06-08-25, 05:46 PM
(This post was last modified: 06-08-25, 06:16 PM by ByteToBreach.)
¡Atención, atención!
Access to compromised Correos host that is used for all the network access control (OpenAm). Entity is part of the ministry of transport and telecommunications and also process a lot of payments, both national and international. Included a custom plugin File browser to avoid repetitive ls / cd commands, and another plugin that gives full RCE commands. Reverse shell possible. No encryption used, mostly basic SSHA hashes.
Exfiltrated jdb files, ldap backups, audit logs and related config files (storepass,keypass etc,boot.json).
Credentials for tomcat included, so you can deploy your own WAR's. There is also credentials for the JDBC database used by Correos, but firewall rules prevent direct communication, or so it seems.
There is also the cracked passwords of the following employees (70 cracked out of 120 so far):
*****admin:{SSHA}AIg2I0U8dQnGcmTCgYbszSRyAbOtl2egsXvyNA==:****eos2020
*arianyelis.fucci@correos.cl:{SSHA}pbrWdp/XgRx6a7LjN7PwP558gZHWH4e/cI/1/g==:***cci06
*ariateresa.gonzalez@correos.cl:{SSHA}yuZfCtGFHj1kW4WphOEnR9FcU1Be3CtLbs7ueQ==:elen****
*essica.ossandon@correos.cl:{SSHA}zx3L0MhgrF3N+P5igyPjdFR3PJr+WNbfI0FBXQ==:****s2019
*rika.zschaeck@correos.cl:{SSHA}pIt6+1KaDTDtVtqKqXCjgh03tzwG91MABhMhFQ==:*****os2023
*lauditaale227@gmail.com:{SSHA}ruBE1a/6yhuKOcUsLlU/9gnzbvkt1m9dAi4GiA==:***a1020
*erez.victor1508@gmail.com:{SSHA}1R7rK96YkW+kjS8zd68Hc9hiE6Mq6TZBLVsXjg==:***bus15
*oseriverav23@gmail.com:{SSHA}iEMH7ZF+TgdD/onuB1v8J33AQcpqiRhUZ9xY8g==:***0212#
*Karymoreau@hotmail.com:{SSHA}C/i0HdexXQsnR2WjhAps2LshZCfgNBQS9SpB8w==:***Tomi
*ristinafuenxalida@gmail.com:{SSHA}A54uUs++QA0cfMrX6W/m93FCdDs7pXfxmVJpiA==:Cristi****
*amilomella@hotmail.com:{SSHA}jt7rmYaRrLc4afrNBBIIpwN373OoO/EuqC8fQg==:***ella123$
---------------------------------------------------------------------------------------------------------------
Session: 05c2db4775cb46350f16814dfe3bfa856664f315585653e4c368af08ce50b0c31b
Signal : @ByteToBreach
Telegram : @ByteToBreach
Email : bytetobreach@tuta.com
Access to compromised Correos host that is used for all the network access control (OpenAm). Entity is part of the ministry of transport and telecommunications and also process a lot of payments, both national and international. Included a custom plugin File browser to avoid repetitive ls / cd commands, and another plugin that gives full RCE commands. Reverse shell possible. No encryption used, mostly basic SSHA hashes.
Exfiltrated jdb files, ldap backups, audit logs and related config files (storepass,keypass etc,boot.json).
Credentials for tomcat included, so you can deploy your own WAR's. There is also credentials for the JDBC database used by Correos, but firewall rules prevent direct communication, or so it seems.
There is also the cracked passwords of the following employees (70 cracked out of 120 so far):
*****admin:{SSHA}AIg2I0U8dQnGcmTCgYbszSRyAbOtl2egsXvyNA==:****eos2020
*arianyelis.fucci@correos.cl:{SSHA}pbrWdp/XgRx6a7LjN7PwP558gZHWH4e/cI/1/g==:***cci06
*ariateresa.gonzalez@correos.cl:{SSHA}yuZfCtGFHj1kW4WphOEnR9FcU1Be3CtLbs7ueQ==:elen****
*essica.ossandon@correos.cl:{SSHA}zx3L0MhgrF3N+P5igyPjdFR3PJr+WNbfI0FBXQ==:****s2019
*rika.zschaeck@correos.cl:{SSHA}pIt6+1KaDTDtVtqKqXCjgh03tzwG91MABhMhFQ==:*****os2023
*lauditaale227@gmail.com:{SSHA}ruBE1a/6yhuKOcUsLlU/9gnzbvkt1m9dAi4GiA==:***a1020
*erez.victor1508@gmail.com:{SSHA}1R7rK96YkW+kjS8zd68Hc9hiE6Mq6TZBLVsXjg==:***bus15
*oseriverav23@gmail.com:{SSHA}iEMH7ZF+TgdD/onuB1v8J33AQcpqiRhUZ9xY8g==:***0212#
*Karymoreau@hotmail.com:{SSHA}C/i0HdexXQsnR2WjhAps2LshZCfgNBQS9SpB8w==:***Tomi
*ristinafuenxalida@gmail.com:{SSHA}A54uUs++QA0cfMrX6W/m93FCdDs7pXfxmVJpiA==:Cristi****
*amilomella@hotmail.com:{SSHA}jt7rmYaRrLc4afrNBBIIpwN373OoO/EuqC8fQg==:***ella123$
---------------------------------------------------------------------------------------------------------------
Session: 05c2db4775cb46350f16814dfe3bfa856664f315585653e4c368af08ce50b0c31b
Signal : @ByteToBreach
Telegram : @ByteToBreach
Email : bytetobreach@tuta.com
