Calling out whyusheep

Normally I wouldn't like to draw any attention to myself but a few things that need to be pointed out. Hypothetically speaking, if you did indeed do everything you say you did then the site was a giant POS to begin with. Regardless handing over info to LE, well that just lost respect of any good loxx.

Lets replicate a few of the claims you are making:

Figured out it was Ngnix, a monkey with no eye balls has a 70/30 chance of guessing this correctly. If it does have eye balls and can type a few things on a keyboard than you can figure out if its Apache or Ngnix very fast. Not impressed.

Signed up a few thousand accounts, there so happens to be 10 tools of the top of my head for blackhat SEO that does just this with way more advanced registration methods on more secure sites. Not Impressed

Figuring out he isn't using bcrypt or other secure encryption techniques... requires the least bit of social engineering to narrow that down fast Not Impressed

Figuring out that he is using CakePHP instead of some other subset of PHP....http://guess.scritch.org/ or just using a common url format and tracing it from there Not Impressed

Creating a Jlaw account with whitespaces, I found that a little clever

Now onto the newer claims:

Claiming to grab their DB (for a little more authentication, what type was it and how many tables, simple or advanced schemas? Don't need to screenshot it but provide a insight), I find this a bit odd that this was brought up after the fact, I challenge the legitimacy of this claim all together. Regardless if you did this, Now I am a tad bit impressed

I just don't like the concept of being angry at a shitty site admin and his shitty code so you turn it over to law enforcement... now what kind of loxx are you? Screwing over the foundation of what a lot of people stand for all because your having a temper tantrum? To all the creators/owners of current darknets, please for the love of god set up a bounty system for bugs. Hell go search around the web for a nice little image of a wonderful OS that our old friends at lolsec and anon built with tons of cool tools to test vulnerabilities. Hell look up what sql injection and serverside scripting is. Hire a real loxx to penetrate the hell out of your site.


Comments


[12 Points] timati02:

This subreddit has got to have the most drama per capita on all of reddit.


[9 Points] None:

[deleted]


[3 Points] doublemintt:

After reading most of the comments... I still think /u/whyusheep is FIRM and that alone throws is validity out the window. However, he is a little shit and is obviously getting your guys attention and still hasn't shown anything


[2 Points] InfinitelyOutThere:

Thanks... I guess? I kinda wanted to post this, but Im meant to be impartial.


[2 Points] None:

It was more like 20,000 accounts (because I wrote my bots to work concurrently). I then I automated them to fill in the profile and pgp key with 100k+ characters effectively filling up their hard drives. That was because they didn't have validations on their fields so I could put whatever amount of junk data I wanted.

I also used a secure randomize to randomly insert data into my chunks of junk data to make it incredibly tedious to delete. They would of have to use some complex regex which is notoriously slow to cleanly remove it from their DB.

Instead they just deleted every account after I started. Effectively stealing money from anyone who made an account and deposited during that time period.

This was a distraction tactic to let me do whatever I want on the server while they were responding to that simple attack. ;)

Edit: Totally found these scripts on the internet guys - you'd be amazed how customized the script kiddy pages are these days.

./annoy_utopia_plz_k_thx.c


[2 Points] None:

I think your problem is thinking that competence=making long well-written posts with bullet points and lots of links, as seems to be prevailing opinion on reddit.

Some people are good at what they do AND they're insufferable cunts. Some people are capable of doing stuff without an obsessive compulsion to document every step in a long reddit post, and some people will deny you proof just to be incite you. I have no idea if he actually did what he said he did and for now neither do you. He might have, he might have not; at the very least he's good entertainment.


[1 Points] RosyPalm:

Ruminate fight!


[1 Points] None:

Want to be clear too: If I can tell you are running apache or nginx by doing a banner grab with ncat you are clearly not reading Tor dev's recommendations to make a custom compile with everything identifiable pulled out. I think I have noticed only one or two markets doing this correctly.


[1 Points] None:

I actually claimed I grabbed their DB immediately. I explained in detail how I did it too.


[1 Points] MindSquid:

Dutch police announced they siezed the site and 900 BTC whyusheep didnt steal anything. No further proof needed that hes full of lies.


[-2 Points] youlittletwerp:

The point is whyusheep is a little pimply faced teenager that obviously has no life whatsoever can't get laid ever and all he does is sit in front of his computer and learn hacking because it makes him feel superior. Well sheep you still going to wake up in the morning and be noone. You might be a badass on reddit and darknet but that does not mean squat in real life you pathetic snitching looser.