[HUGE BREAKTHROUGH!] Employee Panel Bypass?

[ghost]

Working on accessing Prodigy employee panel.

Original post:

https://prnt.sc/v6jvlb

[ghost]

I AM VERY EXCITED LEMME EXPIREMENT

[ArcerionDev]

this may actually be something

[ArcerionDev]

however, it will be hard to forge the requests in-game

[ghost]

also remember /oauth2/userinfo

there's a employee thing

we should use tampermonkey or something to change it to "employee": "true"

also prodigy is still "temporarily offline" for me and i gtg so i cant do more rn

[ArcerionDev]

alright, we can work on it

[ghost]

im back kidssss

[ghost]

also we should totally bruteforce this https://sso.prodigygame.com/employee/login

we have a lot of prodigy employee emails

[ghost]

bruh so the penis captcha thing doesnt work on employee login but it does on student/parent login

prodigy gives their employees more security on just a basic login screen than they do their actual customers lmfao

[ghost]

also this domain contains resources for prodigy's customer support: https://cs.prodigygame.com/

maybe bruteforce URLs for something interesting??

[ghost]

https://cs.prodigygame.com/index.php doesnt exist so the home is an html file

[ghost]

ok so when you send prodigy an email to support there's this thing where it says like "Press yes if these links solved your issue and we will close the ticket"

"Yes" links to this: https://www.prodigygame.com/actions/resolveZendeskTicket.php?ticketID=923925

the ticket ID is just my "test" ticket

but theoretically we could close every ticket on the zendesk by just going up a number each time

[ghost]

im getting off-topic rn tho ik

[ghost]

yep it works i solved my ticket by ID

(ik a way to create an account on any zendesk support page even if the support center in question disallows it but that's a story for another day)

[rusprice]

Major breakthrough!!!

[ghost]

i theoritically just marked like 20 tickets as resolved but no way to tell if it worked

[ghost]

Major breakthrough!!!

yep

[rusprice]

Use the dev tools and inspect the data sent when you go to that page, make sure no cookies are sent for verification or anything.

[ghost]

Use the dev tools and inspect the data sent when you go to that page, make sure no cookies are sent for verification or anything.

kk

[rusprice]

I just checked, and nope!!

[ghost]

absolutely nothing!

[ghost]

I just checked, and nope!!

why did you close lmao? misclick?

[rusprice]

Yup.

[ghost]

brb

[ghost]

back, and will hasnt been active on github lately so i unassigned him. if he actually comments here i'll re-assign him

[ghost]

hmm so what if we just find a prodigy employee who's email is in a data breach exposing plain-text passwords (there are quite a few) and like use that to login to the employee dashboard?

[rusprice]

Possibly?

[ghost]

ye hmmm

[ghost]

Ok so Co-CEO email

[ghost]

a dev

[rusprice]

Found a list of all the help center API endpoints.

[rusprice]

Get all tickets - https://prodigygame.zendesk.com/api/v2/tickets.json

[rusprice]

This endpoint is for agents only

[rusprice]

Here's the entire API documentation for zendesk support pages, https://developer.zendesk.com/rest_api/docs/support/tickets#list-tickets. The API base URL for Prodigy is https://prodigygame.zendesk.com/api/v2/

[ghost]

More devs

[ghost]

ok that's everything RocketReach lets me search, feel free to plug the emails into HaveIBeenPwned

[rusprice]

I posted a comment, look at it.

[ghost]

oooh ok

[ghost]

fuck i just realized i lost my canva combolist and one of the prodigy employees is in that breach

[ghost]

Nathaniel Groce's Gmail is in a bunch of breaches, which looks pretty useful to me ngl. A lot of the breaches had weak hashing so we might get some passwords from this. Now for the hard part: Finding the breaches.

[ghost]

YESS HES ON NEOPETS BREACH WHICH EXPOSED PLAIN TEXT PASSWORDS

[ghost]

oooh he's on wattpad too

[ghost]

Cracked.to or RaidForums are both good places to look for breach combolists. I suggest using a VPN, though.

[ghost]

kk so im thinking that if prodigy finds this they'll fix the issues and we're screwed. should we take this to Telegram or something similar?

[ghost]

https://t.me/joinchat/AAAAAFSe3mFvwKnySnBd2w join then add me as a contact and I'll create a "secret" (aka end-to-end encrypted) group dm for the employee hack

[ghost]

also join https://t.me/joinchat/AAAAAES-lpeZXVDVdnzKSg

[rusprice]

I'm going to close this, this is just an API endpoint that doesn't give away employee panel access.