Thread replies: 26
Thread images: 2
Thread images: 2
File: ximg_570997a37ca4e.png.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+md.ic.sRQi9uZ3CQ.png (97KB, 650x300px) Image search:
[Google]
97KB, 650x300px
Let's imagine I discovered an exploit involving escalation privileges on bash for windows that allows me to acces the entire host drive and perform any operation. Wich would be the way to report this (getting paid) without exposing myself? Would the Linux community benefitiate in any way (more Wine compatibility, idk).
>>
Just search for Microsoft bug bounties.
>>
>>62056490
How about you dont tell anyone anbout it and become a 1337 haxor and hack da gubburment
>>
>>62056509
Results only show Ms bullshit and an email address. If I use temporary mail I don't think they will answer me. And even if they answered I don't feel safe sending an email with my BC address.
>>
>>62056490
Btw how much can you get paid for such an exploit?? More than 5k? 15k maybe?
Is asking for 15k too much?
>>
Release it into the Linux community first, do the good thing instead of the monetary thing
>>
>>62056570
15k? Probably too much. Aim low, and build a reputation, if the opportunity ever arises again, and you find yourself in a similar situation, they'll be more willing to compensate you again.
>>62056599
That's how you stay poor.
>>
>>62056599
That's why I asked if Linux community would even use the exploit. Since it needs to be run on a windows host I dont think would be used.
>>
>>62056625
Or you can get a job and stop needing to dig for money every chance you get
>>62056644
Well it goes like this. You give it to MS, they cover it, patch it, keep it secret keep it safe. Or you give it to the community to see what they can do with it. Maybe it'll result in something new and awesome, maybe it'll get parched out. But it's better than guaranteeing nothing comes of it at all
>>
>>62056625
Thanks. I will email them to see what they answer. But I don't think the reputation method will work since I don't want to reveal myself.
>>
>>62056674
>being slave to a boss that decides whether you earn or not, eat or not
Sorry anon, some people like to live free
>>
>>62056688
I work from home as my own boss, good job assuming though
also
>claim to be free
>need to do whatever you can to get money
sounds like you're a slave to a different owner that the human you can directly see.
>>
>>62056490
OP here again.
Does anyone know if I will have to sign any document for the exploit bounty in order to get the money? Like some bullshit that doesn't allow me to talk about the exploit or release it? Will that document be relevant since I live in a different country?
>>
>>62056726
You probably would have to
>>
>>62056490
You seem autistic and they'll fuck you over faggot.
>>
>>62056726
Yeah, most likely.
>>
>>62056703
>implying doing whatever I can isn't enjoyable to me and a passion I pursue
>>
File: 1503518611369.jpg (42KB, 600x600px) Image search:
[Google]
42KB, 600x600px
>>62056625
>That's how you stay poor.
I hope someone else finds the exploit and you get nothing.
>>
>>62057022
>I hope someone else finds the exploit and you get nothing
I'm not even OP. Nice try though.
>>
>>62057109
Meant for >>62057096
>>
share it :D :D it will get used im sure
>>
>>62056599
The fact it requires Microsoft makes it distinct from a pure Linux vuln. I respect OP for seeking a bug bounty and doing the right thing in the process. Otherwise, selling it on the black market seems like a no brainier, imo. That's a big reason bug bounties exist.
>>
>>62057184
That's true, but you don't really know what could come out of it if it were released into the wild first. The MRI machine was invented because of some astronomer wanting to identify what elements made up gas clouds in space, after all.
>>
>>62057096
That pic. Kek
>>
>>62056796
This. Hackers scam everyone.
>>
>>62056490
https://technet.microsoft.com/en-us/library/dn425036.aspx
Scroll down and find the applicable Bounty Program for the exploit.
Thread posts: 26
Thread images: 2
Thread images: 2