Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



   1239

BBVA FTP server leak

by malformed - 30 January, 2023 - 03:36 PM
This post is by a banned member (malformed) - Unhide
malformed  
Registered
14
Posts
5
Threads
2 Years of service
#1
OP 30 January, 2023 - 03:36 PM
I have found this VPN portal, apparently of BBVA, in a Textbin paste:

https://34.245.91.177

The person who posted this, explains that he/she tried to login using two leaked credentials, without success. I've just tried to logging in with those credentials and got the same results, obviously. After that, I started researching with the intention of getting more information. So, fist of all, I decided to use the inspect tool to see the webpage sourcecode. I was surprised when I saw a comment that, accidentaly, contains a FTP server IP.
 
Code:
<!--    ACCESO A FTP, QUITAR COMENTARIIO CUANDO ESTÉ OPERATIVO <div id="ftp"> <div> <p> <a href="34.252.181.236"></a></p></div></div> -->

I searched that IP on Shodan, to check if it's opened to the Internet, and in that case, also to see the banner. Once again, I was successful. The server was opened to the Internet and the banner, it appeared to be from an official BBVA service.

There was only one step left after that: try to connect to the FTP server. The easiest way was to start trying to connect with the leaked users of the Textbin paste. And... in the first attemp I got success!!
 
Code:
kali@kali:~$ ftp 34.252.181.236
Connected to 34.252.181.236
220-BBVA España Seguridad informática.
220-
220-Bienvenido a la RED BVP del BBVA España
220-
220-#####################
220-## USO RESTRINGIDO ##
220-#####################
220-
220-Si usted NO ES un usuario debidamente autorizado por la corporación BBVA no intente utilizar esta estación y acceder a la RED BPV.
220 Name (34.252.181.236:kali): ES349022
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
This post is by a banned member (malformed) - Unhide
malformed  
Registered
14
Posts
5
Threads
2 Years of service
#2
OP 07 February, 2023 - 05:09 PM
The textbin link for the people who haven't found it.

https://textbin.net/gaarmxevn6

DM me if you manage to do something.
This post is by a banned member (sp4rt4npl4y) - Unhide
sp4rt4npl4y  
Registered
12
Posts
6
Threads
2 Years of service
#3
07 March, 2023 - 02:05 PM
the textbin paste that u post is already expired. I just discovered that the server has the ssh service opened on port 22022. Maybe u can try to log in with the same user as the ftp (ES349022) if u know the password

thanks for the info

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
 or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)

About Cracked.sh

Cracked.sh is a community forum that suits basically everyone. We provide cracking tutorials, tools, leaks, marketplace and much more stuff! You can also learn many things here, meet new friends and have a lot of fun!
If you would like to contact us, you can send our staff team a message.

Navigation

Extras

Help

Account