__ __ _____ / \ / \_____ ________/ ____\____ _______ ____ \ \/\/ /\__ \\_ __ \ __\\__ \\_ __ \_/ __ \ \ / / __ \| | \/| | / __ \| | \/\ ___/ \__/\ / (____ /__| |__| (____ /__| \___ > \/ \/ \/ \/ PRESENTS THE DEMOCRATIC'S REPUBLIC OF NORTH KOREA --------------------------------------------------------------------------------- This was purely written and info gathered due to intense boredom and i have nothing against north korea as a country like those retarded americans are... This was just to challenge myself on how far i could come with gathering information on a "dictatorship" and post it public here on doxbin just for lulz. PS (Do as you please) --------------------------------------------------------------------------------- So this document all started when I was looking at an organisation with ties to north korea by the name of "Uriminzokkiri" (uriminzokkiri.com) and I got the idea of gathering information and looking at what kind of passwords north korean officials with an internet access used. I gathered some on uriminzokkiri which I'm going to provide in this document before I get to the juicy part just because it was my starting point :) PS [Uriminzokkiri is one of the official news websites of the DPRK] EMAILS PASSWD uych@uriminzokkiri.com dndudcjf chamdae@uriminzokkiri.com Qnrrmrtjd7 warm@uriminzokkiri.com xhddkr rjm615@uriminzokkiri.com ahsus rcnncr@uriminzokkiri.com 1975 rsc@uriminzokkiri.com rootroot bambooli@uriminzokkiri.com rkdmf rky@uriminzokkiri.com 1234567890 ridiok@uriminzokkiri.com mom2007 bamboo100@uriminzokkiri.com 11111 615corea@uriminzokkiri.com xhddlf forhythm@uriminzokkiri.com rhythm1 dango@uriminzokkiri.com diamond webmaster@uriminzokkiri.com ajdlfksl jonsg@uriminzokkiri.com.cn gonghu423 kimss@uriminzokkiri.com 80996277 hanminzok7@uriminzokkiri.com h80744 cholri@uriminzokkiri.com gkffyw hwhc@uriminzokkiri.com hwhcuriok uriminzokkiri@uriminzokkiri.com urimin1234 lovechin@uriminzokkiri.com iwillstudy kch@uriminzokkiri.com tiger@hgc cic2005@uriminzokkiri.com ccccccccc geng1013@uriminzokkiri.com sh9837 thswltmd@uriminzokkiri.com whrnr patriot@uriminzokkiri.com 7400 nanara914@uriminzokkiri.com vidqhd kidbear@uriminzokkiri.com qwerty123 companion@uriminzokkiri.com onlyfriend jindong4321@uriminzokkiri.com jindong432 safdh@uriminzokkiri.com 19871117 passion@uriminzokkiri.com super becoming@uriminzokkiri.com dnflskfk cskg@uriminzokkiri.com 111078 ariel@uriminzokkiri.com whgPdud hodong@uriminzokkiri.com ksi1985 serene@uriminzokkiri.com godqhr As you guys can see, most of the passwords are just gibberish and stuff, but I think some of them can be of good use and will eventually work on some of those emails provided. Now that we got that one away, we can start off with north korea itself including servers and emails including some passwords gathered :) Just to highlight it a little more, the account prk@star-co.net.kp ( DPKR official government) has a few passwords that seemed a little unique and complex as unexpected based on the previous passwords gathered on Uriminzokkiri and I'll provide them below: t5UCysuU kUCpepGE X7GqWoUk And looking futher I also figured the account prksnow@star-co.net.kp (Official hockey team) also have the same password pattern as the official government account and it looks like this: 5pyvkun And for the account ftb@star-co.net.kp and dmw@star-co.net.kp, we got these common uncomplex passwords suggesting possible nongovernment accounts (passwords in text order): 123654 energy In the information gathering besides the passwords for the accounts listed above, I gathered a lot of emails from the common north korean email provider star-co and silibank and I'll provide them below :) io520@star-co.net.kp eitc@star-co.net.kp kszait@star-co.net.kp mptird@star-co.net.kp prksport@star-co.net.kp nta@star-co.net.kp daesong@star-co.net.kp rason@star-co.net.kp dprkrailway@star-co.net.kp kittc@star-co.net.kp itab@star-co.net.kp kiyctc@star-co.net.kp ksttc@star-co.net.kp flph@star-co.net.kp silk@star-co.net.kp kkf@star-co.net.kp corp@star-co.net.kp medigroup@star-co.net.kp stamp@star-co.net.kp kcc.ngo@star-co.net.kp stardevel@star-co.net.kp kpfia@star-co.net.kp ksf@star-co.net.kp pptayang@star-co.net.kp kef@star-co.net.kp todgio@star-co.net.kp micom@star-co.net.kp wpkint@star-co.net.kp arirangip@star-co.net.kp napch@star-co.net.kp jsship@star-co.net.kp prkgym@star-co.net.kp guktodae@star-co.net.kp dprk-rc@star-co.net.kp knhpf@star-co.net.kp knhitc@star-co.net.kp bogon.moph@star-co.net.kp patc719@star-co.net.kp hospitals.org@star-co.net.kp kpmnfad@star-co.net.kp wsinvest@star-co.net.kp isbn-rh@star-co.net.kp kjia@star-co.net.kp kwang-h.kim@star-co.net.kp ext.cbs@star-co.net.kp kut_ac@star-co.net.kp kpglass@star-co.net.kp korfilm@star-co.net.kp kwa@star-co.net.kp dawn481@star-co.net.kp bcmil14@star-co.net.kp samilpo@star-co.net.kp mms@star-co.net.kp rj90128@star-co.net.kp ysc211@star-co.net.kp kmi79819@star-co.net.kp jch59611@star-co.net.kp ksh77927@star-co.net.kp cmc701120@star-co.net.kp rgs67514@star-co.net.kp ryh70824@star-co.net.kp its89114@star-co.net.kp kin62316@star-co.net.kp cgh881224@star-co.net.kp cms721015@star-co.net.kp shj7641@star-co.net.kp pyc80525@star-co.net.kp ksc77114@star-co.net.kp kdh7449@star-co.net.kp huch8272@star-co.net.kp krc771218@star-co.net.kp ksh80430@star-co.net.kp ync781213@star-co.net.kp kmc7533@star-co.net.kp cjr7548@star-co.net.kp kmc79211@star-co.net.kp kgs6673@star-co.net.kp pyi79720@star-co.net.kp rjb65522@star-co.net.kp jsg71517@star-co.net.kp jdi9031@star-co.net.kp smh76617@star-co.net.kp pmg6819@star-co.net.kp smn63312@star-co.net.kp kjy58611@star-co.net.kp kph73113@star-co.net.kp rcm661030@star-co.net.kp ydh5675@star−co.net.kp rmg66412@star-co.net.kp rogumjong@star-co.net.kp - ksca@silibank.net.kp oceanmm@silibank.net.kp haejinsm@silibank.net.kp yonmgjinsm@silibank.net.kp kiec@silibank.net.kp micom@silibank.net.kp gaca@silibank.net.kp marcom@silibank.net.kp imgc@silibank.net.kp mab@silibank.net.kp kmcig@silibank.net.kp knic.re.dept@silibank.net.kp rainbow.inter@silibank.net.kp susan@silibank.net.kp zincpy@silibank.net.kp moaecd@silibank.net.kp kmla@silibank.net.kp unha@silibank.net.kp ryonha@silibank.net.kp kitc-1@silibank.net.kp aas1948@silibank.net.kp samhae@silibank.net.kp polestar.ins@silibank.net.kp future@futurere.com.kp Besides emails and passwords, I also had my scope on the network as well as various of domains hosted on their netranges being: 175.45.179.0 - 175.45.179.255 175.45.176.0 - 175.45.176.255 175.45.178.0 - 175.45.178.255 But after scanning for open port on these netranges like a normal person would do, I actually found a few websites and stuff hosted on these netranges that caught my attention and what I mainly was scoping for was smtp in order to try getting access to one of the accounts with a dict attack which was also an idea I got after gathering those government credentials. Trying to find servers to try login to, I decided to scope my scanner on smtp :) 175.45.178.57 smtp.star-co.net.kp 175.45.178.56 smtp1.star-co.net.kp 175.45.176.21 mail1.silibank.net.kp 175.45.176.21 mail1.futurere.com.kp Speaking of scanning, I stumbled across something interesting as a cisco router and after playing around with it and looking for information on the switch, I also figured that it's vulnerable to a cve that I took advantage of which I will document further below the information I will provide on the switch and here is what I found: 175.45.178.161: cisco WS-C3560V2-48TS (PowerPC405) processor (revision K0) with 131072K bytes of memory. Processor board ID FDO1448Y0PN Last reset from power-on 5 Virtual Ethernet interfaces 48 FastEthernet interfaces 4 Gigabit Ethernet interfaces The password-recovery mechanism is enabled. 512K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : 10:8C:CF:7C:3C:00 Motherboard assembly number : 73-12632-01 Power supply part number : 341-0328-02 Motherboard serial number : FDO14480W25 Power supply serial number : DCA1445M397 Model revision number : K0 Motherboard revision number : A0 Model number : WS-C3560V2-48TS-S System serial number : FDO1448Y0PN Top Assembly Part Number : 800-33165-01 Top Assembly Revision Number : A0 Version ID : V05 CLEI Code Number : COMP110ARB Hardware Board Revision Number : 0x01 Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 52 WS-C3560V2-48TS 12.2(58)SE2 C3560-IPSERVICESK9-M FAN is OK SYSTEM TEMPERATURE is OK System Temperature Value: 46 Degree Celsius System Temperature State: GREEN Yellow Threshold : 66 Degree Celsius Red Threshold : 76 Degree Celsius SW PID Serial# Status Sys Pwr PoE Pwr Watts --- ------------------ ---------- --------------- ------- ------- ----- 1 Built-in Good SW Status RPS Name RPS Serial# RPS Port# -- ------------- ---------------- ----------- --------- 1 <> <> Directory of flash:/ 2 -rwx 1576 Mar 1 1993 00:19:03 +00:00 vlan.dat 3 -rwx 5439 Mar 2 1993 00:26:27 +00:00 config.old 4 -rwx 15965969 Mar 1 1993 00:06:17 +00:00 c3560-ipservicesk9-mz.122-58.SE2.bin 5 -rwx 57 Mar 1 1993 01:58:20 +00:00 express_setup.debug 6 -rwx 3893 Mar 1 1993 03:30:01 +00:00 configtext 7 drwx 512 Mar 1 1993 00:04:32 +00:00 c3560-ipbasek9-mz.122-50.SE1 398 -rwx 3697 Mar 1 1993 00:01:11 +00:00 config 428 -rwx 3096 Mar 1 1993 00:01:12 +00:00 multiple-fs 399 drwx 1024 Apr 10 1993 06:47:11 +00:00 crashinfo_ext 412 -rwx 1913 Mar 1 1993 00:01:12 +00:00 private-config.text 414 drwx 1024 Mar 1 1993 00:00:10 +00:00 crashinfo 427 -rwx 5259 Mar 1 1993 00:01:12 +00:00 config.text 27998208 bytes total (7085056 bytes free) And speaking of the CVE based on this switch being CVE-2017-3881 I was allowed to take it down for a few minutes by using a script exploiting that CVE and the results were as following: PING 175.45.178.161 (175.45.178.161) 56(84) bytes of data. 64 bytes from 175.45.178.161: icmp_seq=1 ttl=244 time=215 ms 64 bytes from 175.45.178.161: icmp_seq=2 ttl=244 time=207 ms 64 bytes from 175.45.178.161: icmp_seq=3 ttl=244 time=205 ms 64 bytes from 175.45.178.161: icmp_seq=4 ttl=244 time=203 ms 64 bytes from 175.45.178.161: icmp_seq=5 ttl=244 time=3649 ms 64 bytes from 175.45.178.161: icmp_seq=6 ttl=244 time=2619 ms 64 bytes from 175.45.178.161: icmp_seq=7 ttl=244 time=1598 ms 64 bytes from 175.45.178.161: icmp_seq=8 ttl=244 time=580 ms 64 bytes from 175.45.178.161: icmp_seq=9 ttl=244 time=207 ms * 64 bytes from 175.45.178.161: icmp_seq=141 ttl=244 time=203 ms 64 bytes from 175.45.178.161: icmp_seq=142 ttl=244 time=216 ms 64 bytes from 175.45.178.161: icmp_seq=143 ttl=244 time=203 ms We can clearly see where the exploit was executed as the spike got drastically large due to the software receiving a crash and after the 9th ping the service was unresponsive for a good minute and a half. In terms of NX records and such I'll going to provide a full on list of records gathered and sites below those records: 175.45.176.8 175.45.176.9 ns1.rodong.rep.kp ns2.rodong.rep.kp ns1.vok.rep.kp ns2.vok.rep.kp ns1.korelcfund.org.kp ns2.korelcfund.org.kp ns1.koredufund.org.kp ns2.koredufund.org.kp ns1.sdprk.org.kp ns2.sdprk.org.kp ns1.cooks.org.kp ns2.cooks.org.kp ns1.star-di.net.kp ns2.star-di.net.kp ns1.star-co.net.kp ns2.star-co.net.kp ns1.star.net.kp ns2.star.net.kp ns1.silibank.net.kp ns2.silibank.net.kp ns1.rcc.net.kp ns2.rcc.net.kp ns1.portal.net.kp ns2.portal.net.kp ns1.nta.gov.kp ns2.nta.gov.kp ns1.ma.gov.kp ns2.ma.gov.kp ns1.ryongnamsan.edu.kp ns2.ryongnamsan.edu.kp ns1.airkoryo.com.kp ns2.airkoryo.com.kp ns1.friend.com.kp ns2.friend.com.kp ns1.kiyctc.com.kp ns2.kiyctc.com.kp ns1.knic.com.kp ns2.knic.com.kp ns1.korfilm.com.kp ns2.korfilm.com.kp ns1.masikryong.com.kp ns2.masikryong.com.kp ns1.naenara.com.kp ns2.naenara.com.kp ns1.kcna.kp ns2.kcna.kp 175.45.176.15 175.45.176.16 ns1.com.kp ns2.com.kp ns1.org.kp ns2.org.kp ns1.net.kp ns2.net.kp ns1.gov.kp ns2.gov.kp ns1.edu.kp ns2.edu.kp ns1.com.kp ns2.com.kp ns1.co.kp ns2.co.kp ns1.star.co.kp ns2.star.co.kp ns1.kptc.kp ns2.kptc.kp ns1.rep.kp ns2.rep.kp 175.45.176.75 175.45.176.67 star.net.kp sdprk.org.kp vok.rep.kp naenara.com.kp cooks.org.kp tourismdprk.gov.kp korstamp.com.kp pyongyangtimes.com.kp futurere.com.kp korean-books.com.kp moph.gov.kp mirae.aca.kp minzu.rep.kp youth.rep.kp manmulsang.com.kp 175.45.176.68 175.45.176.69 rodong.rep.kp airkoryo.com.kp 175.45.176.71 175.45.176.73 kcna.kp gnu.rep.kp 175.45.176.76 175.45.176.77 ma.gov.kp cooks.org.kp masikryong.com.kp 175.45.176.79 175.45.176.80 ryongnamsan.edu.kp mediaryugyong.com.kp dprkportal.kp 175.45.176.81 175.45.176.83 fia.law.kp gnu.rep.kp korelcfund.org.kp koredufund.org.kp kiyctc.com.kp friend.com.kp kftrade.com.kp ryomyong.edu.kp 175.45.176.91      175.45.178.170 fia.law.kp portal.net.kp korfilm.com.kp knic.com.kp kass.org.kp kut.edu.kp gpsh.edu.kp korart.sca.kp Insurance companies and stuff http://www.naenara.com.kp/sites/samhae/ http://naenara.com.kp/sites/polestar/ http://www.naenara.com.kp/sites/rainbow/ http://naenara.com.kp/sites/refuture/ http://www.naenara.com.kp/sites/kkf/ So for the instance, I was also able to gather information on workers from the DPRK and I'll provide them below and I can safely say that this might be the first time someone has "doxed" citizens of the DPKR LOL! Country code is "+850" if you're thinking of actually trying to call these LOL Name, Organization, Speciality, Fax, Telephone, Email Kim Yong Pho, The Academy of Science, Electrical, (850 2) 3812100, 3818544 Sin Hyon Son, The Academy of Science, Hydraulic, (850 2) 3812100, 3818544 Kim Jong Gwan, Technical & Economic Institute for Energy Kim Chol, Technical & Economic Institute for Energy, 44038 Kim Chang Gyun, Institute of Electricity, State Academy of Science Y.J. Yang, Hydraulic Engineering Institute, Hydro, 00850 951 221006, 221358 Yong Nam Li, Non-Conventional Energy Development Center, Control, 00850 951 221006, 221358 Mun Hak Chun, Kim Chaek Technical University, Hydro-mechanical, 00850 2 3814537, 3816025 Kim Jong Won, Da An Heavy Machine Design Enterprise, Hydro-generator, 00850 39 6024, 6025 Kim Chol, Technical & Economic Institute for Energy Kim Yong Son, Energy, Science and Technical Department of Academic Science, Power Automatic, +850 2 3812100, +850 4225050 Song Sung Un, Electrical Institute of Academic Science, Electrical, +850 2 3812100, +850 4225179 Kyong Hak Choe, Academy of Sciences, Hydraulic turbine, +850 2 3812100, +850 2 3818544 Hye Song Kim, Academy of Sciences, Civil, +850 2 3812100, +850 2 3818544 Song Song Un, Electrical Engineering Institute of Academy of Science Unjong District,Kwahak 1-Dong.Pyongyang Electrical Machines researching room, Electrical, +850 2 3814410, 18111, 52y12m10@co.chesin.com Han Tok Su, Hydraulic Engineering Institute of Academy of ScienceHyu am Dong.Sa dong District.Pyongyang city, Hydraulic, +850 2 3814410, 18111, 52y12m10@co.chesin.com Kim Hye Song, The Non-conventional Energy Development Centre, Solar & Hydropower, 00850 2 3814416, 00852 2 3818025 Choe Su Min, Ministry of Machine Industry, Hydrology, 00850 2 3814495, 00850 2 3818102 Paek Hyok Chol, Electrical Equipment Modernization Center, Academy of Science, Electrical, +8502 381 2100/4400, +850 381 1811 ext. 381 8544 Ri Kyong Han, Hydraulic Research Institute, Academy of Science, Mechanical, +8502 381 2100/4400, +850 381 1811 ext. 381 8544 Hyok Pak, Electrical Equipment Modernization Center, Electrical Equipment, (850)23812100, (850)23818544, pptayang@co.chesin.com Ryong Nam Kim, The State Academy of Science, Pyongyang, D.P.R.Korean, Hydraulic Structures, (850)23812100, (850)23818544, pptayang@co.chesin.com Sok Chol Kim, Electrical Engineering Institute, Electric Machine, (850)23814410, (850)218111 Chol Hak Ri, Power and Remote Control Institute, Power, (850)23814410, (850)218111 O, Mun Hwan, Hydraulic Engineering Institute, the National Academic Science, D.P.R of Korea, Hydraulic, (850)23814410, (850)218111, (ext)3818544, PPTA yong@co.chesin.com Ri Ryong Sam, Hydraulic Engineering Institute, the National Academic Science, D.P.R of Korea, Hydraulic, (850)23814410, (850)218111, (ext)3818544, PPTA yong@co.chesin.com Kun Ho Om, Electric Institute, Researcher, 00850 2 3812100, 00850 2 18111 Ext 381 8544, pptayang@co.chesin.com Tong Nam Kim, Hydraulic Research Institute, Researcher, 00850 2 3812100, 00850 2 18111 Ext 381 8544, pptayang@co.chesin.com Ri Young Jin, Hydraulic Engineering Research Institute, the State Academy, Hydraulic turbine, 00655 0232 Ro Song Chol, Electro-power Industry Institute, Hydrology, 00621 5314 Mun Thae Sin, The Research Institute of Electrical Power Industry, Electrical, 008502381200ICC429, 00850218111ext.3818498 Yong Jin Ri, Ministry of Electric Power Industry, Electrical, 00850238/2100, 0085021/8111ext.38/8498 Ri Kyong Han, Hydraulic Research Institute(HRI), State Academy of Sciences Hydro-Machine, +850-218111 ext, 341-8544, arirangip@star-co.net.kp Song Hak Chol, Institute of Earth Environment Informatics(IEEI), State Academy of Sciences Hydrology, +850-23432100, +850-23434410, +850-218111 ext, 341-8544, arirangip@star-co.net.kp Ri Mun Hui, Institute of Hydraulic Research- State Academy of Science, +850 21 8111, ext. 341-8544, arirangip@star-co.net.kp Jo Kuk Chol, Institute of Hydraulic Research- State Academy of Science, +850 21 8111, ext. 341-8544, arirang@star-co.net.kp --------------------------------------------------------------------------------- Now that I've provided a lot of information I'm sure no one else has ever come across besides looking at shitty pastes of basic sites known to most, I'm going to end it here. The conclusion to all of this is that I've realised people who makes pastes of basic information on the DPKR most likely has an iq below room temperature and can't properly gather information on a very basic country. I find it rather sad and all this took me a day to find.... Now, do as you please with this information -Warfare