Omega Market Hacked - another one bites the dust

The fifth new market I have completed rooted because of incompetent admins, but these guys are the worst and putting all of their users at risk.

http://omegannu2zxrxcdt.onion/css/directory.php

Hopefully this will serve as the end of their time here.

Within 2 minutes of signing up after their announcement last week, I was able to exploit the market with some simple tactics, similar to what I used to attack Place Market and The Open Road, see my post here: https://pay.reddit.com/r/DarkNetMarkets/comments/6f0ju5/open_road_market_and_place_market_exploits/

Just a few hours later, I was then able to find their IP. I am going to leave details out to make sure I don't promote any sort of doxxing.

By far, these guys are the worst market admins I have come across. They told me they were "upset" after I hacked the market and I found tonnes of basic security flaws. To name some of the worrying ones...

I was even told by their head admin, details such as being the main provider for his family, so he's putting them at serious risk by running this market and I hope he doesn't do so again for his own and his families sake.

Also, I stole your Bitcoin... yep all $2 of it.


Comments


[40 Points] 6REDDITACCOUNTBANNED:

R E K T


[21 Points] BFCDNM:

I am so hard right now


[14 Points] ForLol_Serious:

You should join cosa nostra and become the new hacks4crack. But you have to become alot meaner.


[14 Points] RIP_Meth_9000:

You better kick my share of that $2 upstairs to me....Don't make me come looking for you....Bahahahahahaaaa!!!!!!

Paging /u/ForLol_Serious...Your Godfather is in need of the service you provide!!!!!

9000


[10 Points] nomorebullshittt:

So this market existed about a week right?


[3 Points] whitekidspaz:

Making markets your bitch daily I love it!


[5 Points] None:

So they wouldn't pay you when you told them about the bugs? Nice.


[1 Points] For_supreme2:

DAMNNNUM


[3 Points] BakedPastaParty:

how could one go about learning the skills/techniques in order to do this type of thing? could you point me in the right direction?


[1 Points] SloppyJoeLieberman:

Whoa, good shit. Thanks for your help and for posting this.


[0 Points] bamboozled_0x41:

As /u/RIP_METH_9000 would put it:

The shells must flow!!!

  /u/bughunter Thanks for all the work you do. I can only hope you've checked out several other markets, especially Hansa, as that's my favorite. Honestly, reading your description, I'm almost shocked at just how poorly secured their site was. PHP exec?? Did they rip off a site from the early 2000s? Probably have no idea what they were doing.


[-1 Points] None:

lol , bravo . are we finally condoning stealing ?


[-1 Points] PM_ME_UR_SKETCH:

Calling it now. These guys are going to re-surface under the name "Dick Market" in 16 days!