(adsbygoogle = window.adsbygoogle || []).push({}); Hey,

Some of you know me, some don't. I've been around for many, many years and I've seen many things. Finally decided to move on with my life, settle down, get a missus, start pushing my career... but no. Out of the blue I get a call from an old friend who tried to purchase a site saying the admins scammed him for $100. I'm a nice guy at heart and I've done some hacking in the past, so I thought why not, let's see what I can dig up. The site in question is ofcourse DemonForums ran by a teenage scottish lad who goes by the alias of Nova among others I'm not going to disclose. Neither am I going to dox the wee lad, because it's not my style.

It was running MyBB. I've actually auditted MyBB in the past so I know a few tricks with it, including an object injection vuln in the Admin panel funnily enough. Good times. Long story short, the Site is dumped and my friend now has the copy of the site he payed for. I got bored one night and decided to do some digging through the DB and see what this "Nova" kid really was like... turns out this isn't the first guy he's scammed and the more I kept looking the worse it got.

Not only is he stupid enough to brag about everything he does... but he does it all in PMs which are stored in a database for people like me to look at. I'm not going to bore you all with the details, I cba and you cba reading it all anyway. So instead I'm going to drop an attachment of PMs between Nova and some wannabe blackhat gfx artist who greps for passwords. For some of you it'll be hilarious

Obviously after finding this shit out, I got access into as much as possible and logged everything. I've tried telling you all before, but I think every now and then you all seem to forget and have to be reminded. Carding is bad, Scamming is bad. If you do either of these things... you are a bad person. You're not hackers because you grep DB entries from other people's dumps and use wordlists to crack (yes crack! not decrypt) hashes.

Feel free to make a fool out of Nova on my behalf. Ohh and shoutout to the old PS guys I haven't seen in ages and all my old friends. If you want to stay in contact with me, let me know because I will be gone again really soon :p

You must login or register to view this content.

Shoutout my bro. Top quality scrub wrecking. I think I have your number? We texted the other day right? Haha

been a while since i got on here lol nice work bro

Yea you have my number, the people who stayed in contact with me know how to contact me anyway. I just haven't been on here since Tustin guested my other account for assuming I was involved in Stu's shenanigans when he spawned a shell with CSRF. Love how I get blamed for every NGU hack now xD

It's fine I'm not exactly "trusted" either.. not sure why anymore but ah well aye! PS still gets namedropped on vb.org, they tried to blame us for vB4 and vB5 failing. Wanted to reply saying that's like blaming a burglar for robbing your house when you leave the front door keys on your doormat. If you don't secure your shit, shit will happen!

Vince long time no see. Some admin disabled pretty much every permission I have. I can't PM and I can't leave you a VM either. I'm not even sure if I can recieve them. If you could restore them or even give me access to the shoutbox for this account, I'll gladly speak to you there.

Demon Forums?! LOOOOOOOOOOOOOOOOOOOOOOL

Guested because everyone assumed I was involved with the PHP backdoor spawned in the ACP. I know about it, but doesn't mean I was involved and/or was the person who did it.

Not that it matters to me that much now. I just would like the basic permissons so I can atleast stay in contact with people.

* *

* *