Bitcoin Forum
December 05, 2016, 12:38:58 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Mt. Gox Dump Analysis...  (Read 2422 times)
LehmanSister
Member
**
Offline Offline

Activity: 68


High Desert Dweller-Where Space and Time Meet $


View Profile
June 19, 2011, 11:44:49 PM
 #1

I am in a rush to leave the computer for a bit, but doing a quick scan of the dump file, it looks like things began to get interesting around here:

Code:
5424,asdf<script>alert(\'hi!\')</scri,,
5358,buttcoin,dfdf<script>alert(\'hi\')</script>asf,
11476,\'\",,$
11486,\"\'<script>alert(1);</script>xx,,
11488,\"\'<script>alert(1);</script>xx,
11489,\'<script>alert(1);</script>xxx,,
11573,\\\'abc,,

(solid attempts here)
12550,hehehe16235e4255951b319c0b4251,,$1$cItuRw49$iqqj0GL8gbrGXaIBRH3UZ0
12551,hehehe\',,$1$USDebpwM$4No7PaNkFl2uQjo6VYt2F1
12552,hehehe%27,,$1$Z8VXZePd$v6i3MZaIRBqAmSka.9eWC1
12553,hehehe\0\',,$1$5G.DrQ9A$IC/7j46weU8GRFoNZSFBy/
12554,hehehe\'waitfor delay\'0:0:20\'--,,$1$T6yRted3$bmSQXQSYrVKqq0JWLyOMJ.
12555,hehehe\')waitfor delay\'0:0:20\'-,,$1$OzcLllL9$ZbXFPAB.Pfjak/VxOIOeE0
12556,hehehe\',0)waitfor delay\'0:0:20,,$1$ZJVxD1Xi$8MuO2/IEK2ITAOiRVH8nD/
12557,hehehe\',0,0)waitfor delay\'0:0:,,$1$TVk6yuVk$IKj5636wmFDwul0J2mtw8.
12558,hehehe\',0,0,0)waitfor delay\'0:,,$1$ldybUNj/$jZ5XJRWM8DsOTM3FU9TyN0
12559,hehehe13505493\' or 1=1-- ,,$1$eD2QR9wb$n2ES9mryOwb39m07EdVja1
12560,hehehe13505493\' or 1=2-- ,,$1$yh5tknjZ$5Pi3E44d9lC6jmlwtL5250
12561,hehehe\' and 1=1-- ,,$1$7OR.qKMW$M1gLES96gr6a/fb/o1ToL.
12562,hehehe\' and 1=2-- ,,$1$W/mj92FN$SeBF1uKItpztF0Gcpgha71
12563,hehehe\",,$1$Xclf9zYB$kGurv/zPglRMJB1r9mLos1
12564,hehehe..\\..\\..\\..\\..\\..\\..\\..\\,,$1$wfWxEq/f$hVs96YAc3f6T5HtBpZnGt.
12565,hehehe..\\..\\..\\..\\..\\..\\..\\..\\,,$1$J0YW1ZtL$UglwEbkD0t076yqUckM5h1
12566,hehehe../../../../../../../../,,$1$mDA8RuIk$MbA2/jDB2e6.JjjIEnIN/0
12567,hehehe../../../../../../../../,,$1$tYEuSw6j$PcXJwu4onY8bhxQG.SMNb/
12568,hehehe..\\..\\..\\..\\..\\..\\..\\..\\,,$1$RoVqlFLH$78g0BmMgcLmAiSsgusdd90
12569,hehehe..\\..\\..\\..\\..\\..\\..\\..\\,,$1$23k9YpGs$IyF2bEcQAZFffDd5.9a1O/
12570,hehehe../../../../../../../../,,$1$SbzGxMYr$G8p9GJSavED0gJ.B0MQ8m/
12571,hehehe../../../../../../../../,,$1$kPJWfKEm$c01Ga/ZKxFzw5HZJwr438/


47196,test\'test\"test,,
49848,\'\"`,,
57815,\'1=1=0,,
60500,\\zxzx1984,,

I'm sure there is more. Considering the age of those users, and it's not quite all that easy to see how sucessful the attempts were. I can poke around more upon my return.

ISO: small island nations with large native populations excited to pay tribute to flying gods, will trade BTC.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480898338
Hero Member
*
Offline Offline

Posts: 1480898338

View Profile Personal Message (Offline)

Ignore
1480898338
Reply with quote  #2

1480898338
Report to moderator
bitrebel
Sr. Member
****
Offline Offline

Activity: 364


View Profile
June 19, 2011, 11:55:30 PM
 #2

so buttcoin had something to do with it, huh?
Someone should find out where buttcoin first appeared online, and then trace it back to it's creator.

Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
LehmanSister
Member
**
Offline Offline

Activity: 68


High Desert Dweller-Where Space and Time Meet $


View Profile
June 19, 2011, 11:56:51 PM
 #3

so buttcoin had something to do with it, huh?
Someone should find out where buttcoin first appeared online, and then trace it back to it's creator.

I've heard so many buttcoin jokes, I don't know how unique it would be, heh.

ISO: small island nations with large native populations excited to pay tribute to flying gods, will trade BTC.
kw71
Newbie
*
Offline Offline

Activity: 14


View Profile
June 20, 2011, 12:15:01 AM
 #4

The buttcoin clown is almost as prolific as Harold Camping.  There is no reason he should not be held responsible for this.
JTaBitCoinKing
Newbie
*
Offline Offline

Activity: 28


View Profile
June 20, 2011, 12:16:51 AM
 #5

hehehe
hehehe
hehehe

It's too bad we have no idea what this function dose. You think the client software is infected? Or the people behind the attack are bitcoins founders?

This is like something out of a movie.
bitrebel
Sr. Member
****
Offline Offline

Activity: 364


View Profile
June 20, 2011, 12:21:03 AM
 #6

Evan Schmidt is all I can find that is remotely associated with buttcoin.
He is a computer programmer, and owner of the domains walletinspector and registered under the name bitguard.  I think he has a few other names registered. He looks innocent enough. lol
Registered walletinspector on June 16.

I find the name walletinspector a little suspicious considering the circumstances of what took place, but it's no evidence of anything.

Page on facebook - http://www.facebook.com/pages/Buttcoin-P2P-Cryptobutt/214676848554523
Buttcoin P2P Cryptobutt

he also owns buttcoin.org registered on May 26.

Why so much emphasis on Buttcoins by this person?
Why is buttcoin in the header of the hack attack?

Just wondering....Huh

Maybe someone wants to tell me how http://walletinspector.info/ benefits anyone?

Now I found this on another thread and i'm pretty sure we have our clown.
http://forum.bitcoin.org/index.php?action=search2







Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
cablepair
Hero Member
*****
Offline Offline

Activity: 854


https://btc-republic.com/index.php?ref=cablepair


View Profile WWW
June 20, 2011, 12:34:39 AM
 #7

a the hashes are very real.

I took a small sample (about 30 usernames) and was able to crack about 4 passwords right off the jump using nothing more than john the ripper and a intel core 2 duo cpu.


LehmanSister
Member
**
Offline Offline

Activity: 68


High Desert Dweller-Where Space and Time Meet $


View Profile
June 20, 2011, 12:38:50 AM
 #8

Evan Schmidt is all I can find that is remotely associated with buttcoin.

By that logic, "hehehe" is a guilty party. No, I've heard that phrase used plenty of times. I wouldn't go lynching just yet. It's Mt. Gox's responsibility to follow up, that's what transaction fees are paid for. If they are having difficulty (and it seems that they are, given how long some of these names have been in there), then they should do their own investigation. Or they can pay any number of computer forensics people on the board to do so.

It's not that big a deal, I think they did a decent job of protecting the integrity of the back end, and like all frontends, there are mistakes. There are various ways to lock up your client facing sites, but it's difficult to meet a BOOMING market, while also providing excellent security and functionality. The only thing that comes out of this is more support for local bitcoin trading (which I support) and stronger online trading houses. Nothin' wrong with that.

ISO: small island nations with large native populations excited to pay tribute to flying gods, will trade BTC.
iCEBREAKER
Legendary
*
Offline Offline

Activity: 1498


Crypto is the separation of Power and State.


View Profile WWW
June 20, 2011, 01:30:34 AM
 #9

hehehe
hehehe
hehehe

It's too bad we have no idea what this function dose. You think the client software is infected? Or the people behind the attack are bitcoins founders?

This is like something out of a movie.

It would seem that hehehe is how you call the Lulz function.

The difference between bad and well-developed digital cash will determine whether we have a dictatorship or a real democracy.  David Chaum 1996
Fungibility provides privacy as a side effect.  Adam Back 2014
"Monero" : { Private - Auditable - 100% Fungible - Flexible Blocksize - Wild & Free® - Intro - Wallets - Podcats - Roadmap - Dice - Blackjack - Github - Android }


Bitcoin is intentionally designed to be ungovernable and governance-free.  luke-jr 2016
Blocks must necessarily be full for the Bitcoin network to be able to pay for its own security.  davout 2015
Blocksize is an intentionally limited resource, like the 21e6 BTC limit.  Changing it degrades the surrounding economics, creating negative incentives.  Jeff Garzik 2013


"I believed @Dashpay instamine was a bug & not a feature but then read: https://bitcointalk.org/index.php?topic=421615.msg13017231#msg13017231
I'm not against people making money, but can't support questionable origins."
https://twitter.com/Tone_LLT/status/717822927908024320


The raison d'être of bitcoin is trustlessness. - Eric Lombrozo 2015
It is an Engineering Requirement that Bitcoin be “Above the Law”  Paul Sztorc 2015
Resiliency, not efficiency, is the paramount goal of decentralized, non-state sanctioned currency -Jon Matonis 2015

Bitcoin is intentionally designed to be ungovernable and governance-free.  luke-jr 2016

Technology tends to move in the direction of making surveillance easier, and the ability of computers to track us doubles every eighteen months. - Phil Zimmerman 2013

The only way to make software secure, reliable, and fast is to make it small. Fight Features. - Andy Tanenbaum 2004

"Hard forks cannot be co
onesalt
Sr. Member
****
Offline Offline

Activity: 308


View Profile
June 20, 2011, 01:32:36 AM
 #10

buttcoin is hilarious, i'm sorry, and If you really don't get the humour in satiring a website then I don't know what to think.
bitrebel
Sr. Member
****
Offline Offline

Activity: 364


View Profile
June 20, 2011, 01:34:44 AM
 #11

buttcoin is hilarious, i'm sorry, and If you really don't get the humour in satiring a website then I don't know what to think.


It's not just satire. He is all about hating on bitcoins. If he supported them, he would not spend his time doing this. It's more than a joke. It's vicious

Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
iCEBREAKER
Legendary
*
Offline Offline

Activity: 1498


Crypto is the separation of Power and State.


View Profile WWW
June 20, 2011, 03:45:26 AM
 #12

buttcoin is hilarious, i'm sorry, and If you really don't get the humour in satiring a website then I don't know what to think.


It's not just satire. He is all about hating on bitcoins. If he supported them, he would not spend his time doing this. It's more than a joke. It's vicious

From Gulliver's Travels to South Park, good satire is nothing if not vicious.

Calling them shitcoins would be vicious; buttcoin is merely a hilarious spoof.

By taking everything so seriously, you play into their smarmy critique, and make it funnier to boot.

The difference between bad and well-developed digital cash will determine whether we have a dictatorship or a real democracy.  David Chaum 1996
Fungibility provides privacy as a side effect.  Adam Back 2014
"Monero" : { Private - Auditable - 100% Fungible - Flexible Blocksize - Wild & Free® - Intro - Wallets - Podcats - Roadmap - Dice - Blackjack - Github - Android }


Bitcoin is intentionally designed to be ungovernable and governance-free.  luke-jr 2016
Blocks must necessarily be full for the Bitcoin network to be able to pay for its own security.  davout 2015
Blocksize is an intentionally limited resource, like the 21e6 BTC limit.  Changing it degrades the surrounding economics, creating negative incentives.  Jeff Garzik 2013


"I believed @Dashpay instamine was a bug & not a feature but then read: https://bitcointalk.org/index.php?topic=421615.msg13017231#msg13017231
I'm not against people making money, but can't support questionable origins."
https://twitter.com/Tone_LLT/status/717822927908024320


The raison d'être of bitcoin is trustlessness. - Eric Lombrozo 2015
It is an Engineering Requirement that Bitcoin be “Above the Law”  Paul Sztorc 2015
Resiliency, not efficiency, is the paramount goal of decentralized, non-state sanctioned currency -Jon Matonis 2015

Bitcoin is intentionally designed to be ungovernable and governance-free.  luke-jr 2016

Technology tends to move in the direction of making surveillance easier, and the ability of computers to track us doubles every eighteen months. - Phil Zimmerman 2013

The only way to make software secure, reliable, and fast is to make it small. Fight Features. - Andy Tanenbaum 2004

"Hard forks cannot be co
Sukrim
Legendary
*
Offline Offline

Activity: 1848


View Profile
June 20, 2011, 10:04:05 AM
 #13

a the hashes are very real.

I took a small sample (about 30 usernames) and was able to crack about 4 passwords right off the jump using nothing more than john the ripper and a intel core 2 duo cpu.

Salted or unsalted ones? Roll Eyes

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
bitrebel
Sr. Member
****
Offline Offline

Activity: 364


View Profile
June 20, 2011, 10:21:16 AM
 #14

buttcoin is hilarious, i'm sorry, and If you really don't get the humour in satiring a website then I don't know what to think.


It's not just satire. He is all about hating on bitcoins. If he supported them, he would not spend his time doing this. It's more than a joke. It's vicious

From Gulliver's Travels to South Park, good satire is nothing if not vicious.

Calling them shitcoins would be vicious; buttcoin is merely a hilarious spoof.

By taking everything so seriously, you play into their smarmy critique, and make it funnier to boot.

Okay, you make good points. Maybe I just love the idea of bitcoins a lot. Many of us feel a need to protect them, and what it is all about, and maybe I fall into that category. I really don't mean to accuse Evan of anything, but just to forewarn everyone of the potential harm. Especially if he is baiting viruses or malware or trojans or anything malicious. It is at least a good idea to publicize it. His site, after all, has been linked to some problems, right?

Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!