote:
(October 30, 2020 at 06:44 PM)exp0day Wrote: Hi there,
the offer still available, the price was decreased to 1BTC, because it was to high as I understood (hehe, I'm a new person here, sorry).

the copany is largest EU retail (not in EU zone) company , over 400 PoS in the world. Full access to the network via RDP and domain admin user, and there are over 580/3000 domain users passwords (there is no good password policy).
`
3GUser01:749bd7d927a16953a840387e05736a7b:3G01
3GUser03:7a9decc7b5552210cb0f16010ca962c9:3G03
AAydin:e970cc808fee8a92881631caf371a29b:asdplkj
CWAService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
FAXSRV:ee0be19e20c971f447f23169d7249693:fax12
FaxServer:32ed87bdb5fdc5e9cba88547376818d4:123456
ForeFrontDAS:0a8d163fd961b07af20b497b39733473Tonguearola2008
ForefrontRTCProxy:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
ILS_ANONYMOUS_USER:7c3045d697843d06d8afdee36508c451:BpES7DAopqLM_1
IUSR_KSSVR8:c22b315c040ae6e0efee3518d830362b:123456789
MCM1:6f2716a42c9183a1f73d025bcf258e1a:MCM1234
MOBIL:b2e989aec7f8e1c0a63c521abb151dbe:MOBIL123
OCSChannel:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
OCSChat:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
Office365test2:29b391999b748679490f7766afee8746:Apranax1
P008986:627782b7274e323941c9418399460d5b:456789
P009585:32ed87bdb5fdc5e9cba88547376818d4:123456
P011094:32ed87bdb5fdc5e9cba88547376818d4:123456
P111115:542c1091d36545298fcf3118bacc528aTongue111115
P301329:84b6f585718cbca95e1551c9748d0376:301329
P301330:a1131341f8cd5e919ef64871c44ebba1:301330
P301331:bea2e4fafd2c3671bf084b15aea827b5:301331
RTCComponentService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCGuestAccessUser:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCReportPack:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
RTCService:f8d2686a6738e12640bdf8cee3188a0c:S3rv1c3
SCOMServerAction:48ff00593a8a2bec05e85f6464bcbb8e:1Q2W3E4r
ServiceAccount_CUCM:286e840d3401f0e7ce0bb344d7de81a9:123qwe!!!
StajerSiparis:dc2b66b7ff335f5a54b8092f3019063c:SS987654321
TeamFoundation:6a0354703f2799b33f700a0ac270199f:team
TeamReporting:6a0354703f2799b33f700a0ac270199f:team
`

Only 1 buyer.


After selling I will post other 8 company that used vulnerable soft which I was able to hack and gain access to internal netwok.
jabber [email protected]

ping me via jabber please

i did bro

Don't get scammed!!!! Middleman!!!!!!!!!!!

sorry?
New User
Member
Posts 31
Threads 5
Joined Oct 2020
Reputation 60
#9
November 05, 2020 at 06:42 AM
sold............................

Possibly Related Threads…
Thread Author Replies Views Last Post
SELLING Initial Access To Internal Network "enpro.com" Cipher_Striker 0 26 17 minutes ago
Last Post: Cipher_Striker
SELLING Domino's India Data Breach - 13TB internal files BRBbrbt 28 4,550 Yesterday at 08:28 PM
Last Post: kiruvrechokim
SELLING Mobile Minecraft Mods App Admin Panel Access| +150K Active User 0x99 1 480 April 12, 2021 at 09:33 AM
Last Post: 0x99

 Users browsing this thread: 1 Guest(s)