Someone (not very smart I assume) made a Android app called xGimp (available on Play Store) that's literally a VNC...

Someone (not very smart I assume) made a Android app called xGimp (available on Play Store) that's literally a VNC connection to a Linux server running GIMP. Said server stores everything users upload (looks like not only from this app, but from other apps made by this developer too) to a folder on /var/runxx/uploadxx.
As a dumb Windows/Ubuntu user am I, I don't know how to do shit under linuks, so suggestions are welcome.

I have access to:
>Filesystem
>Browser (Firefox, SeaMonkey and Midori)
>some VNC related program
Looks like terminal is disabled tho

Other urls found in this thread:

addons.mozilla.org/en-US/firefox/addon/gimp-online-editor/
vps-1169751-23871.manage.myhosting.com:10000
shodan.io/host/168.144.134.53
twitter.com/AnonBabble

that is phenomenally retarded

...

...

Dumping shit I'm finding

Yeah you can view others files as ive read on google play reviews, absolutely bizarre

do you have root access? if not there isn't much you can do.

Try Control-Alt-F2 and see if it will take you to a term.

that would be . . . so broken if true, but its a could instance of ubuntu if the google reviewers are telling the truth

Download some dodgy shit on their connection

What about potential spectre exploit?

I'll try getting a keyboard through OTG to test.

But is there anyway to connect from a PC and mess with files natively? Someone on leddit did it some days ago

thread:
/r/Android/comments/7ugp28/extremely_urgent_massive_android_security_hole_in/

not sure, trying to fire up my android vitrual machine to test

It's CentOS

You dont need to go this far, the devs database is public and you can connect to it directly

unless someone made a one click "cracker" tool with the spectre exploit I doubt it's possible. Definitely not if you're not a security educated person.

Where can I find the address?

This is what happens when you try to launch ``Terminal``

I'll let you figure it out. It's located at a dot com domain called clickasound.

I found this website when my connection dropped once, but the webpage only gave me "OK". I don't know much about networking tho

It was community02.clickasound.com

why would you be able to view tty over vnc?

That points to ofc

OP can you open a text editor?

hmm

...

I have had xgimp installed for a few months but I still have no idea how to get it to connect

Just open the app, tap "new" and press the gimp logo on bottom

It says "xgimp has stopped"

really makes you think

xterm or gnome-terminal

OP is full of shit, this was first a Firefox addon, the app in the PlayStore is just a hook to the addon. addons.mozilla.org/en-US/firefox/addon/gimp-online-editor/

I don't know senpai, it just werks here

Post the ip your getting the vnc connection on

Can you access people files through this extension?

>Can you access people files through this extension?
It`s exactly the same thing.

You can access them from the web dude

how?

Use removeddit as the domain for the reddit link above and scroll down.

vps-1169751-23871.manage.myhosting.com:10000

shodan.io/host/168.144.134.53

Proper file manager:
Applications->Accessories->Application Finder
choose Run Program
/usr/bin/.Thunar

There's also a .Terminal in there but it doesn't run.

Discovered by right clicking (2 finger click on phone) and checking show hidden in a file browser.

login?

...

Meh, didnt try. Start with the usual.

Tried

root
R0caf0rt

Doesn't work.

im assuming the guy finally figured out people were messing with his shit?

you can use xterm if you reverse it

>metacity
>gnome-panel
...
>xfce4-appfinder
>thunar
>xfrun

why the weird mash up of gnome and xfce?

It's all gnome. I started appfinder from apps/accessories and xfrun from that, and tunar from that, like in

This fucker can mine on coinhive at 22 hashes a second