search

mikeminneman / Polldaddy_Exploit

This is an exploit proof of concept for rigging votes on Polldaddy
MIT License
0 stars 0 forks source link

Submit this to polldaddy #1

Open ghost opened 9 years ago

ghost commented 9 years ago

They just might have bug bounties who knows.

mikeminneman commented 9 years ago

Thanks, submitted it to them.

On Wed, Aug 26, 2015 at 4:23 PM, thenoncoder notifications@github.com wrote:

They just might have bug bounties who knows.

— Reply to this email directly or view it on GitHub https://github.com/mikeminneman/Polldaddy_Exploit/issues/1.

ghost commented 9 years ago

Okay. You've already posted a usable exploit before informing the concerned company, so I'm not sure if you'll get cash or not. If you post the code to them without informing them about the repo, then you're fine, I hope so.

mikeminneman commented 9 years ago

I just hope they don't try to sue me, haha.

On Wed, Aug 26, 2015 at 5:14 PM, thenoncoder notifications@github.com wrote:

Okay. You've already posted a usable exploit before informing the concerned company, so I'm not sure if you'll get cash or not. If you post the code to them without informing them about the repo, then you're fine, I hope so.

— Reply to this email directly or view it on GitHub https://github.com/mikeminneman/Polldaddy_Exploit/issues/1#issuecomment-135172271 .

mikeminneman commented 9 years ago

Are you one of the guys in the A858 chat?

On Wed, Aug 26, 2015 at 5:16 PM, Mike Minneman mjm703@gmail.com wrote:

I just hope they don't try to sue me, haha.

On Wed, Aug 26, 2015 at 5:14 PM, thenoncoder notifications@github.com wrote:

Okay. You've already posted a usable exploit before informing the concerned company, so I'm not sure if you'll get cash or not. If you post the code to them without informing them about the repo, then you're fine, I hope so.

— Reply to this email directly or view it on GitHub https://github.com/mikeminneman/Polldaddy_Exploit/issues/1#issuecomment-135172271 .

ghost commented 9 years ago

What chat? I'm only here on Github posting ahk scripts. I googled a858 though, and it seems to be some crypto-trolling crap like the cicada 3301 crap that was popular last year. Just looking at the weird posts I can tell there exists some sort of checksum to them.

ghost commented 9 years ago

Why are you so interested in a858, though?

ghost commented 9 years ago

If you want me to find out who's behind all of that crap, I can help.

ghost commented 9 years ago

He seems to be using a VPN. Smart, I have to say.

ghost commented 9 years ago

Something to do with block ciphers on one of the a858 posts.

mikeminneman commented 9 years ago

Oh interesting, I only ask because I posted my github account in there to get added to a repo and it's the first time I've touched github in awhile, so I thought maybe you were one of the guys from the chat peeking at my profile. Sort of coincidence that today you'd message me.

Crypto trolling or not some of the posts are decipherable and it's been a good way to brush up on my crypto skills. Just a hobby.

On Wednesday, August 26, 2015, thenoncoder notifications@github.com wrote:

Why are you so interested in a858, though?

— Reply to this email directly or view it on GitHub https://github.com/mikeminneman/Polldaddy_Exploit/issues/1#issuecomment-135174466 .

ghost commented 9 years ago

I've connected to your irc. Check me there. Same name as my github.

ghost commented 9 years ago

This a858 seems like a little challenge for me. Interesting. I'll keep you updated on whatever I find.

ghost commented 9 years ago

I can't use the irc, something wrong. Maybe it's my ikev2 config, I'll check.

mikeminneman commented 9 years ago

No worries. Thanks for the heads up.

On Wednesday, August 26, 2015, thenoncoder notifications@github.com wrote:

I can't use the irc, something wrong. Maybe it's my ikev2 config, I'll check.

— Reply to this email directly or view it on GitHub https://github.com/mikeminneman/Polldaddy_Exploit/issues/1#issuecomment-135175740 .

ghost commented 9 years ago

Okay. Something's wrong with your a858 irc. I checked my ikev2 config and it's running fine. Does your irc block VPNs?

mikeminneman commented 9 years ago

Not sure. Not my irc.

On Wednesday, August 26, 2015, thenoncoder notifications@github.com wrote:

Okay. Something's wrong with your a858 irc. I checked my ikev2 config and it's running fine. Does your irc block VPNs?

— Reply to this email directly or view it on GitHub https://github.com/mikeminneman/Polldaddy_Exploit/issues/1#issuecomment-135176643 .

ghost commented 9 years ago

I don't know. My ikev2 config is running fine, my VPN is also fine. I'm not sure why the irc owner is paranoid of VPNs, though, considering that the a858 crew themselves seem to be also using one. It's weird. Tell him to unblock them. Lots of posts on a858 to do with block ciphers. Few look like hex, and a lot seem like md5. The a858 crew seems to be using an encoder, like repeatedly encoding text into hex, ascii, and binary, or combinations of them. Only a few of the posts are using actual encryption. Reading the wiki you guys made, I can see you've decrypted quite a few posts. If you can send some PM to the a858 crew on reddit ( if it supports PMs idk i dont have an account i just browse there normally ), and tell him what i tell you, i could figure out who they are or where they come from. Should help you and your fellow redditors to solve the a858 mystery. I can encode posts similar to how he does it, and let him try to figure them out. It's more than that though. I'm happy to help whenever you need me. You see, I'm just sick of the dozens of crypto-trolls on the internet these days, and I want to really put an end to this.

mikeminneman commented 9 years ago

Thanks, I appreciate any help. I'm about to head home for the day so I'll be offline for a bit.

On Wednesday, August 26, 2015, thenoncoder notifications@github.com wrote:

I don't know. My ikev2 config is running fine, my VPN is also fine. I'm not sure why the irc owner is paranoid of VPNs, though, considering that the a858 crew themselves seem to be also using one. It's weird. Lots of posts on a858 to do with block ciphers. Few look like hex, and a lot seem like md5. The a858 crew seems to be using an encoder, like repeatedly encoding text into hex, ascii, and binary, or combinations of them. Only a few of the posts are using actual encryption. Reading the wiki you guys made, I can see you'd decrypted quite a few posts. If you can send some PM to the a858 crew on reddit ( if it supports PMs idk i dont have an account i just browse there normally ), and tell him what i tell you, i could figure out who they are or where they come from. Should help you and your fellow redditors to solve the a858 mystery. I can encode posts similar to how he does it, and let him try to figure them out. It's more than that though. I'm happy to help whenever you need me. You see, I'm just sick of the dozens of crypto-trolls on the internet these days, and I want to really put an end to this.

— Reply to this email directly or view it on GitHub https://github.com/mikeminneman/Polldaddy_Exploit/issues/1#issuecomment-135178942 .

ghost commented 9 years ago

You're welcome. I'm trying to make my own irc right now so that people can join in and solve this crap. I am so sick of the dozens of crypto-trolls on the internet right now. I didn't want to do anything about a858 at first, but I just wanna find out where all the dozen trolls come from.