SHOW:
|
|
- or go back to the newest paste.
| 1 | We are ready to acquire information about the unique 0day vulnerabilities and 0day exploits. | |
| 2 | ||
| 3 | RULES OF REPRESENTATION | |
| 4 | We constantly buy 0day and Nday vulnerabilities and exploits. We do not pay for hypothetical vulnerabilities. | |
| 5 | Please provide a brief technical description of the vulnerabilities and exploits on our form to our | |
| 6 | e-mail: [email protected] | |
| 7 | Your vulnerability will be analyzed and evaluated by us within 48 hours. Remuneration can be paid in cash, | |
| 8 | bank transfers or anonymous transfers using crypto conversions. We are considering an additional premium | |
| 9 | for exclusive conditions for us in the form of additional quarterly payments to researchers before disclosure | |
| 10 | of the vulnerability. | |
| 11 | Prices 0days can be higher than indicated in the table all depends on the quality of the exploits, we are | |
| 12 | ready to negotiate the price on a bilateral basis. | |
| 13 | ||
| 14 | We also provide the service ESCROW service when both parties can not agree and do not trust each other. | |
| 15 | Agents and brokers are welcome, we pay high commissions for help in acquiring 0day vulnerabilities. | |
| 16 | We reserve the right to refuse to purchase your materials. | |
| 17 | ||
| 18 | PURCHASE TERMS | |
| 19 | 1. You discover a vulnerability and create a functional prototype of exploits (PoC) | |
| 20 | 2. You write a short technical description of the vulnerability found and send it to us. | |
| 21 | 3. Within 48 hours we will answer you in writing our interest and prevernuyu cost we are willing to pay you. | |
| 22 | 4. If you agree, you provide us with full technical information, including a functional prototype. | |
| 23 | 5. We check the exploit you provided and pay you a reward according to the method you selected within 24 hours. | |
| 24 | ||
| 25 | If you have any counter proposals regarding the acquisition process, you can always contact us. We can organize | |
| 26 | a personal meeting with you in practical any country in the world to personally discuss all the issues personally. | |
| 27 | ||
| 28 | PRICE TABLE | |
| 29 | ||
| 30 | +------------------------------------------+ +-------------------------+ | |
| 31 | | INTEGRATED CIRCUITS | | SCADA PLC | | |
| 32 | |------------------------------------------| |-------------------------| | |
| 33 | |Smart Cards | $100,000+ | | Siemens | $30,000+ | | |
| 34 | |Cellular SoC (MTK, Qualcomm) | $50,000+ | | Honeywell | $20,000+ | | |
| 35 | |CPLD/FPGA | $50,000+ | | Mitsubishi | $15,000+ | | |
| 36 | |Microcontrollers | $30,000+ | | Omron | $10,000+ | | |
| 37 | +------------------------------------------+ | ABB | $10,000+ | | |
| 38 | | Schneider | $10,000+ | | |
| 39 | | Other | $5,000+ | | |
| 40 | +---------------------+ +-------------------------+ | |
| 41 | | ATM | | |
| 42 | |---------------------| +------------------------------------------------------+ | |
| 43 | | Wincor | $25,000+ | | NETWORK DEVICES | | |
| 44 | | NCR | $25,000+ | |------------------------------------------------------| | |
| 45 | | Diebold | $15,000+ | | Juniper | $50,000+ | | |
| 46 | | Other | $15,000+ | | Cisco | $50,000+ | | |
| 47 | +---------------------+ | Sonicwall | $50,000+ | | |
| 48 | | F5 | $50,000+ | | |
| 49 | +---------------------------+ | SIP Avaya, Asterisk, Polycom and others | $50,000+ | | |
| 50 | | SMART TV | | Riverbed | $50,000+ | | |
| 51 | |---------------------------| | HP | $10,000+ | | |
| 52 | | Samsung | $10,000+ | | Huawei | $10,000+ | | |
| 53 | | Sony | $10,000+ | | Asus | $5,000+ | | |
| 54 | | Panasonic | $10,000+ | | ZyXEL | $5,000+ | | |
| 55 | | LG | $5,000+ | | Netgear | $5,000+ | | |
| 56 | | Home Appliance | $5,000+ | | D-Link | $5,000+ | | |
| 57 | +---------------------------+ | Other | $1,000+ | | |
| 58 | +------------------------------------------------------+ | |
| 59 | ||
| 60 | +-------------------------------------+ +---------------------------------+ | |
| 61 | | IPMI | | GAMING CONSOLES | | |
| 62 | |-------------------------------------| |---------------------------------| | |
| 63 | | Sun SSP | $100,000+ | | Xbox ONE X (RCE) | $75,000+ | | |
| 64 | | Dell DRAC | $100,000+ | | Playstation 4 (RCE) | $75,000+ | | |
| 65 | | HP iLO | $100,000+ | | Nintendo (RCE) | $50,000+ | | |
| 66 | | Supermicro IPMI | $100,000+ | +---------------------------------+ | |
| 67 | | Cisco CIMC | $50,000+ | | |
| 68 | | VNC, Teamviewer, Radmin | $50,000+ | | |
| 69 | | Other | $20,000+ | | |
| 70 | +-------------------------------------+ | |
| 71 | +---------------------------+ | |
| 72 | | PERIPHERAL DEVICES | | |
| 73 | +---------------------------------------------------+ |---------------------------| | |
| 74 | | MOBILE DEVICES | | Scanners (RCE | $30,000+ | | |
| 75 | |---------------------------------------------------+ | Printers (RCE) | $30,000+ | | |
| 76 | | Apple iOS (LCE,RJB) | $2,500,000+ | | CCTV (RCE) | $10,000+ | | |
| 77 | | Android (RJB) | $2,500,000+ | +---------------------------+ | |
| 78 | | SMS/MMS (RCE+LPE) (Any Mobile OS) | $2,500,000+ | | |
| 79 | | WiFi (RCE+LPE) (Any Mobile OS) | $100,000+ | | |
| 80 | | Bluetooth (RCE+LPE) (Any Mobile OS) | $50,000+ | | |
| 81 | | Sandbox Escape (Any Mobile OS) | $30,000+ | | |
| 82 | | WatchOS (LCE,RJB) | $100,000+ | | |
| 83 | +---------------------------------------------------+ | |
| 84 | ||
| 85 | +-----------------------------------------+ +------------------------------------+ | |
| 86 | | OPERATING SYSTEMS | | DATABASE SOFTWARE | | |
| 87 | |-----------------------------------------| |------------------------------------| | |
| 88 | | Windows Server (RCE, SE) | $500,000+ | | MS SQL Server (RCE) | $200,000+ | | |
| 89 | | Windows 7/8.1/10 (LPE, SE) | $150,000+ | | Oracale Database (RCE) | $200,000+ | | |
| 90 | | MacOS (LPE, SE) | $50,000+ | | MongoDB (RCE) | $150,000+ | | |
| 91 | | Linux Desktop/Server (LPE) | $50,000+ | | MySQL (RCE) | $150,000+ | | |
| 92 | | Virtual Machine Escape | $150,000+ | | MS Access (RCE) | $20,000+ | | |
| 93 | +-----------------------------------------+ +------------------------------------+ | |
| 94 | ||
| 95 | +-------------------------------------------------+ | |
| 96 | | PRODUCTIVITY APPS | +----------------------------------------+ | |
| 97 | |-------------------------------------------------+ | MESSENGERS | | |
| 98 | | MS Office Word, Excel, PP (RCE) | $250,000+ | +----------------------------------------| | |
| 99 | | Adobe PDF Reader all (RCE, SE) | $250,000+ | | Telegram (RCE) | $1,000,000+ | | |
| 100 | | Adobe Flash Player (RCE, SE) | $150,000+ | | WhatsApp (RCE) | $1,000,000+ | | |
| 101 | | Microsoft Silverlight(RCE, SE) | $100,000+ | | Facebook Messenger (RCE) | $250,000+ | | |
| 102 | | Antivirus (RCE, LPE) | $30,000+ | | WeChat (RCE) | $250,000+ | | |
| 103 | +-------------------------------------------------+ | Viber (RCE) | $150,000+ | | |
| 104 | | Imo (RCE) | $150,000+ | | |
| 105 | | Line (RCE) | $150,000+ | | |
| 106 | +----------------------------------------+ | |
| 107 | ||
| 108 | +---------------------------------------+ +--------------------------------------------+ | |
| 109 | | WEB SERVERS | | WEB BROWSERS | | |
| 110 | |---------------------------------------| |--------------------------------------------| | |
| 111 | | Microsoft IIS (RCE) | $250,000+ | | Google Chrome all OS (RCE, SE) | $300,000+ | | |
| 112 | | MS Exchange Server (RCE) | $300,000+ | | Microsoft Edge (RCE, SE) | $300,000+ | | |
| 113 | | Nginx (RCE) | $300,000+ | | TOR Browser (RCE, SE) | $300,000+ | | |
| 114 | | Appache Server (RCE) | $300,000+ | | Apple Safari OS X (RCE, SE) | $250,000+ | | |
| 115 | | Open SSL (RCE) | $250,000+ | | Mozilla Firefox (RCE, SE) | $150,000+ | | |
| 116 | | Lotus Domino (RCE) | $100,000+ | +--------------------------------------------+ | |
| 117 | | JBoss (RCE) | $100,000+ | | |
| 118 | | Appache Tomcat (RCE) | $50,000+ | | |
| 119 | +---------------------------------------+ | |
| 120 | +----------------------------------+ | |
| 121 | +----------------------------------------------+ | BUGTRACKERS | | |
| 122 | | EMC | |----------------------------------| | |
| 123 | |----------------------------------------------| | Redmine | $30,000+ | | |
| 124 | | Microsoft SharePoint | $250,000+ | | Atlassian JIRA | $30,000+ | | |
| 125 | | IBM Fil-eNet | $150,000+ | | Bugzilla | $10,000+ | | |
| 126 | | Oracle WebCenter | $150,000+ | | Jenkins | $10,000+ | | |
| 127 | | OpenText Content Suite Platform | $50,000+ | | Atlassian Confluence | $10,000+ | | |
| 128 | +----------------------------------------------+ +----------------------------------+ | |
| 129 | ||
| 130 | +----------------------------+ +-----------------------------+ | |
| 131 | | FTP | | CMS | | |
| 132 | |----------------------------| |-----------------------------| | |
| 133 | | Filezilla (RCE) | $30,000+ | | Wordpress (RCE) | $100,000+ | | |
| 134 | | Titan (RCE) | $20,000+ | | 1C Bitrix (RCE) | $100,000+ | | |
| 135 | | Serv-U (RCE) | $20,000+ | | Joomla (RCE) | $80,000+ | | |
| 136 | | net2ftp (RCE) | $20,000+ | | Wix (RCE) | $25,000+ | | |
| 137 | +----------------------------+ | Drupal (RCE) | $25,000+ | | |
| 138 | +-----------------------------+ | |
| 139 | ||
| 140 | +--------------------------------------+ | |
| 141 | | FORUMS | | |
| 142 | |--------------------------------------| +----------------------------------------------+ | |
| 143 | | IP.Board (RCE) | $50,000+ | | PLM and EPR | | |
| 144 | | VBulletin (RCE) | $50,000+ | |----------------------------------------------| | |
| 145 | | Lithium communities (RCE) | $50,000+ | | SAP | $100,000+ | | |
| 146 | | Mybb (RCE) | $25,000+ | | Siemens Teamcenter | $100,000+ | | |
| 147 | | PHPbb (RCE) | $25,000+ | | Oracle ERP | $100,000+ | | |
| 148 | | IP.Suite (RCE) | $25,000+ | | Oracle Agile PLM | $100,000+ | | |
| 149 | | XenForo | $20,000+ | | SPTC Windchill PLM | $50,000+ | | |
| 150 | | Woltlab BB (RCE) | $20,000+ | | MentorGraphics HyperLynx SI PLM | $50,000+ | | |
| 151 | +--------------------------------------+ | Enovia PLM | $30,000+ | | |
| 152 | +----------------------------------------------+ | |
| 153 | ||
| 154 | +------------------------------------------+ | |
| 155 | | MAIL SERVERS | +-------------------------------+ | |
| 156 | |------------------------------------------| | HOSTING PANELS | | |
| 157 | | Microsoft Outlook OWA (RCE) | $200,000+ | |-------------------------------| | |
| 158 | | Sendmail (RCE) | $120,000+ | | cPanel (RCE) | $75,000+ | | |
| 159 | | IBM Lotus Domino (RCE) | $100,000+ | | Plesk (RCE) | $75,000+ | | |
| 160 | | Horde (RCE) | $50,000+ | | Direct Admin (RCE) | $25,000+ | | |
| 161 | | Roundcube (RCE) | $50,000+ | | Other (RCE) | $10,000+ | | |
| 162 | | Squirellmail (RCE) | $50,000+ | +-------------------------------+ | |
| 163 | | Other mail servers (RCE) | $25,000+ | | |
| 164 | +------------------------------------------+ | |
| 165 | ||
| 166 | LPE - Local Privilege Escalation | |
| 167 | RCE - Remote Code Execution | |
| 168 | SE - Sandbox Escape | |
| 169 | RJB - Remote Jailbreak | |
| 170 | LCE - Local Code Execution (physical access to device) | |
| 171 | ||
| 172 | In addition to vulnerabilities, we are interested in obtaining various research results, such as: | |
| 173 | - Deanonimization of TOR network resources | |
| 174 | - Bypassing ASLR, DEP, UAC and other security mechanisms | |
| 175 | - Attack vectors for remote code execution on devices via GSM, Bluetooth and WiFi | |
| 176 | - Vulnerabilities on mobile chipsets | |
| 177 | - Innovative detour of antiviruses | |
| 178 | - Other research results and technical information. | |
| 179 | ||
| 180 | ||
| 181 | ||
| 182 | EXPLOIT TECHNICAL INFORMATION | |
| 183 | All questions should have the most detailed answers from this depends on | |
| 184 | what price we will offer you for your 0day exploit. | |
| 185 | 1. Item name : _____________________________________________________________________ | |
| 186 | 2. Asking Price and availability of exclusive acquisition : ________________________ | |
| 187 | 3. Affected OS: ________________________ | |
| 188 | 4. Vulnerable Target application versions and reliability. If 32 bit only, is 64 bit vulnerable? | |
| 189 | List complete point release range. ________________________________________________ | |
| 190 | 5. Tested, functional against target application versions, list complete point release range. | |
| 191 | Explain ________________________________________________ | |
| 192 | 6. Does this exploit affect the current target version? | |
| 193 | [ ] Yes | |
| 194 | [ ] No | |
| 195 | 7. Privilege Level Gained | |
| 196 | [ ] As logged in user (Select Integrity level below for Windows) | |
| 197 | [ ] Web Browser's default (IE - Low, Others - Med) | |
| 198 | [ ] Low | |
| 199 | [ ] Medium | |
| 200 | [ ] High | |
| 201 | [ ] Root, Admin or System | |
| 202 | [ ] Ring 0/Kernel | |
| 203 | [ ] Other | |
| 204 | 8. Minimum Privilege Level Required For Successful PE | |
| 205 | [ ] As logged in user (Select Integrity level below for Windows) | |
| 206 | [ ] Low | |
| 207 | [ ] Medium | |
| 208 | [ ] High | |
| 209 | [ ] N/A | |
| 210 | [ ] Other ________________________ | |
| 211 | 9. Exploit Type (select all that apply) | |
| 212 | [ ] Remote code execution | |
| 213 | [ ] Privilege escalation | |
| 214 | [ ] Font based | |
| 215 | [ ] Sandbox escape | |
| 216 | [ ] Information disclosure (peek) | |
| 217 | [ ] Code signing bypass | |
| 218 | [ ] Persistency | |
| 219 | [ ] Other ________________________ | |
| 220 | 10. Delivery Method | |
| 221 | [ ] Via web page | |
| 222 | [ ] Via file | |
| 223 | [ ] Via network protocol | |
| 224 | [ ] Local privilege escalation | |
| 225 | [ ] Other (please specify) ________________________ | |
| 226 | 11. Bug Class | |
| 227 | [ ] memory corruption | |
| 228 | [ ] design/logic flaw (auth-bypass / update issues) | |
| 229 | [ ] input validation flaw (XSS/XSRF/SQLi/command injection, etc.) | |
| 230 | [ ] misconfiguration | |
| 231 | [ ] information disclosure | |
| 232 | [ ] cryptographic bug | |
| 233 | [ ] denial of service | |
| 234 | 12. Number of bugs exploited in the item: ________________________ | |
| 235 | 13. Exploitation Parameters | |
| 236 | [ ] Bypasses ASLR | |
| 237 | [ ] Bypasses DEP / W ^ X | |
| 238 | [ ] Bypasses Application Sandbox | |
| 239 | [ ] Bypasses SMEP/PXN | |
| 240 | [ ] Bypasses EMET Version 5.52± | |
| 241 | [ ] Bypasses CFG (Win 8.1) | |
| 242 | [ ] N/A | |
| 243 | 14. Is ROP employed? | |
| 244 | [ ] No | |
| 245 | [ ] Yes (but without fixed addresses) | |
| 246 | - Number of chains included? | |
| 247 | ________________________ | |
| 248 | - Is the ROP set complete? | |
| 249 | ________________________ | |
| 250 | - What module does ROP occur from? | |
| 251 | ________________________ | |
| 252 | 15. Does this item alert the target user? | |
| 253 | Explain ______________________________________________ | |
| 254 | 16. How long does exploitation take, in seconds? | |
| 255 | 17. Does this item require any specific user interactions? | |
| 256 | 18. Any associated caveats or environmental factors? For example - does the exploit determine | |
| 257 | remote OS/App versioning,and is that required? Any browser injection method requirements? | |
| 258 | For files, what is the access mode required for success? | |
| 259 | 19. Does it require additional work to be compatible with arbitrary payloads? | |
| 260 | [ ] Yes | |
| 261 | [ ] No | |
| 262 | 20. Is this a finished item you have in your possession that is ready for delivery immediately? | |
| 263 | [ ] Yes | |
| 264 | [ ] No | |
| 265 | [ ] 1-5 days | |
| 266 | [ ] 6-10 days | |
| 267 | [ ] More: _______________________________ | |
| 268 | 21. Impact on framework (crashes, etc.) ____________________________________________________ | |
| 269 | 22. Success rate (or number of necessary attempts) _________________________________________ | |
| 270 | 23. Does this item support continuation of execution? | |
| 271 | 24. Description. Detail a list of deliverables including documentation. | |
| 272 | 25. Testing Instructions : _________________________________________________________________ | |
| 273 | 26. Comments and other notes; unusual artifacts, other limitations, mitigations or other | |
| 274 | pieces of information : ________________________________________________________________ |
