#OpRussia #OpRedScare

On the #GhostSec telegram we published taking down the Russia military website and all subdomains, we have also published a leak containing multiple things

GhostSec and #Anonymous stands with Ukraine Keep Fighting we support you however we can!

https://t.me/GhostSecc

https://t.co/o8PwBu7dny

Leaks 3 (ZIP) —-> gov.ru & Sudak

Leaks 4 (ZIP) —-> 1000+ #Ru gov docs Crimae + Sudak

Leaks 5 (ZIP) —-> RSA [Lunar Missions] #Roscosmos

Leaks 6 (ZIP) —-> JINR (Nuclear Research) + DOI datas

Leaks 7 (ZIP) —-> Roskomnadzor 360,000 files (817.5GB)

We are now looking into all Russian IP’s that are actively scanning and attacking Ukraine’s Networks

We Will be attempting to breach into any that we can or Shut Down whatever we cannot breach

Current Targets list : https://pastebin.com/RUgvYtHe

New targets lists :
https://rentry.co/newtargets (oil and gaz trading)
https://rentry.co/newtargetss (russians dss)

Fight for Ukraine | #OpRedScare

https://rentry.co/opredscare

OBJECTIVE – To disable Russian and Belarusian infrastructure (banking, transportation, military, energy)

DO NOT TARGET HOSPITALS, EDUCATION, OR SOCIAL SERVICES

TARGETS :
Russia
https://anonfiles.com/hcPfm8K5xe/gov.ru_domains_csv
https://anonfiles.com/j4Pdm9K2x5/mil.ru_domains_csv

Belarus
https://anonfiles.com/n8K9y5K1x1/mil.by_domains_csv
https://anonfiles.com/paK7y0Kcxc/gov.by_domains_csv

Request from the Vice Minister of Ukraine
https://pastebin.com/fH6hyaJG

#OpRussia#OpRedScare#Ukraine#Anonymous

#Knowledge is power – Use Tor!

Recommended Software:

1. https://www.torproject.org/

2. https://www.whonix.org/

3. https://tails.boum.org/

4. https://www.kali.org/

5. https://www.virtualbox.org/

 – Quickly get up to speed, hacking tips and tricks: http://archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion/m5spr

Brush up on Log4j: https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/

Buy web shells, cpanels and RDP’s: https://xleet.pw/

ReconFTW: https://github.com/six2dez/reconftw

Shodan: admin bypass: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/4QfmFLDBg5Wv7NISCtkp-keep

Bruteforce servers on mass!: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/uL5oQGQCjfMiB3An3PV–keep

https://pad.riseup.net/p/uL5oQGQCjfMiB3An3PV–keep

+————————————————————————————-+

# Objective – To identitfy Russian infrastructure (banking, transporation, military, energy) (And maybe disrupt it)

Basic outline of what to do:

1. Run masscan of Russian IP space for specific ports. [TICK]

2. Collect scan data to see what is responding. [TICK]

3. Run focused scans with specialized scanners – SQLmap,VA OpenS, WPScan, etc.

4. Validate data with multiple scans and OSINT.

5. Find vulnerability and exploit data based on scans.

6. Exploit vulnerabilities with MetaSploit, etc. 

7. Take down these services.

Disclaimer:

Don’t do attacks under the OPUkraine banner as this could compromise the OP

        *** Guides:

                – How to run masscan looking for OSINT data:

https://pad.riseup.net/p/scanner-howto-keep

_______________________________________________________________________________________

Ideas for ultimate goals:

        *     Fighting Russian disinformation

Basically, russia is known to use disinformation to sway public opinion so perhaps we could publish information contrary to said disinformation sites through idk twitter or something

        *     “Checking out” Ukrainian separatist websites (more or less covered by ^tho)

        *     Putting out peace plans or tideas that could end the war (see the section “

        Peace plan used by defunct op #OpSamanthaSmith”)

_______________________________________________________________________________________

List of Seperatist Media Organisations:

—————————————————————————————

Russian IP Blocks:

https://pastebin.6com/H3FU4X3h

        *** Russian hosts and info: (biggie list)

        strongerw2ise74v3duebgsvug4mehyhlpa7f6kfwnas7zofs3kov7yd.onion/pmn27ntm1/ik41es

https://pad.riseup.net/p/Euh-UQeWC-gqZdLcObkb

        *** Russian Network Recon: 

https://pad.riseup.net/p/BtLcKr1O6bcMyBVvk6NL

        Peace plan used by defunct op #OpSamanthaSmith

        These were featured in defacements of United Nations website and the Chinese polar research institute website. Even though #OpSamanthaSmith is defunct, you can still use the following in italics as part of defacements and so on.

        The operation was named after a Cold War era American peace activist.

        These are how to stop Ukraine tension from becoming full-blown WWIII

        Making Ukraine alone to become a neutral nation again by itself isn’t so fair, so what if other countries like Finland, Belarus, Georgia, Armenia, Azerbaijan, Moldova and of course Ukraine are recommended to put themselves together to create a neutral grouping to be wedged between NATO and Russia?

        A neutral security belt. An ersatz-NATO/CSTO, but primed to be themselves, guarding against rather than joining either one of both sides. A fucking cordon sanitaire that can assuage Russia’s fears without NATO losing its face.

        Moreover, joining NATO/CSTO and that neutral collective security alliance is every bit like 劈腿 on your boy/girlfriend, isn’t it?

        Note: 劈腿 means cheating in Chinese. May not work anymore. 😦 It would become Russian puppet. For now the priority is destruction of Kremlin regime

        Websites vulnerable to persistent XSS

        http://memorials.tomsk.ru

        https://guidetopetersburg.com/ ?

        Things to post

        * Anonymous is not a group, not a country, but an amorphous idea. It flows like air, like water, like everything. Anonymous has survived Scientology, Sabu, FBI, Europol, and the rest all the time! 

        * Let it be known that since its inception, Anonymous never have restrictions that says that only homo sapiens can be part of it. It has a completely open door policy even more so than NATO! 

        * Sony learnt the hard way in 2011 that a part of Anonymous can finish what a totally different part had started!

        * Ukrainian president’s address to all Russian citizens. https://twitter.com/PMoelleken/status/1496941845812760577

        Suggestions for side operations

        * In addition to Russian targets, try to gain access to interfaces and system that transmit radio to space, just in case things really went south and that .000000001% bet is the only path for salvation, de-escalation, peace and normality. Putin all-out threatening the world? Don’t get mad; get even. In such a way, hacking the accounts of remotehamradio.com would be the lowest hanging fruit ever. 

        – Some osint info: https://ghostbin.com/i9Eoy

DNS Servers

ns3.rttv.ru.

 91.217.21.1

ns8-l2.nic.ruRU-CENTER

Russia    pns31.cloudns.net.

 185.136.96.66

pns31.cloudns.netCLOUDNSNET

United States    ns33.cloudns.net.

 54.36.26.145

ns33.cloudns.netOVH

France    ns34.cloudns.net.

 185.206.180.104

ns34.cloudns.netPUBLICLOUD

Germany    ns4.rttv.ru.

 91.217.20.1

ns4-l2.nic.ruRU-CENTER

Russia    pns33.cloudns.net.

 185.136.98.66

pns33.cloudns.netCLOUDNSNET

United States    ns32.cloudns.net.

 209.58.140.85

ns32.cloudns.netLEASEWEB-USA-SFO-12

United States    ns1.rttv.ru.

 109.73.15.35

ns1.rttv.ruRUSSIA_TODAY

Russia    ns2.rttv.ru.

 185.79.236.245

ns2.rttv.ruRTTV

Russia    pns34.cloudns.net.

 185.136.99.66

pns34.cloudns.netCLOUDNSNET

unknown    ns31.cloudns.net.

 109.201.133.111

ns31.cloudns.netNFORCE

Netherlands    pns32.cloudns.net.

 185.136.97.66

pns32.cloudns.netCLOUDNSNET

unknown       

MX Records ** This is where email for the domain goes…

10 aspmx.l.google.com.

142.250.123.26

gh-in-f26.1e100.netGOOGLE

United States    30 aspmx3.googlemail.com.

64.233.186.26

cb-in-f26.1e100.netGOOGLE

United States    30 aspmx4.googlemail.com.

209.85.202.27

dg-in-f27.1e100.netGOOGLE

United States    20 alt2.aspmx.l.google.com.

64.233.186.26

cb-in-f26.1e100.netGOOGLE

United States    30 aspmx5.googlemail.com.

64.233.184.27

wa-in-f27.1e100.netGOOGLE

United States    20 alt1.aspmx.l.google.com.

108.177.12.27

ua-in-f27.1e100.netGOOGLE

United States    30 aspmx2.googlemail.com.

108.177.12.27

ua-in-f27.1e100.netGOOGLE

United States       

TXT Records ** Find more hosts in Sender Policy Framework (SPF) configurations

“2022011010555941x7yj86eamnw0fqybdwpugz9sa9coq2jlzkv1a4rr04avj64t””v=spf1 include:_spf.google.com ~all”

Host Records (A) ** this data may not be current as it uses a static database (updated monthly) 

rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx207.244.80.170

LEASEWEB-USA-WDC

United States    creativelab.rt.com

HTTP:  nginx54.194.41.141

ec2-54-194-41-141.eu-west-1.compute.amazonaws.comAMAZON-02

Ireland    mail1.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx185.79.236.186

mail1.rt.comRTTV

Russia    social.rt.com

HTTP:  nginx

HTTPS:  nginx

SSH:  SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2

HTTP TECH:  nginx95.131.27.119

DTLN

Russia    ns0.rt.com

207.244.80.161

LEASEWEB-USA-WDC

United States    ns.wpc.ar.rt.com

0.0.0.0

unknown    wpc.fr.rt.com

37.48.108.104

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    ar.wpc.rt.com

37.48.108.110

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    m102.subscribe.rt.com

185.9.230.102

m102.subscribe.rt.comCIREX

Russia    ns4.rt.com

185.79.236.249

ns4.rt.comRTTV

Russia    dev.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx185.79.236.100

RTTV

Russia    ns3.rt.com

82.202.190.82

KL-KDP

Russia    api.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx89.191.237.181

ROSTELECOM-AS

Russia    ns.wpc.fcm.rt.com

0.0.0.0

unknown    wpc.fcm.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx185.79.236.168

RTTV

Russia    ns1.rt.com

82.202.189.162

KL-KDP

Russia    monitoring.wpc.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx89.191.237.165

mail2.rt.comROSTELECOM-AS

Russia    m103.subscribe.rt.com

185.9.230.103

m103.subscribe.rt.comCIREX

Russia    dvlp.wpc.rt.com

89.191.237.180

ROSTELECOM-AS

Russia    files.wpc.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx89.191.237.185

ROSTELECOM-AS

Russia    contacts.rt.com

HTTP:  nginx

HTTPS:  nginx

SSH:  SSH-2.0-OpenSSH_7.4

HTTP TECH:  nginx91.218.228.51

hosted-by.ihc.ruEUROBYTE Eurobyte LLC

Russia    en.wpc.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx37.48.108.112

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    mp.wpc.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx89.191.237.184

ROSTELECOM-AS

Russia    wpc.es.rt.com

207.244.80.171

LEASEWEB-USA-WDC

United States    ns.wpc.es.rt.com

0.0.0.0

unknown    ddbm.rt.com

HTTP:  nginx

HTTPS:  nginx

SSH:  SSH-2.0-OpenSSH_7.4

HTTP TECH:  nginx91.218.228.51

hosted-by.ihc.ruEUROBYTE Eurobyte LLC

Russia    fcm.wpc.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx89.191.237.182

ROSTELECOM-AS

Russia    ns.wpc.en.rt.com

0.0.0.0

unknown    m104.subscribe.rt.com

185.9.230.104

m104.subscribe.rt.comCIREX

Russia    ns5.rt.com

37.48.108.98

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    charity.rt.com

109.73.15.153

RUSSIA_TODAY

Russia    mgmt.wpc.rt.com

HTTP:  nginx

HTTPS:  nginx

SSH:  SSH-2.0-OpenSSH_8.1

HTTP TECH:  nginx

HTTPS TECH:  nginx89.191.237.163

ROSTELECOM-AS

Russia    ru.wpc.rt.com

37.48.108.113

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    subscribe.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx89.191.237.183

ROSTELECOM-AS

Russia    ns.wpc.fr.rt.com

0.0.0.0

unknown    wpc.dvlp.rt.com

89.191.237.180

ROSTELECOM-AS

Russia    ns.wpc.ru.rt.com

0.0.0.0

unknown    wpc.bk.rt.com

185.79.236.196

RTTV

Russia    ns.wpc.bk.rt.com

0.0.0.0

unknown    ns.wpc.spprj.rt.com

0.0.0.0

unknown    doc.wpc.rt.com

37.48.108.111

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    wpc.mp.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx89.191.237.184

ROSTELECOM-AS

Russia    ns.wpc.d.rt.com

0.0.0.0

unknown    bk2.wpc.rt.com

89.191.237.150

ROSTELECOM-AS

Russia    mail1.wpc.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx185.79.236.186

mail1.rt.comRTTV

Russia    wpc.ar.rt.com

37.48.108.103

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    ns2.rt.com

207.244.80.162

LEASEWEB-USA-WDC

United States    wpc.files.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx89.191.237.185

ROSTELECOM-AS

Russia    wiki-tst.api.rt.com

HTTP:  nginx/1.18.0 (Ubuntu)

HTTPS:  nginx/1.18.0 (Ubuntu)

SSH:  SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.337.143.10.157

hosted-by.ihc.ruEUROBYTE Eurobyte LLC

Russia    bk.wpc.rt.com

89.191.237.170

ROSTELECOM-AS

Russia    m101.subscribe.rt.com

185.9.230.101

m101.subscribe.rt.comCIREX

Russia    de.wpc.rt.com

37.48.108.107

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    wpc.de.rt.com

37.48.108.107

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    fr.wpc.rt.com

37.48.108.104

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    mail2.wpc.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx89.191.237.165

mail2.rt.comROSTELECOM-AS

Russia    wpc.d.rt.com

37.48.108.111

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    mail2.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx89.191.237.165

mail2.rt.comROSTELECOM-AS

Russia    wpc.monitoring.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx89.191.237.165

mail2.rt.comROSTELECOM-AS

Russia    ns6.rt.com

37.48.108.97

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    chtd.rt.com

HTTP:  nginx

HTTPS:  nginx

SSH:  SSH-2.0-OpenSSH_7.4

HTTP TECH:  nginx91.218.228.51

hosted-by.ihc.ruEUROBYTE Eurobyte LLC

Russia    ns7.rt.com

89.191.237.247

ROSTELECOM-AS

Russia    es.wpc.rt.com

37.48.108.115

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    spprj.wpc.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx185.79.236.160

RTTV

Russia    award.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx89.191.237.184

ROSTELECOM-AS

Russia    wpc.en.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx37.48.108.105

LEASEWEB-NL-AMS-01 Netherlands

Netherlands    ns.wpc.de.rt.com

0.0.0.0

unknown    wpc.spprj.rt.com

HTTP:  nginx

HTTPS:  nginx

HTTP TECH:  nginx

HTTPS TECH:  nginx185.79.236.160

RTTV

Russia    wpc.ru.rt.com

207.244.80.181

LEASEWEB-USA-WDC

United States

Military d

Vulnerable targets:

https://sudak.rk.gov.ru/

    Linux sudak.rk.gov.ru 2.6.26.3-29.0.140asp.i686 #1 SMP Mon Sep 15 07:08:05 EDT 2008 i686

    Samba (port 445):

Samba3.2.0-17.0.140asp

SMB Status:

  Authentication: disabled

  SMB Version: 1

  OS: Unix

  Software: Samba 3.2.0-17.0.140asp

  Capabilities: dfs, extended-security, infolevel-passthru, large-files, large-readx, large-writex, level2-oplocks, lock-and-read, nt-find, nt-smb, nt-status, raw-mode, rpc-remote-api, unicode, unix

Shares

Name                 Type       Comments

————————————————————————

work                 Disk       Share for work

consult              Disk       Share for consultant

www                  Disk       Share for web

IPC$                 IPC        IPC Service (Samba Server)

#Savoir c’est pouvoir – Utilisez Tor !

Logiciel recommandé :

1. https://www.torproject.org/

2. https://www.whonix.org/

3. https://tails.boum.org/

4. https://www.kali.org/

5. https://www.tracelabs.org/initiatives/osint-vm#downloads

6. https://www.virtualbox.org/

 – Obtenez rapidement des trucs et astuces de piratage : http://archiveiya74codqgiixo33q62qlrqtkgmcitqx5u2oeqnmn5bpcbiyd.onion/m5spr

Révisez Log4j : https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/

Achetez des Web Shells, des cpanels et des RDP : https://xleet.pw/

ReconFTW : https://github.com/six2dez/reconftw

Shodan : contournement administrateur : http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/4QfmFLDBg5Wv7NISCtkp-keep

Bruteforce servers on mass!: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/uL5oQGQCjfMiB3An3PV–keep https://pad.riseup.net/p/uL5oQGQCjfMiB3An3PV–keep

ns8-l2.nic.ru.

 91.217.21.1

ns8-l2.nic.ruRU-CENTER

Russia    ns4-cloud.nic.ru.

 185.42.137.111

ns4-cloud.nic.ruNETNOD-IX Netnod Internet Exchange Sverige AB

Sweden    ns8-cloud.nic.ru.

 194.58.196.62

ns8-cloud.nic.ruNETNOD-IX Netnod Internet Exchange Sverige AB

Sweden    ns3-l2.nic.ru.

 193.232.146.1

ns3-l2.nic.ruRU-CENTER

Russia    ns4-l2.nic.ru.

 91.217.20.1

ns4-l2.nic.ruRU-CENTER

Russia       

MX Records ** This is where email for the domain goes…

TXT Records ** Find more hosts in Sender Policy Framework (SPF) configurations

Host Records (A) ** this data may not be current as it uses a static database (updated monthly) 

www.defence.ru

HTTP:  ddos-guard

HTTPS:  ddos-guard185.215.4.19

DDOS-GUARD

Russia

To get around DDOS-Guard, try finding

http://budget.gov.ru/dms – database management web interface e