Bitcoin Forum

Looking to grab a few additional pentesters to try and break/glitch primedice 3 prior to launch. If you have pentesting experience please post here instead of PMing and I will contact you if I feel you are suitable. If you aren't selected you will still have the chance to test when the site goes public and the bounties will increase substantially after that point. Bounties will be paid for new unreported issues and rewards will be based off severity.


Thanks


Note: I'm not looking for a normal user to test out the site, I'm looking for hackers with code experience and knowledge on how to find/abuse bugs like XSS/CSRF. Will be back later today to PM details

Im interested and willing to try it out. Up to you Stunna.

Im interested! :)

EDIT: Although I cant really try to "hack" pd3, I can test for speed and efficiency, as well as js problems.

Let me know if you are interested!

I am interested. I might be a Jr. Member here but i have plenty of experience in testing.

I'm interested in testing/breaking PD. I can PM you my resume of the sites I have worked on if needed.

I'm confident in my abilities and won't waste your time. Let me know what you would like to see from me.

I can test with 90gbps, let me know

Hi Stunna,

I'm interested and can help. I code in JS and dice quite frequently. Please let me know if I can be of help.

He needs some blackhat hackers not testers :D . U guys don't need to test pd u need to try to break it , abuse it , and exploit it :D .

Absolutely agree with you. But he still needs to find if there are any exploits, including in javascript. If there are, you could manipulate the code or, for example, if the code is poorly written, a few users with bots would overload the server and slow things down considerably. Simple things that shouldn't be overlooked :)

Don't you mean whitehat?

I'm an abuser! I like to abuse things! Pick me!

Hi @Stunna!

I'm one of the members of your Primedice Bitcointalk campaigns.
Yes, I can help you with Primedice tests as a hacker.

As well, I think that I have some previous posts on my 'post history' solving problems to some coins on the Spanish sub-forum.

If you need help, just contact with me and we're going to secure PD3!!
:)

This job is to find vulnerabilities. If you don't know how to find vulnerabilities jobs like this is not for you.

Our main developer is asleep at the moment, when he's online I'll send some of the people here site/api details.

I'm interested in doing this, please let me know if I can help.

Stunna don't need stressers. He can stress test it himself if he wants to. He is finding people who can exploit the website to gain access to admin panel for example. He would probably be using cloudflare so your ddos won't hurt him a lot too.

Hi, I can do XSS . Its up to you Stunna if you will hire me :D

hello stunna im intrested

you can check with micro he knows im trusted!!!

I'm always up for trying to force data to execute, though IMO, forcing a 100BTC credit to myself is a feature, not a bug. To date, I've only been able to force a small site to accept LTC as BTC, though. Then it was fixed and he never paid the bounty. :D

Id love to test it out!

Me too! Would be interested :)

I might be interested in checking SQL injection.


How come a site accept LTC as BTC ? The Bitcoin daemon is different from the Litecoin daemon. If they check balance to their Bitcoin address that can never be filled with Litecoin !!! I'd like to know what flaw they made... if u please share.

It's pretty solid, I don't think you'll find anything in that realm.
Stunna, I've shot you a PM with the results of the pentest.

Are u tester123 ? Come on pd3 to play around PvP with me.

me too

They used deposit accounts which you spent from, which they didn't use a daemon for, just internal accounting. Basically, they accepted everything from their forms as true without checking, but allowed a user to specify "LTC" on a "BTC" form by dinking around with the source html (and they literally used those really obvious currency flags). I had LTC in my account there, so I changed the currency flag from BTC to LTC and was able to spend LTC as if it were valued like BTC. Unfortunately, it was only to buy ads. :'(

Me 3 interested.

I am interested, u will need someone who is new to Prime-Dice to test the atmosphere of the site

Do you provide a test/dev-environment in order to pentest it and don't break the production system?
If so I would give it a shot if its worth the try.

some facts about me:
http://bitcloudproject.org/w/User:MCM-Mike

Hi Stunna... though i was not among the testers, I have found a small UI bug hat u may consider fixing. When I click on the language drop-down, it does not work. It is only showing English as a fixed option.

can we still get rewarded if we found bugs?

Yep. Just email support@primedice.com

If your bug is unique and can be reproduced, you will get a reward!

I posted above. The bug has neither been addressed nor I have heard from Stunna. May be he's not checking this thread anymore :'(

How is that a bug?

I dont think PD has been translated to any other language yet.

When a drop down is not dropping down but showing the down arrow is not a bug ?

I am interested.

whats considered as a bug? cause the withdraw gave me 10,000 satoshi is that one?

I sent and talk to edward about the nonce repeat bug when you make a flood query. It gives to all the bets of the same timestamp the same result. In one run I could get 10 bets with the same result.

I'm good with patterns and logic errors, meaning if there's an issue with the script that runs the site I could root around it figuring out ways to break the odds.

Site is now live , everybody can pentest it . And if u find any bugs email support@primedice.com , if u are first to report it , u will get bounty .

It's the same site isn't it? I haven't been able to connect the last few time I've tried.

Yeah on primedice.com . U should try using latest version of chrome , there is some issue with ff, should be sorted out rly soon thou .

I only use chrome, and all I get is an error message for that site.
Nothing is wrong with my internet or anything, the page loads quick and smooth,,,, but to the error.

It works in firefox and opera aswell.

Are all URL arguments disabled? Every time I try to enable poop function (in chat, they confirm it is /?poop=enabled), it hangs on loading screen (or does that happen if IP address is already connected to websocket?).