so how long do you give yourself before you're in prison? On Sat, Apr 16, 2011 at 4:22 PM, Bgr R <[email protected]> wrote:
> Here comes my revenge for illegitimate firing from Florida Power & Light > Company (FPL) > ... ain't nothing you can do with it, since your electricity is turned > off !!! > > Secure you SCADA better! Leaked files are attached ... > > 1) http://img838.imageshack.us/i/49986845.png/ > 2) http://img718.imageshack.us/i/24380855.png/ > 3) http://img24.imageshack.us/i/58868342.png/ > 4) http://img228.imageshack.us/i/85258364.png/ > 5) http://img163.imageshack.us/i/90736853.png/ > 6) http://img217.imageshack.us/i/55439027.png/ > 7) http://img40.imageshack.us/i/87526089.png/ > 8) http://img864.imageshack.us/i/94061747.png/ > ------------------------------------------------------------ > > 161.154.232.65 > > HTTP/1.0 401 Unauthorized > Date: Sat, 05 Feb 2011 23:43:13 GMT > Server: VTS 9.0.05 > Content-Type: text/html > Content-Length: 622 > Cache-Control: no-cache > WWW-Authenticate: Basic realm="Ft. Sumner SCADA" > Cache-control: no-cache="set-cookie" > Cache-control: private > Set-Cookie: VTS=9.0005;Version=1;Path=/ > Set-Cookie: SessionID=0;Version=1;Path=/Ft. Sumner > SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c3576a > Set-Cookie: > SessionID=0;Version=1;Path=/Ft%2e%20Sumner%20SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c.. > > NetRange: 161.154.0.0 - 161.154.255.255 > CIDR: 161.154.0.0/16 > OriginAS: > NetName: FPL2 > NetHandle: NET-161-154-0-0-1 > Parent: NET-161-0-0-0-0 > NetType: Direct Assignment > RegDate: 1992-12-17 > Updated: 2008-10-10 > Ref: http://whois.arin.net/rest/net/NET-161-154-0-0-1 > > OrgName: Florida Power & Light Company > OrgId: FFPL-1 > Address: 700 Universe Blvd > Address: P.O. Box 14000 > City: Juno Beach > StateProv: FL > PostalCode: 33408-0420 > Country: US > RegDate: 1997-06-03 > Updated: 2007-06-29 > Ref: http://whois.arin.net/rest/org/FFPL-1 > > OrgAbuseHandle: INFOR40-ARIN > OrgAbuseName: Information Security > OrgAbusePhone: +1-305-552-3727 > OrgAbuseEmail: [email protected] > OrgAbuseRef: http://whois.arin.net/rest/poc/INFOR40-ARIN > > OrgTechHandle: DHE37-ARIN > OrgTechName: Hertzog, Dean > OrgTechPhone: +1-305-552-4080 > OrgTechEmail: [email protected] > OrgTechRef: http://whois.arin.net/rest/poc/DHE37-ARIN > > OrgNOCHandle: DHE37-ARIN > OrgNOCName: Hertzog, Dean > OrgNOCPhone: +1-305-552-4080 > OrgNOCEmail: [email protected] > OrgNOCRef: http://whois.arin.net/rest/poc/DHE37-ARIN > > > ------------------------------------------------------------------------------- > Configuration file from the central Cisco Router and Security Device > Manager: 161.154.232.2 (FPL - FFPL-1) > > Building configuration... > > Current configuration : 8467 bytes > ! > ! Last configuration change at 18:01:57 UTC Mon Oct 25 2010 by ro5810 > ! NVRAM config last updated at 18:01:59 UTC Mon Oct 25 2010 by ro5810 > ! > version 12.2 > no service pad > service timestamps debug datetime localtime > service timestamps log datetime localtime > service password-encryption > service udp-small-servers > service tcp-small-servers > ! > hostname cpr622i00bct > ! > logging buffered 65000 debugging > logging rate-limit all 10 except critical > enable secret 5 $1$7uN5$Ok9fYku/HC/KNqWQkHoWP. > ! > aaa new-model > aaa authentication login default group tacacs+ enable > aaa authentication enable default group tacacs+ enable > aaa authorization exec default group tacacs+ none > aaa accounting exec default start-stop group tacacs+ > aaa accounting commands 15 default start-stop group tacacs+ > ! > aaa session-id common > ip subnet-zero > no ip source-route > ip routing > ! > no ip domain-lookup > ip host cs00noc 172.16.0.132 > ip host cs01noc 172.16.0.133 > ip host cs00noc-pub 209.215.34.12 > ip host cs01noc-pub 209.215.34.11 > ip name-server 205.152.132.23 > ip name-server 205.152.144.23 > vtp domain Core > vtp mode transparent > ! > mls qos > no mpls traffic-eng auto-bw timers frequency 0 > ! > ! > no file verify auto > spanning-tree mode pvst > spanning-tree extend system-id > ! > ! > ! > vlan internal allocation policy ascending > ! > vlan 1578 > name FPL > ! > policy-map SHAPER1 > class class-default > shape average 250000000 > ! > ! > ! > interface FastEthernet1/0/1 > ! > interface FastEthernet1/0/2 > ! > interface FastEthernet1/0/3 > ! > interface FastEthernet1/0/4 > ! > interface FastEthernet1/0/5 > ! > interface FastEthernet1/0/6 > ! > interface FastEthernet1/0/7 > ! > interface FastEthernet1/0/8 > ! > interface FastEthernet1/0/9 > ! > interface FastEthernet1/0/10 > ! > interface FastEthernet1/0/11 > ! > interface FastEthernet1/0/12 > ! > interface FastEthernet1/0/13 > ! > interface FastEthernet1/0/14 > ! > interface FastEthernet1/0/15 > ! > interface FastEthernet1/0/16 > ! > interface FastEthernet1/0/17 > ! > interface FastEthernet1/0/18 > ! > interface FastEthernet1/0/19 > ! > interface FastEthernet1/0/20 > ! > interface FastEthernet1/0/21 > ! > interface FastEthernet1/0/22 > ! > interface FastEthernet1/0/23 > ! > interface FastEthernet1/0/24 > ! > interface GigabitEthernet1/0/1 > ! > interface GigabitEthernet1/0/2 > ! > interface GigabitEthernet1/1/1 > switchport trunk allowed vlan 1578 > switchport mode trunk > switchport nonegotiate > ip access-group 112 in > service-policy output SHAPER1 > load-interval 30 > speed nonegotiate > ! > interface GigabitEthernet1/1/2 > no switchport > ip address 161.154.232.2 255.255.255.0 > ip access-group 115 in > load-interval 30 > keepalive 10 > speed nonegotiate > mls qos trust dscp > no cdp enable > no clns route-cache > hold-queue 100 in > hold-queue 100 out > ! > interface Vlan1 > no ip address > shutdown > ! > interface Vlan1578 > ip address 65.14.117.30 255.255.255.252 > load-interval 30 > no clns route-cache > ! > ip classless > ip route 0.0.0.0 0.0.0.0 65.14.117.29 > ip route 155.109.5.0 255.255.255.0 161.154.232.1 > ip route 155.109.19.0 255.255.255.0 161.154.232.1 > ip route 155.109.29.0 255.255.255.0 161.154.232.1 > ip route 155.109.29.204 255.255.255.255 65.14.117.29 > ip route 155.109.29.214 255.255.255.255 65.14.117.29 > ip route 155.109.66.0 255.255.255.0 161.154.232.1 > ip route 155.109.88.0 255.255.255.0 161.154.232.1 > ip route 155.109.95.0 255.255.255.0 161.154.232.1 > ip route 161.154.0.0 255.255.0.0 161.154.232.1 > ip route 170.55.0.0 255.255.0.0 161.154.232.1 > ip route 204.238.236.0 255.255.255.0 161.154.232.1 > no ip http server > ip http secure-server > ! > ! > ! > access-list 98 permit 205.152.144.226 > access-list 98 permit 205.152.132.250 > access-list 98 permit 205.152.132.226 > access-list 98 permit 205.152.144.250 > access-list 98 permit 205.152.144.165 > access-list 98 permit 205.152.37.19 > access-list 98 permit 205.152.37.20 > access-list 98 permit 205.152.144.163 > access-list 98 permit 205.152.37.26 > access-list 98 permit 205.152.37.27 > access-list 98 permit 205.152.132.163 > access-list 98 permit 205.152.132.165 > access-list 98 permit 205.152.37.250 > access-list 98 permit 205.152.37.226 > access-list 98 permit 205.152.132.27 > access-list 98 permit 205.152.132.26 > access-list 98 permit 205.152.144.20 > access-list 98 permit 205.152.37.163 > access-list 98 permit 205.152.37.165 > access-list 98 permit 205.152.144.19 > access-list 98 permit 205.152.144.27 > access-list 98 permit 205.152.144.26 > access-list 98 permit 139.76.53.0 0.0.0.255 > access-list 98 permit 139.76.68.0 0.0.3.255 > access-list 98 permit 139.76.88.0 0.0.1.255 > access-list 98 permit 139.76.228.0 0.0.3.255 > access-list 98 permit 139.76.240.0 0.0.1.255 > access-list 98 permit 172.16.0.0 0.0.1.255 > access-list 98 permit 205.152.6.0 0.0.0.255 > access-list 98 permit 205.152.66.0 0.0.0.255 > access-list 98 permit 205.152.204.0 0.0.0.255 > access-list 99 permit 68.153.6.0 0.0.1.255 > access-list 99 permit 172.16.0.0 0.0.1.255 > access-list 99 permit 139.76.53.0 0.0.0.255 > access-list 99 permit 139.76.68.0 0.0.3.255 > access-list 99 permit 139.76.88.0 0.0.1.255 > access-list 99 permit 139.76.228.0 0.0.3.255 > access-list 99 permit 139.76.240.0 0.0.1.255 > access-list 99 permit 205.152.6.0 0.0.0.255 > access-list 111 permit ip 65.14.117.28 0.0.0.3 any > access-list 111 permit ip 74.175.105.64 0.0.0.31 any > access-list 111 permit ip 205.152.17.0 0.0.0.255 any > access-list 111 permit ip 155.109.0.0 0.0.255.255 any > access-list 111 permit ip 161.154.0.0 0.0.255.255 any > access-list 111 permit ip 205.152.161.0 0.0.0.255 any > access-list 111 permit ip 204.238.236.0 0.0.0.255 any > access-list 111 permit ip 170.55.0.0 0.0.255.255 any > access-list 112 deny ip 204.0.0.0 0.0.255.255 any > access-list 112 deny ip 204.1.0.0 0.0.255.255 any > access-list 112 deny ip 204.3.0.0 0.0.255.255 any > access-list 112 deny ip 69.22.0.0 0.0.192.255 any > access-list 112 permit ip any any > access-list 115 deny 53 any any > access-list 115 deny 55 any any > access-list 115 deny 77 any any > access-list 115 deny pim any any > access-list 115 permit ip any any > no cdp run > snmp-server community Ty#Qr53b RO 98 > snmp-server community R5t3bF5c RW 98 > tacacs-server host 172.16.0.132 > tacacs-server host 209.215.34.12 > tacacs-server host 172.16.0.133 > tacacs-server host 209.215.34.11 > tacacs-server timeout 10 > tacacs-server directed-request > tacacs-server key 7 010703174F > ! > radius-server source-ports 1645-1646 > ! > control-plane > ! > banner motd ^CC > ###################################################################### > # # > # ***PRIVATE/PROPRIETARY*** # > # # > # ANY UNAUTHORIZED ACCESS TO, OR MISUSE OF BELLSOUTH # > # SYSTEMS OR DATA MAY RESULT IN CIVIL AND/OR CRIMINAL # > # PROSECUTION, EMPLOYEE DISCIPLINE UP TO AND INCLUDING # > # DISCHARGE, OR THE TERMINATION OF VENDOR/SERVICE CONTRACTS. # > # # > # BELLSOUTH MAY PERIODICALLY MONITOR AND/OR AUDIT SYSTEM # > # ACCESS/USAGE. # > # # > # # > ###################################################################### > # # > # <VERSION TEMPLATE DATE@TIME> # > ###################################################################### > ^C > privilege exec level 1 traceroute > privilege exec level 1 ping > privilege exec level 1 terminal monitor > privilege exec level 1 terminal > privilege exec level 1 show line > privilege exec level 1 show snmp > privilege exec level 1 show arp > privilege exec level 1 show accounting > privilege exec level 1 show service-module > privilege exec level 1 show version > privilege exec level 1 show reload > privilege exec level 1 show debugging > privilege exec level 1 show controllers > privilege exec level 1 show users > privilege exec level 1 show sessions > privilege exec level 1 show access-lists > privilege exec level 1 show privilege > privilege exec level 1 show interfaces > privilege exec level 1 show startup-config > privilege exec level 1 show > privilege exec level 1 clear line > privilege exec level 1 clear counters > privilege exec level 1 clear > ! > line con 0 > exec-timeout 5 30 > password 7 070C285F4D06 > line vty 0 4 > access-class 99 in > exec-timeout 30 0 > password 7 03075218050061 > line vty 5 15 > access-class 99 in > exec-timeout 30 0 > password 7 03075218050061 > ! > end > > ---------------------------------------------------- > Fort Sumner wind turbines: > http://www.flickr.com/photos/30325073@N02/4113855086/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
