Vulnerability Hunting for Money!

(If you have a zero day vulnerability that you wouldn't like to reveal, you can still participate here by not revealing how the attack is done, but just executing the attack yourself.)

Hello 1337 hackermen! I've made a thread about this in BreachForums, it can be found here: https://breachforums.is/Thread-School-that-spies-on-browser-history-of-children

Now, that school has a bounty from many people that made this vulnerability hunting game possible! If you have a special skill when it comes to pwning, then you can participate in this vulnerability hunting game! Please note that the payment method accepted is only cryptocurrency. (Any coin!) No matter what skill you have, you can participate here. It can be social engineering, web pentesting, DDoSing with botnets, and more!

If you didn't read the BreachForums thread, let me give you a quick recap: A school in the Philippines known as "NextGen Technological College" has been spying on children's browser history by forcing students to log into a @nextgencollege.org email in their browser and abuses the Google auto sync feature to spy on their browsing data, and it has been confirmed that multiple people has been punished for watching pornography. Well, that's kind of invasion of privacy isn't it? Ever since that thread was made, multiple people has put a bounty on it that made this game possible.

**What do we need to do?**

You have to find a vulnerability in any of the websites below, or you can do any tasks listed below and you might win large amounts of money!

WARNING: You can NOT claim rewards for multiple vulnerabilities, the reward given will be the reward you get for the highest paying vulnerability you found.

The money paid comes from old students and parents that doesn't support what the school did in the past, and funded this challenge!

Main priority target:

https://k-12.nextgencollege.education/

The payment depends on the vulnerability found.

- Site Defacing = 1.9K USD

- RCE Vulnerabilities = 400 USD to 1.9K USD (Depends on severity)

- Database Breach = 1K USD (mainly looking for @nextgencollege.org email logins)

Alternatively, you can hit the site with a botnet!

- DDoS = 20$ per day the site is down, as they might block the requests sooner. Please note that DDoSing the website won't take too much resources as it only uses an unprotected DigitalOcean server.

- Any other vulnerabilities = Any vulnerabilities that has an impact are all welcome here! The reward will depend on the severity of the attack. The maximum pay of the attacks is around 2K USD!

EXTRA TIP: Scanning the subdomains of nextgencollege.education will reveal stuff that are interesting! Please note that only subdomains that start with "k-12" and "sms" are accepted for rewards.

Second Target:

https://nextgencollege.org/

- Database Breach (mainly looking for email & passwords of @nextgencollege.org mails, they are managed by webmails!) = 1k USD

- Anything interesting = found something interesting that's not related to the mails? Please contact t.me/haxalot or email bytes@horsefucker.org

Third Target, Doxxing:

Now this is where doxbin skids can win rewards!

Name: Celso Sacalamitao

Facebook containing most information you'll need: https://www.facebook.com/CelsoSacalamitao10 & https://www.facebook.com/profile.php?id=10006936253964

To claim your rewards, contact:

Email: bytes@horsefucker.org

Telegram: t.me/haxalot

Good luck!