Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
A collection of "Mr. Robot" Season 2 Easter Egg Sites. #mrrobot #hackingrobot #robotegg

Mr. Robot Season 2 Easter Egg Sites

1. Ransomware webpage

On load, this page displays a countdown timer starting at 24:00:00. When time is over, the following "hidden" message is revealed:

I sincerely believe that banking establishments are more dangerous than standing armies, and that the principle of spending money to be paid by posterity, under the name of funding, is but swindling futurity on a large scale.
– Thomas Jefferson

2. E Corp maintenance page

Maintenance page for the fictive E Corp webpage. Opposite of the Evil Corp version.

3. Evil Corp maintenance page

Maintenance page for the fictive Evil Corp webpage. Opposite of the E Corp version.

A subdomain of the evil corp site is shown in a S2 trailer on Facebook, when Elliot connects as follows:

ssh -l root bkuw300ps345672-cs30.serverfarm.evil-corp-usa.com

4. Confictura Industries webpage

GIF-bloated 90's "Under construction" webpage. Nothing special here (afaik).
In S02E01, the QR code in Elliot's notebook points to this website.

5. Others

Owner

eyecatchup commented Jul 12, 2016

A side note about the evil corp subdomain in number 3.

bkuw300ps345672 is the hostname of the server which Elliot finds the fsociety00.dat file and CS30 is the "honeypot" Allsafe implements in Evil Corp's network,

http://www.fsoc.sh/ -> "LEAVE ME HERE"

From Season 2 Episode 6, Did anyone figure out anything useful to do with the femtocell that Angela left under the desk @ E-Corp?

http://l4713116.e-corp-usa.com/ (address of the femtocell that Angela access from her terminal)

@glennferrie you can only cd bin and then ./EnableAttack with the same parameters Angela has to use in the episode. Nothing more afaik

lesthack commented Aug 15, 2016

yep @saschalalala, some like that: ./EnableAttack femtopwn WLAN0,WLAN1 2

thinkbeforecoding commented Aug 19, 2016

There's also http://192.251.68.245 from the direction board in S02E06... with this strange message in the BBS:

I really love this BBS! I've been reading all kinds of things. The other day!
I looked at some cool ANSI Art. And then I Paged that Sysops guy! but he
didn't respond so I checked the bulletins, paged Sysops AGAIN, checked
out some ANSI Art and paged Sysops just to see if he was there and then
delved into the Bulletins section once more.

I tried the same sequence but could not find anything new

Rep7il3 commented Sep 16, 2016

@ghost

ghost commented Sep 23, 2016

If you type in "A P B P A P B" at the http://102.251.68.245 site, you can download 8 jpegs of "Affirmations".
You have to wait for the sysop to not respond after entering each "P".

@ghost

ghost commented Sep 23, 2016

If you type in "A P B P A P B" at the http://192.251.68.245 site, you can download 8 jpegs of "Affirmations".
You have to wait for the sysop to not respond after entering each "P".

e-corp-usa.com (the maintenance page) has an employee login option. evil-corp-usa.com does not, but going to http://www.evil-corp-usa.com/login/ gets you a username and password entry. No luck getting further so far.

enociz commented Sep 30, 2016

@eyecatchup @Rep7il3 found anything about the logins for the stage.*.com's?

enociz commented Sep 30, 2016

http://www.conficturaindustries.com/

Clicking the "Geocity of the day" image/widget takes you to http://www.red-wheelbarrow.com/. This also has a menu... I'm not sure what more you'd want with it. The Red Wheelbarrow is where Tyrell draws his quote from at the start of the S2E12.

An employee at my company sent us the "Ransomware webpage" as a link - no comments whatsoever - via Slack and we ended up banning his Slack account before realizing the joke. Way too legitimate!

@johnowhitaker perhaps the username is Angela_Moss as seen in S02E06 00:31:39

jamiechong commented Oct 14, 2016

@johnowhitaker Actually the login info to http://www.e-corp-usa.com/login can be found at S02E09 00:15:12
u: joseph.green
p: holidayarmadillo

Sending an email to the "help desk" gives a nice auto response, with possibly some more easter eggs. The email sent to me has a case number 5B834E0D662F4E004E2A586B5B576E38620F are they all the same?

@jamiechong, confirmed, case number 5B834E0D662F4E004E2A586B5B576E38620F

http://www.racksure.com/
https://www.seeso.com/ (keep an eye on stage.seeso.com)

In What episode, this sites appears ?

Krolo2 commented May 24, 2017

37.3992,-122.0333 are the coordinates of the host of the help desk email. Does this help? XD

https://compute.e-corp-usa.com/
Season three. Found via following his Shodan search on the premiere episode.
If I had to guess, I would say it probably requires an Apache exploit because it's labeled as an Apache website last changed in 2015- but I'm not willing to stray that far past the line of illegality to find out.

Reminds me of Equifax, actually.

If anyone does check into that, I would suggest contacting them before trying anything stupid, especially with their terms and conditions. (Full range of legal remedies, etc, etc.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment