Bitcoin Forum
September 24, 2018, 03:02:12 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 [5] 6 7 »  All
  Print  
Author Topic: [joe is dead] http://findmeifyoucan.eu  (Read 6877 times)
fergalish
Sr. Member
****
Offline Offline

Activity: 440
Merit: 250


View Profile
October 28, 2012, 10:25:15 PM
 #81

My post above contained a tracking beacon which was logging IPs & useragents; the link in my post went to a free hosting provider which I set up using a manner of techniques to log information about visitors (using JavaScript, PHP, and an embedded flash player which was requesting a video from my server), and then after a few seconds forwarded you to a legit blog post.
Fascinating! How can you possibly embed such code in a forum post? Surely this indicates a serious bug in SMF, the forum software?

One of the IP addresses you mention is mine, and I'm not joe23. Thanks for doing the xx.xx'ing - I'd hate to have a bunch of you guys suddenly trying to hack my box!
1537758132
Hero Member
*
Offline Offline

Posts: 1537758132

View Profile Personal Message (Offline)

Ignore
1537758132
Reply with quote  #2

1537758132
Report to moderator
1537758132
Hero Member
*
Offline Offline

Posts: 1537758132

View Profile Personal Message (Offline)

Ignore
1537758132
Reply with quote  #2

1537758132
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537758132
Hero Member
*
Offline Offline

Posts: 1537758132

View Profile Personal Message (Offline)

Ignore
1537758132
Reply with quote  #2

1537758132
Report to moderator
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3150
Merit: 3684


View Profile
October 28, 2012, 10:28:38 PM
 #82

How can you possibly embed such code in a forum post?

It's called an image. Thankfully, only the 1337est of hackers can master this arcane technology.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
October 28, 2012, 10:32:08 PM
 #83

How can you possibly embed such code in a forum post?

It's called an image. Thankfully, only the 1337est of hackers can master this arcane technology.

eh, after all theymos has sense of humour. lol

OpenYourEyes
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
October 28, 2012, 10:37:26 PM
 #84

My post above contained a tracking beacon which was logging IPs & useragents; the link in my post went to a free hosting provider which I set up using a manner of techniques to log information about visitors (using JavaScript, PHP, and an embedded flash player which was requesting a video from my server), and then after a few seconds forwarded you to a legit blog post.
Fascinating! How can you possibly embed such code in a forum post? Surely this indicates a serious bug in SMF, the forum software?

One of the IP addresses you mention is mine, and I'm not joe23. Thanks for doing the xx.xx'ing - I'd hate to have a bunch of you guys suddenly trying to hack my box!
As theymos said, just an image: a simple 1px transparent gif hosted on a server which logs IPs of those who requested it.

takemybitcoins.com: Spend a few seconds entering a merchants email address to encourage them to accept Bitcoin
PGP key | Bitmessage: BM-GuCA7CkQ8ojXSFGrREpMDuWgv495FUX7
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
October 28, 2012, 10:44:08 PM
 #85

My post above contained a tracking beacon which was logging IPs & useragents; the link in my post went to a free hosting provider which I set up using a manner of techniques to log information about visitors (using JavaScript, PHP, and an embedded flash player which was requesting a video from my server), and then after a few seconds forwarded you to a legit blog post.
Fascinating! How can you possibly embed such code in a forum post? Surely this indicates a serious bug in SMF, the forum software?

One of the IP addresses you mention is mine, and I'm not joe23. Thanks for doing the xx.xx'ing - I'd hate to have a bunch of you guys suddenly trying to hack my box!
As theymos said, just an image: a simple 1px transparent gif hosted on a server which logs IPs of those who requested it.

If you wanted to catch only joe's IP you should've sent him a PM and not post in in this thread.

BTW, joe is gweedo. Why? Because gweedo can't stand BitcoinINV lol

OpenYourEyes
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
October 28, 2012, 10:50:39 PM
 #86

My post above contained a tracking beacon which was logging IPs & useragents; the link in my post went to a free hosting provider which I set up using a manner of techniques to log information about visitors (using JavaScript, PHP, and an embedded flash player which was requesting a video from my server), and then after a few seconds forwarded you to a legit blog post.
Fascinating! How can you possibly embed such code in a forum post? Surely this indicates a serious bug in SMF, the forum software?

One of the IP addresses you mention is mine, and I'm not joe23. Thanks for doing the xx.xx'ing - I'd hate to have a bunch of you guys suddenly trying to hack my box!
As theymos said, just an image: a simple 1px transparent gif hosted on a server which logs IPs of those who requested it.

If you wanted to catch only joe's IP you should've sent him a PM and not post in in this thread.

BTW, joe is gweedo. Why? Because gweedo can't stand BitcoinINV lol
I thought of that, but if I was in his shoes I would have find it quite suspicious of being asked to click a link, especially with a strange free hosting domain name, but hey, I'm paranoid by nature.

takemybitcoins.com: Spend a few seconds entering a merchants email address to encourage them to accept Bitcoin
PGP key | Bitmessage: BM-GuCA7CkQ8ojXSFGrREpMDuWgv495FUX7
fergalish
Sr. Member
****
Offline Offline

Activity: 440
Merit: 250


View Profile
October 28, 2012, 10:51:07 PM
 #87

How can you possibly embed such code in a forum post?
It's called an image. Thankfully, only the 1337est of hackers can master this arcane technology.
Ah, I had looked at the "previous post", but there was no image. I guess he edited the post to remove the image so. Guess I'd better not take up a hacking career - I'd not get very far.   Even took me a couple of minutes to figure out 1337est.  Cry
But wait, OpenYourEyes said he was using a flash beacon to catch the IPs. I found this which shows how to embed flash code into a forum post, and the first reply says "allowing users to embed flash is a security risk". So... what gives?  OpenYourEyes can't have just used a regular image because that would have gone over joe23's TOR connection - he specifically tried flash which often ignores proxy settings.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
October 28, 2012, 10:55:13 PM
 #88

My post above contained a tracking beacon which was logging IPs & useragents; the link in my post went to a free hosting provider which I set up using a manner of techniques to log information about visitors (using JavaScript, PHP, and an embedded flash player which was requesting a video from my server), and then after a few seconds forwarded you to a legit blog post.
Fascinating! How can you possibly embed such code in a forum post? Surely this indicates a serious bug in SMF, the forum software?

One of the IP addresses you mention is mine, and I'm not joe23. Thanks for doing the xx.xx'ing - I'd hate to have a bunch of you guys suddenly trying to hack my box!
As theymos said, just an image: a simple 1px transparent gif hosted on a server which logs IPs of those who requested it.

If you wanted to catch only joe's IP you should've sent him a PM and not post in in this thread.

BTW, joe is gweedo. Why? Because gweedo can't stand BitcoinINV lol
I thought of that, but if I was in his shoes I would have find it quite suspicious of being asked to click a link, especially with a strange free hosting domain name, but hey, I'm paranoid by nature.

No need to click any link. You just embed it as an image on the PM just like you did in the thread reply. PM's can also use bbcode.
As soon as he opened the Messages page, which has your latest 20 or so messages showing, it would call your script and you'd have the data you wanted, but without all the garbage Wink

OpenYourEyes
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
October 28, 2012, 10:57:55 PM
 #89

How can you possibly embed such code in a forum post?
It's called an image. Thankfully, only the 1337est of hackers can master this arcane technology.
Ah, I had looked at the "previous post", but there was no image. I guess he edited the post to remove the image so. Guess I'd better not take up a hacking career - I'd not get very far.   Even took me a couple of minutes to figure out 1337est.  Cry
But wait, OpenYourEyes said he was using a flash beacon to catch the IPs. I found this which shows how to embed flash code into a forum post, and the first reply says "allowing users to embed flash is a security risk". So... what gives?  OpenYourEyes can't have just used a regular image because that would have gone over joe23's TOR connection - he specifically tried flash which often ignores proxy settings.
You're right, you can't embed flash on here. I just posted an image, but I had also posted a link to a website which had the Flash video embedded.
I have no idea any more as to whether Flash abides proxy settings, it never used to, but some are saying other wise now, plus my test failed so I'd be inclined to agree.

Quote
No need to click any link. You just embed it as an image on the PM just like you did in the thread reply. PM's can also use bbcode.
As soon as he opened the Messages page, which has your latest 20 or so messages showing, it would call your script and you'd have the data you wanted, but without all the garbage
True, but I don't have the ability to run PHP/JS/Flash code on here, hence why I had to ship him off to a point I control. Cheesy

takemybitcoins.com: Spend a few seconds entering a merchants email address to encourage them to accept Bitcoin
PGP key | Bitmessage: BM-GuCA7CkQ8ojXSFGrREpMDuWgv495FUX7
fergalish
Sr. Member
****
Offline Offline

Activity: 440
Merit: 250


View Profile
October 28, 2012, 11:05:53 PM
 #90

You're right, you can't embed flash on here. I just posted an image, but I had also posted a link to a website which had the Flash video embedded.
I have no idea any more as to whether Flash abides proxy settings, it never used to, but some are saying other wise now, plus my test failed so I'd be inclined to agree.

True, but I don't have the ability to run PHP/JS/Flash code on here, hence why I had to ship him off to a point I control. Cheesy
I feel less stupid now. The internets haven't suddenly changed the rules after all.  Smiley
juggalodarkclow
Legendary
*
Offline Offline

Activity: 980
Merit: 1000



View Profile
October 29, 2012, 12:39:50 AM
 #91

I bet it's Nefario making sure he can't be traced, and then if someone figures it out he'll cry and say he can't pay back GLBSE accounts until he gets the 14BTC back lol

deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1000



View Profile WWW
October 29, 2012, 01:37:57 AM
 #92

My post above contained a tracking beacon which was logging IPs & useragents; the link in my post went to a free hosting provider which I set up using a manner of techniques to log information about visitors (using JavaScript, PHP, and an embedded flash player which was requesting a video from my server), and then after a few seconds forwarded you to a legit blog post.
Fascinating! How can you possibly embed such code in a forum post? Surely this indicates a serious bug in SMF, the forum software?

One of the IP addresses you mention is mine, and I'm not joe23. Thanks for doing the xx.xx'ing - I'd hate to have a bunch of you guys suddenly trying to hack my box!
If you browse here, you're not that anonymous (unless you turn off images, or connect so that your IP address being logged doesn't matter).

Here's a web bug:
(it can be a blank image too)

Here's where you can see email notifications of everybody that viewed the image, along with their IP address, reverse domain name, and browser user agent: http://spypig.mailinator.com/
Update: spypig.com only sends information about the first five views, so the fun was over pretty quick.

I'll leave this here to freak you out instead:
jasinlee
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


Its as easy as 0, 1, 1, 2, 3


View Profile
October 29, 2012, 01:55:37 AM
 #93

Lol thats pretty funny they use a pig lmao

BTC 1JASiNZxmAN1WBS4dmGEDoPpzN3GV7dnjX DVC 1CxxZzqcy7YEVXfCn5KvgRxjeWvPpniK3                     Earn Devcoins Devtome.com
MelMan2002
Sr. Member
****
Offline Offline

Activity: 459
Merit: 250



View Profile
October 29, 2012, 03:22:15 AM
 #94

Hey fellow bitcoiners,

I am really a registered user in this forum since at least summer 2012. I set up this secondary, hopefully anonymous identity to give away some free bitcoins by ways of a challenge:

challenge:

I hereby challenge you to find the real me!

I set up a site on the net: http://findmeifyoucan.eu

I hereby promise to pay BTC 14 to anyone who provides one of the following pieces of information identifying the operator of findmeifyoucan.eu or (which is the same) the author of this post:

  • forum account id of 'real me'
  • my real name and (address or phone number or date of birth)
  • any IP-address that could be traced to my real identity by authorities

rules:

  • Rules are to be interpreted by me, in case of dispute, I am right, you are wrong
  • you must post here one of the above infos and a bitcoin address to which the bounty should be sent
  • you must provide a credible story of how you obtained the info
  • a 'hunch' is not enough, no guessing
  • I can change these rules at any time and will do so in OP (Original Post, the one you're reading)
  • the state of the OP at the time of claim is decisive for the rules, so please quote OP when claiming bounty
   
notes:
 
  • I'll give away small amounts of bitcoin to people pointing out flaws/mistakes/possible improvements regarding my anonymity
  • speculation in this thread is encouraged

additional info leaked:
 
  • theymous publishes the IP I use to access bitcointalk: 188.165.73.235
  • theymos publishes PM in which I ask MysteryMiner wether he was one of the german guys wearing masks at the Conference in London.
  • it is discovered that joe uses lastpass
  • "real me"s timezone has leaked: "it indicates timezone somewhere near UTC."

rewards payed for valuable feedback to:

  • MysteryMiner
  • Jasinlee
  • Openyoureyes

feel free to ask any questions... I might be happy to answer... or not.

you wouldn't have found anything about the "initial funding transaction", I think. I "cleaned" the funds using silkraod, that 10 BTC "initial load" is a silkroad withdrawl.

You are molecular.  He is the only one who mistypes "silkraod" like that.

1FV1BnSMYKDiqYtBtxZEhiT5TKg4TcDAKq

19F6veduCZcudwXuWoVosjmzziQz4EhBPS
Nite69
Sr. Member
****
Offline Offline

Activity: 477
Merit: 500


View Profile
October 29, 2012, 06:09:37 AM
 #95

Is your IP at all 24.143.xx.xx or 217.114.xx.xx (xx'd for privacy), or are you Smoothie, or someguy123. (Took a few stabs there).

I'm in the process of doing an explanation for my results.

My original intention was to try and use Flash to log your true IP:
Plugins such as Adobe Flash don't normally respect your browsers proxy settings (this must have changed recently, or I went about it the wrong way because it didn't work).


Good idea is to use NoScript and Flashblock on by default (firefox). Did you find my ip: 82.128.xxx.xx?
However, I have enabled javascript in bitocointalk.


Sync: ShiSKnx4W6zrp69YEFQyWk5TkpnfKLA8wx
Bitcoin: 17gNvfoD2FDqTfESUxNEmTukGbGVAiJhXp
Litecoin: LhbDew4s9wbV8xeNkrdFcLK5u78APSGLrR
AuroraCoin: AXVoGgYtSVkPv96JLL7CiwcyVvPxXHXRK9
joe23
Newbie
*
Offline Offline

Activity: 14
Merit: 1


View Profile
October 29, 2012, 06:36:58 AM
 #96

So if you ask him and he's ok with it, I will give him my consent to publish anything he has on me in this thread.

joe23@tormail.org
188.165.73.235
Ignores BitcoinINV

thanks, theymos.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2562
Merit: 1006



View Profile
October 29, 2012, 06:49:06 AM
 #97

you wouldn't have found anything about the "initial funding transaction", I think. I "cleaned" the funds using silkraod, that 10 BTC "initial load" is a silkroad withdrawl.

You are molecular.  He is the only one who mistypes "silkraod" like that.

1FV1BnSMYKDiqYtBtxZEhiT5TKg4TcDAKq

holy FUCK!



We have a winner.

Really, this is not how I thought it would end.

Melman2002 found me. One could argue it was a guess, but I think it was according to the rules (credible story and he wasn't stabbing around a lot).

Why did I only give 7 BTC so far?

Because I would really like to know the flaw Sans-EXP caught me overlooking Wink.

What do you guys think. All 14 BTC to MelMan2002?

MelMan2002, would you be ok with splitting the bounty with Sans-EXP if he presents the info on how he caught me?

I must say, you guys are fucking awesome!

EDIT: a fucking typing quirk of mine got me, I really can't get over it!

EDIT2: domain for sale: findmeifyoucan.eu Wink

EDIT3: too bad I can't ever do this again, it's been so much fun!

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
joe23
Newbie
*
Offline Offline

Activity: 14
Merit: 1


View Profile
October 29, 2012, 07:13:56 AM
 #98

Is your IP at all 24.143.xx.xx or 217.114.xx.xx (xx'd for privacy), or are you Smoothie, or someguy123. (Took a few stabs there).

I'm in the process of doing an explanation for my results.

My original intention was to try and use Flash to log your true IP:
Plugins such as Adobe Flash don't normally respect your browsers proxy settings (this must have changed recently, or I went about it the wrong way because it didn't work).

My post above contained a tracking beacon which was logging IPs & useragents; the link in


This could well have worked, I didn't protect against that.

I'm not sure how you embedded flash, can you explain? just <img>blah.swf</img> or what?

Do you see 85.17x.xxx.xxx in your logs?
molecular
Donator
Legendary
*
Offline Offline

Activity: 2562
Merit: 1006



View Profile
October 29, 2012, 07:42:58 AM
 #99

It really is quite amazing:



I really am the only one who mistypes sr like that.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
fergalish
Sr. Member
****
Offline Offline

Activity: 440
Merit: 250


View Profile
October 29, 2012, 09:54:33 AM
 #100

I'll leave this here to freak you out instead:
I suppose this is a dynamic image. The server grabs your IP address, writes the text into an image and serves that image. Still wouldn't get you a TOR user's real IP address.
The thing that freaked me out was that I misunderstood OpenYourEyes' post to mean he could embed arbitrary flash or java code into a simple HTML forum post AND make it execute on the victim's computer automatically and so, through these systems' bypassing of proxy settings, learn joe23's real IP. This would be a very serious security flaw, I expect.
Can anyone suggest a web page where the privacy of your web browser is tested? Like one that tries java, js, flash, html, php, other bug exploits to track an IP, even behind tor?  I know panopticlick from the EFF. Anything else?
Pages: « 1 2 3 4 [5] 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!