Live NOW in Alpha 0.3 This is a hard mission, use this thread to exchange tips and progress reports... Don't forget to use the [ spoilers ] tag! [ / spoilers ] ----- Hello agent, My name is Michael, I am the night shift officer for all North American operations. I just received a level 3 alert for Unity 7 Corporation. Following your foxacid attack on their copssh services, we detected WMI network activity and used it to deploy various surveillance kits. About 30 minutes ago, trace logs on their Dynamics AX Server revealed that a significant amount of money was wired. 1. Investigate UNITY7 network and look for a possible connection with another organization. 2. Track down any system where other pieces of information could be stored for further analysis. Final Objecive: Supply a target url, username, and password so we can launch an XKEYSCORE investigation. Good luck!
currently known working username(s) on intranet.superterram.org; Spoiler ADMIN (no password found though)
Ill make a list of usernames that have been tried on the superterram intranet, if you post what you have tried here, ill keep it updated.
This user does not seem to be of any use but I might have missed something Spoiler: user Brea Setterlund Administrative Coordinator [email protected]
https://forums.aliceandsmith.com/threads/unity7-part-2-usernames.1948/ ok I made this for tested usernames
Please crosscheck with Blackwatchmen files. I remember doing an assist with them on superterram.org, including social engineering attack against one of the users (and two of the accounts). I'm in the field at the moment, so can't consult my case notes. Spoiler From memory, we socially engineered Brea with her love of music, and as a result provided deeper access on several aspects. I know I have superterram in my C2 files as well, as I took the opportunity to root them. I did open up my C2, and took a look at some assets I developed independently. Spoiler I have three node access in C2 (F6) from root on fileserver.superterram.org . root.superterram.org is a newer hit I got from using my c2 access on root.unity7network.com. They're running copssh as well, so I attempted to add them to c2 via FOXACID and failed when sourcing from root.unity7network.com. Tried again from fileserver.superterram.org and also failed. When I get back to my case notes, I'll attempt checking the credential set I had from the prior work with the watchmen as well as some password attacks and see if it works on either the fileserver or root nodes. edit Note: root.superterram.org and fileserver. do not seem to recognize breasetterlund as a valid user. or admin. -- Agent Seshemw
sfuzzer on wmi_superterram.org Spoiler Information on Brea Setterlund is in Silox's post Update: found password Update 2: I again overlooked something... It's "mainframe.wmi_superterram.org" not "mainframe_superterram.org"
