API tools faq
paste
Advertisement
XboxLIVEStealth

$$$ XBLS.NiNJA $4000 BUG BOUNTY $$$

XboxLIVEStealth
Apr 26th, 2016
14,345
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.23 KB | None | 0 0
raw download clone embed print report
  1. //// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $$$$$ * !XBLS.NiNJA BUG BOUNTY! * $$$$$ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \\\\
  2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ UPDATED: JUNE 2019 - BIG REWARDS! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3.  
  4. Calling all penetration testers, whitehats, bl4ckh4t h4ck3rz, and script kiddies!
  5.  
  6. Anyone who finds a vulnerability on either of my servers will be eligible to win a bounty after privately disclosing and demonstrating an attack.
  7. Email PoC or proof of successful attack to [email protected] or join https://chat.xbl.ninja and message an owner
  8.  
  9. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ REWARDS FOR EACH CATEGORY ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. * shell running as root or user "ninja" on VPS #1: $4000 AND 2 x *free* lifetime on NiNJA (any two consoles, $1450/ea) - combined $6900 value!
  11.  
  12. * shell running as root on VPS #2: $4000 AND 2 x *free* lifetime on NiNJA (any two consoles, $1450/ea) - combined $6900 value!
  13.  
  14. * SQL injection on VPS #1: $2000 (full WRITE access to sensitive columns/tables)
  15.  
  16. * SQL injection on VPS #1: $1000 (full read access to sensitive columns/tables)
  17.  
  18. * SQL injection on VPS #2: $1750 (full WRITE access to sensitive columns/tables)
  19.  
  20. * SQL injection on VPS #2: $750 (full read access to sensitive columns/tables)
  21.  
  22. * Write access to local files (either VPS): $1750 (sensitive source code or password hashes)
  23.  
  24. * Remote file inclusion (either VPS): $1600 (shell or perl/python/php/c bot execution)
  25.  
  26. * Local file inclusion (either VPS): $1600 (sensitive source code or password hashes)
  27.  
  28. * Cross-site scripting (either VPS): $500 (must be harmful in some way, message boxes/dumb shit don't count, redirection DOES COUNT!)
  29.  
  30. * DoS/DDoS: LOL DON'T MAKE ME LAUGH YOU SAD SCRIPT KIDDIES
  31.  
  32. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FAQ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  33. Q: What kind of CDN/WAF are you running?
  34. A: The main NiNJA website (VPS #2) is behind Cloudflare CDN+Sucuri CDN/WAF. VPS #1 is behind Cloudflare CDN.
  35.  
  36. Q: What kind of DDoS protection do you have?
  37. A: Both servers are on a USA-based port mirror of Voxility, and both have it's full DDoS mitigation capacity (~1000gbps).
  38.  
  39. Q: Do I get anything for DoS/DDoS?
  40. A: See above. LOLNO.
  41.  
  42. Q: So what appliations/services do you have running? What version are they?
  43. A: Check below!
  44.  
  45. Q: Giving us so much information takes the fun out of it/might be fake/seems stupid. Why?
  46. A: Providing all this information is giving you a higher chance of success. I want to find and fix any bugs. The info is real.
  47.  
  48. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  49. VPS #1 (primary.xbls.ninja // tcp socket listener, http listener, and administration panel):
  50. Kernel: 4.19.0-5-amd64-grsec-xbls.ninja-is.too.1337-weed.is.tight.420.blaze.it SMP Sat Jan 12 15:35:51 MDT 2019 x86_64 GNU/Linux
  51.  
  52. Software versions:
  53. * OpenSSH_7.9p1 Debian-10
  54. * OpenSSL 1.1.1b 26 Feb 2019
  55. * nginx/1.14.2
  56. * PHP 7.0.33-0+deb9u3 (fpm-fcgi) (built: Mar 8 2019 10:01:24)
  57. * Exim version 4.92 #5 built 10-May-2019 15:37:36
  58. * mysqld Ver 5.7.22 for Linux on x86_64 (MySQL Community Server (GPL))
  59. * Python 2.7.16-2
  60.  
  61.  
  62. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  63. VPS #2 (www.xbls.ninja // website, rocketchat, rocketchat-server):
  64. Kernel: 4.19.0-5-amd64-grsec-xbls.ninja-is.too.1337-weed.is.tight.420.blaze.it SMP Sat Jan 12 14:25:17 MDT 2019 x86_64 GNU/Linux
  65.  
  66. Software versions:
  67. * OpenSSH_7.9p1 Debian-10
  68. * OpenSSL 1.1.1b 26 Feb 2019
  69. * nginx/1.14.2
  70. * PHP 7.0.33-0+deb9u3 (fpm-fcgi) (built: Mar 8 2019 10:01:24)
  71. * Exim version 4.92 #5 built 10-May-2019 15:37:36
  72. * mysqld Ver 5.7.22 for Linux on x86_64 (MySQL Community Server (GPL))
  73. * WordPress 5.2.x
  74. * WooCommerce 3.6.x
  75. * Other WP plugins: lol find out yourself, bozo
  76.  
  77.  
  78. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  79. VPS #3 (api.xbls.ninja // internal, internet-isolated api calculation server):
  80. Kernel & software version info = 2spooky4u
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!