Bitcoin Forum
December 16, 2017, 11:28:18 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
Author Topic: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started  (Read 6405 times)
neha
Full Member
***
Offline Offline

Activity: 168


View Profile WWW
August 14, 2014, 09:00:30 PM
 #21

Challenge accepted, been looking for a place to hone my skills Cheesy

Awesome, make sure you review the instructions of sending the email and communicating with the server. The only way you can reach the server is to send an email to hack@nuovocard.com with subject as 'transfer' and you will get a Testnet Transaction ID back.

Also, currently we have the server set to check mail every 30 seconds as we dont expect too much traffic. So please wait for 30 seconds to get a reply.

1513423698
Hero Member
*
Offline Offline

Posts: 1513423698

View Profile Personal Message (Offline)

Ignore
1513423698
Reply with quote  #2

1513423698
Report to moderator
1513423698
Hero Member
*
Offline Offline

Posts: 1513423698

View Profile Personal Message (Offline)

Ignore
1513423698
Reply with quote  #2

1513423698
Report to moderator
1513423698
Hero Member
*
Offline Offline

Posts: 1513423698

View Profile Personal Message (Offline)

Ignore
1513423698
Reply with quote  #2

1513423698
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513423698
Hero Member
*
Offline Offline

Posts: 1513423698

View Profile Personal Message (Offline)

Ignore
1513423698
Reply with quote  #2

1513423698
Report to moderator
1513423698
Hero Member
*
Offline Offline

Posts: 1513423698

View Profile Personal Message (Offline)

Ignore
1513423698
Reply with quote  #2

1513423698
Report to moderator
neha
Full Member
***
Offline Offline

Activity: 168


View Profile WWW
August 14, 2014, 09:21:05 PM
 #22

Well, I'll give it a shot. I'm not a hacker, but I have lots of experience with MS paint. If a poorly drawn MS paint picture of goatse shows up on your site you know who did it.

Hey, remember the challenge is not to hack the webserver. If you are able to hack the app server...make sure you leave a text file in the home folder with you email address.

deydod
Newbie
*
Offline Offline

Activity: 19


View Profile
August 14, 2014, 09:42:30 PM
 #23

IP is: 64.233.166.121

Location:
City:   Mountain View
Country:   United States
State: California

Am I right?
neha
Full Member
***
Offline Offline

Activity: 168


View Profile WWW
August 14, 2014, 09:47:21 PM
 #24

IP is: 64.233.166.121

Location:
City:   Mountain View
Country:   United States
State: California

Am I right?

Nope. Thats Google I think.

Update : Yeah that is google. http://64.233.166.121.ipaddress.com/.

Please check who does the IP belong to before you post. Our server currently is not on Google.

BitCoinDream
Legendary
*
Offline Offline

Activity: 1246

The revolution will be digital


View Profile
August 14, 2014, 10:29:10 PM
 #25

Hi Neha, HappY Independence Day Smiley

You have chosen a great day to kickstart the hackathon. As I understand, u dont want us to find where Nuovocard.com is running, i.e. the web server. U want us to find out the server IP from where the mail is originating. Am I wrong ?

MakeBelieve
Hero Member
*****
Offline Offline

Activity: 602


View Profile
August 14, 2014, 10:45:39 PM
 #26

Hi Neha, HappY Independence Day Smiley

You have chosen a great day to kickstart the hackathon. As I understand, u dont want us to find where Nuovocard.com is running, i.e. the web server. U want us to find out the server IP from where the mail is originating. Am I wrong ?

That's what he is asking you to do...I'm going to give this a shot!

On a mission to make Bitcointalk.org Marketplace a safer place to Buy/Sell/Trade
BitCoinDream
Legendary
*
Offline Offline

Activity: 1246

The revolution will be digital


View Profile
August 14, 2014, 10:50:28 PM
 #27

Nothing is getting deposited to https://blockchain.info/address/mrm4AN6uAExNgXbRtqVL5tA4RmVxR2QtMa and blockchain.info is showing that the Tx hash u have sent does not exist. Is the App properly configured on your app server ?

cooldgamer
Legendary
*
Offline Offline

Activity: 1218


We are the champions of the night


View Profile WWW
August 14, 2014, 10:52:27 PM
 #28

Nothing is getting deposited to https://blockchain.info/address/mrm4AN6uAExNgXbRtqVL5tA4RmVxR2QtMa and blockchain.info is showing that the Tx hash u have sent does not exist. Is the App properly configured on your app server ?
They are testnet transactions, so you need to use a testnet block explorer

http://blockexplorer.com/testnet/address/mrm4AN6uAExNgXbRtqVL5tA4RmVxR2QtMa

BitCoinDream
Legendary
*
Offline Offline

Activity: 1246

The revolution will be digital


View Profile
August 14, 2014, 11:00:55 PM
 #29

Nothing is getting deposited to https://blockchain.info/address/mrm4AN6uAExNgXbRtqVL5tA4RmVxR2QtMa and blockchain.info is showing that the Tx hash u have sent does not exist. Is the App properly configured on your app server ?
They are testnet transactions, so you need to use a testnet block explorer

http://blockexplorer.com/testnet/address/mrm4AN6uAExNgXbRtqVL5tA4RmVxR2QtMa

Oops ...sorry. Missed it. Feeling sleepy. By the way, they are most likely using Google server to sign mails, as it appears from the mail header. Can we get IP behind Google ? Most probably no by any known technology, but may be possible by social engineering.

ForgottenPassword
Full Member
***
Offline Offline

Activity: 154


View Profile
August 14, 2014, 11:22:25 PM
 #30

nuovocard.com is registered to use Google Apps. The emails are arriving into gmail and their server is SMTP'ing in and getting them.

Only way to get the IP would be to hack their Google Apps account.

I have private messages disabled. Send me an email instead. My contact details can be found here.

Tip Address: 13Lwo1hK5smoBpFWxmqeKSL52EvN8U7asX
virtualx
Hero Member
*****
Offline Offline

Activity: 644



View Profile
August 14, 2014, 11:48:07 PM
 #31

Is it 10.229.74.74 ?

neha
Full Member
***
Offline Offline

Activity: 168


View Profile WWW
August 15, 2014, 07:30:01 AM
 #32

We Wish A Happy Independence Day to all Indians.

Is it 10.229.74.74 ?

Nope. Ill give a hint, the IP Address ends with 13.

nuovocard.com is registered to use Google Apps. The emails are arriving into gmail and their server is SMTP'ing in and getting them.

Only way to get the IP would be to hack their Google Apps account.
If thats what it takes, please try that too.

Nico205
Full Member
***
Offline Offline

Activity: 130


View Profile WWW
August 15, 2014, 11:35:21 AM
 #33

I cannot view the transaction in the testnet blockchain explorer.
neha
Full Member
***
Offline Offline

Activity: 168


View Profile WWW
August 15, 2014, 11:41:53 AM
 #34

I cannot view the transaction in the testnet blockchain explorer.

http://tbtc.blockr.io/tx/info/0077907e9eee7a211de25feef9997ba0c348b8aee85319f7c541ce635757bad4

Nico205
Full Member
***
Offline Offline

Activity: 130


View Profile WWW
August 15, 2014, 11:42:17 AM
 #35


thx Wink
Nico205
Full Member
***
Offline Offline

Activity: 130


View Profile WWW
August 15, 2014, 11:56:07 AM
 #36

Is your server located by hetzner ?
neha
Full Member
***
Offline Offline

Activity: 168


View Profile WWW
August 15, 2014, 11:58:02 AM
 #37

Nope...amazon. Already disclosed that earlier.

All the best.

Nico205
Full Member
***
Offline Offline

Activity: 130


View Profile WWW
August 15, 2014, 12:27:01 PM
 #38

Can you please sent me the jar file of your application ?
neha
Full Member
***
Offline Offline

Activity: 168


View Profile WWW
August 15, 2014, 12:33:05 PM
 #39

Can you please sent me the jar file of your application ?

There is still time for that part of the contest. There are atleast 23 people trying and it wont be fair to them. Also, I have discussed with the team and jar wont be necessary. We will post the instructions and server config later and you would be able to simulate our server. Lets give everyone the time promised. Who knows, someone might just hack our email address Wink and get the IP.

You would not believe this but earlier this whole system was designed using a Web Interface with app and everything and then everything was scrapped by my partner as he thought that whatever we do, we cannot be as safe as Google and so he made us do everything again just to keep security as the highest concern. Moreover, he found 2fa on phone apps too cumbersome. I guess thats why most companies dont have 2fa on their mobile apps.

neha
Full Member
***
Offline Offline

Activity: 168


View Profile WWW
August 15, 2014, 05:22:05 PM
 #40

Tor is used with Bitcoind.

Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!