[ExKase20]

A new leak from a Peruvian government website. This time it is the website of the regional government of Ica, which has multiple vulnerabilities. You can tell that those in charge of developing the website either don't put any effort into it or seem to want their site to be hacked anyway. Anyway, this is my humble contribution.

Access for administrative users themselves

(1,'US','Administrador','Xwindows152410%',1,'Administrador del Aplicativo, Generalmente el Area de Tesorería'),(6,'US','alengua','LenguaA10.',0,'Área de Tesorería'),(7,'US','cquispe','QuispeC15.',0,'Área de Contabilidad'),(8,'US','hdiazh','DiazH20.',0,'Área de Tesorería'),(9,'US','abautista','BautistaA9.',0,'Área de Contabilidad'),(10,'US','OCI','%onstalar77%',0,'Órgano de Control Institucional'),(11,'US','rvillagomez','VillaR25%-',0,'Área de Tesorería'),(12,'US','cyeren','Y3REn934%.',1,''),(13,'US','gradministracion','OPE-IMPORTA30',0,''),(14,'US','lromero','VanVAN789.',0,'');

Information about payments

CREATE TABLE `ica_provincia` (
  `idbeneficiario` mediumint(9) NOT NULL,
  `demandante` varchar(95) NOT NULL,
  `tipodoc` varchar(20) NOT NULL,
  `numerodoc` varchar(11) NOT NULL,
  `montotal` varchar(14) NOT NULL,
  `pagocuenta` varchar(14) NOT NULL,
  `saldopagar` varchar(14) NOT NULL,
  `codappreg` varchar(8) NOT NULL,
  UNIQUE KEY `idbeneficiario` (`idbeneficiario`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
(1,'VASQUEZ DIAZ, SABINO FORTUNATO','DNI','21413258','3,303.48','3,303.48','0.00','240422'),(2,'JUAN GABRIEL BELLIDO ARCELLES','RUC','10066416653','735,781.52','312,953.46','422,828.06','286631'),(3,'SUAREZ VILLAGOMEZ, EDDY JOHN','DNI','21577019','25,084.60','25,084.60','0.00','691023'),(4,'ESPINOZA CHAVEZ, MARTIN','DNI','22188811','21,256.18','21,256.17','0.01','691523'),(5,'CASTRO CONTRATISTAS INGENIEROS S.A.C.','RUC','20508425504','30,000.00','0.00','30,000.00','722049'),(6,'PRIMA AFP S.A.','RUC','20511039815','617,736.40','279,477.46','338,258.94','784168'),(7,'SERVICIO NACIONAL DE CAPACITACION PARA LA INDUSTRIA DE LA CONSTRUCCION SENCICO RPTAD','RUC','20131377810','6,518.33','6,518.32','0.01','784177'),(8,'ESTACION DE SERVICIOS EL PACIFICO S.R.L.','RUC','20367707594','126,214.95','126,214.94','0.01','798374'),(9,'BERNALES BAUMGARTNER, MARIA PIA VALENTINA','DNI','21464132','98,702.44','0.00','98,702.44','839474'),(10,'AGUADO MOQUILLAZA, NESTOR WILFREDO','DNI','21450756','2,913.02','2,913.02','0.00','22075...

Information of all users.

(547,'RE','41318937','JORGE MANUEL','LIMAZCA','TRUJILLO','960738430','jlimazca@gmail.com','040302','AV SEBASTIAN BARRANCA S/N','04','0403','TC1'),(548,'RE','71011903','WILLIAN','HANCCO','JARATA','928269979','willian.hancco@upsjb.edu.pe','110112','URB.LA FLORIDA','11','1101','TC1'),(549,'RE','25777984','JOSE ANTONIO','ZAVALA','HUAMBACHANO','972413277','jantoniozavala@gmail.com','150110','CALLE BERNARDO MONTEAGUDO 200, CONDOMINIO LOS NOGALES. COMAS','15','1501','TC1'),(550,'RE','21865541','JESÚS MANUEL','HUAMAN','DE LA CRUZ','986662733','Jechumanuel1972@gmail.com','110208','ANEXO SAN JERÓNIMO DE ALMACÉN','11','1102','TC1'),(551,'RE','71562516','FLORANGEL XIMENA','CAMARGO','PIÑAN','943652039','camargo.fx@pucp.edu.pe','150104','JR. 2  DE MAYO 237','15','1501','TC1'),(552,'RE','09617992','MANUEL','ECHANDIA','MORENO','989067242','comercial@indeconsult.pe','150101','JR. MONTEROSA NRO. 233 INT. 507 URB. CHACARILLA DEL ESTANQUE','15','1501','TC2'),(553,'RE','45404079','YISELA MARINA','RODRIGUEZ','MOGROVEJO','972074595','yiselarodriguezm@gmail.com','110211','UPIS VILMA LEON MZ J LOTE 25 - PLAZA DE ARMAS','11','1102','TC2') ...

For all the damn snitches who said these were old hacks, you're very wrong... Sincerely, ExKase20 
Part1 db -> Catbox
Part1 db -> qu.ax

[diegowinchester]

A new leak from a Peruvian government website. This time it is the website of the regional government of Ica, which has multiple vulnerabilities. You can tell that those in charge of developing the website either don't put any effort into it or seem to want their site to be hacked anyway. Anyway, this is my humble contribution.

Access for administrative users themselves

(1,'US','Administrador','Xwindows152410%',1,'Administrador del Aplicativo, Generalmente el Area de Tesorería'),(6,'US','alengua','LenguaA10.',0,'Área de Tesorería'),(7,'US','cquispe','QuispeC15.',0,'Área de Contabilidad'),(8,'US','hdiazh','DiazH20.',0,'Área de Tesorería'),(9,'US','abautista','BautistaA9.',0,'Área de Contabilidad'),(10,'US','OCI','%onstalar77%',0,'Órgano de Control Institucional'),(11,'US','rvillagomez','VillaR25%-',0,'Área de Tesorería'),(12,'US','cyeren','Y3REn934%.',1,''),(13,'US','gradministracion','OPE-IMPORTA30',0,''),(14,'US','lromero','VanVAN789.',0,'');

Information about payments

CREATE TABLE `ica_provincia` (
  `idbeneficiario` mediumint(9) NOT NULL,
  `demandante` varchar(95) NOT NULL,
  `tipodoc` varchar(20) NOT NULL,
  `numerodoc` varchar(11) NOT NULL,
  `montotal` varchar(14) NOT NULL,
  `pagocuenta` varchar(14) NOT NULL,
  `saldopagar` varchar(14) NOT NULL,
  `codappreg` varchar(8) NOT NULL,
  UNIQUE KEY `idbeneficiario` (`idbeneficiario`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
(1,'VASQUEZ DIAZ, SABINO FORTUNATO','DNI','21413258','3,303.48','3,303.48','0.00','240422'),(2,'JUAN GABRIEL BELLIDO ARCELLES','RUC','10066416653','735,781.52','312,953.46','422,828.06','286631'),(3,'SUAREZ VILLAGOMEZ, EDDY JOHN','DNI','21577019','25,084.60','25,084.60','0.00','691023'),(4,'ESPINOZA CHAVEZ, MARTIN','DNI','22188811','21,256.18','21,256.17','0.01','691523'),(5,'CASTRO CONTRATISTAS INGENIEROS S.A.C.','RUC','20508425504','30,000.00','0.00','30,000.00','722049'),(6,'PRIMA AFP S.A.','RUC','20511039815','617,736.40','279,477.46','338,258.94','784168'),(7,'SERVICIO NACIONAL DE CAPACITACION PARA LA INDUSTRIA DE LA CONSTRUCCION SENCICO RPTAD','RUC','20131377810','6,518.33','6,518.32','0.01','784177'),(8,'ESTACION DE SERVICIOS EL PACIFICO S.R.L.','RUC','20367707594','126,214.95','126,214.94','0.01','798374'),(9,'BERNALES BAUMGARTNER, MARIA PIA VALENTINA','DNI','21464132','98,702.44','0.00','98,702.44','839474'),(10,'AGUADO MOQUILLAZA, NESTOR WILFREDO','DNI','21450756','2,913.02','2,913.02','0.00','22075...

Information of all users.

(547,'RE','41318937','JORGE MANUEL','LIMAZCA','TRUJILLO','960738430','jlimazca@gmail.com','040302','AV SEBASTIAN BARRANCA S/N','04','0403','TC1'),(548,'RE','71011903','WILLIAN','HANCCO','JARATA','928269979','willian.hancco@upsjb.edu.pe','110112','URB.LA FLORIDA','11','1101','TC1'),(549,'RE','25777984','JOSE ANTONIO','ZAVALA','HUAMBACHANO','972413277','jantoniozavala@gmail.com','150110','CALLE BERNARDO MONTEAGUDO 200, CONDOMINIO LOS NOGALES. COMAS','15','1501','TC1'),(550,'RE','21865541','JESÚS MANUEL','HUAMAN','DE LA CRUZ','986662733','Jechumanuel1972@gmail.com','110208','ANEXO SAN JERÓNIMO DE ALMACÉN','11','1102','TC1'),(551,'RE','71562516','FLORANGEL XIMENA','CAMARGO','PIÑAN','943652039','camargo.fx@pucp.edu.pe','150104','JR. 2  DE MAYO 237','15','1501','TC1'),(552,'RE','09617992','MANUEL','ECHANDIA','MORENO','989067242','comercial@indeconsult.pe','150101','JR. MONTEROSA NRO. 233 INT. 507 URB. CHACARILLA DEL ESTANQUE','15','1501','TC2'),(553,'RE','45404079','YISELA MARINA','RODRIGUEZ','MOGROVEJO','972074595','yiselarodriguezm@gmail.com','110211','UPIS VILMA LEON MZ J LOTE 25 - PLAZA DE ARMAS','11','1102','TC2') ...

For all the damn snitches who said these were old hacks, you're very wrong... Sincerely, ExKase20 
Part1 db -> Catbox
Part1 db -> qu.ax

regards broder, hermano comparte las bases y haslas publicas, dale en la madre a esos soplones, o tambien compartenos la informacion.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[diegowinchester]

mi broki, levantaron su web, te adjunto unas capturas, usan CMS joombla, solo toca buscar otro directorio y deja tu reverse shell y te conectaras a ese server .

https://qu.ax/wPRNb.png

https://qu.ax/xtFJF.png

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[ExKase20]

mi broki, levantaron su web, te adjunto unas capturas, usan CMS joombla, solo toca buscar otro directorio y deja tu reverse shell y te conectaras a ese server .

https://qu.ax/wPRNb.png

https://qu.ax/xtFJF.png

My shell is still uploaded on their server, the IT department only cared about fixing the page, but not about deleting the shell and my accesses hahaha

[diegowinchester]

It seems to me that the municipality of Ica only has stupid people, they don't do their job correctly and safely, I'm glad to know that those fools from ICA, believe the story, they solved it and it's safe, if it weren't a bad idea, my bro, put a ransomware and encrypt the entire server but it slowly expands to the server, when you least expect it you leave it encrypted and the entire network of that website goes down.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[ABZeroCool]

You are on fire, ExKase

[Pantera10]

GRAMOracias bro.----

[titohippie]

Thanks for share it ExKase20.

[applecdos504]

Thanks for the share lord ExKase20, id like to know which approach u used to get rce, it was just reverse shell file upload php?