Pages:
Author

Topic: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started - page 5. (Read 6573 times)

full member
Activity: 154
Merit: 100
I know you said it ends in 13, but was that a trick question? Is it xxx.xxx.xxx.13 Or xxx.xxx.xxx.x13?

Does it even have a public IP? And if so, why does it have one if the architecture is designed to not expose it anyways?

How would it talk to Google Apps without a public IP?
sr. member
Activity: 313
Merit: 250
i ♥ coinichiwa
Nope. Ill give a hint, the IP Address ends with 13.

10.4.16.13 or 192.168.0.13

Does it even have a public IP? And if so, why does it have one if the architecture is designed to not expose it anyways?
full member
Activity: 154
Merit: 100
Does the server running bitcoind listen on port 8333?

Also someone could potentially run a couple of Tor nodes and find out which amazon IP's connect to them that end in 13, I would doubt there are many.
full member
Activity: 168
Merit: 100
IP address: 104.28.2.120
Server Location: United States
ISP: CloudFlare

Ramesh Saho
Nuovocard International
The Cosmopolis Near NH-5
Bhubaneswar, Orissa 750103
INDIA
Telephone: 91969***** (I censored the telephone number).

Thats the WEB SERVER. Thats not what we are after. We've been through this already...

Not only that you didn't even realize that cloudflare is a CDN, so thats not even the IP of the webserver.

What we need to find out is the IP of the server that is logging into Google Apps and pushing out those emails. They have cleaned the email headers, so the only way (well there are potentially others) to find it out is to hack their GApps account. They already told us the IP ends with 13 too.

IP Ends with 13 and thanks for pointing the above out. Also, if were to use TOR with java apps, it would have become impossible to find even if you would have hacked into our gapps account. By impossible, I mean would cost way more than the return.
full member
Activity: 154
Merit: 100
IP address: 104.28.2.120
Server Location: United States
ISP: CloudFlare

Ramesh Saho
Nuovocard International
The Cosmopolis Near NH-5
Bhubaneswar, Orissa 750103
INDIA
Telephone: 91969***** (I censored the telephone number).

Thats the WEB SERVER. Thats not what we are after. We've been through this already...

Not only that you didn't even realize that cloudflare is a CDN, so thats not even the IP of the webserver.

What we need to find out is the IP of the server that is logging into Google Apps and pushing out those emails. They have cleaned the email headers, so the only way (well there are potentially others) to find it out is to hack their GApps account. They already told us the IP ends with 13 too.
legendary
Activity: 2198
Merit: 1989
฿uy ฿itcoin
IP address: 104.28.2.120
Server Location: United States
ISP: CloudFlare

Ramesh Saho
Nuovocard International
The Cosmopolis Near NH-5
Bhubaneswar, Orissa 750103
INDIA
Telephone: 91969***** (I censored the telephone number).
full member
Activity: 168
Merit: 100
Partner: Ramesh Saho ? Is he at Rajasthan ? 

He is not a partner and he is from Bhubaneswar itself.
legendary
Activity: 2394
Merit: 1216
The revolution will be digital
Can you please sent me the jar file of your application ?

There is still time for that part of the contest. There are atleast 23 people trying and it wont be fair to them. Also, I have discussed with the team and jar wont be necessary. We will post the instructions and server config later and you would be able to simulate our server. Lets give everyone the time promised. Who knows, someone might just hack our email address Wink and get the IP.

You would not believe this but earlier this whole system was designed using a Web Interface with app and everything and then everything was scrapped by my partner as he thought that whatever we do, we cannot be as safe as Google and so he made us do everything again just to keep security as the highest concern. Moreover, he found 2fa on phone apps too cumbersome. I guess thats why most companies dont have 2fa on their mobile apps.

Partner: Ramesh Saho ? Is he at Rajasthan ? 
full member
Activity: 168
Merit: 100
Tor is used with Bitcoind.
full member
Activity: 168
Merit: 100
Can you please sent me the jar file of your application ?

There is still time for that part of the contest. There are atleast 23 people trying and it wont be fair to them. Also, I have discussed with the team and jar wont be necessary. We will post the instructions and server config later and you would be able to simulate our server. Lets give everyone the time promised. Who knows, someone might just hack our email address Wink and get the IP.

You would not believe this but earlier this whole system was designed using a Web Interface with app and everything and then everything was scrapped by my partner as he thought that whatever we do, we cannot be as safe as Google and so he made us do everything again just to keep security as the highest concern. Moreover, he found 2fa on phone apps too cumbersome. I guess thats why most companies dont have 2fa on their mobile apps.
full member
Activity: 130
Merit: 100
Can you please sent me the jar file of your application ?
full member
Activity: 168
Merit: 100
Nope...amazon. Already disclosed that earlier.

All the best.
full member
Activity: 130
Merit: 100
Is your server located by hetzner ?
full member
Activity: 130
Merit: 100
I cannot view the transaction in the testnet blockchain explorer.
full member
Activity: 168
Merit: 100
We Wish A Happy Independence Day to all Indians.

Is it 10.229.74.74 ?

Nope. Ill give a hint, the IP Address ends with 13.

nuovocard.com is registered to use Google Apps. The emails are arriving into gmail and their server is SMTP'ing in and getting them.

Only way to get the IP would be to hack their Google Apps account.
If thats what it takes, please try that too.
hero member
Activity: 672
Merit: 508
LOTEO
Is it 10.229.74.74 ?
full member
Activity: 154
Merit: 100
nuovocard.com is registered to use Google Apps. The emails are arriving into gmail and their server is SMTP'ing in and getting them.

Only way to get the IP would be to hack their Google Apps account.
legendary
Activity: 2394
Merit: 1216
The revolution will be digital
Nothing is getting deposited to https://blockchain.info/address/mrm4AN6uAExNgXbRtqVL5tA4RmVxR2QtMa and blockchain.info is showing that the Tx hash u have sent does not exist. Is the App properly configured on your app server ?
They are testnet transactions, so you need to use a testnet block explorer

http://blockexplorer.com/testnet/address/mrm4AN6uAExNgXbRtqVL5tA4RmVxR2QtMa

Oops ...sorry. Missed it. Feeling sleepy. By the way, they are most likely using Google server to sign mails, as it appears from the mail header. Can we get IP behind Google ? Most probably no by any known technology, but may be possible by social engineering.
Pages:
Jump to: