View Single Post
  #2  
Old 11-05-2020, 18:41
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 326
Rept. Given: 25
Rept. Rcvd 107 Times in 52 Posts
Thanks Given: 49
Thanks Rcvd at 552 Times in 221 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Some additional info, someone has taken credit for the leak on Reddit saying the following:
Code:
I am the one who did this. You can find on my profile that I was the first one to post it on Reddit.

The commit author is a joke and can be easily done, there's even a CLI tool to do this: git-blame-someone-else

As for the code itself, I just ran a deobfuscator through the officially provided GitHub Enterprise image. Turns out they use the same codebase as GitHub (dotcom), you can even find the billing and subscriptions management in the repo.
As they claim, the leaked code is a copy of GitHub Enterprise deobfuscated. According to them, it matches the actual GitHub site setup (which makes sense since enterprise is for self-hosting etc.)

The push author was faked but access to the DMCA repo still required a leaked auth token or similar. (No info was provided for that part of the hack; but again I assume this is similar to the past hacks I mentioned above.)
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote