New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@hostingsolutionssux any info on how you got this info? might be useful for other providers to secure their WHMCS panel.
Sure, they had adminer (https://adminer.org) accessible to the internet, and the version they had was from like 2016. Adminer has multiple vulnerabilities including LFI, which I used. From there it was easy.
You want him to notify the customers, and if he doesn't you'll leak the customers' data?
Whose side are you on again?
Man you really should watch more anime instead of doing weird stuff like this...
I am on nobodies side. I am doing what is needed to get them to notify their customers.
edit: Ok I am not going to leak it, even if they don't notify customers, but they should.
oh public adminer... based on how the things are working for @cociu the vulnerability is still in the wild, so we might expect many others to put hands on this data
they took the server offline once they realized they were hacked, https://secure.hostsolutions.ro no longer works because it's now offline.
Thank you so much for this warning> @hostingsolutionssux said:
You don't need to leak anything else to prove even if cociu deny it
Now we all know the leak is true and you don't need to hurt the LET community
Ok you are right
I will not leak data, but I still want hostsolutions to notify everyone
That makes you a bona fide skiddie douchebag my friend. I doubt even the greatest slice of life anime would be able to save you.
No idea how old you are, what your motives are, but keep in mind all actions have consequences.
To notify what? He do not respond to clients tickets for a months...
actions do not have consequences when one is never caught.
But the vulnerable server shut down in a moment ....
@hostingsolutionssux - I appreciate your honesty, even though it comes with a bit of bragging. Please keep in mind there is a fine line between ethical hacking, and doing it for money or rewards.
You will not be appreciated. Nobody will raise statues for you. Nobody will sing songs about what you did. However, you can be considered as a teacher because people learned something from this experience, and you can be considered as an ethical hacker if you don't sell the data and simply delete it for respect of others.
The rest is just talk. What's done is done, and now it's up to you and your conscience to decide what's next. Please bear in mind that asking @cociu to notify customers with consequences (otherwise you make it public) it's called blackmail with our data, and you are clearly not on the right path towards ethical hacking and being nice because you use us, and our data, as some merchandise or trading asset.
You want respect: delete it forever. There is no need for any other proof at this point.
I have a big brain quote in my signature:
"Man is least himself when he talks in his own person. Give him a mask, and he will tell you the truth."
I hope you treat people better in real life then.
The best thing you can do, @hostingsolutionssux, is to turn over a set of this data to HIBP, so that affected people can look themselves up in the database.
This will widely publicize Hostsolutions and Marius and their carelessness, and would achieve the same thing without harming the general public.
Ok sure
I never did it for bragging, I did it because I do not like him.
I will hand over a copy of the data to HaveIbeenPwned and then delete it, like @stevewatson301 said
it's not really blackmailing hostsolution at all. because he couldn't care less. doesn't even matter if he sends another notification or not, he got nothing to lose here that's not already broken anyway.
also I doubt there is anything ethical about that hack. in the end it's more likely some retaliation attempt.
wasn't there a customer with a rack or more in servers that might have lost a bigger amount of money and even business? I am sure there are some people with the right motivation to try and hurt @cociu business. again, it's just that there is nothing left anyway, so this attempt won't change anything.
maybe some of the affected clients will learn to not reuse passwords. others might switch to try and use more fake data (which in the end hurts more legal businesses instead). so whatever the outcome will be, it rather won't hurt hostsolutions but only legitimate people in the wrong way.
hello can you please double the bandwidth of my non-existant HS vps?
Exactly why this is still ethical. No harm towards clients was done by hacker so far. The few servers up are still up. Problem is with HostSolutions to use backups, restore, and fix.
If hacker makes it public, legitimate people will suffer. Now this would be a big problem (not ethical anymore). Let's not make a drama a bigger drama, by looking the other way (as if not caring).
EDIT: Motivation is personal and irrelevant. Science and evolution matter, as long as it does not hurt people.
So I guess there's still some kindness left deep down, eh? Color me surprised.
Trust me doing stuff like this ain't worth the time. Go watch some more anime, play some visual novels. You'll feel way more fulfilled in life that way.
Feel free to ask me if you ever need recommendations.
that doesn't make it ethical lmao, its still blackhat hacking
Words are up to interpretation for anyone. Stuff like "Ethical" can mean different things to many different people. It's peoples opinions at the end of the day of what is considered "Ethical". I personally don't really know what to think of it, so meh
Unethical, ethical, black, white, whatever... As long as no harm's done to people, it's fine isn't it?
Hopefully @hostingsolutionssux will keep his word and do what's for the best.
All's well that ends well.
I try to be kind and diplomatic, in my attempt of convincing a hacker to be kind and respect others. But you guys really want to go the discussion in "blackhat" direction.
Let's just invoke the rules of LET now:
LET is not the place to boast about your DDOS attacks, share your tango downs, or rally the hacking underground to avenge a digital wrong. Discussions encouraging these activities will be closed and removed.
According to LET rules, this hacker deserves to be banned. As such, in retaliation, the data has a huge chance to become public. You want to put gas on fire, so you can have a beautiful LET drama precisely on Christmas... well... Congratulations!
According to our rules, hacking and boasting about hacking with blackmail to providers is not allowed. I hereby request this thread to be closed, and hacker be banned. It's in our rules.
Hasn't he pretty much admitted to deleting all of the servers?
Never knew that. I based my opinion on Romanian news. Seems GDPR is not interesting for Digi24, AGERPRES and such.
Ban me but I don't see point in closing thread. I did not create the thread.
I originally asked for mods not to ban me at first so I could explain myself, I have now so I am ok with ban
yeah no, there isnt a lot of different meaning for ethical hacking, if you reported whatever vulnerability you found to hostsolutions instead of exploiting it, it wouldve been ethical
@hostsolutionssux Someone should sue the fuck out of you. Go ahead and publish my personal data.
I. Don’t. Fucking. Care.