I found an exploit with one of those rdp buying site that all seem to have the same template, those who have browsed rdp buying sites know what template I'm talking about. But that is primarily a front facing interface only and the setup of the rdp's are done completely differently between providers. It would be hard to target a specific user if you're poor but basically how its typical to have some sort of 'non admin' form of an rdp and you share a physical box split between a bunch of users (you can see all the C:\Users\ filenames and also their expandable disk drive addons show up when opening my computer. and these names are different if you buy multiple instances so i believe you just get randomly assigned to a machine.
The issue comes in with how they handled isolating the data from each user account. Using a couple of (easy gui based) tools i was able to bypass the normal restrictions and allowed to me basically run windirstat on all 25-50 other users. I have found cool stuff from runescape bruteforcer that would output a csv with literally everything about the account. Userename pass email pin Total Bank value, total inventory value, total skill xp, combat level...... everything.
you have the ability to copy everything from anything below User folder (yes even appdata) but i dont believe you can edit it
(so no binding shit to peoples exe's as of now but i really dont doubt its possible)
but by barely even looking for 15 minutes i found a bunch of cool files.
It is completely private, used by me a handful of times for just fun. Please pm me to offer a price. Serious people only. Escrow can be used. and i know the scene and that this is worth more than 50$ (looking at you skiddies).
Difficulty: 1.5/10
Resources needed: Buying an rdp that ranges from 5$ all the way up to probably 50+. typically the more expensive the server, the fewer other users are on there, but are of higher quality. the opposite is true for the cheap rdp's but trust me youll find good stuff in even the budget rdps.
Exploit class: Imroperly managed sandboxing meethods when it comes to data storage.
Potential: Anything people would want to use a vps/rdp for, and thats exactly what youll see. lots of cracking shit, lotst of the classic crackers for porn, games, etc....
Price: Negotiable but will just start at $500 just to get some number to start with.
Contact: Pm me
I want to sell no more than 2 copies of this.
0/2
Need a clarification? pm me and we can take it to a better chatroom. will not be entertaining noobs unless give me a reason for why i should keep talking to them.
30% finders fee for whoever hooks me up with thee right person. this is a 0 day exploit with a lot of potential and i know what i have.
BONUS: Heres a QUICK snippet of the runescape csv file i found. this is an example of what i found in minutes. a bigger list will be posted to leaks shortly
Heres the top bank value guy for the single file i found. its likely already been looted so dont try but the list I'm going to post next is of good quality.
header for the csv
Heres a small sample of some random ~10 lines. the rest of what I'm leaking is to back up how i just happened to come across this info.
Will be dumping the rest in the leaks subforum and return with the link shortly
The issue comes in with how they handled isolating the data from each user account. Using a couple of (easy gui based) tools i was able to bypass the normal restrictions and allowed to me basically run windirstat on all 25-50 other users. I have found cool stuff from runescape bruteforcer that would output a csv with literally everything about the account. Userename pass email pin Total Bank value, total inventory value, total skill xp, combat level...... everything.
you have the ability to copy everything from anything below User folder (yes even appdata) but i dont believe you can edit it
(so no binding shit to peoples exe's as of now but i really dont doubt its possible)
but by barely even looking for 15 minutes i found a bunch of cool files.
It is completely private, used by me a handful of times for just fun. Please pm me to offer a price. Serious people only. Escrow can be used. and i know the scene and that this is worth more than 50$ (looking at you skiddies).
Difficulty: 1.5/10
Resources needed: Buying an rdp that ranges from 5$ all the way up to probably 50+. typically the more expensive the server, the fewer other users are on there, but are of higher quality. the opposite is true for the cheap rdp's but trust me youll find good stuff in even the budget rdps.
Exploit class: Imroperly managed sandboxing meethods when it comes to data storage.
Potential: Anything people would want to use a vps/rdp for, and thats exactly what youll see. lots of cracking shit, lotst of the classic crackers for porn, games, etc....
Price: Negotiable but will just start at $500 just to get some number to start with.
Contact: Pm me
I want to sell no more than 2 copies of this.
0/2
Need a clarification? pm me and we can take it to a better chatroom. will not be entertaining noobs unless give me a reason for why i should keep talking to them.
30% finders fee for whoever hooks me up with thee right person. this is a 0 day exploit with a lot of potential and i know what i have.
BONUS: Heres a QUICK snippet of the runescape csv file i found. this is an example of what i found in minutes. a bigger list will be posted to leaks shortly
Heres the top bank value guy for the single file i found. its likely already been looted so dont try but the list I'm going to post next is of good quality.
header for the csv
Code:
<!--td {border: 1px solid #ccc;}br {mso-data-placement:same-cell;}-->username,password,type,display_name,check_date,last_login,member_until,has_pin,pin_set,pin_deleted,bond_pouch,inventory_value,equipment_value,bank_value,ge_value,total_value,total_value_f2p,combat_level,total_level,total_xp,quest_points,tut_island,id
<!--td {border: 1px solid #ccc;}br {mso-data-placement:same-cell;}-->[email protected],woverngerm11,NORMAL,Glitoris,2019-11-07 10:07:22,2019-11-07 08:29:22,2020-01-28 10:07:22,no,,,0,209073,118074, 62428493,0,62755640,4684813,93,1343,28470403,140,no,40
It shows shit like how much their inventory is worth, how much their bank it worth, how much on a f2p world, total xp, pretty mcuh everything you need. read the headers.Heres a small sample of some random ~10 lines. the rest of what I'm leaking is to back up how i just happened to come across this info.
Code:
[email protected],jakobus,NORMAL,,2019-11-06 22:02:26,2019-11-06 22:02:26,,no,,,,0,0,,0,0,0,3,32,1154,0,yes,68
[email protected],moohoo,NORMAL,,2019-11-06 22:02:31,2019-11-06 22:02:31,,no,,,,0,0,,0,0,0,3,32,1154,0,yes,69
[email protected],george214,IRONMAN,Hazrkr,2019-11-06 22:02:31,2019-11-06 21:35:31,,yes,,,,1095,445,,0,1540,1540,12,128,18744,1,no,70
[email protected],qwerasdfzxcv,NORMAL,,2019-11-06 22:02:42,2019-11-06 22:02:42,,no,,,,0,0,,0,0,0,3,32,1154,0,yes,71
[email protected],1n220qw0,NORMAL,CH_a8t0oR2,2019-11-06 22:02:42,2019-11-06 21:25:42,,no,,,0,0,0,5866,0,5866,5866,3,51,6413,0,no,72
[email protected],haas123,NORMAL,,2019-11-06 22:02:42,2019-11-06 22:02:42,,no,,,,0,0,,0,0,0,3,32,1154,0,yes,73
[email protected],bryce3692,NORMAL,,2019-11-06 22:02:43,2019-11-06 22:02:43,,no,,,,0,0,,0,0,0,3,32,1154,0,yes,74
[email protected],pickles02,NORMAL,,2019-11-06 22:02:46,2019-11-06 22:02:46,,no,,,,0,0,,0,0,0,3,32,1154,0,yes,75
[email protected],dylan2014,NORMAL,,2019-11-06 22:02:50,2019-11-06 22:02:50,,no,,,,0,0,,0,0,0,3,32,1154,0,yes,76
[email protected],m72si4kx,NORMAL,Sijbesma,2019-11-06 22:03:01,2019-11-06 22:03:01,2020-02-05 22:03:01,no,,,,0,0,,0,0,0,3,32,1154,0,yes,77
[email protected],bumbaseed123,NORMAL,,2019-11-06 22:03:01,2019-11-06 22:03:01,,no,,,,0,0,,0,0,0,3,32,1154,0,yes,78
[email protected],dcelement123,NORMAL,Godofmilk2,2019-11-06 22:03:01,2019-11-06 21:27:01,,no,,,0,266,0,63301,0,63567,63567,3,119,126800,1,no,79
[email protected],askfotball1,NORMAL,fekker,2019-11-06 22:03:01,2019-11-06 21:41:01,,no,,,0,1065,0,25,0,1090,1090,3,40,1979,0,no,80Will be dumping the rest in the leaks subforum and return with the link shortly
