I hacked RetryTech - BubbleTok. Expose Time!!

0nyxx

0nyxx

New member
Jul 15, 2020
10
2
3
I am new into pentesting, lets be friends :)
zer0gr4vity said:
Hi Guys,

This is Zer0. I generally belong to the Dark web but recently a friend of mine referred me to the "Hottest thread" of this forum which also became "Most Viewed" thread of all time.

Yes, I'm talking about "BubbleTok" (the so called Tik Tok Clone by it's author). Before I get into the detailings, I wanna tell, I'm an active user on Codecanyon too and I recently discovered this app named "BubbleTok". The app is priced at $1004 for a regular license and a freaking 50K USD for an extended one. And there is a lot of hype about this app on the web as well as codecanyon.

At first, I downloaded all the available resources related to it from this forum and tried to run. And soon I realized, it was broken. After reviewing almost 300 comments on this forum and 250ish comments on codecanyon, I decided to do a research about it.

And here it is :

1. I hacked their server.

There are around 4 to 5 more scripts running on the same server. None of them is a quality based product.

2. Hacked it's cPanel.

There are 13 subdomains running on it. Earlier they had Vilo on the same server and they recently shifted to another one after knowing they were hacked.

3. Dumped all their databases.

I've dumped all their database. Not only the one those are linked to scripts. I've downloaded more ;)

There is a very famous app on play store which uses the same "BubbleTok" script. I'm going to reveal more about them in a day or two.

4. Your admin panel looks different than mine.

Since you guys just have the initial version and I've downloaded more of it. My admin panel is better than yours.

5. Look at their Phpmyadmin.

There is a subdomain "vilo.invatomarket.com" which was hosted on the same server as I've mentioned in point 2. Now, Look at the screenshot I've attached below. The database is almost empty. It doesn't have admin records. Now the same subdomain is attached to a different hosting and database.

PS : The attached file "invato domains.txt" has all the list of domains associated with the developer/author.

Conclusion : I've seen people ready to buy this script in collaboration with others. DON'T DO THAT. This guy is a fraud. Also, if you need any of their script that's available on Digicean.com, do let me know. I'll send it to you.
Click to expand...
 
  • Like
Reactions: zer0gr4vity
A

ajaygupt

Member
Oct 21, 2018
54
10
8
zer0gr4vity said:
Hi Guys,

This is Zer0. I generally belong to the Dark web but recently a friend of mine referred me to the "Hottest thread" of this forum which also became "Most Viewed" thread of all time.

Yes, I'm talking about "BubbleTok" (the so called Tik Tok Clone by it's author). Before I get into the detailings, I wanna tell, I'm an active user on Codecanyon too and I recently discovered this app named "BubbleTok". The app is priced at $1004 for a regular license and a freaking 50K USD for an extended one. And there is a lot of hype about this app on the web as well as codecanyon.

At first, I downloaded all the available resources related to it from this forum and tried to run. And soon I realized, it was broken. After reviewing almost 300 comments on this forum and 250ish comments on codecanyon, I decided to do a research about it.

And here it is :

1. I hacked their server.

There are around 4 to 5 more scripts running on the same server. None of them is a quality based product.

2. Hacked it's cPanel.

There are 13 subdomains running on it. Earlier they had Vilo on the same server and they recently shifted to another one after knowing they were hacked.

3. Dumped all their databases.

I've dumped all their database. Not only the one those are linked to scripts. I've downloaded more ;)

There is a very famous app on play store which uses the same "BubbleTok" script. I'm going to reveal more about them in a day or two.

4. Your admin panel looks different than mine.

Since you guys just have the initial version and I've downloaded more of it. My admin panel is better than yours.

5. Look at their Phpmyadmin.

There is a subdomain "vilo.invatomarket.com" which was hosted on the same server as I've mentioned in point 2. Now, Look at the screenshot I've attached below. The database is almost empty. It doesn't have admin records. Now the same subdomain is attached to a different hosting and database.

PS : The attached file "invato domains.txt" has all the list of domains associated with the developer/author.

Conclusion : I've seen people ready to buy this script in collaboration with others. DON'T DO THAT. This guy is a fraud. Also, if you need any of their script that's available on Digicean.com, do let me know. I'll send it to you.
Click to expand...


Bhai mujhe bubble tok code with database dijiye @ [email protected]
Thanks :)
 
LeLouched

LeLouched

Active member
Banned User
Jul 12, 2020
101
63
28
7gtEO.gif


been fixing by creating my own tables for it
what table is missing for the upload?
@zer0gr4vity
 
  • Like
Reactions: 0nyxx
cysystem

cysystem

Member
Aug 20, 2019
84
21
8
id love to know the exploits you used to hack it
zer0gr4vity said:
I didn't use any exploits. Hacking is majorly about skills and experience.
Click to expand...
im asking to share your experience with us or with me about server side hack like cpanel and databases without xss mysql injection by php. thank you very much
 
Z

zer0gr4vity

Active member
Jul 14, 2020
144
100
28
cysystem said:
id love to know the exploits you used to hack it

im asking to share your experience with us or with me about server side hack like cpanel and databases without xss mysql injection by php. thank you very much
Click to expand...

Bro, first things first, there has to be a loophole obviously. I didn't use any of the techniques you just mentioned. When it comes to hacking, you need to have a deep research on your target. I somehow found a place where I could upload an image but it didn't allow my shell to work initially, then I had to put a .htaccess file to fool the server into running my php shell. I also did a cPanel password reset via email spoofing. And there we some commands involved.
 
  • Like
Reactions: frpfix, dududududu and cysystem
Z

zer0gr4vity

Active member
Jul 14, 2020
144
100
28
TO EVERYONE WHO'S ASKING FOR CODE, BUBBLETOK IS A BROKEN APP AND YOU NEED A LOT OF HOMEWORK TO MAKE IT WORK. I'VE ALREADY HACKED THEM AND REVEALED IT HERE.

NOW, ALL I WANT TO CONVEY IS THAT WE'RE WORKING ON A FIX. AND SINCE IT'S A MAJOR TIME INVESTMENT, WE MIGHT SELL IT FOR LESS OR MAYBE EVEN PUBLISH IT FOR FREE. TIME WILL DECIDE. THANKS FOR YOUR PATIENCE.
 
  • Haha
  • Like
Reactions: dududududu and ipwnd
cysystem

cysystem

Member
Aug 20, 2019
84
21
8
zer0gr4vity said:
Bro, first things first, there has to be a loophole obviously. I didn't use any of the techniques you just mentioned. When it comes to hacking, you need to have a deep research on your target. I somehow found a place where I could upload an image but it didn't allow my shell to work initially, then I had to put a .htaccess file to fool the server into running my php shell. I also did a cPanel password reset via email spoofing. And there we some commands involved.
Click to expand...
thank you very much
 
  • Like
Reactions: zer0gr4vity
modman9

modman9

Active member
May 7, 2020
108
111
43
zer0gr4vity said:
Hi Guys,

This is Zer0. I generally belong to the Dark web but recently a friend of mine referred me to the "Hottest thread" of this forum which also became "Most Viewed" thread of all time.

Yes, I'm talking about "BubbleTok" (the so called Tik Tok Clone by it's author). Before I get into the detailings, I wanna tell, I'm an active user on Codecanyon too and I recently discovered this app named "BubbleTok". The app is priced at $1004 for a regular license and a freaking 50K USD for an extended one. And there is a lot of hype about this app on the web as well as codecanyon.

At first, I downloaded all the available resources related to it from this forum and tried to run. And soon I realized, it was broken. After reviewing almost 300 comments on this forum and 250ish comments on codecanyon, I decided to do a research about it.

And here it is :

1. I hacked their server.

There are around 4 to 5 more scripts running on the same server. None of them is a quality based product.

2. Hacked it's cPanel.

There are 13 subdomains running on it. Earlier they had Vilo on the same server and they recently shifted to another one after knowing they were hacked.

3. Dumped all their databases.

I've dumped all their database. Not only the one those are linked to scripts. I've downloaded more ;)

There is a very famous app on play store which uses the same "BubbleTok" script. I'm going to reveal more about them in a day or two.

4. Your admin panel looks different than mine.

Since you guys just have the initial version and I've downloaded more of it. My admin panel is better than yours.

5. Look at their Phpmyadmin.

There is a subdomain "vilo.invatomarket.com" which was hosted on the same server as I've mentioned in point 2. Now, Look at the screenshot I've attached below. The database is almost empty. It doesn't have admin records. Now the same subdomain is attached to a different hosting and database.

PS : The attached file "invato domains.txt" has all the list of domains associated with the developer/author.

Conclusion : I've seen people ready to buy this script in collaboration with others. DON'T DO THAT. This guy is a fraud. Also, if you need any of their script that's available on Digicean.com, do let me know. I'll send it to you.
Click to expand...
you are so cool, thanks for sharing i also came to notice some of their issues so i already warned in the thread. This guy is actually from Gujrat, and some of my friends says that he also runs a youtube channel of Gamemods
 
scorpion50

scorpion50

New member
Jul 13, 2020
16
3
3
Hello friends, I have seen all the work done. very good work. I wanted to ask if the correct code was finally obtained.
 
coolrock

coolrock

Active member
Jun 12, 2019
163
183
43
tutsmonk.com
modman9 said:
you are so cool, thanks for sharing i also came to notice some of their issues so i already warned in the thread. This guy is actually from Gujrat, and some of my friends says that he also runs a youtube channel of Gamemods
Click to expand...
His is a kid, he gig is available in Fiverr, Just google his company name.. You will find his gig
 
You must log in or register to reply here.

Similar threads

S
Wordpress Site hacked
Replies
7
Views
698
General Discussion
mi2brich
mi2brich
YUCATAN.DANCE
My Site's been hacked!
Replies
73
Views
5K
General Discussion
3xploit
3xploit
saimdhoom786
Site Hacked - Need solution
Replies
4
Views
1K
General Discussion
sherone
sherone
J
Is my wordpress hacked?
Replies
7
Views
625
General Discussion
TheViking
TheViking
K
make a website to check hacked Facebook accounts?
Replies
1
Views
474
General Discussion
Sevenseas
Sevenseas

Latest posts

Forum statistics

Threads
69,206
Messages
908,348
Members
236,879
Latest member
oncrete

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom