| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Apr 2011 11:29:45 +0100
From: Benji <me@...ji.com>
To: Bgr R <bgr_24423@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Florida Power & Light Company (FPL) Fort
Sumner Wind turbine Control SCADA was HACKED
so how long do you give yourself before you're in prison?
On Sat, Apr 16, 2011 at 4:22 PM, Bgr R <bgr_24423@...oo.com> wrote:
> Here comes my revenge for illegitimate firing from Florida Power & Light
> Company (FPL)
> ... ain't nothing you can do with it, since your electricity is turned
> off !!!
>
> Secure you SCADA better! Leaked files are attached ...
>
> 1) http://img838.imageshack.us/i/49986845.png/
> 2) http://img718.imageshack.us/i/24380855.png/
> 3) http://img24.imageshack.us/i/58868342.png/
> 4) http://img228.imageshack.us/i/85258364.png/
> 5) http://img163.imageshack.us/i/90736853.png/
> 6) http://img217.imageshack.us/i/55439027.png/
> 7) http://img40.imageshack.us/i/87526089.png/
> 8) http://img864.imageshack.us/i/94061747.png/
> ------------------------------------------------------------
>
> 161.154.232.65
>
> HTTP/1.0 401 Unauthorized
> Date: Sat, 05 Feb 2011 23:43:13 GMT
> Server: VTS 9.0.05
> Content-Type: text/html
> Content-Length: 622
> Cache-Control: no-cache
> WWW-Authenticate: Basic realm="Ft. Sumner SCADA"
> Cache-control: no-cache="set-cookie"
> Cache-control: private
> Set-Cookie: VTS=9.0005;Version=1;Path=/
> Set-Cookie: SessionID=0;Version=1;Path=/Ft. Sumner
> SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c3576a
> Set-Cookie:
> SessionID=0;Version=1;Path=/Ft%2e%20Sumner%20SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c..
>
> NetRange: 161.154.0.0 - 161.154.255.255
> CIDR: 161.154.0.0/16
> OriginAS:
> NetName: FPL2
> NetHandle: NET-161-154-0-0-1
> Parent: NET-161-0-0-0-0
> NetType: Direct Assignment
> RegDate: 1992-12-17
> Updated: 2008-10-10
> Ref: http://whois.arin.net/rest/net/NET-161-154-0-0-1
>
> OrgName: Florida Power & Light Company
> OrgId: FFPL-1
> Address: 700 Universe Blvd
> Address: P.O. Box 14000
> City: Juno Beach
> StateProv: FL
> PostalCode: 33408-0420
> Country: US
> RegDate: 1997-06-03
> Updated: 2007-06-29
> Ref: http://whois.arin.net/rest/org/FFPL-1
>
> OrgAbuseHandle: INFOR40-ARIN
> OrgAbuseName: Information Security
> OrgAbusePhone: +1-305-552-3727
> OrgAbuseEmail: information_security@....com
> OrgAbuseRef: http://whois.arin.net/rest/poc/INFOR40-ARIN
>
> OrgTechHandle: DHE37-ARIN
> OrgTechName: Hertzog, Dean
> OrgTechPhone: +1-305-552-4080
> OrgTechEmail: FPLNOC@....com
> OrgTechRef: http://whois.arin.net/rest/poc/DHE37-ARIN
>
> OrgNOCHandle: DHE37-ARIN
> OrgNOCName: Hertzog, Dean
> OrgNOCPhone: +1-305-552-4080
> OrgNOCEmail: FPLNOC@....com
> OrgNOCRef: http://whois.arin.net/rest/poc/DHE37-ARIN
>
>
> -------------------------------------------------------------------------------
> Configuration file from the central Cisco Router and Security Device
> Manager: 161.154.232.2 (FPL - FFPL-1)
>
> Building configuration...
>
> Current configuration : 8467 bytes
> !
> ! Last configuration change at 18:01:57 UTC Mon Oct 25 2010 by ro5810
> ! NVRAM config last updated at 18:01:59 UTC Mon Oct 25 2010 by ro5810
> !
> version 12.2
> no service pad
> service timestamps debug datetime localtime
> service timestamps log datetime localtime
> service password-encryption
> service udp-small-servers
> service tcp-small-servers
> !
> hostname cpr622i00bct
> !
> logging buffered 65000 debugging
> logging rate-limit all 10 except critical
> enable secret 5 $1$7uN5$Ok9fYku/HC/KNqWQkHoWP.
> !
> aaa new-model
> aaa authentication login default group tacacs+ enable
> aaa authentication enable default group tacacs+ enable
> aaa authorization exec default group tacacs+ none
> aaa accounting exec default start-stop group tacacs+
> aaa accounting commands 15 default start-stop group tacacs+
> !
> aaa session-id common
> ip subnet-zero
> no ip source-route
> ip routing
> !
> no ip domain-lookup
> ip host cs00noc 172.16.0.132
> ip host cs01noc 172.16.0.133
> ip host cs00noc-pub 209.215.34.12
> ip host cs01noc-pub 209.215.34.11
> ip name-server 205.152.132.23
> ip name-server 205.152.144.23
> vtp domain Core
> vtp mode transparent
> !
> mls qos
> no mpls traffic-eng auto-bw timers frequency 0
> !
> !
> no file verify auto
> spanning-tree mode pvst
> spanning-tree extend system-id
> !
> !
> !
> vlan internal allocation policy ascending
> !
> vlan 1578
> name FPL
> !
> policy-map SHAPER1
> class class-default
> shape average 250000000
> !
> !
> !
> interface FastEthernet1/0/1
> !
> interface FastEthernet1/0/2
> !
> interface FastEthernet1/0/3
> !
> interface FastEthernet1/0/4
> !
> interface FastEthernet1/0/5
> !
> interface FastEthernet1/0/6
> !
> interface FastEthernet1/0/7
> !
> interface FastEthernet1/0/8
> !
> interface FastEthernet1/0/9
> !
> interface FastEthernet1/0/10
> !
> interface FastEthernet1/0/11
> !
> interface FastEthernet1/0/12
> !
> interface FastEthernet1/0/13
> !
> interface FastEthernet1/0/14
> !
> interface FastEthernet1/0/15
> !
> interface FastEthernet1/0/16
> !
> interface FastEthernet1/0/17
> !
> interface FastEthernet1/0/18
> !
> interface FastEthernet1/0/19
> !
> interface FastEthernet1/0/20
> !
> interface FastEthernet1/0/21
> !
> interface FastEthernet1/0/22
> !
> interface FastEthernet1/0/23
> !
> interface FastEthernet1/0/24
> !
> interface GigabitEthernet1/0/1
> !
> interface GigabitEthernet1/0/2
> !
> interface GigabitEthernet1/1/1
> switchport trunk allowed vlan 1578
> switchport mode trunk
> switchport nonegotiate
> ip access-group 112 in
> service-policy output SHAPER1
> load-interval 30
> speed nonegotiate
> !
> interface GigabitEthernet1/1/2
> no switchport
> ip address 161.154.232.2 255.255.255.0
> ip access-group 115 in
> load-interval 30
> keepalive 10
> speed nonegotiate
> mls qos trust dscp
> no cdp enable
> no clns route-cache
> hold-queue 100 in
> hold-queue 100 out
> !
> interface Vlan1
> no ip address
> shutdown
> !
> interface Vlan1578
> ip address 65.14.117.30 255.255.255.252
> load-interval 30
> no clns route-cache
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 65.14.117.29
> ip route 155.109.5.0 255.255.255.0 161.154.232.1
> ip route 155.109.19.0 255.255.255.0 161.154.232.1
> ip route 155.109.29.0 255.255.255.0 161.154.232.1
> ip route 155.109.29.204 255.255.255.255 65.14.117.29
> ip route 155.109.29.214 255.255.255.255 65.14.117.29
> ip route 155.109.66.0 255.255.255.0 161.154.232.1
> ip route 155.109.88.0 255.255.255.0 161.154.232.1
> ip route 155.109.95.0 255.255.255.0 161.154.232.1
> ip route 161.154.0.0 255.255.0.0 161.154.232.1
> ip route 170.55.0.0 255.255.0.0 161.154.232.1
> ip route 204.238.236.0 255.255.255.0 161.154.232.1
> no ip http server
> ip http secure-server
> !
> !
> !
> access-list 98 permit 205.152.144.226
> access-list 98 permit 205.152.132.250
> access-list 98 permit 205.152.132.226
> access-list 98 permit 205.152.144.250
> access-list 98 permit 205.152.144.165
> access-list 98 permit 205.152.37.19
> access-list 98 permit 205.152.37.20
> access-list 98 permit 205.152.144.163
> access-list 98 permit 205.152.37.26
> access-list 98 permit 205.152.37.27
> access-list 98 permit 205.152.132.163
> access-list 98 permit 205.152.132.165
> access-list 98 permit 205.152.37.250
> access-list 98 permit 205.152.37.226
> access-list 98 permit 205.152.132.27
> access-list 98 permit 205.152.132.26
> access-list 98 permit 205.152.144.20
> access-list 98 permit 205.152.37.163
> access-list 98 permit 205.152.37.165
> access-list 98 permit 205.152.144.19
> access-list 98 permit 205.152.144.27
> access-list 98 permit 205.152.144.26
> access-list 98 permit 139.76.53.0 0.0.0.255
> access-list 98 permit 139.76.68.0 0.0.3.255
> access-list 98 permit 139.76.88.0 0.0.1.255
> access-list 98 permit 139.76.228.0 0.0.3.255
> access-list 98 permit 139.76.240.0 0.0.1.255
> access-list 98 permit 172.16.0.0 0.0.1.255
> access-list 98 permit 205.152.6.0 0.0.0.255
> access-list 98 permit 205.152.66.0 0.0.0.255
> access-list 98 permit 205.152.204.0 0.0.0.255
> access-list 99 permit 68.153.6.0 0.0.1.255
> access-list 99 permit 172.16.0.0 0.0.1.255
> access-list 99 permit 139.76.53.0 0.0.0.255
> access-list 99 permit 139.76.68.0 0.0.3.255
> access-list 99 permit 139.76.88.0 0.0.1.255
> access-list 99 permit 139.76.228.0 0.0.3.255
> access-list 99 permit 139.76.240.0 0.0.1.255
> access-list 99 permit 205.152.6.0 0.0.0.255
> access-list 111 permit ip 65.14.117.28 0.0.0.3 any
> access-list 111 permit ip 74.175.105.64 0.0.0.31 any
> access-list 111 permit ip 205.152.17.0 0.0.0.255 any
> access-list 111 permit ip 155.109.0.0 0.0.255.255 any
> access-list 111 permit ip 161.154.0.0 0.0.255.255 any
> access-list 111 permit ip 205.152.161.0 0.0.0.255 any
> access-list 111 permit ip 204.238.236.0 0.0.0.255 any
> access-list 111 permit ip 170.55.0.0 0.0.255.255 any
> access-list 112 deny ip 204.0.0.0 0.0.255.255 any
> access-list 112 deny ip 204.1.0.0 0.0.255.255 any
> access-list 112 deny ip 204.3.0.0 0.0.255.255 any
> access-list 112 deny ip 69.22.0.0 0.0.192.255 any
> access-list 112 permit ip any any
> access-list 115 deny 53 any any
> access-list 115 deny 55 any any
> access-list 115 deny 77 any any
> access-list 115 deny pim any any
> access-list 115 permit ip any any
> no cdp run
> snmp-server community Ty#Qr53b RO 98
> snmp-server community R5t3bF5c RW 98
> tacacs-server host 172.16.0.132
> tacacs-server host 209.215.34.12
> tacacs-server host 172.16.0.133
> tacacs-server host 209.215.34.11
> tacacs-server timeout 10
> tacacs-server directed-request
> tacacs-server key 7 010703174F
> !
> radius-server source-ports 1645-1646
> !
> control-plane
> !
> banner motd ^CC
> ######################################################################
> # #
> # ***PRIVATE/PROPRIETARY*** #
> # #
> # ANY UNAUTHORIZED ACCESS TO, OR MISUSE OF BELLSOUTH #
> # SYSTEMS OR DATA MAY RESULT IN CIVIL AND/OR CRIMINAL #
> # PROSECUTION, EMPLOYEE DISCIPLINE UP TO AND INCLUDING #
> # DISCHARGE, OR THE TERMINATION OF VENDOR/SERVICE CONTRACTS. #
> # #
> # BELLSOUTH MAY PERIODICALLY MONITOR AND/OR AUDIT SYSTEM #
> # ACCESS/USAGE. #
> # #
> # #
> ######################################################################
> # #
> # <VERSION TEMPLATE DATE@...E> #
> ######################################################################
> ^C
> privilege exec level 1 traceroute
> privilege exec level 1 ping
> privilege exec level 1 terminal monitor
> privilege exec level 1 terminal
> privilege exec level 1 show line
> privilege exec level 1 show snmp
> privilege exec level 1 show arp
> privilege exec level 1 show accounting
> privilege exec level 1 show service-module
> privilege exec level 1 show version
> privilege exec level 1 show reload
> privilege exec level 1 show debugging
> privilege exec level 1 show controllers
> privilege exec level 1 show users
> privilege exec level 1 show sessions
> privilege exec level 1 show access-lists
> privilege exec level 1 show privilege
> privilege exec level 1 show interfaces
> privilege exec level 1 show startup-config
> privilege exec level 1 show
> privilege exec level 1 clear line
> privilege exec level 1 clear counters
> privilege exec level 1 clear
> !
> line con 0
> exec-timeout 5 30
> password 7 070C285F4D06
> line vty 0 4
> access-class 99 in
> exec-timeout 30 0
> password 7 03075218050061
> line vty 5 15
> access-class 99 in
> exec-timeout 30 0
> password 7 03075218050061
> !
> end
>
> ----------------------------------------------------
> Fort Sumner wind turbines:
> http://www.flickr.com/photos/30325073@N02/4113855086/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists