Read here: http://de.pastebin.ca/835038
- Now this is the story all about how Ersan's life got flipped turned upside down and I'd like to take a minute and just sit right there and tell you how Ersan became the prince of a town called bel air
- This weeks source of lulz is provided free of charge via a site called supertorrents.org and the nicest Administrator you've ever met, Ersan.
- Supertorrents: A semi-decent private torrent site with around 35,000 members and a couple min to a couple hour pres, has always complained that they have never gotten any attention in scene notices, well it’s your (un)lucky day! Supertorrents makes approximately $2,000-$10,000/m (sup fbi?) Screenshot1.png. From here our lulz rampage began when we found out this super secret password that was 10 characters with no upper case letters numbers or symbols was also Ersan's password for every single other account that he had, including: paypal, softlayer, gmail, youtube and some other accounts we disabled/deleted for fun.
- This all began a few days ago. Me and some friends were scoping around supertorrents irc network, when we discovered that they had a public prechan. Upon discovering this moderate scene security problem some friends and I decided to check the security of said prebot, turns out it was not so secure. Upon rooting the box and grabbing the unsecure predb and some scripts to play with we then rainbow tabled'd his password hash
- First on our list to do was to donate all of SuperTorrents donation money ($2054.28) to waheguroo.com, because sikh's are awesome, if you disagree you are a faggot and can die in a fire. To prove it was Ersan that we pwned and not some other n00b here check out screenshot2.png for the irc log (BTW it really was medicalmj, that guy is 1337 and you guys should've recognized). He eventually realized and filed a chargeback, apparently Ersan doesn't like Sikh's (fucking racist) see screenshot3.png
- Second we logged into his gmail with of course the same username and password! from here we found some goodies like, his actual name which is only like 4 characters off from his nickname (idiot), his actual street address and even what car he drives (a 19 year old driving a Lexus IS300, I guess donations must be doing really well). We then moved over all of his spam into his inbox, for shits and giggles (he sure gets a lot of penis enlargement spam, I'm pretty sure it's intentional). I proceeded doing this until I realized this genius didn't even have anything in place to make sure his account wasn't pwned. At this point we just deleted his account, because maximum lulz were acheived. See screenshots3.png 4 5 6 for further proof
- Lastly we logged into his softlayer account panel where he hosts the supertorrents seedboxes and cancelled them. At absolute worst we have cleaned up some of this insecure torrent filth for at least a few days, between no servers and no more email to respond to softlayers questions. Hows that for digitalguilt?, Ersan. (screenshot7.png)
- In closing supertorrents members, how secure do you feel knowing the admin of your site uses ONE 10 char password with no upper case, symbols or numbers to protect nearly all of his accounts. Doesn't it make you wonder how secure your ip is being associated with a person like that? A person who has no job and spends your donation money on a Lexus?
- Anyway, to the scene: We have done our part, wiping another insecure torrent site off the map. Now you must do yours! supertorrents only topsite access is to a known pay-per-leech site called c0re. Siteops there are serilkila and evilmike. There have been other scene notices regarding serilkila and our information only solidifies it. Nearly all of these torrent sites are on c0re and if we can cut it off we can begin to have security again in our scene.
- peace in the middle east
- p.s. CellKill had nothing to do with the making of this scene notice. We did however, want the world to know how big of a faggot he is (you're famous now)
- greetz to renfield
Bookmarks