On the #GhostSec telegram we published taking down the Russia military website and all subdomains, we have also published a leak containing multiple things
GhostSec and #Anonymous stands with Ukraine Keep Fighting we support you however we can!
Leaks 3 (ZIP) —-> gov.ru & Sudak
Leaks 4 (ZIP) —-> 1000+ #Ru gov docs Crimae + Sudak
Leaks 5 (ZIP) —-> RSA [Lunar Missions] #Roscosmos
Leaks 6 (ZIP) —-> JINR (Nuclear Research) + DOI datas
Leaks 7 (ZIP) —-> Roskomnadzor 360,000 files (817.5GB)
We are now looking into all Russian IP’s that are actively scanning and attacking Ukraine’s Networks
We Will be attempting to breach into any that we can or Shut Down whatever we cannot breach
Current Targets list : https://pastebin.com/RUgvYtHe
New targets lists :
https://rentry.co/newtargets (oil and gaz trading)
https://rentry.co/newtargetss (russians dss)
Fight for Ukraine | #OpRedScare
OBJECTIVE – To disable Russian and Belarusian infrastructure (banking, transportation, military, energy)
DO NOT TARGET HOSPITALS, EDUCATION, OR SOCIAL SERVICES
TARGETS :
Russia
– https://anonfiles.com/hcPfm8K5xe/gov.ru_domains_csv
– https://anonfiles.com/j4Pdm9K2x5/mil.ru_domains_csv
Belarus
– https://anonfiles.com/n8K9y5K1x1/mil.by_domains_csv
– https://anonfiles.com/paK7y0Kcxc/gov.by_domains_csv
Request from the Vice Minister of Ukraine
– https://pastebin.com/fH6hyaJG
#OpRussia#OpRedScare#Ukraine#Anonymous
#Knowledge is power – Use Tor!
Recommended Software:
1. https://www.torproject.org/
5. https://www.virtualbox.org/
– Quickly get up to speed, hacking tips and tricks: http://archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion/m5spr
Brush up on Log4j: https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/
Buy web shells, cpanels and RDP’s: https://xleet.pw/
ReconFTW: https://github.com/six2dez/reconftw
Shodan: admin bypass: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/4QfmFLDBg5Wv7NISCtkp-keep
Bruteforce servers on mass!: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/uL5oQGQCjfMiB3An3PV–keep
https://pad.riseup.net/p/uL5oQGQCjfMiB3An3PV–keep
+————————————————————————————-+
# Objective – To identitfy Russian infrastructure (banking, transporation, military, energy) (And maybe disrupt it)
Basic outline of what to do:
1. Run masscan of Russian IP space for specific ports. [TICK]
2. Collect scan data to see what is responding. [TICK]
3. Run focused scans with specialized scanners – SQLmap,VA OpenS, WPScan, etc.
4. Validate data with multiple scans and OSINT.
5. Find vulnerability and exploit data based on scans.
6. Exploit vulnerabilities with MetaSploit, etc.
7. Take down these services.
Disclaimer:
Don’t do attacks under the OPUkraine banner as this could compromise the OP
*** Guides:
– How to run masscan looking for OSINT data:
https://pad.riseup.net/p/scanner-howto-keep
_______________________________________________________________________________________
Ideas for ultimate goals:
* Fighting Russian disinformation
Basically, russia is known to use disinformation to sway public opinion so perhaps we could publish information contrary to said disinformation sites through idk twitter or something
* “Checking out” Ukrainian separatist websites (more or less covered by ^tho)
* Putting out peace plans or tideas that could end the war (see the section “
Peace plan used by defunct op #OpSamanthaSmith”)
_______________________________________________________________________________________
List of Seperatist Media Organisations:
—————————————————————————————
Russian IP Blocks:
https://pastebin.6com/H3FU4X3h
*** Russian hosts and info: (biggie list)
strongerw2ise74v3duebgsvug4mehyhlpa7f6kfwnas7zofs3kov7yd.onion/pmn27ntm1/ik41es
https://pad.riseup.net/p/Euh-UQeWC-gqZdLcObkb
*** Russian Network Recon:
https://pad.riseup.net/p/BtLcKr1O6bcMyBVvk6NL
Peace plan used by defunct op #OpSamanthaSmith
These were featured in defacements of United Nations website and the Chinese polar research institute website. Even though #OpSamanthaSmith is defunct, you can still use the following in italics as part of defacements and so on.
The operation was named after a Cold War era American peace activist.
These are how to stop Ukraine tension from becoming full-blown WWIII
Making Ukraine alone to become a neutral nation again by itself isn’t so fair, so what if other countries like Finland, Belarus, Georgia, Armenia, Azerbaijan, Moldova and of course Ukraine are recommended to put themselves together to create a neutral grouping to be wedged between NATO and Russia?
A neutral security belt. An ersatz-NATO/CSTO, but primed to be themselves, guarding against rather than joining either one of both sides. A fucking cordon sanitaire that can assuage Russia’s fears without NATO losing its face.
Moreover, joining NATO/CSTO and that neutral collective security alliance is every bit like 劈腿 on your boy/girlfriend, isn’t it?
Note: 劈腿 means cheating in Chinese. May not work anymore. 😦 It would become Russian puppet. For now the priority is destruction of Kremlin regime
Websites vulnerable to persistent XSS
https://guidetopetersburg.com/ ?
Things to post
* Anonymous is not a group, not a country, but an amorphous idea. It flows like air, like water, like everything. Anonymous has survived Scientology, Sabu, FBI, Europol, and the rest all the time!
* Let it be known that since its inception, Anonymous never have restrictions that says that only homo sapiens can be part of it. It has a completely open door policy even more so than NATO!
* Sony learnt the hard way in 2011 that a part of Anonymous can finish what a totally different part had started!
* Ukrainian president’s address to all Russian citizens. https://twitter.com/PMoelleken/status/1496941845812760577
Suggestions for side operations
* In addition to Russian targets, try to gain access to interfaces and system that transmit radio to space, just in case things really went south and that .000000001% bet is the only path for salvation, de-escalation, peace and normality. Putin all-out threatening the world? Don’t get mad; get even. In such a way, hacking the accounts of remotehamradio.com would be the lowest hanging fruit ever.
– Some osint info: https://ghostbin.com/i9Eoy
DNS Servers
ns3.rttv.ru.
91.217.21.1
ns8-l2.nic.ruRU-CENTER
Russia pns31.cloudns.net.
185.136.96.66
pns31.cloudns.netCLOUDNSNET
United States ns33.cloudns.net.
54.36.26.145
ns33.cloudns.netOVH
France ns34.cloudns.net.
185.206.180.104
ns34.cloudns.netPUBLICLOUD
Germany ns4.rttv.ru.
91.217.20.1
ns4-l2.nic.ruRU-CENTER
Russia pns33.cloudns.net.
185.136.98.66
pns33.cloudns.netCLOUDNSNET
United States ns32.cloudns.net.
209.58.140.85
ns32.cloudns.netLEASEWEB-USA-SFO-12
United States ns1.rttv.ru.
109.73.15.35
ns1.rttv.ruRUSSIA_TODAY
Russia ns2.rttv.ru.
185.79.236.245
ns2.rttv.ruRTTV
Russia pns34.cloudns.net.
185.136.99.66
pns34.cloudns.netCLOUDNSNET
unknown ns31.cloudns.net.
109.201.133.111
ns31.cloudns.netNFORCE
Netherlands pns32.cloudns.net.
185.136.97.66
pns32.cloudns.netCLOUDNSNET
unknown
MX Records ** This is where email for the domain goes…
10 aspmx.l.google.com.
142.250.123.26
gh-in-f26.1e100.netGOOGLE
United States 30 aspmx3.googlemail.com.
64.233.186.26
cb-in-f26.1e100.netGOOGLE
United States 30 aspmx4.googlemail.com.
209.85.202.27
dg-in-f27.1e100.netGOOGLE
United States 20 alt2.aspmx.l.google.com.
64.233.186.26
cb-in-f26.1e100.netGOOGLE
United States 30 aspmx5.googlemail.com.
64.233.184.27
wa-in-f27.1e100.netGOOGLE
United States 20 alt1.aspmx.l.google.com.
108.177.12.27
ua-in-f27.1e100.netGOOGLE
United States 30 aspmx2.googlemail.com.
108.177.12.27
ua-in-f27.1e100.netGOOGLE
United States
TXT Records ** Find more hosts in Sender Policy Framework (SPF) configurations
“2022011010555941x7yj86eamnw0fqybdwpugz9sa9coq2jlzkv1a4rr04avj64t””v=spf1 include:_spf.google.com ~all”
Host Records (A) ** this data may not be current as it uses a static database (updated monthly)
rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx207.244.80.170
LEASEWEB-USA-WDC
United States creativelab.rt.com
HTTP: nginx54.194.41.141
ec2-54-194-41-141.eu-west-1.compute.amazonaws.comAMAZON-02
Ireland mail1.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx185.79.236.186
mail1.rt.comRTTV
Russia social.rt.com
HTTP: nginx
HTTPS: nginx
SSH: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
HTTP TECH: nginx95.131.27.119
DTLN
Russia ns0.rt.com
207.244.80.161
LEASEWEB-USA-WDC
United States ns.wpc.ar.rt.com
0.0.0.0
unknown wpc.fr.rt.com
37.48.108.104
LEASEWEB-NL-AMS-01 Netherlands
Netherlands ar.wpc.rt.com
37.48.108.110
LEASEWEB-NL-AMS-01 Netherlands
Netherlands m102.subscribe.rt.com
185.9.230.102
m102.subscribe.rt.comCIREX
Russia ns4.rt.com
185.79.236.249
ns4.rt.comRTTV
Russia dev.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx185.79.236.100
RTTV
Russia ns3.rt.com
82.202.190.82
KL-KDP
Russia api.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx89.191.237.181
ROSTELECOM-AS
Russia ns.wpc.fcm.rt.com
0.0.0.0
unknown wpc.fcm.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx185.79.236.168
RTTV
Russia ns1.rt.com
82.202.189.162
KL-KDP
Russia monitoring.wpc.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx89.191.237.165
mail2.rt.comROSTELECOM-AS
Russia m103.subscribe.rt.com
185.9.230.103
m103.subscribe.rt.comCIREX
Russia dvlp.wpc.rt.com
89.191.237.180
ROSTELECOM-AS
Russia files.wpc.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx89.191.237.185
ROSTELECOM-AS
Russia contacts.rt.com
HTTP: nginx
HTTPS: nginx
SSH: SSH-2.0-OpenSSH_7.4
HTTP TECH: nginx91.218.228.51
hosted-by.ihc.ruEUROBYTE Eurobyte LLC
Russia en.wpc.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx37.48.108.112
LEASEWEB-NL-AMS-01 Netherlands
Netherlands mp.wpc.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx89.191.237.184
ROSTELECOM-AS
Russia wpc.es.rt.com
207.244.80.171
LEASEWEB-USA-WDC
United States ns.wpc.es.rt.com
0.0.0.0
unknown ddbm.rt.com
HTTP: nginx
HTTPS: nginx
SSH: SSH-2.0-OpenSSH_7.4
HTTP TECH: nginx91.218.228.51
hosted-by.ihc.ruEUROBYTE Eurobyte LLC
Russia fcm.wpc.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx89.191.237.182
ROSTELECOM-AS
Russia ns.wpc.en.rt.com
0.0.0.0
unknown m104.subscribe.rt.com
185.9.230.104
m104.subscribe.rt.comCIREX
Russia ns5.rt.com
37.48.108.98
LEASEWEB-NL-AMS-01 Netherlands
Netherlands charity.rt.com
109.73.15.153
RUSSIA_TODAY
Russia mgmt.wpc.rt.com
HTTP: nginx
HTTPS: nginx
SSH: SSH-2.0-OpenSSH_8.1
HTTP TECH: nginx
HTTPS TECH: nginx89.191.237.163
ROSTELECOM-AS
Russia ru.wpc.rt.com
37.48.108.113
LEASEWEB-NL-AMS-01 Netherlands
Netherlands subscribe.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx89.191.237.183
ROSTELECOM-AS
Russia ns.wpc.fr.rt.com
0.0.0.0
unknown wpc.dvlp.rt.com
89.191.237.180
ROSTELECOM-AS
Russia ns.wpc.ru.rt.com
0.0.0.0
unknown wpc.bk.rt.com
185.79.236.196
RTTV
Russia ns.wpc.bk.rt.com
0.0.0.0
unknown ns.wpc.spprj.rt.com
0.0.0.0
unknown doc.wpc.rt.com
37.48.108.111
LEASEWEB-NL-AMS-01 Netherlands
Netherlands wpc.mp.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx89.191.237.184
ROSTELECOM-AS
Russia ns.wpc.d.rt.com
0.0.0.0
unknown bk2.wpc.rt.com
89.191.237.150
ROSTELECOM-AS
Russia mail1.wpc.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx185.79.236.186
mail1.rt.comRTTV
Russia wpc.ar.rt.com
37.48.108.103
LEASEWEB-NL-AMS-01 Netherlands
Netherlands ns2.rt.com
207.244.80.162
LEASEWEB-USA-WDC
United States wpc.files.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx89.191.237.185
ROSTELECOM-AS
Russia wiki-tst.api.rt.com
HTTP: nginx/1.18.0 (Ubuntu)
HTTPS: nginx/1.18.0 (Ubuntu)
SSH: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.337.143.10.157
hosted-by.ihc.ruEUROBYTE Eurobyte LLC
Russia bk.wpc.rt.com
89.191.237.170
ROSTELECOM-AS
Russia m101.subscribe.rt.com
185.9.230.101
m101.subscribe.rt.comCIREX
Russia de.wpc.rt.com
37.48.108.107
LEASEWEB-NL-AMS-01 Netherlands
Netherlands wpc.de.rt.com
37.48.108.107
LEASEWEB-NL-AMS-01 Netherlands
Netherlands fr.wpc.rt.com
37.48.108.104
LEASEWEB-NL-AMS-01 Netherlands
Netherlands mail2.wpc.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx89.191.237.165
mail2.rt.comROSTELECOM-AS
Russia wpc.d.rt.com
37.48.108.111
LEASEWEB-NL-AMS-01 Netherlands
Netherlands mail2.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx89.191.237.165
mail2.rt.comROSTELECOM-AS
Russia wpc.monitoring.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx89.191.237.165
mail2.rt.comROSTELECOM-AS
Russia ns6.rt.com
37.48.108.97
LEASEWEB-NL-AMS-01 Netherlands
Netherlands chtd.rt.com
HTTP: nginx
HTTPS: nginx
SSH: SSH-2.0-OpenSSH_7.4
HTTP TECH: nginx91.218.228.51
hosted-by.ihc.ruEUROBYTE Eurobyte LLC
Russia ns7.rt.com
89.191.237.247
ROSTELECOM-AS
Russia es.wpc.rt.com
37.48.108.115
LEASEWEB-NL-AMS-01 Netherlands
Netherlands spprj.wpc.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx185.79.236.160
RTTV
Russia award.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx89.191.237.184
ROSTELECOM-AS
Russia wpc.en.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx37.48.108.105
LEASEWEB-NL-AMS-01 Netherlands
Netherlands ns.wpc.de.rt.com
0.0.0.0
unknown wpc.spprj.rt.com
HTTP: nginx
HTTPS: nginx
HTTP TECH: nginx
HTTPS TECH: nginx185.79.236.160
RTTV
Russia wpc.ru.rt.com
207.244.80.181
LEASEWEB-USA-WDC
United States
Military d
Vulnerable targets:
Linux sudak.rk.gov.ru 2.6.26.3-29.0.140asp.i686 #1 SMP Mon Sep 15 07:08:05 EDT 2008 i686
Samba (port 445):
Samba3.2.0-17.0.140asp
SMB Status:
Authentication: disabled
SMB Version: 1
OS: Unix
Software: Samba 3.2.0-17.0.140asp
Capabilities: dfs, extended-security, infolevel-passthru, large-files, large-readx, large-writex, level2-oplocks, lock-and-read, nt-find, nt-smb, nt-status, raw-mode, rpc-remote-api, unicode, unix
Shares
Name Type Comments
————————————————————————
work Disk Share for work
consult Disk Share for consultant
www Disk Share for web
IPC$ IPC IPC Service (Samba Server)
#Savoir c’est pouvoir – Utilisez Tor !
Logiciel recommandé :
1. https://www.torproject.org/
5. https://www.tracelabs.org/initiatives/osint-vm#downloads
6. https://www.virtualbox.org/
– Obtenez rapidement des trucs et astuces de piratage : http://archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion/m5spr
Révisez Log4j : https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/
Achetez des Web Shells, des cpanels et des RDP : https://xleet.pw/
ReconFTW : https://github.com/six2dez/reconftw
Shodan : contournement administrateur : http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/4QfmFLDBg5Wv7NISCtkp-keep
Bruteforce servers on mass!: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/uL5oQGQCjfMiB3An3PV–keep https://pad.riseup.net/p/uL5oQGQCjfMiB3An3PV–keep
ns8-l2.nic.ru.
91.217.21.1
ns8-l2.nic.ruRU-CENTER
Russia ns4-cloud.nic.ru.
185.42.137.111
ns4-cloud.nic.ruNETNOD-IX Netnod Internet Exchange Sverige AB
Sweden ns8-cloud.nic.ru.
194.58.196.62
ns8-cloud.nic.ruNETNOD-IX Netnod Internet Exchange Sverige AB
Sweden ns3-l2.nic.ru.
193.232.146.1
ns3-l2.nic.ruRU-CENTER
Russia ns4-l2.nic.ru.
91.217.20.1
ns4-l2.nic.ruRU-CENTER
Russia
MX Records ** This is where email for the domain goes…
TXT Records ** Find more hosts in Sender Policy Framework (SPF) configurations
Host Records (A) ** this data may not be current as it uses a static database (updated monthly)
HTTP: ddos-guard
HTTPS: ddos-guard185.215.4.19
DDOS-GUARD
Russia
To get around DDOS-Guard, try finding
http://budget.gov.ru/dms – database management web interface e
AnonGhost Sec 