pythonpro1337
Member
 Offline
Activity: 99
Merit: 10
|
 |
February 08, 2015, 03:13:44 AM |
|
The largest vuln i found allows an attacker to trick the server into disclosing a substantial chunk of memory, repeatedly. As you can imagine, process memory is likely to contain sensitive information, for example server private keys
|
|
|
|
|
|
|
|
|
|
The forum was founded in 2009 by Satoshi and Sirius. It replaced a
SourceForge forum.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
xhomerx10
Legendary
Offline
Activity: 3822
Merit: 7976
|
|
February 08, 2015, 03:17:30 AM |
|
What would be the ramifications if one were to hack this site, send a list of the vulnerabilities to the OP only to find out later it was not in fact OPs site?
|
|
|
|
|
pythonpro1337
Member
Offline
Activity: 99
Merit: 10
|
|
February 08, 2015, 03:22:49 AM |
|
he would have to prove to me its his site which is why i originally requested ssh and terminal access he responded, "id have to think about it" which is why id like to now use escrow and provide him a full comprehensive report on how he can fix it himself or pay his local admin to do it or him. now i find this user kinda sketchy
|
|
|
|
|
johny1976 (OP)
Legendary
Offline
Activity: 1135
Merit: 1002
Developer
|
|
February 08, 2015, 08:51:02 PM |
|
he would have to prove to me its his site which is why i originally requested ssh and terminal access he responded, "id have to think about it" which is why id like to now use escrow and provide him a full comprehensive report on how he can fix it himself or pay his local admin to do it or him. now i find this user kinda sketchy
To prove it's our site I don't believe you need access to our server. We can upload there an image you can send us for example.  It's just kind of suspicious that you want access to the server so much and that's the reason for "I have to think about it". Btw: You can edit someting on the server so we know you've really found something. Thank you! |
|
|
|
|
pythonpro1337
Member
Offline
Activity: 99
Merit: 10
|
|
February 08, 2015, 08:55:06 PM |
|
how about you message me on skype i give yoyu an image to upload and then you put funds in escrow i have a full report ready RIGHT NOW as well as details on the SIX YES SIX VULNS YOU HAVE! if you dont believe me put the funds for 6 vulns in escrow with someone trusted and ill provide them with the full report!!!! dont risk passing this by!!
|
|
|
|
|
pythonpro1337
Member
Offline
Activity: 99
Merit: 10
|
|
February 08, 2015, 09:11:40 PM |
|
i have chosen maidak as he is online now and he will probably be in communication with us shortly as i have left a reply on his escrow thread
|
|
|
|
|
johny1976 (OP)
Legendary
Offline
Activity: 1135
Merit: 1002
Developer
|
|
February 08, 2015, 09:31:03 PM |
|
We're working to get escrow service.
Btw: pythonpro1337 is behaving kind of suspicious. He claims he's found 6 vulnarebilities but he can't give us proof because he's working fow US gov and can go to jail if he really hacks our site.
|
|
|
|
|
pythonpro1337
Member
Offline
Activity: 99
Merit: 10
|
|
February 08, 2015, 09:38:14 PM |
|
which is true im trying to do you guys a favor i can list the vulns here in a post with full report, but then someone can hack you before you even fix them, which is why im acting "suspicious" to you. im trying tobe legit and transparent without risk to your server and personal property belonging on there. im DOING EVERYTHING TO BE OPEN AND TRANSPARENT WITHOUT THE RISK OF LOSING MY JOB!!! WTF IS WRONG WITH YOU PEOPLE?!?! DONT YOU WANT THIS COMMUNITY TO SUCEED?!
"why dont you hack it yourself"
idk any hackers
[4:38:25 PM] Python Pro: tbh
[4:38:31 PM] Python Pro: i can just provide the escrow the six vulns
[4:38:33 PM] Python Pro: and full report
[4:38:39 PM] Python Pro: you check your server for the shit yourself
[4:38:47 PM] Python Pro: and google the vuln codes listed on wiki
[4:38:55 PM] Python Pro: your dumb not to fix them and get the report
[4:39:00 PM] Python Pro: youre seriously wide ipen
[4:39:02 PM] Python Pro: its like
[4:39:14 PM] Python Pro: the door to your house has no locks and someone left the windows and doors open
[4:39:16 PM] Python Pro: im being serious
[4:39:22 PM] Python Pro: im not acting suspicious
[4:39:32 PM] Python Pro: im trying to help you guys without hacking and losing my jopb
[4:39:34 PM] Python Pro: im at work
[4:39:38 PM] Python Pro: so if i do do it ill lsoe my job
[4:39:53 PM] Python Pro: im only trying to help by using our government auditing software
[4:39:58 PM] Python Pro: not available to the public
[4:39:59 PM] Python Pro: so
[4:40:01 PM] Python Pro: your choice
|
|
|
|
|
johny1976 (OP)
Legendary
Offline
Activity: 1135
Merit: 1002
Developer
|
|
February 08, 2015, 09:41:15 PM |
|
which is true im trying to do you guys a favor i can list the vulns here in a post with full report, but then someone can hack you before you even fix them, which is why im acting "suspicious" to you. im trying tobe legit and transparent without risk to your server and personal property belonging on there. im DOING EVERYTHING TO BE OPEN AND TRANSPARENT WITHOUT THE RISK OF LOSING MY JOB!!! WTF IS WRONG WITH YOU PEOPLE?!?! DONT YOU WANT THIS COMMUNITY TO SUCEED?!
So be it. We want to be hacked. We've provided proof site is ours. (if anyone wants us to upload picture there, just let us know). You have only reports but can't hack it. Strange. Wait until escrow service is agreed. Then it'll be your turn ensure people you've really done that. |
|
|
|
|
pythonpro1337
Member
Offline
Activity: 99
Merit: 10
|
|
February 08, 2015, 09:42:23 PM |
|
BECAUSE I WORK FOR THE DEPARTMENT OF DEFENSE YOU IDIOT! IM TRYING TO HELP THIS COMMUNITY BUT APPARENTLY IM OH SO SUSPICIOUS. IM THE NEXT FUCKING SNOWDEN DUDE IM TRYING TO HELP THIS COMMUNITY SECURE ITSELF! i can NOT hack from this server. i can only provide audit test from it, and i dont know any hackers.
|
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 08, 2015, 09:45:01 PM |
|
which is true im trying to do you guys a favor i can list the vulns here in a post with full report, but then someone can hack you before you even fix them, which is why im acting "suspicious" to you. im trying tobe legit and transparent without risk to your server and personal property belonging on there. im DOING EVERYTHING TO BE OPEN AND TRANSPARENT WITHOUT THE RISK OF LOSING MY JOB!!! WTF IS WRONG WITH YOU PEOPLE?!?! DONT YOU WANT THIS COMMUNITY TO SUCEED?!
So be it. We want to be hacked. We've provided proof site is ours. (if anyone wants us to upload picture there, just let us know). You have only reports but can't hack it. Strange. Wait until escrow service is agreed. Then it'll be your turn ensure people you've really done that. It it is possible can you upload an image? Should I send through a pm or can I post it here ? |
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 08, 2015, 09:46:11 PM |
|
BECAUSE I WORK FOR THE DEPARTMENT OF DEFENSE YOU IDIOT! IM TRYING TO HELP THIS COMMUNITY BUT APPARENTLY IM OH SO SUSPICIOUS. IM THE NEXT FUCKING SNOWDEN DUDE IM TRYING TO HELP THIS COMMUNITY SECURE ITSELF! i can NOT hack from this server. i can only provide audit test from it, and i dont know any hackers.
Are you serious? You really made my day. I'm waiting to see the johny1976's site hacked (for see if you are honest or only a liar). |
|
|
|
|
johny1976 (OP)
Legendary
Offline
Activity: 1135
Merit: 1002
Developer
|
|
February 08, 2015, 09:49:36 PM |
|
which is true im trying to do you guys a favor i can list the vulns here in a post with full report, but then someone can hack you before you even fix them, which is why im acting "suspicious" to you. im trying tobe legit and transparent without risk to your server and personal property belonging on there. im DOING EVERYTHING TO BE OPEN AND TRANSPARENT WITHOUT THE RISK OF LOSING MY JOB!!! WTF IS WRONG WITH YOU PEOPLE?!?! DONT YOU WANT THIS COMMUNITY TO SUCEED?!
So be it. We want to be hacked. We've provided proof site is ours. (if anyone wants us to upload picture there, just let us know). You have only reports but can't hack it. Strange. Wait until escrow service is agreed. Then it'll be your turn ensure people you've really done that. It it is possible can you upload an image? Should I send through a pm or can I post it here ? You can post it here but we reveil the site name only in pm. So people can later check that your image is on the site. |
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 08, 2015, 09:51:41 PM |
|
which is true im trying to do you guys a favor i can list the vulns here in a post with full report, but then someone can hack you before you even fix them, which is why im acting "suspicious" to you. im trying tobe legit and transparent without risk to your server and personal property belonging on there. im DOING EVERYTHING TO BE OPEN AND TRANSPARENT WITHOUT THE RISK OF LOSING MY JOB!!! WTF IS WRONG WITH YOU PEOPLE?!?! DONT YOU WANT THIS COMMUNITY TO SUCEED?!
So be it. We want to be hacked. We've provided proof site is ours. (if anyone wants us to upload picture there, just let us know). You have only reports but can't hack it. Strange. Wait until escrow service is agreed. Then it'll be your turn ensure people you've really done that. It it is possible can you upload an image? Should I send through a pm or can I post it here ? You can post it here but we reveil the site name only in pm. So people can later check that your image is on the site. Ok , this is the image :  https://i.imgur.com/oLUlT7h.pngThanks. |
|
|
|
|
pythonpro1337
Member
Offline
Activity: 99
Merit: 10
|
|
February 08, 2015, 09:52:40 PM |
|
does anyone have the kali-linux distro or backtrack? i dont on my work laptop and legally not allowed to alter the distro on my laptop. if you do pm me your skype and ill show you how vulnerable you are!!!! you think its a game until someone figures out the vulns im speaking of here and you will get your shit seriously fucked up if you dont listen to me!!! its not a joke and its no bullshit here bro im being legit idk how many times i gotta explain myself for numerous reasons. so again, anyone with kali-linux or backtrack linux who would like to help me PROVE im being legit please pm me and ill give you the vulns to exploit for me one being a huge memory chunk error that will allow me to exploit your server
|
|
|
|
|
pythonpro1337
Member
Offline
Activity: 99
Merit: 10
|
|
February 08, 2015, 10:28:15 PM |
|
OK WAITING ON ESCROW NOW! WHERE THE ESCROW GUY?! i have full detailed report with all informations technology reported about the server and extensive details on the three majors vulns i found and the three moderate ones now. standby everyone gonna show you just how legit im trying to be here! but everyone is always quick to call scam this scam that! let me build trust! if you cant trust anyone but yourself who can you trust?! some people cant even trust themselves!!! (drug users: heroin/crack/cocaine/roxies/perc users)
|
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 08, 2015, 10:33:13 PM |
|
Random question, redsn0w, are you the creator of the jailbreak software redsn0w? Just curious, as the picture up there is the same one as on the software. I've used redsn0w software before and it's great!
No, I'm not. |
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 08, 2015, 10:34:58 PM |
|
OK WAITING ON ESCROW NOW! WHERE THE ESCROW GUY?! i have full detailed report with all informations technology reported about the server and extensive details on the three majors vulns i found and the three moderate ones now. standby everyone gonna show you just how legit im trying to be here! but everyone is always quick to call scam this scam that! let me build trust! if you cant trust anyone but yourself who can you trust?! some people cant even trust themselves!!! (drug users: heroin/crack/cocaine/roxies/perc users)
He uploaded the image, so he owns the site. Good luck with your "deal" (remember the escrow). |
|
|
|
|
pythonpro1337
Member
Offline
Activity: 99
Merit: 10
|
|
February 08, 2015, 10:43:41 PM |
|
thanks redsn0w im sure i will recieve plenty of vouches after this. they seriously have three major vulns leaving them open to attack for passwords and data access on their server, just because im choosing to not exploit the exploits doesnt mean im lying, i simply can not hack i will lose my job and they will see my activity on the server here fopr the DoD. i love bitcoin, and i love the idea and principles and values and morals behind it. its a GREAT ecosystem and idea. hopefully everyone will use my services in the near future. were just waiting on escrow, its taking forever!!!!
|
|
|
|
|
ArmaniCoinExchange
Newbie
Offline
Activity: 4
Merit: 0
|
|
February 08, 2015, 11:05:46 PM |
|
Hi,
we're working on project and we'd like to stress test it on vulnerabilities. If you will be able to gain access to our server and describe us how you've done that, we'll give you 1 BTC and opportunity to work with us.
If you find smaller bugs, we'll give you smaller amount of btc.
Leave me a pm for more information
Johny
I'm a certifived pen tester, send me the site and I'll do my magic  |
|
|
|
|
|
