# MASTER CREDENTIALS REPORT — Mexican .git Exposure Campaign **Date:** 2026-02-20 (updated 2026-02-25) **Source:** Credentials and data extracted from exposed `.git/` directories and open APIs on Mexican production servers **Campaign Targets:** uaem.mx, ieeq.mx, ss.puebla.gob.mx, elsiglodetorreon.com.mx, api.elsiglodetorreon.com.mx, mvs.com, fiscalia.durango.gob.mx, repodatos.atdt.gob.mx **Repos Reconstructed:** 4 full repos on CT 105 (toolbox — 10.0.0.99) | Target | Commits | Files | Toolbox Path | |--------|---------|-------|-------------| | uaem.mx | 8,506 | 15,147 | `/opt/uaem-repo/` | | ieeq.mx | 310 | 5,562 | `/opt/ieeq-repo/` | | ss.puebla.gob.mx | 5 | 8,753 | `/opt/ss-puebla-repo/` | | elsiglodetorreon.com.mx | 9,829 | 2,463 | `/opt/elsiglo-repo/` | | repodatos.atdt.gob.mx | N/A | 1,084 | `/opt/repodatos/` (metadata only) | --- ## 1. uaem.mx — Universidad Autónoma del Estado de Morelos ### 1a. MySQL — Certificate Request System | Field | Value | |-------|-------| | Host | `www.uaem.mx` | | Username | `facdisenousr` | | Password | `LXN*j@9nmVmN` | | Database | `consfacdiseno` | | Source | `html/constancias-diseno/db/ConexionMySQL.php` | | Contains | Student PII (names, emails, IDs, majors) in `SOLICITUD_CONSTANCIAS` table | | Test endpoint | `https://www.uaem.mx/constancias-diseno/db/TestConexion.php` | ### 1b. SMTP #1 — Faculty of Design | Field | Value | |-------|-------| | Host | `smtp.gmail.com:465` (SSL) | | Username | `constancias.facdisenio@uaem.mx` | | Password | `Cons_facDisenio9102` | | Sends to | `sescolaresdiseno@uaem.mx` | | Source | `html/constancias-diseno/model/EnviarCorreoModel.php` | ### 1c. SMTP #2 — FCQEI Virtual Window | Field | Value | |-------|-------| | Host | `smtp.gmail.com:465` (SSL) | | Username | `constancias.fcqei@uaem.mx` | | Password | `Ventanill4FCQ31` | | Sends to | `serviciosescolares.fcqei@uaem.mx` | | Source | `html/ventanilla-virtual-fcqei/model/EnviarCorreoModel.php` | **Notes:** UAEM uses Google Workspace. Both SMTP creds grant Gmail inbox access. Password pattern: abbreviated app/faculty name + digits. --- ## 2. ieeq.mx — Instituto Electoral del Estado de Querétaro ### 2a. PostgreSQL — Production (Cloud) | Field | Value | |-------|-------| | Host | `127.0.0.1` | | Username | `postgres` | | Password | `Eqaeccasm1500V+-` | | Database 1 | `ieeq_site` (schema: `ieeq_web`) | | Database 2 | `ieeq_site_admin` (schema: `ieeq_webadmin`) | | Source | `app/database/database.php` | ### 2b. PostgreSQL — Development | Field | Value | |-------|-------| | Host | `localhost` | | Username | `postgres` | | Password | `root` | | Databases | `db_Sergio`, `db_Web`, `db_Pagina` | | Source | `app/database/database.php` | ### 2c. MySQL — Azure Server | Field | Value | |-------|-------| | Host | `104.45.237.221` | | Username | `web` | | Password | `fb&BN3cse8j_MH5v` | | Database 1 | `ieeq_ieeqmx9453639538` | | Database 2 | `cartografia_ieeqmx3692896128` | | Source | `app/database/database.php` | ### 2d. MySQL — External (Comunicación Social) | Field | Value | |-------|-------| | Host | `187.191.76.50` | | Username | `CCS` | | Password | `C0munic4ci0n.S0ci4l` | | Database | `ieeq` | | Source | `app/database/database.php` | **Notes:** All 4 credential sets in one file. Azure IP `104.45.237.221` and external IP `187.191.76.50` are directly connectable. Internal IPs: 192.168.1.3, 192.168.1.25, 192.168.1.246. DynDNS: `ieeq.dynalias.net:8080`. --- ## 3. ss.puebla.gob.mx — Secretaría de Salud de Puebla ### 3a. MySQL — Joomla Database | Field | Value | |-------|-------| | Host | `localhost` | | Username | `dst_ss` | | Password | `m%e7A_fAMpt9dVbZ` | | Database | `dst_ss` | | Table Prefix | `q4gqt_` | | Source | `configuration.php` | ### 3b. Joomla Secret Key | Field | Value | |-------|-------| | Secret | `xSGvpdh2s4Oo1c4F` | | Mail From | `portalpuebla@gmail.com` | | Server Path | `/var/www/html/ss/` | **Notes:** Internal GitLab at `git.develop.dst` (Puebla state IT — DST). `dst_` prefix pattern suggests databases for each state department. --- ## 4. elsiglodetorreon.com.mx — El Siglo de Torreón (Newspaper) ### 4a. MySQL — Primary Read-Write | Field | Value | |-------|-------| | Host | `localhost` | | Username | `centenariorw` | | Password | `wwZtK7@c1en1` | | Databases | `siglo90`, `durango` | | Source | `inc/config.php`, `admin/config.php` | ### 4b. MySQL — Secondary Server (s22) | Field | Value | |-------|-------| | Host | `s22` | | Username | `eT9Server3` | | Password | `vwDvhNXckAntcWjB6E` | | Database | `siglo90` | | Source | `admin/config.php` | ### 4c. MySQL — Tienda/Flores Shop (s1) | Field | Value | |-------|-------| | Host | `s1` | | Username | `eT9Server3` | | Password | `vwDvhNXckAntcWjB6E` | | Database | `Tienda` | | Source | `club/inc/config.php` | ### 4d. MySQL — Remote (IBM Cloud) | Field | Value | |-------|-------| | Host | `52.117.172.166` | | Username | `centenario` | | Password | `wwZgtK7@c1en` | | Database | `siglo90` | | Source | `.htdata/archiveRemote/config.php` | ### 4e. MySQL — Admin/BOA | Field | Value | |-------|-------| | Host | `localhost` | | Username | `centenarioboa` | | Password | `vchtBfOfVaYhyBe@100` | | Databases | `siglo90`, `durango` | | Source | `api/dgo/DGO/config.php` | ### 4f. MySQL — Club/Suscripciones | Field | Value | |-------|-------| | Host | `localhost` | | Username | `centenario` | | Password | `wwZgtK7@c1en` | | Database | `siglo90` | | Source | `club/php/conexion.php` | ### 4g. MySQL — Autos Section | Field | Value | |-------|-------| | Host | `127.0.0.1` | | Username | `autos` | | Password | `f0$f0r0Qui3roCaf3` | | Database | `autos` | | Source | `club/inc/config.php` | ### 4h. MySQL — Archive | Field | Value | |-------|-------| | Host | `localhost` | | Username | `archive` | | Password | `camaraf0f0r0@` | | Database | `archive` | | Source | `.htdata/archiveRemote/config.php` | ### 4i. SMTP — Clasificados | Field | Value | |-------|-------| | Host | `correo.elsiglo.mx:587` (TLS) | | Username | `ventas@losclasificados.mx` | | Password | `mel588mo` | | From | `aclientes@elsiglo.mx` | | Source | `postman/config.php` | ### 4j. Application Tokens | Token | Value | |-------|-------| | TOKEN_PASSWORD | `k@VDKgrKRI!z5YVZ76PJpjwB4#rEs0FswcYaGOGmS2HhT8@ce!` | | TOKEN_TARJETA | `3ls1glo100\|2021-12-07` | | TOKEN_PASS (push) | `enb5SWeXtgQmFjdr9wBecnFVjx4QrwMq3zFKPYhvFZ6QXJR7HMZPNREEd4me3kK2tVHcNFUjXJfBuJafYmz7X2H8cZQRkPW4` | | AdSense | `ca-pub-5687735147948295` / slot `9692393977` | **Notes:** 8 MySQL accounts, 1 SMTP, 3 tokens. IBM Cloud IP `52.117.172.166` is directly connectable. Internal servers: s22, s1, s3local, cien. GitHub org: `es-trc`. Multi-domain: elsiglo.mx, losclasificados.mx, flores.elsiglo.mx, tecolotito.elsiglodetorreon.com.mx. --- ## 5. repodatos.atdt.gob.mx — Federal Open Data API (ATDT) **Type:** Unauthenticated API — no credentials needed, everything is open **Total Data:** 64 GB full mirror (50.12 GB enumerated + s_* mirrors, CONAPO, CONEVAL) **Files:** 1,084+ across 38 all_data agencies, 11 s_* secretariat dirs, 177 api_update agencies **Est. Records:** 186,000,000+ **Mirror Status:** COMPLETE — 28 top-level dirs, dumped 2026-02-25 ### 5a. Open Access — No Auth Required | Field | Value | |-------|-------| | URL | `https://repodatos.atdt.gob.mx/` | | Auth | **NONE** — JSON directory listings, all files downloadable | | Server | nginx with autoindex | | Last Updated | 2026-02-24 (api_update/) | | Agencies | 177 in api_update directory | ### 5b. PII Data Accessible | Dataset | Path | Size | Est. Records | PII Level | |---------|------|------|-------------|-----------| | SINAC Birth Records (2008-2023) | `/all_data/secretaria_salud/77c166cc-.../` | 12.3 GB | ~60M | HIGH — mother age, indigenous status, language, medical details | | Death Records (1998-2023) | `/all_data/secretaria_salud/6fecbbb3-.../` | 6.1 GB | ~25M | HIGH — cause of death, nationality, violence indicators | | Education Centers | `/all_data/secretaria_educacion/2a1d047c-.../` | 1.7 GB | ~6M | **CRITICAL** — CURP, RFC, full names, email, phone, GPS | | Migration Tramites | `/INM/regulacion_migratoria/` | 257 MB | ~1.3M | HIGH — nationality, sex, age, resolution | | Irregular Migration | `/all_data/secretaria_gobernacion/.../` | 175 MB | ~700K | HIGH — border crossing events | | Crime Incidence | `/SESNSP/incidencia_delictiva/` | 424 MB | ~2M | MEDIUM — municipal crime stats | | Procurement (Compranet) | `/compranet_historico.csv` | 907 MB | ~4.5M | MEDIUM — vendor names, contract amounts | | CENSIDA HIV Treatment | `/CENSIDA/activas_con_tratamiento/` | 22 MB | ~100K | MEDIUM-HIGH — ARV treatment by facility | | CRE Gas Prices | `/CRE/precios_gas_lp/` | 1.3 GB | ~85M | LOW | | CONAPO Population | `/CONAPO/proyecciones/` | 202 MB | — | MEDIUM — demographics 1950-2070, marginalization | | CONEVAL Poverty | `/CONEVAL/pobreza/` | 48 MB | — | MEDIUM — poverty by municipality | | s_salud Health | `/s_salud/` | 16 GB | — | HIGH — chronic diseases, family planning, nutrition, vaccines | | Treasury (Hacienda) | `/s_hacienda_cred_publico/` | 461 MB | — | MEDIUM — public finance | | Agriculture | `/s_agricultura_des_rural/` | 403 MB | — | LOW — rural development | ### 5c. Education Data CSV Headers (CURP/RFC/PII) ``` cv_cct, c_nombre, contacto_c_curp, contacto_c_rfc, contacto_c_nombre, contacto_c_apellido1, contacto_c_apellido2, contacto_c_email, contacto_c_telefono, contacto_c_celular, latitud, longitud ``` **Notes:** No traditional credentials (no DB passwords, API keys). The vulnerability IS the complete lack of authentication on 50+ GB of federal data including national ID numbers (CURP), tax IDs (RFC), and 85M+ health records. 177 agencies actively pushing data as of Feb 2026. --- ## 6. api.elsiglodetorreon.com.mx — Exposed .git (Partial) ### 6a. Git Remote Configuration | Field | Value | |-------|-------| | Repo | `git@github.com:MrBoa-s-Company/api-app-tor.git` | | Upstream | `rcasanovae/api-app-tor` | | Status | .git/config accessible, full dump blocked (connection reset on directory listing) | **Notes:** Different repo from main elsiglodetorreon (api-app-tor vs centenario). 30 pull updates in reflog. git-dumper fails — would need manual loose object fetching. Same developer: @MrBoa / Eugenio Ramírez Casanova. --- ## 7. Credentials Known to Exist (Not Recovered) ### 7a. uaem.mx — Laravel .env Files - `https://www.uaem.mx/cedulas/.env` — Laravel app key, DB creds for professional license system - `https://www.uaem.mx/titulos-uaem/.env` — App secrets for degree generation system ### 7b. uaem.mx — System Files - `https://www.uaem.mx/.bash_history` — Shell history (may contain passwords) - `https://www.uaem.mx/.ssh/` — SSH private keys ### 7c. fiscalia.durango.gob.mx — WordPress - `https://fiscalia.durango.gob.mx/wp-config.php` — WordPress DB creds - Internal Gitea: `http://10.1.4.194:8085/Alejandro.paredes/mw-red-de-sitios.git` --- ## 8. Platform Accounts & Git Repos | Platform | Account | Email | Target | Repo | |----------|---------|-------|--------|------| | GitHub | `norgoth` (GGakko) | rafael.fragoso@uaem.mx | uaem.mx | `norgoth/uaem2023` | | GitHub | `es-trc` | apps@elsiglo.mx | elsiglodetorreon | `es-trc/centenario` | | GitLab | `dianguemoli` | diana.guerra@ieeq.mx | ieeq.mx | `dianguemoli/ieeq` | | GitLab | `devgob` | — | fiscalia.durango | `devgob/mw-red-de-sitios` | | Bitbucket | `mvsradio` | agonzalez@mvs.com | mvs.com | `mvsradio/grupo_mvs_v2_landing` | | Internal GitLab | `dds` | — | ss.puebla.gob.mx | `dds/secretaria-de-salud` (git.develop.dst) | --- ## 9. Developer Identities (All Targets) ### uaem.mx (16 developers) | Name | Email | |------|-------| | Rafael Fragoso (norgoth/GGakko) | rafael.fragoso@uaem.mx | | Amy Malavar | amymalavar@gmail.com | | Carlos Clemente | carlos.clemente@uaem.mx | | Jelsy Uribe | jelsy.uribe@uaem.mx | | Multimedia (team) | multimedia@uaem.mx | | Roxandesanz | sanchezrandrade@gmail.com | | Victor González | zarinana.gonzalez@gmail.com | | Ricardo Morales | armoralesricardo@gmail.com | | Alan Martínez | norgothmx@gmail.com | ### ieeq.mx (6 developers) | Name | Email | |------|-------| | Diana Guerra (dianguemoli07) | diana.guerra@ieeq.mx | | Melchor Leal | melchor.leal@ieeq.mx | | JORGE LARA MENDOZA | jorge.lara@ieeq.mx | | Jorge | jorge.mendoza@skyflop.xyz | | Sergio I. Gutiérrez Quintero | sergio.gutierrez@ieeq.mx | ### ss.puebla.gob.mx (1 developer) | Name | Email | |------|-------| | Rene Limon | renecomes@gmail.com | ### elsiglodetorreon.com.mx (14 developers) | Name | Email | |------|-------| | @MrBoa / Eugenio Ramírez Casanova | rcasanovae@gmail.com | | Carlos Rodriguez | carlosrdz_16@hotmail.com | | Gustavo Ronaldo Hernandez | hernandezgustavoronaldo@gmail.com | | Jaime Favela | jfavela@elsiglo.mx | | Jorge Martínez Mauricio | jorgem@gmail.com | | Jorge Avila Flores | jorge.aviflores@gmail.com | | Marco Huitron | marcohuitron@outlook.com | | es-trc (org) | apps@elsiglo.mx | | ziscko | ziscko.team@gmail.com | --- ## 10. Quick Reference — ALL Credentials ``` === uaem.mx === MySQL: facdisenousr : LXN*j@9nmVmN @ www.uaem.mx / consfacdiseno SMTP #1: constancias.facdisenio@uaem.mx : Cons_facDisenio9102 @ smtp.gmail.com:465 SMTP #2: constancias.fcqei@uaem.mx : Ventanill4FCQ31 @ smtp.gmail.com:465 === ieeq.mx === PgSQL (prod): postgres : Eqaeccasm1500V+- @ 127.0.0.1 / ieeq_site, ieeq_site_admin PgSQL (dev): postgres : root @ localhost / db_Sergio, db_Web, db_Pagina MySQL (Azure):web : fb&BN3cse8j_MH5v @ 104.45.237.221 / ieeq_ieeqmx9453639538, cartografia_ieeqmx3692896128 MySQL (Comms):CCS : C0munic4ci0n.S0ci4l @ 187.191.76.50 / ieeq === ss.puebla.gob.mx === MySQL: dst_ss : m%e7A_fAMpt9dVbZ @ localhost / dst_ss (prefix: q4gqt_) Joomla Secret: xSGvpdh2s4Oo1c4F === elsiglodetorreon.com.mx === MySQL (rw): centenariorw : wwZtK7@c1en1 @ localhost / siglo90, durango MySQL (s22): eT9Server3 : vwDvhNXckAntcWjB6E @ s22 / siglo90 MySQL (s1): eT9Server3 : vwDvhNXckAntcWjB6E @ s1 / Tienda MySQL (IBM): centenario : wwZgtK7@c1en @ 52.117.172.166 / siglo90 MySQL (boa): centenarioboa : vchtBfOfVaYhyBe@100 @ localhost / siglo90, durango MySQL (club): centenario : wwZgtK7@c1en @ localhost / siglo90 MySQL (autos):autos : f0$f0r0Qui3roCaf3 @ 127.0.0.1 / autos MySQL (arch): archive : camaraf0f0r0@ @ localhost / archive SMTP: ventas@losclasificados.mx : mel588mo @ correo.elsiglo.mx:587 === repodatos.atdt.gob.mx (Federal Open Data API) === NO AUTH REQUIRED — 64 GB mirror (50.12 GB enum), 186M+ records, 38 all_data agencies, 177 api_update URL: https://repodatos.atdt.gob.mx/ Mirror: COMPLETE — 28 top-level dirs, 2026-02-25 PII: CURP, RFC, full names, email, phone (education data) PII: 60M birth records, 25M death records (health data) PII: 1.3M migration records, 700K irregular migration events DATA: CONAPO population projections, CONEVAL poverty data DATA: s_salud (chronic diseases, family planning, nutrition, vaccines) DATA: Treasury, agriculture, education catalogs, science/tech === api.elsiglodetorreon.com.mx (.git exposed) === Git remote: git@github.com:MrBoa-s-Company/api-app-tor.git Upstream: rcasanovae/api-app-tor Status: Partial — .git/config accessible, full dump blocked ``` --- *Generated 2026-02-20. Updated 2026-02-25 with credentials from 4 fully reconstructed repos + 1 open federal API. 18,650 total commits, 31,925+ total files across repos. repodatos.atdt.gob.mx fully mirrored: 64 GB / 186M records / 38 agencies / zero auth — dump COMPLETE. All findings from publicly exposed .git/ directories and open APIs on Mexican production servers. Full repos on CT 105 (toolbox). Huntr scan active on 618 Mexican domains.*