# Mexico CTF / Bug Bounty — All Recovered Credentials **Campaign:** Mexican .git Exposure + Open API Recon **Updated:** 2026-02-25 **Targets:** 8 domains, 4 reconstructed repos, 1 open federal API --- ## uaem.mx — Universidad Autonoma del Estado de Morelos | Type | Username | Password | Host | Database | |------|----------|----------|------|----------| | MySQL | `facdisenousr` | `LXN*j@9nmVmN` | `www.uaem.mx` | `consfacdiseno` | | SMTP | `constancias.facdisenio@uaem.mx` | `Cons_facDisenio9102` | `smtp.gmail.com:465` | — | | SMTP | `constancias.fcqei@uaem.mx` | `Ventanill4FCQ31` | `smtp.gmail.com:465` | — | --- ## ieeq.mx — Instituto Electoral del Estado de Queretaro | Type | Username | Password | Host | Database | |------|----------|----------|------|----------| | PostgreSQL (prod) | `postgres` | `Eqaeccasm1500V+-` | `127.0.0.1` | `ieeq_site`, `ieeq_site_admin` | | PostgreSQL (dev) | `postgres` | `root` | `localhost` | `db_Sergio`, `db_Web`, `db_Pagina` | | MySQL (Azure) | `web` | `fb&BN3cse8j_MH5v` | `104.45.237.221` | `ieeq_ieeqmx9453639538`, `cartografia_ieeqmx3692896128` | | MySQL (Comms) | `CCS` | `C0munic4ci0n.S0ci4l` | `187.191.76.50` | `ieeq` | --- ## ss.puebla.gob.mx — Secretaria de Salud de Puebla | Type | Username | Password | Host | Database | |------|----------|----------|------|----------| | MySQL (Joomla) | `dst_ss` | `m%e7A_fAMpt9dVbZ` | `localhost` | `dst_ss` (prefix: `q4gqt_`) | | Joomla Secret | — | `xSGvpdh2s4Oo1c4F` | — | — | --- ## elsiglodetorreon.com.mx — El Siglo de Torreon | Type | Username | Password | Host | Database | |------|----------|----------|------|----------| | MySQL (rw) | `centenariorw` | `wwZtK7@c1en1` | `localhost` | `siglo90`, `durango` | | MySQL (s22) | `eT9Server3` | `vwDvhNXckAntcWjB6E` | `s22` | `siglo90` | | MySQL (s1) | `eT9Server3` | `vwDvhNXckAntcWjB6E` | `s1` | `Tienda` | | MySQL (IBM Cloud) | `centenario` | `wwZgtK7@c1en` | `52.117.172.166` | `siglo90` | | MySQL (boa) | `centenarioboa` | `vchtBfOfVaYhyBe@100` | `localhost` | `siglo90`, `durango` | | MySQL (club) | `centenario` | `wwZgtK7@c1en` | `localhost` | `siglo90` | | MySQL (autos) | `autos` | `f0$f0r0Qui3roCaf3` | `127.0.0.1` | `autos` | | MySQL (archive) | `archive` | `camaraf0f0r0@` | `localhost` | `archive` | | SMTP | `ventas@losclasificados.mx` | `mel588mo` | `correo.elsiglo.mx:587` | — | ### Tokens | Token | Value | |-------|-------| | TOKEN_PASSWORD | `k@VDKgrKRI!z5YVZ76PJpjwB4#rEs0FswcYaGOGmS2HhT8@ce!` | | TOKEN_TARJETA | `3ls1glo100\|2021-12-07` | | TOKEN_PASS | `enb5SWeXtgQmFjdr9wBecnFVjx4QrwMq3zFKPYhvFZ6QXJR7HMZPNREEd4me3kK2tVHcNFUjXJfBuJafYmz7X2H8cZQRkPW4` | | AdSense | `ca-pub-5687735147948295` / slot `9692393977` | --- ## repodatos.atdt.gob.mx — Federal Open Data API (ATDT) **NO AUTHENTICATION REQUIRED** — Everything is open | Field | Value | |-------|-------| | URL | `https://repodatos.atdt.gob.mx/` | | Total Data | 64 GB (full mirror on disk) | | Enumerated | 50.12 GB (all_data + top-level) | | Total Files | 1,084+ | | Agencies (all_data) | 38 | | Agencies (api_update) | 177 | | Est. Records | 186,000,000+ | | Mirror Status | **COMPLETE** — 2026-02-25 | ### PII Data Exposed (Full URLs) | Dataset | Records | Size | Full URL | Critical Fields | |---------|---------|------|----------|----------------| | SINAC Birth Records (2008-2023) | ~60M | 12.3 GB | `https://repodatos.atdt.gob.mx/all_data/secretaria_salud/77c166cc-bcbf-4b28-806e-f2a60c3de821/` | Mother age, indigenous status, language, baby details | | Death Records (1998-2023) | ~25M | 6.1 GB | `https://repodatos.atdt.gob.mx/all_data/secretaria_salud/6fecbbb3-afd9-44a1-8665-679a80ce4a15/` | Cause of death, nationality, violence indicators | | Education Centers | ~6M | 1.7 GB | `https://repodatos.atdt.gob.mx/all_data/secretaria_educacion/2a1d047c-546b-4293-971a-c835689a37a5/` | **CURP, RFC, full names, email, phone, GPS** | | Migration Tramites | ~1.3M | 257 MB | `https://repodatos.atdt.gob.mx/INM/regulacion_migratoria/Tramites_Migratorios.csv` | Nationality, sex, age, resolution | | Migration Docs | ~90K | 18 MB | `https://repodatos.atdt.gob.mx/INM/regulacion_migratoria/Documentos_Migratorios.csv` | Document type, nationality, sex | | Irregular Migration | ~700K | 175 MB | `https://repodatos.atdt.gob.mx/all_data/secretaria_gobernacion/eventos_migratoria_irregular_2023/situ_irregular_2023.csv` | Border crossing events with demographics | | Crime Incidence | ~2M | 424 MB | `https://repodatos.atdt.gob.mx/SESNSP/incidencia_delictiva/IDM_NM_ene25.csv` | Municipal crime statistics | | Procurement | ~4.5M | 907 MB | `https://repodatos.atdt.gob.mx/compranet_historico.csv` | Vendor names, contract amounts | | HIV Treatment | ~100K | 22 MB | `https://repodatos.atdt.gob.mx/CENSIDA/activas_con_tratamiento/Personas_Tratamiento_Antirretroviral_julio_2023_diciembre_2024.csv` | ARV treatment by facility | | Gas Prices | ~85M | 1.3 GB | `https://repodatos.atdt.gob.mx/CRE/precios_gas_lp/Historico_Precios_Expendios.csv_2024.csv` | Station-level pricing | | IMSS Complaints | ~5K | 1 MB | `https://repodatos.atdt.gob.mx/IMSS/recomendaciones_cndh/RecCNDH-2024-4Trim.csv` | Victim IDs, human rights violations | | Forest Fires | ~1M | 187 MB | `https://repodatos.atdt.gob.mx/CONAFOR/incendios_forestales/` | Geospatial fire data | | CONAPO Population | — | 202 MB | `https://repodatos.atdt.gob.mx/CONAPO/proyecciones/` | Projections 1950-2070, marginalization indices | | CONEVAL Poverty | — | 48 MB | `https://repodatos.atdt.gob.mx/CONEVAL/pobreza/` | Poverty by municipality, social lag | | Treasury (Hacienda) | — | 461 MB | `https://repodatos.atdt.gob.mx/s_hacienda_cred_publico/` | Public finance data | | Agriculture | — | 403 MB | `https://repodatos.atdt.gob.mx/s_agricultura_des_rural/` | Rural development data | | s_salud Health Data | — | 16 GB | `https://repodatos.atdt.gob.mx/s_salud/` | Chronic diseases, family planning, nutrition, vaccines | | 177 Agency Directory | — | — | `https://repodatos.atdt.gob.mx/api_update/` | All agency data feeds | --- ## api.elsiglodetorreon.com.mx — Exposed .git (Partial) | Field | Value | |-------|-------| | Git Remote | `git@github.com:MrBoa-s-Company/api-app-tor.git` | | Upstream | `rcasanovae/api-app-tor` | | Status | .git/config exposed, full dump blocked | --- ## Connectable External IPs | IP | Target | Service | |----|--------|---------| | `104.45.237.221` | ieeq.mx | MySQL (Azure) | | `187.191.76.50` | ieeq.mx | MySQL (Comunicacion Social) | | `52.117.172.166` | elsiglodetorreon | MySQL (IBM Cloud) | --- ## Git Repos Discovered | Repo | Target | |------|--------| | `github.com:norgoth/uaem2023.git` | uaem.mx | | `gitlab.com:dianguemoli/ieeq.git` | ieeq.mx | | `git.develop.dst:dds/secretaria-de-salud.git` | ss.puebla.gob.mx (internal) | | `github.com:es-trc/centenario.git` | elsiglodetorreon.com.mx | | `github.com:MrBoa-s-Company/api-app-tor.git` | api.elsiglodetorreon.com.mx | | `bitbucket.org:mvsradio/grupo_mvs_v2_landing.git` | mvs.com | | `10.1.4.194:8085/.../mw-red-de-sitios.git` | fiscalia.durango.gob.mx (internal) | --- ## Developer Identities (37+) | Target | Name | Email | |--------|------|-------| | uaem.mx | Rafael Fragoso (norgoth) | rafael.fragoso@uaem.mx | | uaem.mx | Amy Malavar | amymalavar@gmail.com | | uaem.mx | Carlos Clemente | carlos.clemente@uaem.mx | | uaem.mx | Jelsy Uribe | jelsy.uribe@uaem.mx | | uaem.mx | Victor Gonzalez | zarinana.gonzalez@gmail.com | | uaem.mx | Ricardo Morales | armoralesricardo@gmail.com | | ieeq.mx | Diana Guerra | diana.guerra@ieeq.mx | | ieeq.mx | Melchor Leal | melchor.leal@ieeq.mx | | ieeq.mx | Jorge Lara Mendoza | jorge.lara@ieeq.mx | | ieeq.mx | Sergio Gutierrez | sergio.gutierrez@ieeq.mx | | ss.puebla | Rene Limon | renecomes@gmail.com | | elsiglo | @MrBoa / Eugenio Ramirez | rcasanovae@gmail.com | | elsiglo | Carlos Rodriguez | carlosrdz_16@hotmail.com | | elsiglo | Gustavo Hernandez | hernandezgustavoronaldo@gmail.com | | elsiglo | Jaime Favela | jfavela@elsiglo.mx | | elsiglo | Jorge Martinez | jorgem@gmail.com | | elsiglo | Marco Huitron | marcohuitron@outlook.com | | mvs.com | Alfredo Gonzalez | agonzalez@mvs.com | | fiscalia | Alejandro Paredes | (internal Gitea) | --- ## Totals | Metric | Count | |--------|-------| | Credential sets | 17 | | Application tokens | 4 | | Joomla secrets | 1 | | Open APIs (no auth) | 1 (64 GB mirror / 186M+ records) | | Developer identities | 37+ | | Git repos | 7 | | External IPs | 3 | | Federal agencies | 177 |