Bezbedan Balkan Bezbednost državnih resursa Kompromitovani resursi v
Kompromitovani računari zaposlenih u NIS -u

Linear Mode
Kompromitovani računari zaposlenih u NIS -u
VincaSec Away
Posting Freak
*****
Posts: 793
Threads: 443
Joined: Oct 2023
Reputation: 162
#5
04-19-2024, 12:15 PM (This post was last modified: 04-19-2024, 12:30 PM by VincaSec.)
"webmail.nis.rs" has been detected in the Github Gist

Code:
{"level":"debug","ts":1696233545.839838,"logger":"events","msg":"event","name":"tls_get_certificate","id":"7ad4cf4e-57d4-4a53-90f2-163322bf8a08","origin":"tls","data":{"client_hello":{"CipherSuites":[2570,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"sns01mb01-sfhub.nis.local","SupportedCurves":[10794,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["http/1.1"],"SupportedVersions":[27242,772,771],"Conn":{}}}}
{"level":"debug","ts":1696233545.8399208,"logger":"tls.handshake","msg":"choosing certificate","identifier":"sns01mb01-sfhub.nis.local","num_choices":1}
{"level":"debug","ts":1696233545.83994,"logger":"tls.handshake","msg":"custom certificate selection results","identifier":"sns01mb01-sfhub.nis.local","subjects":["reverseproxyint","sns01sp-rp","sns01sp-rp.asutp.local","sns01enmpro","sns01enmpro.nis.local","sns01usoi4-app.nis.local","sns01usoi4-app","sns01mb01-sfhub","sns01mb01-sfhub.nis.local","materijalnibilans","materijalnibilans.nis.local","mb.nis.rs","powerbi.nis.rs","int","int.nis.local","webmail.nis.rs","webmail","mechfond","mechfond.nis.local","maxups","maxups.nis.eu","mobop","mobop.nis.local","gps.nis.rs","gps-test.nis.rs","sns01gis02","sns01gis02.nis.local","10.99.62.20"],"managed":false,"issuer_key":"","hash":"971b2f8d96b435f700d0f3fd1bde7cd74f228c5ec7cff29893b8e384d7f8e9f4"}
{"level":"debug","ts":1696233545.839948,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"10.100.103.21","remote_port":"59084","subjects":["reverseproxyint","sns01sp-rp","sns01sp-rp.asutp.local","sns01enmpro","sns01enmpro.nis.local","sns01usoi4-app.nis.local","sns01usoi4-app","sns01mb01-sfhub","sns01mb01-sfhub.nis.local","materijalnibilans","materijalnibilans.nis.local","mb.nis.rs","powerbi.nis.rs","int","int.nis.local","webmail.nis.rs","webmail","mechfond","mechfond.nis.local","maxups","maxups.nis.eu","mobop","mobop.nis.local","gps.nis.rs","gps-test.nis.rs","sns01gis02","sns01gis02.nis.local","10.99.62.20"],"managed":false,"expiration":1758880031,"hash":"971b2f8d96b435f700d0f3fd1bde7cd74f228c5ec7cff29893b8e384d7f8e9f4"}
{"level":"debug","ts":1696233545.842473,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"sns01mb01-sfhub.nis.local:18666","total_upstreams":1}
{"level":"debug","ts":1696233545.878019,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"sns01mb01-sfhub.nis.local:18666","duration":0.035475695,"request":{"remote_ip":"10.100.103.21","remote_port":"59084","client_ip":"10.100.103.21","proto":"HTTP/1.1","method":"GET","host":"sns01mb01-sfhub.nis.local:18666","uri":"/service/fdmaic4e8abpxzoe","headers":{"Pragma":["no-cache"],"X-Forwarded-Host":["sns01mb01-sfhub.nis.local:18666"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 Edg/101.0.1210.39"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade":["websocket"],"Connection":["Upgrade"],"Sec-Websocket-Extensions":["permessage-deflate; client_max_window_bits"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Proto":["https"],"Origin":["https://sns01mb01-sfhub.nis.local"],"Cache-Control":["no-cache"],"X-Forwarded-For":["10.100.103.21"],"Sec-Websocket-Version":["13"],"Sec-Websocket-Key":["mfX1HkHAzuRKunh/MflsJw=="]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","server_name":"sns01mb01-sfhub.nis.local"}},"headers":{"Sec-Websocket-Version":["13"]},"status":426}
{"level":"error","ts":1696233545.8786438,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","upstream":"sns01mb01-sfhub.nis.local:18666","duration":0.035475695,"request":{"remote_ip":"10.100.103.21","remote_port":"59084","client_ip":"10.100.103.21","proto":"HTTP/1.1","method":"GET","host":"sns01mb01-sfhub.nis.local:18666","uri":"/service/fdmaic4e8abpxzoe","headers":{"Pragma":["no-cache"],"X-Forwarded-Host":["sns01mb01-sfhub.nis.local:18666"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 Edg/101.0.1210.39"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade":["websocket"],"Connection":["Upgrade"],"Sec-Websocket-Extensions":["permessage-deflate; client_max_window_bits"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Proto":["https"],"Origin":["https://sns01mb01-sfhub.nis.local"],"Cache-Control":["no-cache"],"X-Forwarded-For":["10.100.103.21"],"Sec-Websocket-Version":["13"],"Sec-Websocket-Key":["mfX1HkHAzuRKunh/MflsJw=="]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","server_name":"sns01mb01-sfhub.nis.local"}},"error":"reading: context canceled"}
{"level":"debug","ts":1696233545.8824418,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"sns01mb01-sfhub.nis.local:443","total_upstreams":1}
{"level":"debug","ts":1696233545.884747,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"sns01mb01-sfhub.nis.local:443","total_upstreams":1}
{"level":"debug","ts":1696233545.8861496,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"sns01mb01-sfhub.nis.local:443","total_upstreams":1}
{"level":"debug","ts":1696233545.8867483,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"sns01mb01-sfhub.nis.local:443","duration":0.001922187,"request":{"remote_ip":"10.100.103.21","remote_port":"59023","client_ip":"10.100.103.21","proto":"HTTP/2.0","method":"GET","host":"sns01mb01-sfhub.nis.local:443","uri":"/sfhub/Assets/SigmafineHub-Visualizer-registered.png","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 Edg/101.0.1210.39"],"X-Forwarded-For":["10.100.103.21"],"Sec-Fetch-Mode":["no-cors"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Host":["sns01mb01-sfhub.nis.local"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"101\", \"Microsoft Edge\";v=\"101\""],"Accept":["image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Dest":["image"],"Referer":["https://sns01mb01-sfhub.nis.local/sfhub/login/sign_in/signin"],"Sec-Ch-Ua-Mobile":["?0"],"If-None-Match":["\"0ce9b61fbd8d61:0\""],"X-Forwarded-Proto":["https"],"If-Modified-Since":["Wed, 23 Dec 2020 07:15:24 GMT"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"sns01mb01-sfhub.nis.local"}},"headers":{"Etag":["\"0ce9b61fbd8d61:0\""],"Server":["Microsoft-IIS/10.0"],"X-Powered-By":["ASP.NET"],"Date":["Mon, 02 Oct 2023 07:59:05 GMT"],"Cache-Control":["no-cache"],"Accept-Ranges":["bytes"]},"status":304}
{"level":"debug","ts":1696233545.8873892,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"sns01mb01-sfhub.nis.local:443","duration":0.001201797,"request":{"remote_ip":"10.100.103.21","remote_port":"59023","client_ip":"10.100.103.21","proto":"HTTP/2.0","method":"GET","host":"sns01mb01-sfhub.nis.local:443","uri":"/sfhub/Assets/SigmafineHub-Admin-registered.png","headers":{"Sec-Fetch-Site":["same-origin"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Dest":["image"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Host":["sns01mb01-sfhub.nis.local"],"Referer":["https://sns01mb01-sfhub.nis.local/sfhub/login/sign_in/signin"],"X-Forwarded-For":["10.100.103.21"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"101\", \"Microsoft Edge\";v=\"101\""],"If-None-Match":["\"0ce9b61fbd8d61:0\""],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 Edg/101.0.1210.39"],"Sec-Fetch-Mode":["no-cors"],"Accept":["image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"If-Modified-Since":["Wed, 23 Dec 2020 07:15:24 GMT"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"sns01mb01-sfhub.nis.local"}},"headers":{"X-Powered-By":["ASP.NET"],"Date":["Mon, 02 Oct 2023 07:59:05 GMT"],"Cache-Control":["no-cache"],"Accept-Ranges":["bytes"],"Etag":["\"0ce9b61fbd8d61:0\""],"Server":["Microsoft-IIS/10.0"]},"status":304}
{"level":"debug","ts":1696233545.8994024,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"sns01mb01-sfhub.nis.local:443","duration":0.016885835,"request":{"remote_ip":"10.100.103.21","remote_port":"59023","client_ip":"10.100.103.21","proto":"HTTP/2.0","method":"POST","host":"sns01mb01-sfhub.nis.local:443","uri":"/SFWebApi/SigmafineServices.SVC/sfAdmin/connect","headers":{"Content-Type":["text/plain"],"X-Forwarded-Proto":["https"],"Accept":["application/json, text/plain, */*"],"Accept-Encoding":["gzip, deflate, br"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 Edg/101.0.1210.39"],"Sec-Fetch-Site":["same-origin"],"X-Forwarded-Host":["sns01mb01-sfhub.nis.local"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Authorization":[],"Accept-Language":["en-US,en;q=0.9"],"Content-Length":["88"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"101\", \"Microsoft Edge\";v=\"101\""],"X-Forwarded-For":["10.100.103.21"],"Sec-Fetch-Mode":["cors"],"Sec-Ch-Ua-Mobile":["?0"],"Origin":["https://sns01mb01-sfhub.nis.local"],"Referer":["https://sns01mb01-sfhub.nis.local/sfhub/login/sign_in/signin"],"Sec-Fetch-Dest":["empty"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"sns01mb01-sfhub.nis.local"}},"headers":{"Access-Control-Allow-Credentials":["false"],"Date":["Mon, 02 Oct 2023 07:59:05 GMT"],"Cache-Control":["private"],"Server":["Microsoft-IIS/10.0"],"Access-Control-Allow-Methods":["GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH"],"Access-Control-Allow-Headers":["X-Content-Type-Options,X-Requested-With,Content-Type,X-Custom-Header,Authorization,Server,Access-Control-Allow-Origin,Access-Control-Request-Method,Access-Control-Allow-Headers,Access-Control-Allow-Credentials,X-Powered-By,Date,Content-Length"],"X-Aspnet-Version":["4.0.30319"],"X-Powered-By":["ASP.NET"],"Content-Type":["application/json; charset=utf-8"],"Access-Control-Allow-Origin":["*"],"Access-Control-Request-Method":["POST,GET,PUT,PATCH,DELETE,OPTIONS"]},"status":200}
There is no patch for stupidity - Kevin Mitnick
Website Find
Reply


Messages In This Thread
RE: Kompromitovani računari zaposlenih u NIS -u - by VincaSec - 04-19-2024, 12:15 PM

Forum Jump:


Users browsing this thread: 2 Guest(s)