RMS on USA Virgina (Backup)

1. USA Virgina Attacked RMS by Gh05t666nero
2. ___ _ __ ___ _ __ __ __
3. / __| |_ / \| __| |_ / / / / / / _ _ ___ _ _ ___
4. | (_ | ' \ () |__ \ _/ _ \/ _ \/ _ \ ' \/ -_) '_/ _ \
5. \___|_||_\__/|___/\__\___/\___/\___/_||_\___|_| \___/
6.  
7. # Breacher : Gh05t666nero
8. # Greet'z : Indoghostsec Family
9. # Server : 172.31.29.189»2001:0:34f1:8072:1424:1062:53e0:e242
10. # Hostname : EC2AMAZ-GFUR9Q3
11. # Attacking: 2020-11-26 | 14:00
12. #-------------------------------------------------
13. Special Thanks to: Gh05t666include
14.  
15. Authentication Id : 0 ; 990954 (00000000:000f1eea)
16. Session : RemoteInteractive from 2
17. User Name : Administrator
18. Domain : EC2AMAZ-GFUR9Q3
19. Logon Server : EC2AMAZ-GFUR9Q3
20. Logon Time : 11/26/2020 4:04:16 AM
21. SID : S-1-5-21-240594365-2623422017-1024957230-500
22. msv :
23. [00000003] Primary
24. * Username : Administrator
25. * Domain : EC2AMAZ-GFUR9Q3
26. * NTLM : afed7dc2d73c05cafe97cb518680ef41
27. * SHA1 : 2b1fd0699d127a8cfe44118ac3f2c2d7995b0f67
28. tspkg :
29. wdigest :
30. * Username : Administrator
31. * Domain : EC2AMAZ-GFUR9Q3
32. * Password : (null)
33. kerberos :
34. * Username : Administrator
35. * Domain : EC2AMAZ-GFUR9Q3
36. * Password : (null)
37. ssp :
38. credman :
39.  
40. Authentication Id : 0 ; 930845 (00000000:000e341d)
41. Session : Interactive from 2
42. User Name : DWM-2
43. Domain : Window Manager
44. Logon Server : (null)
45. Logon Time : 11/26/2020 4:04:11 AM
46. SID : S-1-5-90-0-2
47. msv :
48. tspkg :
49. wdigest :
50. * Username : EC2AMAZ-GFUR9Q3$
51. * Domain : WORKGROUP
52. * Password : (null)
53. kerberos :
54. ssp :
55. credman :
56.  
57. Authentication Id : 0 ; 62557 (00000000:0000f45d)
58. Session : Interactive from 1
59. User Name : DWM-1
60. Domain : Window Manager
61. Logon Server : (null)
62. Logon Time : 11/26/2020 3:51:29 AM
63. SID : S-1-5-90-0-1
64. msv :
65. tspkg :
66. wdigest :
67. * Username : EC2AMAZ-GFUR9Q3$
68. * Domain : WORKGROUP
69. * Password : (null)
70. kerberos :
71. ssp :
72. credman :
73.  
74. Authentication Id : 0 ; 996 (00000000:000003e4)
75. Session : Service from 0
76. User Name : EC2AMAZ-GFUR9Q3$
77. Domain : WORKGROUP
78. Logon Server : (null)
79. Logon Time : 11/26/2020 3:51:28 AM
80. SID : S-1-5-20
81. msv :
82. tspkg :
83. wdigest :
84. * Username : EC2AMAZ-GFUR9Q3$
85. * Domain : WORKGROUP
86. * Password : (null)
87. kerberos :
88. * Username : ec2amaz-gfur9q3$
89. * Domain : WORKGROUP
90. * Password : (null)
91. ssp :
92. credman :
93.  
94. Authentication Id : 0 ; 25012 (00000000:000061b4)
95. Session : UndefinedLogonType from 0
96. User Name : (null)
97. Domain : (null)
98. Logon Server : (null)
99. Logon Time : 11/26/2020 3:51:27 AM
100. SID :
101. msv :
102. tspkg :
103. wdigest :
104. kerberos :
105. ssp :
106. credman :
107.  
108. Authentication Id : 0 ; 929984 (00000000:000e30c0)
109. Session : Interactive from 2
110. User Name : DWM-2
111. Domain : Window Manager
112. Logon Server : (null)
113. Logon Time : 11/26/2020 4:04:11 AM
114. SID : S-1-5-90-0-2
115. msv :
116. tspkg :
117. wdigest :
118. * Username : EC2AMAZ-GFUR9Q3$
119. * Domain : WORKGROUP
120. * Password : (null)
121. kerberos :
122. ssp :
123. credman :
124.  
125. Authentication Id : 0 ; 62540 (00000000:0000f44c)
126. Session : Interactive from 1
127. User Name : DWM-1
128. Domain : Window Manager
129. Logon Server : (null)
130. Logon Time : 11/26/2020 3:51:29 AM
131. SID : S-1-5-90-0-1
132. msv :
133. tspkg :
134. wdigest :
135. * Username : EC2AMAZ-GFUR9Q3$
136. * Domain : WORKGROUP
137. * Password : (null)
138. kerberos :
139. ssp :
140. credman :
141.  
142. Authentication Id : 0 ; 997 (00000000:000003e5)
143. Session : Service from 0
144. User Name : LOCAL SERVICE
145. Domain : NT AUTHORITY
146. Logon Server : (null)
147. Logon Time : 11/26/2020 3:51:29 AM
148. SID : S-1-5-19
149. msv :
150. tspkg :
151. wdigest :
152. * Username : (null)
153. * Domain : (null)
154. * Password : (null)
155. kerberos :
156. * Username : (null)
157. * Domain : (null)
158. * Password : (null)
159. ssp :
160. credman :
161.  
162. Authentication Id : 0 ; 999 (00000000:000003e7)
163. Session : UndefinedLogonType from 0
164. User Name : EC2AMAZ-GFUR9Q3$
165. Domain : WORKGROUP
166. Logon Server : (null)
167. Logon Time : 11/26/2020 3:51:27 AM
168. SID : S-1-5-18
169. msv :
170. tspkg :
171. wdigest :
172. * Username : EC2AMAZ-GFUR9Q3$
173. * Domain : WORKGROUP
174. * Password : (null)
175. kerberos :
176. * Username : ec2amaz-gfur9q3$
177. * Domain : WORKGROUP
178. * Password : (null)
179. ssp :
180. credman :
181.  
182. Authentication Id : 0 ; 990954 (00000000:000f1eea)
183. Session : RemoteInteractive from 2
184. User Name : Administrator
185. Domain : EC2AMAZ-GFUR9Q3
186. Logon Server : EC2AMAZ-GFUR9Q3
187. Logon Time : 11/26/2020 4:04:16 AM
188. SID : S-1-5-21-240594365-2623422017-1024957230-500
189.  
190. * Username : Administrator
191. * Domain : EC2AMAZ-GFUR9Q3
192. * Password : (null)
193.  
194. Group 0 - Ticket Granting Service
195.  
196. Group 1 - Client Ticket ?
197.  
198. Group 2 - Ticket Granting Ticket
199.  
200. Authentication Id : 0 ; 996 (00000000:000003e4)
201. Session : Service from 0
202. User Name : EC2AMAZ-GFUR9Q3$
203. Domain : WORKGROUP
204. Logon Server : (null)
205. Logon Time : 11/26/2020 3:51:28 AM
206. SID : S-1-5-20
207.  
208. * Username : ec2amaz-gfur9q3$
209. * Domain : WORKGROUP
210. * Password : (null)
211.  
212. Group 0 - Ticket Granting Service
213.  
214. Group 1 - Client Ticket ?
215.  
216. Group 2 - Ticket Granting Ticket
217.  
218. Authentication Id : 0 ; 997 (00000000:000003e5)
219. Session : Service from 0
220. User Name : LOCAL SERVICE
221. Domain : NT AUTHORITY
222. Logon Server : (null)
223. Logon Time : 11/26/2020 3:51:29 AM
224. SID : S-1-5-19
225.  
226. * Username : (null)
227. * Domain : (null)
228. * Password : (null)
229.  
230. Group 0 - Ticket Granting Service
231.  
232. Group 1 - Client Ticket ?
233.  
234. Group 2 - Ticket Granting Ticket
235.  
236. Authentication Id : 0 ; 999 (00000000:000003e7)
237. Session : UndefinedLogonType from 0
238. User Name : EC2AMAZ-GFUR9Q3$
239. Domain : WORKGROUP
240. Logon Server : (null)
241. Logon Time : 11/26/2020 3:51:27 AM
242. SID : S-1-5-18
243.  
244. * Username : ec2amaz-gfur9q3$
245. * Domain : WORKGROUP
246. * Password : (null)
247.  
248. Group 0 - Ticket Granting Service
249.  
250. Group 1 - Client Ticket ?
251.  
252. Group 2 - Ticket Granting Ticket
253.  
254. * System Store : 'CURRENT_USER' (0x00010000)
255. * Store : 'My'
256.  
257. * System Store : 'CERT_SYSTEM_STORE_LOCAL_MACHINE' (0x00020000)
258. * Store : 'My'
259.  
260. * Store : 'user'
261. * Provider : 'MS_ENHANCED_PROV' ('Microsoft Enhanced Cryptographic Provider v1.0')
262. * Provider type : 'PROV_RSA_FULL' (1)
263. * CNG Provider : 'Microsoft Software Key Storage Provider'
264.  
265. * Store : 'machine'
266. * Provider : 'MS_ENHANCED_PROV' ('Microsoft Enhanced Cryptographic Provider v1.0')
267. * Provider type : 'PROV_RSA_FULL' (1)
268. * CNG Provider : 'Microsoft Software Key Storage Provider'
269.  
270. CryptoAPI keys :
271. 0. TSSecKeySet1
272. f686aace6942fb7f7ceb231212eef4a4_20076372-8aa8-4127-baae-0a79b306fba8
273. Type : AT_KEYEXCHANGE (0x00000001)
274. |Provider name : Microsoft Enhanced Cryptographic Provider v1.0
275. |Key Container : TSSecKeySet1
276. |Unique name : f686aace6942fb7f7ceb231212eef4a4_20076372-8aa8-4127-baae-0a79b306fba8
277. |Implementation: CRYPT_IMPL_SOFTWARE ;
278. Algorithm : CALG_RSA_KEYX
279. Key size : 2048 (0x00000800)
280. Key permissions: 0000003b ( CRYPT_ENCRYPT ; CRYPT_DECRYPT ; CRYPT_READ ; CRYPT_WRITE ; CRYPT_MAC ; )
281. Exportable key : NO
282. Private export : OK - 'machine_capi_0_TSSecKeySet1.keyx.rsa.pvk
283.  
284. TargetName : MicrosoftAccount:target=SSO_POP_Device / <NULL>
285. UserName : 02gvirolifxu
286. Comment : Microsoft_WindowsLive:SerializedMaterial:5824
287. Type : 6 - domain_extended
288. Persist : 1 - session
289. Flags : 00000000
290. Credential :
291. Attributes : 23
292.  
293. TargetName : WindowsLive:target=virtualapp/didlogical / <NULL>
294. UserName : 02gvirolifxu
295. Comment : PersistedCredential
296. Type : 1 - generic
297. Persist : 2 - local_machine
298. Flags : 00000000
299. Credential :
300. Attributes : 32
301.  
302.  
303. Vault : {4bf4c442-9b8a-41a0-b380-dd4a704ddb28}
304. Name : Web Credentials
305. Path : C:\Users\Administrator\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28
306. Items (0)
307.  
308. Vault : {77bc582b-f0a6-4e15-4e80-61736b6f3b29}
309. Name : Windows Credentials
310. Path : C:\Users\Administrator\AppData\Local\Microsoft\Vault
311. Items (1)
312. 0. (null)
313. Type : {3c886ff3-2669-4aa2-a8fb-3f6759a77548}
314. LastWritten : 11/26/2020 4:04:41 AM
315. Flags : 00000000
316. Ressource : [STRING] MicrosoftAccount:target=SSO_POP_Device
317. Identity : [STRING] 02gvirolifxu
318. Authenticator :
319. PackageSid :
320. *Authenticator* : [BYTE*]
321.  
322. *** Domain Extended ***
323.  
324.  
325. TargetName : WindowsLive:target=virtualapp/didlogical / <NULL>
326. UserName : 02iyqjbfduci
327. Comment : PersistedCredential
328. Type : 1 - generic
329. Persist : 2 - local_machine
330. Flags : 00000000
331. Credential :
332. Attributes : 32
333.  
334. Domain : EC2AMAZ-GFUR9Q3
335. SysKey : 98db12300575d3dd3f7e8b5a9556d457
336. Local SID : S-1-5-21-240594365-2623422017-1024957230
337.  
338. SAMKey : f18676693d059290dac03bf51ff90bcd
339.  
340. RID : 000001f4 (500)
341. User : Administrator
342. Hash NTLM: afed7dc2d73c05cafe97cb518680ef41
343.  
344. RID : 000001f5 (501)
345. User : Guest
346.  
347. RID : 000001f7 (503)
348. User : DefaultAccount
349.  
350.  
351. Vault : {4bf4c442-9b8a-41a0-b380-dd4a704ddb28}
352. Name : Web Credentials
353. Path : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28
354. Items (0)
355.  
356. Vault : {77bc582b-f0a6-4e15-4e80-61736b6f3b29}
357. Name : Windows Credentials
358. Path : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Vault
359. Items (0)
360.  
361. Domain : EC2AMAZ-GFUR9Q3
362. SysKey : 98db12300575d3dd3f7e8b5a9556d457
363.  
364. Local name : EC2AMAZ-GFUR9Q3 ( S-1-5-21-240594365-2623422017-1024957230 )
365. Domain name : WORKGROUP
366.  
367. Policy subsystem is : 1.14
368. LSA Key(s) : 1, default {6acde6d5-f708-3e4c-8002-864756581200}
369. [00] {6acde6d5-f708-3e4c-8002-864756581200} fbcc62a31d2d9199118daeaa916eea288bc7d1ee57eff17e7754442c4646c77d
370.  
371. Secret : DPAPI_SYSTEM
372. cur/hex : 01 00 00 00 80 9a b7 3b 6e ff 41 ae 98 6e 7c 66 f5 24 af c6 b0 71 f2 60 b7 46 d9 aa 2a 25 8d 23 8d d9 dd 5f b2 cf b0 d9 8f 54 1d 0c
373. full: 809ab73b6eff41ae986e7c66f524afc6b071f260b746d9aa2a258d238dd9dd5fb2cfb0d98f541d0c
374. m/u : 809ab73b6eff41ae986e7c66f524afc6b071f260 / b746d9aa2a258d238dd9dd5fb2cfb0d98f541d0c
375. old/hex : 01 00 00 00 b6 e7 df 80 ea d7 01 e8 23 e1 87 b3 dc 57 2f 27 33 46 e9 68 b9 95 53 60 4b f5 b9 e0 ee 5e 8a 49 59 96 ad 36 a7 8e ce a9
376. full: b6e7df80ead701e823e187b3dc572f273346e968b99553604bf5b9e0ee5e8a495996ad36a78ecea9
377. m/u : b6e7df80ead701e823e187b3dc572f273346e968 / b99553604bf5b9e0ee5e8a495996ad36a78ecea9
378.  
379. Secret : NL$KM
380. cur/hex : 2e 74 ed 55 62 cb 0c 23 83 3d c6 56 51 ce b2 93 63 bc 5f c9 59 8b 25 db 1f fc f9 a2 26 50 31 60 c4 67 c4 47 3b ea d7 01 86 9b 67 31 70 f9 30 a1 49 99 f2 29 6d 19 85 d4 f2 01 be c0 65 26 19 20
381. old/hex : 2e 74 ed 55 62 cb 0c 23 83 3d c6 56 51 ce b2 93 63 bc 5f c9 59 8b 25 db 1f fc f9 a2 26 50 31 60 c4 67 c4 47 3b ea d7 01 86 9b 67 31 70 f9 30 a1 49 99 f2 29 6d 19 85 d4 f2 01 be c0 65 26 19 20
382.  
383.  
384. Domain : EC2AMAZ-GFUR9Q3
385. SysKey : 98db12300575d3dd3f7e8b5a9556d457
386.  
387. Local name : EC2AMAZ-GFUR9Q3 ( S-1-5-21-240594365-2623422017-1024957230 )
388. Domain name : WORKGROUP
389.  
390. Policy subsystem is : 1.14
391. LSA Key(s) : 1, default {6acde6d5-f708-3e4c-8002-864756581200}
392. [00] {6acde6d5-f708-3e4c-8002-864756581200} fbcc62a31d2d9199118daeaa916eea288bc7d1ee57eff17e7754442c4646c77d
393.  
394. * Iteration is set to default (10240)
395.  
396. [DC] 'lab.local' will be the domain
397. ERROR kull_m_net_getDC ; DsGetDcName: 1355
398. ERROR kuhl_m_lsadump_dcsync ; Domain Controller not present