<div dir="ltr"><div>Nmap scan report for 192.95.38.42</div><div>Host is up (0.087s latency).</div><div>Not shown: 998 filtered ports</div><div>PORT STATE SERVICE</div><div>3389/tcp open ms-wbt-server</div><div>49154/tcp open unknown</div>
<div><br></div><div>Nmap done: 1 IP address (1 host up) scanned in 12.64 seconds</div><div>[root@fly-obnosis-com asil]# </div><div><br></div><div><br></div><div>3389 LAUGH! </div><div><br></div><div>Using ncrack: <a href="http://www.techchop.com/2011/10/ep8-how-to-hack-windows-remote-desktop.html">http://www.techchop.com/2011/10/ep8-how-to-hack-windows-remote-desktop.html</a></div>
<div><br></div><div>Using AngryIP: <a href="http://www.youtube.com/watch?v=J6V4Ld6HqKQ">http://www.youtube.com/watch?v=J6V4Ld6HqKQ</a></div><div><br></div><div><br></div>Overview: <a href="http://www.dome9.com/security-challenges/rdp-port-3389-security">http://www.dome9.com/security-challenges/rdp-port-3389-security</a><div>
<br></div><div>DISCLAIMER: Do not actually attack these systems; that would be illegal, and you could meet with National and International consequences including jail, long term federal monitoring, or worse - including becoming a target yourself with a lifelong "parasite" on all of your systems.<br>
<div><br></div><div>Summary: We are MOCK targeting the systems that we catch in our denyhosts trap running on a mail server:</div><div><br></div><div>But who "owns" this IP:</div><div><br></div><div><table width="100%" cellpadding="0" cellspacing="0" border="0" style="font-family:'Times New Roman'">
<tbody><tr><td width="20" nowrap> </td><td valign="top"><table bgcolor="#f3f0e0" width="728" cellpadding="5" cellspacing="1" border="0"><tbody><tr><td class="" colspan="2" style="font-size:19px;line-height:22px;font-family:'trebuchet ms'">
192.95.38.42 - Geo Information</td></tr><tr><td class="" bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">IP Address</td><td class="" bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
<a class="" href="http://cqcounter.com/traceroute/?query=192.95.38.42" style="color:rgb(0,0,153)">192.95.38.42</a></td></tr><tr><td class="" bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
Host</td><td class="" bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">192.95.38.42</td></tr><tr><td class="" bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
Location</td><td class="" bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'"><img src="http://n1.dlcache.com/flags/us.gif" border="0" alt="US"> US, United States</td></tr><tr><td class="" bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
City</td><td class="" bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">Newark, NJ 07102</td></tr><tr><td class="" bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
Organization</td><td class="" bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">OVH Hosting</td></tr><tr><td class="" bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
ISP</td><td class="" bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">OVH Hosting</td></tr><tr><td class="" bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
AS Number</td><td class="" bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">AS16276 OVH Systems</td></tr><tr><td class="" bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
Latitude</td><td class="" bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">40°73'55" North</td></tr><tr><td class="" bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
Longitude</td><td class="" bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">74°17'41" West</td></tr><tr><td class="" bgcolor="#ffffff" valign="top" nowrap style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">
Distance</td><td class="" bgcolor="#ffffff" style="font-size:14px;line-height:18px;font-family:'trebuchet ms'">7593.96 km (4718.67 miles)</td></tr></tbody></table></td></tr></tbody></table></div><div><br></div><div>
<a href="http://www.ovh.com/us/index.xml">http://www.ovh.com/us/index.xml</a></div><div><br></div><div>This is a hosting account on an international hosting provider. </div><div><br></div><div>Probably pwned by Anonymous or Chinese hackers.</div>
<div><br></div><div>So, what would our responsible action be?</div><div><br></div><div>Report to the OVH with logs and time zone/time date stamp (done).</div><div><div><br><div class="gmail_quote">---------- Forwarded message ----------<br>
From: <b class="gmail_sendername">DenyHosts</b> <span dir="ltr"><<a href="mailto:nobody@mail.obnosis.com">nobody@mail.obnosis.com</a>></span><br>Date: Wed, Sep 25, 2013 at 5:07 PM<br>Subject: DenyHosts Report from mail<br>
To: <a href="mailto:lisakachold@obnosis.com">lisakachold@obnosis.com</a><br><br><br><div class="im">Added the following hosts to /etc/hosts.deny:<br>
<br>
</div>192.95.38.42 (unknown)<br>
<br>
---------------------------------------------------------------------</div><div><br></div>-- <br><div><br></div>(503) 754-4452 Android<br>(623) 239-3392 Skype<br>(623) 688-3392 Google Voice<br>**<br><a href="http://it-clowns.com/c/" target="_blank">it-clowns.com</a><br>
Chief Clown<br><br><br><br><br><br><br><br><br><br><br><br><br><br>
</div></div></div></div>