Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started - page 7.

vip

Activity: 1316

Merit: 1043

👻

Quote from: neha on August 10, 2014, 11:56:50 PM

VERY IMPORTANT, the webserver is a different server and we are looking to get the application server hacked. PLEASE DO NOT HACK THE WEBSERVER AS THAT IS NOT PART OF THE BOUNTY. Also, 104.28.2.120 is not the IP address of the webserver also as I got a couple of PM's saying this is the IP. Again, the BOUNTY is not for the WEBSERVER. APPLICATION SERVER AND WEBSERVER are Seperate.

Also, feel free to post in public as we dont want to hide even if we get hacked. The idea behind the contest is to prove to ourselves that the platform that we have designed is possible very difficult to hack. Moreover, the $3000 bounty has been decided because it is the amount of bitcoins we will have in our hot wallet, so even if we get hacked, this is the max you can get. Although, we are saying 97% on our website, we dont plan to keep anything more than $3000 which will keep getting refilled manually.

Thanks.

To be absolutely correct, your bitcoind is on application server?

hardshot

sr. member

Activity: 457

Merit: 251

My IP guess: 199.241.30.125

neha

full member

Activity: 168

Merit: 100

Quote from: ?? on ??

Did you ever stop to think that best way to find the hidden server is to hack the one that is known since it is a clone?

You called down the thunder, now you got it.

Deal with it.

~BCX~

Well, the server that we will be providing to hack is an exactly replica with one difference i.e. it will only have one application running which will do all the aspects of multiple applications that are supposed to handle traffic. It will read email, reply, transact and talk to the database server. There are multiple different servers involved in the system we have designed and it is designed to handle upto a million users and webserver has no link to the primary server.

Also, we seriously mean 'by any means necessary'. We would love to see how it gets hacked as it will ensure more security in future for our users. Also, when this challenge is over, based on the results, we will probably extend the challenge. The only difference would be that we will never disclose the IP like we are doing here and moreover it will be programmed to get a new IP daily.

Questions???

Equinoxx

hero member

Activity: 742

Merit: 500

I have the adress is for the website,
not of the Cloudflare although the Cloudflare is in Arizona.
Your host is in India.
I have the full adress if you would like me to email it.
Thanks

neha

full member

Activity: 168

Merit: 100

Quote from: Equinoxx on August 11, 2014, 12:30:25 AM

The IP that everyone seems to be picking up is Cloudflares,
I have the location of the site but not the IP.
If you like me to PM you the address or post it publicly,
let me know.
Thanks!

Guys, again that is the webserver and the webserver is located on Amazon and so is the primary and database server. The idea is to only hack the replica of the primary server and when the contest starts, you will be able to send an email to [email protected] and get a reply from the server that is supposed to be hacked. It will reply you with a transaction hash for a testnet transaction which it will make upon receiving your email.

I hope this clears it.

Thanks.

Equinoxx

hero member

Activity: 742

Merit: 500

The IP that everyone seems to be picking up is Cloudflares,
I have the location of the site but not the IP.
If you like me to PM you the address or post it publicly,
let me know.
Thanks!

neha

full member

Activity: 168

Merit: 100

VERY IMPORTANT, the webserver is a different server and we are looking to get the application server hacked. PLEASE DO NOT HACK THE WEBSERVER AS THAT IS NOT PART OF THE BOUNTY. Also, 104.28.2.120 is not the IP address of the webserver also as I got a couple of PM's saying this is the IP. Again, the BOUNTY is not for the WEBSERVER. APPLICATION SERVER AND WEBSERVER are Seperate.

Also, feel free to post in public as we dont want to hide even if we get hacked. The idea behind the contest is to prove to ourselves that the platform that we have designed is possible very difficult to hack. Moreover, the $3000 bounty has been decided because it is the amount of bitcoins we will have in our hot wallet, so even if we get hacked, this is the max you can get. Although, we are saying 97% on our website, we dont plan to keep anything more than $3000 which will keep getting refilled manually.

Thanks.

neha

full member

Activity: 168

Merit: 100

Hack Our Application Server for $3000

The challenge starts on 15th of August, 2014 and ends on 10th September, 2014

CONTEST DETAILS

Server Parameters

Our Server is Running a Java Application which is communicating with Google Server via API's. Also, it is running Bitcoin Armoryd and Bitcoind.

To communicate with the server and check if its running or not, send an email to [email protected] with Subject 'Transfer'. The server will send you an email back with a transaction hash for an instant transaction in the amount of 0.0001 BTC to mrm4AN6uAExNgXbRtqVL5tA4RmVxR2QtMa.

Objective 1 (Bounty $200)

Find the IP address of the server. If no one is able to find the IP address in the first 5 days, we will disclose the IP address and no one will be able to claim this bounty further.

If you are able to find the IP address, please disclose it on this thread.

Objective 2 (Bounty $2800) - STARTED

Try and hack into the server using any means necessary. If successful, send out a transaction to your Bitcoin Testnet Address. Sign a Message and email us the Message to verify.

The Bitcoin Wallet on the server is a testnet wallet and has been left unlocked for you to make a transaction upon gaining access.

For more information about Nuovocard, visit www.nuovocard.com.

Nuovocard will be launching a Bitcoin Debit Card and Point of Sale App at the end of September, 2014. Please ask if you have any questions.

THIS CHALLENGE IS NOT TO HACK OUR WEBSERVER BUT THE APPLICATION SERVER

Do Not Perform a DOS Attack

PLEASE SEND ME A PM TO GET THE IP. ALSO, PLEASE DONT RUN MORE THAN A COUPLE THREADS/CONNECTIONS TO THE SERVER.

UPDATE : If you are successful in hacking the server, you must share with us the complete steps of the hack and we must be able to replicate the same.

Topic: Nuovocard Hacking Contest - Hack Us for $3000 (Bounty) - Phase 2 Started - page 7. (Read 6573 times)