Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Rosenberg Clinic vulnerabilities on purpose?
Gr3ylok
Member UncommonPosts: 8
Respect for the people breaking their mind on the first password, I wouldn't have made that link.
However as hackers would also became a class in the ARG I figured I'd give the site a quick scan and it looks like it is site is vulnerable against bruteforcing and a bunch of other attacks. http://gyazo.com/27fab6405b014bde6669324f40d299cf
The fact that the site went offline during my scans and that it is left vulnerable leaves me to wonder if this is what HE wants us to do or not. In case this isn't I'll stop any further research, or at least the way of researching.
- Some info regarding the domain.
WordPress users for /:
fforgues
rosenberg
anashel
List of plugins installed for WordPress /:
wordpress-seo
contact-form-7
google-analytics-for-wordpress
akismet
advanced-custom-fields
options-framework
contact-form-7-to-database-extension
antispam-bee
custom-post-type-ui
hyper-cache
search-everything
wp-user-frontend
contact-form-7-datepicker
posts-to-posts
sitepress-multilingual-cms
revslider
List of file extensions
php 13 file(s)
xml 1 file(s)
css 26 file(s)
js 15 file(s)
txt 2 file(s)
html 1 file(s)
List of external hosts
gmpg.org
www.humanequation.co
fonts.googleapis.com
en.wikipedia.org
maps.googleapis.com
explore.org
php.net
www.mysql.com
wordpress.org
codex.wordpress.org
cafelog.com
planet.wordpress.org
httpd.apache.org
http://rosenbergclinic.com/login/
http://rosenbergclinic.com/admin/
http://rosenbergclinic.com/wp-login.php
http://rosenbergclinic.com/controlpanel/
http://rosenbergclinic.com/wp-admin/
http://rosenbergclinic.com/cpanel/
http://rosenbergclinic.com/kpanel/
Domain Name: ROSENBERGCLINIC.COM
Registry Domain ID: 1861655958_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2014-06-05 07:36:26Z
Creation Date: 2014-06-05 14:36:23Z
Registrar Registration Expiration Date: 2015-06-05 14:36:23Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Registrar Abuse Contact Email: 
Registrar Abuse Contact Phone: +1.4252744500
Domain Status: ok
Registry Registrant ID:
Registrant Name: WHOIS AGENT
Registrant Organization: WHOIS PRIVACY PROTECTION SERVICE, INC.
Registrant Street: PO BOX 639
Registrant Street: C/O ROSENBERGCLINIC.COM
Registrant City: KIRKLAND
Registrant State/Province: WA
Registrant Postal Code: 98083
Registrant Country: US
Registrant Phone: +1.4252740657
Registrant Phone Ext:
Registrant Fax: +1.4259744730
Registrant Fax Ext:
Registrant Email: 
Registry Admin ID:
Admin Name: WHOIS AGENT
Admin Organization: WHOIS PRIVACY PROTECTION SERVICE, INC.
Admin Street: PO BOX 639
Admin Street: C/O ROSENBERGCLINIC.COM
Admin City: KIRKLAND
Admin State/Province: WA
Admin Postal Code: 98083
Admin Country: US
Admin Phone: +1.4252740657
Admin Phone Ext:
Admin Fax: +1.4259744730
Admin Fax Ext:
Admin Email:
Registry Tech ID:
Tech Name: WHOIS AGENT
Tech Organization: WHOIS PRIVACY PROTECTION SERVICE, INC.
Tech Street: PO BOX 639
Tech Street: C/O ROSENBERGCLINIC.COM
Tech City: KIRKLAND
Tech State/Province: WA
Tech Postal Code: 98083
Tech Country: US
Tech Phone: +1.4252740657
Tech Phone Ext:
Tech Fax: +1.4259744730
Tech Fax Ext:
Tech Email:
Name Server: NS1.HUMANEQUATION.CO
Name Server: NS2.HUMANEQUATION.CO
DNSSEC: unSigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-06-05 07:36:26Z
Comments
Personally I (and though I won't vouch for all, I think many of the users in irc) think that hacking the site is a legit way to play the game.
The game is to access the information contained in the website. One way to do that is to solve a puzzle (one of which we already have), the other way is to break into the site. I think both paths should be trod simultaneously.
If you want my opinion, go in as far as you can.
Any in-game sites should be fine IMHO.
What we have to be careful of is the non game-related-only sites.
Like, ok for rosenbergclinic.com ... but not ok for humanequations.co .
I don't remember, but I believe I saw a post officially mentioning this very step you are about to undertake and the, erm, encouragement to do it.
I wonder, then, if Human Equation will eventaully consider it okay to hack agents?
I reckon that'll be part of being clearence level yellow - if they'll still be relevant
Sure, I think this is a valid route. Go for it unless HE says otherwise!
I will say though, that I feel that brute-forcing a password at the release of a mission kinda defeats the spirit of the game. If its been a while, ok, but we should learn to not depend on brute-forcing.
A.K.A. nikel
I agree - it all depends on what information we have from the puzzle at hand, in my opinion.
If the information available to us primarily hints at there being some logical way to proceed; researching an item, concept, person, what not, then that's the way to go.
If the "information" available to us instead includes a console, or somehow alludes to forced entry is the way to go, then that's the avenue we persue.
Some degree of consideration towards what is the intent of the current mission should be maintained, I feel, or TBW might ultimately [dons pessimist hat] "devolve" into a contest of who's the better hacker/anti-hacker. [/dons pessimist hat]
After all, some of the most memorable times during past ARGs have been during the "gaps"; not the ones where we were working on the solution to a puzzle, but as to where or what the next puzzle was.
Kumquat! A4! Ogallala!
No we wont. This is where the line is drawn. Official forums and official website will be consider an illegal cyber-attack. That goes to mailchimp. We ask people to NOT leave any confidential information and we will use third party log-in like google to handle the security. On our side we only host token and variable.
It is a sensitive topic, we want to let hacker user their real life skill but if you recalls end of days, we were down multiple times due to people doing brute force attack the site, preventing all other player to enjoy the game.
For now we request people to NOT brute force site or take them down by flooding. This is not hacking, it doenst show any skill aside being a script kiddies able to run automated hacking software so let me make it clear: IT IS NOT TOLERATED.
On the other hand if you hack you way trough an open port that give you access to vulnerable page, etc: ths is tolerated for fake site like Rosenberg or FSB building. But you will always have clues either in the code source or in the vulnerable page we left behind that give you clear insight that this is a path to follow.
It is obvious that we going to have to come up with a clear rules to properly inform our hacker on what can be hack (and was design to be hack) versus what can't....
Hope that clear up the subject.
Got it, no cracking it is.
Then I wonder if Admiral1 is onto something with Wilder Penfield.
We were discussing his findings and altho they are scattered, they seem to related somehow.
Didn't hear any other agents about Wilder yet so that might be something to look into.
https://docs.google.com/spreadsheets/d/1qwI1-dhICLm7wIM89r_Qp8WSLR5saZiw0VJGPKPs0QE/edit#gid=0
What if you have absolutely no hacking skills whatsoever? Will a player be left out of much of the content if he cant contribute in this way?
http://medias.luna-atra.fr/gw2/char_tool/CT_imageGenerator.php?pseudo=Centurion Mikal&lang=EN&code=&code=TSwtLDUsLSw2LC0sMjksOSwyMiwyMywyNCwtLDEwMiwzNiw4MSw4NCw4OQ==
From what Anashel wrote, I would think not.
While that does, of course, leave one avenue of solving a puzzle closed to some of us - myself included - the fact that the game is very much centered around the community, not the individual (and I apologize if you're already aware of this fact), means that regardless of whether or not you posess a certain skillset, you will never truly be left behind.
For example, once the hackers break through, and pave the way for the rest of us, you might be the one who targets the correct file, which shouldn't be far above anyones skillset.
That said, it would be like missions requiring knowledge about music to solve; they happen, but intermittently, so not knowing anything about music won't leave you in the dust, just with a longer ways to go, or more reliant on other players, during the missions that do rely on your musical or music related knowledge.