Bitcoin Forum>Economy>Marketplace>Services
Pages:
Author

Topic: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started - page 3. (Read 6542 times)

neha
full member
Activity: 168
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 16, 2014, 06:33:39 AM
#88
Quote from: ?? on ??
One of my servers was actually shut down for doing penetration tests on getting the ip.
So everybody should think about if even this is possible to try or allowed.

In light of the above happening, I would be releasing the IP tomorrow so that you dont have to go and search for the IP and maybe attack other servers. Will be releasing the IP tomorrow around the same time and would consider that everyone is informed by then.

I would also like to modify the challenge a little bit to prevent this from happening again.

1. Please submit your IP to become a part of the next phase. You will only perform the test from that IP and now the hack will be closed event. The IP will only be released to the group of people who submit their IP addresses.
2. Maximum number of threads/connections to the server should be 1 per IP.

If someone can come up with other rules, please advice me and I will add.

Sorry to Gitju for the trouble.

Thanks.
neha
full member
Activity: 168
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 16, 2014, 04:08:49 AM
#87
Quote from: ?? on ??
I posted it on AnonOps irc #hacker.
The more work on it the better.
I got an idea on how to get the ip and will try it.
Then this competition will end for me as the second part can't be done in my country without a written legitimacy.

Dont worry. Will tell you exactly how to configure the server locally and test it. This way you can try, and let us know the steps and we will perform it.
neha
full member
Activity: 168
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 16, 2014, 02:56:12 AM
#86
Quote from: Benjig on August 16, 2014, 02:28:24 AM
Just post or write this on the anonymous irc channel and you will get your site down in a matter of hours/ minutes..
I dont know which channel but if you post it for me, Ill give you 10$(Paypal). Max 2 members in 2 separate IRC's.

Thanks.
Benjig
sr. member
Activity: 462
Merit: 250
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 16, 2014, 02:28:24 AM
#85
Just post or write this on the anonymous irc channel and you will get your site down in a matter of hours/ minutes..
neha
full member
Activity: 168
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 16, 2014, 02:15:56 AM
#84
Bitcoin connects to TOR on ip 9050. TOR connects 9050 to its network using higher ports. see:-

tcp        0      0 localhost:9050          localhost:47342         ESTABLISHED
tcp        0      0 localhost:46330         localhost:9050          ESTABLISHED
tcp        0      0 localhost:47342         localhost:9050          ESTABLISHED
tcp        0      0 localhost:9050          localhost:46330         ESTABLISHED
tcp        0      0 localhost:9050          localhost:38319         ESTABLISHED
tcp        0      0 localhost:38319         localhost:9050          ESTABLISHED

9050 - 47342 ; 47342 - 9050

Thus its not the 9050 that you should be looking for, it should be higher ports. Firewall will block 9050 but not the higher port.

Current netstat (This is ofcourse not the complete list). I really dont know if these ports can be scanned.

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:49210         localhost:9050          ESTABLISHED
tcp        0      0 localhost:9050          localhost:49210         ESTABLISHED
tcp        0      0 localhost:50715         localhost:9050          ESTABLISHED
tcp        0      0 localhost:9050          localhost:50715         ESTABLISHED
tcp        0      0 localhost:9050          localhost:38319         ESTABLISHED
tcp        0      0 localhost:38319         localhost:9050          ESTABLISHED

Quote from: ?? on ??
There could furthermore be other special actions be taken like the application server is behind a firewall and directly connected with one special tor entry node that was extra setup for this purpose and their application server just communicates with this one special tor entry node and their firewall blocks all other external accesses that do not come from their tor entry node.

This would work for us but we intend to get a new IP every so many hours/days. If there was one partcular TOR node that we connect to, it would become little easier to trace. Regarding the java app, it doesnt use TOR as the bandwidth requirement is huge. Consider checking email and replying in less than a second forever. It wont be beneficial to burden the TOR network with useless bandwidth when only google will be able to see the IP.
seoincorporation
legendary
Activity: 3192
Merit: 2979
Top Crypto Casino
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 16, 2014, 01:18:43 AM
#83
I have fun with this.

first i get the ips from amazone:

Code:
72.44.32.0/19 (72.44.32.0 - 72.44.63.255)
67.202.0.0/18 (67.202.0.0 - 67.202.63.255)
75.101.128.0/17 (75.101.128.0 - 75.101.255.255)
174.129.0.0/16 (174.129.0.0 - 174.129.255.255)
204.236.192.0/18 (204.236.192.0 - 204.236.255.255)
184.73.0.0/16 (184.73.0.0 - 184.73.255.255)
184.72.128.0/17 (184.72.128.0 - 184.72.255.255)
184.72.64.0/18 (184.72.64.0 - 184.72.127.255)
50.16.0.0/15 (50.16.0.0 - 50.17.255.255)
50.19.0.0/16 (50.19.0.0 - 50.19.255.255)
107.20.0.0/14 (107.20.0.0 - 107.23.255.255)
23.20.0.0/14 (23.20.0.0 - 23.23.255.255)
54.242.0.0/15 (54.242.0.0 - 54.243.255.255)
54.234.0.0/15 (54.234.0.0 - 54.235.255.255)
54.236.0.0/15 (54.236.0.0 - 54.237.255.255)
54.224.0.0/15 (54.224.0.0 - 54.225.255.255)
54.226.0.0/15 (54.226.0.0 - 54.227.255.255)
54.208.0.0/15 (54.208.0.0 - 54.209.255.255)
54.210.0.0/15 (54.210.0.0 - 54.211.255.255)
54.221.0.0/16 (54.221.0.0 - 54.221.255.255)
54.204.0.0/15 (54.204.0.0 - 54.205.255.255)
54.196.0.0/15 (54.196.0.0 - 54.197.255.255)
54.198.0.0/16 (54.198.0.0 - 54.198.255.255)
54.80.0.0/13 (54.80.0.0 - 54.87.255.255)
54.88.0.0/14 (54.88.0.0 - 54.91.255.255) NEW
54.92.0.0/16 (54.92.0.0 - 54.92.255.255) NEW - SEE NOTE
54.92.128.0/17 (54.92.128.0 - 54.92.255.255) NEW
54.160.0.0/13 (54.160.0.0 - 54.167.255.255) NEW

US West (Oregon):

50.112.0.0/16 (50.112.0.0 - 50.112.255.255)
54.245.0.0/16 (54.245.0.0 - 54.245.255.255)
54.244.0.0/16 (54.244.0.0 - 54.244.255.255)
54.214.0.0/16 (54.214.0.0 - 54.214.255.255)
54.212.0.0/15 (54.212.0.0 - 54.213.255.255)
54.218.0.0/16 (54.218.0.0 - 54.218.255.255)
54.200.0.0/15 (54.200.0.0 - 54.201.255.255)
54.202.0.0/15 (54.202.0.0 - 54.203.255.255)
54.184.0.0/13 (54.184.0.0 - 54.191.255.255)
54.68.0.0/14 (54.68.0.0 - 54.71.255.255) NEW


US West (Northern California):

204.236.128.0/18 (204.236.128.0 - 204.236.191.255)
184.72.0.0/18 (184.72.0.0 - 184.72.63.255)
50.18.0.0/16 (50.18.0.0 - 50.18.255.255)
184.169.128.0/17 (184.169.128.0 - 184.169.255.255)
54.241.0.0/16 (54.241.0.0 - 54.241.255.255)
54.215.0.0/16 (54.215.0.0 - 54.215.255.255)
54.219.0.0/16 (54.219.0.0 - 54.219.255.255)
54.193.0.0/16 (54.193.0.0 - 54.193.255.255)
54.176.0.0/15 (54.176.0.0 - 54.177.255.255)
54.183.0.0/16 (54.183.0.0 - 54.183.255.255)
54.67.0.0/16 (54.67.0.0 - 54.67.255.255) NEW


EU (Ireland):

79.125.0.0/17 (79.125.0.0 - 79.125.127.255)
46.51.128.0/18 (46.51.128.0 - 46.51.191.255)
46.51.192.0/20 (46.51.192.0 - 46.51.207.255)
46.137.0.0/17 (46.137.0.0 - 46.137.127.255)
46.137.128.0/18 (46.137.128.0 - 46.137.191.255)
176.34.128.0/17 (176.34.128.0 - 176.34.255.255)
176.34.64.0/18 (176.34.64.0 - 176.34.127.255)
54.247.0.0/16 (54.247.0.0 - 54.247.255.255)
54.246.0.0/16 (54.246.0.0 - 54.246.255.255)
54.228.0.0/16 (54.228.0.0 - 54.228.255.255)
54.216.0.0/15 (54.216.0.0 - 54.217.255.255)
54.229.0.0/16 (54.229.0.0 - 54.229.255.255)
54.220.0.0/16 (54.220.0.0 - 54.220.255.255)
54.194.0.0/15 (54.194.0.0 - 54.195.255.255)
54.72.0.0/14 (54.72.0.0 - 54.75.255.255)
54.76.0.0/15 (54.76.0.0 - 54.77.255.255)
54.78.0.0/16 (54.78.0.0 - 54.78.255.255)
54.74.0.0/15 (54.74.0.0 - 54.75.255.255) NEW
185.48.120.0/22 (185.48.120.0 - 185.48.123.255) NEW

Asia Pacific (Singapore):

175.41.128.0/18 (175.41.128.0 - 175.41.191.255)
122.248.192.0/18 (122.248.192.0 - 122.248.255.255)
46.137.192.0/18 (46.137.192.0 - 46.137.255.255)
46.51.216.0/21 (46.51.216.0 - 46.51.223.255)
54.251.0.0/16 (54.251.0.0 - 54.251.255.255)
54.254.0.0/16 (54.254.0.0 - 54.254.255.255)
54.255.0.0/16 (54.255.0.0 - 54.255.255.255)
54.179.0.0/16 (54.179.0.0 - 54.179.255.255)


Asia Pacific (Sydney):

54.252.0.0/16 (54.252.0.0 - 54.252.255.255)
54.253.0.0/16 (54.253.0.0 - 54.253.255.255)
54.206.0.0/16 (54.206.0.0 - 54.206.255.255)
54.79.0.0/16 (54.79.0.0 - 54.79.255.255)
54.66.0.0/16 (54.66.0.0 - 54.66.255.255) NEW

Asia Pacific (Tokyo):

175.41.192.0/18 (175.41.192.0 - 175.41.255.255)
46.51.224.0/19 (46.51.224.0 - 46.51.255.255)
176.32.64.0/19 (176.32.64.0 - 176.32.95.255)
103.4.8.0/21 (103.4.8.0 - 103.4.15.255)
176.34.0.0/18 (176.34.0.0 - 176.34.63.255)
54.248.0.0/15 (54.248.0.0 - 54.249.255.255)
54.250.0.0/16 (54.250.0.0 - 54.250.255.255)
54.238.0.0/16 (54.238.0.0 - 54.238.255.255)
54.199.0.0/16 (54.199.0.0 - 54.199.255.255)
54.178.0.0/16 (54.178.0.0 - 54.178.255.255)
54.95.0.0/16 (54.95.0.0-54.95.255.255)
54.92.0.0/17 (54.92.0.0 - 54.92.127.255) NEW - SEE NOTE
54.168.0.0/16 (54.168.0.0 - 54.168.255.255) NEW
54.64.0.0/15 (54.64.0.0 - 54.65.255.255) NEW

South America (Sao Paulo):

177.71.128.0/17 (177.71.128.0 - 177.71.255.255)
54.232.0.0/16 (54.232.0.0 - 54.232.255.255)
54.233.0.0/18 (54.233.0.0 - 54.233.63.255)
54.207.0.0/16 (54.207.0.0 - 54.207.255.255)
54.94.0.0/16 (54.94.0.0 - 54.94.255.255) NEW

China (Beijing):

54.223.0.0/16 (54.223.0.0 - 54.223.255.255) NEW

GovCloud:

96.127.0.0/18 (96.127.0.0 - 96.127.63.255)

Then i use this code to make the a big ip data base by range:

Code:
#!/bin/bash
for a in $(seq 79 79)
do
for b in $(seq 125 125)
do
for c in $(seq 0 127)
do
echo $a.$b.$c.13
echo $a.$b.$c.113
echo $a.$b.$c.213
echo $a.$b.$c.13 >> list1.txt
echo $a.$b.$c.113 >> list1.txt
echo $a.$b.$c.213 >> list1.txt
done
done
done

Whit that i got 90,000 ip's... *.*.*.13, *.*.*.113, *.*.*.213

For find up/down servers i use "Angry IP Scanner"...

And i found 13,500 up servers ip's...
 
If i discard the *.compute.amazonaws.com ips, i got 1,519 ip's

The problem its if i make a scan for that 1,519 ip's searching for port 9050, i dont found any ip with that port open.

I make a scan for the 13,500 ips, and they dont have TOR service with that 9050 port open.

I realy enjoy this chalenge, but the info you give us are incorrect, i got all the Amazon ips ending with 13, 113, 213. and it doen't use TOR. Maybe my Angry IP Scanner fail with that port. But i can publish that ip list and if your server have an amazon ip, it must be on the list.

This is how to find the ip.
neha
full member
Activity: 168
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 16, 2014, 12:29:39 AM
#82
Quote from: NLNico on August 16, 2014, 12:21:59 AM
I assume in theory there are currently 3 ways to find the IP:

1. Through the e-mails, but obviously we "cannot".
2. Connect to as many bitcoin (testnet) nodes as possible and see who relays the transaction as first. But I guess this is not possible because you guys use bitcoin through TOR.
3. Guess which server Smiley Considering you know: 1) it's from Amazon 2) we know exactly which ports are open 3) we know the (test) IP ends with .13 - we have some parameters to search on, but still it will be a long lucky search, I guess Tongue And the production application server would be basically 256 times more difficult.


To be honest I was more interested in that mobile phone app.. I assume that also has to communicate to the application server (through that Java app I guess)? Or we will just get more info about that in "the second part"?

That aspect of testing will be in the next bounty. Nothing goes inside the app server without an email or without the server itself going and fetching data. After this challenge is over, we will go for the bug finding challenge but the bounties will be less as it will be only for bugs and then maybe another challenge to hack the webserver.
NLNico
legendary
Activity: 1876
Merit: 1289
DiceSites.com owner
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 16, 2014, 12:21:59 AM
#81
I assume in theory there are currently 3 ways to find the IP:

1. Through the e-mails, but obviously we "cannot".
2. Connect to as many bitcoin (testnet) nodes as possible and see who relays the transaction as first. But I guess this is not possible because you guys use bitcoin through TOR.
3. Guess which server Smiley Considering you know: 1) it's from Amazon 2) we know exactly which ports are open 3) we know the (test) IP ends with .13 - we have some parameters to search on, but still it will be a long lucky search, I guess Tongue And the production application server would be basically 256 times more difficult.


To be honest I was more interested in that mobile phone app.. I assume that also has to communicate to the application server (through that Java app I guess)? Or we will just get more info about that in "the second part"?
neha
full member
Activity: 168
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 15, 2014, 11:39:20 PM
#80
Quote from: ?? on ??

U are telling the hacker what route he'll take to hack u ? Your request is not to hack the web server, but the app server and that is also by finding IP ? Cheesy

Your whois details are not yet protected Tongue

Let us know once u gather some money from your customer. U'll see the real hunters then. Good Luck Wink

Comment from my partner :

"The whois details are designed to be displayed but the domain transfer is locked and the DNS is maintained by cloudflare. Nothing can be done on that aspect. The idea to leave it open was that we will adding further business information instead of making it private.

Further, this whole hacking challenge has been designed around an assumption that some senior level staff member tries to hack into the server in future who got to see the IP address of the server on our computers. Otherwise, if we didnt give the IP, this hacking challenge would not go any further because hacking into gmail would take quite some time assuming its even possible. Moreover, goodluck trying to transfer funds out of our wallet when the actual server is up as the wallet will be locked and the key will be in RAM and not stored anywhere. Same goes for the encryption key too.

Like everyone is already noticing, there is almost no way to find the IP but because we dont know everything, we figured one of you will be able to find a way and this is the reason we are trying to help as much as we can."

Quote from: Nico205 on August 15, 2014, 05:16:51 PM
Only to make sure your application server which should get hacked is located at Amazon =?

Yes it is on Amazon.
vit1988
sr. member
Activity: 313
Merit: 250
i ♥ coinichiwa
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 15, 2014, 08:32:54 PM
#79
Quote from: neha on August 15, 2014, 04:27:08 PM
Man, I even gave you guys a netstat example. If you know TOR, you should know default port is 9050. and bitcoind listens to 9050 and that 9050 listens to something else. How will you guys find it if you cant understand something that is already given???

My curiosity brought me back... can't wait to see the solution on how to utilize this "already given" facts. Or is the bitcoind publicly listening on 9050 and all we are supposed to do is portscan the amazon network to find a bitcoind on port 9050?

Your netstat only reveals that what happens on localhost stays on localhost Cool

I'm not a tor expert but isn't the idea of a hidden tor service to be hidden? And any way to trace a hidden service would be a serious major flaw in tor?

Nico205
full member
Activity: 130
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 15, 2014, 05:16:51 PM
#78
Only to make sure your application server which should get hacked is located at Amazon =?
BitCoinDream
legendary
Activity: 2338
Merit: 1204
The revolution will be digital
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 15, 2014, 04:57:50 PM
#77
Quote from: neha on August 15, 2014, 04:37:21 PM
Nope.

Latest netstat example:-
tcp        0      0 localhost:9050          localhost:47342         ESTABLISHED
tcp        0      0 localhost:46330         localhost:9050          ESTABLISHED
tcp        0      0 localhost:47342         localhost:9050          ESTABLISHED
tcp        0      0 localhost:9050          localhost:46330         ESTABLISHED
tcp        0      0 localhost:9050          localhost:38319         ESTABLISHED
tcp        0      0 localhost:38319         localhost:9050          ESTABLISHED

Hope this helps.

Get off to sleep Neha. It must be midnight at your end Smiley
Nico205
full member
Activity: 130
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 15, 2014, 04:50:42 PM
#76
Quote from: neha on August 15, 2014, 04:37:21 PM
Nope.

Latest netstat example:-
tcp        0      0 localhost:9050          localhost:47342         ESTABLISHED
tcp        0      0 localhost:46330         localhost:9050          ESTABLISHED
tcp        0      0 localhost:47342         localhost:9050          ESTABLISHED
tcp        0      0 localhost:9050          localhost:46330         ESTABLISHED
tcp        0      0 localhost:9050          localhost:38319         ESTABLISHED
tcp        0      0 localhost:38319         localhost:9050          ESTABLISHED

Hope this helps.

Will see it Wink
neha
full member
Activity: 168
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 15, 2014, 04:37:21 PM
#75
Nope.

Latest netstat example:-
tcp        0      0 localhost:9050          localhost:47342         ESTABLISHED
tcp        0      0 localhost:46330         localhost:9050          ESTABLISHED
tcp        0      0 localhost:47342         localhost:9050          ESTABLISHED
tcp        0      0 localhost:9050          localhost:46330         ESTABLISHED
tcp        0      0 localhost:9050          localhost:38319         ESTABLISHED
tcp        0      0 localhost:38319         localhost:9050          ESTABLISHED

Hope this helps.
Nico205
full member
Activity: 130
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 15, 2014, 04:36:40 PM
#74
LoL just used from: http://dustri.org/p/47d511 Gitju and https://forums.aws.amazon.com/ann.jspa?annID=1701 and used CRTL+F and copy & paste Wink

Regards

Nico
virtualx
hero member
Activity: 672
Merit: 507
LOTEO
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 15, 2014, 04:35:22 PM
#73
don't have much time, so I'll just guess .. the probability is higher than zero when you guess  Cheesy
184.169.16.13
Nico205
full member
Activity: 130
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 15, 2014, 04:31:47 PM
#72
Is 184.169.16.113 the ip ?

Is on amazon (should)
Has open testnet port
Has open tor port
neha
full member
Activity: 168
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 15, 2014, 04:27:08 PM
#71
Man, I even gave you guys a netstat example. If you know TOR, you should know default port is 9050. and bitcoind listens to 9050 and that 9050 listens to something else. How will you guys find it if you cant understand something that is already given???

Anyways, done for the night. All replies tomorrow.
Nico205
full member
Activity: 130
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 15, 2014, 04:22:32 PM
#70
Quote from: neha on August 15, 2014, 04:18:27 PM
Quote from: ?? on ??
Part 1 with 1698 entries of a global ipv4 scan of the complete ipv4 space of all currently available online servers worldwide that are listen on port 18333 right at the moment
http://dustri.org/p/47d511
(Paste will be deleted after 1 week automatically for privacy reasons)
Part 2 should be ready soon after the scan is complete. So if your ip ends with 13 and is listening on port 18333 the chances are not that bad.

Guys I highly suggest you read what I have written. I have given enough hints till now and now I am not going to correct anyone as that also seems waste to alot of you. Last advice - read what I have written so you dont waste your time.

If I understood it right, you wrote that the IP isn´t findable at the Moment ?!
neha
full member
Activity: 168
Merit: 100
Re: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started
August 15, 2014, 04:18:27 PM
#69
Quote from: ?? on ??
Part 1 with 1698 entries of a global ipv4 scan of the complete ipv4 space of all currently available online servers worldwide that are listen on port 18333 right at the moment
http://dustri.org/p/47d511
(Paste will be deleted after 1 week automatically for privacy reasons)
Part 2 should be ready soon after the scan is complete. So if your ip ends with 13 and is listening on port 18333 the chances are not that bad.

Guys I highly suggest you read what I have written. I have given enough hints till now and now I am not going to correct anyone as that also seems waste to alot of you. Last advice - read what I have written so you dont waste your time.
Pages:
Bitcoin Forum>Economy>Marketplace>Services
Jump to: