Does it even have a public IP? And if so, why does it have one if the architecture is designed to not expose it anyways?
How would it talk to Google Apps without a public IP?
Topic: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started - page 5. (Read 6542 times)
August 15, 2014, 02:08:10 PM
I know you said it ends in 13, but was that a trick question? Is it xxx.xxx.xxx.13 Or xxx.xxx.xxx.x13?
How would it talk to Google Apps without a public IP?
How would it talk to Google Apps without a public IP?
August 15, 2014, 02:05:19 PM
Nope. Ill give a hint, the IP Address ends with 13.
10.4.16.13 or 192.168.0.13
Does it even have a public IP? And if so, why does it have one if the architecture is designed to not expose it anyways?
August 15, 2014, 02:00:02 PM
Does the server running bitcoind listen on port 8333?
Also someone could potentially run a couple of Tor nodes and find out which amazon IP's connect to them that end in 13, I would doubt there are many.
Also someone could potentially run a couple of Tor nodes and find out which amazon IP's connect to them that end in 13, I would doubt there are many.
August 15, 2014, 01:58:15 PM
IP address: 104.28.2.120
Server Location: United States
ISP: CloudFlare
Ramesh Saho
Nuovocard International
The Cosmopolis Near NH-5
Bhubaneswar, Orissa 750103
INDIA
Telephone: 91969***** (I censored the telephone number).
Server Location: United States
ISP: CloudFlare
Ramesh Saho
Nuovocard International
The Cosmopolis Near NH-5
Bhubaneswar, Orissa 750103
INDIA
Telephone: 91969***** (I censored the telephone number).
Thats the WEB SERVER. Thats not what we are after. We've been through this already...
Not only that you didn't even realize that cloudflare is a CDN, so thats not even the IP of the webserver.
What we need to find out is the IP of the server that is logging into Google Apps and pushing out those emails. They have cleaned the email headers, so the only way (well there are potentially others) to find it out is to hack their GApps account. They already told us the IP ends with 13 too.
IP Ends with 13 and thanks for pointing the above out. Also, if were to use TOR with java apps, it would have become impossible to find even if you would have hacked into our gapps account. By impossible, I mean would cost way more than the return.
August 15, 2014, 01:52:39 PM
IP address: 104.28.2.120
Server Location: United States
ISP: CloudFlare
Ramesh Saho
Nuovocard International
The Cosmopolis Near NH-5
Bhubaneswar, Orissa 750103
INDIA
Telephone: 91969***** (I censored the telephone number).
Server Location: United States
ISP: CloudFlare
Ramesh Saho
Nuovocard International
The Cosmopolis Near NH-5
Bhubaneswar, Orissa 750103
INDIA
Telephone: 91969***** (I censored the telephone number).
Thats the WEB SERVER. Thats not what we are after. We've been through this already...
Not only that you didn't even realize that cloudflare is a CDN, so thats not even the IP of the webserver.
What we need to find out is the IP of the server that is logging into Google Apps and pushing out those emails. They have cleaned the email headers, so the only way (well there are potentially others) to find it out is to hack their GApps account. They already told us the IP ends with 13 too.
August 15, 2014, 01:51:37 PM
IP address: 104.28.2.120
Server Location: United States
ISP: CloudFlare
Ramesh Saho
Nuovocard International
The Cosmopolis Near NH-5
Bhubaneswar, Orissa 750103
INDIA
Telephone: 91969***** (I censored the telephone number).
Server Location: United States
ISP: CloudFlare
Ramesh Saho
Nuovocard International
The Cosmopolis Near NH-5
Bhubaneswar, Orissa 750103
INDIA
Telephone: 91969***** (I censored the telephone number).
August 15, 2014, 01:51:28 PM
Partner: Ramesh Saho ? Is he at Rajasthan ?
He is not a partner and he is from Bhubaneswar itself.
August 15, 2014, 01:41:40 PM
Can you please sent me the jar file of your application ?
There is still time for that part of the contest. There are atleast 23 people trying and it wont be fair to them. Also, I have discussed with the team and jar wont be necessary. We will post the instructions and server config later and you would be able to simulate our server. Lets give everyone the time promised. Who knows, someone might just hack our email address
and get the IP.You would not believe this but earlier this whole system was designed using a Web Interface with app and everything and then everything was scrapped by my partner as he thought that whatever we do, we cannot be as safe as Google and so he made us do everything again just to keep security as the highest concern. Moreover, he found 2fa on phone apps too cumbersome. I guess thats why most companies dont have 2fa on their mobile apps.
Partner: Ramesh Saho ? Is he at Rajasthan ?
August 15, 2014, 01:22:05 PM
Tor is used with Bitcoind.
August 15, 2014, 08:33:05 AM
Can you please sent me the jar file of your application ?
There is still time for that part of the contest. There are atleast 23 people trying and it wont be fair to them. Also, I have discussed with the team and jar wont be necessary. We will post the instructions and server config later and you would be able to simulate our server. Lets give everyone the time promised. Who knows, someone might just hack our email address
and get the IP.You would not believe this but earlier this whole system was designed using a Web Interface with app and everything and then everything was scrapped by my partner as he thought that whatever we do, we cannot be as safe as Google and so he made us do everything again just to keep security as the highest concern. Moreover, he found 2fa on phone apps too cumbersome. I guess thats why most companies dont have 2fa on their mobile apps.
August 15, 2014, 08:27:01 AM
Can you please sent me the jar file of your application ?
August 15, 2014, 07:58:02 AM
Nope...amazon. Already disclosed that earlier.
All the best.
All the best.
August 15, 2014, 07:56:07 AM
Is your server located by hetzner ?
August 15, 2014, 07:42:17 AM
I cannot view the transaction in the testnet blockchain explorer.
http://tbtc.blockr.io/tx/info/0077907e9eee7a211de25feef9997ba0c348b8aee85319f7c541ce635757bad4
thx
August 15, 2014, 07:41:53 AM
I cannot view the transaction in the testnet blockchain explorer.
http://tbtc.blockr.io/tx/info/0077907e9eee7a211de25feef9997ba0c348b8aee85319f7c541ce635757bad4
August 15, 2014, 07:35:21 AM
I cannot view the transaction in the testnet blockchain explorer.
August 15, 2014, 03:30:01 AM
We Wish A Happy Independence Day to all Indians.
Nope. Ill give a hint, the IP Address ends with 13.
Is it 10.229.74.74 ?
Nope. Ill give a hint, the IP Address ends with 13.
nuovocard.com is registered to use Google Apps. The emails are arriving into gmail and their server is SMTP'ing in and getting them.
Only way to get the IP would be to hack their Google Apps account.
If thats what it takes, please try that too. Only way to get the IP would be to hack their Google Apps account.
August 14, 2014, 07:48:07 PM
Is it 10.229.74.74 ?
August 14, 2014, 07:22:25 PM
nuovocard.com is registered to use Google Apps. The emails are arriving into gmail and their server is SMTP'ing in and getting them.
Only way to get the IP would be to hack their Google Apps account.
Only way to get the IP would be to hack their Google Apps account.
August 14, 2014, 07:00:55 PM
Nothing is getting deposited to https://blockchain.info/address/mrm4AN6uAExNgXbRtqVL5tA4RmVxR2QtMa and blockchain.info is showing that the Tx hash u have sent does not exist. Is the App properly configured on your app server ?
They are testnet transactions, so you need to use a testnet block explorerhttp://blockexplorer.com/testnet/address/mrm4AN6uAExNgXbRtqVL5tA4RmVxR2QtMa
Oops ...sorry. Missed it. Feeling sleepy. By the way, they are most likely using Google server to sign mails, as it appears from the mail header. Can we get IP behind Google ? Most probably no by any known technology, but may be possible by social engineering.
Jump to: