Illicit Middle Earth Marketplace Possibly Exploited, IP Discovered

For any unknown terms or phrases, please look at our “dark net market” terminology guide.

Reddit user “haxforcrack” posted today on “/r/DarkNetMarkets,” to inform the community of exploits for black Tor market “Middle Earth.” The user’s discoveries include the server’s IP address and “stack,” or configuration. The user claims to have reached out to site administrators, deciding to go public when no response was received.

For a hidden black market, having a server expose it’s IP address is one of the greatest fears an operator may face. A Tor hidden service hides IP addresses, and it is up the service’s operator to secure the service properly to hide the IP address from potential exploits. The address may allow law enforcement to discover the server’s location, and even copy all data from the server during it’s operation.

According to “haxforcrack,” the server is an Ubuntu Linux system running Nginx, MySQL, and Django. A “cross-site request forgery” error page printed an insecure Django version, which was then exploited using a well known and currently fixed exploit to print the IP address. When “haxforcrack” defended the exploit’s release, he said, “…trust me if I found it as quickly as I did LE already knows about it.” To clarify the exploit’s simplicity, he said, “It wasn’t rocket science.”