NEW Community Mission - Unity7 Part 2!

Discussion in 'General' started by Anashel, Feb 12, 2017.

  1. Anashel

    Anashel Puppet Master Staff Member

    Live NOW in Alpha 0.3
    This is a hard mission, use this thread to exchange tips and progress reports... Don't forget to use the [ spoilers ] tag! [ / spoilers ]

    Hello agent,

    My name is Michael, I am the night shift officer for all North American operations.

    I just received a level 3 alert for Unity 7 Corporation.


    Following your foxacid attack on their copssh services, we detected WMI network activity and used it to deploy various surveillance kits. About 30 minutes ago, trace logs on their Dynamics AX Server revealed that a significant amount of money was wired.

    1. Investigate UNITY7 network and look for a possible connection with another organization.

    2. Track down any system where other pieces of information could be stored for further analysis.

    Final Objecive: Supply a target url, username, and password so we can launch an XKEYSCORE investigation.

    Good luck!
    Last edited by a moderator: Feb 12, 2017
    Balamung likes this.
  2. Silox

    Silox Active Agent

    Here is the ports and technologies
    Last edited by a moderator: Feb 12, 2017
    Anashel likes this.
  3. Hellsing

    Hellsing Active Agent

    Found after a osintscan on
    Last edited: Feb 12, 2017
  4. zaelong

    zaelong Moderator

    currently known working username(s) on;
    ADMIN (no password found though)
  5. Silox

    Silox Active Agent

    Ill make a list of usernames that have been tried on the superterram intranet, if you post what you have tried here, ill keep it updated.
  6. Joris

    Joris Active Agent

    This user does not seem to be of any use but I might have missed something
    Brea Setterlund
    Administrative Coordinator
    [email protected]
  7. Silox

    Silox Active Agent

  8. Seshemw

    Seshemw Active Agent

    Please crosscheck with Blackwatchmen files. I remember doing an assist with them on, including social engineering attack against one of the users (and two of the accounts). I'm in the field at the moment, so can't consult my case notes.
    From memory, we socially engineered Brea with her love of music, and as a result provided deeper access on several aspects. I know I have superterram in my C2 files as well, as I took the opportunity to root them.
    I did open up my C2, and took a look at some assets I developed independently.

    I have three node access in C2 (F6) from root on . is a newer hit I got from using my c2 access on They're running copssh as well, so I attempted to add them to c2 via FOXACID and failed when sourcing from Tried again from and also failed.
    When I get back to my case notes, I'll attempt checking the credential set I had from the prior work with the watchmen as well as some password attacks and see if it works on either the fileserver or root nodes.
    edit Note: and fileserver. do not seem to recognize breasetterlund as a valid user. or admin.

    Agent Seshemw
    Last edited: Feb 13, 2017
    Anashel likes this.
  9. Hellsing

    Hellsing Active Agent

    sfuzzer on
    Information on Brea Setterlund is in Silox's post

    Update: found password
    Update 2: I again overlooked something... It's "" not ""
    Last edited: Feb 13, 2017
    Anashel likes this.
  10. Anashel

    Anashel Puppet Master Staff Member

    Epic!! Congratulation!!!!!!

Share This Page