BitCoinDream
Legendary
Offline
Activity: 2380
Merit: 1209
The revolution will be digital
|
|
August 15, 2014, 05:41:40 PM |
|
Can you please sent me the jar file of your application ?
There is still time for that part of the contest. There are atleast 23 people trying and it wont be fair to them. Also, I have discussed with the team and jar wont be necessary. We will post the instructions and server config later and you would be able to simulate our server. Lets give everyone the time promised. Who knows, someone might just hack our email address and get the IP. You would not believe this but earlier this whole system was designed using a Web Interface with app and everything and then everything was scrapped by my partner as he thought that whatever we do, we cannot be as safe as Google and so he made us do everything again just to keep security as the highest concern. Moreover, he found 2fa on phone apps too cumbersome. I guess thats why most companies dont have 2fa on their mobile apps. Partner: Ramesh Saho ? Is he at Rajasthan ?
|
|
|
|
neha (OP)
|
|
August 15, 2014, 05:51:28 PM |
|
Partner: Ramesh Saho ? Is he at Rajasthan ?
He is not a partner and he is from Bhubaneswar itself.
|
|
|
|
TheNewAnon135246
Legendary
Offline
Activity: 2198
Merit: 1989
฿uy ฿itcoin
|
|
August 15, 2014, 05:51:37 PM |
|
IP address: 104.28.2.120 Server Location: United States ISP: CloudFlare
Ramesh Saho Nuovocard International The Cosmopolis Near NH-5 Bhubaneswar, Orissa 750103 INDIA Telephone: 91969***** (I censored the telephone number).
|
|
|
|
ForgottenPassword
|
|
August 15, 2014, 05:52:39 PM |
|
IP address: 104.28.2.120 Server Location: United States ISP: CloudFlare
Ramesh Saho Nuovocard International The Cosmopolis Near NH-5 Bhubaneswar, Orissa 750103 INDIA Telephone: 91969***** (I censored the telephone number).
Thats the WEB SERVER. Thats not what we are after. We've been through this already... Not only that you didn't even realize that cloudflare is a CDN, so thats not even the IP of the webserver. What we need to find out is the IP of the server that is logging into Google Apps and pushing out those emails. They have cleaned the email headers, so the only way (well there are potentially others) to find it out is to hack their GApps account. They already told us the IP ends with 13 too.
|
|
|
|
neha (OP)
|
|
August 15, 2014, 05:58:15 PM |
|
IP address: 104.28.2.120 Server Location: United States ISP: CloudFlare
Ramesh Saho Nuovocard International The Cosmopolis Near NH-5 Bhubaneswar, Orissa 750103 INDIA Telephone: 91969***** (I censored the telephone number).
Thats the WEB SERVER. Thats not what we are after. We've been through this already... Not only that you didn't even realize that cloudflare is a CDN, so thats not even the IP of the webserver. What we need to find out is the IP of the server that is logging into Google Apps and pushing out those emails. They have cleaned the email headers, so the only way (well there are potentially others) to find it out is to hack their GApps account. They already told us the IP ends with 13 too. IP Ends with 13 and thanks for pointing the above out. Also, if were to use TOR with java apps, it would have become impossible to find even if you would have hacked into our gapps account. By impossible, I mean would cost way more than the return.
|
|
|
|
ForgottenPassword
|
|
August 15, 2014, 06:00:02 PM |
|
Does the server running bitcoind listen on port 8333?
Also someone could potentially run a couple of Tor nodes and find out which amazon IP's connect to them that end in 13, I would doubt there are many.
|
|
|
|
vit1988
|
|
August 15, 2014, 06:05:19 PM |
|
Nope. Ill give a hint, the IP Address ends with 13.
10.4.16.13 or 192.168.0.13 Does it even have a public IP? And if so, why does it have one if the architecture is designed to not expose it anyways?
|
|
|
|
ForgottenPassword
|
|
August 15, 2014, 06:08:10 PM |
|
I know you said it ends in 13, but was that a trick question? Is it xxx.xxx.xxx.13 Or xxx.xxx.xxx.x13? Does it even have a public IP? And if so, why does it have one if the architecture is designed to not expose it anyways?
How would it talk to Google Apps without a public IP?
|
|
|
|
neha (OP)
|
|
August 15, 2014, 06:10:36 PM |
|
Does the server running bitcoind listen on port 8333?
Also someone could potentially run a couple of Tor nodes and find out which amazon IP's connect to them that end in 13, I would doubt there are many.
Thats actually a brilliant idea considering I told you the last two digits. Also, about your 8333, technically I think its 18332 but that irrelevant with TOR. Giving you 2 outputs from netstat below:- tcp 0 0 localhost:9050 localhost:38319 ESTABLISHED tcp 0 0 localhost:38319 localhost:9050 ESTABLISHED Hope this helps somehow. Nope. Ill give a hint, the IP Address ends with 13.
10.4.16.13 or 192.168.0.13 Does it even have a public IP? And if so, why does it have one if the architecture is designed to not expose it anyways? Ofcourse it has a public IP otherwise how else would it talk to the bitcoin network and check emails and how else will we connect to it if we need to? I know you said it ends in 13, but was that a trick question? Is it xxx.xxx.xxx.13 Or xxx.xxx.xxx.x13? Here is my guess: 54.194.115.213 Does it even have a public IP? And if so, why does it have one if the architecture is designed to not expose it anyways?
How would it talk to Google Apps without a public IP? Nope thats not the IP.
|
|
|
|
Nico205
|
|
August 15, 2014, 06:22:49 PM |
|
I guess we need a team to do this ... IRC ? ^^
Regards
Nico
|
|
|
|
vit1988
|
|
August 15, 2014, 06:23:39 PM |
|
Ofcourse it has a public IP otherwise how else would it talk to the bitcoin network and check emails and how else will we connect to it if we need to?
Internal network, vpn, relays, proxies, firewalls, you name it...
|
|
|
|
Equinoxx
|
|
August 15, 2014, 06:25:51 PM |
|
62.115.13.13
|
-.sgmf
|
|
|
BitCoinDream
Legendary
Offline
Activity: 2380
Merit: 1209
The revolution will be digital
|
|
August 15, 2014, 06:26:05 PM |
|
Does the server running bitcoind listen on port 8333?
Also someone could potentially run a couple of Tor nodes and find out which amazon IP's connect to them that end in 13, I would doubt there are many.
Can there be a way to decrypt it ? Anyone ? 584262684250-52kri9btcso7bk6ohs3u8j0ur8dicmf4.apps.googleusercontent.com
|
|
|
|
Nico205
|
|
August 15, 2014, 06:33:20 PM |
|
Does the server running bitcoind listen on port 8333?
Also someone could potentially run a couple of Tor nodes and find out which amazon IP's connect to them that end in 13, I would doubt there are many.
Can there be a way to decrypt it ? Anyone ? 584262684250-52kri9btcso7bk6ohs3u8j0ur8dicmf4.apps.googleusercontent.com Resolves to: de-cix20.net.google.com ------------------------ 80.81.193.108
|
|
|
|
neha (OP)
|
|
August 15, 2014, 06:33:35 PM |
|
Ofcourse it has a public IP otherwise how else would it talk to the bitcoin network and check emails and how else will we connect to it if we need to?
Internal network, vpn, relays, proxies, firewalls, you name it... I am not sure if you familiar with amazon architecture, see below. This will give you an idea(It was two servers, assume one):- So there are enough firewalls.
|
|
|
|
Nico205
|
|
August 15, 2014, 06:35:09 PM |
|
Ofcourse it has a public IP otherwise how else would it talk to the bitcoin network and check emails and how else will we connect to it if we need to?
Internal network, vpn, relays, proxies, firewalls, you name it... I am not sure if you familiar with amazon architecture, see below. This will give you an idea(It was two servers, assume one):- So there are enough firewalls. Does the ip start with 10 ?
|
|
|
|
vit1988
|
|
August 15, 2014, 06:38:51 PM |
|
Let's summarise this:
- Webserver is behind cloudflare - Application server runs bitcoind over tor
- Find the IP challenge is like "find my office in tokyo by sending a letter to my anonymous p/o box in panama which will trigger some street lights in london but"
I'm out.
|
|
|
|
neha (OP)
|
|
August 15, 2014, 06:41:43 PM |
|
Does the ip start with 10 ?
10 is internal network ip. I guess we need a team to do this ... IRC ? ^^
Regards
Nico
I'd have, if she escrowed 6+ BTC, i.e. the equivalent of 3000 USD at current market rate. Currently I dont feel the charm to hack her because the prize is uncertain. She is giving petty statements of reputation and bla bla. Let her launch and we'll see Find the IP, I will escrow 2800 instantly. If no one finds the IP, there is no point. Its not like the hard part is over as soon as the IP is discovered. There are 2 layers of firewalls before reaching the server firewall and all the ports are closed. Let's summarise this:
- Webserver is behind cloudflare - Application server runs bitcoind over tor
- Find the IP challenge is like "find my office in tokyo by sending a letter to my anonymous p/o box in panama which will trigger some street lights in london but"
I'm out.
I like your analogy but we wouldnt be offering money if it was easy. Moreover, we wouldn't be offering money if we knew for sure that its one of the most challenging hacks...way more than any other bitcoin service providers currently out there.
|
|
|
|
|
Nico205
|
|
August 15, 2014, 06:53:11 PM |
|
If anyone want to join #hack_challenge on freenode irc Regards Nico
|
|
|
|
|