Want to hack something valuable?

hacxx · 07-08-2018, 05:31 PM

Blogger/Blogspot service administration is handled in the url below.

Code:
https://google-admin.corp.google.com/

If anyone succefully bruteforce or use any hacking method to get inside pls share it.
(I'm happy to get my hands on all the Blogger/Blogspot database and share/sell, lol)

Here are some legit emails possible to be targeted:

Code:
press-se@google.com

press@google.com

collections-row@google.com

proposals@google.com

david@google.com

viewer-feedback@google.com

google-code-shutdown@google.com

cdibona@google.com (Google Employer)

mothered · 07-08-2018, 05:34 PM

I successfully hit Wordpress yesterday morning.

Pushing aside my other tasks, I'll have a look.

hacxx · 07-08-2018, 05:42 PM

(07-08-2018, 05:34 PM)mothered Wrote: I successfully hit Wordpress yesterday morning.

Pushing aside my other tasks, I'll have a look.

Share your Wordpress findings Smile

Also what tools did you use?

mothered · 07-08-2018, 05:47 PM

(07-08-2018, 05:42 PM)hacxx Wrote:
(07-08-2018, 05:34 PM)mothered Wrote: I successfully hit Wordpress yesterday morning.

Pushing aside my other tasks, I'll have a look.

Share your Wordpress findings

Also what tools did you use?

What I do Is very critical and remain within the confines of my environment.

As per this thread 35 minutes ago, the only thing I contribute Is screenshots In their edited form. My attacks are predominantly performed manually.

hacxx · 07-08-2018, 06:17 PM

(07-08-2018, 05:47 PM)mothered Wrote: What I do Is very critical and remain within the confines of my environment.

As per this thread 35 minutes ago, the only thing I contribute Is screenshots In their edited form. My attacks are predominantly performed manually.

I also have penetrate successfully a few sites. Some critical and some not. All of them manually crafted...

The easiest one i hacked till now was a support ticket that was poorly coded. All i had to do was login to the platform as a normal user, navigate to the support ticket, create a new ticket and with the number of my ticket go back a number and it reveal other persons support tickets.

I could had use the information for my personal use but i just did it for the LOLZ
The disclosed information was the name, email, site and support message.

mothered · 07-09-2018, 05:01 AM

(07-08-2018, 06:17 PM)hacxx Wrote: I could had use the information for my personal use but i just did it for the LOLZ

This Is a pleasure to read, that Is, no malicious Intent.

I've compromised organizations on a very large scale (proof on request In edited form can be provided via a secure gateway), Inclusive of quite a few Fortune 500 companies. The entities I target Is Immaterial- anyone, anywhere.

Vultra · 07-09-2018, 05:22 AM

Only if I can code an actual BF or, use a dictionary method. Anyway, wouldn't you be breaking into googles database from this?

mothered · 07-09-2018, 07:11 AM

(07-09-2018, 05:22 AM)Mimiakira Wrote: Only if I can code an actual BF or, use a dictionary method.

For mediocre sites, It'll probably work but most entities on a large scale have account lockout policies, so such attack vectors are futile.

hacxx · 07-09-2018, 11:15 AM

(07-09-2018, 05:22 AM)Mimiakira Wrote: Anyway, wouldn't you be breaking into googles database from this?

Theorically speaking yes you should have access to the Blogger / Blogspot database or at least part of the administration interface.

mothered · 07-09-2018, 12:06 PM

(07-09-2018, 11:15 AM)hacxx Wrote:
(07-09-2018, 05:22 AM)Mimiakira Wrote: Anyway, wouldn't you be breaking into googles database from this?
Theorically speaking yes you should have access to the Blogger / Blogspot database or at least part of the administration interface.

I'd say It's the latter and not the central DB.

There's no data sanitization In the back-end, which Is quite surprising.

Want to hack something valuable?
Author Message