Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started

[ForgottenPassword]

Hey guys, I'd recommend you read ALL of Neha's posts. Clearly most of you have missed all the details/hints provided.

BTW it isn't as hard as you guys think. Initially I thought that, but there are PLENTY of ways to get the IP of that server. You can do it by gaining access to GApps (I don't think it uses Tor to fetch mail), and there are literally hundreds of ways to do that. I have found a number of "potentially dangerous" things that nuovocard has done and I'll disclose them to them privately once I've given up and leave it up to them if they want to post them here in order to help you guys.

[1714669622]

1714669622

[1714669622]

1714669622

[1714669622]

1714669622

[1714669622]

1714669622

[1714669622]

1714669622

[ForgottenPassword]

U are telling the hacker what route he'll take to hack u ? Your request is not to hack the web server, but the app server and that is also by finding IP ?

Your whois details are not yet protected

Let us know once u gather some money from your customer. U'll see the real hunters then. Good Luck

Yeah that is one thing I found funny. OP seems to think we actually need the IP to hack the server when we really don't. That is not how most modern hackers work.

I don't know if he'll pay up or not, I doubt he will tbh. The owners PayPal account is permanently suspended (not frozen, suspended indicates breach of TOS), I wonder why... But that doesn't make it less fun. Not everything is about money.

[neha]

Who said the Whois details are for our office and which Paypal account is suspended??? Please share.

Moreover, finding us is not difficult at all(Read the About Us).

I guess we need a team to do this ... IRC ? ^^

Regards

Nico

I'd have, if she escrowed 6+ BTC, i.e. the equivalent of 3000 USD at current market rate. Currently I dont feel the charm to hack her because the prize is uncertain. She is giving petty statements of reputation and bla bla. Let her launch and we'll see

Find the IP, I will escrow 2800 instantly. If no one finds the IP, there is no point. Its not like the hard part is over as soon as the IP is discovered. There are 2 layers of firewalls before reaching the server firewall and all the ports are closed.

U are telling the hacker what route he'll take to hack u ? Your request is not to hack the web server, but the app server and that is also by finding IP ?

Your whois details are not yet protected

Let us know once u gather some money from your customer. U'll see the real hunters then. Good Luck

You cant even find the IP right now....forget find, guess it. I gave the last two digits so that every second someone doesnt post and did I ever say that this server is the actual server?

[ForgottenPassword]

Who said the Whois details are for our office and which Paypal account is suspended??? Please share.

Moreover, finding us is not difficult at all(Read the About Us).

The problem with the WHOIS issue is that everyone knows that the email address for your Godaddy account is: harshjaiswal@gmail.com

Additionally when transferring a domain to another registrar it sends the verification email to that address, so if someone compromises your EPP code (or if you were using a registrar tht didn't use EPP) then they'd be able to transfer away the domain by hacking that email account.

So the main problem is if that account gets compromised they can steal your domain, or reset your Gapps account by verifying ownership using the DNS method.

The PayPal account for: harshjaiswal@gmail.com is the one that is suspended:



PS. If you know what you are doing you can trick PayPal into giving you information on the account holder (such as last 4 digits of your credit card which can be used to reset accounts for Apple and other services). Thats why I was poking around in there, sorry! they didn't give me any information anyway.

[neha]

Interesting. That account is like 11 years old I think. but anyways good find. FYI, godaddy account is not that one and the actual paypal account works just fine.

And ya to remove confusion, Ill get the privacy added tomorrow.

[BitCoinDream]

Interesting. That account is like 11 years old I think. but anyways good find. FYI, godaddy account is not that one and the actual paypal account works just fine.

And ya to remove confusion, Ill get the privacy added tomorrow.

Adding privacy wont work anymore. The information is already out in the open.

[neha]

Can I guess more than one?

You can guess as many as you want but you have to say how you got it if you got it right. You cant just list all the possible IP's of amazon and say its one of them.

Interesting. That account is like 11 years old I think. but anyways good find. FYI, godaddy account is not that one and the actual paypal account works just fine.

And ya to remove confusion, Ill get the privacy added tomorrow.

Adding privacy wont work anymore. The information is already out in the open.

Yeah but thats not the right info. Thats the info of our PR guy. Wont help anyone. Moreover, its not like we wont give our office address or phone numbers to concerned people. In a business you cant really hide your place of work.

[ForgottenPassword]

Part 1 with 1698 entries of a global ipv4 scan of the complete ipv4 space of all currently available online servers worldwide that are listen on port 18333 right at the moment
http://dustri.org/p/47d511
(Paste will be deleted after 1 week automatically for privacy reasons)
Part 2 should be ready soon after the scan is complete. So if your ip ends with 13 and is listening on port 18333 the chances are not that bad.

Um... the guy already said that he was using bitcoind over tor. I was planning to do what you did, but that won't work. The server does not listen on any port according to the OP. Additionally the default bitcoind listening port is 8333 not 18333.

[neha]

Part 1 with 1698 entries of a global ipv4 scan of the complete ipv4 space of all currently available online servers worldwide that are listen on port 18333 right at the moment
http://dustri.org/p/47d511
(Paste will be deleted after 1 week automatically for privacy reasons)
Part 2 should be ready soon after the scan is complete. So if your ip ends with 13 and is listening on port 18333 the chances are not that bad.

Guys I highly suggest you read what I have written. I have given enough hints till now and now I am not going to correct anyone as that also seems waste to alot of you. Last advice - read what I have written so you dont waste your time.

[Nico205]

Part 1 with 1698 entries of a global ipv4 scan of the complete ipv4 space of all currently available online servers worldwide that are listen on port 18333 right at the moment
http://dustri.org/p/47d511
(Paste will be deleted after 1 week automatically for privacy reasons)
Part 2 should be ready soon after the scan is complete. So if your ip ends with 13 and is listening on port 18333 the chances are not that bad.

Guys I highly suggest you read what I have written. I have given enough hints till now and now I am not going to correct anyone as that also seems waste to alot of you. Last advice - read what I have written so you dont waste your time.

If I understood it right, you wrote that the IP isn´t findable at the Moment ?!

[neha]

Man, I even gave you guys a netstat example. If you know TOR, you should know default port is 9050. and bitcoind listens to 9050 and that 9050 listens to something else. How will you guys find it if you cant understand something that is already given???

Anyways, done for the night. All replies tomorrow.

[Nico205]

Is 184.169.16.113 the ip ?

Is on amazon (should)
Has open testnet port
Has open tor port

[virtualx]

don't have much time, so I'll just guess .. the probability is higher than zero when you guess 
184.169.16.13

[Nico205]

LoL just used from: http://dustri.org/p/47d511 Gitju and https://forums.aws.amazon.com/ann.jspa?annID=1701 and used CRTL+F and copy & paste

Regards

Nico

[neha]

Nope.

Latest netstat example:-
tcp        0      0 localhost:9050          localhost:47342         ESTABLISHED
tcp        0      0 localhost:46330         localhost:9050          ESTABLISHED
tcp        0      0 localhost:47342         localhost:9050          ESTABLISHED
tcp        0      0 localhost:9050          localhost:46330         ESTABLISHED
tcp        0      0 localhost:9050          localhost:38319         ESTABLISHED
tcp        0      0 localhost:38319         localhost:9050          ESTABLISHED

Hope this helps.

[Nico205]

Nope.

Latest netstat example:-
tcp        0      0 localhost:9050          localhost:47342         ESTABLISHED
tcp        0      0 localhost:46330         localhost:9050          ESTABLISHED
tcp        0      0 localhost:47342         localhost:9050          ESTABLISHED
tcp        0      0 localhost:9050          localhost:46330         ESTABLISHED
tcp        0      0 localhost:9050          localhost:38319         ESTABLISHED
tcp        0      0 localhost:38319         localhost:9050          ESTABLISHED

Hope this helps.

Will see it

[BitCoinDream]

Nope.

Latest netstat example:-
tcp        0      0 localhost:9050          localhost:47342         ESTABLISHED
tcp        0      0 localhost:46330         localhost:9050          ESTABLISHED
tcp        0      0 localhost:47342         localhost:9050          ESTABLISHED
tcp        0      0 localhost:9050          localhost:46330         ESTABLISHED
tcp        0      0 localhost:9050          localhost:38319         ESTABLISHED
tcp        0      0 localhost:38319         localhost:9050          ESTABLISHED

Hope this helps.

Get off to sleep Neha. It must be midnight at your end

[Nico205]

Only to make sure your application server which should get hacked is located at Amazon =?

[vit1988]

Man, I even gave you guys a netstat example. If you know TOR, you should know default port is 9050. and bitcoind listens to 9050 and that 9050 listens to something else. How will you guys find it if you cant understand something that is already given???

My curiosity brought me back... can't wait to see the solution on how to utilize this "already given" facts. Or is the bitcoind publicly listening on 9050 and all we are supposed to do is portscan the amazon network to find a bitcoind on port 9050?

Your netstat only reveals that what happens on localhost stays on localhost

I'm not a tor expert but isn't the idea of a hidden tor service to be hidden? And any way to trace a hidden service would be a serious major flaw in tor?

[neha]

U are telling the hacker what route he'll take to hack u ? Your request is not to hack the web server, but the app server and that is also by finding IP ?

Your whois details are not yet protected

Let us know once u gather some money from your customer. U'll see the real hunters then. Good Luck

Comment from my partner :

"The whois details are designed to be displayed but the domain transfer is locked and the DNS is maintained by cloudflare. Nothing can be done on that aspect. The idea to leave it open was that we will adding further business information instead of making it private.

Further, this whole hacking challenge has been designed around an assumption that some senior level staff member tries to hack into the server in future who got to see the IP address of the server on our computers. Otherwise, if we didnt give the IP, this hacking challenge would not go any further because hacking into gmail would take quite some time assuming its even possible. Moreover, goodluck trying to transfer funds out of our wallet when the actual server is up as the wallet will be locked and the key will be in RAM and not stored anywhere. Same goes for the encryption key too.

Like everyone is already noticing, there is almost no way to find the IP but because we dont know everything, we figured one of you will be able to find a way and this is the reason we are trying to help as much as we can."

Only to make sure your application server which should get hacked is located at Amazon =?

Yes it is on Amazon.