June 26, 2022 at 2:26 AM Which ones were affected? I am quite sure that these were: AnimeGame.me GameSprite.me JoyGames.me FreeGame2017.com SoarGames.com HeatGames.me GoGames.me ZeusGame.me InstantFuns.com June 26, 2022 at 3:56 AM Donjuji has them all he was the main one auditing discuz because it's a popular known Chinese forum content management system lmao I remember sort of helping him out once with discuz it's like the worst Chinese forum cms I've seen. If you know his account on here I'm sure he'd sell them to you potentially. June 26, 2022 at 12:47 PM Those are Jujis dumps. There are a few more sites that got dumped in that period (like 4-5 more). Just hit Juji up and see with him what the price is for those. If he wanted them on BF, he would have already shared them. Good luck! June 26, 2022 at 8:37 PM joygames - https://breached.to/Thread-joygames-me-Database-Leaked-Download?highlight=JoyGames.me animegame - https://breached.to/Thread-AnimeGame-Database-Leaked-Download?highlight=AnimeGame.me gamesprite https://breached.to/Thread-GameSprite-Forums-Database-Leaked-Download?highlight=GameSprite.me June 26, 2022 at 9:45 PM Oh, okay, I understand now. June 27, 2022 at 12:13 PM (June 26, 2022, 12:47 PM)Doubtless Wrote: Those are Jujis dumps. Juji sells stuff to a lot of people, most of his stuff from that time has been leaked by now He is on-site but idk if he checks, his user is @donJuji July 26, 2022 at 4:10 AM (June 26, 2022, 02:26 AM)surface Wrote: Which ones were affected? Ok so first of all you are missing so many of these There was also Instantgame.me goninja.de ggcorp.me gamedom.me okaygame.me joyfun.com voluntaforums goinja spain forums goninja it forums goninja.fr doublefuns.me vivogames vivagames ultraninja forums pocketgame.me and much much more unigame.me So how did i obtain all these? 1. The initial entry vector was vbulletin rce on animegame.me. animegame.me all hosted unigame.me, vivogames,vivagames and joygames.me. 2. once i had dumped these i found svn creds and went to check them out and sure enough there was mention of other sites they owned like gamesprite.me and okaygames.me which were like 7m users and 8m users each. 3. because these did not have vbulletin i could not get a shell. however i discovered that the database creds which were passreused on all the databases on the animegame server also worked for the admin panels for both of these 4. discuz! admin has a function for dumping your sql databases and i dumped both of those and a couple more like freegame2017 5. i knew there had to be even more so i used publicwww to dork some html i saw repeated in all of their discuz homepages and and got a list of a bunch more like goniinja.de and the german and itallian forums and doublefuns forums 6. i discovered that doublefuns was vbulletin just like animegame and as i expected the vb rce worked on that too and i shelled a seocnd server of theirs with db creds for a bunch more. 7. i also noticed that all the ips for the sql hosts were non local ips and therefore would likely accept external connections and i also noticed that the db creds were again the same. 8. the creds were xiaobai:[email protected] (yes his email is his password) since all the ips were very close to eachother in range and all on the same netblock and allowed external connections naturally i decided to brute with those credentials 9. i wrote a bash script for mysql to check those creds on the whole ip range and got the following ips as valid connections with the xiaobai creds. 199.66.90.141 199.66.90.142 199.66.90.144 199.66.90.155 199.66.90.161 199.66.90.170 199.66.90.171 199.66.90.172 199.66.90.176 199.66.90.181 199.66.90.182 Its important to note that all use port 3301 instead of the traditional 3306 you are welcome to dump newer versions of these dbs yourself, just connect with any mysql client like navicat or the command line binary on port 3301 with username xiaobai and password [email protected] about 70% of these still are working i just checked. Here is a screenshot of navicat connected to some of them today  Anyways inside these servers were loads of high user count dbs. one db was even around 40m users. its a shared usertable for a few of their games like heatgames and its called "h5_user" unfortunately it seemed about 60% of these were fb signups with no emails However when all was said and done i dumped around 80m lines There were some other forums of theirs like gaforu.com that i ended up getting later on that used an ip outside of that range but for the most part i believe i have dumped every shitty microtransaction neckbeard wallet raping rip off game they ever put out. From reading their internal memos and emails i discovered they were being sued by blizzard for copywrite infringement. I have contacted the dev xiaobai before but he didnt want to talk to me. I leave him notes on his servers to this day to tell him how thankful i am at his security through apathy approach to developing but he always just deletes my shells and my notes and im fored to punish him with a defacement for being a naughty naughty chinamandev. Funfact: xiaobai means small white in chingchangchong language. Funfact 2: Its a good idea to target gaming sites targeting westerners but developed by chinese people trying to spread the cancer that is gacha game mechanics to the west where the fat wallet are. Its a good idea because these people dont give a flying fuck about security because they dont care about americans, all that microtransaction money gets repod by the commie govt and they have to split ramen packets for breakfast and coolaid packets for lunch. This process may sound like a complicated set of moves and leet pivots but it truly was very easy and i was able to do it being super new at the time. Shout out to those who helped me with knowledge like liff, jocker and jack while i was on my pivot frenzy. I will post 17m emailpass from these dbs tonight to honor xiaobai in a different thread. July 26, 2022 at 4:14 AM (July 26, 2022, 04:10 AM)donjuji Wrote:(June 26, 2022, 02:26 AM)surface Wrote: Which ones were affected? LOL, thanks for the extra info. Does xiaobai still have that same password up? |
