Categories
Cybersecurity

Having fun with public credentials and Trello

This is fun, I have some time left, so I wondered, lets have some fun with Google Dorks and Trello.

So I tried some combo’s, and I found one which I want to share with you guys.

I used the following dork: 

site:trello.com intext:password mysql

And one of the results contained something about a ‘bot’, a Facebook bot to be specific.

So the first thing I tried, I tried the link, and wonder above wonder, the page is still alive.

So ofcourse the next step I take, I check if the environment ‘fbbot.byethost7.com’ is still online.

Once you visit the page, you will land on a traffic distribution system which will forward your request towards an random selected advertisement page.

The owner of this Trello page also added on Trello that the aim of this environment is: 

  • We aim to learn how to tighten a bot to a site that will be able to communicate with interlocutors, send structured messages with pictures and CTA buttons and sell.

Indicators of compromise:

  • 199.59.242.151
  • fbbot.byethost7.com
  • ftp.byethost7.com

Additional information: 

  • https://www.virustotal.com/#/url/2b4b373c33ee6630a16bceaf866f8fbf9739ef2f423a17bc82714e053f4fb318/details
  • https://urlquery.net/report/12bfbc8f-7040-4247-bf48-1ba9229ae0fd

 

By CWZ

Founder of Cyberwarzone.com.