This is an archived post. You won't be able to vote or comment.

all 74 comments

[–]sharpshooter789 18 points19 points  (0 children)

He seriously did no input sanitation on a hidden service?

[–]farmer1wastaken 35 points36 points  (3 children)

You intercepted dogedoge’s payment on the 17th. Please send the coin to 16uniUFpbhrAxAWMZ9qEkcT9Wf34ETB4Tt. That is OpenBazaar's donation address (published on openbazaar.org).

I shipped this order of course. I shipped all my pending orders after SR1 went down, and Sheep too. If you are a customer of mine I will always bear these risks for you.

I can currently be found on Agora.

[–]Jax-Teller 8 points9 points  (0 children)

Precisely why Farmer1 has the best rep out there.

[–]synikal12 0 points1 point  (0 children)

I've vouched for farmer1 time and time and time and time and time again. I'm pretty notorious around these parts for knowing the best weed vendors around, and this is why.

[–]duhgrateone 41 points42 points  (3 children)

i dunno bout yall, but im okay with this. good work, expose incompetency...dnms have no need for idiots like this.

[–][deleted] 3 points4 points  (0 children)

In the grand scheme of things, this is a very good thing. Better OP than the FBI or some other organization who would have got to it eventually. And we all know things would have turned out a bit differently.

[–]downthecakehole 2 points3 points  (1 child)

It's so easy to say something like that when you aren't the one being effected by this persons actions. I wonder if you'd feel that way if you lost some coins via this hack. I'll admit this person did a service by exposing incompetency but I feel like it was gone about completely the wrong way.

[–]Throwaway_concept 1 point2 points  (0 children)

The only way you'd be the one being affected is if you were someone who was incompetent enough to try to run a darknet market without knowing anything about security. Atleast he knew how to encrypt the passwords, even though he even did a shitty job at that. The man is paying anyone back who can prove they lost anything. The only one suffering is the one who was putting users at a serious risk.

[–]SynapticInsight 12 points13 points  (2 children)

Passwords are all md5 so something was done right at least.

MD5 passwords are right? Haha. Better than cleartext, yes. But right? Not by a long shot.

[–]sharpshooter789 7 points8 points  (1 child)

I missed the md5 part. What a joke. He probably has or could have all the passwords now.

[–]SynapticInsight 11 points12 points  (0 children)

Yeah, I've got a feeling that they're not even salted, either. I guess all the competent people realize that it's too risky to run a DNM.

[–]Onionshop2 23 points24 points  (17 children)

omg Im speachless.. the amount of shit you talk is beyond my imagination what FUDing can look like. I wont address all you said since some of it is just plain ridicolous.

It took this idiot all of 4 days

lol how can you say that? there were only 3 orders in a timeframe of at best 12 hours before we realized and took action. ask all the vendors that had orders the days before the incident if theyve lost any money? Especially farmer1, swissshop and ozgrow had dozens of orders last week.

I'm in the database as we speak

lol sorry to break it to you, but we moved the site to a different server and changed everything up again the moment we published the site how it is now. since the shops are offline, we removed nearly everything from the server so I highly doubt there is any chance to hack it in this state.

feel free to prove it though, check our database, table "bonus". there is 1 entry, what does it say?

He has now sent me a begging PM asking me

ill rather die than begging for anything. it was 700$ LOL I wouldnt even consider asking such a dumb thing

UPDATE: the image OP has posted as an update is shopped, I never messaged him.

[–]ta1337marketnoob 22 points23 points  (13 children)

I wonder which one if you is bullshitting

[–]coyhot 7 points8 points  (0 children)

OP's not delivering the bonus entry, so we'll know soon enough.

!remindMe 1d

[–][deleted] 1 point2 points  (1 child)

I wish I could afford to lose $700 ;_;

[–]Onionshop2 0 points1 point  (0 children)

we cant neither honestly. Buts thats still no reason to act like a little bitch like OP has portrayed us.

The vendors were as stand up to ship the 3 orders anyway. we repay part of it now and the rest asap. were not running away.

[–]Tripped_ 9 points10 points  (16 children)

So... How much did you earn?

[–]twigburst 21 points22 points  (1 child)

Stole.

[–]vwermisso 3 points4 points  (0 children)

Put in safer hands.

[–]Frankeh1 4 points5 points  (2 children)

hub post says $700 over 3 orders.

[–]guest20253 2 points3 points  (10 children)

I think word "earn" does not fit here...

[–]XXX-XXX-XXX 16 points17 points  (9 children)

i think it does. he came up with the idea by himself and found the vulnerabilities singlehandedly. by the sound of it, he did some work to get money.

[–]Onionshop2 9 points10 points  (2 children)

I even think this is true. hackers are essential to DNM even if their motivation is mostly shitty. Better getting hacked by some random dude than LE.

Still, OP is not the hacker..

[–]galaxyandspace -1 points0 points  (1 child)

Why this OP is a bit different:

  • Quite open about the whole thing
  • willing to dish some of the funds back to rightful owners.
  • not acting like a complete ass that rides on top of the "I am awesome" wave.
  • still a fagot ;)

[–]Onionshop2 -1 points0 points  (0 children)

hahaha dat reference +1

[–]Hofstadt 1 point2 points  (1 child)

By that logic someone who gets away with mugging a person on the street "earned" the money he stole as well.

[–]YellowXanaX 1 point2 points  (0 children)

More along the lines of someone robbing a bank and getting away with it.

[–]Iron_Maiden_666 1 point2 points  (3 children)

No, the idea is pretty basic. They teach this shit in any basic course on web programming. Robbing a bank also requires planning and effort, it's still stealing. Just because your door is open, doesn't mean I can come in and empty your house, that is still stealing even if it was enabled by your incompetence.

[–]XXX-XXX-XXX 0 points1 point  (0 children)

all I know is that not just anyone could have done what he did and no one else did what he did. thats got to be worth something

[–]poppermachine -1 points0 points  (1 child)

I think it's more comparable to somebody hacking a bank and then giving back the money to the rightful owners (not the bank). While simultaneously making a spectacle that reveals how insecure this bank was, and how anyone who keeps money in that bank might as well shove it into a furnace since it did not have enough insurance to cover the loses of it's customers. It's a standard procedure for banks to effectively hand over the money and then allow LE to take care of the problem if they are robbed at gunpoint so the plain and simple "robbing a bank" analogy is not very good.

[–]Iron_Maiden_666 1 point2 points  (0 children)

Rightful owners lucky enough to reddit. And the market place is also a rightful owner.

[–]CentralHarlem 2 points3 points  (0 children)

How much money?

[–]asdfaf21 1 point2 points  (0 children)

Just curious, how much did you make off with, initially? I think its very good of you to offer the money back to the people who can prove it is theirs, the way i see it, if everyone claims it, youre just stealing from a dumbass market operator and doing us all a favor. So thank you for robbing us (not me, i dont use that sorry excuse for a site) in a way

[–]Drugss7 11 points12 points  (10 children)

I fucking hates thieves. They're fucking scum.

[–][deleted] 6 points7 points  (0 children)

except the incompetence of a dn market can lead to more serious repercussions than just people losing money

[–]Northsidebill1 -1 points0 points  (6 children)

I fucking hate stupid people. They deserve to be stolen from.

[–]ta1337marketnoob 26 points27 points  (5 children)

nobody deserves to be stolen from, but this is hardly the place to discuss ethics.

[–]Hofstadt 0 points1 point  (1 child)

Seriously this asshole (OP) is essentially complaining that the site wasn't secure from assholes like himself. Instead of explicitly telling the admin how to fix the problem (like an ethical person would have done), he runs away with all of the money instead. And people are praising him for it nonetheless!

[–]omapuppet 7 points8 points  (0 children)

is essentially complaining that the site wasn't secure from assholes like himself.

No, the feds can get in the same way. They aren't after the money though, they're worse, they'll crawl up in there and start flipping people and tracking down those customers.

he runs away with all of the money instead

That's right, it's because pain is highly motivating, and the best way to hurt a guy so that he does something about the problem is to punch him in the wallet.

Instead of explicitly telling the admin how to fix the problem

That would be counterproductive. If an admin can't figure out how to get basic security working for himself then he shouldn't be in this game.

This shit is for real, if somebody fucks up, people other than him go to jail. We don't need people who can't get their shit together on thier own pissing in the pool.

[–]MuhammadTheProfit 1 point2 points  (0 children)

You should definitely get my money back from Pandora... Pretty please

[–]KillMeAndYouDie 1 point2 points  (0 children)

If you think losing a couple bucks is worse than having retard admins you're crazy.

Granted this dude stole money but bigger picture people, DNMs are targets in every sense and until people realise it requires a particular technical know how to run one nobodies coins or data is safe...

[–]FedoraWearingAlien 1 point2 points  (2 children)

Here's a question, did you do the SQLi by hand? or did you use sqlmap and what type of sqli was it; also just because nobody posted about it doesn't mean nobody's exploited it.

[–]sharpshooter789 -3 points-2 points  (1 child)

If the developer used parameterized queries then SQL injections would not be possible.

[–]FedoraWearingAlien 0 points1 point  (0 children)

Yes I know but that wasn't what I asked, I know how to mitigate web application exploitation.

[–]ozzygrozburg 0 points1 point  (0 children)

Please please say you made it go through a tumbler and not into an identifiable wallet.

[–]poppermachine 0 points1 point  (0 children)

Assuming this guy gives the money back to it's owners (buyers/sellers, not the actual market) I say he/she is doing a service to the community.

EDIT: I fucking love how he shamelessly admits he is a shithead even though I don't think he is. It's pretty much the perfect response in this situation.

[–]Eat_The_Muffin -1 points0 points  (5 children)

You could have just told everyone, but instead you chose to steal all the money.

Welp, at least now you will be on a lot of lists.

[–]presari0 -1 points0 points  (0 children)

I think it should be noted here, to all the people who bitch about agora being slow and having a lot of down- time ..least you still all have your BTC

Commence the down-voting and re- commence the bitching about agora

[–][deleted] -2 points-1 points  (1 child)

all up in my buziniz, my biznaz

[–]SteelyEly 1 point2 points  (0 children)

STAY THE FUCK UP OUT MY BIZNAZ

[–]obsidianchao -2 points-1 points  (0 children)

So... how about a giveaway contest for those BTC? ;D

reddit gold

In Summation

Want to say thanks to %(recipient)s for this comment? Give them a month of reddit gold.

By purchasing Reddit Gold, you agree to the Reddit User Agreement.

  • make my gift anonymous
  • include a message

Please select a payment method.

Give gold often? Consider buying creddits to use, they're 40% cheaper if purchased in a set of 12.

Would you like to learn more about giving gold?