Advertisement
XboxLIVEStealth

$$$ XBLS.NiNJA $4000 BUG BOUNTY $$$

Apr 26th, 2016
13,981
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.23 KB | None | 0 0
  1. //// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $$$$$ * !XBLS.NiNJA BUG BOUNTY! * $$$$$ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \\\\
  2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ UPDATED: JUNE 2019 - BIG REWARDS! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3.  
  4. Calling all penetration testers, whitehats, bl4ckh4t h4ck3rz, and script kiddies!
  5.  
  6. Anyone who finds a vulnerability on either of my servers will be eligible to win a bounty after privately disclosing and demonstrating an attack.
  7. Email PoC or proof of successful attack to admin@xbls.ninja or join https://chat.xbl.ninja and message an owner
  8.  
  9. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ REWARDS FOR EACH CATEGORY ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. * shell running as root or user "ninja" on VPS #1: $4000 AND 2 x *free* lifetime on NiNJA (any two consoles, $1450/ea) - combined $6900 value!
  11.  
  12. * shell running as root on VPS #2: $4000 AND 2 x *free* lifetime on NiNJA (any two consoles, $1450/ea) - combined $6900 value!
  13.  
  14. * SQL injection on VPS #1: $2000 (full WRITE access to sensitive columns/tables)
  15.  
  16. * SQL injection on VPS #1: $1000 (full read access to sensitive columns/tables)
  17.  
  18. * SQL injection on VPS #2: $1750 (full WRITE access to sensitive columns/tables)
  19.  
  20. * SQL injection on VPS #2: $750 (full read access to sensitive columns/tables)
  21.  
  22. * Write access to local files (either VPS): $1750 (sensitive source code or password hashes)
  23.  
  24. * Remote file inclusion (either VPS): $1600 (shell or perl/python/php/c bot execution)
  25.  
  26. * Local file inclusion (either VPS): $1600 (sensitive source code or password hashes)
  27.  
  28. * Cross-site scripting (either VPS): $500 (must be harmful in some way, message boxes/dumb shit don't count, redirection DOES COUNT!)
  29.  
  30. * DoS/DDoS: LOL DON'T MAKE ME LAUGH YOU SAD SCRIPT KIDDIES
  31.  
  32. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FAQ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  33. Q: What kind of CDN/WAF are you running?
  34. A: The main NiNJA website (VPS #2) is behind Cloudflare CDN+Sucuri CDN/WAF. VPS #1 is behind Cloudflare CDN.
  35.  
  36. Q: What kind of DDoS protection do you have?
  37. A: Both servers are on a USA-based port mirror of Voxility, and both have it's full DDoS mitigation capacity (~1000gbps).
  38.  
  39. Q: Do I get anything for DoS/DDoS?
  40. A: See above. LOLNO.
  41.  
  42. Q: So what appliations/services do you have running? What version are they?
  43. A: Check below!
  44.  
  45. Q: Giving us so much information takes the fun out of it/might be fake/seems stupid. Why?
  46. A: Providing all this information is giving you a higher chance of success. I want to find and fix any bugs. The info is real.
  47.  
  48. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  49. VPS #1 (primary.xbls.ninja // tcp socket listener, http listener, and administration panel):
  50. Kernel: 4.19.0-5-amd64-grsec-xbls.ninja-is.too.1337-weed.is.tight.420.blaze.it SMP Sat Jan 12 15:35:51 MDT 2019 x86_64 GNU/Linux
  51.  
  52. Software versions:
  53. * OpenSSH_7.9p1 Debian-10
  54. * OpenSSL 1.1.1b 26 Feb 2019
  55. * nginx/1.14.2
  56. * PHP 7.0.33-0+deb9u3 (fpm-fcgi) (built: Mar 8 2019 10:01:24)
  57. * Exim version 4.92 #5 built 10-May-2019 15:37:36
  58. * mysqld Ver 5.7.22 for Linux on x86_64 (MySQL Community Server (GPL))
  59. * Python 2.7.16-2
  60.  
  61.  
  62. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  63. VPS #2 (www.xbls.ninja // website, rocketchat, rocketchat-server):
  64. Kernel: 4.19.0-5-amd64-grsec-xbls.ninja-is.too.1337-weed.is.tight.420.blaze.it SMP Sat Jan 12 14:25:17 MDT 2019 x86_64 GNU/Linux
  65.  
  66. Software versions:
  67. * OpenSSH_7.9p1 Debian-10
  68. * OpenSSL 1.1.1b 26 Feb 2019
  69. * nginx/1.14.2
  70. * PHP 7.0.33-0+deb9u3 (fpm-fcgi) (built: Mar 8 2019 10:01:24)
  71. * Exim version 4.92 #5 built 10-May-2019 15:37:36
  72. * mysqld Ver 5.7.22 for Linux on x86_64 (MySQL Community Server (GPL))
  73. * WordPress 5.2.x
  74. * WooCommerce 3.6.x
  75. * Other WP plugins: lol find out yourself, bozo
  76.  
  77.  
  78. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  79. VPS #3 (api.xbls.ninja // internal, internet-isolated api calculation server):
  80. Kernel & software version info = 2spooky4u
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement