Login

1van · 12-17-2023, 08:23 PM

Da ostavimo i ovo u slučaju da se pojavi negde IP: arhiva.rik.parlament.gov.rs 195.222.96.163 195.222.99.250
Izvor: https://securitytrails.com/domain/arhiva.../history/a

1van · 12-17-2023, 08:46 PM

Imamo i 79.101.42.217 riktest.parlament.gov.rs mtt.esolutions.rs lan01-telekom.esolutions.rs vpnusers.esolutions.rs.
Izvor: https://securitytrails.com/list/ip/79.101.42.217

1van

Sa slike imamo:

Filename: PARLAMENT_HOST_1.jpeg Size: 40.57 KB 12-17-2023, 09:21 PM

System: 3.10.0-1160.36.2.el7.x86_64 (RedHat)
Web Server: Apache
PHP: 7.2.28
Ostali servisi: SQL (MySQL?), SSH

Hostname: govrs-*************.m.ha.rs

Čini mi se da su prva tri slova rik i da ima izmedju 7 i 10 nepoznatih: govrs-rik**********m.ha.rs.

Nije parlament, nije api, nije proba, jer nema p, onda sigurno isto nema g, q, j, y jer nema kukice dole.

Iz poznatih zona imamo: arhiva.rik.parlament.gov.rs, test.rik.parlament.gov.rs, www.rik.parlament.gov.rs, i lms.rik.parlament.gov.rs kao opcije koje ostaju. Ako pogledamo ostala poznata imena za m.ha.rs format je tipa: "telegraf-www-1.m.ha.rs, delhaize-www-2.m.ha.rs".

Dakle imamo sada:
govrs-rik-*******-1.m.ha.rs.
govrs-rik-********1.m.ha.rs.
govrs-rik-*******-2.m.ha.rs.
govrs-rik-********2.m.ha.rs.

Dvojka nije imamo primer 2. pa može se nalepi preko slike transparentno i da se vidi da se ne poklapa.

Dakle imamo sada:
govrs-rik-*******-1.m.ha.rs.
govrs-rik-********1.m.ha.rs.

Sa poznatim opcijama arhiva, lms, test.

Ako pogledamo crveni deo na slici vidimo da je srednji deo malo više ofarban, ali ne dovoljno da prekrije i, k, h, l, d, b, t, f.

Sto nas ostavlja sa: a, c, e, m, n, o, r, s, u, v, w, x, z. I nije arhiva, lms ili test.

Ako pretpostavimo da imamo i www u imenu:
govrs-rik-****-www-1.m.ha.rs.

Ostajemo sa a, c, e, m, n, o, r, s, u, v.

User je rikrs (vidi sliku u prvom postu), sto nas mozda dovodi do hostname: govrs-rik-rs-www-1.m.ha.rs. A ako je to tačno onda je to možda razvojna verzija glavnog RIK sajta (kompanije ESOLUTIONS).

Našao sam i ovo zanimljivo (Apache/CentOS, približna verzija PHP ali starija): https://www.shodan.io/host/79.101.42.217

Host: riktest.parlament.gov.rs (79.101.42.217)
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.14
X-Powered-By: PHP/7.2.14
X-Cache-Lookup: MISS from squid.eff.loc:80

**milos_rs** · 12-17-2023, 10:45 PM

ne verujem da je taj server, ha.rs nisu telekom IP adrese nego mCloud, taj domen je njihov

A možda ti nešto iz sertifikata da neku ideju? Ja sam pogledao i nisam uspeo https://crt.sh/?q=ha.rs

1van

Naravno imamo Telekom i Mainstream servere, ali mi se čini da kombinuju (probarik.esolutions.rs) dev. i prod., i da po verzijama servisa možemo da pronađemo domen ili host. Dakle po konfiguraciji najpribližniji je riktest.parlament.gov.rs (ali nije na Mainstream, nego na Telekomu).

Nisam uspeo da saznam ništa iz sertifikata, ali ono što mogu da vidim iz svih dokaza koje sam ostavio prethodno je da izgleda interna mreža kompanije esolutions.rs kompromitovana. A oni razvijaju gomilu državnih projekata (ovaj kompromitovani je isto njihov 212.200.105.181 dzpalilula.org.rs: https://bezbedanbalkan.net/thread-811-post-2173.html).

Ponati subdomeni i lokacije za parlament.gov.rs:

Filename: parlament.gov.rs_securitytrails_1.png Size: 96.2 KB 12-18-2023, 09:31 AM

Filename: parlament.gov.rs_securitytrails_2.png Size: 44.52 KB 12-18-2023, 09:32 AM

1van · 12-18-2023, 10:56 AM

Ostaviću ovo ovde u slučaju da dobijemo presek sa: Bezbedan Balkan OSINT agregator
Izvor: https://securitytrails.com/list/apex_dom...lutions.rs + DIG A

Quote:101.sudovi2.esolutions.rs: 79.175.125.235
111fin.sudovi2.esolutions.rs: 79.175.125.235
123-po.sudovi2.esolutions.rs: 79.175.125.235
12okr.sudovi2.esolutions.rs: 79.175.125.235
1310-10.sudovi2.esolutions.rs: 79.175.125.235
1310-101.sudovi2.esolutions.rs: 79.175.125.235
1310-2.sudovi2.esolutions.rs: 79.175.125.235
1310-3.sudovi2.esolutions.rs: 79.175.125.235
1310-4.sudovi2.esolutions.rs: 79.175.125.235
1310-5.sudovi2.esolutions.rs: 79.175.125.235
1310-6.sudovi2.esolutions.rs: 79.175.125.235
1310-8.sudovi2.esolutions.rs: 79.175.125.235
1310.sudovi2.esolutions.rs: 79.175.125.235
1okr.sudovi1.esolutions.rs: 79.175.125.234
2010.sudovi2.esolutions.rs: 79.175.125.235
2509.sudovi2.esolutions.rs: 79.175.125.235
2709.sudovi2.esolutions.rs: 79.175.125.235
2909.sudovi2.esolutions.rs: 79.175.125.235
2okr.sudovi1.esolutions.rs: 79.175.125.234
2ops.sudovi1.esolutions.rs: 79.175.125.234
3okr.sudovi1.esolutions.rs: 79.175.125.234
4ops.sudovi2.esolutions.rs: 79.175.125.235
6ops.sudovi2.esolutions.rs: 79.175.125.235
9ops.sudovi1.esolutions.rs: 79.175.125.234
ai.nb.esolutions.rs: 148.251.90.82
aigov.nb.esolutions.rs: 148.251.90.82
auto.esolutions.rs: 130.180.230.42
baza.esolutions.rs: 194.146.59.74
cmstest-heroj.esolutions.rs: 176.104.106.201
cmstest-openabalkan.esolutions.rs: 176.104.106.201
cmsuat-heroj.esolutions.rs: 176.104.106.201
cmsuat-openabalkan.esolutions.rs: 176.104.106.201
contact.esolutions.rs: 195.252.110.168
citizen.esolutions.rs: 194.146.59.74
cukaricastage.esolutions.rs: 194.106.182.88
cuvamte.nb.esolutions.rs: 148.251.90.82
cz.esolutions.rs: 92.42.250.107
download.esolutions.rs: 194.146.59.74
dz.esolutions.rs: 130.180.230.42
ai.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
bdz.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
beokom.esolutions.rs: 194.146.59.74 call.esolutions.rs: esolutions.rs. 185.102.77.36
cukarica.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
cuvamte.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
efaktura.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
effectacalls.esolutions.rs: Lan01-Telekom.esolutions.rs. 79.101.42.217
effectacalls1.esolutions.rs: 92.42.250.107
effectacalls3.esolutions.rs: 109.111.243.134
esolutions.rs: 185.102.77.36
forma.esolutions.rs: 176.104.106.201
fresh.sudovi1.esolutions.rs: 79.175.125.234
gensek.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs.79.101.42.217
gitlab.esolutions.rs: 92.42.250.107
ite.nb.esolutions.rs: 148.251.90.82
kragujevac.nb.esolutions.rs: 148.251.90.82
ks.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
lan01-telekom.esolutions.rs: 79.101.42.217
lisna.sudovi2.esolutions.rs: 79.175.125.235
mail.esolutions.rs: 194.146.59.74
mailservis.esolutions.rs: 188.93.124.36
mki.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
mpravde.nb.esolutions.rs: 148.251.90.82
mprdev.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
mprdev2.esolutions.rs: 194.146.59.74
mprtest.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
mre.nb.esolutions.rs: 148.251.90.82
mto.nb.esolutions.rs: 148.251.90.82
mtt.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
mtt.nb.esolutions.rs: 148.251.90.82
must.nb.esolutions.rs: 148.251.90.82
mzdravlja.nb.esolutions.rs: 148.251.90.82
napa.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
napa.nb.esolutions.rs: 148.251.90.82
nsa.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
nsa.nb.esolutions.rs: 148.251.90.82
os2.sudovi2.esolutions.rs: 79.175.125.235
osn.sudovi1.esolutions.rs: 79.175.125.234
pazova.esolutions.rs: esolutions.rs. 185.102.77.36
pib.nb.esolutions.rs: 148.251.90.82
platforma.esolutions.rs: 148.251.90.82
pro.sudovi1.esolutions.rs: 79.175.125.234
proba2509-3.sudovi2.esolutions.rs: 79.175.125.235
proba2609-4.sudovi2.esolutions.rs: 79.175.125.235
proba2709-2.sudovi2.esolutions.rs: 79.175.125.235
proba2709.sudovi2.esolutions.rs: 79.175.125.235
probarik.esolutions.rs: 92.249.52.143
profile.esolutions.rs: 195.252.110.168
pros.sudovi1.esolutions.rs: 79.175.125.234
redstar.esolutions.rs: 188.93.126.13
rik.nb.esolutions.rs: 148.251.90.82
rikapi.esolutions.rs: 176.104.106.201
sec.esolutions.rs: 79.175.125.235
sk.esolutions.rs: 176.104.106.201
slack.sudovi1.esolutions.rs: 79.175.125.234
slus.sudovi1.esolutions.rs: 79.175.125.234
spf30.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
srb.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
srb2.esolutions.rs: effectacalls.esolutions.rs. Lan01-Telekom.esolutions.rs. 79.101.42.217
sudnica.sudovi1.esolutions.rs: 79.175.125.234
suk.nb.esolutions.rs: 148.251.90.82
test.esolutions.rs: 194.146.56.29
test0211.sudovi2.esolutions.rs: 79.175.125.235
test1611.sudovi2.esolutions.rs: 79.175.125.235
test2-3server.sudovi2.esolutions.rs: 79.175.125.235
test2711.sudovi2.esolutions.rs: 79.175.125.235
test3server.sudovi2.esolutions.rs: 79.175.125.235
trans.sudovi2.esolutions.rs: 79.175.125.235
viber.esolutions.rs: 92.42.250.107
vlada.nb.esolutions.rs: 148.251.90.82
vpn.esolutions.rs: Lan01-Telekom.esolutions.rs. 79.101.42.217
vpnusers.esolutions.rs: Lan01-Telekom.esolutions.rs. 79.101.42.217
webservices.esolutions.rs: 77.105.3.252
www.esolutions.rs: esolutions.rs. 185.102.77.36

1van · 12-18-2023, 11:05 AM

Imamo jedan zanimljiv trag, i zajednički činilac je arhiva.rik.parlament.gov.rs. 195.222.99.250:

Filename: arhiva_rik_bbosint_1.png Size: 61.4 KB 12-18-2023, 11:04 AM

1van · 12-18-2023, 11:07 AM

I još jedan trag, gde je zajedniči činilac esolutions.rs.

Login
Username/Email:
Password:	Lost Password?
	Remember me