Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

"Aww, if you make me cry anymore, you'll fog up my helmet." -- "Visionaries" cartoon


computers / rocksolid.shared.security / hacked my first site... not sure what to do

SubjectAuthor
* hacked my first site... not sure what to doAnonymous
+- hacked my first site... not sure what to doAnonymous
+- hacked my first site... not sure what to doAnonymous
+- hacked my first site... not sure what to doAnonymous
`- hacked my first site... not sure what to doAnonymous

1
hacked my first site... not sure what to do
  rocksolid.shared.security
Path: i2pn2.org!rocksolid2!.POSTED.localhost!not-for-mail
From: Anonym...@news.novabbs.org (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: hacked my first site... not sure what to do
Date: Tue, 5 Oct 2021 12:23:00 +0000
Organization: Rocksolid Light
Message-ID: <55ad3c00844d616b8dd0c2486bdae5b5@news.novabbs.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: novabbs.org; posting-account="retrobbs1"; posting-host="localhost:127.0.0.1";
logging-data="24665"; mail-complaints-to="usenet@novabbs.org"
User-Agent: Rocksolid Light (www.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Spam-Level: **
X-Rslight-Site: $2y$10$elKEfv0oN7cnUTRqsS5A/ulVX8lJfhFycQKr/p3zdRda6ERPVYiZK
 by: Anonymous - Tue, 5 Oct 2021 12:23 UTC

I've managed to dump my first database in the real world with more than 100,000 user details. The database contains first names, last names, address, mobile, email and password hashes. I'm not sure what to do with this, where to sell it and how much I should charge for that kind of info per user.
--
Posted on Rocksolid Light

Re: hacked my first site... not sure what to do
  rocksolid.shared.security
Path: i2pn2.org!rocksolid2!.POSTED.10.136.168.121!not-for-mail
From: Anonym...@news.novabbs.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Re: hacked my first site... not sure what to do
Date: Wed, 6 Oct 2021 08:25:59 +0000
Organization: novaBBS
Message-ID: <307659bf19000e4c006169ecdc0a4fc9@news.novabbs.com>
References: <55ad3c00844d616b8dd0c2486bdae5b5@news.novabbs.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: novabbs.org; posting-account="retrobbs1"; posting-host="10.136.168.121";
logging-data="3604"; mail-complaints-to="usenet@novabbs.org"
User-Agent: Rocksolid Light (www.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.com
X-Spam-Level: **
X-Rslight-Site: $2y$10$TGBoldwUGrqILRQgQWwB1.PARqtjVQZHDt1ZPg55bWY7gZQdVCrYK
 by: Anonymous - Wed, 6 Oct 2021 08:25 UTC

Anonymous wrote:

> I've managed to dump my first database in the real world with more than 100,000 user details. The database contains first names, last names, address, mobile, email and password hashes. I'm not sure what to do with this, where to sell it and how much I should charge for that kind of info per user.

I guess it depends on who these users are. Without passwords it's not real useful. Maybe it's better to let the site know so they can fix their leak and make yourself feel like you did something positive.
--
Posted on novaBBS

Re: hacked my first site... not sure what to do
  rocksolid.shared.security
Path: i2pn2.org!.POSTED.novabbs-org!not-for-mail
From: Anonym...@news.novabbs.org (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Re: hacked my first site... not sure what to do
Date: Thu, 10 Mar 2022 04:07:14 +0000
Organization: Rocksolid Light
Message-ID: <7550ec6b4783b6e9737a318ecf410693@news.novabbs.org>
References: <55ad3c00844d616b8dd0c2486bdae5b5@news.novabbs.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="novabbs.org"; posting-host="novabbs-org:10.136.143.187";
logging-data="29489"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (www.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Rslight-Site: $2y$10$9NL/fY533XUcZWG0LJfgRe3/Sb9VaRzslgizOvSDQTBpB0ObfBoAa
X-Rslight-Posting-User: 5414c3f4fcc20779b8b3cdcf22974d366d4b20fe
 by: Anonymous - Thu, 10 Mar 2022 04:07 UTC

just inform the site owner of the vulnerability so that you don't go to jail

--
Posted on Rocksolid Light

Re: hacked my first site... not sure what to do
  rocksolid.shared.security
Path: i2pn2.org!.POSTED.novabbs-org!not-for-mail
From: Anonym...@news.novabbs.org (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Re: hacked my first site... not sure what to do
Date: Fri, 11 Mar 2022 22:46:58 +0000
Organization: Rocksolid Light
Message-ID: <49825c73bde05c93ecf42b75b514ebe5@news.novabbs.org>
References: <55ad3c00844d616b8dd0c2486bdae5b5@news.novabbs.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="novabbs.org"; posting-host="novabbs-org:10.136.143.187";
logging-data="1574"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (www.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Rslight-Site: $2y$10$SLj40z2k8VZVAkvXg2F49O3sygTi/mO67sdhfqOArGHxam3lCUMey
X-Rslight-Posting-User: 5414c3f4fcc20779b8b3cdcf22974d366d4b20fe
 by: Anonymous - Fri, 11 Mar 2022 22:46 UTC

>Maybe it's better to let the site know so they can fix their leak and make yourself feel like you did something positive.
This or post all the data for free somewhere and watch the resulting shitshow

--
Posted on Rocksolid Light

Re: hacked my first site... not sure what to do
  rocksolid.shared.security
Path: i2pn2.org!.POSTED.novabbs-org!not-for-mail
From: Anonym...@news.novabbs.org (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Re: hacked my first site... not sure what to do
Date: Mon, 12 Sep 2022 17:14:34 +0000
Organization: Rocksolid Light
Message-ID: <0f2426ed77dd54b570a97a19b3bee686@news.novabbs.org>
References: <55ad3c00844d616b8dd0c2486bdae5b5@news.novabbs.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="novabbs.org"; posting-host="novabbs-org:10.136.143.187";
logging-data="27227"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (www.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Rslight-Site: $2y$10$Q8kEDYzaoSIyDqdB7lkuSO6FLpI5ezSzN4kd0lk89CXGcokmii9Lu
X-Rslight-Posting-User: 60f41cd6a68b53e4cdbdc37b12064da9f6fba8ad
 by: Anonymous - Mon, 12 Sep 2022 17:14 UTC

I managed to get into a global corporation's website management system and made the mistake of letting them know. I did not know this at the time, but you really should not inform them about the issue because you are making making yourself legally liable for even finding the issue. Even if you find an issue by accident you could be facing jail time or at minimum a trial in court, depending on your countries laws and the insanity of the corporation. They will bring you to court just to save face.

I got lucky and "got away" with finding it. In my country there were cases where people went to jail for letting website owners know about their vulnerabilities. If you do decide that the risk is worth it, then at least make sure they can't trace anything back to you.

Remember: No good deed goes unpunished.

--
Posted on Rocksolid Light

1
server_pubkey.txt

rocksolid light 0.9.5
clearnet tor